summaryrefslogtreecommitdiff
path: root/debian/patches
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches')
-rw-r--r--debian/patches/configure-bashism.patch31
-rw-r--r--debian/patches/cross-pkg-config.patch129
-rw-r--r--debian/patches/debian-banner.patch55
-rw-r--r--debian/patches/dnssec-sshfp.patch4
-rw-r--r--debian/patches/gssapi.patch60
-rw-r--r--debian/patches/helpful-wait-terminate.patch2
-rw-r--r--debian/patches/keepalive-extensions.patch6
-rw-r--r--debian/patches/openbsd-docs.patch14
-rw-r--r--debian/patches/package-versioning.patch18
-rw-r--r--debian/patches/quieter-signals.patch2
-rw-r--r--debian/patches/sandbox-fallback.patch925
-rw-r--r--debian/patches/selinux-role.patch8
-rw-r--r--debian/patches/series3
-rw-r--r--debian/patches/ssh-vulnkey.patch28
-rw-r--r--debian/patches/ssh1-keepalive.patch4
-rw-r--r--debian/patches/syslog-level-silent.patch2
-rw-r--r--debian/patches/user-group-modes.patch8
17 files changed, 105 insertions, 1194 deletions
diff --git a/debian/patches/configure-bashism.patch b/debian/patches/configure-bashism.patch
deleted file mode 100644
index 09f878376..000000000
--- a/debian/patches/configure-bashism.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1Description: Fix a bashism in configure
2Author: Colin Watson <cjwatson@debian.org>
3Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=2010
4Last-Update: 2012-05-18
5
6Index: b/configure
7===================================================================
8--- a/configure
9+++ b/configure
10@@ -11918,7 +11918,7 @@
11
12 elif test "x$sandbox_arg" = "xseccomp_filter" || \
13 ( test -z "$sandbox_arg" && \
14- test "x$have_seccomp_filter" == "x1" && \
15+ test "x$have_seccomp_filter" = "x1" && \
16 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
17 test "x$have_seccomp_audit_arch" = "x1" && \
18 test "x$have_linux_no_new_privs" = "x1" && \
19Index: b/configure.ac
20===================================================================
21--- a/configure.ac
22+++ b/configure.ac
23@@ -2615,7 +2615,7 @@
24 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
25 elif test "x$sandbox_arg" = "xseccomp_filter" || \
26 ( test -z "$sandbox_arg" && \
27- test "x$have_seccomp_filter" == "x1" && \
28+ test "x$have_seccomp_filter" = "x1" && \
29 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
30 test "x$have_seccomp_audit_arch" = "x1" && \
31 test "x$have_linux_no_new_privs" = "x1" && \
diff --git a/debian/patches/cross-pkg-config.patch b/debian/patches/cross-pkg-config.patch
deleted file mode 100644
index c25d2a6e5..000000000
--- a/debian/patches/cross-pkg-config.patch
+++ /dev/null
@@ -1,129 +0,0 @@
1Description: Allow using a cross-architecture pkg-config
2Author: Colin Watson <cjwatson@debian.org>
3Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1996
4Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=1996
5Last-Update: 2011-04-02
6
7Index: b/configure
8===================================================================
9--- a/configure
10+++ b/configure
11@@ -9194,8 +9194,9 @@
12 if test "${with_libedit+set}" = set; then :
13 withval=$with_libedit; if test "x$withval" != "xno" ; then
14 if test "x$withval" = "xyes" ; then
15- # Extract the first word of "pkg-config", so it can be a program name with args.
16-set dummy pkg-config; ac_word=$2
17+ if test -n "$ac_tool_prefix"; then
18+ # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
19+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
20 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
21 $as_echo_n "checking for $ac_word... " >&6; }
22 if ${ac_cv_path_PKGCONFIG+:} false; then :
23@@ -9221,7 +9222,6 @@
24 done
25 IFS=$as_save_IFS
26
27- test -z "$ac_cv_path_PKGCONFIG" && ac_cv_path_PKGCONFIG="no"
28 ;;
29 esac
30 fi
31@@ -9235,6 +9235,63 @@
32 fi
33
34
35+fi
36+if test -z "$ac_cv_path_PKGCONFIG"; then
37+ ac_pt_PKGCONFIG=$PKGCONFIG
38+ # Extract the first word of "pkg-config", so it can be a program name with args.
39+set dummy pkg-config; ac_word=$2
40+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
41+$as_echo_n "checking for $ac_word... " >&6; }
42+if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then :
43+ $as_echo_n "(cached) " >&6
44+else
45+ case $ac_pt_PKGCONFIG in
46+ [\\/]* | ?:[\\/]*)
47+ ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path.
48+ ;;
49+ *)
50+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
51+for as_dir in $PATH
52+do
53+ IFS=$as_save_IFS
54+ test -z "$as_dir" && as_dir=.
55+ for ac_exec_ext in '' $ac_executable_extensions; do
56+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
57+ ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext"
58+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
59+ break 2
60+ fi
61+done
62+ done
63+IFS=$as_save_IFS
64+
65+ ;;
66+esac
67+fi
68+ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG
69+if test -n "$ac_pt_PKGCONFIG"; then
70+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5
71+$as_echo "$ac_pt_PKGCONFIG" >&6; }
72+else
73+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
74+$as_echo "no" >&6; }
75+fi
76+
77+ if test "x$ac_pt_PKGCONFIG" = x; then
78+ PKGCONFIG="no"
79+ else
80+ case $cross_compiling:$ac_tool_warned in
81+yes:)
82+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
83+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
84+ac_tool_warned=yes ;;
85+esac
86+ PKGCONFIG=$ac_pt_PKGCONFIG
87+ fi
88+else
89+ PKGCONFIG="$ac_cv_path_PKGCONFIG"
90+fi
91+
92 if test "x$PKGCONFIG" != "xno"; then
93 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about libedit" >&5
94 $as_echo_n "checking if $PKGCONFIG knows about libedit... " >&6; }
95Index: b/configure.ac
96===================================================================
97--- a/configure.ac
98+++ b/configure.ac
99@@ -1434,7 +1434,7 @@
100 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
101 [ if test "x$withval" != "xno" ; then
102 if test "x$withval" = "xyes" ; then
103- AC_PATH_PROG([PKGCONFIG], [pkg-config], [no])
104+ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
105 if test "x$PKGCONFIG" != "xno"; then
106 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit])
107 if "$PKGCONFIG" libedit; then
108Index: b/contrib/Makefile
109===================================================================
110--- a/contrib/Makefile
111+++ b/contrib/Makefile
112@@ -1,3 +1,5 @@
113+PKG_CONFIG = pkg-config
114+
115 all:
116 @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2"
117
118@@ -7,9 +9,9 @@
119 `gnome-config --libs gnome gnomeui`
120
121 gnome-ssh-askpass2: gnome-ssh-askpass2.c
122- $(CC) `pkg-config --cflags gtk+-2.0` \
123+ $(CC) `$(PKG_CONFIG) --cflags gtk+-2.0` \
124 gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
125- `pkg-config --libs gtk+-2.0 x11`
126+ `$(PKG_CONFIG) --libs gtk+-2.0 x11`
127
128 clean:
129 rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index a03ce23bb..22b1e4c14 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -4,48 +4,48 @@ Description: Add DebianBanner server configuration option
4Author: Kees Cook <kees@debian.org> 4Author: Kees Cook <kees@debian.org>
5Bug-Debian: http://bugs.debian.org/562048 5Bug-Debian: http://bugs.debian.org/562048
6Forwarded: not-needed 6Forwarded: not-needed
7Last-Update: 2010-02-28 7Last-Update: 2012-09-07
8 8
9Index: b/servconf.c 9Index: b/servconf.c
10=================================================================== 10===================================================================
11--- a/servconf.c 11--- a/servconf.c
12+++ b/servconf.c 12+++ b/servconf.c
13@@ -142,6 +142,7 @@ 13@@ -146,6 +146,7 @@
14 options->authorized_principals_file = NULL;
15 options->ip_qos_interactive = -1; 14 options->ip_qos_interactive = -1;
16 options->ip_qos_bulk = -1; 15 options->ip_qos_bulk = -1;
16 options->version_addendum = NULL;
17+ options->debian_banner = -1; 17+ options->debian_banner = -1;
18 } 18 }
19 19
20 void 20 void
21@@ -289,6 +290,8 @@ 21@@ -295,6 +296,8 @@
22 options->ip_qos_interactive = IPTOS_LOWDELAY;
23 if (options->ip_qos_bulk == -1)
24 options->ip_qos_bulk = IPTOS_THROUGHPUT; 22 options->ip_qos_bulk = IPTOS_THROUGHPUT;
23 if (options->version_addendum == NULL)
24 options->version_addendum = xstrdup("");
25+ if (options->debian_banner == -1) 25+ if (options->debian_banner == -1)
26+ options->debian_banner = 1; 26+ options->debian_banner = 1;
27
28 /* Turn privilege separation on by default */ 27 /* Turn privilege separation on by default */
29 if (use_privsep == -1) 28 if (use_privsep == -1)
30@@ -338,6 +341,7 @@ 29 use_privsep = PRIVSEP_NOSANDBOX;
30@@ -343,6 +346,7 @@
31 sZeroKnowledgePasswordAuthentication, sHostCertificate, 31 sZeroKnowledgePasswordAuthentication, sHostCertificate,
32 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, 32 sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
33 sKexAlgorithms, sIPQoS, 33 sKexAlgorithms, sIPQoS, sVersionAddendum,
34+ sDebianBanner, 34+ sDebianBanner,
35 sDeprecated, sUnsupported 35 sDeprecated, sUnsupported
36 } ServerOpCodes; 36 } ServerOpCodes;
37 37
38@@ -473,6 +477,7 @@ 38@@ -479,6 +483,7 @@
39 { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
40 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, 39 { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
41 { "ipqos", sIPQoS, SSHCFG_ALL }, 40 { "ipqos", sIPQoS, SSHCFG_ALL },
41 { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
42+ { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, 42+ { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
43 { NULL, sBadOption, 0 } 43 { NULL, sBadOption, 0 }
44 }; 44 };
45 45
46@@ -1436,6 +1441,10 @@ 46@@ -1538,6 +1543,10 @@
47 } 47 }
48 break; 48 return 0;
49 49
50+ case sDebianBanner: 50+ case sDebianBanner:
51+ intptr = &options->debian_banner; 51+ intptr = &options->debian_banner;
@@ -58,34 +58,33 @@ Index: b/servconf.h
58=================================================================== 58===================================================================
59--- a/servconf.h 59--- a/servconf.h
60+++ b/servconf.h 60+++ b/servconf.h
61@@ -166,6 +166,8 @@ 61@@ -172,6 +172,7 @@
62 62 char *authorized_principals_file;
63 int num_permitted_opens;
64 63
64 char *version_addendum; /* Appended to SSH banner */
65+ int debian_banner; 65+ int debian_banner;
66+ 66 } ServerOptions;
67 char *chroot_directory; 67
68 char *revoked_keys_file; 68 /* Information about the incoming connection as used by Match */
69 char *trusted_user_ca_keys;
70Index: b/sshd.c 69Index: b/sshd.c
71=================================================================== 70===================================================================
72--- a/sshd.c 71--- a/sshd.c
73+++ b/sshd.c 72+++ b/sshd.c
74@@ -424,7 +424,8 @@ 73@@ -425,7 +425,8 @@
75 minor = PROTOCOL_MINOR_1;
76 } 74 }
77 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, 75
78- SSH_RELEASE, newline); 76 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
77- major, minor, SSH_RELEASE,
78+ major, minor,
79+ options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, 79+ options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM,
80+ newline); 80 *options.version_addendum == '\0' ? "" : " ",
81 server_version_string = xstrdup(buf); 81 options.version_addendum, newline);
82 82
83 /* Send our protocol version identification. */
84Index: b/sshd_config.5 83Index: b/sshd_config.5
85=================================================================== 84===================================================================
86--- a/sshd_config.5 85--- a/sshd_config.5
87+++ b/sshd_config.5 86+++ b/sshd_config.5
88@@ -340,6 +340,11 @@ 87@@ -342,6 +342,11 @@
89 .Dq no . 88 .Dq no .
90 The default is 89 The default is
91 .Dq delayed . 90 .Dq delayed .
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch
index 8e8285a1f..0615de097 100644
--- a/debian/patches/dnssec-sshfp.patch
+++ b/debian/patches/dnssec-sshfp.patch
@@ -9,7 +9,7 @@ Index: b/dns.c
9=================================================================== 9===================================================================
10--- a/dns.c 10--- a/dns.c
11+++ b/dns.c 11+++ b/dns.c
12@@ -177,6 +177,7 @@ 12@@ -196,6 +196,7 @@
13 { 13 {
14 u_int counter; 14 u_int counter;
15 int result; 15 int result;
@@ -17,7 +17,7 @@ Index: b/dns.c
17 struct rrsetinfo *fingerprints = NULL; 17 struct rrsetinfo *fingerprints = NULL;
18 18
19 u_int8_t hostkey_algorithm; 19 u_int8_t hostkey_algorithm;
20@@ -200,8 +201,19 @@ 20@@ -219,8 +220,19 @@
21 return -1; 21 return -1;
22 } 22 }
23 23
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index d78835bd6..786500feb 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -13,7 +13,7 @@ Description: GSSAPI key exchange support
13 security history. 13 security history.
14Author: Simon Wilkinson <simon@sxw.org.uk> 14Author: Simon Wilkinson <simon@sxw.org.uk>
15Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 15Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
16Last-Updated: 2010-02-27 16Last-Updated: 2012-09-07
17 17
18Index: b/ChangeLog.gssapi 18Index: b/ChangeLog.gssapi
19=================================================================== 19===================================================================
@@ -176,8 +176,8 @@ Index: b/auth-krb5.c
176 #ifndef HEIMDAL 176 #ifndef HEIMDAL
177 krb5_error_code 177 krb5_error_code
178 ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { 178 ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
179- int tmpfd, ret; 179- int tmpfd, ret, oerrno;
180+ int ret; 180+ int ret, oerrno;
181 char ccname[40]; 181 char ccname[40];
182 mode_t old_umask; 182 mode_t old_umask;
183+#ifdef USE_CCAPI 183+#ifdef USE_CCAPI
@@ -196,9 +196,9 @@ Index: b/auth-krb5.c
196+#ifndef USE_CCAPI 196+#ifndef USE_CCAPI
197 old_umask = umask(0177); 197 old_umask = umask(0177);
198 tmpfd = mkstemp(ccname + strlen("FILE:")); 198 tmpfd = mkstemp(ccname + strlen("FILE:"));
199 umask(old_umask); 199 oerrno = errno;
200@@ -249,6 +261,7 @@ 200@@ -251,6 +263,7 @@
201 return errno; 201 return oerrno;
202 } 202 }
203 close(tmpfd); 203 close(tmpfd);
204+#endif 204+#endif
@@ -327,7 +327,7 @@ Index: b/clientloop.c
327 /* import options */ 327 /* import options */
328 extern Options options; 328 extern Options options;
329 329
330@@ -1540,6 +1544,15 @@ 330@@ -1544,6 +1548,15 @@
331 /* Do channel operations unless rekeying in progress. */ 331 /* Do channel operations unless rekeying in progress. */
332 if (!rekeying) { 332 if (!rekeying) {
333 channel_after_select(readset, writeset); 333 channel_after_select(readset, writeset);
@@ -347,7 +347,7 @@ Index: b/config.h.in
347=================================================================== 347===================================================================
348--- a/config.h.in 348--- a/config.h.in
349+++ b/config.h.in 349+++ b/config.h.in
350@@ -1465,6 +1465,9 @@ 350@@ -1471,6 +1471,9 @@
351 /* Use btmp to log bad logins */ 351 /* Use btmp to log bad logins */
352 #undef USE_BTMP 352 #undef USE_BTMP
353 353
@@ -357,7 +357,7 @@ Index: b/config.h.in
357 /* Use libedit for sftp */ 357 /* Use libedit for sftp */
358 #undef USE_LIBEDIT 358 #undef USE_LIBEDIT
359 359
360@@ -1480,6 +1483,9 @@ 360@@ -1486,6 +1489,9 @@
361 /* Use PIPES instead of a socketpair() */ 361 /* Use PIPES instead of a socketpair() */
362 #undef USE_PIPES 362 #undef USE_PIPES
363 363
@@ -1973,7 +1973,7 @@ Index: b/key.c
1973=================================================================== 1973===================================================================
1974--- a/key.c 1974--- a/key.c
1975+++ b/key.c 1975+++ b/key.c
1976@@ -971,6 +971,8 @@ 1976@@ -976,6 +976,8 @@
1977 } 1977 }
1978 break; 1978 break;
1979 #endif /* OPENSSL_HAS_ECC */ 1979 #endif /* OPENSSL_HAS_ECC */
@@ -1982,7 +1982,7 @@ Index: b/key.c
1982 } 1982 }
1983 return "ssh-unknown"; 1983 return "ssh-unknown";
1984 } 1984 }
1985@@ -1276,6 +1278,8 @@ 1985@@ -1281,6 +1283,8 @@
1986 strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) { 1986 strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) {
1987 return KEY_ECDSA_CERT; 1987 return KEY_ECDSA_CERT;
1988 #endif 1988 #endif
@@ -2059,7 +2059,7 @@ Index: b/monitor.c
2059 } else { 2059 } else {
2060 mon_dispatch = mon_dispatch_postauth15; 2060 mon_dispatch = mon_dispatch_postauth15;
2061 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); 2061 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
2062@@ -1803,6 +1820,13 @@ 2062@@ -1800,6 +1817,13 @@
2063 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 2063 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
2064 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 2064 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
2065 kex->kex[KEX_ECDH_SHA2] = kexecdh_server; 2065 kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
@@ -2073,7 +2073,7 @@ Index: b/monitor.c
2073 kex->server = 1; 2073 kex->server = 1;
2074 kex->hostkey_type = buffer_get_int(m); 2074 kex->hostkey_type = buffer_get_int(m);
2075 kex->kex_type = buffer_get_int(m); 2075 kex->kex_type = buffer_get_int(m);
2076@@ -2009,6 +2033,9 @@ 2076@@ -2006,6 +2030,9 @@
2077 OM_uint32 major; 2077 OM_uint32 major;
2078 u_int len; 2078 u_int len;
2079 2079
@@ -2083,7 +2083,7 @@ Index: b/monitor.c
2083 goid.elements = buffer_get_string(m, &len); 2083 goid.elements = buffer_get_string(m, &len);
2084 goid.length = len; 2084 goid.length = len;
2085 2085
2086@@ -2036,6 +2063,9 @@ 2086@@ -2033,6 +2060,9 @@
2087 OM_uint32 flags = 0; /* GSI needs this */ 2087 OM_uint32 flags = 0; /* GSI needs this */
2088 u_int len; 2088 u_int len;
2089 2089
@@ -2093,7 +2093,7 @@ Index: b/monitor.c
2093 in.value = buffer_get_string(m, &len); 2093 in.value = buffer_get_string(m, &len);
2094 in.length = len; 2094 in.length = len;
2095 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); 2095 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
2096@@ -2053,6 +2083,7 @@ 2096@@ -2050,6 +2080,7 @@
2097 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); 2097 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
2098 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 2098 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
2099 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); 2099 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -2101,7 +2101,7 @@ Index: b/monitor.c
2101 } 2101 }
2102 return (0); 2102 return (0);
2103 } 2103 }
2104@@ -2064,6 +2095,9 @@ 2104@@ -2061,6 +2092,9 @@
2105 OM_uint32 ret; 2105 OM_uint32 ret;
2106 u_int len; 2106 u_int len;
2107 2107
@@ -2111,7 +2111,7 @@ Index: b/monitor.c
2111 gssbuf.value = buffer_get_string(m, &len); 2111 gssbuf.value = buffer_get_string(m, &len);
2112 gssbuf.length = len; 2112 gssbuf.length = len;
2113 mic.value = buffer_get_string(m, &len); 2113 mic.value = buffer_get_string(m, &len);
2114@@ -2090,7 +2124,11 @@ 2114@@ -2087,7 +2121,11 @@
2115 { 2115 {
2116 int authenticated; 2116 int authenticated;
2117 2117
@@ -2124,7 +2124,7 @@ Index: b/monitor.c
2124 2124
2125 buffer_clear(m); 2125 buffer_clear(m);
2126 buffer_put_int(m, authenticated); 2126 buffer_put_int(m, authenticated);
2127@@ -2103,6 +2141,74 @@ 2127@@ -2100,6 +2138,74 @@
2128 /* Monitor loop will terminate if authenticated */ 2128 /* Monitor loop will terminate if authenticated */
2129 return (authenticated); 2129 return (authenticated);
2130 } 2130 }
@@ -2406,7 +2406,7 @@ Index: b/servconf.c
2406=================================================================== 2406===================================================================
2407--- a/servconf.c 2407--- a/servconf.c
2408+++ b/servconf.c 2408+++ b/servconf.c
2409@@ -97,7 +97,10 @@ 2409@@ -100,7 +100,10 @@
2410 options->kerberos_ticket_cleanup = -1; 2410 options->kerberos_ticket_cleanup = -1;
2411 options->kerberos_get_afs_token = -1; 2411 options->kerberos_get_afs_token = -1;
2412 options->gss_authentication=-1; 2412 options->gss_authentication=-1;
@@ -2417,7 +2417,7 @@ Index: b/servconf.c
2417 options->password_authentication = -1; 2417 options->password_authentication = -1;
2418 options->kbd_interactive_authentication = -1; 2418 options->kbd_interactive_authentication = -1;
2419 options->challenge_response_authentication = -1; 2419 options->challenge_response_authentication = -1;
2420@@ -225,8 +228,14 @@ 2420@@ -229,8 +232,14 @@
2421 options->kerberos_get_afs_token = 0; 2421 options->kerberos_get_afs_token = 0;
2422 if (options->gss_authentication == -1) 2422 if (options->gss_authentication == -1)
2423 options->gss_authentication = 0; 2423 options->gss_authentication = 0;
@@ -2432,7 +2432,7 @@ Index: b/servconf.c
2432 if (options->password_authentication == -1) 2432 if (options->password_authentication == -1)
2433 options->password_authentication = 1; 2433 options->password_authentication = 1;
2434 if (options->kbd_interactive_authentication == -1) 2434 if (options->kbd_interactive_authentication == -1)
2435@@ -318,7 +327,9 @@ 2435@@ -323,7 +332,9 @@
2436 sBanner, sUseDNS, sHostbasedAuthentication, 2436 sBanner, sUseDNS, sHostbasedAuthentication,
2437 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 2437 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
2438 sClientAliveCountMax, sAuthorizedKeysFile, 2438 sClientAliveCountMax, sAuthorizedKeysFile,
@@ -2443,7 +2443,7 @@ Index: b/servconf.c
2443 sMatch, sPermitOpen, sForceCommand, sChrootDirectory, 2443 sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
2444 sUsePrivilegeSeparation, sAllowAgentForwarding, 2444 sUsePrivilegeSeparation, sAllowAgentForwarding,
2445 sZeroKnowledgePasswordAuthentication, sHostCertificate, 2445 sZeroKnowledgePasswordAuthentication, sHostCertificate,
2446@@ -382,10 +393,20 @@ 2446@@ -387,10 +398,20 @@
2447 #ifdef GSSAPI 2447 #ifdef GSSAPI
2448 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 2448 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
2449 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 2449 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -2464,7 +2464,7 @@ Index: b/servconf.c
2464 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 2464 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
2465 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 2465 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
2466 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 2466 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
2467@@ -962,10 +983,22 @@ 2467@@ -1031,10 +1052,22 @@
2468 intptr = &options->gss_authentication; 2468 intptr = &options->gss_authentication;
2469 goto parse_flag; 2469 goto parse_flag;
2470 2470
@@ -2487,7 +2487,7 @@ Index: b/servconf.c
2487 case sPasswordAuthentication: 2487 case sPasswordAuthentication:
2488 intptr = &options->password_authentication; 2488 intptr = &options->password_authentication;
2489 goto parse_flag; 2489 goto parse_flag;
2490@@ -1720,7 +1753,10 @@ 2490@@ -1868,7 +1901,10 @@
2491 #endif 2491 #endif
2492 #ifdef GSSAPI 2492 #ifdef GSSAPI
2493 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 2493 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
@@ -2893,7 +2893,7 @@ Index: b/sshd.c
2893 #ifdef LIBWRAP 2893 #ifdef LIBWRAP
2894 #include <tcpd.h> 2894 #include <tcpd.h>
2895 #include <syslog.h> 2895 #include <syslog.h>
2896@@ -1616,10 +1620,13 @@ 2896@@ -1607,10 +1611,13 @@
2897 logit("Disabling protocol version 1. Could not load host key"); 2897 logit("Disabling protocol version 1. Could not load host key");
2898 options.protocol &= ~SSH_PROTO_1; 2898 options.protocol &= ~SSH_PROTO_1;
2899 } 2899 }
@@ -2907,7 +2907,7 @@ Index: b/sshd.c
2907 if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { 2907 if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
2908 logit("sshd: no hostkeys available -- exiting."); 2908 logit("sshd: no hostkeys available -- exiting.");
2909 exit(1); 2909 exit(1);
2910@@ -1948,6 +1955,60 @@ 2910@@ -1938,6 +1945,60 @@
2911 /* Log the connection. */ 2911 /* Log the connection. */
2912 verbose("Connection from %.500s port %d", remote_ip, remote_port); 2912 verbose("Connection from %.500s port %d", remote_ip, remote_port);
2913 2913
@@ -2968,7 +2968,7 @@ Index: b/sshd.c
2968 /* 2968 /*
2969 * We don't want to listen forever unless the other side 2969 * We don't want to listen forever unless the other side
2970 * successfully authenticates itself. So we set up an alarm which is 2970 * successfully authenticates itself. So we set up an alarm which is
2971@@ -2329,6 +2390,48 @@ 2971@@ -2319,6 +2380,48 @@
2972 2972
2973 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); 2973 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
2974 2974
@@ -3017,7 +3017,7 @@ Index: b/sshd.c
3017 /* start key exchange */ 3017 /* start key exchange */
3018 kex = kex_setup(myproposal); 3018 kex = kex_setup(myproposal);
3019 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 3019 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
3020@@ -2336,6 +2439,13 @@ 3020@@ -2326,6 +2429,13 @@
3021 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 3021 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
3022 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 3022 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
3023 kex->kex[KEX_ECDH_SHA2] = kexecdh_server; 3023 kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
@@ -3035,7 +3035,7 @@ Index: b/sshd_config
3035=================================================================== 3035===================================================================
3036--- a/sshd_config 3036--- a/sshd_config
3037+++ b/sshd_config 3037+++ b/sshd_config
3038@@ -75,6 +75,8 @@ 3038@@ -77,6 +77,8 @@
3039 # GSSAPI options 3039 # GSSAPI options
3040 #GSSAPIAuthentication no 3040 #GSSAPIAuthentication no
3041 #GSSAPICleanupCredentials yes 3041 #GSSAPICleanupCredentials yes
@@ -3048,7 +3048,7 @@ Index: b/sshd_config.5
3048=================================================================== 3048===================================================================
3049--- a/sshd_config.5 3049--- a/sshd_config.5
3050+++ b/sshd_config.5 3050+++ b/sshd_config.5
3051@@ -424,12 +424,40 @@ 3051@@ -426,12 +426,40 @@
3052 The default is 3052 The default is
3053 .Dq no . 3053 .Dq no .
3054 Note that this option applies to protocol version 2 only. 3054 Note that this option applies to protocol version 2 only.
diff --git a/debian/patches/helpful-wait-terminate.patch b/debian/patches/helpful-wait-terminate.patch
index 857f86456..298e8e216 100644
--- a/debian/patches/helpful-wait-terminate.patch
+++ b/debian/patches/helpful-wait-terminate.patch
@@ -7,7 +7,7 @@ Index: b/serverloop.c
7=================================================================== 7===================================================================
8--- a/serverloop.c 8--- a/serverloop.c
9+++ b/serverloop.c 9+++ b/serverloop.c
10@@ -680,7 +680,7 @@ 10@@ -686,7 +686,7 @@
11 if (!channel_still_open()) 11 if (!channel_still_open())
12 break; 12 break;
13 if (!waiting_termination) { 13 if (!waiting_termination) {
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index eab9914f2..0937a49e6 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -78,7 +78,7 @@ Index: b/ssh_config.5
78 The argument must be 78 The argument must be
79 .Dq yes 79 .Dq yes
80 or 80 or
81@@ -1100,8 +1104,15 @@ 81@@ -1099,8 +1103,15 @@
82 will send a message through the encrypted 82 will send a message through the encrypted
83 channel to request a response from the server. 83 channel to request a response from the server.
84 The default 84 The default
@@ -95,7 +95,7 @@ Index: b/ssh_config.5
95 .It Cm StrictHostKeyChecking 95 .It Cm StrictHostKeyChecking
96 If this flag is set to 96 If this flag is set to
97 .Dq yes , 97 .Dq yes ,
98@@ -1140,6 +1151,12 @@ 98@@ -1139,6 +1150,12 @@
99 other side. 99 other side.
100 If they are sent, death of the connection or crash of one 100 If they are sent, death of the connection or crash of one
101 of the machines will be properly noticed. 101 of the machines will be properly noticed.
@@ -112,7 +112,7 @@ Index: b/sshd_config.5
112=================================================================== 112===================================================================
113--- a/sshd_config.5 113--- a/sshd_config.5
114+++ b/sshd_config.5 114+++ b/sshd_config.5
115@@ -1037,6 +1037,9 @@ 115@@ -1048,6 +1048,9 @@
116 .Pp 116 .Pp
117 To disable TCP keepalive messages, the value should be set to 117 To disable TCP keepalive messages, the value should be set to
118 .Dq no . 118 .Dq no .
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
index 59fc441a7..fe8ebe757 100644
--- a/debian/patches/openbsd-docs.patch
+++ b/debian/patches/openbsd-docs.patch
@@ -34,7 +34,7 @@ Index: b/ssh-keygen.1
34=================================================================== 34===================================================================
35--- a/ssh-keygen.1 35--- a/ssh-keygen.1
36+++ b/ssh-keygen.1 36+++ b/ssh-keygen.1
37@@ -150,9 +150,7 @@ 37@@ -152,9 +152,7 @@
38 .Pa ~/.ssh/id_dsa 38 .Pa ~/.ssh/id_dsa
39 or 39 or
40 .Pa ~/.ssh/id_rsa . 40 .Pa ~/.ssh/id_rsa .
@@ -45,7 +45,7 @@ Index: b/ssh-keygen.1
45 .Pp 45 .Pp
46 Normally this program generates the key and asks for a file in which 46 Normally this program generates the key and asks for a file in which
47 to store the private key. 47 to store the private key.
48@@ -198,9 +196,7 @@ 48@@ -200,9 +198,7 @@
49 For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys 49 For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys
50 do not exist, generate the host keys with the default key file path, 50 do not exist, generate the host keys with the default key file path,
51 an empty passphrase, default bits for the key type, and default comment. 51 an empty passphrase, default bits for the key type, and default comment.
@@ -56,7 +56,7 @@ Index: b/ssh-keygen.1
56 .It Fl a Ar trials 56 .It Fl a Ar trials
57 Specifies the number of primality tests to perform when screening DH-GEX 57 Specifies the number of primality tests to perform when screening DH-GEX
58 candidates using the 58 candidates using the
59@@ -544,7 +540,7 @@ 59@@ -556,7 +552,7 @@
60 Valid generator values are 2, 3, and 5. 60 Valid generator values are 2, 3, and 5.
61 .Pp 61 .Pp
62 Screened DH groups may be installed in 62 Screened DH groups may be installed in
@@ -65,7 +65,7 @@ Index: b/ssh-keygen.1
65 It is important that this file contains moduli of a range of bit lengths and 65 It is important that this file contains moduli of a range of bit lengths and
66 that both ends of a connection share common moduli. 66 that both ends of a connection share common moduli.
67 .Sh CERTIFICATES 67 .Sh CERTIFICATES
68@@ -670,7 +666,7 @@ 68@@ -682,7 +678,7 @@
69 where the user wishes to log in using public key authentication. 69 where the user wishes to log in using public key authentication.
70 There is no need to keep the contents of this file secret. 70 There is no need to keep the contents of this file secret.
71 .Pp 71 .Pp
@@ -102,7 +102,7 @@ Index: b/sshd.8
102 It forks a new 102 It forks a new
103 daemon for each incoming connection. 103 daemon for each incoming connection.
104 The forked daemons handle 104 The forked daemons handle
105@@ -856,7 +856,7 @@ 105@@ -858,7 +858,7 @@
106 .Xr ssh 1 ) . 106 .Xr ssh 1 ) .
107 It should only be writable by root. 107 It should only be writable by root.
108 .Pp 108 .Pp
@@ -111,7 +111,7 @@ Index: b/sshd.8
111 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". 111 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
112 The file format is described in 112 The file format is described in
113 .Xr moduli 5 . 113 .Xr moduli 5 .
114@@ -954,7 +954,6 @@ 114@@ -956,7 +956,6 @@
115 .Xr ssh-vulnkey 1 , 115 .Xr ssh-vulnkey 1 ,
116 .Xr chroot 2 , 116 .Xr chroot 2 ,
117 .Xr hosts_access 5 , 117 .Xr hosts_access 5 ,
@@ -123,7 +123,7 @@ Index: b/sshd_config.5
123=================================================================== 123===================================================================
124--- a/sshd_config.5 124--- a/sshd_config.5
125+++ b/sshd_config.5 125+++ b/sshd_config.5
126@@ -222,8 +222,7 @@ 126@@ -224,8 +224,7 @@
127 By default, no banner is displayed. 127 By default, no banner is displayed.
128 .It Cm ChallengeResponseAuthentication 128 .It Cm ChallengeResponseAuthentication
129 Specifies whether challenge-response authentication is allowed (e.g. via 129 Specifies whether challenge-response authentication is allowed (e.g. via
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
index 64606e2e9..b396cb116 100644
--- a/debian/patches/package-versioning.patch
+++ b/debian/patches/package-versioning.patch
@@ -5,7 +5,7 @@ Description: Include the Debian version in our identification
5 vulnerable-looking version strings. (However, see debian-banner.patch.) 5 vulnerable-looking version strings. (However, see debian-banner.patch.)
6Author: Matthew Vernon <matthew@debian.org> 6Author: Matthew Vernon <matthew@debian.org>
7Forwarded: not-needed 7Forwarded: not-needed
8Last-Update: 2010-02-28 8Last-Update: 2012-09-07
9 9
10Index: b/sshconnect.c 10Index: b/sshconnect.c
11=================================================================== 11===================================================================
@@ -24,21 +24,21 @@ Index: b/sshd.c
24=================================================================== 24===================================================================
25--- a/sshd.c 25--- a/sshd.c
26+++ b/sshd.c 26+++ b/sshd.c
27@@ -424,7 +424,7 @@ 27@@ -425,7 +425,7 @@
28 minor = PROTOCOL_MINOR_1;
29 } 28 }
30 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
31- SSH_VERSION, newline);
32+ SSH_RELEASE, newline);
33 server_version_string = xstrdup(buf);
34 29
35 /* Send our protocol version identification. */ 30 xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
31- major, minor, SSH_VERSION,
32+ major, minor, SSH_RELEASE,
33 *options.version_addendum == '\0' ? "" : " ",
34 options.version_addendum, newline);
35
36Index: b/version.h 36Index: b/version.h
37=================================================================== 37===================================================================
38--- a/version.h 38--- a/version.h
39+++ b/version.h 39+++ b/version.h
40@@ -3,4 +3,9 @@ 40@@ -3,4 +3,9 @@
41 #define SSH_VERSION "OpenSSH_6.0" 41 #define SSH_VERSION "OpenSSH_6.1"
42 42
43 #define SSH_PORTABLE "p1" 43 #define SSH_PORTABLE "p1"
44-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE 44-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch
index db2cba1e1..e436fe59e 100644
--- a/debian/patches/quieter-signals.patch
+++ b/debian/patches/quieter-signals.patch
@@ -16,7 +16,7 @@ Index: b/clientloop.c
16=================================================================== 16===================================================================
17--- a/clientloop.c 17--- a/clientloop.c
18+++ b/clientloop.c 18+++ b/clientloop.c
19@@ -1651,8 +1651,10 @@ 19@@ -1655,8 +1655,10 @@
20 exit_status = 0; 20 exit_status = 0;
21 } 21 }
22 22
diff --git a/debian/patches/sandbox-fallback.patch b/debian/patches/sandbox-fallback.patch
deleted file mode 100644
index 124504b36..000000000
--- a/debian/patches/sandbox-fallback.patch
+++ /dev/null
@@ -1,925 +0,0 @@
1Description: Add a sandbox fallback mechanism
2Author: Colin Watson <cjwatson@debian.org>
3Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2011
4Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=2011
5Last-Update: 2012-05-26
6
7Index: b/Makefile.in
8===================================================================
9--- a/Makefile.in
10+++ b/Makefile.in
11@@ -93,8 +93,8 @@
12 loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
13 sftp-server.o sftp-common.o \
14 roaming_common.o roaming_serv.o \
15- sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
16- sandbox-seccomp-filter.o
17+ sandbox.o sandbox-null.o sandbox-rlimit.o sandbox-systrace.o \
18+ sandbox-darwin.o sandbox-seccomp-filter.o
19
20 MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
21 MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
22Index: b/configure.ac
23===================================================================
24--- a/configure.ac
25+++ b/configure.ac
26@@ -126,25 +126,6 @@
27 #include <linux/seccomp.h>
28 ])
29 fi
30-if test "x$have_seccomp_filter" = "x1" ; then
31-AC_MSG_CHECKING([kernel for seccomp_filter support])
32-AC_RUN_IFELSE([AC_LANG_PROGRAM([[
33- #include <errno.h>
34- #include <linux/seccomp.h>
35- #include <stdlib.h>
36- #include <sys/prctl.h>
37- ]],
38- [[ errno = 0;
39- prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
40- exit(errno == EFAULT ? 0 : 1); ]])],
41- [ AC_MSG_RESULT([yes]) ], [
42- AC_MSG_RESULT([no])
43- # Disable seccomp filter as a target
44- have_seccomp_filter=0
45- ],
46- [ AC_MSG_RESULT([cross-compiling, assuming yes]) ]
47-)
48-fi
49
50 use_stack_protector=1
51 AC_ARG_WITH([stackprotect],
52@@ -2599,21 +2580,24 @@
53 fi
54 ]
55 )
56+SANDBOX_STYLE=""
57 if test "x$sandbox_arg" = "xsystrace" || \
58 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
59 test "x$have_systr_policy_kill" != "x1" && \
60 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
61- SANDBOX_STYLE="systrace"
62+ SANDBOX_STYLE="$SANDBOX_STYLE systrace"
63 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
64-elif test "x$sandbox_arg" = "xdarwin" || \
65+fi
66+if test "x$sandbox_arg" = "xdarwin" || \
67 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
68 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
69 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
70 "x$ac_cv_header_sandbox_h" != "xyes" && \
71 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
72- SANDBOX_STYLE="darwin"
73+ SANDBOX_STYLE="$SANDBOX_STYLE darwin"
74 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
75-elif test "x$sandbox_arg" = "xseccomp_filter" || \
76+fi
77+if test "x$sandbox_arg" = "xseccomp_filter" || \
78 ( test -z "$sandbox_arg" && \
79 test "x$have_seccomp_filter" = "x1" && \
80 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
81@@ -2628,21 +2612,24 @@
82 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
83 test "x$ac_cv_func_prctl" != "xyes" && \
84 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
85- SANDBOX_STYLE="seccomp_filter"
86+ SANDBOX_STYLE="$SANDBOX_STYLE seccomp_filter"
87 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
88-elif test "x$sandbox_arg" = "xrlimit" || \
89+fi
90+if test "x$sandbox_arg" = "xrlimit" || \
91 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
92 test "x$ac_cv_func_setrlimit" != "xyes" && \
93 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
94- SANDBOX_STYLE="rlimit"
95+ SANDBOX_STYLE="$SANDBOX_STYLE rlimit"
96 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
97-elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
98+fi
99+if test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
100 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
101- SANDBOX_STYLE="none"
102- AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
103-else
104+ SANDBOX_STYLE="$SANDBOX_STYLE none"
105+fi
106+if test -z "$SANDBOX_STYLE" ; then
107 AC_MSG_ERROR([unsupported --with-sandbox])
108 fi
109+SANDBOX_STYLE="${SANDBOX_STYLE# }"
110
111 # Cheap hack to ensure NEWS-OS libraries are arranged right.
112 if test ! -z "$SONY" ; then
113Index: b/configure
114===================================================================
115--- a/configure
116+++ b/configure
117@@ -5598,48 +5598,6 @@
118 fi
119
120 fi
121-if test "x$have_seccomp_filter" = "x1" ; then
122-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel for seccomp_filter support" >&5
123-$as_echo_n "checking kernel for seccomp_filter support... " >&6; }
124-if test "$cross_compiling" = yes; then :
125- { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5
126-$as_echo "cross-compiling, assuming yes" >&6; }
127-
128-else
129- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
130-/* end confdefs.h. */
131-
132- #include <errno.h>
133- #include <linux/seccomp.h>
134- #include <stdlib.h>
135- #include <sys/prctl.h>
136-
137-int
138-main ()
139-{
140- errno = 0;
141- prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
142- exit(errno == EFAULT ? 0 : 1);
143- ;
144- return 0;
145-}
146-_ACEOF
147-if ac_fn_c_try_run "$LINENO"; then :
148- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
149-$as_echo "yes" >&6; }
150-else
151-
152- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
153-$as_echo "no" >&6; }
154- # Disable seccomp filter as a target
155- have_seccomp_filter=0
156-
157-fi
158-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
159- conftest.$ac_objext conftest.beam conftest.$ac_ext
160-fi
161-
162-fi
163
164 use_stack_protector=1
165
166@@ -11898,25 +11856,28 @@
167
168 fi
169
170+SANDBOX_STYLE=""
171 if test "x$sandbox_arg" = "xsystrace" || \
172 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
173 test "x$have_systr_policy_kill" != "x1" && \
174 as_fn_error $? "systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" "$LINENO" 5
175- SANDBOX_STYLE="systrace"
176+ SANDBOX_STYLE="$SANDBOX_STYLE systrace"
177
178 $as_echo "#define SANDBOX_SYSTRACE 1" >>confdefs.h
179
180-elif test "x$sandbox_arg" = "xdarwin" || \
181+fi
182+if test "x$sandbox_arg" = "xdarwin" || \
183 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
184 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
185 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
186 "x$ac_cv_header_sandbox_h" != "xyes" && \
187 as_fn_error $? "Darwin seatbelt sandbox requires sandbox.h and sandbox_init function" "$LINENO" 5
188- SANDBOX_STYLE="darwin"
189+ SANDBOX_STYLE="$SANDBOX_STYLE darwin"
190
191 $as_echo "#define SANDBOX_DARWIN 1" >>confdefs.h
192
193-elif test "x$sandbox_arg" = "xseccomp_filter" || \
194+fi
195+if test "x$sandbox_arg" = "xseccomp_filter" || \
196 ( test -z "$sandbox_arg" && \
197 test "x$have_seccomp_filter" = "x1" && \
198 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
199@@ -11931,27 +11892,28 @@
200 as_fn_error $? "seccomp_filter sandbox requires seccomp headers" "$LINENO" 5
201 test "x$ac_cv_func_prctl" != "xyes" && \
202 as_fn_error $? "seccomp_filter sandbox requires prctl function" "$LINENO" 5
203- SANDBOX_STYLE="seccomp_filter"
204+ SANDBOX_STYLE="$SANDBOX_STYLE seccomp_filter"
205
206 $as_echo "#define SANDBOX_SECCOMP_FILTER 1" >>confdefs.h
207
208-elif test "x$sandbox_arg" = "xrlimit" || \
209+fi
210+if test "x$sandbox_arg" = "xrlimit" || \
211 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
212 test "x$ac_cv_func_setrlimit" != "xyes" && \
213 as_fn_error $? "rlimit sandbox requires setrlimit function" "$LINENO" 5
214- SANDBOX_STYLE="rlimit"
215+ SANDBOX_STYLE="$SANDBOX_STYLE rlimit"
216
217 $as_echo "#define SANDBOX_RLIMIT 1" >>confdefs.h
218
219-elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
220+fi
221+if test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
222 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
223- SANDBOX_STYLE="none"
224-
225-$as_echo "#define SANDBOX_NULL 1" >>confdefs.h
226-
227-else
228+ SANDBOX_STYLE="$SANDBOX_STYLE none"
229+fi
230+if test -z "$SANDBOX_STYLE" ; then
231 as_fn_error $? "unsupported --with-sandbox" "$LINENO" 5
232 fi
233+SANDBOX_STYLE="${SANDBOX_STYLE# }"
234
235 # Cheap hack to ensure NEWS-OS libraries are arranged right.
236 if test ! -z "$SONY" ; then
237Index: b/config.h.in
238===================================================================
239--- a/config.h.in
240+++ b/config.h.in
241@@ -1365,9 +1365,6 @@
242 /* Sandbox using Darwin sandbox_init(3) */
243 #undef SANDBOX_DARWIN
244
245-/* no privsep sandboxing */
246-#undef SANDBOX_NULL
247-
248 /* Sandbox using setrlimit(2) */
249 #undef SANDBOX_RLIMIT
250
251Index: b/sandbox-darwin.c
252===================================================================
253--- a/sandbox-darwin.c
254+++ b/sandbox-darwin.c
255@@ -16,10 +16,12 @@
256
257 #include "includes.h"
258
259-#ifdef SANDBOX_DARWIN
260-
261 #include <sys/types.h>
262
263+#include "ssh-sandbox.h"
264+
265+#ifdef SANDBOX_DARWIN
266+
267 #include <sandbox.h>
268
269 #include <errno.h>
270@@ -30,7 +32,6 @@
271 #include <unistd.h>
272
273 #include "log.h"
274-#include "sandbox.h"
275 #include "xmalloc.h"
276
277 /* Darwin/OS X sandbox */
278@@ -39,8 +40,14 @@
279 pid_t child_pid;
280 };
281
282-struct ssh_sandbox *
283-ssh_sandbox_init(void)
284+static int
285+sandbox_darwin_probe(void)
286+{
287+ return 1;
288+}
289+
290+static void *
291+sandbox_darwin_init(void)
292 {
293 struct ssh_sandbox *box;
294
295@@ -55,9 +62,10 @@
296 return box;
297 }
298
299-void
300-ssh_sandbox_child(struct ssh_sandbox *box)
301+static void
302+sandbox_darwin_child(void *vbox)
303 {
304+ struct ssh_sandbox *box = vbox;
305 char *errmsg;
306 struct rlimit rl_zero;
307
308@@ -82,17 +90,39 @@
309 __func__, strerror(errno));
310 }
311
312-void
313-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
314+static void
315+sandbox_darwin_parent_finish(void *vbox)
316 {
317- free(box);
318+ free(vbox);
319 debug3("%s: finished", __func__);
320 }
321
322-void
323-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
324+static void
325+sandbox_darwin_parent_preauth(void *box, pid_t child_pid)
326 {
327+ struct ssh_sandbox *box = vbox;
328+
329 box->child_pid = child_pid;
330 }
331
332+Sandbox ssh_sandbox_darwin = {
333+ "darwin",
334+ sandbox_darwin_probe,
335+ sandbox_darwin_init,
336+ sandbox_darwin_child,
337+ sandbox_darwin_parent_finish,
338+ sandbox_darwin_parent_preauth
339+};
340+
341+#else /* !SANDBOX_DARWIN */
342+
343+Sandbox ssh_sandbox_darwin = {
344+ "darwin",
345+ NULL,
346+ NULL,
347+ NULL,
348+ NULL,
349+ NULL
350+};
351+
352 #endif /* SANDBOX_DARWIN */
353Index: b/sandbox-null.c
354===================================================================
355--- a/sandbox-null.c
356+++ b/sandbox-null.c
357@@ -17,8 +17,6 @@
358
359 #include "includes.h"
360
361-#ifdef SANDBOX_NULL
362-
363 #include <sys/types.h>
364
365 #include <errno.h>
366@@ -38,8 +36,14 @@
367 int junk;
368 };
369
370-struct ssh_sandbox *
371-ssh_sandbox_init(void)
372+static int
373+sandbox_null_probe(void)
374+{
375+ return 1;
376+}
377+
378+static void *
379+sandbox_null_init(void)
380 {
381 struct ssh_sandbox *box;
382
383@@ -51,22 +55,29 @@
384 return box;
385 }
386
387-void
388-ssh_sandbox_child(struct ssh_sandbox *box)
389+static void
390+sandbox_null_child(void *vbox)
391 {
392 /* Nothing to do here */
393 }
394
395-void
396-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
397+static void
398+sandbox_null_parent_finish(void *vbox)
399 {
400- free(box);
401+ free(vbox);
402 }
403
404-void
405-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
406+static void
407+sandbox_null_parent_preauth(void *box, pid_t child_pid)
408 {
409 /* Nothing to do here */
410 }
411
412-#endif /* SANDBOX_NULL */
413+Sandbox ssh_sandbox_null = {
414+ "null",
415+ sandbox_null_probe,
416+ sandbox_null_init,
417+ sandbox_null_child,
418+ sandbox_null_parent_finish,
419+ sandbox_null_parent_preauth
420+};
421Index: b/sandbox-rlimit.c
422===================================================================
423--- a/sandbox-rlimit.c
424+++ b/sandbox-rlimit.c
425@@ -17,9 +17,12 @@
426
427 #include "includes.h"
428
429+#include <sys/types.h>
430+
431+#include "ssh-sandbox.h"
432+
433 #ifdef SANDBOX_RLIMIT
434
435-#include <sys/types.h>
436 #include <sys/param.h>
437 #include <sys/time.h>
438 #include <sys/resource.h>
439@@ -32,7 +35,6 @@
440 #include <unistd.h>
441
442 #include "log.h"
443-#include "ssh-sandbox.h"
444 #include "xmalloc.h"
445
446 /* Minimal sandbox that sets zero nfiles, nprocs and filesize rlimits */
447@@ -41,8 +43,14 @@
448 pid_t child_pid;
449 };
450
451-struct ssh_sandbox *
452-ssh_sandbox_init(void)
453+static int
454+sandbox_rlimit_probe(void)
455+{
456+ return 1;
457+}
458+
459+static void *
460+sandbox_rlimit_init(void)
461 {
462 struct ssh_sandbox *box;
463
464@@ -57,8 +65,8 @@
465 return box;
466 }
467
468-void
469-ssh_sandbox_child(struct ssh_sandbox *box)
470+static void
471+sandbox_rlimit_child(void *vbox)
472 {
473 struct rlimit rl_zero;
474
475@@ -77,17 +85,39 @@
476 #endif
477 }
478
479-void
480-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
481+static void
482+sandbox_rlimit_parent_finish(void *vbox)
483 {
484- free(box);
485+ free(vbox);
486 debug3("%s: finished", __func__);
487 }
488
489-void
490-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
491+static void
492+sandbox_rlimit_parent_preauth(void *vbox, pid_t child_pid)
493 {
494+ struct ssh_sandbox *box = vbox;
495+
496 box->child_pid = child_pid;
497 }
498
499+Sandbox ssh_sandbox_rlimit = {
500+ "rlimit",
501+ sandbox_rlimit_probe,
502+ sandbox_rlimit_init,
503+ sandbox_rlimit_child,
504+ sandbox_rlimit_parent_finish,
505+ sandbox_rlimit_parent_preauth
506+};
507+
508+#else /* !SANDBOX_RLIMIT */
509+
510+Sandbox ssh_sandbox_rlimit = {
511+ "rlimit",
512+ NULL,
513+ NULL,
514+ NULL,
515+ NULL,
516+ NULL
517+};
518+
519 #endif /* SANDBOX_RLIMIT */
520Index: b/sandbox-seccomp-filter.c
521===================================================================
522--- a/sandbox-seccomp-filter.c
523+++ b/sandbox-seccomp-filter.c
524@@ -35,11 +35,15 @@
525
526 #include "includes.h"
527
528+#include <sys/types.h>
529+
530+#include "ssh-sandbox.h"
531+
532 #ifdef SANDBOX_SECCOMP_FILTER
533
534-#include <sys/types.h>
535 #include <sys/resource.h>
536 #include <sys/prctl.h>
537+#include <sys/wait.h>
538
539 #include <linux/audit.h>
540 #include <linux/filter.h>
541@@ -57,7 +61,6 @@
542 #include <unistd.h>
543
544 #include "log.h"
545-#include "ssh-sandbox.h"
546 #include "xmalloc.h"
547
548 /* Linux seccomp_filter sandbox */
549@@ -122,8 +125,33 @@
550 pid_t child_pid;
551 };
552
553-struct ssh_sandbox *
554-ssh_sandbox_init(void)
555+static int
556+sandbox_seccomp_filter_probe(void)
557+{
558+ int status;
559+ pid_t pid;
560+
561+ pid = fork();
562+ if (pid == -1) {
563+ fatal("fork of seccomp_filter probe child failed");
564+ } else if (pid != 0) {
565+ /* parent */
566+ while (waitpid(pid, &status, 0) < 0) {
567+ if (errno == EINTR)
568+ continue;
569+ fatal("%s: waitpid: %s", __func__, strerror(errno));
570+ }
571+ return (WIFEXITED(status) && WEXITSTATUS(status) == 0);
572+ } else {
573+ /* child */
574+ errno = 0;
575+ prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
576+ _exit(errno == EFAULT ? 0 : 1);
577+ }
578+}
579+
580+static void *
581+sandbox_seccomp_filter_init(void)
582 {
583 struct ssh_sandbox *box;
584
585@@ -143,7 +171,8 @@
586 void mm_log_handler(LogLevel level, const char *msg, void *ctx);
587
588 static void
589-ssh_sandbox_violation(int signum, siginfo_t *info, void *void_context)
590+sandbox_seccomp_filter_violation(int signum, siginfo_t *info,
591+ void *void_context)
592 {
593 char msg[256];
594
595@@ -155,7 +184,7 @@
596 }
597
598 static void
599-ssh_sandbox_child_debugging(void)
600+sandbox_seccomp_filter_child_debugging(void)
601 {
602 struct sigaction act;
603 sigset_t mask;
604@@ -165,7 +194,7 @@
605 sigemptyset(&mask);
606 sigaddset(&mask, SIGSYS);
607
608- act.sa_sigaction = &ssh_sandbox_violation;
609+ act.sa_sigaction = &sandbox_seccomp_filter_violation;
610 act.sa_flags = SA_SIGINFO;
611 if (sigaction(SIGSYS, &act, NULL) == -1)
612 fatal("%s: sigaction(SIGSYS): %s", __func__, strerror(errno));
613@@ -175,8 +204,8 @@
614 }
615 #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
616
617-void
618-ssh_sandbox_child(struct ssh_sandbox *box)
619+static void
620+sandbox_seccomp_filter_child(void *vbox)
621 {
622 struct rlimit rl_zero;
623
624@@ -193,7 +222,7 @@
625 __func__, strerror(errno));
626
627 #ifdef SANDBOX_SECCOMP_FILTER_DEBUG
628- ssh_sandbox_child_debugging();
629+ sandbox_seccomp_filter_child_debugging();
630 #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
631
632 debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__);
633@@ -206,17 +235,39 @@
634 __func__, strerror(errno));
635 }
636
637-void
638-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
639+static void
640+sandbox_seccomp_filter_parent_finish(void *vbox)
641 {
642- free(box);
643+ free(vbox);
644 debug3("%s: finished", __func__);
645 }
646
647-void
648-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
649+static void
650+sandbox_seccomp_filter_parent_preauth(void *vbox, pid_t child_pid)
651 {
652+ struct ssh_sandbox *box = vbox;
653+
654 box->child_pid = child_pid;
655 }
656
657+Sandbox ssh_sandbox_seccomp_filter = {
658+ "seccomp_filter",
659+ sandbox_seccomp_filter_probe,
660+ sandbox_seccomp_filter_init,
661+ sandbox_seccomp_filter_child,
662+ sandbox_seccomp_filter_parent_finish,
663+ sandbox_seccomp_filter_parent_preauth
664+};
665+
666+#else /* !SANDBOX_SECCOMP_FILTER */
667+
668+Sandbox ssh_sandbox_seccomp_filter = {
669+ "seccomp_filter",
670+ NULL,
671+ NULL,
672+ NULL,
673+ NULL,
674+ NULL
675+};
676+
677 #endif /* SANDBOX_SECCOMP_FILTER */
678Index: b/sandbox-systrace.c
679===================================================================
680--- a/sandbox-systrace.c
681+++ b/sandbox-systrace.c
682@@ -17,9 +17,12 @@
683
684 #include "includes.h"
685
686+#include <sys/types.h>
687+
688+#include "ssh-sandbox.h"
689+
690 #ifdef SANDBOX_SYSTRACE
691
692-#include <sys/types.h>
693 #include <sys/param.h>
694 #include <sys/ioctl.h>
695 #include <sys/syscall.h>
696@@ -38,7 +41,6 @@
697
698 #include "atomicio.h"
699 #include "log.h"
700-#include "ssh-sandbox.h"
701 #include "xmalloc.h"
702
703 struct sandbox_policy {
704@@ -74,8 +76,14 @@
705 pid_t child_pid;
706 };
707
708-struct ssh_sandbox *
709-ssh_sandbox_init(void)
710+static int
711+sandbox_systrace_probe(void)
712+{
713+ return 1;
714+}
715+
716+static void *
717+sandbox_systrace_init(void)
718 {
719 struct ssh_sandbox *box;
720 int s[2];
721@@ -92,9 +100,10 @@
722 return box;
723 }
724
725-void
726-ssh_sandbox_child(struct ssh_sandbox *box)
727+static void
728+sandbox_systrace_child(void *vbox)
729 {
730+ struct ssh_sandbox *box = vbox;
731 char whatever = 0;
732
733 close(box->parent_sock);
734@@ -110,7 +119,7 @@
735 }
736
737 static void
738-ssh_sandbox_parent(struct ssh_sandbox *box, pid_t child_pid,
739+sandbox_systrace_parent(struct ssh_sandbox *box, pid_t child_pid,
740 const struct sandbox_policy *allowed_syscalls)
741 {
742 int dev_systrace, i, j, found;
743@@ -179,9 +188,11 @@
744 close(box->parent_sock);
745 }
746
747-void
748-ssh_sandbox_parent_finish(struct ssh_sandbox *box)
749+static void
750+sandbox_systrace_parent_finish(void *vbox)
751 {
752+ struct ssh_sandbox *box = vbox;
753+
754 /* Closing this before the child exits will terminate it */
755 close(box->systrace_fd);
756
757@@ -189,10 +200,32 @@
758 debug3("%s: finished", __func__);
759 }
760
761-void
762-ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid)
763+static void
764+sandbox_systrace_parent_preauth(void *vbox, pid_t child_pid)
765 {
766+ struct ssh_sandbox *box = vbox;
767+
768 ssh_sandbox_parent(box, child_pid, preauth_policy);
769 }
770
771+Sandbox ssh_sandbox_systrace = {
772+ "systrace",
773+ sandbox_systrace_probe,
774+ sandbox_systrace_init,
775+ sandbox_systrace_child,
776+ sandbox_systrace_parent_finish,
777+ sandbox_systrace_parent_preauth
778+};
779+
780+#else /* !SANDBOX_SYSTRACE */
781+
782+Sandbox ssh_sandbox_systrace = {
783+ "systrace",
784+ NULL,
785+ NULL,
786+ NULL,
787+ NULL,
788+ NULL
789+};
790+
791 #endif /* SANDBOX_SYSTRACE */
792Index: b/sandbox.c
793===================================================================
794--- /dev/null
795+++ b/sandbox.c
796@@ -0,0 +1,82 @@
797+/* $Id$ */
798+/*
799+ * Copyright (c) 2012 Colin Watson <cjwatson@debian.org>
800+ *
801+ * Permission to use, copy, modify, and distribute this software for any
802+ * purpose with or without fee is hereby granted, provided that the above
803+ * copyright notice and this permission notice appear in all copies.
804+ *
805+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
806+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
807+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
808+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
809+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
810+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
811+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
812+ */
813+
814+#include <sys/types.h>
815+
816+#include <stdlib.h>
817+#include <stdarg.h>
818+
819+#include "log.h"
820+#include "ssh-sandbox.h"
821+
822+static Sandbox *sandboxes[] = {
823+ &ssh_sandbox_systrace,
824+ &ssh_sandbox_darwin,
825+ &ssh_sandbox_seccomp_filter,
826+ &ssh_sandbox_rlimit,
827+ &ssh_sandbox_null,
828+ NULL
829+};
830+
831+static Sandbox *selected;
832+
833+static void
834+sandbox_select(void)
835+{
836+ Sandbox **sandbox;
837+
838+ if (selected)
839+ return;
840+
841+ for (sandbox = sandboxes; sandbox; sandbox++) {
842+ if ((*sandbox)->probe && (*sandbox)->probe()) {
843+ selected = *sandbox;
844+ return;
845+ }
846+ }
847+
848+ /* should never happen, as ssh_sandbox_null always succeeds */
849+ fatal("no sandbox implementation found");
850+}
851+
852+void *
853+ssh_sandbox_init(void)
854+{
855+ sandbox_select();
856+ return selected->init();
857+}
858+
859+void
860+ssh_sandbox_child(void *box)
861+{
862+ sandbox_select();
863+ return selected->child(box);
864+}
865+
866+void
867+ssh_sandbox_parent_finish(void *box)
868+{
869+ sandbox_select();
870+ return selected->parent_finish(box);
871+}
872+
873+void
874+ssh_sandbox_parent_preauth(void *box, pid_t child_pid)
875+{
876+ sandbox_select();
877+ return selected->parent_preauth(box, child_pid);
878+}
879Index: b/ssh-sandbox.h
880===================================================================
881--- a/ssh-sandbox.h
882+++ b/ssh-sandbox.h
883@@ -15,9 +15,24 @@
884 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
885 */
886
887-struct ssh_sandbox;
888+typedef struct Sandbox Sandbox;
889
890-struct ssh_sandbox *ssh_sandbox_init(void);
891-void ssh_sandbox_child(struct ssh_sandbox *);
892-void ssh_sandbox_parent_finish(struct ssh_sandbox *);
893-void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t);
894+struct Sandbox {
895+ const char *name;
896+ int (*probe)(void);
897+ void *(*init)(void);
898+ void (*child)(void *);
899+ void (*parent_finish)(void *);
900+ void (*parent_preauth)(void *, pid_t);
901+};
902+
903+void *ssh_sandbox_init(void);
904+void ssh_sandbox_child(void *);
905+void ssh_sandbox_parent_finish(void *);
906+void ssh_sandbox_parent_preauth(void *, pid_t);
907+
908+extern Sandbox ssh_sandbox_systrace;
909+extern Sandbox ssh_sandbox_darwin;
910+extern Sandbox ssh_sandbox_seccomp_filter;
911+extern Sandbox ssh_sandbox_rlimit;
912+extern Sandbox ssh_sandbox_null;
913Index: b/sshd.c
914===================================================================
915--- a/sshd.c
916+++ b/sshd.c
917@@ -631,7 +631,7 @@
918 {
919 int status;
920 pid_t pid;
921- struct ssh_sandbox *box = NULL;
922+ void *box = NULL;
923
924 /* Set up unprivileged child process to deal with network data */
925 pmonitor = monitor_init();
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index 0d696989a..80fe3247b 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -108,7 +108,7 @@ Index: b/monitor.c
108 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 108 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
109 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 109 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
110 #ifdef USE_PAM 110 #ifdef USE_PAM
111@@ -811,6 +813,7 @@ 111@@ -808,6 +810,7 @@
112 else { 112 else {
113 /* Allow service/style information on the auth context */ 113 /* Allow service/style information on the auth context */
114 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 114 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -116,7 +116,7 @@ Index: b/monitor.c
116 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 116 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
117 } 117 }
118 #ifdef USE_PAM 118 #ifdef USE_PAM
119@@ -843,14 +846,37 @@ 119@@ -840,14 +843,37 @@
120 120
121 authctxt->service = buffer_get_string(m, NULL); 121 authctxt->service = buffer_get_string(m, NULL);
122 authctxt->style = buffer_get_string(m, NULL); 122 authctxt->style = buffer_get_string(m, NULL);
@@ -156,7 +156,7 @@ Index: b/monitor.c
156 return (0); 156 return (0);
157 } 157 }
158 158
159@@ -1438,7 +1464,7 @@ 159@@ -1435,7 +1461,7 @@
160 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 160 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
161 if (res == 0) 161 if (res == 0)
162 goto error; 162 goto error;
@@ -436,7 +436,7 @@ Index: b/sshd.c
436=================================================================== 436===================================================================
437--- a/sshd.c 437--- a/sshd.c
438+++ b/sshd.c 438+++ b/sshd.c
439@@ -734,7 +734,7 @@ 439@@ -736,7 +736,7 @@
440 RAND_seed(rnd, sizeof(rnd)); 440 RAND_seed(rnd, sizeof(rnd));
441 441
442 /* Drop privileges */ 442 /* Drop privileges */
diff --git a/debian/patches/series b/debian/patches/series
index f51fa2ce5..5ac0f32b1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -38,9 +38,6 @@ doc-hash-tab-completion.patch
38 38
39# Miscellaneous bug fixes 39# Miscellaneous bug fixes
40auth-log-verbosity.patch 40auth-log-verbosity.patch
41cross-pkg-config.patch
42configure-bashism.patch
43sandbox-fallback.patch
44 41
45# Debian-specific configuration 42# Debian-specific configuration
46gnome-ssh-askpass2-icon.patch 43gnome-ssh-askpass2-icon.patch
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch
index d60816d46..c13cb3412 100644
--- a/debian/patches/ssh-vulnkey.patch
+++ b/debian/patches/ssh-vulnkey.patch
@@ -130,7 +130,7 @@ Index: b/auth.c
130 #include "auth.h" 130 #include "auth.h"
131 #include "auth-options.h" 131 #include "auth-options.h"
132 #include "canohost.h" 132 #include "canohost.h"
133@@ -606,10 +607,34 @@ 133@@ -608,10 +609,34 @@
134 134
135 /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ 135 /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */
136 int 136 int
@@ -462,7 +462,7 @@ Index: b/servconf.c
462=================================================================== 462===================================================================
463--- a/servconf.c 463--- a/servconf.c
464+++ b/servconf.c 464+++ b/servconf.c
465@@ -104,6 +104,7 @@ 465@@ -107,6 +107,7 @@
466 options->password_authentication = -1; 466 options->password_authentication = -1;
467 options->kbd_interactive_authentication = -1; 467 options->kbd_interactive_authentication = -1;
468 options->challenge_response_authentication = -1; 468 options->challenge_response_authentication = -1;
@@ -470,7 +470,7 @@ Index: b/servconf.c
470 options->permit_empty_passwd = -1; 470 options->permit_empty_passwd = -1;
471 options->permit_user_env = -1; 471 options->permit_user_env = -1;
472 options->use_login = -1; 472 options->use_login = -1;
473@@ -242,6 +243,8 @@ 473@@ -246,6 +247,8 @@
474 options->kbd_interactive_authentication = 0; 474 options->kbd_interactive_authentication = 0;
475 if (options->challenge_response_authentication == -1) 475 if (options->challenge_response_authentication == -1)
476 options->challenge_response_authentication = 1; 476 options->challenge_response_authentication = 1;
@@ -479,7 +479,7 @@ Index: b/servconf.c
479 if (options->permit_empty_passwd == -1) 479 if (options->permit_empty_passwd == -1)
480 options->permit_empty_passwd = 0; 480 options->permit_empty_passwd = 0;
481 if (options->permit_user_env == -1) 481 if (options->permit_user_env == -1)
482@@ -318,7 +321,7 @@ 482@@ -323,7 +326,7 @@
483 sListenAddress, sAddressFamily, 483 sListenAddress, sAddressFamily,
484 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 484 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
485 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 485 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
@@ -488,7 +488,7 @@ Index: b/servconf.c
488 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, 488 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
489 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 489 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
490 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 490 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
491@@ -428,6 +431,7 @@ 491@@ -433,6 +436,7 @@
492 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, 492 { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
493 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, 493 { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
494 { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, 494 { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
@@ -496,7 +496,7 @@ Index: b/servconf.c
496 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, 496 { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
497 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, 497 { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
498 { "uselogin", sUseLogin, SSHCFG_GLOBAL }, 498 { "uselogin", sUseLogin, SSHCFG_GLOBAL },
499@@ -1047,6 +1051,10 @@ 499@@ -1116,6 +1120,10 @@
500 intptr = &options->tcp_keep_alive; 500 intptr = &options->tcp_keep_alive;
501 goto parse_flag; 501 goto parse_flag;
502 502
@@ -507,7 +507,7 @@ Index: b/servconf.c
507 case sEmptyPasswd: 507 case sEmptyPasswd:
508 intptr = &options->permit_empty_passwd; 508 intptr = &options->permit_empty_passwd;
509 goto parse_flag; 509 goto parse_flag;
510@@ -1773,6 +1781,7 @@ 510@@ -1921,6 +1929,7 @@
511 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); 511 dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
512 dump_cfg_fmtint(sStrictModes, o->strict_modes); 512 dump_cfg_fmtint(sStrictModes, o->strict_modes);
513 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); 513 dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
@@ -582,7 +582,7 @@ Index: b/ssh-keygen.1
582=================================================================== 582===================================================================
583--- a/ssh-keygen.1 583--- a/ssh-keygen.1
584+++ b/ssh-keygen.1 584+++ b/ssh-keygen.1
585@@ -679,6 +679,7 @@ 585@@ -691,6 +691,7 @@
586 .Xr ssh 1 , 586 .Xr ssh 1 ,
587 .Xr ssh-add 1 , 587 .Xr ssh-add 1 ,
588 .Xr ssh-agent 1 , 588 .Xr ssh-agent 1 ,
@@ -1245,7 +1245,7 @@ Index: b/ssh.c
1245=================================================================== 1245===================================================================
1246--- a/ssh.c 1246--- a/ssh.c
1247+++ b/ssh.c 1247+++ b/ssh.c
1248@@ -1492,7 +1492,7 @@ 1248@@ -1495,7 +1495,7 @@
1249 static void 1249 static void
1250 load_public_identity_files(void) 1250 load_public_identity_files(void)
1251 { 1251 {
@@ -1254,7 +1254,7 @@ Index: b/ssh.c
1254 char *pwdir = NULL, *pwname = NULL; 1254 char *pwdir = NULL, *pwname = NULL;
1255 int i = 0; 1255 int i = 0;
1256 Key *public; 1256 Key *public;
1257@@ -1549,6 +1549,22 @@ 1257@@ -1552,6 +1552,22 @@
1258 public = key_load_public(filename, NULL); 1258 public = key_load_public(filename, NULL);
1259 debug("identity file %s type %d", filename, 1259 debug("identity file %s type %d", filename,
1260 public ? public->type : -1); 1260 public ? public->type : -1);
@@ -1281,7 +1281,7 @@ Index: b/ssh_config.5
1281=================================================================== 1281===================================================================
1282--- a/ssh_config.5 1282--- a/ssh_config.5
1283+++ b/ssh_config.5 1283+++ b/ssh_config.5
1284@@ -1188,6 +1188,23 @@ 1284@@ -1187,6 +1187,23 @@
1285 .Dq any . 1285 .Dq any .
1286 The default is 1286 The default is
1287 .Dq any:any . 1287 .Dq any:any .
@@ -1331,7 +1331,7 @@ Index: b/sshd.8
1331=================================================================== 1331===================================================================
1332--- a/sshd.8 1332--- a/sshd.8
1333+++ b/sshd.8 1333+++ b/sshd.8
1334@@ -951,6 +951,7 @@ 1334@@ -953,6 +953,7 @@
1335 .Xr ssh-agent 1 , 1335 .Xr ssh-agent 1 ,
1336 .Xr ssh-keygen 1 , 1336 .Xr ssh-keygen 1 ,
1337 .Xr ssh-keyscan 1 , 1337 .Xr ssh-keyscan 1 ,
@@ -1343,7 +1343,7 @@ Index: b/sshd.c
1343=================================================================== 1343===================================================================
1344--- a/sshd.c 1344--- a/sshd.c
1345+++ b/sshd.c 1345+++ b/sshd.c
1346@@ -1602,6 +1602,11 @@ 1346@@ -1593,6 +1593,11 @@
1347 sensitive_data.host_keys[i] = NULL; 1347 sensitive_data.host_keys[i] = NULL;
1348 continue; 1348 continue;
1349 } 1349 }
@@ -1359,7 +1359,7 @@ Index: b/sshd_config.5
1359=================================================================== 1359===================================================================
1360--- a/sshd_config.5 1360--- a/sshd_config.5
1361+++ b/sshd_config.5 1361+++ b/sshd_config.5
1362@@ -795,6 +795,20 @@ 1362@@ -803,6 +803,20 @@
1363 Specifies whether password authentication is allowed. 1363 Specifies whether password authentication is allowed.
1364 The default is 1364 The default is
1365 .Dq yes . 1365 .Dq yes .
diff --git a/debian/patches/ssh1-keepalive.patch b/debian/patches/ssh1-keepalive.patch
index 2acf9704f..b71ff9df9 100644
--- a/debian/patches/ssh1-keepalive.patch
+++ b/debian/patches/ssh1-keepalive.patch
@@ -38,7 +38,7 @@ Index: b/clientloop.c
38 } 38 }
39 39
40 /* 40 /*
41@@ -634,7 +639,7 @@ 41@@ -636,7 +641,7 @@
42 */ 42 */
43 43
44 timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ 44 timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */
@@ -51,7 +51,7 @@ Index: b/ssh_config.5
51=================================================================== 51===================================================================
52--- a/ssh_config.5 52--- a/ssh_config.5
53+++ b/ssh_config.5 53+++ b/ssh_config.5
54@@ -1089,7 +1089,10 @@ 54@@ -1088,7 +1088,10 @@
55 .Cm ServerAliveCountMax 55 .Cm ServerAliveCountMax
56 is left at the default, if the server becomes unresponsive, 56 is left at the default, if the server becomes unresponsive,
57 ssh will disconnect after approximately 45 seconds. 57 ssh will disconnect after approximately 45 seconds.
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
index 07e2974aa..3dfc89027 100644
--- a/debian/patches/syslog-level-silent.patch
+++ b/debian/patches/syslog-level-silent.patch
@@ -26,7 +26,7 @@ Index: b/ssh.c
26=================================================================== 26===================================================================
27--- a/ssh.c 27--- a/ssh.c
28+++ b/ssh.c 28+++ b/ssh.c
29@@ -680,7 +680,7 @@ 29@@ -714,7 +714,7 @@
30 /* Do not allocate a tty if stdin is not a tty. */ 30 /* Do not allocate a tty if stdin is not a tty. */
31 if ((!isatty(fileno(stdin)) || stdin_null_flag) && 31 if ((!isatty(fileno(stdin)) || stdin_null_flag) &&
32 options.request_tty != REQUEST_TTY_FORCE) { 32 options.request_tty != REQUEST_TTY_FORCE) {
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 8e4ee3eb1..1368ccb3c 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -51,7 +51,7 @@ Index: b/ssh_config.5
51=================================================================== 51===================================================================
52--- a/ssh_config.5 52--- a/ssh_config.5
53+++ b/ssh_config.5 53+++ b/ssh_config.5
54@@ -1343,6 +1343,8 @@ 54@@ -1342,6 +1342,8 @@
55 This file is used by the SSH client. 55 This file is used by the SSH client.
56 Because of the potential for abuse, this file must have strict permissions: 56 Because of the potential for abuse, this file must have strict permissions:
57 read/write for the user, and not accessible by others. 57 read/write for the user, and not accessible by others.
@@ -64,7 +64,7 @@ Index: b/auth.c
64=================================================================== 64===================================================================
65--- a/auth.c 65--- a/auth.c
66+++ b/auth.c 66+++ b/auth.c
67@@ -380,8 +380,7 @@ 67@@ -381,8 +381,7 @@
68 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); 68 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
69 if (options.strict_modes && 69 if (options.strict_modes &&
70 (stat(user_hostfile, &st) == 0) && 70 (stat(user_hostfile, &st) == 0) &&
@@ -74,7 +74,7 @@ Index: b/auth.c
74 logit("Authentication refused for %.100s: " 74 logit("Authentication refused for %.100s: "
75 "bad owner or modes for %.200s", 75 "bad owner or modes for %.200s",
76 pw->pw_name, user_hostfile); 76 pw->pw_name, user_hostfile);
77@@ -442,8 +441,7 @@ 77@@ -443,8 +442,7 @@
78 78
79 /* check the open file to avoid races */ 79 /* check the open file to avoid races */
80 if (fstat(fileno(f), &st) < 0 || 80 if (fstat(fileno(f), &st) < 0 ||
@@ -84,7 +84,7 @@ Index: b/auth.c
84 snprintf(err, errlen, "bad ownership or modes for file %s", 84 snprintf(err, errlen, "bad ownership or modes for file %s",
85 buf); 85 buf);
86 return -1; 86 return -1;
87@@ -458,8 +456,7 @@ 87@@ -459,8 +457,7 @@
88 strlcpy(buf, cp, sizeof(buf)); 88 strlcpy(buf, cp, sizeof(buf));
89 89
90 if (stat(buf, &st) < 0 || 90 if (stat(buf, &st) < 0 ||