From a93c98bb95d9b2fecfaec7c6347c57bf90e51c31 Mon Sep 17 00:00:00 2001 From: Gustavo Zacarias Date: Sun, 2 Feb 2014 23:01:28 -0300 Subject: [PATCH] openssh: bump to version 6.5p1 Convert the ever growing drop-SUSv3-legacy patch to a sed expression. Modify the initscript to create ed25519 server key. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard --- package/openssh/S50sshd | 9 +- .../openssh-01-drop-SUSv3-legacy.patch | 579 ------------------ ...sh-01-fix-pam-uclibc-pthreads-clash.patch} | 0 package/openssh/openssh.mk | 12 +- 4 files changed, 18 insertions(+), 582 deletions(-) delete mode 100644 package/openssh/openssh-01-drop-SUSv3-legacy.patch rename package/openssh/{openssh-02-fix-pam-uclibc-pthreads-clash.patch => openssh-01-fix-pam-uclibc-pthreads-clash.patch} (100%) diff --git a/package/openssh/S50sshd b/package/openssh/S50sshd index b65b3c8a70..d3abf7c8ea 100644 --- a/package/openssh/S50sshd +++ b/package/openssh/S50sshd @@ -21,7 +21,6 @@ fi # Check for the SSH2 DSA key if [ ! -f /etc/ssh_host_dsa_key ] ; then echo Generating DSA Key... - echo THIS CAN TAKE A MINUTE OR TWO DEPENDING ON YOUR PROCESSOR! echo /usr/bin/ssh-keygen -t dsa -f /etc/ssh_host_dsa_key -C '' -N '' fi @@ -29,11 +28,17 @@ fi # Check for the SSH2 ECDSA key if [ ! -f /etc/ssh_host_ecdsa_key ]; then echo Generating ECDSA Key... - echo THIS CAN TAKE A MINUTE OR TWO DEPENDING ON YOUR PROCESSOR! echo /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh_host_ecdsa_key -C '' -N '' fi +# Check for the ed25519 key +if [ ! -f /etc/ssh_host_ed25519_key ]; then + echo Generating ed25519 Key... + echo + /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh_host_ed25519_key -C '' -N '' +fi + umask 077 start() { diff --git a/package/openssh/openssh-01-drop-SUSv3-legacy.patch b/package/openssh/openssh-01-drop-SUSv3-legacy.patch deleted file mode 100644 index 39a63e4c56..0000000000 --- a/package/openssh/openssh-01-drop-SUSv3-legacy.patch +++ /dev/null @@ -1,579 +0,0 @@ -Switch usage of SUSv3-deprecated bzero(a,b) to memset(a, 0, b). - -Signed-off-by: Gustavo Zacarias - -diff -Nura openssh-6.3p1.orig/auth2-chall.c openssh-6.3p1/auth2-chall.c ---- openssh-6.3p1.orig/auth2-chall.c 2013-06-01 18:31:18.000000000 -0300 -+++ openssh-6.3p1/auth2-chall.c 2013-10-22 09:47:38.665516102 -0300 -@@ -148,7 +148,7 @@ - if (kbdintctxt->device) - kbdint_reset_device(kbdintctxt); - free(kbdintctxt->devices); -- bzero(kbdintctxt, sizeof(*kbdintctxt)); -+ memset(kbdintctxt, 0, sizeof(*kbdintctxt)); - free(kbdintctxt); - } - /* get next device */ -diff -Nura openssh-6.3p1.orig/auth2-jpake.c openssh-6.3p1/auth2-jpake.c ---- openssh-6.3p1.orig/auth2-jpake.c 2013-06-01 18:31:18.000000000 -0300 -+++ openssh-6.3p1/auth2-jpake.c 2013-10-22 09:43:32.504472356 -0300 -@@ -178,7 +178,7 @@ - fatal("%s: not enough bytes for rawsalt (want %u have %u)", - __func__, len, digest_len); - memcpy(rawsalt, digest, len); -- bzero(digest, digest_len); -+ memset(digest, 0, digest_len); - free(digest); - } - -@@ -203,10 +203,10 @@ - fatal("%s: want %u", __func__, want); - - derive_rawsalt(user, rawsalt, sizeof(rawsalt)); -- bzero(ret, sizeof(ret)); -+ memset(ret, 0, sizeof(ret)); - for (i = 0; i < want; i++) - ret[i] = pw_encode64(rawsalt[i]); -- bzero(rawsalt, sizeof(rawsalt)); -+ memset(rawsalt, 0, sizeof(rawsalt)); - - return ret; - } -@@ -360,7 +360,7 @@ - debug3("%s: scheme = %s", __func__, *hash_scheme); - JPAKE_DEBUG_BN((*s, "%s: s = ", __func__)); - #endif -- bzero(secret, secret_len); -+ memset(secret, 0, secret_len); - free(secret); - } - -@@ -401,12 +401,12 @@ - packet_send(); - packet_write_wait(); - -- bzero(hash_scheme, strlen(hash_scheme)); -- bzero(salt, strlen(salt)); -+ memset(hash_scheme, 0, strlen(hash_scheme)); -+ memset(salt, 0, strlen(salt)); - free(hash_scheme); - free(salt); -- bzero(x3_proof, x3_proof_len); -- bzero(x4_proof, x4_proof_len); -+ memset(x3_proof, 0, x3_proof_len); -+ memset(x4_proof, 0, x4_proof_len); - free(x3_proof); - free(x4_proof); - -@@ -453,8 +453,8 @@ - &pctx->b, - &x4_s_proof, &x4_s_proof_len)); - -- bzero(x1_proof, x1_proof_len); -- bzero(x2_proof, x2_proof_len); -+ memset(x1_proof, 0, x1_proof_len); -+ memset(x2_proof, 0, x2_proof_len); - free(x1_proof); - free(x2_proof); - -@@ -468,7 +468,7 @@ - packet_send(); - packet_write_wait(); - -- bzero(x4_s_proof, x4_s_proof_len); -+ memset(x4_s_proof, 0, x4_s_proof_len); - free(x4_s_proof); - - /* Expect step 2 packet from peer */ -@@ -509,7 +509,7 @@ - &pctx->k, - &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len)); - -- bzero(x2_s_proof, x2_s_proof_len); -+ memset(x2_s_proof, 0, x2_s_proof_len); - free(x2_s_proof); - - if (!use_privsep) -diff -Nura openssh-6.3p1.orig/authfd.c openssh-6.3p1/authfd.c ---- openssh-6.3p1.orig/authfd.c 2013-06-01 18:31:18.000000000 -0300 -+++ openssh-6.3p1/authfd.c 2013-10-22 09:47:48.208827946 -0300 -@@ -102,7 +102,7 @@ - if (!authsocket) - return -1; - -- bzero(&sunaddr, sizeof(sunaddr)); -+ memset(&sunaddr, 0, sizeof(sunaddr)); - sunaddr.sun_family = AF_UNIX; - strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); - -diff -Nura openssh-6.3p1.orig/authfile.c openssh-6.3p1/authfile.c ---- openssh-6.3p1.orig/authfile.c 2013-06-01 18:31:18.000000000 -0300 -+++ openssh-6.3p1/authfile.c 2013-10-22 09:47:08.538531649 -0300 -@@ -349,17 +349,17 @@ - __func__, filename == NULL ? "" : filename, - filename == NULL ? "" : " ", strerror(errno)); - buffer_clear(blob); -- bzero(buf, sizeof(buf)); -+ memset(buf, 0, sizeof(buf)); - return 0; - } - buffer_append(blob, buf, len); - if (buffer_len(blob) > MAX_KEY_FILE_SIZE) { - buffer_clear(blob); -- bzero(buf, sizeof(buf)); -+ memset(buf, 0, sizeof(buf)); - goto toobig; - } - } -- bzero(buf, sizeof(buf)); -+ memset(buf, 0, sizeof(buf)); - if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && - st.st_size != buffer_len(blob)) { - debug("%s: key file %.200s%schanged size while reading", -diff -Nura openssh-6.3p1.orig/bufaux.c openssh-6.3p1/bufaux.c ---- openssh-6.3p1.orig/bufaux.c 2013-07-18 03:12:44.000000000 -0300 -+++ openssh-6.3p1/bufaux.c 2013-10-22 09:47:56.220089728 -0300 -@@ -215,7 +215,7 @@ - if (cp == ret + length - 1) - error("buffer_get_cstring_ret: string contains \\0"); - else { -- bzero(ret, length); -+ memset(ret, 0, length); - free(ret); - return NULL; - } -diff -Nura openssh-6.3p1.orig/bufec.c openssh-6.3p1/bufec.c ---- openssh-6.3p1.orig/bufec.c 2013-06-01 18:31:18.000000000 -0300 -+++ openssh-6.3p1/bufec.c 2013-10-22 09:48:07.798468072 -0300 -@@ -77,7 +77,7 @@ - ret = 0; - out: - if (buf != NULL) { -- bzero(buf, len); -+ memset(buf, 0, len); - free(buf); - } - BN_CTX_free(bnctx); -@@ -130,7 +130,7 @@ - ret = 0; - out: - BN_CTX_free(bnctx); -- bzero(buf, len); -+ memset(buf, 0, len); - free(buf); - return ret; - } -diff -Nura openssh-6.3p1.orig/canohost.c openssh-6.3p1/canohost.c ---- openssh-6.3p1.orig/canohost.c 2013-06-01 18:31:18.000000000 -0300 -+++ openssh-6.3p1/canohost.c 2013-10-22 09:48:16.484751912 -0300 -@@ -199,7 +199,7 @@ - memcpy(&inaddr, ((char *)&a6->sin6_addr) + 12, sizeof(inaddr)); - port = a6->sin6_port; - -- bzero(a4, sizeof(*a4)); -+ memset(a4, 0, sizeof(*a4)); - - a4->sin_family = AF_INET; - *len = sizeof(*a4); -diff -Nura openssh-6.3p1.orig/channels.c openssh-6.3p1/channels.c ---- openssh-6.3p1.orig/channels.c 2013-09-13 03:19:31.000000000 -0300 -+++ openssh-6.3p1/channels.c 2013-10-22 09:50:37.059773902 -0300 -@@ -423,7 +423,7 @@ - if (cc->abandon_cb != NULL) - cc->abandon_cb(c, cc->ctx); - TAILQ_REMOVE(&c->status_confirms, cc, entry); -- bzero(cc, sizeof(*cc)); -+ memset(cc, 0, sizeof(*cc)); - free(cc); - } - if (c->filter_cleanup != NULL && c->filter_ctx != NULL) -@@ -2668,7 +2668,7 @@ - return; - cc->cb(type, c, cc->ctx); - TAILQ_REMOVE(&c->status_confirms, cc, entry); -- bzero(cc, sizeof(*cc)); -+ memset(cc, 0, sizeof(*cc)); - free(cc); - } - -@@ -3289,7 +3289,7 @@ - free(cctx->host); - if (cctx->aitop) - freeaddrinfo(cctx->aitop); -- bzero(cctx, sizeof(*cctx)); -+ memset(cctx, 0, sizeof(*cctx)); - cctx->host = NULL; - cctx->ai = cctx->aitop = NULL; - } -diff -Nura openssh-6.3p1.orig/clientloop.c openssh-6.3p1/clientloop.c ---- openssh-6.3p1.orig/clientloop.c 2013-06-10 00:07:12.000000000 -0300 -+++ openssh-6.3p1/clientloop.c 2013-10-22 09:50:20.361228247 -0300 -@@ -549,7 +549,7 @@ - gc->cb(type, seq, gc->ctx); - if (--gc->ref_count <= 0) { - TAILQ_REMOVE(&global_confirms, gc, entry); -- bzero(gc, sizeof(*gc)); -+ memset(gc, 0, sizeof(*gc)); - free(gc); - } - -@@ -876,7 +876,7 @@ - int cancel_port, ok; - Forward fwd; - -- bzero(&fwd, sizeof(fwd)); -+ memset(&fwd, 0, sizeof(fwd)); - fwd.listen_host = fwd.connect_host = NULL; - - leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); -diff -Nura openssh-6.3p1.orig/hostfile.c openssh-6.3p1/hostfile.c ---- openssh-6.3p1.orig/hostfile.c 2013-07-18 03:12:45.000000000 -0300 -+++ openssh-6.3p1/hostfile.c 2013-10-22 09:50:06.438773307 -0300 -@@ -333,10 +333,10 @@ - free(hostkeys->entries[i].host); - free(hostkeys->entries[i].file); - key_free(hostkeys->entries[i].key); -- bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); -+ memset(hostkeys->entries + i, 0, sizeof(*hostkeys->entries)); - } - free(hostkeys->entries); -- bzero(hostkeys, sizeof(*hostkeys)); -+ memset(hostkeys, 0, sizeof(*hostkeys)); - free(hostkeys); - } - -diff -Nura openssh-6.3p1.orig/jpake.c openssh-6.3p1/jpake.c ---- openssh-6.3p1.orig/jpake.c 2013-06-01 18:31:18.000000000 -0300 -+++ openssh-6.3p1/jpake.c 2013-10-22 09:49:54.371378983 -0300 -@@ -105,7 +105,7 @@ - #define JPAKE_BUF_CLEAR_FREE(v, l) \ - do { \ - if ((v) != NULL) { \ -- bzero((v), (l)); \ -+ memset((v), 0, (l)); \ - free(v); \ - (v) = NULL; \ - (l) = 0; \ -@@ -133,7 +133,7 @@ - #undef JPAKE_BN_CLEAR_FREE - #undef JPAKE_BUF_CLEAR_FREE - -- bzero(pctx, sizeof(*pctx)); -+ memset(pctx, 0, sizeof(*pctx)); - free(pctx); - } - -@@ -444,7 +444,7 @@ - else if (timingsafe_bcmp(peer_confirm_hash, expected_confirm_hash, - expected_confirm_hash_len) == 0) - success = 1; -- bzero(expected_confirm_hash, expected_confirm_hash_len); -+ memset(expected_confirm_hash, 0, expected_confirm_hash_len); - free(expected_confirm_hash); - debug3("%s: success = %d", __func__, success); - return success; -diff -Nura openssh-6.3p1.orig/krl.c openssh-6.3p1/krl.c ---- openssh-6.3p1.orig/krl.c 2013-07-24 22:52:49.000000000 -0300 -+++ openssh-6.3p1/krl.c 2013-10-22 09:49:27.731508478 -0300 -@@ -238,7 +238,7 @@ - struct revoked_serial rs, *ers, *crs, *irs; - - KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi)); -- bzero(&rs, sizeof(rs)); -+ memset(&rs, 0, sizeof(rs)); - rs.lo = lo; - rs.hi = hi; - ers = RB_NFIND(revoked_serial_tree, rt, &rs); -@@ -1115,7 +1115,7 @@ - struct revoked_certs *rc; - - /* Check explicitly revoked hashes first */ -- bzero(&rb, sizeof(rb)); -+ memset(&rb, 0, sizeof(rb)); - if ((rb.blob = key_fingerprint_raw(key, SSH_FP_SHA1, &rb.len)) == NULL) - return -1; - erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb); -@@ -1126,7 +1126,7 @@ - } - - /* Next, explicit keys */ -- bzero(&rb, sizeof(rb)); -+ memset(&rb, 0, sizeof(rb)); - if (plain_key_blob(key, &rb.blob, &rb.len) != 0) - return -1; - erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); -@@ -1147,7 +1147,7 @@ - return 0; /* No entry for this CA */ - - /* Check revocation by cert key ID */ -- bzero(&rki, sizeof(rki)); -+ memset(&rki, 0, sizeof(rki)); - rki.key_id = key->cert->key_id; - erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki); - if (erki != NULL) { -@@ -1162,7 +1162,7 @@ - if (key_cert_is_legacy(key) || key->cert->serial == 0) - return 0; - -- bzero(&rs, sizeof(rs)); -+ memset(&rs, 0, sizeof(rs)); - rs.lo = rs.hi = key->cert->serial; - ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs); - if (ers != NULL) { -diff -Nura openssh-6.3p1.orig/monitor.c openssh-6.3p1/monitor.c ---- openssh-6.3p1.orig/monitor.c 2013-07-20 00:21:53.000000000 -0300 -+++ openssh-6.3p1/monitor.c 2013-10-22 09:46:48.592879890 -0300 -@@ -566,7 +566,7 @@ - struct pollfd pfd[2]; - - for (;;) { -- bzero(&pfd, sizeof(pfd)); -+ memset(&pfd, 0, sizeof(pfd)); - pfd[0].fd = pmonitor->m_sendfd; - pfd[0].events = POLLIN; - pfd[1].fd = pmonitor->m_log_recvfd; -@@ -2193,8 +2193,8 @@ - debug3("%s: sending step1", __func__); - mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m); - -- bzero(x3_proof, x3_proof_len); -- bzero(x4_proof, x4_proof_len); -+ memset(x3_proof, 0, x3_proof_len); -+ memset(x4_proof, 0, x4_proof_len); - free(x3_proof); - free(x4_proof); - -@@ -2223,8 +2223,8 @@ - debug3("%s: sending pwdata", __func__); - mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m); - -- bzero(hash_scheme, strlen(hash_scheme)); -- bzero(salt, strlen(salt)); -+ memset(hash_scheme, 0, strlen(hash_scheme)); -+ memset(salt, 0, strlen(salt)); - free(hash_scheme); - free(salt); - -@@ -2263,8 +2263,8 @@ - - JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__)); - -- bzero(x1_proof, x1_proof_len); -- bzero(x2_proof, x2_proof_len); -+ memset(x1_proof, 0, x1_proof_len); -+ memset(x2_proof, 0, x2_proof_len); - free(x1_proof); - free(x2_proof); - -@@ -2276,7 +2276,7 @@ - debug3("%s: sending step2", __func__); - mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); - -- bzero(x4_s_proof, x4_s_proof_len); -+ memset(x4_s_proof, 0, x4_s_proof_len); - free(x4_s_proof); - - monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); -@@ -2310,7 +2310,7 @@ - - JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__)); - -- bzero(x2_s_proof, x2_s_proof_len); -+ memset(x2_s_proof, 0, x2_s_proof_len); - buffer_clear(m); - - /* pctx->k is sensitive, not sent */ -@@ -2344,7 +2344,7 @@ - - JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); - -- bzero(peer_confirm_hash, peer_confirm_hash_len); -+ memset(peer_confirm_hash, 0, peer_confirm_hash_len); - free(peer_confirm_hash); - - buffer_clear(m); -diff -Nura openssh-6.3p1.orig/sandbox-systrace.c openssh-6.3p1/sandbox-systrace.c ---- openssh-6.3p1.orig/sandbox-systrace.c 2013-06-01 18:46:17.000000000 -0300 -+++ openssh-6.3p1/sandbox-systrace.c 2013-10-22 09:49:02.048669246 -0300 -@@ -141,7 +141,7 @@ - box->systrace_fd, child_pid, strerror(errno)); - - /* Allocate and assign policy */ -- bzero(&policy, sizeof(policy)); -+ memset(&policy, 0, sizeof(policy)); - policy.strp_op = SYSTR_POLICY_NEW; - policy.strp_maxents = SYS_MAXSYSCALL; - if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1) -diff -Nura openssh-6.3p1.orig/schnorr.c openssh-6.3p1/schnorr.c ---- openssh-6.3p1.orig/schnorr.c 2013-06-01 18:31:19.000000000 -0300 -+++ openssh-6.3p1/schnorr.c 2013-10-22 09:47:27.631155534 -0300 -@@ -101,7 +101,7 @@ - SCHNORR_DEBUG_BN((h, "%s: h = ", __func__)); - out: - buffer_free(&b); -- bzero(digest, digest_len); -+ memset(digest, 0, digest_len); - free(digest); - digest_len = 0; - if (success == 0) -@@ -477,7 +477,7 @@ - success = 0; - out: - EVP_MD_CTX_cleanup(&evp_md_ctx); -- bzero(digest, sizeof(digest)); -+ memset(digest, 0, sizeof(digest)); - digest_len = 0; - return success; - } -@@ -572,7 +572,7 @@ - BN_clear_free(grp->p); - if (grp->q != NULL) - BN_clear_free(grp->q); -- bzero(grp, sizeof(*grp)); -+ memset(grp, 0, sizeof(*grp)); - free(grp); - } - -diff -Nura openssh-6.3p1.orig/session.c openssh-6.3p1/session.c ---- openssh-6.3p1.orig/session.c 2013-07-20 00:21:53.000000000 -0300 -+++ openssh-6.3p1/session.c 2013-10-22 09:49:35.085748791 -0300 -@@ -1861,7 +1861,7 @@ - fatal("%s: insane session id %d (max %d nalloc %d)", - __func__, id, options.max_sessions, sessions_nalloc); - } -- bzero(&sessions[id], sizeof(*sessions)); -+ memset(&sessions[id], 0, sizeof(*sessions)); - sessions[id].self = id; - sessions[id].used = 0; - sessions[id].chanid = -1; -diff -Nura openssh-6.3p1.orig/sftp-client.c openssh-6.3p1/sftp-client.c ---- openssh-6.3p1.orig/sftp-client.c 2013-07-25 19:40:00.000000000 -0300 -+++ openssh-6.3p1/sftp-client.c 2013-10-22 09:48:47.139753618 -0300 -@@ -308,7 +308,7 @@ - SSH2_FXP_EXTENDED_REPLY, type); - } - -- bzero(st, sizeof(*st)); -+ memset(st, 0, sizeof(*st)); - st->f_bsize = buffer_get_int64(&msg); - st->f_frsize = buffer_get_int64(&msg); - st->f_blocks = buffer_get_int64(&msg); -diff -Nura openssh-6.3p1.orig/ssh.c openssh-6.3p1/ssh.c ---- openssh-6.3p1.orig/ssh.c 2013-07-24 22:55:53.000000000 -0300 -+++ openssh-6.3p1/ssh.c 2013-10-22 09:45:52.967062218 -0300 -@@ -1539,8 +1539,8 @@ - #endif /* PKCS11 */ - - n_ids = 0; -- bzero(identity_files, sizeof(identity_files)); -- bzero(identity_keys, sizeof(identity_keys)); -+ memset(identity_files, 0, sizeof(identity_files)); -+ memset(identity_keys, 0, sizeof(identity_keys)); - - #ifdef ENABLE_PKCS11 - if (options.pkcs11_provider != NULL && -@@ -1615,9 +1615,9 @@ - memcpy(options.identity_files, identity_files, sizeof(identity_files)); - memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); - -- bzero(pwname, strlen(pwname)); -+ memset(pwname, 0, strlen(pwname)); - free(pwname); -- bzero(pwdir, strlen(pwdir)); -+ memset(pwdir, 0, strlen(pwdir)); - free(pwdir); - } - -diff -Nura openssh-6.3p1.orig/sshconnect2.c openssh-6.3p1/sshconnect2.c ---- openssh-6.3p1.orig/sshconnect2.c 2013-06-05 19:22:05.000000000 -0300 -+++ openssh-6.3p1/sshconnect2.c 2013-10-22 09:44:58.967297681 -0300 -@@ -1008,14 +1008,14 @@ - &secret, &secret_len) != 0) - fatal("%s: hash_buffer", __func__); - -- bzero(password, strlen(password)); -- bzero(crypted, strlen(crypted)); -+ memset(password, 0, strlen(password)); -+ memset(crypted, 0, strlen(crypted)); - free(password); - free(crypted); - - if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL) - fatal("%s: BN_bin2bn (secret)", __func__); -- bzero(secret, secret_len); -+ memset(secret, 0, secret_len); - free(secret); - - return ret; -@@ -1052,8 +1052,8 @@ - - /* Obtain password and derive secret */ - pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt); -- bzero(crypt_scheme, strlen(crypt_scheme)); -- bzero(salt, strlen(salt)); -+ memset(crypt_scheme, 0, strlen(crypt_scheme)); -+ memset(salt, 0, strlen(salt)); - free(crypt_scheme); - free(salt); - JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__)); -@@ -1068,8 +1068,8 @@ - &pctx->a, - &x2_s_proof, &x2_s_proof_len); - -- bzero(x3_proof, x3_proof_len); -- bzero(x4_proof, x4_proof_len); -+ memset(x3_proof, 0, x3_proof_len); -+ memset(x4_proof, 0, x4_proof_len); - free(x3_proof); - free(x4_proof); - -@@ -1081,7 +1081,7 @@ - packet_put_string(x2_s_proof, x2_s_proof_len); - packet_send(); - -- bzero(x2_s_proof, x2_s_proof_len); -+ memset(x2_s_proof, 0, x2_s_proof_len); - free(x2_s_proof); - - /* Expect step 2 packet from peer */ -@@ -1121,7 +1121,7 @@ - &pctx->k, - &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len); - -- bzero(x4_s_proof, x4_s_proof_len); -+ memset(x4_s_proof, 0, x4_s_proof_len); - free(x4_s_proof); - - JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); -@@ -1406,7 +1406,7 @@ - /* If IdentitiesOnly set and key not found then don't use it */ - if (!found && options.identities_only) { - TAILQ_REMOVE(&files, id, next); -- bzero(id, sizeof(*id)); -+ memset(id, 0, sizeof(*id)); - free(id); - } - } -@@ -1814,8 +1814,8 @@ - packet_put_string(x2_proof, x2_proof_len); - packet_send(); - -- bzero(x1_proof, x1_proof_len); -- bzero(x2_proof, x2_proof_len); -+ memset(x1_proof, 0, x1_proof_len); -+ memset(x2_proof, 0, x2_proof_len); - free(x1_proof); - free(x2_proof); - -diff -Nura openssh-6.3p1.orig/ssh-keygen.c openssh-6.3p1/ssh-keygen.c ---- openssh-6.3p1.orig/ssh-keygen.c 2013-07-20 00:22:32.000000000 -0300 -+++ openssh-6.3p1/ssh-keygen.c 2013-10-22 09:45:10.003658313 -0300 -@@ -1693,7 +1693,7 @@ - fatal("Invalid certificate time format %s", s); - } - -- bzero(&tm, sizeof(tm)); -+ memset(&tm, 0, sizeof(tm)); - if (strptime(buf, fmt, &tm) == NULL) - fatal("Invalid certificate time %s", s); - if ((tt = mktime(&tm)) < 0) diff --git a/package/openssh/openssh-02-fix-pam-uclibc-pthreads-clash.patch b/package/openssh/openssh-01-fix-pam-uclibc-pthreads-clash.patch similarity index 100% rename from package/openssh/openssh-02-fix-pam-uclibc-pthreads-clash.patch rename to package/openssh/openssh-01-fix-pam-uclibc-pthreads-clash.patch diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk index 60b65af331..f5f334ed0c 100644 --- a/package/openssh/openssh.mk +++ b/package/openssh/openssh.mk @@ -4,7 +4,7 @@ # ################################################################################ -OPENSSH_VERSION = 6.4p1 +OPENSSH_VERSION = 6.5p1 OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable OPENSSH_CONF_ENV = LD="$(TARGET_CC)" LDFLAGS="$(TARGET_CFLAGS)" OPENSSH_CONF_OPT = --disable-lastlog --disable-utmp \ @@ -30,4 +30,14 @@ define OPENSSH_INSTALL_INIT_SYSV $(TARGET_DIR)/etc/init.d/S50sshd endef +# Replace deprecated bcopy/bzero with memset/memcpy +define OPENSSH_REPLACE_SUSV3_DEPRECATED + for src in `find $(@D) -name \*.c`; do \ + $(SED) "s/bzero(\(.*,\)/memset(\1 0, /" $${src} ;\ + $(SED) "s/bcopy(\(.*,\) \(.*,\)/memcpy(\2 \1/" $${src} ;\ + done +endef + +OPENSSH_POST_PATCH_HOOKS += OPENSSH_REPLACE_SUSV3_DEPRECATED + $(eval $(autotools-package)) -- 2.30.2