From 2addaea288d644bcaf38873ea853892449d758e5 Mon Sep 17 00:00:00 2001 From: Juergen Daubert Date: Sun, 21 Apr 2019 13:35:50 +0200 Subject: [PATCH] openssh: update to 8.0p1 --- openssh/.signature | 7 +++---- openssh/CVE-2018-20685.patch | 33 --------------------------------- openssh/Pkgfile | 8 +++----- 3 files changed, 6 insertions(+), 42 deletions(-) delete mode 100644 openssh/CVE-2018-20685.patch diff --git a/openssh/.signature b/openssh/.signature index 412f28da..d116c19a 100644 --- a/openssh/.signature +++ b/openssh/.signature @@ -1,7 +1,6 @@ untrusted comment: verify with /etc/ports/core.pub -RWRJc1FUaeVeqh/5l9mXUVHkgalsQ5Cwa+YDc8w3lOCkjVbtP23XeCFrVEqpARDrlYWRfYlCt93PAg31KIVzAaImIHnpfYVoQwQ= -SHA256 (Pkgfile) = 7dabfc94184cee52c6dacf3138b06dac42fbcdf176abb26e261989bdbe35cdd7 +RWRJc1FUaeVeqhoK8um94GkK0m0c6B9XGv40UViwvAoG8w53AtBtpyd3afkAH5YRs35UE7BQGnG2dH1cv4SmJrqPHiz0Y24IdwI= +SHA256 (Pkgfile) = 8d4780845d19d2539fdca5aa14405b38bed0f6c86a2619fe01f5bf0ec6a71feb SHA256 (.footprint) = 49ebea9770f893cbe403018d12a23303ae4652d2af3f1128b25c23df27282324 -SHA256 (openssh-7.9p1.tar.gz) = 6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad +SHA256 (openssh-8.0p1.tar.gz) = bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68 SHA256 (sshd) = 59cb8cff9890e9f5c617c5bd4e5a15e5e4bcc4bf35eb73a80322825db60bbfd4 -SHA256 (CVE-2018-20685.patch) = 310347b0173cd97c996a63f703040be07d87ea1a5f4cbe81a3cbdf409b36f7e2 diff --git a/openssh/CVE-2018-20685.patch b/openssh/CVE-2018-20685.patch deleted file mode 100644 index f2f1ecfc..00000000 --- a/openssh/CVE-2018-20685.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" -Date: Fri, 16 Nov 2018 03:03:10 +0000 -Subject: [PATCH] upstream: disallow empty incoming filename or ones that refer - to the - -current directory; based on report/patch from Harry Sintonen - -OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9 ---- - scp.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/scp.c b/scp.c -index 60682c687..4f3fdcd3d 100644 ---- a/scp.c -+++ b/scp.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */ -+/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */ - /* - * scp - secure remote copy. This is basically patched BSD rcp which - * uses ssh to do the data transfer (instead of using rcmd). -@@ -1106,7 +1106,8 @@ sink(int argc, char **argv) - SCREWUP("size out of range"); - size = (off_t)ull; - -- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { -+ if (*cp == '\0' || strchr(cp, '/') != NULL || -+ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { - run_err("error: unexpected filename: %s", cp); - exit(1); - } diff --git a/openssh/Pkgfile b/openssh/Pkgfile index 8805c6b8..09fac2ea 100644 --- a/openssh/Pkgfile +++ b/openssh/Pkgfile @@ -4,16 +4,14 @@ # Depends on: openssl zlib name=openssh -version=7.9p1 -release=2 +version=8.0p1 +release=1 source=(http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$name-$version.tar.gz - sshd CVE-2018-20685.patch) + sshd) build() { cd $name-$version - patch -p1 -i $SRC/CVE-2018-20685.patch - ./configure --prefix=/usr \ --libexecdir=/usr/lib/ssh \ --sysconfdir=/etc/ssh \