Android: Updated bundled ssh from 6.1p1 to 6.4p1.

Tested it builds, but have not run it yet.
2015-05-01 15:33:29 -04:00 · 2015-05-01 15:33:29 -04:00 · 27836a2af9
commit 27836a2af9
parent e2ea7349a7
4 changed files with 61 additions and 65 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -26,6 +26,7 @@ git-annex (5.20150421) UNRELEASED; urgency=medium
    files specified after that on the command line, and only error out at
    the end.
  * assistant: Added --autostop to complement --autostart.
  * Android: Updated bundled ssh from 6.1p1 to 6.4p1.
 -- Joey Hess <id@joeyh.name>  Tue, 21 Apr 2015 15:54:10 -0400
--- a/doc/bugs/android_ed25519_algorithm/comment_1_64bc9b8b7de6084a837f8b17269447b7._comment
+++ b/doc/bugs/android_ed25519_algorithm/comment_1_64bc9b8b7de6084a837f8b17269447b7._comment
@ -0,0 +1,12 @@
 [[!comment format=mdwn
 username="joey"
 subject="""comment 1"""
 date="2015-05-01T19:24:18Z"
 content="""
 git-annex for android bundles ssh from
 git://github.com/CyanogenMod/android_external_openssh.git
 That has not yet been updated to a new enough ssh version to have this
 feature. Will have to wait for it to be updated, or if I learn of a newer
 port of ssh to android someplace I could change to it.
 """]]
--- a/standalone/android/openssh.config.h
+++ b/standalone/android/openssh.config.h
@ -1,4 +1,6 @@
 #define DISABLE_SHADOW 1
 #define HAVE_MBLEN 1
 #define HAVE_USLEEP 1
 #define DISABLE_UTMP 1
 #define DISABLE_UTMPX 1
 #define DISABLE_WTMP 1
@ -217,7 +219,7 @@
 #define LOCKED_PASSWD_PREFIX "!"
 #define LOGIN_PROGRAM_FALLBACK "/bin/login"
 #define MISSING_FD_MASK 1
-#define MISSING_HOWMANY 1
+#define HAVE_DECL_HOWMANY 0
 #define OPENSSL_HAS_ECC 1
 #define OPENSSL_PRNG_ONLY 1
 #define PACKAGE_BUGREPORT "openssh-unix-dev@mindrot.org"
--- a/standalone/android/openssh.patch
+++ b/standalone/android/openssh.patch
@ -1,8 +1,8 @@
 diff --git a/auth.c b/auth.c
-index 6623e0f..dd10253 100644
+index 84fca58..63c3c3e 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -337,7 +337,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
+@@ -364,7 +364,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
 	char *file, ret[MAXPATHLEN];
 	int i;
@ -11,7 +11,7 @@ index 6623e0f..dd10253 100644
 	    "u", pw->pw_name, (char *)NULL);
 	/*
-@@ -347,7 +347,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
+@@ -374,7 +374,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
 	if (*file == '/')
 		return (file);
@ -19,18 +19,18 @@ index 6623e0f..dd10253 100644
 +	i = snprintf(ret, sizeof(ret), "%s/%s", _PATH_ROOT_HOME_PREFIX, file);
 	if (i < 0 || (size_t)i >= sizeof(ret))
 		fatal("expand_authorized_keys: path too long");
- 	xfree(file);
+ 	free(file);
-@@ -436,7 +436,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
+@@ -463,7 +463,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
 		    strerror(errno));
 		return -1;
 	}
-	if (realpath(pw->pw_dir, homedir) != NULL)
+-	if (pw_dir != NULL && realpath(pw_dir, homedir) != NULL)
-+	if (realpath(_PATH_ROOT_HOME_PREFIX, homedir) != NULL)
+	if (_PATH_ROOT_HOME_PREFIX != NULL && realpath(_PATH_ROOT_HOME_PREFIX, homedir) != NULL)
 		comparehome = 1;
- 	/* check the open file to avoid races */
+ 	if (!S_ISREG(stp->st_mode)) {
 diff --git a/authfile.c b/authfile.c
-index 7dd4496..00462e9 100644
+index 63ae16b..7b7841a 100644
 --- a/authfile.c
 +++ b/authfile.c
@@ -613,6 +613,7 @@ int
@ -42,7 +42,7 @@ index 7dd4496..00462e9 100644
 	if (fstat(fd, &st) < 0)
 		return 0;
 diff --git a/misc.c b/misc.c
-index 0bf2db6..4327d03 100644
+index 3b9792f..516e7ae 100644
 --- a/misc.c
 +++ b/misc.c
@@ -25,6 +25,7 @@
@ -53,39 +53,20 @@ index 0bf2db6..4327d03 100644
 #include <sys/types.h>
 #include <sys/ioctl.h>
-@@ -538,12 +539,13 @@ tilde_expand_filename(const char *filename, uid_t uid)
+@@ -539,8 +540,9 @@ tilde_expand_filename(const char *filename, uid_t uid)
 	} else if ((pw = getpwuid(uid)) == NULL)	/* ~/path */
 		fatal("tilde_expand_filename: No such uid %ld", (long)uid);
 -	if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
 +	char *pw_dir=_PATH_ROOT_HOME_PREFIX;
 +	if (strlcpy(ret, pw_dir, sizeof(ret)) >= sizeof(ret))
 		fatal("tilde_expand_filename: Path too long");
 	/* Make sure directory has a trailing '/' */
 -	len = strlen(pw->pw_dir);
-	if ((len == 0 || pw->pw_dir[len - 1] != '/') &&
+-	if (len == 0 || pw->pw_dir[len - 1] != '/')
 +	char *pw_dir=_PATH_ROOT_HOME_PREFIX;
 +	len = strlen(pw_dir);
-+	if ((len == 0 || pw_dir[len - 1] != '/') &&
+	if (len == 0 || pw_dir[len - 1] != '/')
- 	    strlcat(ret, "/", sizeof(ret)) >= sizeof(ret))
+ 		sep = "/";
- 		fatal("tilde_expand_filename: Path too long");
+ 	else
- 
+ 		sep = "";
 diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c
 index d2bea21..5b5d599 100644
 --- a/openbsd-compat/getrrsetbyname.c
 +++ b/openbsd-compat/getrrsetbyname.c
@@ -56,8 +56,7 @@
 #include <arpa/inet.h>
 #include "getrrsetbyname.h"
 -#include "nameser.h"
 -#include "nameser_compat.h"
 +#include "arpa/nameser.h"
 #if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO
 extern int h_errno;
 diff --git a/pathnames.h b/pathnames.h
-index b7b9d91..3c10b11 100644
+index 3b7584c..1103266 100644
 --- a/pathnames.h
 +++ b/pathnames.h
@@ -67,7 +67,7 @@
@ -98,23 +79,23 @@ index b7b9d91..3c10b11 100644
 /*
 diff --git a/readconf.c b/readconf.c
-index 097bb05..dcbc008 100644
+index e22c952..87c1c8a 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -1085,7 +1085,7 @@ read_config_file(const char *filename, const char *host, Options *options,
+@@ -1113,7 +1113,7 @@ read_config_file(const char *filename, const char *host, Options *options,
 	if ((f = fopen(filename, "r")) == NULL)
 		return 0;
-	if (checkperm) {
+-	if (flags & SSHCONF_CHECKPERM) {
-+	if (checkperm && 0) {
+	if (0) {
 		struct stat sb;
 		if (fstat(fileno(f), &sb) == -1)
 diff --git a/ssh-add.c b/ssh-add.c
-index 738644d..f6fce4a 100644
+index 5e8166f..f0edc30 100644
 --- a/ssh-add.c
 +++ b/ssh-add.c
-@@ -471,7 +471,7 @@ main(int argc, char **argv)
+@@ -496,7 +496,7 @@ main(int argc, char **argv)
 		}
 		for (i = 0; default_files[i]; i++) {
@ -124,10 +105,10 @@ index 738644d..f6fce4a 100644
 			if (stat(buf, &st) < 0)
 				continue;
 diff --git a/ssh-keygen.c b/ssh-keygen.c
-index 4baf7df..ef8bb25 100644
+index 40ba5e3..82c2ebf 100644
 --- a/ssh-keygen.c
 +++ b/ssh-keygen.c
-@@ -224,7 +224,7 @@ ask_filename(struct passwd *pw, const char *prompt)
+@@ -228,7 +228,7 @@ ask_filename(struct passwd *pw, const char *prompt)
 		}
 	}
 	snprintf(identity_file, sizeof(identity_file), "%s/%s",
@ -136,7 +117,7 @@ index 4baf7df..ef8bb25 100644
 	fprintf(stderr, "%s (%s): ", prompt, identity_file);
 	if (fgets(buf, sizeof(buf), stdin) == NULL)
 		exit(1);
-@@ -2268,7 +2268,7 @@ main(int argc, char **argv)
+@@ -2561,7 +2561,7 @@ main(int argc, char **argv)
 	/* Create ~/.ssh directory if it doesn't already exist. */
 	snprintf(dotsshdir, sizeof dotsshdir, "%s/%s",
@ -146,10 +127,10 @@ index 4baf7df..ef8bb25 100644
 	if (strstr(identity_file, dotsshdir) != NULL) {
 		if (stat(dotsshdir, &st) < 0) {
 diff --git a/ssh.c b/ssh.c
-index 898e966..ef6c858 100644
+index 1e2cdd5..cc48c2d 100644
 --- a/ssh.c
 +++ b/ssh.c
-@@ -703,7 +703,7 @@ main(int ac, char **av)
+@@ -707,7 +707,7 @@ main(int ac, char **av)
 			fatal("Can't open user config file %.100s: "
 			    "%.100s", config, strerror(errno));
 	} else {
@ -157,8 +138,8 @@ index 898e966..ef6c858 100644
 +		r = snprintf(buf, sizeof buf, "%s/%s", _PATH_ROOT_HOME_PREFIX,
 		    _PATH_SSH_USER_CONFFILE);
 		if (r > 0 && (size_t)r < sizeof(buf))
- 			(void)read_config_file(buf, host, &options, 1);
+ 			(void)read_config_file(buf, host, &options,
-@@ -748,7 +748,7 @@ main(int ac, char **av)
+@@ -773,7 +773,7 @@ main(int ac, char **av)
 	if (options.local_command != NULL) {
 		debug3("expanding LocalCommand: %s", options.local_command);
 		cp = options.local_command;
@ -167,7 +148,7 @@ index 898e966..ef6c858 100644
 		    "h", host, "l", thishost, "n", host_arg, "r", options.user,
 		    "p", portstr, "u", pw->pw_name, "L", shorthost,
 		    (char *)NULL);
-@@ -888,7 +888,7 @@ main(int ac, char **av)
+@@ -913,7 +913,7 @@ main(int ac, char **av)
 	 */
 	if (config == NULL) {
 		r = snprintf(buf, sizeof buf, "%s/%s",
@ -176,7 +157,7 @@ index 898e966..ef6c858 100644
 			_PATH_SSH_USER_DIR);
 		if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
 #ifdef WITH_SELINUX
-@@ -1532,7 +1532,7 @@ load_public_identity_files(void)
+@@ -1565,7 +1565,7 @@ load_public_identity_files(void)
 	if ((pw = getpwuid(original_real_uid)) == NULL)
 		fatal("load_public_identity_files: getpwuid failed");
 	pwname = xstrdup(pw->pw_name);
@ -186,7 +167,7 @@ index 898e966..ef6c858 100644
 		fatal("load_public_identity_files: gethostname: %s",
 		    strerror(errno));
 diff --git a/uidswap.c b/uidswap.c
-index bc6194e..5cbf5d1 100644
+index 50d20d6..d226cc9 100644
 --- a/uidswap.c
 +++ b/uidswap.c
@@ -28,7 +28,6 @@
@ -194,10 +175,10 @@ index bc6194e..5cbf5d1 100644
 #ifdef ANDROID
 -#include <private/android_filesystem_config.h>
- #include <linux/capability.h>
+ #include <sys/capability.h>
 #include <linux/prctl.h>
 #endif
-@@ -230,7 +229,7 @@ permanently_set_uid(struct passwd *pw)
+@@ -216,7 +215,7 @@ permanently_set_uid(struct passwd *pw)
 	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
 	    (u_int)pw->pw_gid);
@ -206,7 +187,7 @@ index bc6194e..5cbf5d1 100644
 	if (pw->pw_uid == AID_SHELL) {
 		prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
-@@ -317,7 +316,7 @@ permanently_set_uid(struct passwd *pw)
+@@ -281,7 +280,7 @@ permanently_set_uid(struct passwd *pw)
 		    (u_int)pw->pw_uid);
 	}