From b70192b9212452c9cca2049c9e718ea7d88dd765 Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Mon, 27 Aug 2018 20:27:22 +0000 Subject: Mon Aug 27 20:27:22 UTC 2018 a/kernel-firmware-20180825_fea76a0-noarch-1.txz: Upgraded. ap/vim-8.1.0328-x86_64-1.txz: Upgraded. d/meson-0.47.2-x86_64-1.txz: Upgraded. d/python-setuptools-40.2.0-x86_64-1.txz: Upgraded. l/python-certifi-2018.8.24-x86_64-1.txz: Upgraded. l/python-idna-2.7-x86_64-1.txz: Upgraded. l/python-packaging-17.1-x86_64-1.txz: Upgraded. l/python-pillow-5.2.0-x86_64-1.txz: Upgraded. l/python-requests-2.19.1-x86_64-1.txz: Upgraded. l/python-urllib3-1.23-x86_64-1.txz: Upgraded. l/talloc-2.1.14-x86_64-1.txz: Upgraded. l/tdb-1.3.16-x86_64-1.txz: Upgraded. l/tevent-0.9.37-x86_64-1.txz: Upgraded. n/ethtool-4.18-x86_64-1.txz: Upgraded. n/openssh-7.8p1-x86_64-1.txz: Upgraded. n/samba-4.8.5-x86_64-1.txz: Upgraded. x/xauth-1.0.10-x86_64-3.txz: Rebuilt. Patched to fix a bug where changing the hostname caused X access to be lost. Thanks to TurboBlaze. xap/vim-gvim-8.1.0328-x86_64-1.txz: Upgraded. --- source/d/meson/meson.url | 2 +- source/l/db44/slack-desc | 2 +- source/l/db48/slack-desc | 2 +- source/l/python-certifi/python-certifi.SlackBuild | 6 +- source/l/python-idna/python-idna.SlackBuild | 6 +- .../l/python-packaging/python-packaging.SlackBuild | 6 +- source/l/python-packaging/slack-desc | 2 +- source/l/python-pillow/python-pillow.SlackBuild | 6 +- .../l/python-requests/python-requests.SlackBuild | 6 +- source/l/python-requests/python-requests.url | 1 + source/l/python-urllib3/python-urllib3.SlackBuild | 6 +- source/l/python-urllib3/urllib3.url | 1 + source/l/tdb/tdb.SlackBuild | 6 +- source/l/tevent/tevent.SlackBuild | 2 +- source/n/gnupg2/slack-desc | 2 +- source/n/mutt/slack-desc | 2 +- source/n/openssh/openssh.SlackBuild | 5 +- .../n/openssh/openssh.fix_tunnel_forwarding.diff | 36 ---- source/n/openssh/openssh.tcp_wrappers.diff | 69 ++++--- source/n/openssh/openssl-1.1.0.patch | 204 ++++++++++----------- source/n/samba/samba.url | 4 +- source/x/x11/build/xauth | 2 +- source/x/x11/patch/xauth.patch | 3 + ....bc78aa61cfbddaa27dee275f639ba40de6981b17.patch | 44 +++++ 24 files changed, 215 insertions(+), 210 deletions(-) create mode 100644 source/l/python-requests/python-requests.url create mode 100644 source/l/python-urllib3/urllib3.url delete mode 100644 source/n/openssh/openssh.fix_tunnel_forwarding.diff create mode 100644 source/x/x11/patch/xauth.patch create mode 100644 source/x/x11/patch/xauth/xauth.bc78aa61cfbddaa27dee275f639ba40de6981b17.patch (limited to 'source') diff --git a/source/d/meson/meson.url b/source/d/meson/meson.url index 4724ac1ca..3413f6591 100644 --- a/source/d/meson/meson.url +++ b/source/d/meson/meson.url @@ -1 +1 @@ -https://github.com/mesonbuild/meson/releases/download/0.47.0/meson-0.47.0.tar.gz +https://github.com/mesonbuild/meson/releases/download/0.47.2/meson-0.47.2.tar.gz diff --git a/source/l/db44/slack-desc b/source/l/db44/slack-desc index dfc00b22e..84d13a3b8 100644 --- a/source/l/db44/slack-desc +++ b/source/l/db44/slack-desc @@ -6,7 +6,7 @@ # leave one space after the ':'. |-----handy-ruler------------------------------------------------------| -db44: db4 (Berkeley database library version 4.4.x) +db44: db44 (Berkeley database library version 4.4.x) db44: db44: The Berkeley Database (Berkeley DB) library provides embedded database db44: support for both traditional and client/server applications. diff --git a/source/l/db48/slack-desc b/source/l/db48/slack-desc index 285251303..5b4663ffc 100644 --- a/source/l/db48/slack-desc +++ b/source/l/db48/slack-desc @@ -6,7 +6,7 @@ # leave one space after the ':'. |-----handy-ruler------------------------------------------------------| -db48: db4 (Berkeley database library version 4.8.x) +db48: db48 (Berkeley database library version 4.8.x) db48: db48: The Berkeley Database (Berkeley DB) library provides embedded database db48: support for both traditional and client/server applications. diff --git a/source/l/python-certifi/python-certifi.SlackBuild b/source/l/python-certifi/python-certifi.SlackBuild index 56e0ba60e..29bf65f7d 100755 --- a/source/l/python-certifi/python-certifi.SlackBuild +++ b/source/l/python-certifi/python-certifi.SlackBuild @@ -24,8 +24,8 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=python-certifi -VERSION=${VERSION:-$(echo certifi-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +VERSION=${VERSION:-$(echo certifi-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} SRCNAM=certifi @@ -52,7 +52,7 @@ rm -rf $PKG mkdir -p $TMP $PKG cd $TMP rm -rf $SRCNAM-$VERSION -tar xvf $CWD/$SRCNAM-$VERSION.tar.?z* || exit 1 +tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1 cd $SRCNAM-$VERSION || exit 1 chown -R root:root . find -L . \ diff --git a/source/l/python-idna/python-idna.SlackBuild b/source/l/python-idna/python-idna.SlackBuild index 1ffd644e8..aca267aa4 100755 --- a/source/l/python-idna/python-idna.SlackBuild +++ b/source/l/python-idna/python-idna.SlackBuild @@ -24,8 +24,8 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=python-idna -VERSION=${VERSION:-$(echo idna-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +VERSION=${VERSION:-$(echo idna-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} SRCNAM=idna @@ -52,7 +52,7 @@ rm -rf $PKG mkdir -p $TMP $PKG cd $TMP rm -rf $SRCNAM-$VERSION -tar xvf $CWD/$SRCNAM-$VERSION.tar.?z* || exit 1 +tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1 cd $SRCNAM-$VERSION || exit 1 chown -R root:root . find -L . \ diff --git a/source/l/python-packaging/python-packaging.SlackBuild b/source/l/python-packaging/python-packaging.SlackBuild index 3e1a64bb7..3c731d448 100755 --- a/source/l/python-packaging/python-packaging.SlackBuild +++ b/source/l/python-packaging/python-packaging.SlackBuild @@ -24,8 +24,8 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=python-packaging -VERSION=${VERSION:-$(echo packaging-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +VERSION=${VERSION:-$(echo packaging-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} SRCNAM=packaging @@ -52,7 +52,7 @@ rm -rf $PKG mkdir -p $TMP $PKG cd $TMP rm -rf $SRCNAM-$VERSION -tar xvf $CWD/$SRCNAM-$VERSION.tar.?z* || exit 1 +tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1 cd $SRCNAM-$VERSION || exit 1 chown -R root:root . find -L . \ diff --git a/source/l/python-packaging/slack-desc b/source/l/python-packaging/slack-desc index c117eeac1..b67c7c688 100644 --- a/source/l/python-packaging/slack-desc +++ b/source/l/python-packaging/slack-desc @@ -10,7 +10,7 @@ python-packaging: python-packaging (Core utilities for Python packages) python-packaging: python-packaging: Core utilities for Python packages python-packaging: -python-packaging: Homepage: https://github.com/pypa/packaging +python-packaging: Homepage: https://pypi.org/project/packaging/ python-packaging: python-packaging: python-packaging: diff --git a/source/l/python-pillow/python-pillow.SlackBuild b/source/l/python-pillow/python-pillow.SlackBuild index dbd8ae1d0..76e5743b8 100755 --- a/source/l/python-pillow/python-pillow.SlackBuild +++ b/source/l/python-pillow/python-pillow.SlackBuild @@ -24,8 +24,8 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=python-pillow -VERSION=${VERSION:-$(echo Pillow-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +VERSION=${VERSION:-$(echo Pillow-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -70,7 +70,7 @@ mkdir -p $TMP $PKG cd $TMP rm -rf Pillow-$VERSION -tar xvf $CWD/Pillow-$VERSION.tar.*z* || exit 1 +tar xvf $CWD/Pillow-$VERSION.tar.?z || exit 1 cd Pillow-$VERSION chown -R root:root . find . \ diff --git a/source/l/python-requests/python-requests.SlackBuild b/source/l/python-requests/python-requests.SlackBuild index 8ba8cc20b..525c22f76 100755 --- a/source/l/python-requests/python-requests.SlackBuild +++ b/source/l/python-requests/python-requests.SlackBuild @@ -24,8 +24,8 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=python-requests -VERSION=${VERSION:-$(echo requests-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +VERSION=${VERSION:-$(echo requests-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} SRCNAM=requests @@ -52,7 +52,7 @@ rm -rf $PKG mkdir -p $TMP $PKG cd $TMP rm -rf $SRCNAM-$VERSION -tar xvf $CWD/$SRCNAM-$VERSION.tar.?z* || exit 1 +tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1 cd $SRCNAM-$VERSION || exit 1 chown -R root:root . find -L . \ diff --git a/source/l/python-requests/python-requests.url b/source/l/python-requests/python-requests.url new file mode 100644 index 000000000..685bbd5d5 --- /dev/null +++ b/source/l/python-requests/python-requests.url @@ -0,0 +1 @@ +https://github.com/requests/requests diff --git a/source/l/python-urllib3/python-urllib3.SlackBuild b/source/l/python-urllib3/python-urllib3.SlackBuild index c42396e59..42fbc26b1 100755 --- a/source/l/python-urllib3/python-urllib3.SlackBuild +++ b/source/l/python-urllib3/python-urllib3.SlackBuild @@ -24,8 +24,8 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=python-urllib3 -VERSION=${VERSION:-$(echo urllib3-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +VERSION=${VERSION:-$(echo urllib3-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} SRCNAM=urllib3 @@ -52,7 +52,7 @@ rm -rf $PKG mkdir -p $TMP $PKG cd $TMP rm -rf $SRCNAM-$VERSION -tar xvf $CWD/$SRCNAM-$VERSION.tar.?z* || exit 1 +tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1 cd $SRCNAM-$VERSION || exit 1 chown -R root:root . find -L . \ diff --git a/source/l/python-urllib3/urllib3.url b/source/l/python-urllib3/urllib3.url new file mode 100644 index 000000000..ad87d82bf --- /dev/null +++ b/source/l/python-urllib3/urllib3.url @@ -0,0 +1 @@ +https://github.com/shazow/urllib3 diff --git a/source/l/tdb/tdb.SlackBuild b/source/l/tdb/tdb.SlackBuild index a6866b2f8..f60cd4cbe 100755 --- a/source/l/tdb/tdb.SlackBuild +++ b/source/l/tdb/tdb.SlackBuild @@ -23,8 +23,8 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=tdb -VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -75,7 +75,7 @@ mkdir -p $TMP $PKG cd $TMP rm -rf $PKGNAM-$VERSION -tar xvf $CWD/$PKGNAM-$VERSION.tar.xz || exit 1 +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1 cd $PKGNAM-$VERSION || exit 1 chown -R root:root . diff --git a/source/l/tevent/tevent.SlackBuild b/source/l/tevent/tevent.SlackBuild index cfeee1194..c79a9741a 100755 --- a/source/l/tevent/tevent.SlackBuild +++ b/source/l/tevent/tevent.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=tevent VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-1} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/n/gnupg2/slack-desc b/source/n/gnupg2/slack-desc index 77f4bd04d..98aada3e2 100644 --- a/source/n/gnupg2/slack-desc +++ b/source/n/gnupg2/slack-desc @@ -6,7 +6,7 @@ # customary to leave one space after the ':'. |-----handy-ruler------------------------------------------------------| -gnupg2: GnuPG2 (The GNU Privacy Guard version 2.x) +gnupg2: gnupg2 (The GNU Privacy Guard version 2.x) gnupg2: gnupg2: GnuPG is GNU's tool for secure communication and data storage. It can gnupg2: be used to encrypt data and to create digital signatures. It includes diff --git a/source/n/mutt/slack-desc b/source/n/mutt/slack-desc index 96a5880cb..f5e337840 100644 --- a/source/n/mutt/slack-desc +++ b/source/n/mutt/slack-desc @@ -6,7 +6,7 @@ # leave one space after the ':'. |-----handy-ruler------------------------------------------------------| -mutt: Mutt (the Mutt mail user agent) +mutt: mutt (the Mutt mail user agent) mutt: mutt: Mutt is a small but very powerful text-based MIME mail client. Mutt mutt: is highly configurable, and is well suited to the mail power user with diff --git a/source/n/openssh/openssh.SlackBuild b/source/n/openssh/openssh.SlackBuild index 2620da6c8..b1a741036 100755 --- a/source/n/openssh/openssh.SlackBuild +++ b/source/n/openssh/openssh.SlackBuild @@ -30,7 +30,7 @@ PKG=$TMP/package-openssh PKGNAM=openssh VERSION=${VERSION:-$(echo openssh-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-5} +BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:--j6} @@ -86,9 +86,6 @@ zcat $CWD/openssh.no.openssl.version.check.diff.gz | patch -p1 --verbose || exit # Restore support for tcpwrappers: zcat $CWD/openssh.tcp_wrappers.diff.gz | patch -p1 --verbose || exit 1 -# Fix tunnel forwarding with -w option: -zcat $CWD/openssh.fix_tunnel_forwarding.diff.gz | patch -p1 --verbose || exit 1 - autoreconf -vif # Compile package: diff --git a/source/n/openssh/openssh.fix_tunnel_forwarding.diff b/source/n/openssh/openssh.fix_tunnel_forwarding.diff deleted file mode 100644 index a99a812fd..000000000 --- a/source/n/openssh/openssh.fix_tunnel_forwarding.diff +++ /dev/null @@ -1,36 +0,0 @@ -From cfb1d9bc76734681e3dea532a1504fcd466fbe91 Mon Sep 17 00:00:00 2001 -From: Damien Miller -Date: Fri, 13 Apr 2018 13:38:06 +1000 -Subject: Fix tunnel forwarding broken in 7.7p1 - -bz2855, ok dtucker@ ---- - openbsd-compat/port-net.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c -index 7050629..bb53562 100644 ---- a/openbsd-compat/port-net.c -+++ b/openbsd-compat/port-net.c -@@ -185,7 +185,7 @@ sys_tun_open(int tun, int mode, char **ifname) - else - debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd); - -- if (ifname != NULL && (*ifname = strdup(ifr.ifr_name))) -+ if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL) - goto failed; - - return (fd); -@@ -272,7 +272,7 @@ sys_tun_open(int tun, int mode, char **ifname) - goto failed; - } - -- if (ifname != NULL && (*ifname = strdup(ifr.ifr_name))) -+ if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL) - goto failed; - - close(sock); --- -cgit v1.1 - - diff --git a/source/n/openssh/openssh.tcp_wrappers.diff b/source/n/openssh/openssh.tcp_wrappers.diff index b0a1c4ce7..24a259c78 100644 --- a/source/n/openssh/openssh.tcp_wrappers.diff +++ b/source/n/openssh/openssh.tcp_wrappers.diff @@ -1,9 +1,8 @@ -diff -uprN openssh-7.7p1.orig/configure.ac openssh-7.7p1/configure.ac ---- openssh-7.7p1.orig/configure.ac 2018-04-02 14:38:28.000000000 +0900 -+++ openssh-7.7p1/configure.ac 2018-04-04 17:46:13.798168547 +0900 -@@ -1542,6 +1542,62 @@ AC_ARG_WITH([skey], - ] - ) +--- ./configure.ac.orig 2018-08-23 00:41:42.000000000 -0500 ++++ ./configure.ac 2018-08-25 19:14:10.706002529 -0500 +@@ -1502,6 +1502,62 @@ + AC_MSG_RESULT([no]) + fi +# Check whether user wants TCP wrappers support +TCPW_MSG="no" @@ -64,41 +63,16 @@ diff -uprN openssh-7.7p1.orig/configure.ac openssh-7.7p1/configure.ac # Check whether user wants to use ldns LDNS_MSG="no" AC_ARG_WITH(ldns, -@@ -5216,6 +5272,7 @@ echo " OSF SIA support +@@ -5177,6 +5233,7 @@ + echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" - echo " S/KEY support: $SKEY_MSG" +echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" echo " libedit support: $LIBEDIT_MSG" echo " libldns support: $LDNS_MSG" -diff -uprN openssh-7.7p1.orig/sshd.8 openssh-7.7p1/sshd.8 ---- openssh-7.7p1.orig/sshd.8 2018-04-02 14:38:28.000000000 +0900 -+++ openssh-7.7p1/sshd.8 2018-04-04 17:46:13.799168500 +0900 -@@ -845,6 +845,12 @@ the user's home directory becomes access - This file should be writable only by the user, and need not be - readable by anyone else. - .Pp -+.It Pa /etc/hosts.allow -+.It Pa /etc/hosts.deny -+Access controls that should be enforced by tcp-wrappers are defined here. -+Further details are described in -+.Xr hosts_access 5 . -+.Pp - .It Pa /etc/hosts.equiv - This file is for host-based authentication (see - .Xr ssh 1 ) . -@@ -947,6 +953,7 @@ The content of this file is not sensitiv - .Xr ssh-keygen 1 , - .Xr ssh-keyscan 1 , - .Xr chroot 2 , -+.Xr hosts_access 5 , - .Xr login.conf 5 , - .Xr moduli 5 , - .Xr sshd_config 5 , -diff -uprN openssh-7.7p1.orig/sshd.c openssh-7.7p1/sshd.c ---- openssh-7.7p1.orig/sshd.c 2018-04-02 14:38:28.000000000 +0900 -+++ openssh-7.7p1/sshd.c 2018-04-04 18:24:08.499515628 +0900 +--- ./sshd.c.orig 2018-08-23 00:41:42.000000000 -0500 ++++ ./sshd.c 2018-08-25 19:12:52.901002527 -0500 @@ -122,6 +122,12 @@ #include "auth-options.h" #include "version.h" @@ -112,7 +86,7 @@ diff -uprN openssh-7.7p1.orig/sshd.c openssh-7.7p1/sshd.c /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) -@@ -2005,6 +2011,26 @@ main(int ac, char **av) +@@ -2063,6 +2069,26 @@ packet_set_server(); ssh = active_state; /* XXX */ @@ -139,3 +113,26 @@ diff -uprN openssh-7.7p1.orig/sshd.c openssh-7.7p1/sshd.c check_ip_options(ssh); /* Prepare the channels layer */ +--- ./sshd.8.orig 2018-08-23 00:41:42.000000000 -0500 ++++ ./sshd.8 2018-08-25 19:12:52.899002527 -0500 +@@ -873,6 +873,12 @@ + This file should be writable only by the user, and need not be + readable by anyone else. + .Pp ++.It Pa /etc/hosts.allow ++.It Pa /etc/hosts.deny ++Access controls that should be enforced by tcp-wrappers are defined here. ++Further details are described in ++.Xr hosts_access 5 . ++.Pp + .It Pa /etc/hosts.equiv + This file is for host-based authentication (see + .Xr ssh 1 ) . +@@ -975,6 +981,7 @@ + .Xr ssh-keygen 1 , + .Xr ssh-keyscan 1 , + .Xr chroot 2 , ++.Xr hosts_access 5 , + .Xr login.conf 5 , + .Xr moduli 5 , + .Xr sshd_config 5 , diff --git a/source/n/openssh/openssl-1.1.0.patch b/source/n/openssh/openssl-1.1.0.patch index 6d065d470..5d6d7780b 100644 --- a/source/n/openssh/openssl-1.1.0.patch +++ b/source/n/openssh/openssl-1.1.0.patch @@ -1,6 +1,6 @@ diff -aurp old/auth-pam.c new/auth-pam.c ---- old/auth-pam.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/auth-pam.c 2018-03-23 10:05:03.886621278 -1000 +--- old/auth-pam.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/auth-pam.c 2018-08-23 21:31:53.324592767 -0700 @@ -128,6 +128,10 @@ extern u_int utmp_len; typedef pthread_t sp_pthread_t; #else @@ -13,9 +13,9 @@ diff -aurp old/auth-pam.c new/auth-pam.c struct pam_ctxt { diff -aurp old/cipher.c new/cipher.c ---- old/cipher.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/cipher.c 2018-03-23 10:05:03.886621278 -1000 -@@ -297,7 +297,10 @@ cipher_init(struct sshcipher_ctx **ccp, +--- old/cipher.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/cipher.c 2018-08-23 21:31:53.327926112 -0700 +@@ -299,7 +299,10 @@ cipher_init(struct sshcipher_ctx **ccp, goto out; } } @@ -27,7 +27,7 @@ diff -aurp old/cipher.c new/cipher.c ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } -@@ -483,7 +486,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c +@@ -485,7 +488,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c len, iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else @@ -36,7 +36,7 @@ diff -aurp old/cipher.c new/cipher.c #endif return 0; } -@@ -517,14 +520,19 @@ cipher_set_keyiv(struct sshcipher_ctx *c +@@ -519,14 +522,19 @@ cipher_set_keyiv(struct sshcipher_ctx *c EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else @@ -60,8 +60,8 @@ diff -aurp old/cipher.c new/cipher.c int diff -aurp old/cipher.h new/cipher.h ---- old/cipher.h 2018-03-22 16:21:14.000000000 -1000 -+++ new/cipher.h 2018-03-23 10:05:03.886621278 -1000 +--- old/cipher.h 2018-08-22 22:41:42.000000000 -0700 ++++ new/cipher.h 2018-08-23 21:31:53.327926112 -0700 @@ -46,7 +46,18 @@ #define CIPHER_DECRYPT 0 @@ -82,9 +82,9 @@ diff -aurp old/cipher.h new/cipher.h const struct sshcipher *cipher_by_name(const char *); const char *cipher_warning_message(const struct sshcipher_ctx *); diff -aurp old/configure new/configure ---- old/configure 2018-03-23 03:30:17.000000000 -1000 -+++ new/configure 2018-03-23 10:05:03.888621444 -1000 -@@ -13076,7 +13076,6 @@ if ac_fn_c_try_run "$LINENO"; then : +--- old/configure 2018-08-23 00:09:30.000000000 -0700 ++++ new/configure 2018-08-23 21:31:53.331259457 -0700 +@@ -13032,7 +13032,6 @@ if ac_fn_c_try_run "$LINENO"; then : 100*) ;; # 1.0.x 200*) ;; # LibreSSL *) @@ -93,9 +93,9 @@ diff -aurp old/configure new/configure esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5 diff -aurp old/dh.c new/dh.c ---- old/dh.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/dh.c 2018-03-23 10:05:03.888621444 -1000 -@@ -211,14 +211,15 @@ choose_dh(int min, int wantbits, int max +--- old/dh.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/dh.c 2018-08-23 21:39:18.863765579 -0700 +@@ -216,14 +216,15 @@ choose_dh(int min, int wantbits, int max /* diffie-hellman-groupN-sha1 */ int @@ -113,7 +113,7 @@ diff -aurp old/dh.c new/dh.c logit("invalid public DH value: negative"); return 0; } -@@ -231,7 +232,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) +@@ -236,7 +237,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) error("%s: BN_new failed", __func__); return 0; } @@ -123,7 +123,7 @@ diff -aurp old/dh.c new/dh.c BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ BN_clear_free(tmp); logit("invalid public DH value: >= p-1"); -@@ -242,14 +244,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) +@@ -247,14 +249,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) for (i = 0; i <= n; i++) if (BN_is_bit_set(dh_pub, i)) bits_set++; @@ -140,7 +140,7 @@ diff -aurp old/dh.c new/dh.c return 0; } return 1; -@@ -259,9 +261,13 @@ int +@@ -264,9 +266,13 @@ int dh_gen_key(DH *dh, int need) { int pbits; @@ -156,7 +156,7 @@ diff -aurp old/dh.c new/dh.c need > INT_MAX / 2 || 2 * need > pbits) return SSH_ERR_INVALID_ARGUMENT; if (need < 256) -@@ -270,10 +276,13 @@ dh_gen_key(DH *dh, int need) +@@ -275,11 +281,13 @@ dh_gen_key(DH *dh, int need) * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), * so double requested need here. */ @@ -164,6 +164,7 @@ diff -aurp old/dh.c new/dh.c - if (DH_generate_key(dh) == 0 || - !dh_pub_is_valid(dh, dh->pub_key)) { - BN_clear_free(dh->priv_key); +- dh->priv_key = NULL; + DH_set_length(dh, MIN(need * 2, pbits - 1)); + if (DH_generate_key(dh) == 0) { + return SSH_ERR_LIBCRYPTO_ERROR; @@ -174,7 +175,7 @@ diff -aurp old/dh.c new/dh.c return SSH_ERR_LIBCRYPTO_ERROR; } return 0; -@@ -282,16 +291,27 @@ dh_gen_key(DH *dh, int need) +@@ -288,16 +296,27 @@ dh_gen_key(DH *dh, int need) DH * dh_new_group_asc(const char *gen, const char *modulus) { @@ -209,7 +210,7 @@ diff -aurp old/dh.c new/dh.c } /* -@@ -306,8 +326,8 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulu +@@ -312,8 +331,8 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulu if ((dh = DH_new()) == NULL) return NULL; @@ -221,8 +222,8 @@ diff -aurp old/dh.c new/dh.c return (dh); } diff -aurp old/dh.h new/dh.h ---- old/dh.h 2018-03-22 16:21:14.000000000 -1000 -+++ new/dh.h 2018-03-23 10:05:03.889621527 -1000 +--- old/dh.h 2018-08-22 22:41:42.000000000 -0700 ++++ new/dh.h 2018-08-23 21:31:53.331259457 -0700 @@ -42,7 +42,7 @@ DH *dh_new_group18(void); DH *dh_new_group_fallback(int); @@ -233,8 +234,8 @@ diff -aurp old/dh.h new/dh.h u_int dh_estimate(int); diff -aurp old/digest-openssl.c new/digest-openssl.c ---- old/digest-openssl.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/digest-openssl.c 2018-03-23 10:05:03.889621527 -1000 +--- old/digest-openssl.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/digest-openssl.c 2018-08-23 21:31:53.331259457 -0700 @@ -43,7 +43,7 @@ struct ssh_digest_ctx { @@ -307,8 +308,8 @@ diff -aurp old/digest-openssl.c new/digest-openssl.c free(ctx); } diff -aurp old/kexdhc.c new/kexdhc.c ---- old/kexdhc.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/kexdhc.c 2018-03-23 10:05:03.889621527 -1000 +--- old/kexdhc.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/kexdhc.c 2018-08-23 21:31:53.331259457 -0700 @@ -81,11 +81,16 @@ kexdh_client(struct ssh *ssh) goto out; } @@ -356,8 +357,8 @@ diff -aurp old/kexdhc.c new/kexdhc.c if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) != 0) diff -aurp old/kexdhs.c new/kexdhs.c ---- old/kexdhs.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/kexdhs.c 2018-03-23 10:58:58.126733207 -1000 +--- old/kexdhs.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/kexdhs.c 2018-08-23 21:36:50.600564263 -0700 @@ -163,6 +163,9 @@ input_kex_dh_init(int type, u_int32_t se goto out; /* calc H */ @@ -383,10 +384,10 @@ diff -aurp old/kexdhs.c new/kexdhs.c /* save session id := H */ if (kex->session_id == NULL) { -@@ -195,12 +200,17 @@ input_kex_dh_init(int type, u_int32_t se +@@ -195,12 +200,16 @@ input_kex_dh_init(int type, u_int32_t se /* destroy_sensitive_data(); */ - /* send server hostkey, DH pubkey 'f' and singed H */ + /* send server hostkey, DH pubkey 'f' and signed H */ + { + const BIGNUM *pub_key; + DH_get0_key(kex->dh, &pub_key, NULL); @@ -395,17 +396,15 @@ diff -aurp old/kexdhs.c new/kexdhs.c - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ (r = sshpkt_put_string(ssh, signature, slen)) != 0 || -- (r = sshpkt_send(ssh)) != 0) -+ (r = sshpkt_send(ssh)) != 0) { + (r = sshpkt_send(ssh)) != 0) goto out; -+ } + } if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); diff -aurp old/kexgexc.c new/kexgexc.c ---- old/kexgexc.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/kexgexc.c 2018-03-23 11:00:00.132866201 -1000 +--- old/kexgexc.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/kexgexc.c 2018-08-23 21:31:53.331259457 -0700 @@ -118,11 +118,17 @@ input_kex_dh_gex_group(int type, u_int32 p = g = NULL; /* belong to kex->dh now */ @@ -458,8 +457,8 @@ diff -aurp old/kexgexc.c new/kexgexc.c if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) != 0) diff -aurp old/kexgexs.c new/kexgexs.c ---- old/kexgexs.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/kexgexs.c 2018-03-23 11:03:06.045049721 -1000 +--- old/kexgexs.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/kexgexs.c 2018-08-23 21:36:11.493972372 -0700 @@ -101,11 +101,16 @@ input_kex_dh_gex_request(int type, u_int goto out; } @@ -509,10 +508,10 @@ diff -aurp old/kexgexs.c new/kexgexs.c /* save session id := H */ if (kex->session_id == NULL) { -@@ -225,12 +236,17 @@ input_kex_dh_gex_init(int type, u_int32_ +@@ -225,12 +236,16 @@ input_kex_dh_gex_init(int type, u_int32_ /* destroy_sensitive_data(); */ - /* send server hostkey, DH pubkey 'f' and singed H */ + /* send server hostkey, DH pubkey 'f' and signed H */ + { + const BIGNUM *pub_key; + DH_get0_key(kex->dh, &pub_key, NULL); @@ -521,35 +520,33 @@ diff -aurp old/kexgexs.c new/kexgexs.c - (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ + (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ (r = sshpkt_put_string(ssh, signature, slen)) != 0 || -- (r = sshpkt_send(ssh)) != 0) -+ (r = sshpkt_send(ssh)) != 0) { + (r = sshpkt_send(ssh)) != 0) goto out; -+ } + } if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); diff -aurp old/monitor.c new/monitor.c ---- old/monitor.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/monitor.c 2018-03-23 10:05:03.890621610 -1000 -@@ -595,10 +595,12 @@ mm_answer_moduli(int sock, Buffer *m) - buffer_put_char(m, 0); +--- old/monitor.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/monitor.c 2018-08-23 21:34:14.594343260 -0700 +@@ -589,10 +589,12 @@ mm_answer_moduli(int sock, struct sshbuf + fatal("%s: buffer error: %s", __func__, ssh_err(r)); return (0); } else { + const BIGNUM *p, *g; + DH_get0_pqg(dh, &p, NULL, &g); /* Send first bignum */ - buffer_put_char(m, 1); -- buffer_put_bignum2(m, dh->p); -- buffer_put_bignum2(m, dh->g); -+ buffer_put_bignum2(m, p); -+ buffer_put_bignum2(m, g); + if ((r = sshbuf_put_u8(m, 1)) != 0 || +- (r = sshbuf_put_bignum2(m, dh->p)) != 0 || +- (r = sshbuf_put_bignum2(m, dh->g)) != 0) ++ (r = sshbuf_put_bignum2(m, p)) != 0 || ++ (r = sshbuf_put_bignum2(m, g)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); DH_free(dh); - } diff -aurp old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat.c ---- old/openbsd-compat/openssl-compat.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/openbsd-compat/openssl-compat.c 2018-03-23 10:05:03.890621610 -1000 +--- old/openbsd-compat/openssl-compat.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/openbsd-compat/openssl-compat.c 2018-08-23 21:31:53.334592801 -0700 @@ -75,7 +75,6 @@ ssh_OpenSSL_add_all_algorithms(void) /* Enable use of crypto hardware */ ENGINE_load_builtin_engines(); @@ -559,8 +556,8 @@ diff -aurp old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat #endif diff -aurp old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey/test_file.c ---- old/regress/unittests/sshkey/test_file.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/regress/unittests/sshkey/test_file.c 2018-03-23 10:05:03.890621610 -1000 +--- old/regress/unittests/sshkey/test_file.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/regress/unittests/sshkey/test_file.c 2018-08-23 21:31:53.334592801 -0700 @@ -60,9 +60,14 @@ sshkey_file_tests(void) a = load_bignum("rsa_1.param.n"); b = load_bignum("rsa_1.param.p"); @@ -598,8 +595,8 @@ diff -aurp old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey BN_free(b); BN_free(c); diff -aurp old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshkey/test_sshkey.c ---- old/regress/unittests/sshkey/test_sshkey.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/regress/unittests/sshkey/test_sshkey.c 2018-03-23 10:05:03.890621610 -1000 +--- old/regress/unittests/sshkey/test_sshkey.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/regress/unittests/sshkey/test_sshkey.c 2018-08-23 21:31:53.334592801 -0700 @@ -197,9 +197,14 @@ sshkey_tests(void) k1 = sshkey_new(KEY_RSA); ASSERT_PTR_NE(k1, NULL); @@ -738,8 +735,8 @@ diff -aurp old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk TEST_START("equal KEY_DSA/demoted KEY_DSA"); diff -aurp old/ssh-dss.c new/ssh-dss.c ---- old/ssh-dss.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/ssh-dss.c 2018-03-23 10:05:03.891621693 -1000 +--- old/ssh-dss.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/ssh-dss.c 2018-08-23 21:31:53.334592801 -0700 @@ -53,6 +53,7 @@ ssh_dss_sign(const struct sshkey *key, u DSA_SIG *sig = NULL; u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; @@ -801,8 +798,8 @@ diff -aurp old/ssh-dss.c new/ssh-dss.c /* sha1 the data */ if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, diff -aurp old/ssh-ecdsa.c new/ssh-ecdsa.c ---- old/ssh-ecdsa.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/ssh-ecdsa.c 2018-03-23 10:05:03.891621693 -1000 +--- old/ssh-ecdsa.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/ssh-ecdsa.c 2018-08-23 21:31:53.334592801 -0700 @@ -80,9 +80,14 @@ ssh_ecdsa_sign(const struct sshkey *key, ret = SSH_ERR_ALLOC_FAIL; goto out; @@ -851,9 +848,9 @@ diff -aurp old/ssh-ecdsa.c new/ssh-ecdsa.c ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; goto out; diff -aurp old/ssh-keygen.c new/ssh-keygen.c ---- old/ssh-keygen.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/ssh-keygen.c 2018-03-23 10:05:03.891621693 -1000 -@@ -493,11 +493,33 @@ do_convert_private_ssh2_from_blob(u_char +--- old/ssh-keygen.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/ssh-keygen.c 2018-08-23 21:31:53.334592801 -0700 +@@ -494,11 +494,33 @@ do_convert_private_ssh2_from_blob(u_char switch (key->type) { case KEY_DSA: @@ -892,7 +889,7 @@ diff -aurp old/ssh-keygen.c new/ssh-keygen.c break; case KEY_RSA: if ((r = sshbuf_get_u8(b, &e1)) != 0 || -@@ -514,16 +536,52 @@ do_convert_private_ssh2_from_blob(u_char +@@ -515,16 +537,52 @@ do_convert_private_ssh2_from_blob(u_char e += e3; debug("e %lx", e); } @@ -951,7 +948,7 @@ diff -aurp old/ssh-keygen.c new/ssh-keygen.c if ((r = ssh_rsa_generate_additional_parameters(key)) != 0) fatal("generate RSA parameters failed: %s", ssh_err(r)); break; -@@ -633,7 +691,7 @@ do_convert_from_pkcs8(struct sshkey **k, +@@ -634,7 +692,7 @@ do_convert_from_pkcs8(struct sshkey **k, identity_file); } fclose(fp); @@ -960,7 +957,7 @@ diff -aurp old/ssh-keygen.c new/ssh-keygen.c case EVP_PKEY_RSA: if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new failed"); -@@ -657,7 +715,7 @@ do_convert_from_pkcs8(struct sshkey **k, +@@ -658,7 +716,7 @@ do_convert_from_pkcs8(struct sshkey **k, #endif default: fatal("%s: unsupported pubkey type %d", __func__, @@ -970,9 +967,9 @@ diff -aurp old/ssh-keygen.c new/ssh-keygen.c EVP_PKEY_free(pubkey); return; diff -aurp old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c ---- old/ssh-pkcs11-client.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/ssh-pkcs11-client.c 2018-03-23 10:05:03.892621777 -1000 -@@ -144,12 +144,13 @@ pkcs11_rsa_private_encrypt(int flen, con +--- old/ssh-pkcs11-client.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/ssh-pkcs11-client.c 2018-08-23 21:31:53.334592801 -0700 +@@ -156,12 +156,13 @@ pkcs11_rsa_private_encrypt(int flen, con static int wrap_key(RSA *rsa) { @@ -992,8 +989,8 @@ diff -aurp old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c } diff -aurp old/ssh-pkcs11.c new/ssh-pkcs11.c ---- old/ssh-pkcs11.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/ssh-pkcs11.c 2018-03-23 10:05:03.892621777 -1000 +--- old/ssh-pkcs11.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/ssh-pkcs11.c 2018-08-23 21:31:53.334592801 -0700 @@ -67,7 +67,7 @@ struct pkcs11_key { struct pkcs11_provider *provider; CK_ULONG slotidx; @@ -1083,9 +1080,9 @@ diff -aurp old/ssh-pkcs11.c new/ssh-pkcs11.c free(attribs[i].pValue); } diff -aurp old/ssh-rsa.c new/ssh-rsa.c ---- old/ssh-rsa.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/ssh-rsa.c 2018-03-23 10:05:03.892621777 -1000 -@@ -84,7 +84,6 @@ ssh_rsa_generate_additional_parameters(s +--- old/ssh-rsa.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/ssh-rsa.c 2018-08-23 21:31:53.334592801 -0700 +@@ -108,7 +108,6 @@ ssh_rsa_generate_additional_parameters(s { BIGNUM *aux = NULL; BN_CTX *ctx = NULL; @@ -1093,7 +1090,7 @@ diff -aurp old/ssh-rsa.c new/ssh-rsa.c int r; if (key == NULL || key->rsa == NULL || -@@ -99,16 +98,27 @@ ssh_rsa_generate_additional_parameters(s +@@ -123,16 +122,27 @@ ssh_rsa_generate_additional_parameters(s } BN_set_flags(aux, BN_FLG_CONSTTIME); @@ -1128,7 +1125,7 @@ diff -aurp old/ssh-rsa.c new/ssh-rsa.c r = 0; out: BN_clear_free(aux); -@@ -139,7 +149,7 @@ ssh_rsa_sign(const struct sshkey *key, u +@@ -163,7 +173,7 @@ ssh_rsa_sign(const struct sshkey *key, u if (key == NULL || key->rsa == NULL || hash_alg == -1 || sshkey_type_plain(key->type) != KEY_RSA) return SSH_ERR_INVALID_ARGUMENT; @@ -1137,7 +1134,7 @@ diff -aurp old/ssh-rsa.c new/ssh-rsa.c return SSH_ERR_KEY_LENGTH; slen = RSA_size(key->rsa); if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) -@@ -211,7 +221,7 @@ ssh_rsa_verify(const struct sshkey *key, +@@ -235,7 +245,7 @@ ssh_rsa_verify(const struct sshkey *key, sshkey_type_plain(key->type) != KEY_RSA || sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; @@ -1147,9 +1144,9 @@ diff -aurp old/ssh-rsa.c new/ssh-rsa.c if ((b = sshbuf_from(sig, siglen)) == NULL) diff -aurp old/sshkey.c new/sshkey.c ---- old/sshkey.c 2018-03-22 16:21:14.000000000 -1000 -+++ new/sshkey.c 2018-03-23 10:05:03.893621860 -1000 -@@ -274,10 +274,18 @@ sshkey_size(const struct sshkey *k) +--- old/sshkey.c 2018-08-22 22:41:42.000000000 -0700 ++++ new/sshkey.c 2018-08-23 21:31:53.334592801 -0700 +@@ -292,10 +292,18 @@ sshkey_size(const struct sshkey *k) #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: @@ -1169,7 +1166,7 @@ diff -aurp old/sshkey.c new/sshkey.c case KEY_ECDSA: case KEY_ECDSA_CERT: return sshkey_curve_nid_to_bits(k->ecdsa_nid); -@@ -482,26 +490,53 @@ sshkey_new(int type) +@@ -500,26 +508,53 @@ sshkey_new(int type) #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: @@ -1229,7 +1226,7 @@ diff -aurp old/sshkey.c new/sshkey.c k->dsa = dsa; break; case KEY_ECDSA: -@@ -539,6 +574,51 @@ sshkey_add_private(struct sshkey *k) +@@ -557,6 +592,51 @@ sshkey_add_private(struct sshkey *k) #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: @@ -1281,7 +1278,7 @@ diff -aurp old/sshkey.c new/sshkey.c #define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) if (bn_maybe_alloc_failed(k->rsa->d) || bn_maybe_alloc_failed(k->rsa->iqmp) || -@@ -547,13 +627,28 @@ sshkey_add_private(struct sshkey *k) +@@ -565,13 +645,28 @@ sshkey_add_private(struct sshkey *k) bn_maybe_alloc_failed(k->rsa->dmq1) || bn_maybe_alloc_failed(k->rsa->dmp1)) return SSH_ERR_ALLOC_FAIL; @@ -1310,7 +1307,7 @@ diff -aurp old/sshkey.c new/sshkey.c case KEY_ECDSA: case KEY_ECDSA_CERT: /* Cannot do anything until we know the group */ -@@ -677,16 +772,34 @@ sshkey_equal_public(const struct sshkey +@@ -695,16 +790,34 @@ sshkey_equal_public(const struct sshkey #ifdef WITH_OPENSSL case KEY_RSA_CERT: case KEY_RSA: @@ -1353,7 +1350,7 @@ diff -aurp old/sshkey.c new/sshkey.c # ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: -@@ -775,12 +888,17 @@ to_blob_buf(const struct sshkey *key, st +@@ -793,12 +906,17 @@ to_blob_buf(const struct sshkey *key, st case KEY_DSA: if (key->dsa == NULL) return SSH_ERR_INVALID_ARGUMENT; @@ -1375,7 +1372,7 @@ diff -aurp old/sshkey.c new/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -796,10 +914,14 @@ to_blob_buf(const struct sshkey *key, st +@@ -814,10 +932,14 @@ to_blob_buf(const struct sshkey *key, st case KEY_RSA: if (key->rsa == NULL) return SSH_ERR_INVALID_ARGUMENT; @@ -1392,7 +1389,7 @@ diff -aurp old/sshkey.c new/sshkey.c break; #endif /* WITH_OPENSSL */ case KEY_ED25519: -@@ -1740,13 +1862,32 @@ sshkey_from_private(const struct sshkey +@@ -1758,13 +1880,32 @@ sshkey_from_private(const struct sshkey case KEY_DSA_CERT: if ((n = sshkey_new(k->type)) == NULL) return SSH_ERR_ALLOC_FAIL; @@ -1429,7 +1426,7 @@ diff -aurp old/sshkey.c new/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -1770,11 +1911,23 @@ sshkey_from_private(const struct sshkey +@@ -1788,11 +1929,23 @@ sshkey_from_private(const struct sshkey case KEY_RSA_CERT: if ((n = sshkey_new(k->type)) == NULL) return SSH_ERR_ALLOC_FAIL; @@ -1455,7 +1452,7 @@ diff -aurp old/sshkey.c new/sshkey.c break; #endif /* WITH_OPENSSL */ case KEY_ED25519: -@@ -1995,12 +2148,27 @@ sshkey_from_blob_internal(struct sshbuf +@@ -2013,12 +2166,27 @@ sshkey_from_blob_internal(struct sshbuf ret = SSH_ERR_ALLOC_FAIL; goto out; } @@ -1486,7 +1483,7 @@ diff -aurp old/sshkey.c new/sshkey.c ret = SSH_ERR_KEY_LENGTH; goto out; } -@@ -2020,13 +2188,36 @@ sshkey_from_blob_internal(struct sshbuf +@@ -2038,13 +2206,36 @@ sshkey_from_blob_internal(struct sshbuf ret = SSH_ERR_ALLOC_FAIL; goto out; } @@ -1527,7 +1524,7 @@ diff -aurp old/sshkey.c new/sshkey.c #ifdef DEBUG_PK DSA_print_fp(stderr, key->dsa, 8); #endif -@@ -2327,26 +2518,63 @@ sshkey_demote(const struct sshkey *k, st +@@ -2389,26 +2580,63 @@ sshkey_demote(const struct sshkey *k, st goto fail; /* FALLTHROUGH */ case KEY_RSA: @@ -1599,7 +1596,7 @@ diff -aurp old/sshkey.c new/sshkey.c break; case KEY_ECDSA_CERT: if ((ret = sshkey_cert_copy(k, pk)) != 0) -@@ -2496,11 +2724,17 @@ sshkey_certify_custom(struct sshkey *k, +@@ -2558,11 +2786,17 @@ sshkey_certify_custom(struct sshkey *k, switch (k->type) { #ifdef WITH_OPENSSL case KEY_DSA_CERT: @@ -1621,7 +1618,7 @@ diff -aurp old/sshkey.c new/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: -@@ -2513,9 +2747,15 @@ sshkey_certify_custom(struct sshkey *k, +@@ -2575,9 +2809,15 @@ sshkey_certify_custom(struct sshkey *k, break; # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: @@ -1639,7 +1636,7 @@ diff -aurp old/sshkey.c new/sshkey.c break; #endif /* WITH_OPENSSL */ case KEY_ED25519_CERT: -@@ -2702,42 +2942,67 @@ sshkey_private_serialize_opt(const struc +@@ -2764,42 +3004,67 @@ sshkey_private_serialize_opt(const struc switch (key->type) { #ifdef WITH_OPENSSL case KEY_RSA: @@ -1723,7 +1720,7 @@ diff -aurp old/sshkey.c new/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -2851,18 +3116,61 @@ sshkey_private_deserialize(struct sshbuf +@@ -2913,18 +3178,61 @@ sshkey_private_deserialize(struct sshbuf r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -1792,7 +1789,7 @@ diff -aurp old/sshkey.c new/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -2921,29 +3229,104 @@ sshkey_private_deserialize(struct sshbuf +@@ -2983,29 +3291,104 @@ sshkey_private_deserialize(struct sshbuf r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -1911,7 +1908,7 @@ diff -aurp old/sshkey.c new/sshkey.c r = SSH_ERR_KEY_LENGTH; goto out; } -@@ -3707,7 +4090,6 @@ translate_libcrypto_error(unsigned long +@@ -3769,7 +4152,6 @@ translate_libcrypto_error(unsigned long switch (pem_reason) { case EVP_R_BAD_DECRYPT: return SSH_ERR_KEY_WRONG_PASSPHRASE; @@ -1919,7 +1916,7 @@ diff -aurp old/sshkey.c new/sshkey.c case EVP_R_DECODE_ERROR: #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR case EVP_R_PRIVATE_KEY_DECODE_ERROR: -@@ -3772,7 +4154,7 @@ sshkey_parse_private_pem_fileblob(struct +@@ -3834,7 +4216,7 @@ sshkey_parse_private_pem_fileblob(struct r = convert_libcrypto_error(); goto out; } @@ -1928,7 +1925,7 @@ diff -aurp old/sshkey.c new/sshkey.c (type == KEY_UNSPEC || type == KEY_RSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; -@@ -3787,11 +4169,11 @@ sshkey_parse_private_pem_fileblob(struct +@@ -3849,11 +4231,11 @@ sshkey_parse_private_pem_fileblob(struct r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -1942,7 +1939,7 @@ diff -aurp old/sshkey.c new/sshkey.c (type == KEY_UNSPEC || type == KEY_DSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; -@@ -3803,7 +4185,7 @@ sshkey_parse_private_pem_fileblob(struct +@@ -3865,7 +4247,7 @@ sshkey_parse_private_pem_fileblob(struct DSA_print_fp(stderr, prv->dsa, 8); #endif #ifdef OPENSSL_HAS_ECC @@ -1951,3 +1948,4 @@ diff -aurp old/sshkey.c new/sshkey.c (type == KEY_UNSPEC || type == KEY_ECDSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; + diff --git a/source/n/samba/samba.url b/source/n/samba/samba.url index 86b7a373d..4874e29a5 100644 --- a/source/n/samba/samba.url +++ b/source/n/samba/samba.url @@ -1,2 +1,2 @@ -https://download.samba.org/pub/samba/stable/samba-4.8.4.tar.gz -https://download.samba.org/pub/samba/stable/samba-4.8.4.tar.asc +https://download.samba.org/pub/samba/stable/samba-4.8.5.tar.gz +https://download.samba.org/pub/samba/stable/samba-4.8.5.tar.asc diff --git a/source/x/x11/build/xauth b/source/x/x11/build/xauth index 0cfbf0888..00750edc0 100644 --- a/source/x/x11/build/xauth +++ b/source/x/x11/build/xauth @@ -1 +1 @@ -2 +3 diff --git a/source/x/x11/patch/xauth.patch b/source/x/x11/patch/xauth.patch new file mode 100644 index 000000000..4348e2ab0 --- /dev/null +++ b/source/x/x11/patch/xauth.patch @@ -0,0 +1,3 @@ +# Fix a bug where changing the hostname causes access to X to be lost: +zcat $CWD/patch/xauth/xauth.bc78aa61cfbddaa27dee275f639ba40de6981b17.patch.gz \ + | patch -p2 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; } diff --git a/source/x/x11/patch/xauth/xauth.bc78aa61cfbddaa27dee275f639ba40de6981b17.patch b/source/x/x11/patch/xauth/xauth.bc78aa61cfbddaa27dee275f639ba40de6981b17.patch new file mode 100644 index 000000000..96fe5d0c3 --- /dev/null +++ b/source/x/x11/patch/xauth/xauth.bc78aa61cfbddaa27dee275f639ba40de6981b17.patch @@ -0,0 +1,44 @@ +From bc78aa61cfbddaa27dee275f639ba40de6981b17 Mon Sep 17 00:00:00 2001 +From: George V. Kouryachy (Fr. Br. George) +Date: Fri, 4 Aug 2017 18:37:33 +0300 +Subject: [PATCH] parse_displayname: use FamilyWild for *:0 + +--- + xauth/gethost.c | 4 ++++ + xauth/parsedpy.c | 4 ++++ + 2 files changed, 8 insertions(+), 0 deletions(-) + +diff --git a/xauth/gethost.c b/xauth/gethost.c +index 8cb58c5..598ac48 100644 +--- a/xauth/gethost.c ++++ b/xauth/gethost.c +@@ -180,6 +180,10 @@ struct addrlist *get_address_info ( + * information to be copied and set len to the number of bytes. + */ + switch (family) { ++ case FamilyWild: /* was :0 */ ++ src = "\xff\xff"; ++ len = strlen(src); ++ break; + case FamilyLocal: /* hostname/unix:0 */ + /* handle unix:0 and :0 specially */ + if (prefix == 0 && (strncmp (fulldpyname, "unix:", 5) == 0 || +diff --git a/xauth/parsedpy.c b/xauth/parsedpy.c +index 97988d3..6c98339 100644 +--- a/xauth/parsedpy.c ++++ b/xauth/parsedpy.c +@@ -141,6 +141,10 @@ parse_displayname (const char *displayname, + family = FamilyInternet; + } + #endif ++ } else if (len == 1 && *displayname == '*') { ++ /* ALT: wildcard cookie */ ++ host = copystring("*", 1); ++ family = FamilyWild; + } else if (!dnet && (*displayname == '[') && (*(ptr - 1) == ']')) { + /* Allow RFC2732-like []:display syntax */ + family = FamilyInternet6; +-- +1.7.3.3 + + -- cgit v1.2.3-79-gdb01