summaryrefslogtreecommitdiffstats
path: root/source
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2018-08-27 20:27:22 +0000
committer Eric Hameleers <alien@slackware.com>2018-08-28 09:00:35 +0200
commitb70192b9212452c9cca2049c9e718ea7d88dd765 (patch)
tree9144e8186e09d92f269b5bb49a5579e297857730 /source
parent0cb1f4c725ab13afe5aa3c1f488d665e4db1a304 (diff)
downloadcurrent-b70192b9212452c9cca2049c9e718ea7d88dd765.tar.gz
current-b70192b9212452c9cca2049c9e718ea7d88dd765.tar.xz
Mon Aug 27 20:27:22 UTC 201820180827202722
a/kernel-firmware-20180825_fea76a0-noarch-1.txz: Upgraded. ap/vim-8.1.0328-x86_64-1.txz: Upgraded. d/meson-0.47.2-x86_64-1.txz: Upgraded. d/python-setuptools-40.2.0-x86_64-1.txz: Upgraded. l/python-certifi-2018.8.24-x86_64-1.txz: Upgraded. l/python-idna-2.7-x86_64-1.txz: Upgraded. l/python-packaging-17.1-x86_64-1.txz: Upgraded. l/python-pillow-5.2.0-x86_64-1.txz: Upgraded. l/python-requests-2.19.1-x86_64-1.txz: Upgraded. l/python-urllib3-1.23-x86_64-1.txz: Upgraded. l/talloc-2.1.14-x86_64-1.txz: Upgraded. l/tdb-1.3.16-x86_64-1.txz: Upgraded. l/tevent-0.9.37-x86_64-1.txz: Upgraded. n/ethtool-4.18-x86_64-1.txz: Upgraded. n/openssh-7.8p1-x86_64-1.txz: Upgraded. n/samba-4.8.5-x86_64-1.txz: Upgraded. x/xauth-1.0.10-x86_64-3.txz: Rebuilt. Patched to fix a bug where changing the hostname caused X access to be lost. Thanks to TurboBlaze. xap/vim-gvim-8.1.0328-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source')
-rw-r--r--source/d/meson/meson.url2
-rw-r--r--source/l/db44/slack-desc2
-rw-r--r--source/l/db48/slack-desc2
-rwxr-xr-xsource/l/python-certifi/python-certifi.SlackBuild6
-rwxr-xr-xsource/l/python-idna/python-idna.SlackBuild6
-rwxr-xr-xsource/l/python-packaging/python-packaging.SlackBuild6
-rw-r--r--source/l/python-packaging/slack-desc2
-rwxr-xr-xsource/l/python-pillow/python-pillow.SlackBuild6
-rwxr-xr-xsource/l/python-requests/python-requests.SlackBuild6
-rw-r--r--source/l/python-requests/python-requests.url1
-rwxr-xr-xsource/l/python-urllib3/python-urllib3.SlackBuild6
-rw-r--r--source/l/python-urllib3/urllib3.url1
-rwxr-xr-xsource/l/tdb/tdb.SlackBuild6
-rwxr-xr-xsource/l/tevent/tevent.SlackBuild2
-rw-r--r--source/n/gnupg2/slack-desc2
-rw-r--r--source/n/mutt/slack-desc2
-rwxr-xr-xsource/n/openssh/openssh.SlackBuild5
-rw-r--r--source/n/openssh/openssh.fix_tunnel_forwarding.diff36
-rw-r--r--source/n/openssh/openssh.tcp_wrappers.diff69
-rw-r--r--source/n/openssh/openssl-1.1.0.patch204
-rw-r--r--source/n/samba/samba.url4
-rw-r--r--source/x/x11/build/xauth2
-rw-r--r--source/x/x11/patch/xauth.patch3
-rw-r--r--source/x/x11/patch/xauth/xauth.bc78aa61cfbddaa27dee275f639ba40de6981b17.patch44
24 files changed, 215 insertions, 210 deletions
diff --git a/source/d/meson/meson.url b/source/d/meson/meson.url
index 4724ac1ca..3413f6591 100644
--- a/source/d/meson/meson.url
+++ b/source/d/meson/meson.url
@@ -1 +1 @@
-https://github.com/mesonbuild/meson/releases/download/0.47.0/meson-0.47.0.tar.gz
+https://github.com/mesonbuild/meson/releases/download/0.47.2/meson-0.47.2.tar.gz
diff --git a/source/l/db44/slack-desc b/source/l/db44/slack-desc
index dfc00b22e..84d13a3b8 100644
--- a/source/l/db44/slack-desc
+++ b/source/l/db44/slack-desc
@@ -6,7 +6,7 @@
# leave one space after the ':'.
|-----handy-ruler------------------------------------------------------|
-db44: db4 (Berkeley database library version 4.4.x)
+db44: db44 (Berkeley database library version 4.4.x)
db44:
db44: The Berkeley Database (Berkeley DB) library provides embedded database
db44: support for both traditional and client/server applications.
diff --git a/source/l/db48/slack-desc b/source/l/db48/slack-desc
index 285251303..5b4663ffc 100644
--- a/source/l/db48/slack-desc
+++ b/source/l/db48/slack-desc
@@ -6,7 +6,7 @@
# leave one space after the ':'.
|-----handy-ruler------------------------------------------------------|
-db48: db4 (Berkeley database library version 4.8.x)
+db48: db48 (Berkeley database library version 4.8.x)
db48:
db48: The Berkeley Database (Berkeley DB) library provides embedded database
db48: support for both traditional and client/server applications.
diff --git a/source/l/python-certifi/python-certifi.SlackBuild b/source/l/python-certifi/python-certifi.SlackBuild
index 56e0ba60e..29bf65f7d 100755
--- a/source/l/python-certifi/python-certifi.SlackBuild
+++ b/source/l/python-certifi/python-certifi.SlackBuild
@@ -24,8 +24,8 @@
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=python-certifi
-VERSION=${VERSION:-$(echo certifi-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+VERSION=${VERSION:-$(echo certifi-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
SRCNAM=certifi
@@ -52,7 +52,7 @@ rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP
rm -rf $SRCNAM-$VERSION
-tar xvf $CWD/$SRCNAM-$VERSION.tar.?z* || exit 1
+tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1
cd $SRCNAM-$VERSION || exit 1
chown -R root:root .
find -L . \
diff --git a/source/l/python-idna/python-idna.SlackBuild b/source/l/python-idna/python-idna.SlackBuild
index 1ffd644e8..aca267aa4 100755
--- a/source/l/python-idna/python-idna.SlackBuild
+++ b/source/l/python-idna/python-idna.SlackBuild
@@ -24,8 +24,8 @@
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=python-idna
-VERSION=${VERSION:-$(echo idna-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+VERSION=${VERSION:-$(echo idna-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
SRCNAM=idna
@@ -52,7 +52,7 @@ rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP
rm -rf $SRCNAM-$VERSION
-tar xvf $CWD/$SRCNAM-$VERSION.tar.?z* || exit 1
+tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1
cd $SRCNAM-$VERSION || exit 1
chown -R root:root .
find -L . \
diff --git a/source/l/python-packaging/python-packaging.SlackBuild b/source/l/python-packaging/python-packaging.SlackBuild
index 3e1a64bb7..3c731d448 100755
--- a/source/l/python-packaging/python-packaging.SlackBuild
+++ b/source/l/python-packaging/python-packaging.SlackBuild
@@ -24,8 +24,8 @@
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=python-packaging
-VERSION=${VERSION:-$(echo packaging-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+VERSION=${VERSION:-$(echo packaging-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
SRCNAM=packaging
@@ -52,7 +52,7 @@ rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP
rm -rf $SRCNAM-$VERSION
-tar xvf $CWD/$SRCNAM-$VERSION.tar.?z* || exit 1
+tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1
cd $SRCNAM-$VERSION || exit 1
chown -R root:root .
find -L . \
diff --git a/source/l/python-packaging/slack-desc b/source/l/python-packaging/slack-desc
index c117eeac1..b67c7c688 100644
--- a/source/l/python-packaging/slack-desc
+++ b/source/l/python-packaging/slack-desc
@@ -10,7 +10,7 @@ python-packaging: python-packaging (Core utilities for Python packages)
python-packaging:
python-packaging: Core utilities for Python packages
python-packaging:
-python-packaging: Homepage: https://github.com/pypa/packaging
+python-packaging: Homepage: https://pypi.org/project/packaging/
python-packaging:
python-packaging:
python-packaging:
diff --git a/source/l/python-pillow/python-pillow.SlackBuild b/source/l/python-pillow/python-pillow.SlackBuild
index dbd8ae1d0..76e5743b8 100755
--- a/source/l/python-pillow/python-pillow.SlackBuild
+++ b/source/l/python-pillow/python-pillow.SlackBuild
@@ -24,8 +24,8 @@
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=python-pillow
-VERSION=${VERSION:-$(echo Pillow-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+VERSION=${VERSION:-$(echo Pillow-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -70,7 +70,7 @@ mkdir -p $TMP $PKG
cd $TMP
rm -rf Pillow-$VERSION
-tar xvf $CWD/Pillow-$VERSION.tar.*z* || exit 1
+tar xvf $CWD/Pillow-$VERSION.tar.?z || exit 1
cd Pillow-$VERSION
chown -R root:root .
find . \
diff --git a/source/l/python-requests/python-requests.SlackBuild b/source/l/python-requests/python-requests.SlackBuild
index 8ba8cc20b..525c22f76 100755
--- a/source/l/python-requests/python-requests.SlackBuild
+++ b/source/l/python-requests/python-requests.SlackBuild
@@ -24,8 +24,8 @@
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=python-requests
-VERSION=${VERSION:-$(echo requests-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+VERSION=${VERSION:-$(echo requests-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
SRCNAM=requests
@@ -52,7 +52,7 @@ rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP
rm -rf $SRCNAM-$VERSION
-tar xvf $CWD/$SRCNAM-$VERSION.tar.?z* || exit 1
+tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1
cd $SRCNAM-$VERSION || exit 1
chown -R root:root .
find -L . \
diff --git a/source/l/python-requests/python-requests.url b/source/l/python-requests/python-requests.url
new file mode 100644
index 000000000..685bbd5d5
--- /dev/null
+++ b/source/l/python-requests/python-requests.url
@@ -0,0 +1 @@
+https://github.com/requests/requests
diff --git a/source/l/python-urllib3/python-urllib3.SlackBuild b/source/l/python-urllib3/python-urllib3.SlackBuild
index c42396e59..42fbc26b1 100755
--- a/source/l/python-urllib3/python-urllib3.SlackBuild
+++ b/source/l/python-urllib3/python-urllib3.SlackBuild
@@ -24,8 +24,8 @@
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=python-urllib3
-VERSION=${VERSION:-$(echo urllib3-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+VERSION=${VERSION:-$(echo urllib3-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
SRCNAM=urllib3
@@ -52,7 +52,7 @@ rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP
rm -rf $SRCNAM-$VERSION
-tar xvf $CWD/$SRCNAM-$VERSION.tar.?z* || exit 1
+tar xvf $CWD/$SRCNAM-$VERSION.tar.?z || exit 1
cd $SRCNAM-$VERSION || exit 1
chown -R root:root .
find -L . \
diff --git a/source/l/python-urllib3/urllib3.url b/source/l/python-urllib3/urllib3.url
new file mode 100644
index 000000000..ad87d82bf
--- /dev/null
+++ b/source/l/python-urllib3/urllib3.url
@@ -0,0 +1 @@
+https://github.com/shazow/urllib3
diff --git a/source/l/tdb/tdb.SlackBuild b/source/l/tdb/tdb.SlackBuild
index a6866b2f8..f60cd4cbe 100755
--- a/source/l/tdb/tdb.SlackBuild
+++ b/source/l/tdb/tdb.SlackBuild
@@ -23,8 +23,8 @@
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=tdb
-VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -75,7 +75,7 @@ mkdir -p $TMP $PKG
cd $TMP
rm -rf $PKGNAM-$VERSION
-tar xvf $CWD/$PKGNAM-$VERSION.tar.xz || exit 1
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
cd $PKGNAM-$VERSION || exit 1
chown -R root:root .
diff --git a/source/l/tevent/tevent.SlackBuild b/source/l/tevent/tevent.SlackBuild
index cfeee1194..c79a9741a 100755
--- a/source/l/tevent/tevent.SlackBuild
+++ b/source/l/tevent/tevent.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=tevent
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-1}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
diff --git a/source/n/gnupg2/slack-desc b/source/n/gnupg2/slack-desc
index 77f4bd04d..98aada3e2 100644
--- a/source/n/gnupg2/slack-desc
+++ b/source/n/gnupg2/slack-desc
@@ -6,7 +6,7 @@
# customary to leave one space after the ':'.
|-----handy-ruler------------------------------------------------------|
-gnupg2: GnuPG2 (The GNU Privacy Guard version 2.x)
+gnupg2: gnupg2 (The GNU Privacy Guard version 2.x)
gnupg2:
gnupg2: GnuPG is GNU's tool for secure communication and data storage. It can
gnupg2: be used to encrypt data and to create digital signatures. It includes
diff --git a/source/n/mutt/slack-desc b/source/n/mutt/slack-desc
index 96a5880cb..f5e337840 100644
--- a/source/n/mutt/slack-desc
+++ b/source/n/mutt/slack-desc
@@ -6,7 +6,7 @@
# leave one space after the ':'.
|-----handy-ruler------------------------------------------------------|
-mutt: Mutt (the Mutt mail user agent)
+mutt: mutt (the Mutt mail user agent)
mutt:
mutt: Mutt is a small but very powerful text-based MIME mail client. Mutt
mutt: is highly configurable, and is well suited to the mail power user with
diff --git a/source/n/openssh/openssh.SlackBuild b/source/n/openssh/openssh.SlackBuild
index 2620da6c8..b1a741036 100755
--- a/source/n/openssh/openssh.SlackBuild
+++ b/source/n/openssh/openssh.SlackBuild
@@ -30,7 +30,7 @@ PKG=$TMP/package-openssh
PKGNAM=openssh
VERSION=${VERSION:-$(echo openssh-*.tar.gz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-5}
+BUILD=${BUILD:-1}
NUMJOBS=${NUMJOBS:--j6}
@@ -86,9 +86,6 @@ zcat $CWD/openssh.no.openssl.version.check.diff.gz | patch -p1 --verbose || exit
# Restore support for tcpwrappers:
zcat $CWD/openssh.tcp_wrappers.diff.gz | patch -p1 --verbose || exit 1
-# Fix tunnel forwarding with -w option:
-zcat $CWD/openssh.fix_tunnel_forwarding.diff.gz | patch -p1 --verbose || exit 1
-
autoreconf -vif
# Compile package:
diff --git a/source/n/openssh/openssh.fix_tunnel_forwarding.diff b/source/n/openssh/openssh.fix_tunnel_forwarding.diff
deleted file mode 100644
index a99a812fd..000000000
--- a/source/n/openssh/openssh.fix_tunnel_forwarding.diff
+++ /dev/null
@@ -1,36 +0,0 @@
-From cfb1d9bc76734681e3dea532a1504fcd466fbe91 Mon Sep 17 00:00:00 2001
-From: Damien Miller <djm@mindrot.org>
-Date: Fri, 13 Apr 2018 13:38:06 +1000
-Subject: Fix tunnel forwarding broken in 7.7p1
-
-bz2855, ok dtucker@
----
- openbsd-compat/port-net.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c
-index 7050629..bb53562 100644
---- a/openbsd-compat/port-net.c
-+++ b/openbsd-compat/port-net.c
-@@ -185,7 +185,7 @@ sys_tun_open(int tun, int mode, char **ifname)
- else
- debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd);
-
-- if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
-+ if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL)
- goto failed;
-
- return (fd);
-@@ -272,7 +272,7 @@ sys_tun_open(int tun, int mode, char **ifname)
- goto failed;
- }
-
-- if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
-+ if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL)
- goto failed;
-
- close(sock);
---
-cgit v1.1
-
-
diff --git a/source/n/openssh/openssh.tcp_wrappers.diff b/source/n/openssh/openssh.tcp_wrappers.diff
index b0a1c4ce7..24a259c78 100644
--- a/source/n/openssh/openssh.tcp_wrappers.diff
+++ b/source/n/openssh/openssh.tcp_wrappers.diff
@@ -1,9 +1,8 @@
-diff -uprN openssh-7.7p1.orig/configure.ac openssh-7.7p1/configure.ac
---- openssh-7.7p1.orig/configure.ac 2018-04-02 14:38:28.000000000 +0900
-+++ openssh-7.7p1/configure.ac 2018-04-04 17:46:13.798168547 +0900
-@@ -1542,6 +1542,62 @@ AC_ARG_WITH([skey],
- ]
- )
+--- ./configure.ac.orig 2018-08-23 00:41:42.000000000 -0500
++++ ./configure.ac 2018-08-25 19:14:10.706002529 -0500
+@@ -1502,6 +1502,62 @@
+ AC_MSG_RESULT([no])
+ fi
+# Check whether user wants TCP wrappers support
+TCPW_MSG="no"
@@ -64,41 +63,16 @@ diff -uprN openssh-7.7p1.orig/configure.ac openssh-7.7p1/configure.ac
# Check whether user wants to use ldns
LDNS_MSG="no"
AC_ARG_WITH(ldns,
-@@ -5216,6 +5272,7 @@ echo " OSF SIA support
+@@ -5177,6 +5233,7 @@
+ echo " OSF SIA support: $SIA_MSG"
echo " KerberosV support: $KRB5_MSG"
echo " SELinux support: $SELINUX_MSG"
- echo " S/KEY support: $SKEY_MSG"
+echo " TCP Wrappers support: $TCPW_MSG"
echo " MD5 password support: $MD5_MSG"
echo " libedit support: $LIBEDIT_MSG"
echo " libldns support: $LDNS_MSG"
-diff -uprN openssh-7.7p1.orig/sshd.8 openssh-7.7p1/sshd.8
---- openssh-7.7p1.orig/sshd.8 2018-04-02 14:38:28.000000000 +0900
-+++ openssh-7.7p1/sshd.8 2018-04-04 17:46:13.799168500 +0900
-@@ -845,6 +845,12 @@ the user's home directory becomes access
- This file should be writable only by the user, and need not be
- readable by anyone else.
- .Pp
-+.It Pa /etc/hosts.allow
-+.It Pa /etc/hosts.deny
-+Access controls that should be enforced by tcp-wrappers are defined here.
-+Further details are described in
-+.Xr hosts_access 5 .
-+.Pp
- .It Pa /etc/hosts.equiv
- This file is for host-based authentication (see
- .Xr ssh 1 ) .
-@@ -947,6 +953,7 @@ The content of this file is not sensitiv
- .Xr ssh-keygen 1 ,
- .Xr ssh-keyscan 1 ,
- .Xr chroot 2 ,
-+.Xr hosts_access 5 ,
- .Xr login.conf 5 ,
- .Xr moduli 5 ,
- .Xr sshd_config 5 ,
-diff -uprN openssh-7.7p1.orig/sshd.c openssh-7.7p1/sshd.c
---- openssh-7.7p1.orig/sshd.c 2018-04-02 14:38:28.000000000 +0900
-+++ openssh-7.7p1/sshd.c 2018-04-04 18:24:08.499515628 +0900
+--- ./sshd.c.orig 2018-08-23 00:41:42.000000000 -0500
++++ ./sshd.c 2018-08-25 19:12:52.901002527 -0500
@@ -122,6 +122,12 @@
#include "auth-options.h"
#include "version.h"
@@ -112,7 +86,7 @@ diff -uprN openssh-7.7p1.orig/sshd.c openssh-7.7p1/sshd.c
/* Re-exec fds */
#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
-@@ -2005,6 +2011,26 @@ main(int ac, char **av)
+@@ -2063,6 +2069,26 @@
packet_set_server();
ssh = active_state; /* XXX */
@@ -139,3 +113,26 @@ diff -uprN openssh-7.7p1.orig/sshd.c openssh-7.7p1/sshd.c
check_ip_options(ssh);
/* Prepare the channels layer */
+--- ./sshd.8.orig 2018-08-23 00:41:42.000000000 -0500
++++ ./sshd.8 2018-08-25 19:12:52.899002527 -0500
+@@ -873,6 +873,12 @@
+ This file should be writable only by the user, and need not be
+ readable by anyone else.
+ .Pp
++.It Pa /etc/hosts.allow
++.It Pa /etc/hosts.deny
++Access controls that should be enforced by tcp-wrappers are defined here.
++Further details are described in
++.Xr hosts_access 5 .
++.Pp
+ .It Pa /etc/hosts.equiv
+ This file is for host-based authentication (see
+ .Xr ssh 1 ) .
+@@ -975,6 +981,7 @@
+ .Xr ssh-keygen 1 ,
+ .Xr ssh-keyscan 1 ,
+ .Xr chroot 2 ,
++.Xr hosts_access 5 ,
+ .Xr login.conf 5 ,
+ .Xr moduli 5 ,
+ .Xr sshd_config 5 ,
diff --git a/source/n/openssh/openssl-1.1.0.patch b/source/n/openssh/openssl-1.1.0.patch
index 6d065d470..5d6d7780b 100644
--- a/source/n/openssh/openssl-1.1.0.patch
+++ b/source/n/openssh/openssl-1.1.0.patch
@@ -1,6 +1,6 @@
diff -aurp old/auth-pam.c new/auth-pam.c
---- old/auth-pam.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/auth-pam.c 2018-03-23 10:05:03.886621278 -1000
+--- old/auth-pam.c 2018-08-22 22:41:42.000000000 -0700
++++ new/auth-pam.c 2018-08-23 21:31:53.324592767 -0700
@@ -128,6 +128,10 @@ extern u_int utmp_len;
typedef pthread_t sp_pthread_t;
#else
@@ -13,9 +13,9 @@ diff -aurp old/auth-pam.c new/auth-pam.c
struct pam_ctxt {
diff -aurp old/cipher.c new/cipher.c
---- old/cipher.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/cipher.c 2018-03-23 10:05:03.886621278 -1000
-@@ -297,7 +297,10 @@ cipher_init(struct sshcipher_ctx **ccp,
+--- old/cipher.c 2018-08-22 22:41:42.000000000 -0700
++++ new/cipher.c 2018-08-23 21:31:53.327926112 -0700
+@@ -299,7 +299,10 @@ cipher_init(struct sshcipher_ctx **ccp,
goto out;
}
}
@@ -27,7 +27,7 @@ diff -aurp old/cipher.c new/cipher.c
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
-@@ -483,7 +486,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c
+@@ -485,7 +488,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c
len, iv))
return SSH_ERR_LIBCRYPTO_ERROR;
} else
@@ -36,7 +36,7 @@ diff -aurp old/cipher.c new/cipher.c
#endif
return 0;
}
-@@ -517,14 +520,19 @@ cipher_set_keyiv(struct sshcipher_ctx *c
+@@ -519,14 +522,19 @@ cipher_set_keyiv(struct sshcipher_ctx *c
EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
return SSH_ERR_LIBCRYPTO_ERROR;
} else
@@ -60,8 +60,8 @@ diff -aurp old/cipher.c new/cipher.c
int
diff -aurp old/cipher.h new/cipher.h
---- old/cipher.h 2018-03-22 16:21:14.000000000 -1000
-+++ new/cipher.h 2018-03-23 10:05:03.886621278 -1000
+--- old/cipher.h 2018-08-22 22:41:42.000000000 -0700
++++ new/cipher.h 2018-08-23 21:31:53.327926112 -0700
@@ -46,7 +46,18 @@
#define CIPHER_DECRYPT 0
@@ -82,9 +82,9 @@ diff -aurp old/cipher.h new/cipher.h
const struct sshcipher *cipher_by_name(const char *);
const char *cipher_warning_message(const struct sshcipher_ctx *);
diff -aurp old/configure new/configure
---- old/configure 2018-03-23 03:30:17.000000000 -1000
-+++ new/configure 2018-03-23 10:05:03.888621444 -1000
-@@ -13076,7 +13076,6 @@ if ac_fn_c_try_run "$LINENO"; then :
+--- old/configure 2018-08-23 00:09:30.000000000 -0700
++++ new/configure 2018-08-23 21:31:53.331259457 -0700
+@@ -13032,7 +13032,6 @@ if ac_fn_c_try_run "$LINENO"; then :
100*) ;; # 1.0.x
200*) ;; # LibreSSL
*)
@@ -93,9 +93,9 @@ diff -aurp old/configure new/configure
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5
diff -aurp old/dh.c new/dh.c
---- old/dh.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/dh.c 2018-03-23 10:05:03.888621444 -1000
-@@ -211,14 +211,15 @@ choose_dh(int min, int wantbits, int max
+--- old/dh.c 2018-08-22 22:41:42.000000000 -0700
++++ new/dh.c 2018-08-23 21:39:18.863765579 -0700
+@@ -216,14 +216,15 @@ choose_dh(int min, int wantbits, int max
/* diffie-hellman-groupN-sha1 */
int
@@ -113,7 +113,7 @@ diff -aurp old/dh.c new/dh.c
logit("invalid public DH value: negative");
return 0;
}
-@@ -231,7 +232,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
+@@ -236,7 +237,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
error("%s: BN_new failed", __func__);
return 0;
}
@@ -123,7 +123,7 @@ diff -aurp old/dh.c new/dh.c
BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */
BN_clear_free(tmp);
logit("invalid public DH value: >= p-1");
-@@ -242,14 +244,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
+@@ -247,14 +249,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
for (i = 0; i <= n; i++)
if (BN_is_bit_set(dh_pub, i))
bits_set++;
@@ -140,7 +140,7 @@ diff -aurp old/dh.c new/dh.c
return 0;
}
return 1;
-@@ -259,9 +261,13 @@ int
+@@ -264,9 +266,13 @@ int
dh_gen_key(DH *dh, int need)
{
int pbits;
@@ -156,7 +156,7 @@ diff -aurp old/dh.c new/dh.c
need > INT_MAX / 2 || 2 * need > pbits)
return SSH_ERR_INVALID_ARGUMENT;
if (need < 256)
-@@ -270,10 +276,13 @@ dh_gen_key(DH *dh, int need)
+@@ -275,11 +281,13 @@ dh_gen_key(DH *dh, int need)
* Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
* so double requested need here.
*/
@@ -164,6 +164,7 @@ diff -aurp old/dh.c new/dh.c
- if (DH_generate_key(dh) == 0 ||
- !dh_pub_is_valid(dh, dh->pub_key)) {
- BN_clear_free(dh->priv_key);
+- dh->priv_key = NULL;
+ DH_set_length(dh, MIN(need * 2, pbits - 1));
+ if (DH_generate_key(dh) == 0) {
+ return SSH_ERR_LIBCRYPTO_ERROR;
@@ -174,7 +175,7 @@ diff -aurp old/dh.c new/dh.c
return SSH_ERR_LIBCRYPTO_ERROR;
}
return 0;
-@@ -282,16 +291,27 @@ dh_gen_key(DH *dh, int need)
+@@ -288,16 +296,27 @@ dh_gen_key(DH *dh, int need)
DH *
dh_new_group_asc(const char *gen, const char *modulus)
{
@@ -209,7 +210,7 @@ diff -aurp old/dh.c new/dh.c
}
/*
-@@ -306,8 +326,8 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulu
+@@ -312,8 +331,8 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulu
if ((dh = DH_new()) == NULL)
return NULL;
@@ -221,8 +222,8 @@ diff -aurp old/dh.c new/dh.c
return (dh);
}
diff -aurp old/dh.h new/dh.h
---- old/dh.h 2018-03-22 16:21:14.000000000 -1000
-+++ new/dh.h 2018-03-23 10:05:03.889621527 -1000
+--- old/dh.h 2018-08-22 22:41:42.000000000 -0700
++++ new/dh.h 2018-08-23 21:31:53.331259457 -0700
@@ -42,7 +42,7 @@ DH *dh_new_group18(void);
DH *dh_new_group_fallback(int);
@@ -233,8 +234,8 @@ diff -aurp old/dh.h new/dh.h
u_int dh_estimate(int);
diff -aurp old/digest-openssl.c new/digest-openssl.c
---- old/digest-openssl.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/digest-openssl.c 2018-03-23 10:05:03.889621527 -1000
+--- old/digest-openssl.c 2018-08-22 22:41:42.000000000 -0700
++++ new/digest-openssl.c 2018-08-23 21:31:53.331259457 -0700
@@ -43,7 +43,7 @@
struct ssh_digest_ctx {
@@ -307,8 +308,8 @@ diff -aurp old/digest-openssl.c new/digest-openssl.c
free(ctx);
}
diff -aurp old/kexdhc.c new/kexdhc.c
---- old/kexdhc.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/kexdhc.c 2018-03-23 10:05:03.889621527 -1000
+--- old/kexdhc.c 2018-08-22 22:41:42.000000000 -0700
++++ new/kexdhc.c 2018-08-23 21:31:53.331259457 -0700
@@ -81,11 +81,16 @@ kexdh_client(struct ssh *ssh)
goto out;
}
@@ -356,8 +357,8 @@ diff -aurp old/kexdhc.c new/kexdhc.c
if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
kex->hostkey_alg, ssh->compat)) != 0)
diff -aurp old/kexdhs.c new/kexdhs.c
---- old/kexdhs.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/kexdhs.c 2018-03-23 10:58:58.126733207 -1000
+--- old/kexdhs.c 2018-08-22 22:41:42.000000000 -0700
++++ new/kexdhs.c 2018-08-23 21:36:50.600564263 -0700
@@ -163,6 +163,9 @@ input_kex_dh_init(int type, u_int32_t se
goto out;
/* calc H */
@@ -383,10 +384,10 @@ diff -aurp old/kexdhs.c new/kexdhs.c
/* save session id := H */
if (kex->session_id == NULL) {
-@@ -195,12 +200,17 @@ input_kex_dh_init(int type, u_int32_t se
+@@ -195,12 +200,16 @@ input_kex_dh_init(int type, u_int32_t se
/* destroy_sensitive_data(); */
- /* send server hostkey, DH pubkey 'f' and singed H */
+ /* send server hostkey, DH pubkey 'f' and signed H */
+ {
+ const BIGNUM *pub_key;
+ DH_get0_key(kex->dh, &pub_key, NULL);
@@ -395,17 +396,15 @@ diff -aurp old/kexdhs.c new/kexdhs.c
- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */
+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */
(r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
-- (r = sshpkt_send(ssh)) != 0)
-+ (r = sshpkt_send(ssh)) != 0) {
+ (r = sshpkt_send(ssh)) != 0)
goto out;
+ }
-+ }
if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
r = kex_send_newkeys(ssh);
diff -aurp old/kexgexc.c new/kexgexc.c
---- old/kexgexc.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/kexgexc.c 2018-03-23 11:00:00.132866201 -1000
+--- old/kexgexc.c 2018-08-22 22:41:42.000000000 -0700
++++ new/kexgexc.c 2018-08-23 21:31:53.331259457 -0700
@@ -118,11 +118,17 @@ input_kex_dh_gex_group(int type, u_int32
p = g = NULL; /* belong to kex->dh now */
@@ -458,8 +457,8 @@ diff -aurp old/kexgexc.c new/kexgexc.c
if ((r = sshkey_verify(server_host_key, signature, slen, hash,
hashlen, kex->hostkey_alg, ssh->compat)) != 0)
diff -aurp old/kexgexs.c new/kexgexs.c
---- old/kexgexs.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/kexgexs.c 2018-03-23 11:03:06.045049721 -1000
+--- old/kexgexs.c 2018-08-22 22:41:42.000000000 -0700
++++ new/kexgexs.c 2018-08-23 21:36:11.493972372 -0700
@@ -101,11 +101,16 @@ input_kex_dh_gex_request(int type, u_int
goto out;
}
@@ -509,10 +508,10 @@ diff -aurp old/kexgexs.c new/kexgexs.c
/* save session id := H */
if (kex->session_id == NULL) {
-@@ -225,12 +236,17 @@ input_kex_dh_gex_init(int type, u_int32_
+@@ -225,12 +236,16 @@ input_kex_dh_gex_init(int type, u_int32_
/* destroy_sensitive_data(); */
- /* send server hostkey, DH pubkey 'f' and singed H */
+ /* send server hostkey, DH pubkey 'f' and signed H */
+ {
+ const BIGNUM *pub_key;
+ DH_get0_key(kex->dh, &pub_key, NULL);
@@ -521,35 +520,33 @@ diff -aurp old/kexgexs.c new/kexgexs.c
- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */
+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */
(r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
-- (r = sshpkt_send(ssh)) != 0)
-+ (r = sshpkt_send(ssh)) != 0) {
+ (r = sshpkt_send(ssh)) != 0)
goto out;
+ }
-+ }
if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
r = kex_send_newkeys(ssh);
diff -aurp old/monitor.c new/monitor.c
---- old/monitor.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/monitor.c 2018-03-23 10:05:03.890621610 -1000
-@@ -595,10 +595,12 @@ mm_answer_moduli(int sock, Buffer *m)
- buffer_put_char(m, 0);
+--- old/monitor.c 2018-08-22 22:41:42.000000000 -0700
++++ new/monitor.c 2018-08-23 21:34:14.594343260 -0700
+@@ -589,10 +589,12 @@ mm_answer_moduli(int sock, struct sshbuf
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
return (0);
} else {
+ const BIGNUM *p, *g;
+ DH_get0_pqg(dh, &p, NULL, &g);
/* Send first bignum */
- buffer_put_char(m, 1);
-- buffer_put_bignum2(m, dh->p);
-- buffer_put_bignum2(m, dh->g);
-+ buffer_put_bignum2(m, p);
-+ buffer_put_bignum2(m, g);
+ if ((r = sshbuf_put_u8(m, 1)) != 0 ||
+- (r = sshbuf_put_bignum2(m, dh->p)) != 0 ||
+- (r = sshbuf_put_bignum2(m, dh->g)) != 0)
++ (r = sshbuf_put_bignum2(m, p)) != 0 ||
++ (r = sshbuf_put_bignum2(m, g)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
DH_free(dh);
- }
diff -aurp old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat.c
---- old/openbsd-compat/openssl-compat.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/openbsd-compat/openssl-compat.c 2018-03-23 10:05:03.890621610 -1000
+--- old/openbsd-compat/openssl-compat.c 2018-08-22 22:41:42.000000000 -0700
++++ new/openbsd-compat/openssl-compat.c 2018-08-23 21:31:53.334592801 -0700
@@ -75,7 +75,6 @@ ssh_OpenSSL_add_all_algorithms(void)
/* Enable use of crypto hardware */
ENGINE_load_builtin_engines();
@@ -559,8 +556,8 @@ diff -aurp old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat
#endif
diff -aurp old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey/test_file.c
---- old/regress/unittests/sshkey/test_file.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/regress/unittests/sshkey/test_file.c 2018-03-23 10:05:03.890621610 -1000
+--- old/regress/unittests/sshkey/test_file.c 2018-08-22 22:41:42.000000000 -0700
++++ new/regress/unittests/sshkey/test_file.c 2018-08-23 21:31:53.334592801 -0700
@@ -60,9 +60,14 @@ sshkey_file_tests(void)
a = load_bignum("rsa_1.param.n");
b = load_bignum("rsa_1.param.p");
@@ -598,8 +595,8 @@ diff -aurp old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey
BN_free(b);
BN_free(c);
diff -aurp old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshkey/test_sshkey.c
---- old/regress/unittests/sshkey/test_sshkey.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/regress/unittests/sshkey/test_sshkey.c 2018-03-23 10:05:03.890621610 -1000
+--- old/regress/unittests/sshkey/test_sshkey.c 2018-08-22 22:41:42.000000000 -0700
++++ new/regress/unittests/sshkey/test_sshkey.c 2018-08-23 21:31:53.334592801 -0700
@@ -197,9 +197,14 @@ sshkey_tests(void)
k1 = sshkey_new(KEY_RSA);
ASSERT_PTR_NE(k1, NULL);
@@ -738,8 +735,8 @@ diff -aurp old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk
TEST_START("equal KEY_DSA/demoted KEY_DSA");
diff -aurp old/ssh-dss.c new/ssh-dss.c
---- old/ssh-dss.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/ssh-dss.c 2018-03-23 10:05:03.891621693 -1000
+--- old/ssh-dss.c 2018-08-22 22:41:42.000000000 -0700
++++ new/ssh-dss.c 2018-08-23 21:31:53.334592801 -0700
@@ -53,6 +53,7 @@ ssh_dss_sign(const struct sshkey *key, u
DSA_SIG *sig = NULL;
u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];
@@ -801,8 +798,8 @@ diff -aurp old/ssh-dss.c new/ssh-dss.c
/* sha1 the data */
if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
diff -aurp old/ssh-ecdsa.c new/ssh-ecdsa.c
---- old/ssh-ecdsa.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/ssh-ecdsa.c 2018-03-23 10:05:03.891621693 -1000
+--- old/ssh-ecdsa.c 2018-08-22 22:41:42.000000000 -0700
++++ new/ssh-ecdsa.c 2018-08-23 21:31:53.334592801 -0700
@@ -80,9 +80,14 @@ ssh_ecdsa_sign(const struct sshkey *key,
ret = SSH_ERR_ALLOC_FAIL;
goto out;
@@ -851,9 +848,9 @@ diff -aurp old/ssh-ecdsa.c new/ssh-ecdsa.c
ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
goto out;
diff -aurp old/ssh-keygen.c new/ssh-keygen.c
---- old/ssh-keygen.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/ssh-keygen.c 2018-03-23 10:05:03.891621693 -1000
-@@ -493,11 +493,33 @@ do_convert_private_ssh2_from_blob(u_char
+--- old/ssh-keygen.c 2018-08-22 22:41:42.000000000 -0700
++++ new/ssh-keygen.c 2018-08-23 21:31:53.334592801 -0700
+@@ -494,11 +494,33 @@ do_convert_private_ssh2_from_blob(u_char
switch (key->type) {
case KEY_DSA:
@@ -892,7 +889,7 @@ diff -aurp old/ssh-keygen.c new/ssh-keygen.c
break;
case KEY_RSA:
if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
-@@ -514,16 +536,52 @@ do_convert_private_ssh2_from_blob(u_char
+@@ -515,16 +537,52 @@ do_convert_private_ssh2_from_blob(u_char
e += e3;
debug("e %lx", e);
}
@@ -951,7 +948,7 @@ diff -aurp old/ssh-keygen.c new/ssh-keygen.c
if ((r = ssh_rsa_generate_additional_parameters(key)) != 0)
fatal("generate RSA parameters failed: %s", ssh_err(r));
break;
-@@ -633,7 +691,7 @@ do_convert_from_pkcs8(struct sshkey **k,
+@@ -634,7 +692,7 @@ do_convert_from_pkcs8(struct sshkey **k,
identity_file);
}
fclose(fp);
@@ -960,7 +957,7 @@ diff -aurp old/ssh-keygen.c new/ssh-keygen.c
case EVP_PKEY_RSA:
if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
fatal("sshkey_new failed");
-@@ -657,7 +715,7 @@ do_convert_from_pkcs8(struct sshkey **k,
+@@ -658,7 +716,7 @@ do_convert_from_pkcs8(struct sshkey **k,
#endif
default:
fatal("%s: unsupported pubkey type %d", __func__,
@@ -970,9 +967,9 @@ diff -aurp old/ssh-keygen.c new/ssh-keygen.c
EVP_PKEY_free(pubkey);
return;
diff -aurp old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c
---- old/ssh-pkcs11-client.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/ssh-pkcs11-client.c 2018-03-23 10:05:03.892621777 -1000
-@@ -144,12 +144,13 @@ pkcs11_rsa_private_encrypt(int flen, con
+--- old/ssh-pkcs11-client.c 2018-08-22 22:41:42.000000000 -0700
++++ new/ssh-pkcs11-client.c 2018-08-23 21:31:53.334592801 -0700
+@@ -156,12 +156,13 @@ pkcs11_rsa_private_encrypt(int flen, con
static int
wrap_key(RSA *rsa)
{
@@ -992,8 +989,8 @@ diff -aurp old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c
}
diff -aurp old/ssh-pkcs11.c new/ssh-pkcs11.c
---- old/ssh-pkcs11.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/ssh-pkcs11.c 2018-03-23 10:05:03.892621777 -1000
+--- old/ssh-pkcs11.c 2018-08-22 22:41:42.000000000 -0700
++++ new/ssh-pkcs11.c 2018-08-23 21:31:53.334592801 -0700
@@ -67,7 +67,7 @@ struct pkcs11_key {
struct pkcs11_provider *provider;
CK_ULONG slotidx;
@@ -1083,9 +1080,9 @@ diff -aurp old/ssh-pkcs11.c new/ssh-pkcs11.c
free(attribs[i].pValue);
}
diff -aurp old/ssh-rsa.c new/ssh-rsa.c
---- old/ssh-rsa.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/ssh-rsa.c 2018-03-23 10:05:03.892621777 -1000
-@@ -84,7 +84,6 @@ ssh_rsa_generate_additional_parameters(s
+--- old/ssh-rsa.c 2018-08-22 22:41:42.000000000 -0700
++++ new/ssh-rsa.c 2018-08-23 21:31:53.334592801 -0700
+@@ -108,7 +108,6 @@ ssh_rsa_generate_additional_parameters(s
{
BIGNUM *aux = NULL;
BN_CTX *ctx = NULL;
@@ -1093,7 +1090,7 @@ diff -aurp old/ssh-rsa.c new/ssh-rsa.c
int r;
if (key == NULL || key->rsa == NULL ||
-@@ -99,16 +98,27 @@ ssh_rsa_generate_additional_parameters(s
+@@ -123,16 +122,27 @@ ssh_rsa_generate_additional_parameters(s
}
BN_set_flags(aux, BN_FLG_CONSTTIME);
@@ -1128,7 +1125,7 @@ diff -aurp old/ssh-rsa.c new/ssh-rsa.c
r = 0;
out:
BN_clear_free(aux);
-@@ -139,7 +149,7 @@ ssh_rsa_sign(const struct sshkey *key, u
+@@ -163,7 +173,7 @@ ssh_rsa_sign(const struct sshkey *key, u
if (key == NULL || key->rsa == NULL || hash_alg == -1 ||
sshkey_type_plain(key->type) != KEY_RSA)
return SSH_ERR_INVALID_ARGUMENT;
@@ -1137,7 +1134,7 @@ diff -aurp old/ssh-rsa.c new/ssh-rsa.c
return SSH_ERR_KEY_LENGTH;
slen = RSA_size(key->rsa);
if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
-@@ -211,7 +221,7 @@ ssh_rsa_verify(const struct sshkey *key,
+@@ -235,7 +245,7 @@ ssh_rsa_verify(const struct sshkey *key,
sshkey_type_plain(key->type) != KEY_RSA ||
sig == NULL || siglen == 0)
return SSH_ERR_INVALID_ARGUMENT;
@@ -1147,9 +1144,9 @@ diff -aurp old/ssh-rsa.c new/ssh-rsa.c
if ((b = sshbuf_from(sig, siglen)) == NULL)
diff -aurp old/sshkey.c new/sshkey.c
---- old/sshkey.c 2018-03-22 16:21:14.000000000 -1000
-+++ new/sshkey.c 2018-03-23 10:05:03.893621860 -1000
-@@ -274,10 +274,18 @@ sshkey_size(const struct sshkey *k)
+--- old/sshkey.c 2018-08-22 22:41:42.000000000 -0700
++++ new/sshkey.c 2018-08-23 21:31:53.334592801 -0700
+@@ -292,10 +292,18 @@ sshkey_size(const struct sshkey *k)
#ifdef WITH_OPENSSL
case KEY_RSA:
case KEY_RSA_CERT:
@@ -1169,7 +1166,7 @@ diff -aurp old/sshkey.c new/sshkey.c
case KEY_ECDSA:
case KEY_ECDSA_CERT:
return sshkey_curve_nid_to_bits(k->ecdsa_nid);
-@@ -482,26 +490,53 @@ sshkey_new(int type)
+@@ -500,26 +508,53 @@ sshkey_new(int type)
#ifdef WITH_OPENSSL
case KEY_RSA:
case KEY_RSA_CERT:
@@ -1229,7 +1226,7 @@ diff -aurp old/sshkey.c new/sshkey.c
k->dsa = dsa;
break;
case KEY_ECDSA:
-@@ -539,6 +574,51 @@ sshkey_add_private(struct sshkey *k)
+@@ -557,6 +592,51 @@ sshkey_add_private(struct sshkey *k)
#ifdef WITH_OPENSSL
case KEY_RSA:
case KEY_RSA_CERT:
@@ -1281,7 +1278,7 @@ diff -aurp old/sshkey.c new/sshkey.c
#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL)
if (bn_maybe_alloc_failed(k->rsa->d) ||
bn_maybe_alloc_failed(k->rsa->iqmp) ||
-@@ -547,13 +627,28 @@ sshkey_add_private(struct sshkey *k)
+@@ -565,13 +645,28 @@ sshkey_add_private(struct sshkey *k)
bn_maybe_alloc_failed(k->rsa->dmq1) ||
bn_maybe_alloc_failed(k->rsa->dmp1))
return SSH_ERR_ALLOC_FAIL;
@@ -1310,7 +1307,7 @@ diff -aurp old/sshkey.c new/sshkey.c
case KEY_ECDSA:
case KEY_ECDSA_CERT:
/* Cannot do anything until we know the group */
-@@ -677,16 +772,34 @@ sshkey_equal_public(const struct sshkey
+@@ -695,16 +790,34 @@ sshkey_equal_public(const struct sshkey
#ifdef WITH_OPENSSL
case KEY_RSA_CERT:
case KEY_RSA:
@@ -1353,7 +1350,7 @@ diff -aurp old/sshkey.c new/sshkey.c
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA_CERT:
case KEY_ECDSA:
-@@ -775,12 +888,17 @@ to_blob_buf(const struct sshkey *key, st
+@@ -793,12 +906,17 @@ to_blob_buf(const struct sshkey *key, st
case KEY_DSA:
if (key->dsa == NULL)
return SSH_ERR_INVALID_ARGUMENT;
@@ -1375,7 +1372,7 @@ diff -aurp old/sshkey.c new/sshkey.c
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
-@@ -796,10 +914,14 @@ to_blob_buf(const struct sshkey *key, st
+@@ -814,10 +932,14 @@ to_blob_buf(const struct sshkey *key, st
case KEY_RSA:
if (key->rsa == NULL)
return SSH_ERR_INVALID_ARGUMENT;
@@ -1392,7 +1389,7 @@ diff -aurp old/sshkey.c new/sshkey.c
break;
#endif /* WITH_OPENSSL */
case KEY_ED25519:
-@@ -1740,13 +1862,32 @@ sshkey_from_private(const struct sshkey
+@@ -1758,13 +1880,32 @@ sshkey_from_private(const struct sshkey
case KEY_DSA_CERT:
if ((n = sshkey_new(k->type)) == NULL)
return SSH_ERR_ALLOC_FAIL;
@@ -1429,7 +1426,7 @@ diff -aurp old/sshkey.c new/sshkey.c
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
-@@ -1770,11 +1911,23 @@ sshkey_from_private(const struct sshkey
+@@ -1788,11 +1929,23 @@ sshkey_from_private(const struct sshkey
case KEY_RSA_CERT:
if ((n = sshkey_new(k->type)) == NULL)
return SSH_ERR_ALLOC_FAIL;
@@ -1455,7 +1452,7 @@ diff -aurp old/sshkey.c new/sshkey.c
break;
#endif /* WITH_OPENSSL */
case KEY_ED25519:
-@@ -1995,12 +2148,27 @@ sshkey_from_blob_internal(struct sshbuf
+@@ -2013,12 +2166,27 @@ sshkey_from_blob_internal(struct sshbuf
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -1486,7 +1483,7 @@ diff -aurp old/sshkey.c new/sshkey.c
ret = SSH_ERR_KEY_LENGTH;
goto out;
}
-@@ -2020,13 +2188,36 @@ sshkey_from_blob_internal(struct sshbuf
+@@ -2038,13 +2206,36 @@ sshkey_from_blob_internal(struct sshbuf
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -1527,7 +1524,7 @@ diff -aurp old/sshkey.c new/sshkey.c
#ifdef DEBUG_PK
DSA_print_fp(stderr, key->dsa, 8);
#endif
-@@ -2327,26 +2518,63 @@ sshkey_demote(const struct sshkey *k, st
+@@ -2389,26 +2580,63 @@ sshkey_demote(const struct sshkey *k, st
goto fail;
/* FALLTHROUGH */
case KEY_RSA:
@@ -1599,7 +1596,7 @@ diff -aurp old/sshkey.c new/sshkey.c
break;
case KEY_ECDSA_CERT:
if ((ret = sshkey_cert_copy(k, pk)) != 0)
-@@ -2496,11 +2724,17 @@ sshkey_certify_custom(struct sshkey *k,
+@@ -2558,11 +2786,17 @@ sshkey_certify_custom(struct sshkey *k,
switch (k->type) {
#ifdef WITH_OPENSSL
case KEY_DSA_CERT:
@@ -1621,7 +1618,7 @@ diff -aurp old/sshkey.c new/sshkey.c
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA_CERT:
-@@ -2513,9 +2747,15 @@ sshkey_certify_custom(struct sshkey *k,
+@@ -2575,9 +2809,15 @@ sshkey_certify_custom(struct sshkey *k,
break;
# endif /* OPENSSL_HAS_ECC */
case KEY_RSA_CERT:
@@ -1639,7 +1636,7 @@ diff -aurp old/sshkey.c new/sshkey.c
break;
#endif /* WITH_OPENSSL */
case KEY_ED25519_CERT:
-@@ -2702,42 +2942,67 @@ sshkey_private_serialize_opt(const struc
+@@ -2764,42 +3004,67 @@ sshkey_private_serialize_opt(const struc
switch (key->type) {
#ifdef WITH_OPENSSL
case KEY_RSA:
@@ -1723,7 +1720,7 @@ diff -aurp old/sshkey.c new/sshkey.c
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
-@@ -2851,18 +3116,61 @@ sshkey_private_deserialize(struct sshbuf
+@@ -2913,18 +3178,61 @@ sshkey_private_deserialize(struct sshbuf
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -1792,7 +1789,7 @@ diff -aurp old/sshkey.c new/sshkey.c
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
-@@ -2921,29 +3229,104 @@ sshkey_private_deserialize(struct sshbuf
+@@ -2983,29 +3291,104 @@ sshkey_private_deserialize(struct sshbuf
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -1911,7 +1908,7 @@ diff -aurp old/sshkey.c new/sshkey.c
r = SSH_ERR_KEY_LENGTH;
goto out;
}
-@@ -3707,7 +4090,6 @@ translate_libcrypto_error(unsigned long
+@@ -3769,7 +4152,6 @@ translate_libcrypto_error(unsigned long
switch (pem_reason) {
case EVP_R_BAD_DECRYPT:
return SSH_ERR_KEY_WRONG_PASSPHRASE;
@@ -1919,7 +1916,7 @@ diff -aurp old/sshkey.c new/sshkey.c
case EVP_R_DECODE_ERROR:
#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
case EVP_R_PRIVATE_KEY_DECODE_ERROR:
-@@ -3772,7 +4154,7 @@ sshkey_parse_private_pem_fileblob(struct
+@@ -3834,7 +4216,7 @@ sshkey_parse_private_pem_fileblob(struct
r = convert_libcrypto_error();
goto out;
}
@@ -1928,7 +1925,7 @@ diff -aurp old/sshkey.c new/sshkey.c
(type == KEY_UNSPEC || type == KEY_RSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
-@@ -3787,11 +4169,11 @@ sshkey_parse_private_pem_fileblob(struct
+@@ -3849,11 +4231,11 @@ sshkey_parse_private_pem_fileblob(struct
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
@@ -1942,7 +1939,7 @@ diff -aurp old/sshkey.c new/sshkey.c
(type == KEY_UNSPEC || type == KEY_DSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
-@@ -3803,7 +4185,7 @@ sshkey_parse_private_pem_fileblob(struct
+@@ -3865,7 +4247,7 @@ sshkey_parse_private_pem_fileblob(struct
DSA_print_fp(stderr, prv->dsa, 8);
#endif
#ifdef OPENSSL_HAS_ECC
@@ -1951,3 +1948,4 @@ diff -aurp old/sshkey.c new/sshkey.c
(type == KEY_UNSPEC || type == KEY_ECDSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
+
diff --git a/source/n/samba/samba.url b/source/n/samba/samba.url
index 86b7a373d..4874e29a5 100644
--- a/source/n/samba/samba.url
+++ b/source/n/samba/samba.url
@@ -1,2 +1,2 @@
-https://download.samba.org/pub/samba/stable/samba-4.8.4.tar.gz
-https://download.samba.org/pub/samba/stable/samba-4.8.4.tar.asc
+https://download.samba.org/pub/samba/stable/samba-4.8.5.tar.gz
+https://download.samba.org/pub/samba/stable/samba-4.8.5.tar.asc
diff --git a/source/x/x11/build/xauth b/source/x/x11/build/xauth
index 0cfbf0888..00750edc0 100644
--- a/source/x/x11/build/xauth
+++ b/source/x/x11/build/xauth
@@ -1 +1 @@
-2
+3
diff --git a/source/x/x11/patch/xauth.patch b/source/x/x11/patch/xauth.patch
new file mode 100644
index 000000000..4348e2ab0
--- /dev/null
+++ b/source/x/x11/patch/xauth.patch
@@ -0,0 +1,3 @@
+# Fix a bug where changing the hostname causes access to X to be lost:
+zcat $CWD/patch/xauth/xauth.bc78aa61cfbddaa27dee275f639ba40de6981b17.patch.gz \
+ | patch -p2 --verbose || { touch ${SLACK_X_BUILD_DIR}/${PKGNAME}.failed ; continue ; }
diff --git a/source/x/x11/patch/xauth/xauth.bc78aa61cfbddaa27dee275f639ba40de6981b17.patch b/source/x/x11/patch/xauth/xauth.bc78aa61cfbddaa27dee275f639ba40de6981b17.patch
new file mode 100644
index 000000000..96fe5d0c3
--- /dev/null
+++ b/source/x/x11/patch/xauth/xauth.bc78aa61cfbddaa27dee275f639ba40de6981b17.patch
@@ -0,0 +1,44 @@
+From bc78aa61cfbddaa27dee275f639ba40de6981b17 Mon Sep 17 00:00:00 2001
+From: George V. Kouryachy (Fr. Br. George) <george@altlinux.ru>
+Date: Fri, 4 Aug 2017 18:37:33 +0300
+Subject: [PATCH] parse_displayname: use FamilyWild for *:0
+
+---
+ xauth/gethost.c | 4 ++++
+ xauth/parsedpy.c | 4 ++++
+ 2 files changed, 8 insertions(+), 0 deletions(-)
+
+diff --git a/xauth/gethost.c b/xauth/gethost.c
+index 8cb58c5..598ac48 100644
+--- a/xauth/gethost.c
++++ b/xauth/gethost.c
+@@ -180,6 +180,10 @@ struct addrlist *get_address_info (
+ * information to be copied and set len to the number of bytes.
+ */
+ switch (family) {
++ case FamilyWild: /* was :0 */
++ src = "\xff\xff";
++ len = strlen(src);
++ break;
+ case FamilyLocal: /* hostname/unix:0 */
+ /* handle unix:0 and :0 specially */
+ if (prefix == 0 && (strncmp (fulldpyname, "unix:", 5) == 0 ||
+diff --git a/xauth/parsedpy.c b/xauth/parsedpy.c
+index 97988d3..6c98339 100644
+--- a/xauth/parsedpy.c
++++ b/xauth/parsedpy.c
+@@ -141,6 +141,10 @@ parse_displayname (const char *displayname,
+ family = FamilyInternet;
+ }
+ #endif
++ } else if (len == 1 && *displayname == '*') {
++ /* ALT: wildcard cookie */
++ host = copystring("*", 1);
++ family = FamilyWild;
+ } else if (!dnet && (*displayname == '[') && (*(ptr - 1) == ']')) {
+ /* Allow RFC2732-like [<IPv6NumericAddress>]:display syntax */
+ family = FamilyInternet6;
+--
+1.7.3.3
+
+