-
-
Notifications
You must be signed in to change notification settings - Fork 112
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updating all dependencies to latest versions as of 2023 (#70)
* updating to alpine 3.17 and openssh 9.3p1 * update to Duo 2.0.0 * update to google-authenticator-libpam 1.09 * update to sudosh 0.3.0
- Loading branch information
Showing
14 changed files
with
177 additions
and
303 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
16 changes: 16 additions & 0 deletions
16
patches/openssh/alpine/avoid-redefined-warnings-when-building-with-utmps.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
From: Jakub Jirutka <jakub@jirutka.cz> | ||
Date: Wed, 15 Dec 2021 22:37:42 +0100 | ||
Subject: [PATCH] Avoid redefined warnings when building with utmps | ||
|
||
--- a/includes.h | ||
+++ b/includes.h | ||
@@ -62,6 +62,9 @@ | ||
#endif | ||
|
||
#ifdef HAVE_UTMP_H | ||
+/* _PATH_UTMP and _PATH_WTMP are defined both in paths.h and utmps/utmp.h. */ | ||
+# undef _PATH_UTMP | ||
+# undef _PATH_WTMP | ||
# include <utmp.h> | ||
#endif | ||
#ifdef HAVE_UTMPX_H |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
set the default sftp to internal. | ||
this is better than the extra one, because it requires no extra support files | ||
with ChrootDirectory, and it does not fork so it is faster. | ||
--- a/sshd_config | ||
+++ b/sshd_config | ||
@@ -107,7 +107,7 @@ | ||
#Banner none | ||
|
||
# override default of no subsystems | ||
-Subsystem sftp /usr/libexec/sftp-server | ||
+Subsystem sftp internal-sftp | ||
|
||
# Example of overriding settings on a per-user basis | ||
#Match User anoncvs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
diff -rNU3 openssh-9.0p1.old/loginrec.c openssh-9.0p1/loginrec.c | ||
--- openssh-9.0p1.old/loginrec.c 2022-04-06 02:47:48.000000000 +0200 | ||
+++ openssh-9.0p1/loginrec.c 2022-07-11 14:59:44.848827188 +0200 | ||
@@ -763,10 +763,6 @@ | ||
set_utmpx_time(li, utx); | ||
utx->ut_pid = li->pid; | ||
|
||
- /* strncpy(): Don't necessarily want null termination */ | ||
- strncpy(utx->ut_user, li->username, | ||
- MIN_SIZEOF(utx->ut_user, li->username)); | ||
- | ||
if (li->type == LTYPE_LOGOUT) | ||
return; | ||
|
||
@@ -775,6 +771,10 @@ | ||
* for logouts. | ||
*/ | ||
|
||
+ /* strncpy(): Don't necessarily want null termination */ | ||
+ strncpy(utx->ut_user, li->username, | ||
+ MIN_SIZEOF(utx->ut_user, li->username)); | ||
+ | ||
# ifdef HAVE_HOST_IN_UTMPX | ||
strncpy(utx->ut_host, li->hostname, | ||
MIN_SIZEOF(utx->ut_host, li->hostname)); | ||
@@ -787,7 +787,7 @@ | ||
if (li->hostaddr.sa.sa_family == AF_INET) | ||
utx->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr; | ||
# endif | ||
-# ifdef HAVE_ADDR_V6_IN_UTMP | ||
+# ifdef HAVE_ADDR_V6_IN_UTMPX | ||
/* this is just a 128-bit IPv6 address */ | ||
if (li->hostaddr.sa.sa_family == AF_INET6) { | ||
sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
Handle case when answer=NULL due to zero answers | ||
|
||
diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c | ||
index dc6fe05..28622b5 100644 | ||
--- a/openbsd-compat/getrrsetbyname.c | ||
+++ b/openbsd-compat/getrrsetbyname.c | ||
@@ -268,7 +268,7 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, | ||
} | ||
rrset->rri_rdclass = response->query->class; | ||
rrset->rri_rdtype = response->query->type; | ||
- rrset->rri_ttl = response->answer->ttl; | ||
+ rrset->rri_ttl = response->answer ? response->answer->ttl : 0; | ||
rrset->rri_nrdatas = response->header.ancount; | ||
|
||
#ifdef HAVE_HEADER_AD | ||
@@ -276,6 +276,17 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, | ||
if (response->header.ad == 1) | ||
rrset->rri_flags |= RRSET_VALIDATED; | ||
#endif | ||
+ /* allocate memory for signatures */ | ||
+ if (rrset->rri_nsigs > 0) { | ||
+ rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); | ||
+ if (rrset->rri_sigs == NULL) { | ||
+ result = ERRSET_NOMEMORY; | ||
+ goto fail; | ||
+ } | ||
+ } | ||
+ | ||
+ if (response->answer == NULL || response->header.ancount == 0) | ||
+ goto done; | ||
|
||
/* copy name from answer section */ | ||
rrset->rri_name = strdup(response->answer->name); | ||
@@ -298,15 +309,6 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, | ||
goto fail; | ||
} | ||
|
||
- /* allocate memory for signatures */ | ||
- if (rrset->rri_nsigs > 0) { | ||
- rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); | ||
- if (rrset->rri_sigs == NULL) { | ||
- result = ERRSET_NOMEMORY; | ||
- goto fail; | ||
- } | ||
- } | ||
- | ||
/* copy answers & signatures */ | ||
for (rr = response->answer, index_ans = 0, index_sig = 0; | ||
rr; rr = rr->next) { | ||
@@ -334,6 +336,7 @@ getrrsetbyname(const char *hostname, unsigned int rdclass, | ||
} | ||
free_dns_response(response); | ||
|
||
+done: | ||
*res = rrset; | ||
return (ERRSET_SUCCESS); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
Author: Milan P. Stanić <mps@arvanta.net> | ||
Date: Fri Mar 4 14:53:04 2022 +0000 | ||
|
||
include sys/param.h to fix missing #define MAXHOSTNAMELEN | ||
|
||
--- a/gss-serv.c 2022-03-04 14:40:34.947952759 +0000 | ||
+++ b/gss-serv.c 2022-03-04 14:40:50.448023670 +0000 | ||
@@ -29,6 +29,7 @@ | ||
#ifdef GSSAPI | ||
|
||
#include <sys/types.h> | ||
+#include <sys/param.h> | ||
|
||
#include <stdarg.h> | ||
#include <string.h> |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.