From e156e403f6097563528e34cdb9303c05e1d6e626 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Sun, 5 Feb 2012 15:48:18 +0000 Subject: [PATCH] [packages_10.03.2] openssh: merge r28264, r28287, r28288, r28312, r28321, r28899, r28931, r29005, r29085, r29087, r29088 SVN-Revision: 30233 --- net/openssh/Makefile | 53 ++++++------ net/openssh/files/sshd.init | 28 +++++-- .../patches/140-pam_uclibc_pthreads_fix.patch | 84 +++++++++++++++++++ 3 files changed, 135 insertions(+), 30 deletions(-) create mode 100644 net/openssh/patches/140-pam_uclibc_pthreads_fix.patch diff --git a/net/openssh/Makefile b/net/openssh/Makefile index a39eb1876e..3f4bc37168 100644 --- a/net/openssh/Makefile +++ b/net/openssh/Makefile @@ -1,5 +1,5 @@ # -# Copyright (C) 2006,2008-2011 OpenWrt.org +# Copyright (C) 2006-2011 OpenWrt.org # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -8,15 +8,15 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssh -PKG_VERSION:=5.8p2 -PKG_RELEASE:=2 +PKG_VERSION:=5.9p1 +PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://openbsd.wiretapped.net/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ \ ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/ -PKG_MD5SUM:=0541579adf9d55abb15ef927048d372e +PKG_MD5SUM:=afe17eee7e98d3b8550cc349834a85d0 PKG_BUILD_DEPENDS:=libopenssl @@ -25,13 +25,24 @@ include $(INCLUDE_DIR)/package.mk define Package/openssh/Default SECTION:=net CATEGORY:=Network - DEPENDS:=+libopenssl +zlib +libgcc + DEPENDS:=+libopenssl +zlib TITLE:=OpenSSH MAINTAINER:=Peter Wagner URL:=http://www.openssh.com/ SUBMENU:=SSH endef +define Package/openssh-moduli + $(call Package/openssh/Default) + DEPENDS+= +openssh-server + TITLE+= moduli file +endef + +define Package/openssh-moduli/description +OpenSSH server moduli file. +endef + + define Package/openssh-client $(call Package/openssh/Default) TITLE+= client @@ -89,7 +100,6 @@ endef define Package/openssh-sftp-server $(call Package/openssh/Default) - DEPENDS:=+libgcc TITLE+= SFTP server endef @@ -100,6 +110,8 @@ endef CONFIGURE_ARGS+= \ $(DISABLE_NLS) \ --sysconfdir=/etc/ssh \ + --with-privsep-user=sshd \ + --with-privsep-path=/var/empty \ --enable-shared \ --disable-static \ --disable-debug \ @@ -115,6 +127,11 @@ CONFIGURE_ARGS+= \ --without-pam \ --without-x +ifeq ($(CONFIG_OPENSSL_ENGINE),y) +CONFIGURE_ARGS+= \ + --with-ssl-engine +endif + ifneq ($(CONFIG_SSP_SUPPORT),y) CONFIGURE_ARGS += \ --without-stackprotect @@ -133,6 +150,11 @@ define Build/Compile all install endef +define Package/openssh-moduli/install + $(INSTALL_DIR) $(1)/etc/ssh + $(CP) $(PKG_INSTALL_DIR)/etc/ssh/moduli $(1)/etc/ssh/ +endef + define Package/openssh-client/install $(INSTALL_DIR) $(1)/etc/ssh chmod 0700 $(1)/etc/ssh @@ -157,30 +179,12 @@ define Package/openssh-server/install $(INSTALL_DIR) $(1)/etc/ssh chmod 0700 $(1)/etc/ssh $(CP) $(PKG_INSTALL_DIR)/etc/ssh/sshd_config $(1)/etc/ssh/ - $(CP) $(PKG_INSTALL_DIR)/etc/ssh/moduli $(1)/etc/ssh/ $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/ endef -define Package/openssh-server/postinst -#!/bin/sh - -name=sshd -id=22 - -if [ -z "$$(grep ^\\$${name}: $${IPKG_INSTROOT}/etc/group)" ]; then - echo "adding group $$name to /etc/group" - echo "$${name}:x:$${id}:" >> $${IPKG_INSTROOT}/etc/group -fi - -if [ -z "$$(grep ^\\$${name}: $${IPKG_INSTROOT}/etc/passwd)" ]; then - echo "adding user $$name to /etc/passwd" - echo "$${name}:x:$${id}:$${id}:$${name}:/var/empty/.$${name}:/bin/false" >> $${IPKG_INSTROOT}/etc/passwd -fi -endef - define Package/openssh-sftp-client/install $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sftp $(1)/usr/bin/ @@ -194,6 +198,7 @@ define Package/openssh-sftp-server/install endef $(eval $(call BuildPackage,openssh-client)) +$(eval $(call BuildPackage,openssh-moduli)) $(eval $(call BuildPackage,openssh-client-utils)) $(eval $(call BuildPackage,openssh-keygen)) $(eval $(call BuildPackage,openssh-server)) diff --git a/net/openssh/files/sshd.init b/net/openssh/files/sshd.init index 58b5ce7206..b5dfcd07d0 100644 --- a/net/openssh/files/sshd.init +++ b/net/openssh/files/sshd.init @@ -1,8 +1,11 @@ #!/bin/sh /etc/rc.common -# Copyright (C) 2006 OpenWrt.org +# Copyright (C) 2006-2011 OpenWrt.org + START=50 STOP=50 +SERVICE_USE_PID=1 + start() { for type in rsa dsa; do { # check for keys @@ -15,15 +18,28 @@ start() { exit 0 } }; done - mkdir -p /var/empty - chmod 0700 /var/empty - /usr/sbin/sshd + user_exists sshd 22 || user_add sshd 22 22 sshd /var/empty + group_exists sshd 22 || group_add sshd 22 + mkdir -m 0700 -p /var/empty + service_start /usr/sbin/sshd } stop() { - kill $(cat /var/run/sshd.pid) + service_stop /usr/sbin/sshd } shutdown() { - killall sshd + local pid + local pids + local pid_mine + + stop + + # kill active clients + pid_mine="$$" + pids="$(pidof sshd)" + for pid in $pids; do + [ "$pid" = "$pid_mine" ] && continue + [ -e "/proc/$pid/stat" ] && kill $pid + done } diff --git a/net/openssh/patches/140-pam_uclibc_pthreads_fix.patch b/net/openssh/patches/140-pam_uclibc_pthreads_fix.patch new file mode 100644 index 0000000000..8018de02b0 --- /dev/null +++ b/net/openssh/patches/140-pam_uclibc_pthreads_fix.patch @@ -0,0 +1,84 @@ +--- a/auth-pam.c ++++ b/auth-pam.c +@@ -159,7 +159,7 @@ sshpam_sigchld_handler(int sig) + } + if (WIFSIGNALED(sshpam_thread_status) && + WTERMSIG(sshpam_thread_status) == SIGTERM) +- return; /* terminated by pthread_cancel */ ++ return; /* terminated by pthread2_cancel */ + if (!WIFEXITED(sshpam_thread_status)) + sigdie("PAM: authentication thread exited unexpectedly"); + if (WEXITSTATUS(sshpam_thread_status) != 0) +@@ -168,14 +168,14 @@ sshpam_sigchld_handler(int sig) + + /* ARGSUSED */ + static void +-pthread_exit(void *value) ++pthread2_exit(void *value) + { + _exit(0); + } + + /* ARGSUSED */ + static int +-pthread_create(sp_pthread_t *thread, const void *attr, ++pthread2_create(sp_pthread_t *thread, const void *attr, + void *(*thread_start)(void *), void *arg) + { + pid_t pid; +@@ -201,7 +201,7 @@ pthread_create(sp_pthread_t *thread, con + } + + static int +-pthread_cancel(sp_pthread_t thread) ++pthread2_cancel(sp_pthread_t thread) + { + signal(SIGCHLD, sshpam_oldsig); + return (kill(thread, SIGTERM)); +@@ -209,7 +209,7 @@ pthread_cancel(sp_pthread_t thread) + + /* ARGSUSED */ + static int +-pthread_join(sp_pthread_t thread, void **value) ++pthread2_join(sp_pthread_t thread, void **value) + { + int status; + +@@ -509,7 +509,7 @@ sshpam_thread(void *ctxtp) + /* XXX - can't do much about an error here */ + ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); + buffer_free(&buffer); +- pthread_exit(NULL); ++ pthread2_exit(NULL); + + auth_fail: + buffer_put_cstring(&buffer, +@@ -520,7 +520,7 @@ sshpam_thread(void *ctxtp) + else + ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); + buffer_free(&buffer); +- pthread_exit(NULL); ++ pthread2_exit(NULL); + + return (NULL); /* Avoid warning for non-pthread case */ + } +@@ -532,8 +532,8 @@ sshpam_thread_cleanup(void) + + debug3("PAM: %s entering", __func__); + if (ctxt != NULL && ctxt->pam_thread != 0) { +- pthread_cancel(ctxt->pam_thread); +- pthread_join(ctxt->pam_thread, NULL); ++ pthread2_cancel(ctxt->pam_thread); ++ pthread2_join(ctxt->pam_thread, NULL); + close(ctxt->pam_psock); + close(ctxt->pam_csock); + memset(ctxt, 0, sizeof(*ctxt)); +@@ -698,7 +698,7 @@ sshpam_init_ctx(Authctxt *authctxt) + } + ctxt->pam_psock = socks[0]; + ctxt->pam_csock = socks[1]; +- if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) { ++ if (pthread2_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) { + error("PAM: failed to start authentication thread: %s", + strerror(errno)); + close(socks[0]); -- 2.30.2