aboutsummaryrefslogtreecommitdiff
path: root/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata
diff options
context:
space:
mode:
authorBryan Drewery <bdrewery@FreeBSD.org>2022-05-24 23:08:14 +0000
committerBryan Drewery <bdrewery@FreeBSD.org>2022-06-22 18:44:50 +0000
commit61026a2af1198336a10d20df79d61f75e4a3bfaa (patch)
tree9b08b90aa78e4f8de316291a00a594746ea22223 /security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata
parent42eb2126d4894d8e2c490ea002e55aa809fdde22 (diff)
downloadports-61026a2af1198336a10d20df79d61f75e4a3bfaa.tar.gz
ports-61026a2af1198336a10d20df79d61f75e4a3bfaa.zip
security/openssh-portable: Fix some capsicum issues
- Brings in latest changes from base. See patches for details. - Version 9.0 is being worked on but I wanted to fix this issue before proceeding with bigger changes. PR: 263753 (cherry picked from commit 272dd07a309c086a4bc97dc015ef7faf4fbf89ca)
Diffstat (limited to 'security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata')
-rw-r--r--security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata43
1 files changed, 43 insertions, 0 deletions
diff --git a/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata b/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata
new file mode 100644
index 000000000000..bf3889265b77
--- /dev/null
+++ b/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata
@@ -0,0 +1,43 @@
+commit fc3c19a9fceeea48a9259ac3833a125804342c0e
+Author: Ed Maste <emaste@FreeBSD.org>
+Date: Sat Oct 6 21:32:55 2018 +0000
+
+ sshd: address capsicum issues
+
+ * Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
+ capability mode.
+ * Cache timezone data via caph_cache_tzdata() as we cannot access the
+ timezone file.
+ * Reverse resolve hostname before entering capability mode.
+
+ PR: 231172
+ Submitted by: naito.yuichiro@gmail.com
+ Reviewed by: cem, des
+ Approved by: re (rgrimes)
+ MFC after: 3 weeks
+ Differential Revision: https://reviews.freebsd.org/D17128
+
+Notes:
+ svn path=/head/; revision=339216
+
+diff --git crypto/openssh/sandbox-capsicum.c crypto/openssh/sandbox-capsicum.c
+index 5f41d526292b..f728abd18250 100644
+--- sandbox-capsicum.c
++++ sandbox-capsicum.c
+@@ -31,6 +31,7 @@ __RCSID("$FreeBSD$");
+ #include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
++#include <capsicum_helpers.h>
+
+ #include "log.h"
+ #include "monitor.h"
+@@ -71,6 +72,8 @@ ssh_sandbox_child(struct ssh_sandbox *box)
+ struct rlimit rl_zero;
+ cap_rights_t rights;
+
++ caph_cache_tzdata();
++
+ rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+
+ if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)