From b83f96744f5549a5ebc5d5a41d4d555d718a17fc1ce3e04cbd5cec1aefbd4d8b Mon Sep 17 00:00:00 2001
From: Petr Cerny <null@suse.de>
Date: Wed, 10 Feb 2016 15:40:35 +0000
Subject: [PATCH] Accepting request 358392 from home:elvigia:branches:network

- openssh-alloc_size.patch: anotate xmalloc.h with alloc_size
 attribute so the compiler knows these functions allocate memory
 so overflow or misuse can be detected sooner.
- openssh-allow_getrandom.patch; allow the getrandom(2) system
  call in the seccomp sandbox, upstream commit 26ad18247213
- openssh-fix-b64_xx-detection.patch: configure.ac has incorrect
  tests for b64_ntop, b64_pton on linux/glibc.

OBS-URL: https://build.opensuse.org/request/show/358392
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=96
---
 openssh-alloc_size.patch           | 28 ++++++++++++++++++++++++++++
 openssh-allow_getrandom.patch      | 12 ++++++++++++
 openssh-fix-b64_xx-detection.patch | 24 ++++++++++++++++++++++++
 openssh.changes                    | 11 +++++++++++
 openssh.spec                       |  7 +++++++
 5 files changed, 82 insertions(+)
 create mode 100644 openssh-alloc_size.patch
 create mode 100644 openssh-allow_getrandom.patch
 create mode 100644 openssh-fix-b64_xx-detection.patch

diff --git a/openssh-alloc_size.patch b/openssh-alloc_size.patch
new file mode 100644
index 0000000..369ad72
--- /dev/null
+++ b/openssh-alloc_size.patch
@@ -0,0 +1,28 @@
+--- openssh-7.1p2.orig/xmalloc.h
++++ openssh-7.1p2/xmalloc.h
+@@ -16,10 +16,10 @@
+  * called by a name other than "ssh" or "Secure Shell".
+  */
+ 
+-void	*xmalloc(size_t);
+-void	*xcalloc(size_t, size_t);
+-void	*xreallocarray(void *, size_t, size_t);
+-char	*xstrdup(const char *);
++void	*xmalloc(size_t) __attribute__((__malloc__, __alloc_size__(1)));
++void	*xcalloc(size_t, size_t) __attribute__((__malloc__, __alloc_size__(1,2)));
++void	*xreallocarray(void *, size_t, size_t) __attribute__((__alloc_size__(2,3)));
++char	*xstrdup(const char *) __attribute__((__malloc__));
+ int	 xasprintf(char **, const char *, ...)
+                 __attribute__((__format__ (printf, 2, 3)))
+                 __attribute__((__nonnull__ (2)));
+--- openssh-7.1p2.orig/openbsd-compat/openbsd-compat.h
++++ openssh-7.1p2/openbsd-compat/openbsd-compat.h
+@@ -66,7 +66,7 @@ char *getcwd(char *pt, size_t size);
+ #endif 
+ 
+ #ifndef HAVE_REALLOCARRAY
+-void *reallocarray(void *, size_t, size_t);
++void *reallocarray(void *, size_t, size_t) __attribute__((__alloc_size__(2,3)));
+ #endif
+ 
+ #if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
diff --git a/openssh-allow_getrandom.patch b/openssh-allow_getrandom.patch
new file mode 100644
index 0000000..d95f1e1
--- /dev/null
+++ b/openssh-allow_getrandom.patch
@@ -0,0 +1,12 @@
+--- openssh-7.1p2.orig/sandbox-seccomp-filter.c
++++ openssh-7.1p2/sandbox-seccomp-filter.c
+@@ -153,6 +153,9 @@ static const struct sock_filter preauth_
+ #ifdef __NR_getuid32
+ 	SC_ALLOW(getuid32),
+ #endif
++#ifdef __NR_getrandom
++	SC_ALLOW(getrandom),
++#endif
+ #ifdef __NR_gettimeofday
+ 	SC_ALLOW(gettimeofday),
+ #endif
diff --git a/openssh-fix-b64_xx-detection.patch b/openssh-fix-b64_xx-detection.patch
new file mode 100644
index 0000000..5ccd89a
--- /dev/null
+++ b/openssh-fix-b64_xx-detection.patch
@@ -0,0 +1,24 @@
+--- openssh-7.1p2.orig/configure.ac
++++ openssh-7.1p2/configure.ac
+@@ -2873,6 +2873,10 @@ else
+ 	AC_CHECK_FUNCS([crypt])
+ fi
+ 
++AC_CHECK_DECLS([b64_ntop, b64_pton], [], [], [#include <resolv.h>]) 
++AC_SEARCH_LIBS([__b64_ntop], [resolv]) 
++AC_SEARCH_LIBS([__b64_pton], [resolv]) 
++
+ AC_CHECK_FUNCS([ \
+ 	arc4random \
+ 	arc4random_buf \
+--- openssh-7.1p2.orig/Makefile.in
++++ openssh-7.1p2/Makefile.in
+@@ -45,7 +45,7 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
+ CC=@CC@
+ LD=@LD@
+ CFLAGS=@CFLAGS@
+-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ -include config.h
+ LIBS=@LIBS@
+ K5LIBS=@K5LIBS@
+ GSSLIBS=@GSSLIBS@
diff --git a/openssh.changes b/openssh.changes
index 11b0e0e..3fa3171 100644
--- a/openssh.changes
+++ b/openssh.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Mon Feb  8 16:54:22 UTC 2016 - crrodriguez@opensuse.org
+
+- openssh-alloc_size.patch: anotate xmalloc.h with alloc_size
+ attribute so the compiler knows these functions allocate memory
+ so overflow or misuse can be detected sooner.
+- openssh-allow_getrandom.patch; allow the getrandom(2) system
+  call in the seccomp sandbox, upstream commit 26ad18247213
+- openssh-fix-b64_xx-detection.patch: configure.ac has incorrect
+  tests for b64_ntop, b64_pton on linux/glibc.
+
 -------------------------------------------------------------------
 Wed Jan 20 11:18:48 UTC 2016 - tchvatal@suse.com
 
diff --git a/openssh.spec b/openssh.spec
index 2ebdb33..844a12a 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -93,6 +93,9 @@ Patch35:        openssh-6.6p1-sftp_force_permissions.patch
 Patch36:        openssh-6.6p1-seccomp_getuid.patch
 Patch37:        openssh-6.6p1-X_forward_with_disabled_ipv6.patch
 Patch39:        openssh-6.6p1-ldap.patch
+Patch40:        openssh-alloc_size.patch
+Patch41:        openssh-allow_getrandom.patch
+Patch42:        openssh-fix-b64_xx-detection.patch
 BuildRequires:  audit-devel
 BuildRequires:  autoconf
 BuildRequires:  fipscheck-devel
@@ -181,7 +184,11 @@ cryptomodule.
 %patch36 -p1
 %patch37 -p2
 %patch39 -p1
+%patch40 -p1
+%patch41 -p1
+%patch42 -p1
 %patch17 -p1
+
 cp %{SOURCE3} %{SOURCE4} .
 
 %build