temporarily downgrade to avoid trouble with old Gogs SSH implementation

openssh/openssh.patch.alias

@@ -1,6 +1,6 @@
 Index: auth2.c
---- auth2.c.orig	2021-09-26 16:03:19.000000000 +0200
-+++ auth2.c	2021-09-30 12:00:44.627802000 +0200
+--- auth2.c.orig	2021-03-02 11:31:47.000000000 +0100
++++ auth2.c	2021-03-03 08:25:17.978876000 +0100
 @@ -58,6 +58,9 @@
  #endif
  #include "monitor_wrap.h"
@@ -49,9 +49,9 @@ Index: auth2.c
  		/* setup auth context */
  		authctxt->pw = PRIVSEP(getpwnamallow(ssh, user));
 Index: servconf.c
---- servconf.c.orig	2021-09-26 16:03:19.000000000 +0200
-+++ servconf.c	2021-09-30 12:00:44.629664000 +0200
-@@ -195,6 +195,9 @@
+--- servconf.c.orig	2021-03-02 11:31:47.000000000 +0100
++++ servconf.c	2021-03-03 08:25:17.979352000 +0100
+@@ -196,6 +196,9 @@
  	options->fingerprint_hash = -1;
  	options->disable_forwarding = -1;
  	options->expose_userauth_info = -1;
@@ -61,7 +61,7 @@ Index: servconf.c
  }
  
  /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
-@@ -517,6 +520,9 @@
+@@ -520,6 +523,9 @@
  	sStreamLocalBindMask, sStreamLocalBindUnlink,
  	sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
  	sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
@@ -71,7 +71,7 @@ Index: servconf.c
  	sDeprecated, sIgnore, sUnsupported
  } ServerOpCodes;
  
-@@ -676,6 +682,9 @@
+@@ -678,6 +684,9 @@
  	{ "rdomain", sRDomain, SSHCFG_ALL },
  	{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
  	{ "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
@@ -81,7 +81,7 @@ Index: servconf.c
  	{ NULL, sBadOption, 0 }
  };
  
-@@ -2435,6 +2444,26 @@
+@@ -2395,6 +2404,26 @@
  			*charptr = xstrdup(arg);
  		break;
  
@@ -109,8 +109,8 @@ Index: servconf.c
  	case sIgnore:
  	case sUnsupported:
 Index: servconf.h
---- servconf.h.orig	2021-09-26 16:03:19.000000000 +0200
-+++ servconf.h	2021-09-30 12:00:44.630463000 +0200
+--- servconf.h.orig	2021-03-02 11:31:47.000000000 +0100
++++ servconf.h	2021-03-03 08:25:17.979556000 +0100
 @@ -229,6 +229,14 @@
  	int	expose_userauth_info;
  	u_int64_t timing_secret;
@@ -127,8 +127,8 @@ Index: servconf.h
  
  /* Information about the incoming connection as used by Match */
 Index: sshd_config.5
---- sshd_config.5.orig	2021-09-26 16:03:19.000000000 +0200
-+++ sshd_config.5	2021-09-30 12:00:44.631757000 +0200
+--- sshd_config.5.orig	2021-03-02 11:31:47.000000000 +0100
++++ sshd_config.5	2021-03-03 08:25:17.979860000 +0100
 @@ -106,6 +106,15 @@
  Note that disabling agent forwarding does not improve security
  unless users are also denied shell access, as they can always install

openssh/openssh.patch.chroot

@@ -1,7 +1,7 @@
 Index: scp.c
---- scp.c.orig	2021-09-26 16:03:19.000000000 +0200
-+++ scp.c	2021-09-30 12:00:21.319372000 +0200
-@@ -171,6 +171,11 @@
+--- scp.c.orig	2021-03-02 11:31:47.000000000 +0100
++++ scp.c	2021-03-03 08:26:22.056945000 +0100
+@@ -159,6 +159,11 @@
  /* This is the program to execute for the secured connection. ("ssh" or -S) */
  char *ssh_program = _PATH_SSH_PROGRAM;
  
@@ -12,32 +12,32 @@ Index: scp.c
 +
  /* This is used to store the pid of ssh_program */
  pid_t do_cmd_pid = -1;
- pid_t do_cmd_pid2 = -1;
-@@ -481,7 +486,11 @@
+ 
+@@ -432,7 +437,11 @@
  
  	fflag = Tflag = tflag = 0;
  	while ((ch = getopt(argc, argv,
 +#ifdef USE_CHROOT
-+	    "12346ABCTdfOpqRrstvD:F:J:M:P:S:c:i:l:o:X:")) != -1) {
++	    "12346ABCTdfpqrtvF:J:P:S:c:i:l:o:R:")) != -1) {
 +#else
- 	    "12346ABCTdfOpqRrstvD:F:J:M:P:S:c:i:l:o:")) != -1) {
+ 	    "12346ABCTdfpqrtvF:J:P:S:c:i:l:o:")) != -1) {
 +#endif
  		switch (ch) {
  		/* User-visible flags. */
  		case '1':
-@@ -581,6 +590,11 @@
+@@ -516,6 +525,11 @@
  		case 'T':
  			Tflag = 1;
  			break;
 +#ifdef USE_CHROOT
-+		case 'X':
++		case 'R':
 +			chrootdir = xstrdup(optarg);
 +			break;
 +#endif
  		default:
  			usage();
  		}
-@@ -615,6 +629,19 @@
+@@ -545,6 +559,19 @@
  	remin = STDIN_FILENO;
  	remout = STDOUT_FILENO;
  
@@ -58,8 +58,8 @@ Index: scp.c
  		/* Follow "protocol", send data. */
  		(void) response();
 Index: session.c
---- session.c.orig	2021-09-26 16:03:19.000000000 +0200
-+++ session.c	2021-09-30 11:59:33.904574000 +0200
+--- session.c.orig	2021-03-02 11:31:47.000000000 +0100
++++ session.c	2021-03-03 08:25:31.704168000 +0100
 @@ -1402,6 +1402,25 @@
  			options.chroot_directory = NULL;
  			in_chroot = 1;
@@ -87,9 +87,9 @@ Index: session.c
  #ifdef HAVE_LOGIN_CAP
  		if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
 Index: sftp-server.c
---- sftp-server.c.orig	2021-09-26 16:03:19.000000000 +0200
-+++ sftp-server.c	2021-09-30 11:59:33.905055000 +0200
-@@ -1818,6 +1818,38 @@
+--- sftp-server.c.orig	2021-03-02 11:31:47.000000000 +0100
++++ sftp-server.c	2021-03-03 08:25:31.704450000 +0100
+@@ -1717,6 +1717,38 @@
  	logit("session opened for local user %s from [%s]",
  	    pw->pw_name, client_addr);
  

openssh/openssh.patch.lpk

@@ -1,18 +1,18 @@
 Index: Makefile.in
---- Makefile.in.orig	2021-09-26 16:03:19.000000000 +0200
-+++ Makefile.in	2021-09-30 12:01:07.588022000 +0200
-@@ -129,7 +129,7 @@
+--- Makefile.in.orig	2021-03-02 11:31:47.000000000 +0100
++++ Makefile.in	2021-03-03 08:26:38.162144000 +0100
+@@ -128,7 +128,7 @@
  	srclimit.o sftp-server.o sftp-common.o \
  	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
  	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
 -	sandbox-solaris.o uidswap.o $(SKOBJS)
 +	sandbox-solaris.o uidswap.o ldapauth.o $(SKOBJS)
  
- SFTP_CLIENT_OBJS=sftp-common.o sftp-client.o sftp-glob.o
+ SCP_OBJS=	scp.o progressmeter.o
  
 Index: README.lpk
---- README.lpk.orig	2021-09-30 12:01:07.589683000 +0200
-+++ README.lpk	2021-09-30 12:01:07.589238000 +0200
+--- README.lpk.orig	2021-03-03 08:26:38.162489000 +0100
++++ README.lpk	2021-03-03 08:26:38.162407000 +0100
 @@ -0,0 +1,267 @@
 +OpenSSH LDAP PUBLIC KEY PATCH 
 +Copyright (c) 2003 Eric AUGE (eau@phear.org)
@@ -282,8 +282,8 @@ Index: README.lpk
 +  - Eric AUGE <eau@phear.org>
 +  - Andrea Barisani <andrea@inversepath.com>
 Index: auth2-pubkey.c
---- auth2-pubkey.c.orig	2021-09-26 16:03:19.000000000 +0200
-+++ auth2-pubkey.c	2021-09-30 12:01:07.590574000 +0200
+--- auth2-pubkey.c.orig	2021-03-02 11:31:47.000000000 +0100
++++ auth2-pubkey.c	2021-03-03 08:26:38.162683000 +0100
 @@ -71,6 +71,10 @@
  #include "session.h" /* XXX for child_set_env(); refactor? */
  #include "sk-api.h"
@@ -295,7 +295,7 @@ Index: auth2-pubkey.c
  /* import */
  extern ServerOptions options;
  
-@@ -720,10 +724,76 @@
+@@ -718,10 +722,76 @@
  	size_t linesize = 0;
  	int found_key = 0;
  	u_long linenum = 0;
@@ -373,8 +373,8 @@ Index: auth2-pubkey.c
  		linenum++;
  		/* Always consume entire file */
 Index: config.h.in
---- config.h.in.orig	2021-09-26 16:07:24.000000000 +0200
-+++ config.h.in	2021-09-30 12:01:07.592043000 +0200
+--- config.h.in.orig	2021-03-02 13:05:41.000000000 +0100
++++ config.h.in	2021-03-03 08:26:38.162979000 +0100
 @@ -903,6 +903,9 @@
  /* Define to 1 if you have the `localtime_r' function. */
  #undef HAVE_LOCALTIME_R
@@ -386,9 +386,9 @@ Index: config.h.in
  #undef HAVE_LOGIN
  
 Index: configure.ac
---- configure.ac.orig	2021-09-26 16:03:19.000000000 +0200
-+++ configure.ac	2021-09-30 12:01:07.595150000 +0200
-@@ -1793,6 +1793,37 @@
+--- configure.ac.orig	2021-03-02 11:31:47.000000000 +0100
++++ configure.ac	2021-03-03 08:26:38.163566000 +0100
+@@ -1782,6 +1782,37 @@
  CFLAGS="$SAVED_CFLAGS"
  AC_SUBST([PICFLAG])
  
@@ -426,7 +426,7 @@ Index: configure.ac
  dnl    Checks for library functions. Please keep in alphabetical order
  AC_CHECK_FUNCS([ \
  	Blowfish_initstate \
-@@ -5558,6 +5589,7 @@
+@@ -5500,6 +5531,7 @@
  echo "                   OSF SIA support: $SIA_MSG"
  echo "                 KerberosV support: $KRB5_MSG"
  echo "                   SELinux support: $SELINUX_MSG"
@@ -435,9 +435,9 @@ Index: configure.ac
  echo "                   libedit support: $LIBEDIT_MSG"
  echo "                   libldns support: $LDNS_MSG"
 Index: configure
---- configure.orig	2021-09-26 16:07:20.000000000 +0200
-+++ configure	2021-09-30 12:01:07.603532000 +0200
-@@ -1465,6 +1465,7 @@
+--- configure.orig	2021-03-02 13:05:37.000000000 +0100
++++ configure	2021-03-03 08:26:38.165184000 +0100
+@@ -1466,6 +1466,7 @@
    --with-ldns[=PATH]      Use ldns for DNSSEC support (optionally in PATH)
    --with-libedit[=PATH]   Enable libedit support for sftp
    --with-audit=module     Enable audit support (modules=debug,bsm,linux)
@@ -445,7 +445,7 @@ Index: configure
    --with-pie              Build Position Independent Executables if possible
    --with-security-key-builtin include builtin U2F/FIDO support
    --with-ssl-dir=PATH     Specify path to OpenSSL installation
-@@ -14545,6 +14546,57 @@
+@@ -14521,6 +14522,57 @@
  
  fi
  
@@ -503,7 +503,7 @@ Index: configure
  for ac_func in  \
  	arc4random \
  	arc4random_buf \
-@@ -21998,6 +22050,7 @@
+@@ -21762,6 +21814,7 @@
  echo "                   OSF SIA support: $SIA_MSG"
  echo "                 KerberosV support: $KRB5_MSG"
  echo "                   SELinux support: $SELINUX_MSG"
@@ -512,8 +512,8 @@ Index: configure
  echo "                   libedit support: $LIBEDIT_MSG"
  echo "                   libldns support: $LDNS_MSG"
 Index: ldapauth.c
---- ldapauth.c.orig	2021-09-30 12:01:07.605215000 +0200
-+++ ldapauth.c	2021-09-30 12:01:07.604781000 +0200
+--- ldapauth.c.orig	2021-03-03 08:26:38.165500000 +0100
++++ ldapauth.c	2021-03-03 08:26:38.165418000 +0100
 @@ -0,0 +1,579 @@
 +/* 
 + * $Id: openssh-lpk-4.3p1-0.3.7.patch,v 1.3 2006/04/18 15:29:09 eau Exp $
@@ -1095,8 +1095,8 @@ Index: ldapauth.c
 +
 +#endif /* WITH_LDAP_PUBKEY */
 Index: ldapauth.h
---- ldapauth.h.orig	2021-09-30 12:01:07.606030000 +0200
-+++ ldapauth.h	2021-09-30 12:01:07.605606000 +0200
+--- ldapauth.h.orig	2021-03-03 08:26:38.165661000 +0100
++++ ldapauth.h	2021-03-03 08:26:38.165581000 +0100
 @@ -0,0 +1,130 @@
 +/*
 + * $Id: openssh-lpk-4.3p1-0.3.7.patch,v 1.3 2006/04/18 15:29:09 eau Exp $ 
@@ -1229,8 +1229,8 @@ Index: ldapauth.h
 +
 +#endif
 Index: lpk-user-example.txt
---- lpk-user-example.txt.orig	2021-09-30 12:01:07.606815000 +0200
-+++ lpk-user-example.txt	2021-09-30 12:01:07.606387000 +0200
+--- lpk-user-example.txt.orig	2021-03-03 08:26:38.165827000 +0100
++++ lpk-user-example.txt	2021-03-03 08:26:38.165745000 +0100
 @@ -0,0 +1,117 @@
 +
 +Post to ML -> User Made Quick Install Doc.
@@ -1350,8 +1350,8 @@ Index: lpk-user-example.txt
 +
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 Index: openssh-lpk_openldap.schema
---- openssh-lpk_openldap.schema.orig	2021-09-30 12:01:07.607555000 +0200
-+++ openssh-lpk_openldap.schema	2021-09-30 12:01:07.607134000 +0200
+--- openssh-lpk_openldap.schema.orig	2021-03-03 08:26:38.165970000 +0100
++++ openssh-lpk_openldap.schema	2021-03-03 08:26:38.165890000 +0100
 @@ -0,0 +1,19 @@
 +#
 +# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -1373,8 +1373,8 @@ Index: openssh-lpk_openldap.schema
 +	MUST ( sshPublicKey $ uid ) 
 +	)
 Index: openssh-lpk_sun.schema
---- openssh-lpk_sun.schema.orig	2021-09-30 12:01:07.608281000 +0200
-+++ openssh-lpk_sun.schema	2021-09-30 12:01:07.607858000 +0200
+--- openssh-lpk_sun.schema.orig	2021-03-03 08:26:38.166114000 +0100
++++ openssh-lpk_sun.schema	2021-03-03 08:26:38.166034000 +0100
 @@ -0,0 +1,21 @@
 +#
 +# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -1398,8 +1398,8 @@ Index: openssh-lpk_sun.schema
 +	MUST ( sshPublicKey $ uid ) 
 +	)
 Index: servconf.c
---- servconf.c.orig	2021-09-26 16:03:19.000000000 +0200
-+++ servconf.c	2021-09-30 12:01:07.610189000 +0200
+--- servconf.c.orig	2021-03-02 11:31:47.000000000 +0100
++++ servconf.c	2021-03-03 08:26:38.166425000 +0100
 @@ -71,6 +71,10 @@
  #include "myproposal.h"
  #include "digest.h"
@@ -1411,7 +1411,7 @@ Index: servconf.c
  static void add_listen_addr(ServerOptions *, const char *,
      const char *, int);
  static void add_one_listen_addr(ServerOptions *, const char *,
-@@ -154,6 +158,26 @@
+@@ -155,6 +159,26 @@
  	options->num_allow_groups = 0;
  	options->num_deny_groups = 0;
  	options->ciphers = NULL;
@@ -1438,7 +1438,7 @@ Index: servconf.c
  	options->macs = NULL;
  	options->kex_algorithms = NULL;
  	options->ca_sign_algorithms = NULL;
-@@ -441,6 +465,36 @@
+@@ -442,6 +466,36 @@
  		options->expose_userauth_info = 0;
  	if (options->sk_provider == NULL)
  		options->sk_provider = xstrdup("internal");
@@ -1475,7 +1475,7 @@ Index: servconf.c
  
  	assemble_algorithms(options);
  
-@@ -518,6 +572,12 @@
+@@ -521,6 +575,12 @@
  	sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
  	sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
  	sDeprecated, sIgnore, sUnsupported
@@ -1488,7 +1488,7 @@ Index: servconf.c
  } ServerOpCodes;
  
  #define SSHCFG_GLOBAL		0x01	/* allowed in main section of config */
-@@ -643,6 +703,22 @@
+@@ -645,6 +705,22 @@
  	{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
  	{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
  	{ "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
@@ -1511,7 +1511,7 @@ Index: servconf.c
  	{ "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
  	{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
  	{ "setenv", sSetEnv, SSHCFG_ALL },
-@@ -1265,6 +1341,7 @@
+@@ -1256,6 +1332,7 @@
  	int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found;
  	SyslogFacility *log_facility_ptr;
  	LogLevel *log_level_ptr;
@@ -1519,17 +1519,17 @@ Index: servconf.c
  	ServerOpCodes opcode;
  	u_int i, *uintptr, uvalue, flags = 0;
  	size_t len;
-@@ -1300,6 +1377,7 @@
- 		return -1;
- 	}
+@@ -1283,6 +1360,7 @@
+ 	if (!arg || !*arg || *arg == '#')
+ 		return 0;
  	intptr = NULL;
 +	longptr = NULL;
  	charptr = NULL;
- 	opcode = parse_token(keyword, filename, linenum, &flags);
+ 	opcode = parse_token(arg, filename, linenum, &flags);
  
-@@ -2412,6 +2490,133 @@
- 		if (*activep)
- 			options->fingerprint_hash = value;
+@@ -2405,6 +2483,133 @@
+ 		while (arg)
+ 		    arg = strdelim(&cp);
  		break;
 +#ifdef WITH_LDAP_PUBKEY
 +	case sLdapPublickey:
@@ -1659,11 +1659,11 @@ Index: servconf.c
 +
 +#endif
  
- 	case sExposeAuthInfo:
- 		intptr = &options->expose_userauth_info;
+ 	default:
+ 		fatal("%s line %d: Missing handler for opcode %s (%d)",
 Index: servconf.h
---- servconf.h.orig	2021-09-26 16:03:19.000000000 +0200
-+++ servconf.h	2021-09-30 12:01:07.611175000 +0200
+--- servconf.h.orig	2021-03-02 11:31:47.000000000 +0100
++++ servconf.h	2021-03-03 08:26:38.166616000 +0100
 @@ -18,6 +18,10 @@
  
  #include <openbsd-compat/sys-queue.h>
@@ -1686,9 +1686,9 @@ Index: servconf.h
  	char   **permitted_opens;	/* May also be one of PERMITOPEN_* */
  	u_int   num_permitted_opens;
 Index: sshd.c
---- sshd.c.orig	2021-09-26 16:03:19.000000000 +0200
-+++ sshd.c	2021-09-30 12:01:07.612871000 +0200
-@@ -132,6 +132,10 @@
+--- sshd.c.orig	2021-03-02 11:31:47.000000000 +0100
++++ sshd.c	2021-03-03 22:55:00.213357000 +0100
+@@ -131,6 +131,10 @@
  #define REEXEC_CONFIG_PASS_FD		(STDERR_FILENO + 3)
  #define REEXEC_MIN_FREE_FD		(STDERR_FILENO + 4)
  
@@ -1699,7 +1699,7 @@ Index: sshd.c
  extern char *__progname;
  
  /* Server configuration options. */
-@@ -1788,6 +1792,17 @@
+@@ -1766,6 +1770,17 @@
  		exit(1);
  	}
  
@@ -1718,9 +1718,9 @@ Index: sshd.c
  
  	/* Store privilege separation user for later use if required. */
 Index: sshd_config.5
---- sshd_config.5.orig	2021-09-26 16:03:19.000000000 +0200
-+++ sshd_config.5	2021-09-30 12:01:07.614437000 +0200
-@@ -1850,6 +1850,62 @@
+--- sshd_config.5.orig	2021-03-02 11:31:47.000000000 +0100
++++ sshd_config.5	2021-03-03 08:26:38.167335000 +0100
+@@ -1832,6 +1832,62 @@
  to not use one.
  The default is
  .Pa /usr/X11R6/bin/xauth .
@@ -1784,8 +1784,8 @@ Index: sshd_config.5
  .Sh TIME FORMATS
  .Xr sshd 8
 Index: sshd_config
---- sshd_config.orig	2021-09-26 16:03:19.000000000 +0200
-+++ sshd_config	2021-09-30 12:01:07.615339000 +0200
+--- sshd_config.orig	2021-03-02 11:31:47.000000000 +0100
++++ sshd_config	2021-03-03 08:26:38.167506000 +0100
 @@ -105,6 +105,22 @@
  # no default banner path
  #Banner none

openssh/openssh.patch.scpbindir

@@ -1,6 +1,6 @@
 Index: session.c
---- session.c.orig	2021-09-26 16:03:19.000000000 +0200
-+++ session.c	2021-09-30 12:00:56.519149000 +0200
+--- session.c.orig	2021-03-02 11:31:47.000000000 +0100
++++ session.c	2021-03-03 22:55:16.091026000 +0100
 @@ -111,6 +111,10 @@
  	  c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \
  	  c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))

openssh/openssh.spec

@@ -22,10 +22,10 @@
 ##
 
 #   package versions
-%define       V_base        8.8
+%define       V_base        8.7
 %define       V_portable    p1
 %define       V_connect     100
-%define       V_hpn         8_4_P1-hpn-15.1
+%define       V_hpn         7_8_P1-hpn-14.16
 
 #   package information
 Name:         openssh
@@ -38,7 +38,7 @@ Class:        CORE
 Group:        SSH
 License:      BSD
 Version:      %{V_base}%{V_portable}
-Release:      20210930
+Release:      20211001
 
 #   package options
 %option       with_fsl          yes