external/openssh: update to 6.8p1.

In preparation for some updates to external/openssh to make it work with BoringSSL, this change updates the code to a recent version. The current version (5.9p1) is coming up on four years old now. * Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches OpenSSH 5.9p1 exactly (save for the removal of the scard subdirectory). * Downloaded openssh-6.8p1.tar.gz (SHA256: 3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e) and verified with PGP signature. (I've verified Damien's key in person previously.) * Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The ugliest change is probably the duplication of umac.c to umac128.c because Android conditionally compiles that file twice. See the comment in those files. Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
author: Adam Langley <agl@google.com> 2015-03-30 14:49:51 -0700
committer: Adam Langley <agl@google.com> 2015-04-07 17:50:50 -0700
commit: d059297112922cabb0c674840589be8db821fd9a (patch)
tree: 9c2045d28ec1c8594090f38bc32e9f523dc6c68d /uidswap.c
parent: f5c67b478bef9992de9e9ec91ce10af4f6205e0d (diff)
1 files changed, 22 insertions, 54 deletions
diff --git a/uidswap.c b/uidswap.c
index c1c01e9a..ce7a00de 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uidswap.c,v 1.35 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: uidswap.c,v 1.37 2015/01/16 06:40:12 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -14,12 +14,13 @@
 
 #include "includes.h"
 
-#include <sys/param.h>
 #include <errno.h>
 #include <pwd.h>
 #include <string.h>
 #include <unistd.h>
+#include <limits.h>
 #include <stdarg.h>
+#include <stdlib.h>
 
 #include <grp.h>
 
@@ -96,8 +97,7 @@ temporarily_use_uid(struct passwd *pw)
 		if (getgroups(saved_egroupslen, saved_egroups) < 0)
 			fatal("getgroups: %.100s", strerror(errno));
 	} else { /* saved_egroupslen == 0 */
-		if (saved_egroups != NULL)
-			xfree(saved_egroups);
+		free(saved_egroups);
 	}
 
 	/* set and save the user's groups */
@@ -115,8 +115,7 @@ temporarily_use_uid(struct passwd *pw)
 			if (getgroups(user_groupslen, user_groups) < 0)
 				fatal("getgroups: %.100s", strerror(errno));
 		} else { /* user_groupslen == 0 */
-			if (user_groups)
-				xfree(user_groups);
+			free(user_groups);
 		}
 	}
 	/* Set the effective uid to the given (unprivileged) uid. */
@@ -141,23 +140,13 @@ temporarily_use_uid(struct passwd *pw)
 void
 permanently_drop_suid(uid_t uid)
 {
+#ifndef HAVE_CYGWIN
 	uid_t old_uid = getuid();
+#endif
 
 	debug("permanently_drop_suid: %u", (u_int)uid);
-#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID)
 	if (setresuid(uid, uid, uid) < 0)
 		fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno));
-#elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
-	if (setreuid(uid, uid) < 0)
-		fatal("setreuid %u: %.100s", (u_int)uid, strerror(errno));
-#else
-# ifndef SETEUID_BREAKS_SETUID
-	if (seteuid(uid) < 0)
-		fatal("seteuid %u: %.100s", (u_int)uid, strerror(errno));
-# endif
-	if (setuid(uid) < 0)
-		fatal("setuid %u: %.100s", (u_int)uid, strerror(errno));
-#endif
 
 #ifndef HAVE_CYGWIN
 	/* Try restoration of UID if changed (test clearing of saved uid) */
@@ -216,9 +205,11 @@ restore_uid(void)
 void
 permanently_set_uid(struct passwd *pw)
 {
+#ifndef HAVE_CYGWIN
 	uid_t old_uid = getuid();
 	gid_t old_gid = getgid();
-#ifdef ANDROID
+#endif
+#if defined(ANDROID)
 	struct __user_cap_header_struct header;
 	struct __user_cap_data_struct cap;
 #endif
@@ -230,39 +221,28 @@ permanently_set_uid(struct passwd *pw)
 	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
 	    (u_int)pw->pw_gid);
 
-#ifdef ANDROID
+#if defined(ANDROID)
 	if (pw->pw_uid == AID_SHELL) {
 		prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
 
 		/* add extra groups needed for shell user:
-		** AID_LOG to read system logs (adb logcat)
-		** AID_INPUT to diagnose input issues (getevent)
-		** AID_INET to diagnose network issues (netcfg, ping)
-		** AID_GRAPHICS to access the frame buffer
-		** AID_NET_BT and AID_NET_BT_ADMIN to diagnose bluetooth (hcidump)
-		** AID_SDCARD_RW to allow writing to the SD card
-		** AID_MOUNT to allow unmounting the SD card before rebooting
-		** AID_NET_BW_STATS to read out qtaguid statistics
-		*/
-		gid_t groups[] = { AID_LOG, AID_INPUT, AID_INET, AID_GRAPHICS,
-						   AID_NET_BT, AID_NET_BT_ADMIN, AID_SDCARD_RW,
-						   AID_MOUNT, AID_NET_BW_STATS };
+		 * - AID_LOG to read system logs (adb logcat)
+		 * - AID_INPUT to diagnose input issues (getevent)
+		 * - AID_INET to diagnose network issues (netcfg, ping)
+		 * - AID_GRAPHICS to access the frame buffer
+		 * - AID_NET_BT and AID_NET_BT_ADMIN to diagnose bluetooth (hcidump)
+		 * - AID_SDCARD_RW to allow writing to the SD card
+		 * - AID_MOUNT to allow unmounting the SD card before rebooting
+		 * - AID_NET_BW_STATS to read out qtaguid statistics. */
+		gid_t groups[] = {AID_LOG,       AID_INPUT,  AID_INET,
+				  AID_GRAPHICS,  AID_NET_BT, AID_NET_BT_ADMIN,
+				  AID_SDCARD_RW, AID_MOUNT,  AID_NET_BW_STATS};
 		setgroups(sizeof(groups)/sizeof(groups[0]), groups);
 	}
 #endif
 
-#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
 	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
 		fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-#elif defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID)
-	if (setregid(pw->pw_gid, pw->pw_gid) < 0)
-		fatal("setregid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-#else
-	if (setegid(pw->pw_gid) < 0)
-		fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-	if (setgid(pw->pw_gid) < 0)
-		fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-#endif
 
 #ifdef __APPLE__
 	/*
@@ -274,20 +254,8 @@ permanently_set_uid(struct passwd *pw)
 		    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
 #endif
 
-#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID)
 	if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
 		fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-#elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
-	if (setreuid(pw->pw_uid, pw->pw_uid) < 0)
-		fatal("setreuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-#else
-# ifndef SETEUID_BREAKS_SETUID
-	if (seteuid(pw->pw_uid) < 0)
-		fatal("seteuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-# endif
-	if (setuid(pw->pw_uid) < 0)
-		fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-#endif
 
 #ifndef HAVE_CYGWIN
 	/* Try restoration of GID if changed (test clearing of saved gid) */
author	Adam Langley <agl@google.com>	2015-03-30 14:49:51 -0700
committer	Adam Langley <agl@google.com>	2015-04-07 17:50:50 -0700
commit	d059297112922cabb0c674840589be8db821fd9a (patch)
tree	9c2045d28ec1c8594090f38bc32e9f523dc6c68d /uidswap.c
parent	f5c67b478bef9992de9e9ec91ce10af4f6205e0d (diff)