diff --git a/Ports/openssh/patches/pledge_sigaction.patch b/Ports/openssh/patches/pledge.patch similarity index 52% rename from Ports/openssh/patches/pledge_sigaction.patch rename to Ports/openssh/patches/pledge.patch index d1f7e8a5583567..f9959ea3f1b0c2 100644 --- a/Ports/openssh/patches/pledge_sigaction.patch +++ b/Ports/openssh/patches/pledge.patch @@ -1,4 +1,4 @@ -f524cc245e63092372d78c3d80959b589aeebcc2 Add missing sigaction pledges +f524cc245e63092372d78c3d80959b589aeebcc2 Add missing sigaction pledges and remove dns diff --git a/clientloop.c b/clientloop.c index da396c72..3ff4ea89 100644 --- a/clientloop.c @@ -8,21 +8,21 @@ index da396c72..3ff4ea89 100644 !option_clear_or_none(options.control_path)) { debug("pledge: id"); - if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty", -+ if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty sigaction", ++ if (pledge("stdio rpath wpath cpath unix inet recvfd sendfd proc exec id tty sigaction", NULL) == -1) fatal("%s pledge(): %s", __func__, strerror(errno)); } else if (options.forward_x11 || options.permit_local_command) { debug("pledge: exec"); - if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty", -+ if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty sigaction", ++ if (pledge("stdio rpath wpath cpath unix inet proc exec tty sigaction", NULL) == -1) fatal("%s pledge(): %s", __func__, strerror(errno)); } else if (options.update_hostkeys) { debug("pledge: filesystem full"); - if (pledge("stdio rpath wpath cpath unix inet dns proc tty", -+ if (pledge("stdio rpath wpath cpath unix inet dns proc tty sigaction", ++ if (pledge("stdio rpath wpath cpath unix inet proc tty sigaction", NULL) == -1) fatal("%s pledge(): %s", __func__, strerror(errno)); @@ -30,13 +30,34 @@ index da396c72..3ff4ea89 100644 fork_after_authentication_flag) { debug("pledge: proc"); - if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) -+ if (pledge("stdio cpath unix inet dns proc tty sigaction", NULL) == -1) ++ if (pledge("stdio cpath unix inet proc tty sigaction", NULL) == -1) fatal("%s pledge(): %s", __func__, strerror(errno)); } else { debug("pledge: network"); - if (pledge("stdio unix inet dns proc tty", NULL) == -1) -+ if (pledge("stdio unix inet dns proc tty sigaction", NULL) == -1) ++ if (pledge("stdio unix inet proc tty sigaction", NULL) == -1) fatal("%s pledge(): %s", __func__, strerror(errno)); } +diff -Naur openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676/ssh-keysign.c openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676.serenity/ssh-keysign.c +--- openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676/ssh-keysign.c 2020-05-27 02:38:00.000000000 +0200 ++++ openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676.serenity/ssh-keysign.c 2021-05-18 00:09:01.831610440 +0200 +@@ -173,7 +173,7 @@ + char *host, *fp; + size_t slen, dlen; + +- if (pledge("stdio rpath getpw dns id", NULL) != 0) ++ if (pledge("stdio rpath id", NULL) != 0) + fatal("%s: pledge: %s", __progname, strerror(errno)); + + /* Ensure that stdin and stdout are connected */ +@@ -237,7 +237,7 @@ + if (!found) + fatal("no hostkey found"); + +- if (pledge("stdio dns", NULL) != 0) ++ if (pledge("stdio", NULL) != 0) + fatal("%s: pledge: %s", __progname, strerror(errno)); + + if ((b = sshbuf_new()) == NULL)