diff options
author | wiz <wiz> | 2015-08-21 08:12:09 +0000 |
---|---|---|
committer | wiz <wiz> | 2015-08-21 08:12:09 +0000 |
commit | 9235be612ba2005a6a5fdd8d77de4b066634707b (patch) | |
tree | ad32bd956b89feeff8fd2c6dcd401b856cda8554 /security/openssh/patches/patch-auth2-chall.c | |
parent | 74485f31366c882b51c9d4e4df1c6f3888b1e5f9 (diff) | |
download | pkgsrc-9235be612ba2005a6a5fdd8d77de4b066634707b.tar.gz |
Update to 7.1p1:
Changes since OpenSSH 7.0
=========================
This is a bugfix release.
Security
--------
* sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin=
prohibit-password/without-password that could, depending on
compile-time configuration, permit password authentication to
root while preventing other forms of authentication. This problem
was reported by Mantas Mikulenas.
Bugfixes
--------
* ssh(1), sshd(8): add compatability workarounds for FuTTY
* ssh(1), sshd(8): refine compatability workarounds for WinSCP
* Fix a number of memory faults (double-free, free of uninitialised
memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz
Kocielski.
Diffstat (limited to 'security/openssh/patches/patch-auth2-chall.c')
-rw-r--r-- | security/openssh/patches/patch-auth2-chall.c | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/security/openssh/patches/patch-auth2-chall.c b/security/openssh/patches/patch-auth2-chall.c deleted file mode 100644 index 4bd9a792f10..00000000000 --- a/security/openssh/patches/patch-auth2-chall.c +++ /dev/null @@ -1,32 +0,0 @@ -$NetBSD: patch-auth2-chall.c,v 1.1 2015/07/30 03:20:36 taca Exp $ - -Fix for CVE-2015-5600 from FreeBSD via NetBSD base. - ---- auth2-chall.c.orig 2015-07-01 02:35:31.000000000 +0000 -+++ auth2-chall.c -@@ -83,6 +83,7 @@ struct KbdintAuthctxt - void *ctxt; - KbdintDevice *device; - u_int nreq; -+ u_int devices_done; - }; - - #ifdef USE_PAM -@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, K - if (len == 0) - break; - for (i = 0; devices[i]; i++) { -- if (!auth2_method_allowed(authctxt, -+ if ((kbdintctxt->devices_done & (1 << i)) != 0 || -+ !auth2_method_allowed(authctxt, - "keyboard-interactive", devices[i]->name)) - continue; -- if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) -+ if (strncmp(kbdintctxt->devices, devices[i]->name, -+ len) == 0) { - kbdintctxt->device = devices[i]; -+ kbdintctxt->devices_done |= 1 << i; -+ } - } - t = kbdintctxt->devices; - kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; |