diff options
author | taca <taca@pkgsrc.org> | 2011-02-16 17:45:08 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2011-02-16 17:45:08 +0000 |
commit | 1caa4486994c3e3a9e064d7908d66a6a59d6bb38 (patch) | |
tree | 55f06779e9883e2813645f4f838866f0158f6d71 /security/openssh | |
parent | a0784598288907f76877566c44d5e9e0f28e1ef3 (diff) | |
download | pkgsrc-1caa4486994c3e3a9e064d7908d66a6a59d6bb38.tar.gz |
Update openssh package to 5.8.1 (5.8p1).
For changes from 5.5 to 5.7, please refer http://openssh.com/txt/release-5.7
and http://openssh.com/txt/release-5.6 in detail.
Changes since OpenSSH 5.7
=========================
Security:
* Fix vulnerability in legacy certificate signing introduced in
OpenSSH-5.6 and found by Mateusz Kocielski.
Legacy certificates signed by OpenSSH 5.6 or 5.7 included data from
the stack in place of a random nonce field. The contents of the stack
do not appear to contain private data at this point, but this cannot
be stated with certainty for all platform, library and compiler
combinations. In particular, there exists a risk that some bytes from
the privileged CA key may be accidentally included.
A full advisory for this issue is available at:
http://www.openssh.com/txt/legacy-cert.adv
Portable OpenSSH Bugfixes:
* Fix compilation failure when enableing SELinux support.
* Do not attempt to call SELinux functions when SELinux is disabled.
bz#1851
Diffstat (limited to 'security/openssh')
-rw-r--r-- | security/openssh/Makefile | 6 | ||||
-rw-r--r-- | security/openssh/distinfo | 41 | ||||
-rw-r--r-- | security/openssh/options.mk | 4 | ||||
-rw-r--r-- | security/openssh/patches/patch-aa | 11 | ||||
-rw-r--r-- | security/openssh/patches/patch-ab | 11 | ||||
-rw-r--r-- | security/openssh/patches/patch-ac | 8 | ||||
-rw-r--r-- | security/openssh/patches/patch-ad | 18 | ||||
-rw-r--r-- | security/openssh/patches/patch-ag | 10 | ||||
-rw-r--r-- | security/openssh/patches/patch-ah | 10 | ||||
-rw-r--r-- | security/openssh/patches/patch-ak | 12 | ||||
-rw-r--r-- | security/openssh/patches/patch-am | 6 | ||||
-rw-r--r-- | security/openssh/patches/patch-an | 12 | ||||
-rw-r--r-- | security/openssh/patches/patch-ao | 32 | ||||
-rw-r--r-- | security/openssh/patches/patch-ap | 8 | ||||
-rw-r--r-- | security/openssh/patches/patch-av | 20 | ||||
-rw-r--r-- | security/openssh/patches/patch-aw | 4 | ||||
-rw-r--r-- | security/openssh/patches/patch-platform.c | 16 |
17 files changed, 108 insertions, 121 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 3270b83d39d..9dc9cab7616 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.198 2011/02/06 11:31:18 obache Exp $ +# $NetBSD: Makefile,v 1.199 2011/02/16 17:45:08 taca Exp $ -DISTNAME= openssh-5.5p1 -PKGNAME= openssh-5.5.1 +DISTNAME= openssh-5.8p1 +PKGNAME= openssh-5.8.1 SVR4_PKGNAME= ossh CATEGORIES= security MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 8a2bd1f4bec..9b3c2781252 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,29 +1,30 @@ -$NetBSD: distinfo,v 1.78 2011/02/06 11:31:18 obache Exp $ +$NetBSD: distinfo,v 1.79 2011/02/16 17:45:08 taca Exp $ -SHA1 (openssh-5.5p1-hpn13v9.diff.gz) = 8601fabf0067ff9c59501dc0006ad3853dbb3de0 -RMD160 (openssh-5.5p1-hpn13v9.diff.gz) = bb9d44589018030fa3102898f85f4dfd7032d2f0 -Size (openssh-5.5p1-hpn13v9.diff.gz) = 22657 bytes -SHA1 (openssh-5.5p1.tar.gz) = 361c6335e74809b26ea096b34062ba8ff6c97cd6 -RMD160 (openssh-5.5p1.tar.gz) = 7cee614112b691da5daac9f2579becba2409b727 -Size (openssh-5.5p1.tar.gz) = 1097574 bytes -SHA1 (patch-aa) = 6c4796dae7dc618e173cd4594ec7be4c5ac8be1c -SHA1 (patch-ab) = 9380dc2c941997925f8f310af5a19be5260d1d1e -SHA1 (patch-ac) = 5c63cb47ffb556a15f685011bc3291d2219613dc -SHA1 (patch-ad) = a02e5a24fee128d925939785c06f3fa985fc6f2f +SHA1 (openssh-5.8p1-hpn13v11.diff.gz) = ea61ab71605ee867eebc1a92875a3ea5369e2d28 +RMD160 (openssh-5.8p1-hpn13v11.diff.gz) = 45fbb8e2db2f829f2749cd745ed6a0542adb1c45 +Size (openssh-5.8p1-hpn13v11.diff.gz) = 22993 bytes +SHA1 (openssh-5.8p1.tar.gz) = adebb2faa9aba2a3a3c8b401b2b19677ab53f0de +RMD160 (openssh-5.8p1.tar.gz) = c3903b1cf99553a8fc8d762d52c0f28db830edd0 +Size (openssh-5.8p1.tar.gz) = 1113798 bytes +SHA1 (patch-aa) = 59a39e53367983145e11150018a7f6f185df7bd5 +SHA1 (patch-ab) = 45ae7e91a00fc6d3fdb6cd6b91950d7aae58a55f +SHA1 (patch-ac) = 7cd1129633649327f4f44cecc10b617c5cd34ec3 +SHA1 (patch-ad) = ce7c34a1810ad4f44be935c5479c53109a306d1d SHA1 (patch-ae) = 4ec1007b03d4bf28ddd1dcfdf2ec7c5295a69df5 SHA1 (patch-af) = ca3224af0b648803404776a8c12ed678db4f8ff6 -SHA1 (patch-ag) = 385874017f160626d3a95b6ce4a298d442cf9393 -SHA1 (patch-ah) = c8d4b57fd72260e26960ac67d672bebb40759bed +SHA1 (patch-ag) = 0cdcc0f235119fb0603bb112492dd5ba66e6ad04 +SHA1 (patch-ah) = 0dad388fe5204ee6ca5d90ba1e684e18df38ccf1 SHA1 (patch-ai) = becad6262e5daeef2a6db14097a8971c40088403 SHA1 (patch-aj) = 5c89b4a7da59f05c50c16083aa6dd6e465cd0305 -SHA1 (patch-ak) = c718c24c7fd5e2989e40d1a0272faea6434ec578 +SHA1 (patch-ak) = 00b594fec3c366ed134b7ced5c3bc3fcf7b56357 SHA1 (patch-al) = ffd15b2ef3cb6b57419c0f6f1f4f795e497382d7 -SHA1 (patch-am) = 4893a8a059d611d35c1fb9ff03b598c590e0355e -SHA1 (patch-an) = bb82f8f7f9d3949fde0d797a4c1253ae402f0311 -SHA1 (patch-ao) = cff08e03d10c32175803c6f09992e4659c3e62bd -SHA1 (patch-ap) = 5c0ae4dbcdcd50312d1db037867cbaed7c80931d +SHA1 (patch-am) = 416471d27aedd44dc56007da46805d90f3d9957f +SHA1 (patch-an) = 6a645978a04137fc104e863496a4d3a2ea1c6286 +SHA1 (patch-ao) = effe1720917a645452f1a7afd92588709355fb48 +SHA1 (patch-ap) = 48c92b26f64c682ed45cae3f8d20ec91815543ea SHA1 (patch-aq) = 1a7d8a4c5e70a0c6211247ba583534ed8ce317d0 SHA1 (patch-ar) = a1099e0175a2b14f3b19db04261891179b1e3299 SHA1 (patch-au) = 6cfdfc531e2267017a15e66ea48c7ecfa2a3926f -SHA1 (patch-av) = 5b4a63dcf8312745253f5c5e68e1d9628ff9e46d -SHA1 (patch-aw) = 532f2aebcb93cae5e0dd26a5faa1593a7d3a3c51 +SHA1 (patch-av) = dd34ac767d08b989775add25c5c015a2f19fce5c +SHA1 (patch-aw) = 22d873bfe56464ce8a978082ebce73d441f81e5d +SHA1 (patch-platform.c) = fcbea87b04d07ef45af5380f9baa024fada9974f diff --git a/security/openssh/options.mk b/security/openssh/options.mk index 8baa64fe385..9794bb5c40c 100644 --- a/security/openssh/options.mk +++ b/security/openssh/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.19 2010/06/15 03:11:52 taca Exp $ +# $NetBSD: options.mk,v 1.20 2011/02/16 17:45:08 taca Exp $ .include "../../mk/bsd.prefs.mk" @@ -17,7 +17,7 @@ CONFIGURE_ARGS+= --with-kerberos5=${KRB5BASE:Q} .endif .if !empty(PKG_OPTIONS:Mhpn-patch) -PATCHFILES= openssh-5.5p1-hpn13v9.diff.gz +PATCHFILES= openssh-5.8p1-hpn13v11.diff.gz PATCH_SITES= http://www.psc.edu/networking/projects/hpn-ssh/ PATCH_DIST_STRIP= -p1 .endif diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa index cd728673f23..ed902642d42 100644 --- a/security/openssh/patches/patch-aa +++ b/security/openssh/patches/patch-aa @@ -1,4 +1,4 @@ -$NetBSD: patch-aa,v 1.47 2011/02/06 11:31:18 obache Exp $ +$NetBSD: patch-aa,v 1.48 2011/02/16 17:45:08 taca Exp $ --- configure.orig 2010-04-16 03:17:11.000000000 +0300 +++ configure 2010-06-09 21:30:29.000000000 +0300 @@ -66,15 +66,6 @@ $NetBSD: patch-aa,v 1.47 2011/02/06 11:31:18 obache Exp $ check_for_libcrypt_later=1 cat >>confdefs.h <<\_ACEOF -@@ -12468,7 +12502,7 @@ - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - fi -- if test "x$use_pkgconfig_for_libedit" == "xyes"; then -+ if test "x$use_pkgconfig_for_libedit" = "xyes"; then - LIBEDIT=`$PKGCONFIG --libs-only-l libedit` - CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" - else @@ -29573,14 +29607,20 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test -z "$conf_wtmpx_location"; then diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab index 7daacc3b715..c895b1920db 100644 --- a/security/openssh/patches/patch-ab +++ b/security/openssh/patches/patch-ab @@ -1,4 +1,4 @@ -$NetBSD: patch-ab,v 1.29 2011/02/06 11:31:18 obache Exp $ +$NetBSD: patch-ab,v 1.30 2011/02/16 17:45:08 taca Exp $ --- configure.ac.orig 2010-04-10 15:58:01.000000000 +0300 +++ configure.ac 2010-06-09 21:32:22.000000000 +0300 @@ -36,15 +36,6 @@ $NetBSD: patch-ab,v 1.29 2011/02/06 11:31:18 obache Exp $ *-*-irix5*) PATH="$PATH:/usr/etc" AC_DEFINE(BROKEN_INET_NTOA, 1, -@@ -1273,7 +1286,7 @@ - LDFLAGS="-L${withval}/lib ${LDFLAGS}" - fi - fi -- if test "x$use_pkgconfig_for_libedit" == "xyes"; then -+ if test "x$use_pkgconfig_for_libedit" = "xyes"; then - LIBEDIT=`$PKGCONFIG --libs-only-l libedit` - CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" - else @@ -4106,9 +4119,17 @@ ) if test -z "$conf_wtmpx_location"; then diff --git a/security/openssh/patches/patch-ac b/security/openssh/patches/patch-ac index 7079ba0fe99..500fb15e0ff 100644 --- a/security/openssh/patches/patch-ac +++ b/security/openssh/patches/patch-ac @@ -1,7 +1,7 @@ -$NetBSD: patch-ac,v 1.18 2010/02/19 10:17:33 martti Exp $ +$NetBSD: patch-ac,v 1.19 2011/02/16 17:45:08 taca Exp $ ---- defines.h.orig 2009-08-28 04:21:07.000000000 +0300 -+++ defines.h 2010-02-19 12:07:15.000000000 +0200 +--- defines.h.orig 2011-01-17 10:15:31.000000000 +0000 ++++ defines.h @@ -30,6 +30,15 @@ /* Constants */ @@ -18,7 +18,7 @@ $NetBSD: patch-ac,v 1.18 2010/02/19 10:17:33 martti Exp $ #if defined(HAVE_DECL_SHUT_RD) && HAVE_DECL_SHUT_RD == 0 enum { -@@ -652,6 +661,24 @@ +@@ -698,6 +707,24 @@ struct winsize { # endif # endif #endif diff --git a/security/openssh/patches/patch-ad b/security/openssh/patches/patch-ad index 128d71e16f6..469a7121c76 100644 --- a/security/openssh/patches/patch-ad +++ b/security/openssh/patches/patch-ad @@ -1,8 +1,8 @@ -$NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $ +$NetBSD: patch-ad,v 1.15 2011/02/16 17:45:08 taca Exp $ ---- loginrec.c.orig 2010-04-09 11:13:27.000000000 +0300 -+++ loginrec.c 2010-06-09 21:16:25.000000000 +0300 -@@ -432,8 +432,8 @@ login_set_addr(struct logininfo *li, con +--- loginrec.c.orig 2011-01-17 10:15:31.000000000 +0000 ++++ loginrec.c +@@ -433,8 +433,8 @@ login_set_addr(struct logininfo *li, con int login_write(struct logininfo *li) { @@ -13,7 +13,7 @@ $NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $ logit("Attempt to write login records by non-root user (aborting)"); return (1); } -@@ -441,7 +441,7 @@ login_write(struct logininfo *li) +@@ -442,7 +442,7 @@ login_write(struct logininfo *li) /* set the timestamp */ login_set_current_time(li); @@ -22,7 +22,7 @@ $NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $ syslogin_write_entry(li); #endif #ifdef USE_LASTLOG -@@ -625,7 +625,7 @@ line_abbrevname(char *dst, const char *s +@@ -626,7 +626,7 @@ line_abbrevname(char *dst, const char *s ** into account. **/ @@ -31,7 +31,7 @@ $NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $ /* build the utmp structure */ void -@@ -762,10 +762,6 @@ construct_utmpx(struct logininfo *li, st +@@ -763,10 +763,6 @@ construct_utmpx(struct logininfo *li, st set_utmpx_time(li, utx); utx->ut_pid = li->pid; @@ -42,7 +42,7 @@ $NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $ if (li->type == LTYPE_LOGOUT) return; -@@ -774,6 +770,8 @@ construct_utmpx(struct logininfo *li, st +@@ -775,6 +771,8 @@ construct_utmpx(struct logininfo *li, st * for logouts. */ @@ -51,7 +51,7 @@ $NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $ # ifdef HAVE_HOST_IN_UTMPX strncpy(utx->ut_host, li->hostname, MIN_SIZEOF(utx->ut_host, li->hostname)); -@@ -1403,7 +1401,7 @@ wtmpx_get_entry(struct logininfo *li) +@@ -1410,7 +1408,7 @@ wtmpx_get_entry(struct logininfo *li) ** Low-level libutil login() functions **/ diff --git a/security/openssh/patches/patch-ag b/security/openssh/patches/patch-ag index 76aa3e86b4e..ea9ccaf211f 100644 --- a/security/openssh/patches/patch-ag +++ b/security/openssh/patches/patch-ag @@ -1,8 +1,8 @@ -$NetBSD: patch-ag,v 1.13 2010/06/11 20:41:42 martti Exp $ +$NetBSD: patch-ag,v 1.14 2011/02/16 17:45:08 taca Exp $ ---- config.h.in.orig 2010-04-16 03:17:09.000000000 +0300 -+++ config.h.in 2010-06-09 20:27:35.000000000 +0300 -@@ -521,6 +521,9 @@ +--- config.h.in.orig 2011-02-04 00:59:51.000000000 +0000 ++++ config.h.in +@@ -533,6 +533,9 @@ /* define if you have int64_t data type */ #undef HAVE_INT64_T @@ -12,7 +12,7 @@ $NetBSD: patch-ag,v 1.13 2010/06/11 20:41:42 martti Exp $ /* Define to 1 if you have the <inttypes.h> header file. */ #undef HAVE_INTTYPES_H -@@ -641,6 +644,9 @@ +@@ -659,6 +662,9 @@ /* Define to 1 if you have the <net/if_tun.h> header file. */ #undef HAVE_NET_IF_TUN_H diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah index 91aab5b63c9..7f4d82f936e 100644 --- a/security/openssh/patches/patch-ah +++ b/security/openssh/patches/patch-ah @@ -1,8 +1,8 @@ -$NetBSD: patch-ah,v 1.28 2010/06/11 20:41:42 martti Exp $ +$NetBSD: patch-ah,v 1.29 2011/02/16 17:45:08 taca Exp $ ---- Makefile.in.orig 2010-03-13 23:41:34.000000000 +0200 -+++ Makefile.in 2010-06-09 20:28:52.000000000 +0300 -@@ -22,7 +22,7 @@ +--- Makefile.in.orig 2011-02-16 01:25:58.000000000 +0000 ++++ Makefile.in +@@ -22,7 +22,7 @@ top_srcdir=@top_srcdir@ DESTDIR= VPATH=@srcdir@ SSH_PROGRAM=@bindir@/ssh @@ -11,7 +11,7 @@ $NetBSD: patch-ah,v 1.28 2010/06/11 20:41:42 martti Exp $ SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper -@@ -239,7 +239,7 @@ +@@ -243,7 +243,7 @@ distprep: catman-do -rm -rf autom4te.cache install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config diff --git a/security/openssh/patches/patch-ak b/security/openssh/patches/patch-ak index ac82f89baac..ebd69358492 100644 --- a/security/openssh/patches/patch-ak +++ b/security/openssh/patches/patch-ak @@ -1,8 +1,8 @@ -$NetBSD: patch-ak,v 1.10 2010/06/11 20:41:42 martti Exp $ +$NetBSD: patch-ak,v 1.11 2011/02/16 17:45:08 taca Exp $ ---- auth.c.orig 2010-03-07 02:57:00.000000000 +0200 -+++ auth.c 2010-06-09 20:33:47.000000000 +0300 -@@ -384,7 +384,7 @@ +--- auth.c.orig 2010-12-01 01:21:51.000000000 +0000 ++++ auth.c +@@ -391,7 +391,7 @@ check_key_in_hostfiles(struct passwd *pw user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); if (options.strict_modes && (stat(user_hostfile, &st) == 0) && @@ -11,7 +11,7 @@ $NetBSD: patch-ak,v 1.10 2010/06/11 20:41:42 martti Exp $ (st.st_mode & 022) != 0)) { logit("Authentication refused for %.100s: " "bad owner or modes for %.200s", -@@ -437,7 +437,7 @@ +@@ -453,7 +453,7 @@ secure_filename(FILE *f, const char *fil /* check the open file to avoid races */ if (fstat(fileno(f), &st) < 0 || @@ -20,7 +20,7 @@ $NetBSD: patch-ak,v 1.10 2010/06/11 20:41:42 martti Exp $ (st.st_mode & 022) != 0) { snprintf(err, errlen, "bad ownership or modes for file %s", buf); -@@ -454,7 +454,7 @@ +@@ -470,7 +470,7 @@ secure_filename(FILE *f, const char *fil debug3("secure_filename: checking '%s'", buf); if (stat(buf, &st) < 0 || diff --git a/security/openssh/patches/patch-am b/security/openssh/patches/patch-am index 9a45a833bb9..51d9ea7c932 100644 --- a/security/openssh/patches/patch-am +++ b/security/openssh/patches/patch-am @@ -1,8 +1,8 @@ -$NetBSD: patch-am,v 1.8 2009/05/21 03:22:29 taca Exp $ +$NetBSD: patch-am,v 1.9 2011/02/16 17:45:08 taca Exp $ ---- auth2.c.orig 2008-11-05 14:20:46.000000000 +0900 +--- auth2.c.orig 2011-02-16 01:25:58.000000000 +0000 +++ auth2.c -@@ -298,7 +298,7 @@ userauth_finish(Authctxt *authctxt, int +@@ -307,7 +307,7 @@ userauth_finish(Authctxt *authctxt, int authctxt->user); /* Special handling for root */ diff --git a/security/openssh/patches/patch-an b/security/openssh/patches/patch-an index 722e984862f..20e9e163732 100644 --- a/security/openssh/patches/patch-an +++ b/security/openssh/patches/patch-an @@ -1,8 +1,8 @@ -$NetBSD: patch-an,v 1.11 2010/06/11 20:41:42 martti Exp $ +$NetBSD: patch-an,v 1.12 2011/02/16 17:45:08 taca Exp $ ---- scp.c.orig 2010-01-08 09:53:43.000000000 +0200 -+++ scp.c 2010-06-09 20:34:26.000000000 +0300 -@@ -395,7 +395,11 @@ +--- scp.c.orig 2011-02-16 01:25:58.000000000 +0000 ++++ scp.c +@@ -477,7 +477,11 @@ main(int argc, char **argv) argc -= optind; argv += optind; @@ -14,7 +14,7 @@ $NetBSD: patch-an,v 1.11 2010/06/11 20:41:42 martti Exp $ fatal("unknown user %u", (u_int) userid); if (!isatty(STDOUT_FILENO)) -@@ -789,8 +793,10 @@ +@@ -877,8 +881,10 @@ rsource(char *name, struct stat *statp) return; } while ((dp = readdir(dirp)) != NULL) { @@ -25,7 +25,7 @@ $NetBSD: patch-an,v 1.11 2010/06/11 20:41:42 martti Exp $ if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, "..")) continue; if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) { -@@ -1240,7 +1246,9 @@ +@@ -1275,7 +1281,9 @@ okname(char *cp0) case '\'': case '"': case '`': diff --git a/security/openssh/patches/patch-ao b/security/openssh/patches/patch-ao index 881f5e0c98b..5220250c6fc 100644 --- a/security/openssh/patches/patch-ao +++ b/security/openssh/patches/patch-ao @@ -1,12 +1,12 @@ -$NetBSD: patch-ao,v 1.16 2010/06/11 20:41:42 martti Exp $ +$NetBSD: patch-ao,v 1.17 2011/02/16 17:45:08 taca Exp $ One more replacing 0 with ROOTUID is handled by using SUBST framework because patch can't handle it when hpn-patch option is enabled. So, don't simply update this file with mkpatch command. ---- session.c.orig 2010-03-26 02:04:09.000000000 +0200 -+++ session.c 2010-06-09 20:35:03.000000000 +0300 -@@ -1071,7 +1071,7 @@ +--- session.c.orig 2011-02-16 01:25:58.000000000 +0000 ++++ session.c +@@ -1075,7 +1075,7 @@ read_etc_default_login(char ***env, u_in if (tmpenv == NULL) return; @@ -15,7 +15,7 @@ So, don't simply update this file with mkpatch command. var = child_get_env(tmpenv, "SUPATH"); else var = child_get_env(tmpenv, "PATH"); -@@ -1180,7 +1180,7 @@ +@@ -1184,7 +1184,7 @@ do_setup_env(Session *s, const char *she # endif /* HAVE_ETC_DEFAULT_LOGIN */ if (path == NULL || *path == '\0') { child_set_env(&env, &envsize, "PATH", @@ -24,7 +24,7 @@ So, don't simply update this file with mkpatch command. SUPERUSER_PATH : _PATH_STDPATH); } # endif /* HAVE_CYGWIN */ -@@ -1294,6 +1294,18 @@ +@@ -1298,6 +1298,18 @@ do_setup_env(Session *s, const char *she strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); read_environment_file(&env, &envsize, buf); } @@ -43,19 +43,7 @@ So, don't simply update this file with mkpatch command. if (debug_flag) { /* dump the environment */ fprintf(stderr, "Environment:\n"); -@@ -1473,9 +1485,9 @@ - (void)ssh_selinux_enabled(); - #endif - --#ifndef HAVE_CYGWIN -+#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX) - if (getuid() == 0 || geteuid() == 0) --#endif /* HAVE_CYGWIN */ -+#endif /* !HAVE_CYGWIN && !HAVE_INTERIX */ - { - #ifdef HAVE_LOGIN_CAP - # ifdef __bsdi__ -@@ -1504,11 +1516,13 @@ +@@ -1488,11 +1500,13 @@ do_setusercontext(struct passwd *pw) perror("setgid"); exit(1); } @@ -67,9 +55,9 @@ So, don't simply update this file with mkpatch command. } +# endif /* !HAVE_INTERIX */ endgrent(); - # ifdef USE_PAM - /* -@@ -2356,7 +2370,7 @@ + #endif + +@@ -2305,7 +2319,7 @@ session_pty_cleanup2(Session *s) record_logout(s->pid, s->tty, s->pw->pw_name); /* Release the pseudo-tty. */ diff --git a/security/openssh/patches/patch-ap b/security/openssh/patches/patch-ap index 228939fbbcf..629c14445a6 100644 --- a/security/openssh/patches/patch-ap +++ b/security/openssh/patches/patch-ap @@ -1,8 +1,8 @@ -$NetBSD: patch-ap,v 1.11 2010/02/19 10:17:34 martti Exp $ +$NetBSD: patch-ap,v 1.12 2011/02/16 17:45:08 taca Exp $ ---- ssh.c.orig 2009-07-06 00:16:56.000000000 +0300 -+++ ssh.c 2010-02-19 12:09:35.000000000 +0200 -@@ -705,7 +705,7 @@ +--- ssh.c.orig 2011-02-16 01:25:58.000000000 +0000 ++++ ssh.c +@@ -761,7 +761,7 @@ main(int ac, char **av) if (ssh_connect(host, &hostaddr, options.port, options.address_family, options.connection_attempts, &timeout_ms, options.tcp_keep_alive, diff --git a/security/openssh/patches/patch-av b/security/openssh/patches/patch-av index 8fc3fe3e7b9..262c9fa0858 100644 --- a/security/openssh/patches/patch-av +++ b/security/openssh/patches/patch-av @@ -1,8 +1,8 @@ -$NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $ +$NetBSD: patch-av,v 1.10 2011/02/16 17:45:08 taca Exp $ ---- sshd.c.orig 2010-03-07 14:05:17.000000000 +0200 -+++ sshd.c 2010-06-09 20:36:56.000000000 +0300 -@@ -236,7 +236,11 @@ +--- sshd.c.orig 2011-02-16 01:25:58.000000000 +0000 ++++ sshd.c +@@ -239,7 +239,11 @@ int *startup_pipes = NULL; int startup_pipe; /* in child */ /* variables used for privilege separation */ @@ -14,7 +14,7 @@ $NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $ struct monitor *pmonitor = NULL; /* global authentication context */ -@@ -612,10 +616,15 @@ +@@ -618,10 +622,15 @@ privsep_preauth_child(void) /* XXX not ready, too heavy after chroot */ do_setusercontext(privsep_pw); #else @@ -30,7 +30,7 @@ $NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $ #endif } -@@ -655,7 +664,7 @@ +@@ -661,7 +670,7 @@ privsep_preauth(Authctxt *authctxt) close(pmonitor->m_sendfd); /* Demote the child */ @@ -39,7 +39,7 @@ $NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $ privsep_preauth_child(); setproctitle("%s", "[net]"); } -@@ -670,7 +679,7 @@ +@@ -676,7 +685,7 @@ privsep_postauth(Authctxt *authctxt) #ifdef DISABLE_FD_PASSING if (1) { #else @@ -48,7 +48,7 @@ $NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $ #endif /* File descriptor passing is broken or root login */ use_privsep = 0; -@@ -1310,8 +1319,10 @@ +@@ -1335,8 +1344,10 @@ main(int ac, char **av) av = saved_argv; #endif @@ -60,7 +60,7 @@ $NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); -@@ -1664,7 +1675,7 @@ +@@ -1690,7 +1701,7 @@ main(int ac, char **av) (st.st_uid != getuid () || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) #else @@ -69,7 +69,7 @@ $NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $ #endif fatal("%s must be owned by root and not group or " "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); -@@ -1688,8 +1699,10 @@ +@@ -1714,8 +1725,10 @@ main(int ac, char **av) * to create a file, and we can't control the code in every * module which might be used). */ diff --git a/security/openssh/patches/patch-aw b/security/openssh/patches/patch-aw index c61742928c9..e9f61310952 100644 --- a/security/openssh/patches/patch-aw +++ b/security/openssh/patches/patch-aw @@ -1,6 +1,6 @@ -$NetBSD: patch-aw,v 1.3 2009/05/21 03:22:29 taca Exp $ +$NetBSD: patch-aw,v 1.4 2011/02/16 17:45:09 taca Exp $ ---- openbsd-compat/port-tun.c.orig 2008-05-19 14:28:36.000000000 +0900 +--- openbsd-compat/port-tun.c.orig 2010-08-10 02:47:42.000000000 +0000 +++ openbsd-compat/port-tun.c @@ -110,6 +110,10 @@ sys_tun_open(int tun, int mode) #include <sys/socket.h> diff --git a/security/openssh/patches/patch-platform.c b/security/openssh/patches/patch-platform.c new file mode 100644 index 00000000000..a4f4b10a4f4 --- /dev/null +++ b/security/openssh/patches/patch-platform.c @@ -0,0 +1,16 @@ +$NetBSD: patch-platform.c,v 1.1 2011/02/16 17:45:09 taca Exp $ + +Fix for Interix. + +--- platform.c.orig 2011-01-11 06:02:25.000000000 +0000 ++++ platform.c +@@ -81,7 +81,9 @@ platform_privileged_uidswap(void) + /* uid 0 is not special on Cygwin so always try */ + return 1; + #else ++#if !defined(HAVE_INTERIX) + return (getuid() == 0 || geteuid() == 0); ++#endif /* !HAVE_INTERIX */ + #endif + } + |