Fixed RSA e=3 bug (most likely nobody uses e=3 rsa keys

on ssh anyways, but better to make sure). Fixed some more ssh_*_{en,de}code calls missing necessary casts. Disabled x11-security extension on x86_64 as it does not work there (uses xauth instead). Updated pkgrevision.
author: kivinen <kivinen@pkgsrc.org> 2006-09-22 13:58:46 +0000
committer: kivinen <kivinen@pkgsrc.org> 2006-09-22 13:58:46 +0000
commit: 08fc2550ddf7efaeb965b9638db8b58d81495d49 (patch)
tree: 711c4677b1da58fb4f1800d6a3d72c9d62040c03 /security/ssh2
parent: ebd1f197ccdd470dbe16d87984280901d6626b24 (diff)
download: pkgsrc-08fc2550ddf7efaeb965b9638db8b58d81495d49.tar.gz
20 files changed, 475 insertions, 5 deletions
diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile
index 8b61f9380bf..94b6fc50a79 100644
--- a/security/ssh2/Makefile
+++ b/security/ssh2/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.16 2006/05/10 12:26:31 gdt Exp $
+# $NetBSD: Makefile,v 1.17 2006/09/22 13:58:46 kivinen Exp $
 
 DISTNAME=	ssh-3.2.9.1
 PKGNAME=	${DISTNAME:C/ssh-/ssh2-/}
-PKGREVISION=	5
+PKGREVISION=	6
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.ssh.com/pub/ssh/
 
@@ -51,6 +51,14 @@ CONFIGURE_ARGS+=	--without-ssh1-compat
 CONFIGURE_ARGS+=	--with-libwrap=${BUILDLINK_PREFIX.tcp-wrappers}
 CONFIGURE_ARGS+=	--with-pid-dir=${SSH_PID_DIR:Q}
 
+.if ${OPSYS} == "NetBSD" && ${MACHINE_ARCH} == "x86_64"
+# This seems to break x11 forwarding at least on NetBSD 3.1 amd64
+# (i.e ssh localhost xterm does not work as client will get wrong
+# auth cookie).
+# Without this it will use the xauth method and that will work.
+CONFIGURE_ARGS+=	--without-x11-security
+.endif
+
 # Setting FOREIGN_ETCDIR to PKG_SYSCONFBASEDIR may seem stupid
 # if PKG_SYSCONFDIR.${PKG_SYSCONFVAR} is set but it does no harm...
 #
diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo
index b4a49ced143..fc9be17769c 100644
--- a/security/ssh2/distinfo
+++ b/security/ssh2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2005/08/24 09:13:24 kivinen Exp $
+$NetBSD: distinfo,v 1.11 2006/09/22 13:58:46 kivinen Exp $
 
 SHA1 (ssh-3.2.9.1.tar.gz) = 22e4589c889aef18e53a8942716084f0d8ede7db
 RMD160 (ssh-3.2.9.1.tar.gz) = 21bfe97fae477dea1109c6e6eb44a448b6b2f250
@@ -11,7 +11,7 @@ SHA1 (patch-ae) = 0d1f358bd97290118002cc0fc489cbf7e334e681
 SHA1 (patch-af) = e7c956b858d02dfaf20e1fe1bfc36322d9eb6d67
 SHA1 (patch-ag) = 0f7a448875262e2536255ace27cf1a8f0c2a0517
 SHA1 (patch-ah) = dc9a496187907e34c602a9f99a65f8fe8a83c54e
-SHA1 (patch-ai) = e5a21bc1c65877e2c2974d78bed16b52d2b486af
+SHA1 (patch-ai) = 4236061632cd0970d26c8b9affb92111f5f6d5da
 SHA1 (patch-aj) = 4190dff5f6fca937ff742233f8320b126428b51f
 SHA1 (patch-ak) = dd7bc32a5b6cf4e8d8d5d35f46714ce21e52be1b
 SHA1 (patch-al) = 401034768081c4181a92b9d9919ee6f6af9a8a5d
@@ -19,3 +19,20 @@ SHA1 (patch-am) = e0cb5d3f448570be653d8c039c310c3df909583d
 SHA1 (patch-an) = 25a02df00dfe7484354316a87a30ce1144011f87
 SHA1 (patch-ao) = c129f78b7e19843090ade11ae503f780a37921a4
 SHA1 (patch-ap) = 3a7b34777734caf696f9c564f7de431597ff18f6
+SHA1 (patch-aq) = 3c7c3253e223ae253d8935e8c7fb49838cd2ca93
+SHA1 (patch-ar) = 2c47ced95f680547d9a68ebe91138644148de51b
+SHA1 (patch-as) = 3ede9c75364ff2e6f9213ddb99768530e9cf173d
+SHA1 (patch-at) = e6edd24c56190fef74fd7a66f6801dd2924b1c44
+SHA1 (patch-au) = b29f29502421da69e4de1a1803d3bb4269480eb7
+SHA1 (patch-av) = 1cfa5bb5f854ce40796810a147788ff8df2ba37f
+SHA1 (patch-aw) = 5786c03afa3ee2d89ce5780bca6ccf8a81fa438b
+SHA1 (patch-ax) = 0ed310db62cb0bd3d68c992d229d2c8fdbd0e535
+SHA1 (patch-ay) = 726b6466607708f52af7f110d5e7676087e89867
+SHA1 (patch-az) = 0bef02fd1f3c58d192d00ed50d87b97f1ab7c534
+SHA1 (patch-ba) = fd92d27b9335492a583b08f91353f8ae73014979
+SHA1 (patch-bb) = c306813fbb426e8a2d2de76e62a46317fe32947d
+SHA1 (patch-bc) = d198fd85e0f7a14bb82baf639461795933c34230
+SHA1 (patch-bd) = 0a57de059fcd647c375f310d6d58712a2f3d4c89
+SHA1 (patch-be) = 788a8fa682e968d9e3cd55213547f82908cc3a0a
+SHA1 (patch-bf) = 64fa9f13619a9d222af9a24d0b1069033facdef1
+SHA1 (patch-bg) = 73da22930f753fc02cd4a5bad30b4edf226d1180
diff --git a/security/ssh2/patches/patch-ai b/security/ssh2/patches/patch-ai
index 9ef6b132316..6c49a0d4364 100644
--- a/security/ssh2/patches/patch-ai
+++ b/security/ssh2/patches/patch-ai
@@ -1,4 +1,4 @@
-$NetBSD: patch-ai,v 1.1 2005/08/24 09:13:24 kivinen Exp $
+$NetBSD: patch-ai,v 1.2 2006/09/22 13:58:46 kivinen Exp $
 
 --- apps/ssh/authc-kbd-interactive.c.orig	2003-12-03 15:17:26.000000000 +0200
 +++ apps/ssh/authc-kbd-interactive.c
@@ -11,3 +11,13 @@ $NetBSD: patch-ai,v 1.1 2005/08/24 09:13:24 kivinen Exp $
                      SSH_FORMAT_END);
  
  
+@@ -345,7 +345,8 @@ void ssh_client_auth_kbd_interact(SshAut
+                         /* language tag */
+                         SSH_FORMAT_UINT32_STR, lang_tag, strlen(lang_tag),
+                         /* XXX devices, what do we support? */
+-                        SSH_FORMAT_UINT32_STR, "", 0L,
++                        SSH_FORMAT_UINT32_STR, "",
++			(size_t) 0L,
+                         SSH_FORMAT_END);
+       (*completion)(SSH_AUTH_CLIENT_SEND_AND_CONTINUE,
+                     user, buffer, completion_context);
diff --git a/security/ssh2/patches/patch-aq b/security/ssh2/patches/patch-aq
new file mode 100644
index 00000000000..69d4a5d4f8f
--- /dev/null
+++ b/security/ssh2/patches/patch-aq
@@ -0,0 +1,24 @@
+$NetBSD: patch-aq,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/agentclient.c.orig	2003-12-03 15:17:24.000000000 +0200
++++ apps/ssh/agentclient.c
+@@ -831,7 +831,8 @@ void ssh_agent_lock(SshAgent agent, cons
+   ssh_packet_wrapper_send_encode(agent->wrapper,
+                                  SSH_AGENT_LOCK,
+                                  SSH_FORMAT_UINT32_STR,
+-                                 password, (password ? strlen(password) : 0),
++                                 password, (size_t)
++				 (password ? strlen(password) : 0),
+                                  SSH_FORMAT_END);
+ }
+ 
+@@ -858,7 +859,8 @@ void ssh_agent_unlock(SshAgent agent, co
+   ssh_packet_wrapper_send_encode(agent->wrapper,
+                                  SSH_AGENT_UNLOCK,
+                                  SSH_FORMAT_UINT32_STR,
+-                                 password, (password ? strlen(password) : 0),
++                                 password, (size_t)
++				 (password ? strlen(password) : 0),
+                                  SSH_FORMAT_END);
+ }
+ 
diff --git a/security/ssh2/patches/patch-ar b/security/ssh2/patches/patch-ar
new file mode 100644
index 00000000000..c70b8a1680b
--- /dev/null
+++ b/security/ssh2/patches/patch-ar
@@ -0,0 +1,18 @@
+$NetBSD: patch-ar,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-kerberos-tgt.c.orig	2003-12-03 15:17:25.000000000 +0200
++++ apps/ssh/authc-kerberos-tgt.c
+@@ -181,9 +181,11 @@ void ssh_client_auth_kerberos_tgt(SshAut
+       b = ssh_xbuffer_allocate();
+       ssh_encode_buffer(b,
+                         SSH_FORMAT_UINT32_STR,
+-                        auth_data.data, auth_data.length,
++                        auth_data.data,
++			(size_t) auth_data.length,
+                         SSH_FORMAT_UINT32_STR,
+-                        tgt_data.data, tgt_data.length,
++                        tgt_data.data,
++			(size_t) tgt_data.length,
+                         SSH_FORMAT_END);
+       
+       /* Send the authentication request (and complete this operation). */
diff --git a/security/ssh2/patches/patch-as b/security/ssh2/patches/patch-as
new file mode 100644
index 00000000000..ded58eb29f9
--- /dev/null
+++ b/security/ssh2/patches/patch-as
@@ -0,0 +1,14 @@
+$NetBSD: patch-as,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-kerberos.c.orig	2003-12-03 15:17:25.000000000 +0200
++++ apps/ssh/authc-kerberos.c
+@@ -127,7 +127,8 @@ void ssh_client_auth_kerberos(SshAuthCli
+       b = ssh_xbuffer_allocate();
+       ssh_encode_buffer(b,
+                         SSH_FORMAT_UINT32_STR,
+-                          auth_data.data, auth_data.length,
++			auth_data.data,
++			(size_t) auth_data.length,
+                         SSH_FORMAT_END);
+       
+       /* Send the authentication request (and complete this operation). */
diff --git a/security/ssh2/patches/patch-at b/security/ssh2/patches/patch-at
new file mode 100644
index 00000000000..ae0ac5bb0e5
--- /dev/null
+++ b/security/ssh2/patches/patch-at
@@ -0,0 +1,37 @@
+$NetBSD: patch-at,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-pam.c.orig	2003-12-03 15:17:26.000000000 +0200
++++ apps/ssh/authc-pam.c
+@@ -81,8 +81,10 @@ SSH_FSM_STEP(ssh_pamc_process_packet)
+   SSH_TRACE(4, ("Received %d messages.", num_msgs));
+ 
+   ssh_encode_buffer(gdata->response_packet,
+-                    SSH_FORMAT_BOOLEAN, TRUE,
+-                    SSH_FORMAT_UINT32, gdata->num_msgs,
++                    SSH_FORMAT_BOOLEAN,
++		    (Boolean) TRUE,
++                    SSH_FORMAT_UINT32,
++		    (SshUInt32) gdata->num_msgs,
+                     SSH_FORMAT_END);
+ 
+   SSH_FSM_SET_NEXT(ssh_pamc_process_next_msg);
+@@ -234,7 +236,8 @@ SSH_FSM_STEP(ssh_pamc_append_response)
+   gdata->response_retcode = SSH_PAM_DEFAULT_RESP_RETCODE;
+ 
+   ssh_encode_buffer(gdata->response_packet,
+-                    SSH_FORMAT_CHAR, gdata->response_retcode,
++                    SSH_FORMAT_CHAR,
++		    (unsigned int) gdata->response_retcode,
+                     SSH_FORMAT_UINT32_STR,
+                     gdata->response_len ? gdata->response : "",
+                     gdata->response_len,
+@@ -341,7 +344,8 @@ void ssh_client_auth_pam(SshAuthClientOp
+       SSH_TRACE(2, ("Starting pam auth..."));
+       buffer = ssh_xbuffer_allocate();
+       ssh_encode_buffer(buffer,
+-                        SSH_FORMAT_BOOLEAN, FALSE,
++                        SSH_FORMAT_BOOLEAN,
++			(Boolean) FALSE,
+                         SSH_FORMAT_END);
+       (*completion)(SSH_AUTH_CLIENT_SEND_AND_CONTINUE,
+                     user, buffer, completion_context);
diff --git a/security/ssh2/patches/patch-au b/security/ssh2/patches/patch-au
new file mode 100644
index 00000000000..1bbfda42773
--- /dev/null
+++ b/security/ssh2/patches/patch-au
@@ -0,0 +1,24 @@
+$NetBSD: patch-au,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-passwd.c.orig	2003-12-03 15:17:24.000000000 +0200
++++ apps/ssh/authc-passwd.c
+@@ -136,7 +136,8 @@ void ssh_client_auth_passwd(SshAuthClien
+       
+       b = ssh_xbuffer_allocate();
+       ret_val = ssh_encode_buffer(b,
+-                                  SSH_FORMAT_BOOLEAN, FALSE,
++                                  SSH_FORMAT_BOOLEAN,
++				  (Boolean) FALSE,
+                                   SSH_FORMAT_UINT32_STR, password,
+                                   strlen(password),
+                                   SSH_FORMAT_END);
+@@ -229,7 +230,8 @@ void ssh_client_auth_passwd(SshAuthClien
+       b = ssh_xbuffer_allocate();
+ 
+       ret_val = ssh_encode_buffer(b,
+-                                  SSH_FORMAT_BOOLEAN, TRUE,
++                                  SSH_FORMAT_BOOLEAN,
++				  (Boolean) TRUE,
+                                   SSH_FORMAT_UINT32_STR,
+                                   old_password, strlen(old_password),
+                                   SSH_FORMAT_UINT32_STR,
diff --git a/security/ssh2/patches/patch-av b/security/ssh2/patches/patch-av
new file mode 100644
index 00000000000..01403b8eb06
--- /dev/null
+++ b/security/ssh2/patches/patch-av
@@ -0,0 +1,63 @@
+$NetBSD: patch-av,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-pubkey.c.orig	2003-12-03 15:17:24.000000000 +0200
++++ apps/ssh/authc-pubkey.c
+@@ -208,7 +208,8 @@ SshBuffer ssh_client_auth_pubkey_try_key
+   if (!draft_incompatibility)
+     {
+       ssh_encode_buffer(b,
+-                        SSH_FORMAT_BOOLEAN, FALSE,
++                        SSH_FORMAT_BOOLEAN,
++			(Boolean) FALSE,
+                         SSH_FORMAT_UINT32_STR, c->pubkey_alg,
+                         strlen((char *)c->pubkey_alg),
+                         SSH_FORMAT_UINT32_STR, c->pubkeyblob,
+@@ -219,7 +220,8 @@ SshBuffer ssh_client_auth_pubkey_try_key
+     {      
+       /* Remote end has publickey draft incompatibility bug. */
+       ssh_encode_buffer(b,
+-                        SSH_FORMAT_BOOLEAN, FALSE,
++                        SSH_FORMAT_BOOLEAN,
++			(Boolean) FALSE,
+                         /* Against the draft. Here should be string
+                            'publickey algorithm'*/
+                         SSH_FORMAT_UINT32_STR, c->pubkeyblob,
+@@ -328,7 +330,8 @@ void ssh_client_auth_pubkey_sign_complet
+       )
+     {
+       ssh_encode_buffer(b,
+-                        SSH_FORMAT_BOOLEAN, TRUE,
++                        SSH_FORMAT_BOOLEAN,
++			(Boolean) TRUE,
+                         SSH_FORMAT_UINT32_STR, c->pubkey_alg,
+                         strlen((char *)c->pubkey_alg),
+                         SSH_FORMAT_UINT32_STR, c->pubkeyblob,
+@@ -341,7 +344,8 @@ void ssh_client_auth_pubkey_sign_complet
+     {      
+       /* Remote end has publickey draft incompatibility bug. */
+       ssh_encode_buffer(b,
+-                        SSH_FORMAT_BOOLEAN, TRUE,
++                        SSH_FORMAT_BOOLEAN,
++			(Boolean) TRUE,
+                         /* Against the draft. Here should be string
+                            'publickey algorithm'*/
+                         SSH_FORMAT_UINT32_STR,
+@@ -702,7 +706,8 @@ Boolean ssh_client_auth_pubkey_send_sign
+                                strlen(service),
+                                SSH_FORMAT_UINT32_STR, SSH_AUTH_PUBKEY,
+                                strlen(SSH_AUTH_PUBKEY),
+-                               SSH_FORMAT_BOOLEAN, TRUE,
++                               SSH_FORMAT_BOOLEAN,
++			       (Boolean) TRUE,
+                                SSH_FORMAT_UINT32_STR, c->pubkey_alg,
+                                strlen(c->pubkey_alg),
+                                SSH_FORMAT_UINT32_STR, c->pubkeyblob,
+@@ -722,7 +727,7 @@ Boolean ssh_client_auth_pubkey_send_sign
+                                strlen(service),
+                                /* against the draft. Here should
+                                   be 'string "publickey"'*/
+-                               SSH_FORMAT_BOOLEAN, TRUE,
++                               SSH_FORMAT_BOOLEAN, (Boolean) TRUE,
+                                /* against the draft. Here should
+                                   be 'string public key algorith
+                                   name'*/
diff --git a/security/ssh2/patches/patch-aw b/security/ssh2/patches/patch-aw
new file mode 100644
index 00000000000..545965a90db
--- /dev/null
+++ b/security/ssh2/patches/patch-aw
@@ -0,0 +1,31 @@
+$NetBSD: patch-aw,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-securid.c.orig	2003-12-03 15:17:26.000000000 +0200
++++ apps/ssh/authc-securid.c
+@@ -133,7 +133,7 @@ SSH_FSM_STEP(ssh_securid_send_pin)
+ 
+   ssh_encode_buffer(gdata->response_packet,
+                     SSH_FORMAT_BOOLEAN,
+-                    TRUE,
++                    (Boolean) TRUE,
+                     SSH_FORMAT_UINT32_STR,
+                     gdata->pin_info->final_pin,
+                     strlen(gdata->pin_info->final_pin),
+@@ -333,7 +333,7 @@ SSH_FSM_STEP(ssh_securid_challenge)
+   gdata->response_packet = ssh_xbuffer_allocate();
+   ssh_encode_buffer(gdata->response_packet,
+                     SSH_FORMAT_BOOLEAN,
+-                    TRUE,
++                    (Boolean) TRUE,
+                     SSH_FORMAT_UINT32_STR, passphrase, strlen(passphrase),
+                     SSH_FORMAT_END);
+ 
+@@ -451,7 +451,7 @@ void ssh_client_auth_securid(SshAuthClie
+       b = ssh_xbuffer_allocate();
+       ssh_encode_buffer(b,
+                         SSH_FORMAT_BOOLEAN,
+-                        FALSE,
++                        (Boolean) FALSE,
+                         SSH_FORMAT_UINT32_STR, passcode, strlen(passcode),
+                         SSH_FORMAT_END);
+       
diff --git a/security/ssh2/patches/patch-ax b/security/ssh2/patches/patch-ax
new file mode 100644
index 00000000000..5660f5c082d
--- /dev/null
+++ b/security/ssh2/patches/patch-ax
@@ -0,0 +1,14 @@
+$NetBSD: patch-ax,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/auths-kbd-interactive.c.orig	2003-12-03 15:17:26.000000000 +0200
++++ apps/ssh/auths-kbd-interactive.c
+@@ -203,7 +203,8 @@ SSH_FSM_STEP(ssh_server_kbd_int_create_r
+   lang_tag = "en";
+   
+   ret = ssh_encode_buffer(state->packet,
+-                          SSH_FORMAT_CHAR, SSH_MSG_USERAUTH_INFO_REQUEST,
++                          SSH_FORMAT_CHAR,
++			  (unsigned int) SSH_MSG_USERAUTH_INFO_REQUEST,
+                           SSH_FORMAT_UINT32_STR, name, strlen(name),
+                           SSH_FORMAT_UINT32_STR, state->instruction,
+                           strlen(state->instruction),
diff --git a/security/ssh2/patches/patch-ay b/security/ssh2/patches/patch-ay
new file mode 100644
index 00000000000..5acb44f6fcb
--- /dev/null
+++ b/security/ssh2/patches/patch-ay
@@ -0,0 +1,14 @@
+$NetBSD: patch-ay,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/auths-pam.c.orig	2003-12-03 15:17:26.000000000 +0200
++++ apps/ssh/auths-pam.c
+@@ -255,7 +255,8 @@ void received_packet_cb(SshPacketType pa
+ 
+       ssh_buffer_clear(gdata->client_packet);
+       ssh_encode_buffer(gdata->client_packet,
+-                        SSH_FORMAT_CHAR, SSH_MSG_USERAUTH_PAM_MSG,
++                        SSH_FORMAT_CHAR,
++			(unsigned int) SSH_MSG_USERAUTH_PAM_MSG,
+                         SSH_FORMAT_DATA, data, len,
+                         SSH_FORMAT_END);
+       (*gdata->completion_proc)(SSH_AUTH_SERVER_CONTINUE_WITH_PACKET_BACK,
diff --git a/security/ssh2/patches/patch-az b/security/ssh2/patches/patch-az
new file mode 100644
index 00000000000..6641854e3c9
--- /dev/null
+++ b/security/ssh2/patches/patch-az
@@ -0,0 +1,22 @@
+$NetBSD: patch-az,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/auths-pubkey.c.orig	2003-12-03 15:17:25.000000000 +0200
++++ apps/ssh/auths-pubkey.c
+@@ -1103,7 +1103,7 @@ Boolean ssh_server_auth_pubkey_verify(Ss
+                         strlen(service),
+                         SSH_FORMAT_UINT32_STR, SSH_AUTH_PUBKEY,
+                         strlen(SSH_AUTH_PUBKEY),
+-                        SSH_FORMAT_BOOLEAN, TRUE,
++                        SSH_FORMAT_BOOLEAN, (Boolean) TRUE,
+                         SSH_FORMAT_UINT32_STR, certs_type,
+                         strlen((char *)certs_type),
+                         SSH_FORMAT_UINT32_STR, certs, tbloblen,
+@@ -1122,7 +1122,7 @@ Boolean ssh_server_auth_pubkey_verify(Ss
+                         strlen(service),
+                         /* against the draft. Here should be 'string
+                            "publickey"'*/
+-                        SSH_FORMAT_BOOLEAN, TRUE,
++                        SSH_FORMAT_BOOLEAN, (Boolean) TRUE,
+                         /* against the draft. Here should be 'string
+                            public key algorith name'*/
+                         SSH_FORMAT_UINT32_STR, certs, tbloblen,
diff --git a/security/ssh2/patches/patch-ba b/security/ssh2/patches/patch-ba
new file mode 100644
index 00000000000..4e3573fe87c
--- /dev/null
+++ b/security/ssh2/patches/patch-ba
@@ -0,0 +1,13 @@
+$NetBSD: patch-ba,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/auths-securid.c.orig	2003-12-03 15:17:26.000000000 +0200
++++ apps/ssh/auths-securid.c
+@@ -265,7 +265,7 @@ SSH_FSM_STEP(server_securid_get_next_cod
+                     SSH_FORMAT_CHAR,
+                     (unsigned int)SSH_MSG_USERAUTH_SECURID_CHALLENGE,
+                     SSH_FORMAT_BOOLEAN,
+-                    TRUE,
++                    (Boolean) TRUE,
+                     SSH_FORMAT_END);
+ 
+   (*gdata->completion_proc)(SSH_AUTH_SERVER_CONTINUE_WITH_PACKET_BACK,
diff --git a/security/ssh2/patches/patch-bb b/security/ssh2/patches/patch-bb
new file mode 100644
index 00000000000..96fce95fa58
--- /dev/null
+++ b/security/ssh2/patches/patch-bb
@@ -0,0 +1,13 @@
+$NetBSD: patch-bb,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/lib/sshproto/sshauthc.c.orig	2003-12-03 15:17:34.000000000 +0200
++++ apps/ssh/lib/sshproto/sshauthc.c
+@@ -378,7 +378,7 @@ void ssh_authc_completion_proc(SshAuthCl
+                                           auth->methods[i].name),
+                                  SSH_FORMAT_DATA,
+                                    packet ? ssh_buffer_ptr(packet) : NULL,
+-                                   packet ? ssh_buffer_len(packet) : 0,
++                                   packet ? ssh_buffer_len(packet) : (size_t) 0,
+                                  SSH_FORMAT_END);
+ 
+       /* Mark that we have one more request out waiting for reply. */
diff --git a/security/ssh2/patches/patch-bc b/security/ssh2/patches/patch-bc
new file mode 100644
index 00000000000..2b11257d04c
--- /dev/null
+++ b/security/ssh2/patches/patch-bc
@@ -0,0 +1,31 @@
+$NetBSD: patch-bc,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/lib/sshproto/tests/t-userauth.c.orig	2003-12-03 15:17:34.000000000 +0200
++++ apps/ssh/lib/sshproto/tests/t-userauth.c
+@@ -336,7 +336,7 @@ void simple_password_client(SshAuthClien
+           ssh_debug("simple_password_client: sending pongpong %ld", pd->count);
+ #endif
+           ssh_encode_buffer(b,
+-                            SSH_FORMAT_BOOLEAN, TRUE,
++                            SSH_FORMAT_BOOLEAN, (Boolean) TRUE,
+                             SSH_FORMAT_UINT32, pd->count,
+                             SSH_FORMAT_END);
+           if (pd->count < pingpong_count)
+@@ -357,7 +357,7 @@ void simple_password_client(SshAuthClien
+           ssh_debug("simple_password_client: sending req");
+ #endif
+           ssh_encode_buffer(b,
+-                            SSH_FORMAT_BOOLEAN, FALSE,
++                            SSH_FORMAT_BOOLEAN, (Boolean) FALSE,
+                             SSH_FORMAT_UINT32_STR, pass, strlen(pass),
+                             SSH_FORMAT_END);
+           (*completion_proc)(SSH_AUTH_CLIENT_SEND, user, b,
+@@ -392,7 +392,7 @@ void simple_password_client(SshAuthClien
+ #endif
+       b = ssh_xbuffer_allocate();
+       ssh_encode_buffer(b,
+-                        SSH_FORMAT_BOOLEAN, TRUE,
++                        SSH_FORMAT_BOOLEAN, (Boolean) TRUE,
+                         SSH_FORMAT_UINT32, pd->count,
+                         SSH_FORMAT_END);
+       if (pd->count < pingpong_count)
diff --git a/security/ssh2/patches/patch-bd b/security/ssh2/patches/patch-bd
new file mode 100644
index 00000000000..bec995dde74
--- /dev/null
+++ b/security/ssh2/patches/patch-bd
@@ -0,0 +1,14 @@
+$NetBSD: patch-bd,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/sshchx11.c.orig	2003-12-03 15:17:25.000000000 +0200
++++ apps/ssh/sshchx11.c
+@@ -492,7 +492,8 @@ void ssh_channel_x11_send_request(SshCom
+ 
+   ssh_buffer_init(&buffer);
+   ssh_encode_buffer(&buffer,
+-                    SSH_FORMAT_BOOLEAN, FALSE, /* XXX single-connection */
++                    SSH_FORMAT_BOOLEAN,
++		    (Boolean) FALSE, /* XXX single-connection */
+                     SSH_FORMAT_UINT32_STR,
+                       ct->x11_fake_proto, ct->x11_fake_proto_len,
+                     SSH_FORMAT_UINT32_STR, new_data, strlen(new_data),
diff --git a/security/ssh2/patches/patch-be b/security/ssh2/patches/patch-be
new file mode 100644
index 00000000000..089477ce77d
--- /dev/null
+++ b/security/ssh2/patches/patch-be
@@ -0,0 +1,27 @@
+$NetBSD: patch-be,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- lib/sshutil/sshnet/sshinetencode.c.orig	2003-12-03 15:17:31.000000000 +0200
++++ lib/sshutil/sshnet/sshinetencode.c
+@@ -31,9 +31,10 @@ size_t ssh_encode_ipaddr_array(unsigned 
+   SSH_ASSERT(desired_len <= SSH_MAX_IPADDR_ENCODED_LENGTH);
+   if ((got = ssh_encode_array(buf, bufsize,
+                                 SSH_FORMAT_CHAR, (unsigned int) ip->type,
+-                                SSH_FORMAT_UINT32, ip->mask_len,
++                                SSH_FORMAT_UINT32, (SshUInt32) ip->mask_len,
+                                 SSH_FORMAT_DATA,
+-                                ip->addr_data, SSH_IP_ADDR_LEN(ip),
++                                ip->addr_data,
++			      (size_t) SSH_IP_ADDR_LEN(ip),
+                               SSH_FORMAT_END)) != desired_len)
+     return 0;
+   return desired_len;
+@@ -91,7 +92,8 @@ size_t ssh_decode_ipaddr_array(const uns
+   if ((got = ssh_decode_array(buf + point, len - point,
+                               SSH_FORMAT_UINT32, &mask_len,
+                               SSH_FORMAT_DATA,
+-                                ip->addr_data, SSH_IP_ADDR_LEN(ip),
++                                ip->addr_data,
++			      (size_t) SSH_IP_ADDR_LEN(ip),
+                               SSH_FORMAT_END)) != (4 + SSH_IP_ADDR_LEN(ip)))
+       return 0;
+ 
diff --git a/security/ssh2/patches/patch-bf b/security/ssh2/patches/patch-bf
new file mode 100644
index 00000000000..8b274c1e6bf
--- /dev/null
+++ b/security/ssh2/patches/patch-bf
@@ -0,0 +1,27 @@
+$NetBSD: patch-bf,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- lib/sshutil/sshnet/sshsocks.c.orig	2003-12-03 15:17:31.000000000 +0200
++++ lib/sshutil/sshnet/sshsocks.c
+@@ -375,8 +375,10 @@ SocksError ssh_socks_server_parse_open(S
+           return SSH_SOCKS_ERROR_INVALID_ARGUMENT;
+         }
+       ret = ssh_decode_array(data + bytes, len - bytes,
+-                             SSH_FORMAT_DATA, ip, ip_addr_len,
+-                             SSH_FORMAT_DATA, port_buf, 2,
++                             SSH_FORMAT_DATA, ip,
++			     (size_t) ip_addr_len,
++                             SSH_FORMAT_DATA, port_buf,
++			     (size_t) 2,
+                              SSH_FORMAT_END);
+       if (ret <= 0)
+         {
+@@ -734,7 +736,8 @@ SocksError ssh_socks4_client_generate_op
+ 
+   ret = ssh_encode_buffer(buffer,
+                           SSH_FORMAT_DATA, username, strlen(username),
+-                          SSH_FORMAT_DATA, "\0", 1,
++                          SSH_FORMAT_DATA, "\0",
++			  (size_t) 1,
+                           SSH_FORMAT_END);
+   if (ret == 0)
+     {
diff --git a/security/ssh2/patches/patch-bg b/security/ssh2/patches/patch-bg
new file mode 100644
index 00000000000..3fa4dbd1b2c
--- /dev/null
+++ b/security/ssh2/patches/patch-bg
@@ -0,0 +1,49 @@
+$NetBSD: patch-bg,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- lib/sshcrypto/sshpk/sshrgf.c.orig	2003-12-03 15:17:33.000000000 +0200
++++ lib/sshcrypto/sshpk/sshrgf.c
+@@ -412,6 +412,7 @@ rgf_pkcs1_verify(Boolean do_unpad,
+   unsigned char *digest;
+   size_t digest_len, return_len;
+   Boolean rv;
++  int ps_len, digestinfo_len;
+ 
+   if (hash->context == NULL)
+     return SSH_RGF_OP_FAILED;
+@@ -419,6 +420,9 @@ rgf_pkcs1_verify(Boolean do_unpad,
+   *output_msg     = NULL;
+   *output_msg_len = 0;
+ 
++  ps_len = 0;
++  digestinfo_len = 0;
++
+   /* Decode the msg. */
+   if ((ber_buf = ssh_malloc(max_output_msg_len)) == NULL)
+     return SSH_RGF_OP_FAILED;
+@@ -457,8 +461,25 @@ rgf_pkcs1_verify(Boolean do_unpad,
+   (*hash->def->rgf_hash_finalize)(hash, digest);
+   hash_oid = (*hash->def->rgf_hash_asn1_oid)(hash);
+ 
++  /* size of 'ff' padding */
++  for(ps_len = 0; decrypted_signature[ps_len+2] == 255; ps_len++)
++    ;
++
++  /* size of encoded digestinfo from the signature  */
++  switch(decrypted_signature[ps_len+4]){
++  case 0x20:
++    digestinfo_len = 18;
++    break;
++  case 0x21:
++    digestinfo_len = 15;
++    break;
++  default :
++    digestinfo_len = 19;
++  }
++
+   /* Compare. */
+-  if (hash_oid == NULL || digest_len != return_len)
++  if (hash_oid == NULL || digest_len != return_len ||
++      digestinfo_len + digest_len + 3 + ps_len != decrypted_signature_len)
+     {
+       ssh_free(oid);
+       ssh_free(temp_buf);
author	kivinen <kivinen@pkgsrc.org>	2006-09-22 13:58:46 +0000
committer	kivinen <kivinen@pkgsrc.org>	2006-09-22 13:58:46 +0000
commit	08fc2550ddf7efaeb965b9638db8b58d81495d49 (patch)
tree	711c4677b1da58fb4f1800d6a3d72c9d62040c03 /security/ssh2
parent	ebd1f197ccdd470dbe16d87984280901d6626b24 (diff)
download	pkgsrc-08fc2550ddf7efaeb965b9638db8b58d81495d49.tar.gz