diff options
| author | bouyer <bouyer@pkgsrc.org> | 1999-05-15 13:46:58 +0000 |
|---|---|---|
| committer | bouyer <bouyer@pkgsrc.org> | 1999-05-15 13:46:58 +0000 |
| commit | 56f59b68697ba541023777d5d560f1f87c8b6f16 (patch) | |
| tree | e460f2a39ec5902c2dd8155a70689c31ee51546f /security | |
| parent | f83048c78a6ea3dc02d1a1fa76c8aca54516452b (diff) | |
| download | pkgsrc-56f59b68697ba541023777d5d560f1f87c8b6f16.tar.gz | |
Update to 1.2.27. Mostly sprintf->snprintf fixes (more than we had in
our private patches). ssh users should probably upgrade ...
Diffstat (limited to 'security')
| -rw-r--r-- | security/ssh/Makefile | 4 | ||||
| -rw-r--r-- | security/ssh/files/md5 | 4 | ||||
| -rw-r--r-- | security/ssh/patches/patch-af | 181 | ||||
| -rw-r--r-- | security/ssh/patches/patch-ag | 58 | ||||
| -rw-r--r-- | security/ssh/patches/patch-ah | 22 | ||||
| -rw-r--r-- | security/ssh/patches/patch-ai | 13 | ||||
| -rw-r--r-- | security/ssh/patches/patch-ak | 7 | ||||
| -rw-r--r-- | security/ssh/patches/patch-ao | 38 | ||||
| -rw-r--r-- | security/ssh/patches/patch-av | 24 |
9 files changed, 128 insertions, 223 deletions
diff --git a/security/ssh/Makefile b/security/ssh/Makefile index f46c4c85835..2daef331d31 100644 --- a/security/ssh/Makefile +++ b/security/ssh/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.43 1999/05/10 22:12:42 tron Exp $ +# $NetBSD: Makefile,v 1.44 1999/05/15 13:46:58 bouyer Exp $ # FreeBSD Id: Makefile,v 1.47 1997/11/10 22:04:42 dima Exp # -DISTNAME= ssh-1.2.26 +DISTNAME= ssh-1.2.27 CATEGORIES= security net MASTER_SITES= ftp://ftp.cs.hut.fi/pub/ssh/ \ ftp://ftp.funet.fi/pub/unix/security/login/ssh/ \ diff --git a/security/ssh/files/md5 b/security/ssh/files/md5 index 90ff25c0bd3..e6343d25ae0 100644 --- a/security/ssh/files/md5 +++ b/security/ssh/files/md5 @@ -1,3 +1,3 @@ -$NetBSD: md5,v 1.7 1998/08/07 13:27:37 agc Exp $ +$NetBSD: md5,v 1.8 1999/05/15 13:46:58 bouyer Exp $ -MD5 (ssh-1.2.26.tar.gz) = 2ee46d454015dd01c5e8f074eabf0245 +MD5 (ssh-1.2.27.tar.gz) = c22bc000bee0f7d6f4845eab72a81395 diff --git a/security/ssh/patches/patch-af b/security/ssh/patches/patch-af index f2814e01aae..0efa252ff28 100644 --- a/security/ssh/patches/patch-af +++ b/security/ssh/patches/patch-af @@ -1,8 +1,8 @@ -$NetBSD: patch-af,v 1.5 1999/05/10 21:34:46 tron Exp $ +$NetBSD: patch-af,v 1.6 1999/05/15 13:46:58 bouyer Exp $ ---- sshd.c.orig Mon May 10 23:26:51 1999 -+++ sshd.c Mon May 10 23:27:53 1999 -@@ -1736,55 +1736,59 @@ +--- sshd.c.orig Wed May 12 13:19:29 1999 ++++ sshd.c Sat May 15 04:41:48 1999 +@@ -1783,56 +1783,62 @@ endspent(); } #endif /* HAVE_ETC_SHADOW */ @@ -11,82 +11,87 @@ $NetBSD: patch-af,v 1.5 1999/05/10 21:34:46 tron Exp $ +/* Net2,BSD4.4,BSD/OS,NetBSD,FreeBSD and OpenBSD all define BSD4_4 + man passwd(5) says that format has changed since BSD4.3 + */ -+#ifdef BSD4_4 ++#ifdef BSD4_4 + if(pwd->pw_change || pwd->pw_expire) { time_t currtime; - - if (pwd->pw_change || pwd->pw_expire) - currtime = time(NULL); -- ++ + currtime = time(NULL); + /* * Check for an expired password */ - if (pwd->pw_change && pwd->pw_change <= currtime) - { -- debug("Account %.100s's password is too old - forced to change.", -- user); -- if (options.forced_passwd_change) -- { -- forced_command = xmalloc(sizeof(PASSWD_PATH) + strlen(user) + 1); -- sprintf(forced_command, "%s %s", PASSWD_PATH, user); -- } -- else -- { -- return 0; -- } +- debug("Account %.100s's password is too old - forced to change.", +- user); +- if (options.forced_passwd_change) +- { +- forced_command = xmalloc(sizeof(PASSWD_PATH) + strlen(user) + 2); +- snprintf(forced_command, sizeof(PASSWD_PATH) + strlen(user) + 2, +- "%.100s %.100s", PASSWD_PATH, user); +- } +- else +- { +- return 0; +- } - } - else + + if (pwd->pw_change) { -- if (pwd->pw_change) -+ /* PASSWD_CHGNOW seems to be -1 for now but... */ -+ if ( +- if (pwd->pw_change) +- { +- days_before_password_expires = (pwd->pw_change - currtime) / 86400; +- } ++ /* PASSWD_CHGNOW seems to be -1 for now but... */ ++ if ( +#if defined(PASSWD_CHGNOW) && PASSWD_CHGNOW > 0 -+ pwd->pw_change == PASSWD_CHGNOW || ++ pwd->pw_change == PASSWD_CHGNOW || +#endif -+ pwd->pw_change <= currtime) - { -- days_before_password_expires = (pwd->pw_change - currtime) / 86400; -+ packet_send_debug("Password has expired"); -+ if(options.forced_passwd_change) -+ { -+ debug("Account %.99s's password is too old - change forced.", -+ user); -+ forced_command = xmalloc(sizeof(PASSWD_PATH) + -+ strlen(user) + 1); -+ sprintf(forced_command, "%s %s", PASSWD_PATH, user); -+ } -+ else -+ { -+ return 0; -+ } - } ++ pwd->pw_change <= currtime) ++ { ++ packet_send_debug("Password has expired"); ++ if(options.forced_passwd_change) ++ { ++ debug("Account %.99s's password is too old - change forced.", ++ user); ++ forced_command = xmalloc(sizeof(PASSWD_PATH) + ++ strlen(user) + 1); ++ sprintf(forced_command, "%s %s", PASSWD_PATH, user); ++ } ++ else ++ { ++ return 0; ++ } ++ } +#ifdef PASSWD_CHGNOW -+ if(pwd->pw_change != PASSWD_CHGNOW) -+ days_before_password_expires = (pwd->pw_change - currtime) / 86400; ++ if(pwd->pw_change != PASSWD_CHGNOW) ++ days_before_password_expires = (pwd->pw_change - currtime) / 86400; +#endif } - ++ /* * Check for expired account */ - if (pwd->pw_expire && pwd->pw_expire <= currtime) + if (pwd->pw_expire) { -- debug("Account %.100s has expired - access denied.", user); -- return 0; +- debug("Account %.100s has expired - access denied.", user); +- return 0; - } - else - { -- if (pwd->pw_expire) -+ if (pwd->pw_expire <= currtime) - { -- days_before_account_expires = (pwd->pw_expire - currtime) / 86400; -+ packet_send_debug("Account has expired"); +- if (pwd->pw_expire) ++ if (pwd->pw_expire <= currtime) + { +- days_before_account_expires = (pwd->pw_expire - currtime) / 86400; ++ packet_send_debug("Account has expired"); + return 0; - } + } + days_before_account_expires = (pwd->pw_expire - currtime) / 86400; } } @@ -95,7 +100,7 @@ $NetBSD: patch-af,v 1.5 1999/05/10 21:34:46 tron Exp $ #ifdef HAVE_HPUX_TCB_AUTH { -@@ -2166,11 +2170,11 @@ +@@ -2218,11 +2224,11 @@ pwcopy.pw_passwd = xstrdup(pw->pw_passwd); pwcopy.pw_uid = pw->pw_uid; pwcopy.pw_gid = pw->pw_gid; @@ -109,16 +114,16 @@ $NetBSD: patch-af,v 1.5 1999/05/10 21:34:46 tron Exp $ pwcopy.pw_dir = xstrdup(pw->pw_dir); pwcopy.pw_shell = xstrdup(pw->pw_shell); pw = &pwcopy; -@@ -2506,7 +2510,7 @@ - - if (!strncmp(buf, "challenge ", 10) || - !strncmp(buf, "chalnecho ", 10)) { -- sprintf(prompt,"Challenge \"%.100s\": ",&buf[10]); -+ sprintf(prompt,"%.100s" ,&buf[10]); - debug("TIS challenge %s", buf); - packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); - packet_put_string(prompt, strlen(prompt)); -@@ -3200,9 +3204,6 @@ +@@ -2568,7 +2574,7 @@ + if (!strncmp(buf, "challenge ", 10) || + !strncmp(buf, "chalnecho ", 10)) { + snprintf(prompt, sizeof(prompt), +- "Challenge \"%.100s\": ",&buf[10]); ++ "%.100s",&buf[10]); + debug("TIS challenge %.500s", buf); + packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); + packet_put_string(prompt, strlen(prompt)); +@@ -3286,9 +3292,6 @@ #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) login_cap_t *lc; #endif @@ -126,36 +131,36 @@ $NetBSD: patch-af,v 1.5 1999/05/10 21:34:46 tron Exp $ - struct timeval tp; -#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ - #ifdef HAVE_OSF1_C2_SECURITY - { -@@ -3360,30 +3361,6 @@ - fputs(line, stdout); - fclose(f); - } + /* We no longer need the child running on user's privileges. */ + userfile_uninit(); +@@ -3469,30 +3472,6 @@ + fputs(line, stdout); + fclose(f); + } -#if defined (__bsdi__) && _BSDI_VERSION >= 199510 -- if (pw->pw_change || pw->pw_expire) -- (void)gettimeofday(&tp, (struct timezone *)NULL); -- if (pw->pw_change) -- { -- if (tp.tv_sec >= pw->pw_change) -- { -- fprintf(stderr,"Sorry -- your password has expired.\n"); -- exit(254); -- } -- days_before_password_expires = (pw->pw_change - tp.tv_sec) / -- 86400; -- } -- if (pw->pw_expire) -- { -- if (tp.tv_sec >= pw->pw_expire) -- { -- fprintf(stderr,"Sorry -- your account has expired.\n"); -- exit(254); -- } -- days_before_account_expires = (pw->pw_expire - tp.tv_sec) / -- 86400; -- } +- if (pw->pw_change || pw->pw_expire) +- (void)gettimeofday(&tp, (struct timezone *)NULL); +- if (pw->pw_change) +- { +- if (tp.tv_sec >= pw->pw_change) +- { +- fprintf(stderr,"Sorry -- your password has expired.\n"); +- exit(254); +- } +- days_before_password_expires = (pw->pw_change - tp.tv_sec) / +- 86400; +- } +- if (pw->pw_expire) +- { +- if (tp.tv_sec >= pw->pw_expire) +- { +- fprintf(stderr,"Sorry -- your account has expired.\n"); +- exit(254); +- } +- days_before_account_expires = (pw->pw_expire - tp.tv_sec) / +- 86400; +- } -#endif /* __bsdi__ & _BSDI_VERSION >= 199510 */ - } + } #if defined (__FreeBSD__) && defined HAVE_LOGIN_CAP_H diff --git a/security/ssh/patches/patch-ag b/security/ssh/patches/patch-ag deleted file mode 100644 index 277a1842559..00000000000 --- a/security/ssh/patches/patch-ag +++ /dev/null @@ -1,58 +0,0 @@ -$NetBSD: patch-ag,v 1.1 1998/11/04 23:43:39 tron Exp $ - ---- log-server.c.orig Wed Jul 8 18:40:36 1998 -+++ log-server.c Thu Nov 5 00:31:23 1998 -@@ -134,7 +134,7 @@ - if (log_quiet) - return; - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "log: %s\n", buf); -@@ -175,7 +175,7 @@ - if (log_quiet) - return; - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "log: %s\n", buf); -@@ -191,7 +191,7 @@ - if (!log_debug || log_quiet) - return; - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "debug: %s\n", buf); -@@ -207,7 +207,7 @@ - if (log_quiet) - return; - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "error: %s\n", buf); -@@ -302,7 +302,7 @@ - if (log_quiet) - exit(1); - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "fatal: %s\n", buf); -@@ -321,7 +321,7 @@ - if (log_quiet) - exit(1); - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "fatal: %s\n", buf); diff --git a/security/ssh/patches/patch-ah b/security/ssh/patches/patch-ah deleted file mode 100644 index c4f5e678347..00000000000 --- a/security/ssh/patches/patch-ah +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-ah,v 1.3 1998/11/04 23:43:39 tron Exp $ - ---- packet.c.orig Wed Jul 8 18:40:37 1998 -+++ packet.c Thu Nov 5 00:31:23 1998 -@@ -693,7 +693,7 @@ - va_list args; - - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - - packet_start(SSH_MSG_DEBUG); -@@ -719,7 +719,7 @@ - /* Format the message. Note that the caller must make sure the message - is of limited size. */ - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - - /* Send the disconnect message to the other side, and wait for it to get diff --git a/security/ssh/patches/patch-ai b/security/ssh/patches/patch-ai deleted file mode 100644 index fc25e8162d6..00000000000 --- a/security/ssh/patches/patch-ai +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ai,v 1.3 1998/11/04 23:43:39 tron Exp $ - ---- scp.c.orig Wed Jul 8 18:40:38 1998 -+++ scp.c Thu Nov 5 00:31:23 1998 -@@ -332,7 +332,7 @@ - char buf[1024]; - - va_start(ap, fmt); -- vsprintf(buf, fmt, ap); -+ vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); - fprintf(stderr, "%s\n", buf); - exit(255); diff --git a/security/ssh/patches/patch-ak b/security/ssh/patches/patch-ak deleted file mode 100644 index cbfad0c79fb..00000000000 --- a/security/ssh/patches/patch-ak +++ /dev/null @@ -1,7 +0,0 @@ -$NetBSD: patch-ak,v 1.1 1998/11/04 23:43:39 tron Exp $ - ---- version.h.orig Wed Jul 8 18:40:39 1998 -+++ version.h Thu Nov 5 00:31:23 1998 -@@ -1 +1 @@ --#define SSH_VERSION "1.2.26" -+#define SSH_VERSION "1.2.26-vsnprintf-patched" diff --git a/security/ssh/patches/patch-ao b/security/ssh/patches/patch-ao index a0e68db46be..7e766b427fc 100644 --- a/security/ssh/patches/patch-ao +++ b/security/ssh/patches/patch-ao @@ -1,8 +1,8 @@ -$NetBSD: patch-ao,v 1.6 1998/11/04 23:43:39 tron Exp $ +$NetBSD: patch-ao,v 1.7 1999/05/15 13:46:59 bouyer Exp $ ---- newchannels.c.orig Wed Jul 8 18:40:36 1998 -+++ newchannels.c Thu Nov 5 00:28:07 1998 -@@ -263,7 +263,7 @@ +--- newchannels.c.orig Wed May 12 13:19:27 1999 ++++ newchannels.c Sat May 15 04:31:04 1999 +@@ -274,7 +274,7 @@ #include "authfd.h" #include "emulate.h" #include "servconf.h" @@ -11,25 +11,25 @@ $NetBSD: patch-ao,v 1.6 1998/11/04 23:43:39 tron Exp $ #include <tcpd.h> #include <syslog.h> #ifdef NEED_SYS_SYSLOG_H -@@ -923,7 +923,7 @@ - sprintf(buf, "X11 connection from %.200s port %d", - remote_hostname, get_peer_port(newsock)); - xfree(remote_hostname); +@@ -934,7 +934,7 @@ + snprintf(buf, sizeof(buf), "X11 connection from %.200s port %d", + remote_hostname, get_peer_port(newsock)); + xfree(remote_hostname); -#ifdef LIBWRAP +#if defined(LIBWRAP) && defined(LIBWRAP_FWD) - { - struct request_info req; - struct servent *serv; -@@ -974,7 +974,7 @@ - ch->listening_port, remote_hostname, - get_peer_port(newsock)); - xfree(remote_hostname); + { + struct request_info req; + struct servent *serv; +@@ -986,7 +986,7 @@ + ch->listening_port, remote_hostname, + get_peer_port(newsock)); + xfree(remote_hostname); -#ifdef LIBWRAP +#if defined(LIBWRAP) && defined(LIBWRAP_FWD) - { - struct request_info req; - struct servent *serv; -@@ -2388,6 +2388,10 @@ + { + struct request_info req; + struct servent *serv; +@@ -2412,6 +2412,10 @@ ssh-agent connections on your system */ old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); diff --git a/security/ssh/patches/patch-av b/security/ssh/patches/patch-av index c193637255a..cbf735b6e79 100644 --- a/security/ssh/patches/patch-av +++ b/security/ssh/patches/patch-av @@ -1,13 +1,13 @@ -$NetBSD: patch-av,v 1.1 1998/09/10 16:36:12 kim Exp $ +$NetBSD: patch-av,v 1.2 1999/05/15 13:46:59 bouyer Exp $ ---- serverloop.c.orig Wed Jul 8 12:40:38 1998 -+++ serverloop.c Thu Sep 10 12:13:33 1998 -@@ -441,7 +441,7 @@ - if (ret == 0) /* Nothing read, timeout expired */ - { - /* Check if idle_timeout expired ? */ -- if (idle_timeout != 0 && !child_terminated && -+ if (idle_timeout != 0 && !child_terminated && idle_time_last && - time(NULL) - idle_time_last > idle_timeout) - { - /* Yes, kill the child */ +--- serverloop.c.orig Wed May 12 13:19:28 1999 ++++ serverloop.c Sat May 15 04:33:35 1999 +@@ -446,7 +446,7 @@ + if (ret == 0) /* Nothing read, timeout expired */ + { + /* Check if idle_timeout expired ? */ +- if (idle_timeout != 0 && !child_terminated && ++ if (idle_timeout != 0 && !child_terminated && idle_time_last && + time(NULL) - idle_time_last > idle_timeout) + { + /* Yes, kill the child */ |