diff options
| author | taca <taca@pkgsrc.org> | 2015-07-30 03:20:36 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2015-07-30 03:20:36 +0000 |
| commit | 266582173db3385a92576e004c326f6e635b681c (patch) | |
| tree | 8718949aa13fc8f5b692efc391d374bce1e376e6 /security | |
| parent | c63b21228aadd98d62b972dc846c3aaef0923ada (diff) | |
| download | pkgsrc-266582173db3385a92576e004c326f6e635b681c.tar.gz | |
Add fix for CVE-2015-5600 from FreeBSD via NetBSD base.
Bump PKGREVISION.
Diffstat (limited to 'security')
| -rw-r--r-- | security/openssh/Makefile | 3 | ||||
| -rw-r--r-- | security/openssh/distinfo | 3 | ||||
| -rw-r--r-- | security/openssh/patches/patch-auth2-chall.c | 32 |
3 files changed, 36 insertions, 2 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index df2be515d62..c2e49ec1411 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.233 2015/07/09 16:14:23 taca Exp $ +# $NetBSD: Makefile,v 1.234 2015/07/30 03:20:36 taca Exp $ DISTNAME= openssh-6.9p1 PKGNAME= openssh-6.9.1 +PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenSSH/portable/} diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 337eec84a55..e0a13b26197 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.93 2015/07/10 07:00:29 dsainty Exp $ +$NetBSD: distinfo,v 1.94 2015/07/30 03:20:36 taca Exp $ SHA1 (openssh-6.9p1-hpn-20150709.diff.gz) = a39571c1cdb13382631a1d9cfe89b82fb346c92c RMD160 (openssh-6.9p1-hpn-20150709.diff.gz) = 8bb077e7ecbc7550386a050209e84d6f4d895788 @@ -11,6 +11,7 @@ SHA1 (patch-auth-passwd.c) = 32da596dd9b255ffdd8168e6ea6f62596304b116 SHA1 (patch-auth-rhosts.c) = 5752c384f1fd81ed6ef21707fa2b9743a3891987 SHA1 (patch-auth.c) = 80f1c5ad8ea01a3c9dedce4eef1b625640958450 SHA1 (patch-auth1.c) = 0bb4bc35e2ca2cd03c5596dadcd2ffb4329091a7 +SHA1 (patch-auth2-chall.c) = 9edd679fc0a1d128786cea8939e804adb400c3c9 SHA1 (patch-auth2.c) = 831139b9cdbd9b4d3429ea1aba176daf78be3405 SHA1 (patch-channels.c) = 9ad160fd1c2c7fabbea3d49dacb36036d13adfaa SHA1 (patch-clientloop.c) = 11d44815ec39030ae20cb75727acff8c8e91144e diff --git a/security/openssh/patches/patch-auth2-chall.c b/security/openssh/patches/patch-auth2-chall.c new file mode 100644 index 00000000000..4bd9a792f10 --- /dev/null +++ b/security/openssh/patches/patch-auth2-chall.c @@ -0,0 +1,32 @@ +$NetBSD: patch-auth2-chall.c,v 1.1 2015/07/30 03:20:36 taca Exp $ + +Fix for CVE-2015-5600 from FreeBSD via NetBSD base. + +--- auth2-chall.c.orig 2015-07-01 02:35:31.000000000 +0000 ++++ auth2-chall.c +@@ -83,6 +83,7 @@ struct KbdintAuthctxt + void *ctxt; + KbdintDevice *device; + u_int nreq; ++ u_int devices_done; + }; + + #ifdef USE_PAM +@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, K + if (len == 0) + break; + for (i = 0; devices[i]; i++) { +- if (!auth2_method_allowed(authctxt, ++ if ((kbdintctxt->devices_done & (1 << i)) != 0 || ++ !auth2_method_allowed(authctxt, + "keyboard-interactive", devices[i]->name)) + continue; +- if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) ++ if (strncmp(kbdintctxt->devices, devices[i]->name, ++ len) == 0) { + kbdintctxt->device = devices[i]; ++ kbdintctxt->devices_done |= 1 << i; ++ } + } + t = kbdintctxt->devices; + kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; |