diff options
| author | taca <taca> | 2014-03-29 09:38:11 +0000 |
|---|---|---|
| committer | taca <taca> | 2014-03-29 09:38:11 +0000 |
| commit | 42f1b52e5df753e99e12fb8273bd071101b19651 (patch) | |
| tree | a5afa1fb380513eccc967371e6294fa46b16ee7d /security | |
| parent | df98e45890c49b3c2f15689f9bad6c92bc996883 (diff) | |
| download | pkgsrc-42f1b52e5df753e99e12fb8273bd071101b19651.tar.gz | |
Update openssh to 6.6.1 (OpenSSH 6.6p1).
pkgsrc change
* Use PLIST_VARS.
* Update hpn-patch based on openssh-6.5p1-hpnssh14v4.diff.gz.
Fixes security problem (SA57488).
For full changes, please refer below release notes.
http://www.openssh.com/txt/release-6.5
http://www.openssh.com/txt/release-6.6
Diffstat (limited to 'security')
21 files changed, 119 insertions, 137 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index fd97e3910a5..36bcbc06a84 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.217 2014/03/13 11:08:52 jperkin Exp $ +# $NetBSD: Makefile,v 1.218 2014/03/29 09:38:11 taca Exp $ -DISTNAME= openssh-6.4p1 -PKGNAME= openssh-6.4.1 -PKGREVISION= 1 +DISTNAME= openssh-6.6p1 +PKGNAME= openssh-6.6.1 SVR4_PKGNAME= ossh CATEGORIES= security MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ @@ -38,7 +37,6 @@ BUILD_DEFS+= OPENSSH_CHROOT BUILD_DEFS+= VARBASE INSTALL_TARGET= install-nokeys -PLIST_SRC= # empty .include "options.mk" @@ -144,6 +142,8 @@ CONFIGURE_ARGS+= --with-xauth=${X11PREFIX}/bin/xauth CONFS= ssh_config sshd_config moduli +PLIST_VARS+= prng + .if exists(/dev/urandom) . if ${OPSYS} == "NetBSD" MESSAGE_SRC+= ${.CURDIR}/MESSAGE.urandom @@ -151,7 +151,7 @@ MESSAGE_SRC+= ${.CURDIR}/MESSAGE.urandom .else CONFIGURE_ARGS+= --without-random CONFS+= ssh_prng_cmds -PLIST_SRC+= ${.CURDIR}/PLIST.prng +PLIST.prng= yes .endif EGDIR= ${PREFIX}/share/examples/${PKGBASE} @@ -164,7 +164,6 @@ RCD_SCRIPTS= sshd RCD_SCRIPT_SRC.sshd= ${WRKDIR}/sshd.sh SMF_METHODS= sshd -PLIST_SRC+= ${.CURDIR}/PLIST FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR:Q} SUBST_CLASSES+= patch diff --git a/security/openssh/PLIST b/security/openssh/PLIST index ef2b5e1ef51..6aa5f151cb7 100644 --- a/security/openssh/PLIST +++ b/security/openssh/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.15 2014/03/11 14:05:13 jperkin Exp $ +@comment $NetBSD: PLIST,v 1.16 2014/03/29 09:38:11 taca Exp $ bin/scp bin/sftp bin/slogin @@ -10,6 +10,7 @@ bin/ssh-keyscan libexec/sftp-server libexec/ssh-keysign libexec/ssh-pkcs11-helper +${PLIST.prng}libexec/ssh-rand-helper man/man1/scp.1 man/man1/sftp.1 man/man1/slogin.1 @@ -28,4 +29,6 @@ man/man8/sshd.8 sbin/sshd share/examples/openssh/moduli share/examples/openssh/ssh_config +${PLIST.prng}share/examples/openssh/ssh_prng_cmds +${PLIST.pam}share/examples/openssh/sshd.pam share/examples/openssh/sshd_config diff --git a/security/openssh/PLIST.pam b/security/openssh/PLIST.pam deleted file mode 100644 index 0cf58859226..00000000000 --- a/security/openssh/PLIST.pam +++ /dev/null @@ -1 +0,0 @@ -@comment $NetBSD: PLIST.pam,v 1.2 2012/01/09 05:25:36 manu Exp $ diff --git a/security/openssh/PLIST.prng b/security/openssh/PLIST.prng deleted file mode 100644 index d514fb4e81a..00000000000 --- a/security/openssh/PLIST.prng +++ /dev/null @@ -1,3 +0,0 @@ -@comment $NetBSD: PLIST.prng,v 1.2 2002/08/30 08:04:31 grant Exp $ -libexec/ssh-rand-helper -share/examples/openssh/ssh_prng_cmds diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 5ca9edfa322..0dcbf48a9bd 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,32 +1,31 @@ -$NetBSD: distinfo,v 1.85 2013/12/01 06:11:41 taca Exp $ +$NetBSD: distinfo,v 1.86 2014/03/29 09:38:11 taca Exp $ -SHA1 (openssh-6.4p1-hpn14v2.diff.gz) = 2713d734d5f652c6dccd13d779c1e116ccca2e7e -RMD160 (openssh-6.4p1-hpn14v2.diff.gz) = 45366b1f61241fc29a87918790182bd4f29a1f29 -Size (openssh-6.4p1-hpn14v2.diff.gz) = 23792 bytes -SHA1 (openssh-6.4p1.tar.gz) = cf5fe0eb118d7e4f9296fbc5d6884965885fc55d -RMD160 (openssh-6.4p1.tar.gz) = d0e757c90350351bb92ebd4fa9f045586fb54f97 -Size (openssh-6.4p1.tar.gz) = 1201402 bytes -SHA1 (patch-Makefile.in) = 1cf8bda061df1b76822be2886d9c231cc3cb39b9 -SHA1 (patch-atomicio.c) = 6bb3c3ca1491693918ce1ac7481e0852c90e0b4e +SHA1 (openssh-6.6p1-hpnssh14v4.diff.gz) = 1cb86c7151ea4c805cfb1197eac13844cd8f2f2c +RMD160 (openssh-6.6p1-hpnssh14v4.diff.gz) = 292cea7880ff66040d915f2d5957dd27d0835984 +Size (openssh-6.6p1-hpnssh14v4.diff.gz) = 23417 bytes +SHA1 (openssh-6.6p1.tar.gz) = b850fd1af704942d9b3c2eff7ef6b3a59b6a6b6e +RMD160 (openssh-6.6p1.tar.gz) = e19ed34e240001898b6665bb4356b868bba5513d +Size (openssh-6.6p1.tar.gz) = 1282502 bytes +SHA1 (patch-Makefile.in) = 3b136be23e0dab21894dcc881746cf5a186ff572 SHA1 (patch-auth-passwd.c) = de9f5487fe1f5848cc702e549bce949fd75d70cd SHA1 (patch-auth-rhosts.c) = ab8dd3e375accc5bed3e15b158a85a1b1f9a2e3e SHA1 (patch-auth.c) = 950b0380bcbb0fa1681014cfbb41528d09a10a18 SHA1 (patch-auth1.c) = 7b0481f445bc85cce9d7539b00bf581b9aa09fea -SHA1 (patch-auth2.c) = f4c5ab6ffb83f649e7d3566097e0dec8323f0d29 -SHA1 (patch-config.h.in) = c838507e83224d842e25170ea8faa63c8559ea37 -SHA1 (patch-configure) = 91bd541c6dc19aed54f20bb31bea958847dae738 -SHA1 (patch-configure.ac) = 896aac81d96fe09775ef5b7c6942c37309097b33 -SHA1 (patch-defines.h) = e2aebe7dcf0927d8afcca7a96c4001a6e0130cc2 +SHA1 (patch-auth2.c) = 8f4f97516874fc4af5814cbd3a1f59b9ca77b43f +SHA1 (patch-config.h.in) = 9799f48f204aa213318914f1d6c45e83a8af942f +SHA1 (patch-configure) = 3015dda57a5626667cf5c15c7c7be25f8844cfc6 +SHA1 (patch-configure.ac) = 996a3bcf133a0832b9d7fa35cc0983562d9fa60a +SHA1 (patch-defines.h) = 4f4f4c8dc54aa86275192edf230b36737b1c0cf6 SHA1 (patch-includes.h) = 0a899d3b38ef3de7f5b08fec022696b4e998b54e -SHA1 (patch-loginrec.c) = 0305a5b552c88ac99d8f894d3cda9686e0b0ccdd +SHA1 (patch-loginrec.c) = 3b42ea96935a69316233eb2c65d810e46a3e5d76 SHA1 (patch-openbsd-compat_bsd-openpty.c) = a1318cf691f0ad844a8761a77e3bb32a9e20c695 -SHA1 (patch-openbsd-compat_openbsd-compat.h) = 17690feb6962bd27fef96bd6fb1acfa60e9af9dc +SHA1 (patch-openbsd-compat_openbsd-compat.h) = 1cafbe8f226c16443d2cfd003166923f33352eb0 SHA1 (patch-openbsd-compat_port-tun.c) = 8288e2b9336ea1fcc1129d8a2ab5e55816b2ccbf -SHA1 (patch-platform.c) = fcb85cca516d992ec50dfb259b9cc8ddbb032b5c +SHA1 (patch-platform.c) = c2f85f494f0a38ed9fea93c46c98b20d865610a0 SHA1 (patch-scp.c) = 97e33843cc1b93babb6c45225c07ac74555e6d54 -SHA1 (patch-session.c) = dc7fd9ec8956c734cb4a6427243133919cb47158 -SHA1 (patch-sftp-common.c) = 5467a25bc996dac8e4c6e4cb657ad722a3284388 -SHA1 (patch-ssh.c) = e878057032340425ed01230ca6abc8bbfdb07dfb -SHA1 (patch-sshd.c) = 547bf87e572229ab4e568d1e7b03e722d8a63302 +SHA1 (patch-session.c) = 55e84175c7294816107c970f002401d1766f7095 +SHA1 (patch-sftp-common.c) = 5b36300c6a83ceef2340c2cee3be211eaf39ecdd +SHA1 (patch-ssh.c) = 8965e0458aabc137fa3b5e53c6573c0f0fba8280 +SHA1 (patch-sshd.c) = 43b3e4383142303a5d1158f08baee4a27f2f7b13 SHA1 (patch-sshpty.c) = 9f08f899919d05567998087a060b90800c2c7b11 -SHA1 (patch-uidswap.c) = cbed1c1db63e7f198efaa76581e8f5a5aa9615da +SHA1 (patch-uidswap.c) = 0b76322d47b9e14bb2828bc143645d38028bdafd diff --git a/security/openssh/options.mk b/security/openssh/options.mk index 794f752d35d..b3cc2b5677e 100644 --- a/security/openssh/options.mk +++ b/security/openssh/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.27 2013/12/05 14:37:01 taca Exp $ +# $NetBSD: options.mk,v 1.28 2014/03/29 09:38:11 taca Exp $ .include "../../mk/bsd.prefs.mk" @@ -16,14 +16,18 @@ CONFIGURE_ENV+= ac_cv_search_k_hasafs=no .endif .if !empty(PKG_OPTIONS:Mhpn-patch) -PATCHFILES= openssh-6.4p1-hpn14v2.diff.gz +PATCHFILES= openssh-6.6p1-hpnssh14v4.diff.gz PATCH_SITES= ftp://ftp.NetBSD.org/pub/NetBSD/misc/openssh/ +PATCH_DIST_STRIP= -p1 .endif .if !empty(PKG_OPTIONS:Mpam) .include "../../mk/pam.buildlink3.mk" CONFIGURE_ARGS+= --with-pam -PLIST_SRC+= ${.CURDIR}/PLIST.pam MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam MESSAGE_SUBST+= EGDIR=${EGDIR} +PLIST_VARS+= pam +.if ${OPSYS} == "Linux" +PLIST.pam= yes +.endif .endif diff --git a/security/openssh/patches/patch-Makefile.in b/security/openssh/patches/patch-Makefile.in index 6933ee7aec5..0ff95c0d838 100644 --- a/security/openssh/patches/patch-Makefile.in +++ b/security/openssh/patches/patch-Makefile.in @@ -1,8 +1,8 @@ -$NetBSD: patch-Makefile.in,v 1.2 2013/12/01 06:11:41 taca Exp $ +$NetBSD: patch-Makefile.in,v 1.3 2014/03/29 09:38:11 taca Exp $ Removed install-sysconf as we handle that phase through post-install ---- Makefile.in.orig 2013-06-11 01:26:10.000000000 +0000 +--- Makefile.in.orig 2014-02-04 00:12:56.000000000 +0000 +++ Makefile.in @@ -2,5 +2,5 @@ @@ -18,7 +18,7 @@ Removed install-sysconf as we handle that phase through post-install +#ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign -@@ -246,5 +246,5 @@ distprep: catman-do +@@ -250,5 +250,5 @@ distprep: catman-do install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config -install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf diff --git a/security/openssh/patches/patch-atomicio.c b/security/openssh/patches/patch-atomicio.c deleted file mode 100644 index da22b431915..00000000000 --- a/security/openssh/patches/patch-atomicio.c +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-atomicio.c,v 1.2 2013/05/01 19:58:26 imil Exp $ - -Check for vwrite instead of read to avoid read being renamed by SSP issues - ---- atomicio.c.orig 2010-09-24 12:15:11.000000000 +0000 -+++ atomicio.c -@@ -57,7 +57,11 @@ atomicio6(ssize_t (*f) (int, void *, siz - struct pollfd pfd; - - pfd.fd = fd; -- pfd.events = f == read ? POLLIN : POLLOUT; -+ /* -+ * check for vwrite instead of read to avoid read being renamed -+ * by SSP issues -+ */ -+ pfd.events = f == vwrite ? POLLOUT : POLLIN; - while (n > pos) { - res = (f) (fd, s + pos, n - pos); - switch (res) { diff --git a/security/openssh/patches/patch-auth2.c b/security/openssh/patches/patch-auth2.c index b29ec88bbb9..488a3cb493b 100644 --- a/security/openssh/patches/patch-auth2.c +++ b/security/openssh/patches/patch-auth2.c @@ -1,10 +1,10 @@ -$NetBSD: patch-auth2.c,v 1.2 2013/12/01 06:11:41 taca Exp $ +$NetBSD: patch-auth2.c,v 1.3 2014/03/29 09:38:11 taca Exp $ Replace uid 0 with ROOTUID macro ---- auth2.c.orig 2013-06-01 21:41:51.000000000 +0000 +--- auth2.c.orig 2014-02-04 00:12:57.000000000 +0000 +++ auth2.c -@@ -310,7 +310,7 @@ userauth_finish(Authctxt *authctxt, int +@@ -301,7 +301,7 @@ userauth_finish(Authctxt *authctxt, int fatal("INTERNAL ERROR: authenticated and postponed"); /* Special handling for root */ diff --git a/security/openssh/patches/patch-config.h.in b/security/openssh/patches/patch-config.h.in index 0a42b1c0d5f..652655ab98a 100644 --- a/security/openssh/patches/patch-config.h.in +++ b/security/openssh/patches/patch-config.h.in @@ -1,20 +1,20 @@ -$NetBSD: patch-config.h.in,v 1.2 2013/12/01 06:11:41 taca Exp $ +$NetBSD: patch-config.h.in,v 1.3 2014/03/29 09:38:11 taca Exp $ Added Interix and define new path to if_tun.h ---- config.h.in.orig 2013-11-08 01:41:08.000000000 +0000 +--- config.h.in.orig 2014-03-13 02:18:56.000000000 +0000 +++ config.h.in -@@ -584,6 +584,9 @@ +@@ -636,6 +636,9 @@ /* define if you have int64_t data type */ #undef HAVE_INT64_T +/* Define if you are on Interix */ +#undef HAVE_INTERIX + - /* Define to 1 if you have the <inttypes.h> header file. */ - #undef HAVE_INTTYPES_H + /* Define to 1 if the system has the type `intmax_t'. */ + #undef HAVE_INTMAX_T -@@ -737,6 +740,9 @@ +@@ -792,6 +795,9 @@ /* Define to 1 if you have the <net/if_tun.h> header file. */ #undef HAVE_NET_IF_TUN_H diff --git a/security/openssh/patches/patch-configure b/security/openssh/patches/patch-configure index baf5d6f91a1..0cf7e1b321a 100644 --- a/security/openssh/patches/patch-configure +++ b/security/openssh/patches/patch-configure @@ -1,10 +1,10 @@ -$NetBSD: patch-configure,v 1.2 2013/12/01 06:11:41 taca Exp $ +$NetBSD: patch-configure,v 1.3 2014/03/29 09:38:11 taca Exp $ Various fixes regarding portability ---- configure.orig 2013-11-08 01:41:15.000000000 +0000 +--- configure.orig 2014-03-13 02:19:03.000000000 +0000 +++ configure -@@ -6159,6 +6159,9 @@ if test "${with_rpath+set}" = set; then +@@ -6500,6 +6500,9 @@ if test "${with_rpath+set}" = set; then fi @@ -14,7 +14,7 @@ Various fixes regarding portability # Allow user to specify flags # Check whether --with-cflags was given. -@@ -6243,6 +6246,7 @@ for ac_header in \ +@@ -6586,6 +6589,7 @@ for ac_header in \ maillock.h \ ndir.h \ net/if_tun.h \ @@ -22,7 +22,7 @@ Various fixes regarding portability netdb.h \ netgroup.h \ pam/pam_appl.h \ -@@ -6978,6 +6982,36 @@ $as_echo "#define HAVE_SECUREWARE 1" >>c +@@ -7369,6 +7373,36 @@ $as_echo "#define HAVE_SECUREWARE 1" >>c ;; esac ;; @@ -59,8 +59,8 @@ Various fixes regarding portability *-*-irix5*) PATH="$PATH:/usr/etc" -@@ -7179,7 +7213,7 @@ fi - $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h +@@ -7578,7 +7612,7 @@ $as_echo "#define BROKEN_STRNVIS 1" >>co + $as_echo "#define BROKEN_READ_COMPARISON 1" >>confdefs.h ;; -*-*-freebsd*) @@ -68,7 +68,7 @@ Various fixes regarding portability check_for_libcrypt_later=1 $as_echo "#define LOCKED_PASSWD_PREFIX \"*LOCKED*\"" >>confdefs.h -@@ -17406,12 +17440,18 @@ fi +@@ -18248,12 +18282,18 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test -z "$conf_wtmpx_location"; then if test x"$system_wtmpx_path" = x"no" ; then @@ -92,7 +92,7 @@ Various fixes regarding portability #define CONF_WTMPX_FILE "$conf_wtmpx_location" _ACEOF -@@ -18816,7 +18856,7 @@ echo "OpenSSH has been configured with t +@@ -19660,7 +19700,7 @@ echo "OpenSSH has been configured with t echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" diff --git a/security/openssh/patches/patch-configure.ac b/security/openssh/patches/patch-configure.ac index 0882d25aa7c..bbc2e3f7902 100644 --- a/security/openssh/patches/patch-configure.ac +++ b/security/openssh/patches/patch-configure.ac @@ -1,10 +1,10 @@ -$NetBSD: patch-configure.ac,v 1.2 2013/12/01 06:11:41 taca Exp $ +$NetBSD: patch-configure.ac,v 1.3 2014/03/29 09:38:11 taca Exp $ Various fixes regarding portability ---- configure.ac.orig 2013-08-04 11:48:41.000000000 +0000 +--- configure.ac.orig 2014-02-21 17:09:34.000000000 +0000 +++ configure.ac -@@ -246,6 +246,9 @@ AC_ARG_WITH([rpath], +@@ -275,6 +275,9 @@ AC_ARG_WITH([rpath], ] ) @@ -14,7 +14,7 @@ Various fixes regarding portability # Allow user to specify flags AC_ARG_WITH([cflags], [ --with-cflags Specify additional flags to pass to compiler], -@@ -315,6 +318,7 @@ AC_CHECK_HEADERS([ \ +@@ -346,6 +349,7 @@ AC_CHECK_HEADERS([ \ maillock.h \ ndir.h \ net/if_tun.h \ @@ -22,7 +22,7 @@ Various fixes regarding portability netdb.h \ netgroup.h \ pam/pam_appl.h \ -@@ -618,6 +622,15 @@ main() { if (NSVersionOfRunTimeLibrary(" +@@ -655,6 +659,15 @@ main() { if (NSVersionOfRunTimeLibrary(" ;; esac ;; @@ -38,7 +38,7 @@ Various fixes regarding portability *-*-irix5*) PATH="$PATH:/usr/etc" AC_DEFINE([BROKEN_INET_NTOA], [1], -@@ -4500,9 +4513,17 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +@@ -4731,9 +4744,17 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ ]) if test -z "$conf_wtmpx_location"; then if test x"$system_wtmpx_path" = x"no" ; then @@ -58,7 +58,7 @@ Various fixes regarding portability AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], [Define if you want to specify the path to your wtmpx file]) fi -@@ -4588,7 +4609,7 @@ echo "OpenSSH has been configured with t +@@ -4820,7 +4841,7 @@ echo "OpenSSH has been configured with t echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" diff --git a/security/openssh/patches/patch-defines.h b/security/openssh/patches/patch-defines.h index dcc7b09031b..415fbbea741 100644 --- a/security/openssh/patches/patch-defines.h +++ b/security/openssh/patches/patch-defines.h @@ -1,8 +1,8 @@ -$NetBSD: patch-defines.h,v 1.1 2013/05/01 19:58:26 imil Exp $ +$NetBSD: patch-defines.h,v 1.2 2014/03/29 09:38:11 taca Exp $ Define ROOTUID, UTMPX_FILE and WTMPX_FILE ---- defines.h.orig 2013-03-07 09:06:13.000000000 +0000 +--- defines.h.orig 2014-01-17 13:12:38.000000000 +0000 +++ defines.h @@ -30,6 +30,15 @@ @@ -20,7 +20,7 @@ Define ROOTUID, UTMPX_FILE and WTMPX_FILE #if defined(HAVE_DECL_SHUT_RD) && HAVE_DECL_SHUT_RD == 0 enum { -@@ -695,6 +704,24 @@ struct winsize { +@@ -708,6 +717,24 @@ struct winsize { # endif # endif #endif diff --git a/security/openssh/patches/patch-loginrec.c b/security/openssh/patches/patch-loginrec.c index 7174741255a..503e4e85bd4 100644 --- a/security/openssh/patches/patch-loginrec.c +++ b/security/openssh/patches/patch-loginrec.c @@ -1,10 +1,10 @@ -$NetBSD: patch-loginrec.c,v 1.1 2013/05/01 19:58:26 imil Exp $ +$NetBSD: patch-loginrec.c,v 1.2 2014/03/29 09:38:11 taca Exp $ Interix support and related fixes ---- loginrec.c.orig 2013-02-22 22:12:24.000000000 +0000 +--- loginrec.c.orig 2014-01-17 01:23:24.000000000 +0000 +++ loginrec.c -@@ -429,8 +429,8 @@ login_set_addr(struct logininfo *li, con +@@ -432,8 +432,8 @@ login_set_addr(struct logininfo *li, con int login_write(struct logininfo *li) { @@ -15,7 +15,7 @@ Interix support and related fixes logit("Attempt to write login records by non-root user (aborting)"); return (1); } -@@ -438,7 +438,7 @@ login_write(struct logininfo *li) +@@ -441,7 +441,7 @@ login_write(struct logininfo *li) /* set the timestamp */ login_set_current_time(li); @@ -24,7 +24,7 @@ Interix support and related fixes syslogin_write_entry(li); #endif #ifdef USE_LASTLOG -@@ -622,7 +622,7 @@ line_abbrevname(char *dst, const char *s +@@ -625,7 +625,7 @@ line_abbrevname(char *dst, const char *s ** into account. **/ @@ -33,7 +33,7 @@ Interix support and related fixes /* build the utmp structure */ void -@@ -759,10 +759,6 @@ construct_utmpx(struct logininfo *li, st +@@ -762,10 +762,6 @@ construct_utmpx(struct logininfo *li, st set_utmpx_time(li, utx); utx->ut_pid = li->pid; @@ -44,7 +44,7 @@ Interix support and related fixes if (li->type == LTYPE_LOGOUT) return; -@@ -771,6 +767,8 @@ construct_utmpx(struct logininfo *li, st +@@ -774,6 +770,8 @@ construct_utmpx(struct logininfo *li, st * for logouts. */ @@ -53,7 +53,7 @@ Interix support and related fixes # ifdef HAVE_HOST_IN_UTMPX strncpy(utx->ut_host, li->hostname, MIN_SIZEOF(utx->ut_host, li->hostname)); -@@ -1406,7 +1404,7 @@ wtmpx_get_entry(struct logininfo *li) +@@ -1409,7 +1407,7 @@ wtmpx_get_entry(struct logininfo *li) ** Low-level libutil login() functions **/ diff --git a/security/openssh/patches/patch-openbsd-compat_openbsd-compat.h b/security/openssh/patches/patch-openbsd-compat_openbsd-compat.h index f2f7b417dbc..6fa9688c401 100644 --- a/security/openssh/patches/patch-openbsd-compat_openbsd-compat.h +++ b/security/openssh/patches/patch-openbsd-compat_openbsd-compat.h @@ -1,10 +1,10 @@ -$NetBSD: patch-openbsd-compat_openbsd-compat.h,v 1.1 2013/05/01 19:58:26 imil Exp $ +$NetBSD: patch-openbsd-compat_openbsd-compat.h,v 1.2 2014/03/29 09:38:11 taca Exp $ strtoll() declaration ---- openbsd-compat/openbsd-compat.h.orig 2013-02-15 01:20:42.000000000 +0000 +--- openbsd-compat/openbsd-compat.h.orig 2014-02-04 00:18:23.000000000 +0000 +++ openbsd-compat/openbsd-compat.h -@@ -83,6 +83,10 @@ size_t strlcat(char *dst, const char *sr +@@ -84,6 +84,10 @@ size_t strlcat(char *dst, const char *sr int setenv(register const char *name, register const char *value, int rewrite); #endif diff --git a/security/openssh/patches/patch-platform.c b/security/openssh/patches/patch-platform.c index 65c1a2c7680..78f8921152b 100644 --- a/security/openssh/patches/patch-platform.c +++ b/security/openssh/patches/patch-platform.c @@ -1,10 +1,10 @@ -$NetBSD: patch-platform.c,v 1.2 2013/05/01 19:58:26 imil Exp $ +$NetBSD: patch-platform.c,v 1.3 2014/03/29 09:38:11 taca Exp $ Interix support ---- platform.c.orig 2013-03-12 00:31:05.000000000 +0000 +--- platform.c.orig 2014-01-21 01:59:29.000000000 +0000 +++ platform.c -@@ -81,7 +81,9 @@ platform_privileged_uidswap(void) +@@ -89,7 +89,9 @@ platform_privileged_uidswap(void) /* uid 0 is not special on Cygwin so always try */ return 1; #else diff --git a/security/openssh/patches/patch-session.c b/security/openssh/patches/patch-session.c index aaa276b6948..8a89c5635c7 100644 --- a/security/openssh/patches/patch-session.c +++ b/security/openssh/patches/patch-session.c @@ -1,10 +1,10 @@ -$NetBSD: patch-session.c,v 1.2 2013/12/01 06:11:41 taca Exp $ +$NetBSD: patch-session.c,v 1.3 2014/03/29 09:38:11 taca Exp $ Interix support ---- session.c.orig 2013-07-20 03:21:53.000000000 +0000 +--- session.c.orig 2014-03-03 22:35:17.000000000 +0000 +++ session.c -@@ -1081,7 +1081,7 @@ read_etc_default_login(char ***env, u_in +@@ -1109,7 +1109,7 @@ read_etc_default_login(char ***env, u_in if (tmpenv == NULL) return; @@ -13,7 +13,7 @@ Interix support var = child_get_env(tmpenv, "SUPATH"); else var = child_get_env(tmpenv, "PATH"); -@@ -1190,7 +1190,7 @@ do_setup_env(Session *s, const char *she +@@ -1218,7 +1218,7 @@ do_setup_env(Session *s, const char *she # endif /* HAVE_ETC_DEFAULT_LOGIN */ if (path == NULL || *path == '\0') { child_set_env(&env, &envsize, "PATH", @@ -22,7 +22,7 @@ Interix support SUPERUSER_PATH : _PATH_STDPATH); } # endif /* HAVE_CYGWIN */ -@@ -1304,6 +1304,18 @@ do_setup_env(Session *s, const char *she +@@ -1332,6 +1332,18 @@ do_setup_env(Session *s, const char *she strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); read_environment_file(&env, &envsize, buf); } @@ -41,7 +41,7 @@ Interix support if (debug_flag) { /* dump the environment */ fprintf(stderr, "Environment:\n"); -@@ -1494,11 +1506,13 @@ do_setusercontext(struct passwd *pw) +@@ -1522,11 +1534,13 @@ do_setusercontext(struct passwd *pw) perror("setgid"); exit(1); } @@ -55,7 +55,7 @@ Interix support endgrent(); #endif -@@ -2325,7 +2339,7 @@ session_pty_cleanup2(Session *s) +@@ -2358,7 +2372,7 @@ session_pty_cleanup2(Session *s) record_logout(s->pid, s->tty, s->pw->pw_name); /* Release the pseudo-tty. */ diff --git a/security/openssh/patches/patch-sftp-common.c b/security/openssh/patches/patch-sftp-common.c index 28fd5a959d5..80d7f87e721 100644 --- a/security/openssh/patches/patch-sftp-common.c +++ b/security/openssh/patches/patch-sftp-common.c @@ -1,10 +1,10 @@ -$NetBSD: patch-sftp-common.c,v 1.1 2013/12/01 06:11:41 taca Exp $ +$NetBSD: patch-sftp-common.c,v 1.2 2014/03/29 09:38:11 taca Exp $ Include <unistd.h> for strmode(3). ---- sftp-common.c.orig 2013-06-01 21:31:19.000000000 +0000 +--- sftp-common.c.orig 2014-01-09 23:40:45.000000000 +0000 +++ sftp-common.c -@@ -36,6 +36,9 @@ +@@ -37,6 +37,9 @@ #include <string.h> #include <time.h> #include <stdarg.h> diff --git a/security/openssh/patches/patch-ssh.c b/security/openssh/patches/patch-ssh.c index 596b2ee4dfa..9dc62196d23 100644 --- a/security/openssh/patches/patch-ssh.c +++ b/security/openssh/patches/patch-ssh.c @@ -1,15 +1,15 @@ -$NetBSD: patch-ssh.c,v 1.2 2013/12/01 06:11:41 taca Exp $ +$NetBSD: patch-ssh.c,v 1.3 2014/03/29 09:38:11 taca Exp $ Interix support ---- ssh.c.orig 2013-07-25 01:55:53.000000000 +0000 +--- ssh.c.orig 2014-02-26 23:17:13.000000000 +0000 +++ ssh.c -@@ -820,7 +820,7 @@ main(int ac, char **av) - if (ssh_connect(host, &hostaddr, options.port, - options.address_family, options.connection_attempts, &timeout_ms, - options.tcp_keep_alive, --#ifdef HAVE_CYGWIN +@@ -943,7 +943,7 @@ main(int ac, char **av) + strcmp(options.proxy_command, "-") == 0 && + options.proxy_use_fdpass) + fatal("ProxyCommand=- and ProxyUseFDPass are incompatible"); +-#ifndef HAVE_CYGWIN +#if defined(HAVE_CYGWIN) || defined(HAVE_INTERIX) - options.use_privileged_port, - #else - original_effective_uid == 0 && options.use_privileged_port, + if (original_effective_uid != 0) + options.use_privileged_port = 0; + #endif diff --git a/security/openssh/patches/patch-sshd.c b/security/openssh/patches/patch-sshd.c index c7f3f20daf5..fd49eafbe09 100644 --- a/security/openssh/patches/patch-sshd.c +++ b/security/openssh/patches/patch-sshd.c @@ -1,8 +1,8 @@ -$NetBSD: patch-sshd.c,v 1.2 2013/12/01 06:11:41 taca Exp $ +$NetBSD: patch-sshd.c,v 1.3 2014/03/29 09:38:11 taca Exp $ Interix support ---- sshd.c.orig 2013-07-20 03:21:53.000000000 +0000 +--- sshd.c.orig 2014-02-26 23:20:08.000000000 +0000 +++ sshd.c @@ -243,7 +243,11 @@ int *startup_pipes = NULL; int startup_pipe; /* in child */ @@ -16,7 +16,7 @@ Interix support struct monitor *pmonitor = NULL; int privsep_is_preauth = 1; -@@ -631,10 +635,15 @@ privsep_preauth_child(void) +@@ -646,10 +650,15 @@ privsep_preauth_child(void) /* XXX not ready, too heavy after chroot */ do_setusercontext(privsep_pw); #else @@ -32,7 +32,7 @@ Interix support #endif } -@@ -696,7 +705,7 @@ privsep_preauth(Authctxt *authctxt) +@@ -711,7 +720,7 @@ privsep_preauth(Authctxt *authctxt) set_log_handler(mm_log_handler, pmonitor); /* Demote the child */ @@ -41,7 +41,7 @@ Interix support privsep_preauth_child(); setproctitle("%s", "[net]"); if (box != NULL) -@@ -714,7 +723,7 @@ privsep_postauth(Authctxt *authctxt) +@@ -729,7 +738,7 @@ privsep_postauth(Authctxt *authctxt) #ifdef DISABLE_FD_PASSING if (1) { #else @@ -50,7 +50,7 @@ Interix support #endif /* File descriptor passing is broken or root login */ use_privsep = 0; -@@ -1390,8 +1399,10 @@ main(int ac, char **av) +@@ -1413,8 +1422,10 @@ main(int ac, char **av) av = saved_argv; #endif @@ -62,7 +62,7 @@ Interix support /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); -@@ -1790,7 +1801,7 @@ main(int ac, char **av) +@@ -1815,7 +1826,7 @@ main(int ac, char **av) (st.st_uid != getuid () || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) #else @@ -71,7 +71,7 @@ Interix support #endif fatal("%s must be owned by root and not group or " "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); -@@ -1813,8 +1824,10 @@ main(int ac, char **av) +@@ -1838,8 +1849,10 @@ main(int ac, char **av) * to create a file, and we can't control the code in every * module which might be used). */ diff --git a/security/openssh/patches/patch-uidswap.c b/security/openssh/patches/patch-uidswap.c index 3b6b85473db..d28e7300566 100644 --- a/security/openssh/patches/patch-uidswap.c +++ b/security/openssh/patches/patch-uidswap.c @@ -1,10 +1,10 @@ -$NetBSD: patch-uidswap.c,v 1.2 2013/12/01 06:11:41 taca Exp $ +$NetBSD: patch-uidswap.c,v 1.3 2014/03/29 09:38:11 taca Exp $ Interix support ---- uidswap.c.orig 2013-06-01 22:07:32.000000000 +0000 +--- uidswap.c.orig 2014-01-18 09:43:50.000000000 +0000 +++ uidswap.c -@@ -66,13 +66,13 @@ temporarily_use_uid(struct passwd *pw) +@@ -67,13 +67,13 @@ temporarily_use_uid(struct passwd *pw) (u_int)pw->pw_uid, (u_int)pw->pw_gid, (u_int)saved_euid, (u_int)saved_egid); #ifndef HAVE_CYGWIN @@ -20,7 +20,7 @@ Interix support privileged = 0; return; } -@@ -95,9 +95,11 @@ temporarily_use_uid(struct passwd *pw) +@@ -96,9 +96,11 @@ temporarily_use_uid(struct passwd *pw) /* set and save the user's groups */ if (user_groupslen == -1) { @@ -32,7 +32,7 @@ Interix support user_groupslen = getgroups(0, NULL); if (user_groupslen < 0) -@@ -111,9 +113,11 @@ temporarily_use_uid(struct passwd *pw) +@@ -112,9 +114,11 @@ temporarily_use_uid(struct passwd *pw) free(user_groups); } } @@ -44,7 +44,7 @@ Interix support #ifndef SAVED_IDS_WORK_WITH_SETEUID /* Propagate the privileged gid to all of our gids. */ if (setgid(getegid()) < 0) -@@ -184,8 +188,10 @@ restore_uid(void) +@@ -187,8 +191,10 @@ restore_uid(void) setgid(getgid()); #endif /* SAVED_IDS_WORK_WITH_SETEUID */ @@ -55,7 +55,7 @@ Interix support temporarily_use_uid_effective = 0; } -@@ -206,6 +212,10 @@ permanently_set_uid(struct passwd *pw) +@@ -211,6 +217,10 @@ permanently_set_uid(struct passwd *pw) debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); @@ -66,7 +66,7 @@ Interix support if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); -@@ -242,6 +252,7 @@ permanently_set_uid(struct passwd *pw) +@@ -247,6 +257,7 @@ permanently_set_uid(struct passwd *pw) (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) fatal("%s: was able to restore old [e]uid", __func__); #endif |