summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authortron <tron>1998-11-04 23:43:39 +0000
committertron <tron>1998-11-04 23:43:39 +0000
commit4f3995498e3c4db1258356cb81ac7e530c52de10 (patch)
treea9808c6b8c5018d3f014c4e510cad9960a47221c /security
parent4bc9beecc2e4698abdf969d2af2d976117c97496 (diff)
downloadpkgsrc-4f3995498e3c4db1258356cb81ac7e530c52de10.tar.gz
Add necessary security patches from PR pkg/6392 by Wolfgang Rupprecht
and convert old patch files to unified output format.
Diffstat (limited to 'security')
-rw-r--r--security/ssh/patches/patch-ab139
-rw-r--r--security/ssh/patches/patch-ae33
-rw-r--r--security/ssh/patches/patch-ag58
-rw-r--r--security/ssh/patches/patch-ah22
-rw-r--r--security/ssh/patches/patch-ai13
-rw-r--r--security/ssh/patches/patch-aj107
-rw-r--r--security/ssh/patches/patch-ak7
-rw-r--r--security/ssh/patches/patch-ao108
8 files changed, 246 insertions, 241 deletions
diff --git a/security/ssh/patches/patch-ab b/security/ssh/patches/patch-ab
index d0f4258e7c7..0d42a7178e9 100644
--- a/security/ssh/patches/patch-ab
+++ b/security/ssh/patches/patch-ab
@@ -1,87 +1,54 @@
-$NetBSD: patch-ab,v 1.4 1998/08/07 11:13:49 agc Exp $
+$NetBSD: patch-ab,v 1.5 1998/11/04 23:43:39 tron Exp $
-Index: configure
-*** configure.orig Tue Jan 20 05:24:14 1998
---- configure Sat Jan 24 19:04:05 1998
-***************
-*** 1759,1770 ****
-
- export CFLAGS CC
-
-- # Socket pairs appear to be broken on several systems. I don't know exactly
-- # where, so I'll use pipes everywhere for now.
-- cat >> confdefs.h <<\EOF
-- #define USE_PIPES 1
-- EOF
--
-
- echo $ac_n "checking that the compiler works""... $ac_c" 1>&6
- echo "configure:1771: checking that the compiler works" >&5
---- 1759,1764 ----
-***************
-*** 6853,6867 ****
- case "$enableval" in
- no)
- echo "$ac_t""no" 1>&6
-! SSHINSTALLMODE=0711
- ;;
- *) echo "$ac_t""yes" 1>&6
-! SSHINSTALLMODE=04711
- ;;
- esac
- else
- echo "$ac_t""yes" 1>&6
-! SSHINSTALLMODE=04711
-
- fi
-
---- 6847,6861 ----
- case "$enableval" in
- no)
- echo "$ac_t""no" 1>&6
-! SSHINSTALLMODE=0511
- ;;
- *) echo "$ac_t""yes" 1>&6
-! SSHINSTALLMODE=04511
- ;;
- esac
- else
- echo "$ac_t""yes" 1>&6
-! SSHINSTALLMODE=04511
-
- fi
-
-***************
-*** 7013,7019 ****
- ac_given_srcdir=$srcdir
- ac_given_INSTALL="$INSTALL"
-
-! trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
- EOF
- cat >> $CONFIG_STATUS <<EOF
-
---- 7007,7013 ----
- ac_given_srcdir=$srcdir
- ac_given_INSTALL="$INSTALL"
-
-! trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
- EOF
- cat >> $CONFIG_STATUS <<EOF
-
-***************
-*** 7118,7124 ****
-
- cat >> $CONFIG_STATUS <<EOF
-
-! CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile"}
- EOF
- cat >> $CONFIG_STATUS <<\EOF
- for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
---- 7112,7118 ----
-
- cat >> $CONFIG_STATUS <<EOF
-
-! CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile"}
- EOF
- cat >> $CONFIG_STATUS <<\EOF
- for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
+--- configure.orig Wed Jul 8 18:41:14 1998
++++ configure Thu Nov 5 00:28:07 1998
+@@ -1996,12 +1996,6 @@
+
+ export CFLAGS CC
+
+-# Socket pairs appear to be broken on several systems. I don't know exactly
+-# where, so I'll use pipes everywhere for now.
+-cat >> confdefs.h <<\EOF
+-#define USE_PIPES 1
+-EOF
+-
+
+ echo $ac_n "checking that the compiler works""... $ac_c" 1>&6
+ echo "configure:2008: checking that the compiler works" >&5
+@@ -7344,15 +7338,15 @@
+ case "$enableval" in
+ no)
+ echo "$ac_t""no" 1>&6
+- SSHINSTALLMODE=0711
++ SSHINSTALLMODE=0511
+ ;;
+ *) echo "$ac_t""yes" 1>&6
+- SSHINSTALLMODE=04711
++ SSHINSTALLMODE=04511
+ ;;
+ esac
+ else
+ echo "$ac_t""yes" 1>&6
+- SSHINSTALLMODE=04711
++ SSHINSTALLMODE=04511
+
+ fi
+
+@@ -7632,7 +7626,7 @@
+ ac_given_srcdir=$srcdir
+ ac_given_INSTALL="$INSTALL"
+
+-trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
++trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
+ EOF
+ cat >> $CONFIG_STATUS <<EOF
+
+@@ -7740,7 +7734,7 @@
+
+ cat >> $CONFIG_STATUS <<EOF
+
+-CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile"}
++CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile"}
+ EOF
+ cat >> $CONFIG_STATUS <<\EOF
+ for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
diff --git a/security/ssh/patches/patch-ae b/security/ssh/patches/patch-ae
index a4dfede0a64..2c5b1b26071 100644
--- a/security/ssh/patches/patch-ae
+++ b/security/ssh/patches/patch-ae
@@ -1,22 +1,13 @@
-$NetBSD: patch-ae,v 1.4 1998/08/07 11:13:49 agc Exp $
+$NetBSD: patch-ae,v 1.5 1998/11/04 23:43:39 tron Exp $
-Index: server_config.sample
-*** server_config.sample.orig Tue Jan 20 05:20:14 1998
---- server_config.sample Tue Jan 20 20:40:35 1998
-***************
-*** 16,22 ****
- FascistLogging no
- PrintMotd yes
- KeepAlive yes
-! SyslogFacility DAEMON
- RhostsAuthentication no
- RhostsRSAAuthentication yes
- RSAAuthentication yes
---- 16,22 ----
- FascistLogging no
- PrintMotd yes
- KeepAlive yes
-! SyslogFacility AUTH
- RhostsAuthentication no
- RhostsRSAAuthentication yes
- RSAAuthentication yes
+--- server_config.sample.orig Wed Jul 8 18:40:08 1998
++++ server_config.sample Thu Nov 5 00:28:07 1998
+@@ -16,7 +16,7 @@
+ FascistLogging no
+ PrintMotd yes
+ KeepAlive yes
+-SyslogFacility DAEMON
++SyslogFacility AUTH
+ RhostsAuthentication no
+ RhostsRSAAuthentication yes
+ RSAAuthentication yes
diff --git a/security/ssh/patches/patch-ag b/security/ssh/patches/patch-ag
new file mode 100644
index 00000000000..277a1842559
--- /dev/null
+++ b/security/ssh/patches/patch-ag
@@ -0,0 +1,58 @@
+$NetBSD: patch-ag,v 1.1 1998/11/04 23:43:39 tron Exp $
+
+--- log-server.c.orig Wed Jul 8 18:40:36 1998
++++ log-server.c Thu Nov 5 00:31:23 1998
+@@ -134,7 +134,7 @@
+ if (log_quiet)
+ return;
+ va_start(args, fmt);
+- vsprintf(buf, fmt, args);
++ vsnprintf(buf, sizeof(buf), fmt, args);
+ va_end(args);
+ if (log_on_stderr)
+ fprintf(stderr, "log: %s\n", buf);
+@@ -175,7 +175,7 @@
+ if (log_quiet)
+ return;
+ va_start(args, fmt);
+- vsprintf(buf, fmt, args);
++ vsnprintf(buf, sizeof(buf), fmt, args);
+ va_end(args);
+ if (log_on_stderr)
+ fprintf(stderr, "log: %s\n", buf);
+@@ -191,7 +191,7 @@
+ if (!log_debug || log_quiet)
+ return;
+ va_start(args, fmt);
+- vsprintf(buf, fmt, args);
++ vsnprintf(buf, sizeof(buf), fmt, args);
+ va_end(args);
+ if (log_on_stderr)
+ fprintf(stderr, "debug: %s\n", buf);
+@@ -207,7 +207,7 @@
+ if (log_quiet)
+ return;
+ va_start(args, fmt);
+- vsprintf(buf, fmt, args);
++ vsnprintf(buf, sizeof(buf), fmt, args);
+ va_end(args);
+ if (log_on_stderr)
+ fprintf(stderr, "error: %s\n", buf);
+@@ -302,7 +302,7 @@
+ if (log_quiet)
+ exit(1);
+ va_start(args, fmt);
+- vsprintf(buf, fmt, args);
++ vsnprintf(buf, sizeof(buf), fmt, args);
+ va_end(args);
+ if (log_on_stderr)
+ fprintf(stderr, "fatal: %s\n", buf);
+@@ -321,7 +321,7 @@
+ if (log_quiet)
+ exit(1);
+ va_start(args, fmt);
+- vsprintf(buf, fmt, args);
++ vsnprintf(buf, sizeof(buf), fmt, args);
+ va_end(args);
+ if (log_on_stderr)
+ fprintf(stderr, "fatal: %s\n", buf);
diff --git a/security/ssh/patches/patch-ah b/security/ssh/patches/patch-ah
new file mode 100644
index 00000000000..c4f5e678347
--- /dev/null
+++ b/security/ssh/patches/patch-ah
@@ -0,0 +1,22 @@
+$NetBSD: patch-ah,v 1.3 1998/11/04 23:43:39 tron Exp $
+
+--- packet.c.orig Wed Jul 8 18:40:37 1998
++++ packet.c Thu Nov 5 00:31:23 1998
+@@ -693,7 +693,7 @@
+ va_list args;
+
+ va_start(args, fmt);
+- vsprintf(buf, fmt, args);
++ vsnprintf(buf, sizeof(buf), fmt, args);
+ va_end(args);
+
+ packet_start(SSH_MSG_DEBUG);
+@@ -719,7 +719,7 @@
+ /* Format the message. Note that the caller must make sure the message
+ is of limited size. */
+ va_start(args, fmt);
+- vsprintf(buf, fmt, args);
++ vsnprintf(buf, sizeof(buf), fmt, args);
+ va_end(args);
+
+ /* Send the disconnect message to the other side, and wait for it to get
diff --git a/security/ssh/patches/patch-ai b/security/ssh/patches/patch-ai
new file mode 100644
index 00000000000..fc25e8162d6
--- /dev/null
+++ b/security/ssh/patches/patch-ai
@@ -0,0 +1,13 @@
+$NetBSD: patch-ai,v 1.3 1998/11/04 23:43:39 tron Exp $
+
+--- scp.c.orig Wed Jul 8 18:40:38 1998
++++ scp.c Thu Nov 5 00:31:23 1998
+@@ -332,7 +332,7 @@
+ char buf[1024];
+
+ va_start(ap, fmt);
+- vsprintf(buf, fmt, ap);
++ vsnprintf(buf, sizeof(buf), fmt, ap);
+ va_end(ap);
+ fprintf(stderr, "%s\n", buf);
+ exit(255);
diff --git a/security/ssh/patches/patch-aj b/security/ssh/patches/patch-aj
index 36f0d3d67dd..2a19ec9b0da 100644
--- a/security/ssh/patches/patch-aj
+++ b/security/ssh/patches/patch-aj
@@ -1,68 +1,41 @@
-$NetBSD: patch-aj,v 1.4 1998/08/07 11:13:50 agc Exp $
+$NetBSD: patch-aj,v 1.5 1998/11/04 23:43:39 tron Exp $
-Index: configure.in
-*** configure.in.orig Tue Jan 20 05:24:14 1998
---- configure.in Sat Jan 24 19:05:51 1998
-***************
-*** 635,643 ****
-
- export CFLAGS CC
-
-! # Socket pairs appear to be broken on several systems. I don't know exactly
-! # where, so I'll use pipes everywhere for now.
-! AC_DEFINE(USE_PIPES)
-
- AC_MSG_CHECKING([that the compiler works])
- AC_TRY_RUN([ main(int ac, char **av) { return 0; } ],
---- 635,643 ----
-
- export CFLAGS CC
-
-! dnl # Socket pairs appear to be broken on several systems. I don't know exactly
-! dnl # where, so I'll use pipes everywhere for now.
-! dnl AC_DEFINE(USE_PIPES)
-
- AC_MSG_CHECKING([that the compiler works])
- AC_TRY_RUN([ main(int ac, char **av) { return 0; } ],
-***************
-*** 1506,1519 ****
- [ case "$enableval" in
- no)
- AC_MSG_RESULT(no)
-! SSHINSTALLMODE=0711
- ;;
- *) AC_MSG_RESULT(yes)
-! SSHINSTALLMODE=04711
- ;;
- esac ],
- AC_MSG_RESULT(yes)
-! SSHINSTALLMODE=04711
- )
-
- # We include this here only to make it visible in --help; this is only used
---- 1506,1519 ----
- [ case "$enableval" in
- no)
- AC_MSG_RESULT(no)
-! SSHINSTALLMODE=0511
- ;;
- *) AC_MSG_RESULT(yes)
-! SSHINSTALLMODE=04511
- ;;
- esac ],
- AC_MSG_RESULT(yes)
-! SSHINSTALLMODE=04511
- )
-
- # We include this here only to make it visible in --help; this is only used
-***************
-*** 1539,1542 ****
- AC_SUBST(CONFOBJS)
- AC_SUBST(SSHINSTALLMODE)
-
-! AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile)
---- 1539,1542 ----
- AC_SUBST(CONFOBJS)
- AC_SUBST(SSHINSTALLMODE)
-
-! AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile)
+--- configure.in.orig Wed Jul 8 18:41:10 1998
++++ configure.in Thu Nov 5 00:28:07 1998
+@@ -317,9 +317,9 @@
+
+ export CFLAGS CC
+
+-# Socket pairs appear to be broken on several systems. I don't know exactly
+-# where, so I'll use pipes everywhere for now.
+-AC_DEFINE(USE_PIPES)
++dnl # Socket pairs appear to be broken on several systems. I don't know exactly
++dnl # where, so I'll use pipes everywhere for now.
++dnl AC_DEFINE(USE_PIPES)
+
+ AC_MSG_CHECKING([that the compiler works])
+ AC_TRY_RUN([ main(int ac, char **av) { return 0; } ],
+@@ -1236,14 +1236,14 @@
+ [ case "$enableval" in
+ no)
+ AC_MSG_RESULT(no)
+- SSHINSTALLMODE=0711
++ SSHINSTALLMODE=0511
+ ;;
+ *) AC_MSG_RESULT(yes)
+- SSHINSTALLMODE=04711
++ SSHINSTALLMODE=04511
+ ;;
+ esac ],
+ AC_MSG_RESULT(yes)
+- SSHINSTALLMODE=04711
++ SSHINSTALLMODE=04511
+ )
+
+ AC_MSG_CHECKING(whether to enable TCP_NODELAY)
+@@ -1345,4 +1345,4 @@
+ AC_SUBST(SSHDCONFOBJS)
+ AC_SUBST(SSHINSTALLMODE)
+
+-AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile)
++AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile)
diff --git a/security/ssh/patches/patch-ak b/security/ssh/patches/patch-ak
new file mode 100644
index 00000000000..cbfad0c79fb
--- /dev/null
+++ b/security/ssh/patches/patch-ak
@@ -0,0 +1,7 @@
+$NetBSD: patch-ak,v 1.1 1998/11/04 23:43:39 tron Exp $
+
+--- version.h.orig Wed Jul 8 18:40:39 1998
++++ version.h Thu Nov 5 00:31:23 1998
+@@ -1 +1 @@
+-#define SSH_VERSION "1.2.26"
++#define SSH_VERSION "1.2.26-vsnprintf-patched"
diff --git a/security/ssh/patches/patch-ao b/security/ssh/patches/patch-ao
index 3fde5a9a4d3..a0e68db46be 100644
--- a/security/ssh/patches/patch-ao
+++ b/security/ssh/patches/patch-ao
@@ -1,68 +1,42 @@
-$NetBSD: patch-ao,v 1.5 1998/08/07 11:13:50 agc Exp $
+$NetBSD: patch-ao,v 1.6 1998/11/04 23:43:39 tron Exp $
-*** newchannels.c.orig Tue Jan 20 07:24:06 1998
---- newchannels.c Wed Mar 18 20:44:26 1998
-***************
-*** 241,247 ****
- #include "authfd.h"
- #include "emulate.h"
- #include "servconf.h"
-! #ifdef LIBWRAP
- #include <tcpd.h>
- #include <syslog.h>
- #ifdef NEED_SYS_SYSLOG_H
---- 241,247 ----
- #include "authfd.h"
- #include "emulate.h"
- #include "servconf.h"
-! #if defined(LIBWRAP) && defined(LIBWRAP_FWD)
- #include <tcpd.h>
- #include <syslog.h>
- #ifdef NEED_SYS_SYSLOG_H
-***************
-*** 881,887 ****
- sprintf(buf, "X11 connection from %.200s port %d",
- remote_hostname, get_peer_port(newsock));
- xfree(remote_hostname);
-! #ifdef LIBWRAP
- {
- struct request_info req;
- struct servent *serv;
---- 881,887 ----
- sprintf(buf, "X11 connection from %.200s port %d",
- remote_hostname, get_peer_port(newsock));
- xfree(remote_hostname);
-! #if defined(LIBWRAP) && defined(LIBWRAP_FWD)
- {
- struct request_info req;
- struct servent *serv;
-***************
-*** 932,938 ****
- ch->listening_port, remote_hostname,
- get_peer_port(newsock));
- xfree(remote_hostname);
-! #ifdef LIBWRAP
- {
- struct request_info req;
- struct servent *serv;
---- 932,938 ----
- ch->listening_port, remote_hostname,
- get_peer_port(newsock));
- xfree(remote_hostname);
-! #if defined(LIBWRAP) && defined(LIBWRAP_FWD)
- {
- struct request_info req;
- struct servent *serv;
-***************
-*** 2324,2329 ****
---- 2324,2333 ----
- ssh-agent connections on your system */
- old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
-
-+ /* Make sure the socket doesn't already exist, left over from a system
-+ crash perhaps. */
-+ unlink(channel_forwarded_auth_socket_name);
-+
- if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0)
- packet_disconnect("Agent socket bind failed: %.100s", strerror(errno));
-
+--- newchannels.c.orig Wed Jul 8 18:40:36 1998
++++ newchannels.c Thu Nov 5 00:28:07 1998
+@@ -263,7 +263,7 @@
+ #include "authfd.h"
+ #include "emulate.h"
+ #include "servconf.h"
+-#ifdef LIBWRAP
++#if defined(LIBWRAP) && defined(LIBWRAP_FWD)
+ #include <tcpd.h>
+ #include <syslog.h>
+ #ifdef NEED_SYS_SYSLOG_H
+@@ -923,7 +923,7 @@
+ sprintf(buf, "X11 connection from %.200s port %d",
+ remote_hostname, get_peer_port(newsock));
+ xfree(remote_hostname);
+-#ifdef LIBWRAP
++#if defined(LIBWRAP) && defined(LIBWRAP_FWD)
+ {
+ struct request_info req;
+ struct servent *serv;
+@@ -974,7 +974,7 @@
+ ch->listening_port, remote_hostname,
+ get_peer_port(newsock));
+ xfree(remote_hostname);
+-#ifdef LIBWRAP
++#if defined(LIBWRAP) && defined(LIBWRAP_FWD)
+ {
+ struct request_info req;
+ struct servent *serv;
+@@ -2388,6 +2388,10 @@
+ ssh-agent connections on your system */
+ old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
+
++ /* Make sure the socket doesn't already exist, left over from a system
++ crash perhaps. */
++ unlink(channel_forwarded_auth_socket_name);
++
+ if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0)
+ packet_disconnect("Agent socket bind failed: %.100s", strerror(errno));
+