Update openssh package to 5.8.1 (5.8p1).

For changes from 5.5 to 5.7, please refer http://openssh.com/txt/release-5.7 and http://openssh.com/txt/release-5.6 in detail. Changes since OpenSSH 5.7 ========================= Security: * Fix vulnerability in legacy certificate signing introduced in OpenSSH-5.6 and found by Mateusz Kocielski. Legacy certificates signed by OpenSSH 5.6 or 5.7 included data from the stack in place of a random nonce field. The contents of the stack do not appear to contain private data at this point, but this cannot be stated with certainty for all platform, library and compiler combinations. In particular, there exists a risk that some bytes from the privileged CA key may be accidentally included. A full advisory for this issue is available at: http://www.openssh.com/txt/legacy-cert.adv Portable OpenSSH Bugfixes: * Fix compilation failure when enableing SELinux support. * Do not attempt to call SELinux functions when SELinux is disabled. bz#1851
author: taca <taca> 2011-02-16 17:45:08 +0000
committer: taca <taca> 2011-02-16 17:45:08 +0000
commit: ecba5635a54ddc8a4fa6fc6a7fec3c6e14bb97e8 (patch)
tree: 55f06779e9883e2813645f4f838866f0158f6d71 /security
parent: f2e3e86dfe85457690b61636fc6f860964d117e1 (diff)
download: pkgsrc-ecba5635a54ddc8a4fa6fc6a7fec3c6e14bb97e8.tar.gz
17 files changed, 108 insertions, 121 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index 3270b83d39d..9dc9cab7616 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.198 2011/02/06 11:31:18 obache Exp $
+# $NetBSD: Makefile,v 1.199 2011/02/16 17:45:08 taca Exp $
 
-DISTNAME=		openssh-5.5p1
-PKGNAME=		openssh-5.5.1
+DISTNAME=		openssh-5.8p1
+PKGNAME=		openssh-5.8.1
 SVR4_PKGNAME=		ossh
 CATEGORIES=		security
 MASTER_SITES=		ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index 8a2bd1f4bec..9b3c2781252 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,29 +1,30 @@
-$NetBSD: distinfo,v 1.78 2011/02/06 11:31:18 obache Exp $
+$NetBSD: distinfo,v 1.79 2011/02/16 17:45:08 taca Exp $
 
-SHA1 (openssh-5.5p1-hpn13v9.diff.gz) = 8601fabf0067ff9c59501dc0006ad3853dbb3de0
-RMD160 (openssh-5.5p1-hpn13v9.diff.gz) = bb9d44589018030fa3102898f85f4dfd7032d2f0
-Size (openssh-5.5p1-hpn13v9.diff.gz) = 22657 bytes
-SHA1 (openssh-5.5p1.tar.gz) = 361c6335e74809b26ea096b34062ba8ff6c97cd6
-RMD160 (openssh-5.5p1.tar.gz) = 7cee614112b691da5daac9f2579becba2409b727
-Size (openssh-5.5p1.tar.gz) = 1097574 bytes
-SHA1 (patch-aa) = 6c4796dae7dc618e173cd4594ec7be4c5ac8be1c
-SHA1 (patch-ab) = 9380dc2c941997925f8f310af5a19be5260d1d1e
-SHA1 (patch-ac) = 5c63cb47ffb556a15f685011bc3291d2219613dc
-SHA1 (patch-ad) = a02e5a24fee128d925939785c06f3fa985fc6f2f
+SHA1 (openssh-5.8p1-hpn13v11.diff.gz) = ea61ab71605ee867eebc1a92875a3ea5369e2d28
+RMD160 (openssh-5.8p1-hpn13v11.diff.gz) = 45fbb8e2db2f829f2749cd745ed6a0542adb1c45
+Size (openssh-5.8p1-hpn13v11.diff.gz) = 22993 bytes
+SHA1 (openssh-5.8p1.tar.gz) = adebb2faa9aba2a3a3c8b401b2b19677ab53f0de
+RMD160 (openssh-5.8p1.tar.gz) = c3903b1cf99553a8fc8d762d52c0f28db830edd0
+Size (openssh-5.8p1.tar.gz) = 1113798 bytes
+SHA1 (patch-aa) = 59a39e53367983145e11150018a7f6f185df7bd5
+SHA1 (patch-ab) = 45ae7e91a00fc6d3fdb6cd6b91950d7aae58a55f
+SHA1 (patch-ac) = 7cd1129633649327f4f44cecc10b617c5cd34ec3
+SHA1 (patch-ad) = ce7c34a1810ad4f44be935c5479c53109a306d1d
 SHA1 (patch-ae) = 4ec1007b03d4bf28ddd1dcfdf2ec7c5295a69df5
 SHA1 (patch-af) = ca3224af0b648803404776a8c12ed678db4f8ff6
-SHA1 (patch-ag) = 385874017f160626d3a95b6ce4a298d442cf9393
-SHA1 (patch-ah) = c8d4b57fd72260e26960ac67d672bebb40759bed
+SHA1 (patch-ag) = 0cdcc0f235119fb0603bb112492dd5ba66e6ad04
+SHA1 (patch-ah) = 0dad388fe5204ee6ca5d90ba1e684e18df38ccf1
 SHA1 (patch-ai) = becad6262e5daeef2a6db14097a8971c40088403
 SHA1 (patch-aj) = 5c89b4a7da59f05c50c16083aa6dd6e465cd0305
-SHA1 (patch-ak) = c718c24c7fd5e2989e40d1a0272faea6434ec578
+SHA1 (patch-ak) = 00b594fec3c366ed134b7ced5c3bc3fcf7b56357
 SHA1 (patch-al) = ffd15b2ef3cb6b57419c0f6f1f4f795e497382d7
-SHA1 (patch-am) = 4893a8a059d611d35c1fb9ff03b598c590e0355e
-SHA1 (patch-an) = bb82f8f7f9d3949fde0d797a4c1253ae402f0311
-SHA1 (patch-ao) = cff08e03d10c32175803c6f09992e4659c3e62bd
-SHA1 (patch-ap) = 5c0ae4dbcdcd50312d1db037867cbaed7c80931d
+SHA1 (patch-am) = 416471d27aedd44dc56007da46805d90f3d9957f
+SHA1 (patch-an) = 6a645978a04137fc104e863496a4d3a2ea1c6286
+SHA1 (patch-ao) = effe1720917a645452f1a7afd92588709355fb48
+SHA1 (patch-ap) = 48c92b26f64c682ed45cae3f8d20ec91815543ea
 SHA1 (patch-aq) = 1a7d8a4c5e70a0c6211247ba583534ed8ce317d0
 SHA1 (patch-ar) = a1099e0175a2b14f3b19db04261891179b1e3299
 SHA1 (patch-au) = 6cfdfc531e2267017a15e66ea48c7ecfa2a3926f
-SHA1 (patch-av) = 5b4a63dcf8312745253f5c5e68e1d9628ff9e46d
-SHA1 (patch-aw) = 532f2aebcb93cae5e0dd26a5faa1593a7d3a3c51
+SHA1 (patch-av) = dd34ac767d08b989775add25c5c015a2f19fce5c
+SHA1 (patch-aw) = 22d873bfe56464ce8a978082ebce73d441f81e5d
+SHA1 (patch-platform.c) = fcbea87b04d07ef45af5380f9baa024fada9974f
diff --git a/security/openssh/options.mk b/security/openssh/options.mk
index 8baa64fe385..9794bb5c40c 100644
--- a/security/openssh/options.mk
+++ b/security/openssh/options.mk
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.19 2010/06/15 03:11:52 taca Exp $
+# $NetBSD: options.mk,v 1.20 2011/02/16 17:45:08 taca Exp $
 
 .include "../../mk/bsd.prefs.mk"
 
@@ -17,7 +17,7 @@ CONFIGURE_ARGS+=	--with-kerberos5=${KRB5BASE:Q}
 .endif
 
 .if !empty(PKG_OPTIONS:Mhpn-patch)
-PATCHFILES=		openssh-5.5p1-hpn13v9.diff.gz
+PATCHFILES=		openssh-5.8p1-hpn13v11.diff.gz
 PATCH_SITES=		http://www.psc.edu/networking/projects/hpn-ssh/
 PATCH_DIST_STRIP=	-p1
 .endif
diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa
index cd728673f23..ed902642d42 100644
--- a/security/openssh/patches/patch-aa
+++ b/security/openssh/patches/patch-aa
@@ -1,4 +1,4 @@
-$NetBSD: patch-aa,v 1.47 2011/02/06 11:31:18 obache Exp $
+$NetBSD: patch-aa,v 1.48 2011/02/16 17:45:08 taca Exp $
 
 --- configure.orig	2010-04-16 03:17:11.000000000 +0300
 +++ configure	2010-06-09 21:30:29.000000000 +0300
@@ -66,15 +66,6 @@ $NetBSD: patch-aa,v 1.47 2011/02/06 11:31:18 obache Exp $
  	check_for_libcrypt_later=1
  
  cat >>confdefs.h <<\_ACEOF
-@@ -12468,7 +12502,7 @@
- 				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
- 			fi
- 		fi
--		if test "x$use_pkgconfig_for_libedit" == "xyes"; then
-+		if test "x$use_pkgconfig_for_libedit" = "xyes"; then
- 			LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
- 			CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
- 		else
 @@ -29573,14 +29607,20 @@
  rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
  if test -z "$conf_wtmpx_location"; then
diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab
index 7daacc3b715..c895b1920db 100644
--- a/security/openssh/patches/patch-ab
+++ b/security/openssh/patches/patch-ab
@@ -1,4 +1,4 @@
-$NetBSD: patch-ab,v 1.29 2011/02/06 11:31:18 obache Exp $
+$NetBSD: patch-ab,v 1.30 2011/02/16 17:45:08 taca Exp $
 
 --- configure.ac.orig	2010-04-10 15:58:01.000000000 +0300
 +++ configure.ac	2010-06-09 21:32:22.000000000 +0300
@@ -36,15 +36,6 @@ $NetBSD: patch-ab,v 1.29 2011/02/06 11:31:18 obache Exp $
  *-*-irix5*)
  	PATH="$PATH:/usr/etc"
  	AC_DEFINE(BROKEN_INET_NTOA, 1,
-@@ -1273,7 +1286,7 @@
- 				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
- 			fi
- 		fi
--		if test "x$use_pkgconfig_for_libedit" == "xyes"; then
-+		if test "x$use_pkgconfig_for_libedit" = "xyes"; then
- 			LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
- 			CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
- 		else
 @@ -4106,9 +4119,17 @@
  )
  if test -z "$conf_wtmpx_location"; then
diff --git a/security/openssh/patches/patch-ac b/security/openssh/patches/patch-ac
index 7079ba0fe99..500fb15e0ff 100644
--- a/security/openssh/patches/patch-ac
+++ b/security/openssh/patches/patch-ac
@@ -1,7 +1,7 @@
-$NetBSD: patch-ac,v 1.18 2010/02/19 10:17:33 martti Exp $
+$NetBSD: patch-ac,v 1.19 2011/02/16 17:45:08 taca Exp $
 
---- defines.h.orig	2009-08-28 04:21:07.000000000 +0300
-+++ defines.h	2010-02-19 12:07:15.000000000 +0200
+--- defines.h.orig	2011-01-17 10:15:31.000000000 +0000
++++ defines.h
 @@ -30,6 +30,15 @@
  
  /* Constants */
@@ -18,7 +18,7 @@ $NetBSD: patch-ac,v 1.18 2010/02/19 10:17:33 martti Exp $
  #if defined(HAVE_DECL_SHUT_RD) && HAVE_DECL_SHUT_RD == 0
  enum
  {
-@@ -652,6 +661,24 @@
+@@ -698,6 +707,24 @@ struct winsize {
  #    endif
  #  endif
  #endif
diff --git a/security/openssh/patches/patch-ad b/security/openssh/patches/patch-ad
index 128d71e16f6..469a7121c76 100644
--- a/security/openssh/patches/patch-ad
+++ b/security/openssh/patches/patch-ad
@@ -1,8 +1,8 @@
-$NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $
+$NetBSD: patch-ad,v 1.15 2011/02/16 17:45:08 taca Exp $
 
---- loginrec.c.orig	2010-04-09 11:13:27.000000000 +0300
-+++ loginrec.c	2010-06-09 21:16:25.000000000 +0300
-@@ -432,8 +432,8 @@ login_set_addr(struct logininfo *li, con
+--- loginrec.c.orig	2011-01-17 10:15:31.000000000 +0000
++++ loginrec.c
+@@ -433,8 +433,8 @@ login_set_addr(struct logininfo *li, con
  int
  login_write(struct logininfo *li)
  {
@@ -13,7 +13,7 @@ $NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $
  		logit("Attempt to write login records by non-root user (aborting)");
  		return (1);
  	}
-@@ -441,7 +441,7 @@ login_write(struct logininfo *li)
+@@ -442,7 +442,7 @@ login_write(struct logininfo *li)
  
  	/* set the timestamp */
  	login_set_current_time(li);
@@ -22,7 +22,7 @@ $NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $
  	syslogin_write_entry(li);
  #endif
  #ifdef USE_LASTLOG
-@@ -625,7 +625,7 @@ line_abbrevname(char *dst, const char *s
+@@ -626,7 +626,7 @@ line_abbrevname(char *dst, const char *s
   ** into account.
   **/
  
@@ -31,7 +31,7 @@ $NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $
  
  /* build the utmp structure */
  void
-@@ -762,10 +762,6 @@ construct_utmpx(struct logininfo *li, st
+@@ -763,10 +763,6 @@ construct_utmpx(struct logininfo *li, st
  	set_utmpx_time(li, utx);
  	utx->ut_pid = li->pid;
  
@@ -42,7 +42,7 @@ $NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $
  	if (li->type == LTYPE_LOGOUT)
  		return;
  
-@@ -774,6 +770,8 @@ construct_utmpx(struct logininfo *li, st
+@@ -775,6 +771,8 @@ construct_utmpx(struct logininfo *li, st
  	 * for logouts.
  	 */
  
@@ -51,7 +51,7 @@ $NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $
  # ifdef HAVE_HOST_IN_UTMPX
  	strncpy(utx->ut_host, li->hostname,
  	    MIN_SIZEOF(utx->ut_host, li->hostname));
-@@ -1403,7 +1401,7 @@ wtmpx_get_entry(struct logininfo *li)
+@@ -1410,7 +1408,7 @@ wtmpx_get_entry(struct logininfo *li)
   ** Low-level libutil login() functions
   **/
  
diff --git a/security/openssh/patches/patch-ag b/security/openssh/patches/patch-ag
index 76aa3e86b4e..ea9ccaf211f 100644
--- a/security/openssh/patches/patch-ag
+++ b/security/openssh/patches/patch-ag
@@ -1,8 +1,8 @@
-$NetBSD: patch-ag,v 1.13 2010/06/11 20:41:42 martti Exp $
+$NetBSD: patch-ag,v 1.14 2011/02/16 17:45:08 taca Exp $
 
---- config.h.in.orig	2010-04-16 03:17:09.000000000 +0300
-+++ config.h.in	2010-06-09 20:27:35.000000000 +0300
-@@ -521,6 +521,9 @@
+--- config.h.in.orig	2011-02-04 00:59:51.000000000 +0000
++++ config.h.in
+@@ -533,6 +533,9 @@
  /* define if you have int64_t data type */
  #undef HAVE_INT64_T
  
@@ -12,7 +12,7 @@ $NetBSD: patch-ag,v 1.13 2010/06/11 20:41:42 martti Exp $
  /* Define to 1 if you have the <inttypes.h> header file. */
  #undef HAVE_INTTYPES_H
  
-@@ -641,6 +644,9 @@
+@@ -659,6 +662,9 @@
  /* Define to 1 if you have the <net/if_tun.h> header file. */
  #undef HAVE_NET_IF_TUN_H
  
diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah
index 91aab5b63c9..7f4d82f936e 100644
--- a/security/openssh/patches/patch-ah
+++ b/security/openssh/patches/patch-ah
@@ -1,8 +1,8 @@
-$NetBSD: patch-ah,v 1.28 2010/06/11 20:41:42 martti Exp $
+$NetBSD: patch-ah,v 1.29 2011/02/16 17:45:08 taca Exp $
 
---- Makefile.in.orig	2010-03-13 23:41:34.000000000 +0200
-+++ Makefile.in	2010-06-09 20:28:52.000000000 +0300
-@@ -22,7 +22,7 @@
+--- Makefile.in.orig	2011-02-16 01:25:58.000000000 +0000
++++ Makefile.in
+@@ -22,7 +22,7 @@ top_srcdir=@top_srcdir@
  DESTDIR=
  VPATH=@srcdir@
  SSH_PROGRAM=@bindir@/ssh
@@ -11,7 +11,7 @@ $NetBSD: patch-ah,v 1.28 2010/06/11 20:41:42 martti Exp $
  SFTP_SERVER=$(libexecdir)/sftp-server
  SSH_KEYSIGN=$(libexecdir)/ssh-keysign
  SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
-@@ -239,7 +239,7 @@
+@@ -243,7 +243,7 @@ distprep: catman-do
  	-rm -rf autom4te.cache
  
  install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
diff --git a/security/openssh/patches/patch-ak b/security/openssh/patches/patch-ak
index ac82f89baac..ebd69358492 100644
--- a/security/openssh/patches/patch-ak
+++ b/security/openssh/patches/patch-ak
@@ -1,8 +1,8 @@
-$NetBSD: patch-ak,v 1.10 2010/06/11 20:41:42 martti Exp $
+$NetBSD: patch-ak,v 1.11 2011/02/16 17:45:08 taca Exp $
 
---- auth.c.orig	2010-03-07 02:57:00.000000000 +0200
-+++ auth.c	2010-06-09 20:33:47.000000000 +0300
-@@ -384,7 +384,7 @@
+--- auth.c.orig	2010-12-01 01:21:51.000000000 +0000
++++ auth.c
+@@ -391,7 +391,7 @@ check_key_in_hostfiles(struct passwd *pw
  		user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
  		if (options.strict_modes &&
  		    (stat(user_hostfile, &st) == 0) &&
@@ -11,7 +11,7 @@ $NetBSD: patch-ak,v 1.10 2010/06/11 20:41:42 martti Exp $
  		    (st.st_mode & 022) != 0)) {
  			logit("Authentication refused for %.100s: "
  			    "bad owner or modes for %.200s",
-@@ -437,7 +437,7 @@
+@@ -453,7 +453,7 @@ secure_filename(FILE *f, const char *fil
  
  	/* check the open file to avoid races */
  	if (fstat(fileno(f), &st) < 0 ||
@@ -20,7 +20,7 @@ $NetBSD: patch-ak,v 1.10 2010/06/11 20:41:42 martti Exp $
  	    (st.st_mode & 022) != 0) {
  		snprintf(err, errlen, "bad ownership or modes for file %s",
  		    buf);
-@@ -454,7 +454,7 @@
+@@ -470,7 +470,7 @@ secure_filename(FILE *f, const char *fil
  
  		debug3("secure_filename: checking '%s'", buf);
  		if (stat(buf, &st) < 0 ||
diff --git a/security/openssh/patches/patch-am b/security/openssh/patches/patch-am
index 9a45a833bb9..51d9ea7c932 100644
--- a/security/openssh/patches/patch-am
+++ b/security/openssh/patches/patch-am
@@ -1,8 +1,8 @@
-$NetBSD: patch-am,v 1.8 2009/05/21 03:22:29 taca Exp $
+$NetBSD: patch-am,v 1.9 2011/02/16 17:45:08 taca Exp $
 
---- auth2.c.orig	2008-11-05 14:20:46.000000000 +0900
+--- auth2.c.orig	2011-02-16 01:25:58.000000000 +0000
 +++ auth2.c
-@@ -298,7 +298,7 @@ userauth_finish(Authctxt *authctxt, int 
+@@ -307,7 +307,7 @@ userauth_finish(Authctxt *authctxt, int 
  		    authctxt->user);
  
  	/* Special handling for root */
diff --git a/security/openssh/patches/patch-an b/security/openssh/patches/patch-an
index 722e984862f..20e9e163732 100644
--- a/security/openssh/patches/patch-an
+++ b/security/openssh/patches/patch-an
@@ -1,8 +1,8 @@
-$NetBSD: patch-an,v 1.11 2010/06/11 20:41:42 martti Exp $
+$NetBSD: patch-an,v 1.12 2011/02/16 17:45:08 taca Exp $
 
---- scp.c.orig	2010-01-08 09:53:43.000000000 +0200
-+++ scp.c	2010-06-09 20:34:26.000000000 +0300
-@@ -395,7 +395,11 @@
+--- scp.c.orig	2011-02-16 01:25:58.000000000 +0000
++++ scp.c
+@@ -477,7 +477,11 @@ main(int argc, char **argv)
  	argc -= optind;
  	argv += optind;
  
@@ -14,7 +14,7 @@ $NetBSD: patch-an,v 1.11 2010/06/11 20:41:42 martti Exp $
  		fatal("unknown user %u", (u_int) userid);
  
  	if (!isatty(STDOUT_FILENO))
-@@ -789,8 +793,10 @@
+@@ -877,8 +881,10 @@ rsource(char *name, struct stat *statp)
  		return;
  	}
  	while ((dp = readdir(dirp)) != NULL) {
@@ -25,7 +25,7 @@ $NetBSD: patch-an,v 1.11 2010/06/11 20:41:42 martti Exp $
  		if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
  			continue;
  		if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) {
-@@ -1240,7 +1246,9 @@
+@@ -1275,7 +1281,9 @@ okname(char *cp0)
  			case '\'':
  			case '"':
  			case '`':
diff --git a/security/openssh/patches/patch-ao b/security/openssh/patches/patch-ao
index 881f5e0c98b..5220250c6fc 100644
--- a/security/openssh/patches/patch-ao
+++ b/security/openssh/patches/patch-ao
@@ -1,12 +1,12 @@
-$NetBSD: patch-ao,v 1.16 2010/06/11 20:41:42 martti Exp $
+$NetBSD: patch-ao,v 1.17 2011/02/16 17:45:08 taca Exp $
 
 One more replacing 0 with ROOTUID is handled by using SUBST framework
 because patch can't handle it when hpn-patch option is enabled.
 So, don't simply update this file with mkpatch command.
 
---- session.c.orig	2010-03-26 02:04:09.000000000 +0200
-+++ session.c	2010-06-09 20:35:03.000000000 +0300
-@@ -1071,7 +1071,7 @@
+--- session.c.orig	2011-02-16 01:25:58.000000000 +0000
++++ session.c
+@@ -1075,7 +1075,7 @@ read_etc_default_login(char ***env, u_in
  	if (tmpenv == NULL)
  		return;
  
@@ -15,7 +15,7 @@ So, don't simply update this file with mkpatch command.
  		var = child_get_env(tmpenv, "SUPATH");
  	else
  		var = child_get_env(tmpenv, "PATH");
-@@ -1180,7 +1180,7 @@
+@@ -1184,7 +1184,7 @@ do_setup_env(Session *s, const char *she
  #  endif /* HAVE_ETC_DEFAULT_LOGIN */
  		if (path == NULL || *path == '\0') {
  			child_set_env(&env, &envsize, "PATH",
@@ -24,7 +24,7 @@ So, don't simply update this file with mkpatch command.
  				SUPERUSER_PATH : _PATH_STDPATH);
  		}
  # endif /* HAVE_CYGWIN */
-@@ -1294,6 +1294,18 @@
+@@ -1298,6 +1298,18 @@ do_setup_env(Session *s, const char *she
  		    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
  		read_environment_file(&env, &envsize, buf);
  	}
@@ -43,19 +43,7 @@ So, don't simply update this file with mkpatch command.
  	if (debug_flag) {
  		/* dump the environment */
  		fprintf(stderr, "Environment:\n");
-@@ -1473,9 +1485,9 @@
- 	(void)ssh_selinux_enabled();
- #endif
- 
--#ifndef HAVE_CYGWIN
-+#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
- 	if (getuid() == 0 || geteuid() == 0)
--#endif /* HAVE_CYGWIN */
-+#endif /* !HAVE_CYGWIN && !HAVE_INTERIX */
- 	{
- #ifdef HAVE_LOGIN_CAP
- # ifdef __bsdi__
-@@ -1504,11 +1516,13 @@
+@@ -1488,11 +1500,13 @@ do_setusercontext(struct passwd *pw)
  			perror("setgid");
  			exit(1);
  		}
@@ -67,9 +55,9 @@ So, don't simply update this file with mkpatch command.
  		}
 +# endif /* !HAVE_INTERIX */
  		endgrent();
- # ifdef USE_PAM
- 		/*
-@@ -2356,7 +2370,7 @@
+ #endif
+ 
+@@ -2305,7 +2319,7 @@ session_pty_cleanup2(Session *s)
  		record_logout(s->pid, s->tty, s->pw->pw_name);
  
  	/* Release the pseudo-tty. */
diff --git a/security/openssh/patches/patch-ap b/security/openssh/patches/patch-ap
index 228939fbbcf..629c14445a6 100644
--- a/security/openssh/patches/patch-ap
+++ b/security/openssh/patches/patch-ap
@@ -1,8 +1,8 @@
-$NetBSD: patch-ap,v 1.11 2010/02/19 10:17:34 martti Exp $
+$NetBSD: patch-ap,v 1.12 2011/02/16 17:45:08 taca Exp $
 
---- ssh.c.orig	2009-07-06 00:16:56.000000000 +0300
-+++ ssh.c	2010-02-19 12:09:35.000000000 +0200
-@@ -705,7 +705,7 @@
+--- ssh.c.orig	2011-02-16 01:25:58.000000000 +0000
++++ ssh.c
+@@ -761,7 +761,7 @@ main(int ac, char **av)
  	if (ssh_connect(host, &hostaddr, options.port,
  	    options.address_family, options.connection_attempts, &timeout_ms,
  	    options.tcp_keep_alive, 
diff --git a/security/openssh/patches/patch-av b/security/openssh/patches/patch-av
index 8fc3fe3e7b9..262c9fa0858 100644
--- a/security/openssh/patches/patch-av
+++ b/security/openssh/patches/patch-av
@@ -1,8 +1,8 @@
-$NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $
+$NetBSD: patch-av,v 1.10 2011/02/16 17:45:08 taca Exp $
 
---- sshd.c.orig	2010-03-07 14:05:17.000000000 +0200
-+++ sshd.c	2010-06-09 20:36:56.000000000 +0300
-@@ -236,7 +236,11 @@
+--- sshd.c.orig	2011-02-16 01:25:58.000000000 +0000
++++ sshd.c
+@@ -239,7 +239,11 @@ int *startup_pipes = NULL;
  int startup_pipe;		/* in child */
  
  /* variables used for privilege separation */
@@ -14,7 +14,7 @@ $NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $
  struct monitor *pmonitor = NULL;
  
  /* global authentication context */
-@@ -612,10 +616,15 @@
+@@ -618,10 +622,15 @@ privsep_preauth_child(void)
  	/* XXX not ready, too heavy after chroot */
  	do_setusercontext(privsep_pw);
  #else
@@ -30,7 +30,7 @@ $NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $
  #endif
  }
  
-@@ -655,7 +664,7 @@
+@@ -661,7 +670,7 @@ privsep_preauth(Authctxt *authctxt)
  		close(pmonitor->m_sendfd);
  
  		/* Demote the child */
@@ -39,7 +39,7 @@ $NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $
  			privsep_preauth_child();
  		setproctitle("%s", "[net]");
  	}
-@@ -670,7 +679,7 @@
+@@ -676,7 +685,7 @@ privsep_postauth(Authctxt *authctxt)
  #ifdef DISABLE_FD_PASSING
  	if (1) {
  #else
@@ -48,7 +48,7 @@ $NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $
  #endif
  		/* File descriptor passing is broken or root login */
  		use_privsep = 0;
-@@ -1310,8 +1319,10 @@
+@@ -1335,8 +1344,10 @@ main(int ac, char **av)
  	av = saved_argv;
  #endif
  
@@ -60,7 +60,7 @@ $NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $
  
  	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
  	sanitise_stdfd();
-@@ -1664,7 +1675,7 @@
+@@ -1690,7 +1701,7 @@ main(int ac, char **av)
  		    (st.st_uid != getuid () ||
  		    (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
  #else
@@ -69,7 +69,7 @@ $NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $
  #endif
  			fatal("%s must be owned by root and not group or "
  			    "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
-@@ -1688,8 +1699,10 @@
+@@ -1714,8 +1725,10 @@ main(int ac, char **av)
  	 * to create a file, and we can't control the code in every
  	 * module which might be used).
  	 */
diff --git a/security/openssh/patches/patch-aw b/security/openssh/patches/patch-aw
index c61742928c9..e9f61310952 100644
--- a/security/openssh/patches/patch-aw
+++ b/security/openssh/patches/patch-aw
@@ -1,6 +1,6 @@
-$NetBSD: patch-aw,v 1.3 2009/05/21 03:22:29 taca Exp $
+$NetBSD: patch-aw,v 1.4 2011/02/16 17:45:09 taca Exp $
 
---- openbsd-compat/port-tun.c.orig	2008-05-19 14:28:36.000000000 +0900
+--- openbsd-compat/port-tun.c.orig	2010-08-10 02:47:42.000000000 +0000
 +++ openbsd-compat/port-tun.c
 @@ -110,6 +110,10 @@ sys_tun_open(int tun, int mode)
  #include <sys/socket.h>
diff --git a/security/openssh/patches/patch-platform.c b/security/openssh/patches/patch-platform.c
new file mode 100644
index 00000000000..a4f4b10a4f4
--- /dev/null
+++ b/security/openssh/patches/patch-platform.c
@@ -0,0 +1,16 @@
+$NetBSD: patch-platform.c,v 1.1 2011/02/16 17:45:09 taca Exp $
+
+Fix for Interix.
+
+--- platform.c.orig	2011-01-11 06:02:25.000000000 +0000
++++ platform.c
+@@ -81,7 +81,9 @@ platform_privileged_uidswap(void)
+ 	/* uid 0 is not special on Cygwin so always try */
+ 	return 1;
+ #else
++#if !defined(HAVE_INTERIX)
+ 	return (getuid() == 0 || geteuid() == 0);
++#endif /* !HAVE_INTERIX */
+ #endif
+ }
+
author	taca <taca>	2011-02-16 17:45:08 +0000
committer	taca <taca>	2011-02-16 17:45:08 +0000
commit	ecba5635a54ddc8a4fa6fc6a7fec3c6e14bb97e8 (patch)
tree	55f06779e9883e2813645f4f838866f0158f6d71 /security
parent	f2e3e86dfe85457690b61636fc6f860964d117e1 (diff)
download	pkgsrc-ecba5635a54ddc8a4fa6fc6a7fec3c6e14bb97e8.tar.gz