From 166dd4b7f3f566c4cd6379cb9eb8515092b199d4 Mon Sep 17 00:00:00 2001 From: drochner Date: Tue, 14 Mar 2006 20:03:43 +0000 Subject: update to 0.48.1 changes: -a security fix which was already in pkgsrc (0.46nb1) -bugfixes -zlib compression for dbclient -Set "low delay" TOS bit -client keyboard-interactive mode support -logging improvements -Added aes-256 cipher and sha1-96 hmac -allow connections to listening forwarded ports from remote machines --- security/dropbear/Makefile | 6 ++---- security/dropbear/distinfo | 14 ++++++-------- security/dropbear/patches/patch-ab | 12 ++++++------ security/dropbear/patches/patch-ac | 35 ++++++++++++----------------------- security/dropbear/patches/patch-ad | 15 --------------- security/dropbear/patches/patch-ae | 16 ---------------- 6 files changed, 26 insertions(+), 72 deletions(-) delete mode 100644 security/dropbear/patches/patch-ad delete mode 100644 security/dropbear/patches/patch-ae (limited to 'security/dropbear') diff --git a/security/dropbear/Makefile b/security/dropbear/Makefile index ec4070bfe9d..ddd0dfd17d0 100644 --- a/security/dropbear/Makefile +++ b/security/dropbear/Makefile @@ -1,10 +1,8 @@ -# $NetBSD: Makefile,v 1.17 2006/03/04 21:30:33 jlam Exp $ +# $NetBSD: Makefile,v 1.18 2006/03/14 20:03:43 drochner Exp $ -DISTNAME= dropbear-0.46 -PKGREVISION= 2 +DISTNAME= dropbear-0.48.1 CATEGORIES= security MASTER_SITES= http://matt.ucc.asn.au/dropbear/releases/ -EXTRACT_SUFX= .tar.bz2 MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://matt.ucc.asn.au/dropbear/dropbear.html diff --git a/security/dropbear/distinfo b/security/dropbear/distinfo index 74760d14dfb..c465933abe5 100644 --- a/security/dropbear/distinfo +++ b/security/dropbear/distinfo @@ -1,10 +1,8 @@ -$NetBSD: distinfo,v 1.11 2006/01/19 23:53:54 joerg Exp $ +$NetBSD: distinfo,v 1.12 2006/03/14 20:03:43 drochner Exp $ -SHA1 (dropbear-0.46.tar.bz2) = 2b6d2083ec0294fde55c75e4080c06637cbcf833 -RMD160 (dropbear-0.46.tar.bz2) = f7c61b021705362f55209bc0f383d0bf3336841e -Size (dropbear-0.46.tar.bz2) = 1413918 bytes +SHA1 (dropbear-0.48.1.tar.gz) = 4dd349b5e3c1aa1b627c52a27f17f5eb7e85c146 +RMD160 (dropbear-0.48.1.tar.gz) = 055740e5978f91ca34d318e6a6f8052d182e8d7c +Size (dropbear-0.48.1.tar.gz) = 1473114 bytes SHA1 (patch-aa) = 3246fce39551e97f0b9ecd3397479ea2f3e22abd -SHA1 (patch-ab) = 7096feb1f8cc7372410f2e94d7961190a6974fad -SHA1 (patch-ac) = 5a8bc0ccaba26fcf497de554a5c3a9478203adb1 -SHA1 (patch-ad) = 4dd93da76596411dadb731e85208c07baf707d03 -SHA1 (patch-ae) = 9300c096cd498a1628bef960bdaccda4345c9a3c +SHA1 (patch-ab) = bca3abf2505852e4a25505e505afcf2cb52aa823 +SHA1 (patch-ac) = 69b1349bb47ad6a6ae02096f1ebde87a1461dd9b diff --git a/security/dropbear/patches/patch-ab b/security/dropbear/patches/patch-ab index dd637d304bf..f0dbe4c6a91 100644 --- a/security/dropbear/patches/patch-ab +++ b/security/dropbear/patches/patch-ab @@ -1,21 +1,21 @@ -$NetBSD: patch-ab,v 1.3 2005/08/09 17:31:06 drochner Exp $ +$NetBSD: patch-ab,v 1.4 2006/03/14 20:03:43 drochner Exp $ ---- options.h.orig 2005-07-08 21:20:58.000000000 +0200 +--- options.h.orig 2006-03-12 05:52:51.000000000 +0100 +++ options.h -@@ -122,8 +122,11 @@ etc) slower (perhaps by 50%). Recommende +@@ -127,8 +127,11 @@ etc) slower (perhaps by 50%). Recommende * but there's an interface via a PAM module - don't bother using it otherwise. * You can't enable both PASSWORD and PAM. */ +#ifdef DISABLE_PAM #define ENABLE_SVR_PASSWORD_AUTH --/*#define ENABLE_SVR_PAM_AUTH*/ +-/* #define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */ +#else -+#define ENABLE_SVR_PAM_AUTH ++#define ENABLE_SVR_PAM_AUTH /* requires ./configure --enable-pam */ +#endif #define ENABLE_SVR_PUBKEY_AUTH #define ENABLE_CLI_PASSWORD_AUTH -@@ -148,7 +151,7 @@ etc) slower (perhaps by 50%). Recommende +@@ -154,7 +157,7 @@ etc) slower (perhaps by 50%). Recommende * however significantly reduce the security of your ssh connections * if the PRNG state becomes guessable - make sure you know what you are * doing if you change this. */ diff --git a/security/dropbear/patches/patch-ac b/security/dropbear/patches/patch-ac index 8a5d734326a..a243a109f24 100644 --- a/security/dropbear/patches/patch-ac +++ b/security/dropbear/patches/patch-ac @@ -1,29 +1,18 @@ -$NetBSD: patch-ac,v 1.1 2005/08/09 17:31:06 drochner Exp $ +$NetBSD: patch-ac,v 1.2 2006/03/14 20:03:43 drochner Exp $ ---- svr-authpam.c.orig 2005-08-09 19:13:13.000000000 +0200 +--- svr-authpam.c.orig 2006-03-12 05:52:52.000000000 +0100 +++ svr-authpam.c -@@ -78,7 +78,8 @@ pamConvFunc(int num_msg, +@@ -124,7 +124,8 @@ pamConvFunc(int num_msg, + case PAM_PROMPT_ECHO_ON: - case PAM_PROMPT_ECHO_OFF: - -- if (strcmp(message, "Password:") != 0) { -+ if ((strcmp(message, "Password:") != 0) -+ && (strcmp(message, "Password: ") != 0)) { - TRACE(("PAM_PROMPT_ECHO_OFF: unrecognized prompt")) - rc = PAM_CONV_ERR; - break; -@@ -101,7 +102,9 @@ pamConvFunc(int num_msg, - - if ((strcmp(message, "login: " ) != 0) - && (strcmp(message, "login:" ) != 0) -- && (strcmp(message, "Please enter username: " ) != 0)) { -+ && (strcmp(message, "Please enter username: " ) != 0) -+ && (strcmp(message, "Login:" ) != 0) -+ && (strcmp(message, "Username:" ) != 0)) { - TRACE(("PAM_PROMPT_ECHO_ON: unrecognized prompt")) - rc = PAM_CONV_ERR; - break; -@@ -184,7 +187,9 @@ void svr_auth_pam() { + if (!((strcmp(compare_message, "login:" ) == 0) +- || (strcmp(compare_message, "please enter username:") == 0))) { ++ || (strcmp(compare_message, "please enter username:") == 0) ++ || (strcmp(compare_message, "username:" ) == 0))) { + /* We don't recognise the prompt as asking for a username, + so can't handle it. Add more above as required for + different pam modules/implementations */ +@@ -212,7 +213,9 @@ void svr_auth_pam() { goto cleanup; } diff --git a/security/dropbear/patches/patch-ad b/security/dropbear/patches/patch-ad deleted file mode 100644 index ea9360ec685..00000000000 --- a/security/dropbear/patches/patch-ad +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-ad,v 1.1 2005/12/14 18:00:12 reed Exp $ - -security patch from http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html - ---- svr-chansession.c.orig 2005-12-14 09:32:29.056688256 -0800 -+++ svr-chansession.c 2005-12-14 09:33:13.361952832 -0800 -@@ -810,7 +810,7 @@ - /* need to increase size */ - if (i == svr_ses.childpidsize) { - svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids, -- sizeof(struct ChildPid) * svr_ses.childpidsize+1); -+ sizeof(struct ChildPid) * (svr_ses.childpidsize+1)); - svr_ses.childpidsize++; - } - diff --git a/security/dropbear/patches/patch-ae b/security/dropbear/patches/patch-ae deleted file mode 100644 index adf394203e3..00000000000 --- a/security/dropbear/patches/patch-ae +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ae,v 1.1 2006/01/19 23:53:54 joerg Exp $ - ---- svr-tcpfwd.c.orig 2006-01-19 23:47:43.000000000 +0000 -+++ svr-tcpfwd.c -@@ -80,7 +80,11 @@ void recv_msg_global_request_remotetcp() - reqname = buf_getstring(ses.payload, &namelen); - wantreply = buf_getbool(ses.payload); - -+#if defined(NAME_MAX) -+ if (namelen > NAME_MAX) { -+#else - if (namelen > MAXNAMLEN) { -+#endif - TRACE(("name len is wrong: %d", namelen)) - goto out; - } -- cgit v1.2.3