From e2e335bd0cd13e32b029dbc559cdaec153127131 Mon Sep 17 00:00:00 2001 From: tnn Date: Thu, 24 Jul 2008 16:25:47 +0000 Subject: Add patch from OpenSSH 5.1 that fixes an X11 fwd security issue on HP-UX. Bump PKGREVISION. --- security/openssh/Makefile | 3 ++- security/openssh/distinfo | 3 ++- security/openssh/patches/patch-at | 38 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 security/openssh/patches/patch-at (limited to 'security/openssh') diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 30391e48479..189243b0782 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.188 2008/04/27 00:34:27 tnn Exp $ +# $NetBSD: Makefile,v 1.189 2008/07/24 16:25:47 tnn Exp $ DISTNAME= openssh-5.0p1 PKGNAME= openssh-5.0.1 +PKGREVISION= 1 SVR4_PKGNAME= ossh CATEGORIES= security MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ diff --git a/security/openssh/distinfo b/security/openssh/distinfo index e2934e64117..05f12a29452 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.69 2008/04/27 00:34:27 tnn Exp $ +$NetBSD: distinfo,v 1.70 2008/07/24 16:25:47 tnn Exp $ SHA1 (openssh-5.0.1-20080427/openssh-5.0p1-hpn13v3.diff.gz) = 688265249dfaa449283ddfae2f81a9b6e3507f86 RMD160 (openssh-5.0.1-20080427/openssh-5.0p1-hpn13v3.diff.gz) = d4baca41f6212036b513173835de6e1081d49ac8 @@ -25,6 +25,7 @@ SHA1 (patch-ap) = 3029b847ce83305e8103276e27c75e0338e1fc08 SHA1 (patch-aq) = a619b57361b04d5ab3d41375c18f7b99d71c8b34 SHA1 (patch-ar) = fce4dc1011a124f02b8e14980cda1d633b36aa7d SHA1 (patch-as) = 19660f5983931ea3b053e6f4289cf6fae2ce50f3 +SHA1 (patch-at) = 7e7220e024d59d5462157b1d16dd90f23ab697f3 SHA1 (patch-au) = 6cfdfc531e2267017a15e66ea48c7ecfa2a3926f SHA1 (patch-av) = 00f54c3fae7318b278b16bd0b01881a90bd31365 SHA1 (patch-aw) = 2a88b7563c6f52163c6c5f716e437ecaea613a30 diff --git a/security/openssh/patches/patch-at b/security/openssh/patches/patch-at new file mode 100644 index 00000000000..b1a501ccca0 --- /dev/null +++ b/security/openssh/patches/patch-at @@ -0,0 +1,38 @@ +$NetBSD: patch-at,v 1.7 2008/07/24 16:25:47 tnn Exp $ + +Index: channels.c +=================================================================== +RCS file: /cvs/openssh/channels.c,v +retrieving revision 1.262 +retrieving revision 1.263 +diff -u -p -u -r1.262 -r1.263 +--- channels.c 10 Jun 2008 13:01:51 -0000 1.262 ++++ channels.c 11 Jun 2008 20:05:12 -0000 1.263 +@@ -3018,7 +3018,8 @@ x11_create_display_inet(int x11_display_ + error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno)); + } + #endif +- channel_set_reuseaddr(sock); ++ if (x11_use_localhost) ++ channel_set_reuseaddr(sock); + if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + debug2("bind port %d: %.100s", port, strerror(errno)); + close(sock); +@@ -3030,17 +3031,8 @@ x11_create_display_inet(int x11_display_ + break; + } + socks[num_socks++] = sock; +-#ifndef DONT_TRY_OTHER_AF + if (num_socks == NUM_SOCKS) + break; +-#else +- if (x11_use_localhost) { +- if (num_socks == NUM_SOCKS) +- break; +- } else { +- break; +- } +-#endif + } + freeaddrinfo(aitop); + if (num_socks > 0) -- cgit v1.2.3