From 47b433811d83bdb9e776b8b92191afb5b752d07f Mon Sep 17 00:00:00 2001 From: tron Date: Wed, 4 Nov 1998 23:43:39 +0000 Subject: Add necessary security patches from PR pkg/6392 by Wolfgang Rupprecht and convert old patch files to unified output format. --- security/ssh/patches/patch-ab | 139 ++++++++++++++++-------------------------- security/ssh/patches/patch-ae | 33 ++++------ security/ssh/patches/patch-ag | 58 ++++++++++++++++++ security/ssh/patches/patch-ah | 22 +++++++ security/ssh/patches/patch-ai | 13 ++++ security/ssh/patches/patch-aj | 107 ++++++++++++-------------------- security/ssh/patches/patch-ak | 7 +++ security/ssh/patches/patch-ao | 108 +++++++++++++------------------- 8 files changed, 246 insertions(+), 241 deletions(-) create mode 100644 security/ssh/patches/patch-ag create mode 100644 security/ssh/patches/patch-ah create mode 100644 security/ssh/patches/patch-ai create mode 100644 security/ssh/patches/patch-ak (limited to 'security/ssh') diff --git a/security/ssh/patches/patch-ab b/security/ssh/patches/patch-ab index d0f4258e7c7..0d42a7178e9 100644 --- a/security/ssh/patches/patch-ab +++ b/security/ssh/patches/patch-ab @@ -1,87 +1,54 @@ -$NetBSD: patch-ab,v 1.4 1998/08/07 11:13:49 agc Exp $ +$NetBSD: patch-ab,v 1.5 1998/11/04 23:43:39 tron Exp $ -Index: configure -*** configure.orig Tue Jan 20 05:24:14 1998 ---- configure Sat Jan 24 19:04:05 1998 -*************** -*** 1759,1770 **** - - export CFLAGS CC - -- # Socket pairs appear to be broken on several systems. I don't know exactly -- # where, so I'll use pipes everywhere for now. -- cat >> confdefs.h <<\EOF -- #define USE_PIPES 1 -- EOF -- - - echo $ac_n "checking that the compiler works""... $ac_c" 1>&6 - echo "configure:1771: checking that the compiler works" >&5 ---- 1759,1764 ---- -*************** -*** 6853,6867 **** - case "$enableval" in - no) - echo "$ac_t""no" 1>&6 -! SSHINSTALLMODE=0711 - ;; - *) echo "$ac_t""yes" 1>&6 -! SSHINSTALLMODE=04711 - ;; - esac - else - echo "$ac_t""yes" 1>&6 -! SSHINSTALLMODE=04711 - - fi - ---- 6847,6861 ---- - case "$enableval" in - no) - echo "$ac_t""no" 1>&6 -! SSHINSTALLMODE=0511 - ;; - *) echo "$ac_t""yes" 1>&6 -! SSHINSTALLMODE=04511 - ;; - esac - else - echo "$ac_t""yes" 1>&6 -! SSHINSTALLMODE=04511 - - fi - -*************** -*** 7013,7019 **** - ac_given_srcdir=$srcdir - ac_given_INSTALL="$INSTALL" - -! trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 - EOF - cat >> $CONFIG_STATUS <> $CONFIG_STATUS <> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF - for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then ---- 7112,7118 ---- - - cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF - for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then +--- configure.orig Wed Jul 8 18:41:14 1998 ++++ configure Thu Nov 5 00:28:07 1998 +@@ -1996,12 +1996,6 @@ + + export CFLAGS CC + +-# Socket pairs appear to be broken on several systems. I don't know exactly +-# where, so I'll use pipes everywhere for now. +-cat >> confdefs.h <<\EOF +-#define USE_PIPES 1 +-EOF +- + + echo $ac_n "checking that the compiler works""... $ac_c" 1>&6 + echo "configure:2008: checking that the compiler works" >&5 +@@ -7344,15 +7338,15 @@ + case "$enableval" in + no) + echo "$ac_t""no" 1>&6 +- SSHINSTALLMODE=0711 ++ SSHINSTALLMODE=0511 + ;; + *) echo "$ac_t""yes" 1>&6 +- SSHINSTALLMODE=04711 ++ SSHINSTALLMODE=04511 + ;; + esac + else + echo "$ac_t""yes" 1>&6 +- SSHINSTALLMODE=04711 ++ SSHINSTALLMODE=04511 + + fi + +@@ -7632,7 +7626,7 @@ + ac_given_srcdir=$srcdir + ac_given_INSTALL="$INSTALL" + +-trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 ++trap 'rm -fr `echo "Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 + EOF + cat >> $CONFIG_STATUS <> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF + for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then diff --git a/security/ssh/patches/patch-ae b/security/ssh/patches/patch-ae index a4dfede0a64..2c5b1b26071 100644 --- a/security/ssh/patches/patch-ae +++ b/security/ssh/patches/patch-ae @@ -1,22 +1,13 @@ -$NetBSD: patch-ae,v 1.4 1998/08/07 11:13:49 agc Exp $ +$NetBSD: patch-ae,v 1.5 1998/11/04 23:43:39 tron Exp $ -Index: server_config.sample -*** server_config.sample.orig Tue Jan 20 05:20:14 1998 ---- server_config.sample Tue Jan 20 20:40:35 1998 -*************** -*** 16,22 **** - FascistLogging no - PrintMotd yes - KeepAlive yes -! SyslogFacility DAEMON - RhostsAuthentication no - RhostsRSAAuthentication yes - RSAAuthentication yes ---- 16,22 ---- - FascistLogging no - PrintMotd yes - KeepAlive yes -! SyslogFacility AUTH - RhostsAuthentication no - RhostsRSAAuthentication yes - RSAAuthentication yes +--- server_config.sample.orig Wed Jul 8 18:40:08 1998 ++++ server_config.sample Thu Nov 5 00:28:07 1998 +@@ -16,7 +16,7 @@ + FascistLogging no + PrintMotd yes + KeepAlive yes +-SyslogFacility DAEMON ++SyslogFacility AUTH + RhostsAuthentication no + RhostsRSAAuthentication yes + RSAAuthentication yes diff --git a/security/ssh/patches/patch-ag b/security/ssh/patches/patch-ag new file mode 100644 index 00000000000..277a1842559 --- /dev/null +++ b/security/ssh/patches/patch-ag @@ -0,0 +1,58 @@ +$NetBSD: patch-ag,v 1.1 1998/11/04 23:43:39 tron Exp $ + +--- log-server.c.orig Wed Jul 8 18:40:36 1998 ++++ log-server.c Thu Nov 5 00:31:23 1998 +@@ -134,7 +134,7 @@ + if (log_quiet) + return; + va_start(args, fmt); +- vsprintf(buf, fmt, args); ++ vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + if (log_on_stderr) + fprintf(stderr, "log: %s\n", buf); +@@ -175,7 +175,7 @@ + if (log_quiet) + return; + va_start(args, fmt); +- vsprintf(buf, fmt, args); ++ vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + if (log_on_stderr) + fprintf(stderr, "log: %s\n", buf); +@@ -191,7 +191,7 @@ + if (!log_debug || log_quiet) + return; + va_start(args, fmt); +- vsprintf(buf, fmt, args); ++ vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + if (log_on_stderr) + fprintf(stderr, "debug: %s\n", buf); +@@ -207,7 +207,7 @@ + if (log_quiet) + return; + va_start(args, fmt); +- vsprintf(buf, fmt, args); ++ vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + if (log_on_stderr) + fprintf(stderr, "error: %s\n", buf); +@@ -302,7 +302,7 @@ + if (log_quiet) + exit(1); + va_start(args, fmt); +- vsprintf(buf, fmt, args); ++ vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + if (log_on_stderr) + fprintf(stderr, "fatal: %s\n", buf); +@@ -321,7 +321,7 @@ + if (log_quiet) + exit(1); + va_start(args, fmt); +- vsprintf(buf, fmt, args); ++ vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + if (log_on_stderr) + fprintf(stderr, "fatal: %s\n", buf); diff --git a/security/ssh/patches/patch-ah b/security/ssh/patches/patch-ah new file mode 100644 index 00000000000..c4f5e678347 --- /dev/null +++ b/security/ssh/patches/patch-ah @@ -0,0 +1,22 @@ +$NetBSD: patch-ah,v 1.3 1998/11/04 23:43:39 tron Exp $ + +--- packet.c.orig Wed Jul 8 18:40:37 1998 ++++ packet.c Thu Nov 5 00:31:23 1998 +@@ -693,7 +693,7 @@ + va_list args; + + va_start(args, fmt); +- vsprintf(buf, fmt, args); ++ vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + + packet_start(SSH_MSG_DEBUG); +@@ -719,7 +719,7 @@ + /* Format the message. Note that the caller must make sure the message + is of limited size. */ + va_start(args, fmt); +- vsprintf(buf, fmt, args); ++ vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + + /* Send the disconnect message to the other side, and wait for it to get diff --git a/security/ssh/patches/patch-ai b/security/ssh/patches/patch-ai new file mode 100644 index 00000000000..fc25e8162d6 --- /dev/null +++ b/security/ssh/patches/patch-ai @@ -0,0 +1,13 @@ +$NetBSD: patch-ai,v 1.3 1998/11/04 23:43:39 tron Exp $ + +--- scp.c.orig Wed Jul 8 18:40:38 1998 ++++ scp.c Thu Nov 5 00:31:23 1998 +@@ -332,7 +332,7 @@ + char buf[1024]; + + va_start(ap, fmt); +- vsprintf(buf, fmt, ap); ++ vsnprintf(buf, sizeof(buf), fmt, ap); + va_end(ap); + fprintf(stderr, "%s\n", buf); + exit(255); diff --git a/security/ssh/patches/patch-aj b/security/ssh/patches/patch-aj index 36f0d3d67dd..2a19ec9b0da 100644 --- a/security/ssh/patches/patch-aj +++ b/security/ssh/patches/patch-aj @@ -1,68 +1,41 @@ -$NetBSD: patch-aj,v 1.4 1998/08/07 11:13:50 agc Exp $ +$NetBSD: patch-aj,v 1.5 1998/11/04 23:43:39 tron Exp $ -Index: configure.in -*** configure.in.orig Tue Jan 20 05:24:14 1998 ---- configure.in Sat Jan 24 19:05:51 1998 -*************** -*** 635,643 **** - - export CFLAGS CC - -! # Socket pairs appear to be broken on several systems. I don't know exactly -! # where, so I'll use pipes everywhere for now. -! AC_DEFINE(USE_PIPES) - - AC_MSG_CHECKING([that the compiler works]) - AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], ---- 635,643 ---- - - export CFLAGS CC - -! dnl # Socket pairs appear to be broken on several systems. I don't know exactly -! dnl # where, so I'll use pipes everywhere for now. -! dnl AC_DEFINE(USE_PIPES) - - AC_MSG_CHECKING([that the compiler works]) - AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], -*************** -*** 1506,1519 **** - [ case "$enableval" in - no) - AC_MSG_RESULT(no) -! SSHINSTALLMODE=0711 - ;; - *) AC_MSG_RESULT(yes) -! SSHINSTALLMODE=04711 - ;; - esac ], - AC_MSG_RESULT(yes) -! SSHINSTALLMODE=04711 - ) - - # We include this here only to make it visible in --help; this is only used ---- 1506,1519 ---- - [ case "$enableval" in - no) - AC_MSG_RESULT(no) -! SSHINSTALLMODE=0511 - ;; - *) AC_MSG_RESULT(yes) -! SSHINSTALLMODE=04511 - ;; - esac ], - AC_MSG_RESULT(yes) -! SSHINSTALLMODE=04511 - ) - - # We include this here only to make it visible in --help; this is only used -*************** -*** 1539,1542 **** - AC_SUBST(CONFOBJS) - AC_SUBST(SSHINSTALLMODE) - -! AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile) ---- 1539,1542 ---- - AC_SUBST(CONFOBJS) - AC_SUBST(SSHINSTALLMODE) - -! AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile) +--- configure.in.orig Wed Jul 8 18:41:10 1998 ++++ configure.in Thu Nov 5 00:28:07 1998 +@@ -317,9 +317,9 @@ + + export CFLAGS CC + +-# Socket pairs appear to be broken on several systems. I don't know exactly +-# where, so I'll use pipes everywhere for now. +-AC_DEFINE(USE_PIPES) ++dnl # Socket pairs appear to be broken on several systems. I don't know exactly ++dnl # where, so I'll use pipes everywhere for now. ++dnl AC_DEFINE(USE_PIPES) + + AC_MSG_CHECKING([that the compiler works]) + AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], +@@ -1236,14 +1236,14 @@ + [ case "$enableval" in + no) + AC_MSG_RESULT(no) +- SSHINSTALLMODE=0711 ++ SSHINSTALLMODE=0511 + ;; + *) AC_MSG_RESULT(yes) +- SSHINSTALLMODE=04711 ++ SSHINSTALLMODE=04511 + ;; + esac ], + AC_MSG_RESULT(yes) +- SSHINSTALLMODE=04711 ++ SSHINSTALLMODE=04511 + ) + + AC_MSG_CHECKING(whether to enable TCP_NODELAY) +@@ -1345,4 +1345,4 @@ + AC_SUBST(SSHDCONFOBJS) + AC_SUBST(SSHINSTALLMODE) + +-AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile) ++AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.pl make-ssh-known-hosts.1 zlib-1.0.4/Makefile) diff --git a/security/ssh/patches/patch-ak b/security/ssh/patches/patch-ak new file mode 100644 index 00000000000..cbfad0c79fb --- /dev/null +++ b/security/ssh/patches/patch-ak @@ -0,0 +1,7 @@ +$NetBSD: patch-ak,v 1.1 1998/11/04 23:43:39 tron Exp $ + +--- version.h.orig Wed Jul 8 18:40:39 1998 ++++ version.h Thu Nov 5 00:31:23 1998 +@@ -1 +1 @@ +-#define SSH_VERSION "1.2.26" ++#define SSH_VERSION "1.2.26-vsnprintf-patched" diff --git a/security/ssh/patches/patch-ao b/security/ssh/patches/patch-ao index 3fde5a9a4d3..a0e68db46be 100644 --- a/security/ssh/patches/patch-ao +++ b/security/ssh/patches/patch-ao @@ -1,68 +1,42 @@ -$NetBSD: patch-ao,v 1.5 1998/08/07 11:13:50 agc Exp $ +$NetBSD: patch-ao,v 1.6 1998/11/04 23:43:39 tron Exp $ -*** newchannels.c.orig Tue Jan 20 07:24:06 1998 ---- newchannels.c Wed Mar 18 20:44:26 1998 -*************** -*** 241,247 **** - #include "authfd.h" - #include "emulate.h" - #include "servconf.h" -! #ifdef LIBWRAP - #include - #include - #ifdef NEED_SYS_SYSLOG_H ---- 241,247 ---- - #include "authfd.h" - #include "emulate.h" - #include "servconf.h" -! #if defined(LIBWRAP) && defined(LIBWRAP_FWD) - #include - #include - #ifdef NEED_SYS_SYSLOG_H -*************** -*** 881,887 **** - sprintf(buf, "X11 connection from %.200s port %d", - remote_hostname, get_peer_port(newsock)); - xfree(remote_hostname); -! #ifdef LIBWRAP - { - struct request_info req; - struct servent *serv; ---- 881,887 ---- - sprintf(buf, "X11 connection from %.200s port %d", - remote_hostname, get_peer_port(newsock)); - xfree(remote_hostname); -! #if defined(LIBWRAP) && defined(LIBWRAP_FWD) - { - struct request_info req; - struct servent *serv; -*************** -*** 932,938 **** - ch->listening_port, remote_hostname, - get_peer_port(newsock)); - xfree(remote_hostname); -! #ifdef LIBWRAP - { - struct request_info req; - struct servent *serv; ---- 932,938 ---- - ch->listening_port, remote_hostname, - get_peer_port(newsock)); - xfree(remote_hostname); -! #if defined(LIBWRAP) && defined(LIBWRAP_FWD) - { - struct request_info req; - struct servent *serv; -*************** -*** 2324,2329 **** ---- 2324,2333 ---- - ssh-agent connections on your system */ - old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - -+ /* Make sure the socket doesn't already exist, left over from a system -+ crash perhaps. */ -+ unlink(channel_forwarded_auth_socket_name); -+ - if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0) - packet_disconnect("Agent socket bind failed: %.100s", strerror(errno)); - +--- newchannels.c.orig Wed Jul 8 18:40:36 1998 ++++ newchannels.c Thu Nov 5 00:28:07 1998 +@@ -263,7 +263,7 @@ + #include "authfd.h" + #include "emulate.h" + #include "servconf.h" +-#ifdef LIBWRAP ++#if defined(LIBWRAP) && defined(LIBWRAP_FWD) + #include + #include + #ifdef NEED_SYS_SYSLOG_H +@@ -923,7 +923,7 @@ + sprintf(buf, "X11 connection from %.200s port %d", + remote_hostname, get_peer_port(newsock)); + xfree(remote_hostname); +-#ifdef LIBWRAP ++#if defined(LIBWRAP) && defined(LIBWRAP_FWD) + { + struct request_info req; + struct servent *serv; +@@ -974,7 +974,7 @@ + ch->listening_port, remote_hostname, + get_peer_port(newsock)); + xfree(remote_hostname); +-#ifdef LIBWRAP ++#if defined(LIBWRAP) && defined(LIBWRAP_FWD) + { + struct request_info req; + struct servent *serv; +@@ -2388,6 +2388,10 @@ + ssh-agent connections on your system */ + old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + ++ /* Make sure the socket doesn't already exist, left over from a system ++ crash perhaps. */ ++ unlink(channel_forwarded_auth_socket_name); ++ + if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0) + packet_disconnect("Agent socket bind failed: %.100s", strerror(errno)); + -- cgit v1.2.3