- Cast the arguments of ssh_conn_send_channel_data_type() and

  ssh_encode_{array_alloc,buffer}() calls as appropriate in order to
  fix argument size problems on 64-bit platforms and that manifest
  themselves on amd64 and ia64. [1]
- Allow the tcsetattr(3) calls in ssh_rl_{restore,set}_tty_modes_for_fd()
  to be interrupted by signal. This fixes occasional problems when
  connecting to a host for the first time.
- Use the base zlib instead of the one shipping with SSH; although the
  latter has an enhancement allowing a minor SSH-specific optimization,
  using the base one has the benefit of not needing to track security
  vulnerabilities of zlib in this port (SSH 3.2.9.1 ships with zlib
  1.1.4 which is not know to be vulnerable though).
- Try to make the description of the WITHOUT_X11 option of the port
  Makefile to be more sentence-like.

PR:		98016 [1]
Approved by:	netchild
Obtained from:	NetBSD [1]

13 files changed, 220 insertions, 9 deletions

diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile
index ba2483ccee49..211710250226 100644
--- a/security/ssh2/Makefile
+++ b/security/ssh2/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	ssh2
 PORTVERSION=	3.2.9.1
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	security ipv6
 # The list of official mirror sites is at:
 # http://www.ssh.com/support/downloads/secureshellserver/non-commercial.html
@@ -115,8 +115,8 @@ pre-everything::
 	@${ECHO_MSG} "				security/krb5 is installed."
 .endif
 .if !defined(WITHOUT_X11)
-	@${ECHO_MSG} "WITHOUT_X11=yes			builds without X11 support. Same as compiling"
-	@${ECHO_MSG} "				security/ssh2-nox11."
+	@${ECHO_MSG} "WITHOUT_X11=yes			builds without X11 support. Setting this is"
+	@${ECHO_MSG} "				the same as compiling security/ssh2-nox11."
 .endif
 	@${ECHO_MSG} ""
 .endif
@@ -131,6 +131,10 @@ post-patch:
 	@${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g' \
 		${WRKSRC}/apps/ssh/subconfig/${i}
 .endfor
+	@${FIND} ${WRKSRC} -name Makefile.in -print0 -type f | \
+		${XARGS} -0 ${REINPLACE_CMD} -E -e \
+		's|-I\$$\(top_srcdir\)\/lib\/zlib||g; \
+		s|\$$\(top_builddir\)\/lib\/zlib\/libz.a||g'
 	@${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g' \
 		${WRKSRC}/HOWTO.anonymous.sftp
 	@${REINPLACE_CMD} -e \
diff --git a/security/ssh2/files/patch-apps::ssh::lib::sshproto::sshconn.c b/security/ssh2/files/patch-apps::ssh::lib::sshproto::sshconn.c
new file mode 100644
index 000000000000..cd744448a77f
--- /dev/null
+++ b/security/ssh2/files/patch-apps::ssh::lib::sshproto::sshconn.c
@@ -0,0 +1,22 @@
+--- apps/ssh/lib/sshproto/sshconn.c.orig	2003-12-03 15:17:34.000000000 +0200
++++ apps/ssh/lib/sshproto/sshconn.c
+@@ -452,7 +452,8 @@ Boolean ssh_conn_send_channel_data_type(
+                                      (unsigned int) SSH_MSG_CHANNEL_DATA,
+                                      SSH_FORMAT_UINT32, (SshUInt32)
+                                      channel->remote_id,
+-                                     SSH_FORMAT_UINT32_STR, buf, len,
++                                     SSH_FORMAT_UINT32_STR, buf,
++				     (size_t) len,
+                                      SSH_FORMAT_END);
+         }
+       else
+@@ -465,7 +466,8 @@ Boolean ssh_conn_send_channel_data_type(
+                                      SSH_FORMAT_UINT32, (SshUInt32)
+                                      channel->remote_id,
+                                      SSH_FORMAT_UINT32, (SshUInt32) i,
+-                                     SSH_FORMAT_UINT32_STR, buf, len,
++                                     SSH_FORMAT_UINT32_STR, buf,
++				     (size_t) len,
+                                      SSH_FORMAT_END);
+         }
+ 
diff --git a/security/ssh2/files/patch-apps::ssh::lib::sshproto::trcommon.c b/security/ssh2/files/patch-apps::ssh::lib::sshproto::trcommon.c
new file mode 100644
index 000000000000..bcf60cdce113
--- /dev/null
+++ b/security/ssh2/files/patch-apps::ssh::lib::sshproto::trcommon.c
@@ -0,0 +1,20 @@
+--- apps/ssh/lib/sshproto/trcommon.c.orig	2003-12-03 15:17:33.000000000 +0200
++++ apps/ssh/lib/sshproto/trcommon.c
+@@ -555,7 +555,7 @@ void ssh_tr_send_packet(SshTransportComm
+       SSH_DEBUG(5, ("Outgoing empty, sending empty ignore packet."));
+       ret = ssh_encode_buffer(&new_packet,
+                               SSH_FORMAT_CHAR, (unsigned int) SSH_MSG_IGNORE,
+-                              SSH_FORMAT_UINT32, 0L,
++                              SSH_FORMAT_UINT32, (SshUInt32) 0,
+                               SSH_FORMAT_END);
+       SSH_VERIFY(ret > 0);
+       ssh_tr_encode_packet(tr, ssh_buffer_ptr(&new_packet),
+@@ -3171,7 +3171,7 @@ void ssh_tr_process_up_incoming_packet(S
+ 
+           ssh_encode_buffer(new_packet,
+                             SSH_FORMAT_CHAR, (unsigned int) SSH_MSG_IGNORE,
+-                            SSH_FORMAT_UINT32, ignore_len,
++                            SSH_FORMAT_UINT32, (SshUInt32) ignore_len,
+                             SSH_FORMAT_END);
+ 
+           ssh_xbuffer_append_space(new_packet, &datap, ignore_len);
diff --git a/security/ssh2/files/patch-apps::ssh::ssh-agent2.c b/security/ssh2/files/patch-apps::ssh::ssh-agent2.c
new file mode 100644
index 000000000000..5ca8b5130566
--- /dev/null
+++ b/security/ssh2/files/patch-apps::ssh::ssh-agent2.c
@@ -0,0 +1,11 @@
+--- apps/ssh/ssh-agent2.c.orig	2003-12-03 15:17:27.000000000 +0200
++++ apps/ssh/ssh-agent2.c
+@@ -1802,7 +1802,7 @@ void ssh_agenti_ssh1_encode_mp(SshBuffer
+   num_buf = ssh_xmalloc(num_buf_len);
+   ssh_mp_get_buf(num_buf, num_buf_len, n);
+   ssh_encode_buffer(buffer,
+-                    SSH_FORMAT_DATA, len_buf, 2,
++                    SSH_FORMAT_DATA, len_buf, (size_t) 2,
+                     SSH_FORMAT_DATA, num_buf, num_buf_len,
+                     SSH_FORMAT_END);
+   ssh_xfree(num_buf);
diff --git a/security/ssh2/files/patch-apps::ssh::ssh-signer2.c b/security/ssh2/files/patch-apps::ssh::ssh-signer2.c
new file mode 100644
index 000000000000..0dec00a86547
--- /dev/null
+++ b/security/ssh2/files/patch-apps::ssh::ssh-signer2.c
@@ -0,0 +1,11 @@
+--- apps/ssh/ssh-signer2.c.orig	2003-12-03 15:17:26.000000000 +0200
++++ apps/ssh/ssh-signer2.c
+@@ -264,7 +264,7 @@ SSH_FSM_STEP(signer_send_error)
+                            (unsigned int) gdata->error_code_to_ssh2,
+                            SSH_FORMAT_UINT32_STR, gdata->error_message_to_ssh2,
+                            strlen(gdata->error_message_to_ssh2),
+-                           SSH_FORMAT_UINT32_STR, "en", 2,
++                           SSH_FORMAT_UINT32_STR, "en", (size_t) 2,
+                            SSH_FORMAT_END);
+ 
+   ssh_packet_wrapper_can_receive(gdata->wrapper, FALSE);
diff --git a/security/ssh2/files/patch-apps::ssh::ssh1proto.c b/security/ssh2/files/patch-apps::ssh::ssh1proto.c
new file mode 100644
index 000000000000..5e912e7e814c
--- /dev/null
+++ b/security/ssh2/files/patch-apps::ssh::ssh1proto.c
@@ -0,0 +1,11 @@
+--- apps/ssh/ssh1proto.c.orig	2003-12-03 15:17:26.000000000 +0200
++++ apps/ssh/ssh1proto.c
+@@ -3918,7 +3918,7 @@ void ssh1_handle_packet_smsg_auth_rsa_ch
+                           SSH_FORMAT_UINT32_STR,
+                           challenge_buf, challenge_len,
+                           SSH_FORMAT_UINT32_STR,
+-                          ssh1->session_id, 16,
++                          ssh1->session_id, (size_t) 16,
+                           SSH_FORMAT_END);
+         ssh_xfree(challenge_buf);
+         ssh1->mode = SSH1_AGENT_OPERATION_IN_PROGRESS;
diff --git a/security/ssh2/files/patch-apps::ssh::sshchsession.c b/security/ssh2/files/patch-apps::ssh::sshchsession.c
index f503e324bc93..f7da16e72e1e 100644
--- a/security/ssh2/files/patch-apps::ssh::sshchsession.c
+++ b/security/ssh2/files/patch-apps::ssh::sshchsession.c
@@ -262,15 +262,28 @@
                      else if (mailbuf.st_atime > mailbuf.st_mtime)
                        printf("You have mail.\n");
                      else
-@@ -1248,6 +1374,11 @@
-               }
+@@ -1249,6 +1375,11 @@
            }
        }
-+
+ 
 +#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
 +      login_close(lc);
 +      endpwent();
 +#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
- 
++
        execve(shell, argv, env);
        /* Executing the shell failed. */
+       perror(shell);
+@@ -2315,9 +2446,9 @@
+     {
+       ssh_encode_buffer(&buffer,
+                         SSH_FORMAT_UINT32, (SshUInt32) -exit_status,
+-                        SSH_FORMAT_BOOLEAN, FALSE,
+-                        SSH_FORMAT_UINT32_STR, NULL, 0,
+-                        SSH_FORMAT_UINT32_STR, NULL, 0,
++                        SSH_FORMAT_BOOLEAN, (Boolean) FALSE,
++                        SSH_FORMAT_UINT32_STR, NULL, (size_t) 0,
++                        SSH_FORMAT_UINT32_STR, NULL, (size_t) 0,
+                         SSH_FORMAT_END);
+ 
+ 
diff --git a/security/ssh2/files/patch-apps::ssh::sshpamserver.c b/security/ssh2/files/patch-apps::ssh::sshpamserver.c
new file mode 100644
index 000000000000..b8b95a3833a5
--- /dev/null
+++ b/security/ssh2/files/patch-apps::ssh::sshpamserver.c
@@ -0,0 +1,12 @@
+--- apps/ssh/sshpamserver.c.orig	2003-12-03 15:17:26.000000000 +0200
++++ apps/ssh/sshpamserver.c
+@@ -306,7 +306,8 @@ int send_packet(int fd, SshPacketType pa
+ 
+   buffer = ssh_xbuffer_allocate();
+   ssh_encode_buffer(buffer,
+-                    SSH_FORMAT_UINT32, ssh_buffer_len(packet) + 1,
++                    SSH_FORMAT_UINT32,
++		    (SshUInt32) (ssh_buffer_len(packet) + 1),
+                     SSH_FORMAT_CHAR, (unsigned int)packet_type,
+                     SSH_FORMAT_DATA, ssh_buffer_ptr(packet),
+                     ssh_buffer_len(packet),
diff --git a/security/ssh2/files/patch-configure b/security/ssh2/files/patch-configure
index a1e3a8ac43cb..f465ed4a3042 100644
--- a/security/ssh2/files/patch-configure
+++ b/security/ssh2/files/patch-configure
@@ -9,7 +9,17 @@
  
  # Platform-specific stuff.
  case "$target" in
-@@ -10994,7 +10994,7 @@
+@@ -9731,6 +9731,9 @@
+     no_ranlib=yes
+     CFLAGS="$CFLAGS -UM_I86SM"
+     ;;
++  *-*-freebsd*)
++    os_freebsd=yes
++    ;;
+   *)
+     ;;
+ esac
+@@ -10994,7 +10997,7 @@
  fi
  if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
    echo "$ac_t""yes" 1>&6
@@ -18,7 +28,7 @@
  else
    echo "$ac_t""no" 1>&6
  fi
-@@ -11112,7 +11112,7 @@
+@@ -11112,7 +11115,7 @@
  #include "confdefs.h"
  #include <$ac_hdr>
  EOF
@@ -27,3 +37,13 @@
  { (eval echo configure:11117: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
  ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
  if test -z "$ac_err"; then
+@@ -13011,6 +13014,9 @@
+   fi
+ else
+   ssh2_ldadd_options="-L. -Llib/sshkeyutil -Llib/sshproto -L../../lib -lssh2 -lsshproto -lsshkeyutil $SCM_LDADD $ssh2_toolkit_ldadd -lssh"
++  if test -n "$os_freebsd"; then
++    ssh2_ldadd_options="$ssh2_ldadd_options -lz"
++  fi
+ fi
+ 
+ 
diff --git a/security/ssh2/files/patch-lib::Makefile.in b/security/ssh2/files/patch-lib::Makefile.in
new file mode 100644
index 000000000000..64c2eb1d0209
--- /dev/null
+++ b/security/ssh2/files/patch-lib::Makefile.in
@@ -0,0 +1,23 @@
+--- lib/Makefile.in.orig	Wed Dec  3 14:17:43 2003
++++ lib/Makefile.in	Sun Jul 30 14:39:00 2006
+@@ -124,7 +124,7 @@
+ 
+ AUTOMAKE_OPTIONS = 1.0 foreign dist-zip no-dependencies
+ 
+-SUBDIRS =  	  sshutil               	  zlib				  sshmath			  sshasn1			  sshreadline			  sshcrypto			  sshsession			  sshpgp			  sshapputil			  sshfilexfer           
++SUBDIRS =  	  sshutil				  sshmath			  sshasn1			  sshreadline			  sshcrypto			  sshsession			  sshpgp			  sshapputil			  sshfilexfer           
+ 
+ 
+ #
+@@ -449,11 +449,6 @@
+ 
+ local-includes:
+ 	-if test '!' -d ../include; then mkdir ../include; fi
+-	for i in zlib/zlib.h zlib/zconf.h; do   \
+-	  if test -f $(srcdir)/$$i; then		  \
+-	    $(COPY_INCLUDE) $(srcdir)/$$i ../include;	  \
+-	  fi;						  \
+-	done
+ 
+ includes: local-includes
+ 	for d in $(SUBDIRS); do (cd $$d && $(MAKE) includes); done
diff --git a/security/ssh2/files/patch-lib::sshreadline::sshreadline.c b/security/ssh2/files/patch-lib::sshreadline::sshreadline.c
new file mode 100644
index 000000000000..cdc59b4605ee
--- /dev/null
+++ b/security/ssh2/files/patch-lib::sshreadline::sshreadline.c
@@ -0,0 +1,32 @@
+--- lib/sshreadline/sshreadline.c.orig	Wed Dec  3 14:17:20 2003
++++ lib/sshreadline/sshreadline.c	Fri Aug 18 20:58:55 2006
+@@ -500,8 +500,13 @@
+   new_term.c_lflag &= ~(ECHO | ICANON);
+   new_term.c_cc[VMIN] = 1;
+   new_term.c_cc[VTIME] = 1;
+-  if (tcsetattr(fd, TCSAFLUSH, &new_term) < 0)
++  while (tcsetattr(fd, TCSAFLUSH, &new_term) < 0)
+     {
++      if (errno == EINTR)
++        {
++          errno = 0; /* For Solaris; just to make sure. */
++          continue;
++        }
+       ssh_warning("tcsetattr failed in ssh_rl_set_tty_modes_for_fd: "
+                   "fd %d: %.200s", fd, strerror(errno));
+       return -1;
+@@ -561,8 +566,13 @@
+ {
+   fcntl(fd, F_SETFL, fcntl_flags);
+ 
+-  if (tcsetattr(fd, TCSAFLUSH, saved_tio) < 0)
++  while (tcsetattr(fd, TCSAFLUSH, saved_tio) < 0)
+     {
++      if (errno == EINTR)
++        {
++          errno = 0; /* For Solaris; just to make sure. */
++          continue;
++        }
+       ssh_warning("tcsetattr failed in ssh_rl_restore_tty_modes_for_fd: "
+                   "fd %d: %.200s", fd, strerror(errno));
+       return -1;
diff --git a/security/ssh2/files/patch-lib::sshutil::sshincludes.h b/security/ssh2/files/patch-lib::sshutil::sshincludes.h
new file mode 100644
index 000000000000..dd11710709e8
--- /dev/null
+++ b/security/ssh2/files/patch-lib::sshutil::sshincludes.h
@@ -0,0 +1,20 @@
+--- lib/sshutil/sshincludes.h.orig	Wed Dec  3 14:17:18 2003
++++ lib/sshutil/sshincludes.h	Sun Jul 30 15:27:37 2006
+@@ -331,7 +331,7 @@
+ #define UID_ROOT 0
+ #endif /* UID_ROOT */
+ 
+-#ifdef SSHDIST_ZLIB
++#if defined(SSHDIST_ZLIB) && !defined(__FreeBSD__)
+ /* Define zlib to have ssh prefix, so we will not care if there is another zlib
+    in the kernel */
+ #define deflateInit_            ssh_z_deflateInit_
+@@ -367,7 +367,7 @@
+ #define uLongf                  ssh_z_uLongf
+ #define voidpf                  ssh_z_voidpf
+ #define voidp                   ssh_z_voidp
+-#endif /* SSHDIST_ZLIB */
++#endif /* SSHDIST_ZLIB && !__FreeBSD__ */
+ 
+ 
+ 
diff --git a/security/ssh2/files/patch-sshdistdefs.h b/security/ssh2/files/patch-sshdistdefs.h
new file mode 100644
index 000000000000..a9db85ac1e48
--- /dev/null
+++ b/security/ssh2/files/patch-sshdistdefs.h
@@ -0,0 +1,12 @@
+--- sshdistdefs.h.orig	Wed Dec  3 14:17:34 2003
++++ sshdistdefs.h	Sun Jul 30 15:29:21 2006
+@@ -12,7 +12,9 @@
+ #ifndef SSHDISTDEFS_H
+ #define SSHDISTDEFS_H
+ 
++#if !defined(__FreeBSD__)
+ #define SSHDIST_ZLIB_LEVEL_DETECTION
++#endif
+ #define SSHDIST_CRYPT_HMAC
+ #define SSHDIST_SESSION_SIA
+ #define SSHDIST_SSH2_SOCKS_FILTER