aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authordinoex <dinoex@FreeBSD.org>2002-06-26 23:21:27 +0800
committerdinoex <dinoex@FreeBSD.org>2002-06-26 23:21:27 +0800
commit812a4b6d6d5e28701200837aebc7138208750138 (patch)
tree984b72a809c5b84d86bc1f7e56c519792eb75f70 /security
parent637278e08105e7dae7eba8419c8737b22532bf46 (diff)
downloadfreebsd-ports-gnome-812a4b6d6d5e28701200837aebc7138208750138.tar.gz
freebsd-ports-gnome-812a4b6d6d5e28701200837aebc7138208750138.tar.zst
freebsd-ports-gnome-812a4b6d6d5e28701200837aebc7138208750138.zip
Security FIX, Please update to this Version.
Options for both: USE_OPENSSL_BASE=yes uses an older opensssl in the base system. Options for portable: OPENSSH_OVERWRITE_BASE=yes includes USE_OPENSSL_BASE=yes installls in the paths of the base system
Diffstat (limited to 'security')
-rw-r--r--security/hpn-ssh/Makefile7
-rw-r--r--security/hpn-ssh/files/patch-auth2-chall.c61
-rw-r--r--security/hpn-ssh/pkg-plist1
-rw-r--r--security/openssh-portable/Makefile7
-rw-r--r--security/openssh-portable/files/patch-auth2-chall.c61
-rw-r--r--security/openssh-portable/pkg-plist1
-rw-r--r--security/openssh/Makefile2
-rw-r--r--security/openssh/files/patch-auth2-chall.c66
8 files changed, 200 insertions, 6 deletions
diff --git a/security/hpn-ssh/Makefile b/security/hpn-ssh/Makefile
index d4f6705dfbb8..9bb3895c0126 100644
--- a/security/hpn-ssh/Makefile
+++ b/security/hpn-ssh/Makefile
@@ -7,7 +7,7 @@
PORTNAME= openssh
PORTVERSION= 3.3p1
-PORTREVISION= 3
+PORTREVISION= 5
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \
@@ -51,6 +51,8 @@ CONFIGURE_ARGS+= --mandir=${MANPREFIX}/man --localstatedir=/var
EMPTYDIR= /var/empty
ETCSSH= /etc/ssh
PLIST_SUB+= NOTBASE="@comment "
+PLIST_SUB+= BASE=""
+PKGMESSAGE= pkg-message.empty
.else
.if exists(/var/empty)
EMPTYDIR= /var/empty
@@ -59,6 +61,7 @@ EMPTYDIR= ${PREFIX}/empty
.endif
ETCSSH= ${PREFIX}/etc/ssh
PLIST_SUB+= NOTBASE=""
+PLIST_SUB+= BASE="@comment "
.endif
PLIST_SUB+= EMPTYDIR=${EMPTYDIR}
CONFIGURE_ARGS+= --sysconfdir=${ETCSSH}
@@ -119,7 +122,9 @@ post-install:
.endif
${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist
${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist
+.if !defined(OPENSSH_OVERWRITE_BASE)
@${CAT} ${PKGMESSAGE}
+.endif
.include <bsd.port.pre.mk>
diff --git a/security/hpn-ssh/files/patch-auth2-chall.c b/security/hpn-ssh/files/patch-auth2-chall.c
new file mode 100644
index 000000000000..a596ee778e81
--- /dev/null
+++ b/security/hpn-ssh/files/patch-auth2-chall.c
@@ -0,0 +1,61 @@
+--- auth2-chall.c 2002/06/19 00:27:55 1.18
++++ auth2-chall.c 2002/06/26 13:55:37 1.19
+@@ -63,6 +63,7 @@
+ char *devices;
+ void *ctxt;
+ KbdintDevice *device;
++ u_int nreq;
+ };
+
+ static KbdintAuthctxt *
+@@ -90,6 +91,7 @@
+ debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
+ kbdintctxt->ctxt = NULL;
+ kbdintctxt->device = NULL;
++ kbdintctxt->nreq = 0;
+
+ return kbdintctxt;
+ }
+@@ -209,26 +211,26 @@
+ KbdintAuthctxt *kbdintctxt;
+ char *name, *instr, **prompts;
+ int i;
+- u_int numprompts, *echo_on;
++ u_int *echo_on;
+
+ kbdintctxt = authctxt->kbdintctxt;
+ if (kbdintctxt->device->query(kbdintctxt->ctxt,
+- &name, &instr, &numprompts, &prompts, &echo_on))
++ &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
+ return 0;
+
+ packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
+ packet_put_cstring(name);
+ packet_put_cstring(instr);
+ packet_put_cstring(""); /* language not used */
+- packet_put_int(numprompts);
+- for (i = 0; i < numprompts; i++) {
++ packet_put_int(kbdintctxt->nreq);
++ for (i = 0; i < kbdintctxt->nreq; i++) {
+ packet_put_cstring(prompts[i]);
+ packet_put_char(echo_on[i]);
+ }
+ packet_send();
+ packet_write_wait();
+
+- for (i = 0; i < numprompts; i++)
++ for (i = 0; i < kbdintctxt->nreq; i++)
+ xfree(prompts[i]);
+ xfree(prompts);
+ xfree(echo_on);
+@@ -256,6 +258,10 @@
+
+ authctxt->postponed = 0; /* reset */
+ nresp = packet_get_int();
++ if (nresp != kbdintctxt->nreq)
++ fatal("input_userauth_info_response: wrong number of replies");
++ if (nresp > 100)
++ fatal("input_userauth_info_response: too many replies");
+ if (nresp > 0) {
+ response = xmalloc(nresp * sizeof(char*));
+ for (i = 0; i < nresp; i++)
diff --git a/security/hpn-ssh/pkg-plist b/security/hpn-ssh/pkg-plist
index b2df58c55ca3..a20e02c1426b 100644
--- a/security/hpn-ssh/pkg-plist
+++ b/security/hpn-ssh/pkg-plist
@@ -33,5 +33,6 @@ libexec/ssh-keysign
%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -t dsa -N "" -f %D/etc/ssh/ssh_host_dsa_key; fi
%%NOTBASE%%@exec mkdir -p %D/empty
%%NOTBASE%%@dirrm empty
+%%BASE%%@exec mkdir -p %%EMPTYDIR%%
@exec if ! pw groupshow sshd 2>/dev/null; then pw groupadd sshd -g 22; fi
@exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u 22 -h - -d %%EMPTYDIR%% -s /nonexistent -c "sshd privilege separation"; fi
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index d4f6705dfbb8..9bb3895c0126 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -7,7 +7,7 @@
PORTNAME= openssh
PORTVERSION= 3.3p1
-PORTREVISION= 3
+PORTREVISION= 5
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \
@@ -51,6 +51,8 @@ CONFIGURE_ARGS+= --mandir=${MANPREFIX}/man --localstatedir=/var
EMPTYDIR= /var/empty
ETCSSH= /etc/ssh
PLIST_SUB+= NOTBASE="@comment "
+PLIST_SUB+= BASE=""
+PKGMESSAGE= pkg-message.empty
.else
.if exists(/var/empty)
EMPTYDIR= /var/empty
@@ -59,6 +61,7 @@ EMPTYDIR= ${PREFIX}/empty
.endif
ETCSSH= ${PREFIX}/etc/ssh
PLIST_SUB+= NOTBASE=""
+PLIST_SUB+= BASE="@comment "
.endif
PLIST_SUB+= EMPTYDIR=${EMPTYDIR}
CONFIGURE_ARGS+= --sysconfdir=${ETCSSH}
@@ -119,7 +122,9 @@ post-install:
.endif
${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist
${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist
+.if !defined(OPENSSH_OVERWRITE_BASE)
@${CAT} ${PKGMESSAGE}
+.endif
.include <bsd.port.pre.mk>
diff --git a/security/openssh-portable/files/patch-auth2-chall.c b/security/openssh-portable/files/patch-auth2-chall.c
new file mode 100644
index 000000000000..a596ee778e81
--- /dev/null
+++ b/security/openssh-portable/files/patch-auth2-chall.c
@@ -0,0 +1,61 @@
+--- auth2-chall.c 2002/06/19 00:27:55 1.18
++++ auth2-chall.c 2002/06/26 13:55:37 1.19
+@@ -63,6 +63,7 @@
+ char *devices;
+ void *ctxt;
+ KbdintDevice *device;
++ u_int nreq;
+ };
+
+ static KbdintAuthctxt *
+@@ -90,6 +91,7 @@
+ debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
+ kbdintctxt->ctxt = NULL;
+ kbdintctxt->device = NULL;
++ kbdintctxt->nreq = 0;
+
+ return kbdintctxt;
+ }
+@@ -209,26 +211,26 @@
+ KbdintAuthctxt *kbdintctxt;
+ char *name, *instr, **prompts;
+ int i;
+- u_int numprompts, *echo_on;
++ u_int *echo_on;
+
+ kbdintctxt = authctxt->kbdintctxt;
+ if (kbdintctxt->device->query(kbdintctxt->ctxt,
+- &name, &instr, &numprompts, &prompts, &echo_on))
++ &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
+ return 0;
+
+ packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
+ packet_put_cstring(name);
+ packet_put_cstring(instr);
+ packet_put_cstring(""); /* language not used */
+- packet_put_int(numprompts);
+- for (i = 0; i < numprompts; i++) {
++ packet_put_int(kbdintctxt->nreq);
++ for (i = 0; i < kbdintctxt->nreq; i++) {
+ packet_put_cstring(prompts[i]);
+ packet_put_char(echo_on[i]);
+ }
+ packet_send();
+ packet_write_wait();
+
+- for (i = 0; i < numprompts; i++)
++ for (i = 0; i < kbdintctxt->nreq; i++)
+ xfree(prompts[i]);
+ xfree(prompts);
+ xfree(echo_on);
+@@ -256,6 +258,10 @@
+
+ authctxt->postponed = 0; /* reset */
+ nresp = packet_get_int();
++ if (nresp != kbdintctxt->nreq)
++ fatal("input_userauth_info_response: wrong number of replies");
++ if (nresp > 100)
++ fatal("input_userauth_info_response: too many replies");
+ if (nresp > 0) {
+ response = xmalloc(nresp * sizeof(char*));
+ for (i = 0; i < nresp; i++)
diff --git a/security/openssh-portable/pkg-plist b/security/openssh-portable/pkg-plist
index b2df58c55ca3..a20e02c1426b 100644
--- a/security/openssh-portable/pkg-plist
+++ b/security/openssh-portable/pkg-plist
@@ -33,5 +33,6 @@ libexec/ssh-keysign
%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -t dsa -N "" -f %D/etc/ssh/ssh_host_dsa_key; fi
%%NOTBASE%%@exec mkdir -p %D/empty
%%NOTBASE%%@dirrm empty
+%%BASE%%@exec mkdir -p %%EMPTYDIR%%
@exec if ! pw groupshow sshd 2>/dev/null; then pw groupadd sshd -g 22; fi
@exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u 22 -h - -d %%EMPTYDIR%% -s /nonexistent -c "sshd privilege separation"; fi
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index 484c77d5a24b..59b89f77f19f 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -7,7 +7,7 @@
PORTNAME= openssh
PORTVERSION= 3.3
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= security
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
diff --git a/security/openssh/files/patch-auth2-chall.c b/security/openssh/files/patch-auth2-chall.c
index 488bdf9d036e..80470f799fd8 100644
--- a/security/openssh/files/patch-auth2-chall.c
+++ b/security/openssh/files/patch-auth2-chall.c
@@ -1,6 +1,6 @@
--- auth2-chall.c.orig Wed Jun 19 02:27:55 2002
-+++ auth2-chall.c Mon Jun 24 06:54:04 2002
-@@ -40,19 +40,19 @@
++++ auth2-chall.c Wed Jun 26 16:59:05 2002
+@@ -40,20 +40,20 @@
#ifdef BSD_AUTH
extern KbdintDevice bsdauth_device;
@@ -22,7 +22,67 @@
+ &pam_device,
+#elif defined(SKEY)
&skey_device,
--#endif
#endif
+-#endif
NULL
};
+
+@@ -63,6 +63,7 @@
+ char *devices;
+ void *ctxt;
+ KbdintDevice *device;
++ u_int nreq;
+ };
+
+ static KbdintAuthctxt *
+@@ -90,6 +91,7 @@
+ debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
+ kbdintctxt->ctxt = NULL;
+ kbdintctxt->device = NULL;
++ kbdintctxt->nreq = 0;
+
+ return kbdintctxt;
+ }
+@@ -209,26 +211,26 @@
+ KbdintAuthctxt *kbdintctxt;
+ char *name, *instr, **prompts;
+ int i;
+- u_int numprompts, *echo_on;
++ u_int *echo_on;
+
+ kbdintctxt = authctxt->kbdintctxt;
+ if (kbdintctxt->device->query(kbdintctxt->ctxt,
+- &name, &instr, &numprompts, &prompts, &echo_on))
++ &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
+ return 0;
+
+ packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
+ packet_put_cstring(name);
+ packet_put_cstring(instr);
+ packet_put_cstring(""); /* language not used */
+- packet_put_int(numprompts);
+- for (i = 0; i < numprompts; i++) {
++ packet_put_int(kbdintctxt->nreq);
++ for (i = 0; i < kbdintctxt->nreq; i++) {
+ packet_put_cstring(prompts[i]);
+ packet_put_char(echo_on[i]);
+ }
+ packet_send();
+ packet_write_wait();
+
+- for (i = 0; i < numprompts; i++)
++ for (i = 0; i < kbdintctxt->nreq; i++)
+ xfree(prompts[i]);
+ xfree(prompts);
+ xfree(echo_on);
+@@ -256,6 +258,10 @@
+
+ authctxt->postponed = 0; /* reset */
+ nresp = packet_get_int();
++ if (nresp != kbdintctxt->nreq)
++ fatal("input_userauth_info_response: wrong number of replies");
++ if (nresp > 100)
++ fatal("input_userauth_info_response: too many replies");
+ if (nresp > 0) {
+ response = xmalloc(nresp * sizeof(char*));
+ for (i = 0; i < nresp; i++)