diff options
author | dinoex <dinoex@FreeBSD.org> | 2002-06-26 23:21:27 +0800 |
---|---|---|
committer | dinoex <dinoex@FreeBSD.org> | 2002-06-26 23:21:27 +0800 |
commit | 812a4b6d6d5e28701200837aebc7138208750138 (patch) | |
tree | 984b72a809c5b84d86bc1f7e56c519792eb75f70 /security | |
parent | 637278e08105e7dae7eba8419c8737b22532bf46 (diff) | |
download | freebsd-ports-gnome-812a4b6d6d5e28701200837aebc7138208750138.tar.gz freebsd-ports-gnome-812a4b6d6d5e28701200837aebc7138208750138.tar.zst freebsd-ports-gnome-812a4b6d6d5e28701200837aebc7138208750138.zip |
Security FIX, Please update to this Version.
Options for both:
USE_OPENSSL_BASE=yes
uses an older opensssl in the base system.
Options for portable:
OPENSSH_OVERWRITE_BASE=yes
includes USE_OPENSSL_BASE=yes
installls in the paths of the base system
Diffstat (limited to 'security')
-rw-r--r-- | security/hpn-ssh/Makefile | 7 | ||||
-rw-r--r-- | security/hpn-ssh/files/patch-auth2-chall.c | 61 | ||||
-rw-r--r-- | security/hpn-ssh/pkg-plist | 1 | ||||
-rw-r--r-- | security/openssh-portable/Makefile | 7 | ||||
-rw-r--r-- | security/openssh-portable/files/patch-auth2-chall.c | 61 | ||||
-rw-r--r-- | security/openssh-portable/pkg-plist | 1 | ||||
-rw-r--r-- | security/openssh/Makefile | 2 | ||||
-rw-r--r-- | security/openssh/files/patch-auth2-chall.c | 66 |
8 files changed, 200 insertions, 6 deletions
diff --git a/security/hpn-ssh/Makefile b/security/hpn-ssh/Makefile index d4f6705dfbb8..9bb3895c0126 100644 --- a/security/hpn-ssh/Makefile +++ b/security/hpn-ssh/Makefile @@ -7,7 +7,7 @@ PORTNAME= openssh PORTVERSION= 3.3p1 -PORTREVISION= 3 +PORTREVISION= 5 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ @@ -51,6 +51,8 @@ CONFIGURE_ARGS+= --mandir=${MANPREFIX}/man --localstatedir=/var EMPTYDIR= /var/empty ETCSSH= /etc/ssh PLIST_SUB+= NOTBASE="@comment " +PLIST_SUB+= BASE="" +PKGMESSAGE= pkg-message.empty .else .if exists(/var/empty) EMPTYDIR= /var/empty @@ -59,6 +61,7 @@ EMPTYDIR= ${PREFIX}/empty .endif ETCSSH= ${PREFIX}/etc/ssh PLIST_SUB+= NOTBASE="" +PLIST_SUB+= BASE="@comment " .endif PLIST_SUB+= EMPTYDIR=${EMPTYDIR} CONFIGURE_ARGS+= --sysconfdir=${ETCSSH} @@ -119,7 +122,9 @@ post-install: .endif ${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist ${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist +.if !defined(OPENSSH_OVERWRITE_BASE) @${CAT} ${PKGMESSAGE} +.endif .include <bsd.port.pre.mk> diff --git a/security/hpn-ssh/files/patch-auth2-chall.c b/security/hpn-ssh/files/patch-auth2-chall.c new file mode 100644 index 000000000000..a596ee778e81 --- /dev/null +++ b/security/hpn-ssh/files/patch-auth2-chall.c @@ -0,0 +1,61 @@ +--- auth2-chall.c 2002/06/19 00:27:55 1.18 ++++ auth2-chall.c 2002/06/26 13:55:37 1.19 +@@ -63,6 +63,7 @@ + char *devices; + void *ctxt; + KbdintDevice *device; ++ u_int nreq; + }; + + static KbdintAuthctxt * +@@ -90,6 +91,7 @@ + debug("kbdint_alloc: devices '%s'", kbdintctxt->devices); + kbdintctxt->ctxt = NULL; + kbdintctxt->device = NULL; ++ kbdintctxt->nreq = 0; + + return kbdintctxt; + } +@@ -209,26 +211,26 @@ + KbdintAuthctxt *kbdintctxt; + char *name, *instr, **prompts; + int i; +- u_int numprompts, *echo_on; ++ u_int *echo_on; + + kbdintctxt = authctxt->kbdintctxt; + if (kbdintctxt->device->query(kbdintctxt->ctxt, +- &name, &instr, &numprompts, &prompts, &echo_on)) ++ &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) + return 0; + + packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); + packet_put_cstring(name); + packet_put_cstring(instr); + packet_put_cstring(""); /* language not used */ +- packet_put_int(numprompts); +- for (i = 0; i < numprompts; i++) { ++ packet_put_int(kbdintctxt->nreq); ++ for (i = 0; i < kbdintctxt->nreq; i++) { + packet_put_cstring(prompts[i]); + packet_put_char(echo_on[i]); + } + packet_send(); + packet_write_wait(); + +- for (i = 0; i < numprompts; i++) ++ for (i = 0; i < kbdintctxt->nreq; i++) + xfree(prompts[i]); + xfree(prompts); + xfree(echo_on); +@@ -256,6 +258,10 @@ + + authctxt->postponed = 0; /* reset */ + nresp = packet_get_int(); ++ if (nresp != kbdintctxt->nreq) ++ fatal("input_userauth_info_response: wrong number of replies"); ++ if (nresp > 100) ++ fatal("input_userauth_info_response: too many replies"); + if (nresp > 0) { + response = xmalloc(nresp * sizeof(char*)); + for (i = 0; i < nresp; i++) diff --git a/security/hpn-ssh/pkg-plist b/security/hpn-ssh/pkg-plist index b2df58c55ca3..a20e02c1426b 100644 --- a/security/hpn-ssh/pkg-plist +++ b/security/hpn-ssh/pkg-plist @@ -33,5 +33,6 @@ libexec/ssh-keysign %%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -t dsa -N "" -f %D/etc/ssh/ssh_host_dsa_key; fi %%NOTBASE%%@exec mkdir -p %D/empty %%NOTBASE%%@dirrm empty +%%BASE%%@exec mkdir -p %%EMPTYDIR%% @exec if ! pw groupshow sshd 2>/dev/null; then pw groupadd sshd -g 22; fi @exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u 22 -h - -d %%EMPTYDIR%% -s /nonexistent -c "sshd privilege separation"; fi diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index d4f6705dfbb8..9bb3895c0126 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -7,7 +7,7 @@ PORTNAME= openssh PORTVERSION= 3.3p1 -PORTREVISION= 3 +PORTREVISION= 5 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ @@ -51,6 +51,8 @@ CONFIGURE_ARGS+= --mandir=${MANPREFIX}/man --localstatedir=/var EMPTYDIR= /var/empty ETCSSH= /etc/ssh PLIST_SUB+= NOTBASE="@comment " +PLIST_SUB+= BASE="" +PKGMESSAGE= pkg-message.empty .else .if exists(/var/empty) EMPTYDIR= /var/empty @@ -59,6 +61,7 @@ EMPTYDIR= ${PREFIX}/empty .endif ETCSSH= ${PREFIX}/etc/ssh PLIST_SUB+= NOTBASE="" +PLIST_SUB+= BASE="@comment " .endif PLIST_SUB+= EMPTYDIR=${EMPTYDIR} CONFIGURE_ARGS+= --sysconfdir=${ETCSSH} @@ -119,7 +122,9 @@ post-install: .endif ${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist ${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist +.if !defined(OPENSSH_OVERWRITE_BASE) @${CAT} ${PKGMESSAGE} +.endif .include <bsd.port.pre.mk> diff --git a/security/openssh-portable/files/patch-auth2-chall.c b/security/openssh-portable/files/patch-auth2-chall.c new file mode 100644 index 000000000000..a596ee778e81 --- /dev/null +++ b/security/openssh-portable/files/patch-auth2-chall.c @@ -0,0 +1,61 @@ +--- auth2-chall.c 2002/06/19 00:27:55 1.18 ++++ auth2-chall.c 2002/06/26 13:55:37 1.19 +@@ -63,6 +63,7 @@ + char *devices; + void *ctxt; + KbdintDevice *device; ++ u_int nreq; + }; + + static KbdintAuthctxt * +@@ -90,6 +91,7 @@ + debug("kbdint_alloc: devices '%s'", kbdintctxt->devices); + kbdintctxt->ctxt = NULL; + kbdintctxt->device = NULL; ++ kbdintctxt->nreq = 0; + + return kbdintctxt; + } +@@ -209,26 +211,26 @@ + KbdintAuthctxt *kbdintctxt; + char *name, *instr, **prompts; + int i; +- u_int numprompts, *echo_on; ++ u_int *echo_on; + + kbdintctxt = authctxt->kbdintctxt; + if (kbdintctxt->device->query(kbdintctxt->ctxt, +- &name, &instr, &numprompts, &prompts, &echo_on)) ++ &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) + return 0; + + packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); + packet_put_cstring(name); + packet_put_cstring(instr); + packet_put_cstring(""); /* language not used */ +- packet_put_int(numprompts); +- for (i = 0; i < numprompts; i++) { ++ packet_put_int(kbdintctxt->nreq); ++ for (i = 0; i < kbdintctxt->nreq; i++) { + packet_put_cstring(prompts[i]); + packet_put_char(echo_on[i]); + } + packet_send(); + packet_write_wait(); + +- for (i = 0; i < numprompts; i++) ++ for (i = 0; i < kbdintctxt->nreq; i++) + xfree(prompts[i]); + xfree(prompts); + xfree(echo_on); +@@ -256,6 +258,10 @@ + + authctxt->postponed = 0; /* reset */ + nresp = packet_get_int(); ++ if (nresp != kbdintctxt->nreq) ++ fatal("input_userauth_info_response: wrong number of replies"); ++ if (nresp > 100) ++ fatal("input_userauth_info_response: too many replies"); + if (nresp > 0) { + response = xmalloc(nresp * sizeof(char*)); + for (i = 0; i < nresp; i++) diff --git a/security/openssh-portable/pkg-plist b/security/openssh-portable/pkg-plist index b2df58c55ca3..a20e02c1426b 100644 --- a/security/openssh-portable/pkg-plist +++ b/security/openssh-portable/pkg-plist @@ -33,5 +33,6 @@ libexec/ssh-keysign %%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -t dsa -N "" -f %D/etc/ssh/ssh_host_dsa_key; fi %%NOTBASE%%@exec mkdir -p %D/empty %%NOTBASE%%@dirrm empty +%%BASE%%@exec mkdir -p %%EMPTYDIR%% @exec if ! pw groupshow sshd 2>/dev/null; then pw groupadd sshd -g 22; fi @exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u 22 -h - -d %%EMPTYDIR%% -s /nonexistent -c "sshd privilege separation"; fi diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 484c77d5a24b..59b89f77f19f 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -7,7 +7,7 @@ PORTNAME= openssh PORTVERSION= 3.3 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \ ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \ diff --git a/security/openssh/files/patch-auth2-chall.c b/security/openssh/files/patch-auth2-chall.c index 488bdf9d036e..80470f799fd8 100644 --- a/security/openssh/files/patch-auth2-chall.c +++ b/security/openssh/files/patch-auth2-chall.c @@ -1,6 +1,6 @@ --- auth2-chall.c.orig Wed Jun 19 02:27:55 2002 -+++ auth2-chall.c Mon Jun 24 06:54:04 2002 -@@ -40,19 +40,19 @@ ++++ auth2-chall.c Wed Jun 26 16:59:05 2002 +@@ -40,20 +40,20 @@ #ifdef BSD_AUTH extern KbdintDevice bsdauth_device; @@ -22,7 +22,67 @@ + &pam_device, +#elif defined(SKEY) &skey_device, --#endif #endif +-#endif NULL }; + +@@ -63,6 +63,7 @@ + char *devices; + void *ctxt; + KbdintDevice *device; ++ u_int nreq; + }; + + static KbdintAuthctxt * +@@ -90,6 +91,7 @@ + debug("kbdint_alloc: devices '%s'", kbdintctxt->devices); + kbdintctxt->ctxt = NULL; + kbdintctxt->device = NULL; ++ kbdintctxt->nreq = 0; + + return kbdintctxt; + } +@@ -209,26 +211,26 @@ + KbdintAuthctxt *kbdintctxt; + char *name, *instr, **prompts; + int i; +- u_int numprompts, *echo_on; ++ u_int *echo_on; + + kbdintctxt = authctxt->kbdintctxt; + if (kbdintctxt->device->query(kbdintctxt->ctxt, +- &name, &instr, &numprompts, &prompts, &echo_on)) ++ &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) + return 0; + + packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); + packet_put_cstring(name); + packet_put_cstring(instr); + packet_put_cstring(""); /* language not used */ +- packet_put_int(numprompts); +- for (i = 0; i < numprompts; i++) { ++ packet_put_int(kbdintctxt->nreq); ++ for (i = 0; i < kbdintctxt->nreq; i++) { + packet_put_cstring(prompts[i]); + packet_put_char(echo_on[i]); + } + packet_send(); + packet_write_wait(); + +- for (i = 0; i < numprompts; i++) ++ for (i = 0; i < kbdintctxt->nreq; i++) + xfree(prompts[i]); + xfree(prompts); + xfree(echo_on); +@@ -256,6 +258,10 @@ + + authctxt->postponed = 0; /* reset */ + nresp = packet_get_int(); ++ if (nresp != kbdintctxt->nreq) ++ fatal("input_userauth_info_response: wrong number of replies"); ++ if (nresp > 100) ++ fatal("input_userauth_info_response: too many replies"); + if (nresp > 0) { + response = xmalloc(nresp * sizeof(char*)); + for (i = 0; i < nresp; i++) |