diff options
| -rw-r--r-- | security/hpn-ssh/Makefile | 3 | ||||
| -rw-r--r-- | security/hpn-ssh/distinfo | 3 | ||||
| -rw-r--r-- | security/openssh-portable/Makefile | 3 | ||||
| -rw-r--r-- | security/openssh-portable/distinfo | 3 | ||||
| -rw-r--r-- | security/openssh/Makefile | 3 | ||||
| -rw-r--r-- | security/openssh/distinfo | 4 | ||||
| -rw-r--r-- | security/openssh/files/patch-auth1.c | 10 | ||||
| -rw-r--r-- | security/openssh/files/patch-auth2-chall.c | 59 | ||||
| -rw-r--r-- | security/openssh/files/patch-session.c | 50 |
9 files changed, 45 insertions, 93 deletions
diff --git a/security/hpn-ssh/Makefile b/security/hpn-ssh/Makefile index 9bb3895c0126..18deb825215c 100644 --- a/security/hpn-ssh/Makefile +++ b/security/hpn-ssh/Makefile @@ -6,8 +6,7 @@ # PORTNAME= openssh -PORTVERSION= 3.3p1 -PORTREVISION= 5 +PORTVERSION= 3.4p1 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ diff --git a/security/hpn-ssh/distinfo b/security/hpn-ssh/distinfo index 703e5bc95311..97f2233a74a4 100644 --- a/security/hpn-ssh/distinfo +++ b/security/hpn-ssh/distinfo @@ -1,2 +1 @@ -MD5 (openssh-3.3p1.tar.gz) = 226fdde5498c56288e777c7a697996e0 -MD5 (openssh-3.2.3p1-gssapi-20020527.diff) = 27f170956f607b951ffda48da588b00a +MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8 diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 9bb3895c0126..18deb825215c 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -6,8 +6,7 @@ # PORTNAME= openssh -PORTVERSION= 3.3p1 -PORTREVISION= 5 +PORTVERSION= 3.4p1 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index 703e5bc95311..97f2233a74a4 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,2 +1 @@ -MD5 (openssh-3.3p1.tar.gz) = 226fdde5498c56288e777c7a697996e0 -MD5 (openssh-3.2.3p1-gssapi-20020527.diff) = 27f170956f607b951ffda48da588b00a +MD5 (openssh-3.4p1.tar.gz) = 459c1d0262e939d6432f193c7a4ba8a8 diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 59b89f77f19f..96bed6193406 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -6,8 +6,7 @@ # PORTNAME= openssh -PORTVERSION= 3.3 -PORTREVISION= 5 +PORTVERSION= 3.4 CATEGORIES= security MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \ ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \ diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 4d4f78bceeb7..73b6801ed2f7 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,2 +1,2 @@ -MD5 (openssh-3.3.tgz) = f75f98b8c901c07f38710959da94a73b -MD5 (openbsd28_3.3.patch) = d3cf2655df4a0b9d0624d1e5893c4324 +MD5 (openssh-3.4.tgz) = 39659226ff5b0d16d0290b21f67c46f2 +MD5 (openbsd28_3.4.patch) = 46cfc2332b357e338e421dd456435a65 diff --git a/security/openssh/files/patch-auth1.c b/security/openssh/files/patch-auth1.c index aa1b085f3beb..ce0593315499 100644 --- a/security/openssh/files/patch-auth1.c +++ b/security/openssh/files/patch-auth1.c @@ -1,5 +1,5 @@ --- auth1.c.orig Wed Jun 19 02:27:55 2002 -+++ auth1.c Mon Jun 24 23:54:35 2002 ++++ auth1.c Wed Jun 26 18:05:48 2002 @@ -27,6 +27,15 @@ #include "uidswap.h" #include "monitor_wrap.h" @@ -153,17 +153,15 @@ #ifdef BSD_AUTH if (authctxt->as) { auth_close(authctxt->as); -@@ -299,9 +394,24 @@ +@@ -299,9 +394,23 @@ !auth_root_allowed(get_authname(type))) authenticated = 0; -- /* Log before sending the reply */ + if (pw != NULL && pw->pw_uid == 0) + log("ROOT LOGIN as '%.100s' from %.100s", + pw->pw_name, from_host); + -+ /* Log before ghT! -+sending the reply */ + /* Log before sending the reply */ auth_log(authctxt, authenticated, get_authname(type), info); +#ifdef USE_PAM @@ -179,7 +177,7 @@ if (authenticated) return; -@@ -354,6 +464,11 @@ +@@ -354,6 +463,11 @@ authctxt->valid = 1; else debug("do_authentication: illegal user %s", user); diff --git a/security/openssh/files/patch-auth2-chall.c b/security/openssh/files/patch-auth2-chall.c index 80470f799fd8..6345cf58a798 100644 --- a/security/openssh/files/patch-auth2-chall.c +++ b/security/openssh/files/patch-auth2-chall.c @@ -27,62 +27,3 @@ NULL }; -@@ -63,6 +63,7 @@ - char *devices; - void *ctxt; - KbdintDevice *device; -+ u_int nreq; - }; - - static KbdintAuthctxt * -@@ -90,6 +91,7 @@ - debug("kbdint_alloc: devices '%s'", kbdintctxt->devices); - kbdintctxt->ctxt = NULL; - kbdintctxt->device = NULL; -+ kbdintctxt->nreq = 0; - - return kbdintctxt; - } -@@ -209,26 +211,26 @@ - KbdintAuthctxt *kbdintctxt; - char *name, *instr, **prompts; - int i; -- u_int numprompts, *echo_on; -+ u_int *echo_on; - - kbdintctxt = authctxt->kbdintctxt; - if (kbdintctxt->device->query(kbdintctxt->ctxt, -- &name, &instr, &numprompts, &prompts, &echo_on)) -+ &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) - return 0; - - packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); - packet_put_cstring(name); - packet_put_cstring(instr); - packet_put_cstring(""); /* language not used */ -- packet_put_int(numprompts); -- for (i = 0; i < numprompts; i++) { -+ packet_put_int(kbdintctxt->nreq); -+ for (i = 0; i < kbdintctxt->nreq; i++) { - packet_put_cstring(prompts[i]); - packet_put_char(echo_on[i]); - } - packet_send(); - packet_write_wait(); - -- for (i = 0; i < numprompts; i++) -+ for (i = 0; i < kbdintctxt->nreq; i++) - xfree(prompts[i]); - xfree(prompts); - xfree(echo_on); -@@ -256,6 +258,10 @@ - - authctxt->postponed = 0; /* reset */ - nresp = packet_get_int(); -+ if (nresp != kbdintctxt->nreq) -+ fatal("input_userauth_info_response: wrong number of replies"); -+ if (nresp > 100) -+ fatal("input_userauth_info_response: too many replies"); - if (nresp > 0) { - response = xmalloc(nresp * sizeof(char*)); - for (i = 0; i < nresp; i++) diff --git a/security/openssh/files/patch-session.c b/security/openssh/files/patch-session.c index ab101d928a4c..e93a8a212829 100644 --- a/security/openssh/files/patch-session.c +++ b/security/openssh/files/patch-session.c @@ -1,5 +1,5 @@ ---- session.c.orig Wed Jun 26 14:23:47 2002 -+++ session.c Wed Jun 26 16:38:27 2002 +--- session.c.orig Wed Jun 26 17:32:54 2002 ++++ session.c Wed Jun 26 18:05:16 2002 @@ -58,6 +58,13 @@ #include "session.h" #include "monitor_wrap.h" @@ -39,12 +39,30 @@ * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ -@@ -545,11 +563,24 @@ +@@ -539,17 +557,42 @@ + { + int fdout, ptyfd, ttyfd, ptymaster; + pid_t pid; ++#ifdef USE_PAM ++ const char *shorttty; ++#endif /* USE_PAM */ + + if (s == NULL) + fatal("do_exec_pty: no session"); ptyfd = s->ptyfd; ttyfd = s->ttyfd; +#ifdef USE_PAM -+ do_pam_session(s->pw->pw_name, s->tty); ++ /* check if we have a pathname in the ttyname */ ++ shorttty = rindex( s->tty, '/' ); ++ if (shorttty != NULL ) { ++ /* use only the short filename to check */ ++ shorttty ++; ++ } else { ++ /* nothing found, use the whole name found */ ++ shorttty = s->tty; ++ } ++ do_pam_session(s->pw->pw_name, shorttty); + do_pam_setcred(); +#endif /* USE_PAM */ + @@ -64,7 +82,7 @@ /* Close the master side of the pseudo tty. */ close(ptyfd); -@@ -638,6 +669,18 @@ +@@ -638,6 +681,18 @@ struct sockaddr_storage from; struct passwd * pw = s->pw; pid_t pid = getpid(); @@ -83,7 +101,7 @@ /* * Get IP address of client. If the connection is not a socket, let -@@ -660,10 +703,97 @@ +@@ -660,10 +715,97 @@ options.verify_reverse_mapping), (struct sockaddr *)&from); @@ -182,7 +200,7 @@ time_string = ctime(&s->last_login_time); if (strchr(time_string, '\n')) *strchr(time_string, '\n') = 0; -@@ -674,7 +804,30 @@ +@@ -674,7 +816,30 @@ s->hostname); } @@ -214,7 +232,7 @@ } /* -@@ -690,9 +843,9 @@ +@@ -690,9 +855,9 @@ #ifdef HAVE_LOGIN_CAP f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r"); @@ -226,7 +244,7 @@ if (f) { while (fgets(buf, sizeof(buf), f)) fputs(buf, stdout); -@@ -719,10 +872,10 @@ +@@ -719,10 +884,10 @@ #ifdef HAVE_LOGIN_CAP if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) return 1; @@ -239,7 +257,7 @@ return 0; } -@@ -806,12 +959,39 @@ +@@ -813,12 +978,39 @@ fclose(f); } @@ -279,7 +297,7 @@ struct passwd *pw = s->pw; /* Initialize the environment. */ -@@ -820,16 +1000,33 @@ +@@ -827,16 +1019,33 @@ env[0] = NULL; if (!options.use_login) { @@ -316,7 +334,7 @@ snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); -@@ -882,6 +1079,10 @@ +@@ -889,6 +1098,10 @@ child_set_env(&env, &envsize, "KRB5CCNAME", s->authctxt->krb5_ticket_file); #endif @@ -327,7 +345,7 @@ if (auth_sock_name != NULL) child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, auth_sock_name); -@@ -998,7 +1199,7 @@ +@@ -1005,7 +1218,7 @@ if (getuid() == 0 || geteuid() == 0) { #ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid, @@ -336,7 +354,7 @@ perror("unable to set user context"); exit(1); } -@@ -1038,6 +1239,36 @@ +@@ -1045,6 +1258,36 @@ exit(1); } @@ -373,7 +391,7 @@ /* * Performs common processing for the child, such as setting up the * environment, closing extra file descriptors, setting the user and group -@@ -1116,7 +1347,7 @@ +@@ -1123,7 +1366,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ @@ -382,7 +400,7 @@ close(i); /* -@@ -1146,6 +1377,31 @@ +@@ -1153,6 +1396,31 @@ exit(1); #endif } |