pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/ssh2 Fixed RSA e=3 bug (most likely nobody us...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/5a9d84fab5f3
branches:  trunk
changeset: 518898:5a9d84fab5f3
user:      kivinen <kivinen%pkgsrc.org@localhost>
date:      Fri Sep 22 13:58:46 2006 +0000

description:
Fixed RSA e=3 bug (most likely nobody uses e=3 rsa keys
        on ssh anyways, but better to make sure). Fixed some
        more ssh_*_{en,de}code calls missing necessary casts.
        Disabled x11-security extension on x86_64 as it does not
        work there (uses xauth instead). Updated pkgrevision.

diffstat:

 security/ssh2/Makefile         |  12 ++++++-
 security/ssh2/distinfo         |  21 ++++++++++++-
 security/ssh2/patches/patch-ai |  12 +++++++-
 security/ssh2/patches/patch-aq |  24 ++++++++++++++++
 security/ssh2/patches/patch-ar |  18 ++++++++++++
 security/ssh2/patches/patch-as |  14 +++++++++
 security/ssh2/patches/patch-at |  37 ++++++++++++++++++++++++
 security/ssh2/patches/patch-au |  24 ++++++++++++++++
 security/ssh2/patches/patch-av |  63 ++++++++++++++++++++++++++++++++++++++++++
 security/ssh2/patches/patch-aw |  31 ++++++++++++++++++++
 security/ssh2/patches/patch-ax |  14 +++++++++
 security/ssh2/patches/patch-ay |  14 +++++++++
 security/ssh2/patches/patch-az |  22 ++++++++++++++
 security/ssh2/patches/patch-ba |  13 ++++++++
 security/ssh2/patches/patch-bb |  13 ++++++++
 security/ssh2/patches/patch-bc |  31 ++++++++++++++++++++
 security/ssh2/patches/patch-bd |  14 +++++++++
 security/ssh2/patches/patch-be |  27 ++++++++++++++++++
 security/ssh2/patches/patch-bf |  27 ++++++++++++++++++
 security/ssh2/patches/patch-bg |  49 ++++++++++++++++++++++++++++++++
 20 files changed, 475 insertions(+), 5 deletions(-)

diffs (truncated from 594 to 300 lines):

diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/Makefile
--- a/security/ssh2/Makefile    Fri Sep 22 13:21:37 2006 +0000
+++ b/security/ssh2/Makefile    Fri Sep 22 13:58:46 2006 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.16 2006/05/10 12:26:31 gdt Exp $
+# $NetBSD: Makefile,v 1.17 2006/09/22 13:58:46 kivinen Exp $
 
 DISTNAME=      ssh-3.2.9.1
 PKGNAME=       ${DISTNAME:C/ssh-/ssh2-/}
-PKGREVISION=   5
+PKGREVISION=   6
 CATEGORIES=    security
 MASTER_SITES=  ftp://ftp.ssh.com/pub/ssh/
 
@@ -51,6 +51,14 @@
 CONFIGURE_ARGS+=       --with-libwrap=${BUILDLINK_PREFIX.tcp-wrappers}
 CONFIGURE_ARGS+=       --with-pid-dir=${SSH_PID_DIR:Q}
 
+.if ${OPSYS} == "NetBSD" && ${MACHINE_ARCH} == "x86_64"
+# This seems to break x11 forwarding at least on NetBSD 3.1 amd64
+# (i.e ssh localhost xterm does not work as client will get wrong
+# auth cookie).
+# Without this it will use the xauth method and that will work.
+CONFIGURE_ARGS+=       --without-x11-security
+.endif
+
 # Setting FOREIGN_ETCDIR to PKG_SYSCONFBASEDIR may seem stupid
 # if PKG_SYSCONFDIR.${PKG_SYSCONFVAR} is set but it does no harm...
 #
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/distinfo
--- a/security/ssh2/distinfo    Fri Sep 22 13:21:37 2006 +0000
+++ b/security/ssh2/distinfo    Fri Sep 22 13:58:46 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2005/08/24 09:13:24 kivinen Exp $
+$NetBSD: distinfo,v 1.11 2006/09/22 13:58:46 kivinen Exp $
 
 SHA1 (ssh-3.2.9.1.tar.gz) = 22e4589c889aef18e53a8942716084f0d8ede7db
 RMD160 (ssh-3.2.9.1.tar.gz) = 21bfe97fae477dea1109c6e6eb44a448b6b2f250
@@ -11,7 +11,7 @@
 SHA1 (patch-af) = e7c956b858d02dfaf20e1fe1bfc36322d9eb6d67
 SHA1 (patch-ag) = 0f7a448875262e2536255ace27cf1a8f0c2a0517
 SHA1 (patch-ah) = dc9a496187907e34c602a9f99a65f8fe8a83c54e
-SHA1 (patch-ai) = e5a21bc1c65877e2c2974d78bed16b52d2b486af
+SHA1 (patch-ai) = 4236061632cd0970d26c8b9affb92111f5f6d5da
 SHA1 (patch-aj) = 4190dff5f6fca937ff742233f8320b126428b51f
 SHA1 (patch-ak) = dd7bc32a5b6cf4e8d8d5d35f46714ce21e52be1b
 SHA1 (patch-al) = 401034768081c4181a92b9d9919ee6f6af9a8a5d
@@ -19,3 +19,20 @@
 SHA1 (patch-an) = 25a02df00dfe7484354316a87a30ce1144011f87
 SHA1 (patch-ao) = c129f78b7e19843090ade11ae503f780a37921a4
 SHA1 (patch-ap) = 3a7b34777734caf696f9c564f7de431597ff18f6
+SHA1 (patch-aq) = 3c7c3253e223ae253d8935e8c7fb49838cd2ca93
+SHA1 (patch-ar) = 2c47ced95f680547d9a68ebe91138644148de51b
+SHA1 (patch-as) = 3ede9c75364ff2e6f9213ddb99768530e9cf173d
+SHA1 (patch-at) = e6edd24c56190fef74fd7a66f6801dd2924b1c44
+SHA1 (patch-au) = b29f29502421da69e4de1a1803d3bb4269480eb7
+SHA1 (patch-av) = 1cfa5bb5f854ce40796810a147788ff8df2ba37f
+SHA1 (patch-aw) = 5786c03afa3ee2d89ce5780bca6ccf8a81fa438b
+SHA1 (patch-ax) = 0ed310db62cb0bd3d68c992d229d2c8fdbd0e535
+SHA1 (patch-ay) = 726b6466607708f52af7f110d5e7676087e89867
+SHA1 (patch-az) = 0bef02fd1f3c58d192d00ed50d87b97f1ab7c534
+SHA1 (patch-ba) = fd92d27b9335492a583b08f91353f8ae73014979
+SHA1 (patch-bb) = c306813fbb426e8a2d2de76e62a46317fe32947d
+SHA1 (patch-bc) = d198fd85e0f7a14bb82baf639461795933c34230
+SHA1 (patch-bd) = 0a57de059fcd647c375f310d6d58712a2f3d4c89
+SHA1 (patch-be) = 788a8fa682e968d9e3cd55213547f82908cc3a0a
+SHA1 (patch-bf) = 64fa9f13619a9d222af9a24d0b1069033facdef1
+SHA1 (patch-bg) = 73da22930f753fc02cd4a5bad30b4edf226d1180
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-ai
--- a/security/ssh2/patches/patch-ai    Fri Sep 22 13:21:37 2006 +0000
+++ b/security/ssh2/patches/patch-ai    Fri Sep 22 13:58:46 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-ai,v 1.1 2005/08/24 09:13:24 kivinen Exp $
+$NetBSD: patch-ai,v 1.2 2006/09/22 13:58:46 kivinen Exp $
 
 --- apps/ssh/authc-kbd-interactive.c.orig      2003-12-03 15:17:26.000000000 +0200
 +++ apps/ssh/authc-kbd-interactive.c
@@ -11,3 +11,13 @@
                      SSH_FORMAT_END);
  
  
+@@ -345,7 +345,8 @@ void ssh_client_auth_kbd_interact(SshAut
+                         /* language tag */
+                         SSH_FORMAT_UINT32_STR, lang_tag, strlen(lang_tag),
+                         /* XXX devices, what do we support? */
+-                        SSH_FORMAT_UINT32_STR, "", 0L,
++                        SSH_FORMAT_UINT32_STR, "",
++                      (size_t) 0L,
+                         SSH_FORMAT_END);
+       (*completion)(SSH_AUTH_CLIENT_SEND_AND_CONTINUE,
+                     user, buffer, completion_context);
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-aq
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ssh2/patches/patch-aq    Fri Sep 22 13:58:46 2006 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-aq,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/agentclient.c.orig        2003-12-03 15:17:24.000000000 +0200
++++ apps/ssh/agentclient.c
+@@ -831,7 +831,8 @@ void ssh_agent_lock(SshAgent agent, cons
+   ssh_packet_wrapper_send_encode(agent->wrapper,
+                                  SSH_AGENT_LOCK,
+                                  SSH_FORMAT_UINT32_STR,
+-                                 password, (password ? strlen(password) : 0),
++                                 password, (size_t)
++                               (password ? strlen(password) : 0),
+                                  SSH_FORMAT_END);
+ }
+ 
+@@ -858,7 +859,8 @@ void ssh_agent_unlock(SshAgent agent, co
+   ssh_packet_wrapper_send_encode(agent->wrapper,
+                                  SSH_AGENT_UNLOCK,
+                                  SSH_FORMAT_UINT32_STR,
+-                                 password, (password ? strlen(password) : 0),
++                                 password, (size_t)
++                               (password ? strlen(password) : 0),
+                                  SSH_FORMAT_END);
+ }
+ 
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-ar
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ssh2/patches/patch-ar    Fri Sep 22 13:58:46 2006 +0000
@@ -0,0 +1,18 @@
+$NetBSD: patch-ar,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-kerberos-tgt.c.orig 2003-12-03 15:17:25.000000000 +0200
++++ apps/ssh/authc-kerberos-tgt.c
+@@ -181,9 +181,11 @@ void ssh_client_auth_kerberos_tgt(SshAut
+       b = ssh_xbuffer_allocate();
+       ssh_encode_buffer(b,
+                         SSH_FORMAT_UINT32_STR,
+-                        auth_data.data, auth_data.length,
++                        auth_data.data,
++                      (size_t) auth_data.length,
+                         SSH_FORMAT_UINT32_STR,
+-                        tgt_data.data, tgt_data.length,
++                        tgt_data.data,
++                      (size_t) tgt_data.length,
+                         SSH_FORMAT_END);
+       
+       /* Send the authentication request (and complete this operation). */
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-as
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ssh2/patches/patch-as    Fri Sep 22 13:58:46 2006 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-as,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-kerberos.c.orig     2003-12-03 15:17:25.000000000 +0200
++++ apps/ssh/authc-kerberos.c
+@@ -127,7 +127,8 @@ void ssh_client_auth_kerberos(SshAuthCli
+       b = ssh_xbuffer_allocate();
+       ssh_encode_buffer(b,
+                         SSH_FORMAT_UINT32_STR,
+-                          auth_data.data, auth_data.length,
++                      auth_data.data,
++                      (size_t) auth_data.length,
+                         SSH_FORMAT_END);
+       
+       /* Send the authentication request (and complete this operation). */
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-at
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ssh2/patches/patch-at    Fri Sep 22 13:58:46 2006 +0000
@@ -0,0 +1,37 @@
+$NetBSD: patch-at,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-pam.c.orig  2003-12-03 15:17:26.000000000 +0200
++++ apps/ssh/authc-pam.c
+@@ -81,8 +81,10 @@ SSH_FSM_STEP(ssh_pamc_process_packet)
+   SSH_TRACE(4, ("Received %d messages.", num_msgs));
+ 
+   ssh_encode_buffer(gdata->response_packet,
+-                    SSH_FORMAT_BOOLEAN, TRUE,
+-                    SSH_FORMAT_UINT32, gdata->num_msgs,
++                    SSH_FORMAT_BOOLEAN,
++                  (Boolean) TRUE,
++                    SSH_FORMAT_UINT32,
++                  (SshUInt32) gdata->num_msgs,
+                     SSH_FORMAT_END);
+ 
+   SSH_FSM_SET_NEXT(ssh_pamc_process_next_msg);
+@@ -234,7 +236,8 @@ SSH_FSM_STEP(ssh_pamc_append_response)
+   gdata->response_retcode = SSH_PAM_DEFAULT_RESP_RETCODE;
+ 
+   ssh_encode_buffer(gdata->response_packet,
+-                    SSH_FORMAT_CHAR, gdata->response_retcode,
++                    SSH_FORMAT_CHAR,
++                  (unsigned int) gdata->response_retcode,
+                     SSH_FORMAT_UINT32_STR,
+                     gdata->response_len ? gdata->response : "",
+                     gdata->response_len,
+@@ -341,7 +344,8 @@ void ssh_client_auth_pam(SshAuthClientOp
+       SSH_TRACE(2, ("Starting pam auth..."));
+       buffer = ssh_xbuffer_allocate();
+       ssh_encode_buffer(buffer,
+-                        SSH_FORMAT_BOOLEAN, FALSE,
++                        SSH_FORMAT_BOOLEAN,
++                      (Boolean) FALSE,
+                         SSH_FORMAT_END);
+       (*completion)(SSH_AUTH_CLIENT_SEND_AND_CONTINUE,
+                     user, buffer, completion_context);
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-au
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ssh2/patches/patch-au    Fri Sep 22 13:58:46 2006 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-au,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-passwd.c.orig       2003-12-03 15:17:24.000000000 +0200
++++ apps/ssh/authc-passwd.c
+@@ -136,7 +136,8 @@ void ssh_client_auth_passwd(SshAuthClien
+       
+       b = ssh_xbuffer_allocate();
+       ret_val = ssh_encode_buffer(b,
+-                                  SSH_FORMAT_BOOLEAN, FALSE,
++                                  SSH_FORMAT_BOOLEAN,
++                                (Boolean) FALSE,
+                                   SSH_FORMAT_UINT32_STR, password,
+                                   strlen(password),
+                                   SSH_FORMAT_END);
+@@ -229,7 +230,8 @@ void ssh_client_auth_passwd(SshAuthClien
+       b = ssh_xbuffer_allocate();
+ 
+       ret_val = ssh_encode_buffer(b,
+-                                  SSH_FORMAT_BOOLEAN, TRUE,
++                                  SSH_FORMAT_BOOLEAN,
++                                (Boolean) TRUE,
+                                   SSH_FORMAT_UINT32_STR,
+                                   old_password, strlen(old_password),
+                                   SSH_FORMAT_UINT32_STR,
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-av
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ssh2/patches/patch-av    Fri Sep 22 13:58:46 2006 +0000
@@ -0,0 +1,63 @@
+$NetBSD: patch-av,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-pubkey.c.orig       2003-12-03 15:17:24.000000000 +0200
++++ apps/ssh/authc-pubkey.c
+@@ -208,7 +208,8 @@ SshBuffer ssh_client_auth_pubkey_try_key
+   if (!draft_incompatibility)
+     {
+       ssh_encode_buffer(b,
+-                        SSH_FORMAT_BOOLEAN, FALSE,
++                        SSH_FORMAT_BOOLEAN,
++                      (Boolean) FALSE,
+                         SSH_FORMAT_UINT32_STR, c->pubkey_alg,
+                         strlen((char *)c->pubkey_alg),
+                         SSH_FORMAT_UINT32_STR, c->pubkeyblob,
+@@ -219,7 +220,8 @@ SshBuffer ssh_client_auth_pubkey_try_key
+     {      
+       /* Remote end has publickey draft incompatibility bug. */
+       ssh_encode_buffer(b,
+-                        SSH_FORMAT_BOOLEAN, FALSE,
++                        SSH_FORMAT_BOOLEAN,
++                      (Boolean) FALSE,
+                         /* Against the draft. Here should be string
+                            'publickey algorithm'*/
+                         SSH_FORMAT_UINT32_STR, c->pubkeyblob,
+@@ -328,7 +330,8 @@ void ssh_client_auth_pubkey_sign_complet
+       )
+     {
+       ssh_encode_buffer(b,
+-                        SSH_FORMAT_BOOLEAN, TRUE,
++                        SSH_FORMAT_BOOLEAN,
++                      (Boolean) TRUE,
+                         SSH_FORMAT_UINT32_STR, c->pubkey_alg,
+                         strlen((char *)c->pubkey_alg),
+                         SSH_FORMAT_UINT32_STR, c->pubkeyblob,
+@@ -341,7 +344,8 @@ void ssh_client_auth_pubkey_sign_complet
+     {      
+       /* Remote end has publickey draft incompatibility bug. */
+       ssh_encode_buffer(b,
+-                        SSH_FORMAT_BOOLEAN, TRUE,
++                        SSH_FORMAT_BOOLEAN,
++                      (Boolean) TRUE,
+                         /* Against the draft. Here should be string
+                            'publickey algorithm'*/
+                         SSH_FORMAT_UINT32_STR,
+@@ -702,7 +706,8 @@ Boolean ssh_client_auth_pubkey_send_sign
+                                strlen(service),
+                                SSH_FORMAT_UINT32_STR, SSH_AUTH_PUBKEY,
+                                strlen(SSH_AUTH_PUBKEY),
+-                               SSH_FORMAT_BOOLEAN, TRUE,
++                               SSH_FORMAT_BOOLEAN,
++                             (Boolean) TRUE,
+                                SSH_FORMAT_UINT32_STR, c->pubkey_alg,
+                                strlen(c->pubkey_alg),
+                                SSH_FORMAT_UINT32_STR, c->pubkeyblob,
+@@ -722,7 +727,7 @@ Boolean ssh_client_auth_pubkey_send_sign
+                                strlen(service),
+                                /* against the draft. Here should
+                                   be 'string "publickey"'*/
+-                               SSH_FORMAT_BOOLEAN, TRUE,
++                               SSH_FORMAT_BOOLEAN, (Boolean) TRUE,
+                                /* against the draft. Here should
+                                   be 'string public key algorith
+                                   name'*/
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-aw
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ssh2/patches/patch-aw    Fri Sep 22 13:58:46 2006 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-aw,v 1.1 2006/09/22 13:58:46 kivinen Exp $



Home | Main Index | Thread Index | Old Index