pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/ssh2 Fixed RSA e=3 bug (most likely nobody us...
details: https://anonhg.NetBSD.org/pkgsrc/rev/5a9d84fab5f3
branches: trunk
changeset: 518898:5a9d84fab5f3
user: kivinen <kivinen%pkgsrc.org@localhost>
date: Fri Sep 22 13:58:46 2006 +0000
description:
Fixed RSA e=3 bug (most likely nobody uses e=3 rsa keys
on ssh anyways, but better to make sure). Fixed some
more ssh_*_{en,de}code calls missing necessary casts.
Disabled x11-security extension on x86_64 as it does not
work there (uses xauth instead). Updated pkgrevision.
diffstat:
security/ssh2/Makefile | 12 ++++++-
security/ssh2/distinfo | 21 ++++++++++++-
security/ssh2/patches/patch-ai | 12 +++++++-
security/ssh2/patches/patch-aq | 24 ++++++++++++++++
security/ssh2/patches/patch-ar | 18 ++++++++++++
security/ssh2/patches/patch-as | 14 +++++++++
security/ssh2/patches/patch-at | 37 ++++++++++++++++++++++++
security/ssh2/patches/patch-au | 24 ++++++++++++++++
security/ssh2/patches/patch-av | 63 ++++++++++++++++++++++++++++++++++++++++++
security/ssh2/patches/patch-aw | 31 ++++++++++++++++++++
security/ssh2/patches/patch-ax | 14 +++++++++
security/ssh2/patches/patch-ay | 14 +++++++++
security/ssh2/patches/patch-az | 22 ++++++++++++++
security/ssh2/patches/patch-ba | 13 ++++++++
security/ssh2/patches/patch-bb | 13 ++++++++
security/ssh2/patches/patch-bc | 31 ++++++++++++++++++++
security/ssh2/patches/patch-bd | 14 +++++++++
security/ssh2/patches/patch-be | 27 ++++++++++++++++++
security/ssh2/patches/patch-bf | 27 ++++++++++++++++++
security/ssh2/patches/patch-bg | 49 ++++++++++++++++++++++++++++++++
20 files changed, 475 insertions(+), 5 deletions(-)
diffs (truncated from 594 to 300 lines):
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/Makefile
--- a/security/ssh2/Makefile Fri Sep 22 13:21:37 2006 +0000
+++ b/security/ssh2/Makefile Fri Sep 22 13:58:46 2006 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.16 2006/05/10 12:26:31 gdt Exp $
+# $NetBSD: Makefile,v 1.17 2006/09/22 13:58:46 kivinen Exp $
DISTNAME= ssh-3.2.9.1
PKGNAME= ${DISTNAME:C/ssh-/ssh2-/}
-PKGREVISION= 5
+PKGREVISION= 6
CATEGORIES= security
MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/
@@ -51,6 +51,14 @@
CONFIGURE_ARGS+= --with-libwrap=${BUILDLINK_PREFIX.tcp-wrappers}
CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR:Q}
+.if ${OPSYS} == "NetBSD" && ${MACHINE_ARCH} == "x86_64"
+# This seems to break x11 forwarding at least on NetBSD 3.1 amd64
+# (i.e ssh localhost xterm does not work as client will get wrong
+# auth cookie).
+# Without this it will use the xauth method and that will work.
+CONFIGURE_ARGS+= --without-x11-security
+.endif
+
# Setting FOREIGN_ETCDIR to PKG_SYSCONFBASEDIR may seem stupid
# if PKG_SYSCONFDIR.${PKG_SYSCONFVAR} is set but it does no harm...
#
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/distinfo
--- a/security/ssh2/distinfo Fri Sep 22 13:21:37 2006 +0000
+++ b/security/ssh2/distinfo Fri Sep 22 13:58:46 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2005/08/24 09:13:24 kivinen Exp $
+$NetBSD: distinfo,v 1.11 2006/09/22 13:58:46 kivinen Exp $
SHA1 (ssh-3.2.9.1.tar.gz) = 22e4589c889aef18e53a8942716084f0d8ede7db
RMD160 (ssh-3.2.9.1.tar.gz) = 21bfe97fae477dea1109c6e6eb44a448b6b2f250
@@ -11,7 +11,7 @@
SHA1 (patch-af) = e7c956b858d02dfaf20e1fe1bfc36322d9eb6d67
SHA1 (patch-ag) = 0f7a448875262e2536255ace27cf1a8f0c2a0517
SHA1 (patch-ah) = dc9a496187907e34c602a9f99a65f8fe8a83c54e
-SHA1 (patch-ai) = e5a21bc1c65877e2c2974d78bed16b52d2b486af
+SHA1 (patch-ai) = 4236061632cd0970d26c8b9affb92111f5f6d5da
SHA1 (patch-aj) = 4190dff5f6fca937ff742233f8320b126428b51f
SHA1 (patch-ak) = dd7bc32a5b6cf4e8d8d5d35f46714ce21e52be1b
SHA1 (patch-al) = 401034768081c4181a92b9d9919ee6f6af9a8a5d
@@ -19,3 +19,20 @@
SHA1 (patch-an) = 25a02df00dfe7484354316a87a30ce1144011f87
SHA1 (patch-ao) = c129f78b7e19843090ade11ae503f780a37921a4
SHA1 (patch-ap) = 3a7b34777734caf696f9c564f7de431597ff18f6
+SHA1 (patch-aq) = 3c7c3253e223ae253d8935e8c7fb49838cd2ca93
+SHA1 (patch-ar) = 2c47ced95f680547d9a68ebe91138644148de51b
+SHA1 (patch-as) = 3ede9c75364ff2e6f9213ddb99768530e9cf173d
+SHA1 (patch-at) = e6edd24c56190fef74fd7a66f6801dd2924b1c44
+SHA1 (patch-au) = b29f29502421da69e4de1a1803d3bb4269480eb7
+SHA1 (patch-av) = 1cfa5bb5f854ce40796810a147788ff8df2ba37f
+SHA1 (patch-aw) = 5786c03afa3ee2d89ce5780bca6ccf8a81fa438b
+SHA1 (patch-ax) = 0ed310db62cb0bd3d68c992d229d2c8fdbd0e535
+SHA1 (patch-ay) = 726b6466607708f52af7f110d5e7676087e89867
+SHA1 (patch-az) = 0bef02fd1f3c58d192d00ed50d87b97f1ab7c534
+SHA1 (patch-ba) = fd92d27b9335492a583b08f91353f8ae73014979
+SHA1 (patch-bb) = c306813fbb426e8a2d2de76e62a46317fe32947d
+SHA1 (patch-bc) = d198fd85e0f7a14bb82baf639461795933c34230
+SHA1 (patch-bd) = 0a57de059fcd647c375f310d6d58712a2f3d4c89
+SHA1 (patch-be) = 788a8fa682e968d9e3cd55213547f82908cc3a0a
+SHA1 (patch-bf) = 64fa9f13619a9d222af9a24d0b1069033facdef1
+SHA1 (patch-bg) = 73da22930f753fc02cd4a5bad30b4edf226d1180
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-ai
--- a/security/ssh2/patches/patch-ai Fri Sep 22 13:21:37 2006 +0000
+++ b/security/ssh2/patches/patch-ai Fri Sep 22 13:58:46 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-ai,v 1.1 2005/08/24 09:13:24 kivinen Exp $
+$NetBSD: patch-ai,v 1.2 2006/09/22 13:58:46 kivinen Exp $
--- apps/ssh/authc-kbd-interactive.c.orig 2003-12-03 15:17:26.000000000 +0200
+++ apps/ssh/authc-kbd-interactive.c
@@ -11,3 +11,13 @@
SSH_FORMAT_END);
+@@ -345,7 +345,8 @@ void ssh_client_auth_kbd_interact(SshAut
+ /* language tag */
+ SSH_FORMAT_UINT32_STR, lang_tag, strlen(lang_tag),
+ /* XXX devices, what do we support? */
+- SSH_FORMAT_UINT32_STR, "", 0L,
++ SSH_FORMAT_UINT32_STR, "",
++ (size_t) 0L,
+ SSH_FORMAT_END);
+ (*completion)(SSH_AUTH_CLIENT_SEND_AND_CONTINUE,
+ user, buffer, completion_context);
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-aq
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ssh2/patches/patch-aq Fri Sep 22 13:58:46 2006 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-aq,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/agentclient.c.orig 2003-12-03 15:17:24.000000000 +0200
++++ apps/ssh/agentclient.c
+@@ -831,7 +831,8 @@ void ssh_agent_lock(SshAgent agent, cons
+ ssh_packet_wrapper_send_encode(agent->wrapper,
+ SSH_AGENT_LOCK,
+ SSH_FORMAT_UINT32_STR,
+- password, (password ? strlen(password) : 0),
++ password, (size_t)
++ (password ? strlen(password) : 0),
+ SSH_FORMAT_END);
+ }
+
+@@ -858,7 +859,8 @@ void ssh_agent_unlock(SshAgent agent, co
+ ssh_packet_wrapper_send_encode(agent->wrapper,
+ SSH_AGENT_UNLOCK,
+ SSH_FORMAT_UINT32_STR,
+- password, (password ? strlen(password) : 0),
++ password, (size_t)
++ (password ? strlen(password) : 0),
+ SSH_FORMAT_END);
+ }
+
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-ar
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ssh2/patches/patch-ar Fri Sep 22 13:58:46 2006 +0000
@@ -0,0 +1,18 @@
+$NetBSD: patch-ar,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-kerberos-tgt.c.orig 2003-12-03 15:17:25.000000000 +0200
++++ apps/ssh/authc-kerberos-tgt.c
+@@ -181,9 +181,11 @@ void ssh_client_auth_kerberos_tgt(SshAut
+ b = ssh_xbuffer_allocate();
+ ssh_encode_buffer(b,
+ SSH_FORMAT_UINT32_STR,
+- auth_data.data, auth_data.length,
++ auth_data.data,
++ (size_t) auth_data.length,
+ SSH_FORMAT_UINT32_STR,
+- tgt_data.data, tgt_data.length,
++ tgt_data.data,
++ (size_t) tgt_data.length,
+ SSH_FORMAT_END);
+
+ /* Send the authentication request (and complete this operation). */
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-as
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ssh2/patches/patch-as Fri Sep 22 13:58:46 2006 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-as,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-kerberos.c.orig 2003-12-03 15:17:25.000000000 +0200
++++ apps/ssh/authc-kerberos.c
+@@ -127,7 +127,8 @@ void ssh_client_auth_kerberos(SshAuthCli
+ b = ssh_xbuffer_allocate();
+ ssh_encode_buffer(b,
+ SSH_FORMAT_UINT32_STR,
+- auth_data.data, auth_data.length,
++ auth_data.data,
++ (size_t) auth_data.length,
+ SSH_FORMAT_END);
+
+ /* Send the authentication request (and complete this operation). */
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-at
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ssh2/patches/patch-at Fri Sep 22 13:58:46 2006 +0000
@@ -0,0 +1,37 @@
+$NetBSD: patch-at,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-pam.c.orig 2003-12-03 15:17:26.000000000 +0200
++++ apps/ssh/authc-pam.c
+@@ -81,8 +81,10 @@ SSH_FSM_STEP(ssh_pamc_process_packet)
+ SSH_TRACE(4, ("Received %d messages.", num_msgs));
+
+ ssh_encode_buffer(gdata->response_packet,
+- SSH_FORMAT_BOOLEAN, TRUE,
+- SSH_FORMAT_UINT32, gdata->num_msgs,
++ SSH_FORMAT_BOOLEAN,
++ (Boolean) TRUE,
++ SSH_FORMAT_UINT32,
++ (SshUInt32) gdata->num_msgs,
+ SSH_FORMAT_END);
+
+ SSH_FSM_SET_NEXT(ssh_pamc_process_next_msg);
+@@ -234,7 +236,8 @@ SSH_FSM_STEP(ssh_pamc_append_response)
+ gdata->response_retcode = SSH_PAM_DEFAULT_RESP_RETCODE;
+
+ ssh_encode_buffer(gdata->response_packet,
+- SSH_FORMAT_CHAR, gdata->response_retcode,
++ SSH_FORMAT_CHAR,
++ (unsigned int) gdata->response_retcode,
+ SSH_FORMAT_UINT32_STR,
+ gdata->response_len ? gdata->response : "",
+ gdata->response_len,
+@@ -341,7 +344,8 @@ void ssh_client_auth_pam(SshAuthClientOp
+ SSH_TRACE(2, ("Starting pam auth..."));
+ buffer = ssh_xbuffer_allocate();
+ ssh_encode_buffer(buffer,
+- SSH_FORMAT_BOOLEAN, FALSE,
++ SSH_FORMAT_BOOLEAN,
++ (Boolean) FALSE,
+ SSH_FORMAT_END);
+ (*completion)(SSH_AUTH_CLIENT_SEND_AND_CONTINUE,
+ user, buffer, completion_context);
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-au
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ssh2/patches/patch-au Fri Sep 22 13:58:46 2006 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-au,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-passwd.c.orig 2003-12-03 15:17:24.000000000 +0200
++++ apps/ssh/authc-passwd.c
+@@ -136,7 +136,8 @@ void ssh_client_auth_passwd(SshAuthClien
+
+ b = ssh_xbuffer_allocate();
+ ret_val = ssh_encode_buffer(b,
+- SSH_FORMAT_BOOLEAN, FALSE,
++ SSH_FORMAT_BOOLEAN,
++ (Boolean) FALSE,
+ SSH_FORMAT_UINT32_STR, password,
+ strlen(password),
+ SSH_FORMAT_END);
+@@ -229,7 +230,8 @@ void ssh_client_auth_passwd(SshAuthClien
+ b = ssh_xbuffer_allocate();
+
+ ret_val = ssh_encode_buffer(b,
+- SSH_FORMAT_BOOLEAN, TRUE,
++ SSH_FORMAT_BOOLEAN,
++ (Boolean) TRUE,
+ SSH_FORMAT_UINT32_STR,
+ old_password, strlen(old_password),
+ SSH_FORMAT_UINT32_STR,
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-av
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ssh2/patches/patch-av Fri Sep 22 13:58:46 2006 +0000
@@ -0,0 +1,63 @@
+$NetBSD: patch-av,v 1.1 2006/09/22 13:58:46 kivinen Exp $
+
+--- apps/ssh/authc-pubkey.c.orig 2003-12-03 15:17:24.000000000 +0200
++++ apps/ssh/authc-pubkey.c
+@@ -208,7 +208,8 @@ SshBuffer ssh_client_auth_pubkey_try_key
+ if (!draft_incompatibility)
+ {
+ ssh_encode_buffer(b,
+- SSH_FORMAT_BOOLEAN, FALSE,
++ SSH_FORMAT_BOOLEAN,
++ (Boolean) FALSE,
+ SSH_FORMAT_UINT32_STR, c->pubkey_alg,
+ strlen((char *)c->pubkey_alg),
+ SSH_FORMAT_UINT32_STR, c->pubkeyblob,
+@@ -219,7 +220,8 @@ SshBuffer ssh_client_auth_pubkey_try_key
+ {
+ /* Remote end has publickey draft incompatibility bug. */
+ ssh_encode_buffer(b,
+- SSH_FORMAT_BOOLEAN, FALSE,
++ SSH_FORMAT_BOOLEAN,
++ (Boolean) FALSE,
+ /* Against the draft. Here should be string
+ 'publickey algorithm'*/
+ SSH_FORMAT_UINT32_STR, c->pubkeyblob,
+@@ -328,7 +330,8 @@ void ssh_client_auth_pubkey_sign_complet
+ )
+ {
+ ssh_encode_buffer(b,
+- SSH_FORMAT_BOOLEAN, TRUE,
++ SSH_FORMAT_BOOLEAN,
++ (Boolean) TRUE,
+ SSH_FORMAT_UINT32_STR, c->pubkey_alg,
+ strlen((char *)c->pubkey_alg),
+ SSH_FORMAT_UINT32_STR, c->pubkeyblob,
+@@ -341,7 +344,8 @@ void ssh_client_auth_pubkey_sign_complet
+ {
+ /* Remote end has publickey draft incompatibility bug. */
+ ssh_encode_buffer(b,
+- SSH_FORMAT_BOOLEAN, TRUE,
++ SSH_FORMAT_BOOLEAN,
++ (Boolean) TRUE,
+ /* Against the draft. Here should be string
+ 'publickey algorithm'*/
+ SSH_FORMAT_UINT32_STR,
+@@ -702,7 +706,8 @@ Boolean ssh_client_auth_pubkey_send_sign
+ strlen(service),
+ SSH_FORMAT_UINT32_STR, SSH_AUTH_PUBKEY,
+ strlen(SSH_AUTH_PUBKEY),
+- SSH_FORMAT_BOOLEAN, TRUE,
++ SSH_FORMAT_BOOLEAN,
++ (Boolean) TRUE,
+ SSH_FORMAT_UINT32_STR, c->pubkey_alg,
+ strlen(c->pubkey_alg),
+ SSH_FORMAT_UINT32_STR, c->pubkeyblob,
+@@ -722,7 +727,7 @@ Boolean ssh_client_auth_pubkey_send_sign
+ strlen(service),
+ /* against the draft. Here should
+ be 'string "publickey"'*/
+- SSH_FORMAT_BOOLEAN, TRUE,
++ SSH_FORMAT_BOOLEAN, (Boolean) TRUE,
+ /* against the draft. Here should
+ be 'string public key algorith
+ name'*/
diff -r 452dca21a268 -r 5a9d84fab5f3 security/ssh2/patches/patch-aw
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ssh2/patches/patch-aw Fri Sep 22 13:58:46 2006 +0000
@@ -0,0 +1,31 @@
+$NetBSD: patch-aw,v 1.1 2006/09/22 13:58:46 kivinen Exp $
Home |
Main Index |
Thread Index |
Old Index