pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/openssh Update openssh package to 4.7.1 (4.7p1).
details: https://anonhg.NetBSD.org/pkgsrc/rev/c3e47e847ede
branches: trunk
changeset: 533014:c3e47e847ede
user: taca <taca%pkgsrc.org@localhost>
date: Fri Sep 07 10:41:11 2007 +0000
description:
Update openssh package to 4.7.1 (4.7p1).
Changes since OpenSSH 4.6:
============================
Security bugs resolved in this release:
* Prevent ssh(1) from using a trusted X11 cookie if creation of an
untrusted cookie fails; found and fixed by Jan Pechanec.
Other changes, new functionality and fixes in this release:
* sshd(8) in new installations defaults to SSH Protocol 2 only.
Existing installations are unchanged.
* The SSH channel window size has been increased, and both ssh(1)
sshd(8) now send window updates more aggressively. These improves
performance on high-BDP (Bandwidth Delay Product) networks.
* ssh(1) and sshd(8) now preserve MAC contexts between packets, which
saves 2 hash calls per packet and results in 12-16% speedup for
arcfour256/hmac-md5.
* A new MAC algorithm has been added, UMAC-64 (RFC4418) as
"umac-64%openssh.com@localhost". UMAC-64 has been measured to be
approximately 20% faster than HMAC-MD5.
* A -K flag was added to ssh(1) to set GSSAPIAuthentication=Yes
* Failure to establish a ssh(1) TunnelForward is now treated as a
fatal error when the ExitOnForwardFailure option is set.
* ssh(1) returns a sensible exit status if the control master goes
away without passing the full exit status. (bz #1261)
* The following bugs have been fixed in this release:
- When using a ProxyCommand in ssh(1), set the outgoing hostname with
gethostname(2), allowing hostbased authentication to work (bz #616)
- Make scp(1) skip FIFOs rather than hanging (bz #856)
- Encode non-printing characters in scp(1) filenames.
these could cause copies to be aborted with a "protocol error"
(bz #891)
- Handle SIGINT in sshd(8) privilege separation child process to
ensure that wtmp and lastlog records are correctly updated
(bz #1196)
- Report GSSAPI mechanism in errors, for libraries that support
multiple mechanisms (bz #1220)
- Improve documentation for ssh-add(1)'s -d option (bz #1224)
- Rearrange and tidy GSSAPI code, removing server-only code being
linked into the client. (bz #1225)
- Delay execution of ssh(1)'s LocalCommand until after all forwadings
have been established. (bz #1232)
- In scp(1), do not truncate non-regular files (bz #1236)
- Improve exit message from ControlMaster clients. (bz #1262)
- Prevent sftp-server(8) from reading until it runs out of buffer
space, whereupon it would exit with a fatal error. (bz #1286)
* Portable OpenSSH bugs fixed:
- Fix multiple inclusion of paths.h on AIX 5.1 systems. (bz #1243)
- Implement getpeereid for Solaris using getpeerucred. Solaris
systems will now refuse ssh-agent(1) and ssh(1) ControlMaster
clients from different, non-root users (bz #1287)
- Fix compilation warnings by including string.h if found. (bz #1294)
- Remove redefinition of _res in getrrsetbyname.c for platforms that
already define it. (bz #1299)
- Fix spurious "chan_read_failed for istate 3" errors from sshd(8),
a side-effect of the "hang on exit" fix introduced in 4.6p1.
(bz #1306)
- pam_end() was not being called if authentication failed (bz #1322)
- Fix SELinux support when SELinux is in permissive mode. Previously
sshd(8) was treating SELinux errors as always fatal. (bz #1325)
- Ensure that pam_setcred(..., PAM_ESTABLISH_CRED) is called before
pam_setcred(..., PAM_REINITIALIZE_CRED), fixing pam_dhkeys.
(bz #1339)
- Fix privilege separation on QNX - pre-auth only, this platform does
not support file descriptior passing needed for post-auth privilege
separation. (bz #1343)
diffstat:
security/openssh/Makefile | 7 +++----
security/openssh/distinfo | 16 +++++++---------
security/openssh/options.mk | 4 ++--
security/openssh/patches/patch-ax | 21 ---------------------
security/openssh/patches/patch-ba | 25 -------------------------
5 files changed, 12 insertions(+), 61 deletions(-)
diffs (115 lines):
diff -r 482bf457f352 -r c3e47e847ede security/openssh/Makefile
--- a/security/openssh/Makefile Fri Sep 07 10:39:35 2007 +0000
+++ b/security/openssh/Makefile Fri Sep 07 10:41:11 2007 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.181 2007/07/31 02:29:38 taca Exp $
+# $NetBSD: Makefile,v 1.182 2007/09/07 10:41:11 taca Exp $
-DISTNAME= openssh-4.6p1
-PKGNAME= openssh-4.6.1
-PKGREVISION= 1
+DISTNAME= openssh-4.7p1
+PKGNAME= openssh-4.7.1
SVR4_PKGNAME= ossh
CATEGORIES= security
MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
diff -r 482bf457f352 -r c3e47e847ede security/openssh/distinfo
--- a/security/openssh/distinfo Fri Sep 07 10:39:35 2007 +0000
+++ b/security/openssh/distinfo Fri Sep 07 10:41:11 2007 +0000
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.63 2007/07/31 02:29:39 taca Exp $
+$NetBSD: distinfo,v 1.64 2007/09/07 10:41:11 taca Exp $
-SHA1 (openssh-4.6p1-hpn12v16.diff.gz) = a10ed53ad92e2e3106da7050c3b0076a2cd1c0ca
-RMD160 (openssh-4.6p1-hpn12v16.diff.gz) = 421e2c189c2e9b378f6ee3944183355f9f18d5e8
-Size (openssh-4.6p1-hpn12v16.diff.gz) = 15944 bytes
-SHA1 (openssh-4.6p1.tar.gz) = b2aefeb1861b4688b1777436035239ec32a47da8
-RMD160 (openssh-4.6p1.tar.gz) = 2959ac56c9175275bf82847ec64b2b169aedcb82
-Size (openssh-4.6p1.tar.gz) = 967395 bytes
+SHA1 (openssh-4.7p1-hpn12v18.diff.gz) = 6083da9c1d537a2a3bc7f1fa00a99142407a063e
+RMD160 (openssh-4.7p1-hpn12v18.diff.gz) = fec2096269a16e05667f931a073fd13f096742b5
+Size (openssh-4.7p1-hpn12v18.diff.gz) = 16094 bytes
+SHA1 (openssh-4.7p1.tar.gz) = 58357db9e64ba6382bef3d73d1d386fcdc0508f4
+RMD160 (openssh-4.7p1.tar.gz) = b828e79d3d1a931cb77651ec7d7276cf3ba22d90
+Size (openssh-4.7p1.tar.gz) = 991119 bytes
SHA1 (patch-aa) = 8b7a16e9a63cfff3b73d70b9cebb6627b96396e0
SHA1 (patch-ab) = a105c238c8dc774ed6992791b131da56824869e9
SHA1 (patch-ac) = dfb054ef02fbb5d206f6adaf82944f16da20eaf9
@@ -28,5 +28,3 @@
SHA1 (patch-au) = 6cfdfc531e2267017a15e66ea48c7ecfa2a3926f
SHA1 (patch-av) = 00f54c3fae7318b278b16bd0b01881a90bd31365
SHA1 (patch-aw) = 2a88b7563c6f52163c6c5f716e437ecaea613a30
-SHA1 (patch-ax) = a6708b956341ff373835a6789541c7547b3b85e5
-SHA1 (patch-ba) = 35a4f544b52403bf9b3f0943d3f975fc8f350173
diff -r 482bf457f352 -r c3e47e847ede security/openssh/options.mk
--- a/security/openssh/options.mk Fri Sep 07 10:39:35 2007 +0000
+++ b/security/openssh/options.mk Fri Sep 07 10:41:11 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.13 2007/03/18 12:38:45 taca Exp $
+# $NetBSD: options.mk,v 1.14 2007/09/07 10:41:12 taca Exp $
.include "../../mk/bsd.prefs.mk"
@@ -17,7 +17,7 @@
.endif
.if !empty(PKG_OPTIONS:Mhpn-patch)
-PATCHFILES= openssh-4.6p1-hpn12v16.diff.gz
+PATCHFILES= openssh-4.7p1-hpn12v18.diff.gz
PATCH_SITES= http://www.psc.edu/networking/projects/hpn-ssh/
PATCH_DIST_STRIP= -p1
.endif
diff -r 482bf457f352 -r c3e47e847ede security/openssh/patches/patch-ax
--- a/security/openssh/patches/patch-ax Fri Sep 07 10:39:35 2007 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-$NetBSD: patch-ax,v 1.3 2007/03/16 05:46:07 cjs Exp $
-
-# http://bugzilla.mindrot.org/show_bug.cgi?id=1299
-
---- openbsd-compat/getrrsetbyname.c.orig 2006-09-02 14:32:40.000000000 +0900
-+++ openbsd-compat/getrrsetbyname.c 2007-03-16 14:07:32.000000000 +0900
-@@ -67,14 +67,6 @@
- #endif
- #define _THREAD_PRIVATE(a,b,c) (c)
-
--/* to avoid conflicts where a platform already has _res */
--#ifdef _res
--# undef _res
--#endif
--#define _res _compat_res
--
--struct __res_state _res;
--
- /* Necessary functions and macros */
-
- /*
diff -r 482bf457f352 -r c3e47e847ede security/openssh/patches/patch-ba
--- a/security/openssh/patches/patch-ba Fri Sep 07 10:39:35 2007 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-$NetBSD: patch-ba,v 1.1 2007/07/31 02:29:39 taca Exp $
-
-# https://bugzilla.mindrot.org/show_bug.cgi?id=1306
-
---- channels.c.orig 2007-07-31 09:48:58.000000000 +0900
-+++ channels.c
-@@ -1471,14 +1471,13 @@ static int
- channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset)
- {
- char buf[CHAN_RBUF];
-- int len;
-+ int len, force;
-
-- if (c->rfd != -1 &&
-- (c->detach_close || FD_ISSET(c->rfd, readset))) {
-+ force = c->isatty && c->detach_close && c->istate != CHAN_INPUT_CLOSED;
-+ if (c->rfd != -1 && (force || FD_ISSET(c->rfd, readset))) {
- errno = 0;
- len = read(c->rfd, buf, sizeof(buf));
-- if (len < 0 && (errno == EINTR ||
-- (errno == EAGAIN && !(c->isatty && c->detach_close))))
-+ if (len < 0 && (errno == EINTR || (errno == EAGAIN && !force)))
- return 1;
- #ifndef PTY_ZEROREAD
- if (len <= 0) {
Home |
Main Index |
Thread Index |
Old Index