summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBertrand Jacquin <beber@meleeweb.net>2008-08-26 23:40:50 +0200
committerBertrand Jacquin <beber@meleeweb.net>2008-08-26 23:40:50 +0200
commitf83d725838b722c066f897bdc9c6c383b60c36ae (patch)
treec2aa09aebaf08a01f9f8eadc3f1cdb905f38c701
parentopenssh: forgot manifest (diff)
downloadportage-f83d725838b722c066f897bdc9c6c383b60c36ae.tar.xz
openssh: import upstream patches
-rw-r--r--net-misc/openssh/Manifest5
-rw-r--r--net-misc/openssh/files/openssh-4.7_p1-CVE-2008-1483.patch16
-rw-r--r--net-misc/openssh/files/openssh-4.7_p1-ForceCommand.patch24
-rw-r--r--net-misc/openssh/files/openssh-4.7_p1-lpk-64bit.patch45
-rw-r--r--net-misc/openssh/files/openssh-4.7_p1-packet-size.patch30
-rw-r--r--net-misc/openssh/files/openssh-4.7p1-selinux.diff11
6 files changed, 131 insertions, 0 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 876741a7..ea8d7d44 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,7 +1,12 @@
AUX openssh-4.4_p1-ldap-hpn-glue.patch 1538 RMD160 eba0400a328f23b9329429d2da65b80ead546d4d SHA1 7190e861e8be4f03ae42ad43ba1770fdca95d46a SHA256 63e9f729fbb40babdf5cd2b4d87f4d1cb5a9aaed60bf7a8c072c22f9a6fb36ab
AUX openssh-4.5_p1-padlock.diff 1671 RMD160 39ba64e4395e26f6fa9a32ebd89e7524f3bda2a1 SHA1 ee46ce71be4a0a925a6c01889988bc6b014fc46f SHA256 ce6c2150522de13ba9f044810d80b4076eecced629182b893798d66a7dc68dc5
+AUX openssh-4.7_p1-CVE-2008-1483.patch 338 RMD160 b47fd4d07ae38c42a62c1abc740ff5477ef8fa53 SHA1 a77143c5203ce042d586bf4ecbcb1478016b03a5 SHA256 a9aa1c2ae2eae1b3cc54237aabdb5f2e9e74313d4c0b7151889002fd7950a9dc
+AUX openssh-4.7_p1-ForceCommand.patch 939 RMD160 c1f8481d4f5afdf75f17472f7960e7043df336b7 SHA1 35398fa295ae4075d88ae830d09fbdc380802e26 SHA256 ac90408bf2d5fc9c008f13de560ab0e72428593b198df3bd30f257ee221d0e6a
AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 RMD160 4e02e0a85c0e33c917ec8c22b4e1c173a9d7d79e SHA1 d8a81eb92a49763106cfa5b319c22c6f188508ef SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7
AUX openssh-4.7_p1-engines.patch 4202 RMD160 33648508fc66d422eaea17ff5ed756ceb641083e SHA1 9b63b26544c13655ee60148f90e86b26085d61fd SHA256 0258978c9093a266d7db96c3203b7ed8b68437d0a5ce3378d6a1144f8a1e36d9
+AUX openssh-4.7_p1-lpk-64bit.patch 1096 RMD160 566e48f34b44add23e3d46456e54d6d3a453cac1 SHA1 83704313a423be33f9ac62499908b5da95c0d8f4 SHA256 442bb358ebeceaead8fd8a84c7c041f2bf7fb11ab623d74a902febeeb582903d
+AUX openssh-4.7_p1-packet-size.patch 1130 RMD160 b604b500747f5b53c9ddc3950adfaca9af54cfff SHA1 ba13a01dceb5aadfa646c23b675b74b14123c68f SHA256 8d0c89ae533366d3f7808274eb4a46c969a51011d7c25e167e22a476d6b2f168
+AUX openssh-4.7p1-selinux.diff 541 RMD160 bcb8f1fef2ae8378e7000732223c6116e06e0d6f SHA1 395b4dcff3eb7b92582a4364e612fff87278e7bc SHA256 ef8d71c46059bdcc8487cad06914639a8237197561cc030d8eed3baf418cc810
AUX openssh_4.7p1-blacklist.patch 29059 RMD160 0bd01594f8174ebd8e55ffc56cfe9de09137509b SHA1 6057cfa1e4357f7b116149a793824902fa37efa6 SHA256 37d05f2f5957d121d00219f2fb79089d1e4488232e16e0fded9f4403d9b05c2c
AUX sshd.confd 396 RMD160 029680b2281961130a815ef599750c4fc4e84987 SHA1 23c283d0967944b6125be26ed4628f49abf586b2 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41
AUX sshd.pam_include 205 RMD160 6b20ea83c69ef613d75daf43515aaec88d4cd815 SHA1 122472d859c24f7c776bb10fbfcb0221146ed056 SHA256 8d59135e96f4eff6b80c143b82cced7beb0bbca19ff91b479f1ba92916243d5e
diff --git a/net-misc/openssh/files/openssh-4.7_p1-CVE-2008-1483.patch b/net-misc/openssh/files/openssh-4.7_p1-CVE-2008-1483.patch
new file mode 100644
index 00000000..8282bf1d
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.7_p1-CVE-2008-1483.patch
@@ -0,0 +1,16 @@
+Ripped from Fedora for CVE-2008-1483
+
+http://bugs.gentoo.org/214985
+
+--- openssh-3.9p1/channels.c
++++ openssh-3.9p1/channels.c
+@@ -2653,9 +2653,6 @@
+ debug2("bind port %d: %.100s", port, strerror(errno));
+ close(sock);
+
+- if (ai->ai_next)
+- continue;
+-
+ for (n = 0; n < num_socks; n++) {
+ close(socks[n]);
+ }
diff --git a/net-misc/openssh/files/openssh-4.7_p1-ForceCommand.patch b/net-misc/openssh/files/openssh-4.7_p1-ForceCommand.patch
new file mode 100644
index 00000000..93072236
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.7_p1-ForceCommand.patch
@@ -0,0 +1,24 @@
+security fix
+
+http://bugs.gentoo.org/215702
+ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/001_openssh.patch
+
+Index: usr.bin/ssh/session.c
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/session.c,v
+retrieving revision 1.230
+diff -u -r1.230 session.c
+--- usr.bin/ssh/session.c 22 Feb 2008 05:58:56 -0000 1.230
++++ usr.bin/ssh/session.c 27 Mar 2008 10:54:55 -0000
+@@ -878,8 +878,9 @@
+ do_xauth =
+ s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
+
+- /* ignore _PATH_SSH_USER_RC for subsystems */
+- if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
++ /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
++ if (!s->is_subsystem && options.adm_forced_command == NULL &&
++ (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
+ snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
+ shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
+ if (debug_flag)
diff --git a/net-misc/openssh/files/openssh-4.7_p1-lpk-64bit.patch b/net-misc/openssh/files/openssh-4.7_p1-lpk-64bit.patch
new file mode 100644
index 00000000..836073f4
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.7_p1-lpk-64bit.patch
@@ -0,0 +1,45 @@
+http://bugs.gentoo.org/210110
+
+--- servconf.c
++++ servconf.c
+@@ -690,6 +690,7 @@
+ {
+ char *cp, **charptr, *arg, *p;
+ int cmdline = 0, *intptr, value, n;
++ unsigned long lvalue, *longptr;
+ ServerOpCodes opcode;
+ u_short port;
+ u_int i, flags = 0;
+@@ -704,6 +705,7 @@
+ if (!arg || !*arg || *arg == '#')
+ return 0;
+ intptr = NULL;
++ longptr = NULL;
+ charptr = NULL;
+ opcode = parse_token(arg, filename, linenum, &flags);
+
+@@ -1421,11 +1423,20 @@
+ *intptr = value;
+ break;
+ case sBindTimeout:
+- intptr = (int *) &options->lpk.b_timeout.tv_sec;
+- goto parse_int;
++ longptr = (unsigned long *) &options->lpk.b_timeout.tv_sec;
++parse_ulong:
++ arg = strdelim(&cp);
++ if (!arg || *arg == '\0')
++ fatal("%s line %d: missing integer value.",
++ filename, linenum);
++ lvalue = atol(arg);
++ if (*activep && *longptr == -1)
++ *longptr = lvalue;
++ break;
++
+ case sSearchTimeout:
+- intptr = (int *) &options->lpk.s_timeout.tv_sec;
+- goto parse_int;
++ longptr = (unsigned long *) &options->lpk.s_timeout.tv_sec;
++ goto parse_ulong;
+ break;
+ case sLdapConf:
+ arg = cp;
diff --git a/net-misc/openssh/files/openssh-4.7_p1-packet-size.patch b/net-misc/openssh/files/openssh-4.7_p1-packet-size.patch
new file mode 100644
index 00000000..85023b4a
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.7_p1-packet-size.patch
@@ -0,0 +1,30 @@
+Fix from upstream
+
+http://bugs.gentoo.org/212433
+https://bugzilla.mindrot.org/show_bug.cgi?id=1360
+
+Index: clientloop.c
+===================================================================
+RCS file: /usr/local/src/security/openssh/cvs/openssh/clientloop.c,v
+retrieving revision 1.170
+diff -u -p -r1.170 clientloop.c
+--- clientloop.c 28 Dec 2007 15:45:07 -0000 1.170
++++ clientloop.c 28 Dec 2007 18:14:10 -0000
+@@ -1745,7 +1745,7 @@ client_request_forwarded_tcpip(const cha
+ }
+ c = channel_new("forwarded-tcpip",
+ SSH_CHANNEL_CONNECTING, sock, sock, -1,
+- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
++ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
+ originator_address, 1);
+ xfree(originator_address);
+ xfree(listen_address);
+@@ -1803,7 +1803,7 @@ client_request_agent(const char *request
+ return NULL;
+ c = channel_new("authentication agent connection",
+ SSH_CHANNEL_OPEN, sock, sock, -1,
+- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
++ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
+ "authentication agent connection", 1);
+ c->force_drain = 1;
+ return c;
diff --git a/net-misc/openssh/files/openssh-4.7p1-selinux.diff b/net-misc/openssh/files/openssh-4.7p1-selinux.diff
new file mode 100644
index 00000000..f1c5c872
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.7p1-selinux.diff
@@ -0,0 +1,11 @@
+diff -purN openssh-4.7p1.orig/configure.ac openssh-4.7p1/configure.ac
+--- openssh-4.7p1.orig/configure.ac 2007-08-10 00:36:12.000000000 -0400
++++ openssh-4.7p1/configure.ac 2008-03-31 19:38:54.548935620 -0400
+@@ -3211,6 +3211,7 @@ AC_ARG_WITH(selinux,
+ AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
+ AC_MSG_ERROR(SELinux support requires libselinux library))
+ SSHDLIBS="$SSHDLIBS $LIBSELINUX"
++ LIBS="$LIBS $LIBSELINUX"
+ AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
+ LIBS="$save_LIBS"
+ fi ]