diff options
Diffstat (limited to 'net-misc')
-rw-r--r-- | net-misc/openssh/Manifest | 5 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-4.7_p1-CVE-2008-1483.patch | 16 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-4.7_p1-ForceCommand.patch | 24 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-4.7_p1-lpk-64bit.patch | 45 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-4.7_p1-packet-size.patch | 30 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-4.7p1-selinux.diff | 11 |
6 files changed, 131 insertions, 0 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index 876741a7..ea8d7d44 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -1,7 +1,12 @@ AUX openssh-4.4_p1-ldap-hpn-glue.patch 1538 RMD160 eba0400a328f23b9329429d2da65b80ead546d4d SHA1 7190e861e8be4f03ae42ad43ba1770fdca95d46a SHA256 63e9f729fbb40babdf5cd2b4d87f4d1cb5a9aaed60bf7a8c072c22f9a6fb36ab AUX openssh-4.5_p1-padlock.diff 1671 RMD160 39ba64e4395e26f6fa9a32ebd89e7524f3bda2a1 SHA1 ee46ce71be4a0a925a6c01889988bc6b014fc46f SHA256 ce6c2150522de13ba9f044810d80b4076eecced629182b893798d66a7dc68dc5 +AUX openssh-4.7_p1-CVE-2008-1483.patch 338 RMD160 b47fd4d07ae38c42a62c1abc740ff5477ef8fa53 SHA1 a77143c5203ce042d586bf4ecbcb1478016b03a5 SHA256 a9aa1c2ae2eae1b3cc54237aabdb5f2e9e74313d4c0b7151889002fd7950a9dc +AUX openssh-4.7_p1-ForceCommand.patch 939 RMD160 c1f8481d4f5afdf75f17472f7960e7043df336b7 SHA1 35398fa295ae4075d88ae830d09fbdc380802e26 SHA256 ac90408bf2d5fc9c008f13de560ab0e72428593b198df3bd30f257ee221d0e6a AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 RMD160 4e02e0a85c0e33c917ec8c22b4e1c173a9d7d79e SHA1 d8a81eb92a49763106cfa5b319c22c6f188508ef SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 AUX openssh-4.7_p1-engines.patch 4202 RMD160 33648508fc66d422eaea17ff5ed756ceb641083e SHA1 9b63b26544c13655ee60148f90e86b26085d61fd SHA256 0258978c9093a266d7db96c3203b7ed8b68437d0a5ce3378d6a1144f8a1e36d9 +AUX openssh-4.7_p1-lpk-64bit.patch 1096 RMD160 566e48f34b44add23e3d46456e54d6d3a453cac1 SHA1 83704313a423be33f9ac62499908b5da95c0d8f4 SHA256 442bb358ebeceaead8fd8a84c7c041f2bf7fb11ab623d74a902febeeb582903d +AUX openssh-4.7_p1-packet-size.patch 1130 RMD160 b604b500747f5b53c9ddc3950adfaca9af54cfff SHA1 ba13a01dceb5aadfa646c23b675b74b14123c68f SHA256 8d0c89ae533366d3f7808274eb4a46c969a51011d7c25e167e22a476d6b2f168 +AUX openssh-4.7p1-selinux.diff 541 RMD160 bcb8f1fef2ae8378e7000732223c6116e06e0d6f SHA1 395b4dcff3eb7b92582a4364e612fff87278e7bc SHA256 ef8d71c46059bdcc8487cad06914639a8237197561cc030d8eed3baf418cc810 AUX openssh_4.7p1-blacklist.patch 29059 RMD160 0bd01594f8174ebd8e55ffc56cfe9de09137509b SHA1 6057cfa1e4357f7b116149a793824902fa37efa6 SHA256 37d05f2f5957d121d00219f2fb79089d1e4488232e16e0fded9f4403d9b05c2c AUX sshd.confd 396 RMD160 029680b2281961130a815ef599750c4fc4e84987 SHA1 23c283d0967944b6125be26ed4628f49abf586b2 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 AUX sshd.pam_include 205 RMD160 6b20ea83c69ef613d75daf43515aaec88d4cd815 SHA1 122472d859c24f7c776bb10fbfcb0221146ed056 SHA256 8d59135e96f4eff6b80c143b82cced7beb0bbca19ff91b479f1ba92916243d5e diff --git a/net-misc/openssh/files/openssh-4.7_p1-CVE-2008-1483.patch b/net-misc/openssh/files/openssh-4.7_p1-CVE-2008-1483.patch new file mode 100644 index 00000000..8282bf1d --- /dev/null +++ b/net-misc/openssh/files/openssh-4.7_p1-CVE-2008-1483.patch @@ -0,0 +1,16 @@ +Ripped from Fedora for CVE-2008-1483 + +http://bugs.gentoo.org/214985 + +--- openssh-3.9p1/channels.c ++++ openssh-3.9p1/channels.c +@@ -2653,9 +2653,6 @@ + debug2("bind port %d: %.100s", port, strerror(errno)); + close(sock); + +- if (ai->ai_next) +- continue; +- + for (n = 0; n < num_socks; n++) { + close(socks[n]); + } diff --git a/net-misc/openssh/files/openssh-4.7_p1-ForceCommand.patch b/net-misc/openssh/files/openssh-4.7_p1-ForceCommand.patch new file mode 100644 index 00000000..93072236 --- /dev/null +++ b/net-misc/openssh/files/openssh-4.7_p1-ForceCommand.patch @@ -0,0 +1,24 @@ +security fix + +http://bugs.gentoo.org/215702 +ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.3/common/001_openssh.patch + +Index: usr.bin/ssh/session.c +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/session.c,v +retrieving revision 1.230 +diff -u -r1.230 session.c +--- usr.bin/ssh/session.c 22 Feb 2008 05:58:56 -0000 1.230 ++++ usr.bin/ssh/session.c 27 Mar 2008 10:54:55 -0000 +@@ -878,8 +878,9 @@ + do_xauth = + s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; + +- /* ignore _PATH_SSH_USER_RC for subsystems */ +- if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { ++ /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ ++ if (!s->is_subsystem && options.adm_forced_command == NULL && ++ (stat(_PATH_SSH_USER_RC, &st) >= 0)) { + snprintf(cmd, sizeof cmd, "%s -c '%s %s'", + shell, _PATH_BSHELL, _PATH_SSH_USER_RC); + if (debug_flag) diff --git a/net-misc/openssh/files/openssh-4.7_p1-lpk-64bit.patch b/net-misc/openssh/files/openssh-4.7_p1-lpk-64bit.patch new file mode 100644 index 00000000..836073f4 --- /dev/null +++ b/net-misc/openssh/files/openssh-4.7_p1-lpk-64bit.patch @@ -0,0 +1,45 @@ +http://bugs.gentoo.org/210110 + +--- servconf.c ++++ servconf.c +@@ -690,6 +690,7 @@ + { + char *cp, **charptr, *arg, *p; + int cmdline = 0, *intptr, value, n; ++ unsigned long lvalue, *longptr; + ServerOpCodes opcode; + u_short port; + u_int i, flags = 0; +@@ -704,6 +705,7 @@ + if (!arg || !*arg || *arg == '#') + return 0; + intptr = NULL; ++ longptr = NULL; + charptr = NULL; + opcode = parse_token(arg, filename, linenum, &flags); + +@@ -1421,11 +1423,20 @@ + *intptr = value; + break; + case sBindTimeout: +- intptr = (int *) &options->lpk.b_timeout.tv_sec; +- goto parse_int; ++ longptr = (unsigned long *) &options->lpk.b_timeout.tv_sec; ++parse_ulong: ++ arg = strdelim(&cp); ++ if (!arg || *arg == '\0') ++ fatal("%s line %d: missing integer value.", ++ filename, linenum); ++ lvalue = atol(arg); ++ if (*activep && *longptr == -1) ++ *longptr = lvalue; ++ break; ++ + case sSearchTimeout: +- intptr = (int *) &options->lpk.s_timeout.tv_sec; +- goto parse_int; ++ longptr = (unsigned long *) &options->lpk.s_timeout.tv_sec; ++ goto parse_ulong; + break; + case sLdapConf: + arg = cp; diff --git a/net-misc/openssh/files/openssh-4.7_p1-packet-size.patch b/net-misc/openssh/files/openssh-4.7_p1-packet-size.patch new file mode 100644 index 00000000..85023b4a --- /dev/null +++ b/net-misc/openssh/files/openssh-4.7_p1-packet-size.patch @@ -0,0 +1,30 @@ +Fix from upstream + +http://bugs.gentoo.org/212433 +https://bugzilla.mindrot.org/show_bug.cgi?id=1360 + +Index: clientloop.c +=================================================================== +RCS file: /usr/local/src/security/openssh/cvs/openssh/clientloop.c,v +retrieving revision 1.170 +diff -u -p -r1.170 clientloop.c +--- clientloop.c 28 Dec 2007 15:45:07 -0000 1.170 ++++ clientloop.c 28 Dec 2007 18:14:10 -0000 +@@ -1745,7 +1745,7 @@ client_request_forwarded_tcpip(const cha + } + c = channel_new("forwarded-tcpip", + SSH_CHANNEL_CONNECTING, sock, sock, -1, +- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, ++ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, + originator_address, 1); + xfree(originator_address); + xfree(listen_address); +@@ -1803,7 +1803,7 @@ client_request_agent(const char *request + return NULL; + c = channel_new("authentication agent connection", + SSH_CHANNEL_OPEN, sock, sock, -1, +- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0, ++ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, + "authentication agent connection", 1); + c->force_drain = 1; + return c; diff --git a/net-misc/openssh/files/openssh-4.7p1-selinux.diff b/net-misc/openssh/files/openssh-4.7p1-selinux.diff new file mode 100644 index 00000000..f1c5c872 --- /dev/null +++ b/net-misc/openssh/files/openssh-4.7p1-selinux.diff @@ -0,0 +1,11 @@ +diff -purN openssh-4.7p1.orig/configure.ac openssh-4.7p1/configure.ac +--- openssh-4.7p1.orig/configure.ac 2007-08-10 00:36:12.000000000 -0400 ++++ openssh-4.7p1/configure.ac 2008-03-31 19:38:54.548935620 -0400 +@@ -3211,6 +3211,7 @@ AC_ARG_WITH(selinux, + AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ], + AC_MSG_ERROR(SELinux support requires libselinux library)) + SSHDLIBS="$SSHDLIBS $LIBSELINUX" ++ LIBS="$LIBS $LIBSELINUX" + AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) + LIBS="$save_LIBS" + fi ] |