cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

upgrade to ssh 1.2.27

Browse Source
This commit is contained in:
brad 1999-05-14 18:35:25 +00:00
parent a3085a7bff
commit 974c8026f9
8 changed files with 40 additions and 412 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
security/ssh/Makefile
View File

@ -1,6 +1,6 @@
# $OpenBSD: Makefile,v 1.32 1999/05/14 05:27:30 brad Exp $
# $OpenBSD: Makefile,v 1.33 1999/05/14 18:35:25 brad Exp $
DISTNAME= ssh-1.2.26
DISTNAME= ssh-1.2.27
CATEGORIES= security net
MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/login/ssh/ \
ftp://ftp.cs.hut.fi/pub/ssh/
@ -58,7 +58,6 @@ CONFIGURE_ARGS+= --with-secureid
# Don't use IDEA. IDEA can be freely used for non-commercial use. However,
# commercial use may require a licence in a number of countries
# Warning: untested !
#
.if defined(DONT_USE_IDEA) && ${DONT_USE_IDEA} == YES
CONFIGURE_ARGS+= --without-idea
@ -76,8 +75,8 @@ post-patch:
@${RM} ${PATCHDIR}/patch-rsaref2
.endif
.if !defined(NO_WARNINGS)
fetch-depends:
.if !defined(NO_WARNINGS)
.if !defined(USA_RESIDENT) || ${USA_RESIDENT} != YES && ${USA_RESIDENT} != NO
@${ECHO}
@${ECHO} You must set variable USA_RESIDENT to YES if you are a USA

6
security/ssh/files/md5
View File

@ -1,6 +1,6 @@
MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d
MD5 (ssh-1.2.26.tar.gz) = 2ee46d454015dd01c5e8f074eabf0245
MD5 (ssh-1.2.27.tar.gz) = c22bc000bee0f7d6f4845eab72a81395
RMD160 (rsaref2.tar.gz) = 282d62321c50ddc3cefb8bab924200594d24af0c
RMD160 (ssh-1.2.26.tar.gz) = d825e10c715db03d73f4626203408616bc2f412a
RMD160 (ssh-1.2.27.tar.gz) = b2295e38551f8cc479e0a8e6081ae4312bf946fb
SHA1 (rsaref2.tar.gz) = 0b1e58ed2dd82bed07fe80c01c3cfa8558dc745f
SHA1 (ssh-1.2.26.tar.gz) = 816045e0a9bde95f6f733479693302b7d0415422
SHA1 (ssh-1.2.27.tar.gz) = 0e7d59c6a62b094bd51818599ae24f7de3462d14

12
security/ssh/patches/patch-ab
View File

@ -1,6 +1,6 @@
--- configure.orig Wed Jul 8 09:41:14 1998
+++ configure Sun Jul 12 17:48:11 1998
@@ -1996,13 +1996,6 @@
--- configure.orig Fri May 14 14:00:26 1999
+++ configure Fri May 14 14:04:02 1999
@@ -1989,13 +1989,6 @@
export CFLAGS CC
@ -12,9 +12,9 @@
-
-
echo $ac_n "checking that the compiler works""... $ac_c" 1>&6
echo "configure:2008: checking that the compiler works" >&5
echo "configure:2001: checking that the compiler works" >&5
if test "$cross_compiling" = yes; then
@@ -7740,7 +7733,7 @@
@@ -7691,7 +7684,7 @@
cat >> $CONFIG_STATUS <<EOF
@ -23,7 +23,7 @@
EOF
cat >> $CONFIG_STATUS <<\EOF
for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
@@ -7944,6 +7937,8 @@
@@ -7895,6 +7888,8 @@
done
for ac_config_dir in gmp-2.0.2-ssh-2; do

18
security/ssh/patches/patch-ac
View File

@ -1,6 +1,6 @@
--- Makefile.in.orig Wed Jul 8 09:40:39 1998
+++ Makefile.in Sun Jul 12 17:48:12 1998
@@ -294,12 +294,17 @@
--- Makefile.in.orig Wed May 12 07:19:31 1999
+++ Makefile.in Fri May 14 14:06:10 1999
@@ -301,12 +301,17 @@
SHELL = /bin/sh
GMPDIR = gmp-2.0.2-ssh-2
@ -22,7 +22,7 @@
RSAREFDIR = rsaref2
RSAREFSRCDIR = $(RSAREFDIR)/source
@@ -404,7 +409,7 @@
@@ -411,7 +416,7 @@
$(CC) -o rfc-pg rfc-pg.o
.c.o:
@ -31,7 +31,7 @@
sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
-rm -f sshd
@@ -447,19 +452,19 @@
@@ -454,19 +459,19 @@
sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
chmod +x make-ssh-known-hosts
@ -64,7 +64,7 @@
$(RSAREFSRCDIR)/librsaref.a:
-if test '!' -d $(RSAREFDIR); then \
@@ -516,7 +521,7 @@
@@ -523,7 +528,7 @@
# (otherwise it can only log in as the user it runs as, and must be
# bound to a non-privileged port). Also, password authentication may
# not be available if non-root and using shadow passwords.
@ -73,7 +73,7 @@
-rm -f $(install_prefix)$(bindir)/ssh1.old
-chmod 755 $(install_prefix)$(bindir)/ssh1
-chmod 755 $(install_prefix)$(bindir)/ssh
@@ -672,15 +677,15 @@
@@ -679,15 +684,15 @@
clean:
-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
@ -93,7 +93,7 @@
dist: dist-free
@@ -709,12 +714,12 @@
@@ -716,12 +721,12 @@
-mkdir $(DISTNAME)
cp $(DISTFILES) $(DISTNAME)
for i in $(DISTSRCS); do cp $(srcdir)/$$i $(DISTNAME); done
@ -110,7 +110,7 @@
#ifdef F_SECURE_COMMERCIAL
#
@@ -742,7 +747,7 @@
@@ -749,7 +754,7 @@
(echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
depend:

175
security/ssh/patches/patch-ag
View File

@ -1,174 +1,23 @@
--- sshconnect.c.orig Wed Jul 8 11:40:38 1998
+++ sshconnect.c Mon Dec 7 23:30:11 1998
@@ -282,7 +282,7 @@
/* Child. Permanently give up superuser privileges. */
if (setuid(getuid()) < 0)
- fatal("setuid: %s", strerror(errno));
+ fatal("setuid: %.100s", strerror(errno));
/* Redirect stdin and stdout. */
close(pin[1]);
@@ -339,6 +339,12 @@
--- sshconnect.c.orig Fri May 14 14:07:58 1999
+++ sshconnect.c Fri May 14 14:11:08 1999
@@ -347,6 +347,12 @@
{
struct sockaddr_in sin;
int p;
+#if defined(__FreeBSD__) || defined(__OpenBSD__) && !defined(SOCKS)
+ p = 1023; /* Compat with old FreeBSD */
+ sock = rresvport(&p);
+ if (sock < 0)
+ p = 1023; /* Compat with old FreeBSD */
+ sock = rresvport(&p);
+ if (sock < 0)
+ fatal("rresvport: %.100s", strerror(errno));
+#else
for (p = 1023; p > 512; p--)
{
sock = socket(AF_INET, SOCK_STREAM, 0);
@@ -366,6 +372,7 @@
}
fatal("bind: %.100s", strerror(errno));
}
{
sock = socket(AF_INET, SOCK_STREAM, 0);
@@ -374,6 +380,7 @@
}
fatal("bind: %.100s", strerror(errno));
}
+#endif
debug("Allocated local port %d.", p);
}
else
@@ -944,7 +951,7 @@
if (!ssh_context)
{
if ((r = krb5_init_context(&ssh_context)))
- fatal("Kerberos V5: %s while initializing krb5.", error_message(r));
+ fatal("Kerberos V5: %.100s while initializing krb5.", error_message(r));
krb5_init_ets(ssh_context);
}
@@ -959,14 +966,14 @@
"host", KRB5_NT_SRV_HST,
&creds.server)))
{
- debug("Kerberos V5: error while constructing service name: %s.",
+ debug("Kerberos V5: error while constructing service name: %.100s.",
error_message(r));
goto cleanup;
}
if ((r = krb5_cc_get_principal(ssh_context, ccache,
&creds.client)))
{
- debug("Kerberos V5: failure on principal (%s).",
+ debug("Kerberos V5: failure on principal (%.100s).",
error_message(r));
goto cleanup;
}
@@ -975,7 +982,7 @@
if ((r = krb5_get_credentials(ssh_context, 0,
ccache, &creds, &new_creds)))
{
- debug("Kerberos V5: failure on credentials(%s).",
+ debug("Kerberos V5: failure on credentials(%.100s).",
error_message(r));
goto cleanup;
}
@@ -987,7 +994,7 @@
{
if ((r = krb5_auth_con_init(ssh_context, &auth_context)))
{
- debug("Kerberos V5: failed to init auth_context (%s)",
+ debug("Kerberos V5: failed to init auth_context (%.100s)",
error_message(r));
goto cleanup;
}
@@ -998,7 +1005,7 @@
if ((r = krb5_mk_req_extended(ssh_context, &auth_context, ap_opts,
0, new_creds, &auth)))
{
- debug("Kerberos V5: failed krb5_mk_req_extended (%s)",
+ debug("Kerberos V5: failed krb5_mk_req_extended (%.100s)",
error_message(r));
goto cleanup;
}
@@ -1046,7 +1053,7 @@
if (r = krb5_rd_rep(ssh_context, auth_context, &auth, &repl))
{
- packet_disconnect("Kerberos V5 Authentication failed: %s",
+ packet_disconnect("Kerberos V5 Authentication failed: %.100s",
error_message(r));
goto cleanup;
}
@@ -1090,7 +1097,7 @@
krb5_data outbuf;
krb5_error_code r;
int type;
- char server_name[128];
+ char server_name[512];
remotehost = (char *) get_canonical_hostname();
memset(&outbuf, 0 , sizeof(outbuf));
@@ -1100,14 +1107,14 @@
if (!ssh_context)
{
if ((r = krb5_init_context(&ssh_context)))
- fatal("Kerberos V5: %s while initializing krb5.", error_message(r));
+ fatal("Kerberos V5: %.100s while initializing krb5.", error_message(r));
krb5_init_ets(ssh_context);
}
if (!auth_context)
{
if ((r = krb5_auth_con_init(ssh_context, &auth_context)))
{
- debug("Kerberos V5: failed to init auth_context (%s)",
+ debug("Kerberos V5: failed to init auth_context (%.100s)",
error_message(r));
return 0 ;
}
@@ -1124,7 +1131,7 @@
if ((r = krb5_cc_get_principal(ssh_context, ccache,
&client)))
{
- debug("Kerberos V5: failure on principal (%s)",
+ debug("Kerberos V5: failure on principal (%.100s)",
error_message(r));
return 0 ;
}
@@ -1136,7 +1143,7 @@
principal and point it to clients realm. This way
we pass over a TGT of the clients realm. */
- sprintf(server_name,"host/%s@", remotehost);
+ sprintf(server_name,"host/%.100s@", remotehost);
strncat(server_name,client->realm.data,client->realm.length);
krb5_parse_name(ssh_context,server_name, &server);
server->type = KRB5_NT_SRV_HST;
@@ -1145,7 +1152,7 @@
if ((r = krb5_fwd_tgt_creds(ssh_context, auth_context, 0, client,
server, ccache, 1, &outbuf)))
{
- debug("Kerberos V5 krb5_fwd_tgt_creds failure (%s)",
+ debug("Kerberos V5 krb5_fwd_tgt_creds failure (%.100s)",
error_message(r));
krb5_free_principal(ssh_context, client);
krb5_free_principal(ssh_context, server);
@@ -1416,7 +1423,7 @@
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
error("It is also possible that the host key has just been changed.");
error("Please contact your system administrator.");
- error("Add correct host key in %s to get rid of this message.",
+ error("Add correct host key in %.100s to get rid of this message.",
options->user_hostfile);
/* If strict host key checking is in use, the user will have to edit
@@ -1589,7 +1596,7 @@
if (!ssh_context)
{
if ((problem = krb5_init_context(&ssh_context)))
- fatal("Kerberos V5: %s while initializing krb5.",
+ fatal("Kerberos V5: %.100s while initializing krb5.",
error_message(problem));
krb5_init_ets(ssh_context);
}
@@ -1605,7 +1612,7 @@
if ((problem = krb5_cc_get_principal(ssh_context, ccache,
&client)))
{
- debug("Kerberos V5: failure on principal (%s).",
+ debug("Kerberos V5: failure on principal (%.100s).",
error_message(problem));
}
else {

14
security/ssh/patches/patch-ah
View File

@ -1,13 +1,13 @@
--- newchannels.c.orig Wed Jul 8 09:40:36 1998
+++ newchannels.c Sun Jul 12 17:48:14 1998
@@ -2388,6 +2388,10 @@
--- newchannels.c.orig Fri May 14 14:14:24 1999
+++ newchannels.c Fri May 14 14:15:11 1999
@@ -2411,6 +2411,10 @@
creating unix-domain sockets, you might not be able to use
ssh-agent connections on your system */
old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
+
+ /* Make sure the socket doesn't already exist, left over from a system
+ crash perhaps. */
+ unlink(channel_forwarded_auth_socket_name);
+
+ unlink(channel_forwarded_auth_socket_name);
if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0)
packet_disconnect("Agent socket bind failed: %.100s", strerror(errno));

87
security/ssh/patches/patch-ai
View File

@ -1,87 +0,0 @@
--- log-server.c.DIST Wed Jul 8 10:40:36 1998
+++ log-server.c Sun Nov 1 19:51:47 1998
@@ -134,7 +134,7 @@
if (log_quiet)
return;
va_start(args, fmt);
- vsprintf(buf, fmt, args);
+ vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
if (log_on_stderr)
fprintf(stderr, "log: %s\n", buf);
@@ -175,7 +175,7 @@
if (log_quiet)
return;
va_start(args, fmt);
- vsprintf(buf, fmt, args);
+ vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
if (log_on_stderr)
fprintf(stderr, "log: %s\n", buf);
@@ -191,7 +191,7 @@
if (!log_debug || log_quiet)
return;
va_start(args, fmt);
- vsprintf(buf, fmt, args);
+ vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
if (log_on_stderr)
fprintf(stderr, "debug: %s\n", buf);
@@ -207,7 +207,7 @@
if (log_quiet)
return;
va_start(args, fmt);
- vsprintf(buf, fmt, args);
+ vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
if (log_on_stderr)
fprintf(stderr, "error: %s\n", buf);
@@ -302,7 +302,7 @@
if (log_quiet)
exit(1);
va_start(args, fmt);
- vsprintf(buf, fmt, args);
+ vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
if (log_on_stderr)
fprintf(stderr, "fatal: %s\n", buf);
@@ -321,7 +321,7 @@
if (log_quiet)
exit(1);
va_start(args, fmt);
- vsprintf(buf, fmt, args);
+ vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
if (log_on_stderr)
fprintf(stderr, "fatal: %s\n", buf);
--- packet.c.DIST Wed Jul 8 10:40:37 1998
+++ packet.c Sun Nov 1 19:52:00 1998
@@ -693,7 +693,7 @@
va_list args;
va_start(args, fmt);
- vsprintf(buf, fmt, args);
+ vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
packet_start(SSH_MSG_DEBUG);
@@ -719,7 +719,7 @@
/* Format the message. Note that the caller must make sure the message
is of limited size. */
va_start(args, fmt);
- vsprintf(buf, fmt, args);
+ vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
/* Send the disconnect message to the other side, and wait for it to get
--- scp.c.DIST Wed Jul 8 10:40:38 1998
+++ scp.c Sun Nov 1 19:52:13 1998
@@ -332,7 +332,7 @@
char buf[1024];
va_start(ap, fmt);
- vsprintf(buf, fmt, ap);
+ vsnprintf(buf, sizeof(buf), fmt, ap);
va_end(ap);
fprintf(stderr, "%s\n", buf);
exit(255);

133
security/ssh/patches/patch-aj
View File

@ -1,133 +0,0 @@
--- auth-kerberos.c.orig Wed Jul 8 11:40:35 1998
+++ auth-kerberos.c Mon Dec 7 23:39:10 1998
@@ -63,11 +63,11 @@
krb5_auth_con_free(ssh_context, auth_context);
auth_context = 0;
}
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos krb5_auth_con_genaddrs (%s).", error_message(problem));
- packet_send_debug("Kerberos krb5_auth_con_genaddrs: %s",
+ debug("Kerberos krb5_auth_con_genaddrs (%.100s).", error_message(problem));
+ packet_send_debug("Kerberos krb5_auth_con_genaddrs: %.100s",
error_message(problem));
return 0;
}
@@ -80,11 +80,11 @@
krb5_auth_con_free(ssh_context, auth_context);
auth_context = 0;
}
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos V5 rd_req failed (%s).", error_message(problem));
- packet_send_debug("Kerberos V5 krb5_rd_req: %s", error_message(problem));
+ debug("Kerberos V5 rd_req failed (%.100s).", error_message(problem));
+ packet_send_debug("Kerberos V5 krb5_rd_req: %.100s", error_message(problem));
return 0;
}
@@ -93,22 +93,22 @@
if (problem)
{
krb5_free_ticket(ssh_context, ticket);
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos krb5_unparse_name failed (%s).", error_message(problem));
- packet_send_debug("Kerberos krb5_unparse_name: %s",
+ debug("Kerberos krb5_unparse_name failed (%.100s).", error_message(problem));
+ packet_send_debug("Kerberos krb5_unparse_name: %.100s",
error_message(problem));
return 0;
}
if (strncmp(server, "host/", strlen("host/")))
{
krb5_free_ticket(ssh_context, ticket);
- log_msg("Kerberos ticket authentication of user %s failed: invalid service name (%s)",
+ log_msg("Kerberos ticket authentication of user %.100s failed: invalid service name (%.100s)",
server_user, server);
- debug("Kerberos invalid service name (%s).", server);
- packet_send_debug("Kerberos invalid service name (%s).", server);
+ debug("Kerberos invalid service name (%.100s).", server);
+ packet_send_debug("Kerberos invalid service name (%.100s).", server);
krb5_xfree(server);
return 0;
}
@@ -122,11 +122,11 @@
if (problem)
{
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos krb5_copy_principal failed (%s).",
+ debug("Kerberos krb5_copy_principal failed (%.100s).",
error_message(problem));
- packet_send_debug("Kerberos krb5_copy_principal: %s",
+ packet_send_debug("Kerberos krb5_copy_principal: %.100s",
error_message(problem));
return 0;
}
@@ -135,11 +135,11 @@
/* Make the reply - so that mutual authentication can be done */
if ((problem = krb5_mk_rep(ssh_context, auth_context, &reply)))
{
- log_msg("Kerberos ticket authentication of user %s failed: %s",
+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s",
server_user, error_message(problem));
- debug("Kerberos krb5_mk_rep failed (%s).",
+ debug("Kerberos krb5_mk_rep failed (%.100s).",
error_message(problem));
- packet_send_debug("Kerberos krb5_mk_rep failed: %s",
+ packet_send_debug("Kerberos krb5_mk_rep failed: %.100s",
error_message(problem));
return 0;
}
@@ -160,7 +160,7 @@
{
krb5_creds **creds;
krb5_error_code retval;
- static char ccname[128];
+ static char ccname[512];
krb5_ccache ccache = NULL;
struct passwd *pwd;
extern char *ticket;
@@ -208,9 +208,9 @@
if (retval = krb5_rd_cred(ssh_context, auth_context, krb5data, &creds, NULL))
{
- log_msg("Kerberos V5 tgt rejected for user %.100s : %s", server_user,
+ log_msg("Kerberos V5 tgt rejected for user %.100s : %.100s", server_user,
error_message(retval));
- packet_send_debug("Kerberos V5 tgt rejected for %.100s : %s",
+ packet_send_debug("Kerberos V5 tgt rejected for %.100s : %.100s",
server_user,
error_message(retval));
packet_start(SSH_SMSG_FAILURE);
@@ -234,7 +234,7 @@
goto errout;
ticket = xmalloc(strlen(ccname) + 1);
- (void) sprintf(ticket, "%s", ccname);
+ (void) sprintf(ticket, "%.100s", ccname);
/* Successful */
packet_start(SSH_SMSG_SUCCESS);
@@ -244,9 +244,9 @@
errout:
krb5_free_tgt_creds(ssh_context, creds);
- log_msg("Kerberos V5 tgt rejected for user %.100s :%s", server_user,
+ log_msg("Kerberos V5 tgt rejected for user %.100s :%.100s", server_user,
error_message(retval));
- packet_send_debug("Kerberos V5 tgt rejected for %.100s : %s", server_user,
+ packet_send_debug("Kerberos V5 tgt rejected for %.100s : %.100s", server_user,
error_message(retval));
packet_start(SSH_SMSG_FAILURE);
packet_send();