author: Jacques Vidrine <nectar@FreeBSD.org> 2003-09-17 16:07:48 +0000
committer: Jacques Vidrine <nectar@FreeBSD.org> 2003-09-17 16:07:48 +0000
commit: 17f5a3c9fe04b53e16e5e42247e2cb8c0fb38d2f (patch)
tree: 33b79f1b18d452ba14981f3e0538e9720e2b8b90 /security/openssh
parent: 07a618199ee978db67705d7c0d271f30e83999f6 (diff)
download: ports-17f5a3c9fe04b53e16e5e42247e2cb8c0fb38d2f.tar.gz
ports-17f5a3c9fe04b53e16e5e42247e2cb8c0fb38d2f.zip
5 files changed, 128 insertions, 11 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index 1047bd57c548..e1bd9bfaec6d 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	openssh
 PORTVERSION=	3.6.1
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
 		ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
diff --git a/security/openssh/files/patch-deattack.c b/security/openssh/files/patch-deattack.c
new file mode 100644
index 000000000000..987f1d2f959b
--- /dev/null
+++ b/security/openssh/files/patch-deattack.c
@@ -0,0 +1,17 @@
+--- deattack.c	Tue Mar  5 01:53:05 2002
++++ deattack.c	Wed Sep 17 00:18:30 2003
+@@ -100,12 +100,12 @@ detect_attack(u_char *buf, u_int32_t len
+ 
+ 	if (h == NULL) {
+ 		debug("Installing crc compensation attack detector.");
++		h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE);
+ 		n = l;
+-		h = (u_int16_t *) xmalloc(n * HASH_ENTRYSIZE);
+ 	} else {
+ 		if (l > n) {
++			h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE);
+ 			n = l;
+-			h = (u_int16_t *) xrealloc(h, n * HASH_ENTRYSIZE);
+ 		}
+ 	}
+ 
diff --git a/security/openssh/files/patch-misc.c b/security/openssh/files/patch-misc.c
new file mode 100644
index 000000000000..b40e6d62ba4c
--- /dev/null
+++ b/security/openssh/files/patch-misc.c
@@ -0,0 +1,28 @@
+--- misc.c	Mon Dec 23 02:44:36 2002
++++ misc.c	Wed Sep 17 00:50:27 2003
+@@ -308,18 +308,21 @@ addargs(arglist *args, char *fmt, ...)
+ {
+ 	va_list ap;
+ 	char buf[1024];
++	int nalloc;
+ 
+ 	va_start(ap, fmt);
+ 	vsnprintf(buf, sizeof(buf), fmt, ap);
+ 	va_end(ap);
+ 
++	nalloc = args->nalloc;
+ 	if (args->list == NULL) {
+-		args->nalloc = 32;
++		nalloc = 32;
+ 		args->num = 0;
+-	} else if (args->num+2 >= args->nalloc)
+-		args->nalloc *= 2;
++	} else if (args->num+2 >= nalloc)
++		nalloc *= 2;
+ 
+-	args->list = xrealloc(args->list, args->nalloc * sizeof(char *));
++	args->list = xrealloc(args->list, nalloc * sizeof(char *));
++	args->nalloc = nalloc;
+ 	args->list[args->num++] = xstrdup(buf);
+ 	args->list[args->num] = NULL;
+ }
diff --git a/security/openssh/files/patch-session.c b/security/openssh/files/patch-session.c
index 0c2331485304..f0b3ce8d62cb 100644
--- a/security/openssh/files/patch-session.c
+++ b/security/openssh/files/patch-session.c
@@ -1,5 +1,5 @@
---- session.c.orig	Mon Mar 31 16:16:15 2003
-+++ session.c	Mon Mar 31 16:18:09 2003
+--- session.c.orig	Wed Sep 17 10:53:49 2003
++++ session.c	Wed Sep 17 10:59:52 2003
 @@ -58,6 +58,13 @@
  #include "session.h"
  #include "monitor_wrap.h"
@@ -234,7 +234,35 @@
  	return 0;
  }
  
-@@ -818,12 +971,39 @@
+@@ -739,7 +892,7 @@
+ child_set_env(char ***envp, u_int *envsizep, const char *name,
+ 	const char *value)
+ {
+-	u_int i, namelen;
++	u_int i, namelen, envsize;
+ 	char **env;
+ 
+ 	/*
+@@ -757,12 +910,14 @@
+ 		xfree(env[i]);
+ 	} else {
+ 		/* New variable.  Expand if necessary. */
+-		if (i >= (*envsizep) - 1) {
+-			if (*envsizep >= 1000)
++		envsize = *envsizep;
++		if (i >= envsize - 1) {
++			if (envsize >= 1000)
+ 				fatal("child_set_env: too many env vars,"
+ 				    " skipping: %.100s", name);
+-			(*envsizep) += 50;
+-			env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
++			envsize += 50;
++			env = (*envp) = xrealloc(env, envsize * sizeof(char *));
++			*envsizep = envsize;
+ 		}
+ 		/* Need to set the NULL pointer at end of array beyond the new slot. */
+ 		env[i + 1] = NULL;
+@@ -818,12 +973,39 @@
  	fclose(f);
  }
  
@@ -274,7 +302,7 @@
  	struct passwd *pw = s->pw;
  
  	/* Initialize the environment. */
-@@ -831,6 +1011,11 @@
+@@ -831,6 +1013,11 @@
  	env = xmalloc(envsize * sizeof(char *));
  	env[0] = NULL;
  
@@ -286,7 +314,7 @@
  	if (!options.use_login) {
  		/* Set basic environment. */
  		child_set_env(&env, &envsize, "USER", pw->pw_name);
-@@ -851,9 +1036,21 @@
+@@ -851,9 +1038,21 @@
  
  		/* Normal systems set SHELL by default. */
  		child_set_env(&env, &envsize, "SHELL", shell);
@@ -310,7 +338,7 @@
  
  	/* Set custom environment options from RSA authentication. */
  	if (!options.use_login) {
-@@ -903,6 +1100,10 @@
+@@ -903,6 +1102,10 @@
  		child_set_env(&env, &envsize, "KRB5CCNAME",
  		    s->authctxt->krb5_ticket_file);
  #endif
@@ -321,7 +349,7 @@
  	if (auth_sock_name != NULL)
  		child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
  		    auth_sock_name);
-@@ -1025,7 +1226,7 @@
+@@ -1025,7 +1228,7 @@
  	if (getuid() == 0 || geteuid() == 0) {
  #ifdef HAVE_LOGIN_CAP
  		if (setusercontext(lc, pw, pw->pw_uid,
@@ -330,7 +358,7 @@
  			perror("unable to set user context");
  			exit(1);
  		}
-@@ -1065,6 +1266,36 @@
+@@ -1065,6 +1268,36 @@
  	exit(1);
  }
  
@@ -367,7 +395,7 @@
  /*
   * Performs common processing for the child, such as setting up the
   * environment, closing extra file descriptors, setting the user and group
-@@ -1148,7 +1379,7 @@
+@@ -1148,7 +1381,7 @@
  	 * initgroups, because at least on Solaris 2.3 it leaves file
  	 * descriptors open.
  	 */
@@ -376,7 +404,7 @@
  		close(i);
  
  	/*
-@@ -1178,6 +1409,31 @@
+@@ -1178,6 +1411,31 @@
  			exit(1);
  #endif
  	}
diff --git a/security/openssh/files/patch-ssh-agent.c b/security/openssh/files/patch-ssh-agent.c
new file mode 100644
index 000000000000..f50ae308e03c
--- /dev/null
+++ b/security/openssh/files/patch-ssh-agent.c
@@ -0,0 +1,44 @@
+--- ssh-agent.c	Sat Mar 15 00:37:09 2003
++++ ssh-agent.c	Wed Sep 17 00:42:15 2003
+@@ -767,7 +767,7 @@ process_message(SocketEntry *e)
+ static void
+ new_socket(sock_type type, int fd)
+ {
+-	u_int i, old_alloc;
++	u_int i, old_alloc, new_alloc;
+ 
+ 	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
+ 		error("fcntl O_NONBLOCK: %s", strerror(errno));
+@@ -778,25 +778,26 @@ new_socket(sock_type type, int fd)
+ 	for (i = 0; i < sockets_alloc; i++)
+ 		if (sockets[i].type == AUTH_UNUSED) {
+ 			sockets[i].fd = fd;
+-			sockets[i].type = type;
+ 			buffer_init(&sockets[i].input);
+ 			buffer_init(&sockets[i].output);
+ 			buffer_init(&sockets[i].request);
++			sockets[i].type = type;
+ 			return;
+ 		}
+ 	old_alloc = sockets_alloc;
+-	sockets_alloc += 10;
++	new_alloc = sockets_alloc + 10;
+ 	if (sockets)
+-		sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
++		sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
+ 	else
+-		sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
+-	for (i = old_alloc; i < sockets_alloc; i++)
++		sockets = xmalloc(new_alloc * sizeof(sockets[0]));
++	for (i = old_alloc; i < new_alloc; i++)
+ 		sockets[i].type = AUTH_UNUSED;
+-	sockets[old_alloc].type = type;
++	sockets_alloc = new_alloc;
+ 	sockets[old_alloc].fd = fd;
+ 	buffer_init(&sockets[old_alloc].input);
+ 	buffer_init(&sockets[old_alloc].output);
+ 	buffer_init(&sockets[old_alloc].request);
++	sockets[old_alloc].type = type;
+ }
+ 
+ static int
author	Jacques Vidrine <nectar@FreeBSD.org>	2003-09-17 16:07:48 +0000
committer	Jacques Vidrine <nectar@FreeBSD.org>	2003-09-17 16:07:48 +0000
commit	17f5a3c9fe04b53e16e5e42247e2cb8c0fb38d2f (patch)
tree	33b79f1b18d452ba14981f3e0538e9720e2b8b90 /security/openssh
parent	07a618199ee978db67705d7c0d271f30e83999f6 (diff)
download	ports-17f5a3c9fe04b53e16e5e42247e2cb8c0fb38d2f.tar.gz ports-17f5a3c9fe04b53e16e5e42247e2cb8c0fb38d2f.zip