From 6e92b681172f0b572e7431589d5f0146f1eecc51 Mon Sep 17 00:00:00 2001 From: Dirk Meyer Date: Wed, 26 Jun 2002 15:21:27 +0000 Subject: Security FIX, Please update to this Version. Options for both: USE_OPENSSL_BASE=yes uses an older opensssl in the base system. Options for portable: OPENSSH_OVERWRITE_BASE=yes includes USE_OPENSSL_BASE=yes installls in the paths of the base system --- security/hpn-ssh/Makefile | 7 ++- security/hpn-ssh/files/patch-auth2-chall.c | 61 ++++++++++++++++++++ security/hpn-ssh/pkg-plist | 1 + security/openssh-portable/Makefile | 7 ++- .../openssh-portable/files/patch-auth2-chall.c | 61 ++++++++++++++++++++ security/openssh-portable/pkg-plist | 1 + security/openssh/Makefile | 2 +- security/openssh/files/patch-auth2-chall.c | 66 +++++++++++++++++++++- 8 files changed, 200 insertions(+), 6 deletions(-) create mode 100644 security/hpn-ssh/files/patch-auth2-chall.c create mode 100644 security/openssh-portable/files/patch-auth2-chall.c diff --git a/security/hpn-ssh/Makefile b/security/hpn-ssh/Makefile index d4f6705dfbb8..9bb3895c0126 100644 --- a/security/hpn-ssh/Makefile +++ b/security/hpn-ssh/Makefile @@ -7,7 +7,7 @@ PORTNAME= openssh PORTVERSION= 3.3p1 -PORTREVISION= 3 +PORTREVISION= 5 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ @@ -51,6 +51,8 @@ CONFIGURE_ARGS+= --mandir=${MANPREFIX}/man --localstatedir=/var EMPTYDIR= /var/empty ETCSSH= /etc/ssh PLIST_SUB+= NOTBASE="@comment " +PLIST_SUB+= BASE="" +PKGMESSAGE= pkg-message.empty .else .if exists(/var/empty) EMPTYDIR= /var/empty @@ -59,6 +61,7 @@ EMPTYDIR= ${PREFIX}/empty .endif ETCSSH= ${PREFIX}/etc/ssh PLIST_SUB+= NOTBASE="" +PLIST_SUB+= BASE="@comment " .endif PLIST_SUB+= EMPTYDIR=${EMPTYDIR} CONFIGURE_ARGS+= --sysconfdir=${ETCSSH} @@ -119,7 +122,9 @@ post-install: .endif ${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist ${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist +.if !defined(OPENSSH_OVERWRITE_BASE) @${CAT} ${PKGMESSAGE} +.endif .include diff --git a/security/hpn-ssh/files/patch-auth2-chall.c b/security/hpn-ssh/files/patch-auth2-chall.c new file mode 100644 index 000000000000..a596ee778e81 --- /dev/null +++ b/security/hpn-ssh/files/patch-auth2-chall.c @@ -0,0 +1,61 @@ +--- auth2-chall.c 2002/06/19 00:27:55 1.18 ++++ auth2-chall.c 2002/06/26 13:55:37 1.19 +@@ -63,6 +63,7 @@ + char *devices; + void *ctxt; + KbdintDevice *device; ++ u_int nreq; + }; + + static KbdintAuthctxt * +@@ -90,6 +91,7 @@ + debug("kbdint_alloc: devices '%s'", kbdintctxt->devices); + kbdintctxt->ctxt = NULL; + kbdintctxt->device = NULL; ++ kbdintctxt->nreq = 0; + + return kbdintctxt; + } +@@ -209,26 +211,26 @@ + KbdintAuthctxt *kbdintctxt; + char *name, *instr, **prompts; + int i; +- u_int numprompts, *echo_on; ++ u_int *echo_on; + + kbdintctxt = authctxt->kbdintctxt; + if (kbdintctxt->device->query(kbdintctxt->ctxt, +- &name, &instr, &numprompts, &prompts, &echo_on)) ++ &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) + return 0; + + packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); + packet_put_cstring(name); + packet_put_cstring(instr); + packet_put_cstring(""); /* language not used */ +- packet_put_int(numprompts); +- for (i = 0; i < numprompts; i++) { ++ packet_put_int(kbdintctxt->nreq); ++ for (i = 0; i < kbdintctxt->nreq; i++) { + packet_put_cstring(prompts[i]); + packet_put_char(echo_on[i]); + } + packet_send(); + packet_write_wait(); + +- for (i = 0; i < numprompts; i++) ++ for (i = 0; i < kbdintctxt->nreq; i++) + xfree(prompts[i]); + xfree(prompts); + xfree(echo_on); +@@ -256,6 +258,10 @@ + + authctxt->postponed = 0; /* reset */ + nresp = packet_get_int(); ++ if (nresp != kbdintctxt->nreq) ++ fatal("input_userauth_info_response: wrong number of replies"); ++ if (nresp > 100) ++ fatal("input_userauth_info_response: too many replies"); + if (nresp > 0) { + response = xmalloc(nresp * sizeof(char*)); + for (i = 0; i < nresp; i++) diff --git a/security/hpn-ssh/pkg-plist b/security/hpn-ssh/pkg-plist index b2df58c55ca3..a20e02c1426b 100644 --- a/security/hpn-ssh/pkg-plist +++ b/security/hpn-ssh/pkg-plist @@ -33,5 +33,6 @@ libexec/ssh-keysign %%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -t dsa -N "" -f %D/etc/ssh/ssh_host_dsa_key; fi %%NOTBASE%%@exec mkdir -p %D/empty %%NOTBASE%%@dirrm empty +%%BASE%%@exec mkdir -p %%EMPTYDIR%% @exec if ! pw groupshow sshd 2>/dev/null; then pw groupadd sshd -g 22; fi @exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u 22 -h - -d %%EMPTYDIR%% -s /nonexistent -c "sshd privilege separation"; fi diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index d4f6705dfbb8..9bb3895c0126 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -7,7 +7,7 @@ PORTNAME= openssh PORTVERSION= 3.3p1 -PORTREVISION= 3 +PORTREVISION= 5 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ @@ -51,6 +51,8 @@ CONFIGURE_ARGS+= --mandir=${MANPREFIX}/man --localstatedir=/var EMPTYDIR= /var/empty ETCSSH= /etc/ssh PLIST_SUB+= NOTBASE="@comment " +PLIST_SUB+= BASE="" +PKGMESSAGE= pkg-message.empty .else .if exists(/var/empty) EMPTYDIR= /var/empty @@ -59,6 +61,7 @@ EMPTYDIR= ${PREFIX}/empty .endif ETCSSH= ${PREFIX}/etc/ssh PLIST_SUB+= NOTBASE="" +PLIST_SUB+= BASE="@comment " .endif PLIST_SUB+= EMPTYDIR=${EMPTYDIR} CONFIGURE_ARGS+= --sysconfdir=${ETCSSH} @@ -119,7 +122,9 @@ post-install: .endif ${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist ${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist +.if !defined(OPENSSH_OVERWRITE_BASE) @${CAT} ${PKGMESSAGE} +.endif .include diff --git a/security/openssh-portable/files/patch-auth2-chall.c b/security/openssh-portable/files/patch-auth2-chall.c new file mode 100644 index 000000000000..a596ee778e81 --- /dev/null +++ b/security/openssh-portable/files/patch-auth2-chall.c @@ -0,0 +1,61 @@ +--- auth2-chall.c 2002/06/19 00:27:55 1.18 ++++ auth2-chall.c 2002/06/26 13:55:37 1.19 +@@ -63,6 +63,7 @@ + char *devices; + void *ctxt; + KbdintDevice *device; ++ u_int nreq; + }; + + static KbdintAuthctxt * +@@ -90,6 +91,7 @@ + debug("kbdint_alloc: devices '%s'", kbdintctxt->devices); + kbdintctxt->ctxt = NULL; + kbdintctxt->device = NULL; ++ kbdintctxt->nreq = 0; + + return kbdintctxt; + } +@@ -209,26 +211,26 @@ + KbdintAuthctxt *kbdintctxt; + char *name, *instr, **prompts; + int i; +- u_int numprompts, *echo_on; ++ u_int *echo_on; + + kbdintctxt = authctxt->kbdintctxt; + if (kbdintctxt->device->query(kbdintctxt->ctxt, +- &name, &instr, &numprompts, &prompts, &echo_on)) ++ &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) + return 0; + + packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); + packet_put_cstring(name); + packet_put_cstring(instr); + packet_put_cstring(""); /* language not used */ +- packet_put_int(numprompts); +- for (i = 0; i < numprompts; i++) { ++ packet_put_int(kbdintctxt->nreq); ++ for (i = 0; i < kbdintctxt->nreq; i++) { + packet_put_cstring(prompts[i]); + packet_put_char(echo_on[i]); + } + packet_send(); + packet_write_wait(); + +- for (i = 0; i < numprompts; i++) ++ for (i = 0; i < kbdintctxt->nreq; i++) + xfree(prompts[i]); + xfree(prompts); + xfree(echo_on); +@@ -256,6 +258,10 @@ + + authctxt->postponed = 0; /* reset */ + nresp = packet_get_int(); ++ if (nresp != kbdintctxt->nreq) ++ fatal("input_userauth_info_response: wrong number of replies"); ++ if (nresp > 100) ++ fatal("input_userauth_info_response: too many replies"); + if (nresp > 0) { + response = xmalloc(nresp * sizeof(char*)); + for (i = 0; i < nresp; i++) diff --git a/security/openssh-portable/pkg-plist b/security/openssh-portable/pkg-plist index b2df58c55ca3..a20e02c1426b 100644 --- a/security/openssh-portable/pkg-plist +++ b/security/openssh-portable/pkg-plist @@ -33,5 +33,6 @@ libexec/ssh-keysign %%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -t dsa -N "" -f %D/etc/ssh/ssh_host_dsa_key; fi %%NOTBASE%%@exec mkdir -p %D/empty %%NOTBASE%%@dirrm empty +%%BASE%%@exec mkdir -p %%EMPTYDIR%% @exec if ! pw groupshow sshd 2>/dev/null; then pw groupadd sshd -g 22; fi @exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u 22 -h - -d %%EMPTYDIR%% -s /nonexistent -c "sshd privilege separation"; fi diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 484c77d5a24b..59b89f77f19f 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -7,7 +7,7 @@ PORTNAME= openssh PORTVERSION= 3.3 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \ ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \ diff --git a/security/openssh/files/patch-auth2-chall.c b/security/openssh/files/patch-auth2-chall.c index 488bdf9d036e..80470f799fd8 100644 --- a/security/openssh/files/patch-auth2-chall.c +++ b/security/openssh/files/patch-auth2-chall.c @@ -1,6 +1,6 @@ --- auth2-chall.c.orig Wed Jun 19 02:27:55 2002 -+++ auth2-chall.c Mon Jun 24 06:54:04 2002 -@@ -40,19 +40,19 @@ ++++ auth2-chall.c Wed Jun 26 16:59:05 2002 +@@ -40,20 +40,20 @@ #ifdef BSD_AUTH extern KbdintDevice bsdauth_device; @@ -22,7 +22,67 @@ + &pam_device, +#elif defined(SKEY) &skey_device, --#endif #endif +-#endif NULL }; + +@@ -63,6 +63,7 @@ + char *devices; + void *ctxt; + KbdintDevice *device; ++ u_int nreq; + }; + + static KbdintAuthctxt * +@@ -90,6 +91,7 @@ + debug("kbdint_alloc: devices '%s'", kbdintctxt->devices); + kbdintctxt->ctxt = NULL; + kbdintctxt->device = NULL; ++ kbdintctxt->nreq = 0; + + return kbdintctxt; + } +@@ -209,26 +211,26 @@ + KbdintAuthctxt *kbdintctxt; + char *name, *instr, **prompts; + int i; +- u_int numprompts, *echo_on; ++ u_int *echo_on; + + kbdintctxt = authctxt->kbdintctxt; + if (kbdintctxt->device->query(kbdintctxt->ctxt, +- &name, &instr, &numprompts, &prompts, &echo_on)) ++ &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on)) + return 0; + + packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); + packet_put_cstring(name); + packet_put_cstring(instr); + packet_put_cstring(""); /* language not used */ +- packet_put_int(numprompts); +- for (i = 0; i < numprompts; i++) { ++ packet_put_int(kbdintctxt->nreq); ++ for (i = 0; i < kbdintctxt->nreq; i++) { + packet_put_cstring(prompts[i]); + packet_put_char(echo_on[i]); + } + packet_send(); + packet_write_wait(); + +- for (i = 0; i < numprompts; i++) ++ for (i = 0; i < kbdintctxt->nreq; i++) + xfree(prompts[i]); + xfree(prompts); + xfree(echo_on); +@@ -256,6 +258,10 @@ + + authctxt->postponed = 0; /* reset */ + nresp = packet_get_int(); ++ if (nresp != kbdintctxt->nreq) ++ fatal("input_userauth_info_response: wrong number of replies"); ++ if (nresp > 100) ++ fatal("input_userauth_info_response: too many replies"); + if (nresp > 0) { + response = xmalloc(nresp * sizeof(char*)); + for (i = 0; i < nresp; i++) -- cgit v1.2.3