diff options
| author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2006-03-01 14:24:52 +0000 |
|---|---|---|
| committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2006-03-01 14:24:52 +0000 |
| commit | 7393d7b5b582657ca0fa327cc30b21ea26b3586a (patch) | |
| tree | 6d7beb52aa34c087678b899aa7e0bca105bb47b0 | |
| parent | 1cdc31cf597dc3b03b8b8434623459b3b5d636e3 (diff) | |
| download | src-test2-7393d7b5b582657ca0fa327cc30b21ea26b3586a.tar.gz src-test2-7393d7b5b582657ca0fa327cc30b21ea26b3586a.zip | |
Notes
| -rw-r--r-- | UPDATING | 7 | ||||
| -rw-r--r-- | crypto/openssh/auth-pam.c | 11 | ||||
| -rw-r--r-- | crypto/openssh/ssh_config | 2 | ||||
| -rw-r--r-- | crypto/openssh/ssh_config.5 | 2 | ||||
| -rw-r--r-- | crypto/openssh/sshd_config | 2 | ||||
| -rw-r--r-- | crypto/openssh/sshd_config.5 | 2 | ||||
| -rw-r--r-- | crypto/openssh/version.h | 2 | ||||
| -rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
| -rw-r--r-- | sys/nfsserver/nfs_srvsock.c | 2 |
9 files changed, 23 insertions, 9 deletions
@@ -8,6 +8,13 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. Important recent entries: 20040724 (default X changes). +20060301: p27 FreeBSD-SA-06:09.openssh, FreeBSD-SA-06:10.nfs + Correct a remote DoS in OpenSSH when using PAM and privilege + separation. [06:09] + + Correct a remote kernel panic when processing zero-length RPC + records via TCP. [06:10] + 20060201: p26 FreeBSD-SA-06:08.sack Avoid an infinite loop in sack scoreboard processing which can result from memory exhaustion. diff --git a/crypto/openssh/auth-pam.c b/crypto/openssh/auth-pam.c index 9e30219fb8ab..9564f21b77b7 100644 --- a/crypto/openssh/auth-pam.c +++ b/crypto/openssh/auth-pam.c @@ -94,10 +94,17 @@ static mysig_t sshpam_oldsig; static void sshpam_sigchld_handler(int sig) { + signal(SIGCHLD, SIG_DFL); if (cleanup_ctxt == NULL) return; /* handler called after PAM cleanup, shouldn't happen */ - if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) == -1) - return; /* couldn't wait for process */ + if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG) + <= 0) { + /* PAM thread has not exitted, privsep slave must have */ + kill(cleanup_ctxt->pam_thread, SIGTERM); + if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) + <= 0) + return; /* could not wait */ + } if (WIFSIGNALED(sshpam_thread_status) && WTERMSIG(sshpam_thread_status) == SIGTERM) return; /* terminated by pthread_cancel */ diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index 31daf59790b5..2ca4469fec6d 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -36,4 +36,4 @@ # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ -# VersionAddendum FreeBSD-20040419 +# VersionAddendum FreeBSD-20060123 diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index ee8baea8d3ad..e74530b42422 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -719,7 +719,7 @@ Note that this option applies to protocol version 2 only. Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq FreeBSD-20040419 . +.Dq FreeBSD-20060123 . .It Cm XAuthLocation Specifies the full pathname of the .Xr xauth 1 diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 2f7c103b68d9..77816ba38051 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -14,7 +14,7 @@ # Note that some of FreeBSD's defaults differ from OpenBSD's, and # FreeBSD has a few additional options. -#VersionAddendum FreeBSD-20040419 +#VersionAddendum FreeBSD-20060123 #Port 22 #Protocol 2 diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 1e6210422e58..d13c72935228 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -660,7 +660,7 @@ The default is Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq FreeBSD-20040419 . +.Dq FreeBSD-20060123 . .It Cm X11DisplayOffset Specifies the first display number available for .Nm sshd Ns 's diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h index 7acdecb52230..cac15808b53d 100644 --- a/crypto/openssh/version.h +++ b/crypto/openssh/version.h @@ -5,7 +5,7 @@ #define SSH_VERSION (ssh_version_get()) #define SSH_VERSION_BASE "OpenSSH_3.8.1p1" -#define SSH_VERSION_ADDENDUM "FreeBSD-20040419" +#define SSH_VERSION_ADDENDUM "FreeBSD-20060123" const char *ssh_version_get(void); void ssh_version_set_addendum(const char *add); diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index f7912a5b4178..e39506712dce 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="5.3" -BRANCH="RELEASE-p26" +BRANCH="RELEASE-p27" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" diff --git a/sys/nfsserver/nfs_srvsock.c b/sys/nfsserver/nfs_srvsock.c index 83911eec6cb0..1bd7b739896c 100644 --- a/sys/nfsserver/nfs_srvsock.c +++ b/sys/nfsserver/nfs_srvsock.c @@ -595,7 +595,7 @@ nfsrv_getstream(struct nfssvc_sock *slp, int waitflag) slp->ns_flag |= SLP_LASTFRAG; else slp->ns_flag &= ~SLP_LASTFRAG; - if (slp->ns_reclen > NFS_MAXPACKET) { + if (slp->ns_reclen > NFS_MAXPACKET || slp->ns_reclen <= 0) { slp->ns_flag &= ~SLP_GETSTREAM; return (EPERM); } |