head 1.8; access; symbols pkgsrc-2013Q2:1.8.0.14 pkgsrc-2013Q2-base:1.8 pkgsrc-2012Q4:1.8.0.12 pkgsrc-2012Q4-base:1.8 pkgsrc-2011Q4:1.8.0.10 pkgsrc-2011Q4-base:1.8 pkgsrc-2011Q2:1.8.0.8 pkgsrc-2011Q2-base:1.8 pkgsrc-2009Q4:1.8.0.6 pkgsrc-2009Q4-base:1.8 pkgsrc-2008Q4:1.8.0.4 pkgsrc-2008Q4-base:1.8 pkgsrc-2008Q3:1.8.0.2 pkgsrc-2008Q3-base:1.8 cube-native-xorg:1.7.0.2 cube-native-xorg-base:1.7 pkgsrc-2008Q2:1.6.0.12 pkgsrc-2008Q2-base:1.6 pkgsrc-2008Q1:1.6.0.10 pkgsrc-2008Q1-base:1.6 pkgsrc-2007Q4:1.6.0.8 pkgsrc-2007Q4-base:1.6 pkgsrc-2007Q3:1.6.0.6 pkgsrc-2007Q3-base:1.6 pkgsrc-2007Q2:1.6.0.4 pkgsrc-2007Q2-base:1.6 pkgsrc-2007Q1:1.6.0.2 pkgsrc-2007Q1-base:1.6 pkgsrc-2006Q4:1.4.0.2 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.3.0.6 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.4 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.2 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.2.0.4 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.2 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.1.0.4 pkgsrc-2005Q2-base:1.1 pkgsrc-2005Q1:1.1.0.2 pkgsrc-2005Q1-base:1.1; locks; strict; comment @# @; 1.8 date 2008.09.16.12.53.08; author taca; state dead; branches; next 1.7; 1.7 date 2008.07.24.16.25.47; author tnn; state Exp; branches; next 1.6; 1.6 date 2007.03.18.12.38.45; author taca; state dead; branches 1.6.12.1; next 1.5; 1.5 date 2007.01.27.22.57.35; author schwarz; state Exp; branches; next 1.4; 1.4 date 2006.10.31.03.31.20; author taca; state dead; branches; next 1.3; 1.3 date 2006.02.12.00.13.55; author salo; state Exp; branches 1.3.6.1; next 1.2; 1.2 date 2005.09.21.18.07.09; author reed; state Exp; branches 1.2.4.1; next 1.1; 1.1 date 2005.03.07.23.29.50; author tv; state Exp; branches; next ; 1.6.12.1 date 2008.07.25.09.21.40; author rtr; state Exp; branches; next ; 1.3.6.1 date 2006.11.10.11.50.26; author salo; state dead; branches; next ; 1.2.4.1 date 2006.02.12.01.53.44; author seb; state Exp; branches; next ; desc @@ 1.8 log @Update openssh package to 5.1.1 (5.1p1) Changes from OpenSSH 5.0 is huge to write here, please refer its release note: http://www.openssh.com/txt/release-5.1. I quote only Security section from the release note. Security: * sshd(8): Avoid X11 man-in-the-middle attack on HP/UX (and possibly other platforms) when X11UseLocalhost=no When attempting to bind(2) to a port that has previously been bound with SO_REUSEADDR set, most operating systems check that either the effective user-id matches the previous bind (common on BSD-derived systems) or that the bind addresses do not overlap (Linux and Solaris). Some operating systems, such as HP/UX, do not perform these checks and are vulnerable to an X11 man-in-the-middle attack when the sshd_config(5) option X11UseLocalhost has been set to "no" - an attacker may establish a more-specific bind, which will be used in preference to sshd's wildcard listener. Modern BSD operating systems, Linux, OS X and Solaris implement the above checks and are not vulnerable to this attack, nor are systems where the X11UseLocalhost has been left at the default value of "yes". Portable OpenSSH 5.1 avoids this problem for all operating systems by not setting SO_REUSEADDR when X11UseLocalhost is set to no. This vulnerability was reported by sway2004009 AT hotmail.com. @ text @$NetBSD: patch-at,v 1.7 2008/07/24 16:25:47 tnn Exp $ Index: channels.c =================================================================== RCS file: /cvs/openssh/channels.c,v retrieving revision 1.262 retrieving revision 1.263 diff -u -p -u -r1.262 -r1.263 --- channels.c 10 Jun 2008 13:01:51 -0000 1.262 +++ channels.c 11 Jun 2008 20:05:12 -0000 1.263 @@@@ -3018,7 +3018,8 @@@@ x11_create_display_inet(int x11_display_ error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno)); } #endif - channel_set_reuseaddr(sock); + if (x11_use_localhost) + channel_set_reuseaddr(sock); if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { debug2("bind port %d: %.100s", port, strerror(errno)); close(sock); @@@@ -3030,17 +3031,8 @@@@ x11_create_display_inet(int x11_display_ break; } socks[num_socks++] = sock; -#ifndef DONT_TRY_OTHER_AF if (num_socks == NUM_SOCKS) break; -#else - if (x11_use_localhost) { - if (num_socks == NUM_SOCKS) - break; - } else { - break; - } -#endif } freeaddrinfo(aitop); if (num_socks > 0) @ 1.7 log @Add patch from OpenSSH 5.1 that fixes an X11 fwd security issue on HP-UX. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.6 log @Update openssh pacakge to 4.6.1. Changes since OpenSSH 4.5: ============================ * sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config. * The following bugs have been fixed in this release: - Clear SIGALRM when restarting due to SIGHUP. Prevents stray signal from taking down sshd if a connection was pending at the time SIGHUP was received - sftp returned a zero exit status when upload failed due to write errors (bugzilla #1252) - fixed an inconsistent check for a terminal when displaying scp progress meter (bugzilla #1265) - Parsing of time values in Match blocks was incorrectly applied to the global configuration (bugzilla #1275) - Allow multiple forwarding options to work when specified in a PermitOpen directive (bugzilla #1267) - Interoperate with ssh.com versions that do not support binding remote port forwarding sessions to a hostname (bugzilla #1019) * Portable OpenSSH bugs fixed: - "hang on exit" when background processes are running at the time of exit on a ttyful/login session (bugzilla #52) - Fix typos in the ssh-rand-helper(8) man page (bugzilla #1259) - Check that some SIG records have been returned in getrrsetbyname (bugzilla #1281) - Fix contrib/findssl for platforms that lack "which" (bugzilla #1237) - Work around bug in OpenSSL 0.9.8e that broke aes256-ctr, aes192-ctr, arcfour256 (bugzilla #1291) @ text @d1 1 a1 1 $NetBSD: patch-at,v 1.5 2007/01/27 22:57:35 schwarz Exp $ d3 11 a13 4 --- packet.c.orig 2007-01-27 20:39:52.000000000 +0100 +++ packet.c 2007-01-27 20:39:38.000000000 +0100 @@@@ -47,7 +47,6 @@@@ # include d15 24 a38 5 -#include #include #include #include @ 1.6.12.1 log @pullup ticket #2459 requested by tnn openssh: patch for X11 forwarding issue on HP-UX revisions pulled up: pkgsrc/security/openssh/Makefile 1.189 pkgsrc/security/openssh/distinfo 1.70 pkgsrc/security/openssh/patches/patch-at 1.7 Module Name: pkgsrc Committed By: tnn Date: Thu Jul 24 16:25:47 UTC 2008 Modified Files: pkgsrc/security/openssh: Makefile distinfo Added Files: pkgsrc/security/openssh/patches: patch-at Log Message: Add patch from OpenSSH 5.1 that fixes an X11 fwd security issue on HP-UX. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-at,v 1.7 2008/07/24 16:25:47 tnn Exp $ d3 4 a6 11 Index: channels.c =================================================================== RCS file: /cvs/openssh/channels.c,v retrieving revision 1.262 retrieving revision 1.263 diff -u -p -u -r1.262 -r1.263 --- channels.c 10 Jun 2008 13:01:51 -0000 1.262 +++ channels.c 11 Jun 2008 20:05:12 -0000 1.263 @@@@ -3018,7 +3018,8 @@@@ x11_create_display_inet(int x11_display_ error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno)); } d8 5 a12 24 - channel_set_reuseaddr(sock); + if (x11_use_localhost) + channel_set_reuseaddr(sock); if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { debug2("bind port %d: %.100s", port, strerror(errno)); close(sock); @@@@ -3030,17 +3031,8 @@@@ x11_create_display_inet(int x11_display_ break; } socks[num_socks++] = sock; -#ifndef DONT_TRY_OTHER_AF if (num_socks == NUM_SOCKS) break; -#else - if (x11_use_localhost) { - if (num_socks == NUM_SOCKS) - break; - } else { - break; - } -#endif } freeaddrinfo(aitop); if (num_socks > 0) @ 1.5 log @ * added a patch to ensure compatibility with IRIX 5 (Changes says it is al- ready included with that release of OpenSSH, but in fact it is not) * removed hacks.mk which is no longer necessary with that version of OpenSSH @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @Update openssh package to 4.4.1 (openssh-4.4p1). - A few pkglint warning clean up. - Major changes are here. For complete changes, see http://www.openssh.com/txt/release-4.4. Changes since OpenSSH 4.3: ============================ Security bugs resolved in this release: * Fix a pre-authentication denial of service found by Tavis Ormandy, that would cause sshd(8) to spin until the login grace time expired. * Fix an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. * On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. This release includes the following new functionality and fixes: * Implemented conditional configuration in sshd_config(5) using the "Match" directive. This allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met. So far a useful subset of post- authentication options are supported and more are expected to be added in future releases. * Add support for Diffie-Hellman group exchange key agreement with a final hash of SHA256. * Added a "ForceCommand" directive to sshd_config(5). Similar to the command="..." option accepted in ~/.ssh/authorized_keys, this forces the execution of the specified command regardless of what the user requested. This is very useful in conjunction with the new "Match" option. * Add a "PermitOpen" directive to sshd_config(5). This mirrors the permitopen="..." authorized_keys option, allowing fine-grained control over the port-forwardings that a user is allowed to establish. * Add optional logging of transactions to sftp-server(8). * ssh(1) will now record port numbers for hosts stored in ~/.ssh/authorized_keys when a non-standard port has been requested. * Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established. * Extend sshd_config(5) "SubSystem" declarations to allow the specification of command-line arguments. * Replacement of all integer overflow susceptible invocations of malloc(3) and realloc(3) with overflow-checking equivalents. * Many manpage fixes and improvements * New portable OpenSSH-specific features: - Add optional support for SELinux, controlled using the --with-selinux configure option (experimental) - Add optional support for Solaris process contracts, enabled using the --with-solaris-contracts configure option (experimental) This option will also include SMF metadata in Solaris packages built using the "make package" target - Add optional support for OpenSSL hardware accelerators (engines), enabled using the --with-ssl-engine configure option. @ text @d1 1 a1 1 $NetBSD: patch-at,v 1.3 2006/02/12 00:13:55 salo Exp $ d3 5 a7 3 --- servconf.c.orig 2005-12-13 02:33:20.000000000 -0600 +++ servconf.c 2006-02-08 21:07:59.000000000 -0600 @@@@ -235,7 +235,11 @@@@ d9 4 a12 10 /* Turn privilege separation on by default */ if (use_privsep == -1) +#ifdef HAVE_INTERIX + use_privsep = 0; +#else use_privsep = 1; +#endif #ifndef HAVE_MMAP if (use_privsep && options->compression == 1) { @ 1.3 log @Update to version 3.4p1 From Jason White via PR pkg/32780 Changes: Security bugs resolved in this release: * CVE-2006-0225: scp (as does rcp, on which it is based) invoked a subshell to perform local to local, and remote to remote copy operations. This subshell exposed filenames to shell expansion twice; allowing a local attacker to create filenames containing shell metacharacters that, if matched by a wildcard, could lead to execution of attacker-specified commands with the privilege of the user running scp (Bugzilla #1094) This is primarily a bug-fix release, only one new feature has been added: * Add support for tunneling arbitrary network packets over a connection between an OpenSSH client and server via tun(4) virtual network interfaces. This allows the use of OpenSSH (4.3+) to create a true VPN between the client and server providing real network connectivity at layer 2 or 3. This feature is experimental and is currently supported on OpenBSD, Linux, NetBSD (IPv4 only) and FreeBSD. Other operating systems with tun/tap interface capability may be added in future portable OpenSSH releases. Please refer to the README.tun file in the source distribution for further details and usage examples. Some of the other bugs resolved and internal improvements are: * Reduce default key length for new DSA keys generated by ssh-keygen back to 1024 bits. DSA is not specified for longer lengths and does not fully benefit from simply making keys longer. As per FIPS 186-2 Change Notice 1, ssh-keygen will refuse to generate a new DSA key smaller or larger than 1024 bits * Fixed X forwarding failing to start when a the X11 client is executed in background at the time of session exit (Bugzilla #1086) * Change ssh-keygen to generate a protocol 2 RSA key when invoked without arguments (Bugzilla #1064) * Fix timing variance for valid vs. invalid accounts when attempting Kerberos authentication (Bugzilla #975) * Ensure that ssh always returns code 255 on internal error (Bugzilla #1137) * Cleanup wtmp files on SIGTERM when not using privsep (Bugzilla #1029) * Set SO_REUSEADDR on X11 listeners to avoid problems caused by lingering sockets from previous session (X11 applications can sometimes not connect to 127.0.0.1:60xx) (Bugzilla #1076) * Ensure that fds 0, 1 and 2 are always attached in all programs, by duping /dev/null to them if necessary. * Xauth list invocation had bogus "." argument (Bugzilla #1082) * Remove internal assumptions on key exchange hash algorithm and output length, preparing OpenSSH for KEX methods with alternate hashes. * Ignore junk sent by a server before it sends the "SSH-" banner (Bugzilla #1067) * The manpages has been significantly improves and rearranged, in addition to other specific manpage fixes: #1037 - Man page entries for -L and -R should mention -g. #1077 - Descriptions for "ssh -D" and DynamicForward should mention they can specify "bind_address" optionally. #1088 - Incorrect descriptions in ssh_config man page for ControlMaster=no. #1121 - Several corrections for ssh_agent manpages * Lots of cleanups, including fixes to memory leaks on error paths (Bugzilla #1109, #1110, #1111 and more) and possible crashes (#1092) * Portable OpenSSH-specific fixes: - Pass random seed during re-exec for each connection: speeds up processing of new connections on platforms using the OpenSSH's builtin entropy collector (ssh-rand-helper) - PAM fixes and improvements: #1045 - Missing option for ignoring the /etc/nologin file #1087 - Show PAM password expiry message from LDAP on login #1028 - Forward final non-query conversations to client #1126 - Prevent user from being forced to change an expired password repeatedly on AIX in some PAM configurations. #1045 - Do not check /etc/nologin when PAM is enabled, instead allow PAM to handle it. Note that on platforms using PAM, the pam_nologin module should be used in sshd's session stack in order to maintain past behaviour - Portability-related fixes: #989 - Fix multiplexing regress test on Solaris #1097 - Cross-compile fixes. #1096 - ssh-keygen broken on HPUX. #1098 - $MAIL being set incorrectly for HPUX server login. #1104 - Compile error on Tru64 Unix 4.0f #1106 - Updated .spec file and startup for SuSE. #1122 - Use _GNU_SOURCE define in favor of __USE_GNU, fixing compilation problems on glibc 2.4 @ text @d1 1 a1 1 $NetBSD: patch-at,v 1.2 2005/09/21 18:07:09 reed Exp $ @ 1.3.6.1 log @Pullup ticket 1909 - requested by taca security update for openssh Revisions pulled up: - pkgsrc/security/openssh/Makefile 1.172, 1.173, 1.174 - pkgsrc/security/openssh/distinfo 1.55, 1.56, 1.57 - pkgsrc/security/openssh/hacks.mk 1.2 - pkgsrc/security/openssh/options.mk 1.9, 1.10 - pkgsrc/security/openssh/patches/patch-aa 1.42, 1.43 - pkgsrc/security/openssh/patches/patch-ab 1.24, 1.25 - pkgsrc/security/openssh/patches/patch-ac 1.16 - pkgsrc/security/openssh/patches/patch-ad 1.12 - pkgsrc/security/openssh/patches/patch-ae 1.12 - pkgsrc/security/openssh/patches/patch-af 1.10 - pkgsrc/security/openssh/patches/patch-ag 1.9 - pkgsrc/security/openssh/patches/patch-ah 1.24 - pkgsrc/security/openssh/patches/patch-ai 1.10 - pkgsrc/security/openssh/patches/patch-aj 1.7 - pkgsrc/security/openssh/patches/patch-ak 1.8 - pkgsrc/security/openssh/patches/patch-al 1.7 - pkgsrc/security/openssh/patches/patch-am 1.7 - pkgsrc/security/openssh/patches/patch-an 1.8 - pkgsrc/security/openssh/patches/patch-ao 1.9 - pkgsrc/security/openssh/patches/patch-ap 1.8 - pkgsrc/security/openssh/patches/patch-aq 1.6 - pkgsrc/security/openssh/patches/patch-ar 1.7 - pkgsrc/security/openssh/patches/patch-as 1.5 - pkgsrc/security/openssh/patches/patch-at removed - pkgsrc/security/openssh/patches/patch-au 1.3 - pkgsrc/security/openssh/patches/patch-av 1.5 - pkgsrc/security/openssh/patches/patch-aw 1.2 - pkgsrc/security/openssh/patches/patch-ax removed - pkgsrc/security/openssh/patches/patch-ay removed - pkgsrc/security/openssh/patches/patch-az removed Module Name: pkgsrc Committed By: taca Date: Tue Oct 31 03:31:20 UTC 2006 Modified Files: pkgsrc/security/openssh: Makefile distinfo hacks.mk options.mk pkgsrc/security/openssh/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak patch-al patch-am patch-an patch-ao patch-ap patch-aq patch-ar patch-as patch-au patch-av patch-aw Removed Files: pkgsrc/security/openssh/patches: patch-at patch-ax patch-ay patch-az Log Message: Update openssh package to 4.4.1 (openssh-4.4p1). - A few pkglint warning clean up. - Major changes are here. For complete changes, see http://www.openssh.com/txt/release-4.4. Changes since OpenSSH 4.3: ============================ Security bugs resolved in this release: * Fix a pre-authentication denial of service found by Tavis Ormandy, that would cause sshd(8) to spin until the login grace time expired. * Fix an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote. * On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. This release includes the following new functionality and fixes: * Implemented conditional configuration in sshd_config(5) using the "Match" directive. This allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met. So far a useful subset of post- authentication options are supported and more are expected to be added in future releases. * Add support for Diffie-Hellman group exchange key agreement with a final hash of SHA256. * Added a "ForceCommand" directive to sshd_config(5). Similar to the command="..." option accepted in ~/.ssh/authorized_keys, this forces the execution of the specified command regardless of what the user requested. This is very useful in conjunction with the new "Match" option. * Add a "PermitOpen" directive to sshd_config(5). This mirrors the permitopen="..." authorized_keys option, allowing fine-grained control over the port-forwardings that a user is allowed to establish. * Add optional logging of transactions to sftp-server(8). * ssh(1) will now record port numbers for hosts stored in ~/.ssh/authorized_keys when a non-standard port has been requested. * Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established. * Extend sshd_config(5) "SubSystem" declarations to allow the specification of command-line arguments. * Replacement of all integer overflow susceptible invocations of malloc(3) and realloc(3) with overflow-checking equivalents. * Many manpage fixes and improvements * New portable OpenSSH-specific features: - Add optional support for SELinux, controlled using the --with-selinux configure option (experimental) - Add optional support for Solaris process contracts, enabled using the --with-solaris-contracts configure option (experimental) This option will also include SMF metadata in Solaris packages built using the "make package" target - Add optional support for OpenSSL hardware accelerators (engines), enabled using the --with-ssl-engine configure option. --- Module Name: pkgsrc Committed By: taca Date: Tue Nov 7 07:08:26 UTC 2006 Modified Files: pkgsrc/security/openssh: Makefile distinfo options.mk Log Message: Update hpn-patch to hpn12v13 since old one has gone. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Wed Nov 8 01:49:22 UTC 2006 Modified Files: pkgsrc/security/openssh: Makefile distinfo pkgsrc/security/openssh/patches: patch-aa patch-ab Log Message: Update openssh package to 4.5.1 (openssh-4.5p1). Changes: Security bugs resolved in this release: * Fix a bug in the sshd privilege separation monitor that weakened its verification of successful authentication. This bug is not known to be exploitable in the absence of additional vulnerabilities. This release includes the following non-security fixes: * Several compilation fixes for portable OpenSSH * Fixes to Solaris SMF/process contract support (bugzilla #1255) @ text @d1 1 a1 1 $NetBSD: patch-at,v 1.3 2006/02/12 00:13:55 salo Exp $ @ 1.2 log @Update openssh to 4.2p1. This is from PR #31331. Thank you, Jason. Some changes different from patches provided in that PR are: - patch-aj, patch-aq, and patch-as not changed (they appeared to be identical to previous patches) - DragonFly support also added to configure script (patch-aa) because compilation failed due to missing crypt - and install-sysconf target removed from the installation target in Makefile.in (patch-ah). Just let the pkgsrc framework install this since it now will allow it to be removed correctly on deinstall. - use "pam" instead of "PAM" as option name in the post-install target. This removes patch-ai. This also now uses openssh-4.2p1-hpn11.diff patch. I didn't test with kerberos and hpn-patch options. I did test with PAM on Linux. (The PR reported that kerberos and hpn-patch options were tested for compiling.) I tested on NetBSD 2.0.2, Linux, and DragonFly. This includes two security fixes and several bug fixes and many improvemens. The changes are listed at http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html http://www.mindrot.org/pipermail/openssh-unix-announce/2005-May/000079.html TODO: get some of these patches committed upstream. @ text @d1 1 a1 1 $NetBSD: patch-at,v 1.1 2005/03/07 23:29:50 tv Exp $ d3 3 a5 3 --- servconf.c.orig 2005-08-12 07:11:37.000000000 -0500 +++ servconf.c @@@@ -232,7 +232,11 @@@@ @ 1.2.4.1 log @Pullup ticket 1118 - requested by Lubomir Sedlacik update security/openssh including security fix Revisions pulled up: - pkgsrc/security/openssh/Makefile 1.164 - pkgsrc/security/openssh/distinfo 1.51 - pkgsrc/security/openssh/options.mk 1.8 - pkgsrc/security/openssh/patches/patch-aa 1.41 - pkgsrc/security/openssh/patches/patch-ab 1.23 - pkgsrc/security/openssh/patches/patch-ac 1.15 - pkgsrc/security/openssh/patches/patch-ae 1.11 - pkgsrc/security/openssh/patches/patch-ag 1.8 - pkgsrc/security/openssh/patches/patch-ao 1.8 - pkgsrc/security/openssh/patches/patch-am 1.6 - pkgsrc/security/openssh/patches/patch-an 1.7 - pkgsrc/security/openssh/patches/patch-ap 1.7 - pkgsrc/security/openssh/patches/patch-at 1.3 - pkgsrc/security/openssh/patches/patch-av 1.4 Module Name: pkgsrc Committed By: salo Date: Sun Feb 12 00:13:55 UTC 2006 Modified Files: pkgsrc/security/openssh: Makefile distinfo options.mk pkgsrc/security/openssh/patches: patch-aa patch-ab patch-ac patch-ae patch-ag patch-am patch-an patch-ao patch-ap patch-at patch-av Log Message: Update to version 3.4p1 From Jason White via PR pkg/32780 Changes: Security bugs resolved in this release: * CVE-2006-0225: scp (as does rcp, on which it is based) invoked a subshell to perform local to local, and remote to remote copy operations. This subshell exposed filenames to shell expansion twice; allowing a local attacker to create filenames containing shell metacharacters that, if matched by a wildcard, could lead to execution of attacker-specified commands with the privilege of the user running scp (Bugzilla #1094) This is primarily a bug-fix release, only one new feature has been added: * Add support for tunneling arbitrary network packets over a connection between an OpenSSH client and server via tun(4) virtual network interfaces. This allows the use of OpenSSH (4.3+) to create a true VPN between the client and server providing real network connectivity at layer 2 or 3. This feature is experimental and is currently supported on OpenBSD, Linux, NetBSD (IPv4 only) and FreeBSD. Other operating systems with tun/tap interface capability may be added in future portable OpenSSH releases. Please refer to the README.tun file in the source distribution for further details and usage examples. Some of the other bugs resolved and internal improvements are: * Reduce default key length for new DSA keys generated by ssh-keygen back to 1024 bits. DSA is not specified for longer lengths and does not fully benefit from simply making keys longer. As per FIPS 186-2 Change Notice 1, ssh-keygen will refuse to generate a new DSA key smaller or larger than 1024 bits * Fixed X forwarding failing to start when a the X11 client is executed in background at the time of session exit (Bugzilla #1086) * Change ssh-keygen to generate a protocol 2 RSA key when invoked without arguments (Bugzilla #1064) * Fix timing variance for valid vs. invalid accounts when attempting Kerberos authentication (Bugzilla #975) * Ensure that ssh always returns code 255 on internal error (Bugzilla #1137) * Cleanup wtmp files on SIGTERM when not using privsep (Bugzilla #1029) * Set SO_REUSEADDR on X11 listeners to avoid problems caused by lingering sockets from previous session (X11 applications can sometimes not connect to 127.0.0.1:60xx) (Bugzilla #1076) * Ensure that fds 0, 1 and 2 are always attached in all programs, by duping /dev/null to them if necessary. * Xauth list invocation had bogus "." argument (Bugzilla #1082) * Remove internal assumptions on key exchange hash algorithm and output length, preparing OpenSSH for KEX methods with alternate hashes. * Ignore junk sent by a server before it sends the "SSH-" banner (Bugzilla #1067) * The manpages has been significantly improves and rearranged, in addition to other specific manpage fixes: #1037 - Man page entries for -L and -R should mention -g. #1077 - Descriptions for "ssh -D" and DynamicForward should mention they can specify "bind_address" optionally. #1088 - Incorrect descriptions in ssh_config man page for ControlMaster=no. #1121 - Several corrections for ssh_agent manpages * Lots of cleanups, including fixes to memory leaks on error paths (Bugzilla #1109, #1110, #1111 and more) and possible crashes (#1092) * Portable OpenSSH-specific fixes: - Pass random seed during re-exec for each connection: speeds up processing of new connections on platforms using the OpenSSH's builtin entropy collector (ssh-rand-helper) - PAM fixes and improvements: #1045 - Missing option for ignoring the /etc/nologin file #1087 - Show PAM password expiry message from LDAP on login #1028 - Forward final non-query conversations to client #1126 - Prevent user from being forced to change an expired password repeatedly on AIX in some PAM configurations. #1045 - Do not check /etc/nologin when PAM is enabled, instead allow PAM to handle it. Note that on platforms using PAM, the pam_nologin module should be used in sshd's session stack in order to maintain past behaviour - Portability-related fixes: #989 - Fix multiplexing regress test on Solaris #1097 - Cross-compile fixes. #1096 - ssh-keygen broken on HPUX. #1098 - $MAIL being set incorrectly for HPUX server login. #1104 - Compile error on Tru64 Unix 4.0f #1106 - Updated .spec file and startup for SuSE. #1122 - Use _GNU_SOURCE define in favor of __USE_GNU, fixing compilation problems on glibc 2.4 @ text @d1 1 a1 1 $NetBSD: patch-at,v 1.2 2005/09/21 18:07:09 reed Exp $ d3 3 a5 3 --- servconf.c.orig 2005-12-13 02:33:20.000000000 -0600 +++ servconf.c 2006-02-08 21:07:59.000000000 -0600 @@@@ -235,7 +235,11 @@@@ @ 1.1 log @nb5: Rework Interix support, based on work done by Interop Systems *before* a BSD-with-advertising license was added to their diffs, and other work done personally by me. sshd now works. Most permissions checks work properly. Privsep is off by default, and the sshd user is not created, on Interix until some problems with privsep are fixed (perhaps by abstracting the auth functionality out to openpam). @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- servconf.c.orig 2004-08-13 07:30:24.000000000 -0400 d5 1 a5 1 @@@@ -233,7 +233,11 @@@@ fill_default_server_options(ServerOption @