pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/openssh Update openssh package to 4.4.1 (open...
details: https://anonhg.NetBSD.org/pkgsrc/rev/3fdc479fcb42
branches: trunk
changeset: 520840:3fdc479fcb42
user: taca <taca%pkgsrc.org@localhost>
date: Tue Oct 31 03:31:19 2006 +0000
description:
Update openssh package to 4.4.1 (openssh-4.4p1).
- A few pkglint warning clean up.
- Major changes are here. For complete changes,
see http://www.openssh.com/txt/release-4.4.
Changes since OpenSSH 4.3:
============================
Security bugs resolved in this release:
* Fix a pre-authentication denial of service found by Tavis Ormandy,
that would cause sshd(8) to spin until the login grace time
expired.
* Fix an unsafe signal hander reported by Mark Dowd. The signal
handler was vulnerable to a race condition that could be exploited
to perform a pre-authentication denial of service. On portable
OpenSSH, this vulnerability could theoretically lead to
pre-authentication remote code execution if GSSAPI authentication
is enabled, but the likelihood of successful exploitation appears
remote.
* On portable OpenSSH, fix a GSSAPI authentication abort that could
be used to determine the validity of usernames on some platforms.
This release includes the following new functionality and fixes:
* Implemented conditional configuration in sshd_config(5) using the
"Match" directive. This allows some configuration options to be
selectively overridden if specific criteria (based on user, group,
hostname and/or address) are met. So far a useful subset of post-
authentication options are supported and more are expected to be
added in future releases.
* Add support for Diffie-Hellman group exchange key agreement with a
final hash of SHA256.
* Added a "ForceCommand" directive to sshd_config(5). Similar to the
command="..." option accepted in ~/.ssh/authorized_keys, this forces
the execution of the specified command regardless of what the user
requested. This is very useful in conjunction with the new "Match"
option.
* Add a "PermitOpen" directive to sshd_config(5). This mirrors the
permitopen="..." authorized_keys option, allowing fine-grained
control over the port-forwardings that a user is allowed to
establish.
* Add optional logging of transactions to sftp-server(8).
* ssh(1) will now record port numbers for hosts stored in
~/.ssh/authorized_keys when a non-standard port has been requested.
* Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with
a non-zero exit code) when requested port forwardings could not be
established.
* Extend sshd_config(5) "SubSystem" declarations to allow the
specification of command-line arguments.
* Replacement of all integer overflow susceptible invocations of
malloc(3) and realloc(3) with overflow-checking equivalents.
* Many manpage fixes and improvements
* New portable OpenSSH-specific features:
- Add optional support for SELinux, controlled using the
--with-selinux configure option (experimental)
- Add optional support for Solaris process contracts, enabled
using the --with-solaris-contracts configure option (experimental)
This option will also include SMF metadata in Solaris packages
built using the "make package" target
- Add optional support for OpenSSL hardware accelerators (engines),
enabled using the --with-ssl-engine configure option.
diffstat:
security/openssh/Makefile | 19 ++++-
security/openssh/distinfo | 62 ++++++++++-----------
security/openssh/hacks.mk | 4 +-
security/openssh/options.mk | 4 +-
security/openssh/patches/patch-aa | 32 +++++++----
security/openssh/patches/patch-ab | 24 +++++--
security/openssh/patches/patch-ac | 12 ++--
security/openssh/patches/patch-ad | 16 ++--
security/openssh/patches/patch-ae | 8 +-
security/openssh/patches/patch-af | 8 +-
security/openssh/patches/patch-ag | 16 ++++-
security/openssh/patches/patch-ah | 12 ++--
security/openssh/patches/patch-ai | 6 +-
security/openssh/patches/patch-aj | 10 +-
security/openssh/patches/patch-ak | 10 +-
security/openssh/patches/patch-al | 8 +-
security/openssh/patches/patch-am | 8 +-
security/openssh/patches/patch-an | 12 ++--
security/openssh/patches/patch-ao | 27 +++------
security/openssh/patches/patch-ap | 8 +-
security/openssh/patches/patch-aq | 8 +-
security/openssh/patches/patch-ar | 16 ++--
security/openssh/patches/patch-as | 10 +-
security/openssh/patches/patch-at | 16 -----
security/openssh/patches/patch-au | 6 +-
security/openssh/patches/patch-av | 38 ++++++++----
security/openssh/patches/patch-aw | 19 +++---
security/openssh/patches/patch-ax | 107 --------------------------------------
security/openssh/patches/patch-ay | 15 -----
security/openssh/patches/patch-az | 36 ------------
30 files changed, 218 insertions(+), 359 deletions(-)
diffs (truncated from 1159 to 300 lines):
diff -r ab136ef6d9ac -r 3fdc479fcb42 security/openssh/Makefile
--- a/security/openssh/Makefile Mon Oct 30 23:04:05 2006 +0000
+++ b/security/openssh/Makefile Tue Oct 31 03:31:19 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.171 2006/09/28 10:10:52 taca Exp $
+# $NetBSD: Makefile,v 1.172 2006/10/31 03:31:19 taca Exp $
-DISTNAME= openssh-4.3p2
-PKGNAME= openssh-4.3.2
+DISTNAME= openssh-4.4p1
+PKGNAME= openssh-4.4.1
#PKGREVISION= 1
SVR4_PKGNAME= ossh
CATEGORIES= security
@@ -31,6 +31,9 @@
# retain the following line, for IPv6-ready pkgsrc webpage
BUILD_DEFS+= USE_INET6
+BUILD_DEFS+= OPENSSH_CHROOT OPENSSH_GROUP OPENSSH_USER
+BUILD_DEFS+= VARBASE
+
INSTALL_TARGET= install-nokeys
PLIST_SRC= # empty
@@ -135,8 +138,8 @@
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
CONF_FILES= # empty
-.for FILE in ${CONFS}
-CONF_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE}
+.for f in ${CONFS}
+CONF_FILES+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f}
.endfor
OWN_DIRS= ${OPENSSH_CHROOT}
RCD_SCRIPTS= sshd
@@ -144,6 +147,12 @@
PLIST_SRC+= ${.CURDIR}/PLIST
FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR:Q}
+SUBST_CLASSES+= patch
+SUBST_STAGE.patch= pre-configure
+SUBST_FILES.patch= session.c
+SUBST_SED.patch= -e '/channel_input_port_forward_request/s/0/ROOTUID/'
+SUBST_MESSAGE.patch= More patch a file.
+
.include "../../devel/zlib/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
.include "../../security/tcp_wrappers/buildlink3.mk"
diff -r ab136ef6d9ac -r 3fdc479fcb42 security/openssh/distinfo
--- a/security/openssh/distinfo Mon Oct 30 23:04:05 2006 +0000
+++ b/security/openssh/distinfo Tue Oct 31 03:31:19 2006 +0000
@@ -1,34 +1,30 @@
-$NetBSD: distinfo,v 1.54 2006/09/28 10:10:52 taca Exp $
+$NetBSD: distinfo,v 1.55 2006/10/31 03:31:19 taca Exp $
-SHA1 (openssh-4.3p1-hpn11.diff) = 22f2c99d314abc400bd1731d9c35b0540cbf2eae
-RMD160 (openssh-4.3p1-hpn11.diff) = c3b807437fd9f40f2ab73c52586de194b84cce6e
-Size (openssh-4.3p1-hpn11.diff) = 11024 bytes
-SHA1 (openssh-4.3p2.tar.gz) = 2b5b0751fd578283ba7b106025c0ba391fd72f1f
-RMD160 (openssh-4.3p2.tar.gz) = ccd5967e3296347e6dd2be43c3d6caacde2b6833
-Size (openssh-4.3p2.tar.gz) = 941455 bytes
-SHA1 (patch-aa) = 213f5f5a3c7ae0bceafac1b169063fc71806dc7c
-SHA1 (patch-ab) = 6c71ad1a39a1d6f7e48fc244993a4189c2cd9ef7
-SHA1 (patch-ac) = 8c625fdaca4d73c27e4e68b5bb3aa54327eb61ff
-SHA1 (patch-ad) = 23f73b7ce008c6ccd431d3d80692e59fcf33aa14
-SHA1 (patch-ae) = 0ea1559a47f536fe7bf758f78a2cae672285875f
-SHA1 (patch-af) = abb711b840d58b499de961b72df7550b9298134a
-SHA1 (patch-ag) = b8b454c107e4e35473265489445e8918113d8ea8
-SHA1 (patch-ah) = 5435b5d55c3a728f05243bbaade94bf6c3b7a6ef
-SHA1 (patch-ai) = f4ac9340c106c30434cd017bc91a06c9bc83258c
-SHA1 (patch-aj) = 44f2b11949a4dea6a8760b8397db5360b64bf01f
-SHA1 (patch-ak) = 99f789676e606d4a51effc2abc02a50776f4e781
-SHA1 (patch-al) = 2843c7c6e8b3d93a03b2d66d71c894a9e302f987
-SHA1 (patch-am) = 19f8c2f251354995d5efc041023dca0290caf171
-SHA1 (patch-an) = 6242250d2393b2ac4041f117fe4539a29e1cadeb
-SHA1 (patch-ao) = 9721181847cc8cab0458d84a45e0384da9d34679
-SHA1 (patch-ap) = 05f53408ea224ddd6934ae64ec7698f604ecf8cd
-SHA1 (patch-aq) = 3786a41a974d6583f379350068a762a725b8334d
-SHA1 (patch-ar) = fe7d5b715ac51bece44d6f3ba9c3c6245d27d00d
-SHA1 (patch-as) = 6af976b7c018c1a9b0841617edbffdb8b977a2d6
-SHA1 (patch-at) = ffbcb38cf8578f05319b2af9cfcdb5ada2a57e78
-SHA1 (patch-au) = 052b0b6d8869ad09144e4fc9e1b3c5e03c669c44
-SHA1 (patch-av) = 5543fcf94eaad26e27043c1527921e23ecfefc77
-SHA1 (patch-aw) = 95d49965b0f24bf117e790785d3a8ef553865bda
-SHA1 (patch-ax) = 2c6923c767e7549d746d35358ecef2156012b227
-SHA1 (patch-ay) = e64d4266556ce05a5fd5e14ee4e988e7bf075576
-SHA1 (patch-az) = 341c42c82ddb6177bd8ac41813d6ad1e4b6e3839
+SHA1 (openssh-4.4p1-hpn.diff.gz) = 20aabe012378cbb6462b685baf118f2f286ccaa8
+RMD160 (openssh-4.4p1-hpn.diff.gz) = 6cf2dba89154fc3475f4321911d8f1a307551965
+Size (openssh-4.4p1-hpn.diff.gz) = 16258 bytes
+SHA1 (openssh-4.4p1.tar.gz) = 6a52b1dee1c2c9862923c0008d201d98a7fd9d6c
+RMD160 (openssh-4.4p1.tar.gz) = 13eb79a54e95037fff1902b659319df1c5f79bbc
+Size (openssh-4.4p1.tar.gz) = 1044334 bytes
+SHA1 (patch-aa) = f29644c520908ed5489890515c0f8cea1b871480
+SHA1 (patch-ab) = 81d7c002eb83147ef80513b16bd3041af0b07ddc
+SHA1 (patch-ac) = dfb054ef02fbb5d206f6adaf82944f16da20eaf9
+SHA1 (patch-ad) = 7921e029b56c0e4769a7ada03dff3eb2e275db7d
+SHA1 (patch-ae) = 9585221f9e49b4ebea31c374066d70e11aa804a1
+SHA1 (patch-af) = ca3224af0b648803404776a8c12ed678db4f8ff6
+SHA1 (patch-ag) = b6f92a5394a3442fcc0c2a2ee204c10df5a4aea5
+SHA1 (patch-ah) = bc0d7c2903ecf264e62b53f3864812af5f2f04ce
+SHA1 (patch-ai) = becad6262e5daeef2a6db14097a8971c40088403
+SHA1 (patch-aj) = 4f477f40d1d891dcda9083cec5521e80410ebd54
+SHA1 (patch-ak) = 3720afb4e95356d5310762cda881820d524dcffc
+SHA1 (patch-al) = d312a068047a375e52180026554bab745efdcdb7
+SHA1 (patch-am) = 4e2278b20e87e530e1819efde976d4414e160e38
+SHA1 (patch-an) = 283b17f27224dad853091d5145f2dab342132f8f
+SHA1 (patch-ao) = a70da4f5942553a42fa935b82172e601b29951df
+SHA1 (patch-ap) = 2c0c092637661328046b71292a7412d09e92bb2a
+SHA1 (patch-aq) = a619b57361b04d5ab3d41375c18f7b99d71c8b34
+SHA1 (patch-ar) = fce4dc1011a124f02b8e14980cda1d633b36aa7d
+SHA1 (patch-as) = 19660f5983931ea3b053e6f4289cf6fae2ce50f3
+SHA1 (patch-au) = 6cfdfc531e2267017a15e66ea48c7ecfa2a3926f
+SHA1 (patch-av) = 2e7b36f234f38c0f9e5b5d453574ff3844d466f8
+SHA1 (patch-aw) = 2a88b7563c6f52163c6c5f716e437ecaea613a30
diff -r ab136ef6d9ac -r 3fdc479fcb42 security/openssh/hacks.mk
--- a/security/openssh/hacks.mk Mon Oct 30 23:04:05 2006 +0000
+++ b/security/openssh/hacks.mk Tue Oct 31 03:31:19 2006 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: hacks.mk,v 1.1 2006/05/14 21:13:42 schwarz Exp $
+# $NetBSD: hacks.mk,v 1.2 2006/10/31 03:31:19 taca Exp $
.if !defined(OPENSSH_HACKS_MK)
OPENSSH_HACKS_MK= # defined
@@ -6,7 +6,7 @@
### [Sun May 14 15:09:28 CDT 2006 : schwarz]
### work around a definition conflict for _res present in openssh
### 4.3p1 and 4.3p2 (should be fixed with later releases)
-###
+###
.if !empty(LOWER_OPSYS:Mirix5*)
PKG_HACKS+= _res-conflict
CPPFLAGS+= -D_res=_compat_res
diff -r ab136ef6d9ac -r 3fdc479fcb42 security/openssh/options.mk
--- a/security/openssh/options.mk Mon Oct 30 23:04:05 2006 +0000
+++ b/security/openssh/options.mk Tue Oct 31 03:31:19 2006 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.8 2006/02/12 00:13:55 salo Exp $
+# $NetBSD: options.mk,v 1.9 2006/10/31 03:31:19 taca Exp $
.include "../../mk/bsd.prefs.mk"
@@ -17,7 +17,7 @@
.endif
.if !empty(PKG_OPTIONS:Mhpn-patch)
-PATCHFILES= openssh-4.3p1-hpn11.diff
+PATCHFILES= openssh-4.4p1-hpn.diff.gz
PATCH_SITES= http://www.psc.edu/networking/projects/hpn-ssh/
PATCH_DIST_STRIP= -p1
.endif
diff -r ab136ef6d9ac -r 3fdc479fcb42 security/openssh/patches/patch-aa
--- a/security/openssh/patches/patch-aa Mon Oct 30 23:04:05 2006 +0000
+++ b/security/openssh/patches/patch-aa Tue Oct 31 03:31:19 2006 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.41 2006/02/12 00:13:55 salo Exp $
+$NetBSD: patch-aa,v 1.42 2006/10/31 03:31:19 taca Exp $
---- configure.orig 2006-02-01 05:33:51.000000000 -0600
-+++ configure 2006-02-08 22:02:30.000000000 -0600
-@@ -5417,6 +5417,36 @@
+--- configure.orig 2006-09-26 20:03:41.000000000 +0900
++++ configure
+@@ -7326,6 +7326,36 @@ _ACEOF
;;
esac
;;
@@ -39,7 +39,7 @@
*-*-irix5*)
PATH="$PATH:/usr/etc"
-@@ -6233,7 +6263,7 @@
+@@ -7931,7 +7961,7 @@ cat >>confdefs.h <<\_ACEOF
_ACEOF
;;
@@ -48,7 +48,7 @@
check_for_libcrypt_later=1
cat >>confdefs.h <<\_ACEOF
-@@ -7269,6 +7299,9 @@
+@@ -9144,6 +9174,9 @@ _ACEOF
;;
esac
@@ -57,9 +57,17 @@
+
# Allow user to specify flags
- # Check whether --with-cflags or --without-cflags was given.
-@@ -26694,14 +26727,21 @@
- rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ # Check whether --with-cflags was given.
+@@ -9344,6 +9377,7 @@ for ac_header in \
+ maillock.h \
+ ndir.h \
+ net/if_tun.h \
++ net/tun/if_tun.h \
+ netdb.h \
+ netgroup.h \
+ pam/pam_appl.h \
+@@ -32055,14 +32089,21 @@ fi
+ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
if test -z "$conf_utmpx_location"; then
if test x"$system_utmpx_path" = x"no" ; then
- cat >>confdefs.h <<\_ACEOF
@@ -84,8 +92,8 @@
#define CONF_UTMPX_FILE "$conf_utmpx_location"
_ACEOF
-@@ -26769,14 +26809,20 @@
- rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+@@ -32143,14 +32184,20 @@ fi
+ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
if test -z "$conf_wtmpx_location"; then
if test x"$system_wtmpx_path" = x"no" ; then
- cat >>confdefs.h <<\_ACEOF
@@ -110,7 +118,7 @@
#define CONF_WTMPX_FILE "$conf_wtmpx_location"
_ACEOF
-@@ -28002,7 +28048,7 @@
+@@ -33383,7 +33430,7 @@ echo "OpenSSH has been configured with t
echo " User binaries: $B"
echo " System binaries: $C"
echo " Configuration files: $D"
diff -r ab136ef6d9ac -r 3fdc479fcb42 security/openssh/patches/patch-ab
--- a/security/openssh/patches/patch-ab Mon Oct 30 23:04:05 2006 +0000
+++ b/security/openssh/patches/patch-ab Tue Oct 31 03:31:19 2006 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.23 2006/02/12 00:13:55 salo Exp $
+$NetBSD: patch-ab,v 1.24 2006/10/31 03:31:20 taca Exp $
---- configure.ac.orig 2006-01-29 07:22:39.000000000 -0600
-+++ configure.ac 2006-02-08 20:55:34.000000000 -0600
-@@ -277,6 +277,15 @@
+--- configure.ac.orig 2006-09-25 04:08:59.000000000 +0900
++++ configure.ac
+@@ -324,6 +324,15 @@ main() { if (NSVersionOfRunTimeLibrary("
;;
esac
;;
@@ -18,7 +18,7 @@
*-*-irix5*)
PATH="$PATH:/usr/etc"
AC_DEFINE(BROKEN_INET_NTOA, 1,
-@@ -597,6 +606,9 @@
+@@ -663,6 +672,9 @@ mips-sony-bsd|mips-sony-newsos4)
;;
esac
@@ -28,7 +28,15 @@
# Allow user to specify flags
AC_ARG_WITH(cflags,
[ --with-cflags Specify additional flags to pass to compiler],
-@@ -3668,9 +3680,17 @@
+@@ -745,6 +757,7 @@ AC_CHECK_HEADERS( \
+ maillock.h \
+ ndir.h \
+ net/if_tun.h \
++ net/tun/if_tun.h \
+ netdb.h \
+ netgroup.h \
+ pam/pam_appl.h \
+@@ -3873,9 +3886,17 @@ AC_TRY_COMPILE([
)
if test -z "$conf_utmpx_location"; then
if test x"$system_utmpx_path" = x"no" ; then
@@ -48,7 +56,7 @@
AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
[Define if you want to specify the path to your utmpx file])
fi
-@@ -3694,9 +3714,17 @@
+@@ -3899,9 +3920,17 @@ AC_TRY_COMPILE([
)
if test -z "$conf_wtmpx_location"; then
if test x"$system_wtmpx_path" = x"no" ; then
@@ -68,7 +76,7 @@
AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
[Define if you want to specify the path to your wtmpx file])
fi
-@@ -3743,7 +3771,7 @@
+@@ -3941,7 +3970,7 @@ echo "OpenSSH has been configured with t
echo " User binaries: $B"
echo " System binaries: $C"
echo " Configuration files: $D"
diff -r ab136ef6d9ac -r 3fdc479fcb42 security/openssh/patches/patch-ac
--- a/security/openssh/patches/patch-ac Mon Oct 30 23:04:05 2006 +0000
+++ b/security/openssh/patches/patch-ac Tue Oct 31 03:31:19 2006 +0000
@@ -1,7 +1,7 @@
-$NetBSD: patch-ac,v 1.15 2006/02/12 00:13:55 salo Exp $
+$NetBSD: patch-ac,v 1.16 2006/10/31 03:31:20 taca Exp $
---- defines.h.orig 2005-12-17 05:04:09.000000000 -0600
-+++ defines.h 2006-02-08 20:58:45.000000000 -0600
+--- defines.h.orig 2006-09-21 22:13:30.000000000 +0900
++++ defines.h
@@ -30,6 +30,15 @@
/* Constants */
Home |
Main Index |
Thread Index |
Old Index