pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/openssh Update openssh package to 5.2.1(5.2p1).
details: https://anonhg.NetBSD.org/pkgsrc/rev/fecc053804a5
branches: trunk
changeset: 393471:fecc053804a5
user: taca <taca%pkgsrc.org@localhost>
date: Thu May 21 03:22:29 2009 +0000
description:
Update openssh package to 5.2.1(5.2p1).
Changes since OpenSSH 5.1
=========================
Security:
* This release changes the default cipher order to prefer the AES CTR
modes and the revised "arcfour256" mode to CBC mode ciphers that are
susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH".
* This release also adds countermeasures to mitigate CPNI-957037-style
attacks against the SSH protocol's use of CBC-mode ciphers. Upon
detection of an invalid packet length or Message Authentication
Code, ssh/sshd will continue reading up to the maximum supported
packet length rather than immediately terminating the connection.
This eliminates most of the known differences in behaviour that
leaked information about the plaintext of injected data which formed
the basis of this attack. We believe that these attacks are rendered
infeasible by these changes.
New features:
* Added a -y option to ssh(1) to force logging to syslog rather than
stderr, which is useful when running daemonised (ssh -f)
* The sshd_config(5) ForceCommand directive now accepts commandline
arguments for the internal-sftp server.
* The ssh(1) ~C escape commandline now support runtime creation of
dynamic (-D) port forwards.
* Support the SOCKS4A protocol in ssh(1) dynamic (-D) forwards.
(bz#1482)
* Support remote port forwarding with a listen port of '0'. This
informs the server that it should dynamically allocate a listen
port and report it back to the client. (bz#1003)
* sshd(8) now supports setting PermitEmptyPasswords and
AllowAgentForwarding in Match blocks
Bug and documentation fixes
* Repair a ssh(1) crash introduced in openssh-5.1 when the client is
sent a zero-length banner (bz#1496)
* Due to interoperability problems with certain
broken SSH implementations, the eow%openssh.com@localhost and
no-more-sessions%openssh.com@localhost protocol extensions are now only sent
to peers that identify themselves as OpenSSH.
* Make ssh(1) send the correct channel number for
SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to
avoid triggering 'Non-public channel' error messages on sshd(8) in
openssh-5.1.
* Avoid printing 'Non-public channel' warnings in sshd(8), since the
ssh(1) has sent incorrect channel numbers since ~2004 (this reverts
a behaviour introduced in openssh-5.1).
* Avoid double-free in ssh(1) ~C escape -L handler (bz#1539)
* Correct fail-on-error behaviour in sftp(1) batchmode for remote
stat operations. (bz#1541)
* Disable nonfunctional ssh(1) ~C escape handler in multiplex slave
connections. (bz#1543)
* Avoid hang in ssh(1) when attempting to connect to a server that
has MaxSessions=0 set.
* Multiple fixes to sshd(8) configuration test (-T) mode
* Several core and portable OpenSSH bugs fixed: 1380, 1412, 1418,
1419, 1421, 1490, 1491, 1492, 1514, 1515, 1518, 1520, 1538, 1540
* Many manual page improvements.
diffstat:
security/openssh/Makefile | 8 +++---
security/openssh/distinfo | 46 +++++++++++++++++++-------------------
security/openssh/options.mk | 4 +-
security/openssh/patches/patch-aa | 18 +++++++-------
security/openssh/patches/patch-ab | 16 ++++++------
security/openssh/patches/patch-ad | 16 ++++++------
security/openssh/patches/patch-ag | 8 +++---
security/openssh/patches/patch-ah | 10 ++++----
security/openssh/patches/patch-aj | 10 ++++----
security/openssh/patches/patch-ak | 10 ++++----
security/openssh/patches/patch-al | 8 +++---
security/openssh/patches/patch-am | 6 ++--
security/openssh/patches/patch-an | 10 ++++----
security/openssh/patches/patch-ao | 16 ++++++------
security/openssh/patches/patch-ap | 6 ++--
security/openssh/patches/patch-aq | 10 ++++----
security/openssh/patches/patch-ar | 6 ++--
security/openssh/patches/patch-av | 18 +++++++-------
security/openssh/patches/patch-aw | 6 ++--
19 files changed, 116 insertions(+), 116 deletions(-)
diffs (truncated from 691 to 300 lines):
diff -r ed0e05d2fece -r fecc053804a5 security/openssh/Makefile
--- a/security/openssh/Makefile Thu May 21 01:40:58 2009 +0000
+++ b/security/openssh/Makefile Thu May 21 03:22:29 2009 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.191 2009/05/01 14:27:34 zafer Exp $
+# $NetBSD: Makefile,v 1.192 2009/05/21 03:22:29 taca Exp $
-DISTNAME= openssh-5.1p1
-PKGNAME= openssh-5.1.1
+DISTNAME= openssh-5.2p1
+PKGNAME= openssh-5.2.1
SVR4_PKGNAME= ossh
CATEGORIES= security
MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
@@ -14,7 +14,7 @@
ftp://mirror.pacific.net.au/OpenBSD/OpenSSH/portable/
# Don't delete the last entry -- it's there if the pkgsrc version is not
# up-to-date and the mirrors already removed the old distfile.
-DIST_SUBDIR= ${PKGBASE}-5.1.1-20080916
+DIST_SUBDIR= ${PKGBASE}-5.2.1-20090521
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
HOMEPAGE= http://www.openssh.com/
diff -r ed0e05d2fece -r fecc053804a5 security/openssh/distinfo
--- a/security/openssh/distinfo Thu May 21 01:40:58 2009 +0000
+++ b/security/openssh/distinfo Thu May 21 03:22:29 2009 +0000
@@ -1,29 +1,29 @@
-$NetBSD: distinfo,v 1.71 2008/09/16 12:53:08 taca Exp $
+$NetBSD: distinfo,v 1.72 2009/05/21 03:22:29 taca Exp $
-SHA1 (openssh-5.1.1-20080916/openssh-5.1p1-hpn13v5.diff.gz) = c2911f04f8d46a28afa9f9cbb7ec226cb2c893d1
-RMD160 (openssh-5.1.1-20080916/openssh-5.1p1-hpn13v5.diff.gz) = 6466cd0825e80366adc1978069e3c61255e0bde7
-Size (openssh-5.1.1-20080916/openssh-5.1p1-hpn13v5.diff.gz) = 23017 bytes
-SHA1 (openssh-5.1.1-20080916/openssh-5.1p1.tar.gz) = 877ea5b283060fe0160e376ea645e8e168047ff5
-RMD160 (openssh-5.1.1-20080916/openssh-5.1p1.tar.gz) = 24293ad89633cfd4791f08eb3442becb7e5788ca
-Size (openssh-5.1.1-20080916/openssh-5.1p1.tar.gz) = 1040041 bytes
-SHA1 (patch-aa) = 8b7a16e9a63cfff3b73d70b9cebb6627b96396e0
-SHA1 (patch-ab) = a105c238c8dc774ed6992791b131da56824869e9
+SHA1 (openssh-5.2.1-20090521/openssh-5.2p1-hpn13v6.diff.gz) = 9683d5feb3f7e302ef836901af5366df6c425815
+RMD160 (openssh-5.2.1-20090521/openssh-5.2p1-hpn13v6.diff.gz) = d647d3b0547e4d698c616f5ed6643b3ddbcced95
+Size (openssh-5.2.1-20090521/openssh-5.2p1-hpn13v6.diff.gz) = 33540 bytes
+SHA1 (openssh-5.2.1-20090521/openssh-5.2p1.tar.gz) = 8273a0237db98179fbdc412207ff8eb14ff3d6de
+RMD160 (openssh-5.2.1-20090521/openssh-5.2p1.tar.gz) = 7c53f342034b16e9faa9f5a09ef46390420722eb
+Size (openssh-5.2.1-20090521/openssh-5.2p1.tar.gz) = 1016612 bytes
+SHA1 (patch-aa) = 38546f8fd8bf6021d43cdf076ab723ad39a5f78e
+SHA1 (patch-ab) = 00e7e50a35e8b3bcfa53b239b520a12498c8dca0
SHA1 (patch-ac) = ba97b23c6527311256b335c58175da9e9a3616e4
-SHA1 (patch-ad) = 7921e029b56c0e4769a7ada03dff3eb2e275db7d
+SHA1 (patch-ad) = 254e11c5f56a72bf0b30bb8860e45156b3a0adf2
SHA1 (patch-ae) = 9585221f9e49b4ebea31c374066d70e11aa804a1
SHA1 (patch-af) = ca3224af0b648803404776a8c12ed678db4f8ff6
-SHA1 (patch-ag) = eeaa6e09f743405af074009ffe80678a5179ed08
-SHA1 (patch-ah) = bc0d7c2903ecf264e62b53f3864812af5f2f04ce
+SHA1 (patch-ag) = b5cb0400d3cda9cb6d60dc729e54b1ffc34ec9e2
+SHA1 (patch-ah) = fa5175734678e95d05dcdcebadeb79df3ecef760
SHA1 (patch-ai) = becad6262e5daeef2a6db14097a8971c40088403
-SHA1 (patch-aj) = 4f477f40d1d891dcda9083cec5521e80410ebd54
-SHA1 (patch-ak) = 3720afb4e95356d5310762cda881820d524dcffc
-SHA1 (patch-al) = d312a068047a375e52180026554bab745efdcdb7
-SHA1 (patch-am) = 4e2278b20e87e530e1819efde976d4414e160e38
-SHA1 (patch-an) = 2f955b8891bedd79986490d282eb09acd4910250
-SHA1 (patch-ao) = a7c5a1832cb2a4584c77577fb125f84a1e9a9deb
-SHA1 (patch-ap) = 3029b847ce83305e8103276e27c75e0338e1fc08
-SHA1 (patch-aq) = a619b57361b04d5ab3d41375c18f7b99d71c8b34
-SHA1 (patch-ar) = fce4dc1011a124f02b8e14980cda1d633b36aa7d
+SHA1 (patch-aj) = 5c89b4a7da59f05c50c16083aa6dd6e465cd0305
+SHA1 (patch-ak) = 550eae0b47dc220dac2439f57b39b7e4319057c5
+SHA1 (patch-al) = a3906a9b6a9a15b948b8bab3a85454f2515400bd
+SHA1 (patch-am) = 4893a8a059d611d35c1fb9ff03b598c590e0355e
+SHA1 (patch-an) = 5b41d9493028dd4dce4a73ea78e43f3a073108e5
+SHA1 (patch-ao) = 6b64be9b230ddb634b9b5fdab22c4944ae605153
+SHA1 (patch-ap) = 041059e25d2331aace0eaa5a6c3032afb3d565b4
+SHA1 (patch-aq) = 1a7d8a4c5e70a0c6211247ba583534ed8ce317d0
+SHA1 (patch-ar) = a1099e0175a2b14f3b19db04261891179b1e3299
SHA1 (patch-au) = 6cfdfc531e2267017a15e66ea48c7ecfa2a3926f
-SHA1 (patch-av) = 00f54c3fae7318b278b16bd0b01881a90bd31365
-SHA1 (patch-aw) = 2a88b7563c6f52163c6c5f716e437ecaea613a30
+SHA1 (patch-av) = 06126d8f83398aa9df8a56792ad55bc769dd2550
+SHA1 (patch-aw) = 532f2aebcb93cae5e0dd26a5faa1593a7d3a3c51
diff -r ed0e05d2fece -r fecc053804a5 security/openssh/options.mk
--- a/security/openssh/options.mk Thu May 21 01:40:58 2009 +0000
+++ b/security/openssh/options.mk Thu May 21 03:22:29 2009 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.16 2008/09/16 12:53:08 taca Exp $
+# $NetBSD: options.mk,v 1.17 2009/05/21 03:22:29 taca Exp $
.include "../../mk/bsd.prefs.mk"
@@ -17,7 +17,7 @@
.endif
.if !empty(PKG_OPTIONS:Mhpn-patch)
-PATCHFILES= openssh-5.1p1-hpn13v5.diff.gz
+PATCHFILES= openssh-5.2p1-hpn13v6.diff.gz
PATCH_SITES= http://www.psc.edu/networking/projects/hpn-ssh/
PATCH_DIST_STRIP= -p1
.endif
diff -r ed0e05d2fece -r fecc053804a5 security/openssh/patches/patch-aa
--- a/security/openssh/patches/patch-aa Thu May 21 01:40:58 2009 +0000
+++ b/security/openssh/patches/patch-aa Thu May 21 03:22:29 2009 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.43 2006/11/08 01:49:22 taca Exp $
+$NetBSD: patch-aa,v 1.44 2009/05/21 03:22:29 taca Exp $
---- configure.orig 2006-11-07 22:07:18.000000000 +0900
+--- configure.orig 2009-02-23 09:18:14.000000000 +0900
+++ configure
-@@ -5835,6 +5835,9 @@ if test "${with_rpath+set}" = set; then
+@@ -5666,6 +5666,9 @@ if test "${with_rpath+set}" = set; then
fi
@@ -12,7 +12,7 @@
# Allow user to specify flags
# Check whether --with-cflags was given.
-@@ -5976,6 +5979,7 @@ for ac_header in \
+@@ -5812,6 +5815,7 @@ for ac_header in \
maillock.h \
ndir.h \
net/if_tun.h \
@@ -20,7 +20,7 @@
netdb.h \
netgroup.h \
pam/pam_appl.h \
-@@ -7919,6 +7923,36 @@ _ACEOF
+@@ -7521,6 +7525,36 @@ _ACEOF
;;
esac
;;
@@ -57,7 +57,7 @@
*-*-irix5*)
PATH="$PATH:/usr/etc"
-@@ -8524,7 +8558,7 @@ cat >>confdefs.h <<\_ACEOF
+@@ -8082,7 +8116,7 @@ cat >>confdefs.h <<\_ACEOF
_ACEOF
;;
@@ -66,7 +66,7 @@
check_for_libcrypt_later=1
cat >>confdefs.h <<\_ACEOF
-@@ -32058,14 +32092,21 @@ fi
+@@ -29187,14 +29221,21 @@ fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
if test -z "$conf_utmpx_location"; then
if test x"$system_utmpx_path" = x"no" ; then
@@ -92,7 +92,7 @@
#define CONF_UTMPX_FILE "$conf_utmpx_location"
_ACEOF
-@@ -32146,14 +32187,20 @@ fi
+@@ -29258,14 +29299,20 @@ fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
if test -z "$conf_wtmpx_location"; then
if test x"$system_wtmpx_path" = x"no" ; then
@@ -118,7 +118,7 @@
#define CONF_WTMPX_FILE "$conf_wtmpx_location"
_ACEOF
-@@ -33386,7 +33433,7 @@ echo "OpenSSH has been configured with t
+@@ -30518,7 +30565,7 @@ echo "OpenSSH has been configured with t
echo " User binaries: $B"
echo " System binaries: $C"
echo " Configuration files: $D"
diff -r ed0e05d2fece -r fecc053804a5 security/openssh/patches/patch-ab
--- a/security/openssh/patches/patch-ab Thu May 21 01:40:58 2009 +0000
+++ b/security/openssh/patches/patch-ab Thu May 21 03:22:29 2009 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.25 2006/11/08 01:49:22 taca Exp $
+$NetBSD: patch-ab,v 1.26 2009/05/21 03:22:29 taca Exp $
---- configure.ac.orig 2006-10-07 08:07:21.000000000 +0900
+--- configure.ac.orig 2009-02-16 13:37:03.000000000 +0900
+++ configure.ac
-@@ -127,6 +127,9 @@ AC_ARG_WITH(rpath,
+@@ -191,6 +191,9 @@ AC_ARG_WITH(rpath,
]
)
@@ -12,7 +12,7 @@
# Allow user to specify flags
AC_ARG_WITH(cflags,
[ --with-cflags Specify additional flags to pass to compiler],
-@@ -194,6 +197,7 @@ AC_CHECK_HEADERS( \
+@@ -258,6 +261,7 @@ AC_CHECK_HEADERS( \
maillock.h \
ndir.h \
net/if_tun.h \
@@ -20,7 +20,7 @@
netdb.h \
netgroup.h \
pam/pam_appl.h \
-@@ -454,6 +458,15 @@ main() { if (NSVersionOfRunTimeLibrary("
+@@ -531,6 +535,15 @@ main() { if (NSVersionOfRunTimeLibrary("
;;
esac
;;
@@ -36,7 +36,7 @@
*-*-irix5*)
PATH="$PATH:/usr/etc"
AC_DEFINE(BROKEN_INET_NTOA, 1,
-@@ -3876,9 +3889,17 @@ AC_TRY_COMPILE([
+@@ -4063,9 +4076,17 @@ AC_TRY_COMPILE([
)
if test -z "$conf_utmpx_location"; then
if test x"$system_utmpx_path" = x"no" ; then
@@ -56,7 +56,7 @@
AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
[Define if you want to specify the path to your utmpx file])
fi
-@@ -3902,9 +3923,17 @@ AC_TRY_COMPILE([
+@@ -4089,9 +4110,17 @@ AC_TRY_COMPILE([
)
if test -z "$conf_wtmpx_location"; then
if test x"$system_wtmpx_path" = x"no" ; then
@@ -76,7 +76,7 @@
AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
[Define if you want to specify the path to your wtmpx file])
fi
-@@ -3944,7 +3973,7 @@ echo "OpenSSH has been configured with t
+@@ -4138,7 +4167,7 @@ echo "OpenSSH has been configured with t
echo " User binaries: $B"
echo " System binaries: $C"
echo " Configuration files: $D"
diff -r ed0e05d2fece -r fecc053804a5 security/openssh/patches/patch-ad
--- a/security/openssh/patches/patch-ad Thu May 21 01:40:58 2009 +0000
+++ b/security/openssh/patches/patch-ad Thu May 21 03:22:29 2009 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ad,v 1.12 2006/10/31 03:31:20 taca Exp $
+$NetBSD: patch-ad,v 1.13 2009/05/21 03:22:29 taca Exp $
---- loginrec.c.orig 2006-09-07 21:57:54.000000000 +0900
+--- loginrec.c.orig 2009-02-12 11:12:22.000000000 +0900
+++ loginrec.c
-@@ -430,8 +430,8 @@ login_set_addr(struct logininfo *li, con
+@@ -431,8 +431,8 @@ login_set_addr(struct logininfo *li, con
int
login_write(struct logininfo *li)
{
@@ -13,7 +13,7 @@
logit("Attempt to write login records by non-root user (aborting)");
return (1);
}
-@@ -439,7 +439,7 @@ login_write(struct logininfo *li)
+@@ -440,7 +440,7 @@ login_write(struct logininfo *li)
/* set the timestamp */
login_set_current_time(li);
@@ -22,7 +22,7 @@
syslogin_write_entry(li);
#endif
#ifdef USE_LASTLOG
-@@ -619,7 +619,7 @@ line_abbrevname(char *dst, const char *s
+@@ -620,7 +620,7 @@ line_abbrevname(char *dst, const char *s
** into account.
**/
@@ -31,7 +31,7 @@
/* build the utmp structure */
void
-@@ -756,10 +756,6 @@ construct_utmpx(struct logininfo *li, st
+@@ -757,10 +757,6 @@ construct_utmpx(struct logininfo *li, st
set_utmpx_time(li, utx);
utx->ut_pid = li->pid;
@@ -42,7 +42,7 @@
if (li->type == LTYPE_LOGOUT)
return;
-@@ -768,6 +764,8 @@ construct_utmpx(struct logininfo *li, st
+@@ -769,6 +765,8 @@ construct_utmpx(struct logininfo *li, st
* for logouts.
*/
@@ -51,7 +51,7 @@
# ifdef HAVE_HOST_IN_UTMPX
strncpy(utx->ut_host, li->hostname,
MIN_SIZEOF(utx->ut_host, li->hostname));
-@@ -1397,7 +1395,7 @@ wtmpx_get_entry(struct logininfo *li)
+@@ -1398,7 +1396,7 @@ wtmpx_get_entry(struct logininfo *li)
** Low-level libutil login() functions
**/
diff -r ed0e05d2fece -r fecc053804a5 security/openssh/patches/patch-ag
--- a/security/openssh/patches/patch-ag Thu May 21 01:40:58 2009 +0000
+++ b/security/openssh/patches/patch-ag Thu May 21 03:22:29 2009 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ag,v 1.10 2008/09/16 12:53:08 taca Exp $
+$NetBSD: patch-ag,v 1.11 2009/05/21 03:22:29 taca Exp $
---- config.h.in.orig 2008-07-21 17:30:49.000000000 +0900
+--- config.h.in.orig 2009-02-23 09:18:12.000000000 +0900
+++ config.h.in
-@@ -506,6 +506,9 @@
+@@ -509,6 +509,9 @@
/* define if you have int64_t data type */
#undef HAVE_INT64_T
Home |
Main Index |
Thread Index |
Old Index