diff options
| author | kris <kris@FreeBSD.org> | 2001-02-09 22:37:50 +0000 |
|---|---|---|
| committer | kris <kris@FreeBSD.org> | 2001-02-09 22:37:50 +0000 |
| commit | 6d7ada57a1a518a3269c7bbc410bd0e9f54d66bc (patch) | |
| tree | 3fbee07fa4ab56acc0b7156e48ae997f5e81d177 /security/openssh | |
| parent | 9d444297880cada1acc7639ab48adf689e1d7ab0 (diff) | |
| download | FreeBSD-ports-6d7ada57a1a518a3269c7bbc410bd0e9f54d66bc.zip FreeBSD-ports-6d7ada57a1a518a3269c7bbc410bd0e9f54d66bc.tar.gz | |
Add patch to deal with possible remote root exploit found by
Michal Zalewski of the Bindview RAZOR Team, and some patches to hopefully
deal with compilation on older versions of FreeBSD.
Submitted by: alfred
Diffstat (limited to 'security/openssh')
| -rw-r--r-- | security/openssh/Makefile | 2 | ||||
| -rw-r--r-- | security/openssh/files/patch-an | 7 | ||||
| -rw-r--r-- | security/openssh/files/patch-au | 19 | ||||
| -rw-r--r-- | security/openssh/files/patch-az | 11 | ||||
| -rw-r--r-- | security/openssh/files/rcmd.c | 8 |
5 files changed, 25 insertions, 22 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index c4cf010..ec41879 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -20,8 +20,6 @@ USE_OPENSSL= YES .include <bsd.port.pre.mk> -FORBIDDEN= "Remote vulnerabilities" - CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto # Here, MANDIR is concetenated to DESTDIR which all forms the man install dir... MAKE_ENV+= DESTDIR=${PREFIX} MANDIR=/man/man CRYPTOLIBS="${CRYPTOLIBS}" diff --git a/security/openssh/files/patch-an b/security/openssh/files/patch-an index b26ba76..e5f14e4 100644 --- a/security/openssh/files/patch-an +++ b/security/openssh/files/patch-an @@ -1,12 +1,11 @@ ---- sshd.c.orig Wed May 3 19:21:49 2000 -+++ sshd.c Fri May 12 07:11:43 2000 -@@ -49,6 +49,13 @@ +--- /home/bright/ssh/ssh/sshd.c Thu Aug 17 13:06:34 2000 ++++ sshd.c Fri Feb 9 11:19:08 2001 +@@ -49,6 +49,12 @@ int deny_severity = LOG_WARNING; #endif /* LIBWRAP */ +#ifdef __FreeBSD__ +#include <libutil.h> -+#include <poll.h> +#include <syslog.h> +#include <time.h> +#endif /* __FreeBSD__ */ diff --git a/security/openssh/files/patch-au b/security/openssh/files/patch-au index 82de581..fb81427 100644 --- a/security/openssh/files/patch-au +++ b/security/openssh/files/patch-au @@ -1,12 +1,11 @@ ---- session.c.orig Sun Aug 27 23:50:54 2000 -+++ session.c Sat Nov 4 17:39:43 2000 -@@ -28,6 +28,13 @@ +--- /home/bright/ssh/ssh/session.c Sun Aug 27 20:50:54 2000 ++++ session.c Fri Feb 9 11:19:14 2001 +@@ -28,6 +28,12 @@ #include "auth.h" #include "auth-options.h" +#ifdef __FreeBSD__ +#include <libutil.h> -+#include <poll.h> +#include <syslog.h> +#include <time.h> +#endif /* __FreeBSD__ */ @@ -14,7 +13,7 @@ #ifdef HAVE_LOGIN_CAP #include <login_cap.h> #endif -@@ -413,6 +420,13 @@ +@@ -413,6 +419,13 @@ log_init(__progname, options.log_level, options.log_facility, log_stderr); /* @@ -28,7 +27,7 @@ * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ -@@ -516,6 +530,13 @@ +@@ -516,6 +529,13 @@ /* Child. Reinitialize the log because the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -42,7 +41,7 @@ /* Close the master side of the pseudo tty. */ close(ptyfd); -@@ -602,6 +623,7 @@ +@@ -602,6 +622,7 @@ time_t last_login_time; struct passwd * pw = s->pw; pid_t pid = getpid(); @@ -50,7 +49,7 @@ /* * Get IP address of client. If the connection is not a socket, let -@@ -644,6 +666,20 @@ +@@ -644,6 +665,20 @@ else printf("Last login: %s from %s\r\n", time_string, buf); } @@ -71,7 +70,7 @@ if (options.print_motd) { #ifdef HAVE_LOGIN_CAP f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", -@@ -949,7 +985,7 @@ +@@ -949,7 +984,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ @@ -80,7 +79,7 @@ close(i); /* Change current directory to the user\'s home directory. */ -@@ -973,7 +1009,27 @@ +@@ -973,7 +1008,27 @@ * in this order). */ if (!options.use_login) { diff --git a/security/openssh/files/patch-az b/security/openssh/files/patch-az new file mode 100644 index 0000000..ee3b066 --- /dev/null +++ b/security/openssh/files/patch-az @@ -0,0 +1,11 @@ +--- /home/bright/ssh/ssh/deattack.c Fri Aug 18 19:17:12 2000 ++++ deattack.c Fri Feb 9 10:58:54 2001 +@@ -84,7 +84,7 @@ + detect_attack(unsigned char *buf, u_int32_t len, unsigned char *IV) + { + static u_int16_t *h = (u_int16_t *) NULL; +- static u_int16_t n = HASH_MINSIZE / HASH_ENTRYSIZE; ++ static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE; + register u_int32_t i, j; + u_int32_t l; + register unsigned char *c; diff --git a/security/openssh/files/rcmd.c b/security/openssh/files/rcmd.c index d1fbbee..2378219 100644 --- a/security/openssh/files/rcmd.c +++ b/security/openssh/files/rcmd.c @@ -32,7 +32,7 @@ * * ported from: * FreeBSD: src/lib/libc/net/rcmd.c,v 1.22 2000/02/01 15:55:54 shin Exp - * $FreeBSD: /tmp/pcvs/ports/security/openssh/files/Attic/rcmd.c,v 1.2 2000-04-17 22:20:24 sumikawa Exp $ + * $FreeBSD: /tmp/pcvs/ports/security/openssh/files/Attic/rcmd.c,v 1.3 2001-02-09 22:37:50 kris Exp $ */ #if defined(LIBC_SCCS) && !defined(lint) @@ -172,11 +172,7 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) continue; } if (refused && timo <= 16) { - struct timespec time_to_sleep, time_remaining; - - time_to_sleep.tv_sec = timo; - time_to_sleep.tv_nsec = 0; - (void)_nanosleep(&time_to_sleep, &time_remaining); + sleep(timo); timo *= 2; ai = res; |
