From 629436fac8d85a5c231a09fdc142b64f3d6b0de4 Mon Sep 17 00:00:00 2001 From: des Date: Sat, 12 Mar 2016 23:53:20 +0000 Subject: MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug) MFH (r296634): re-add aes-cbc to server-side default cipher list MFH (r296651, r296657): fix gcc build of pam_ssh PR: 207679 Security: CVE-2016-3115 --- secure/lib/libssh/Makefile | 3 ++- secure/libexec/sftp-server/Makefile | 5 ----- secure/libexec/ssh-keysign/Makefile | 2 +- secure/libexec/ssh-pkcs11-helper/Makefile | 5 ----- secure/usr.bin/scp/Makefile | 5 ----- secure/usr.bin/sftp/Makefile | 5 ----- secure/usr.bin/ssh-add/Makefile | 5 ----- secure/usr.bin/ssh-agent/Makefile | 5 ----- secure/usr.bin/ssh-keygen/Makefile | 5 ----- secure/usr.bin/ssh-keyscan/Makefile | 2 +- secure/usr.bin/ssh/Makefile | 3 +-- secure/usr.sbin/sshd/Makefile | 4 ++-- 12 files changed, 7 insertions(+), 42 deletions(-) (limited to 'secure') diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile index 0d3f05c..92ba2bd 100644 --- a/secure/lib/libssh/Makefile +++ b/secure/lib/libssh/Makefile @@ -22,7 +22,8 @@ SRCS+= authfd.c authfile.c bufaux.c bufbn.c bufec.c buffer.c \ sc25519.c ge25519.c fe25519.c ed25519.c verify.c hash.c blocks.c \ kex.c kexdh.c kexgex.c kexecdh.c kexc25519.c \ kexdhc.c kexgexc.c kexecdhc.c kexc25519c.c \ - kexdhs.c kexgexs.c kexecdhs.c kexc25519s.c + kexdhs.c kexgexs.c kexecdhs.c kexc25519s.c \ + platform-pledge.c # gss-genr.c should be in $SRCS but causes linking problems, so it is # compiled directly into sshd instead. diff --git a/secure/libexec/sftp-server/Makefile b/secure/libexec/sftp-server/Makefile index 0c5f06c..c03272b 100644 --- a/secure/libexec/sftp-server/Makefile +++ b/secure/libexec/sftp-server/Makefile @@ -8,11 +8,6 @@ MAN= sftp-server.8 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h SRCS+= ssh_namespace.h -.if !defined(NO_SHARED) -# required when linking with a dynamic libssh -SRCS+= roaming_dummy.c -.endif - DPADD= ${LIBSSH} LDADD= -lssh USEPRIVATELIB= ssh diff --git a/secure/libexec/ssh-keysign/Makefile b/secure/libexec/ssh-keysign/Makefile index 3df2185..6953752 100644 --- a/secure/libexec/ssh-keysign/Makefile +++ b/secure/libexec/ssh-keysign/Makefile @@ -3,7 +3,7 @@ .include PROG= ssh-keysign -SRCS= ssh-keysign.c roaming_dummy.c readconf.c +SRCS= ssh-keysign.c readconf.c MAN= ssh-keysign.8 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h SRCS+= ssh_namespace.h diff --git a/secure/libexec/ssh-pkcs11-helper/Makefile b/secure/libexec/ssh-pkcs11-helper/Makefile index 548d01c..b5896d1 100644 --- a/secure/libexec/ssh-pkcs11-helper/Makefile +++ b/secure/libexec/ssh-pkcs11-helper/Makefile @@ -8,11 +8,6 @@ MAN= ssh-pkcs11-helper.8 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h SRCS+= ssh_namespace.h -.if !defined(NO_SHARED) -# required when linking with a dynamic libssh -SRCS+= roaming_dummy.c -.endif - DPADD= ${LIBSSH} LDADD= -lssh USEPRIVATELIB= ssh diff --git a/secure/usr.bin/scp/Makefile b/secure/usr.bin/scp/Makefile index 4ab5696..6495845 100644 --- a/secure/usr.bin/scp/Makefile +++ b/secure/usr.bin/scp/Makefile @@ -7,11 +7,6 @@ SRCS= scp.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h SRCS+= ssh_namespace.h -.if !defined(NO_SHARED) -# required when linking with a dynamic libssh -SRCS+= roaming_dummy.c -.endif - DPADD= ${LIBSSH} LDADD= -lssh USEPRIVATELIB= ssh diff --git a/secure/usr.bin/sftp/Makefile b/secure/usr.bin/sftp/Makefile index 757c97b..7f822c6 100644 --- a/secure/usr.bin/sftp/Makefile +++ b/secure/usr.bin/sftp/Makefile @@ -7,11 +7,6 @@ SRCS= sftp.c sftp-client.c sftp-common.c sftp-glob.c progressmeter.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h SRCS+= ssh_namespace.h -.if !defined(NO_SHARED) -# required when linking with a dynamic libssh -SRCS+= roaming_dummy.c -.endif - DPADD= ${LIBSSH} ${LIBEDIT} ${LIBNCURSES} LDADD= -lssh -ledit -lncurses USEPRIVATELIB= ssh diff --git a/secure/usr.bin/ssh-add/Makefile b/secure/usr.bin/ssh-add/Makefile index a539480..da04a61 100644 --- a/secure/usr.bin/ssh-add/Makefile +++ b/secure/usr.bin/ssh-add/Makefile @@ -7,11 +7,6 @@ SRCS+= ssh-add.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h SRCS+= ssh_namespace.h -.if !defined(NO_SHARED) -# required when linking with a dynamic libssh -SRCS+= roaming_dummy.c -.endif - DPADD= ${LIBSSH} LDADD= -lssh USEPRIVATELIB= ssh diff --git a/secure/usr.bin/ssh-agent/Makefile b/secure/usr.bin/ssh-agent/Makefile index 4ca7086..202f47e 100644 --- a/secure/usr.bin/ssh-agent/Makefile +++ b/secure/usr.bin/ssh-agent/Makefile @@ -7,11 +7,6 @@ SRCS= ssh-agent.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h SRCS+= ssh_namespace.h -.if !defined(NO_SHARED) -# required when linking with a dynamic libssh -SRCS+= roaming_dummy.c -.endif - DPADD= ${LIBSSH} LDADD= -lssh USEPRIVATELIB= ssh diff --git a/secure/usr.bin/ssh-keygen/Makefile b/secure/usr.bin/ssh-keygen/Makefile index 22e1bc2..699d61f 100644 --- a/secure/usr.bin/ssh-keygen/Makefile +++ b/secure/usr.bin/ssh-keygen/Makefile @@ -7,11 +7,6 @@ SRCS= ssh-keygen.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h SRCS+= ssh_namespace.h -.if !defined(NO_SHARED) -# required when linking with a dynamic libssh -SRCS+= roaming_dummy.c -.endif - DPADD= ${LIBSSH} LDADD= -lssh USEPRIVATELIB= ssh diff --git a/secure/usr.bin/ssh-keyscan/Makefile b/secure/usr.bin/ssh-keyscan/Makefile index e35572c..787e890 100644 --- a/secure/usr.bin/ssh-keyscan/Makefile +++ b/secure/usr.bin/ssh-keyscan/Makefile @@ -3,7 +3,7 @@ .include PROG= ssh-keyscan -SRCS= ssh-keyscan.c roaming_dummy.c +SRCS= ssh-keyscan.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h SRCS+= ssh_namespace.h diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile index a019ec1..24f02b3 100644 --- a/secure/usr.bin/ssh/Makefile +++ b/secure/usr.bin/ssh/Makefile @@ -8,8 +8,7 @@ MAN= ssh.1 ssh_config.5 MLINKS= ssh.1 slogin.1 SRCS= ssh.c readconf.c clientloop.c sshtty.c \ - sshconnect.c sshconnect1.c sshconnect2.c mux.c \ - roaming_common.c roaming_client.c + sshconnect.c sshconnect1.c sshconnect2.c mux.c # gss-genr.c really belongs in libssh; see src/secure/lib/libssh/Makefile SRCS+= gss-genr.c diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index 5fb7084..51a944a 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -14,9 +14,9 @@ SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \ auth2-gss.c gss-serv.c gss-serv-krb5.c \ loginrec.c auth-pam.c auth-shadow.c auth-sia.c md5crypt.c \ sftp-server.c sftp-common.c \ - roaming_common.c roaming_serv.c \ sandbox-null.c sandbox-rlimit.c sandbox-systrace.c sandbox-darwin.c \ - sandbox-seccomp-filter.c sandbox-capsicum.c + sandbox-seccomp-filter.c sandbox-capsicum.c sandbox-pledge.c \ + sandbox-solaris.c # gss-genr.c really belongs in libssh; see src/secure/lib/libssh/Makefile SRCS+= gss-genr.c -- cgit v1.1