Update to OpenSSH 5.0p1. Changes since 4.7: - fix two security issues - chroot support for sshd(8) - sftp server internalized in sshd(8) - assorted bug fixesdiff -r1.187 -r1.188 pkgsrc/security/openssh/Makefile
(tnn)
@@ -1,39 +1,40 @@ | @@ -1,39 +1,40 @@ | |||
1 | # $NetBSD: Makefile,v 1.187 2008/04/03 07:59:08 tonnerre Exp $ | 1 | # $NetBSD: Makefile,v 1.188 2008/04/27 00:34:27 tnn Exp $ | |
2 | 2 | |||
3 | DISTNAME= openssh-4.7p1 | 3 | DISTNAME= openssh-5.0p1 | |
4 | PKGNAME= openssh-4.7.1 | 4 | PKGNAME= openssh-5.0.1 | |
5 | PKGREVISION= 3 | |||
6 | SVR4_PKGNAME= ossh | 5 | SVR4_PKGNAME= ossh | |
7 | CATEGORIES= security | 6 | CATEGORIES= security | |
8 | MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ | 7 | MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ | |
9 | ftp://ftp.stealth.net/pub/mirrors/ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ | 8 | ftp://ftp.stealth.net/pub/mirrors/ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ | |
10 | http://public.planetmirror.com.au/pub/OpenBSD/OpenSSH/portable/ \ | 9 | http://public.planetmirror.com.au/pub/OpenBSD/OpenSSH/portable/ \ | |
11 | ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \ | 10 | ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \ | |
12 | ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/old/ | 11 | ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/old/ | |
13 | # Don't delete the last entry -- it's there if the pkgsrc version is not | 12 | # Don't delete the last entry -- it's there if the pkgsrc version is not | |
14 | # up-to-date and the mirrors already removed the old distfile. | 13 | # up-to-date and the mirrors already removed the old distfile. | |
15 | DIST_SUBDIR= ${PKGBASE}-4.7.1-20070919 | 14 | DIST_SUBDIR= ${PKGBASE}-5.0.1-20080427 | |
16 | 15 | |||
17 | MAINTAINER= pkgsrc-users@NetBSD.org | 16 | MAINTAINER= pkgsrc-users@NetBSD.org | |
18 | HOMEPAGE= http://www.openssh.com/ | 17 | HOMEPAGE= http://www.openssh.com/ | |
19 | COMMENT= Open Source Secure shell client and server (remote login program) | 18 | COMMENT= Open Source Secure shell client and server (remote login program) | |
20 | 19 | |||
21 | CONFLICTS= sftp-[0-9]* | 20 | CONFLICTS= sftp-[0-9]* | |
22 | CONFLICTS+= ssh-[0-9]* ssh6-[0-9]* | 21 | CONFLICTS+= ssh-[0-9]* ssh6-[0-9]* | |
23 | CONFLICTS+= ssh2-[0-9]* ssh2-nox11-[0-9]* | 22 | CONFLICTS+= ssh2-[0-9]* ssh2-nox11-[0-9]* | |
24 | CONFLICTS+= openssh+gssapi-[0-9]* | 23 | CONFLICTS+= openssh+gssapi-[0-9]* | |
25 | CONFLICTS+= lsh>2.0 | 24 | CONFLICTS+= lsh>2.0 | |
26 | 25 | |||
26 | PKG_DESTDIR_SUPPORT= user-destdir | |||
27 | ||||
27 | USE_TOOLS+= perl | 28 | USE_TOOLS+= perl | |
28 | 29 | |||
29 | CRYPTO= yes | 30 | CRYPTO= yes | |
30 | 31 | |||
31 | # retain the following line, for IPv6-ready pkgsrc webpage | 32 | # retain the following line, for IPv6-ready pkgsrc webpage | |
32 | BUILD_DEFS+= IPV6_READY | 33 | BUILD_DEFS+= IPV6_READY | |
33 | 34 | |||
34 | PKG_GROUPS_VARS+= OPENSSH_GROUP | 35 | PKG_GROUPS_VARS+= OPENSSH_GROUP | |
35 | PKG_USERS_VARS+= OPENSSH_USER | 36 | PKG_USERS_VARS+= OPENSSH_USER | |
36 | BUILD_DEFS+= OPENSSH_CHROOT | 37 | BUILD_DEFS+= OPENSSH_CHROOT | |
37 | BUILD_DEFS+= VARBASE | 38 | BUILD_DEFS+= VARBASE | |
38 | 39 | |||
39 | INSTALL_TARGET= install-nokeys | 40 | INSTALL_TARGET= install-nokeys | |
@@ -151,22 +152,23 @@ PLIST_SRC+= ${.CURDIR}/PLIST | @@ -151,22 +152,23 @@ PLIST_SRC+= ${.CURDIR}/PLIST | |||
151 | FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR:Q} | 152 | FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR:Q} | |
152 | 153 | |||
153 | SUBST_CLASSES+= patch | 154 | SUBST_CLASSES+= patch | |
154 | SUBST_STAGE.patch= pre-configure | 155 | SUBST_STAGE.patch= pre-configure | |
155 | SUBST_FILES.patch= session.c | 156 | SUBST_FILES.patch= session.c | |
156 | SUBST_SED.patch= -e '/channel_input_port_forward_request/s/0/ROOTUID/' | 157 | SUBST_SED.patch= -e '/channel_input_port_forward_request/s/0/ROOTUID/' | |
157 | SUBST_MESSAGE.patch= More patch a file. | 158 | SUBST_MESSAGE.patch= More patch a file. | |
158 | 159 | |||
159 | .include "../../devel/zlib/buildlink3.mk" | 160 | .include "../../devel/zlib/buildlink3.mk" | |
160 | .include "../../security/openssl/buildlink3.mk" | 161 | .include "../../security/openssl/buildlink3.mk" | |
161 | .include "../../security/tcp_wrappers/buildlink3.mk" | 162 | .include "../../security/tcp_wrappers/buildlink3.mk" | |
162 | 163 | |||
163 | post-install: | 164 | post-install: | |
164 | ${INSTALL_DATA_DIR} ${EGDIR} | 165 | ${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR} | |
165 | cd ${WRKSRC}; for file in ${CONFS}; do \ | 166 | cd ${WRKSRC}; for file in ${CONFS}; do \ | |
166 | ${INSTALL_DATA} $${file}.out ${EGDIR}/$${file}; \ | 167 | ${INSTALL_DATA} $${file}.out ${DESTDIR}${EGDIR}/$${file}; \ | |
167 | done | 168 | done | |
168 | .if !empty(PKG_OPTIONS:Mpam) && ${OPSYS} == "Linux" | 169 | .if !empty(PKG_OPTIONS:Mpam) && ${OPSYS} == "Linux" | |
169 | ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.generic ${EGDIR}/sshd.pam | 170 | ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.generic \ | |
171 | ${DESTDIR}${EGDIR}/sshd.pam | |||
170 | .endif | 172 | .endif | |
171 | 173 | |||
172 | .include "../../mk/bsd.pkg.mk" | 174 | .include "../../mk/bsd.pkg.mk" |
@@ -1,31 +1,31 @@ | @@ -1,31 +1,31 @@ | |||
1 | $NetBSD: distinfo,v 1.68 2008/04/08 06:36:47 taca Exp $ | 1 | $NetBSD: distinfo,v 1.69 2008/04/27 00:34:27 tnn Exp $ | |
2 | 2 | |||
3 | SHA1 (openssh-4.7.1-20070919/openssh-4.7p1-hpn12v18.diff.gz) = 8ab61d12b5bcf70d0ffe9cb1d157136d20ebb22c | 3 | SHA1 (openssh-5.0.1-20080427/openssh-5.0p1-hpn13v3.diff.gz) = 688265249dfaa449283ddfae2f81a9b6e3507f86 | |
4 | RMD160 (openssh-4.7.1-20070919/openssh-4.7p1-hpn12v18.diff.gz) = 7b35eb1a3f6f3b703ac7f155f620bff63a900a0e | 4 | RMD160 (openssh-5.0.1-20080427/openssh-5.0p1-hpn13v3.diff.gz) = d4baca41f6212036b513173835de6e1081d49ac8 | |
5 | Size (openssh-4.7.1-20070919/openssh-4.7p1-hpn12v18.diff.gz) = 16094 bytes | 5 | Size (openssh-5.0.1-20080427/openssh-5.0p1-hpn13v3.diff.gz) = 24060 bytes | |
6 | SHA1 (openssh-4.7.1-20070919/openssh-4.7p1.tar.gz) = 58357db9e64ba6382bef3d73d1d386fcdc0508f4 | 6 | SHA1 (openssh-5.0.1-20080427/openssh-5.0p1.tar.gz) = 121cea3a730c0b0353334b6f46f438de30ab4928 | |
7 | RMD160 (openssh-4.7.1-20070919/openssh-4.7p1.tar.gz) = b828e79d3d1a931cb77651ec7d7276cf3ba22d90 | 7 | RMD160 (openssh-5.0.1-20080427/openssh-5.0p1.tar.gz) = b813234014e339fe2d9d10a5adad9f8e065918fc | |
8 | Size (openssh-4.7.1-20070919/openssh-4.7p1.tar.gz) = 991119 bytes | 8 | Size (openssh-5.0.1-20080427/openssh-5.0p1.tar.gz) = 1011556 bytes | |
9 | SHA1 (patch-aa) = 8b7a16e9a63cfff3b73d70b9cebb6627b96396e0 | 9 | SHA1 (patch-aa) = 8b7a16e9a63cfff3b73d70b9cebb6627b96396e0 | |
10 | SHA1 (patch-ab) = a105c238c8dc774ed6992791b131da56824869e9 | 10 | SHA1 (patch-ab) = a105c238c8dc774ed6992791b131da56824869e9 | |
11 | SHA1 (patch-ac) = dfb054ef02fbb5d206f6adaf82944f16da20eaf9 | 11 | SHA1 (patch-ac) = dfb054ef02fbb5d206f6adaf82944f16da20eaf9 | |
12 | SHA1 (patch-ad) = 7921e029b56c0e4769a7ada03dff3eb2e275db7d | 12 | SHA1 (patch-ad) = 7921e029b56c0e4769a7ada03dff3eb2e275db7d | |
13 | SHA1 (patch-ae) = 9585221f9e49b4ebea31c374066d70e11aa804a1 | 13 | SHA1 (patch-ae) = 9585221f9e49b4ebea31c374066d70e11aa804a1 | |
14 | SHA1 (patch-af) = ca3224af0b648803404776a8c12ed678db4f8ff6 | 14 | SHA1 (patch-af) = ca3224af0b648803404776a8c12ed678db4f8ff6 | |
15 | SHA1 (patch-ag) = b6f92a5394a3442fcc0c2a2ee204c10df5a4aea5 | 15 | SHA1 (patch-ag) = b6f92a5394a3442fcc0c2a2ee204c10df5a4aea5 | |
16 | SHA1 (patch-ah) = bc0d7c2903ecf264e62b53f3864812af5f2f04ce | 16 | SHA1 (patch-ah) = bc0d7c2903ecf264e62b53f3864812af5f2f04ce | |
17 | SHA1 (patch-ai) = becad6262e5daeef2a6db14097a8971c40088403 | 17 | SHA1 (patch-ai) = becad6262e5daeef2a6db14097a8971c40088403 | |
18 | SHA1 (patch-aj) = 4f477f40d1d891dcda9083cec5521e80410ebd54 | 18 | SHA1 (patch-aj) = 4f477f40d1d891dcda9083cec5521e80410ebd54 | |
19 | SHA1 (patch-ak) = 3720afb4e95356d5310762cda881820d524dcffc | 19 | SHA1 (patch-ak) = 3720afb4e95356d5310762cda881820d524dcffc | |
20 | SHA1 (patch-al) = d312a068047a375e52180026554bab745efdcdb7 | 20 | SHA1 (patch-al) = d312a068047a375e52180026554bab745efdcdb7 | |
21 | SHA1 (patch-am) = 4e2278b20e87e530e1819efde976d4414e160e38 | 21 | SHA1 (patch-am) = 4e2278b20e87e530e1819efde976d4414e160e38 | |
22 | SHA1 (patch-an) = 2f955b8891bedd79986490d282eb09acd4910250 | 22 | SHA1 (patch-an) = 2f955b8891bedd79986490d282eb09acd4910250 | |
23 | SHA1 (patch-ao) = f2188b57baff4c88a793eee37dad69ffc523f7e5 | 23 | SHA1 (patch-ao) = a7c5a1832cb2a4584c77577fb125f84a1e9a9deb | |
24 | SHA1 (patch-ap) = 2c0c092637661328046b71292a7412d09e92bb2a | 24 | SHA1 (patch-ap) = 3029b847ce83305e8103276e27c75e0338e1fc08 | |
25 | SHA1 (patch-aq) = a619b57361b04d5ab3d41375c18f7b99d71c8b34 | 25 | SHA1 (patch-aq) = a619b57361b04d5ab3d41375c18f7b99d71c8b34 | |
26 | SHA1 (patch-ar) = fce4dc1011a124f02b8e14980cda1d633b36aa7d | 26 | SHA1 (patch-ar) = fce4dc1011a124f02b8e14980cda1d633b36aa7d | |
27 | SHA1 (patch-as) = 19660f5983931ea3b053e6f4289cf6fae2ce50f3 | 27 | SHA1 (patch-as) = 19660f5983931ea3b053e6f4289cf6fae2ce50f3 | |
28 | SHA1 (patch-au) = 6cfdfc531e2267017a15e66ea48c7ecfa2a3926f | 28 | SHA1 (patch-au) = 6cfdfc531e2267017a15e66ea48c7ecfa2a3926f | |
29 | SHA1 (patch-av) = 00f54c3fae7318b278b16bd0b01881a90bd31365 | 29 | SHA1 (patch-av) = 00f54c3fae7318b278b16bd0b01881a90bd31365 | |
30 | SHA1 (patch-aw) = 2a88b7563c6f52163c6c5f716e437ecaea613a30 | 30 | SHA1 (patch-aw) = 2a88b7563c6f52163c6c5f716e437ecaea613a30 | |
31 | SHA1 (patch-ax) = 1ddf59636b6f3b544850f787ca63287fd93cae88 | 31 | SHA1 (patch-ax) = 8b876f4ba5b020dbd41f1166fc0b169444874d5a |
@@ -1,33 +1,33 @@ | @@ -1,33 +1,33 @@ | |||
1 | # $NetBSD: options.mk,v 1.14 2007/09/07 10:41:12 taca Exp $ | 1 | # $NetBSD: options.mk,v 1.15 2008/04/27 00:34:27 tnn Exp $ | |
2 | 2 | |||
3 | .include "../../mk/bsd.prefs.mk" | 3 | .include "../../mk/bsd.prefs.mk" | |
4 | 4 | |||
5 | PKG_OPTIONS_VAR= PKG_OPTIONS.openssh | 5 | PKG_OPTIONS_VAR= PKG_OPTIONS.openssh | |
6 | PKG_SUPPORTED_OPTIONS= kerberos hpn-patch | 6 | PKG_SUPPORTED_OPTIONS= kerberos hpn-patch | |
7 | 7 | |||
8 | .if !empty(OPSYS:MLinux) | 8 | .if !empty(OPSYS:MLinux) | |
9 | PKG_SUPPORTED_OPTIONS+= pam | 9 | PKG_SUPPORTED_OPTIONS+= pam | |
10 | .endif | 10 | .endif | |
11 | 11 | |||
12 | .include "../../mk/bsd.options.mk" | 12 | .include "../../mk/bsd.options.mk" | |
13 | 13 | |||
14 | .if !empty(PKG_OPTIONS:Mkerberos) | 14 | .if !empty(PKG_OPTIONS:Mkerberos) | |
15 | . include "../../mk/krb5.buildlink3.mk" | 15 | . include "../../mk/krb5.buildlink3.mk" | |
16 | CONFIGURE_ARGS+= --with-kerberos5=${KRB5BASE:Q} | 16 | CONFIGURE_ARGS+= --with-kerberos5=${KRB5BASE:Q} | |
17 | .endif | 17 | .endif | |
18 | 18 | |||
19 | .if !empty(PKG_OPTIONS:Mhpn-patch) | 19 | .if !empty(PKG_OPTIONS:Mhpn-patch) | |
20 | PATCHFILES= openssh-4.7p1-hpn12v18.diff.gz | 20 | PATCHFILES= openssh-5.0p1-hpn13v3.diff.gz | |
21 | PATCH_SITES= http://www.psc.edu/networking/projects/hpn-ssh/ | 21 | PATCH_SITES= http://www.psc.edu/networking/projects/hpn-ssh/ | |
22 | PATCH_DIST_STRIP= -p1 | 22 | PATCH_DIST_STRIP= -p1 | |
23 | .endif | 23 | .endif | |
24 | 24 | |||
25 | .if !empty(PKG_OPTIONS:Mpam) | 25 | .if !empty(PKG_OPTIONS:Mpam) | |
26 | # XXX: PAM authentication causes memory faults, and haven't tracked down | 26 | # XXX: PAM authentication causes memory faults, and haven't tracked down | |
27 | # XXX: why yet. For the moment, disable PAM authentication for non-Linux. | 27 | # XXX: why yet. For the moment, disable PAM authentication for non-Linux. | |
28 | .include "../../mk/pam.buildlink3.mk" | 28 | .include "../../mk/pam.buildlink3.mk" | |
29 | CONFIGURE_ARGS+= --with-pam | 29 | CONFIGURE_ARGS+= --with-pam | |
30 | PLIST_SRC+= ${.CURDIR}/PLIST.pam | 30 | PLIST_SRC+= ${.CURDIR}/PLIST.pam | |
31 | MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam | 31 | MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam | |
32 | MESSAGE_SUBST+= EGDIR=${EGDIR} | 32 | MESSAGE_SUBST+= EGDIR=${EGDIR} | |
33 | .endif | 33 | .endif |
@@ -1,92 +1,80 @@ | @@ -1,92 +1,80 @@ | |||
1 | $NetBSD: patch-ao,v 1.11 2008/04/08 06:36:47 taca Exp $ | 1 | $NetBSD: patch-ao,v 1.12 2008/04/27 00:34:27 tnn Exp $ | |
2 | 2 | |||
3 | One more replacing 0 with ROOTUID is handled by using SUBST framework | 3 | One more replacing 0 with ROOTUID is handled by using SUBST framework | |
4 | because patch can't handle it when hpn-patch option is enabled. | 4 | because patch can't handle it when hpn-patch option is enabled. | |
5 | So, don't simply update this file with mkpatch command. | 5 | So, don't simply update this file with mkpatch command. | |
6 | 6 | |||
7 | --- session.c.orig 2007-08-16 13:28:04.000000000 +0000 | 7 | --- session.c.orig 2008-03-27 01:03:05.000000000 +0100 | |
8 | +++ session.c | 8 | +++ session.c | |
9 | @@ -954,7 +954,7 @@ read_etc_default_login(char ***env, u_in | 9 | @@ -955,7 +955,7 @@ read_etc_default_login(char ***env, u_in | |
10 | if (tmpenv == NULL) | 10 | if (tmpenv == NULL) | |
11 | return; | 11 | return; | |
12 | 12 | |||
13 | - if (uid == 0) | 13 | - if (uid == 0) | |
14 | + if (uid == ROOTUID) | 14 | + if (uid == ROOTUID) | |
15 | var = child_get_env(tmpenv, "SUPATH"); | 15 | var = child_get_env(tmpenv, "SUPATH"); | |
16 | else | 16 | else | |
17 | var = child_get_env(tmpenv, "PATH"); | 17 | var = child_get_env(tmpenv, "PATH"); | |
18 | @@ -1063,7 +1063,7 @@ do_setup_env(Session *s, const char *she | 18 | @@ -1064,7 +1064,7 @@ do_setup_env(Session *s, const char *she | |
19 | # endif /* HAVE_ETC_DEFAULT_LOGIN */ | 19 | # endif /* HAVE_ETC_DEFAULT_LOGIN */ | |
20 | if (path == NULL || *path == '\0') { | 20 | if (path == NULL || *path == '\0') { | |
21 | child_set_env(&env, &envsize, "PATH", | 21 | child_set_env(&env, &envsize, "PATH", | |
22 | - s->pw->pw_uid == 0 ? | 22 | - s->pw->pw_uid == 0 ? | |
23 | + s->pw->pw_uid == ROOTUID ? | 23 | + s->pw->pw_uid == ROOTUID ? | |
24 | SUPERUSER_PATH : _PATH_STDPATH); | 24 | SUPERUSER_PATH : _PATH_STDPATH); | |
25 | } | 25 | } | |
26 | # endif /* HAVE_CYGWIN */ | 26 | # endif /* HAVE_CYGWIN */ | |
27 | @@ -1177,6 +1177,18 @@ do_setup_env(Session *s, const char *she | 27 | @@ -1178,6 +1178,18 @@ do_setup_env(Session *s, const char *she | |
28 | strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); | 28 | strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); | |
29 | read_environment_file(&env, &envsize, buf); | 29 | read_environment_file(&env, &envsize, buf); | |
30 | } | 30 | } | |
31 | + | 31 | + | |
32 | +#ifdef HAVE_INTERIX | 32 | +#ifdef HAVE_INTERIX | |
33 | + { | 33 | + { | |
34 | + /* copy standard Windows environment, then apply changes */ | 34 | + /* copy standard Windows environment, then apply changes */ | |
35 | + env_t *winenv = env_login(pw); | 35 | + env_t *winenv = env_login(pw); | |
36 | + env_putarray(winenv, env, ENV_OVERRIDE); | 36 | + env_putarray(winenv, env, ENV_OVERRIDE); | |
37 | + | 37 | + | |
38 | + /* swap over to altered environment as a traditional array */ | 38 | + /* swap over to altered environment as a traditional array */ | |
39 | + env = env_array(winenv); | 39 | + env = env_array(winenv); | |
40 | + } | 40 | + } | |
41 | +#endif | 41 | +#endif | |
42 | + | 42 | + | |
43 | if (debug_flag) { | 43 | if (debug_flag) { | |
44 | /* dump the environment */ | 44 | /* dump the environment */ | |
45 | fprintf(stderr, "Environment:\n"); | 45 | fprintf(stderr, "Environment:\n"); | |
46 | @@ -1201,8 +1213,9 @@ do_rc_files(Session *s, const char *shel | 46 | @@ -1351,9 +1363,9 @@ do_setusercontext(struct passwd *pw) | |
47 | do_xauth = | 47 | (void)ssh_selinux_enabled(); | |
48 | s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL; | 48 | #endif | |
49 | 49 | |||
50 | - /* ignore _PATH_SSH_USER_RC for subsystems */ | |||
51 | - if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { | |||
52 | + /* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */ | |||
53 | + if (!s->is_subsystem && options.adm_forced_command == NULL && | |||
54 | + (stat(_PATH_SSH_USER_RC, &st) >= 0)) { | |||
55 | snprintf(cmd, sizeof cmd, "%s -c '%s %s'", | |||
56 | shell, _PATH_BSHELL, _PATH_SSH_USER_RC); | |||
57 | if (debug_flag) | |||
58 | @@ -1287,9 +1300,9 @@ do_nologin(struct passwd *pw) | |||
59 | void | |||
60 | do_setusercontext(struct passwd *pw) | |||
61 | { | |||
62 | -#ifndef HAVE_CYGWIN | 50 | -#ifndef HAVE_CYGWIN | |
63 | +#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX) | 51 | +#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX) | |
64 | if (getuid() == 0 || geteuid() == 0) | 52 | if (getuid() == 0 || geteuid() == 0) | |
65 | -#endif /* HAVE_CYGWIN */ | 53 | -#endif /* HAVE_CYGWIN */ | |
66 | +#endif /* !HAVE_CYGWIN && !HAVE_INTERIX */ | 54 | +#endif /* !HAVE_CYGWIN && !HAVE_INTERIX */ | |
67 | { | 55 | { | |
68 | 56 | |||
69 | #ifdef HAVE_SETPCRED | 57 | #ifdef HAVE_SETPCRED | |
70 | @@ -1331,11 +1344,13 @@ do_setusercontext(struct passwd *pw) | 58 | @@ -1387,11 +1399,13 @@ do_setusercontext(struct passwd *pw) | |
71 | perror("setgid"); | 59 | perror("setgid"); | |
72 | exit(1); | 60 | exit(1); | |
73 | } | 61 | } | |
74 | +# if !defined(HAVE_INTERIX) | 62 | +# if !defined(HAVE_INTERIX) | |
75 | /* Initialize the group list. */ | 63 | /* Initialize the group list. */ | |
76 | if (initgroups(pw->pw_name, pw->pw_gid) < 0) { | 64 | if (initgroups(pw->pw_name, pw->pw_gid) < 0) { | |
77 | perror("initgroups"); | 65 | perror("initgroups"); | |
78 | exit(1); | 66 | exit(1); | |
79 | } | 67 | } | |
80 | +# endif /* !HAVE_INTERIX */ | 68 | +# endif /* !HAVE_INTERIX */ | |
81 | endgrent(); | 69 | endgrent(); | |
82 | #ifdef GSSAPI | 70 | # ifdef USE_PAM | |
83 | if (options.gss_authentication) { | 71 | /* | |
84 | @@ -2086,7 +2101,7 @@ session_pty_cleanup2(Session *s) | 72 | @@ -2175,7 +2189,7 @@ session_pty_cleanup2(Session *s) | |
85 | record_logout(s->pid, s->tty, s->pw->pw_name); | 73 | record_logout(s->pid, s->tty, s->pw->pw_name); | |
86 | 74 | |||
87 | /* Release the pseudo-tty. */ | 75 | /* Release the pseudo-tty. */ | |
88 | - if (getuid() == 0) | 76 | - if (getuid() == 0) | |
89 | + if (getuid() == ROOTUID) | 77 | + if (getuid() == ROOTUID) | |
90 | pty_release(s->tty); | 78 | pty_release(s->tty); | |
91 | 79 | |||
92 | /* | 80 | /* |
@@ -1,13 +1,13 @@ | @@ -1,13 +1,13 @@ | |||
1 | $NetBSD: patch-ap,v 1.8 2006/10/31 03:31:20 taca Exp $ | 1 | $NetBSD: patch-ap,v 1.9 2008/04/27 00:34:27 tnn Exp $ | |
2 | 2 | |||
3 | --- ssh.c.orig 2006-10-29 12:02:30.000000000 +0900 | 3 | --- ssh.c.orig 2008-02-28 09:13:52.000000000 +0100 | |
4 | +++ ssh.c | 4 | +++ ssh.c | |
5 | @@ -684,7 +684,7 @@ main(int ac, char **av) | 5 | @@ -693,7 +693,7 @@ main(int ac, char **av) | |
6 | /* Open a connection to the remote host. */ | |||
7 | if (ssh_connect(host, &hostaddr, options.port, | 6 | if (ssh_connect(host, &hostaddr, options.port, | |
8 | options.address_family, options.connection_attempts, | 7 | options.address_family, options.connection_attempts, &timeout_ms, | |
8 | options.tcp_keep_alive, | |||
9 | -#ifdef HAVE_CYGWIN | 9 | -#ifdef HAVE_CYGWIN | |
10 | +#if defined(HAVE_CYGWIN) || defined(HAVE_INTERIX) | 10 | +#if defined(HAVE_CYGWIN) || defined(HAVE_INTERIX) | |
11 | options.use_privileged_port, | 11 | options.use_privileged_port, | |
12 | #else | 12 | #else | |
13 | original_effective_uid == 0 && options.use_privileged_port, | 13 | original_effective_uid == 0 && options.use_privileged_port, |
@@ -1,18 +1,10 @@ | @@ -1,18 +1,10 @@ | |||
1 | $NetBSD: patch-ax,v 1.5 2008/04/03 07:59:08 tonnerre Exp $ | 1 | $NetBSD: patch-ax,v 1.6 2008/04/27 00:34:27 tnn Exp $ | |
2 | 2 | |||
3 | Don't deadlock on exit with multiple X forwarded channels. | 3 | --- sftp.h.orig 2008-02-10 12:40:12.000000000 +0100 | |
4 | Don't use X11 port which can't be bound on all IP families. | 4 | +++ sftp.h | |
5 | Fixes CVE-2008-1483. | 5 | @@ -94,4 +94,4 @@ | |
6 | 6 | struct passwd; | ||
7 | --- channels.c.orig 2007-06-25 09:04:47.000000000 +0000 | |||
8 | +++ channels.c | |||
9 | @@ -2905,9 +2905,6 @@ x11_create_display_inet(int x11_display_ | |||
10 | debug2("bind port %d: %.100s", port, strerror(errno)); | |||
11 | close(sock); | |||
12 | 7 | |||
13 | - if (ai->ai_next) | 8 | int sftp_server_main(int, char **, struct passwd *); | |
14 | - continue; | 9 | -void sftp_server_cleanup_exit(int) __dead; | |
15 | - | 10 | +void sftp_server_cleanup_exit(int) __attribute__((noreturn)); | |
16 | for (n = 0; n < num_socks; n++) { | |||
17 | close(socks[n]); | |||
18 | } |