Date: Mon, 14 Jun 1999 10:28:41 -0600 (MDT) From: handy@lambic.physics.montana.edu To: FreeBSD-gnats-submit@freebsd.org Subject: ports/12207: ssh update Message-ID: <199906141628.KAA35722@lambic.physics.montana.edu>
next in thread | raw e-mail | index | archive | help
>Number: 12207 >Category: ports >Synopsis: ssh update: 1.2.26 --> 1.2.27 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Jun 14 09:30:01 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Brian Handy >Release: FreeBSD 4.0-CURRENT i386 >Organization: MSU - Bozeman >Environment: >Description: Someone asked on the -ports list about the new version of ssh, and the maintainer never replied...or at least I never saw a reply. Here's my cut at the upgrade. Numerous patches were absorbed into this release. >How-To-Repeat: >Fix: diff -urN ssh.orig/Makefile ssh/Makefile --- ssh.orig/Makefile Sun Jun 13 17:11:42 1999 +++ ssh/Makefile Sun Jun 13 17:11:54 1999 @@ -1,5 +1,5 @@ # New ports collection makefile for: ssh -# Version required: 1.2.25 +# Version required: 1.2.27 # Date created: 30 Jul 1995 # Whom: torstenb@FreeBSD.ORG # @@ -9,7 +9,7 @@ # USE_PERL, USE_TCPWRAP # -DISTNAME= ssh-1.2.26 +DISTNAME= ssh-1.2.27 CATEGORIES= security net MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/login/ssh/ diff -urN ssh.orig/files/md5 ssh/files/md5 --- ssh.orig/files/md5 Sun Jun 13 17:11:42 1999 +++ ssh/files/md5 Sun Jun 13 17:14:20 1999 @@ -1,3 +1 @@ -MD5 (ssh-1.2.26.tar.gz) = 2ee46d454015dd01c5e8f074eabf0245 -MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d -MD5 (ssh-1.2.22-patchkit) = 5228897d59be91ad3ae88e992d61cd50 +MD5 (ssh-1.2.27.tar.gz) = c22bc000bee0f7d6f4845eab72a81395 diff -urN ssh.orig/patches/patch-ad ssh/patches/patch-ad --- ssh.orig/patches/patch-ad Sun Jun 13 17:11:42 1999 +++ ssh/patches/patch-ad Sun Jun 13 17:17:21 1999 @@ -1,13 +1,11 @@ -*** auth-passwd.c.bak Tue Jan 20 15:23:48 1998 ---- auth-passwd.c Sat Feb 14 00:49:56 1998 -*************** -*** 815,820 **** ---- 815,822 ---- - encrypted_password = crypt(password, - (correct_passwd[0] && correct_passwd[1]) ? - correct_passwd : "xx"); -+ if (!password[0] && correct_passwd[0]) -+ encrypted_password = ":"; - #endif /* HAVE_SCO_ETC_SHADOW */ - #endif /* HAVE_OSF1_C2_SECURITY */ - +--- auth-passwd.c.orig Wed May 12 05:19:23 1999 ++++ auth-passwd.c Sun Jun 13 17:16:59 1999 +@@ -911,6 +911,8 @@ + encrypted_password = crypt(password, + (correct_passwd[0] && correct_passwd[1]) ? + correct_passwd : "xx"); ++ if (!password[0] && correct_passwd[0]) ++ encrypted_password = ":"; + #endif /* HAVE_SCO_ETC_SHADOW */ + + /* Authentication is accepted if the encrypted passwords are identical. */ diff -urN ssh.orig/patches/patch-af ssh/patches/patch-af --- ssh.orig/patches/patch-af Sun Jun 13 17:11:42 1999 +++ ssh/patches/patch-af Mon Jun 14 10:23:49 1999 @@ -1,108 +1,114 @@ -*** sshd.c.WAS Thu Jun 11 23:11:47 1998 ---- sshd.c Thu Jun 11 23:30:30 1998 -*************** -*** 2014,2020 **** - pwcopy.pw_class = xstrdup(pw->pw_class); - pwcopy.pw_change = pw->pw_change; - pwcopy.pw_expire = pw->pw_expire; -! #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ - pwcopy.pw_dir = xstrdup(pw->pw_dir); - pwcopy.pw_shell = xstrdup(pw->pw_shell); - pw = &pwcopy; ---- 2014,2020 ---- - pwcopy.pw_class = xstrdup(pw->pw_class); - pwcopy.pw_change = pw->pw_change; - pwcopy.pw_expire = pw->pw_expire; -! #endif /* (__bsdi__ && _BSDI_VERSION >= 199510) || (__FreeBSD__ && HAVE_LOGIN_CAP_H) */ - pwcopy.pw_dir = xstrdup(pw->pw_dir); - pwcopy.pw_shell = xstrdup(pw->pw_shell); - pw = &pwcopy; -*************** -*** 3045,3054 **** - struct pty_cleanup_context cleanup_context; - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; - #endif -! #if defined (__bsdi__) && _BSDI_VERSION >= 199510 - struct timeval tp; -! #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ +--- sshd.c.orig Wed May 12 05:19:29 1999 ++++ sshd.c Mon Jun 14 10:04:47 1999 +@@ -2222,7 +2222,7 @@ + pwcopy.pw_class = xstrdup(pw->pw_class); + pwcopy.pw_change = pw->pw_change; + pwcopy.pw_expire = pw->pw_expire; +-#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ ++#endif /* __bsdi__ && _BSDI_VERSION >= 199510) || (defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) */ + pwcopy.pw_dir = xstrdup(pw->pw_dir); + pwcopy.pw_shell = xstrdup(pw->pw_shell); + pw = &pwcopy; +@@ -3285,10 +3285,11 @@ + struct pty_cleanup_context cleanup_context; + #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) + login_cap_t *lc; ++ time_t warnpassword, warnexpire; + #endif +-#if defined (__bsdi__) && _BSDI_VERSION >= 199510 ++#if defined(__FreeBSD__) || defined (__bsdi__) && _BSDI_VERSION >= 199510 + struct timeval tp; +-#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ ++#endif /* __FreeBSD__ || __bsdi__ && _BSDI_VERSION >= 199510 */ + + /* We no longer need the child running on user's privileges. */ + userfile_uninit(); +@@ -3446,6 +3447,14 @@ + "The Regents of the University of California. ", + "All rights reserved."); + } ++#ifdef HAVE_LOGIN_CAP_H ++#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ ++ ++ warnpassword = login_getcaptime(lc, "warnpassword", ++ DEFAULT_WARN, DEFAULT_WARN); ++ warnexpire = login_getcaptime(lc, "warnexpire", ++ DEFAULT_WARN, DEFAULT_WARN); ++#endif + #endif + + /* Print /etc/motd unless a command was specified or printing it was +@@ -3469,7 +3478,7 @@ + fputs(line, stdout); + fclose(f); + } +-#if defined (__bsdi__) && _BSDI_VERSION >= 199510 ++#if defined(__FreeBSD__) || defined (__bsdi__) && _BSDI_VERSION >= 199510 + if (pw->pw_change || pw->pw_expire) + (void)gettimeofday(&tp, (struct timezone *)NULL); + if (pw->pw_change) +@@ -3492,7 +3501,7 @@ + days_before_account_expires = (pw->pw_expire - tp.tv_sec) / + 86400; + } +-#endif /* __bsdi__ & _BSDI_VERSION >= 199510 */ ++#endif /* __FreeBSD__ || __bsdi__ & _BSDI_VERSION >= 199510 */ + } + + #if defined (__FreeBSD__) && defined HAVE_LOGIN_CAP_H +@@ -3883,7 +3892,7 @@ + lc = login_getclass(pw->pw_class); + auth_checknologin(lc); + #else /* !HAVE_LOGIN_CAP_H */ +-#if defined (__bsdi__) && _BSDI_VERSION > 199510 ++#if defined(__FreeBSD__) || defined (__bsdi__) && _BSDI_VERSION > 199510 + login_cap_t *lc = 0; + + if ((lc = login_getclass(pw->pw_class)) == NULL) +@@ -3892,7 +3901,7 @@ + pw->pw_class, pw->pw_name); + lc = login_getclass("default") ; + } +-#else /* __bsdi__ && _BSDI_VERSION >= 199510 */ ++#else /* __FreeBSD__ || __bsdi__ && _BSDI_VERSION >= 199510 */ + #if defined (__bsdi__) && _BSDI_VERSION == 199510 + login_cap_t *lc = 0; - #ifdef HAVE_OSF1_C2_SECURITY - { ---- 3045,3055 ---- - struct pty_cleanup_context cleanup_context; - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; -+ time_t warnpassword, warnexpire; - #endif -! #if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510) - struct timeval tp; -! #endif /* __FreeBSD__ || (__bsdi__ && _BSDI_VERSION >= 199510) */ - - #ifdef HAVE_OSF1_C2_SECURITY - { -*************** -*** 3183,3188 **** ---- 3184,3197 ---- - "The Regents of the University of California. ", - "All rights reserved."); - } -+ #ifdef HAVE_LOGIN_CAP_H -+ #define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ -+ -+ warnpassword = login_getcaptime(lc, "warnpassword", -+ DEFAULT_WARN, DEFAULT_WARN); -+ warnexpire = login_getcaptime(lc, "warnexpire", -+ DEFAULT_WARN, DEFAULT_WARN); -+ #endif - #endif - - /* Print /etc/motd unless a command was specified or printing it was -*************** -*** 3206,3212 **** - fputs(line, stdout); - fclose(f); - } -! #if defined (__bsdi__) && _BSDI_VERSION >= 199510 - if (pw->pw_change || pw->pw_expire) - (void)gettimeofday(&tp, (struct timezone *)NULL); - if (pw->pw_change) ---- 3215,3221 ---- - fputs(line, stdout); - fclose(f); - } -! #if defined(__FreeBSD__) || (defined(__bsdi__) && _BSDI_VERSION >= 199510) - if (pw->pw_change || pw->pw_expire) - (void)gettimeofday(&tp, (struct timezone *)NULL); - if (pw->pw_change) -*************** -*** 3575,3581 **** - while (fgets(buf, sizeof(buf), f)) - fputs(buf, stderr); - fclose(f); -! #if defined (__bsdi__) && _BSDI_VERSION >= 199510 - if (pw->pw_uid != UID_ROOT && - !login_getcapbool(lc, "ignorenologin", 0)) - exit(254); ---- 3584,3590 ---- - while (fgets(buf, sizeof(buf), f)) - fputs(buf, stderr); - fclose(f); -! #if (defined(__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)) || (defined (__bsdi__) && _BSDI_VERSION >= 199510) - if (pw->pw_uid != UID_ROOT && - !login_getcapbool(lc, "ignorenologin", 0)) - exit(254); -*************** -*** 4121,4127 **** ---- 4130,4140 ---- - struct stat mailbuf; - - if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0) -+ #ifdef __FreeBSD__ -+ ; -+ #else - printf("No mail.\n"); -+ #endif - else if (mailbuf.st_atime > mailbuf.st_mtime) - printf("You have mail.\n"); - else +@@ -3904,7 +3913,7 @@ + lc = login_getclass(pw) ; + } + #endif /* defined (__bsdi__) && _BSDI_VERSION == 199510 */ +-#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ ++#endif /* __FreeBSD__ || __bsdi__ && _BSDI_VERSION >= 199510 */ + + /* Check /etc/nologin. */ + f = fopen("/etc/nologin", "r"); +@@ -3922,14 +3931,14 @@ + while (fgets(buf, sizeof(buf), f)) + fputs(buf, stderr); + fclose(f); +-#if defined (__bsdi__) && _BSDI_VERSION >= 199510 ++#if (defined(__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)) || defined (__bsdi__) && _BSDI_VERSION >= 199510 + if (pw->pw_uid != UID_ROOT && + !login_getcapbool(lc, "ignorenologin", 0)) + exit(254); + #else + if (pw->pw_uid != UID_ROOT) + exit(254); +-#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ ++#endif /* __FreeBSD__ || __bsdi__ && _BSDI_VERSION >= 199510 */ + #if defined(NOLOGIN_ALLOW) + } + #endif +@@ -4525,7 +4534,11 @@ + struct stat mailbuf; + + if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0) ++#ifdef __FreeBSD__ ++ ; ++#else + printf("No mail.\n"); ++#endif + else if (mailbuf.st_atime > mailbuf.st_mtime) + printf("You have mail.\n"); + else diff -urN ssh.orig/patches/patch-ag ssh/patches/patch-ag --- ssh.orig/patches/patch-ag Sun Jun 13 17:11:42 1999 +++ ssh/patches/patch-ag Mon Jun 14 10:13:32 1999 @@ -1,247 +1,5 @@ ---- sshconnect.c.orig Wed Jul 8 20:40:38 1998 -+++ sshconnect.c Tue Nov 10 15:43:45 1998 -@@ -282,7 +282,7 @@ - - /* Child. Permanently give up superuser privileges. */ - if (setuid(getuid()) < 0) -- fatal("setuid: %s", strerror(errno)); -+ fatal("setuid: %.100s", strerror(errno)); - - /* Redirect stdin and stdout. */ - close(pin[1]); -@@ -944,7 +944,7 @@ - if (!ssh_context) - { - if ((r = krb5_init_context(&ssh_context))) -- fatal("Kerberos V5: %s while initializing krb5.", error_message(r)); -+ fatal("Kerberos V5: %.100s while initializing krb5.", error_message(r)); - krb5_init_ets(ssh_context); - } - -@@ -959,14 +959,14 @@ - "host", KRB5_NT_SRV_HST, - &creds.server))) - { -- debug("Kerberos V5: error while constructing service name: %s.", -+ debug("Kerberos V5: error while constructing service name: %.100s.", - error_message(r)); - goto cleanup; - } - if ((r = krb5_cc_get_principal(ssh_context, ccache, - &creds.client))) - { -- debug("Kerberos V5: failure on principal (%s).", -+ debug("Kerberos V5: failure on principal (%.100s).", - error_message(r)); - goto cleanup; - } -@@ -975,7 +975,7 @@ - if ((r = krb5_get_credentials(ssh_context, 0, - ccache, &creds, &new_creds))) - { -- debug("Kerberos V5: failure on credentials(%s).", -+ debug("Kerberos V5: failure on credentials(%.100s).", - error_message(r)); - goto cleanup; - } -@@ -987,7 +987,7 @@ - { - if ((r = krb5_auth_con_init(ssh_context, &auth_context))) - { -- debug("Kerberos V5: failed to init auth_context (%s)", -+ debug("Kerberos V5: failed to init auth_context (%.100s)", - error_message(r)); - goto cleanup; - } -@@ -998,7 +998,7 @@ - if ((r = krb5_mk_req_extended(ssh_context, &auth_context, ap_opts, - 0, new_creds, &auth))) - { -- debug("Kerberos V5: failed krb5_mk_req_extended (%s)", -+ debug("Kerberos V5: failed krb5_mk_req_extended (%.100s)", - error_message(r)); - goto cleanup; - } -@@ -1046,7 +1046,7 @@ - - if (r = krb5_rd_rep(ssh_context, auth_context, &auth, &repl)) - { -- packet_disconnect("Kerberos V5 Authentication failed: %s", -+ packet_disconnect("Kerberos V5 Authentication failed: %.100s", - error_message(r)); - goto cleanup; - } -@@ -1090,7 +1090,7 @@ - krb5_data outbuf; - krb5_error_code r; - int type; -- char server_name[128]; -+ char server_name[512]; - - remotehost = (char *) get_canonical_hostname(); - memset(&outbuf, 0 , sizeof(outbuf)); -@@ -1100,14 +1100,14 @@ - if (!ssh_context) - { - if ((r = krb5_init_context(&ssh_context))) -- fatal("Kerberos V5: %s while initializing krb5.", error_message(r)); -+ fatal("Kerberos V5: %.100s while initializing krb5.", error_message(r)); - krb5_init_ets(ssh_context); - } - if (!auth_context) - { - if ((r = krb5_auth_con_init(ssh_context, &auth_context))) - { -- debug("Kerberos V5: failed to init auth_context (%s)", -+ debug("Kerberos V5: failed to init auth_context (%.100s)", - error_message(r)); - return 0 ; - } -@@ -1124,7 +1124,7 @@ - if ((r = krb5_cc_get_principal(ssh_context, ccache, - &client))) - { -- debug("Kerberos V5: failure on principal (%s)", -+ debug("Kerberos V5: failure on principal (%.100s)", - error_message(r)); - return 0 ; - } -@@ -1136,7 +1136,7 @@ - principal and point it to clients realm. This way - we pass over a TGT of the clients realm. */ - -- sprintf(server_name,"host/%s@", remotehost); -+ sprintf(server_name,"host/%.100s@", remotehost); - strncat(server_name,client->realm.data,client->realm.length); - krb5_parse_name(ssh_context,server_name, &server); - server->type = KRB5_NT_SRV_HST; -@@ -1145,7 +1145,7 @@ - if ((r = krb5_fwd_tgt_creds(ssh_context, auth_context, 0, client, - server, ccache, 1, &outbuf))) - { -- debug("Kerberos V5 krb5_fwd_tgt_creds failure (%s)", -+ debug("Kerberos V5 krb5_fwd_tgt_creds failure (%.100s)", - error_message(r)); - krb5_free_principal(ssh_context, client); - krb5_free_principal(ssh_context, server); -@@ -1416,7 +1416,7 @@ - error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); - error("It is also possible that the host key has just been changed."); - error("Please contact your system administrator."); -- error("Add correct host key in %s to get rid of this message.", -+ error("Add correct host key in %.100s to get rid of this message.", - options->user_hostfile); - - /* If strict host key checking is in use, the user will have to edit -@@ -1589,7 +1589,7 @@ - if (!ssh_context) - { - if ((problem = krb5_init_context(&ssh_context))) -- fatal("Kerberos V5: %s while initializing krb5.", -+ fatal("Kerberos V5: %.100s while initializing krb5.", - error_message(problem)); - krb5_init_ets(ssh_context); - } -@@ -1605,7 +1605,7 @@ - if ((problem = krb5_cc_get_principal(ssh_context, ccache, - &client))) - { -- debug("Kerberos V5: failure on principal (%s).", -+ debug("Kerberos V5: failure on principal (%.100s).", - error_message(problem)); - } - else { --- auth-kerberos.c.orig Wed Jul 8 20:40:35 1998 +++ auth-kerberos.c Tue Nov 10 15:50:15 1998 -@@ -63,11 +63,11 @@ - krb5_auth_con_free(ssh_context, auth_context); - auth_context = 0; - } -- log_msg("Kerberos ticket authentication of user %s failed: %s", -+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", - server_user, error_message(problem)); - -- debug("Kerberos krb5_auth_con_genaddrs (%s).", error_message(problem)); -- packet_send_debug("Kerberos krb5_auth_con_genaddrs: %s", -+ debug("Kerberos krb5_auth_con_genaddrs (%.100s).", error_message(problem)); -+ packet_send_debug("Kerberos krb5_auth_con_genaddrs: %.100s", - error_message(problem)); - return 0; - } -@@ -80,11 +80,11 @@ - krb5_auth_con_free(ssh_context, auth_context); - auth_context = 0; - } -- log_msg("Kerberos ticket authentication of user %s failed: %s", -+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", - server_user, error_message(problem)); - -- debug("Kerberos V5 rd_req failed (%s).", error_message(problem)); -- packet_send_debug("Kerberos V5 krb5_rd_req: %s", error_message(problem)); -+ debug("Kerberos V5 rd_req failed (%.100s).", error_message(problem)); -+ packet_send_debug("Kerberos V5 krb5_rd_req: %.100s", error_message(problem)); - return 0; - } - -@@ -93,22 +93,22 @@ - if (problem) - { - krb5_free_ticket(ssh_context, ticket); -- log_msg("Kerberos ticket authentication of user %s failed: %s", -+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", - server_user, error_message(problem)); - -- debug("Kerberos krb5_unparse_name failed (%s).", error_message(problem)); -- packet_send_debug("Kerberos krb5_unparse_name: %s", -+ debug("Kerberos krb5_unparse_name failed (%.100s).", error_message(problem)); -+ packet_send_debug("Kerberos krb5_unparse_name: %.100s", - error_message(problem)); - return 0; - } - if (strncmp(server, "host/", strlen("host/"))) - { - krb5_free_ticket(ssh_context, ticket); -- log_msg("Kerberos ticket authentication of user %s failed: invalid service name (%s)", -+ log_msg("Kerberos ticket authentication of user %.100s failed: invalid service name (%.100s)", - server_user, server); - -- debug("Kerberos invalid service name (%s).", server); -- packet_send_debug("Kerberos invalid service name (%s).", server); -+ debug("Kerberos invalid service name (%.100s).", server); -+ packet_send_debug("Kerberos invalid service name (%.100s).", server); - krb5_xfree(server); - return 0; - } -@@ -122,11 +122,11 @@ - - if (problem) - { -- log_msg("Kerberos ticket authentication of user %s failed: %s", -+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", - server_user, error_message(problem)); -- debug("Kerberos krb5_copy_principal failed (%s).", -+ debug("Kerberos krb5_copy_principal failed (%.100s).", - error_message(problem)); -- packet_send_debug("Kerberos krb5_copy_principal: %s", -+ packet_send_debug("Kerberos krb5_copy_principal: %.100s", - error_message(problem)); - return 0; - } -@@ -135,11 +135,11 @@ - /* Make the reply - so that mutual authentication can be done */ - if ((problem = krb5_mk_rep(ssh_context, auth_context, &reply))) - { -- log_msg("Kerberos ticket authentication of user %s failed: %s", -+ log_msg("Kerberos ticket authentication of user %.100s failed: %.100s", - server_user, error_message(problem)); -- debug("Kerberos krb5_mk_rep failed (%s).", -+ debug("Kerberos krb5_mk_rep failed (%.100s).", - error_message(problem)); -- packet_send_debug("Kerberos krb5_mk_rep failed: %s", -+ packet_send_debug("Kerberos krb5_mk_rep failed: %.100s", - error_message(problem)); - return 0; - } @@ -160,7 +160,7 @@ { krb5_creds **creds; @@ -251,36 +9,3 @@ krb5_ccache ccache = NULL; struct passwd *pwd; extern char *ticket; -@@ -208,9 +208,9 @@ - - if (retval = krb5_rd_cred(ssh_context, auth_context, krb5data, &creds, NULL)) - { -- log_msg("Kerberos V5 tgt rejected for user %.100s : %s", server_user, -+ log_msg("Kerberos V5 tgt rejected for user %.100s : %.100s", server_user, - error_message(retval)); -- packet_send_debug("Kerberos V5 tgt rejected for %.100s : %s", -+ packet_send_debug("Kerberos V5 tgt rejected for %.100s : %.100s", - server_user, - error_message(retval)); - packet_start(SSH_SMSG_FAILURE); -@@ -234,7 +234,7 @@ - goto errout; - - ticket = xmalloc(strlen(ccname) + 1); -- (void) sprintf(ticket, "%s", ccname); -+ (void) sprintf(ticket, "%.100s", ccname); - - /* Successful */ - packet_start(SSH_SMSG_SUCCESS); -@@ -244,9 +244,9 @@ - - errout: - krb5_free_tgt_creds(ssh_context, creds); -- log_msg("Kerberos V5 tgt rejected for user %.100s :%s", server_user, -+ log_msg("Kerberos V5 tgt rejected for user %.100s :%.100s", server_user, - error_message(retval)); -- packet_send_debug("Kerberos V5 tgt rejected for %.100s : %s", server_user, -+ packet_send_debug("Kerberos V5 tgt rejected for %.100s : %.100s", server_user, - error_message(retval)); - packet_start(SSH_SMSG_FAILURE); - packet_send(); diff -urN ssh.orig/patches/patch-al ssh/patches/patch-al --- ssh.orig/patches/patch-al Sun Jun 13 17:11:42 1999 +++ ssh/patches/patch-al Mon Jun 14 10:16:29 1999 @@ -1,27 +1,23 @@ -*** sshconnect.c.orig Wed Apr 23 08:40:11 1997 ---- sshconnect.c Fri Apr 25 12:41:59 1997 -*************** -*** 311,316 **** ---- 311,322 ---- - { - struct sockaddr_in sin; - int p; -+ #if (defined(__OpenBSD__) || defined(__FreeBSD__)) && !defined(SOCKS) -+ p = 1023; /* Compat with old FreeBSD */ -+ sock = rresvport(&p); -+ if (sock < 0) -+ fatal("rresvport: %.100s", strerror(errno)); -+ #else - for (p = 1023; p > 512; p--) - { - sock = socket(AF_INET, SOCK_STREAM, 0); -*************** -*** 338,343 **** ---- 344,350 ---- - } - fatal("bind: %.100s", strerror(errno)); - } -+ #endif - debug("Allocated local port %d.", p); - } - else +--- sshconnect.c.orig Wed May 12 05:19:29 1999 ++++ sshconnect.c Mon Jun 14 10:16:01 1999 +@@ -347,6 +347,12 @@ + { + struct sockaddr_in sin; + int p; ++#if (defined(__OpenBSD__) || defined(__FreeBSD__)) && !defined(SOCKS) ++ p = 1023; /* Compat with old FreeBSD */ ++ sock = rresvport(&p); ++ if (sock < 0) ++ fatal("rresvport: %.100s", strerror(errno)); ++#else + for (p = 1023; p > 512; p--) + { + sock = socket(AF_INET, SOCK_STREAM, 0); +@@ -374,6 +380,7 @@ + } + fatal("bind: %.100s", strerror(errno)); + } ++#endif + debug("Allocated local port %d.", p); + } + else diff -urN ssh.orig/patches/patch-ao ssh/patches/patch-ao --- ssh.orig/patches/patch-ao Sun Jun 13 17:11:42 1999 +++ ssh/patches/patch-ao Mon Jun 14 10:19:21 1999 @@ -1,6 +1,6 @@ ---- newchannels.c.orig Wed Jul 8 17:40:36 1998 -+++ newchannels.c Mon May 3 23:45:06 1999 -@@ -271,6 +271,10 @@ +--- newchannels.c.orig Wed May 12 05:19:27 1999 ++++ newchannels.c Mon Jun 14 10:19:04 1999 +@@ -282,6 +282,10 @@ #endif /* NEED_SYS_SYSLOG_H */ #endif /* LIBWRAP */ @@ -11,20 +11,22 @@ /* Directory in which the fake unix-domain X11 displays reside. */ #ifndef X11_DIR #define X11_DIR "/tmp/.X11-unix" -@@ -1874,6 +1878,9 @@ - if (gethostname(hostname, sizeof(hostname)) < 0) +@@ -1891,6 +1895,9 @@ fatal("gethostname: %.100s", strerror(errno)); - sprintf(buf, "%.400s:%d.%d", hostname, display_number, screen_number); + snprintf(buf, sizeof(buf), + "%.400s:%d.%d", hostname, display_number, screen_number); +#ifdef __FreeBSD__ + trimdomain(buf, UT_HOSTSIZE); +#endif #else /* HAVE_GETHOSTNAME */ if (uname(&uts) < 0) - fatal("uname: %s", strerror(errno)); -@@ -2388,6 +2395,10 @@ + fatal("uname: %.100s", strerror(errno)); +@@ -2411,7 +2418,11 @@ + creating unix-domain sockets, you might not be able to use ssh-agent connections on your system */ old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - +- ++ + /* Make sure the socket doesn't already exist, left over from a system + crash perhaps. */ + unlink(channel_forwarded_auth_socket_name); diff -urN ssh.orig/patches/patch-at ssh/patches/patch-at --- ssh.orig/patches/patch-at Sun Jun 13 17:11:42 1999 +++ ssh/patches/patch-at Wed Dec 31 17:00:00 1969 @@ -1,56 +0,0 @@ ---- log-server.c.org Mon Nov 2 00:04:17 1998 -+++ log-server.c Mon Nov 2 00:11:11 1998 -@@ -134,7 +134,7 @@ - if (log_quiet) - return; - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "log: %s\n", buf); -@@ -175,7 +175,7 @@ - if (log_quiet) - return; - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "log: %s\n", buf); -@@ -191,7 +191,7 @@ - if (!log_debug || log_quiet) - return; - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "debug: %s\n", buf); -@@ -207,7 +207,7 @@ - if (log_quiet) - return; - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "error: %s\n", buf); -@@ -302,7 +302,7 @@ - if (log_quiet) - exit(1); - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "fatal: %s\n", buf); -@@ -321,7 +321,7 @@ - if (log_quiet) - exit(1); - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - if (log_on_stderr) - fprintf(stderr, "fatal: %s\n", buf); diff -urN ssh.orig/patches/patch-au ssh/patches/patch-au --- ssh.orig/patches/patch-au Sun Jun 13 17:11:42 1999 +++ ssh/patches/patch-au Wed Dec 31 17:00:00 1969 @@ -1,20 +0,0 @@ ---- packet.c.org Mon Nov 2 00:04:24 1998 -+++ packet.c Mon Nov 2 00:10:45 1998 -@@ -693,7 +693,7 @@ - va_list args; - - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - - packet_start(SSH_MSG_DEBUG); -@@ -719,7 +719,7 @@ - /* Format the message. Note that the caller must make sure the message - is of limited size. */ - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - - /* Send the disconnect message to the other side, and wait for it to get diff -urN ssh.orig/patches/patch-av ssh/patches/patch-av --- ssh.orig/patches/patch-av Sun Jun 13 17:11:42 1999 +++ ssh/patches/patch-av Wed Dec 31 17:00:00 1969 @@ -1,11 +0,0 @@ ---- scp.c.org Mon Nov 2 00:04:33 1998 -+++ scp.c Mon Nov 2 00:08:19 1998 -@@ -332,7 +332,7 @@ - char buf[1024]; - - va_start(ap, fmt); -- vsprintf(buf, fmt, ap); -+ vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); - fprintf(stderr, "%s\n", buf); - exit(255); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906141628.KAA35722>