diff options
| author |   Lars Wendler <polynomial-c@gentoo.org> | 2016-06-11 14:29:14 +0200 |
|---|---|---|
| committer | Lars Wendler <polynomial-c@gentoo.org> | 2016-06-11 14:29:30 +0200 |
| commit | 0a6f7c3566cca467497f37ff9ea82c4767f14a2b (patch) | |
| tree | 3f8b8ac11c36ced3e9ea8676449f365571a5e095 /net-misc/openssh/files | |
| parent | kde-base/systemsettings: amd64 stable wrt bug #584214 (diff) | |
| download | gentoo-0a6f7c3566cca467497f37ff9ea82c4767f14a2b.tar.gz gentoo-0a6f7c3566cca467497f37ff9ea82c4767f14a2b.tar.bz2 gentoo-0a6f7c3566cca467497f37ff9ea82c4767f14a2b.zip | |
net-misc/openssh: Security cleanup (bug #571892).
Kept latest ebuild with hpn USE flag as it's ~arch anyway and gets superseded
by the latest "secure" version anyway.
Package-Manager: portage-2.2.28
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Diffstat (limited to 'net-misc/openssh/files')
3 files changed, 0 insertions, 108 deletions
diff --git a/net-misc/openssh/files/openssh-6.3_p1-x509-hpn14v2-glue.patch b/net-misc/openssh/files/openssh-6.3_p1-x509-hpn14v2-glue.patch deleted file mode 100644 index c3647d5aa232..000000000000 --- a/net-misc/openssh/files/openssh-6.3_p1-x509-hpn14v2-glue.patch +++ /dev/null @@ -1,51 +0,0 @@ ---- openssh-6.3p1/Makefile.in -+++ openssh-6.3p1/Makefile.in -@@ -45,7 +45,7 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - K5LIBS=@K5LIBS@ - GSSLIBS=@GSSLIBS@ -@@ -53,6 +53,7 @@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS+=@LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ ---- openssh-6.3p1/sshconnect.c -+++ openssh-6.3p1/sshconnect.c -@@ -465,7 +465,7 @@ - { - /* Send our own protocol version identification. */ - if (compat20) { -- xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX\r\n", -+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", - PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); - } else { - xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", ---- openssh-6.3p1/sshd.c -+++ openssh-6.3p1/sshd.c -@@ -472,8 +472,8 @@ - comment = ""; - } - -- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s", -- major, minor, SSH_VERSION, comment, -+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", -+ major, minor, SSH_VERSION, - *options.version_addendum == '\0' ? "" : " ", - options.version_addendum, newline); - ---- openssh-6.3p1/version.h -+++ openssh-6.3p1/version.h -@@ -3,4 +3,5 @@ - #define SSH_VERSION "OpenSSH_6.3" - - #define SSH_PORTABLE "p1" -+#define SSH_X509 " PKIX" - #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch b/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch deleted file mode 100644 index 9ce2967af425..000000000000 --- a/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -ur openssh-6.9p1.orig/sshconnect2.c openssh-6.9p1/sshconnect2.c ---- openssh-6.9p1.orig/sshconnect2.c 2015-07-01 14:56:26.766316866 -0700 -+++ openssh-6.9p1/sshconnect2.c 2015-07-01 14:59:22.828692366 -0700 -@@ -1404,7 +1404,7 @@ - static int - get_allowed_keytype(Key *k) { - char *pattern; -- char *alg; -+ const char *alg; - - if (k->type == KEY_RSA1 || k->type == KEY_UNSPEC) - return KEY_UNSPEC; -diff -ur openssh-6.9p1.orig/x509_nm_cmp.c openssh-6.9p1/x509_nm_cmp.c ---- openssh-6.9p1.orig/x509_nm_cmp.c 2015-07-01 14:56:26.129311890 -0700 -+++ openssh-6.9p1/x509_nm_cmp.c 2015-07-01 14:59:14.086624068 -0700 -@@ -133,7 +133,7 @@ - tag = M_ASN1_STRING_type(in); - if (tag != V_ASN1_UTF8STRING) { - /*OpenSSL method surprisingly require non-const(!?) ASN1_STRING!*/ -- return(ASN1_STRING_to_UTF8(out, in)); -+ return(ASN1_STRING_to_UTF8(out, (ASN1_STRING *) in)); - } - - l = M_ASN1_STRING_length(in); diff --git a/net-misc/openssh/files/openssh-7.1_p1-CVE-2016-0777.patch b/net-misc/openssh/files/openssh-7.1_p1-CVE-2016-0777.patch deleted file mode 100644 index 90125dd8e5f8..000000000000 --- a/net-misc/openssh/files/openssh-7.1_p1-CVE-2016-0777.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- openssh-7.1p1/readconf.c -+++ openssh-7.1p1/readconf.c -@@ -1660,7 +1660,7 @@ - options->tun_remote = -1; - options->local_command = NULL; - options->permit_local_command = -1; -- options->use_roaming = -1; -+ options->use_roaming = 0; - options->visual_host_key = -1; - options->ip_qos_interactive = -1; - options->ip_qos_bulk = -1; -@@ -1833,8 +1833,7 @@ - options->tun_remote = SSH_TUNID_ANY; - if (options->permit_local_command == -1) - options->permit_local_command = 0; -- if (options->use_roaming == -1) -- options->use_roaming = 1; -+ options->use_roaming = 0; - if (options->visual_host_key == -1) - options->visual_host_key = 0; - if (options->ip_qos_interactive == -1) ---- openssh-7.1p1/ssh.c -+++ openssh-7.1p1/ssh.c -@@ -1932,9 +1932,6 @@ - fork_postauth(); - } - -- if (options.use_roaming) -- request_roaming(); -- - return client_loop(tty_flag, tty_flag ? - options.escape_char : SSH_ESCAPECHAR_NONE, id); - } |