OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 20-Feb-2006 14:38:30
Branch: OPENPKG_2_5_SOLID Handle: 2006022013383000
Modified files: (Branch: OPENPKG_2_5_SOLID)
openpkg-src/openssh openssh.patch openssh.spec
Log:
fix security patch: use snprintf(3) because vasprintf(3) is not
portable enough and a replacement code exists in OpenSSH 4.3p1 and
higher only
Summary:
Revision Changes Path
1.14.2.2 +8 -34 openpkg-src/openssh/openssh.patch
1.153.2.4 +1 -1 openpkg-src/openssh/openssh.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch
============================================================================
$ cvs diff -u -r1.14.2.1 -r1.14.2.2 openssh.patch
--- openpkg-src/openssh/openssh.patch 18 Feb 2006 12:09:03 -0000 1.14.2.1
+++ openpkg-src/openssh/openssh.patch 20 Feb 2006 13:38:30 -0000 1.14.2.2
@@ -38,31 +38,8 @@
Index: misc.c
--- misc.c.orig 2005-07-14 09:05:02 +0200
-+++ misc.c 2006-02-18 12:51:11 +0100
-@@ -356,12 +356,15 @@
- addargs(arglist *args, char *fmt, ...)
- {
- va_list ap;
-- char buf[1024];
-+ char *cp;
- u_int nalloc;
-+ int r;
-
- va_start(ap, fmt);
-- vsnprintf(buf, sizeof(buf), fmt, ap);
-+ r = vasprintf(&cp, fmt, ap);
- va_end(ap);
-+ if (r == -1)
-+ fatal("addargs: argument too long");
-
- nalloc = args->nalloc;
- if (args->list == NULL) {
-@@ -372,10 +375,44 @@
-
- args->list = xrealloc(args->list, nalloc * sizeof(char *));
- args->nalloc = nalloc;
-- args->list[args->num++] = xstrdup(buf);
-+ args->list[args->num++] = cp;
++++ misc.c 2006-02-20 14:28:44 +0100
+@@ -376,6 +376,37 @@
args->list[args->num] = NULL;
}
@@ -70,20 +47,17 @@
+replacearg(arglist *args, u_int which, char *fmt, ...)
+{
+ va_list ap;
-+ char *cp;
-+ int r;
++ char buf[1024];
+
+ va_start(ap, fmt);
-+ r = vasprintf(&cp, fmt, ap);
++ vsnprintf(buf, sizeof(buf), fmt, ap);
+ va_end(ap);
-+ if (r == -1)
-+ fatal("replacearg: argument too long");
+
+ if (which >= args->num)
+ fatal("replacearg: tried to replace invalid arg %d >= %d",
+ which, args->num);
+ xfree(args->list[which]);
-+ args->list[which] = cp;
++ args->list[which] = xstrdup(buf);
+}
+
+void
@@ -105,7 +79,7 @@
* Warning: this calls getpw*.
Index: misc.h
--- misc.h.orig 2005-07-14 09:07:21 +0200
-+++ misc.h 2006-02-18 12:51:11 +0100
++++ misc.h 2006-02-20 14:24:07 +0100
@@ -36,7 +36,11 @@
u_int num;
u_int nalloc;
@@ -121,7 +95,7 @@
Index: scp.c
--- scp.c.orig 2005-08-02 09:07:08 +0200
-+++ scp.c 2006-02-18 12:53:25 +0100
++++ scp.c 2006-02-20 14:24:07 +0100
@@ -118,6 +118,48 @@
exit(1);
}
@@ -330,7 +304,7 @@
*src++ = 0;
Index: sftp.c
--- sftp.c.orig 2005-08-23 00:06:56 +0200
-+++ sftp.c 2006-02-18 12:52:38 +0100
++++ sftp.c 2006-02-20 14:24:07 +0100
@@ -1448,8 +1448,9 @@
extern char *optarg;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.spec
============================================================================
$ cvs diff -u -r1.153.2.3 -r1.153.2.4 openssh.spec
--- openpkg-src/openssh/openssh.spec 18 Feb 2006 12:09:03 -0000
1.153.2.3
+++ openpkg-src/openssh/openssh.spec 20 Feb 2006 13:38:30 -0000
1.153.2.4
@@ -41,7 +41,7 @@
Group: Security
License: BSD
Version: %{V_base}%{V_portable}
-Release: 2.5.2
+Release: 2.5.3
# package options
%option with_fsl yes
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
