[CVS] OpenPKG: OPENPKG_2_4_SOLID: openpkg-src/openssh/ openssh.patch o...

[Ralf S. Engelschall]

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   20-Feb-2006 14:42:42
  Branch: OPENPKG_2_4_SOLID                Handle: 2006022013424200

  Modified files:           (Branch: OPENPKG_2_4_SOLID)
    openpkg-src/openssh     openssh.patch openssh.spec

  Log:
    fix security patch: use vsnprintf(3) because vasprintf(3) is not
    portable enough and a replacement code exists in OpenSSH 4.3p1 and
    higher only

  Summary:
    Revision    Changes     Path
    1.13.2.3    +8  -34     openpkg-src/openssh/openssh.patch
    1.148.2.4   +1  -1      openpkg-src/openssh/openssh.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/openssh/openssh.patch
  ============================================================================
  $ cvs diff -u -r1.13.2.2 -r1.13.2.3 openssh.patch
  --- openpkg-src/openssh/openssh.patch 18 Feb 2006 12:11:27 -0000      1.13.2.2
  +++ openpkg-src/openssh/openssh.patch 20 Feb 2006 13:42:42 -0000      1.13.2.3
  @@ -89,31 +89,8 @@
   
   Index: misc.c
   --- misc.c.orig      2005-03-14 13:08:12 +0100
  -+++ misc.c   2006-02-18 12:56:15 +0100
  -@@ -355,12 +355,15 @@
  - addargs(arglist *args, char *fmt, ...)
  - {
  -     va_list ap;
  --    char buf[1024];
  -+    char *cp;
  -     u_int nalloc;
  -+    int r;
  - 
  -     va_start(ap, fmt);
  --    vsnprintf(buf, sizeof(buf), fmt, ap);
  -+    r = vasprintf(&cp, fmt, ap);
  -     va_end(ap);
  -+    if (r == -1)
  -+            fatal("addargs: argument too long");
  - 
  -     nalloc = args->nalloc;
  -     if (args->list == NULL) {
  -@@ -371,10 +374,44 @@
  - 
  -     args->list = xrealloc(args->list, nalloc * sizeof(char *));
  -     args->nalloc = nalloc;
  --    args->list[args->num++] = xstrdup(buf);
  -+    args->list[args->num++] = cp;
  ++++ misc.c   2006-02-20 14:30:38 +0100
  +@@ -375,6 +375,37 @@
        args->list[args->num] = NULL;
    }
    
  @@ -121,20 +98,17 @@
   +replacearg(arglist *args, u_int which, char *fmt, ...)
   +{
   +    va_list ap;
  -+    char *cp;
  -+    int r;
  ++    char buf[1024];
   +
   +    va_start(ap, fmt);
  -+    r = vasprintf(&cp, fmt, ap);
  ++    vsnprintf(buf, sizeof(buf), fmt, ap);
   +    va_end(ap);
  -+    if (r == -1)
  -+            fatal("replacearg: argument too long");
   +
   +    if (which >= args->num)
   +            fatal("replacearg: tried to replace invalid arg %d >= %d",
   +                which, args->num);
   +    xfree(args->list[which]);
  -+    args->list[which] = cp;
  ++    args->list[which] = xstrdup(buf);
   +}
   +
   +void
  @@ -156,7 +130,7 @@
     * lines that exceed the buffer size.  Returns 0 on success, -1 on failure.
   Index: misc.h
   --- misc.h.orig      2005-03-01 11:24:33 +0100
  -+++ misc.h   2006-02-18 12:56:15 +0100
  ++++ misc.h   2006-02-20 14:29:24 +0100
   @@ -33,7 +33,11 @@
        u_int   num;
        u_int   nalloc;
  @@ -172,7 +146,7 @@
    
   Index: scp.c
   --- scp.c.orig       2005-04-03 02:16:40 +0200
  -+++ scp.c    2006-02-18 12:56:15 +0100
  ++++ scp.c    2006-02-20 14:29:24 +0100
   @@ -116,6 +116,48 @@
        _exit(1);
    }
  @@ -381,7 +355,7 @@
                *src++ = 0;
   Index: sftp.c
   --- sftp.c.orig      2005-03-14 13:08:12 +0100
  -+++ sftp.c   2006-02-18 12:56:15 +0100
  ++++ sftp.c   2006-02-20 14:29:24 +0100
   @@ -1433,8 +1433,9 @@
        extern char *optarg;
    
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/openssh/openssh.spec
  ============================================================================
  $ cvs diff -u -r1.148.2.3 -r1.148.2.4 openssh.spec
  --- openpkg-src/openssh/openssh.spec  18 Feb 2006 12:11:27 -0000      
1.148.2.3
  +++ openpkg-src/openssh/openssh.spec  20 Feb 2006 13:42:42 -0000      
1.148.2.4
  @@ -43,7 +43,7 @@
   Group:        Security
   License:      BSD
   Version:      %{V_base}%{V_portable}
  -Release:      2.4.2
  +Release:      2.4.3
   
   #   package options
   %option       with_fsl          yes
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org