[CVS] OpenPKG: OPENPKG_2_3_SOLID: openpkg-src/openssh/ openssh.patch o...

[Ralf S. Engelschall]

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   20-Feb-2006 14:47:37
  Branch: OPENPKG_2_3_SOLID                Handle: 2006022013473700

  Modified files:           (Branch: OPENPKG_2_3_SOLID)
    openpkg-src/openssh     openssh.patch openssh.spec

  Log:
    fix security patch: use vsnprintf(3) because vasprintf(3) is not
    portable enough and a replacement code exists in OpenSSH 4.3p1 and
    higher only

  Summary:
    Revision    Changes     Path
    1.12.2.2    +9  -34     openpkg-src/openssh/openssh.patch
    1.144.2.3   +1  -1      openpkg-src/openssh/openssh.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/openssh/openssh.patch
  ============================================================================
  $ cvs diff -u -r1.12.2.1 -r1.12.2.2 openssh.patch
  --- openpkg-src/openssh/openssh.patch 18 Feb 2006 12:19:50 -0000      1.12.2.1
  +++ openpkg-src/openssh/openssh.patch 20 Feb 2006 13:47:37 -0000      1.12.2.2
  @@ -51,31 +51,9 @@
   
   Index: misc.c
   --- misc.c.orig      2004-08-13 13:18:01 +0200
  -+++ misc.c   2006-02-18 12:59:04 +0100
  -@@ -313,12 +313,15 @@
  - addargs(arglist *args, char *fmt, ...)
  - {
  -     va_list ap;
  --    char buf[1024];
  -+    char *cp;
  -     u_int nalloc;
  -+    int r;
  - 
  -     va_start(ap, fmt);
  --    vsnprintf(buf, sizeof(buf), fmt, ap);
  -+    r = vasprintf(&cp, fmt, ap);
  -     va_end(ap);
  -+    if (r == -1)
  -+            fatal("addargs: argument too long");
  - 
  -     nalloc = args->nalloc;
  -     if (args->list == NULL) {
  -@@ -329,6 +332,41 @@
  - 
  -     args->list = xrealloc(args->list, nalloc * sizeof(char *));
  -     args->nalloc = nalloc;
  --    args->list[args->num++] = xstrdup(buf);
  -+    args->list[args->num++] = cp;
  ++++ misc.c   2006-02-20 14:32:01 +0100
  +@@ -332,3 +332,35 @@
  +     args->list[args->num++] = xstrdup(buf);
        args->list[args->num] = NULL;
    }
   +
  @@ -83,20 +61,17 @@
   +replacearg(arglist *args, u_int which, char *fmt, ...)
   +{
   +    va_list ap;
  -+    char *cp;
  -+    int r;
  ++    char buf[1024];
   +
   +    va_start(ap, fmt);
  -+    r = vasprintf(&cp, fmt, ap);
  ++    vsnprintf(buf, sizeof(buf), fmt, ap);
   +    va_end(ap);
  -+    if (r == -1)
  -+            fatal("replacearg: argument too long");
   +
   +    if (which >= args->num)
   +            fatal("replacearg: tried to replace invalid arg %d >= %d",
   +                which, args->num);
   +    xfree(args->list[which]);
  -+    args->list[which] = cp;
  ++    args->list[which] = xstrdup(buf);
   +}
   +
   +void
  @@ -115,7 +90,7 @@
   +
   Index: misc.h
   --- misc.h.orig      2004-08-13 13:18:01 +0200
  -+++ misc.h   2006-02-18 12:56:49 +0100
  ++++ misc.h   2006-02-20 14:31:14 +0100
   @@ -32,7 +32,11 @@
        u_int   num;
        u_int   nalloc;
  @@ -131,7 +106,7 @@
    
   Index: scp.c
   --- scp.c.orig       2004-08-13 13:19:38 +0200
  -+++ scp.c    2006-02-18 13:15:34 +0100
  ++++ scp.c    2006-02-20 14:31:14 +0100
   @@ -114,6 +114,48 @@
        _exit(1);
    }
  @@ -339,7 +314,7 @@
                *src++ = 0;
   Index: sftp.c
   --- sftp.c.orig      2004-07-17 08:12:08 +0200
  -+++ sftp.c   2006-02-18 12:56:49 +0100
  ++++ sftp.c   2006-02-20 14:31:14 +0100
   @@ -1374,8 +1374,9 @@
        extern char *optarg;
    
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/openssh/openssh.spec
  ============================================================================
  $ cvs diff -u -r1.144.2.2 -r1.144.2.3 openssh.spec
  --- openpkg-src/openssh/openssh.spec  18 Feb 2006 12:19:50 -0000      
1.144.2.2
  +++ openpkg-src/openssh/openssh.spec  20 Feb 2006 13:47:37 -0000      
1.144.2.3
  @@ -42,7 +42,7 @@
   Group:        Security
   License:      BSD
   Version:      %{V_base}%{V_portable}
  -Release:      2.3.1
  +Release:      2.3.2
   
   #   package options
   %option       with_fsl          yes
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org