Fix CVE-2008-1483 #214985. Fix from upstream for scp/packet problems #212433 by Steven Parkes. Fix from Piotr Stolc for some LPK configs under 64bit systems #210110. Add gsskex patch (for now) #115553.

Package-Manager: portage-2.2_pre5

3 files changed, 91 insertions, 0 deletions

diff --git a/net-misc/openssh/files/openssh-4.7_p1-CVE-2008-1483.patch b/net-misc/openssh/files/openssh-4.7_p1-CVE-2008-1483.patch
new file mode 100644
index 000000000000..8282bf1d2107
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.7_p1-CVE-2008-1483.patch
@@ -0,0 +1,16 @@
+Ripped from Fedora for CVE-2008-1483
+
+http://bugs.gentoo.org/214985
+
+--- openssh-3.9p1/channels.c
++++ openssh-3.9p1/channels.c
+@@ -2653,9 +2653,6 @@
+ 				debug2("bind port %d: %.100s", port, strerror(errno));
+ 				close(sock);
+ 
+-				if (ai->ai_next)
+-					continue;
+-
+ 				for (n = 0; n < num_socks; n++) {
+ 					close(socks[n]);
+ 				}
diff --git a/net-misc/openssh/files/openssh-4.7_p1-lpk-64bit.patch b/net-misc/openssh/files/openssh-4.7_p1-lpk-64bit.patch
new file mode 100644
index 000000000000..836073f40088
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.7_p1-lpk-64bit.patch
@@ -0,0 +1,45 @@
+http://bugs.gentoo.org/210110
+
+--- servconf.c
++++ servconf.c
+@@ -690,6 +690,7 @@
+ {
+ 	char *cp, **charptr, *arg, *p;
+ 	int cmdline = 0, *intptr, value, n;
++	unsigned long lvalue, *longptr;
+ 	ServerOpCodes opcode;
+ 	u_short port;
+ 	u_int i, flags = 0;
+@@ -704,6 +705,7 @@
+ 	if (!arg || !*arg || *arg == '#')
+ 		return 0;
+ 	intptr = NULL;
++	longptr = NULL;
+ 	charptr = NULL;
+ 	opcode = parse_token(arg, filename, linenum, &flags);
+ 
+@@ -1421,11 +1423,20 @@
+ 			*intptr = value;
+ 		break;
+ 	case sBindTimeout:
+-		intptr = (int *) &options->lpk.b_timeout.tv_sec;
+-		goto parse_int;
++		longptr = (unsigned long *) &options->lpk.b_timeout.tv_sec;
++parse_ulong:
++		arg = strdelim(&cp);
++		if (!arg || *arg == '\0')
++			fatal("%s line %d: missing integer value.",
++			    filename, linenum);
++		lvalue = atol(arg);
++		if (*activep && *longptr == -1)
++			*longptr = lvalue;
++		break;
++
+ 	case sSearchTimeout:
+-		intptr = (int *) &options->lpk.s_timeout.tv_sec;
+-		goto parse_int;
++		longptr = (unsigned long *) &options->lpk.s_timeout.tv_sec;
++		goto parse_ulong;
+ 		break;
+ 	case sLdapConf:
+ 		arg = cp;
diff --git a/net-misc/openssh/files/openssh-4.7_p1-packet-size.patch b/net-misc/openssh/files/openssh-4.7_p1-packet-size.patch
new file mode 100644
index 000000000000..85023b4a7208
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.7_p1-packet-size.patch
@@ -0,0 +1,30 @@
+Fix from upstream
+
+http://bugs.gentoo.org/212433
+https://bugzilla.mindrot.org/show_bug.cgi?id=1360
+
+Index: clientloop.c
+===================================================================
+RCS file: /usr/local/src/security/openssh/cvs/openssh/clientloop.c,v
+retrieving revision 1.170
+diff -u -p -r1.170 clientloop.c
+--- clientloop.c	28 Dec 2007 15:45:07 -0000	1.170
++++ clientloop.c	28 Dec 2007 18:14:10 -0000
+@@ -1745,7 +1745,7 @@ client_request_forwarded_tcpip(const cha
+ 	}
+ 	c = channel_new("forwarded-tcpip",
+ 	    SSH_CHANNEL_CONNECTING, sock, sock, -1,
+-	    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
++	    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
+ 	    originator_address, 1);
+ 	xfree(originator_address);
+ 	xfree(listen_address);
+@@ -1803,7 +1803,7 @@ client_request_agent(const char *request
+ 		return NULL;
+ 	c = channel_new("authentication agent connection",
+ 	    SSH_CHANNEL_OPEN, sock, sock, -1,
+-	    CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
++	    CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
+ 	    "authentication agent connection", 1);
+ 	c->force_drain = 1;
+ 	return c;