doc/share/security/patches/SA-06:09/openssh.patch

Index: crypto/openssh/auth-pam.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth-pam.c,v
retrieving revision 1.14
diff -u -r1.14 auth-pam.c
--- crypto/openssh/auth-pam.c	20 Apr 2004 09:46:39 -0000	1.14
+++ crypto/openssh/auth-pam.c	6 Jan 2006 11:29:00 -0000
@@ -94,10 +94,17 @@
 static void 
 sshpam_sigchld_handler(int sig)
 {
+	signal(SIGCHLD, SIG_DFL);
 	if (cleanup_ctxt == NULL)
 		return;	/* handler called after PAM cleanup, shouldn't happen */
-	if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) == -1)
-		return;	/* couldn't wait for process */
+	if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG)
+	     <= 0) {
+		/* PAM thread has not exitted, privsep slave must have */
+		kill(cleanup_ctxt->pam_thread, SIGTERM);
+		if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0)
+		    <= 0)
+			return; /* could not wait */
+	}
 	if (WIFSIGNALED(sshpam_thread_status) &&
 	    WTERMSIG(sshpam_thread_status) == SIGTERM)
 		return;	/* terminated by pthread_cancel */
Index: crypto/openssh/ssh_config
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
retrieving revision 1.25
diff -u -r1.25 ssh_config
--- crypto/openssh/ssh_config	20 Apr 2004 09:37:28 -0000	1.25
+++ crypto/openssh/ssh_config	23 Jan 2006 09:50:35 -0000
@@ -36,4 +36,4 @@
 #   Cipher 3des
 #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
 #   EscapeChar ~
-#   VersionAddendum FreeBSD-20040419
+#   VersionAddendum FreeBSD-20060123
Index: crypto/openssh/ssh_config.5
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/ssh_config.5,v
retrieving revision 1.15
diff -u -r1.15 ssh_config.5
--- crypto/openssh/ssh_config.5	20 Apr 2004 09:46:40 -0000	1.15
+++ crypto/openssh/ssh_config.5	23 Jan 2006 09:50:35 -0000
@@ -719,7 +719,7 @@
 Specifies a string to append to the regular version string to identify
 OS- or site-specific modifications.
 The default is
-.Dq FreeBSD-20040419 .
+.Dq FreeBSD-20060123 .
 .It Cm XAuthLocation
 Specifies the full pathname of the
 .Xr xauth 1
Index: crypto/openssh/sshd_config
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
retrieving revision 1.40
diff -u -r1.40 sshd_config
--- crypto/openssh/sshd_config	20 Apr 2004 09:37:29 -0000	1.40
+++ crypto/openssh/sshd_config	23 Jan 2006 09:50:35 -0000
@@ -14,7 +14,7 @@
 # Note that some of FreeBSD's defaults differ from OpenBSD's, and
 # FreeBSD has a few additional options.
 
-#VersionAddendum FreeBSD-20040419
+#VersionAddendum FreeBSD-20060123
 
 #Port 22
 #Protocol 2
Index: crypto/openssh/sshd_config.5
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/sshd_config.5,v
retrieving revision 1.21
diff -u -r1.21 sshd_config.5
--- crypto/openssh/sshd_config.5	20 Apr 2004 09:46:40 -0000	1.21
+++ crypto/openssh/sshd_config.5	23 Jan 2006 09:50:35 -0000
@@ -660,7 +660,7 @@
 Specifies a string to append to the regular version string to identify
 OS- or site-specific modifications.
 The default is
-.Dq FreeBSD-20040419 .
+.Dq FreeBSD-20060123 .
 .It Cm X11DisplayOffset
 Specifies the first display number available for
 .Nm sshd Ns 's
Index: crypto/openssh/version.h
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/version.h,v
retrieving revision 1.27
diff -u -r1.27 version.h
--- crypto/openssh/version.h	20 Apr 2004 09:46:40 -0000	1.27
+++ crypto/openssh/version.h	23 Jan 2006 09:50:35 -0000
@@ -5,7 +5,7 @@
 
 #define SSH_VERSION             (ssh_version_get())
 #define SSH_VERSION_BASE        "OpenSSH_3.8.1p1"
-#define SSH_VERSION_ADDENDUM    "FreeBSD-20040419"
+#define SSH_VERSION_ADDENDUM    "FreeBSD-20060123"
 
 const char *ssh_version_get(void);
 void ssh_version_set_addendum(const char *add);