os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/website/static/security/patches/SA-03:15/openssh48.patch
Sergio Carlavilla Delgado 989d921f5d Migrate doc to Hugo/AsciiDoctor 
I'm very pleased to announce the release of
our new website and documentation using
the new toolchain with Hugo and AsciiDoctor.

To get more information about the new toolchain
please read the FreeBSD Documentation Project Primer[1],
Hugo docs[2] and AsciiDoctor docs[3].

Acknowledgment:
Benedict Reuschling <bcr@>
Glen Barber <gjb@>
Hiroki Sato <hrs@>
Li-Wen Hsu <lwhsu@>
Sean Chittenden <seanc@>
The FreeBSD Foundation

[1] https://docs.FreeBSD.org/en/books/fdp-primer/
[2] https://gohugo.io/documentation/
[3] https://docs.asciidoctor.org/home/

Approved by:    doceng, core
2021-01-26 00:31:29 +01:00

347 lines
11 KiB
Diff
Raw Blame History

Index: crypto/openssh/auth-chall.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth-chall.c,v
retrieving revision 1.2.2.4
retrieving revision 1.2.2.4.2.2
diff -p -c -r1.2.2.4 -r1.2.2.4.2.2
*** crypto/openssh/auth-chall.c 3 Feb 2003 17:31:06 -0000 1.2.2.4
--- crypto/openssh/auth-chall.c 24 Sep 2003 19:47:18 -0000 1.2.2.4.2.2
*************** verify_response(Authctxt *authctxt, cons
*** 93,101 ****
xfree(info);
}
/* if we received more prompts, we're screwed */
! res = (numprompts != 0);
}
device->free_ctx(authctxt->kbdintctxt);
authctxt->kbdintctxt = NULL;
return res ? 0 : 1;
}
--- 93,109 ----
xfree(info);
}
/* if we received more prompts, we're screwed */
! res = (res == 0 && numprompts == 0) ? 0 : -1;
}
device->free_ctx(authctxt->kbdintctxt);
authctxt->kbdintctxt = NULL;
return res ? 0 : 1;
+ }
+ void
+ abandon_challenge_response(Authctxt *authctxt)
+ {
+ if (authctxt->kbdintctxt != NULL) {
+ device->free_ctx(authctxt->kbdintctxt);
+ authctxt->kbdintctxt = NULL;
+ }
}
Index: crypto/openssh/auth.h
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth.h,v
retrieving revision 1.1.1.1.2.6
retrieving revision 1.1.1.1.2.6.2.1
diff -p -c -r1.1.1.1.2.6 -r1.1.1.1.2.6.2.1
*** crypto/openssh/auth.h 3 Feb 2003 17:31:06 -0000 1.1.1.1.2.6
--- crypto/openssh/auth.h 24 Sep 2003 19:47:18 -0000 1.1.1.1.2.6.2.1
*************** struct passwd * getpwnamallow(const char
*** 160,165 ****
--- 160,166 ----
char *get_challenge(Authctxt *);
int verify_response(Authctxt *, const char *);
+ void abandon_challenge_response(Authctxt *);
struct passwd * auth_get_user(void);
Index: crypto/openssh/auth1.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth1.c,v
retrieving revision 1.3.2.9
retrieving revision 1.3.2.9.2.1
diff -p -c -r1.3.2.9 -r1.3.2.9.2.1
*** crypto/openssh/auth1.c 3 Feb 2003 17:31:06 -0000 1.3.2.9
--- crypto/openssh/auth1.c 24 Sep 2003 19:47:18 -0000 1.3.2.9.2.1
*************** do_authloop(Authctxt *authctxt)
*** 74,80 ****
char info[1024];
u_int dlen;
u_int ulen;
! int type = 0;
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
--- 74,80 ----
char info[1024];
u_int dlen;
u_int ulen;
! int prev, type = 0;
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
*************** do_authloop(Authctxt *authctxt)
*** 104,110 ****
--- 104,122 ----
info[0] = '\0';
/* Get a packet from the client. */
+ prev = type;
type = packet_read();
+
+ /*
+ * If we started challenge-response authentication but the
+ * next packet is not a response to our challenge, release
+ * the resources allocated by get_challenge() (which would
+ * normally have been released by verify_response() had we
+ * received such a response)
+ */
+ if (prev == SSH_CMSG_AUTH_TIS &&
+ type != SSH_CMSG_AUTH_TIS_RESPONSE)
+ abandon_challenge_response(authctxt);
/* Process the packet. */
switch (type) {
Index: crypto/openssh/auth2-pam-freebsd.c
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/auth2-pam-freebsd.c,v
retrieving revision 1.1.2.5
retrieving revision 1.1.2.5.2.2
diff -p -c -r1.1.2.5 -r1.1.2.5.2.2
*** crypto/openssh/auth2-pam-freebsd.c 22 Feb 2003 16:31:47 -0000 1.1.2.5
--- crypto/openssh/auth2-pam-freebsd.c 24 Sep 2003 19:14:41 -0000 1.1.2.5.2.2
*************** pam_thread_conv(int n,
*** 134,141 ****
*resp = xmalloc(n * sizeof **resp);
buffer_init(&buffer);
for (i = 0; i < n; ++i) {
! resp[i]->resp_retcode = 0;
! resp[i]->resp = NULL;
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
buffer_put_cstring(&buffer, msg[i]->msg);
--- 134,141 ----
*resp = xmalloc(n * sizeof **resp);
buffer_init(&buffer);
for (i = 0; i < n; ++i) {
! (*resp)[i].resp_retcode = 0;
! (*resp)[i].resp = NULL;
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_thread_conv(int n,
*** 143,149 ****
ssh_msg_recv(ctxt->pam_csock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! resp[i]->resp = buffer_get_string(&buffer, NULL);
break;
case PAM_PROMPT_ECHO_ON:
buffer_put_cstring(&buffer, msg[i]->msg);
--- 143,149 ----
ssh_msg_recv(ctxt->pam_csock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! (*resp)[i].resp = buffer_get_string(&buffer, NULL);
break;
case PAM_PROMPT_ECHO_ON:
buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_thread_conv(int n,
*** 151,157 ****
ssh_msg_recv(ctxt->pam_csock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! resp[i]->resp = buffer_get_string(&buffer, NULL);
break;
case PAM_ERROR_MSG:
buffer_put_cstring(&buffer, msg[i]->msg);
--- 151,157 ----
ssh_msg_recv(ctxt->pam_csock, &buffer);
if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail;
! (*resp)[i].resp = buffer_get_string(&buffer, NULL);
break;
case PAM_ERROR_MSG:
buffer_put_cstring(&buffer, msg[i]->msg);
*************** pam_thread_conv(int n,
*** 169,176 ****
buffer_free(&buffer);
return (PAM_SUCCESS);
fail:
- while (i)
- xfree(resp[--i]);
xfree(*resp);
*resp = NULL;
buffer_free(&buffer);
--- 169,174 ----
*************** pam_chauthtok_conv(int n,
*** 539,558 ****
for (i = 0; i < n; ++i) {
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
! resp[i]->resp =
read_passphrase(msg[i]->msg, RP_ALLOW_STDIN);
! resp[i]->resp_retcode = PAM_SUCCESS;
break;
case PAM_PROMPT_ECHO_ON:
fputs(msg[i]->msg, stderr);
fgets(input, sizeof input, stdin);
! resp[i]->resp = xstrdup(input);
! resp[i]->resp_retcode = PAM_SUCCESS;
break;
case PAM_ERROR_MSG:
case PAM_TEXT_INFO:
fputs(msg[i]->msg, stderr);
! resp[i]->resp_retcode = PAM_SUCCESS;
break;
default:
goto fail;
--- 537,556 ----
for (i = 0; i < n; ++i) {
switch (msg[i]->msg_style) {
case PAM_PROMPT_ECHO_OFF:
! (*resp)[i].resp =
read_passphrase(msg[i]->msg, RP_ALLOW_STDIN);
! (*resp)[i].resp_retcode = PAM_SUCCESS;
break;
case PAM_PROMPT_ECHO_ON:
fputs(msg[i]->msg, stderr);
fgets(input, sizeof input, stdin);
! (*resp)[i].resp = xstrdup(input);
! (*resp)[i].resp_retcode = PAM_SUCCESS;
break;
case PAM_ERROR_MSG:
case PAM_TEXT_INFO:
fputs(msg[i]->msg, stderr);
! (*resp)[i].resp_retcode = PAM_SUCCESS;
break;
default:
goto fail;
*************** pam_chauthtok_conv(int n,
*** 560,567 ****
}
return (PAM_SUCCESS);
fail:
- while (i)
- xfree(resp[--i]);
xfree(*resp);
*resp = NULL;
return (PAM_CONV_ERR);
--- 558,563 ----
Index: crypto/openssh/ssh_config
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
retrieving revision 1.2.2.8
retrieving revision 1.2.2.8.2.1
diff -p -c -r1.2.2.8 -r1.2.2.8.2.1
*** crypto/openssh/ssh_config 11 Feb 2003 12:11:54 -0000 1.2.2.8
--- crypto/openssh/ssh_config 24 Sep 2003 19:47:43 -0000 1.2.2.8.2.1
***************
*** 35,38 ****
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
! # VersionAddendum FreeBSD-20030201
--- 35,38 ----
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
! # VersionAddendum FreeBSD-20030924
Index: crypto/openssh/ssh_config.5
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/ssh_config.5,v
retrieving revision 1.4.2.4
retrieving revision 1.4.2.4.2.1
diff -p -c -r1.4.2.4 -r1.4.2.4.2.1
*** crypto/openssh/ssh_config.5 11 Feb 2003 12:11:54 -0000 1.4.2.4
--- crypto/openssh/ssh_config.5 24 Sep 2003 19:47:43 -0000 1.4.2.4.2.1
*************** host key database instead of
*** 616,622 ****
Specifies a string to append to the regular version string to identify
OS- or site-specific modifications.
The default is
! .Dq FreeBSD-20030201 .
.It Cm XAuthLocation
Specifies the full pathname of the
.Xr xauth 1
--- 616,622 ----
Specifies a string to append to the regular version string to identify
OS- or site-specific modifications.
The default is
! .Dq FreeBSD-20030924 .
.It Cm XAuthLocation
Specifies the full pathname of the
.Xr xauth 1
Index: crypto/openssh/sshd_config
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
retrieving revision 1.4.2.12
retrieving revision 1.4.2.12.2.1
diff -p -c -r1.4.2.12 -r1.4.2.12.2.1
*** crypto/openssh/sshd_config 11 Feb 2003 12:11:54 -0000 1.4.2.12
--- crypto/openssh/sshd_config 24 Sep 2003 19:47:43 -0000 1.4.2.12.2.1
***************
*** 14,20 ****
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
! #VersionAddendum FreeBSD-20030201
#Port 22
#Protocol 2,1
--- 14,20 ----
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
! #VersionAddendum FreeBSD-20030924
#Port 22
#Protocol 2,1
Index: crypto/openssh/sshd_config.5
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/sshd_config.5,v
retrieving revision 1.5.2.5
retrieving revision 1.5.2.5.2.1
diff -p -c -r1.5.2.5 -r1.5.2.5.2.1
*** crypto/openssh/sshd_config.5 11 Feb 2003 12:11:54 -0000 1.5.2.5
--- crypto/openssh/sshd_config.5 24 Sep 2003 19:47:43 -0000 1.5.2.5.2.1
*************** The default is
*** 647,653 ****
Specifies a string to append to the regular version string to identify
OS- or site-specific modifications.
The default is
! .Dq FreeBSD-20030201 .
.It Cm X11DisplayOffset
Specifies the first display number available for
.Nm sshd Ns 's
--- 647,653 ----
Specifies a string to append to the regular version string to identify
OS- or site-specific modifications.
The default is
! .Dq FreeBSD-20030924 .
.It Cm X11DisplayOffset
Specifies the first display number available for
.Nm sshd Ns 's
Index: crypto/openssh/version.h
===================================================================
RCS file: /home/ncvs/src/crypto/openssh/version.h,v
retrieving revision 1.1.1.1.2.10.2.2
retrieving revision 1.1.1.1.2.10.2.3
diff -p -c -r1.1.1.1.2.10.2.2 -r1.1.1.1.2.10.2.3
*** crypto/openssh/version.h 17 Sep 2003 14:51:09 -0000 1.1.1.1.2.10.2.2
--- crypto/openssh/version.h 24 Sep 2003 19:47:43 -0000 1.1.1.1.2.10.2.3
***************
*** 5,11 ****
#define SSH_VERSION (ssh_version_get())
#define SSH_VERSION_BASE "OpenSSH_3.5p1"
! #define SSH_VERSION_ADDENDUM "FreeBSD-20030917"
const char *ssh_version_get(void);
void ssh_version_set_addendum(const char *add);
--- 5,11 ----
#define SSH_VERSION (ssh_version_get())
#define SSH_VERSION_BASE "OpenSSH_3.5p1"
! #define SSH_VERSION_ADDENDUM "FreeBSD-20030924"
const char *ssh_version_get(void);
void ssh_version_set_addendum(const char *add);
Reference in a new issue View git blame Copy permalink