forked from rpms/openssh
Update coverity patch after rebase to 6.7
This commit is contained in:
parent
6c6416dc9d
commit
580f986839
@ -5,7 +5,7 @@ index 961c564..0fcfd7b 100644
|
||||
@@ -260,7 +260,6 @@ ssh_gssapi_krb5_cmdok(krb5_principal principal, const char *name,
|
||||
FILE *fp;
|
||||
char file[MAXPATHLEN];
|
||||
char line[BUFSIZ];
|
||||
char line[BUFSIZ] = "";
|
||||
- char kuser[65]; /* match krb5_kuserok() */
|
||||
struct stat st;
|
||||
struct passwd *pw = the_authctxt->pw;
|
||||
|
@ -97,7 +97,7 @@ index 413b845..54dd383 100644
|
||||
+{
|
||||
+ FILE *fp;
|
||||
+ char file[MAXPATHLEN];
|
||||
+ char line[BUFSIZ];
|
||||
+ char line[BUFSIZ] = "";
|
||||
+ char kuser[65]; /* match krb5_kuserok() */
|
||||
+ struct stat st;
|
||||
+ struct passwd *pw = the_authctxt->pw;
|
||||
|
@ -23,6 +23,14 @@ diff --git a/auth2-gss.c b/auth2-gss.c
|
||||
index 4803e7e..222e3e0 100644
|
||||
--- a/auth2-gss.c
|
||||
+++ b/auth2-gss.c
|
||||
@@ -31,6 +31,7 @@
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
+#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "key.h"
|
||||
@@ -53,6 +53,40 @@ static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
|
||||
static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
|
||||
static void input_gssapi_errtok(int, u_int32_t, void *);
|
||||
@ -456,7 +464,7 @@ index b39281b..a3a2289 100644
|
||||
if (!GSS_ERROR(major)) {
|
||||
major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token,
|
||||
NULL);
|
||||
@@ -272,10 +483,67 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
|
||||
@@ -272,10 +483,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
|
||||
GSS_C_NO_BUFFER);
|
||||
}
|
||||
|
||||
@ -476,7 +484,6 @@ index b39281b..a3a2289 100644
|
||||
+ static OM_uint32 last_call = 0;
|
||||
+ OM_uint32 lifetime, now, major, minor;
|
||||
+ int equal;
|
||||
+ gss_cred_usage_t usage = GSS_C_INITIATE;
|
||||
+
|
||||
+ now = time(NULL);
|
||||
+
|
||||
@ -1415,7 +1422,7 @@ new file mode 100644
|
||||
index 0000000..b880998
|
||||
--- /dev/null
|
||||
+++ b/kexgsss.c
|
||||
@@ -0,0 +1,289 @@
|
||||
@@ -0,0 +1,290 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
|
||||
+ *
|
||||
@ -1462,6 +1469,7 @@ index 0000000..b880998
|
||||
+#include "monitor_wrap.h"
|
||||
+#include "misc.h" /* servconf.h needs misc.h for struct ForwardOptions */
|
||||
+#include "servconf.h"
|
||||
+#include "ssh-gss.h"
|
||||
+
|
||||
+extern ServerOptions options;
|
||||
+
|
||||
@ -2341,7 +2349,7 @@ index a99d7f0..0374c88 100644
|
||||
|
||||
int ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
|
||||
void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
|
||||
@@ -119,16 +136,30 @@ void ssh_gssapi_build_ctx(Gssctxt **);
|
||||
@@ -119,16 +136,32 @@ void ssh_gssapi_build_ctx(Gssctxt **);
|
||||
void ssh_gssapi_delete_ctx(Gssctxt **);
|
||||
OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
|
||||
void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
|
||||
@ -2371,6 +2379,8 @@ index a99d7f0..0374c88 100644
|
||||
+int ssh_gssapi_oid_table_ok();
|
||||
+
|
||||
+int ssh_gssapi_update_creds(ssh_gssapi_ccache *store);
|
||||
+
|
||||
+void ssh_gssapi_rekey_creds(void);
|
||||
#endif /* GSSAPI */
|
||||
|
||||
#endif /* _SSH_GSS_H */
|
||||
|
@ -1,5 +1,5 @@
|
||||
diff --git a/auth-pam.c b/auth-pam.c
|
||||
index cd1a775..690711e 100644
|
||||
index cd1a775..2fff267 100644
|
||||
--- a/auth-pam.c
|
||||
+++ b/auth-pam.c
|
||||
@@ -216,7 +216,12 @@ pthread_join(sp_pthread_t thread, void **value)
|
||||
@ -17,10 +17,10 @@ index cd1a775..690711e 100644
|
||||
}
|
||||
#endif
|
||||
diff --git a/channels.c b/channels.c
|
||||
index af3fdc2..39c9f89 100644
|
||||
index 51a221d..0ef1d90 100644
|
||||
--- a/channels.c
|
||||
+++ b/channels.c
|
||||
@@ -233,11 +233,11 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
|
||||
@@ -239,11 +239,11 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
|
||||
channel_max_fd = MAX(channel_max_fd, wfd);
|
||||
channel_max_fd = MAX(channel_max_fd, efd);
|
||||
|
||||
@ -35,7 +35,7 @@ index af3fdc2..39c9f89 100644
|
||||
fcntl(efd, F_SETFD, FD_CLOEXEC);
|
||||
|
||||
c->rfd = rfd;
|
||||
@@ -255,11 +255,11 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
|
||||
@@ -261,11 +261,11 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
|
||||
|
||||
/* enable nonblocking mode */
|
||||
if (nonblock) {
|
||||
@ -50,15 +50,33 @@ index af3fdc2..39c9f89 100644
|
||||
set_nonblock(efd);
|
||||
}
|
||||
}
|
||||
@@ -3959,13 +3959,13 @@ connect_local_xsocket_path(const char *pathname, int len)
|
||||
int sock;
|
||||
struct sockaddr_un addr;
|
||||
|
||||
+ if (len <= 0)
|
||||
+ return -1;
|
||||
sock = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||
if (sock < 0)
|
||||
error("socket: %.100s", strerror(errno));
|
||||
memset(&addr, 0, sizeof(addr));
|
||||
addr.sun_family = AF_UNIX;
|
||||
- if (len <= 0)
|
||||
- return -1;
|
||||
if (len > sizeof addr.sun_path)
|
||||
len = sizeof addr.sun_path;
|
||||
memcpy(addr.sun_path, pathname, len);
|
||||
diff --git a/clientloop.c b/clientloop.c
|
||||
index 9c60108..d372b53 100644
|
||||
index 20ce0b5..65cb26a 100644
|
||||
--- a/clientloop.c
|
||||
+++ b/clientloop.c
|
||||
@@ -2081,14 +2081,15 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt)
|
||||
@@ -2090,15 +2090,16 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
char *rtype;
|
||||
int want_reply;
|
||||
int success = 0;
|
||||
+/* success is still 0 the packet is allways SSH2_MSG_REQUEST_FAILURE, isn't it? */
|
||||
- int success = 0;
|
||||
+/* int success = 0;
|
||||
+ success is still 0 the packet is allways SSH2_MSG_REQUEST_FAILURE, isn't it? */
|
||||
|
||||
rtype = packet_get_string(NULL);
|
||||
want_reply = packet_get_char();
|
||||
@ -72,26 +90,23 @@ index 9c60108..d372b53 100644
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
}
|
||||
diff --git a/key.c b/key.c
|
||||
index a2050f6..6487d81 100644
|
||||
--- a/key.c
|
||||
+++ b/key.c
|
||||
@@ -880,8 +880,10 @@ key_read(Key *ret, char **cpp)
|
||||
success = 1;
|
||||
/*XXXX*/
|
||||
key_free(k);
|
||||
+/*XXXX
|
||||
if (success != 1)
|
||||
break;
|
||||
+XXXX*/
|
||||
/* advance cp: skip whitespace and data */
|
||||
while (*cp == ' ' || *cp == '\t')
|
||||
cp++;
|
||||
diff --git a/entropy.c b/entropy.c
|
||||
index 06b0095..a4097da 100644
|
||||
--- a/entropy.c
|
||||
+++ b/entropy.c
|
||||
@@ -44,6 +44,7 @@
|
||||
#include <openssl/err.h>
|
||||
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
+#include "openbsd-compat/port-linux.h"
|
||||
|
||||
#include "ssh.h"
|
||||
#include "misc.h"
|
||||
diff --git a/monitor.c b/monitor.c
|
||||
index 3ff62b0..70b9b4c 100644
|
||||
index 07fa655..b8e6e06 100644
|
||||
--- a/monitor.c
|
||||
+++ b/monitor.c
|
||||
@@ -472,7 +472,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
|
||||
@@ -488,7 +488,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
|
||||
mm_get_keystate(pmonitor);
|
||||
|
||||
/* Drain any buffered messages from the child */
|
||||
@ -100,7 +115,7 @@ index 3ff62b0..70b9b4c 100644
|
||||
;
|
||||
|
||||
close(pmonitor->m_sendfd);
|
||||
@@ -1254,6 +1254,10 @@ mm_answer_keyallowed(int sock, Buffer *m)
|
||||
@@ -1276,6 +1276,10 @@ mm_answer_keyallowed(int sock, Buffer *m)
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -111,7 +126,7 @@ index 3ff62b0..70b9b4c 100644
|
||||
if (key != NULL)
|
||||
key_free(key);
|
||||
|
||||
@@ -1275,9 +1279,6 @@ mm_answer_keyallowed(int sock, Buffer *m)
|
||||
@@ -1297,9 +1301,6 @@ mm_answer_keyallowed(int sock, Buffer *m)
|
||||
free(chost);
|
||||
}
|
||||
|
||||
@ -122,10 +137,10 @@ index 3ff62b0..70b9b4c 100644
|
||||
buffer_put_int(m, allowed);
|
||||
buffer_put_int(m, forced_command != NULL);
|
||||
diff --git a/monitor_wrap.c b/monitor_wrap.c
|
||||
index 6df236a..93f6535 100644
|
||||
index ba4ecd7..b3e4ca1 100644
|
||||
--- a/monitor_wrap.c
|
||||
+++ b/monitor_wrap.c
|
||||
@@ -743,10 +743,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
|
||||
@@ -749,10 +749,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
|
||||
if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
|
||||
(tmp2 = dup(pmonitor->m_recvfd)) == -1) {
|
||||
error("%s: cannot allocate fds for pty", __func__);
|
||||
@ -152,11 +167,22 @@ index c89f214..80115c2 100644
|
||||
int i;
|
||||
|
||||
if (sa == NULL) {
|
||||
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
|
||||
index 8b7cda2..e2ca8a1 100644
|
||||
--- a/openbsd-compat/port-linux.h
|
||||
+++ b/openbsd-compat/port-linux.h
|
||||
@@ -37,4 +37,6 @@ void oom_adjust_restore(void);
|
||||
void oom_adjust_setup(void);
|
||||
#endif
|
||||
|
||||
+void linux_seed(void);
|
||||
+
|
||||
#endif /* ! _PORT_LINUX_H */
|
||||
diff --git a/packet.c b/packet.c
|
||||
index f5b122b..1305e87 100644
|
||||
index 8ec353e..dbc2c33 100644
|
||||
--- a/packet.c
|
||||
+++ b/packet.c
|
||||
@@ -1234,6 +1234,7 @@ packet_read_poll1(void)
|
||||
@@ -1246,6 +1246,7 @@ packet_read_poll1(void)
|
||||
case DEATTACK_DETECTED:
|
||||
packet_disconnect("crc32 compensation attack: "
|
||||
"network attack detected");
|
||||
@ -164,6 +190,41 @@ index f5b122b..1305e87 100644
|
||||
case DEATTACK_DOS_DETECTED:
|
||||
packet_disconnect("deattack denial of "
|
||||
"service detected");
|
||||
diff --git a/pam_ssh_agent_auth-0.9.3/pam_user_key_allowed2.c b/pam_ssh_agent_auth-0.9.3/pam_user_key_allowed2.c
|
||||
index 8ba6d87..a7808c7 100644
|
||||
--- a/pam_ssh_agent_auth-0.9.3/pam_user_key_allowed2.c
|
||||
+++ b/pam_ssh_agent_auth-0.9.3/pam_user_key_allowed2.c
|
||||
@@ -87,7 +87,7 @@ pam_user_key_allowed2(struct passwd *pw, Key *key, char *file)
|
||||
found = key_new(key->type);
|
||||
|
||||
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
|
||||
- char *cp, *key_options = NULL;
|
||||
+ char *cp = NULL;
|
||||
|
||||
/* Skip leading whitespace, empty and comment lines. */
|
||||
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
|
||||
@@ -99,7 +99,6 @@ pam_user_key_allowed2(struct passwd *pw, Key *key, char *file)
|
||||
/* no key? check if there are options for this key */
|
||||
int quoted = 0;
|
||||
verbose("user_key_allowed: check options: '%s'", cp);
|
||||
- key_options = cp;
|
||||
for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
|
||||
if (*cp == '\\' && cp[1] == '"')
|
||||
cp++; /* Skip both */
|
||||
diff --git a/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c b/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
|
||||
index e14eb27..323817a 100644
|
||||
--- a/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
|
||||
+++ b/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
|
||||
@@ -89,8 +89,7 @@ userauth_pubkey_from_id(Identity * id)
|
||||
authenticated = 1;
|
||||
|
||||
user_auth_clean_exit:
|
||||
- if(&b != NULL)
|
||||
- buffer_free(&b);
|
||||
+ buffer_free(&b);
|
||||
if(sig != NULL)
|
||||
free(sig);
|
||||
if(pkblob != NULL)
|
||||
diff --git a/progressmeter.c b/progressmeter.c
|
||||
index bbbc706..ae6d1aa 100644
|
||||
--- a/progressmeter.c
|
||||
@ -198,7 +259,7 @@ index 10bab99..e9ca8f0 100644
|
||||
+void start_progress_meter(const char *, off_t, off_t *);
|
||||
void stop_progress_meter(void);
|
||||
diff --git a/scp.c b/scp.c
|
||||
index 1178a07..d9bc016 100644
|
||||
index cbd904d..e4e9fa1 100644
|
||||
--- a/scp.c
|
||||
+++ b/scp.c
|
||||
@@ -155,7 +155,7 @@ killchild(int signo)
|
||||
@ -211,10 +272,10 @@ index 1178a07..d9bc016 100644
|
||||
|
||||
if (signo)
|
||||
diff --git a/servconf.c b/servconf.c
|
||||
index 3839928..d482e79 100644
|
||||
index 87a311b..895cdca 100644
|
||||
--- a/servconf.c
|
||||
+++ b/servconf.c
|
||||
@@ -1382,7 +1382,7 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
@@ -1418,7 +1418,7 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
fatal("%s line %d: Missing subsystem name.",
|
||||
filename, linenum);
|
||||
if (!*activep) {
|
||||
@ -223,7 +284,7 @@ index 3839928..d482e79 100644
|
||||
break;
|
||||
}
|
||||
for (i = 0; i < options->num_subsystems; i++)
|
||||
@@ -1473,8 +1473,9 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
@@ -1509,8 +1509,9 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
if (*activep && *charptr == NULL) {
|
||||
*charptr = tilde_expand_filename(arg, getuid());
|
||||
/* increase optional counter */
|
||||
@ -236,7 +297,7 @@ index 3839928..d482e79 100644
|
||||
break;
|
||||
|
||||
diff --git a/serverloop.c b/serverloop.c
|
||||
index 2f8e3a0..e03bc6c 100644
|
||||
index e92f9e2..3cad041 100644
|
||||
--- a/serverloop.c
|
||||
+++ b/serverloop.c
|
||||
@@ -147,13 +147,13 @@ notify_setup(void)
|
||||
@ -339,7 +400,7 @@ index 2f8e3a0..e03bc6c 100644
|
||||
pty_change_window_size(fdin, row, col, xpixel, ypixel);
|
||||
}
|
||||
|
||||
@@ -1007,7 +1007,7 @@ server_request_tun(void)
|
||||
@@ -1039,7 +1039,7 @@ server_request_tun(void)
|
||||
}
|
||||
|
||||
tun = packet_get_int();
|
||||
@ -349,7 +410,7 @@ index 2f8e3a0..e03bc6c 100644
|
||||
goto done;
|
||||
tun = forced_tun_device;
|
||||
diff --git a/sftp-client.c b/sftp-client.c
|
||||
index 2f5907c..3a2affd 100644
|
||||
index 990b58d..3d0f22b 100644
|
||||
--- a/sftp-client.c
|
||||
+++ b/sftp-client.c
|
||||
@@ -151,7 +151,7 @@ get_msg(struct sftp_conn *conn, Buffer *m)
|
||||
@ -565,28 +626,28 @@ index 2f5907c..3a2affd 100644
|
||||
int
|
||||
-do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
|
||||
+do_upload(struct sftp_conn *conn, const char *local_path, const char *remote_path,
|
||||
int preserve_flag, int fsync_flag)
|
||||
int preserve_flag, int resume, int fsync_flag)
|
||||
{
|
||||
int local_fd;
|
||||
@@ -1607,7 +1607,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
|
||||
@@ -1628,7 +1628,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
|
||||
}
|
||||
|
||||
static int
|
||||
-upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, int depth,
|
||||
+upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, int depth,
|
||||
int preserve_flag, int print_flag, int fsync_flag)
|
||||
int preserve_flag, int print_flag, int resume, int fsync_flag)
|
||||
{
|
||||
int ret = 0, status;
|
||||
@@ -1700,7 +1700,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, int depth,
|
||||
@@ -1721,7 +1721,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, int depth,
|
||||
}
|
||||
|
||||
int
|
||||
-upload_dir(struct sftp_conn *conn, char *src, char *dst, int preserve_flag,
|
||||
+upload_dir(struct sftp_conn *conn, const char *src, const char *dst, int preserve_flag,
|
||||
int print_flag, int fsync_flag)
|
||||
int print_flag, int resume, int fsync_flag)
|
||||
{
|
||||
char *dst_canon;
|
||||
@@ -1719,7 +1719,7 @@ upload_dir(struct sftp_conn *conn, char *src, char *dst, int preserve_flag,
|
||||
@@ -1740,7 +1740,7 @@ upload_dir(struct sftp_conn *conn, char *src, char *dst, int preserve_flag,
|
||||
}
|
||||
|
||||
char *
|
||||
@ -596,7 +657,7 @@ index 2f5907c..3a2affd 100644
|
||||
char *ret;
|
||||
size_t len = strlen(p1) + strlen(p2) + 2;
|
||||
diff --git a/sftp-client.h b/sftp-client.h
|
||||
index ba92ad0..c085423 100644
|
||||
index 967840b..ffbcade 100644
|
||||
--- a/sftp-client.h
|
||||
+++ b/sftp-client.h
|
||||
@@ -56,79 +56,79 @@ struct sftp_conn *do_init(int, int, u_int, u_int, u_int64_t);
|
||||
@ -683,15 +744,15 @@ index ba92ad0..c085423 100644
|
||||
* Upload 'local_path' to 'remote_path'. Preserve permissions and times
|
||||
* if 'pflag' is set
|
||||
*/
|
||||
-int do_upload(struct sftp_conn *, char *, char *, int, int);
|
||||
+int do_upload(struct sftp_conn *, const char *, const char *, int, int);
|
||||
-int do_upload(struct sftp_conn *, char *, char *, int, int, int);
|
||||
+int do_upload(struct sftp_conn *, const char *, const char *, int, int, int);
|
||||
|
||||
/*
|
||||
* Recursively upload 'local_directory' to 'remote_directory'. Preserve
|
||||
* times if 'pflag' is set
|
||||
*/
|
||||
-int upload_dir(struct sftp_conn *, char *, char *, int, int, int);
|
||||
+int upload_dir(struct sftp_conn *, const char *, const char *, int, int, int);
|
||||
-int upload_dir(struct sftp_conn *, char *, char *, int, int, int, int);
|
||||
+int upload_dir(struct sftp_conn *, const char *, const char *, int, int, int, int);
|
||||
|
||||
/* Concatenate paths, taking care of slashes. Caller must free result. */
|
||||
-char *path_append(char *, char *);
|
||||
@ -699,10 +760,10 @@ index ba92ad0..c085423 100644
|
||||
|
||||
#endif
|
||||
diff --git a/sftp.c b/sftp.c
|
||||
index ad1f8c8..3987117 100644
|
||||
index ff4d63d..4439100 100644
|
||||
--- a/sftp.c
|
||||
+++ b/sftp.c
|
||||
@@ -218,7 +218,7 @@ killchild(int signo)
|
||||
@@ -220,7 +220,7 @@ killchild(int signo)
|
||||
{
|
||||
if (sshpid > 1) {
|
||||
kill(sshpid, SIGTERM);
|
||||
@ -711,7 +772,7 @@ index ad1f8c8..3987117 100644
|
||||
}
|
||||
|
||||
_exit(1);
|
||||
@@ -329,7 +329,7 @@ local_do_ls(const char *args)
|
||||
@@ -332,7 +332,7 @@ local_do_ls(const char *args)
|
||||
|
||||
/* Strip one path (usually the pwd) from the start of another */
|
||||
static char *
|
||||
@ -720,7 +781,7 @@ index ad1f8c8..3987117 100644
|
||||
{
|
||||
size_t len;
|
||||
|
||||
@@ -347,7 +347,7 @@ path_strip(char *path, char *strip)
|
||||
@@ -350,7 +350,7 @@ path_strip(char *path, char *strip)
|
||||
}
|
||||
|
||||
static char *
|
||||
@ -729,7 +790,7 @@ index ad1f8c8..3987117 100644
|
||||
{
|
||||
char *abs_str;
|
||||
|
||||
@@ -545,7 +545,7 @@ parse_no_flags(const char *cmd, char **argv, int argc)
|
||||
@@ -548,7 +548,7 @@ parse_no_flags(const char *cmd, char **argv, int argc)
|
||||
}
|
||||
|
||||
static int
|
||||
@ -738,7 +799,7 @@ index ad1f8c8..3987117 100644
|
||||
{
|
||||
struct stat sb;
|
||||
|
||||
@@ -557,7 +557,7 @@ is_dir(char *path)
|
||||
@@ -560,7 +560,7 @@ is_dir(char *path)
|
||||
}
|
||||
|
||||
static int
|
||||
@ -747,7 +808,7 @@ index ad1f8c8..3987117 100644
|
||||
{
|
||||
Attrib *a;
|
||||
|
||||
@@ -571,7 +571,7 @@ remote_is_dir(struct sftp_conn *conn, char *path)
|
||||
@@ -574,7 +574,7 @@ remote_is_dir(struct sftp_conn *conn, char *path)
|
||||
|
||||
/* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */
|
||||
static int
|
||||
@ -756,7 +817,7 @@ index ad1f8c8..3987117 100644
|
||||
{
|
||||
size_t l = strlen(pathname);
|
||||
|
||||
@@ -579,7 +579,7 @@ pathname_is_dir(char *pathname)
|
||||
@@ -582,7 +582,7 @@ pathname_is_dir(char *pathname)
|
||||
}
|
||||
|
||||
static int
|
||||
@ -765,16 +826,16 @@ index ad1f8c8..3987117 100644
|
||||
int pflag, int rflag, int resume, int fflag)
|
||||
{
|
||||
char *abs_src = NULL;
|
||||
@@ -659,7 +659,7 @@ out:
|
||||
@@ -666,7 +666,7 @@ out:
|
||||
}
|
||||
|
||||
static int
|
||||
-process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd,
|
||||
+process_put(struct sftp_conn *conn, const char *src, const char *dst, const char *pwd,
|
||||
int pflag, int rflag, int fflag)
|
||||
int pflag, int rflag, int resume, int fflag)
|
||||
{
|
||||
char *tmp_dst = NULL;
|
||||
@@ -765,7 +765,7 @@ sdirent_comp(const void *aa, const void *bb)
|
||||
@@ -776,7 +776,7 @@ sdirent_comp(const void *aa, const void *bb)
|
||||
|
||||
/* sftp ls.1 replacement for directories */
|
||||
static int
|
||||
@ -783,7 +844,7 @@ index ad1f8c8..3987117 100644
|
||||
{
|
||||
int n;
|
||||
u_int c = 1, colspace = 0, columns = 1;
|
||||
@@ -850,7 +850,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
|
||||
@@ -861,7 +861,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
|
||||
|
||||
/* sftp ls.1 replacement which handles path globs */
|
||||
static int
|
||||
@ -792,7 +853,7 @@ index ad1f8c8..3987117 100644
|
||||
int lflag)
|
||||
{
|
||||
char *fname, *lname;
|
||||
@@ -931,7 +931,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
|
||||
@@ -946,7 +946,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
|
||||
}
|
||||
|
||||
static int
|
||||
@ -802,10 +863,10 @@ index ad1f8c8..3987117 100644
|
||||
struct sftp_statvfs st;
|
||||
char s_used[FMT_SCALED_STRSIZE];
|
||||
diff --git a/ssh-agent.c b/ssh-agent.c
|
||||
index 117fdde..2b50132 100644
|
||||
index c8036c8..4da3bb6 100644
|
||||
--- a/ssh-agent.c
|
||||
+++ b/ssh-agent.c
|
||||
@@ -1037,8 +1037,8 @@ main(int ac, char **av)
|
||||
@@ -1056,8 +1056,8 @@ main(int ac, char **av)
|
||||
sanitise_stdfd();
|
||||
|
||||
/* drop */
|
||||
@ -816,8 +877,26 @@ index 117fdde..2b50132 100644
|
||||
|
||||
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
|
||||
/* Disable ptrace on Linux without sgid bit */
|
||||
diff --git a/ssh-keygen.c b/ssh-keygen.c
|
||||
index 64fa217..635e8fd 100644
|
||||
--- a/ssh-keygen.c
|
||||
+++ b/ssh-keygen.c
|
||||
@@ -687,11 +687,11 @@ do_convert_from(struct passwd *pw)
|
||||
fatal("%s: unknown key format %d", __func__, convert_format);
|
||||
}
|
||||
|
||||
- if (!private)
|
||||
+ if (!private) {
|
||||
ok = key_write(k, stdout);
|
||||
if (ok)
|
||||
fprintf(stdout, "\n");
|
||||
- else {
|
||||
+ } else {
|
||||
switch (k->type) {
|
||||
case KEY_DSA:
|
||||
ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL,
|
||||
diff --git a/sshd.c b/sshd.c
|
||||
index 773bb02..1eaa9f7 100644
|
||||
index 783abe3..eaade2a 100644
|
||||
--- a/sshd.c
|
||||
+++ b/sshd.c
|
||||
@@ -771,8 +771,10 @@ privsep_preauth(Authctxt *authctxt)
|
||||
@ -832,7 +911,7 @@ index 773bb02..1eaa9f7 100644
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -1439,6 +1441,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
|
||||
@@ -1458,6 +1460,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
|
||||
if (num_listen_socks < 0)
|
||||
break;
|
||||
}
|
||||
@ -842,3 +921,15 @@ index 773bb02..1eaa9f7 100644
|
||||
}
|
||||
|
||||
|
||||
diff --git a/sshkey.c b/sshkey.c
|
||||
index 5e3d97f..dae8270 100644
|
||||
--- a/sshkey.c
|
||||
+++ b/sshkey.c
|
||||
@@ -54,6 +54,7 @@
|
||||
#include "digest.h"
|
||||
#define SSHKEY_INTERNAL
|
||||
#include "sshkey.h"
|
||||
+#include "log.h"
|
||||
|
||||
/* openssh private key file format */
|
||||
#define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n"
|
@ -191,7 +191,7 @@ index e0cf3de..e11198f 100644
|
||||
+ SSH_DIGEST_SHA512 },
|
||||
+# endif
|
||||
+#endif
|
||||
+ { NULL, -1, -1, NULL},
|
||||
+ { NULL, -1, -1, -1},
|
||||
+};
|
||||
+
|
||||
char *
|
||||
@ -399,17 +399,18 @@ index 26e9681..a0a7c29 100644
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
#include "openbsd-compat/sys-queue.h"
|
||||
|
||||
@@ -433,6 +435,13 @@ main(int ac, char **av)
|
||||
@@ -433,6 +435,14 @@ main(int ac, char **av)
|
||||
sanitise_stdfd();
|
||||
|
||||
__progname = ssh_get_progname(av[0]);
|
||||
+ SSLeay_add_all_algorithms();
|
||||
+ if (access("/etc/system-fips", F_OK) == 0)
|
||||
+ if (! FIPSCHECK_verify(NULL, NULL))
|
||||
+ if (! FIPSCHECK_verify(NULL, NULL)){
|
||||
+ if (FIPS_mode())
|
||||
+ fatal("FIPS integrity verification test failed.");
|
||||
+ else
|
||||
+ logit("FIPS integrity verification test failed.");
|
||||
+ }
|
||||
|
||||
#ifndef HAVE_SETPROCTITLE
|
||||
/* Prepare for later setproctitle emulation */
|
||||
|
@ -1162,7 +1162,7 @@ new file mode 100644
|
||||
index 0000000..b49cae6
|
||||
--- /dev/null
|
||||
+++ b/ldapconf.c
|
||||
@@ -0,0 +1,722 @@
|
||||
@@ -0,0 +1,721 @@
|
||||
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
|
||||
+/*
|
||||
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
|
||||
@ -1620,7 +1620,7 @@ index 0000000..b49cae6
|
||||
+{
|
||||
+ FILE *f;
|
||||
+ char line[1024];
|
||||
+ int active, linenum;
|
||||
+ int linenum;
|
||||
+ int bad_options = 0;
|
||||
+ struct stat sb;
|
||||
+
|
||||
@ -1639,7 +1639,6 @@ index 0000000..b49cae6
|
||||
+ * Mark that we are now processing the options. This flag is turned
|
||||
+ * on/off by Host specifications.
|
||||
+ */
|
||||
+ active = 1;
|
||||
+ linenum = 0;
|
||||
+ while (fgets(line, sizeof(line), f)) {
|
||||
+ /* Update line number counter. */
|
||||
|
@ -92,7 +92,7 @@ Source13: sshd-keygen
|
||||
Patch0: openssh-5.9p1-wIm.patch
|
||||
|
||||
#?
|
||||
Patch100: openssh-6.6.1p1-coverity.patch
|
||||
Patch100: openssh-6.7p1-coverity.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1872
|
||||
Patch101: openssh-6.7p1-fingerprint.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1894
|
||||
@ -223,7 +223,6 @@ Patch920: openssh-6.6.1p1-ip-port-config-parser.patch
|
||||
# https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
|
||||
Patch921: openssh-6.7p1-debian-restore-tcp-wrappers.patch
|
||||
|
||||
|
||||
License: BSD
|
||||
Group: Applications/Internet
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
@ -433,8 +432,7 @@ popd
|
||||
%patch200 -p1 -b .audit
|
||||
%patch700 -p1 -b .fips
|
||||
|
||||
# FIXME rebase 6.7p1
|
||||
# %patch100 -p1 -b .coverity
|
||||
%patch100 -p1 -b .coverity
|
||||
|
||||
%if 0
|
||||
# Nothing here yet
|
||||
|
Loading…
Reference in New Issue
Block a user