Version bump for security #119232.

(Portage version: 2.1_pre4-r1)

4 files changed, 513 insertions, 1 deletions

diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog
index e634a70b43c2..506c39a7b90c 100644
--- a/net-misc/openssh/ChangeLog
+++ b/net-misc/openssh/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-misc/openssh
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.144 2006/01/29 12:01:10 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.145 2006/02/01 03:27:21 vapier Exp $
+
+*openssh-4.2_p1-r1 (01 Feb 2006)
+
+  01 Feb 2006; Mike Frysinger <vapier@gentoo.org>
+  +files/openssh-4.2_p1-CVE-2006-0225.patch, +openssh-4.2_p1-r1.ebuild:
+  Version bump for security #119232.
 
   29 Jan 2006; Mike Frysinger <vapier@gentoo.org>
   +files/openssh-4.2_p1-cross-compile.patch, openssh-4.0_p1-r2.ebuild,
diff --git a/net-misc/openssh/files/digest-openssh-4.2_p1-r1 b/net-misc/openssh/files/digest-openssh-4.2_p1-r1
new file mode 100644
index 000000000000..df3ae09caa4b
--- /dev/null
+++ b/net-misc/openssh/files/digest-openssh-4.2_p1-r1
@@ -0,0 +1,5 @@
+MD5 6c89525f43b93fb2671af345dd85783b openssh-4.2p1+SecurID_v1.3.2.patch 616248
+MD5 cda9a91dc66ff20be49ba379be9089fd openssh-4.2p1+x509-5.2.diff.gz 123592
+MD5 4b8f0befa09f234d6e7f1a5849b86197 openssh-4.2p1-hpn11.diff 14765
+MD5 df899194a340c933944b193477c628fa openssh-4.2p1.tar.gz 914165
+MD5 b779906d657d63794144cabe2bf978b8 openssh-lpk-4.1p1-0.3.6.patch 60312
diff --git a/net-misc/openssh/files/openssh-4.2_p1-CVE-2006-0225.patch b/net-misc/openssh/files/openssh-4.2_p1-CVE-2006-0225.patch
new file mode 100644
index 000000000000..a683007f1ed2
--- /dev/null
+++ b/net-misc/openssh/files/openssh-4.2_p1-CVE-2006-0225.patch
@@ -0,0 +1,337 @@
+Index: misc.c
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/misc.c,v
+retrieving revision 1.41
+retrieving revision 1.42
+diff -u -p -r1.41 -r1.42
+--- misc.c	5 Jan 2006 23:43:53 -0000	1.41
++++ misc.c	31 Jan 2006 10:19:02 -0000	1.42
+@@ -383,12 +383,15 @@ void
+ addargs(arglist *args, char *fmt, ...)
+ {
+ 	va_list ap;
+-	char buf[1024];
++	char *cp;
+ 	u_int nalloc;
++	int r;
+ 
+ 	va_start(ap, fmt);
+-	vsnprintf(buf, sizeof(buf), fmt, ap);
++	r = vasprintf(&cp, fmt, ap);
+ 	va_end(ap);
++	if (r == -1)
++		fatal("addargs: argument too long");
+ 
+ 	nalloc = args->nalloc;
+ 	if (args->list == NULL) {
+@@ -399,8 +402,42 @@ addargs(arglist *args, char *fmt, ...)
+ 
+ 	args->list = xrealloc(args->list, nalloc * sizeof(char *));
+ 	args->nalloc = nalloc;
+-	args->list[args->num++] = xstrdup(buf);
++	args->list[args->num++] = cp;
+ 	args->list[args->num] = NULL;
++}
++
++void
++replacearg(arglist *args, u_int which, char *fmt, ...)
++{
++	va_list ap;
++	char *cp;
++	int r;
++
++	va_start(ap, fmt);
++	r = vasprintf(&cp, fmt, ap);
++	va_end(ap);
++	if (r == -1)
++		fatal("replacearg: argument too long");
++
++	if (which >= args->num)
++		fatal("replacearg: tried to replace invalid arg %d >= %d",
++		    which, args->num);
++	xfree(args->list[which]);
++	args->list[which] = cp;
++}
++
++void
++freeargs(arglist *args)
++{
++	u_int i;
++
++	if (args->list != NULL) {
++		for (i = 0; i < args->num; i++)
++			xfree(args->list[i]);
++		xfree(args->list);
++		args->nalloc = args->num = 0;
++		args->list = NULL;
++	}
+ }
+ 
+ /*
+Index: misc.h
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/misc.h,v
+retrieving revision 1.28
+retrieving revision 1.29
+diff -u -p -r1.28 -r1.29
+--- misc.h	8 Dec 2005 18:34:11 -0000	1.28
++++ misc.h	31 Jan 2006 10:19:02 -0000	1.29
+@@ -38,7 +38,11 @@ struct arglist {
+ 	u_int   num;
+ 	u_int   nalloc;
+ };
+-void	 addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3)));
++void	 addargs(arglist *, char *, ...)
++	     __attribute__((format(printf, 2, 3)));
++void	 replacearg(arglist *, u_int, char *, ...)
++	     __attribute__((format(printf, 3, 4)));
++void	 freeargs(arglist *);
+ 
+ /* readpass.c */
+ 
+Index: scp.c
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/scp.c,v
+retrieving revision 1.128
+retrieving revision 1.129
+diff -u -p -r1.128 -r1.129
+--- scp.c	6 Dec 2005 22:38:27 -0000	1.128
++++ scp.c	31 Jan 2006 10:19:02 -0000	1.129
+@@ -118,6 +118,48 @@ killchild(int signo)
+ 	exit(1);
+ }
+ 
++static int
++do_local_cmd(arglist *a)
++{
++	u_int i;
++	int status;
++	pid_t pid;
++
++	if (a->num == 0)
++		fatal("do_local_cmd: no arguments");
++
++	if (verbose_mode) {
++		fprintf(stderr, "Executing:");
++		for (i = 0; i < a->num; i++)
++			fprintf(stderr, " %s", a->list[i]);
++		fprintf(stderr, "\n");
++	}
++	if ((pid = fork()) == -1)
++		fatal("do_local_cmd: fork: %s", strerror(errno));
++
++	if (pid == 0) {
++		execvp(a->list[0], a->list);
++		perror(a->list[0]);
++		exit(1);
++	}
++
++	do_cmd_pid = pid;
++	signal(SIGTERM, killchild);
++	signal(SIGINT, killchild);
++	signal(SIGHUP, killchild);
++
++	while (waitpid(pid, &status, 0) == -1)
++		if (errno != EINTR)
++			fatal("do_local_cmd: waitpid: %s", strerror(errno));
++
++	do_cmd_pid = -1;
++
++	if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
++		return (-1);
++
++	return (0);
++}
++
+ /*
+  * This function executes the given command as the specified user on the
+  * given host.  This returns < 0 if execution fails, and >= 0 otherwise. This
+@@ -162,7 +204,7 @@ do_cmd(char *host, char *remuser, char *
+ 		close(pin[0]);
+ 		close(pout[1]);
+ 
+-		args.list[0] = ssh_program;
++		replacearg(&args, 0, "%s", ssh_program);
+ 		if (remuser != NULL)
+ 			addargs(&args, "-l%s", remuser);
+ 		addargs(&args, "%s", host);
+@@ -225,8 +267,9 @@ main(int argc, char **argv)
+ 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ 	sanitise_stdfd();
+ 
++	memset(&args, '\0', sizeof(args));
+ 	args.list = NULL;
+-	addargs(&args, "ssh");		/* overwritten with ssh_program */
++	addargs(&args, "%s", ssh_program);
+ 	addargs(&args, "-x");
+ 	addargs(&args, "-oForwardAgent no");
+ 	addargs(&args, "-oPermitLocalCommand no");
+@@ -363,6 +406,10 @@ toremote(char *targ, int argc, char **ar
+ {
+ 	int i, len;
+ 	char *bp, *host, *src, *suser, *thost, *tuser, *arg;
++	arglist alist;
++
++	memset(&alist, '\0', sizeof(alist));
++	alist.list = NULL;
+ 
+ 	*targ++ = 0;
+ 	if (*targ == 0)
+@@ -380,56 +427,48 @@ toremote(char *targ, int argc, char **ar
+ 		tuser = NULL;
+ 	}
+ 
++	if (tuser != NULL && !okname(tuser)) {
++		xfree(arg);
++		return;
++	}
++
+ 	for (i = 0; i < argc - 1; i++) {
+ 		src = colon(argv[i]);
+ 		if (src) {	/* remote to remote */
+-			static char *ssh_options =
+-			    "-x -o'ClearAllForwardings yes'";
++			freeargs(&alist);
++			addargs(&alist, "%s", ssh_program);
++			if (verbose_mode)
++				addargs(&alist, "-v");
++			addargs(&alist, "-x");
++			addargs(&alist, "-oClearAllForwardings yes");
++			addargs(&alist, "-n");
++
+ 			*src++ = 0;
+ 			if (*src == 0)
+ 				src = ".";
+ 			host = strrchr(argv[i], '@');
+-			len = strlen(ssh_program) + strlen(argv[i]) +
+-			    strlen(src) + (tuser ? strlen(tuser) : 0) +
+-			    strlen(thost) + strlen(targ) +
+-			    strlen(ssh_options) + CMDNEEDS + 20;
+-			bp = xmalloc(len);
++
+ 			if (host) {
+ 				*host++ = 0;
+ 				host = cleanhostname(host);
+ 				suser = argv[i];
+ 				if (*suser == '\0')
+ 					suser = pwd->pw_name;
+-				else if (!okname(suser)) {
+-					xfree(bp);
+-					continue;
+-				}
+-				if (tuser && !okname(tuser)) {
+-					xfree(bp);
++				else if (!okname(suser))
+ 					continue;
+-				}
+-				snprintf(bp, len,
+-				    "%s%s %s -n "
+-				    "-l %s %s %s %s '%s%s%s:%s'",
+-				    ssh_program, verbose_mode ? " -v" : "",
+-				    ssh_options, suser, host, cmd, src,
+-				    tuser ? tuser : "", tuser ? "@" : "",
+-				    thost, targ);
++				addargs(&alist, "-l");
++				addargs(&alist, "%s", suser);
+ 			} else {
+ 				host = cleanhostname(argv[i]);
+-				snprintf(bp, len,
+-				    "exec %s%s %s -n %s "
+-				    "%s %s '%s%s%s:%s'",
+-				    ssh_program, verbose_mode ? " -v" : "",
+-				    ssh_options, host, cmd, src,
+-				    tuser ? tuser : "", tuser ? "@" : "",
+-				    thost, targ);
+ 			}
+-			if (verbose_mode)
+-				fprintf(stderr, "Executing: %s\n", bp);
+-			if (system(bp) != 0)
++			addargs(&alist, "%s", host);
++			addargs(&alist, "%s", cmd);
++			addargs(&alist, "%s", src);
++			addargs(&alist, "%s%s%s:%s",
++			    tuser ? tuser : "", tuser ? "@" : "",
++			    thost, targ);
++			if (do_local_cmd(&alist) != 0)
+ 				errs = 1;
+-			(void) xfree(bp);
+ 		} else {	/* local to remote */
+ 			if (remin == -1) {
+ 				len = strlen(targ) + CMDNEEDS + 20;
+@@ -453,20 +492,23 @@ tolocal(int argc, char **argv)
+ {
+ 	int i, len;
+ 	char *bp, *host, *src, *suser;
++	arglist alist;
++
++	memset(&alist, '\0', sizeof(alist));
++	alist.list = NULL;
+ 
+ 	for (i = 0; i < argc - 1; i++) {
+ 		if (!(src = colon(argv[i]))) {	/* Local to local. */
+-			len = strlen(_PATH_CP) + strlen(argv[i]) +
+-			    strlen(argv[argc - 1]) + 20;
+-			bp = xmalloc(len);
+-			(void) snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP,
+-			    iamrecursive ? " -r" : "", pflag ? " -p" : "",
+-			    argv[i], argv[argc - 1]);
+-			if (verbose_mode)
+-				fprintf(stderr, "Executing: %s\n", bp);
+-			if (system(bp))
++			freeargs(&alist);
++			addargs(&alist, "%s", _PATH_CP);
++			if (iamrecursive)
++				addargs(&alist, "-r");
++			if (pflag)
++				addargs(&alist, "-p");
++			addargs(&alist, "%s", argv[i]);
++			addargs(&alist, "%s", argv[argc-1]);
++			if (do_local_cmd(&alist))
+ 				++errs;
+-			(void) xfree(bp);
+ 			continue;
+ 		}
+ 		*src++ = 0;
+Index: sftp.c
+===================================================================
+RCS file: /cvs/src/usr.bin/ssh/sftp.c,v
+retrieving revision 1.69
+retrieving revision 1.70
+diff -u -p -r1.69 -r1.70
+--- sftp.c	6 Dec 2005 22:38:27 -0000	1.69
++++ sftp.c	31 Jan 2006 10:19:02 -0000	1.70
+@@ -1433,8 +1433,9 @@ main(int argc, char **argv)
+ 	extern char *optarg;
+ 
+ 	__progname = ssh_get_progname(argv[0]);
++	memset(&args, '\0', sizeof(args));
+ 	args.list = NULL;
+-	addargs(&args, "ssh");		/* overwritten with ssh_program */
++	addargs(&args, ssh_program);
+ 	addargs(&args, "-oForwardX11 no");
+ 	addargs(&args, "-oForwardAgent no");
+ 	addargs(&args, "-oPermitLocalCommand no");
+@@ -1469,6 +1470,7 @@ main(int argc, char **argv)
+ 			break;
+ 		case 'S':
+ 			ssh_program = optarg;
++			replacearg(&args, 0, "%s", ssh_program);
+ 			break;
+ 		case 'b':
+ 			if (batchmode)
+@@ -1545,7 +1547,6 @@ main(int argc, char **argv)
+ 		addargs(&args, "%s", host);
+ 		addargs(&args, "%s", (sftp_server != NULL ?
+ 		    sftp_server : "sftp"));
+-		args.list[0] = ssh_program;
+ 
+ 		if (!batchmode)
+ 			fprintf(stderr, "Connecting to %s...\n", host);
+@@ -1558,6 +1559,7 @@ main(int argc, char **argv)
+ 			fprintf(stderr, "Attaching to %s...\n", sftp_direct);
+ 		connect_to_server(sftp_direct, args.list, &in, &out);
+ 	}
++	freeargs(&args);
+ 
+ 	err = interactive_loop(in, out, file1, file2);
+ 
diff --git a/net-misc/openssh/openssh-4.2_p1-r1.ebuild b/net-misc/openssh/openssh-4.2_p1-r1.ebuild
new file mode 100644
index 000000000000..9bc6df049621
--- /dev/null
+++ b/net-misc/openssh/openssh-4.2_p1-r1.ebuild
@@ -0,0 +1,164 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.2_p1-r1.ebuild,v 1.1 2006/02/01 03:27:21 vapier Exp $
+
+inherit eutils flag-o-matic ccc pam
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_/}
+
+X509_PATCH="${PARCH}+x509-5.2.diff.gz"
+SECURID_PATCH="${PARCH}+SecurID_v1.3.2.patch"
+LDAP_PATCH="${PARCH/-4.2/-lpk-4.1}-0.3.6.patch"
+HPN_PATCH="${PARCH}-hpn11.diff"
+
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.com/"
+SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
+	ldap? ( http://www.opendarwin.org/en/projects/openssh-lpk/files/${LDAP_PATCH} )
+	X509? ( http://roumenpetrov.info/openssh/x509-5.2/${X509_PATCH} )
+	hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )
+	smartcard? ( http://www.omniti.com/~jesus/projects/${SECURID_PATCH} )"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ipv6 static pam tcpd kerberos skey selinux chroot X509 ldap smartcard sftplogging hpn libedit"
+
+RDEPEND="pam? ( virtual/pam )
+	kerberos? ( virtual/krb5 )
+	selinux? ( sys-libs/libselinux )
+	skey? ( >=app-admin/skey-1.1.5-r1 )
+	ldap? ( net-nds/openldap )
+	libedit? ( dev-libs/libedit )
+	>=dev-libs/openssl-0.9.6d
+	>=sys-libs/zlib-1.2.3
+	smartcard? ( dev-libs/opensc )
+	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )"
+DEPEND="${RDEPEND}
+	virtual/os-headers
+	sys-devel/autoconf"
+PROVIDE="virtual/ssh"
+
+S=${WORKDIR}/${PARCH}
+
+src_unpack() {
+	unpack ${PARCH}.tar.gz
+	cd "${S}"
+
+	sed -i \
+		-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
+		pathnames.h || die
+
+	epatch "${FILESDIR}"/openssh-4.2_p1-kerberos-detection.patch #80811
+	epatch "${FILESDIR}"/openssh-4.2_p1-cross-compile.patch #120567
+	epatch "${FILESDIR}"/openssh-4.2_p1-CVE-2006-0225.patch #119232
+
+	use X509 && epatch "${DISTDIR}"/${X509_PATCH}
+	use sftplogging && epatch "${FILESDIR}"/openssh-4.2_p1-sftplogging-1.4-gentoo.patch.bz2
+	use chroot && epatch "${FILESDIR}"/openssh-3.9_p1-chroot.patch
+	epatch "${FILESDIR}"/openssh-4.2_p1-selinux.patch
+	use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch
+	if ! use X509 ; then
+		if [[ -n ${SECURID_PATCH} ]] && use smartcard ; then
+			epatch "${DISTDIR}"/${SECURID_PATCH}
+			use ldap && epatch "${FILESDIR}"/openssh-4.0_p1-smartcard-ldap-happy.patch
+		fi
+		if use sftplogging ; then
+			ewarn "Sorry, sftplogging and ldap don't get along"
+		else
+			use ldap && epatch "${DISTDIR}"/${LDAP_PATCH}
+		fi
+	elif [[ -n ${SECURID_PATCH} ]] && use smartcard || use ldap ; then
+		ewarn "Sorry, x509 and smartcard/ldap don't get along"
+	fi
+	[[ -n ${HPN_PATCH} ]] && use hpn && epatch "${DISTDIR}"/${HPN_PATCH}
+
+	sed -i '/LD.*ssh-keysign/s:$: '$(bindnow-flags)':' Makefile.in || die "setuid"
+
+	autoconf || die "autoconf failed"
+}
+
+src_compile() {
+	addwrite /dev/ptmx
+	addpredict /etc/skey/skeykeys #skey configure code triggers this
+
+	local myconf
+	# make sure .sbss is large enough
+	use skey && use alpha && append-ldflags -mlarge-data
+	if use ldap ; then
+		filter-flags -funroll-loops
+		myconf="${myconf} --with-ldap"
+	fi
+	use selinux && append-flags -DWITH_SELINUX && append-ldflags -lselinux
+
+	if use static ; then
+		append-ldflags -static
+		use pam && ewarn "Disabling pam support becuse of static flag"
+		myconf="${myconf} --without-pam"
+	else
+		myconf="${myconf} $(use_with pam)"
+	fi
+
+	use ipv6 || myconf="${myconf} --with-ipv4-default"
+
+	econf \
+		--with-ldflags="${LDFLAGS}" \
+		--disable-strip \
+		--sysconfdir=/etc/ssh \
+		--libexecdir=/usr/$(get_libdir)/misc \
+		--datadir=/usr/share/openssh \
+		--disable-suid-ssh \
+		--with-privsep-path=/var/empty \
+		--with-privsep-user=sshd \
+		--with-md5-passwords \
+		$(use_with libedit) \
+		$(use_with kerberos kerberos5 /usr) \
+		$(use_with tcpd tcp-wrappers) \
+		$(use_with skey) \
+		$(use_with smartcard opensc) \
+		${myconf} \
+		|| die "bad configure"
+
+	emake || die "compile problem"
+}
+
+src_install() {
+	make install-nokeys DESTDIR="${D}" || die
+	fperms 600 /etc/ssh/sshd_config
+	dobin contrib/ssh-copy-id
+	newinitd "${FILESDIR}"/sshd.rc6 sshd
+	keepdir /var/empty
+
+	newpamd "${FILESDIR}"/sshd.pam_include sshd
+	dosed "/^#Protocol /s:.*:Protocol 2:" /etc/ssh/sshd_config
+	use pam \
+		&& dosed "/^#UsePAM /s:.*:UsePAM yes:" /etc/ssh/sshd_config \
+		&& dosed "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" /etc/ssh/sshd_config
+
+	doman contrib/ssh-copy-id.1
+	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+}
+
+pkg_postinst() {
+	enewgroup sshd 22
+	enewuser sshd 22 -1 /var/empty sshd
+
+	ewarn "Remember to merge your config files in /etc/ssh/ and then"
+	ewarn "restart sshd: '/etc/init.d/sshd restart'."
+	ewarn
+	einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"
+	einfo "functionality, but please ensure that you do not explicitly disable"
+	einfo "this in your configuration as disabling it opens security holes"
+	einfo
+	einfo "This revision has removed your sshd user id and replaced it with a"
+	einfo "new one with UID 22.  If you have any scripts or programs that"
+	einfo "that referenced the old UID directly, you will need to update them."
+	einfo
+	if use pam ; then
+		einfo "Please be aware users need a valid shell in /etc/passwd"
+		einfo "in order to be allowed to login."
+		einfo
+	fi
+}