openssh: update to 6.4p1

This release fixes a security bug:

 * sshd(8): fix a memory corruption problem triggered during rekeying
   when an AES-GCM cipher is selected. Full details of the vulnerability
   are available at: http://www.openssh.com/txt/gcmrekey.adv

Signed-off-by: Peter Wagner <[email protected]>
SVN-Revision: 38693

diff --git a/net/openssh/Makefile b/net/openssh/Makefile
index d75a8591930b66360aeab631f9d82cb249e50be1..ce1907f889712cb108c14f7dbe82c597cd69cf23 100644 (file)
--- a/net/openssh/Makefile
+++ b/net/openssh/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssh
-PKG_VERSION:=6.3p1
+PKG_VERSION:=6.4p1
 PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -16,7 +16,7 @@ PKG_SOURCE_URL:=ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
                ftp://openbsd.wiretapped.net/pub/OpenBSD/OpenSSH/portable/ \
                ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ \
                ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/
-PKG_MD5SUM:=225e75c9856f76011966013163784038
+PKG_MD5SUM:=a62b88b884df0b09b8a8c5789ac9e51b
 
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)

diff --git a/net/openssh/patches/100-no_cast_fix.patch b/net/openssh/patches/100-no_cast_fix.patch
index 2b77819a6365838da5f12565a5d8cf5d27ff0667..ad0a3170c0aa803b3c1ff4013becd4b8169ce3ce 100644 (file)
--- a/net/openssh/patches/100-no_cast_fix.patch
+++ b/net/openssh/patches/100-no_cast_fix.patch
@@ -1,8 +1,6 @@
-diff --git a/cipher.c b/cipher.c
-index 9ca1d00..a6c1324 100644
 --- a/cipher.c
 +++ b/cipher.c
-@@ -74,8 +74,10 @@ struct Cipher {
+@@ -76,8 +76,10 @@ static const struct Cipher ciphers[] = {
        { "3des-cbc",   SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
        { "blowfish-cbc",
                        SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },

diff --git a/net/openssh/patches/110-no_ripemd_fix.patch b/net/openssh/patches/110-no_ripemd_fix.patch
index df2ad0efb324975ff78a635d0750f921acf5ceeb..37a43037da109d1d2df045db66c8b1702b9c61f1 100644 (file)
--- a/net/openssh/patches/110-no_ripemd_fix.patch
+++ b/net/openssh/patches/110-no_ripemd_fix.patch
@@ -1,8 +1,6 @@
-diff --git a/mac.c b/mac.c
-index 3f2dc6f..73d2d4e 100644
 --- a/mac.c
 +++ b/mac.c
-@@ -68,8 +68,10 @@ struct {
+@@ -70,8 +70,10 @@ static const struct macalg macs[] = {
  #endif
        { "hmac-md5",                           SSH_EVP, EVP_md5, 0, 0, 0, 0 },
        { "hmac-md5-96",                        SSH_EVP, EVP_md5, 96, 0, 0, 0 },
@@ -13,7 +11,7 @@ index 3f2dc6f..73d2d4e 100644
        { "[email protected]",                SSH_UMAC, NULL, 0, 128, 64, 0 },
        { "[email protected]",               SSH_UMAC128, NULL, 0, 128, 128, 0 },
  
-@@ -82,7 +84,9 @@ struct {
+@@ -84,7 +86,9 @@ static const struct macalg macs[] = {
  #endif
        { "[email protected]",           SSH_EVP, EVP_md5, 0, 0, 0, 1 },
        { "[email protected]",        SSH_EVP, EVP_md5, 96, 0, 0, 1 },

diff --git a/net/openssh/patches/130-implicit_memset_decl_fix.patch b/net/openssh/patches/130-implicit_memset_decl_fix.patch
index a2229ee8174e97c2ef43fcf36f65c8afd6871bec..be8bbcf9c4ade46547cdeaf834fcdd4c859794bf 100644 (file)
--- a/net/openssh/patches/130-implicit_memset_decl_fix.patch
+++ b/net/openssh/patches/130-implicit_memset_decl_fix.patch
@@ -1,6 +1,6 @@
 --- a/includes.h
 +++ b/includes.h
-@@ -57,6 +57,9 @@
+@@ -59,6 +59,9 @@
  /*
   *-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively
   */

diff --git a/net/openssh/patches/140-pam_uclibc_pthreads_fix.patch b/net/openssh/patches/140-pam_uclibc_pthreads_fix.patch
index 8018de02b05b248610c020f186884e971a62dbc1..c0c5a4b4a231a113355fd2b31f68817bf0f90dd5 100644 (file)
--- a/net/openssh/patches/140-pam_uclibc_pthreads_fix.patch
+++ b/net/openssh/patches/140-pam_uclibc_pthreads_fix.patch
@@ -44,7 +44,7 @@
  {
        int status;
  
-@@ -509,7 +509,7 @@ sshpam_thread(void *ctxtp)
+@@ -508,7 +508,7 @@ sshpam_thread(void *ctxtp)
        /* XXX - can't do much about an error here */
        ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
        buffer_free(&buffer);
@@ -53,7 +53,7 @@
  
   auth_fail:
        buffer_put_cstring(&buffer,
-@@ -520,7 +520,7 @@ sshpam_thread(void *ctxtp)
+@@ -519,7 +519,7 @@ sshpam_thread(void *ctxtp)
        else
                ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
        buffer_free(&buffer);
@@ -62,7 +62,7 @@
  
        return (NULL); /* Avoid warning for non-pthread case */
  }
-@@ -532,8 +532,8 @@ sshpam_thread_cleanup(void)
+@@ -531,8 +531,8 @@ sshpam_thread_cleanup(void)
  
        debug3("PAM: %s entering", __func__);
        if (ctxt != NULL && ctxt->pam_thread != 0) {
@@ -73,7 +73,7 @@
                close(ctxt->pam_psock);
                close(ctxt->pam_csock);
                memset(ctxt, 0, sizeof(*ctxt));
-@@ -698,7 +698,7 @@ sshpam_init_ctx(Authctxt *authctxt)
+@@ -696,7 +696,7 @@ sshpam_init_ctx(Authctxt *authctxt)
        }
        ctxt->pam_psock = socks[0];
        ctxt->pam_csock = socks[1];

diff --git a/net/openssh/patches/200-dscp-qos.patch b/net/openssh/patches/200-dscp-qos.patch
index 68830cc741efc22fa469a9396dd7e6ebfbea9fcc..85cef53dd4058d6e6bd86cb3ab95f4164ce534e6 100644 (file)
--- a/net/openssh/patches/200-dscp-qos.patch
+++ b/net/openssh/patches/200-dscp-qos.patch
@@ -9,7 +9,7 @@
 +#IPQoS AF21 AF11
 --- a/sshd_config
 +++ b/sshd_config
-@@ -120,6 +120,9 @@ UsePrivilegeSeparation sandbox             # Default for new installations.
+@@ -120,6 +120,9 @@ UsePrivilegeSeparation sandbox             # Defaul
  # no default banner path
  #Banner none