svn commit: r385541 - in head/security/openssh-portable: . files

Bryan Drewery bdrewery at FreeBSD.org
Wed May 6 18:39:42 UTC 2015


Author: bdrewery
Date: Wed May  6 18:39:41 2015
New Revision: 385541
URL: https://svnweb.freebsd.org/changeset/ports/385541

Log:
  Fix clients getting 'Bad packet length' and 'Disconnecting: Packet corrupt'
  when the NONECIPHER option is selected but not the HPN option.  The server
  banner was improperly sending a NULL byte after the newline causing confusion
  on the client.  This was an error in my own modifications to the HPN patch
  in r383231.
  
  This may have occurred with stale builds as well, such as running
  'make configure' then 'portsnap update' and then 'make build'.
  
  Pointyhat to:	bdrewery
  Reported by:	many
  PR:		199352

Modified:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/files/extra-patch-hpn

Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile	Wed May  6 18:34:58 2015	(r385540)
+++ head/security/openssh-portable/Makefile	Wed May  6 18:39:41 2015	(r385541)
@@ -3,7 +3,7 @@
 
 PORTNAME=	openssh
 DISTVERSION=	6.8p1
-PORTREVISION=	5
+PORTREVISION=	6
 PORTEPOCH=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	${MASTER_SITE_OPENBSD}

Modified: head/security/openssh-portable/files/extra-patch-hpn
==============================================================================
--- head/security/openssh-portable/files/extra-patch-hpn	Wed May  6 18:34:58 2015	(r385540)
+++ head/security/openssh-portable/files/extra-patch-hpn	Wed May  6 18:39:41 2015	(r385541)
@@ -1200,9 +1200,10 @@ diff -urN -x configure -x config.guess -
  	debug("Authentication succeeded (%s).", authctxt.method->name);
  }
  
---- work.clean/openssh-6.8p1/sshd.c	2015-04-01 22:07:18.190233000 -0500
-+++ work/openssh-6.8p1/sshd.c	2015-04-03 17:17:03.227774000 -0500
-@@ -439,7 +439,10 @@
+--- work.clean/openssh-6.8p1/sshd.c.orig	2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/sshd.c	2015-05-06 13:29:02.129507000 -0500
+@@ -430,8 +430,13 @@ sshd_exchange_identification(int sock_in
+ 		minor = PROTOCOL_MINOR_1;
  	}
  
 -	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
@@ -1210,11 +1211,13 @@ diff -urN -x configure -x config.guess -
  	    major, minor, SSH_VERSION,
 +#ifdef HPN_ENABLED
 +	    options.hpn_disabled ? "" : SSH_HPN,
++#else
++	    "",
 +#endif
  	    *options.version_addendum == '\0' ? "" : " ",
  	    options.version_addendum, newline);
  
-@@ -1157,6 +1160,10 @@
+@@ -1149,6 +1154,10 @@ server_listen(void)
  	int ret, listen_sock, on = 1;
  	struct addrinfo *ai;
  	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
@@ -1225,7 +1228,7 @@ diff -urN -x configure -x config.guess -
  
  	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
  		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
-@@ -1197,6 +1204,13 @@
+@@ -1189,6 +1198,13 @@ server_listen(void)
  
  		debug("Bind to port %s on %s.", strport, ntop);
  
@@ -1239,7 +1242,7 @@ diff -urN -x configure -x config.guess -
  		/* Bind the socket to the desired port. */
  		if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
  			error("Bind to port %s on %s failed: %.200s.",
-@@ -2167,6 +2181,11 @@
+@@ -2132,6 +2148,11 @@ main(int ac, char **av)
  	    remote_ip, remote_port,
  	    get_local_ipaddr(sock_in), get_local_port());
  
@@ -1251,7 +1254,7 @@ diff -urN -x configure -x config.guess -
  	/*
  	 * We don't want to listen forever unless the other side
  	 * successfully authenticates itself.  So we set up an alarm which is
-@@ -2566,6 +2585,12 @@
+@@ -2531,6 +2552,12 @@ do_ssh2_kex(void)
  	if (options.ciphers != NULL) {
  		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
  		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;


More information about the svn-ports-all mailing list