Security FIX, Please update to this Version.

Options for both:
USE_OPENSSL_BASE=yes
	uses an older opensssl in the base system.

Options for portable:
OPENSSH_OVERWRITE_BASE=yes
	includes USE_OPENSSL_BASE=yes
	installls in the paths of the base system

3 files changed, 68 insertions, 1 deletions

diff --git a/security/hpn-ssh/Makefile b/security/hpn-ssh/Makefile
index d4f6705dfbb8..9bb3895c0126 100644
--- a/security/hpn-ssh/Makefile
+++ b/security/hpn-ssh/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	openssh
 PORTVERSION=	3.3p1
-PORTREVISION=	3
+PORTREVISION=	5
 CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
 		ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \
@@ -51,6 +51,8 @@ CONFIGURE_ARGS+=	--mandir=${MANPREFIX}/man --localstatedir=/var
 EMPTYDIR=	/var/empty
 ETCSSH=		/etc/ssh
 PLIST_SUB+=	NOTBASE="@comment "
+PLIST_SUB+=	BASE=""
+PKGMESSAGE=	pkg-message.empty
 .else
 .if exists(/var/empty)
 EMPTYDIR=	/var/empty
@@ -59,6 +61,7 @@ EMPTYDIR=	${PREFIX}/empty
 .endif
 ETCSSH=		${PREFIX}/etc/ssh
 PLIST_SUB+=	NOTBASE=""
+PLIST_SUB+=	BASE="@comment "
 .endif
 PLIST_SUB+=	EMPTYDIR=${EMPTYDIR}
 CONFIGURE_ARGS+=	--sysconfdir=${ETCSSH}
@@ -119,7 +122,9 @@ post-install:
 .endif
 	${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist
 	${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist
+.if !defined(OPENSSH_OVERWRITE_BASE)
 	@${CAT} ${PKGMESSAGE}
+.endif
 
 .include <bsd.port.pre.mk>
 
diff --git a/security/hpn-ssh/files/patch-auth2-chall.c b/security/hpn-ssh/files/patch-auth2-chall.c
new file mode 100644
index 000000000000..a596ee778e81
--- /dev/null
+++ b/security/hpn-ssh/files/patch-auth2-chall.c
@@ -0,0 +1,61 @@
+--- auth2-chall.c	2002/06/19 00:27:55	1.18
++++ auth2-chall.c	2002/06/26 13:55:37	1.19
+@@ -63,6 +63,7 @@
+ 	char *devices;
+ 	void *ctxt;
+ 	KbdintDevice *device;
++	u_int nreq;
+ };
+ 
+ static KbdintAuthctxt *
+@@ -90,6 +91,7 @@
+ 	debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
+ 	kbdintctxt->ctxt = NULL;
+ 	kbdintctxt->device = NULL;
++	kbdintctxt->nreq = 0;
+ 
+ 	return kbdintctxt;
+ }
+@@ -209,26 +211,26 @@
+ 	KbdintAuthctxt *kbdintctxt;
+ 	char *name, *instr, **prompts;
+ 	int i;
+-	u_int numprompts, *echo_on;
++	u_int *echo_on;
+ 
+ 	kbdintctxt = authctxt->kbdintctxt;
+ 	if (kbdintctxt->device->query(kbdintctxt->ctxt,
+-	    &name, &instr, &numprompts, &prompts, &echo_on))
++	    &name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
+ 		return 0;
+ 
+ 	packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
+ 	packet_put_cstring(name);
+ 	packet_put_cstring(instr);
+ 	packet_put_cstring("");		/* language not used */
+-	packet_put_int(numprompts);
+-	for (i = 0; i < numprompts; i++) {
++	packet_put_int(kbdintctxt->nreq);
++	for (i = 0; i < kbdintctxt->nreq; i++) {
+ 		packet_put_cstring(prompts[i]);
+ 		packet_put_char(echo_on[i]);
+ 	}
+ 	packet_send();
+ 	packet_write_wait();
+ 
+-	for (i = 0; i < numprompts; i++)
++	for (i = 0; i < kbdintctxt->nreq; i++)
+ 		xfree(prompts[i]);
+ 	xfree(prompts);
+ 	xfree(echo_on);
+@@ -256,6 +258,10 @@
+ 
+ 	authctxt->postponed = 0;	/* reset */
+ 	nresp = packet_get_int();
++	if (nresp != kbdintctxt->nreq)
++		fatal("input_userauth_info_response: wrong number of replies");
++	if (nresp > 100)
++		fatal("input_userauth_info_response: too many replies");
+ 	if (nresp > 0) {
+ 		response = xmalloc(nresp * sizeof(char*));
+ 		for (i = 0; i < nresp; i++)
diff --git a/security/hpn-ssh/pkg-plist b/security/hpn-ssh/pkg-plist
index b2df58c55ca3..a20e02c1426b 100644
--- a/security/hpn-ssh/pkg-plist
+++ b/security/hpn-ssh/pkg-plist
@@ -33,5 +33,6 @@ libexec/ssh-keysign
 %%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -t dsa -N "" -f %D/etc/ssh/ssh_host_dsa_key; fi
 %%NOTBASE%%@exec mkdir -p %D/empty
 %%NOTBASE%%@dirrm empty
+%%BASE%%@exec mkdir -p %%EMPTYDIR%%
 @exec if ! pw groupshow sshd 2>/dev/null; then pw groupadd sshd -g 22; fi
 @exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u 22 -h - -d %%EMPTYDIR%% -s /nonexistent -c "sshd privilege separation"; fi