summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/audit/Makefile5
-rw-r--r--security/audit/files/patch-ac8
-rw-r--r--security/audit/files/patch-ad6
-rw-r--r--security/audit/files/patch-src::audit::audit.c6
-rw-r--r--security/audit/files/patch-src_include_sysdep.h13
-rw-r--r--security/audit/files/patch-src_lib_packet.c11
-rw-r--r--security/audit/files/patch-src_modules_auth_srp_auth_srp.c150
7 files changed, 136 insertions, 63 deletions
diff --git a/security/audit/Makefile b/security/audit/Makefile
index 135b1c3c8f9c..71cfcb425bca 100644
--- a/security/audit/Makefile
+++ b/security/audit/Makefile
@@ -10,8 +10,7 @@ PORTVERSION= 1.0
PORTREVISION= 3
CATEGORIES= security
MASTER_SITES= http://www1.corest.com/download/audit/ \
- http://www2.corest.com/download/audit/ \
- ftp://ftp.nuug.no/pub/anders/distfiles/
+ ftp://ftp.stack.nl/pub/users/johans/audit/
DISTNAME= ${PORTNAME}-v${PORTVERSION}beta-src
MAINTAINER= ports@FreeBSD.org
@@ -22,7 +21,7 @@ OPTIONS= MYSQL "With MySQL support" off \
MAKE_ARGS= CFLAGS+="-fPIC -DPIC"
-WRKSRC= ${WRKDIR}/${PORTNAME}-v${PORTVERSION}beta
+WRKSRC= ${WRKDIR}/${PORTNAME}-v${PORTVERSION}
USE_GMAKE= yes
USE_LDCONFIG= ${PREFIX}/lib/alat
diff --git a/security/audit/files/patch-ac b/security/audit/files/patch-ac
index 495d981dc14f..d46c546e077c 100644
--- a/security/audit/files/patch-ac
+++ b/security/audit/files/patch-ac
@@ -1,6 +1,6 @@
---- src/auditd/auditd.c.orig Sun Nov 24 05:22:21 2002
-+++ src/auditd/auditd.c Sun Nov 24 05:25:39 2002
-@@ -54,6 +54,10 @@
+--- src/auditd/auditd.c.orig 2001-11-01 23:22:31.000000000 +0100
++++ src/auditd/auditd.c 2007-10-17 09:41:34.000000000 +0200
+@@ -55,6 +55,10 @@
#include <sysexits.h>
#include <unistd.h>
#include <openssl/evp.h>
@@ -9,5 +9,5 @@
+#include <limits.h>
+#endif
- #include "version.h"
#include "sysdep.h"
+ #include "packet.h"
diff --git a/security/audit/files/patch-ad b/security/audit/files/patch-ad
index f89021de5b3d..08738b0a6129 100644
--- a/security/audit/files/patch-ad
+++ b/security/audit/files/patch-ad
@@ -1,5 +1,5 @@
---- src/auditd/ia.c.orig Sun Nov 24 05:32:00 2002
-+++ src/auditd/ia.c Sun Nov 24 05:32:23 2002
+--- src/auditd/ia.c.orig 2001-10-10 02:30:11.000000000 +0200
++++ src/auditd/ia.c 2007-10-17 09:41:34.000000000 +0200
@@ -54,6 +54,10 @@
#include <sysexits.h>
#include <unistd.h>
@@ -9,5 +9,5 @@
+#include <limits.h>
+#endif
- #include "version.h"
#include "sysdep.h"
+ #include "packet.h"
diff --git a/security/audit/files/patch-src::audit::audit.c b/security/audit/files/patch-src::audit::audit.c
index 0bd030d92b75..6f027726cbc7 100644
--- a/security/audit/files/patch-src::audit::audit.c
+++ b/security/audit/files/patch-src::audit::audit.c
@@ -1,6 +1,6 @@
---- src/audit/audit.c.orig Thu Nov 4 07:24:04 2004
-+++ src/audit/audit.c Thu Nov 4 07:25:17 2004
-@@ -143,6 +143,7 @@
+--- src/audit/audit.c.orig 2001-10-06 01:14:58.000000000 +0200
++++ src/audit/audit.c 2007-10-17 09:41:34.000000000 +0200
+@@ -147,6 +147,7 @@
case SIGABRT:
fatal(-1, "");
default:
diff --git a/security/audit/files/patch-src_include_sysdep.h b/security/audit/files/patch-src_include_sysdep.h
new file mode 100644
index 000000000000..d33f3c733d1c
--- /dev/null
+++ b/security/audit/files/patch-src_include_sysdep.h
@@ -0,0 +1,13 @@
+--- src/include/sysdep.h.orig 2007-10-17 09:51:14.000000000 +0200
++++ src/include/sysdep.h 2007-10-17 09:50:32.000000000 +0200
+@@ -96,10 +96,6 @@ size_t strlcat (char *, const char *, si
+ #define _PASSWORD_LEN 128
+ #endif
+
+-#if defined(__FreeBSD__)
+-typedef int32_t in_addr_t;
+-#endif /* __FreeBSD__ */
+-
+ int init_socket ();
+
+ #endif /* SYSDEP */
diff --git a/security/audit/files/patch-src_lib_packet.c b/security/audit/files/patch-src_lib_packet.c
index 1907180ccf69..a6f960ca5a1a 100644
--- a/security/audit/files/patch-src_lib_packet.c
+++ b/security/audit/files/patch-src_lib_packet.c
@@ -1,6 +1,6 @@
---- src/lib/packet.c.orig 2007-10-17 08:15:35.000000000 +0200
-+++ src/lib/packet.c 2007-10-17 08:04:21.000000000 +0200
-@@ -546,16 +546,16 @@ void
+--- src/lib/packet.c.orig 2001-10-06 00:04:06.000000000 +0200
++++ src/lib/packet.c 2007-10-17 09:44:32.000000000 +0200
+@@ -546,19 +546,19 @@
packet_put_raw(PACKET *p, const void *_data, ssize_t size)
{
ssize_t written;
@@ -14,13 +14,16 @@
+ data = (char *) _data;
while (size) {
written = buf_put_raw(p->pkt_wbuf, data, size);
+ if (written < 0)
+ fatal(EX_SOFTWARE, "Invalid internal packet structure. "
+ "Connection aborted.");
size -= written;
- (char *) data += written;
+ data += written;
if (size)
_packet_write(p);
}
-@@ -604,14 +604,16 @@ void
+@@ -607,14 +607,16 @@
packet_get_raw(PACKET *p, void *data, ssize_t size)
{
ssize_t readed;
diff --git a/security/audit/files/patch-src_modules_auth_srp_auth_srp.c b/security/audit/files/patch-src_modules_auth_srp_auth_srp.c
index 6e836e71617d..c86f1af9e833 100644
--- a/security/audit/files/patch-src_modules_auth_srp_auth_srp.c
+++ b/security/audit/files/patch-src_modules_auth_srp_auth_srp.c
@@ -1,6 +1,32 @@
---- src/modules/auth/srp/auth_srp.c.orig 2007-10-17 08:09:07.000000000 +0200
-+++ src/modules/auth/srp/auth_srp.c 2007-10-17 08:09:09.000000000 +0200
-@@ -445,7 +445,7 @@ _auth_srvr(AUTHCON *ct)
+--- src/modules/auth/srp/auth_srp.c.orig 2001-12-12 21:35:02.000000000 +0100
++++ src/modules/auth/srp/auth_srp.c 2007-10-17 09:48:57.000000000 +0200
+@@ -289,7 +289,7 @@
+ _get_srppass(AUTHCON *ct, BIGNUM *v, BIGNUM *s, unsigned char *bs)
+ {
+ RESOURCE *r;
+- BN_CTX bnctx;
++ BN_CTX *bnctx = BN_CTX_new();
+ BIGNUM tmp;
+
+ if (ct->rlist != NULL) {
+@@ -308,12 +308,12 @@
+
+ /* Generate fake verifier and salt (try to avoid timing attack) */
+ log_debug(AUTH_SRP "Generating fake verifier and salt.");
+- BN_CTX_init(&bnctx);
++ BN_CTX_init(bnctx);
+ BN_init(&tmp);
+- _rand_bn(v, &tmp, &bnctx);
+- _rand_bn(s, &tmp, &bnctx);
++ _rand_bn(v, &tmp, bnctx);
++ _rand_bn(s, &tmp, bnctx);
+ BN_free(&tmp);
+- BN_CTX_free(&bnctx);
++ BN_CTX_free(bnctx);
+ BN_bn2bin(s, bs);
+ return (-1);
+ }
+@@ -460,7 +460,7 @@
USER_M1[SHA1_DIGESTSIZE],
bs[NBYTES];
BIGNUM A, B, S, b, u, v, s, tmp;
@@ -9,7 +35,7 @@
void *buffer;
size_t bufsiz;
char hostname[MAXHOSTNAMELEN]; /* XXX: move to engine */
-@@ -468,7 +468,7 @@ _auth_srvr(AUTHCON *ct)
+@@ -483,7 +483,7 @@
BN_init(&u);
BN_init(&v);
BN_init(&tmp);
@@ -18,29 +44,35 @@
clnt_st = LOGIN_FAILED;
-@@ -493,7 +493,7 @@ _auth_srvr(AUTHCON *ct)
+@@ -508,10 +508,10 @@
+ * u = rand(); 1 < u < p - 1
+ * B = (g exp b + v) % p = ((g exp b) % p + v) % p
*/
- _rand_bn(&b);
- _rand_bn(&u);
-- if (!BN_mod_exp(&tmp, &g, &b, &n, &bnctx) || !BN_add(&B, &tmp, &v))
-+ if (!BN_mod_exp(&tmp, &g, &b, &n, bnctx) || !BN_add(&B, &tmp, &v))
+- _rand_bn(&b, &tmp, &bnctx);
+- _rand_bn(&u, &tmp, &bnctx);
+- if (!BN_mod_exp(&B, &g, &b, &p, &bnctx) ||
+- !BN_add(&tmp, &B, &v) || !BN_mod(&B, &tmp, &p, &bnctx))
++ _rand_bn(&b, &tmp, bnctx);
++ _rand_bn(&u, &tmp, bnctx);
++ if (!BN_mod_exp(&B, &g, &b, &p, bnctx) ||
++ !BN_add(&tmp, &B, &v) || !BN_mod(&B, &tmp, &p, bnctx))
_fatal_bn("srvr_auth()");
/* Receive A, send B and u */
-@@ -507,9 +507,9 @@ _auth_srvr(AUTHCON *ct)
+@@ -527,9 +527,9 @@
* K = HASH(S)
* M1 = HASH(A, B, K)
*/
-- if (!BN_mod_exp(&S, &v, &u, &n, &bnctx) ||
-- !BN_mul(&tmp, &A, &S, &bnctx) ||
-- !BN_mod_exp(&S, &tmp, &b, &n, &bnctx))
-+ if (!BN_mod_exp(&S, &v, &u, &n, bnctx) ||
-+ !BN_mul(&tmp, &A, &S, bnctx) ||
-+ !BN_mod_exp(&S, &tmp, &b, &n, bnctx))
+- if (!BN_mod_exp(&S, &v, &u, &p, &bnctx) ||
+- !BN_mod_mul(&tmp, &A, &S, &p, &bnctx) ||
+- !BN_mod_exp(&S, &tmp, &b, &p, &bnctx))
++ if (!BN_mod_exp(&S, &v, &u, &p, bnctx) ||
++ !BN_mod_mul(&tmp, &A, &S, &p, bnctx) ||
++ !BN_mod_exp(&S, &tmp, &b, &p, bnctx))
_fatal_bn("srvr_auth()");
_hash_bn(K, &S, &buffer, &bufsiz);
_auth_digest1(M1, &A, &B, K, &buffer, &bufsiz);
-@@ -560,7 +560,7 @@ _auth_srvr(AUTHCON *ct)
+@@ -581,7 +581,7 @@
BN_clear_free(&u);
BN_clear_free(&v);
BN_clear_free(&tmp);
@@ -49,49 +81,65 @@
free(buffer);
/* Init encryption */
-@@ -603,7 +603,7 @@ _auth_clnt(AUTHCON *ct, struct autharg_c
+@@ -624,7 +624,7 @@
M2[SHA1_DIGESTSIZE],
SERVER_M2[SHA1_DIGESTSIZE];
- BIGNUM a, u, x, A, B, S, tmp1, tmp2;
+ BIGNUM a, u, x, A, B, S, tmp1, tmp2, tmp3;
- BN_CTX bnctx;
+ BN_CTX *bnctx = BN_CTX_new();
SHA1_CTX sha1_ctx;
void *buffer;
size_t bufsiz;
-@@ -621,7 +621,7 @@ _auth_clnt(AUTHCON *ct, struct autharg_c
- BN_init(&S);
+@@ -643,7 +643,7 @@
BN_init(&tmp1);
BN_init(&tmp2);
+ BN_init(&tmp3);
- BN_CTX_init(&bnctx);
+ BN_CTX_init(bnctx);
srvr_st = clnt_st = LOGIN_FAILED;
-@@ -663,7 +663,7 @@ _auth_clnt(AUTHCON *ct, struct autharg_c
- * A = g exp a
+@@ -681,7 +681,7 @@
+ SHA1Final(xdigest, &sha1_ctx);
+ bzero(args->pass, sizeof(args->pass));
+ if (BN_bin2bn(xdigest, sizeof(xdigest), &tmp1) == NULL ||
+- !BN_mod(&x, &tmp1, &pm1, &bnctx))
++ !BN_mod(&x, &tmp1, &pm1, bnctx))
+ _fatal_bn("_auth_clnt()");
+
+ /*
+@@ -689,8 +689,8 @@
+ * a = rand(); 1 < a < n - 1
+ * A = (g exp a) % n
*/
- _rand_bn(&a);
-- if (!BN_mod_exp(&A, &g, &a, &n, &bnctx))
-+ if (!BN_mod_exp(&A, &g, &a, &n, bnctx))
+- _rand_bn(&a, &tmp1, &bnctx);
+- if (!BN_mod_exp(&A, &g, &a, &p, &bnctx))
++ _rand_bn(&a, &tmp1, bnctx);
++ if (!BN_mod_exp(&A, &g, &a, &p, bnctx))
_fatal_bn("_auth_clnt()");
/* Send A, receive B and u */
-@@ -675,11 +675,11 @@ _auth_clnt(AUTHCON *ct, struct autharg_c
- * Calculate:
- * S = ( (B - g exp x) exp (a + u * x) ) % n
+@@ -704,14 +704,14 @@
+ * = ( (B - (g exp x) % n) exp
+ * ((a + ((u * x) % (n - 1))) % (n - 1)) ) % n
*/
-- if (!BN_mul(&S, &u, &x, &bnctx) ||
-+ if (!BN_mul(&S, &u, &x, bnctx) ||
- !BN_add(&tmp1, &S, &a) ||
-- !BN_mod_exp(&S, &g, &x, &n, &bnctx) ||
-+ !BN_mod_exp(&S, &g, &x, &n, bnctx) ||
- !BN_sub(&tmp2, &B, &S) ||
-- !BN_mod_exp(&S, &tmp2, &tmp1, &n, &bnctx))
-+ !BN_mod_exp(&S, &tmp2, &tmp1, &n, bnctx))
+- if (!BN_mod_mul(&tmp1, &u, &x, &pm1, &bnctx) ||
++ if (!BN_mod_mul(&tmp1, &u, &x, &pm1, bnctx) ||
+ !BN_add(&S, &tmp1, &a) ||
+- !BN_mod(&tmp1, &S, &pm1, &bnctx) ||
+- !BN_mod_exp(&tmp2, &g, &x, &p, &bnctx) ||
++ !BN_mod(&tmp1, &S, &pm1, bnctx) ||
++ !BN_mod_exp(&tmp2, &g, &x, &p, bnctx) ||
+ !BN_add(&tmp3, &B, &p) || /* Workaround for the BN_mod() bug */
+ !BN_sub(&S, &tmp3, &tmp2) ||
+- !BN_mod(&tmp2, &S, &p, &bnctx) ||
+- !BN_mod_exp(&S, &tmp2, &tmp1, &p, &bnctx))
++ !BN_mod(&tmp2, &S, &p, bnctx) ||
++ !BN_mod_exp(&S, &tmp2, &tmp1, &p, bnctx))
_fatal_bn("_auth_clnt()");
/*
-@@ -717,7 +717,7 @@ _auth_clnt(AUTHCON *ct, struct autharg_c
+@@ -749,7 +749,7 @@
BN_clear_free(&S);
BN_clear_free(&tmp1);
BN_clear_free(&tmp2);
@@ -100,16 +148,16 @@
free(buffer);
/* Init encryption */
-@@ -744,7 +744,7 @@ static int
+@@ -776,7 +776,7 @@
_filter_resource(AUTHCON *ct, struct autharg_filter *args)
{
SHA1_CTX sha1_ctx;
- BN_CTX bnctx;
+ BN_CTX *bnctx = BN_CTX_new();
- BIGNUM salt, verifier, x;
+ BIGNUM salt, verifier, x, tmp;
unsigned char bsalt[NBYTES], xdigest[SHA1_DIGESTSIZE];
-@@ -756,7 +756,7 @@ _filter_resource(AUTHCON *ct, struct aut
+@@ -789,7 +789,7 @@
/* Just filter srp passwords */
if (!strcmp(args->rname, SRP_PASS_RNAME)) {
@@ -118,16 +166,26 @@
BN_init(&salt);
BN_init(&x);
BN_init(&verifier);
-@@ -774,7 +774,7 @@ _filter_resource(AUTHCON *ct, struct aut
+@@ -801,15 +801,15 @@
+ * x = HASH(salt, password); 1 < x < n - 1
+ * verifier = (g exp x) % n
+ */
+- _rand_bn(&salt, &tmp, &bnctx);
++ _rand_bn(&salt, &tmp, bnctx);
+ BN_bn2bin(&salt, bsalt);
+ SHA1Init(&sha1_ctx);
+ SHA1Update(&sha1_ctx, bsalt, sizeof(bsalt));
SHA1Update(&sha1_ctx, args->value, args->vsize);
SHA1Final(xdigest, &sha1_ctx);
- if (BN_bin2bn(xdigest, sizeof(xdigest), &x) == NULL ||
-- !BN_mod_exp(&verifier, &g, &x, &n, &bnctx))
-+ !BN_mod_exp(&verifier, &g, &x, &n, bnctx))
+ if (BN_bin2bn(xdigest, sizeof(xdigest), &tmp) == NULL ||
+- !BN_mod(&x, &tmp, &pm1, &bnctx) ||
+- !BN_mod_exp(&verifier, &g, &x, &p, &bnctx))
++ !BN_mod(&x, &tmp, &pm1, bnctx) ||
++ !BN_mod_exp(&verifier, &g, &x, &p, bnctx))
_fatal_bn("_filter_resource()");
/* Get memory for the filtered value */
-@@ -793,7 +793,7 @@ _filter_resource(AUTHCON *ct, struct aut
+@@ -829,7 +829,7 @@
BN_clear_free(&verifier);
BN_clear_free(&x);
BN_clear_free(&salt);
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-30 04:49:07 +0000