9 files changed, 137 insertions, 68 deletions

diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index fdfacae51a29..451def79caa9 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	openssh
-PORTVERSION=	3.9.0.1
+PORTVERSION=	4.0.0.1
 .if defined(OPENSSH_SNAPSHOT)
 PORTREVISION!=	date -v-1d +%Y%m%d
 .endif
@@ -14,21 +14,21 @@ PORTEPOCH=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%SUBDIR%/ \
 		ftp://carroll.cac.psu.edu/pub/OpenBSD/OpenSSH/portable/%SUBDIR%/
-PKGNAMESUFFIX?=	${PORTABLE_SUFFIX}${GSSAPI_SUFFIX}${BASE_SUFFIX}${PKGNAMESUFFIX2}
 MASTER_SITE_SUBDIR=	${MASTER_SITE_SUBDIR2}
+PKGNAMESUFFIX?=	${PORTABLE_SUFFIX}${GSSAPI_SUFFIX}${BASE_SUFFIX}${PKGNAMESUFFIX2}
 DISTNAME=	${DISTNAME2}
 
 MAINTAINER=	ports@FreeBSD.org
 COMMENT=	The portable version of OpenBSD's OpenSSH
 
-OPENSSHVERSION=	3.9p1
+OPENSSHVERSION=	4.0p1
 .if defined(OPENSSH_SNAPSHOT)
 MASTER_SITE_SUBDIR2=	snapshot/
 DISTNAME2=	${PORTNAME}-SNAP-${PORTREVISION}
 NO_CHECKSUM=	yes
 WRKSRC=		${WRKDIR}/${PORTNAME}
 .else
-MASTER_SITE_SUBDIR2=	
+MASTER_SITE_SUBDIR2=
 DISTNAME2=	${PORTNAME}-${OPENSSHVERSION}
 WRKSRC=		${WRKDIR}/${PORTNAME}-${OPENSSHVERSION}
 .endif
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index f65062a93be4..7aa12689255d 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,2 +1,2 @@
-MD5 (openssh-3.9p1.tar.gz) = 8e1774d0b52aff08f817f3987442a16e
-SIZE (openssh-3.9p1.tar.gz) = 854027
+MD5 (openssh-4.0p1.tar.gz) = 7b36f28fc16e1b7f4ba3c1dca191ac92
+SIZE (openssh-4.0p1.tar.gz) = 889880
diff --git a/security/openssh-portable/files/batch.patch b/security/openssh-portable/files/batch.patch
index 6d5f60af0470..a2fa6dcc9da6 100644
--- a/security/openssh-portable/files/batch.patch
+++ b/security/openssh-portable/files/batch.patch
@@ -1,11 +1,11 @@
---- Makefile.in.orig	Mon Sep 22 03:00:12 2003
-+++ Makefile.in	Sun Sep 28 05:02:19 2003
-@@ -224,7 +224,7 @@
- 	$(AUTORECONF)
+--- Makefile.in.orig	Fri Feb 25 18:12:38 2005
++++ Makefile.in	Sat Mar 19 19:53:44 2005
+@@ -230,7 +230,7 @@
+ 	-rm -rf autom4te.cache
  	(cd scard && $(MAKE) -f Makefile.in distprep)
  
--install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files host-key check-config
-+install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files check-config
- install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files
+-install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
++install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf check-config
+ install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf
+ install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files
  
- check-config:
diff --git a/security/openssh-portable/files/patch-auth-pam.c b/security/openssh-portable/files/patch-auth-pam.c
new file mode 100644
index 000000000000..73641796dfbf
--- /dev/null
+++ b/security/openssh-portable/files/patch-auth-pam.c
@@ -0,0 +1,65 @@
+--- auth-pam.c.orig	Thu Jan 20 03:29:51 2005
++++ auth-pam.c	Sat Mar 19 21:52:37 2005
+@@ -290,7 +290,7 @@
+  * Conversation function for authentication thread.
+  */
+ static int
+-sshpam_thread_conv(int n, struct pam_message **msg,
++sshpam_thread_conv(int n, const struct pam_message **msg,
+     struct pam_response **resp, void *data)
+ {
+ 	Buffer buffer;
+@@ -390,7 +390,7 @@
+ 	u_int i;
+ 	const char *pam_user;
+ 
+-	pam_get_item(sshpam_handle, PAM_USER, (void **)&pam_user);
++	pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);
+ 	environ[0] = NULL;
+ 
+ 	if (sshpam_authctxt != NULL) {
+@@ -482,7 +482,7 @@
+ }
+ 
+ static int
+-sshpam_null_conv(int n, struct pam_message **msg,
++sshpam_null_conv(int n, const struct pam_message **msg,
+     struct pam_response **resp, void *data)
+ {
+ 	debug3("PAM: %s entering, %d messages", __func__, n);
+@@ -492,7 +492,7 @@
+ static struct pam_conv null_conv = { sshpam_null_conv, NULL };
+ 
+ static int
+-sshpam_store_conv(int n, struct pam_message **msg,
++sshpam_store_conv(int n, const struct pam_message **msg,
+     struct pam_response **resp, void *data)
+ {
+ 	struct pam_response *reply;
+@@ -565,7 +565,7 @@
+ 	if (sshpam_handle != NULL) {
+ 		/* We already have a PAM context; check if the user matches */
+ 		sshpam_err = pam_get_item(sshpam_handle,
+-		    PAM_USER, (void **)&pam_user);
++		    PAM_USER, (const void **)&pam_user);
+ 		if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
+ 			return (0);
+ 		pam_end(sshpam_handle, sshpam_err);
+@@ -881,7 +881,7 @@
+ }
+ 
+ static int
+-sshpam_tty_conv(int n, struct pam_message **msg,
++sshpam_tty_conv(int n, const struct pam_message **msg,
+     struct pam_response **resp, void *data)
+ {
+ 	char input[PAM_MAX_MSG_SIZE];
+@@ -1040,7 +1040,7 @@
+  * display.
+  */
+ static int
+-sshpam_passwd_conv(int n, struct pam_message **msg,
++sshpam_passwd_conv(int n, const struct pam_message **msg,
+     struct pam_response **resp, void *data)
+ {
+ 	struct pam_response *reply;
diff --git a/security/openssh-portable/files/patch-auth1.c b/security/openssh-portable/files/patch-auth1.c
index 2308a0db7d27..94eaf3729b1d 100644
--- a/security/openssh-portable/files/patch-auth1.c
+++ b/security/openssh-portable/files/patch-auth1.c
@@ -1,23 +1,20 @@
---- auth1.c.orig	Thu Aug 12 14:40:25 2004
-+++ auth1.c	Tue Aug 17 05:40:29 2004
-@@ -25,6 +25,7 @@
- #include "session.h"
+--- auth1.c.orig	Tue Feb  8 11:52:48 2005
++++ auth1.c	Sat Mar 19 21:34:47 2005
+@@ -26,6 +26,7 @@
  #include "uidswap.h"
  #include "monitor_wrap.h"
+ #include "buffer.h"
 +#include "canohost.h"
  
  /* import */
  extern ServerOptions options;
-@@ -69,6 +70,18 @@
+@@ -71,6 +72,15 @@
  	u_int dlen;
  	u_int ulen;
  	int prev, type = 0;
 +#ifdef HAVE_LOGIN_CAP
 +	login_cap_t *lc;
-+#endif
-+#ifdef USE_PAM
-+	struct inverted_pam_cookie *pam_cookie;
-+#endif /* USE_PAM */
++#endif /* HAVE_LOGIN_CAP */
 +#if defined(HAVE_LOGIN_CAP) || defined(LOGIN_ACCESS)
 +	const char *from_host, *from_ip;
 +
@@ -27,7 +24,7 @@
  
  	debug("Attempting authentication for %s%.100s.",
  	    authctxt->valid ? "" : "invalid user ", authctxt->user);
-@@ -217,6 +230,34 @@
+@@ -219,6 +229,34 @@
  			logit("Unknown message during authentication: type %d", type);
  			break;
  		}
diff --git a/security/openssh-portable/files/patch-auth2.c b/security/openssh-portable/files/patch-auth2.c
index a7e9b703181d..37e596c15939 100644
--- a/security/openssh-portable/files/patch-auth2.c
+++ b/security/openssh-portable/files/patch-auth2.c
@@ -1,14 +1,14 @@
---- auth2.c.orig	Thu Aug 12 14:40:25 2004
-+++ auth2.c	Mon Sep 20 05:04:48 2004
-@@ -35,6 +35,7 @@
- #include "dispatch.h"
+--- auth2.c.orig	Tue Feb  8 11:52:48 2005
++++ auth2.c	Sat Mar 19 20:50:32 2005
+@@ -36,6 +36,7 @@
  #include "pathnames.h"
  #include "monitor_wrap.h"
+ #include "buffer.h"
 +#include "canohost.h"
  
  #ifdef GSSAPI
  #include "ssh-gss.h"
-@@ -134,6 +135,15 @@
+@@ -136,6 +137,15 @@
  	Authmethod *m = NULL;
  	char *user, *service, *method, *style = NULL;
  	int authenticated = 0;
@@ -24,7 +24,7 @@
  
  	if (authctxt == NULL)
  		fatal("input_userauth_request: no authctxt");
-@@ -178,6 +188,41 @@
+@@ -183,6 +193,41 @@
  		    "(%s,%s) -> (%s,%s)",
  		    authctxt->user, authctxt->service, user, service);
  	}
diff --git a/security/openssh-portable/files/patch-fake-rfc2553.h b/security/openssh-portable/files/patch-fake-rfc2553.h
new file mode 100644
index 000000000000..58577a46aff2
--- /dev/null
+++ b/security/openssh-portable/files/patch-fake-rfc2553.h
@@ -0,0 +1,11 @@
+--- openbsd-compat/fake-rfc2553.h.orig	Fri Feb 11 08:32:13 2005
++++ openbsd-compat/fake-rfc2553.h	Sat Mar 19 21:27:33 2005
+@@ -113,7 +113,7 @@
+ # define NI_MAXHOST 1025
+ #endif /* !NI_MAXHOST */
+ 
+-#ifndef EAI_NODATA
++#ifndef EAI_MEMORY
+ # define EAI_NODATA	1
+ # define EAI_MEMORY	2
+ # define EAI_NONAME	3
diff --git a/security/openssh-portable/files/patch-loginrec.c b/security/openssh-portable/files/patch-loginrec.c
index 6a294b39a70f..18e427f111a5 100644
--- a/security/openssh-portable/files/patch-loginrec.c
+++ b/security/openssh-portable/files/patch-loginrec.c
@@ -1,21 +1,22 @@
---- loginrec.c.orig	Sun Aug 15 11:12:52 2004
-+++ loginrec.c	Mon Sep 20 05:04:48 2004
-@@ -167,6 +167,9 @@
+--- loginrec.c.orig	Tue Feb 15 12:19:28 2005
++++ loginrec.c	Sat Mar 19 20:55:59 2005
+@@ -164,6 +164,9 @@
  #ifdef HAVE_LIBUTIL_H
- #   include <libutil.h>
+ # include <libutil.h>
  #endif
 +#ifdef __FreeBSD__
 +#include <osreldate.h>
 +#endif
  
- /**
-  ** prototypes for helper functions in this file
-@@ -657,7 +660,12 @@
- 	/* Use strncpy because we don't necessarily want null termination */
- 	strncpy(ut->ut_name, li->username, MIN_SIZEOF(ut->ut_name, li->username));
+ RCSID("$Id: loginrec.c,v 1.67 2005/02/15 11:19:28 dtucker Exp $");
+ 
+@@ -670,8 +673,13 @@
+ 	strncpy(ut->ut_name, li->username,
+ 	    MIN_SIZEOF(ut->ut_name, li->username));
  # ifdef HAVE_HOST_IN_UTMP
 +# if defined(__FreeBSD__) && __FreeBSD_version <= 400000
- 	strncpy(ut->ut_host, li->hostname, MIN_SIZEOF(ut->ut_host, li->hostname));
+ 	strncpy(ut->ut_host, li->hostname,
+ 	    MIN_SIZEOF(ut->ut_host, li->hostname));
 +# else
 +	realhostname_sa(ut->ut_host, sizeof ut->ut_host,
 +	    &li->hostaddr.sa, li->hostaddr.sa.sa_len);
diff --git a/security/openssh-portable/files/patch-session.c b/security/openssh-portable/files/patch-session.c
index fcbeb4786025..170bc8911d39 100644
--- a/security/openssh-portable/files/patch-session.c
+++ b/security/openssh-portable/files/patch-session.c
@@ -1,5 +1,5 @@
---- session.c.orig	Thu Aug 12 14:40:25 2004
-+++ session.c	Tue Sep 21 19:48:42 2004
+--- session.c.orig	Sun Mar  6 12:38:52 2005
++++ session.c	Sat Mar 19 21:45:32 2005
 @@ -66,6 +66,11 @@
  #include "ssh-gss.h"
  #endif
@@ -12,7 +12,7 @@
  /* func */
  
  Session *session_new(void);
-@@ -410,6 +415,13 @@
+@@ -414,6 +419,13 @@
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
  
  		/*
@@ -26,17 +26,7 @@
  		 * Create a new session and process group since the 4.4BSD
  		 * setlogin() affects the entire process group.
  		 */
-@@ -526,6 +538,9 @@
- {
- 	int fdout, ptyfd, ttyfd, ptymaster;
- 	pid_t pid;
-+#if defined(USE_PAM)
-+	const char *shorttty;
-+#endif
- 
- 	if (s == NULL)
- 		fatal("do_exec_pty: no session");
-@@ -546,6 +561,14 @@
+@@ -550,6 +562,14 @@
  
  		/* Child.  Reinitialize the log because the pid has changed. */
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -51,14 +41,14 @@
  		/* Close the master side of the pseudo tty. */
  		close(ptyfd);
  
-@@ -692,6 +715,18 @@
+@@ -700,6 +720,18 @@
  	struct sockaddr_storage from;
  	struct passwd * pw = s->pw;
  	pid_t pid = getpid();
 +#ifdef HAVE_LOGIN_CAP
 +	FILE *f;
 +	char buf[256];
-+	char *fname;
++	const char *fname;
 +	const char *shorttty;
 +#endif /* HAVE_LOGIN_CAP */
 +#ifdef __FreeBSD__
@@ -70,7 +60,7 @@
  
  	/*
  	 * Get IP address of client. If the connection is not a socket, let
-@@ -727,12 +762,101 @@
+@@ -735,12 +767,101 @@
  	}
  #endif
  
@@ -173,7 +163,7 @@
  }
  
  /*
-@@ -748,9 +872,9 @@
+@@ -756,9 +877,9 @@
  #ifdef HAVE_LOGIN_CAP
  		f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
  		    "/etc/motd"), "r");
@@ -185,7 +175,7 @@
  		if (f) {
  			while (fgets(buf, sizeof(buf), f))
  				fputs(buf, stdout);
-@@ -777,10 +901,10 @@
+@@ -785,10 +906,10 @@
  #ifdef HAVE_LOGIN_CAP
  	if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
  		return 1;
@@ -198,10 +188,15 @@
  	return 0;
  }
  
-@@ -967,6 +1091,10 @@
+@@ -974,7 +1095,14 @@
+ {
  	char buf[256];
  	u_int i, envsize;
- 	char **env, *laddr, *path = NULL;
+-	char **env, *laddr, *path = NULL;
++	char **env, *laddr;
++#ifdef HAVE_CYGWIN
++	char *path = NULL;
++#endif /* HAVE_CYGWIN */
 +#ifdef HAVE_LOGIN_CAP
 +	extern char **environ;
 +	char **senv, **var;
@@ -209,7 +204,7 @@
  	struct passwd *pw = s->pw;
  
  	/* Initialize the environment. */
-@@ -974,6 +1102,9 @@
+@@ -982,6 +1110,9 @@
  	env = xmalloc(envsize * sizeof(char *));
  	env[0] = NULL;
  
@@ -219,7 +214,7 @@
  #ifdef HAVE_CYGWIN
  	/*
  	 * The Windows environment contains some setting which are
-@@ -1032,9 +1163,21 @@
+@@ -1046,9 +1177,21 @@
  
  		/* Normal systems set SHELL by default. */
  		child_set_env(&env, &envsize, "SHELL", shell);
@@ -243,7 +238,7 @@
  
  	/* Set custom environment options from RSA authentication. */
  	if (!options.use_login) {
-@@ -1234,6 +1377,12 @@
+@@ -1258,6 +1401,12 @@
  void
  do_setusercontext(struct passwd *pw)
  {
@@ -256,7 +251,7 @@
  #ifndef HAVE_CYGWIN
  	if (getuid() == 0 || geteuid() == 0)
  #endif /* HAVE_CYGWIN */
-@@ -1254,10 +1403,30 @@
+@@ -1285,10 +1434,30 @@
  		}
  # endif /* USE_PAM */
  		if (setusercontext(lc, pw, pw->pw_uid,
@@ -288,7 +283,7 @@
  #else
  # if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
  		/* Sets login uid for accounting */
-@@ -1284,7 +1453,16 @@
+@@ -1322,7 +1491,16 @@
  		 * Reestablish them here.
  		 */
  		if (options.use_pam) {
@@ -306,7 +301,7 @@
  			do_pam_setcred(0);
  		}
  # endif /* USE_PAM */
-@@ -1374,7 +1552,7 @@
+@@ -1417,7 +1595,7 @@
  	 * initgroups, because at least on Solaris 2.3 it leaves file
  	 * descriptors open.
  	 */
@@ -315,7 +310,7 @@
  		close(i);
  }
  
-@@ -1503,6 +1681,31 @@
+@@ -1553,6 +1731,31 @@
  			exit(1);
  #endif
  	}