diff options
author | Dirk Meyer <dinoex@FreeBSD.org> | 2002-06-22 12:31:18 +0000 |
---|---|---|
committer | Dirk Meyer <dinoex@FreeBSD.org> | 2002-06-22 12:31:18 +0000 |
commit | c90874ad5108bd2697d287fc3749f545840f0bd3 (patch) | |
tree | 7a66115f5705b936ac81a587a7c0622564d2dbb7 /security/openssh | |
parent | c585edffb3a4a5cd8595d5b6c24790c15232e08a (diff) | |
download | ports-c90874ad5108bd2697d287fc3749f545840f0bd3.tar.gz ports-c90874ad5108bd2697d287fc3749f545840f0bd3.zip |
Notes
Diffstat (limited to 'security/openssh')
-rw-r--r-- | security/openssh/Makefile | 6 | ||||
-rw-r--r-- | security/openssh/distinfo | 4 | ||||
-rw-r--r-- | security/openssh/files/patch-auth2-passwd.c | 14 | ||||
-rw-r--r-- | security/openssh/files/patch-auth2.c | 24 | ||||
-rw-r--r-- | security/openssh/files/patch-includes.h | 8 | ||||
-rw-r--r-- | security/openssh/files/patch-session.c | 37 | ||||
-rw-r--r-- | security/openssh/files/patch-ssh-Makefile | 19 | ||||
-rw-r--r-- | security/openssh/files/patch-ssh-keysign-Makefile | 19 | ||||
-rw-r--r-- | security/openssh/files/patch-ssh.c | 12 | ||||
-rw-r--r-- | security/openssh/files/patch-sshconnect.c | 30 | ||||
-rw-r--r-- | security/openssh/files/patch-sshd-Makefile | 17 | ||||
-rw-r--r-- | security/openssh/files/patch-sshd_config | 8 | ||||
-rw-r--r-- | security/openssh/pkg-plist | 1 |
13 files changed, 96 insertions, 103 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index afedb14bffc3..c6040f36f702 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -6,8 +6,7 @@ # PORTNAME= openssh -PORTVERSION= 3.2.3 -PORTREVISION= 1 +PORTVERSION= 3.3 CATEGORIES= security MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \ ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \ @@ -22,7 +21,8 @@ MAINTAINER= dinoex@FreeBSD.org MAN1= scp.1 slogin.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 \ ssh-keyscan.1 sftp.1 -MAN8= sshd.8 sftp-server.8 +MAN5= ssh_config.5 sshd_config.5 +MAN8= sshd.8 sftp-server.8 ssh-keysign.8 MANCOMPRESSED= yes MODIFY= ssh.h sshd_config sshd.sh pathnames.h FIXME= lib/Makefile scp/Makefile sftp/Makefile sftp-server/Makefile \ diff --git a/security/openssh/distinfo b/security/openssh/distinfo index b4d0760d40d5..4d4f78bceeb7 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,2 +1,2 @@ -MD5 (openssh-3.2.3.tgz) = 778b0ff9dd86a61eb40c89409d359fcc -MD5 (openbsd28_3.2.3.patch) = 187fc78696a650763607dc44d993e1fd +MD5 (openssh-3.3.tgz) = f75f98b8c901c07f38710959da94a73b +MD5 (openbsd28_3.3.patch) = d3cf2655df4a0b9d0624d1e5893c4324 diff --git a/security/openssh/files/patch-auth2-passwd.c b/security/openssh/files/patch-auth2-passwd.c new file mode 100644 index 000000000000..da16a83e48f2 --- /dev/null +++ b/security/openssh/files/patch-auth2-passwd.c @@ -0,0 +1,14 @@ +--- auth2-passwd.c.orig Fri May 31 13:35:15 2002 ++++ auth2-passwd.c Fri Jun 21 22:54:05 2002 +@@ -48,7 +48,11 @@ + password = packet_get_string(&len); + packet_check_eom(); + if (authctxt->valid && ++#ifdef USE_PAM ++ PRIVSEP(auth_pam_password(authctxt, password)) == 1) ++#else + PRIVSEP(auth_password(authctxt, password)) == 1) ++#endif + authenticated = 1; + memset(password, 0, len); + xfree(password); diff --git a/security/openssh/files/patch-auth2.c b/security/openssh/files/patch-auth2.c index 5359ba294756..23683cd1f3a2 100644 --- a/security/openssh/files/patch-auth2.c +++ b/security/openssh/files/patch-auth2.c @@ -1,6 +1,6 @@ ---- auth2.c.orig Mon May 13 04:37:39 2002 -+++ auth2.c Thu May 23 13:11:43 2002 -@@ -168,6 +168,15 @@ +--- auth2.c.orig Fri May 31 13:35:15 2002 ++++ auth2.c Fri Jun 21 22:49:07 2002 +@@ -133,6 +133,15 @@ Authmethod *m = NULL; char *user, *service, *method, *style = NULL; int authenticated = 0; @@ -16,7 +16,7 @@ if (authctxt == NULL) fatal("input_userauth_request: no authctxt"); -@@ -187,6 +196,11 @@ +@@ -152,6 +161,11 @@ if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; debug2("input_userauth_request: setting up authctxt for %s", user); @@ -28,7 +28,7 @@ } else { log("input_userauth_request: illegal user %s", user); } -@@ -203,6 +217,41 @@ +@@ -168,6 +182,41 @@ "(%s,%s) -> (%s,%s)", authctxt->user, authctxt->service, user, service); } @@ -70,7 +70,7 @@ /* reset state */ auth2_challenge_stop(authctxt); authctxt->postponed = 0; -@@ -213,6 +262,12 @@ +@@ -178,6 +227,12 @@ debug2("input_userauth_request: try method %s", method); authenticated = m->userauth(authctxt); } @@ -83,15 +83,3 @@ userauth_finish(authctxt, authenticated, method); xfree(service); -@@ -321,7 +376,11 @@ - m->enabled = NULL; - packet_check_eom(); - userauth_banner(); -+#ifdef USE_PAM -+ return (authctxt->valid ? PRIVSEP(auth_pam_password(authctxt, "")) : 0); -+#else - return (authctxt->valid ? PRIVSEP(auth_password(authctxt, "")) : 0); -+#endif - } - - static int diff --git a/security/openssh/files/patch-includes.h b/security/openssh/files/patch-includes.h index dd24de4adc86..d3c5bd40d2ad 100644 --- a/security/openssh/files/patch-includes.h +++ b/security/openssh/files/patch-includes.h @@ -1,5 +1,5 @@ --- includes.h.orig Sat Jan 26 17:44:22 2002 -+++ includes.h Fri May 24 08:21:58 2002 ++++ includes.h Sat Jun 22 12:17:34 2002 @@ -24,12 +24,12 @@ #include <sys/select.h> #include <sys/param.h> @@ -22,7 +22,7 @@ #include <stdio.h> #include <ctype.h> #include <errno.h> -@@ -62,5 +61,64 @@ +@@ -62,5 +61,68 @@ * client program. Socketpairs do not seem to work on all systems. */ #define USE_PIPES 1 @@ -84,6 +84,10 @@ +#define CMSG_SPACE(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + __CMSG_ALIGN(len)) +#endif + ++#ifndef __func__ ++#define __func__ __FUNCTION__ ++#endif ++ +#endif #endif /* INCLUDES_H */ diff --git a/security/openssh/files/patch-session.c b/security/openssh/files/patch-session.c index 932ab1e51c3d..451e4d363d76 100644 --- a/security/openssh/files/patch-session.c +++ b/security/openssh/files/patch-session.c @@ -1,5 +1,5 @@ ---- session.c.orig Thu May 23 13:15:39 2002 -+++ session.c Thu May 23 13:31:48 2002 +--- session.c.orig Fri Jun 21 22:54:44 2002 ++++ session.c Fri Jun 21 22:56:28 2002 @@ -58,6 +58,13 @@ #include "session.h" #include "monitor_wrap.h" @@ -14,7 +14,7 @@ /* func */ Session *session_new(void); -@@ -346,6 +353,10 @@ +@@ -437,6 +444,10 @@ if (s == NULL) fatal("do_exec_no_pty: no session"); @@ -25,7 +25,7 @@ session_proctitle(s); /* Fork the child. */ -@@ -354,6 +365,13 @@ +@@ -445,6 +456,13 @@ log_init(__progname, options.log_level, options.log_facility, log_stderr); /* @@ -39,7 +39,7 @@ * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ -@@ -454,11 +472,24 @@ +@@ -545,11 +563,24 @@ ptyfd = s->ptyfd; ttyfd = s->ttyfd; @@ -64,7 +64,7 @@ /* Close the master side of the pseudo tty. */ close(ptyfd); -@@ -547,6 +578,18 @@ +@@ -638,6 +669,18 @@ struct sockaddr_storage from; struct passwd * pw = s->pw; pid_t pid = getpid(); @@ -83,7 +83,7 @@ /* * Get IP address of client. If the connection is not a socket, let -@@ -569,10 +612,97 @@ +@@ -660,10 +703,97 @@ options.verify_reverse_mapping), (struct sockaddr *)&from); @@ -182,7 +182,7 @@ time_string = ctime(&s->last_login_time); if (strchr(time_string, '\n')) *strchr(time_string, '\n') = 0; -@@ -583,7 +713,30 @@ +@@ -674,7 +804,30 @@ s->hostname); } @@ -214,7 +214,7 @@ } /* -@@ -599,9 +752,9 @@ +@@ -690,9 +843,9 @@ #ifdef HAVE_LOGIN_CAP f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r"); @@ -226,7 +226,7 @@ if (f) { while (fgets(buf, sizeof(buf), f)) fputs(buf, stdout); -@@ -628,10 +781,10 @@ +@@ -719,10 +872,10 @@ #ifdef HAVE_LOGIN_CAP if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) return 1; @@ -239,7 +239,7 @@ return 0; } -@@ -729,6 +882,10 @@ +@@ -820,6 +973,10 @@ env[0] = NULL; if (!options.use_login) { @@ -250,7 +250,7 @@ /* Set basic environment. */ child_set_env(&env, &envsize, "USER", pw->pw_name); child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); -@@ -736,9 +893,15 @@ +@@ -827,9 +984,15 @@ #ifdef HAVE_LOGIN_CAP (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); child_set_env(&env, &envsize, "PATH", getenv("PATH")); @@ -268,7 +268,7 @@ snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); -@@ -791,6 +954,11 @@ +@@ -882,6 +1045,10 @@ child_set_env(&env, &envsize, "KRB5CCNAME", s->authctxt->krb5_ticket_file); #endif @@ -276,11 +276,10 @@ + /* Pull in any environment variables that may have been set by PAM. */ + do_pam_environment(&env, &envsize); +#endif /* USE_PAM */ -+ - if (auth_get_socket_name() != NULL) + if (auth_sock_name != NULL) child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, - auth_get_socket_name()); -@@ -947,6 +1115,36 @@ + auth_sock_name); +@@ -1038,6 +1205,36 @@ exit(1); } @@ -317,7 +316,7 @@ /* * Performs common processing for the child, such as setting up the * environment, closing extra file descriptors, setting the user and group -@@ -1025,7 +1223,7 @@ +@@ -1116,7 +1313,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ @@ -326,7 +325,7 @@ close(i); /* -@@ -1055,6 +1253,31 @@ +@@ -1146,6 +1343,31 @@ exit(1); #endif } diff --git a/security/openssh/files/patch-ssh-Makefile b/security/openssh/files/patch-ssh-Makefile index d988af43f124..5ab9b12d987b 100644 --- a/security/openssh/files/patch-ssh-Makefile +++ b/security/openssh/files/patch-ssh-Makefile @@ -1,17 +1,18 @@ ---- ssh/Makefile.orig Tue Mar 5 01:49:51 2002 -+++ ssh/Makefile Sun Mar 17 14:58:13 2002 -@@ -7,8 +7,8 @@ +--- ssh/Makefile.orig Thu Jun 20 21:56:07 2002 ++++ ssh/Makefile Fri Jun 21 22:59:47 2002 +@@ -7,8 +7,9 @@ - BINMODE?=4555 + #BINMODE?=4555 -BINDIR= /usr/bin --MAN= ssh.1 +-MAN= ssh.1 ssh_config.5 +BINDIR= /bin +MAN1= ssh.1 ++MAN5= ssh_config.5 LINKS= ${BINDIR}/ssh ${BINDIR}/slogin MLINKS= ssh.1 slogin.1 -@@ -16,6 +16,7 @@ +@@ -16,6 +17,7 @@ sshconnect.c sshconnect1.c sshconnect2.c .include <bsd.own.mk> # for AFS @@ -19,7 +20,7 @@ .if (${KERBEROS5:L} == "yes") CFLAGS+= -DKRB5 -I${DESTDIR}/usr/include/kerberosV -@@ -24,8 +25,8 @@ +@@ -24,8 +26,8 @@ .endif # KERBEROS5 .if (${KERBEROS:L} == "yes") @@ -30,11 +31,11 @@ DPADD+= ${LIBKRB} .if (${AFS:L} == "yes") CFLAGS+= -DAFS -@@ -36,5 +37,5 @@ +@@ -36,5 +38,5 @@ .include <bsd.prog.mk> -LDADD+= -lcrypto -lz -ldes --DPADD+= ${LIBCRYPTO} ${LIBZ} +-DPADD+= ${LIBCRYPTO} ${LIBZ} ${LIBDES} +LDADD+= ${CRYPTOLIBS} -lcrypt -lutil -lz +DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} diff --git a/security/openssh/files/patch-ssh-keysign-Makefile b/security/openssh/files/patch-ssh-keysign-Makefile new file mode 100644 index 000000000000..0ac135575072 --- /dev/null +++ b/security/openssh/files/patch-ssh-keysign-Makefile @@ -0,0 +1,19 @@ +--- ssh-keysign/Makefile.orig Fri May 31 12:30:33 2002 ++++ ssh-keysign/Makefile Sat Jun 22 12:38:35 2002 +@@ -7,12 +7,12 @@ + + BINMODE?=4555 + +-BINDIR= /usr/libexec +-MAN= ssh-keysign.8 ++BINDIR= /libexec ++MAN8= ssh-keysign.8 + + SRCS= ssh-keysign.c + + .include <bsd.prog.mk> + +-LDADD+= -lcrypto -lz +-DPADD+= ${LIBCRYPTO} ${LIBZ} ++LDADD+= ${CRYPTOLIBS} -lcrypt -lz ++DPADD+= ${LIBCRYPTO} ${LIBZ} diff --git a/security/openssh/files/patch-ssh.c b/security/openssh/files/patch-ssh.c deleted file mode 100644 index a55517683cfa..000000000000 --- a/security/openssh/files/patch-ssh.c +++ /dev/null @@ -1,12 +0,0 @@ ---- ssh.c.orig Tue Apr 17 14:55:04 2001 -+++ ssh.c Sat May 26 15:05:28 2001 -@@ -199,6 +199,9 @@ - log("Using rsh. WARNING: Connection will not be encrypted."); - /* Build argument list for rsh. */ - i = 0; -+#ifndef _PATH_RSH -+#define _PATH_RSH "/usr/bin/rsh" -+#endif - args[i++] = _PATH_RSH; - /* host may have to come after user on some systems */ - args[i++] = host; diff --git a/security/openssh/files/patch-sshconnect.c b/security/openssh/files/patch-sshconnect.c index 3b0017faab5b..d3e2e03ca080 100644 --- a/security/openssh/files/patch-sshconnect.c +++ b/security/openssh/files/patch-sshconnect.c @@ -1,28 +1,6 @@ ---- sshconnect.c.orig Mon Jan 21 16:13:51 2002 -+++ sshconnect.c Fri Mar 8 18:14:50 2002 -@@ -43,15 +43,21 @@ - sockaddr_ntop(struct sockaddr *sa) - { - void *addr; -+#ifdef INET6 - static char addrbuf[INET6_ADDRSTRLEN]; -+#else -+ static char addrbuf[INET_ADDRSTRLEN]; -+#endif - - switch (sa->sa_family) { - case AF_INET: - addr = &((struct sockaddr_in *)sa)->sin_addr; - break; -+#ifdef INET6 - case AF_INET6: - addr = &((struct sockaddr_in6 *)sa)->sin6_addr; - break; -+#endif - default: - /* This case should be protected against elsewhere */ - abort(); /* XXX abort is bad -- do something else */ -@@ -291,7 +297,11 @@ +--- sshconnect.c.orig Wed Jun 19 02:27:55 2002 ++++ sshconnect.c Fri Jun 21 23:02:29 2002 +@@ -279,7 +279,11 @@ /* Loop through addresses for this host, and try each one in sequence until the connection succeeds. */ for (ai = aitop; ai; ai = ai->ai_next) { @@ -34,7 +12,7 @@ continue; if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), strport, sizeof(strport), -@@ -537,10 +547,12 @@ +@@ -516,10 +520,12 @@ local = (ntohl(((struct sockaddr_in *)hostaddr)-> sin_addr.s_addr) >> 24) == IN_LOOPBACKNET; break; diff --git a/security/openssh/files/patch-sshd-Makefile b/security/openssh/files/patch-sshd-Makefile index f50ffc148958..de200f14054a 100644 --- a/security/openssh/files/patch-sshd-Makefile +++ b/security/openssh/files/patch-sshd-Makefile @@ -1,18 +1,19 @@ ---- sshd/Makefile.orig Thu May 23 13:33:56 2002 -+++ sshd/Makefile Thu May 23 13:36:15 2002 -@@ -5,8 +5,8 @@ +--- sshd/Makefile.orig Fri Jun 21 23:06:22 2002 ++++ sshd/Makefile Fri Jun 21 23:06:56 2002 +@@ -5,8 +5,9 @@ PROG= sshd BINOWN= root BINMODE=555 -BINDIR= /usr/sbin --MAN= sshd.8 +-MAN= sshd.8 sshd_config.5 +BINDIR= /sbin +MAN8= sshd.8 ++MAN5= sshd_config.5 + #CFLAGS+=-DHAVE_LOGIN_CAP -DBSD_AUTH CFLAGS+=-DHAVE_LOGIN_CAP - #CFLAGS+=-DBSD_AUTH -@@ -17,9 +17,10 @@ - auth-skey.c auth-bsdauth.c monitor_mm.c monitor.c +@@ -19,9 +20,10 @@ + auth2-hostbased.c auth2-kbdint.c .include <bsd.own.mk> # for KERBEROS and AFS +.include "../Makefile.inc" @@ -23,7 +24,7 @@ SRCS+= auth-krb5.c LDADD+= -lkrb5 -lkafs -lasn1 -lcom_err DPADD+= ${LIBKRB5} ${LIBKAFS} ${LIBASN1} ${LIBCOM_ERR} -@@ -31,15 +32,15 @@ +@@ -33,15 +35,15 @@ LDADD+= -lkafs DPADD+= ${LIBKAFS} .endif # AFS diff --git a/security/openssh/files/patch-sshd_config b/security/openssh/files/patch-sshd_config index 01317a3a5eea..514a9fd7336a 100644 --- a/security/openssh/files/patch-sshd_config +++ b/security/openssh/files/patch-sshd_config @@ -1,5 +1,5 @@ ---- sshd_config.orig Thu May 23 13:37:04 2002 -+++ sshd_config Thu May 23 13:38:05 2002 +--- sshd_config.orig Fri Jun 21 23:07:45 2002 ++++ sshd_config Fri Jun 21 23:08:26 2002 @@ -30,8 +30,10 @@ # Authentication: @@ -18,6 +18,6 @@ #KeepAlive yes #UseLogin no +UseLogin yes - #UsePrivilegeSeparation no + #UsePrivilegeSeparation yes + #Compression yes - #MaxStartups 10 diff --git a/security/openssh/pkg-plist b/security/openssh/pkg-plist index 7c32f6d1a747..317a71167115 100644 --- a/security/openssh/pkg-plist +++ b/security/openssh/pkg-plist @@ -16,6 +16,7 @@ etc/sshd_config-dist @exec [ ! -f %D/etc/sshd_config ] && cp %D/etc/sshd_config-dist %D/etc/sshd_config sbin/sshd libexec/sftp-server +libexec/ssh-keysign libdata/ssh/Ssh.bin @dirrm libdata/ssh @exec if [ ! -f %D/etc/ssh_host_key ]; then echo ">> Generating a secret RSA1 host key."; %D/bin/ssh-keygen -t rsa1 -N "" -f %D/etc/ssh_host_key; fi |