diff options
author | Andrey A. Chernov <ache@FreeBSD.org> | 1997-03-28 23:30:39 +0000 |
---|---|---|
committer | Andrey A. Chernov <ache@FreeBSD.org> | 1997-03-28 23:30:39 +0000 |
commit | 797920ff495ca74bc81dfdeeba311a7815d669f3 (patch) | |
tree | c40578853dc42c17bf228e976d0e8f37cc5bbef9 /security/ssh2 | |
parent | 3a3bd81f8a763504dd2a69161412c15d6b70587b (diff) | |
download | ports-797920ff495ca74bc81dfdeeba311a7815d669f3.tar.gz ports-797920ff495ca74bc81dfdeeba311a7815d669f3.zip |
Notes
Diffstat (limited to 'security/ssh2')
-rw-r--r-- | security/ssh2/Makefile | 6 | ||||
-rw-r--r-- | security/ssh2/distinfo | 2 | ||||
-rw-r--r-- | security/ssh2/files/patch-aa | 8 | ||||
-rw-r--r-- | security/ssh2/files/patch-ab | 35 | ||||
-rw-r--r-- | security/ssh2/files/patch-ac | 90 | ||||
-rw-r--r-- | security/ssh2/files/patch-ad | 32 | ||||
-rw-r--r-- | security/ssh2/files/patch-af | 223 | ||||
-rw-r--r-- | security/ssh2/files/patch-aj | 12 | ||||
-rw-r--r-- | security/ssh2/files/patch-al | 12 |
9 files changed, 209 insertions, 211 deletions
diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile index bd7c2a4c4bf0..fd8320fbc049 100644 --- a/security/ssh2/Makefile +++ b/security/ssh2/Makefile @@ -1,15 +1,15 @@ # New ports collection makefile for: ssh -# Version required: 1.2.17 +# Version required: 1.2.18 # Date created: 30 Jul 1995 # Whom: torstenb@FreeBSD.ORG # -# $Id: Makefile,v 1.35 1996/11/18 11:39:31 asami Exp $ +# $Id: Makefile,v 1.36 1996/11/20 12:45:41 adam Exp $ # # Maximal ssh package requires YES values for # USE_PERL, USE_TCPWRAP # -DISTNAME= ssh-1.2.17 +DISTNAME= ssh-1.2.18 CATEGORIES= security net MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/login/ssh/ diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo index 55e0a4c6104b..6faa4f65b675 100644 --- a/security/ssh2/distinfo +++ b/security/ssh2/distinfo @@ -1,2 +1,2 @@ -MD5 (ssh-1.2.17.tar.gz) = f38c5bdce93e81c33176f95c6e635dc7 +MD5 (ssh-1.2.18.tar.gz) = 3ed9c159f1ab843966fb705168a69a8f MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d diff --git a/security/ssh2/files/patch-aa b/security/ssh2/files/patch-aa index 468a7fc1e9cd..3ef8ce98cc1e 100644 --- a/security/ssh2/files/patch-aa +++ b/security/ssh2/files/patch-aa @@ -1,7 +1,7 @@ -*** make-ssh-known-hosts.pl.in.orig Wed Oct 30 15:27:47 1996 ---- make-ssh-known-hosts.pl.in Thu Jan 30 23:00:02 1997 +*** make-ssh-known-hosts.pl.in.orig Thu Mar 27 09:04:06 1997 +--- make-ssh-known-hosts.pl.in Fri Mar 28 15:11:19 1997 *************** -*** 81,87 **** +*** 84,90 **** $debug = 5; $defserver = ''; $bell='\a'; @@ -9,7 +9,7 @@ $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; $timeout = 60; $ping_timeout = 3; ---- 81,87 ---- +--- 84,90 ---- $debug = 5; $defserver = ''; $bell='\a'; diff --git a/security/ssh2/files/patch-ab b/security/ssh2/files/patch-ab index 665e48789afa..caa40dcd89fb 100644 --- a/security/ssh2/files/patch-ab +++ b/security/ssh2/files/patch-ab @@ -1,7 +1,7 @@ -*** configure.orig Wed Oct 30 15:27:56 1996 ---- configure Thu Jan 30 23:03:12 1997 +*** configure.orig Thu Mar 27 09:04:06 1997 +--- configure Fri Mar 28 15:18:56 1997 *************** -*** 1331,1342 **** +*** 1634,1645 **** export CFLAGS CC @@ -13,36 +13,36 @@ - echo $ac_n "checking that the compiler works""... $ac_c" 1>&6 - if test "$cross_compiling" = yes; then ---- 1331,1336 ---- + echo "configure:1646: checking that the compiler works" >&5 +--- 1634,1639 ---- *************** -*** 2264,2270 **** +*** 2632,2638 **** fi ! for ac_hdr in unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h do - ac_safe=`echo "$ac_hdr" | tr './\055' '___'` + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 ---- 2258,2264 ---- +--- 2626,2632 ---- fi ! for ac_hdr in unistd.h rusage.h sys/time.h lastlog.h login_cap.h utmp.h shadow.h do - ac_safe=`echo "$ac_hdr" | tr './\055' '___'` + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 *************** -*** 5140,5146 **** - EOF +*** 6696,6702 **** + cat >> $CONFIG_STATUS <<EOF -! CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.3/Makefile"} +! CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile"} EOF cat >> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then ---- 5134,5140 ---- - EOF +--- 6690,6696 ---- + cat >> $CONFIG_STATUS <<EOF ! CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 make-ssh-known-hosts.pl"} @@ -50,16 +50,13 @@ cat >> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then *************** -*** 5332,5338 **** ---- 5326,5336 ---- +*** 6900,6905 **** +--- 6894,6901 ---- done for ac_config_dir in gmp-2.0.2-ssh-2; do + + continue # XXX don't configure gmp -+ # Do not complain, so a configure script can configure whichever -+ # parts of a large source tree are present. # Do not complain, so a configure script can configure whichever # parts of a large source tree are present. - if test ! -d $srcdir/$ac_config_dir; then diff --git a/security/ssh2/files/patch-ac b/security/ssh2/files/patch-ac index 7c43f51d805e..31084324b943 100644 --- a/security/ssh2/files/patch-ac +++ b/security/ssh2/files/patch-ac @@ -1,57 +1,57 @@ -*** Makefile.in.orig Wed Oct 30 15:27:56 1996 ---- Makefile.in Thu Jan 30 23:00:03 1997 +*** Makefile.in.orig Thu Mar 27 09:04:06 1997 +--- Makefile.in Fri Mar 28 15:36:08 1997 *************** -*** 188,199 **** +*** 225,236 **** SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 ! GMPLIBS = -L$(GMPDIR) -lgmp ! GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a - ZLIBDIR = zlib-1.0.3 + ZLIBDIR = zlib-1.0.4 ! ZLIBDEP = $(ZLIBDIR)/libz.a ! ZLIBLIBS = -L$(ZLIBDIR) -lz RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source ---- 188,205 ---- +--- 225,242 ---- SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 ! # We have the same libgmp in the system, so use it instead ! GMPINCDIR = /usr/include ! GMPLIBDIR = /usr/lib -! GMPDEP = $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a -! GMPLIBS = -L$(GMPLIBDIR) -lgmp +! GMPDEP = $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a +! GMPLIBS = -L$(GMPLIBDIR) -lgmp - ZLIBDIR = zlib-1.0.3 -! # We have newer libz in the system, so use it instead -! ZLIBINCDIR = /usr/include -! ZLIBLIBDIR = /usr/lib -! ZLIBDEP = $(ZLIBINCDIR)/zlib.h $(ZLIBLIBDIR)/libz.a -! ZLIBLIBS = -L$(ZLIBLIBDIR) -lz + ZLIBDIR = zlib-1.0.4 +! # We have the same libz in the system, so use it instead +! ZLIBINCDIR = /usr/include +! ZLIBLIBDIR = /usr/lib +! ZLIBDEP = $(ZLIBINCDIR)/zlib.h $(ZLIBLIBDIR)/libz.a +! ZLIBLIBS = -L$(ZLIBLIBDIR) -lz RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source *************** -*** 275,281 **** - $(CC) -o rfc-pg rfc-pg.c +*** 324,330 **** + $(CC) -o rfc-pg rfc-pg.o .c.o: -! $(CC) -c -I. -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" $(CFLAGS) $(X_CFLAGS) $< +! $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd ---- 281,287 ---- - $(CC) -o rfc-pg rfc-pg.c +--- 330,336 ---- + $(CC) -o rfc-pg rfc-pg.o .c.o: -! $(CC) -c -I. -I$(GMPINCDIR) -I$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" $(CFLAGS) $(X_CFLAGS) $< +! $(CC) -c -I. $(KERBEROS_INCS) -I$(GMPINCDIR) -I$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd *************** -*** 310,328 **** +*** 361,379 **** sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -71,7 +71,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ ---- 316,334 ---- +--- 367,385 ---- sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -92,24 +92,24 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ *************** -*** 379,385 **** +*** 430,436 **** # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. ! install: $(PROGRAMS) make-dirs generate-host-key install-configs - $(INSTALL_PROGRAM) -o root -m 04711 ssh $(install_prefix)$(bindir)/ssh + $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \ rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \ ---- 385,391 ---- +--- 436,442 ---- # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. ! install: $(PROGRAMS) make-dirs install-configs - $(INSTALL_PROGRAM) -o root -m 04711 ssh $(install_prefix)$(bindir)/ssh + $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \ rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \ *************** -*** 480,506 **** +*** 531,557 **** clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -127,58 +127,58 @@ -rm -rf $(DISTNAME) -mkdir $(DISTNAME) cp $(DISTFILES) $(DISTNAME) - -rm $(DISTNAME)/config.h -! tar pcf - $(GMPDIR) | (cd $(DISTNAME); tar pxf -) -! cd $(DISTNAME)/$(GMPDIR); $(MAKE) distclean + for i in $(DISTSRCS); do cp $(srcdir)/$$i $(DISTNAME); done +! (cd $(GMPDIR); make dist) +! gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - ) # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -) # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a -! tar pcf - $(ZLIBDIR) | (cd $(DISTNAME); tar pxf -) -! cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a +! (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) +! cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS tar pcf $(DISTNAME).tar $(DISTNAME) -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar ---- 486,512 ---- +--- 537,563 ---- clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg -! # cd $(GMPDIR); $(MAKE) clean +! # cd $(GMPDIR); $(MAKE) clean # cd $(RSAREFSRCDIR); rm -f *.o *.a ! # cd $(ZLIBDIR); $(MAKE) clean distclean: clean -rm -f Makefile config.status config.cache config.log config.h -rm -f ssh.1 sshd.8 make-ssh-known-hosts.1 -! # cd $(GMPDIR); $(MAKE) distclean +! # cd $(GMPDIR); $(MAKE) distclean ! # cd $(ZLIBDIR); $(MAKE) distclean dist: -rm -rf $(DISTNAME) -mkdir $(DISTNAME) cp $(DISTFILES) $(DISTNAME) - -rm $(DISTNAME)/config.h -! # tar pcf - $(GMPDIR) | (cd $(DISTNAME); tar pxf -) -! # cd $(DISTNAME)/$(GMPDIR); $(MAKE) distclean + for i in $(DISTSRCS); do cp $(srcdir)/$$i $(DISTNAME); done +! # (cd $(GMPDIR); make dist) +! # gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - ) # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -) # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a -! # tar pcf - $(ZLIBDIR) | (cd $(DISTNAME); tar pxf -) -! # cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a +! # (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) +! # cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS tar pcf $(DISTNAME).tar $(DISTNAME) -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar *************** -*** 512,518 **** - (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed version.h >/dev/null +*** 563,569 **** + (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: ! $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS) tags: - find config.h $(srcdir) -name '*.[chly]' -print | xargs etags -a ---- 518,524 ---- - (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed version.h >/dev/null + -rm -f TAGS +--- 569,575 ---- + (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: ! $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS) tags: - find config.h $(srcdir) -name '*.[chly]' -print | xargs etags -a + -rm -f TAGS diff --git a/security/ssh2/files/patch-ad b/security/ssh2/files/patch-ad deleted file mode 100644 index 5eeb34a2e22e..000000000000 --- a/security/ssh2/files/patch-ad +++ /dev/null @@ -1,32 +0,0 @@ -*** sshconnect.c.orig Wed Oct 16 10:10:26 1996 ---- sshconnect.c Wed Oct 16 10:23:49 1996 -*************** -*** 797,802 **** ---- 797,803 ---- - char buf[256], remote_version[256]; /* must be same size! */ - int remote_major, remote_minor, i; - int my_major, my_minor; -+ int len; - int connection_in = packet_get_connection_in(); - int connection_out = packet_get_connection_out(); - -*************** -*** 803,809 **** - /* Read other side\'s version identification. */ - for (i = 0; i < sizeof(buf) - 1; i++) - { -! if (read(connection_in, &buf[i], 1) != 1) - fatal("read: %.100s", strerror(errno)); - if (buf[i] == '\r') - { ---- 804,813 ---- - /* Read other side\'s version identification. */ - for (i = 0; i < sizeof(buf) - 1; i++) - { -! len = read(connection_in, &buf[i], 1); -! if (len == 0) -! fatal("Connection closed by foreign host."); -! else if (len < 0) - fatal("read: %.100s", strerror(errno)); - if (buf[i] == '\r') - {
\ No newline at end of file diff --git a/security/ssh2/files/patch-af b/security/ssh2/files/patch-af index cd99b4fcd418..bd1982e6e60a 100644 --- a/security/ssh2/files/patch-af +++ b/security/ssh2/files/patch-af @@ -1,9 +1,9 @@ -*** sshd.c.orig Wed Oct 30 15:27:55 1996 ---- sshd.c Fri Jan 31 00:36:15 1997 +*** sshd.c.orig Thu Mar 27 09:04:08 1997 +--- sshd.c Sat Mar 29 02:11:03 1997 *************** -*** 298,303 **** ---- 298,307 ---- - extern char *setlimits(); +*** 370,375 **** +--- 370,379 ---- + #include "firewall.h" /* TIS authsrv authentication */ #endif + #ifdef HAVE_LOGIN_CAP_H @@ -14,8 +14,8 @@ #define DEFAULT_SHELL _PATH_BSHELL #else *************** -*** 2108,2113 **** ---- 2112,2127 ---- +*** 2697,2702 **** +--- 2701,2716 ---- printf("Last login: %s from %s\r\n", time_string, buf); } @@ -33,8 +33,8 @@ disabled in server options. Note that some machines appear to print it in /etc/profile or similar. */ *************** -*** 2124,2129 **** ---- 2138,2152 ---- +*** 2714,2719 **** +--- 2728,2742 ---- fclose(f); } } @@ -51,7 +51,7 @@ /* Do common processing for the child, such as execing the command. */ do_child(command, pw, term, display, auth_proto, auth_data, ttyname); *************** -*** 2376,2382 **** +*** 2969,2975 **** char *user_shell; char *remote_ip; int remote_port; @@ -59,13 +59,12 @@ /* Check /etc/nologin. */ f = fopen("/etc/nologin", "r"); if (f) ---- 2399,2412 ---- +--- 2992,3004 ---- char *user_shell; char *remote_ip; int remote_port; ! #ifdef HAVE_LOGIN_CAP_H ! login_cap_t *lc; -! char **tmpenv; ! char *real_shell; ! ! lc = login_getuserclass(pw); @@ -75,9 +74,9 @@ f = fopen("/etc/nologin", "r"); if (f) *************** -*** 2390,2395 **** ---- 2420,2426 ---- - if (pw->pw_uid != 0) +*** 2983,2988 **** +--- 3012,3018 ---- + if (pw->pw_uid != UID_ROOT) exit(254); } + #endif /* HAVE_LOGIN_CAP_H */ @@ -85,7 +84,7 @@ if (command != NULL) { *************** -*** 2402,2408 **** +*** 2995,3001 **** else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -93,7 +92,7 @@ #ifdef HAVE_SETLOGIN /* Set login name in the kernel. Warning: setsid() must be called before this. */ ---- 2433,2440 ---- +--- 3025,3032 ---- else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -103,83 +102,101 @@ /* Set login name in the kernel. Warning: setsid() must be called before this. */ *************** -*** 2417,2422 **** ---- 2449,2455 ---- +*** 3016,3021 **** +--- 3047,3053 ---- if (setpcred((char *)pw->pw_name, NULL)) log_msg("setpcred %.100s: %.100s", strerror(errno)); #endif /* HAVE_USERSEC_H */ -+ #endif /* HAVE_LOGIN_CAP_H */ ++ #endif /* !HAVE_LOGIN_CAP_H */ /* Save some data that will be needed so that we can do certain cleanups before we switch to user's uid. (We must clear all sensitive data *************** -*** 2474,2479 **** ---- 2507,2553 ---- - close(i); - } - +*** 3086,3091 **** +--- 3118,3181 ---- + if (command != NULL || !options.use_login) + #endif /* USELOGIN */ + { + #ifdef HAVE_LOGIN_CAP_H -+ /* Save previous environment array -+ */ -+ tmpenv = environ; -+ /* Initialize the new environment. -+ */ -+ envsize = 64; -+ environ = env = xmalloc(envsize * sizeof(char *)); -+ env[0] = NULL; ++ char *p, *s, **tmpenv; + -+ child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR); ++ /* Save previous environment array ++ */ ++ tmpenv = environ; ++ /* Initialize the new environment. ++ */ ++ envsize = 64; ++ environ = env = xmalloc(envsize * sizeof(char *)); ++ env[0] = NULL; + -+ /* Let it inherit timezone if we have one. */ -+ if (getenv("TZ")) -+ child_set_env(&env, &envsize, "TZ", getenv("TZ")); ++ child_set_env(&env, &envsize, "PATH", DEFAULT_PATH); + + #ifdef MAIL_SPOOL_DIRECTORY -+ sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name); -+ child_set_env(&env, &envsize, "MAIL", buf); ++ sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name); ++ child_set_env(&env, &envsize, "MAIL", buf); + #else /* MAIL_SPOOL_DIRECTORY */ + #ifdef MAIL_SPOOL_FILE -+ sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE); -+ child_set_env(&env, &envsize, "MAIL", buf); ++ sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE); ++ child_set_env(&env, &envsize, "MAIL", buf); + #endif /* MAIL_SPOOL_FILE */ + #endif /* MAIL_SPOOL_DIRECTORY */ + -+ /* Set the user's login environment -+ */ -+ if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0) -+ { -+ perror("setgid"); -+ exit(1); -+ } -+ env = environ; -+ environ = tmpenv; /* Restore parent environment */ -+ for (envsize = 0; env[envsize] != NULL; ++envsize) -+ ; -+ /* Reallocate this to what is expected */ -+ envsize = (envsize < 100) ? 100 : envsize + 16; -+ env = xrealloc(env, envsize * sizeof(char *)); ++ /* Let it inherit timezone if we have one. */ ++ if (getenv("TZ")) ++ child_set_env(&env, &envsize, "TZ", getenv("TZ")); ++ ++ /* Set the user's login environment ++ */ ++ if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0) ++ { ++ perror("setusercontext"); ++ exit(1); ++ } ++ ++ p = getenv("PATH"); ++ s = xmalloc((p != NULL ? strlen(p) + 1 : 0) + sizeof(SSH_BINDIR)); ++ *s = '\0'; ++ if (p != NULL) ++ { ++ strcat(s, p); ++ strcat(s, ":"); ++ } ++ strcat(s, SSH_BINDIR); ++ ++ env = environ; ++ environ = tmpenv; /* Restore parent environment */ ++ for (envsize = 0; env[envsize] != NULL; ++envsize) ++ ; ++ /* Reallocate this to what is expected */ ++ envsize = (envsize < 100) ? 100 : envsize + 16; ++ env = xrealloc(env, envsize * sizeof(char *)); ++ ++ child_set_env(&env, &envsize, "PATH", s); ++ xfree(s); ++ + #else /* !HAVE_LOGIN_CAP_H */ - /* At this point, this process should no longer be holding any confidential - information, as changing uid below will permit the user to attach with - a debugger on some machines. */ + /* Set uid, gid, and groups. */ + if (getuid() == UID_ROOT || geteuid() == UID_ROOT) + { *************** -*** 2514,2519 **** ---- 2588,2594 ---- - - if (getuid() != user_uid || geteuid() != user_uid) - fatal("Failed to set uids to %d.", (int)user_uid); +*** 3117,3122 **** +--- 3207,3213 ---- + + if (getuid() != user_uid || geteuid() != user_uid) + fatal("Failed to set uids to %d.", (int)user_uid); + #endif /* HAVE_LOGIN_CAP_H */ - + } + /* Reset signals to their default settings before starting the user - process. */ *************** -*** 2523,2538 **** ---- 2598,2621 ---- +*** 3127,3137 **** +--- 3218,3233 ---- and means /bin/sh. */ shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; + #ifdef HAVE_LOGIN_CAP_H + real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell); ++ login_close(lc); + #else /* !HAVE_LOGIN_CAP_H */ /* Initialize the environment. In the first part we allocate space for all environment variables. */ @@ -188,44 +205,60 @@ env[0] = NULL; + #endif /* HAVE_LOGIN_CAP_H */ - /* Set basic environment. */ - child_set_env(&env, &envsize, "USER", user_name); - child_set_env(&env, &envsize, "LOGNAME", user_name); - child_set_env(&env, &envsize, "HOME", user_dir); + #ifdef USELOGIN + if (command != NULL || !options.use_login) +*************** +*** 3141,3146 **** +--- 3237,3244 ---- + child_set_env(&env, &envsize, "HOME", user_dir); + child_set_env(&env, &envsize, "USER", user_name); + child_set_env(&env, &envsize, "LOGNAME", user_name); + -+ #ifdef HAVE_LOGIN_CAP_H -+ login_close(lc); -+ #else /* !HAVE_LOGIN_CAP_H */ - child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR); - - /* Let it inherit timezone if we have one. */ ++ #ifndef HAVE_LOGIN_CAP_H + child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR); + + #ifdef MAIL_SPOOL_DIRECTORY *************** -*** 2548,2553 **** ---- 2631,2637 ---- - child_set_env(&env, &envsize, "MAIL", buf); +*** 3152,3157 **** +--- 3250,3256 ---- + child_set_env(&env, &envsize, "MAIL", buf); #endif /* MAIL_SPOOL_FILE */ #endif /* MAIL_SPOOL_DIRECTORY */ -+ #endif /* HAVE_LOGIN_CAP_H */ - ++ #endif /* !HAVE_LOGIN_CAP_H */ + #ifdef HAVE_ETC_DEFAULT_LOGIN - /* Read /etc/default/login; this exists at least on Solaris 2.x. Note + /* Read /etc/default/login; this exists at least on Solaris 2.x. Note +*************** +*** 3167,3175 **** +--- 3266,3276 ---- + child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", + original_command); + ++ #ifndef HAVE_LOGIN_CAP_H + /* Let it inherit timezone if we have one. */ + if (getenv("TZ")) + child_set_env(&env, &envsize, "TZ", getenv("TZ")); ++ #endif /* !HAVE_LOGIN_CAP_H */ + + /* Set custom environment options from RSA authentication. */ + while (custom_environment) *************** -*** 2710,2716 **** ---- 2794,2804 ---- - /* Execute the shell. */ - argv[0] = buf; - argv[1] = NULL; +*** 3389,3395 **** +--- 3490,3500 ---- + /* Execute the shell. */ + argv[0] = buf; + argv[1] = NULL; + #ifdef HAVE_LOGIN_CAP_H -+ execve(real_shell, argv, env); ++ execve(real_shell, argv, env); + #else - execve(shell, argv, env); + execve(shell, argv, env); + #endif /* HAVE_LOGIN_CAP_H */ - /* Executing the shell failed. */ - perror(shell); - exit(1); + /* Executing the shell failed. */ + perror(shell); + exit(1); *************** -*** 2722,2728 **** ---- 2810,2820 ---- +*** 3410,3416 **** +--- 3515,3525 ---- argv[1] = "-c"; argv[2] = (char *)command; argv[3] = NULL; diff --git a/security/ssh2/files/patch-aj b/security/ssh2/files/patch-aj index 74821f010661..008d4dec5cdc 100644 --- a/security/ssh2/files/patch-aj +++ b/security/ssh2/files/patch-aj @@ -1,7 +1,7 @@ -*** configure.in.orig Wed Oct 30 15:27:56 1996 ---- configure.in Thu Jan 30 23:00:38 1997 +*** configure.in.orig Thu Mar 27 09:04:06 1997 +--- configure.in Sat Mar 29 01:16:51 1997 *************** -*** 469,477 **** +*** 574,582 **** export CFLAGS CC @@ -11,7 +11,7 @@ AC_MSG_CHECKING([that the compiler works]) AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], ---- 469,477 ---- +--- 574,582 ---- export CFLAGS CC @@ -22,7 +22,7 @@ AC_MSG_CHECKING([that the compiler works]) AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], *************** -*** 523,529 **** +*** 628,634 **** AC_HEADER_STDC AC_HEADER_SYS_WAIT @@ -30,7 +30,7 @@ AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h) AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) AC_HEADER_TIME ---- 523,529 ---- +--- 628,634 ---- AC_HEADER_STDC AC_HEADER_SYS_WAIT diff --git a/security/ssh2/files/patch-al b/security/ssh2/files/patch-al index 9fd18168138a..7ca297bc9ea7 100644 --- a/security/ssh2/files/patch-al +++ b/security/ssh2/files/patch-al @@ -1,8 +1,8 @@ -*** sshconnect.c.orig Thu Jan 30 23:00:03 1997 ---- sshconnect.c Thu Jan 30 23:00:04 1997 +*** sshconnect.c.orig Thu Mar 27 09:04:10 1997 +--- sshconnect.c Sat Mar 29 01:16:51 1997 *************** -*** 239,244 **** ---- 239,250 ---- +*** 298,303 **** +--- 298,309 ---- { struct sockaddr_in sin; int p; @@ -16,8 +16,8 @@ { sock = socket(AF_INET, SOCK_STREAM, 0); *************** -*** 266,271 **** ---- 272,278 ---- +*** 325,330 **** +--- 331,337 ---- } fatal("bind: %.100s", strerror(errno)); } |