author: Peter Wemm <peter@FreeBSD.org> 1997-04-25 05:01:06 +0000
committer: Peter Wemm <peter@FreeBSD.org> 1997-04-25 05:01:06 +0000
commit: 25c2756dd915624a8150b4bc591cad97450be717 (patch)
tree: 812b9d2987b23cae54cc136d1401528831fee326 /security/ssh
parent: 27b9e535a701c60f4762b2c919d8c49d1863b740 (diff)
download: ports-25c2756dd915624a8150b4bc591cad97450be717.tar.gz
ports-25c2756dd915624a8150b4bc591cad97450be717.zip
6 files changed, 76 insertions, 67 deletions
diff --git a/security/ssh/Makefile b/security/ssh/Makefile
index f06d971948e9..d00ccc3401ba 100644
--- a/security/ssh/Makefile
+++ b/security/ssh/Makefile
@@ -1,16 +1,16 @@
 # New ports collection makefile for:	ssh
-# Version required:     1.2.19
+# Version required:     1.2.20
 # Date created:		30 Jul 1995
 # Whom:			torstenb@FreeBSD.ORG
 #
-# $Id: Makefile,v 1.38 1997/04/16 19:48:09 ache Exp $
+# $Id: Makefile,v 1.39 1997/04/20 13:53:01 wosch Exp $
 #
 # Maximal ssh package requires YES values for
 # USE_PERL, USE_TCPWRAP
 #
 
-DISTNAME=       ssh-1.2.19
-CATEGORIES=	security net perl5
+DISTNAME=       ssh-1.2.20
+CATEGORIES=	security net
 MASTER_SITES=   ftp://ftp.funet.fi/pub/unix/security/login/ssh/
 
 MAINTAINER=	torstenb@FreeBSD.ORG
@@ -35,6 +35,15 @@ GNU_CONFIGURE=	YES
 
 CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc
 
+#Uncomment if all your users are in their own group and their homedir
+#is writeable by that group.  Beware the security implications!
+#CONFIGURE_ARGS+= --enable-group-writeability
+
+#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection
+#over a secure medium.  This is normally dangerous since it can lead to the
+#disclosure keys and passwords.
+#CONFIGURE_ARGS+= --with-none
+
 .if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
 CONFIGURE_ARGS+= --with-rsaref
 .endif
diff --git a/security/ssh/distinfo b/security/ssh/distinfo
index b921c3e7c359..b41c04c76fe8 100644
--- a/security/ssh/distinfo
+++ b/security/ssh/distinfo
@@ -1,2 +1,2 @@
-MD5 (ssh-1.2.19.tar.gz) = a7a1b400788173b548f1c04642a52396
+MD5 (ssh-1.2.20.tar.gz) = 11d88175e5d6d9d59bea0a70330bcab4
 MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d
diff --git a/security/ssh/files/patch-aa b/security/ssh/files/patch-aa
index 3ef8ce98cc1e..83e9968ac319 100644
--- a/security/ssh/files/patch-aa
+++ b/security/ssh/files/patch-aa
@@ -1,7 +1,7 @@
-*** make-ssh-known-hosts.pl.in.orig	Thu Mar 27 09:04:06 1997
---- make-ssh-known-hosts.pl.in	Fri Mar 28 15:11:19 1997
+*** make-ssh-known-hosts.pl.in.orig	Wed Apr 23 08:40:05 1997
+--- make-ssh-known-hosts.pl.in	Fri Apr 25 12:38:21 1997
 ***************
-*** 84,90 ****
+*** 87,93 ****
   $debug = 5;
   $defserver = '';
   $bell='\a';
@@ -9,7 +9,7 @@
   $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$";
   $timeout = 60;
   $ping_timeout = 3;
---- 84,90 ----
+--- 87,93 ----
   $debug = 5;
   $defserver = '';
   $bell='\a';
diff --git a/security/ssh/files/patch-ac b/security/ssh/files/patch-ac
index 6823f8a5bd28..90cc133acd97 100644
--- a/security/ssh/files/patch-ac
+++ b/security/ssh/files/patch-ac
@@ -1,7 +1,7 @@
-*** Makefile.in.orig	Sun Apr  6 03:56:58 1997
---- Makefile.in	Wed Apr 16 22:59:17 1997
+*** Makefile.in.orig	Wed Apr 23 08:40:06 1997
+--- Makefile.in	Fri Apr 25 12:39:38 1997
 ***************
-*** 229,240 ****
+*** 237,248 ****
   SHELL = /bin/sh
   
   GMPDIR 		= gmp-2.0.2-ssh-2
@@ -14,7 +14,7 @@
   
   RSAREFDIR	= rsaref2
   RSAREFSRCDIR 	= $(RSAREFDIR)/source
---- 229,246 ----
+--- 237,254 ----
   SHELL = /bin/sh
   
   GMPDIR 		= gmp-2.0.2-ssh-2
@@ -34,7 +34,7 @@
   RSAREFDIR	= rsaref2
   RSAREFSRCDIR 	= $(RSAREFDIR)/source
 ***************
-*** 328,334 ****
+*** 336,342 ****
   	$(CC) -o rfc-pg rfc-pg.o
   
   .c.o:
@@ -42,7 +42,7 @@
   
   sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
   	-rm -f sshd
---- 334,340 ----
+--- 342,348 ----
   	$(CC) -o rfc-pg rfc-pg.o
   
   .c.o:
@@ -51,7 +51,7 @@
   sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
   	-rm -f sshd
 ***************
-*** 365,383 ****
+*** 373,391 ****
   	sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
   	chmod +x make-ssh-known-hosts
   
@@ -71,7 +71,7 @@
   
   $(RSAREFSRCDIR)/librsaref.a:
   	-if test '!' -d $(RSAREFDIR); then \
---- 371,389 ----
+--- 379,397 ----
   	sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
   	chmod +x make-ssh-known-hosts
   
@@ -92,7 +92,7 @@
   $(RSAREFSRCDIR)/librsaref.a:
   	-if test '!' -d $(RSAREFDIR); then \
 ***************
-*** 434,440 ****
+*** 442,448 ****
   # (otherwise it can only log in as the user it runs as, and must be
   # bound to a non-privileged port).  Also, password authentication may
   # not be available if non-root and using shadow passwords.
@@ -100,7 +100,7 @@
   	-rm -f $(install_prefix)$(bindir)/ssh.old
   	-mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old
   	-chmod 755 $(install_prefix)$(bindir)/ssh.old
---- 440,446 ----
+--- 448,454 ----
   # (otherwise it can only log in as the user it runs as, and must be
   # bound to a non-privileged port).  Also, password authentication may
   # not be available if non-root and using shadow passwords.
@@ -109,7 +109,7 @@
   	-mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old
   	-chmod 755 $(install_prefix)$(bindir)/ssh.old
 ***************
-*** 543,569 ****
+*** 551,577 ****
   
   clean:
   	-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
@@ -137,7 +137,7 @@
   	tar pcf $(DISTNAME).tar $(DISTNAME)
   	-rm -f $(DISTNAME).tar.gz
   	gzip $(DISTNAME).tar
---- 549,575 ----
+--- 557,583 ----
   
   clean:
   	-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
@@ -166,7 +166,7 @@
   	-rm -f $(DISTNAME).tar.gz
   	gzip $(DISTNAME).tar
 ***************
-*** 575,581 ****
+*** 583,589 ****
   	 (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
   
   depend:
@@ -174,7 +174,7 @@
   
   tags:
   	-rm -f TAGS
---- 581,587 ----
+--- 589,595 ----
   	 (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
   
   depend:
diff --git a/security/ssh/files/patch-af b/security/ssh/files/patch-af
index 94bfa1563a51..5e3eb7c79f92 100644
--- a/security/ssh/files/patch-af
+++ b/security/ssh/files/patch-af
@@ -1,8 +1,8 @@
-*** sshd.c.orig	Sun Apr  6 03:57:00 1997
---- sshd.c	Wed Apr 16 23:27:28 1997
+*** sshd.c.orig	Wed Apr 23 08:40:08 1997
+--- sshd.c	Fri Apr 25 12:40:20 1997
 ***************
-*** 379,384 ****
---- 379,388 ----
+*** 400,405 ****
+--- 400,409 ----
   #include "firewall.h"	/* TIS authsrv authentication */
   #endif
   
@@ -14,8 +14,8 @@
   #define DEFAULT_SHELL		_PATH_BSHELL
   #else
 ***************
-*** 2617,2622 ****
---- 2621,2629 ----
+*** 2654,2659 ****
+--- 2658,2666 ----
     struct sockaddr_in from;
     int fromlen;
     struct pty_cleanup_context cleanup_context;
@@ -26,7 +26,7 @@
     /* We no longer need the child running on user's privileges. */
     userfile_uninit();
 ***************
-*** 2688,2698 ****
+*** 2725,2735 ****
         record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, 
   		   &from);
   
@@ -38,7 +38,7 @@
         /* If the user has logged in before, display the time of last login. 
            However, don't display anything extra if a command has been 
   	 specified (so that ssh can be used to execute commands on a remote
---- 2695,2713 ----
+--- 2732,2750 ----
         record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, 
   		   &from);
   
@@ -59,8 +59,8 @@
            However, don't display anything extra if a command has been 
   	 specified (so that ssh can be used to execute commands on a remote
 ***************
-*** 2712,2717 ****
---- 2727,2755 ----
+*** 2749,2754 ****
+--- 2764,2792 ----
   	    printf("Last login: %s from %s\r\n", time_string, buf);
   	}
   
@@ -91,8 +91,8 @@
   	 disabled in server options.  Note that some machines appear to
   	 print it in /etc/profile or similar. */
 ***************
-*** 2721,2727 ****
---- 2759,2769 ----
+*** 2758,2764 ****
+--- 2796,2806 ----
   	  FILE *f;
   
   	  /* Print /etc/motd if it exists. */
@@ -105,8 +105,8 @@
   	    {
   	      while (fgets(line, sizeof(line), f))
 ***************
-*** 2729,2734 ****
---- 2771,2799 ----
+*** 2766,2771 ****
+--- 2808,2836 ----
   	      fclose(f);
   	    }
   	}
@@ -137,7 +137,7 @@
         /* Do common processing for the child, such as execing the command. */
         do_child(command, pw, term, display, auth_proto, auth_data, ttyname);
 ***************
-*** 2986,2992 ****
+*** 3017,3023 ****
     char *user_shell;
     char *remote_ip;
     int remote_port;
@@ -145,7 +145,7 @@
     /* Check /etc/nologin. */
     f = fopen("/etc/nologin", "r");
     if (f)
---- 3051,3063 ----
+--- 3082,3094 ----
     char *user_shell;
     char *remote_ip;
     int remote_port;
@@ -160,8 +160,8 @@
     f = fopen("/etc/nologin", "r");
     if (f)
 ***************
-*** 3000,3005 ****
---- 3071,3077 ----
+*** 3031,3036 ****
+--- 3102,3108 ----
         if (pw->pw_uid != UID_ROOT)
   	exit(254);
       }
@@ -170,7 +170,7 @@
     if (command != NULL)
       {
 ***************
-*** 3012,3018 ****
+*** 3043,3049 ****
         else
   	log_msg("executing remote command as user %.200s", pw->pw_name);
       }
@@ -178,7 +178,7 @@
   #ifdef HAVE_SETLOGIN
     /* Set login name in the kernel.  Warning: setsid() must be called before
        this. */
---- 3084,3091 ----
+--- 3115,3122 ----
         else
   	log_msg("executing remote command as user %.200s", pw->pw_name);
       }
@@ -188,8 +188,8 @@
     /* Set login name in the kernel.  Warning: setsid() must be called before
        this. */
 ***************
-*** 3033,3038 ****
---- 3106,3112 ----
+*** 3064,3069 ****
+--- 3137,3143 ----
     if (setpcred((char *)pw->pw_name, NULL))
       log_msg("setpcred %.100s: %.100s", strerror(errno));
   #endif /* HAVE_USERSEC_H */
@@ -198,8 +198,8 @@
     /* Save some data that will be needed so that we can do certain cleanups
        before we switch to user's uid.  (We must clear all sensitive data 
 ***************
-*** 3103,3108 ****
---- 3177,3240 ----
+*** 3134,3139 ****
+--- 3208,3271 ----
     if (command != NULL || !options.use_login)
   #endif /* USELOGIN */
       {
@@ -265,8 +265,8 @@
         if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
   	{ 
 ***************
-*** 3134,3139 ****
---- 3266,3272 ----
+*** 3165,3170 ****
+--- 3297,3303 ----
         
         if (getuid() != user_uid || geteuid() != user_uid)
   	fatal("Failed to set uids to %d.", (int)user_uid);
@@ -275,8 +275,8 @@
     
     /* Reset signals to their default settings before starting the user
 ***************
-*** 3144,3154 ****
---- 3277,3292 ----
+*** 3175,3185 ****
+--- 3308,3323 ----
        and means /bin/sh. */
     shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell;
   
@@ -294,8 +294,8 @@
   #ifdef USELOGIN
     if (command != NULL || !options.use_login)
 ***************
-*** 3158,3163 ****
---- 3296,3303 ----
+*** 3189,3194 ****
+--- 3327,3334 ----
         child_set_env(&env, &envsize, "HOME", user_dir);
         child_set_env(&env, &envsize, "USER", user_name);
         child_set_env(&env, &envsize, "LOGNAME", user_name);
@@ -305,8 +305,8 @@
         
   #ifdef MAIL_SPOOL_DIRECTORY
 ***************
-*** 3169,3174 ****
---- 3309,3315 ----
+*** 3200,3205 ****
+--- 3340,3346 ----
         child_set_env(&env, &envsize, "MAIL", buf);
   #endif /* MAIL_SPOOL_FILE */
   #endif /* MAIL_SPOOL_DIRECTORY */
@@ -315,8 +315,8 @@
   #ifdef HAVE_ETC_DEFAULT_LOGIN
         /* Read /etc/default/login; this exists at least on Solaris 2.x.  Note
 ***************
-*** 3184,3192 ****
---- 3325,3335 ----
+*** 3215,3223 ****
+--- 3356,3366 ----
       child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
   		  original_command);
     
@@ -329,8 +329,8 @@
     /* Set custom environment options from RSA authentication. */
     while (custom_environment) 
 ***************
-*** 3406,3412 ****
---- 3549,3559 ----
+*** 3437,3443 ****
+--- 3580,3590 ----
   	  /* Execute the shell. */
   	  argv[0] = buf;
   	  argv[1] = NULL;
@@ -343,8 +343,8 @@
   	  perror(shell);
   	  exit(1);
 ***************
-*** 3427,3433 ****
---- 3574,3584 ----
+*** 3458,3464 ****
+--- 3605,3615 ----
     argv[1] = "-c";
     argv[2] = (char *)command;
     argv[3] = NULL;
diff --git a/security/ssh/files/patch-al b/security/ssh/files/patch-al
index 9b8ef9f85303..1da799c26ac5 100644
--- a/security/ssh/files/patch-al
+++ b/security/ssh/files/patch-al
@@ -1,8 +1,8 @@
-*** sshconnect.c.orig	Sun Apr  6 03:57:04 1997
---- sshconnect.c	Wed Apr 16 23:04:17 1997
+*** sshconnect.c.orig	Wed Apr 23 08:40:11 1997
+--- sshconnect.c	Fri Apr 25 12:41:59 1997
 ***************
-*** 302,307 ****
---- 302,313 ----
+*** 311,316 ****
+--- 311,322 ----
       {
         struct sockaddr_in sin;
         int p;
@@ -16,8 +16,8 @@
   	{
   	  sock = socket(AF_INET, SOCK_STREAM, 0);
 ***************
-*** 329,334 ****
---- 335,341 ----
+*** 338,343 ****
+--- 344,350 ----
   	    }
   	  fatal("bind: %.100s", strerror(errno));
   	}
author	Peter Wemm <peter@FreeBSD.org>	1997-04-25 05:01:06 +0000
committer	Peter Wemm <peter@FreeBSD.org>	1997-04-25 05:01:06 +0000
commit	25c2756dd915624a8150b4bc591cad97450be717 (patch)
tree	812b9d2987b23cae54cc136d1401528831fee326 /security/ssh
parent	27b9e535a701c60f4762b2c919d8c49d1863b740 (diff)
download	ports-25c2756dd915624a8150b4bc591cad97450be717.tar.gz ports-25c2756dd915624a8150b4bc591cad97450be717.zip