diff options
| author | Dirk Meyer <dinoex@FreeBSD.org> | 2002-05-31 07:28:46 +0000 |
|---|---|---|
| committer | Dirk Meyer <dinoex@FreeBSD.org> | 2002-05-31 07:28:46 +0000 |
| commit | f4eb252ac6f0d7338803b39c6a619b398d650910 (patch) | |
| tree | d197d8ac19cf29f589c3b2723fdec073a7325413 /security | |
| parent | ac188fe098a270bcc573db0026cb104a48c23418 (diff) | |
| download | ports-f4eb252ac6f0d7338803b39c6a619b398d650910.tar.gz ports-f4eb252ac6f0d7338803b39c6a619b398d650910.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/hpn-ssh/Makefile | 17 | ||||
| -rw-r--r-- | security/hpn-ssh/distinfo | 7 | ||||
| -rw-r--r-- | security/hpn-ssh/files/patch-readpassphrase.c | 25 | ||||
| -rw-r--r-- | security/hpn-ssh/files/patch-session.c | 50 | ||||
| -rw-r--r-- | security/openssh-portable/Makefile | 17 | ||||
| -rw-r--r-- | security/openssh-portable/distinfo | 7 | ||||
| -rw-r--r-- | security/openssh-portable/files/patch-readpassphrase.c | 25 | ||||
| -rw-r--r-- | security/openssh-portable/files/patch-session.c | 50 | ||||
| -rw-r--r-- | security/openssh/Makefile | 5 | ||||
| -rw-r--r-- | security/openssh/distinfo | 5 | ||||
| -rw-r--r-- | security/openssh/files/patch-auth1.c | 19 | ||||
| -rw-r--r-- | security/openssh/files/patch-auth2.c | 23 | ||||
| -rw-r--r-- | security/openssh/files/patch-includes.h | 22 | ||||
| -rw-r--r-- | security/openssh/files/patch-lib-Makefile | 21 | ||||
| -rw-r--r-- | security/openssh/files/patch-session.c | 66 | ||||
| -rw-r--r-- | security/openssh/files/patch-sshconnect2.c | 11 | ||||
| -rw-r--r-- | security/openssh/files/patch-sshd-Makefile | 12 | ||||
| -rw-r--r-- | security/openssh/files/patch-sshd_config | 8 |
18 files changed, 168 insertions, 222 deletions
diff --git a/security/hpn-ssh/Makefile b/security/hpn-ssh/Makefile index ca1133761e69..3de6bdb4a6de 100644 --- a/security/hpn-ssh/Makefile +++ b/security/hpn-ssh/Makefile @@ -6,17 +6,13 @@ # PORTNAME= openssh -PORTVERSION= 3.1p1 -PORTREVISION= 4 +PORTVERSION= 3.2.3p1 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ ftp://carroll.cac.psu.edu/pub/OpenBSD/OpenSSH/portable/ PKGNAMESUFFIX= -portable -PATCH_SITES= ${MASTER_SITES} -PATCHFILES= openssh-3.1p1-adv.token.patch - MAINTAINER= dinoex@FreeBSD.org MAN1= sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1 @@ -26,7 +22,7 @@ MAN8= sftp-server.8 sshd.8 CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto USE_OPENSSL= yes GNU_CONFIGURE= yes -CONFIGURE_ARGS?= --prefix=${PREFIX} --with-md5-passwords +CONFIGURE_ARGS+= --prefix=${PREFIX} --with-md5-passwords CLEAN= etc/ssh_config etc/sshd_config etc/moduli \ etc/ssh_host_key etc/ssh_host_key.pub \ etc/ssh_host_dsa_key etc/ssh_host_dsa_key.pub \ @@ -53,12 +49,11 @@ EXTRA_PATCHES+= ${FILESDIR}/batch.patch .endif .if defined(KRB5_HOME) && exists(${KRB5_HOME}) +GSSAPI_PATCH= ${PORTNAME}-${PORTVERSION}-gssapi-20020527.diff GSSAPI_SITE= http://www.sxw.org.uk/computing/patches/ MASTER_SITES+= ${GSSAPI_SITE} -DISTFILES= ${EXTRACT_ONLY} ${PORTNAME}-${PORTVERSION}-gssapi-20020321.diff +DISTFILES= ${EXTRACT_ONLY} ${GSSAPI_PATCH} EXTRACT_ONLY= ${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX} -PATCH_SITES+= ${GSSAPI_SITE} -PATCHFILES+= ${PORTNAME}-mit-krb5-20020319.diff EXTRA_PATCHES+= ${FILESDIR}/servconf.c.patch BUILD_DEPENDS= autoconf:${PORTSDIR}/devel/autoconf # USE_AUTOCONF_VER= 252 # broken @@ -69,7 +64,7 @@ AUTOHEADER= autoheader post-patch: @${ECHO_MSG} Applying extra patch for GSS-API key-exchange... @${PATCH} ${PATCH_DIST_ARGS:S/-p0/-p1/} \ - < ${DISTDIR}/${PORTNAME}-${PORTVERSION}-gssapi-20020321.diff + < ${DISTDIR}/${GSSAPI_PATCH} pre-configure: @${ECHO_MSG} !!!! Warning this option uses autoconf/autoheader !!! @@ -91,6 +86,8 @@ OPENSSLLIB= ${OPENSSLBASE}/lib OPENSSLINC= ${OPENSSLBASE}/include MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} OPENSSLINC=${OPENSSLINC} \ OPENSSLBASE=${OPENSSLBASE} OPENSSLDIR=${OPENSSLDIR} +CONFIGURE_ARGS+= --with-ssl=${OPENSSLBASE} .endif + .include <bsd.port.post.mk> diff --git a/security/hpn-ssh/distinfo b/security/hpn-ssh/distinfo index a875a7b85e22..0767cb06a250 100644 --- a/security/hpn-ssh/distinfo +++ b/security/hpn-ssh/distinfo @@ -1,4 +1,3 @@ -MD5 (openssh-3.1p1.tar.gz) = c6a52d4126ed27eb57c31729ec6b2362 -MD5 (openssh-3.1p1-gssapi-20020321.diff) = d571cea9810630650139013a1af4b1d9 -MD5 (openssh-3.1p1-adv.token.patch) = 8c34327404f504f8d5bf1a2063f4e7b7 -MD5 (openssh-mit-krb5-20020319.diff) = 151af40132624a615c96027491f09f25 +MD5 (openssh-3.2.3p1.tar.gz) = f153ccdb5a91fa06ec78d0c6313f4d77 +MD5 (openssh-3.1p1-gssapi-20020325.diff) = a5002539db6b838190ad92bc627f6b5e +MD5 (openssh-mit-krb5-20020326.diff) = 2f83bf4f0185f20672c68856aee643c8 diff --git a/security/hpn-ssh/files/patch-readpassphrase.c b/security/hpn-ssh/files/patch-readpassphrase.c deleted file mode 100644 index 28bae4877919..000000000000 --- a/security/hpn-ssh/files/patch-readpassphrase.c +++ /dev/null @@ -1,25 +0,0 @@ ---- openbsd-compat/readpassphrase.c.orig Sat Mar 30 06:08:34 2002 -+++ openbsd-compat/readpassphrase.c Sat Mar 30 06:09:33 2002 -@@ -165,6 +165,13 @@ - errno = save_errno; - return(nr == -1 ? NULL : buf); - } -+ -+static void handler(int s) -+{ -+ -+ signo = s; -+} -+ - #endif /* HAVE_READPASSPHRASE */ - - #if 0 -@@ -177,8 +184,3 @@ - } - #endif - --static void handler(int s) --{ -- -- signo = s; --} diff --git a/security/hpn-ssh/files/patch-session.c b/security/hpn-ssh/files/patch-session.c index 85d451a5576d..0baf6ee51939 100644 --- a/security/hpn-ssh/files/patch-session.c +++ b/security/hpn-ssh/files/patch-session.c @@ -1,6 +1,6 @@ ---- session.c.orig Mon Feb 25 16:48:03 2002 -+++ session.c Mon Mar 25 06:19:09 2002 -@@ -63,6 +63,13 @@ +--- session.c.orig Mon May 13 02:48:58 2002 ++++ session.c Thu May 23 14:10:44 2002 +@@ -64,6 +64,13 @@ #define is_winnt (GetVersion() < 0x80000000) #endif @@ -11,10 +11,10 @@ +#define _PATH_CHPASS "/usr/bin/passwd" +#endif /* __FreeBSD__ */ + - /* types */ + /* func */ - #define TTYSZ 64 -@@ -423,6 +430,13 @@ + Session *session_new(void); +@@ -383,6 +390,13 @@ log_init(__progname, options.log_level, options.log_facility, log_stderr); /* @@ -28,7 +28,7 @@ * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ -@@ -537,6 +551,14 @@ +@@ -497,6 +511,14 @@ /* Child. Reinitialize the log because the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -43,15 +43,8 @@ /* Close the master side of the pseudo tty. */ close(ptyfd); -@@ -659,12 +681,24 @@ - do_login(Session *s, const char *command) - { - char *time_string; -+ char *newcommand; - char hostname[MAXHOSTNAMELEN]; - socklen_t fromlen; +@@ -623,6 +645,18 @@ struct sockaddr_storage from; - time_t last_login_time; struct passwd * pw = s->pw; pid_t pid = getpid(); +#ifdef HAVE_LOGIN_CAP @@ -62,13 +55,14 @@ +#endif /* HAVE_LOGIN_CAP */ +#ifdef __FreeBSD__ +#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ ++ char *newcommand; + struct timeval tv; + time_t warntime = DEFAULT_WARN; +#endif /* __FreeBSD__ */ /* * Get IP address of client. If the connection is not a socket, let -@@ -703,6 +737,72 @@ +@@ -656,6 +690,72 @@ } #endif @@ -141,11 +135,11 @@ if (check_quietlogin(s, command)) return; -@@ -715,7 +815,17 @@ +@@ -668,7 +768,17 @@ printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ -- if (options.print_lastlog && last_login_time != 0) { +- if (options.print_lastlog && s->last_login_time != 0) { + /* + * If the user has logged in before, display the time of last + * login. However, don't display anything extra if a command @@ -155,13 +149,13 @@ + * us as well, so check if login(1) is used + */ + if (command == NULL && options.print_lastlog && -+ last_login_time != 0 && ++ s->last_login_time != 0 && + !options.use_login) { - time_string = ctime(&last_login_time); + time_string = ctime(&s->last_login_time); if (strchr(time_string, '\n')) *strchr(time_string, '\n') = 0; -@@ -725,7 +835,30 @@ - printf("Last login: %s from %s\r\n", time_string, hostname); +@@ -679,7 +789,30 @@ + s->hostname); } - do_motd(); @@ -192,7 +186,7 @@ } /* -@@ -741,9 +874,9 @@ +@@ -695,9 +828,9 @@ #ifdef HAVE_LOGIN_CAP f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r"); @@ -204,7 +198,7 @@ if (f) { while (fgets(buf, sizeof(buf), f)) fputs(buf, stdout); -@@ -770,10 +903,10 @@ +@@ -724,10 +857,10 @@ #ifdef HAVE_LOGIN_CAP if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) return 1; @@ -217,7 +211,7 @@ return 0; } -@@ -902,6 +1035,10 @@ +@@ -856,6 +989,10 @@ #endif if (!options.use_login) { @@ -228,7 +222,7 @@ /* Set basic environment. */ child_set_env(&env, &envsize, "USER", pw->pw_name); child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); -@@ -909,6 +1046,12 @@ +@@ -863,6 +1000,12 @@ #ifdef HAVE_LOGIN_CAP (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); child_set_env(&env, &envsize, "PATH", getenv("PATH")); @@ -241,7 +235,7 @@ #else /* HAVE_LOGIN_CAP */ # ifndef HAVE_CYGWIN /* -@@ -1241,7 +1384,7 @@ +@@ -1221,7 +1364,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ @@ -250,7 +244,7 @@ close(i); /* -@@ -1271,6 +1414,31 @@ +@@ -1251,6 +1394,31 @@ exit(1); #endif } diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index ca1133761e69..3de6bdb4a6de 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -6,17 +6,13 @@ # PORTNAME= openssh -PORTVERSION= 3.1p1 -PORTREVISION= 4 +PORTVERSION= 3.2.3p1 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ ftp://carroll.cac.psu.edu/pub/OpenBSD/OpenSSH/portable/ PKGNAMESUFFIX= -portable -PATCH_SITES= ${MASTER_SITES} -PATCHFILES= openssh-3.1p1-adv.token.patch - MAINTAINER= dinoex@FreeBSD.org MAN1= sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1 @@ -26,7 +22,7 @@ MAN8= sftp-server.8 sshd.8 CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto USE_OPENSSL= yes GNU_CONFIGURE= yes -CONFIGURE_ARGS?= --prefix=${PREFIX} --with-md5-passwords +CONFIGURE_ARGS+= --prefix=${PREFIX} --with-md5-passwords CLEAN= etc/ssh_config etc/sshd_config etc/moduli \ etc/ssh_host_key etc/ssh_host_key.pub \ etc/ssh_host_dsa_key etc/ssh_host_dsa_key.pub \ @@ -53,12 +49,11 @@ EXTRA_PATCHES+= ${FILESDIR}/batch.patch .endif .if defined(KRB5_HOME) && exists(${KRB5_HOME}) +GSSAPI_PATCH= ${PORTNAME}-${PORTVERSION}-gssapi-20020527.diff GSSAPI_SITE= http://www.sxw.org.uk/computing/patches/ MASTER_SITES+= ${GSSAPI_SITE} -DISTFILES= ${EXTRACT_ONLY} ${PORTNAME}-${PORTVERSION}-gssapi-20020321.diff +DISTFILES= ${EXTRACT_ONLY} ${GSSAPI_PATCH} EXTRACT_ONLY= ${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX} -PATCH_SITES+= ${GSSAPI_SITE} -PATCHFILES+= ${PORTNAME}-mit-krb5-20020319.diff EXTRA_PATCHES+= ${FILESDIR}/servconf.c.patch BUILD_DEPENDS= autoconf:${PORTSDIR}/devel/autoconf # USE_AUTOCONF_VER= 252 # broken @@ -69,7 +64,7 @@ AUTOHEADER= autoheader post-patch: @${ECHO_MSG} Applying extra patch for GSS-API key-exchange... @${PATCH} ${PATCH_DIST_ARGS:S/-p0/-p1/} \ - < ${DISTDIR}/${PORTNAME}-${PORTVERSION}-gssapi-20020321.diff + < ${DISTDIR}/${GSSAPI_PATCH} pre-configure: @${ECHO_MSG} !!!! Warning this option uses autoconf/autoheader !!! @@ -91,6 +86,8 @@ OPENSSLLIB= ${OPENSSLBASE}/lib OPENSSLINC= ${OPENSSLBASE}/include MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} OPENSSLINC=${OPENSSLINC} \ OPENSSLBASE=${OPENSSLBASE} OPENSSLDIR=${OPENSSLDIR} +CONFIGURE_ARGS+= --with-ssl=${OPENSSLBASE} .endif + .include <bsd.port.post.mk> diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index a875a7b85e22..0767cb06a250 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,4 +1,3 @@ -MD5 (openssh-3.1p1.tar.gz) = c6a52d4126ed27eb57c31729ec6b2362 -MD5 (openssh-3.1p1-gssapi-20020321.diff) = d571cea9810630650139013a1af4b1d9 -MD5 (openssh-3.1p1-adv.token.patch) = 8c34327404f504f8d5bf1a2063f4e7b7 -MD5 (openssh-mit-krb5-20020319.diff) = 151af40132624a615c96027491f09f25 +MD5 (openssh-3.2.3p1.tar.gz) = f153ccdb5a91fa06ec78d0c6313f4d77 +MD5 (openssh-3.1p1-gssapi-20020325.diff) = a5002539db6b838190ad92bc627f6b5e +MD5 (openssh-mit-krb5-20020326.diff) = 2f83bf4f0185f20672c68856aee643c8 diff --git a/security/openssh-portable/files/patch-readpassphrase.c b/security/openssh-portable/files/patch-readpassphrase.c deleted file mode 100644 index 28bae4877919..000000000000 --- a/security/openssh-portable/files/patch-readpassphrase.c +++ /dev/null @@ -1,25 +0,0 @@ ---- openbsd-compat/readpassphrase.c.orig Sat Mar 30 06:08:34 2002 -+++ openbsd-compat/readpassphrase.c Sat Mar 30 06:09:33 2002 -@@ -165,6 +165,13 @@ - errno = save_errno; - return(nr == -1 ? NULL : buf); - } -+ -+static void handler(int s) -+{ -+ -+ signo = s; -+} -+ - #endif /* HAVE_READPASSPHRASE */ - - #if 0 -@@ -177,8 +184,3 @@ - } - #endif - --static void handler(int s) --{ -- -- signo = s; --} diff --git a/security/openssh-portable/files/patch-session.c b/security/openssh-portable/files/patch-session.c index 85d451a5576d..0baf6ee51939 100644 --- a/security/openssh-portable/files/patch-session.c +++ b/security/openssh-portable/files/patch-session.c @@ -1,6 +1,6 @@ ---- session.c.orig Mon Feb 25 16:48:03 2002 -+++ session.c Mon Mar 25 06:19:09 2002 -@@ -63,6 +63,13 @@ +--- session.c.orig Mon May 13 02:48:58 2002 ++++ session.c Thu May 23 14:10:44 2002 +@@ -64,6 +64,13 @@ #define is_winnt (GetVersion() < 0x80000000) #endif @@ -11,10 +11,10 @@ +#define _PATH_CHPASS "/usr/bin/passwd" +#endif /* __FreeBSD__ */ + - /* types */ + /* func */ - #define TTYSZ 64 -@@ -423,6 +430,13 @@ + Session *session_new(void); +@@ -383,6 +390,13 @@ log_init(__progname, options.log_level, options.log_facility, log_stderr); /* @@ -28,7 +28,7 @@ * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ -@@ -537,6 +551,14 @@ +@@ -497,6 +511,14 @@ /* Child. Reinitialize the log because the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -43,15 +43,8 @@ /* Close the master side of the pseudo tty. */ close(ptyfd); -@@ -659,12 +681,24 @@ - do_login(Session *s, const char *command) - { - char *time_string; -+ char *newcommand; - char hostname[MAXHOSTNAMELEN]; - socklen_t fromlen; +@@ -623,6 +645,18 @@ struct sockaddr_storage from; - time_t last_login_time; struct passwd * pw = s->pw; pid_t pid = getpid(); +#ifdef HAVE_LOGIN_CAP @@ -62,13 +55,14 @@ +#endif /* HAVE_LOGIN_CAP */ +#ifdef __FreeBSD__ +#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ ++ char *newcommand; + struct timeval tv; + time_t warntime = DEFAULT_WARN; +#endif /* __FreeBSD__ */ /* * Get IP address of client. If the connection is not a socket, let -@@ -703,6 +737,72 @@ +@@ -656,6 +690,72 @@ } #endif @@ -141,11 +135,11 @@ if (check_quietlogin(s, command)) return; -@@ -715,7 +815,17 @@ +@@ -668,7 +768,17 @@ printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ -- if (options.print_lastlog && last_login_time != 0) { +- if (options.print_lastlog && s->last_login_time != 0) { + /* + * If the user has logged in before, display the time of last + * login. However, don't display anything extra if a command @@ -155,13 +149,13 @@ + * us as well, so check if login(1) is used + */ + if (command == NULL && options.print_lastlog && -+ last_login_time != 0 && ++ s->last_login_time != 0 && + !options.use_login) { - time_string = ctime(&last_login_time); + time_string = ctime(&s->last_login_time); if (strchr(time_string, '\n')) *strchr(time_string, '\n') = 0; -@@ -725,7 +835,30 @@ - printf("Last login: %s from %s\r\n", time_string, hostname); +@@ -679,7 +789,30 @@ + s->hostname); } - do_motd(); @@ -192,7 +186,7 @@ } /* -@@ -741,9 +874,9 @@ +@@ -695,9 +828,9 @@ #ifdef HAVE_LOGIN_CAP f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r"); @@ -204,7 +198,7 @@ if (f) { while (fgets(buf, sizeof(buf), f)) fputs(buf, stdout); -@@ -770,10 +903,10 @@ +@@ -724,10 +857,10 @@ #ifdef HAVE_LOGIN_CAP if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) return 1; @@ -217,7 +211,7 @@ return 0; } -@@ -902,6 +1035,10 @@ +@@ -856,6 +989,10 @@ #endif if (!options.use_login) { @@ -228,7 +222,7 @@ /* Set basic environment. */ child_set_env(&env, &envsize, "USER", pw->pw_name); child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); -@@ -909,6 +1046,12 @@ +@@ -863,6 +1000,12 @@ #ifdef HAVE_LOGIN_CAP (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); child_set_env(&env, &envsize, "PATH", getenv("PATH")); @@ -241,7 +235,7 @@ #else /* HAVE_LOGIN_CAP */ # ifndef HAVE_CYGWIN /* -@@ -1241,7 +1384,7 @@ +@@ -1221,7 +1364,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ @@ -250,7 +244,7 @@ close(i); /* -@@ -1271,6 +1414,31 @@ +@@ -1251,6 +1394,31 @@ exit(1); #endif } diff --git a/security/openssh/Makefile b/security/openssh/Makefile index a449e9bb666d..dd0343f0278c 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -6,8 +6,7 @@ # PORTNAME= openssh -PORTVERSION= 3.1 -PORTREVISION= 7 +PORTVERSION= 3.2.3 CATEGORIES= security MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \ ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \ @@ -16,7 +15,7 @@ DISTNAME= openssh-${PORTVERSION} EXTRACT_SUFX= .tgz PATCH_SITES= ${MASTER_SITES} -PATCHFILES= openbsd28_3.1.patch openssh-3.1-adv.token.patch +PATCHFILES= openbsd28_${PORTVERSION}.patch MAINTAINER= dinoex@FreeBSD.org diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 7b78282ed9bd..b4d0760d40d5 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,3 +1,2 @@ -MD5 (openssh-3.1.tgz) = b43deb1a3b2047216a28c00ccc45f548 -MD5 (openbsd28_3.1.patch) = eb904373fad27e1f71ddf5939f4923a6 -MD5 (openssh-3.1-adv.token.patch) = 4e37cb88fab56f7769126edfa66490ff +MD5 (openssh-3.2.3.tgz) = 778b0ff9dd86a61eb40c89409d359fcc +MD5 (openbsd28_3.2.3.patch) = 187fc78696a650763607dc44d993e1fd diff --git a/security/openssh/files/patch-auth1.c b/security/openssh/files/patch-auth1.c index 7be939c24a5a..c579f6153dfb 100644 --- a/security/openssh/files/patch-auth1.c +++ b/security/openssh/files/patch-auth1.c @@ -1,5 +1,5 @@ ---- auth1.c.orig Sun Feb 3 18:53:25 2002 -+++ auth1.c Sun Mar 17 20:14:40 2002 +--- auth1.c.orig Wed Apr 10 10:21:47 2002 ++++ auth1.c Thu May 23 13:07:12 2002 @@ -75,6 +75,18 @@ u_int ulen; int type = 0; @@ -23,10 +23,11 @@ #if defined(KRB4) || defined(KRB5) (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif +- PRIVSEP(auth_password(authctxt, ""))) { +#ifdef USE_PAM -+ auth_pam_password(authctxt, "") ++ PRIVSEP(auth_pam_password(authctxt, ""))) { +#else - auth_password(authctxt, "")) { ++ PRIVSEP(auth_password(authctxt, ""))) { +#endif auth_log(authctxt, 1, "without authentication", ""); return; @@ -92,14 +93,14 @@ return; @@ -354,6 +409,11 @@ - pw = NULL; - } - authctxt->pw = pw; + authctxt->valid = 1; + else + debug("do_authentication: illegal user %s", user); + +#ifdef USE_PAM + if (pw != NULL) + start_pam(pw); +#endif - setproctitle("%s", pw ? user : "unknown"); - + setproctitle("%s%s", authctxt->pw ? user : "unknown", + use_privsep ? " [net]" : ""); diff --git a/security/openssh/files/patch-auth2.c b/security/openssh/files/patch-auth2.c index a7134d573432..5359ba294756 100644 --- a/security/openssh/files/patch-auth2.c +++ b/security/openssh/files/patch-auth2.c @@ -1,6 +1,6 @@ ---- auth2.c.orig Sun Feb 24 20:14:59 2002 -+++ auth2.c Sun Mar 17 20:15:23 2002 -@@ -166,6 +166,15 @@ +--- auth2.c.orig Mon May 13 04:37:39 2002 ++++ auth2.c Thu May 23 13:11:43 2002 +@@ -168,6 +168,15 @@ Authmethod *m = NULL; char *user, *service, *method, *style = NULL; int authenticated = 0; @@ -17,7 +17,7 @@ if (authctxt == NULL) fatal("input_userauth_request: no authctxt"); @@ -187,6 +196,11 @@ - authctxt->pw = pwcopy(pw); + if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; debug2("input_userauth_request: setting up authctxt for %s", user); + @@ -28,7 +28,7 @@ } else { log("input_userauth_request: illegal user %s", user); } -@@ -200,6 +214,41 @@ +@@ -203,6 +217,41 @@ "(%s,%s) -> (%s,%s)", authctxt->user, authctxt->service, user, service); } @@ -70,7 +70,7 @@ /* reset state */ auth2_challenge_stop(authctxt); authctxt->postponed = 0; -@@ -210,6 +259,12 @@ +@@ -213,6 +262,12 @@ debug2("input_userauth_request: try method %s", method); authenticated = m->userauth(authctxt); } @@ -83,16 +83,15 @@ userauth_finish(authctxt, authenticated, method); xfree(service); -@@ -299,7 +354,12 @@ +@@ -321,7 +376,11 @@ m->enabled = NULL; packet_check_eom(); userauth_banner(); -+ +#ifdef USE_PAM -+ return authctxt->valid ? auth_pam_password(authctxt, "") : 0; -+#else /* !USE_PAM */ - return authctxt->valid ? auth_password(authctxt, "") : 0; -+#endif /* USE_PAM */ ++ return (authctxt->valid ? PRIVSEP(auth_pam_password(authctxt, "")) : 0); ++#else + return (authctxt->valid ? PRIVSEP(auth_password(authctxt, "")) : 0); ++#endif } static int diff --git a/security/openssh/files/patch-includes.h b/security/openssh/files/patch-includes.h index f110376005d8..dd24de4adc86 100644 --- a/security/openssh/files/patch-includes.h +++ b/security/openssh/files/patch-includes.h @@ -1,5 +1,5 @@ --- includes.h.orig Sat Jan 26 17:44:22 2002 -+++ includes.h Fri Mar 8 20:59:17 2002 ++++ includes.h Fri May 24 08:21:58 2002 @@ -24,12 +24,12 @@ #include <sys/select.h> #include <sys/param.h> @@ -22,7 +22,7 @@ #include <stdio.h> #include <ctype.h> #include <errno.h> -@@ -62,5 +61,46 @@ +@@ -62,5 +61,64 @@ * client program. Socketpairs do not seem to work on all systems. */ #define USE_PIPES 1 @@ -66,6 +66,24 @@ +#define INET_ADDRSTRLEN 46 +#endif + ++#ifndef OSSH_ALIGNBYTES ++#define OSSH_ALIGNBYTES (sizeof(int) - 1) ++#endif ++ ++#ifndef __CMSG_ALIGN ++#define __CMSG_ALIGN(p) (((u_int)(p) + OSSH_ALIGNBYTES) &~ OSSH_ALIGNBYTES) ++#endif ++ ++/* Length of the contents of a control message of length len */ ++#ifndef CMSG_LEN ++#define CMSG_LEN(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + (len)) ++#endif ++ ++/* Length of the space taken up by a padded control message of length len */ ++#ifndef CMSG_SPACE ++#define CMSG_SPACE(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + __CMSG_ALIGN(len)) ++#endif ++ +#endif #endif /* INCLUDES_H */ diff --git a/security/openssh/files/patch-lib-Makefile b/security/openssh/files/patch-lib-Makefile index f3bbcbbe37d3..560d1b24c052 100644 --- a/security/openssh/files/patch-lib-Makefile +++ b/security/openssh/files/patch-lib-Makefile @@ -1,19 +1,18 @@ ---- lib/Makefile.orig Tue Jun 26 19:52:41 2001 -+++ lib/Makefile Thu Nov 15 06:10:43 2001 -@@ -9,7 +9,11 @@ - rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \ - key.c dispatch.c kex.c mac.c uuencode.c misc.c \ +--- lib/Makefile.orig Thu May 23 13:12:23 2002 ++++ lib/Makefile Thu May 23 13:14:17 2002 +@@ -11,6 +11,11 @@ rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \ -- scard.c -+ scard.c strlcpy.c strlcat.c -+ + scard.c monitor_wrap.c monitor_fdpass.c + ++SRCS+= strlcpy.c strlcat.c +.if defined(COMPAT_GETADDRINFO) +SRCS+= getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c +.endif ++ + SRCS+= readpassphrase.c - NOPROFILE= yes - NOPIC= yes -@@ -18,6 +22,8 @@ + DEBUGLIBS= no +@@ -21,6 +26,8 @@ @echo -n .include <bsd.own.mk> diff --git a/security/openssh/files/patch-session.c b/security/openssh/files/patch-session.c index 4189bcc32426..932ab1e51c3d 100644 --- a/security/openssh/files/patch-session.c +++ b/security/openssh/files/patch-session.c @@ -1,8 +1,8 @@ ---- session.c.orig Mon Mar 25 06:21:20 2002 -+++ session.c Mon Mar 25 06:22:52 2002 -@@ -57,6 +57,13 @@ - #include "canohost.h" +--- session.c.orig Thu May 23 13:15:39 2002 ++++ session.c Thu May 23 13:31:48 2002 +@@ -58,6 +58,13 @@ #include "session.h" + #include "monitor_wrap.h" +#ifdef __FreeBSD__ +#include <libutil.h> @@ -11,10 +11,10 @@ +#define _PATH_CHPASS "/usr/bin/passwd" +#endif /* __FreeBSD__ */ + - /* types */ + /* func */ - #define TTYSZ 64 -@@ -386,6 +393,10 @@ + Session *session_new(void); +@@ -346,6 +353,10 @@ if (s == NULL) fatal("do_exec_no_pty: no session"); @@ -25,7 +25,7 @@ session_proctitle(s); /* Fork the child. */ -@@ -394,6 +405,13 @@ +@@ -354,6 +365,13 @@ log_init(__progname, options.log_level, options.log_facility, log_stderr); /* @@ -39,7 +39,7 @@ * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ -@@ -494,11 +512,24 @@ +@@ -454,11 +472,24 @@ ptyfd = s->ptyfd; ttyfd = s->ttyfd; @@ -64,15 +64,8 @@ /* Close the master side of the pseudo tty. */ close(ptyfd); -@@ -583,12 +614,24 @@ - do_login(Session *s, const char *command) - { - char *time_string; -+ char *newcommand; - char hostname[MAXHOSTNAMELEN]; - socklen_t fromlen; +@@ -547,6 +578,18 @@ struct sockaddr_storage from; - time_t last_login_time; struct passwd * pw = s->pw; pid_t pid = getpid(); +#ifdef HAVE_LOGIN_CAP @@ -83,15 +76,16 @@ +#endif /* HAVE_LOGIN_CAP */ +#ifdef __FreeBSD__ +#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ ++ char *newcommand; + struct timeval tv; + time_t warntime = DEFAULT_WARN; +#endif /* __FreeBSD__ */ /* * Get IP address of client. If the connection is not a socket, let -@@ -616,10 +659,101 @@ - get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), - (struct sockaddr *)&from); +@@ -569,10 +612,97 @@ + options.verify_reverse_mapping), + (struct sockaddr *)&from); +#ifdef USE_PAM + /* @@ -102,9 +96,6 @@ + print_pam_messages(); + do_pam_chauthtok(); + } -+#endif -+ -+#ifdef USE_PAM + if (!check_quietlogin(s, command) && !pam_password_change_required()) + print_pam_messages(); +#endif /* USE_PAM */ @@ -176,7 +167,7 @@ if (check_quietlogin(s, command)) return; -- if (options.print_lastlog && last_login_time != 0) { +- if (options.print_lastlog && s->last_login_time != 0) { + /* + * If the user has logged in before, display the time of last + * login. However, don't display anything extra if a command @@ -186,14 +177,13 @@ + * us as well, so check if login(1) is used + */ + if (command == NULL && options.print_lastlog && -+ last_login_time != 0 && ++ s->last_login_time != 0 && + !options.use_login) { -+ - time_string = ctime(&last_login_time); + time_string = ctime(&s->last_login_time); if (strchr(time_string, '\n')) *strchr(time_string, '\n') = 0; -@@ -629,7 +763,30 @@ - printf("Last login: %s from %s\r\n", time_string, hostname); +@@ -583,7 +713,30 @@ + s->hostname); } - do_motd(); @@ -224,7 +214,7 @@ } /* -@@ -645,9 +802,9 @@ +@@ -599,9 +752,9 @@ #ifdef HAVE_LOGIN_CAP f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r"); @@ -236,7 +226,7 @@ if (f) { while (fgets(buf, sizeof(buf), f)) fputs(buf, stdout); -@@ -674,10 +831,10 @@ +@@ -628,10 +781,10 @@ #ifdef HAVE_LOGIN_CAP if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) return 1; @@ -249,7 +239,7 @@ return 0; } -@@ -775,6 +932,10 @@ +@@ -729,6 +882,10 @@ env[0] = NULL; if (!options.use_login) { @@ -260,7 +250,7 @@ /* Set basic environment. */ child_set_env(&env, &envsize, "USER", pw->pw_name); child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); -@@ -782,9 +943,15 @@ +@@ -736,9 +893,15 @@ #ifdef HAVE_LOGIN_CAP (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); child_set_env(&env, &envsize, "PATH", getenv("PATH")); @@ -278,7 +268,7 @@ snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); -@@ -837,6 +1004,11 @@ +@@ -791,6 +954,11 @@ child_set_env(&env, &envsize, "KRB5CCNAME", s->authctxt->krb5_ticket_file); #endif @@ -290,8 +280,8 @@ if (auth_get_socket_name() != NULL) child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, auth_get_socket_name()); -@@ -979,6 +1151,36 @@ - fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); +@@ -947,6 +1115,36 @@ + exit(1); } +#ifdef USE_PAM @@ -327,7 +317,7 @@ /* * Performs common processing for the child, such as setting up the * environment, closing extra file descriptors, setting the user and group -@@ -1057,7 +1259,7 @@ +@@ -1025,7 +1223,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ @@ -336,7 +326,7 @@ close(i); /* -@@ -1087,6 +1289,31 @@ +@@ -1055,6 +1253,31 @@ exit(1); #endif } diff --git a/security/openssh/files/patch-sshconnect2.c b/security/openssh/files/patch-sshconnect2.c new file mode 100644 index 000000000000..fd2a7088f8b9 --- /dev/null +++ b/security/openssh/files/patch-sshconnect2.c @@ -0,0 +1,11 @@ +--- sshconnect2.c.orig Tue Mar 26 16:58:46 2002 ++++ sshconnect2.c Fri May 24 08:08:54 2002 +@@ -472,7 +472,7 @@ + * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST + */ + void +-input_userauth_passwd_changereq(int type, uint32_t seqnr, void *ctxt) ++input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) + { + Authctxt *authctxt = ctxt; + char *info, *lang, *password = NULL, *retype = NULL; diff --git a/security/openssh/files/patch-sshd-Makefile b/security/openssh/files/patch-sshd-Makefile index 07528232bb5a..f50ffc148958 100644 --- a/security/openssh/files/patch-sshd-Makefile +++ b/security/openssh/files/patch-sshd-Makefile @@ -1,5 +1,5 @@ ---- sshd/Makefile.orig Fri Mar 8 05:54:03 2002 -+++ sshd/Makefile Fri Mar 8 06:00:30 2002 +--- sshd/Makefile.orig Thu May 23 13:33:56 2002 ++++ sshd/Makefile Thu May 23 13:36:15 2002 @@ -5,8 +5,8 @@ PROG= sshd BINOWN= root @@ -12,7 +12,7 @@ #CFLAGS+=-DBSD_AUTH @@ -17,9 +17,10 @@ - auth-skey.c auth-bsdauth.c + auth-skey.c auth-bsdauth.c monitor_mm.c monitor.c .include <bsd.own.mk> # for KERBEROS and AFS +.include "../Makefile.inc" @@ -22,10 +22,10 @@ +CFLAGS+=-DKRB5 -I/usr/include/kerberosV SRCS+= auth-krb5.c LDADD+= -lkrb5 -lkafs -lasn1 -lcom_err - DPADD+= ${LIBKRB5} ${LIBKAFS} ${LIBASN1} + DPADD+= ${LIBKRB5} ${LIBKAFS} ${LIBASN1} ${LIBCOM_ERR} @@ -31,15 +32,15 @@ LDADD+= -lkafs - DPADD+= ${LIBKRBAFS} + DPADD+= ${LIBKAFS} .endif # AFS -CFLAGS+= -DKRB4 -I${DESTDIR}/usr/include/kerberosIV +CFLAGS+= -DKRB4 -I/usr/include/kerberosIV @@ -39,6 +39,6 @@ -LDADD+= -lcrypto -lutil -lz -ldes +LDADD+= ${CRYPTOLIBS} -lcrypt -lutil -lz - DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} + DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} ${LIBDES} .if (${TCP_WRAPPERS:L} == "yes") diff --git a/security/openssh/files/patch-sshd_config b/security/openssh/files/patch-sshd_config index 13df05806802..01317a3a5eea 100644 --- a/security/openssh/files/patch-sshd_config +++ b/security/openssh/files/patch-sshd_config @@ -1,5 +1,5 @@ ---- sshd_config.orig Fri Mar 8 06:01:02 2002 -+++ sshd_config Fri Mar 8 06:03:06 2002 +--- sshd_config.orig Thu May 23 13:37:04 2002 ++++ sshd_config Thu May 23 13:38:05 2002 @@ -30,8 +30,10 @@ # Authentication: @@ -13,11 +13,11 @@ #StrictModes yes #RSAAuthentication yes -@@ -76,6 +78,7 @@ +@@ -74,6 +76,7 @@ #PrintLastLog yes #KeepAlive yes #UseLogin no +UseLogin yes + #UsePrivilegeSeparation no #MaxStartups 10 - # no default banner path |