diff options
| -rw-r--r-- | security/openssh/Makefile | 4 | ||||
| -rw-r--r-- | security/openssh/files/patch-auth1.c | 12 | ||||
| -rw-r--r-- | security/openssh/files/patch-auth2.c | 18 | ||||
| -rw-r--r-- | security/openssh/files/patch-includes.h | 8 | ||||
| -rw-r--r-- | security/openssh/files/patch-ssh.h | 11 | ||||
| -rw-r--r-- | security/openssh/files/patch-sshd_config | 16 |
6 files changed, 49 insertions, 20 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 96bed6193406..2cb1a02a60da 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -7,6 +7,7 @@ PORTNAME= openssh PORTVERSION= 3.4 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \ ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \ @@ -28,7 +29,7 @@ MODIFY= ssh.h sshd_config sshd.sh pathnames.h FIXME= lib/Makefile scp/Makefile sftp/Makefile sftp-server/Makefile \ ssh/Makefile ssh-add/Makefile ssh-agent/Makefile \ ssh-keygen/Makefile ssh-keyscan/Makefile sshd/Makefile -ADDME+= netdb.h auth-pam.c auth-pam.h auth2-pam.c +ADDME+= auth-pam.c auth-pam.h auth2-pam.c ADDLIB+= strlcat.c strlcpy.c \ getaddrinfo.c name6.c bindresvport.c rcmd.c getnameinfo.c PRECIOUS= ssh_config sshd_config \ @@ -46,6 +47,7 @@ CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto MAKE_ENV+= DESTDIR=${PREFIX} MANDIR=/man/man CRYPTOLIBS="${CRYPTOLIBS}" .if ${OSVERSION} < 400014 MAKE_ENV+= COMPAT_GETADDRINFO=yes +ADDME+= netdb.h .else MAKE_ENV+= INET6FLAGS=-DINET6 .endif diff --git a/security/openssh/files/patch-auth1.c b/security/openssh/files/patch-auth1.c index ce0593315499..8dabcfa61831 100644 --- a/security/openssh/files/patch-auth1.c +++ b/security/openssh/files/patch-auth1.c @@ -1,21 +1,21 @@ --- auth1.c.orig Wed Jun 19 02:27:55 2002 -+++ auth1.c Wed Jun 26 18:05:48 2002 -@@ -27,6 +27,15 @@ ++++ auth1.c Fri Jun 28 06:45:24 2002 +@@ -26,6 +26,15 @@ + #include "session.h" #include "uidswap.h" #include "monitor_wrap.h" - ++#include "canohost.h" ++ +#ifdef HAVE_LOGIN_CAP +#include <login_cap.h> +#endif /* HAVE_LOGIN_CAP */ +#ifdef USE_PAM -+#include "canohost.h" +#include "auth-pam.h" +#include <security/pam_appl.h> +#endif /* USE_PAM */ -+ + /* import */ extern ServerOptions options; - @@ -75,6 +84,16 @@ u_int ulen; int type = 0; diff --git a/security/openssh/files/patch-auth2.c b/security/openssh/files/patch-auth2.c index 6eb5ce175346..d7d9beb7daf2 100644 --- a/security/openssh/files/patch-auth2.c +++ b/security/openssh/files/patch-auth2.c @@ -1,6 +1,14 @@ --- auth2.c.orig Fri May 31 13:35:15 2002 -+++ auth2.c Mon Jun 24 07:02:04 2002 -@@ -133,6 +133,15 @@ ++++ auth2.c Fri Jun 28 06:45:47 2002 +@@ -35,6 +35,7 @@ + #include "dispatch.h" + #include "pathnames.h" + #include "monitor_wrap.h" ++#include "canohost.h" + + /* import */ + extern ServerOptions options; +@@ -133,6 +134,15 @@ Authmethod *m = NULL; char *user, *service, *method, *style = NULL; int authenticated = 0; @@ -16,7 +24,7 @@ if (authctxt == NULL) fatal("input_userauth_request: no authctxt"); -@@ -152,8 +161,14 @@ +@@ -152,8 +162,14 @@ if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; debug2("input_userauth_request: setting up authctxt for %s", user); @@ -31,7 +39,7 @@ } setproctitle("%s%s", authctxt->pw ? user : "unknown", use_privsep ? " [net]" : ""); -@@ -168,6 +183,41 @@ +@@ -168,6 +184,41 @@ "(%s,%s) -> (%s,%s)", authctxt->user, authctxt->service, user, service); } @@ -73,7 +81,7 @@ /* reset state */ auth2_challenge_stop(authctxt); authctxt->postponed = 0; -@@ -178,6 +228,12 @@ +@@ -178,6 +229,12 @@ debug2("input_userauth_request: try method %s", method); authenticated = m->userauth(authctxt); } diff --git a/security/openssh/files/patch-includes.h b/security/openssh/files/patch-includes.h index d3c5bd40d2ad..1c1f270bc466 100644 --- a/security/openssh/files/patch-includes.h +++ b/security/openssh/files/patch-includes.h @@ -1,5 +1,5 @@ --- includes.h.orig Sat Jan 26 17:44:22 2002 -+++ includes.h Sat Jun 22 12:17:34 2002 ++++ includes.h Fri Jun 28 06:23:07 2002 @@ -24,12 +24,12 @@ #include <sys/select.h> #include <sys/param.h> @@ -22,10 +22,12 @@ #include <stdio.h> #include <ctype.h> #include <errno.h> -@@ -62,5 +61,68 @@ +@@ -61,6 +60,69 @@ + * Define this to use pipes instead of socketpairs for communicating with the * client program. Socketpairs do not seem to work on all systems. */ - #define USE_PIPES 1 +-#define USE_PIPES 1 ++#undef USE_PIPES + +#if defined(__FreeBSD__) && __FreeBSD__ <= 3 +/* diff --git a/security/openssh/files/patch-ssh.h b/security/openssh/files/patch-ssh.h new file mode 100644 index 000000000000..bd6dbc351b85 --- /dev/null +++ b/security/openssh/files/patch-ssh.h @@ -0,0 +1,11 @@ +--- ssh.h.orig Fri Jun 28 06:15:27 2002 ++++ ssh.h Fri Jun 28 06:16:33 2002 +@@ -90,7 +90,7 @@ + * sshd will change its privileges to this user and its + * primary group. + */ +-#define SSH_PRIVSEP_USER "nobody" ++#define SSH_PRIVSEP_USER "sshd" + + /* Minimum modulus size (n) for RSA keys. */ + #define SSH_RSA_MINIMUM_MODULUS_SIZE 768 diff --git a/security/openssh/files/patch-sshd_config b/security/openssh/files/patch-sshd_config index c96c15a99851..78ea8c69fb59 100644 --- a/security/openssh/files/patch-sshd_config +++ b/security/openssh/files/patch-sshd_config @@ -1,10 +1,16 @@ ---- sshd_config Mon Jun 24 20:56:50 2002 -+++ sshd_config.orig Sat Jun 22 12:40:35 2002 -@@ -74,7 +76,9 @@ - #PrintLastLog yes +--- sshd_config.orig Thu Jun 27 22:07:41 2002 ++++ sshd_config Fri Jun 28 06:00:05 2002 +@@ -56,6 +56,7 @@ + + # Change to no to disable s/key passwords + #ChallengeResponseAuthentication yes ++ChallengeResponseAuthentication no + + # Kerberos options + #KerberosAuthentication no +@@ -75,6 +76,7 @@ #KeepAlive yes #UseLogin no -+UseLogin yes #UsePrivilegeSeparation yes +UsePrivilegeSeparation yes #Compression yes |