diff options
Diffstat (limited to 'security/openssh')
21 files changed, 578 insertions, 298 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 7d1089a4ab6b..2900b46c85e5 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,5 +1,5 @@ # New ports collection makefile for: OpenSSH -# Version required: 19991107 +# Version required: 1.2 # Date created: 7 October 1999 # Whom: green # @@ -22,9 +22,9 @@ RESTRICTED= "Links with cryptographic code." CAT?= /bin/cat DISTFILES!= ${CAT} ${FILESDIR}/distfiles -CFLAGS+= -DHAVE_OPENPTY +CFLAGS+= -DHAVE_OPENPTY -I${PREFIX}/include CVS_CMD?= cvs -z3 -CVS_DATE= Sun Nov 21 11:22:08 EST 1999 +CVS_DATE= Tue Nov 23 18:52:21 EST 1999 SED?= /usr/bin/sed CVS_DATE_!= ${ECHO} -n ${CVS_DATE} | ${SED} 's/[ \t:]/_/g' CVS_SITES= anoncvs@anoncvs1.ca.openbsd.org:/cvs \ @@ -107,7 +107,7 @@ fetchsrctarball: do-extract: @${MKDIR} ${WRKDIR} @${CP} -r ${DISTDIR}/${PKGNAME}/${DISTNAME} ${WRKDIR} - @${CP} ${FILESDIR}/strlcpy.c ${WRKSRC}/lib/ + @${CP} ${FILESDIR}/strlcat.c ${FILESDIR}/strlcpy.c ${WRKSRC}/lib/ post-patch: @${PERL} -pi.orig -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 5de326697aea..da231b351963 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -4,89 +4,89 @@ MD5 (OpenSSH-1.2/src/usr.bin/ssh/Makefile.inc) = 8f096d4d5a830efe7dde5674b482cd2 MD5 (OpenSSH-1.2/src/usr.bin/ssh/OVERVIEW) = 5def77be758d9e4aa2390c3825ed7cb2 MD5 (OpenSSH-1.2/src/usr.bin/ssh/README) = e54fb9189053db5ad25892054c8d0989 MD5 (OpenSSH-1.2/src/usr.bin/ssh/RFC.nroff) = 1615f30810a3d47716883b2eaddd712c -MD5 (OpenSSH-1.2/src/usr.bin/ssh/auth-krb4.c) = 5e49fb727617e55f95c66246d3c90843 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/auth-passwd.c) = dd6381fb76a253e47e423dd1034f0cb4 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/auth-rh-rsa.c) = 01b63ab1fa245f1aa9a14f3b8b60ef12 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/auth-rhosts.c) = b819f4792c7b48f4e846fe083eef3d3e -MD5 (OpenSSH-1.2/src/usr.bin/ssh/auth-rsa.c) = 3c7dc36c88628146942b05d326845268 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/auth-skey.c) = b06ddb3c15f79fc3f566e384db648b62 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/authfd.c) = d54efb22325c80df98bee4c0e4b265c2 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/auth-krb4.c) = afb4f094a0377bf941132d699133061e +MD5 (OpenSSH-1.2/src/usr.bin/ssh/auth-passwd.c) = 8b5bc717a6bf9e4d2902303e02e93c66 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/auth-rh-rsa.c) = b0db15995763bc8d73e3fe3d2b7c480b +MD5 (OpenSSH-1.2/src/usr.bin/ssh/auth-rhosts.c) = 77f41a35c345e90bb6fc2bd64df703a7 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/auth-rsa.c) = 0c7332ede8b134d4ebb3acb361e6c197 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/auth-skey.c) = 7e0247aa6636cbb8cd5998941a757040 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/authfd.c) = d71787a9c2c2ca31b206646f770c2629 MD5 (OpenSSH-1.2/src/usr.bin/ssh/authfd.h) = fb324de954d588249db26709b6c1cc05 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/authfile.c) = 83796ca9b5c914d0a29a58adc13816db -MD5 (OpenSSH-1.2/src/usr.bin/ssh/bufaux.c) = b9c43d1b9fb421e6b737f420b94076ab +MD5 (OpenSSH-1.2/src/usr.bin/ssh/authfile.c) = 0c68fc47e6cfd2e34c4b9e21deaec8cc +MD5 (OpenSSH-1.2/src/usr.bin/ssh/bufaux.c) = 8c0b7731009cf11cb9a000746e81003e MD5 (OpenSSH-1.2/src/usr.bin/ssh/bufaux.h) = e4f6b704a67973170d44695f3b566f05 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/buffer.c) = 865053f2a0255aded2599461618d76e5 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/buffer.c) = 8dc56b33f83178b347628653f9c468a1 MD5 (OpenSSH-1.2/src/usr.bin/ssh/buffer.h) = ad31925577a5b090b36afc0858ee4ef8 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/canohost.c) = 7abfb8e99c3441ec76bd962ecfdde8cf -MD5 (OpenSSH-1.2/src/usr.bin/ssh/channels.c) = eece086b67de0d839a4a428f93071a8b +MD5 (OpenSSH-1.2/src/usr.bin/ssh/canohost.c) = 2fd9f1687a94eeb1d5c612e666f4713b +MD5 (OpenSSH-1.2/src/usr.bin/ssh/channels.c) = f0b98fb8bb451e793521f252e8eaa0bb MD5 (OpenSSH-1.2/src/usr.bin/ssh/channels.h) = 72d03b7b023c7d794c28b38ce43d9e5b -MD5 (OpenSSH-1.2/src/usr.bin/ssh/cipher.c) = 346796f428b6d87ad8c307b0f17827a0 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/cipher.c) = 96ce2a2d600f7b420d4d8a796380f3f4 MD5 (OpenSSH-1.2/src/usr.bin/ssh/cipher.h) = e8167ec15b1da0a2c6015fe5751b8034 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/clientloop.c) = 4ebf60d61fe8c894f7289601796fb33d -MD5 (OpenSSH-1.2/src/usr.bin/ssh/compat.c) = 6bac0ff0847f26f16b3f11f47d56c367 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/clientloop.c) = a1fef42b6e993b297fb60188263384ef +MD5 (OpenSSH-1.2/src/usr.bin/ssh/compat.c) = bd8c95e51f91b958282bec3ec1b64d54 MD5 (OpenSSH-1.2/src/usr.bin/ssh/compat.h) = 8d4063d6eb22bd9b9aba4f768a96ce65 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/compress.c) = ce3d346cb5e9a894196c8447bfc60e14 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/compress.c) = 1dcf1a183369c45f3c052414419e6f41 MD5 (OpenSSH-1.2/src/usr.bin/ssh/compress.h) = 47384fb71f7411a8367fc2ab92bc60cf -MD5 (OpenSSH-1.2/src/usr.bin/ssh/crc32.c) = dd58bbe867cfe914f37a39c757ccd4b5 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/crc32.c) = f8e255b74718e9cdb9031ddf31248daa MD5 (OpenSSH-1.2/src/usr.bin/ssh/crc32.h) = ca822d3b56144b7f3ebf23505696df64 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/deattack.c) = 688e2300af960a6b88cc7af582276b77 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/deattack.c) = 5a0b0f9f1865059a7cbecbb34f570454 MD5 (OpenSSH-1.2/src/usr.bin/ssh/deattack.h) = 84cd5fc5ab5857659c337495f13e97af -MD5 (OpenSSH-1.2/src/usr.bin/ssh/fingerprint.c) = 31addc595d424e074cd1820c4f3f687e +MD5 (OpenSSH-1.2/src/usr.bin/ssh/fingerprint.c) = 53cd4c63d2f870b7ef46743f2d0b311e MD5 (OpenSSH-1.2/src/usr.bin/ssh/fingerprint.h) = a3a4ab65be79f9b26015131290493b3b MD5 (OpenSSH-1.2/src/usr.bin/ssh/getput.h) = 564761caa67f9c507e73b2383f86dc0c -MD5 (OpenSSH-1.2/src/usr.bin/ssh/hostfile.c) = 1c18dcfc56c007b0cf51490e9a7398cf +MD5 (OpenSSH-1.2/src/usr.bin/ssh/hostfile.c) = 0d6ed37ca0a42a94568909736041f042 MD5 (OpenSSH-1.2/src/usr.bin/ssh/includes.h) = 21a803e66cf63001eaf3fd22bf6c2b54 MD5 (OpenSSH-1.2/src/usr.bin/ssh/lib/Makefile) = fcf2c95b795ebb2c3ef37eee749e0bc3 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/log-client.c) = 68418f7939765d0abee948d5cc169ab5 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/log-server.c) = 7e7091fe67d498832c79b93b6de38a24 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/log.c) = 8e2d4ca7dd138b663851d3bca7e13074 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/login.c) = b9700635ffbdcc489613eabf26e93214 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/match.c) = 559b73caeb055519cab5f403e412b099 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/mpaux.c) = fb1b916a31c47f83d65b0f1c3f9d90c2 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/log-client.c) = 9de8fc9adfaf0c1689546a88e84cc409 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/log-server.c) = fc2a720ab65781702824b9575bfe8589 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/log.c) = 1ead2b24677b8c841a4aba29514a7b2a +MD5 (OpenSSH-1.2/src/usr.bin/ssh/login.c) = 519c0213c9fec007ad0e908e17328dff +MD5 (OpenSSH-1.2/src/usr.bin/ssh/match.c) = 9fb0e688f9dacc80b3d080ab62ecbdf0 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/mpaux.c) = 9de92d0e83814e8532738c1d011eb557 MD5 (OpenSSH-1.2/src/usr.bin/ssh/mpaux.h) = 2e3c5530ecd7972373baf7d23da49d51 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/nchan.c) = a4ec43de3e4b9687e76e14b22d701ba2 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/nchan.c) = 808a455e877608436ae429d60349fa48 MD5 (OpenSSH-1.2/src/usr.bin/ssh/nchan.h) = fc559438a23bf1c4f6e7faaaf5f581a4 MD5 (OpenSSH-1.2/src/usr.bin/ssh/nchan.ms) = 6a168c05b13aed9a6c9b9d384edcf2c2 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/packet.c) = 696c161ba50d95826ac4e9b7bdd36165 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/packet.c) = 5428b751bbc62455cbe2251ddbf1cee3 MD5 (OpenSSH-1.2/src/usr.bin/ssh/packet.h) = 5de24b8ab5947434366bb18e20437f68 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/pty.c) = 0f62619cb5f1622a1d0940993b6bb5e9 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/pty.c) = 19b157680946dbb1de818e479e9c0006 MD5 (OpenSSH-1.2/src/usr.bin/ssh/pty.h) = c42c8189284dfe0d34125b77446bd062 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/radix.c) = 0e98d49a6f27cb09480f38c9dfce9b62 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/readconf.c) = 3d1447a81ff6e4dcc78a7492b3afa953 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/readconf.h) = 4c6b924be22bb41913b67cd523725b5e -MD5 (OpenSSH-1.2/src/usr.bin/ssh/readpass.c) = 88a5e2a41c43d53d3dac739f7110e3db -MD5 (OpenSSH-1.2/src/usr.bin/ssh/rsa.c) = 60f3f3aa33911742feb13032e06fb6a1 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/radix.c) = e7cf9f687b866f00523440ea4699ea73 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/readconf.c) = b99672ec3c96010654d5ee2a8abcabc1 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/readconf.h) = 99f7e607724b941a62fb27e09965fa5a +MD5 (OpenSSH-1.2/src/usr.bin/ssh/readpass.c) = 17802a659dcf815d16c59090810e4aff +MD5 (OpenSSH-1.2/src/usr.bin/ssh/rsa.c) = 9e85c3eec42dedd666dd1b3ad73ae9e6 MD5 (OpenSSH-1.2/src/usr.bin/ssh/rsa.h) = b4175dcd58022ac6961ac57a255718a7 MD5 (OpenSSH-1.2/src/usr.bin/ssh/scp.1) = a9144b2b272d8ac656b1d63c71644999 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/scp.c) = 034c71d912a5524f781aefb4569a7685 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/scp.c) = 735113a94b57ce1ecf47bef01d8ff2eb MD5 (OpenSSH-1.2/src/usr.bin/ssh/scp/Makefile) = 5cb4c5fcabde5ccc4f9ca475ac3452f4 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/servconf.c) = 5f27aacac3fc97fe87d0e6276dfc8fd4 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/servconf.c) = 6efc02e63b2d185745ce8fd97ce01447 MD5 (OpenSSH-1.2/src/usr.bin/ssh/servconf.h) = 468c25070e4afbccf948730311690a34 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/serverloop.c) = c5365d9daa1af8d0b6dbfaa5692b3296 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/serverloop.c) = 96f7f11223f15c6b093282b7ce38d020 MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh-add.1) = 4b97d6fbe61628569dfc12dad1fe3228 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh-add.c) = 0e51e4ece3a96e2400f369813e9ee0d9 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh-add.c) = 91f325ce167d28d582b9af04eec177b3 MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh-add/Makefile) = f780e2e9fb5c32d2118ba0e612d681e0 MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh-agent.1) = 33b62903d3aa452fa106b484b016bbc5 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh-agent.c) = 2d3bc7ef09dc7b21866eb03da34100f9 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh-agent.c) = 096ccd483df21da9b4eca4c29ada3616 MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh-agent/Makefile) = c7ec7c4e61b4da3369980f197fdcb501 MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh-keygen.1) = 746734eab948fff84a44c3383f5a1701 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh-keygen.c) = 29198d94ca51be42214d2c7931ed78eb +MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh-keygen.c) = c8cf1a6b060815ef8766ae880fc8e480 MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh-keygen/Makefile) = 2d597b6e6458d0c0246ba2563dd2498b -MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh.1) = 287e6df9dcbecadcda91ac2d9e842116 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh.c) = cea39462d5846a2fc799a6e7551a8d45 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh.h) = dea24d4daef79b2dd6f44f0a4cade43d +MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh.1) = 94066f50daf11f97deded744d85cf9a4 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh.c) = d6376fdbfddf79ced260cf9e4115c395 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh.h) = aaf0802fc67c5f5da9e5ec6876b0b64b MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh/Makefile) = 41b006d3c04b599619990b47da60f81e MD5 (OpenSSH-1.2/src/usr.bin/ssh/ssh_config) = 9658715526aeaf0bc43528d3159b475f -MD5 (OpenSSH-1.2/src/usr.bin/ssh/sshconnect.c) = 6dc88619d579b1e7abfb1c2611a1faa1 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/sshd.8) = 5bdc27ad21f71a3dfac06cff380e8fd6 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/sshd.c) = 2620dd27e868ecedece3b7dbaf1ed037 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/sshconnect.c) = 16bce755e0cfbf6123d7fe1c94b032b4 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/sshd.8) = e08d1683e931a4b30e0e411d4d3576c8 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/sshd.c) = 00032b5bc0e592bf320e3a31e8a17ed0 MD5 (OpenSSH-1.2/src/usr.bin/ssh/sshd/Makefile) = d1d83d1ece775d3a5cbf8cfaaf2330f3 MD5 (OpenSSH-1.2/src/usr.bin/ssh/sshd_config) = e78b81c34da5c97eee1359cccda908d6 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/tildexpand.c) = 6f797f65e32fe1022ee20f291611a6e2 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/ttymodes.c) = b11079749fc93e0a8337af4afb3ebc43 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/tildexpand.c) = 2c7b2e407be9fa9839f2058952703de3 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/ttymodes.c) = 7b72e228fc88888577fb101c09043ce2 MD5 (OpenSSH-1.2/src/usr.bin/ssh/ttymodes.h) = 4fbb0096420efed3228d92e1576242d1 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/uidswap.c) = 9caf5b2cd7e5535dde520fd40ad732e0 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/uidswap.c) = 43fd1c6217828f5a9cabb82a34abcb1c MD5 (OpenSSH-1.2/src/usr.bin/ssh/uidswap.h) = 5af5b193e6325f20e7de4ee15877b877 MD5 (OpenSSH-1.2/src/usr.bin/ssh/version.h) = 6ac6f1622b0ce6f24f608f0bb340e207 -MD5 (OpenSSH-1.2/src/usr.bin/ssh/xmalloc.c) = 46e87856bb156c71e91403580a330480 +MD5 (OpenSSH-1.2/src/usr.bin/ssh/xmalloc.c) = a2e86fd60e9397c5b8b48d7872ec9c06 MD5 (OpenSSH-1.2/src/usr.bin/ssh/xmalloc.h) = 5ec9a25c413bf89488fe3140d2e06d7d diff --git a/security/openssh/files/patch-aa b/security/openssh/files/patch-aa index ff267ded9258..4797fe4d70a2 100644 --- a/security/openssh/files/patch-aa +++ b/security/openssh/files/patch-aa @@ -1,5 +1,5 @@ ---- Makefile.orig Tue Oct 26 03:31:00 1999 -+++ Makefile Mon Nov 8 00:28:19 1999 +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/Makefile Mon Oct 25 16:27:26 1999 ++++ ./Makefile Tue Nov 23 19:18:22 1999 @@ -1,6 +1,7 @@ # $OpenBSD: Makefile,v 1.5 1999/10/25 20:27:26 markus Exp $ diff --git a/security/openssh/files/patch-ab b/security/openssh/files/patch-ab index a65c47f7601c..277f63f225b6 100644 --- a/security/openssh/files/patch-ab +++ b/security/openssh/files/patch-ab @@ -1,11 +1,9 @@ ---- Makefile.inc.orig Tue Oct 26 03:31:00 1999 -+++ Makefile.inc Tue Nov 9 06:45:18 1999 -@@ -1,11 +1,8 @@ --CFLAGS+= -I${.CURDIR}/.. -+CFLAGS+= -I${.CURDIR}/.. -I${PREFIX}/include +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/Makefile.inc Mon Oct 25 16:27:26 1999 ++++ ./Makefile.inc Tue Nov 23 19:19:33 1999 +@@ -2,10 +2,9 @@ + + .include <bsd.obj.mk> --.include <bsd.obj.mk> -- -.if exists(${.CURDIR}/../lib/${__objdir}) -LDADD+= -L${.CURDIR}/../lib/${__objdir} -lssh -DPADD+= ${.CURDIR}/../lib/${__objdir}/libssh.a diff --git a/security/openssh/files/patch-ac b/security/openssh/files/patch-ac index f03c0f6c88c2..f6ad51c27c10 100644 --- a/security/openssh/files/patch-ac +++ b/security/openssh/files/patch-ac @@ -1,10 +1,24 @@ ---- readconf.h.dist Fri Nov 19 23:32:48 1999 -+++ readconf.h Fri Nov 19 23:48:22 1999 -@@ -54,6 +54,7 @@ - int compression; /* Compress packets in both directions. */ - int compression_level; /* Compression level 1 (fast) to 9 (best). */ - int keepalives; /* Set SO_KEEPALIVE. */ -+ int tis_authentication; /* TIS client-side authentication */ - LogLevel log_level; /* Level for logging. */ +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/includes.h Tue Nov 2 16:21:02 1999 ++++ ./includes.h Tue Nov 23 19:20:38 1999 +@@ -24,12 +24,12 @@ + #include <sys/select.h> + #include <sys/param.h> + #include <sys/ioctl.h> +-#include <sys/endian.h> + #include <sys/stat.h> + #include <sys/wait.h> + #include <sys/time.h> + #include <sys/un.h> + #include <sys/resource.h> ++#include <machine/endian.h> - int port; /* Port to connect. */ + #include <netinet/in.h> + #include <netinet/in_systm.h> +@@ -38,7 +38,6 @@ + #include <arpa/inet.h> + #include <netdb.h> + +-#include <netgroup.h> + #include <stdio.h> + #include <ctype.h> + #include <errno.h> diff --git a/security/openssh/files/patch-ad b/security/openssh/files/patch-ad index b99d16d2c0d1..fc17693d6e5e 100644 --- a/security/openssh/files/patch-ad +++ b/security/openssh/files/patch-ad @@ -1,35 +1,20 @@ ---- readconf.c.dist Fri Nov 19 23:32:48 1999 -+++ readconf.c Fri Nov 19 23:41:27 1999 -@@ -369,13 +369,8 @@ - goto parse_int; - - case oTISAuthentication: -- cp = strtok(NULL, WHITESPACE); -- if (cp != 0 && (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0)) -- fprintf(stderr, -- "%.99s line %d: Warning, TIS is not supported.\n", -- filename, -- linenum); -- break; -+ intptr = &options->tis_authentication; -+ goto parse_flag; +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/lib/Makefile Tue Nov 16 17:49:29 1999 ++++ ./lib/Makefile Tue Nov 23 19:21:19 1999 +@@ -5,6 +5,7 @@ + cipher.c compat.c compress.c crc32.c deattack.c fingerprint.c \ + hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \ + rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c ++SRCS+= strlcat.c strlcpy.c - case oCompressionLevel: - intptr = &options->compression_level; -@@ -655,6 +650,7 @@ - options->num_local_forwards = 0; - options->num_remote_forwards = 0; - options->log_level = (LogLevel)-1; -+ options->tis_authentication = -1; - } + NOPROFILE= yes + NOPIC= yes +@@ -13,6 +14,7 @@ + @echo -n - /* Called after processing other sources of option data, this fills those -@@ -727,6 +723,8 @@ - options->user_hostfile = SSH_USER_HOSTFILE; - if (options->log_level == (LogLevel)-1) - options->log_level = SYSLOG_LEVEL_INFO; -+ if (options->tis_authentication == -1) -+ options->tis_authentication = 0; - /* options->proxy_command should not be set by default */ - /* options->user will be set in the main program if appropriate */ - /* options->hostname will be set in the main program if appropriate */ + .include <bsd.own.mk> ++.include "../Makefile.inc" + + .if (${KERBEROS} == "yes") + CFLAGS+= -DKRB4 -I/usr/include/kerberosIV +Only in ./lib: strlcat.c +Only in ./lib: strlcpy.c diff --git a/security/openssh/files/patch-ae b/security/openssh/files/patch-ae index f0692ec9487c..33c57f42e6fc 100644 --- a/security/openssh/files/patch-ae +++ b/security/openssh/files/patch-ae @@ -1,43 +1,14 @@ ---- sshconnect.c.orig Fri Nov 19 23:54:54 1999 -+++ sshconnect.c Fri Nov 19 23:56:22 1999 -@@ -1496,6 +1496,40 @@ - return; /* Successful connection. */ - } - -+ /* Support for TIS authentication server obtained from -+ Andre April <Andre.April@cediti.be>. */ -+ if ((supported_authentications & (1 << SSH_AUTH_TIS)) && -+ options.tis_authentication && !options.batch_mode) -+ { -+ char *prompt; -+ debug("Doing TIS authentication."); -+ if (options.cipher == SSH_CIPHER_NONE) -+ log("WARNING: Encryption is disabled! Password will be transmitted in clear text."); -+ packet_start(SSH_CMSG_AUTH_TIS); -+ packet_send(); -+ packet_write_wait(); -+ type = packet_read(&payload_len); -+ if (type == SSH_SMSG_FAILURE) -+ debug("User cannot be identifier on authentication server."); -+ else { -+ if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) -+ packet_disconnect("Protocol error: got %d in response to TIS auth request", type); -+ prompt = packet_get_string(NULL); -+ password = read_passphrase(prompt, 0); -+ packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); -+ packet_put_string(password, strlen(password)); -+ memset(password, 0, strlen(password)); -+ xfree(password); -+ packet_send(); -+ packet_write_wait(); -+ type = packet_read(&payload_len); -+ if (type == SSH_SMSG_SUCCESS) -+ return; -+ if (type != SSH_SMSG_FAILURE) -+ packet_disconnect("Protocol error: got %d in response to TIS auth", type); -+ } -+ } -+ - /* Try password authentication if the server supports it. */ - if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && - options.password_authentication && !options.batch_mode) +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/login.c Tue Nov 23 18:55:14 1999 ++++ ./login.c Tue Nov 23 19:35:08 1999 +@@ -20,7 +20,11 @@ + #include "includes.h" + RCSID("$Id: login.c,v 1.8 1999/11/23 22:25:54 markus Exp $"); + ++#ifdef __FreeBSD__ ++#include <libutil.h> ++#else + #include <util.h> ++#endif /* __FreeBSD__ */ + #include <utmp.h> + #include "ssh.h" + diff --git a/security/openssh/files/patch-af b/security/openssh/files/patch-af index 6eadf2eafb68..4e7ebf6d6cba 100644 --- a/security/openssh/files/patch-af +++ b/security/openssh/files/patch-af @@ -1,11 +1,22 @@ ---- ssh.h.dist Fri Nov 19 23:50:37 1999 -+++ ssh.h Fri Nov 19 23:50:22 1999 -@@ -141,7 +141,7 @@ - #define SSH_AUTH_RSA 2 - #define SSH_AUTH_PASSWORD 3 - #define SSH_AUTH_RHOSTS_RSA 4 -- /* 5 is TIS */ -+#define SSH_AUTH_TIS 5 - #define SSH_AUTH_KERBEROS 6 - #define SSH_PASS_KERBEROS_TGT 7 - /* 8 to 15 are reserved */ +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/scp/Makefile Mon Oct 25 16:27:26 1999 ++++ ./scp/Makefile Tue Nov 23 19:23:58 1999 +@@ -2,16 +2,9 @@ + + PROG= scp + BINOWN= root +- +-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ +- ${MACHINE_ARCH} == "hppa") +-BINMODE=0000 +-.else +-BINMODE?=555 +-.endif +- +-BINDIR= /usr/bin +-MAN= scp.1 ++BINMODE=555 ++BINDIR= /bin ++MAN1= scp.1 + + SRCS= scp.c + diff --git a/security/openssh/files/patch-ap b/security/openssh/files/patch-ag index db9c3f7d8a0a..09a17b96aa87 100644 --- a/security/openssh/files/patch-ap +++ b/security/openssh/files/patch-ag @@ -1,11 +1,10 @@ ---- ssh/Makefile.orig Tue Oct 26 03:31:00 1999 -+++ ssh/Makefile Tue Nov 9 06:56:24 1999 -@@ -2,22 +2,17 @@ +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh/Makefile Wed Nov 17 20:52:33 1999 ++++ ./ssh/Makefile Tue Nov 23 19:26:08 1999 +@@ -2,22 +2,16 @@ PROG= ssh BINOWN= root -+BINMODE=4555 - +- -.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ - ${MACHINE_ARCH} == "hppa") -BINMODE=0000 @@ -15,6 +14,7 @@ - -BINDIR= /usr/bin -MAN= ssh.1 ++BINMODE=4555 +BINDIR= /bin +MAN1= ssh.1 LINKS= ${BINDIR}/ssh ${BINDIR}/slogin @@ -27,7 +27,7 @@ .if (${KERBEROS} == "yes") CFLAGS+= -DKRB4 -I/usr/include/kerberosIV -@@ -32,5 +27,5 @@ +@@ -32,5 +26,5 @@ .include <bsd.prog.mk> diff --git a/security/openssh/files/patch-ah b/security/openssh/files/patch-ah new file mode 100644 index 000000000000..95b32a341276 --- /dev/null +++ b/security/openssh/files/patch-ah @@ -0,0 +1,27 @@ +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-add/Makefile Wed Oct 27 12:54:48 1999 ++++ ./ssh-add/Makefile Tue Nov 23 19:26:48 1999 +@@ -2,20 +2,13 @@ + + PROG= ssh-add + BINOWN= root +- +-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ +- ${MACHINE_ARCH} == "hppa") +-BINMODE=0000 +-.else +-BINMODE?=555 +-.endif +- +-BINDIR= /usr/bin +-MAN= ssh-add.1 ++BINMODE=555 ++BINDIR= /bin ++MAN1= ssh-add.1 + + SRCS= ssh-add.c log-client.c + + .include <bsd.prog.mk> + +-LDADD+= -lcrypto -lutil -lz ++LDADD+= ${CRYPTOLIBS} -lutil -lz + DPADD+= ${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ} diff --git a/security/openssh/files/patch-ai b/security/openssh/files/patch-ai index fd676782c3d2..519c4e727f15 100644 --- a/security/openssh/files/patch-ai +++ b/security/openssh/files/patch-ai @@ -1,21 +1,26 @@ -diff -ru /home/green/ssh/includes.h ./includes.h ---- /home/green/ssh/includes.h Wed Nov 3 03:36:00 1999 -+++ ./includes.h Mon Nov 8 00:06:40 1999 -@@ -24,7 +24,6 @@ - #include <sys/select.h> - #include <sys/param.h> - #include <sys/ioctl.h> --#include <sys/endian.h> - #include <sys/stat.h> - #include <sys/wait.h> - #include <sys/time.h> -@@ -38,7 +37,8 @@ - #include <arpa/inet.h> - #include <netdb.h> +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-agent/Makefile Wed Oct 27 12:54:49 1999 ++++ ./ssh-agent/Makefile Tue Nov 23 19:27:38 1999 +@@ -2,20 +2,13 @@ --#include <netgroup.h> -+#include <machine/endian.h> -+ - #include <stdio.h> - #include <ctype.h> - #include <errno.h> + PROG= ssh-agent + BINOWN= root +- +-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ +- ${MACHINE_ARCH} == "hppa") +-BINMODE=0000 +-.else +-BINMODE?=555 +-.endif +- +-BINDIR= /usr/bin ++BINMODE=555 ++BINDIR= /bin + MAN= ssh-agent.1 + + SRCS= ssh-agent.c log-client.c + + .include <bsd.prog.mk> + +-LDADD+= -lcrypto -lutil -lz ++LDADD+= ${CRYPTOLIBS} -lutil -lz + DPADD+= ${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ} diff --git a/security/openssh/files/patch-aj b/security/openssh/files/patch-aj index 2b51018f9bc7..9f9c0fcd64da 100644 --- a/security/openssh/files/patch-aj +++ b/security/openssh/files/patch-aj @@ -1,19 +1,26 @@ ---- ./lib/Makefile.orig Tue Nov 16 16:50:53 1999 -+++ ./lib/Makefile Tue Nov 16 16:52:01 1999 -@@ -4,7 +4,7 @@ - SRCS= authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c \ - cipher.c compat.c compress.c crc32.c deattack.c fingerprint.c \ - hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \ -- rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c -+ rsa.c strlcpy.c tildexpand.c ttymodes.c uidswap.c xmalloc.c +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh-keygen/Makefile Wed Oct 27 12:54:49 1999 ++++ ./ssh-keygen/Makefile Tue Nov 23 19:28:07 1999 +@@ -2,20 +2,13 @@ - NOPROFILE= yes - NOPIC= yes -@@ -13,6 +13,7 @@ - @echo -n + PROG= ssh-keygen + BINOWN= root +- +-.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ +- ${MACHINE_ARCH} == "hppa") +-BINMODE=0000 +-.else +-BINMODE?=555 +-.endif +- +-BINDIR= /usr/bin ++BINMODE=555 ++BINDIR= /bin + MAN= ssh-keygen.1 - .include <bsd.own.mk> -+.include "../Makefile.inc" + SRCS= ssh-keygen.c log-client.c - .if (${KERBEROS} == "yes") - CFLAGS+= -DKRB4 -I/usr/include/kerberosIV + .include <bsd.prog.mk> + +-LDADD+= -lcrypto -lutil -lz ++LDADD+= ${CRYPTOLIBS} -lutil -lz + DPADD+= ${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ} diff --git a/security/openssh/files/patch-ak b/security/openssh/files/patch-ak index 7248dbab9bed..f76d52056c2e 100644 --- a/security/openssh/files/patch-ak +++ b/security/openssh/files/patch-ak @@ -1,14 +1,12 @@ ---- ./login.c.orig Sat Nov 13 16:50:45 1999 -+++ ./login.c Sat Nov 13 17:59:23 1999 -@@ -20,7 +20,11 @@ - #include "includes.h" - RCSID("$Id: login.c,v 1.7 1999/09/30 16:55:06 deraadt Exp $"); - -+#if defined(__FreeBSD__) -+#include <libutil.h> -+#else - #include <util.h> +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh.c Tue Nov 23 18:57:50 1999 ++++ ./ssh.c Tue Nov 23 19:28:33 1999 +@@ -123,6 +123,9 @@ + log("Using rsh. WARNING: Connection will not be encrypted."); + /* Build argument list for rsh. */ + i = 0; ++#ifndef _PATH_RSH ++#define _PATH_RSH "/usr/bin/rsh" +#endif - #include <utmp.h> - #include "ssh.h" - + args[i++] = _PATH_RSH; + /* host may have to come after user on some systems */ + args[i++] = host; diff --git a/security/openssh/files/patch-al b/security/openssh/files/patch-al new file mode 100644 index 000000000000..365a45928036 --- /dev/null +++ b/security/openssh/files/patch-al @@ -0,0 +1,27 @@ +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh.h Tue Nov 23 18:58:02 1999 ++++ ./ssh.h Tue Nov 23 19:31:00 1999 +@@ -51,7 +51,7 @@ + port if present. */ + #define SSH_SERVICE_NAME "ssh" + +-#define ETCDIR "/etc" ++#define ETCDIR "__PREFIX__/etc" + #define PIDDIR "/var/run" + + /* System-wide file containing host keys of known hosts. This file should be +@@ -64,11 +64,11 @@ + are all defined in Makefile.in. Of these, ssh_host_key should be readable + only by root, whereas ssh_config should be world-readable. */ + +-#define HOST_KEY_FILE "/etc/ssh_host_key" +-#define SERVER_CONFIG_FILE "/etc/sshd_config" +-#define HOST_CONFIG_FILE "/etc/ssh_config" ++#define HOST_KEY_FILE "__PREFIX__/etc/ssh_host_key" ++#define SERVER_CONFIG_FILE "__PREFIX__/etc/sshd_config" ++#define HOST_CONFIG_FILE "__PREFIX__/etc/ssh_config" + +-#define SSH_PROGRAM "/usr/bin/ssh" ++#define SSH_PROGRAM "__PREFIX__/usr/bin/ssh" + + /* The process id of the daemon listening for connections is saved + here to make it easier to kill the correct daemon when necessary. */ diff --git a/security/openssh/files/patch-aw b/security/openssh/files/patch-am index 946b865ec625..22106d6e39ef 100644 --- a/security/openssh/files/patch-aw +++ b/security/openssh/files/patch-am @@ -1,6 +1,5 @@ -diff -ru /home/green/ssh/sshd/Makefile ./sshd/Makefile ---- /home/green/ssh/sshd/Makefile Tue Oct 26 03:31:00 1999 -+++ ./sshd/Makefile Mon Nov 8 00:14:02 1999 +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/sshd/Makefile Mon Oct 25 16:27:27 1999 ++++ ./sshd/Makefile Tue Nov 23 19:29:25 1999 @@ -3,13 +3,14 @@ PROG= sshd BINOWN= root @@ -23,7 +22,7 @@ diff -ru /home/green/ssh/sshd/Makefile ./sshd/Makefile .include <bsd.prog.mk> -LDADD+= -lcrypto -lutil -lz -+LDADD+= -lutil -lz -lcrypt ${CRYPTOLIBS} ++LDADD+= ${CRYPTOLIBS} -lcrypt -lutil -lz DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} .if (${TCP_WRAPPERS} == "yes") diff --git a/security/openssh/files/patch-an b/security/openssh/files/patch-an new file mode 100644 index 000000000000..8dfdf115c932 --- /dev/null +++ b/security/openssh/files/patch-an @@ -0,0 +1,232 @@ +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/sshd.c Tue Nov 23 18:59:05 1999 ++++ ./sshd.c Tue Nov 23 20:33:18 1999 +@@ -39,6 +39,16 @@ + int deny_severity = LOG_WARNING; + #endif /* LIBWRAP */ + ++#ifdef __FreeBSD__ ++#include <libutil.h> ++#include <syslog.h> ++#define LOGIN_CAP ++#endif /* __FreeBSD__ */ ++ ++#ifdef LOGIN_CAP ++#include <login_cap.h> ++#endif /* LOGIN_CAP */ ++ + #ifndef O_NOCTTY + #define O_NOCTTY 0 + #endif +@@ -1008,6 +1018,14 @@ + return 0; + } + } ++ /* Fail if the account's expiration time has passed. */ ++ if (pw->pw_expire != 0) { ++ struct timeval tv; ++ ++ (void)gettimeofday(&tv, NULL); ++ if (tv.tv_sec >= pw->pw_expire) ++ return 0; ++ } + /* We found no reason not to let this user try to log on... */ + return 1; + } +@@ -1042,6 +1060,9 @@ + pwcopy.pw_gid = pw->pw_gid; + pwcopy.pw_dir = xstrdup(pw->pw_dir); + pwcopy.pw_shell = xstrdup(pw->pw_shell); ++ pwcopy.pw_class = xstrdup(pw->pw_class); ++ pwcopy.pw_expire = pw->pw_expire; ++ pwcopy.pw_change = pw->pw_change; + pw = &pwcopy; + + /* If we are not running as root, the user must have the same uid +@@ -1790,6 +1811,10 @@ + struct sockaddr_in from; + int fromlen; + struct pty_cleanup_context cleanup_context; ++#ifdef LOGIN_CAP ++ login_cap_t *lc; ++ char *fname; ++#endif /* LOGIN_CAP */ + + /* Get remote host name. */ + hostname = get_canonical_hostname(); +@@ -1850,6 +1875,12 @@ + /* Check if .hushlogin exists. */ + snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir); + quiet_login = stat(line, &st) >= 0; ++#ifdef LOGIN_CAP ++ lc = login_getpwclass(pw); ++ if (lc == NULL) ++ lc = login_getclassbyname(NULL, pw); ++ quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); ++#endif /* LOGIN_CAP */ + + /* If the user has logged in before, display the time of + last login. However, don't display anything extra if a +@@ -1871,12 +1902,31 @@ + else + printf("Last login: %s from %s\r\n", time_string, buf); + } ++#ifdef LOGIN_CAP ++ if (command == NULL && !quiet_login && !options.use_login) { ++ fname = login_getcapstr(lc, "copyright", NULL, NULL); ++ if (fname != NULL && (f = fopen(fname, "r")) != NULL) { ++ while (fgets(line, sizeof(line), f)) ++ fputs(line, stdout); ++ fclose(f); ++ } else ++ (void)printf("%s\n\t%s %s\n", ++ "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", ++ "The Regents of the University of California. ", ++ "All rights reserved."); ++ } ++#endif /* LOGIN_CAP */ + /* Print /etc/motd unless a command was specified or + printing it was disabled in server options or login(1) + will be used. Note that some machines appear to print + it in /etc/profile or similar. */ + if (command == NULL && options.print_motd && !quiet_login && + !options.use_login) { ++#ifdef LOGIN_CAP ++ fname = login_getcapstr(lc, "welcome", NULL, NULL); ++ login_close(lc); ++ if (fname == NULL || (f = fopen(fname, "r")) == NULL) ++#endif /* LOGIN_CAP */ + /* Print /etc/motd if it exists. */ + f = fopen("/etc/motd", "r"); + if (f) { +@@ -1885,6 +1935,7 @@ + fclose(f); + } + } ++ + /* Do common processing for the child, such as execing the command. */ + do_child(command, pw, term, display, auth_proto, auth_data, ttyname); + /* NOTREACHED */ +@@ -2030,17 +2081,38 @@ + extern char **environ; + struct stat st; + char *argv[10]; ++#ifdef LOGIN_CAP ++ login_cap_t *lc; ++ ++ lc = login_getpwclass(pw); ++ if (lc == NULL) ++ lc = login_getclassbyname(NULL, pw); ++#endif /* LOGIN_CAP */ + + /* Check /etc/nologin. */ + f = fopen("/etc/nologin", "r"); ++#ifdef __FreeBSD__ ++ if (f == NULL) ++ f = fopen("/var/run/nologin", "r"); ++#endif /* __FreeBSD__ */ + if (f) { +- /* /etc/nologin exists. Print its contents and exit. */ +- while (fgets(buf, sizeof(buf), f)) +- fputs(buf, stderr); +- fclose(f); +- if (pw->pw_uid != 0) +- exit(254); +- } ++ /* /etc/nologin exists. */ ++#ifdef LOGIN_CAP ++ /* ++ * If the user doesn't have "ignorenologin" set, print ++ * its contents and exit. ++ */ ++ if (!login_getcapbool(lc, "ignorenologin", 0)) { ++#endif /* LOGIN_CAP */ ++ while (fgets(buf, sizeof(buf), f)) ++ fputs(buf, stderr); ++ fclose(f); ++ if (pw->pw_uid != 0) ++ exit(254); ++#ifdef LOGIN_CAP ++ } ++#endif /* LOGIN_CAP */ ++ } + /* Set login name in the kernel. */ + if (setlogin(pw->pw_name) < 0) + error("setlogin failed: %s", strerror(errno)); +@@ -2049,6 +2121,13 @@ + /* Login(1) does this as well, and it needs uid 0 for the "-h" + switch, so we let login(1) to this for us. */ + if (!options.use_login) { ++#ifdef LOGIN_CAP ++ if (setclasscontext(pw->pw_class, LOGIN_SETPRIORITY | ++ LOGIN_SETRESOURCES | LOGIN_SETUMASK) == -1) { ++ perror("setclasscontext"); ++ exit(1); ++ } ++#endif /* LOGIN_CAP */ + if (getuid() == 0 || geteuid() == 0) { + if (setgid(pw->pw_gid) < 0) { + perror("setgid"); +@@ -2069,7 +2148,13 @@ + } + /* Get the shell from the password data. An empty shell field is + legal, and means /bin/sh. */ ++#ifdef LOGIN_CAP ++ shell = login_getcapstr(lc, "shell", pw->pw_shell, pw->pw_shell); ++ if (shell[0] == '\0') ++ shell = _PATH_BSHELL; ++#else /* LOGIN_CAP */ + shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; ++#endif /* LOGIN_CAP */ + + #ifdef AFS + /* Try to get AFS tokens for the local cell. */ +@@ -2094,7 +2179,12 @@ + child_set_env(&env, &envsize, "USER", pw->pw_name); + child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); + child_set_env(&env, &envsize, "HOME", pw->pw_dir); ++#ifdef LOGIN_CAP ++ child_set_env(&env, &envsize, "PATH", ++ login_getpath(lc, "path", _PATH_STDPATH)); ++#else /* LOGIN_CAP */ + child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); ++#endif /* LOGIN_CAP */ + + snprintf(buf, sizeof buf, "%.200s/%.50s", + _PATH_MAILDIR, pw->pw_name); +@@ -2189,13 +2279,35 @@ + later. */ + endpwent(); + endhostent(); ++#ifdef LOGIN_CAP ++ login_close(lc); ++#endif /* LOGIN_CAP */ + + /* Close any extra open file descriptors so that we don\'t have + them hanging around in clients. Note that we want to do this + after initgroups, because at least on Solaris 2.3 it leaves + file descriptors open. */ +- for (i = 3; i < 64; i++) ++ for (i = 3; i < getdtablesize(); i++) + close(i); ++ ++#ifdef __FreeBSD__ ++ /* ++ * If the password change time is set and has passed, give the ++ * user a password expiry notice and chance to change it. ++ */ ++ if (pw->pw_change != 0) { ++ struct timeval tv; ++ ++ (void)gettimeofday(&tv, NULL); ++ if (tv.tv_sec >= pw->pw_change) { ++ (void)printf("Sorry -- your password has expired.\n"); ++ syslog(LOG_INFO, "%s Password expired - forcing change", ++ pw->pw_name); ++ if (system("/usr/bin/passwd") != 0) ++ perror("/usr/bin/passwd"); ++ } ++ } ++#endif /* __FreeBSD__ */ + + /* Change current directory to the user\'s home directory. */ + if (chdir(pw->pw_dir) < 0) diff --git a/security/openssh/files/patch-ao b/security/openssh/files/patch-ao index 21f9247a72e7..a728a10616d5 100644 --- a/security/openssh/files/patch-ao +++ b/security/openssh/files/patch-ao @@ -1,14 +1,16 @@ -diff -ru /home/green/ssh/scp/Makefile ./scp/Makefile ---- /home/green/ssh/scp/Makefile Tue Oct 26 03:31:00 1999 -+++ ./scp/Makefile Mon Nov 8 00:13:21 1999 -@@ -10,8 +10,8 @@ - BINMODE?=555 - .endif - --BINDIR= /usr/bin --MAN= scp.1 -+BINDIR= /bin -+MAN1= scp.1 - - SRCS= scp.c +--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/sshd_config Thu Nov 11 17:58:39 1999 ++++ ./sshd_config Tue Nov 23 19:31:58 1999 +@@ -2,11 +2,11 @@ + Port 22 + ListenAddress 0.0.0.0 +-HostKey /etc/ssh_host_key ++HostKey __PREFIX__/etc/ssh_host_key + ServerKeyBits 768 + LoginGraceTime 600 + KeyRegenerationInterval 3600 +-PermitRootLogin yes ++PermitRootLogin no + # + # Don't read ~/.rhosts and ~/.shosts files + IgnoreRhosts yes diff --git a/security/openssh/files/patch-ar b/security/openssh/files/patch-ar deleted file mode 100644 index 0fca0fb71c85..000000000000 --- a/security/openssh/files/patch-ar +++ /dev/null @@ -1,27 +0,0 @@ ---- ssh-agent/Makefile.orig Thu Oct 28 03:32:00 1999 -+++ ssh-agent/Makefile Tue Nov 9 06:41:50 1999 -@@ -2,20 +2,14 @@ - - PROG= ssh-agent - BINOWN= root -+BINMODE=555 - --.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ -- ${MACHINE_ARCH} == "hppa") --BINMODE=0000 --.else --BINMODE?=555 --.endif -- --BINDIR= /usr/bin --MAN= ssh-agent.1 -+BINDIR= /bin -+MAN1= ssh-agent.1 - - SRCS= ssh-agent.c log-client.c - - .include <bsd.prog.mk> - --LDADD+= -lcrypto -lutil -lz -+LDADD+= -lutil -lz ${CRYPTOLIBS} - DPADD+= ${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ} diff --git a/security/openssh/files/patch-at b/security/openssh/files/patch-at deleted file mode 100644 index 861e84136ae6..000000000000 --- a/security/openssh/files/patch-at +++ /dev/null @@ -1,27 +0,0 @@ ---- ssh-keygen/Makefile.orig Thu Oct 28 03:32:00 1999 -+++ ssh-keygen/Makefile Tue Nov 9 06:42:34 1999 -@@ -2,20 +2,14 @@ - - PROG= ssh-keygen - BINOWN= root -+BINMODE=555 - --.if (${MACHINE_ARCH} == "alpha" || ${MACHINE_ARCH} == "powerpc" || \ -- ${MACHINE_ARCH} == "hppa") --BINMODE=0000 --.else --BINMODE?=555 --.endif -- --BINDIR= /usr/bin --MAN= ssh-keygen.1 -+BINDIR= /bin -+MAN1= ssh-keygen.1 - - SRCS= ssh-keygen.c log-client.c - - .include <bsd.prog.mk> - --LDADD+= -lcrypto -lutil -lz -+LDADD+= -lutil -lz ${CRYPTOLIBS} - DPADD+= ${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ} diff --git a/security/openssh/files/patch-au b/security/openssh/files/patch-au deleted file mode 100644 index 45b30014d990..000000000000 --- a/security/openssh/files/patch-au +++ /dev/null @@ -1,13 +0,0 @@ -diff -ru /home/green/ssh/ssh.c ./ssh.c ---- /home/green/ssh/ssh.c Sat Oct 30 03:43:00 1999 -+++ ./ssh.c Mon Nov 8 00:06:40 1999 -@@ -128,6 +128,9 @@ - log("Using rsh. WARNING: Connection will not be encrypted."); - /* Build argument list for rsh. */ - i = 0; -+#ifndef _PATH_RSH -+#define _PATH_RSH "/usr/bin/rsh" -+#endif - args[i++] = _PATH_RSH; - args[i++] = host; /* may have to come after user on some systems */ - if (user) diff --git a/security/openssh/files/strlcat.c b/security/openssh/files/strlcat.c new file mode 100644 index 000000000000..599994edf5af --- /dev/null +++ b/security/openssh/files/strlcat.c @@ -0,0 +1,71 @@ +/* $OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp $ */ + +/* + * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#if defined(LIBC_SCCS) && !defined(lint) +static char *rcsid = "$OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp $"; +#endif /* LIBC_SCCS and not lint */ + +#include <sys/types.h> +#include <string.h> + +/* + * Appends src to string dst of size siz (unlike strncat, siz is the + * full size of dst, not space left). At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns strlen(src); if retval >= siz, truncation occurred. + */ +size_t strlcat(dst, src, siz) + char *dst; + const char *src; + size_t siz; +{ + register char *d = dst; + register const char *s = src; + register size_t n = siz; + size_t dlen; + + /* Find the end of dst and adjust bytes left but don't go past end */ + while (*d != '\0' && n-- != 0) + d++; + dlen = d - dst; + n = siz - dlen; + + if (n == 0) + return(dlen + strlen(s)); + while (*s != '\0') { + if (n != 1) { + *d++ = *s; + n--; + } + s++; + } + *d = '\0'; + + return(dlen + (s - src)); /* count does not include NUL */ +} |