aboutsummaryrefslogtreecommitdiff
path: root/security/openssh
diff options
context:
space:
mode:
Diffstat (limited to 'security/openssh')
-rw-r--r--security/openssh/Makefile6
-rw-r--r--security/openssh/distinfo4
-rw-r--r--security/openssh/files/patch-auth2-passwd.c14
-rw-r--r--security/openssh/files/patch-auth2.c24
-rw-r--r--security/openssh/files/patch-includes.h8
-rw-r--r--security/openssh/files/patch-session.c37
-rw-r--r--security/openssh/files/patch-ssh-Makefile19
-rw-r--r--security/openssh/files/patch-ssh-keysign-Makefile19
-rw-r--r--security/openssh/files/patch-ssh.c12
-rw-r--r--security/openssh/files/patch-sshconnect.c30
-rw-r--r--security/openssh/files/patch-sshd-Makefile17
-rw-r--r--security/openssh/files/patch-sshd_config8
-rw-r--r--security/openssh/pkg-plist1
13 files changed, 96 insertions, 103 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index afedb14bffc3..c6040f36f702 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -6,8 +6,7 @@
#
PORTNAME= openssh
-PORTVERSION= 3.2.3
-PORTREVISION= 1
+PORTVERSION= 3.3
CATEGORIES= security
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
@@ -22,7 +21,8 @@ MAINTAINER= dinoex@FreeBSD.org
MAN1= scp.1 slogin.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 \
ssh-keyscan.1 sftp.1
-MAN8= sshd.8 sftp-server.8
+MAN5= ssh_config.5 sshd_config.5
+MAN8= sshd.8 sftp-server.8 ssh-keysign.8
MANCOMPRESSED= yes
MODIFY= ssh.h sshd_config sshd.sh pathnames.h
FIXME= lib/Makefile scp/Makefile sftp/Makefile sftp-server/Makefile \
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index b4d0760d40d5..4d4f78bceeb7 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,2 +1,2 @@
-MD5 (openssh-3.2.3.tgz) = 778b0ff9dd86a61eb40c89409d359fcc
-MD5 (openbsd28_3.2.3.patch) = 187fc78696a650763607dc44d993e1fd
+MD5 (openssh-3.3.tgz) = f75f98b8c901c07f38710959da94a73b
+MD5 (openbsd28_3.3.patch) = d3cf2655df4a0b9d0624d1e5893c4324
diff --git a/security/openssh/files/patch-auth2-passwd.c b/security/openssh/files/patch-auth2-passwd.c
new file mode 100644
index 000000000000..da16a83e48f2
--- /dev/null
+++ b/security/openssh/files/patch-auth2-passwd.c
@@ -0,0 +1,14 @@
+--- auth2-passwd.c.orig Fri May 31 13:35:15 2002
++++ auth2-passwd.c Fri Jun 21 22:54:05 2002
+@@ -48,7 +48,11 @@
+ password = packet_get_string(&len);
+ packet_check_eom();
+ if (authctxt->valid &&
++#ifdef USE_PAM
++ PRIVSEP(auth_pam_password(authctxt, password)) == 1)
++#else
+ PRIVSEP(auth_password(authctxt, password)) == 1)
++#endif
+ authenticated = 1;
+ memset(password, 0, len);
+ xfree(password);
diff --git a/security/openssh/files/patch-auth2.c b/security/openssh/files/patch-auth2.c
index 5359ba294756..23683cd1f3a2 100644
--- a/security/openssh/files/patch-auth2.c
+++ b/security/openssh/files/patch-auth2.c
@@ -1,6 +1,6 @@
---- auth2.c.orig Mon May 13 04:37:39 2002
-+++ auth2.c Thu May 23 13:11:43 2002
-@@ -168,6 +168,15 @@
+--- auth2.c.orig Fri May 31 13:35:15 2002
++++ auth2.c Fri Jun 21 22:49:07 2002
+@@ -133,6 +133,15 @@
Authmethod *m = NULL;
char *user, *service, *method, *style = NULL;
int authenticated = 0;
@@ -16,7 +16,7 @@
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
-@@ -187,6 +196,11 @@
+@@ -152,6 +161,11 @@
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
authctxt->valid = 1;
debug2("input_userauth_request: setting up authctxt for %s", user);
@@ -28,7 +28,7 @@
} else {
log("input_userauth_request: illegal user %s", user);
}
-@@ -203,6 +217,41 @@
+@@ -168,6 +182,41 @@
"(%s,%s) -> (%s,%s)",
authctxt->user, authctxt->service, user, service);
}
@@ -70,7 +70,7 @@
/* reset state */
auth2_challenge_stop(authctxt);
authctxt->postponed = 0;
-@@ -213,6 +262,12 @@
+@@ -178,6 +227,12 @@
debug2("input_userauth_request: try method %s", method);
authenticated = m->userauth(authctxt);
}
@@ -83,15 +83,3 @@
userauth_finish(authctxt, authenticated, method);
xfree(service);
-@@ -321,7 +376,11 @@
- m->enabled = NULL;
- packet_check_eom();
- userauth_banner();
-+#ifdef USE_PAM
-+ return (authctxt->valid ? PRIVSEP(auth_pam_password(authctxt, "")) : 0);
-+#else
- return (authctxt->valid ? PRIVSEP(auth_password(authctxt, "")) : 0);
-+#endif
- }
-
- static int
diff --git a/security/openssh/files/patch-includes.h b/security/openssh/files/patch-includes.h
index dd24de4adc86..d3c5bd40d2ad 100644
--- a/security/openssh/files/patch-includes.h
+++ b/security/openssh/files/patch-includes.h
@@ -1,5 +1,5 @@
--- includes.h.orig Sat Jan 26 17:44:22 2002
-+++ includes.h Fri May 24 08:21:58 2002
++++ includes.h Sat Jun 22 12:17:34 2002
@@ -24,12 +24,12 @@
#include <sys/select.h>
#include <sys/param.h>
@@ -22,7 +22,7 @@
#include <stdio.h>
#include <ctype.h>
#include <errno.h>
-@@ -62,5 +61,64 @@
+@@ -62,5 +61,68 @@
* client program. Socketpairs do not seem to work on all systems.
*/
#define USE_PIPES 1
@@ -84,6 +84,10 @@
+#define CMSG_SPACE(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + __CMSG_ALIGN(len))
+#endif
+
++#ifndef __func__
++#define __func__ __FUNCTION__
++#endif
++
+#endif
#endif /* INCLUDES_H */
diff --git a/security/openssh/files/patch-session.c b/security/openssh/files/patch-session.c
index 932ab1e51c3d..451e4d363d76 100644
--- a/security/openssh/files/patch-session.c
+++ b/security/openssh/files/patch-session.c
@@ -1,5 +1,5 @@
---- session.c.orig Thu May 23 13:15:39 2002
-+++ session.c Thu May 23 13:31:48 2002
+--- session.c.orig Fri Jun 21 22:54:44 2002
++++ session.c Fri Jun 21 22:56:28 2002
@@ -58,6 +58,13 @@
#include "session.h"
#include "monitor_wrap.h"
@@ -14,7 +14,7 @@
/* func */
Session *session_new(void);
-@@ -346,6 +353,10 @@
+@@ -437,6 +444,10 @@
if (s == NULL)
fatal("do_exec_no_pty: no session");
@@ -25,7 +25,7 @@
session_proctitle(s);
/* Fork the child. */
-@@ -354,6 +365,13 @@
+@@ -445,6 +456,13 @@
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
@@ -39,7 +39,7 @@
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
*/
-@@ -454,11 +472,24 @@
+@@ -545,11 +563,24 @@
ptyfd = s->ptyfd;
ttyfd = s->ttyfd;
@@ -64,7 +64,7 @@
/* Close the master side of the pseudo tty. */
close(ptyfd);
-@@ -547,6 +578,18 @@
+@@ -638,6 +669,18 @@
struct sockaddr_storage from;
struct passwd * pw = s->pw;
pid_t pid = getpid();
@@ -83,7 +83,7 @@
/*
* Get IP address of client. If the connection is not a socket, let
-@@ -569,10 +612,97 @@
+@@ -660,10 +703,97 @@
options.verify_reverse_mapping),
(struct sockaddr *)&from);
@@ -182,7 +182,7 @@
time_string = ctime(&s->last_login_time);
if (strchr(time_string, '\n'))
*strchr(time_string, '\n') = 0;
-@@ -583,7 +713,30 @@
+@@ -674,7 +804,30 @@
s->hostname);
}
@@ -214,7 +214,7 @@
}
/*
-@@ -599,9 +752,9 @@
+@@ -690,9 +843,9 @@
#ifdef HAVE_LOGIN_CAP
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
"/etc/motd"), "r");
@@ -226,7 +226,7 @@
if (f) {
while (fgets(buf, sizeof(buf), f))
fputs(buf, stdout);
-@@ -628,10 +781,10 @@
+@@ -719,10 +872,10 @@
#ifdef HAVE_LOGIN_CAP
if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
return 1;
@@ -239,7 +239,7 @@
return 0;
}
-@@ -729,6 +882,10 @@
+@@ -820,6 +973,10 @@
env[0] = NULL;
if (!options.use_login) {
@@ -250,7 +250,7 @@
/* Set basic environment. */
child_set_env(&env, &envsize, "USER", pw->pw_name);
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
-@@ -736,9 +893,15 @@
+@@ -827,9 +984,15 @@
#ifdef HAVE_LOGIN_CAP
(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
child_set_env(&env, &envsize, "PATH", getenv("PATH"));
@@ -268,7 +268,7 @@
snprintf(buf, sizeof buf, "%.200s/%.50s",
_PATH_MAILDIR, pw->pw_name);
-@@ -791,6 +954,11 @@
+@@ -882,6 +1045,10 @@
child_set_env(&env, &envsize, "KRB5CCNAME",
s->authctxt->krb5_ticket_file);
#endif
@@ -276,11 +276,10 @@
+ /* Pull in any environment variables that may have been set by PAM. */
+ do_pam_environment(&env, &envsize);
+#endif /* USE_PAM */
-+
- if (auth_get_socket_name() != NULL)
+ if (auth_sock_name != NULL)
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
- auth_get_socket_name());
-@@ -947,6 +1115,36 @@
+ auth_sock_name);
+@@ -1038,6 +1205,36 @@
exit(1);
}
@@ -317,7 +316,7 @@
/*
* Performs common processing for the child, such as setting up the
* environment, closing extra file descriptors, setting the user and group
-@@ -1025,7 +1223,7 @@
+@@ -1116,7 +1313,7 @@
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
*/
@@ -326,7 +325,7 @@
close(i);
/*
-@@ -1055,6 +1253,31 @@
+@@ -1146,6 +1343,31 @@
exit(1);
#endif
}
diff --git a/security/openssh/files/patch-ssh-Makefile b/security/openssh/files/patch-ssh-Makefile
index d988af43f124..5ab9b12d987b 100644
--- a/security/openssh/files/patch-ssh-Makefile
+++ b/security/openssh/files/patch-ssh-Makefile
@@ -1,17 +1,18 @@
---- ssh/Makefile.orig Tue Mar 5 01:49:51 2002
-+++ ssh/Makefile Sun Mar 17 14:58:13 2002
-@@ -7,8 +7,8 @@
+--- ssh/Makefile.orig Thu Jun 20 21:56:07 2002
++++ ssh/Makefile Fri Jun 21 22:59:47 2002
+@@ -7,8 +7,9 @@
- BINMODE?=4555
+ #BINMODE?=4555
-BINDIR= /usr/bin
--MAN= ssh.1
+-MAN= ssh.1 ssh_config.5
+BINDIR= /bin
+MAN1= ssh.1
++MAN5= ssh_config.5
LINKS= ${BINDIR}/ssh ${BINDIR}/slogin
MLINKS= ssh.1 slogin.1
-@@ -16,6 +16,7 @@
+@@ -16,6 +17,7 @@
sshconnect.c sshconnect1.c sshconnect2.c
.include <bsd.own.mk> # for AFS
@@ -19,7 +20,7 @@
.if (${KERBEROS5:L} == "yes")
CFLAGS+= -DKRB5 -I${DESTDIR}/usr/include/kerberosV
-@@ -24,8 +25,8 @@
+@@ -24,8 +26,8 @@
.endif # KERBEROS5
.if (${KERBEROS:L} == "yes")
@@ -30,11 +31,11 @@
DPADD+= ${LIBKRB}
.if (${AFS:L} == "yes")
CFLAGS+= -DAFS
-@@ -36,5 +37,5 @@
+@@ -36,5 +38,5 @@
.include <bsd.prog.mk>
-LDADD+= -lcrypto -lz -ldes
--DPADD+= ${LIBCRYPTO} ${LIBZ}
+-DPADD+= ${LIBCRYPTO} ${LIBZ} ${LIBDES}
+LDADD+= ${CRYPTOLIBS} -lcrypt -lutil -lz
+DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ}
diff --git a/security/openssh/files/patch-ssh-keysign-Makefile b/security/openssh/files/patch-ssh-keysign-Makefile
new file mode 100644
index 000000000000..0ac135575072
--- /dev/null
+++ b/security/openssh/files/patch-ssh-keysign-Makefile
@@ -0,0 +1,19 @@
+--- ssh-keysign/Makefile.orig Fri May 31 12:30:33 2002
++++ ssh-keysign/Makefile Sat Jun 22 12:38:35 2002
+@@ -7,12 +7,12 @@
+
+ BINMODE?=4555
+
+-BINDIR= /usr/libexec
+-MAN= ssh-keysign.8
++BINDIR= /libexec
++MAN8= ssh-keysign.8
+
+ SRCS= ssh-keysign.c
+
+ .include <bsd.prog.mk>
+
+-LDADD+= -lcrypto -lz
+-DPADD+= ${LIBCRYPTO} ${LIBZ}
++LDADD+= ${CRYPTOLIBS} -lcrypt -lz
++DPADD+= ${LIBCRYPTO} ${LIBZ}
diff --git a/security/openssh/files/patch-ssh.c b/security/openssh/files/patch-ssh.c
deleted file mode 100644
index a55517683cfa..000000000000
--- a/security/openssh/files/patch-ssh.c
+++ /dev/null
@@ -1,12 +0,0 @@
---- ssh.c.orig Tue Apr 17 14:55:04 2001
-+++ ssh.c Sat May 26 15:05:28 2001
-@@ -199,6 +199,9 @@
- log("Using rsh. WARNING: Connection will not be encrypted.");
- /* Build argument list for rsh. */
- i = 0;
-+#ifndef _PATH_RSH
-+#define _PATH_RSH "/usr/bin/rsh"
-+#endif
- args[i++] = _PATH_RSH;
- /* host may have to come after user on some systems */
- args[i++] = host;
diff --git a/security/openssh/files/patch-sshconnect.c b/security/openssh/files/patch-sshconnect.c
index 3b0017faab5b..d3e2e03ca080 100644
--- a/security/openssh/files/patch-sshconnect.c
+++ b/security/openssh/files/patch-sshconnect.c
@@ -1,28 +1,6 @@
---- sshconnect.c.orig Mon Jan 21 16:13:51 2002
-+++ sshconnect.c Fri Mar 8 18:14:50 2002
-@@ -43,15 +43,21 @@
- sockaddr_ntop(struct sockaddr *sa)
- {
- void *addr;
-+#ifdef INET6
- static char addrbuf[INET6_ADDRSTRLEN];
-+#else
-+ static char addrbuf[INET_ADDRSTRLEN];
-+#endif
-
- switch (sa->sa_family) {
- case AF_INET:
- addr = &((struct sockaddr_in *)sa)->sin_addr;
- break;
-+#ifdef INET6
- case AF_INET6:
- addr = &((struct sockaddr_in6 *)sa)->sin6_addr;
- break;
-+#endif
- default:
- /* This case should be protected against elsewhere */
- abort(); /* XXX abort is bad -- do something else */
-@@ -291,7 +297,11 @@
+--- sshconnect.c.orig Wed Jun 19 02:27:55 2002
++++ sshconnect.c Fri Jun 21 23:02:29 2002
+@@ -279,7 +279,11 @@
/* Loop through addresses for this host, and try each one in
sequence until the connection succeeds. */
for (ai = aitop; ai; ai = ai->ai_next) {
@@ -34,7 +12,7 @@
continue;
if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
ntop, sizeof(ntop), strport, sizeof(strport),
-@@ -537,10 +547,12 @@
+@@ -516,10 +520,12 @@
local = (ntohl(((struct sockaddr_in *)hostaddr)->
sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
break;
diff --git a/security/openssh/files/patch-sshd-Makefile b/security/openssh/files/patch-sshd-Makefile
index f50ffc148958..de200f14054a 100644
--- a/security/openssh/files/patch-sshd-Makefile
+++ b/security/openssh/files/patch-sshd-Makefile
@@ -1,18 +1,19 @@
---- sshd/Makefile.orig Thu May 23 13:33:56 2002
-+++ sshd/Makefile Thu May 23 13:36:15 2002
-@@ -5,8 +5,8 @@
+--- sshd/Makefile.orig Fri Jun 21 23:06:22 2002
++++ sshd/Makefile Fri Jun 21 23:06:56 2002
+@@ -5,8 +5,9 @@
PROG= sshd
BINOWN= root
BINMODE=555
-BINDIR= /usr/sbin
--MAN= sshd.8
+-MAN= sshd.8 sshd_config.5
+BINDIR= /sbin
+MAN8= sshd.8
++MAN5= sshd_config.5
+ #CFLAGS+=-DHAVE_LOGIN_CAP -DBSD_AUTH
CFLAGS+=-DHAVE_LOGIN_CAP
- #CFLAGS+=-DBSD_AUTH
-@@ -17,9 +17,10 @@
- auth-skey.c auth-bsdauth.c monitor_mm.c monitor.c
+@@ -19,9 +20,10 @@
+ auth2-hostbased.c auth2-kbdint.c
.include <bsd.own.mk> # for KERBEROS and AFS
+.include "../Makefile.inc"
@@ -23,7 +24,7 @@
SRCS+= auth-krb5.c
LDADD+= -lkrb5 -lkafs -lasn1 -lcom_err
DPADD+= ${LIBKRB5} ${LIBKAFS} ${LIBASN1} ${LIBCOM_ERR}
-@@ -31,15 +32,15 @@
+@@ -33,15 +35,15 @@
LDADD+= -lkafs
DPADD+= ${LIBKAFS}
.endif # AFS
diff --git a/security/openssh/files/patch-sshd_config b/security/openssh/files/patch-sshd_config
index 01317a3a5eea..514a9fd7336a 100644
--- a/security/openssh/files/patch-sshd_config
+++ b/security/openssh/files/patch-sshd_config
@@ -1,5 +1,5 @@
---- sshd_config.orig Thu May 23 13:37:04 2002
-+++ sshd_config Thu May 23 13:38:05 2002
+--- sshd_config.orig Fri Jun 21 23:07:45 2002
++++ sshd_config Fri Jun 21 23:08:26 2002
@@ -30,8 +30,10 @@
# Authentication:
@@ -18,6 +18,6 @@
#KeepAlive yes
#UseLogin no
+UseLogin yes
- #UsePrivilegeSeparation no
+ #UsePrivilegeSeparation yes
+ #Compression yes
- #MaxStartups 10
diff --git a/security/openssh/pkg-plist b/security/openssh/pkg-plist
index 7c32f6d1a747..317a71167115 100644
--- a/security/openssh/pkg-plist
+++ b/security/openssh/pkg-plist
@@ -16,6 +16,7 @@ etc/sshd_config-dist
@exec [ ! -f %D/etc/sshd_config ] && cp %D/etc/sshd_config-dist %D/etc/sshd_config
sbin/sshd
libexec/sftp-server
+libexec/ssh-keysign
libdata/ssh/Ssh.bin
@dirrm libdata/ssh
@exec if [ ! -f %D/etc/ssh_host_key ]; then echo ">> Generating a secret RSA1 host key."; %D/bin/ssh-keygen -t rsa1 -N "" -f %D/etc/ssh_host_key; fi