Update to OpenSSH 2.1.1 and fix SSHv2 serving (passwd botch).

6 files changed, 54 insertions, 44 deletions

diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index 41511c74b4b0..9be0d009e818 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -6,12 +6,12 @@
 #
 
 PORTNAME=	OpenSSH
-PORTVERSION=	2.1.0
+PORTVERSION=	2.1.1
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
 		ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
 		ftp://ftp1.se.openbsd.org/pub/OpenBSD/OpenSSH/
-DISTNAME=	openssh-2.1.0
+DISTNAME=	openssh-${PORTVERSION}
 EXTRACT_SUFX=	.tgz
 
 MAINTAINER=	green@FreeBSD.org
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index 78012e985857..f01380f39a67 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1 +1 @@
-MD5 (openssh-2.1.0.tgz) = e931cba4d47f98a55e32d061a43b96c4
+MD5 (openssh-2.1.1.tgz) = ed323003ae30bfb9bd1e2a899a32e765
diff --git a/security/openssh/files/patch-ad b/security/openssh/files/patch-ad
index e1ed1433b178..165f5ae2379e 100644
--- a/security/openssh/files/patch-ad
+++ b/security/openssh/files/patch-ad
@@ -1,11 +1,12 @@
---- lib/Makefile.orig	Thu Apr 27 05:56:30 2000
-+++ lib/Makefile	Fri May 12 07:07:30 2000
-@@ -5,7 +5,11 @@
+--- lib/Makefile.orig	Wed May 17 01:20:16 2000
++++ lib/Makefile	Tue Jun 20 16:14:06 2000
+@@ -5,7 +5,12 @@
  	cipher.c compat.c compress.c crc32.c deattack.c fingerprint.c \
  	hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \
  	rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
--	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c
-+	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c strlcat.c strlcpy.c
+-	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c aux.c
++	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c aux.c \
++	strlcat.c strlcpy.c
 +
 +.if defined(COMPAT_GETADDRINFO)
 +SRCS+=	getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c
@@ -13,7 +14,7 @@
  
  NOPROFILE= yes
  NOPIC=	yes
-@@ -14,6 +18,7 @@
+@@ -14,6 +19,7 @@
  	@echo -n
  
  .include <bsd.own.mk>
diff --git a/security/openssh/files/patch-ak b/security/openssh/files/patch-ak
index 3358914a71aa..d139441788fd 100644
--- a/security/openssh/files/patch-ak
+++ b/security/openssh/files/patch-ak
@@ -1,6 +1,6 @@
---- ssh.c.orig	Mon May  8 13:12:15 2000
-+++ ssh.c	Sat May 20 01:02:44 2000
-@@ -154,6 +154,9 @@
+--- ssh.c.orig	Tue May 30 23:36:40 2000
++++ ssh.c	Tue Jun 20 16:15:29 2000
+@@ -156,6 +156,9 @@
  	log("Using rsh.  WARNING: Connection will not be encrypted.");
  	/* Build argument list for rsh. */
  	i = 0;
@@ -10,16 +10,7 @@
  	args[i++] = _PATH_RSH;
  	/* host may have to come after user on some systems */
  	args[i++] = host;
-@@ -422,7 +425,7 @@
- 	if (!host)
- 		usage();
- 
--        OpenSSL_add_all_algorithms();
-+        SSLeay_add_all_algorithms();
- 
- 	/* Initialize the command to execute on remote host. */
- 	buffer_init(&command);
-@@ -477,6 +480,11 @@
+@@ -482,6 +485,11 @@
  	pwcopy.pw_gid = pw->pw_gid;
  	pwcopy.pw_dir = xstrdup(pw->pw_dir);
  	pwcopy.pw_shell = xstrdup(pw->pw_shell);
diff --git a/security/openssh/files/patch-au b/security/openssh/files/patch-au
index 6686795ef790..f0076dd0e146 100644
--- a/security/openssh/files/patch-au
+++ b/security/openssh/files/patch-au
@@ -1,5 +1,5 @@
---- session.c.orig	Wed May  3 14:03:07 2000
-+++ session.c	Sat May 13 15:43:38 2000
+--- session.c.orig	Mon Jun  5 12:53:40 2000
++++ session.c	Tue Jun 20 16:20:37 2000
 @@ -27,6 +27,18 @@
  #include "ssh2.h"
  #include "auth.h"
@@ -19,7 +19,7 @@
  /* types */
  
  #define TTYSZ 64
-@@ -403,6 +415,13 @@
+@@ -401,6 +413,13 @@
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
  
  		/*
@@ -33,7 +33,7 @@
  		 * Create a new session and process group since the 4.4BSD
  		 * setlogin() affects the entire process group.
  		 */
-@@ -504,6 +523,10 @@
+@@ -502,6 +521,10 @@
  	struct sockaddr_storage from;
  	struct stat st;
  	time_t last_login_time;
@@ -44,7 +44,7 @@
  
  	if (s == NULL)
  		fatal("do_exec_pty: no session");
-@@ -513,15 +536,6 @@
+@@ -511,15 +534,6 @@
  	/* Get remote host name. */
  	hostname = get_canonical_hostname();
  
@@ -60,7 +60,7 @@
  	/* Fork the child. */
  	if ((pid = fork()) == 0) {
  		pid = getpid();
-@@ -530,6 +544,22 @@
+@@ -528,6 +542,22 @@
  		   changed. */
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
  
@@ -83,7 +83,7 @@
  		/* Close the master side of the pseudo tty. */
  		close(ptyfd);
  
-@@ -573,6 +603,12 @@
+@@ -571,6 +601,12 @@
  		/* Check if .hushlogin exists. */
  		snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir);
  		quiet_login = stat(line, &st) >= 0;
@@ -96,7 +96,7 @@
  
  		/*
  		 * If the user has logged in before, display the time of last
-@@ -596,6 +632,20 @@
+@@ -594,6 +630,20 @@
  			else
  				printf("Last login: %s from %s\r\n", time_string, buf);
  		}
@@ -117,7 +117,7 @@
  		/*
  		 * Print /etc/motd unless a command was specified or printing
  		 * it was disabled in server options or login(1) will be
-@@ -605,7 +655,18 @@
+@@ -603,7 +653,18 @@
  		if (command == NULL && options.print_motd && !quiet_login &&
  		    !options.use_login) {
  			/* Print /etc/motd if it exists. */
@@ -136,17 +136,21 @@
  			if (f) {
  				while (fgets(line, sizeof(line), f))
  					fputs(line, stdout);
-@@ -743,9 +804,25 @@
+@@ -746,13 +807,29 @@
  	extern char **environ;
  	struct stat st;
  	char *argv[10];
 +#ifdef LOGIN_CAP
-+	login_cap_t *lc;
-+
-+	lc = login_getpwclass(pw);
-+	if (lc == NULL)
-+		lc = login_getclassbyname(NULL, pw);
-+#endif /* LOGIN_CAP */
++ 	login_cap_t *lc;
++ 
++ 	lc = login_getpwclass(pw);
++ 	if (lc == NULL)
++ 		lc = login_getclassbyname(NULL, pw);
++ #endif /* LOGIN_CAP */
+ 
+ 	/* login(1) is only called if we execute the login shell */
+ 	if (options.use_login && command != NULL)
+ 		options.use_login = 0;
  
  	f = fopen("/etc/nologin", "r");
 +#ifdef __FreeBSD__
@@ -162,7 +166,7 @@
  		/* /etc/nologin exists.  Print its contents and exit. */
  		while (fgets(buf, sizeof(buf), f))
  			fputs(buf, stderr);
-@@ -761,6 +838,13 @@
+@@ -768,6 +845,13 @@
  	/* Login(1) does this as well, and it needs uid 0 for the "-h"
  	   switch, so we let login(1) to this for us. */
  	if (!options.use_login) {
@@ -176,7 +180,7 @@
  		if (getuid() == 0 || geteuid() == 0) {
  			if (setgid(pw->pw_gid) < 0) {
  				perror("setgid");
-@@ -783,7 +867,14 @@
+@@ -790,7 +874,14 @@
  	 * Get the shell from the password data.  An empty shell field is
  	 * legal, and means /bin/sh.
  	 */
@@ -191,7 +195,7 @@
  
  #ifdef AFS
  	/* Try to get AFS tokens for the local cell. */
-@@ -807,7 +898,12 @@
+@@ -814,7 +905,12 @@
  		child_set_env(&env, &envsize, "USER", pw->pw_name);
  		child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
  		child_set_env(&env, &envsize, "HOME", pw->pw_dir);
@@ -204,7 +208,7 @@
  
  		snprintf(buf, sizeof buf, "%.200s/%.50s",
  			 _PATH_MAILDIR, pw->pw_name);
-@@ -896,6 +992,9 @@
+@@ -904,6 +1000,9 @@
  	 * descriptors left by system functions.  They will be closed later.
  	 */
  	endpwent();
@@ -214,7 +218,7 @@
  
  	/*
  	 * Close any extra open file descriptors so that we don\'t have them
-@@ -903,7 +1002,7 @@
+@@ -911,7 +1010,7 @@
  	 * initgroups, because at least on Solaris 2.3 it leaves file
  	 * descriptors open.
  	 */
@@ -223,7 +227,7 @@
  		close(i);
  
  	/* Change current directory to the user\'s home directory. */
-@@ -922,7 +1021,27 @@
+@@ -930,7 +1029,27 @@
  	 * in this order).
  	 */
  	if (!options.use_login) {
diff --git a/security/openssh/files/patch-ay b/security/openssh/files/patch-ay
new file mode 100644
index 000000000000..2b16a5b1eb73
--- /dev/null
+++ b/security/openssh/files/patch-ay
@@ -0,0 +1,14 @@
+--- auth2.c.orig	Tue Jun 27 14:20:06 2000
++++ auth2.c	Tue Jun 27 14:21:20 2000
+@@ -357,6 +357,11 @@
+ 		copy->pw_gid = pw->pw_gid;
+ 		copy->pw_dir = xstrdup(pw->pw_dir);
+ 		copy->pw_shell = xstrdup(pw->pw_shell);
++#ifdef __FreeBSD__
++		copy->pw_class = xstrdup(pw->pw_class);
++		copy->pw_expire = pw->pw_expire;
++		copy->pw_change = pw->pw_change;
++#endif /* __FreeBSD__ */
+ 		authctxt->valid = 1;
+ 	} else {
+ 		if (strcmp(u, authctxt->user) != 0 ||