Update to openssh-3.3

- New program ssh-keysign - New manpages for ssh_config and sshd_config - Merge Pathes to new files - Fix GCC problem with unsupported __func__ in older Releases
author: Dirk Meyer <dinoex@FreeBSD.org> 2002-06-22 12:31:18 +0000
committer: Dirk Meyer <dinoex@FreeBSD.org> 2002-06-22 12:31:18 +0000
commit: c90874ad5108bd2697d287fc3749f545840f0bd3 (patch)
tree: 7a66115f5705b936ac81a587a7c0622564d2dbb7 /security/openssh
parent: Updated to 1.07 (diff)
13 files changed, 96 insertions, 103 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index afedb14bffc3..c6040f36f702 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	openssh
-PORTVERSION=	3.2.3
-PORTREVISION=	1
+PORTVERSION=	3.3
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
 		ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
@@ -22,7 +21,8 @@ MAINTAINER=	dinoex@FreeBSD.org
 
 MAN1=		scp.1 slogin.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 \
 		ssh-keyscan.1 sftp.1
-MAN8=		sshd.8 sftp-server.8
+MAN5=		ssh_config.5 sshd_config.5
+MAN8=		sshd.8 sftp-server.8 ssh-keysign.8
 MANCOMPRESSED=	yes
 MODIFY=		ssh.h sshd_config sshd.sh pathnames.h
 FIXME=		lib/Makefile scp/Makefile sftp/Makefile sftp-server/Makefile \
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index b4d0760d40d5..4d4f78bceeb7 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,2 +1,2 @@
-MD5 (openssh-3.2.3.tgz) = 778b0ff9dd86a61eb40c89409d359fcc
-MD5 (openbsd28_3.2.3.patch) = 187fc78696a650763607dc44d993e1fd
+MD5 (openssh-3.3.tgz) = f75f98b8c901c07f38710959da94a73b
+MD5 (openbsd28_3.3.patch) = d3cf2655df4a0b9d0624d1e5893c4324
diff --git a/security/openssh/files/patch-auth2-passwd.c b/security/openssh/files/patch-auth2-passwd.c
new file mode 100644
index 000000000000..da16a83e48f2
--- /dev/null
+++ b/security/openssh/files/patch-auth2-passwd.c
@@ -0,0 +1,14 @@
+--- auth2-passwd.c.orig	Fri May 31 13:35:15 2002
++++ auth2-passwd.c	Fri Jun 21 22:54:05 2002
+@@ -48,7 +48,11 @@
+ 	password = packet_get_string(&len);
+ 	packet_check_eom();
+ 	if (authctxt->valid &&
++#ifdef USE_PAM
++	    PRIVSEP(auth_pam_password(authctxt, password)) == 1)
++#else
+ 	    PRIVSEP(auth_password(authctxt, password)) == 1)
++#endif
+ 		authenticated = 1;
+ 	memset(password, 0, len);
+ 	xfree(password);
diff --git a/security/openssh/files/patch-auth2.c b/security/openssh/files/patch-auth2.c
index 5359ba294756..23683cd1f3a2 100644
--- a/security/openssh/files/patch-auth2.c
+++ b/security/openssh/files/patch-auth2.c
@@ -1,6 +1,6 @@
---- auth2.c.orig	Mon May 13 04:37:39 2002
-+++ auth2.c	Thu May 23 13:11:43 2002
-@@ -168,6 +168,15 @@
+--- auth2.c.orig	Fri May 31 13:35:15 2002
++++ auth2.c	Fri Jun 21 22:49:07 2002
+@@ -133,6 +133,15 @@
  	Authmethod *m = NULL;
  	char *user, *service, *method, *style = NULL;
  	int authenticated = 0;
@@ -16,7 +16,7 @@
  
  	if (authctxt == NULL)
  		fatal("input_userauth_request: no authctxt");
-@@ -187,6 +196,11 @@
+@@ -152,6 +161,11 @@
  		if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
  			authctxt->valid = 1;
  			debug2("input_userauth_request: setting up authctxt for %s", user);
@@ -28,7 +28,7 @@
  		} else {
  			log("input_userauth_request: illegal user %s", user);
  		}
-@@ -203,6 +217,41 @@
+@@ -168,6 +182,41 @@
  		    "(%s,%s) -> (%s,%s)",
  		    authctxt->user, authctxt->service, user, service);
  	}
@@ -70,7 +70,7 @@
  	/* reset state */
  	auth2_challenge_stop(authctxt);
  	authctxt->postponed = 0;
-@@ -213,6 +262,12 @@
+@@ -178,6 +227,12 @@
  		debug2("input_userauth_request: try method %s", method);
  		authenticated =	m->userauth(authctxt);
  	}
@@ -83,15 +83,3 @@
  	userauth_finish(authctxt, authenticated, method);
  
  	xfree(service);
-@@ -321,7 +376,11 @@
- 		m->enabled = NULL;
- 	packet_check_eom();
- 	userauth_banner();
-+#ifdef USE_PAM
-+	return (authctxt->valid ? PRIVSEP(auth_pam_password(authctxt, "")) : 0);
-+#else
- 	return (authctxt->valid ? PRIVSEP(auth_password(authctxt, "")) : 0);
-+#endif
- }
- 
- static int
diff --git a/security/openssh/files/patch-includes.h b/security/openssh/files/patch-includes.h
index dd24de4adc86..d3c5bd40d2ad 100644
--- a/security/openssh/files/patch-includes.h
+++ b/security/openssh/files/patch-includes.h
@@ -1,5 +1,5 @@
 --- includes.h.orig	Sat Jan 26 17:44:22 2002
-+++ includes.h	Fri May 24 08:21:58 2002
++++ includes.h	Sat Jun 22 12:17:34 2002
 @@ -24,12 +24,12 @@
  #include <sys/select.h>
  #include <sys/param.h>
@@ -22,7 +22,7 @@
  #include <stdio.h>
  #include <ctype.h>
  #include <errno.h>
-@@ -62,5 +61,64 @@
+@@ -62,5 +61,68 @@
   * client program.  Socketpairs do not seem to work on all systems.
   */
  #define USE_PIPES 1
@@ -84,6 +84,10 @@
 +#define CMSG_SPACE(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + __CMSG_ALIGN(len))
 +#endif
 +
++#ifndef __func__
++#define	__func__	__FUNCTION__
++#endif
++
 +#endif
  
  #endif				/* INCLUDES_H */
diff --git a/security/openssh/files/patch-session.c b/security/openssh/files/patch-session.c
index 932ab1e51c3d..451e4d363d76 100644
--- a/security/openssh/files/patch-session.c
+++ b/security/openssh/files/patch-session.c
@@ -1,5 +1,5 @@
---- session.c.orig	Thu May 23 13:15:39 2002
-+++ session.c	Thu May 23 13:31:48 2002
+--- session.c.orig	Fri Jun 21 22:54:44 2002
++++ session.c	Fri Jun 21 22:56:28 2002
 @@ -58,6 +58,13 @@
  #include "session.h"
  #include "monitor_wrap.h"
@@ -14,7 +14,7 @@
  /* func */
  
  Session *session_new(void);
-@@ -346,6 +353,10 @@
+@@ -437,6 +444,10 @@
  	if (s == NULL)
  		fatal("do_exec_no_pty: no session");
  
@@ -25,7 +25,7 @@
  	session_proctitle(s);
  
  	/* Fork the child. */
-@@ -354,6 +365,13 @@
+@@ -445,6 +456,13 @@
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
  
  		/*
@@ -39,7 +39,7 @@
  		 * Create a new session and process group since the 4.4BSD
  		 * setlogin() affects the entire process group.
  		 */
-@@ -454,11 +472,24 @@
+@@ -545,11 +563,24 @@
  	ptyfd = s->ptyfd;
  	ttyfd = s->ttyfd;
  
@@ -64,7 +64,7 @@
  		/* Close the master side of the pseudo tty. */
  		close(ptyfd);
  
-@@ -547,6 +578,18 @@
+@@ -638,6 +669,18 @@
  	struct sockaddr_storage from;
  	struct passwd * pw = s->pw;
  	pid_t pid = getpid();
@@ -83,7 +83,7 @@
  
  	/*
  	 * Get IP address of client. If the connection is not a socket, let
-@@ -569,10 +612,97 @@
+@@ -660,10 +703,97 @@
  		    options.verify_reverse_mapping),
  		    (struct sockaddr *)&from);
  
@@ -182,7 +182,7 @@
  		time_string = ctime(&s->last_login_time);
  		if (strchr(time_string, '\n'))
  			*strchr(time_string, '\n') = 0;
-@@ -583,7 +713,30 @@
+@@ -674,7 +804,30 @@
  			    s->hostname);
  	}
  
@@ -214,7 +214,7 @@
  }
  
  /*
-@@ -599,9 +752,9 @@
+@@ -690,9 +843,9 @@
  #ifdef HAVE_LOGIN_CAP
  		f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
  		    "/etc/motd"), "r");
@@ -226,7 +226,7 @@
  		if (f) {
  			while (fgets(buf, sizeof(buf), f))
  				fputs(buf, stdout);
-@@ -628,10 +781,10 @@
+@@ -719,10 +872,10 @@
  #ifdef HAVE_LOGIN_CAP
  	if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
  		return 1;
@@ -239,7 +239,7 @@
  	return 0;
  }
  
-@@ -729,6 +882,10 @@
+@@ -820,6 +973,10 @@
  	env[0] = NULL;
  
  	if (!options.use_login) {
@@ -250,7 +250,7 @@
  		/* Set basic environment. */
  		child_set_env(&env, &envsize, "USER", pw->pw_name);
  		child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
-@@ -736,9 +893,15 @@
+@@ -827,9 +984,15 @@
  #ifdef HAVE_LOGIN_CAP
  		(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
  		child_set_env(&env, &envsize, "PATH", getenv("PATH"));
@@ -268,7 +268,7 @@
  
  		snprintf(buf, sizeof buf, "%.200s/%.50s",
  			 _PATH_MAILDIR, pw->pw_name);
-@@ -791,6 +954,11 @@
+@@ -882,6 +1045,10 @@
  		child_set_env(&env, &envsize, "KRB5CCNAME",
  		    s->authctxt->krb5_ticket_file);
  #endif
@@ -276,11 +276,10 @@
 +	/* Pull in any environment variables that may have been set by PAM. */
 +	do_pam_environment(&env, &envsize);
 +#endif /* USE_PAM */
-+
- 	if (auth_get_socket_name() != NULL)
+ 	if (auth_sock_name != NULL)
  		child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
- 		    auth_get_socket_name());
-@@ -947,6 +1115,36 @@
+ 		    auth_sock_name);
+@@ -1038,6 +1205,36 @@
  	exit(1);
  }
  
@@ -317,7 +316,7 @@
  /*
   * Performs common processing for the child, such as setting up the
   * environment, closing extra file descriptors, setting the user and group
-@@ -1025,7 +1223,7 @@
+@@ -1116,7 +1313,7 @@
  	 * initgroups, because at least on Solaris 2.3 it leaves file
  	 * descriptors open.
  	 */
@@ -326,7 +325,7 @@
  		close(i);
  
  	/*
-@@ -1055,6 +1253,31 @@
+@@ -1146,6 +1343,31 @@
  			exit(1);
  #endif
  	}
diff --git a/security/openssh/files/patch-ssh-Makefile b/security/openssh/files/patch-ssh-Makefile
index d988af43f124..5ab9b12d987b 100644
--- a/security/openssh/files/patch-ssh-Makefile
+++ b/security/openssh/files/patch-ssh-Makefile
@@ -1,17 +1,18 @@
---- ssh/Makefile.orig	Tue Mar  5 01:49:51 2002
-+++ ssh/Makefile	Sun Mar 17 14:58:13 2002
-@@ -7,8 +7,8 @@
+--- ssh/Makefile.orig	Thu Jun 20 21:56:07 2002
++++ ssh/Makefile	Fri Jun 21 22:59:47 2002
+@@ -7,8 +7,9 @@
  
- BINMODE?=4555
+ #BINMODE?=4555
  
 -BINDIR=	/usr/bin
--MAN=	ssh.1
+-MAN=	ssh.1 ssh_config.5
 +BINDIR=	/bin
 +MAN1=	ssh.1
++MAN5=	ssh_config.5
  LINKS=	${BINDIR}/ssh ${BINDIR}/slogin
  MLINKS=	ssh.1 slogin.1
  
-@@ -16,6 +16,7 @@
+@@ -16,6 +17,7 @@
  	sshconnect.c sshconnect1.c sshconnect2.c
  
  .include <bsd.own.mk> # for AFS
@@ -19,7 +20,7 @@
  
  .if (${KERBEROS5:L} == "yes")
  CFLAGS+= -DKRB5 -I${DESTDIR}/usr/include/kerberosV
-@@ -24,8 +25,8 @@
+@@ -24,8 +26,8 @@
  .endif # KERBEROS5
  
  .if (${KERBEROS:L} == "yes")
@@ -30,11 +31,11 @@
  DPADD+=	 ${LIBKRB}
  .if (${AFS:L} == "yes")
  CFLAGS+= -DAFS
-@@ -36,5 +37,5 @@
+@@ -36,5 +38,5 @@
  
  .include <bsd.prog.mk>
  
 -LDADD+=	-lcrypto -lz -ldes
--DPADD+=	${LIBCRYPTO} ${LIBZ}
+-DPADD+=	${LIBCRYPTO} ${LIBZ} ${LIBDES}
 +LDADD+= ${CRYPTOLIBS} -lcrypt -lutil -lz
 +DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ}
diff --git a/security/openssh/files/patch-ssh-keysign-Makefile b/security/openssh/files/patch-ssh-keysign-Makefile
new file mode 100644
index 000000000000..0ac135575072
--- /dev/null
+++ b/security/openssh/files/patch-ssh-keysign-Makefile
@@ -0,0 +1,19 @@
+--- ssh-keysign/Makefile.orig	Fri May 31 12:30:33 2002
++++ ssh-keysign/Makefile	Sat Jun 22 12:38:35 2002
+@@ -7,12 +7,12 @@
+ 
+ BINMODE?=4555
+ 
+-BINDIR=	/usr/libexec
+-MAN=	ssh-keysign.8
++BINDIR=	/libexec
++MAN8=	ssh-keysign.8
+ 
+ SRCS=	ssh-keysign.c
+ 
+ .include <bsd.prog.mk>
+ 
+-LDADD+=	-lcrypto -lz
+-DPADD+=	${LIBCRYPTO} ${LIBZ}
++LDADD+= ${CRYPTOLIBS} -lcrypt -lz
++DPADD+= ${LIBCRYPTO} ${LIBZ}
diff --git a/security/openssh/files/patch-ssh.c b/security/openssh/files/patch-ssh.c
deleted file mode 100644
index a55517683cfa..000000000000
--- a/security/openssh/files/patch-ssh.c
+++ /dev/null
@@ -1,12 +0,0 @@
---- ssh.c.orig	Tue Apr 17 14:55:04 2001
-+++ ssh.c	Sat May 26 15:05:28 2001
-@@ -199,6 +199,9 @@
- 	log("Using rsh.  WARNING: Connection will not be encrypted.");
- 	/* Build argument list for rsh. */
- 	i = 0;
-+#ifndef	_PATH_RSH
-+#define	_PATH_RSH	"/usr/bin/rsh"
-+#endif
- 	args[i++] = _PATH_RSH;
- 	/* host may have to come after user on some systems */
- 	args[i++] = host;
diff --git a/security/openssh/files/patch-sshconnect.c b/security/openssh/files/patch-sshconnect.c
index 3b0017faab5b..d3e2e03ca080 100644
--- a/security/openssh/files/patch-sshconnect.c
+++ b/security/openssh/files/patch-sshconnect.c
@@ -1,28 +1,6 @@
---- sshconnect.c.orig	Mon Jan 21 16:13:51 2002
-+++ sshconnect.c	Fri Mar  8 18:14:50 2002
-@@ -43,15 +43,21 @@
- sockaddr_ntop(struct sockaddr *sa)
- {
- 	void *addr;
-+#ifdef INET6
- 	static char addrbuf[INET6_ADDRSTRLEN];
-+#else
-+	static char addrbuf[INET_ADDRSTRLEN];
-+#endif
- 
- 	switch (sa->sa_family) {
- 	case AF_INET:
- 		addr = &((struct sockaddr_in *)sa)->sin_addr;
- 		break;
-+#ifdef INET6
- 	case AF_INET6:
- 		addr = &((struct sockaddr_in6 *)sa)->sin6_addr;
- 		break;
-+#endif
- 	default:
- 		/* This case should be protected against elsewhere */
- 		abort();	/* XXX abort is bad -- do something else */
-@@ -291,7 +297,11 @@
+--- sshconnect.c.orig	Wed Jun 19 02:27:55 2002
++++ sshconnect.c	Fri Jun 21 23:02:29 2002
+@@ -279,7 +279,11 @@
  		/* Loop through addresses for this host, and try each one in
  		   sequence until the connection succeeds. */
  		for (ai = aitop; ai; ai = ai->ai_next) {
@@ -34,7 +12,7 @@
  				continue;
  			if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
  			    ntop, sizeof(ntop), strport, sizeof(strport),
-@@ -537,10 +547,12 @@
+@@ -516,10 +520,12 @@
  		local = (ntohl(((struct sockaddr_in *)hostaddr)->
  		   sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
  		break;
diff --git a/security/openssh/files/patch-sshd-Makefile b/security/openssh/files/patch-sshd-Makefile
index f50ffc148958..de200f14054a 100644
--- a/security/openssh/files/patch-sshd-Makefile
+++ b/security/openssh/files/patch-sshd-Makefile
@@ -1,18 +1,19 @@
---- sshd/Makefile.orig	Thu May 23 13:33:56 2002
-+++ sshd/Makefile	Thu May 23 13:36:15 2002
-@@ -5,8 +5,8 @@
+--- sshd/Makefile.orig	Fri Jun 21 23:06:22 2002
++++ sshd/Makefile	Fri Jun 21 23:06:56 2002
+@@ -5,8 +5,9 @@
  PROG=	sshd
  BINOWN=	root
  BINMODE=555
 -BINDIR=	/usr/sbin
--MAN=	sshd.8
+-MAN=	sshd.8 sshd_config.5
 +BINDIR=	/sbin
 +MAN8=	sshd.8
++MAN5=	sshd_config.5
+ #CFLAGS+=-DHAVE_LOGIN_CAP -DBSD_AUTH
  CFLAGS+=-DHAVE_LOGIN_CAP
- #CFLAGS+=-DBSD_AUTH
  
-@@ -17,9 +17,10 @@
- 	auth-skey.c auth-bsdauth.c monitor_mm.c monitor.c
+@@ -19,9 +20,10 @@
+ 	auth2-hostbased.c auth2-kbdint.c
  
  .include <bsd.own.mk> # for KERBEROS and AFS
 +.include "../Makefile.inc"
@@ -23,7 +24,7 @@
  SRCS+=  auth-krb5.c
  LDADD+= -lkrb5 -lkafs -lasn1 -lcom_err
  DPADD+= ${LIBKRB5} ${LIBKAFS} ${LIBASN1} ${LIBCOM_ERR}
-@@ -31,15 +32,15 @@
+@@ -33,15 +35,15 @@
  LDADD+=  -lkafs
  DPADD+=  ${LIBKAFS}
  .endif # AFS
diff --git a/security/openssh/files/patch-sshd_config b/security/openssh/files/patch-sshd_config
index 01317a3a5eea..514a9fd7336a 100644
--- a/security/openssh/files/patch-sshd_config
+++ b/security/openssh/files/patch-sshd_config
@@ -1,5 +1,5 @@
---- sshd_config.orig	Thu May 23 13:37:04 2002
-+++ sshd_config	Thu May 23 13:38:05 2002
+--- sshd_config.orig	Fri Jun 21 23:07:45 2002
++++ sshd_config	Fri Jun 21 23:08:26 2002
 @@ -30,8 +30,10 @@
  
  # Authentication:
@@ -18,6 +18,6 @@
  #KeepAlive yes
  #UseLogin no
 +UseLogin yes
- #UsePrivilegeSeparation no
+ #UsePrivilegeSeparation yes
+ #Compression yes
  
- #MaxStartups 10
diff --git a/security/openssh/pkg-plist b/security/openssh/pkg-plist
index 7c32f6d1a747..317a71167115 100644
--- a/security/openssh/pkg-plist
+++ b/security/openssh/pkg-plist
@@ -16,6 +16,7 @@ etc/sshd_config-dist
 @exec [ ! -f %D/etc/sshd_config ] && cp %D/etc/sshd_config-dist %D/etc/sshd_config
 sbin/sshd
 libexec/sftp-server
+libexec/ssh-keysign
 libdata/ssh/Ssh.bin
 @dirrm libdata/ssh
 @exec if [ ! -f %D/etc/ssh_host_key ]; then echo ">> Generating a secret RSA1 host key."; %D/bin/ssh-keygen -t rsa1 -N "" -f %D/etc/ssh_host_key; fi
author	Dirk Meyer <dinoex@FreeBSD.org>	2002-06-22 12:31:18 +0000
committer	Dirk Meyer <dinoex@FreeBSD.org>	2002-06-22 12:31:18 +0000
commit	c90874ad5108bd2697d287fc3749f545840f0bd3 (patch)
tree	7a66115f5705b936ac81a587a7c0622564d2dbb7 /security/openssh
parent	Updated to 1.07 (diff)