Update from ssh-1.2.19 to ssh-1.2.20. All patches applied still, I just

regenerated them to fix the line numbers. Also, I added two commented out options in Makefile, one to tell sshd that a group writeable homedir is OK because all users are in their own group, and the other is to allow an unencrypted connection (which is dangerous since it can lead to compromise of keys), but on a secure network it's damn useful for backups etc.
author: Peter Wemm <peter@FreeBSD.org> 1997-04-25 05:01:06 +0000
committer: Peter Wemm <peter@FreeBSD.org> 1997-04-25 05:01:06 +0000
commit: 25c2756dd915624a8150b4bc591cad97450be717 (patch)
tree: 812b9d2987b23cae54cc136d1401528831fee326 /security/ssh
parent: #include <sys/types.h> before <utmp.h> if __FreeBSD__ >= 3. Note there (diff)
6 files changed, 76 insertions, 67 deletions
diff --git a/security/ssh/Makefile b/security/ssh/Makefile
index f06d971948e9..d00ccc3401ba 100644
--- a/security/ssh/Makefile
+++ b/security/ssh/Makefile
@@ -1,16 +1,16 @@
 # New ports collection makefile for:	ssh
-# Version required:     1.2.19
+# Version required:     1.2.20
 # Date created:		30 Jul 1995
 # Whom:			torstenb@FreeBSD.ORG
 #
-# $Id: Makefile,v 1.38 1997/04/16 19:48:09 ache Exp $
+# $Id: Makefile,v 1.39 1997/04/20 13:53:01 wosch Exp $
 #
 # Maximal ssh package requires YES values for
 # USE_PERL, USE_TCPWRAP
 #
 
-DISTNAME=       ssh-1.2.19
-CATEGORIES=	security net perl5
+DISTNAME=       ssh-1.2.20
+CATEGORIES=	security net
 MASTER_SITES=   ftp://ftp.funet.fi/pub/unix/security/login/ssh/
 
 MAINTAINER=	torstenb@FreeBSD.ORG
@@ -35,6 +35,15 @@ GNU_CONFIGURE=	YES
 
 CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc
 
+#Uncomment if all your users are in their own group and their homedir
+#is writeable by that group.  Beware the security implications!
+#CONFIGURE_ARGS+= --enable-group-writeability
+
+#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection
+#over a secure medium.  This is normally dangerous since it can lead to the
+#disclosure keys and passwords.
+#CONFIGURE_ARGS+= --with-none
+
 .if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
 CONFIGURE_ARGS+= --with-rsaref
 .endif
diff --git a/security/ssh/distinfo b/security/ssh/distinfo
index b921c3e7c359..b41c04c76fe8 100644
--- a/security/ssh/distinfo
+++ b/security/ssh/distinfo
@@ -1,2 +1,2 @@
-MD5 (ssh-1.2.19.tar.gz) = a7a1b400788173b548f1c04642a52396
+MD5 (ssh-1.2.20.tar.gz) = 11d88175e5d6d9d59bea0a70330bcab4
 MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d
diff --git a/security/ssh/files/patch-aa b/security/ssh/files/patch-aa
index 3ef8ce98cc1e..83e9968ac319 100644
--- a/security/ssh/files/patch-aa
+++ b/security/ssh/files/patch-aa
@@ -1,7 +1,7 @@
-*** make-ssh-known-hosts.pl.in.orig	Thu Mar 27 09:04:06 1997
---- make-ssh-known-hosts.pl.in	Fri Mar 28 15:11:19 1997
+*** make-ssh-known-hosts.pl.in.orig	Wed Apr 23 08:40:05 1997
+--- make-ssh-known-hosts.pl.in	Fri Apr 25 12:38:21 1997
 ***************
-*** 84,90 ****
+*** 87,93 ****
   $debug = 5;
   $defserver = '';
   $bell='\a';
@@ -9,7 +9,7 @@
   $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$";
   $timeout = 60;
   $ping_timeout = 3;
---- 84,90 ----
+--- 87,93 ----
   $debug = 5;
   $defserver = '';
   $bell='\a';
diff --git a/security/ssh/files/patch-ac b/security/ssh/files/patch-ac
index 6823f8a5bd28..90cc133acd97 100644
--- a/security/ssh/files/patch-ac
+++ b/security/ssh/files/patch-ac
@@ -1,7 +1,7 @@
-*** Makefile.in.orig	Sun Apr  6 03:56:58 1997
---- Makefile.in	Wed Apr 16 22:59:17 1997
+*** Makefile.in.orig	Wed Apr 23 08:40:06 1997
+--- Makefile.in	Fri Apr 25 12:39:38 1997
 ***************
-*** 229,240 ****
+*** 237,248 ****
   SHELL = /bin/sh
   
   GMPDIR 		= gmp-2.0.2-ssh-2
@@ -14,7 +14,7 @@
   
   RSAREFDIR	= rsaref2
   RSAREFSRCDIR 	= $(RSAREFDIR)/source
---- 229,246 ----
+--- 237,254 ----
   SHELL = /bin/sh
   
   GMPDIR 		= gmp-2.0.2-ssh-2
@@ -34,7 +34,7 @@
   RSAREFDIR	= rsaref2
   RSAREFSRCDIR 	= $(RSAREFDIR)/source
 ***************
-*** 328,334 ****
+*** 336,342 ****
   	$(CC) -o rfc-pg rfc-pg.o
   
   .c.o:
@@ -42,7 +42,7 @@
   
   sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
   	-rm -f sshd
---- 334,340 ----
+--- 342,348 ----
   	$(CC) -o rfc-pg rfc-pg.o
   
   .c.o:
@@ -51,7 +51,7 @@
   sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
   	-rm -f sshd
 ***************
-*** 365,383 ****
+*** 373,391 ****
   	sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
   	chmod +x make-ssh-known-hosts
   
@@ -71,7 +71,7 @@
   
   $(RSAREFSRCDIR)/librsaref.a:
   	-if test '!' -d $(RSAREFDIR); then \
---- 371,389 ----
+--- 379,397 ----
   	sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
   	chmod +x make-ssh-known-hosts
   
@@ -92,7 +92,7 @@
   $(RSAREFSRCDIR)/librsaref.a:
   	-if test '!' -d $(RSAREFDIR); then \
 ***************
-*** 434,440 ****
+*** 442,448 ****
   # (otherwise it can only log in as the user it runs as, and must be
   # bound to a non-privileged port).  Also, password authentication may
   # not be available if non-root and using shadow passwords.
@@ -100,7 +100,7 @@
   	-rm -f $(install_prefix)$(bindir)/ssh.old
   	-mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old
   	-chmod 755 $(install_prefix)$(bindir)/ssh.old
---- 440,446 ----
+--- 448,454 ----
   # (otherwise it can only log in as the user it runs as, and must be
   # bound to a non-privileged port).  Also, password authentication may
   # not be available if non-root and using shadow passwords.
@@ -109,7 +109,7 @@
   	-mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old
   	-chmod 755 $(install_prefix)$(bindir)/ssh.old
 ***************
-*** 543,569 ****
+*** 551,577 ****
   
   clean:
   	-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
@@ -137,7 +137,7 @@
   	tar pcf $(DISTNAME).tar $(DISTNAME)
   	-rm -f $(DISTNAME).tar.gz
   	gzip $(DISTNAME).tar
---- 549,575 ----
+--- 557,583 ----
   
   clean:
   	-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
@@ -166,7 +166,7 @@
   	-rm -f $(DISTNAME).tar.gz
   	gzip $(DISTNAME).tar
 ***************
-*** 575,581 ****
+*** 583,589 ****
   	 (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
   
   depend:
@@ -174,7 +174,7 @@
   
   tags:
   	-rm -f TAGS
---- 581,587 ----
+--- 589,595 ----
   	 (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
   
   depend:
diff --git a/security/ssh/files/patch-af b/security/ssh/files/patch-af
index 94bfa1563a51..5e3eb7c79f92 100644
--- a/security/ssh/files/patch-af
+++ b/security/ssh/files/patch-af
@@ -1,8 +1,8 @@
-*** sshd.c.orig	Sun Apr  6 03:57:00 1997
---- sshd.c	Wed Apr 16 23:27:28 1997
+*** sshd.c.orig	Wed Apr 23 08:40:08 1997
+--- sshd.c	Fri Apr 25 12:40:20 1997
 ***************
-*** 379,384 ****
---- 379,388 ----
+*** 400,405 ****
+--- 400,409 ----
   #include "firewall.h"	/* TIS authsrv authentication */
   #endif
   
@@ -14,8 +14,8 @@
   #define DEFAULT_SHELL		_PATH_BSHELL
   #else
 ***************
-*** 2617,2622 ****
---- 2621,2629 ----
+*** 2654,2659 ****
+--- 2658,2666 ----
     struct sockaddr_in from;
     int fromlen;
     struct pty_cleanup_context cleanup_context;
@@ -26,7 +26,7 @@
     /* We no longer need the child running on user's privileges. */
     userfile_uninit();
 ***************
-*** 2688,2698 ****
+*** 2725,2735 ****
         record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, 
   		   &from);
   
@@ -38,7 +38,7 @@
         /* If the user has logged in before, display the time of last login. 
            However, don't display anything extra if a command has been 
   	 specified (so that ssh can be used to execute commands on a remote
---- 2695,2713 ----
+--- 2732,2750 ----
         record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, 
   		   &from);
   
@@ -59,8 +59,8 @@
            However, don't display anything extra if a command has been 
   	 specified (so that ssh can be used to execute commands on a remote
 ***************
-*** 2712,2717 ****
---- 2727,2755 ----
+*** 2749,2754 ****
+--- 2764,2792 ----
   	    printf("Last login: %s from %s\r\n", time_string, buf);
   	}
   
@@ -91,8 +91,8 @@
   	 disabled in server options.  Note that some machines appear to
   	 print it in /etc/profile or similar. */
 ***************
-*** 2721,2727 ****
---- 2759,2769 ----
+*** 2758,2764 ****
+--- 2796,2806 ----
   	  FILE *f;
   
   	  /* Print /etc/motd if it exists. */
@@ -105,8 +105,8 @@
   	    {
   	      while (fgets(line, sizeof(line), f))
 ***************
-*** 2729,2734 ****
---- 2771,2799 ----
+*** 2766,2771 ****
+--- 2808,2836 ----
   	      fclose(f);
   	    }
   	}
@@ -137,7 +137,7 @@
         /* Do common processing for the child, such as execing the command. */
         do_child(command, pw, term, display, auth_proto, auth_data, ttyname);
 ***************
-*** 2986,2992 ****
+*** 3017,3023 ****
     char *user_shell;
     char *remote_ip;
     int remote_port;
@@ -145,7 +145,7 @@
     /* Check /etc/nologin. */
     f = fopen("/etc/nologin", "r");
     if (f)
---- 3051,3063 ----
+--- 3082,3094 ----
     char *user_shell;
     char *remote_ip;
     int remote_port;
@@ -160,8 +160,8 @@
     f = fopen("/etc/nologin", "r");
     if (f)
 ***************
-*** 3000,3005 ****
---- 3071,3077 ----
+*** 3031,3036 ****
+--- 3102,3108 ----
         if (pw->pw_uid != UID_ROOT)
   	exit(254);
       }
@@ -170,7 +170,7 @@
     if (command != NULL)
       {
 ***************
-*** 3012,3018 ****
+*** 3043,3049 ****
         else
   	log_msg("executing remote command as user %.200s", pw->pw_name);
       }
@@ -178,7 +178,7 @@
   #ifdef HAVE_SETLOGIN
     /* Set login name in the kernel.  Warning: setsid() must be called before
        this. */
---- 3084,3091 ----
+--- 3115,3122 ----
         else
   	log_msg("executing remote command as user %.200s", pw->pw_name);
       }
@@ -188,8 +188,8 @@
     /* Set login name in the kernel.  Warning: setsid() must be called before
        this. */
 ***************
-*** 3033,3038 ****
---- 3106,3112 ----
+*** 3064,3069 ****
+--- 3137,3143 ----
     if (setpcred((char *)pw->pw_name, NULL))
       log_msg("setpcred %.100s: %.100s", strerror(errno));
   #endif /* HAVE_USERSEC_H */
@@ -198,8 +198,8 @@
     /* Save some data that will be needed so that we can do certain cleanups
        before we switch to user's uid.  (We must clear all sensitive data 
 ***************
-*** 3103,3108 ****
---- 3177,3240 ----
+*** 3134,3139 ****
+--- 3208,3271 ----
     if (command != NULL || !options.use_login)
   #endif /* USELOGIN */
       {
@@ -265,8 +265,8 @@
         if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
   	{ 
 ***************
-*** 3134,3139 ****
---- 3266,3272 ----
+*** 3165,3170 ****
+--- 3297,3303 ----
         
         if (getuid() != user_uid || geteuid() != user_uid)
   	fatal("Failed to set uids to %d.", (int)user_uid);
@@ -275,8 +275,8 @@
     
     /* Reset signals to their default settings before starting the user
 ***************
-*** 3144,3154 ****
---- 3277,3292 ----
+*** 3175,3185 ****
+--- 3308,3323 ----
        and means /bin/sh. */
     shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell;
   
@@ -294,8 +294,8 @@
   #ifdef USELOGIN
     if (command != NULL || !options.use_login)
 ***************
-*** 3158,3163 ****
---- 3296,3303 ----
+*** 3189,3194 ****
+--- 3327,3334 ----
         child_set_env(&env, &envsize, "HOME", user_dir);
         child_set_env(&env, &envsize, "USER", user_name);
         child_set_env(&env, &envsize, "LOGNAME", user_name);
@@ -305,8 +305,8 @@
         
   #ifdef MAIL_SPOOL_DIRECTORY
 ***************
-*** 3169,3174 ****
---- 3309,3315 ----
+*** 3200,3205 ****
+--- 3340,3346 ----
         child_set_env(&env, &envsize, "MAIL", buf);
   #endif /* MAIL_SPOOL_FILE */
   #endif /* MAIL_SPOOL_DIRECTORY */
@@ -315,8 +315,8 @@
   #ifdef HAVE_ETC_DEFAULT_LOGIN
         /* Read /etc/default/login; this exists at least on Solaris 2.x.  Note
 ***************
-*** 3184,3192 ****
---- 3325,3335 ----
+*** 3215,3223 ****
+--- 3356,3366 ----
       child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
   		  original_command);
     
@@ -329,8 +329,8 @@
     /* Set custom environment options from RSA authentication. */
     while (custom_environment) 
 ***************
-*** 3406,3412 ****
---- 3549,3559 ----
+*** 3437,3443 ****
+--- 3580,3590 ----
   	  /* Execute the shell. */
   	  argv[0] = buf;
   	  argv[1] = NULL;
@@ -343,8 +343,8 @@
   	  perror(shell);
   	  exit(1);
 ***************
-*** 3427,3433 ****
---- 3574,3584 ----
+*** 3458,3464 ****
+--- 3605,3615 ----
     argv[1] = "-c";
     argv[2] = (char *)command;
     argv[3] = NULL;
diff --git a/security/ssh/files/patch-al b/security/ssh/files/patch-al
index 9b8ef9f85303..1da799c26ac5 100644
--- a/security/ssh/files/patch-al
+++ b/security/ssh/files/patch-al
@@ -1,8 +1,8 @@
-*** sshconnect.c.orig	Sun Apr  6 03:57:04 1997
---- sshconnect.c	Wed Apr 16 23:04:17 1997
+*** sshconnect.c.orig	Wed Apr 23 08:40:11 1997
+--- sshconnect.c	Fri Apr 25 12:41:59 1997
 ***************
-*** 302,307 ****
---- 302,313 ----
+*** 311,316 ****
+--- 311,322 ----
       {
         struct sockaddr_in sin;
         int p;
@@ -16,8 +16,8 @@
   	{
   	  sock = socket(AF_INET, SOCK_STREAM, 0);
 ***************
-*** 329,334 ****
---- 335,341 ----
+*** 338,343 ****
+--- 344,350 ----
   	    }
   	  fatal("bind: %.100s", strerror(errno));
   	}
author	Peter Wemm <peter@FreeBSD.org>	1997-04-25 05:01:06 +0000
committer	Peter Wemm <peter@FreeBSD.org>	1997-04-25 05:01:06 +0000
commit	25c2756dd915624a8150b4bc591cad97450be717 (patch)
tree	812b9d2987b23cae54cc136d1401528831fee326 /security/ssh
parent	#include <sys/types.h> before <utmp.h> if __FreeBSD__ >= 3. Note there (diff)