summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorDirk Meyer <dinoex@FreeBSD.org>2002-05-31 07:28:46 +0000
committerDirk Meyer <dinoex@FreeBSD.org>2002-05-31 07:28:46 +0000
commitf4eb252ac6f0d7338803b39c6a619b398d650910 (patch)
treed197d8ac19cf29f589c3b2723fdec073a7325413 /security
parentReally fix the build on alpha. Seems alpha does not have fpresetsticky. (diff)
Update to OpenSSH 3.2.3
- patch openssh-3.1-adv.token.patch is now obsolete. - remerged PAM changes form previous port - declare CMSG_* macros. - fixed bad type in function input_userauth_passwd_changereq Update to OpenSSH-portable-3.2.3p1 - patch openssh-3.1p1-adv.token.patch is now obsolete - keep previously declared CONFIGURE_ARGS - remove openssh-mit-krb5-20020326.diff (should be in the distribution now) - patch patch-readpassphrase.c is now in teh distribution - merged previous patches. - extend CONFIGURE_ARGS so it find OPENSSL again. - new patches for GSSAPI, not fully tested. If you have the patch applied: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/36080 Builds with openssl-0.9.6d under: 2.2.8-RELEASE 3.2-RELEASE 4.2-RELEASE 4.6-RC
Notes
Notes: svn path=/head/; revision=60339
Diffstat (limited to 'security')
-rw-r--r--security/hpn-ssh/Makefile17
-rw-r--r--security/hpn-ssh/distinfo7
-rw-r--r--security/hpn-ssh/files/patch-readpassphrase.c25
-rw-r--r--security/hpn-ssh/files/patch-session.c50
-rw-r--r--security/openssh-portable/Makefile17
-rw-r--r--security/openssh-portable/distinfo7
-rw-r--r--security/openssh-portable/files/patch-readpassphrase.c25
-rw-r--r--security/openssh-portable/files/patch-session.c50
-rw-r--r--security/openssh/Makefile5
-rw-r--r--security/openssh/distinfo5
-rw-r--r--security/openssh/files/patch-auth1.c19
-rw-r--r--security/openssh/files/patch-auth2.c23
-rw-r--r--security/openssh/files/patch-includes.h22
-rw-r--r--security/openssh/files/patch-lib-Makefile21
-rw-r--r--security/openssh/files/patch-session.c66
-rw-r--r--security/openssh/files/patch-sshconnect2.c11
-rw-r--r--security/openssh/files/patch-sshd-Makefile12
-rw-r--r--security/openssh/files/patch-sshd_config8
18 files changed, 168 insertions, 222 deletions
diff --git a/security/hpn-ssh/Makefile b/security/hpn-ssh/Makefile
index ca1133761e69..3de6bdb4a6de 100644
--- a/security/hpn-ssh/Makefile
+++ b/security/hpn-ssh/Makefile
@@ -6,17 +6,13 @@
#
PORTNAME= openssh
-PORTVERSION= 3.1p1
-PORTREVISION= 4
+PORTVERSION= 3.2.3p1
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \
ftp://carroll.cac.psu.edu/pub/OpenBSD/OpenSSH/portable/
PKGNAMESUFFIX= -portable
-PATCH_SITES= ${MASTER_SITES}
-PATCHFILES= openssh-3.1p1-adv.token.patch
-
MAINTAINER= dinoex@FreeBSD.org
MAN1= sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1
@@ -26,7 +22,7 @@ MAN8= sftp-server.8 sshd.8
CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto
USE_OPENSSL= yes
GNU_CONFIGURE= yes
-CONFIGURE_ARGS?= --prefix=${PREFIX} --with-md5-passwords
+CONFIGURE_ARGS+= --prefix=${PREFIX} --with-md5-passwords
CLEAN= etc/ssh_config etc/sshd_config etc/moduli \
etc/ssh_host_key etc/ssh_host_key.pub \
etc/ssh_host_dsa_key etc/ssh_host_dsa_key.pub \
@@ -53,12 +49,11 @@ EXTRA_PATCHES+= ${FILESDIR}/batch.patch
.endif
.if defined(KRB5_HOME) && exists(${KRB5_HOME})
+GSSAPI_PATCH= ${PORTNAME}-${PORTVERSION}-gssapi-20020527.diff
GSSAPI_SITE= http://www.sxw.org.uk/computing/patches/
MASTER_SITES+= ${GSSAPI_SITE}
-DISTFILES= ${EXTRACT_ONLY} ${PORTNAME}-${PORTVERSION}-gssapi-20020321.diff
+DISTFILES= ${EXTRACT_ONLY} ${GSSAPI_PATCH}
EXTRACT_ONLY= ${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX}
-PATCH_SITES+= ${GSSAPI_SITE}
-PATCHFILES+= ${PORTNAME}-mit-krb5-20020319.diff
EXTRA_PATCHES+= ${FILESDIR}/servconf.c.patch
BUILD_DEPENDS= autoconf:${PORTSDIR}/devel/autoconf
# USE_AUTOCONF_VER= 252 # broken
@@ -69,7 +64,7 @@ AUTOHEADER= autoheader
post-patch:
@${ECHO_MSG} Applying extra patch for GSS-API key-exchange...
@${PATCH} ${PATCH_DIST_ARGS:S/-p0/-p1/} \
- < ${DISTDIR}/${PORTNAME}-${PORTVERSION}-gssapi-20020321.diff
+ < ${DISTDIR}/${GSSAPI_PATCH}
pre-configure:
@${ECHO_MSG} !!!! Warning this option uses autoconf/autoheader !!!
@@ -91,6 +86,8 @@ OPENSSLLIB= ${OPENSSLBASE}/lib
OPENSSLINC= ${OPENSSLBASE}/include
MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} OPENSSLINC=${OPENSSLINC} \
OPENSSLBASE=${OPENSSLBASE} OPENSSLDIR=${OPENSSLDIR}
+CONFIGURE_ARGS+= --with-ssl=${OPENSSLBASE}
.endif
+
.include <bsd.port.post.mk>
diff --git a/security/hpn-ssh/distinfo b/security/hpn-ssh/distinfo
index a875a7b85e22..0767cb06a250 100644
--- a/security/hpn-ssh/distinfo
+++ b/security/hpn-ssh/distinfo
@@ -1,4 +1,3 @@
-MD5 (openssh-3.1p1.tar.gz) = c6a52d4126ed27eb57c31729ec6b2362
-MD5 (openssh-3.1p1-gssapi-20020321.diff) = d571cea9810630650139013a1af4b1d9
-MD5 (openssh-3.1p1-adv.token.patch) = 8c34327404f504f8d5bf1a2063f4e7b7
-MD5 (openssh-mit-krb5-20020319.diff) = 151af40132624a615c96027491f09f25
+MD5 (openssh-3.2.3p1.tar.gz) = f153ccdb5a91fa06ec78d0c6313f4d77
+MD5 (openssh-3.1p1-gssapi-20020325.diff) = a5002539db6b838190ad92bc627f6b5e
+MD5 (openssh-mit-krb5-20020326.diff) = 2f83bf4f0185f20672c68856aee643c8
diff --git a/security/hpn-ssh/files/patch-readpassphrase.c b/security/hpn-ssh/files/patch-readpassphrase.c
deleted file mode 100644
index 28bae4877919..000000000000
--- a/security/hpn-ssh/files/patch-readpassphrase.c
+++ /dev/null
@@ -1,25 +0,0 @@
---- openbsd-compat/readpassphrase.c.orig Sat Mar 30 06:08:34 2002
-+++ openbsd-compat/readpassphrase.c Sat Mar 30 06:09:33 2002
-@@ -165,6 +165,13 @@
- errno = save_errno;
- return(nr == -1 ? NULL : buf);
- }
-+
-+static void handler(int s)
-+{
-+
-+ signo = s;
-+}
-+
- #endif /* HAVE_READPASSPHRASE */
-
- #if 0
-@@ -177,8 +184,3 @@
- }
- #endif
-
--static void handler(int s)
--{
--
-- signo = s;
--}
diff --git a/security/hpn-ssh/files/patch-session.c b/security/hpn-ssh/files/patch-session.c
index 85d451a5576d..0baf6ee51939 100644
--- a/security/hpn-ssh/files/patch-session.c
+++ b/security/hpn-ssh/files/patch-session.c
@@ -1,6 +1,6 @@
---- session.c.orig Mon Feb 25 16:48:03 2002
-+++ session.c Mon Mar 25 06:19:09 2002
-@@ -63,6 +63,13 @@
+--- session.c.orig Mon May 13 02:48:58 2002
++++ session.c Thu May 23 14:10:44 2002
+@@ -64,6 +64,13 @@
#define is_winnt (GetVersion() < 0x80000000)
#endif
@@ -11,10 +11,10 @@
+#define _PATH_CHPASS "/usr/bin/passwd"
+#endif /* __FreeBSD__ */
+
- /* types */
+ /* func */
- #define TTYSZ 64
-@@ -423,6 +430,13 @@
+ Session *session_new(void);
+@@ -383,6 +390,13 @@
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
@@ -28,7 +28,7 @@
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
*/
-@@ -537,6 +551,14 @@
+@@ -497,6 +511,14 @@
/* Child. Reinitialize the log because the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -43,15 +43,8 @@
/* Close the master side of the pseudo tty. */
close(ptyfd);
-@@ -659,12 +681,24 @@
- do_login(Session *s, const char *command)
- {
- char *time_string;
-+ char *newcommand;
- char hostname[MAXHOSTNAMELEN];
- socklen_t fromlen;
+@@ -623,6 +645,18 @@
struct sockaddr_storage from;
- time_t last_login_time;
struct passwd * pw = s->pw;
pid_t pid = getpid();
+#ifdef HAVE_LOGIN_CAP
@@ -62,13 +55,14 @@
+#endif /* HAVE_LOGIN_CAP */
+#ifdef __FreeBSD__
+#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */
++ char *newcommand;
+ struct timeval tv;
+ time_t warntime = DEFAULT_WARN;
+#endif /* __FreeBSD__ */
/*
* Get IP address of client. If the connection is not a socket, let
-@@ -703,6 +737,72 @@
+@@ -656,6 +690,72 @@
}
#endif
@@ -141,11 +135,11 @@
if (check_quietlogin(s, command))
return;
-@@ -715,7 +815,17 @@
+@@ -668,7 +768,17 @@
printf("%s\n", aixloginmsg);
#endif /* WITH_AIXAUTHENTICATE */
-- if (options.print_lastlog && last_login_time != 0) {
+- if (options.print_lastlog && s->last_login_time != 0) {
+ /*
+ * If the user has logged in before, display the time of last
+ * login. However, don't display anything extra if a command
@@ -155,13 +149,13 @@
+ * us as well, so check if login(1) is used
+ */
+ if (command == NULL && options.print_lastlog &&
-+ last_login_time != 0 &&
++ s->last_login_time != 0 &&
+ !options.use_login) {
- time_string = ctime(&last_login_time);
+ time_string = ctime(&s->last_login_time);
if (strchr(time_string, '\n'))
*strchr(time_string, '\n') = 0;
-@@ -725,7 +835,30 @@
- printf("Last login: %s from %s\r\n", time_string, hostname);
+@@ -679,7 +789,30 @@
+ s->hostname);
}
- do_motd();
@@ -192,7 +186,7 @@
}
/*
-@@ -741,9 +874,9 @@
+@@ -695,9 +828,9 @@
#ifdef HAVE_LOGIN_CAP
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
"/etc/motd"), "r");
@@ -204,7 +198,7 @@
if (f) {
while (fgets(buf, sizeof(buf), f))
fputs(buf, stdout);
-@@ -770,10 +903,10 @@
+@@ -724,10 +857,10 @@
#ifdef HAVE_LOGIN_CAP
if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
return 1;
@@ -217,7 +211,7 @@
return 0;
}
-@@ -902,6 +1035,10 @@
+@@ -856,6 +989,10 @@
#endif
if (!options.use_login) {
@@ -228,7 +222,7 @@
/* Set basic environment. */
child_set_env(&env, &envsize, "USER", pw->pw_name);
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
-@@ -909,6 +1046,12 @@
+@@ -863,6 +1000,12 @@
#ifdef HAVE_LOGIN_CAP
(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
child_set_env(&env, &envsize, "PATH", getenv("PATH"));
@@ -241,7 +235,7 @@
#else /* HAVE_LOGIN_CAP */
# ifndef HAVE_CYGWIN
/*
-@@ -1241,7 +1384,7 @@
+@@ -1221,7 +1364,7 @@
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
*/
@@ -250,7 +244,7 @@
close(i);
/*
-@@ -1271,6 +1414,31 @@
+@@ -1251,6 +1394,31 @@
exit(1);
#endif
}
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index ca1133761e69..3de6bdb4a6de 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -6,17 +6,13 @@
#
PORTNAME= openssh
-PORTVERSION= 3.1p1
-PORTREVISION= 4
+PORTVERSION= 3.2.3p1
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \
ftp://carroll.cac.psu.edu/pub/OpenBSD/OpenSSH/portable/
PKGNAMESUFFIX= -portable
-PATCH_SITES= ${MASTER_SITES}
-PATCHFILES= openssh-3.1p1-adv.token.patch
-
MAINTAINER= dinoex@FreeBSD.org
MAN1= sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1
@@ -26,7 +22,7 @@ MAN8= sftp-server.8 sshd.8
CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto
USE_OPENSSL= yes
GNU_CONFIGURE= yes
-CONFIGURE_ARGS?= --prefix=${PREFIX} --with-md5-passwords
+CONFIGURE_ARGS+= --prefix=${PREFIX} --with-md5-passwords
CLEAN= etc/ssh_config etc/sshd_config etc/moduli \
etc/ssh_host_key etc/ssh_host_key.pub \
etc/ssh_host_dsa_key etc/ssh_host_dsa_key.pub \
@@ -53,12 +49,11 @@ EXTRA_PATCHES+= ${FILESDIR}/batch.patch
.endif
.if defined(KRB5_HOME) && exists(${KRB5_HOME})
+GSSAPI_PATCH= ${PORTNAME}-${PORTVERSION}-gssapi-20020527.diff
GSSAPI_SITE= http://www.sxw.org.uk/computing/patches/
MASTER_SITES+= ${GSSAPI_SITE}
-DISTFILES= ${EXTRACT_ONLY} ${PORTNAME}-${PORTVERSION}-gssapi-20020321.diff
+DISTFILES= ${EXTRACT_ONLY} ${GSSAPI_PATCH}
EXTRACT_ONLY= ${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX}
-PATCH_SITES+= ${GSSAPI_SITE}
-PATCHFILES+= ${PORTNAME}-mit-krb5-20020319.diff
EXTRA_PATCHES+= ${FILESDIR}/servconf.c.patch
BUILD_DEPENDS= autoconf:${PORTSDIR}/devel/autoconf
# USE_AUTOCONF_VER= 252 # broken
@@ -69,7 +64,7 @@ AUTOHEADER= autoheader
post-patch:
@${ECHO_MSG} Applying extra patch for GSS-API key-exchange...
@${PATCH} ${PATCH_DIST_ARGS:S/-p0/-p1/} \
- < ${DISTDIR}/${PORTNAME}-${PORTVERSION}-gssapi-20020321.diff
+ < ${DISTDIR}/${GSSAPI_PATCH}
pre-configure:
@${ECHO_MSG} !!!! Warning this option uses autoconf/autoheader !!!
@@ -91,6 +86,8 @@ OPENSSLLIB= ${OPENSSLBASE}/lib
OPENSSLINC= ${OPENSSLBASE}/include
MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} OPENSSLINC=${OPENSSLINC} \
OPENSSLBASE=${OPENSSLBASE} OPENSSLDIR=${OPENSSLDIR}
+CONFIGURE_ARGS+= --with-ssl=${OPENSSLBASE}
.endif
+
.include <bsd.port.post.mk>
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index a875a7b85e22..0767cb06a250 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,4 +1,3 @@
-MD5 (openssh-3.1p1.tar.gz) = c6a52d4126ed27eb57c31729ec6b2362
-MD5 (openssh-3.1p1-gssapi-20020321.diff) = d571cea9810630650139013a1af4b1d9
-MD5 (openssh-3.1p1-adv.token.patch) = 8c34327404f504f8d5bf1a2063f4e7b7
-MD5 (openssh-mit-krb5-20020319.diff) = 151af40132624a615c96027491f09f25
+MD5 (openssh-3.2.3p1.tar.gz) = f153ccdb5a91fa06ec78d0c6313f4d77
+MD5 (openssh-3.1p1-gssapi-20020325.diff) = a5002539db6b838190ad92bc627f6b5e
+MD5 (openssh-mit-krb5-20020326.diff) = 2f83bf4f0185f20672c68856aee643c8
diff --git a/security/openssh-portable/files/patch-readpassphrase.c b/security/openssh-portable/files/patch-readpassphrase.c
deleted file mode 100644
index 28bae4877919..000000000000
--- a/security/openssh-portable/files/patch-readpassphrase.c
+++ /dev/null
@@ -1,25 +0,0 @@
---- openbsd-compat/readpassphrase.c.orig Sat Mar 30 06:08:34 2002
-+++ openbsd-compat/readpassphrase.c Sat Mar 30 06:09:33 2002
-@@ -165,6 +165,13 @@
- errno = save_errno;
- return(nr == -1 ? NULL : buf);
- }
-+
-+static void handler(int s)
-+{
-+
-+ signo = s;
-+}
-+
- #endif /* HAVE_READPASSPHRASE */
-
- #if 0
-@@ -177,8 +184,3 @@
- }
- #endif
-
--static void handler(int s)
--{
--
-- signo = s;
--}
diff --git a/security/openssh-portable/files/patch-session.c b/security/openssh-portable/files/patch-session.c
index 85d451a5576d..0baf6ee51939 100644
--- a/security/openssh-portable/files/patch-session.c
+++ b/security/openssh-portable/files/patch-session.c
@@ -1,6 +1,6 @@
---- session.c.orig Mon Feb 25 16:48:03 2002
-+++ session.c Mon Mar 25 06:19:09 2002
-@@ -63,6 +63,13 @@
+--- session.c.orig Mon May 13 02:48:58 2002
++++ session.c Thu May 23 14:10:44 2002
+@@ -64,6 +64,13 @@
#define is_winnt (GetVersion() < 0x80000000)
#endif
@@ -11,10 +11,10 @@
+#define _PATH_CHPASS "/usr/bin/passwd"
+#endif /* __FreeBSD__ */
+
- /* types */
+ /* func */
- #define TTYSZ 64
-@@ -423,6 +430,13 @@
+ Session *session_new(void);
+@@ -383,6 +390,13 @@
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
@@ -28,7 +28,7 @@
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
*/
-@@ -537,6 +551,14 @@
+@@ -497,6 +511,14 @@
/* Child. Reinitialize the log because the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -43,15 +43,8 @@
/* Close the master side of the pseudo tty. */
close(ptyfd);
-@@ -659,12 +681,24 @@
- do_login(Session *s, const char *command)
- {
- char *time_string;
-+ char *newcommand;
- char hostname[MAXHOSTNAMELEN];
- socklen_t fromlen;
+@@ -623,6 +645,18 @@
struct sockaddr_storage from;
- time_t last_login_time;
struct passwd * pw = s->pw;
pid_t pid = getpid();
+#ifdef HAVE_LOGIN_CAP
@@ -62,13 +55,14 @@
+#endif /* HAVE_LOGIN_CAP */
+#ifdef __FreeBSD__
+#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */
++ char *newcommand;
+ struct timeval tv;
+ time_t warntime = DEFAULT_WARN;
+#endif /* __FreeBSD__ */
/*
* Get IP address of client. If the connection is not a socket, let
-@@ -703,6 +737,72 @@
+@@ -656,6 +690,72 @@
}
#endif
@@ -141,11 +135,11 @@
if (check_quietlogin(s, command))
return;
-@@ -715,7 +815,17 @@
+@@ -668,7 +768,17 @@
printf("%s\n", aixloginmsg);
#endif /* WITH_AIXAUTHENTICATE */
-- if (options.print_lastlog && last_login_time != 0) {
+- if (options.print_lastlog && s->last_login_time != 0) {
+ /*
+ * If the user has logged in before, display the time of last
+ * login. However, don't display anything extra if a command
@@ -155,13 +149,13 @@
+ * us as well, so check if login(1) is used
+ */
+ if (command == NULL && options.print_lastlog &&
-+ last_login_time != 0 &&
++ s->last_login_time != 0 &&
+ !options.use_login) {
- time_string = ctime(&last_login_time);
+ time_string = ctime(&s->last_login_time);
if (strchr(time_string, '\n'))
*strchr(time_string, '\n') = 0;
-@@ -725,7 +835,30 @@
- printf("Last login: %s from %s\r\n", time_string, hostname);
+@@ -679,7 +789,30 @@
+ s->hostname);
}
- do_motd();
@@ -192,7 +186,7 @@
}
/*
-@@ -741,9 +874,9 @@
+@@ -695,9 +828,9 @@
#ifdef HAVE_LOGIN_CAP
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
"/etc/motd"), "r");
@@ -204,7 +198,7 @@
if (f) {
while (fgets(buf, sizeof(buf), f))
fputs(buf, stdout);
-@@ -770,10 +903,10 @@
+@@ -724,10 +857,10 @@
#ifdef HAVE_LOGIN_CAP
if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
return 1;
@@ -217,7 +211,7 @@
return 0;
}
-@@ -902,6 +1035,10 @@
+@@ -856,6 +989,10 @@
#endif
if (!options.use_login) {
@@ -228,7 +222,7 @@
/* Set basic environment. */
child_set_env(&env, &envsize, "USER", pw->pw_name);
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
-@@ -909,6 +1046,12 @@
+@@ -863,6 +1000,12 @@
#ifdef HAVE_LOGIN_CAP
(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
child_set_env(&env, &envsize, "PATH", getenv("PATH"));
@@ -241,7 +235,7 @@
#else /* HAVE_LOGIN_CAP */
# ifndef HAVE_CYGWIN
/*
-@@ -1241,7 +1384,7 @@
+@@ -1221,7 +1364,7 @@
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
*/
@@ -250,7 +244,7 @@
close(i);
/*
-@@ -1271,6 +1414,31 @@
+@@ -1251,6 +1394,31 @@
exit(1);
#endif
}
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index a449e9bb666d..dd0343f0278c 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -6,8 +6,7 @@
#
PORTNAME= openssh
-PORTVERSION= 3.1
-PORTREVISION= 7
+PORTVERSION= 3.2.3
CATEGORIES= security
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
@@ -16,7 +15,7 @@ DISTNAME= openssh-${PORTVERSION}
EXTRACT_SUFX= .tgz
PATCH_SITES= ${MASTER_SITES}
-PATCHFILES= openbsd28_3.1.patch openssh-3.1-adv.token.patch
+PATCHFILES= openbsd28_${PORTVERSION}.patch
MAINTAINER= dinoex@FreeBSD.org
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index 7b78282ed9bd..b4d0760d40d5 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,3 +1,2 @@
-MD5 (openssh-3.1.tgz) = b43deb1a3b2047216a28c00ccc45f548
-MD5 (openbsd28_3.1.patch) = eb904373fad27e1f71ddf5939f4923a6
-MD5 (openssh-3.1-adv.token.patch) = 4e37cb88fab56f7769126edfa66490ff
+MD5 (openssh-3.2.3.tgz) = 778b0ff9dd86a61eb40c89409d359fcc
+MD5 (openbsd28_3.2.3.patch) = 187fc78696a650763607dc44d993e1fd
diff --git a/security/openssh/files/patch-auth1.c b/security/openssh/files/patch-auth1.c
index 7be939c24a5a..c579f6153dfb 100644
--- a/security/openssh/files/patch-auth1.c
+++ b/security/openssh/files/patch-auth1.c
@@ -1,5 +1,5 @@
---- auth1.c.orig Sun Feb 3 18:53:25 2002
-+++ auth1.c Sun Mar 17 20:14:40 2002
+--- auth1.c.orig Wed Apr 10 10:21:47 2002
++++ auth1.c Thu May 23 13:07:12 2002
@@ -75,6 +75,18 @@
u_int ulen;
int type = 0;
@@ -23,10 +23,11 @@
#if defined(KRB4) || defined(KRB5)
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
+- PRIVSEP(auth_password(authctxt, ""))) {
+#ifdef USE_PAM
-+ auth_pam_password(authctxt, "")
++ PRIVSEP(auth_pam_password(authctxt, ""))) {
+#else
- auth_password(authctxt, "")) {
++ PRIVSEP(auth_password(authctxt, ""))) {
+#endif
auth_log(authctxt, 1, "without authentication", "");
return;
@@ -92,14 +93,14 @@
return;
@@ -354,6 +409,11 @@
- pw = NULL;
- }
- authctxt->pw = pw;
+ authctxt->valid = 1;
+ else
+ debug("do_authentication: illegal user %s", user);
+
+#ifdef USE_PAM
+ if (pw != NULL)
+ start_pam(pw);
+#endif
- setproctitle("%s", pw ? user : "unknown");
-
+ setproctitle("%s%s", authctxt->pw ? user : "unknown",
+ use_privsep ? " [net]" : "");
diff --git a/security/openssh/files/patch-auth2.c b/security/openssh/files/patch-auth2.c
index a7134d573432..5359ba294756 100644
--- a/security/openssh/files/patch-auth2.c
+++ b/security/openssh/files/patch-auth2.c
@@ -1,6 +1,6 @@
---- auth2.c.orig Sun Feb 24 20:14:59 2002
-+++ auth2.c Sun Mar 17 20:15:23 2002
-@@ -166,6 +166,15 @@
+--- auth2.c.orig Mon May 13 04:37:39 2002
++++ auth2.c Thu May 23 13:11:43 2002
+@@ -168,6 +168,15 @@
Authmethod *m = NULL;
char *user, *service, *method, *style = NULL;
int authenticated = 0;
@@ -17,7 +17,7 @@
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
@@ -187,6 +196,11 @@
- authctxt->pw = pwcopy(pw);
+ if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
authctxt->valid = 1;
debug2("input_userauth_request: setting up authctxt for %s", user);
+
@@ -28,7 +28,7 @@
} else {
log("input_userauth_request: illegal user %s", user);
}
-@@ -200,6 +214,41 @@
+@@ -203,6 +217,41 @@
"(%s,%s) -> (%s,%s)",
authctxt->user, authctxt->service, user, service);
}
@@ -70,7 +70,7 @@
/* reset state */
auth2_challenge_stop(authctxt);
authctxt->postponed = 0;
-@@ -210,6 +259,12 @@
+@@ -213,6 +262,12 @@
debug2("input_userauth_request: try method %s", method);
authenticated = m->userauth(authctxt);
}
@@ -83,16 +83,15 @@
userauth_finish(authctxt, authenticated, method);
xfree(service);
-@@ -299,7 +354,12 @@
+@@ -321,7 +376,11 @@
m->enabled = NULL;
packet_check_eom();
userauth_banner();
-+
+#ifdef USE_PAM
-+ return authctxt->valid ? auth_pam_password(authctxt, "") : 0;
-+#else /* !USE_PAM */
- return authctxt->valid ? auth_password(authctxt, "") : 0;
-+#endif /* USE_PAM */
++ return (authctxt->valid ? PRIVSEP(auth_pam_password(authctxt, "")) : 0);
++#else
+ return (authctxt->valid ? PRIVSEP(auth_password(authctxt, "")) : 0);
++#endif
}
static int
diff --git a/security/openssh/files/patch-includes.h b/security/openssh/files/patch-includes.h
index f110376005d8..dd24de4adc86 100644
--- a/security/openssh/files/patch-includes.h
+++ b/security/openssh/files/patch-includes.h
@@ -1,5 +1,5 @@
--- includes.h.orig Sat Jan 26 17:44:22 2002
-+++ includes.h Fri Mar 8 20:59:17 2002
++++ includes.h Fri May 24 08:21:58 2002
@@ -24,12 +24,12 @@
#include <sys/select.h>
#include <sys/param.h>
@@ -22,7 +22,7 @@
#include <stdio.h>
#include <ctype.h>
#include <errno.h>
-@@ -62,5 +61,46 @@
+@@ -62,5 +61,64 @@
* client program. Socketpairs do not seem to work on all systems.
*/
#define USE_PIPES 1
@@ -66,6 +66,24 @@
+#define INET_ADDRSTRLEN 46
+#endif
+
++#ifndef OSSH_ALIGNBYTES
++#define OSSH_ALIGNBYTES (sizeof(int) - 1)
++#endif
++
++#ifndef __CMSG_ALIGN
++#define __CMSG_ALIGN(p) (((u_int)(p) + OSSH_ALIGNBYTES) &~ OSSH_ALIGNBYTES)
++#endif
++
++/* Length of the contents of a control message of length len */
++#ifndef CMSG_LEN
++#define CMSG_LEN(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + (len))
++#endif
++
++/* Length of the space taken up by a padded control message of length len */
++#ifndef CMSG_SPACE
++#define CMSG_SPACE(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + __CMSG_ALIGN(len))
++#endif
++
+#endif
#endif /* INCLUDES_H */
diff --git a/security/openssh/files/patch-lib-Makefile b/security/openssh/files/patch-lib-Makefile
index f3bbcbbe37d3..560d1b24c052 100644
--- a/security/openssh/files/patch-lib-Makefile
+++ b/security/openssh/files/patch-lib-Makefile
@@ -1,19 +1,18 @@
---- lib/Makefile.orig Tue Jun 26 19:52:41 2001
-+++ lib/Makefile Thu Nov 15 06:10:43 2001
-@@ -9,7 +9,11 @@
- rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
- key.c dispatch.c kex.c mac.c uuencode.c misc.c \
+--- lib/Makefile.orig Thu May 23 13:12:23 2002
++++ lib/Makefile Thu May 23 13:14:17 2002
+@@ -11,6 +11,11 @@
rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \
-- scard.c
-+ scard.c strlcpy.c strlcat.c
-+
+ scard.c monitor_wrap.c monitor_fdpass.c
+
++SRCS+= strlcpy.c strlcat.c
+.if defined(COMPAT_GETADDRINFO)
+SRCS+= getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c
+.endif
++
+ SRCS+= readpassphrase.c
- NOPROFILE= yes
- NOPIC= yes
-@@ -18,6 +22,8 @@
+ DEBUGLIBS= no
+@@ -21,6 +26,8 @@
@echo -n
.include <bsd.own.mk>
diff --git a/security/openssh/files/patch-session.c b/security/openssh/files/patch-session.c
index 4189bcc32426..932ab1e51c3d 100644
--- a/security/openssh/files/patch-session.c
+++ b/security/openssh/files/patch-session.c
@@ -1,8 +1,8 @@
---- session.c.orig Mon Mar 25 06:21:20 2002
-+++ session.c Mon Mar 25 06:22:52 2002
-@@ -57,6 +57,13 @@
- #include "canohost.h"
+--- session.c.orig Thu May 23 13:15:39 2002
++++ session.c Thu May 23 13:31:48 2002
+@@ -58,6 +58,13 @@
#include "session.h"
+ #include "monitor_wrap.h"
+#ifdef __FreeBSD__
+#include <libutil.h>
@@ -11,10 +11,10 @@
+#define _PATH_CHPASS "/usr/bin/passwd"
+#endif /* __FreeBSD__ */
+
- /* types */
+ /* func */
- #define TTYSZ 64
-@@ -386,6 +393,10 @@
+ Session *session_new(void);
+@@ -346,6 +353,10 @@
if (s == NULL)
fatal("do_exec_no_pty: no session");
@@ -25,7 +25,7 @@
session_proctitle(s);
/* Fork the child. */
-@@ -394,6 +405,13 @@
+@@ -354,6 +365,13 @@
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
@@ -39,7 +39,7 @@
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
*/
-@@ -494,11 +512,24 @@
+@@ -454,11 +472,24 @@
ptyfd = s->ptyfd;
ttyfd = s->ttyfd;
@@ -64,15 +64,8 @@
/* Close the master side of the pseudo tty. */
close(ptyfd);
-@@ -583,12 +614,24 @@
- do_login(Session *s, const char *command)
- {
- char *time_string;
-+ char *newcommand;
- char hostname[MAXHOSTNAMELEN];
- socklen_t fromlen;
+@@ -547,6 +578,18 @@
struct sockaddr_storage from;
- time_t last_login_time;
struct passwd * pw = s->pw;
pid_t pid = getpid();
+#ifdef HAVE_LOGIN_CAP
@@ -83,15 +76,16 @@
+#endif /* HAVE_LOGIN_CAP */
+#ifdef __FreeBSD__
+#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */
++ char *newcommand;
+ struct timeval tv;
+ time_t warntime = DEFAULT_WARN;
+#endif /* __FreeBSD__ */
/*
* Get IP address of client. If the connection is not a socket, let
-@@ -616,10 +659,101 @@
- get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
- (struct sockaddr *)&from);
+@@ -569,10 +612,97 @@
+ options.verify_reverse_mapping),
+ (struct sockaddr *)&from);
+#ifdef USE_PAM
+ /*
@@ -102,9 +96,6 @@
+ print_pam_messages();
+ do_pam_chauthtok();
+ }
-+#endif
-+
-+#ifdef USE_PAM
+ if (!check_quietlogin(s, command) && !pam_password_change_required())
+ print_pam_messages();
+#endif /* USE_PAM */
@@ -176,7 +167,7 @@
if (check_quietlogin(s, command))
return;
-- if (options.print_lastlog && last_login_time != 0) {
+- if (options.print_lastlog && s->last_login_time != 0) {
+ /*
+ * If the user has logged in before, display the time of last
+ * login. However, don't display anything extra if a command
@@ -186,14 +177,13 @@
+ * us as well, so check if login(1) is used
+ */
+ if (command == NULL && options.print_lastlog &&
-+ last_login_time != 0 &&
++ s->last_login_time != 0 &&
+ !options.use_login) {
-+
- time_string = ctime(&last_login_time);
+ time_string = ctime(&s->last_login_time);
if (strchr(time_string, '\n'))
*strchr(time_string, '\n') = 0;
-@@ -629,7 +763,30 @@
- printf("Last login: %s from %s\r\n", time_string, hostname);
+@@ -583,7 +713,30 @@
+ s->hostname);
}
- do_motd();
@@ -224,7 +214,7 @@
}
/*
-@@ -645,9 +802,9 @@
+@@ -599,9 +752,9 @@
#ifdef HAVE_LOGIN_CAP
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
"/etc/motd"), "r");
@@ -236,7 +226,7 @@
if (f) {
while (fgets(buf, sizeof(buf), f))
fputs(buf, stdout);
-@@ -674,10 +831,10 @@
+@@ -628,10 +781,10 @@
#ifdef HAVE_LOGIN_CAP
if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
return 1;
@@ -249,7 +239,7 @@
return 0;
}
-@@ -775,6 +932,10 @@
+@@ -729,6 +882,10 @@
env[0] = NULL;
if (!options.use_login) {
@@ -260,7 +250,7 @@
/* Set basic environment. */
child_set_env(&env, &envsize, "USER", pw->pw_name);
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
-@@ -782,9 +943,15 @@
+@@ -736,9 +893,15 @@
#ifdef HAVE_LOGIN_CAP
(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
child_set_env(&env, &envsize, "PATH", getenv("PATH"));
@@ -278,7 +268,7 @@
snprintf(buf, sizeof buf, "%.200s/%.50s",
_PATH_MAILDIR, pw->pw_name);
-@@ -837,6 +1004,11 @@
+@@ -791,6 +954,11 @@
child_set_env(&env, &envsize, "KRB5CCNAME",
s->authctxt->krb5_ticket_file);
#endif
@@ -290,8 +280,8 @@
if (auth_get_socket_name() != NULL)
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
auth_get_socket_name());
-@@ -979,6 +1151,36 @@
- fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
+@@ -947,6 +1115,36 @@
+ exit(1);
}
+#ifdef USE_PAM
@@ -327,7 +317,7 @@
/*
* Performs common processing for the child, such as setting up the
* environment, closing extra file descriptors, setting the user and group
-@@ -1057,7 +1259,7 @@
+@@ -1025,7 +1223,7 @@
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
*/
@@ -336,7 +326,7 @@
close(i);
/*
-@@ -1087,6 +1289,31 @@
+@@ -1055,6 +1253,31 @@
exit(1);
#endif
}
diff --git a/security/openssh/files/patch-sshconnect2.c b/security/openssh/files/patch-sshconnect2.c
new file mode 100644
index 000000000000..fd2a7088f8b9
--- /dev/null
+++ b/security/openssh/files/patch-sshconnect2.c
@@ -0,0 +1,11 @@
+--- sshconnect2.c.orig Tue Mar 26 16:58:46 2002
++++ sshconnect2.c Fri May 24 08:08:54 2002
+@@ -472,7 +472,7 @@
+ * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
+ */
+ void
+-input_userauth_passwd_changereq(int type, uint32_t seqnr, void *ctxt)
++input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt)
+ {
+ Authctxt *authctxt = ctxt;
+ char *info, *lang, *password = NULL, *retype = NULL;
diff --git a/security/openssh/files/patch-sshd-Makefile b/security/openssh/files/patch-sshd-Makefile
index 07528232bb5a..f50ffc148958 100644
--- a/security/openssh/files/patch-sshd-Makefile
+++ b/security/openssh/files/patch-sshd-Makefile
@@ -1,5 +1,5 @@
---- sshd/Makefile.orig Fri Mar 8 05:54:03 2002
-+++ sshd/Makefile Fri Mar 8 06:00:30 2002
+--- sshd/Makefile.orig Thu May 23 13:33:56 2002
++++ sshd/Makefile Thu May 23 13:36:15 2002
@@ -5,8 +5,8 @@
PROG= sshd
BINOWN= root
@@ -12,7 +12,7 @@
#CFLAGS+=-DBSD_AUTH
@@ -17,9 +17,10 @@
- auth-skey.c auth-bsdauth.c
+ auth-skey.c auth-bsdauth.c monitor_mm.c monitor.c
.include <bsd.own.mk> # for KERBEROS and AFS
+.include "../Makefile.inc"
@@ -22,10 +22,10 @@
+CFLAGS+=-DKRB5 -I/usr/include/kerberosV
SRCS+= auth-krb5.c
LDADD+= -lkrb5 -lkafs -lasn1 -lcom_err
- DPADD+= ${LIBKRB5} ${LIBKAFS} ${LIBASN1}
+ DPADD+= ${LIBKRB5} ${LIBKAFS} ${LIBASN1} ${LIBCOM_ERR}
@@ -31,15 +32,15 @@
LDADD+= -lkafs
- DPADD+= ${LIBKRBAFS}
+ DPADD+= ${LIBKAFS}
.endif # AFS
-CFLAGS+= -DKRB4 -I${DESTDIR}/usr/include/kerberosIV
+CFLAGS+= -DKRB4 -I/usr/include/kerberosIV
@@ -39,6 +39,6 @@
-LDADD+= -lcrypto -lutil -lz -ldes
+LDADD+= ${CRYPTOLIBS} -lcrypt -lutil -lz
- DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ}
+ DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} ${LIBDES}
.if (${TCP_WRAPPERS:L} == "yes")
diff --git a/security/openssh/files/patch-sshd_config b/security/openssh/files/patch-sshd_config
index 13df05806802..01317a3a5eea 100644
--- a/security/openssh/files/patch-sshd_config
+++ b/security/openssh/files/patch-sshd_config
@@ -1,5 +1,5 @@
---- sshd_config.orig Fri Mar 8 06:01:02 2002
-+++ sshd_config Fri Mar 8 06:03:06 2002
+--- sshd_config.orig Thu May 23 13:37:04 2002
++++ sshd_config Thu May 23 13:38:05 2002
@@ -30,8 +30,10 @@
# Authentication:
@@ -13,11 +13,11 @@
#StrictModes yes
#RSAAuthentication yes
-@@ -76,6 +78,7 @@
+@@ -74,6 +76,7 @@
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
+UseLogin yes
+ #UsePrivilegeSeparation no
#MaxStartups 10
- # no default banner path