Update to OpenSSH 3.1 OpennSSH-portable 3.1p1

- update patch-au,patch-session.c for password changes. - patch-channel.c is now integrated Excerpt from Changelog: 20020304 - OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2002/02/26 18:52:32 [sftp.1] Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org - mouring@cvs.openbsd.org 2002/02/26 19:04:37 [sftp.1] > Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org Last Ic on the first line should not have a space between it and the final comma. - deraadt@cvs.openbsd.org 2002/02/26 19:06:43 [sftp.1] no, look closely. the comma was highlighted. split .Ic even more - stevesk@cvs.openbsd.org 2002/02/26 20:03:51 [misc.c] use socklen_t - stevesk@cvs.openbsd.org 2002/02/27 21:23:13 [canohost.c channels.c packet.c sshd.c] remove unneeded casts in [gs]etsockopt(); ok markus@ - markus@cvs.openbsd.org 2002/02/28 15:46:33 [authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c] add some const EVP_MD for openssl-0.9.7 - stevesk@cvs.openbsd.org 2002/02/28 19:36:28 [auth.c match.c match.h] delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers for sshd -u0; ok markus@ - stevesk@cvs.openbsd.org 2002/02/28 20:36:42 [sshd.8] DenyUsers allows user@host pattern also - stevesk@cvs.openbsd.org 2002/02/28 20:46:10 [sshd.8] -u0 DNS for user@host - stevesk@cvs.openbsd.org 2002/02/28 20:56:00 [auth.c] log user not allowed details, from dwd@bell-labs.com; ok markus@ - markus@cvs.openbsd.org 2002/03/01 13:12:10 [auth.c match.c match.h] undo the 'delay hostname lookup' change match.c must not use compress.c (via canonhost.c/packet.c) thanks to wilfried@ - markus@cvs.openbsd.org 2002/03/04 12:43:06 [auth-passwd.c auth-rh-rsa.c auth-rhosts.c] - markus@cvs.openbsd.org 2002/03/04 13:10:46 [misc.c] error-> debug, because O_NONBLOCK for /dev/null causes too many different errnos; ok stevesk@, deraadt@ unused include - stevesk@cvs.openbsd.org 2002/03/04 17:27:39 [auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h uuencode.c xmalloc.h] $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c files. ok markus@ - stevesk@cvs.openbsd.org 2002/03/04 18:30:23 [ssh-keyscan.c] handle connection close during read of protocol version string. fixes erroneous "bad greeting". ok markus@ - markus@cvs.openbsd.org 2002/03/04 19:37:58 [channels.c] off by one; thanks to joost@pine.nl 20020226 - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests based on patch by mooney@dogbert.cc.ndsu.nodak.edu (Tim Mooney) Bug 45 [configure.ac] modify skey test to work around conflict with autoconf reported by nolan@naic.edu (Michael Nolan) patch by Pekka Savola <pekkas@netcore.fi> Bug 74 [configure.ac defines.h] add sig_atomic_t test reported by dwd@bell-labs.com (Dave Dykstra) Bug 102 [defines.h] UNICOS fixes. patch by wendyp@cray.com [configure.ac Makefile.in] link libwrap only with sshd based on patch by Maciej W. Rozycki <macro@ds2.pg.gda.pl> Bug 123 link libpam only with sshd reported by peak@argo.troja.mff.cuni.cz (Pavel Kankovsky) [configure.ac defines.h] modify previous SCO3 fix to not break Solaris 7 [acconfig.h] remove unused HAVE_REGCOMP [configure.ac] put back in search for prngd-socket - (stevesk) openbsd-compat/base64.h: typo in comment - (bal) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/02/15 23:54:10 [auth-krb5.c] krb5_get_err_text() does not like context==NULL; he@nordu.net via google; ok provos@ - markus@cvs.openbsd.org 2002/02/22 12:20:34 [log.c log.h ssh-keyscan.c] overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@ - markus@cvs.openbsd.org 2002/02/23 17:59:02 [kex.c kexdh.c kexgex.c] don't allow garbage after payload. - stevesk@cvs.openbsd.org 2002/02/24 16:09:52 [sshd.c] use u_char* here; ok markus@ - markus@cvs.openbsd.org 2002/02/24 16:57:19 [sftp-client.c] early close(), missing free; ok stevesk@ - markus@cvs.openbsd.org 2002/02/24 16:58:32 [packet.c] make 'cp' unsigned and merge with 'ucp'; ok stevesk@ - markus@cvs.openbsd.org 2002/02/24 18:31:09 [uuencode.c] typo in comment - markus@cvs.openbsd.org 2002/02/24 19:14:59 [auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c] signed vs. unsigned: make size arguments u_int, ok stevesk@ - stevesk@cvs.openbsd.org 2002/02/24 19:59:42 [channels.c misc.c] disable Nagle in connect_to() and channel_post_port_listener() (port forwarding endpoints). the intention is to preserve the on-the-wire appearance to applications at either end; the applications can then enable TCP_NODELAY according to their requirements. ok markus@ - markus@cvs.openbsd.org 2002/02/25 16:33:27 [ssh-keygen.c sshconnect2.c uuencode.c uuencode.h] more u_* fixes - (bal) Imported missing fatal.c and fixed up Makefile.in - (tim) [configure.ac] correction to Bug 123 fix [configure.ac] correction to sig_atomic_t test 20020224 - (tim) [loginrec.c session.c sshlogin.c sshlogin.h] Bug 84 patch by wknox@mitre.org (William Knox). [sshlogin.h] declare record_utmp_only for session.c 20020219 - (djm) OpenBSD CVS Sync - mpech@cvs.openbsd.org 2002/02/13 08:33:47 [ssh-keyscan.1] When you give command examples and etc., in a manual page prefix them with: $ command or # command - markus@cvs.openbsd.org 2002/02/14 23:27:59 [channels.c] increase the SSH v2 window size to 4 packets. comsumes a little bit more memory for slow receivers but increases througput. - markus@cvs.openbsd.org 2002/02/14 23:28:00 [channels.h session.c ssh.c] increase the SSH v2 window size to 4 packets. comsumes a little bit more memory for slow receivers but increases througput. - markus@cvs.openbsd.org 2002/02/14 23:41:01 [authfile.c cipher.c cipher.h kex.c kex.h packet.c] hide some more implementation details of cipher.[ch] and prepares for move to EVP, ok deraadt@ - stevesk@cvs.openbsd.org 2002/02/16 14:53:37 [ssh-keygen.1] -t required now for key generation - stevesk@cvs.openbsd.org 2002/02/16 20:40:08 [ssh-keygen.c] default to rsa keyfile path for non key generation operations where keyfile not specified. fixes core dump in those cases. ok markus@ - millert@cvs.openbsd.org 2002/02/16 21:27:53 [auth.h] Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically. - millert@cvs.openbsd.org 2002/02/17 19:42:32 [auth.h] Manual cleanup of remaining userland __P use (excluding packages maintained outside the tree) - markus@cvs.openbsd.org 2002/02/18 13:05:32 [cipher.c cipher.h] switch to EVP, ok djm@ deraadt@ - markus@cvs.openbsd.org 2002/02/18 17:55:20 [ssh.1] -q: Fatal errors are _not_ displayed. - deraadt@cvs.openbsd.org 2002/02/19 02:50:59 [sshd_config] stategy is not an english word - (bal) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/02/15 23:11:26 [session.c] split do_child(), ok mouring@ - markus@cvs.openbsd.org 2002/02/16 00:51:44 [session.c] typo 20020218 - (tim) newer config.guess from ftp://ftp.gnu.org/gnu/config/config.guess 20020213 - (djm) Bug #114 - not starting PAM for SSH protocol 1 invalid users 20020213 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/02/11 16:10:15 [kex.c] restore kexinit handler if we reset the dispatcher, this unbreaks rekeying s/kex_clear_dispatch/kex_reset_dispatch/ - markus@cvs.openbsd.org 2002/02/11 16:15:46 [sshconnect1.c] include md5.h, not evp.h - markus@cvs.openbsd.org 2002/02/11 16:17:55 [sshd.c] do not complain about port > 1024 if rhosts-auth is disabled - markus@cvs.openbsd.org 2002/02/11 16:19:39 [sshd.c] include md5.h not hmac.h - markus@cvs.openbsd.org 2002/02/11 16:21:42 [match.c] support up to 40 algorithms per proposal - djm@cvs.openbsd.org 2002/02/12 12:32:27 [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c] Perform multiple overlapping read/write requests in file transfer. Mostly done by Tobias Ringstrom <tori@ringstrom.mine.nu>; ok markus@ - djm@cvs.openbsd.org 2002/02/12 12:44:46 [sftp-client.c] Let overlapped upload path handle servers which reorder ACKs. This may be permitted by the protocol spec; ok markus@ - markus@cvs.openbsd.org 2002/02/13 00:28:13 [sftp-server.c] handle SSH2_FILEXFER_ATTR_SIZE in SSH2_FXP_(F)SETSTAT; ok djm@ - markus@cvs.openbsd.org 2002/02/13 00:39:15 [readpass.c] readpass.c is not longer from UCB, since we now use readpassphrase(3) - djm@cvs.openbsd.org 2002/02/13 00:59:23 [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp.h] [sftp-int.c sftp-int.h] API cleanup and backwards compat for filexfer v.0 servers; ok markus@ - (djm) Sync openbsd-compat with OpenBSD CVS too - (djm) Bug #106: Add --without-rpath configure option. Patch from Nicolas.Williams@ubsw.com 20020210 - (djm) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2002/02/09 17:37:34 [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1] move ssh config files to /etc/ssh - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match - deraadt@cvs.openbsd.org 2002/02/10 01:07:05 [readconf.h sshd.8] more /etc/ssh; openbsd@davidkrause.com 20020208 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/02/04 12:15:25 [sshd.c] add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1, fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@ - stevesk@cvs.openbsd.org 2002/02/04 20:41:16 [ssh-agent.1] more sync for default ssh-add identities; ok markus@ - djm@cvs.openbsd.org 2002/02/05 00:00:46 [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c] Add "-B" option to specify copy buffer length (default 32k); ok markus@ - markus@cvs.openbsd.org 2002/02/05 14:32:55 [channels.c channels.h ssh.c] merge channel_request() into channel_request_start() - markus@cvs.openbsd.org 2002/02/06 14:22:42 [sftp.1] sort options; ok mpech@, stevesk@ - mpech@cvs.openbsd.org 2002/02/06 14:27:23 [sftp.c] sync usage() with manual. - markus@cvs.openbsd.org 2002/02/06 14:37:22 [session.c] minor KNF - markus@cvs.openbsd.org 2002/02/06 14:55:16 [channels.c clientloop.c serverloop.c ssh.c] channel_new never returns NULL, mouring@; ok djm@ - markus@cvs.openbsd.org 2002/02/07 09:35:39 [ssh.c] remove bogus comments 20020205 - (djm) Cleanup after sync: - :%s/reverse_mapping_check/verify_reverse_mapping/g - (djm) OpenBSD CVS Sync - stevesk@cvs.openbsd.org 2002/01/24 21:09:25 [channels.c misc.c misc.h packet.c] add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning). no nagle changes just yet; ok djm@ markus@ - stevesk@cvs.openbsd.org 2002/01/24 21:13:23 [packet.c] need misc.h for set_nodelay() - markus@cvs.openbsd.org 2002/01/25 21:00:24 [sshconnect2.c] unused include - markus@cvs.openbsd.org 2002/01/25 21:42:11 [ssh-dss.c ssh-rsa.c] use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@ don't use evp_md->md_size, it's not public. - markus@cvs.openbsd.org 2002/01/25 22:07:40 [kex.c kexdh.c kexgex.c key.c mac.c] use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@ - stevesk@cvs.openbsd.org 2002/01/26 16:44:22 [includes.h session.c] revert code to add x11 localhost display authorization entry for hostname/unix:d and uts.nodename/unix:d if nodename was different than hostname. just add entry for unix:d instead. ok markus@ - stevesk@cvs.openbsd.org 2002/01/27 14:57:46 [channels.c servconf.c servconf.h session.c sshd.8 sshd_config] add X11UseLocalhost; ok markus@ - stevesk@cvs.openbsd.org 2002/01/27 18:08:17 [ssh.c] handle simple case to identify FamilyLocal display; ok markus@ - markus@cvs.openbsd.org 2002/01/29 14:27:57 [ssh-add.c] exit 2 if no agent, exit 1 if list fails; debian#61078; ok djm@ - markus@cvs.openbsd.org 2002/01/29 14:32:03 [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c] [servconf.c servconf.h session.c sshd.8 sshd_config] s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; ok stevesk@ - stevesk@cvs.openbsd.org 2002/01/29 16:29:02 [session.c] limit subsystem length in log; ok markus@ - markus@cvs.openbsd.org 2002/01/29 16:41:19 [ssh-add.1] add DIAGNOSTICS; ok stevesk@ - markus@cvs.openbsd.org 2002/01/29 22:46:41 [session.c] don't depend on servconf.c; ok djm@ - markus@cvs.openbsd.org 2002/01/29 23:50:37 [scp.1 ssh.1] mention exit status; ok stevesk@ - markus@cvs.openbsd.org 2002/01/31 13:35:11 [kexdh.c kexgex.c] cross check announced key type and type from key blob - markus@cvs.openbsd.org 2002/01/31 15:00:05 [serverloop.c] no need for WNOHANG; ok stevesk@ - markus@cvs.openbsd.org 2002/02/03 17:53:25 [auth1.c serverloop.c session.c session.h] don't use channel_input_channel_request and callback use new server_input_channel_req() instead: server_input_channel_req does generic request parsing on server side session_input_channel_req handles just session specific things now ok djm@ - markus@cvs.openbsd.org 2002/02/03 17:55:55 [channels.c channels.h] remove unused channel_input_channel_request - markus@cvs.openbsd.org 2002/02/03 17:58:21 [channels.c channels.h ssh.c] generic callbacks are not really used, remove and add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION ok djm@ - markus@cvs.openbsd.org 2002/02/03 17:59:23 [sshconnect2.c] more cross checking if announced vs. used key type; ok stevesk@ - stevesk@cvs.openbsd.org 2002/02/03 22:35:57 [ssh.1 sshd.8] some KeepAlive cleanup/clarify; ok markus@ - stevesk@cvs.openbsd.org 2002/02/03 23:22:59 [ssh-agent.1] ssh-add also adds $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa now. - stevesk@cvs.openbsd.org 2002/02/04 00:53:39 [ssh-agent.c] unneeded includes - markus@cvs.openbsd.org 2002/02/04 11:58:10 [auth2.c] cross checking of announced vs actual pktype in pubkey/hostbaed auth; ok stevesk@ - markus@cvs.openbsd.org 2002/02/04 12:15:25 [log.c log.h readconf.c servconf.c] add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1, fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@ - stevesk@cvs.openbsd.org 2002/02/04 20:41:16 [ssh-add.1] more sync for default ssh-add identities; ok markus@ - djm@cvs.openbsd.org 2002/02/04 21:53:12 [sftp.1 sftp.c] Add "-P" option to directly connect to a local sftp-server. Should be useful for regression testing; ok markus@ - djm@cvs.openbsd.org 2002/02/05 00:00:46 [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c] Add "-B" option to specify copy buffer length (default 32k); ok markus@ 20020130 - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@ - (tim) [configure.ac] fix logic on when ssh-rand-helper is installed. [sshd_config] put back in line that tells what PATH was compiled into sshd. 20020125 - (djm) Don't grab Xserver or pointer by default. x11-ssh-askpass doesn't and grabbing can cause deadlocks with kinput2. 20020124 - (stevesk) Makefile.in: bug #61; delete commented line for now. 20020123 - (djm) Fix non-standard shell syntax in autoconf. Patch from Dave Dykstra <dwd@bell-labs.com> - (stevesk) fix --with-zlib= - (djm) Use case statements in autoconf to clean up some tests 20020122 - (djm) autoconf hacking: - We don't support --without-zlib currently, so don't allow it. - Rework cryptographic random number support detection. We now detect whether OpenSSL seeds itself. If it does, then we don't bother with the ssh-rand-helper program. You can force the use of ssh-rand-helper using the --with-rand-helper configure argument - Simplify and clean up ssh-rand-helper configuration - Add OpenSSL sanity check: verify that header version matches version reported by library - (djm) Fix some bugs I introduced into ssh-rand-helper yesterday - OpenBSD CVS Sync - djm@cvs.openbsd.org 2001/12/21 08:52:22 [ssh-keygen.1 ssh-keygen.c] Remove default (rsa1) key type; ok markus@ - djm@cvs.openbsd.org 2001/12/21 08:53:45 [readpass.c] Avoid interruptable passphrase read; ok markus@ - djm@cvs.openbsd.org 2001/12/21 10:06:43 [ssh-add.1 ssh-add.c] Try all standard key files (id_rsa, id_dsa, identity) when invoked with no arguments; ok markus@ - markus@cvs.openbsd.org 2001/12/21 12:17:33 [serverloop.c] remove ifdef for USE_PIPES since fdin != fdout; ok djm@ - deraadt@cvs.openbsd.org 2001/12/24 07:29:43 [ssh-add.c] try all listed keys.. how did this get broken? - markus@cvs.openbsd.org 2001/12/25 18:49:56 [key.c] be more careful on allocation - markus@cvs.openbsd.org 2001/12/25 18:53:00 [auth1.c] be more carefull on allocation - markus@cvs.openbsd.org 2001/12/27 18:10:29 [ssh-keygen.c] -t is only needed for key generation (unbreaks -i, -e, etc). - markus@cvs.openbsd.org 2001/12/27 18:22:16 [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c] [scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c] call fatal() for openssl allocation failures - stevesk@cvs.openbsd.org 2001/12/27 18:22:53 [sshd.8] clarify -p; ok markus@ - markus@cvs.openbsd.org 2001/12/27 18:26:13 [authfile.c] missing include - markus@cvs.openbsd.org 2001/12/27 19:37:23 [dh.c kexdh.c kexgex.c] always use BN_clear_free instead of BN_free - markus@cvs.openbsd.org 2001/12/27 19:54:53 [auth1.c auth.h auth-rh-rsa.c] auth_rhosts_rsa now accept generic keys. - markus@cvs.openbsd.org 2001/12/27 20:39:58 [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h] [serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c] get rid of packet_integrity_check, use packet_done() instead. - markus@cvs.openbsd.org 2001/12/28 12:14:27 [auth1.c auth2.c auth2-chall.c auth-rsa.c channels.c clientloop.c] [kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c] [ssh.c sshconnect1.c sshconnect2.c sshd.c] s/packet_done/packet_check_eom/ (end-of-message); ok djm@ - markus@cvs.openbsd.org 2001/12/28 13:57:33 [auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c] packet_get_bignum* no longer returns a size - markus@cvs.openbsd.org 2001/12/28 14:13:13 [bufaux.c bufaux.h packet.c] buffer_get_bignum: int -> void - markus@cvs.openbsd.org 2001/12/28 14:50:54 [auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c] [packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c] [sshconnect2.c sshd.c] packet_read* no longer return the packet length, since it's not used. - markus@cvs.openbsd.org 2001/12/28 15:06:00 [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c] [dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c] remove plen from the dispatch fn. it's no longer used. - stevesk@cvs.openbsd.org 2001/12/28 22:37:48 [ssh.1 sshd.8] document LogLevel DEBUG[123]; ok markus@ - stevesk@cvs.openbsd.org 2001/12/29 21:56:01 [authfile.c channels.c compress.c packet.c sftp-server.c] [ssh-agent.c ssh-keygen.c] remove unneeded casts and some char->u_char cleanup; ok markus@ - stevesk@cvs.openbsd.org 2002/01/03 04:11:08 [ssh_config] grammar in comment - stevesk@cvs.openbsd.org 2002/01/04 17:59:17 [readconf.c servconf.c] remove #ifdef _PATH_XAUTH/#endif; ok markus@ - stevesk@cvs.openbsd.org 2002/01/04 18:14:16 [servconf.c sshd.8] protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and /etc/ssh_host_dsa_key like we have in sshd_config. ok markus@ - markus@cvs.openbsd.org 2002/01/05 10:43:40 [channels.c] fix hanging x11 channels for rejected cookies (e.g. XAUTHORITY=/dev/null xbiff) bug #36, based on patch from djast@cs.toronto.edu - stevesk@cvs.openbsd.org 2002/01/05 21:51:56 [ssh.1 sshd.8] some missing and misplaced periods - markus@cvs.openbsd.org 2002/01/09 13:49:27 [ssh-keygen.c] append \n only for public keys - markus@cvs.openbsd.org 2002/01/09 17:16:00 [channels.c] merge channel_pre_open_15/channel_pre_open_20; ok provos@ - markus@cvs.openbsd.org 2002/01/09 17:26:35 [channels.c nchan.c] replace buffer_consume(b, buffer_len(b)) with buffer_clear(b); ok provos@ - markus@cvs.openbsd.org 2002/01/10 11:13:29 [serverloop.c] skip client_alive_check until there are channels; ok beck@ - markus@cvs.openbsd.org 2002/01/10 11:24:04 [clientloop.c] handle SSH2_MSG_GLOBAL_REQUEST (just reply with failure); ok djm@ - markus@cvs.openbsd.org 2002/01/10 12:38:26 [nchan.c] remove dead code (skip drain) - markus@cvs.openbsd.org 2002/01/10 12:47:59 [nchan.c] more unused code (with channels.c:1.156) - markus@cvs.openbsd.org 2002/01/11 10:31:05 [packet.c] handle received SSH2_MSG_UNIMPLEMENTED messages; ok djm@ - markus@cvs.openbsd.org 2002/01/11 13:36:43 [ssh2.h] add defines for msg type ranges - markus@cvs.openbsd.org 2002/01/11 13:39:36 [auth2.c dispatch.c dispatch.h kex.c] a single dispatch_protocol_error() that sends a message of type 'UNIMPLEMENTED' dispatch_range(): set handler for a ranges message types use dispatch_protocol_ignore() for authentication requests after successful authentication (the drafts requirement). serverloop/clientloop now send a 'UNIMPLEMENTED' message instead of exiting. - markus@cvs.openbsd.org 2002/01/11 20:14:11 [auth2-chall.c auth-skey.c] use strlcpy not strlcat; mouring@ - markus@cvs.openbsd.org 2002/01/11 23:02:18 [readpass.c] use _PATH_TTY - markus@cvs.openbsd.org 2002/01/11 23:02:51 [auth2-chall.c] use snprintf; mouring@ - markus@cvs.openbsd.org 2002/01/11 23:26:30 [auth-skey.c] use snprintf; mouring@ - markus@cvs.openbsd.org 2002/01/12 13:10:29 [auth-skey.c] undo local change - provos@cvs.openbsd.org 2002/01/13 17:27:07 [ssh-agent.c] change to use queue.h macros; okay markus@ - markus@cvs.openbsd.org 2002/01/13 17:57:37 [auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c] use buffer API and avoid static strings of fixed size; ok provos@/mouring@ - markus@cvs.openbsd.org 2002/01/13 21:31:20 [channels.h nchan.c] add chan_set_[io]state(), order states, state is now an u_int, simplifies debugging messages; ok provos@ - markus@cvs.openbsd.org 2002/01/14 13:22:35 [nchan.c] chan_send_oclose1() no longer calls chan_shutdown_write(); ok provos@ - markus@cvs.openbsd.org 2002/01/14 13:34:07 [nchan.c] merge chan_[io]buf_empty[12]; ok provos@ - markus@cvs.openbsd.org 2002/01/14 13:40:10 [nchan.c] correct fn names for ssh2, do not switch from closed to closed; ok provos@ - markus@cvs.openbsd.org 2002/01/14 13:41:13 [nchan.c] remove duplicated code; ok provos@ - markus@cvs.openbsd.org 2002/01/14 13:55:55 [channels.c channels.h nchan.c] remove function pointers for events, remove chan_init*; ok provos@ - markus@cvs.openbsd.org 2002/01/14 13:57:03 [channels.h nchan.c] (c) 2002 - markus@cvs.openbsd.org 2002/01/16 13:17:51 [channels.c channels.h serverloop.c ssh.c] wrapper for channel_setup_fwd_listener - stevesk@cvs.openbsd.org 2002/01/16 17:40:23 [sshd_config] The stategy now used for options in the default sshd_config shipped with OpenSSH is to specify options with their default value where possible, but leave them commented. Uncommented options change a default value. Subsystem is currently the only default option changed. ok markus@ - stevesk@cvs.openbsd.org 2002/01/16 17:42:33 [ssh.1] correct defaults for -i/IdentityFile; ok markus@ - stevesk@cvs.openbsd.org 2002/01/16 17:55:33 [ssh_config] correct some commented defaults. add Ciphers default. ok markus@ - stevesk@cvs.openbsd.org 2002/01/17 04:27:37 [log.c] casts to silence enum type warnings for bugzilla bug 37; ok markus@ - stevesk@cvs.openbsd.org 2002/01/18 17:14:16 [sshd.8] correct Ciphers default; paola.mannaro@ubs.com - stevesk@cvs.openbsd.org 2002/01/18 18:14:17 [authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c] unneeded cast cleanup; ok markus@ - stevesk@cvs.openbsd.org 2002/01/18 20:46:34 [sshd.8] clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from allard@oceanpark.com; ok markus@ - markus@cvs.openbsd.org 2002/01/21 15:13:51 [sshconnect.c] use read_passphrase+ECHO in confirm(), allows use of ssh-askpass for hostkey confirm. - markus@cvs.openbsd.org 2002/01/21 22:30:12 [cipher.c compat.c myproposal.h] remove "rijndael-*", just use "aes-" since this how rijndael is called in the drafts; ok stevesk@ - markus@cvs.openbsd.org 2002/01/21 23:27:10 [channels.c nchan.c] cleanup channels faster if the are empty and we are in drain-state; ok deraadt@ - stevesk@cvs.openbsd.org 2002/01/22 02:52:41 [servconf.c] typo in error message; from djast@cs.toronto.edu - (djm) Make auth2-pam.c compile again after dispatch.h and packet.h changes - (djm) Recent Glibc includes an incompatible sys/queue.h. Treat it as bogus in configure - (djm) Use local sys/queue.h if necessary in ssh-agent.c 20020121 - (djm) Rework ssh-rand-helper: - Reduce quantity of ifdef code, in preparation for ssh_rand_conf - Always seed from system calls, even when doing PRNGd seeding - Tidy and comment #define knobs - Remove unused facility for multiple runs through command list - KNF, cleanup, update copyright 20020114 - (djm) Bug #50 - make autoconf entropy path checks more robust 20020108 - (djm) Merge Cygwin copy_environment with do_pam_environment, removing fixed env var size limit in the process. Report from Corinna Vinschen <vinschen@redhat.com> - (stevesk) defines.h: use "/var/spool/sockets/X11/%u" for HP-UX. does not depend on transition links. from Lutz Jaenicke. 20020106 - (stevesk) defines.h: determine _PATH_UNIX_X; currently "/tmp/.X11-unix/X%u" for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u". 20020103 - (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from Roger Cornelius <rac@tenzing.org>
author: Dirk Meyer <dinoex@FreeBSD.org> 2002-03-08 05:54:04 +0000
committer: Dirk Meyer <dinoex@FreeBSD.org> 2002-03-08 05:54:04 +0000
commit: e95e5c70ff26973e0d0a0bc54618f223f1e64867 (patch)
tree: 76b22f2968987e7f6074a17d60a4c47fb01b2ff5 /security
parent: Update WWW (diff)
15 files changed, 99 insertions, 127 deletions
diff --git a/security/hpn-ssh/Makefile b/security/hpn-ssh/Makefile
index 0412868bda3d..e5b517170347 100644
--- a/security/hpn-ssh/Makefile
+++ b/security/hpn-ssh/Makefile
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	openssh
-PORTVERSION=	3.0.2p1
-PORTREVISION=	1
+PORTVERSION=	3.1p1
 CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
 		ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \
diff --git a/security/hpn-ssh/distinfo b/security/hpn-ssh/distinfo
index 4f636c0ddd6d..ae7285957283 100644
--- a/security/hpn-ssh/distinfo
+++ b/security/hpn-ssh/distinfo
@@ -1,3 +1 @@
-MD5 (openssh-3.0.2p1.tar.gz) = 2fa62bf878862cb47a7515c35afe35b6
-MD5 (openssh-3.0.2p1-gssapi.patch) = 66ce171ac4b09603c7069cea198d2090
-MD5 (openssh-3.0.2p1-krb5.patch) = c6fe5622607b3137fa22741897cbd5db
+MD5 (openssh-3.1p1.tar.gz) = c6a52d4126ed27eb57c31729ec6b2362
diff --git a/security/hpn-ssh/files/patch-channels.c b/security/hpn-ssh/files/patch-channels.c
deleted file mode 100644
index fc11fc9c6bad..000000000000
--- a/security/hpn-ssh/files/patch-channels.c
+++ /dev/null
@@ -1,11 +0,0 @@
---- channels.c.orig	Wed Oct 10 17:18:47 2001
-+++ channels.c	Wed Mar  6 07:49:46 2002
-@@ -145,7 +145,7 @@
- {
- 	Channel *c;
- 
--	if (id < 0 || id > channels_alloc) {
-+	if (id < 0 || id >= channels_alloc) {
- 		log("channel_lookup: %d: bad id", id);
- 		return NULL;
- 	}
diff --git a/security/hpn-ssh/files/patch-session.c b/security/hpn-ssh/files/patch-session.c
index 28dc7a851ec3..211addbf8b13 100644
--- a/security/hpn-ssh/files/patch-session.c
+++ b/security/hpn-ssh/files/patch-session.c
@@ -1,6 +1,6 @@
---- session.c.orig	Mon Sep 17 00:17:15 2001
-+++ session.c	Wed Oct  3 14:18:36 2001
-@@ -437,6 +437,13 @@
+--- session.c.orig	Mon Feb 25 16:48:03 2002
++++ session.c	Fri Mar  8 06:28:38 2002
+@@ -423,6 +423,13 @@
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
  
  		/*
@@ -14,7 +14,7 @@
  		 * Create a new session and process group since the 4.4BSD
  		 * setlogin() affects the entire process group.
  		 */
-@@ -551,6 +558,14 @@
+@@ -537,6 +544,14 @@
  
  		/* Child.  Reinitialize the log because the pid has changed. */
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -29,7 +29,7 @@
  		/* Close the master side of the pseudo tty. */
  		close(ptyfd);
  
-@@ -682,6 +697,11 @@
+@@ -665,6 +680,11 @@
  	time_t last_login_time;
  	struct passwd * pw = s->pw;
  	pid_t pid = getpid();
@@ -41,7 +41,7 @@
  
  	/*
  	 * Get IP address of client. If the connection is not a socket, let
-@@ -742,6 +762,21 @@
+@@ -725,6 +745,21 @@
  			printf("Last login: %s from %s\r\n", time_string, hostname);
  	}
  
@@ -63,7 +63,7 @@
  	do_motd();
  }
  
-@@ -1340,7 +1375,7 @@
+@@ -1241,7 +1276,7 @@
  	 * initgroups, because at least on Solaris 2.3 it leaves file
  	 * descriptors open.
  	 */
@@ -71,12 +71,14 @@
 +	for (i = 3; i < getdtablesize(); i++)
  		close(i);
  
- 	/* Change current directory to the user\'s home directory. */
-@@ -1376,6 +1411,28 @@
- 	 * in this order).
- 	 */
- 	if (!options.use_login) {
+ 	/*
+@@ -1271,6 +1306,31 @@
+ 			exit(1);
+ #endif
+ 	}
++
 +#ifdef __FreeBSD__
++  	if (!options.use_login) {
 +		/*
 +		 * If the password change time is set and has passed, give the
 +		 * user a password expiry notice and chance to change it.
@@ -97,7 +99,8 @@
 +				}
 +			}
 +		}
++	}
 +#endif /* __FreeBSD__ */
- 		/* ignore _PATH_SSH_USER_RC for subsystems */
- 		if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
- 			snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
+ 
+ 	if (!options.use_login)
+ 		do_rc_files(s, shell);
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 0412868bda3d..e5b517170347 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	openssh
-PORTVERSION=	3.0.2p1
-PORTREVISION=	1
+PORTVERSION=	3.1p1
 CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
 		ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index 4f636c0ddd6d..ae7285957283 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,3 +1 @@
-MD5 (openssh-3.0.2p1.tar.gz) = 2fa62bf878862cb47a7515c35afe35b6
-MD5 (openssh-3.0.2p1-gssapi.patch) = 66ce171ac4b09603c7069cea198d2090
-MD5 (openssh-3.0.2p1-krb5.patch) = c6fe5622607b3137fa22741897cbd5db
+MD5 (openssh-3.1p1.tar.gz) = c6a52d4126ed27eb57c31729ec6b2362
diff --git a/security/openssh-portable/files/patch-channels.c b/security/openssh-portable/files/patch-channels.c
deleted file mode 100644
index fc11fc9c6bad..000000000000
--- a/security/openssh-portable/files/patch-channels.c
+++ /dev/null
@@ -1,11 +0,0 @@
---- channels.c.orig	Wed Oct 10 17:18:47 2001
-+++ channels.c	Wed Mar  6 07:49:46 2002
-@@ -145,7 +145,7 @@
- {
- 	Channel *c;
- 
--	if (id < 0 || id > channels_alloc) {
-+	if (id < 0 || id >= channels_alloc) {
- 		log("channel_lookup: %d: bad id", id);
- 		return NULL;
- 	}
diff --git a/security/openssh-portable/files/patch-session.c b/security/openssh-portable/files/patch-session.c
index 28dc7a851ec3..211addbf8b13 100644
--- a/security/openssh-portable/files/patch-session.c
+++ b/security/openssh-portable/files/patch-session.c
@@ -1,6 +1,6 @@
---- session.c.orig	Mon Sep 17 00:17:15 2001
-+++ session.c	Wed Oct  3 14:18:36 2001
-@@ -437,6 +437,13 @@
+--- session.c.orig	Mon Feb 25 16:48:03 2002
++++ session.c	Fri Mar  8 06:28:38 2002
+@@ -423,6 +423,13 @@
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
  
  		/*
@@ -14,7 +14,7 @@
  		 * Create a new session and process group since the 4.4BSD
  		 * setlogin() affects the entire process group.
  		 */
-@@ -551,6 +558,14 @@
+@@ -537,6 +544,14 @@
  
  		/* Child.  Reinitialize the log because the pid has changed. */
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -29,7 +29,7 @@
  		/* Close the master side of the pseudo tty. */
  		close(ptyfd);
  
-@@ -682,6 +697,11 @@
+@@ -665,6 +680,11 @@
  	time_t last_login_time;
  	struct passwd * pw = s->pw;
  	pid_t pid = getpid();
@@ -41,7 +41,7 @@
  
  	/*
  	 * Get IP address of client. If the connection is not a socket, let
-@@ -742,6 +762,21 @@
+@@ -725,6 +745,21 @@
  			printf("Last login: %s from %s\r\n", time_string, hostname);
  	}
  
@@ -63,7 +63,7 @@
  	do_motd();
  }
  
-@@ -1340,7 +1375,7 @@
+@@ -1241,7 +1276,7 @@
  	 * initgroups, because at least on Solaris 2.3 it leaves file
  	 * descriptors open.
  	 */
@@ -71,12 +71,14 @@
 +	for (i = 3; i < getdtablesize(); i++)
  		close(i);
  
- 	/* Change current directory to the user\'s home directory. */
-@@ -1376,6 +1411,28 @@
- 	 * in this order).
- 	 */
- 	if (!options.use_login) {
+ 	/*
+@@ -1271,6 +1306,31 @@
+ 			exit(1);
+ #endif
+ 	}
++
 +#ifdef __FreeBSD__
++  	if (!options.use_login) {
 +		/*
 +		 * If the password change time is set and has passed, give the
 +		 * user a password expiry notice and chance to change it.
@@ -97,7 +99,8 @@
 +				}
 +			}
 +		}
++	}
 +#endif /* __FreeBSD__ */
- 		/* ignore _PATH_SSH_USER_RC for subsystems */
- 		if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
- 			snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
+ 
+ 	if (!options.use_login)
+ 		do_rc_files(s, shell);
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index a62d8071483c..a642c882b00e 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	openssh
-PORTVERSION=	3.0.2
-PORTREVISION=	1
+PORTVERSION=	3.1
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
 		ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
@@ -16,7 +15,7 @@ DISTNAME=	openssh-${PORTVERSION}
 EXTRACT_SUFX=	.tgz
 
 PATCH_SITES=	${MASTER_SITES}
-PATCHFILES=	openbsd28_3.0.2.patch
+PATCHFILES=	openbsd28_3.1.patch
 
 MAINTAINER=	dinoex@FreeBSD.org
 
@@ -70,8 +69,6 @@ MAKE_ENV+=	SKEY=yes
 WRKSRC=		${WRKDIR}/ssh
 
 post-extract:
-	@${PERL5} -pi -e "s=/etc/ssh=${PREFIX}/etc/ssh=" ${WRKSRC}/sshd_config
-	@${PERL5} -pi -e "s=/usr/libex=${PREFIX}/libex=" ${WRKSRC}/sshd_config
 	@${CP} ${FILESDIR}/strlcat.c ${FILESDIR}/strlcpy.c ${WRKSRC}/lib/
 	@${CP} ${FILESDIR}/sshd.sh ${WRKSRC}/
 .if ${OSVERSION} < 400014
@@ -82,7 +79,9 @@ post-extract:
 .endif
 
 post-patch:
-	@${PERL} -pi -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h	\
+	@${PERL5} -pi -e "s=/etc/ssh=${PREFIX}/etc/ssh=" ${WRKSRC}/sshd_config
+	@${PERL5} -pi -e "s=/usr/libex=${PREFIX}/libex=" ${WRKSRC}/sshd_config
+	@${PERL5} -pi -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h	\
 		${WRKSRC}/sshd_config ${WRKSRC}/sshd.sh \
 		${WRKSRC}/pathnames.h
 
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index 2433c3978ee3..8468fed06b29 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,2 +1,2 @@
-MD5 (openssh-3.0.2.tgz) = 83c508a4be90bf9b089db45ac6e28614
-MD5 (openbsd28_3.0.2.patch) = 44cb043a46770c53f9a0345d79dddfc1
+MD5 (openssh-3.1.tgz) = b43deb1a3b2047216a28c00ccc45f548
+MD5 (openbsd28_3.1.patch) = 5e7fce5fa6fa0f071b53a01dfb435a43
diff --git a/security/openssh/files/patch-al b/security/openssh/files/patch-al
index 149d5fa222ac..0eb763623833 100644
--- a/security/openssh/files/patch-al
+++ b/security/openssh/files/patch-al
@@ -1,16 +1,16 @@
---- pathnames.h.orig	Thu Apr 12 21:15:24 2001
-+++ pathnames.h	Sat May 26 15:11:30 2001
+--- pathnames.h.orig	Fri Mar  8 05:51:08 2002
++++ pathnames.h	Fri Mar  8 05:52:57 2002
 @@ -12,7 +12,7 @@
   * called by a name other than "ssh" or "Secure Shell".
   */
  
 -#define ETCDIR				"/etc"
 +#define ETCDIR				"__PREFIX__/etc"
+ #define SSHDIR				ETCDIR
  #define _PATH_SSH_PIDDIR		"/var/run"
  
- /*
-@@ -33,7 +33,7 @@
- #define _PATH_HOST_RSA_KEY_FILE		ETCDIR "/ssh_host_rsa_key"
+@@ -37,7 +37,7 @@
+ /* Backwards compatibility */
  #define _PATH_DH_PRIMES			ETCDIR "/primes"
  
 -#define _PATH_SSH_PROGRAM		"/usr/bin/ssh"
diff --git a/security/openssh/files/patch-am b/security/openssh/files/patch-am
index 1cf6fe09175c..07528232bb5a 100644
--- a/security/openssh/files/patch-am
+++ b/security/openssh/files/patch-am
@@ -1,5 +1,5 @@
---- sshd/Makefile.orig	Fri Nov 16 06:02:09 2001
-+++ sshd/Makefile	Fri Nov 16 06:03:51 2001
+--- sshd/Makefile.orig	Fri Mar  8 05:54:03 2002
++++ sshd/Makefile	Fri Mar  8 06:00:30 2002
 @@ -5,8 +5,8 @@
  PROG=	sshd
  BINOWN=	root
@@ -11,14 +11,18 @@
  CFLAGS+=-DHAVE_LOGIN_CAP
  #CFLAGS+=-DBSD_AUTH
  
-@@ -17,6 +17,7 @@
+@@ -17,9 +17,10 @@
  	auth-skey.c auth-bsdauth.c
  
  .include <bsd.own.mk> # for KERBEROS and AFS
 +.include "../Makefile.inc"
  
  .if (${KERBEROS5:L} == "yes")
- CFLAGS+=-DKRB5 -I${DESTDIR}/usr/include/kerberosV
+-CFLAGS+=-DKRB5 -I${DESTDIR}/usr/include/kerberosV
++CFLAGS+=-DKRB5 -I/usr/include/kerberosV
+ SRCS+=  auth-krb5.c
+ LDADD+= -lkrb5 -lkafs -lasn1 -lcom_err
+ DPADD+= ${LIBKRB5} ${LIBKAFS} ${LIBASN1}
 @@ -31,15 +32,15 @@
  LDADD+=  -lkafs
  DPADD+=  ${LIBKRBAFS}
@@ -33,7 +37,7 @@
  
  .include <bsd.prog.mk>
  
--LDADD+=	-lcrypto -lutil -lz
+-LDADD+=	-lcrypto -lutil -lz -ldes
 +LDADD+=	${CRYPTOLIBS} -lcrypt -lutil -lz
  DPADD+=	${LIBCRYPTO} ${LIBUTIL} ${LIBZ}
  
diff --git a/security/openssh/files/patch-ao b/security/openssh/files/patch-ao
index f4b4eea96218..13df05806802 100644
--- a/security/openssh/files/patch-ao
+++ b/security/openssh/files/patch-ao
@@ -1,24 +1,23 @@
---- sshd_config.orig	Thu Sep 20 22:57:51 2001
-+++ sshd_config	Wed Oct  3 12:37:28 2001
-@@ -25,8 +25,8 @@
+--- sshd_config.orig	Fri Mar  8 06:01:02 2002
++++ sshd_config	Fri Mar  8 06:03:06 2002
+@@ -30,8 +30,10 @@
  
  # Authentication:
  
--LoginGraceTime 600
--PermitRootLogin yes
-+LoginGraceTime 120
-+PermitRootLogin no
- StrictModes yes
+-#LoginGraceTime 600
+-#PermitRootLogin yes
++#LoginGraceTime 300
++LoginGraceTime 600
++#PermitRootLogin no
++PermitRootLogin yes
+ #StrictModes yes
  
- RSAAuthentication yes
-@@ -66,8 +66,9 @@
- #PrintLastLog no
- KeepAlive yes
+ #RSAAuthentication yes
+@@ -76,6 +78,7 @@
+ #PrintLastLog yes
+ #KeepAlive yes
  #UseLogin no
 +UseLogin yes
  
--#MaxStartups 10:30:60
-+MaxStartups 10:30:60
- #Banner /etc/issue.net
- #ReverseMappingCheck yes
- 
+ #MaxStartups 10
+ # no default banner path
diff --git a/security/openssh/files/patch-au b/security/openssh/files/patch-au
index 596e74cb551f..abb20c8ac770 100644
--- a/security/openssh/files/patch-au
+++ b/security/openssh/files/patch-au
@@ -1,5 +1,5 @@
---- session.c.orig	Sun Sep 16 16:46:54 2001
-+++ session.c	Wed Oct  3 12:50:00 2001
+--- session.c.orig	Fri Mar  8 06:11:56 2002
++++ session.c	Fri Mar  8 06:15:32 2002
 @@ -57,6 +57,12 @@
  #include "canohost.h"
  #include "session.h"
@@ -13,7 +13,7 @@
  /* types */
  
  #define TTYSZ 64
-@@ -392,6 +398,13 @@
+@@ -394,6 +400,13 @@
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
  
  		/*
@@ -27,7 +27,7 @@
  		 * Create a new session and process group since the 4.4BSD
  		 * setlogin() affects the entire process group.
  		 */
-@@ -497,6 +510,14 @@
+@@ -499,6 +512,14 @@
  
  		/* Child.  Reinitialize the log because the pid has changed. */
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -42,7 +42,7 @@
  		/* Close the master side of the pseudo tty. */
  		close(ptyfd);
  
-@@ -591,6 +612,11 @@
+@@ -589,6 +610,11 @@
  	time_t last_login_time;
  	struct passwd * pw = s->pw;
  	pid_t pid = getpid();
@@ -54,7 +54,7 @@
  
  	/*
  	 * Get IP address of client. If the connection is not a socket, let
-@@ -631,6 +657,21 @@
+@@ -629,6 +655,21 @@
  			printf("Last login: %s from %s\r\n", time_string, hostname);
  	}
  
@@ -76,7 +76,7 @@
  	do_motd();
  }
  
-@@ -857,6 +898,10 @@
+@@ -775,6 +816,10 @@
  	env[0] = NULL;
  
  	if (!options.use_login) {
@@ -87,7 +87,7 @@
  		/* Set basic environment. */
  		child_set_env(&env, &envsize, "USER", pw->pw_name);
  		child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
-@@ -864,6 +909,12 @@
+@@ -782,6 +827,12 @@
  #ifdef HAVE_LOGIN_CAP
  		(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
  		child_set_env(&env, &envsize, "PATH", getenv("PATH"));
@@ -100,7 +100,7 @@
  #else
  		child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
  #endif
-@@ -875,8 +926,13 @@
+@@ -793,8 +844,13 @@
  		/* Normal systems set SHELL by default. */
  		child_set_env(&env, &envsize, "SHELL", shell);
  	}
@@ -113,8 +113,8 @@
 +#endif /* HAVE_LOGIN_CAP */
  
  	/* Set custom environment options from RSA authentication. */
- 	while (custom_environment) {
-@@ -968,7 +1024,7 @@
+ 	if (!options.use_login) {
+@@ -1057,7 +1113,7 @@
  	 * initgroups, because at least on Solaris 2.3 it leaves file
  	 * descriptors open.
  	 */
@@ -122,12 +122,14 @@
 +	for (i = 3; i < getdtablesize(); i++)
  		close(i);
  
- 	/* Change current directory to the user\'s home directory. */
-@@ -1004,6 +1060,28 @@
- 	 * in this order).
- 	 */
- 	if (!options.use_login) {
+ 	/*
+@@ -1087,6 +1143,31 @@
+ 			exit(1);
+ #endif
+ 	}
++
 +#ifdef __FreeBSD__
++  	if (!options.use_login) {
 +		/*
 +		 * If the password change time is set and has passed, give the
 +		 * user a password expiry notice and chance to change it.
@@ -148,7 +150,8 @@
 +				}
 +			}
 +		}
++	}
 +#endif /* __FreeBSD__ */
- 		/* ignore _PATH_SSH_USER_RC for subsystems */
- 		if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
- 			snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
+ 
+ 	if (!options.use_login)
+ 		do_rc_files(s, shell);
diff --git a/security/openssh/files/patch-channels.c b/security/openssh/files/patch-channels.c
deleted file mode 100644
index fc11fc9c6bad..000000000000
--- a/security/openssh/files/patch-channels.c
+++ /dev/null
@@ -1,11 +0,0 @@
---- channels.c.orig	Wed Oct 10 17:18:47 2001
-+++ channels.c	Wed Mar  6 07:49:46 2002
-@@ -145,7 +145,7 @@
- {
- 	Channel *c;
- 
--	if (id < 0 || id > channels_alloc) {
-+	if (id < 0 || id >= channels_alloc) {
- 		log("channel_lookup: %d: bad id", id);
- 		return NULL;
- 	}
author	Dirk Meyer <dinoex@FreeBSD.org>	2002-03-08 05:54:04 +0000
committer	Dirk Meyer <dinoex@FreeBSD.org>	2002-03-08 05:54:04 +0000
commit	e95e5c70ff26973e0d0a0bc54618f223f1e64867 (patch)
tree	76b22f2968987e7f6074a17d60a4c47fb01b2ff5 /security
parent	Update WWW (diff)