diff options
| author | Andrey A. Chernov <ache@FreeBSD.org> | 1997-04-16 19:48:30 +0000 |
|---|---|---|
| committer | Andrey A. Chernov <ache@FreeBSD.org> | 1997-04-16 19:48:30 +0000 |
| commit | 29fe1065ad74c2a1d6ac36158c841b5d8373d666 (patch) | |
| tree | 6668f4daaebb207e465922ba1fbfeeb4c56e8eae /security | |
| parent | Upgrade to 2.3.10. I hate them. (diff) | |
Upgrade to 1.2.19
Notes
Notes:
svn path=/head/; revision=6222
Diffstat (limited to 'security')
| -rw-r--r-- | security/ssh/Makefile | 6 | ||||
| -rw-r--r-- | security/ssh/distinfo | 2 | ||||
| -rw-r--r-- | security/ssh/files/patch-ac | 40 | ||||
| -rw-r--r-- | security/ssh/files/patch-ad | 13 | ||||
| -rw-r--r-- | security/ssh/files/patch-af | 156 | ||||
| -rw-r--r-- | security/ssh/files/patch-al | 12 | ||||
| -rw-r--r-- | security/ssh2/Makefile | 6 | ||||
| -rw-r--r-- | security/ssh2/distinfo | 2 | ||||
| -rw-r--r-- | security/ssh2/files/patch-ab | 12 | ||||
| -rw-r--r-- | security/ssh2/files/patch-ac | 40 | ||||
| -rw-r--r-- | security/ssh2/files/patch-ad | 13 | ||||
| -rw-r--r-- | security/ssh2/files/patch-af | 156 | ||||
| -rw-r--r-- | security/ssh2/files/patch-aj | 12 | ||||
| -rw-r--r-- | security/ssh2/files/patch-al | 12 |
14 files changed, 314 insertions, 168 deletions
diff --git a/security/ssh/Makefile b/security/ssh/Makefile index fd8320fbc049..faed91eeb44c 100644 --- a/security/ssh/Makefile +++ b/security/ssh/Makefile @@ -1,15 +1,15 @@ # New ports collection makefile for: ssh -# Version required: 1.2.18 +# Version required: 1.2.19 # Date created: 30 Jul 1995 # Whom: torstenb@FreeBSD.ORG # -# $Id: Makefile,v 1.36 1996/11/20 12:45:41 adam Exp $ +# $Id: Makefile,v 1.37 1997/03/28 23:30:12 ache Exp $ # # Maximal ssh package requires YES values for # USE_PERL, USE_TCPWRAP # -DISTNAME= ssh-1.2.18 +DISTNAME= ssh-1.2.19 CATEGORIES= security net MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/login/ssh/ diff --git a/security/ssh/distinfo b/security/ssh/distinfo index 6faa4f65b675..b921c3e7c359 100644 --- a/security/ssh/distinfo +++ b/security/ssh/distinfo @@ -1,2 +1,2 @@ -MD5 (ssh-1.2.18.tar.gz) = 3ed9c159f1ab843966fb705168a69a8f +MD5 (ssh-1.2.19.tar.gz) = a7a1b400788173b548f1c04642a52396 MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d diff --git a/security/ssh/files/patch-ac b/security/ssh/files/patch-ac index 31084324b943..6823f8a5bd28 100644 --- a/security/ssh/files/patch-ac +++ b/security/ssh/files/patch-ac @@ -1,7 +1,7 @@ -*** Makefile.in.orig Thu Mar 27 09:04:06 1997 ---- Makefile.in Fri Mar 28 15:36:08 1997 +*** Makefile.in.orig Sun Apr 6 03:56:58 1997 +--- Makefile.in Wed Apr 16 22:59:17 1997 *************** -*** 225,236 **** +*** 229,240 **** SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -14,7 +14,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source ---- 225,242 ---- +--- 229,246 ---- SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -34,7 +34,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source *************** -*** 324,330 **** +*** 328,334 **** $(CC) -o rfc-pg rfc-pg.o .c.o: @@ -42,7 +42,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd ---- 330,336 ---- +--- 334,340 ---- $(CC) -o rfc-pg rfc-pg.o .c.o: @@ -51,7 +51,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd *************** -*** 361,379 **** +*** 365,383 **** sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -71,7 +71,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ ---- 367,385 ---- +--- 371,389 ---- sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -92,24 +92,24 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ *************** -*** 430,436 **** +*** 434,440 **** # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. ! install: $(PROGRAMS) make-dirs generate-host-key install-configs - $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh - -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \ - rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \ ---- 436,442 ---- + -rm -f $(install_prefix)$(bindir)/ssh.old + -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old + -chmod 755 $(install_prefix)$(bindir)/ssh.old +--- 440,446 ---- # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. ! install: $(PROGRAMS) make-dirs install-configs - $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh - -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \ - rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \ + -rm -f $(install_prefix)$(bindir)/ssh.old + -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old + -chmod 755 $(install_prefix)$(bindir)/ssh.old *************** -*** 531,557 **** +*** 543,569 **** clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -137,7 +137,7 @@ tar pcf $(DISTNAME).tar $(DISTNAME) -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar ---- 537,563 ---- +--- 549,575 ---- clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -166,7 +166,7 @@ -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar *************** -*** 563,569 **** +*** 575,581 **** (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: @@ -174,7 +174,7 @@ tags: -rm -f TAGS ---- 569,575 ---- +--- 581,587 ---- (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: diff --git a/security/ssh/files/patch-ad b/security/ssh/files/patch-ad deleted file mode 100644 index 536cf9cf642a..000000000000 --- a/security/ssh/files/patch-ad +++ /dev/null @@ -1,13 +0,0 @@ -*** ssh-agent.c.bak Thu Mar 27 09:04:12 1997 ---- ssh-agent.c Tue Apr 1 08:08:06 1997 -*************** -*** 586,591 **** ---- 586,593 ---- - av++; - ac--; - } -+ else -+ break; - } - if (erflg) - { diff --git a/security/ssh/files/patch-af b/security/ssh/files/patch-af index bd1982e6e60a..81068869685f 100644 --- a/security/ssh/files/patch-af +++ b/security/ssh/files/patch-af @@ -1,8 +1,8 @@ -*** sshd.c.orig Thu Mar 27 09:04:08 1997 ---- sshd.c Sat Mar 29 02:11:03 1997 +*** sshd.c.orig Sun Apr 6 03:57:00 1997 +--- sshd.c Wed Apr 16 23:27:28 1997 *************** -*** 370,375 **** ---- 370,379 ---- +*** 379,384 **** +--- 379,388 ---- #include "firewall.h" /* TIS authsrv authentication */ #endif @@ -14,18 +14,76 @@ #define DEFAULT_SHELL _PATH_BSHELL #else *************** -*** 2697,2702 **** ---- 2701,2716 ---- +*** 2617,2622 **** +--- 2621,2629 ---- + struct sockaddr_in from; + int fromlen; + struct pty_cleanup_context cleanup_context; ++ #ifdef HAVE_LOGIN_CAP_H ++ login_cap_t *lc; ++ #endif + + /* We no longer need the child running on user's privileges. */ + userfile_uninit(); +*************** +*** 2688,2698 **** + record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, + &from); + + /* Check if .hushlogin exists. Note that we cannot use userfile + here because we are in the child. */ + sprintf(line, "%.200s/.hushlogin", pw->pw_dir); + quiet_login = stat(line, &st) >= 0; +! + /* If the user has logged in before, display the time of last login. + However, don't display anything extra if a command has been + specified (so that ssh can be used to execute commands on a remote +--- 2695,2713 ---- + record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, + &from); + ++ #ifdef HAVE_LOGIN_CAP_H ++ lc = login_getclass(pw); ++ #endif ++ + /* Check if .hushlogin exists. Note that we cannot use userfile + here because we are in the child. */ + sprintf(line, "%.200s/.hushlogin", pw->pw_dir); + quiet_login = stat(line, &st) >= 0; +! +! #ifdef HAVE_LOGIN_CAP_H +! quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); +! #endif +! + /* If the user has logged in before, display the time of last login. + However, don't display anything extra if a command has been + specified (so that ssh can be used to execute commands on a remote +*************** +*** 2712,2717 **** +--- 2727,2755 ---- printf("Last login: %s from %s\r\n", time_string, buf); } + #ifdef __FreeBSD__ + if (command == NULL && !quiet_login) + { -+ printf("%s\n\t%s %s\n\n", ++ #ifdef HAVE_LOGIN_CAP_H ++ char *cw; ++ FILE *f; ++ ++ cw = login_getcapstr(lc, "copyright", NULL, NULL); ++ if (cw != NULL && (f = fopen(cw, "r")) != NULL) ++ { ++ while (fgets(line, sizeof(line), f)) ++ fputs(line, stdout); ++ fclose(f); ++ } ++ else ++ #endif ++ printf("%s\n\t%s %s\n\n", + "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", -+ "The Regents of the University of California. ", -+ "All rights reserved."); ++ "The Regents of the University of California. ", ++ "All rights reserved."); + } + #endif + @@ -33,25 +91,53 @@ disabled in server options. Note that some machines appear to print it in /etc/profile or similar. */ *************** -*** 2714,2719 **** ---- 2728,2742 ---- +*** 2721,2727 **** +--- 2759,2769 ---- + FILE *f; + + /* Print /etc/motd if it exists. */ ++ #ifdef HAVE_LOGIN_CAP_H ++ f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r"); ++ #else + f = fopen("/etc/motd", "r"); ++ #endif + if (f) + { + while (fgets(line, sizeof(line), f)) +*************** +*** 2729,2734 **** +--- 2771,2799 ---- fclose(f); } } + #ifdef __FreeBSD__ + if (command == NULL && !quiet_login) + { ++ #ifdef HAVE_LOGIN_CAP_H ++ char *mp = getenv("MAIL"); ++ ++ if (mp != NULL) ++ { ++ strncpy(line, mp, sizeof line); ++ line[sizeof line - 1] = '\0'; ++ } ++ else ++ #endif + sprintf(line, "%s/%.200s", _PATH_MAILDIR, pw->pw_name); + if (stat(line, &st) == 0 && st.st_size != 0) + printf("You have %smail.\n", + (st.st_mtime > st.st_atime) ? "new " : ""); + } + #endif ++ ++ #ifdef HAVE_LOGIN_CAP_H ++ login_close(lc); ++ #endif /* Do common processing for the child, such as execing the command. */ do_child(command, pw, term, display, auth_proto, auth_data, ttyname); *************** -*** 2969,2975 **** +*** 2986,2992 **** char *user_shell; char *remote_ip; int remote_port; @@ -59,7 +145,7 @@ /* Check /etc/nologin. */ f = fopen("/etc/nologin", "r"); if (f) ---- 2992,3004 ---- +--- 3051,3063 ---- char *user_shell; char *remote_ip; int remote_port; @@ -74,8 +160,8 @@ f = fopen("/etc/nologin", "r"); if (f) *************** -*** 2983,2988 **** ---- 3012,3018 ---- +*** 3000,3005 **** +--- 3071,3077 ---- if (pw->pw_uid != UID_ROOT) exit(254); } @@ -84,7 +170,7 @@ if (command != NULL) { *************** -*** 2995,3001 **** +*** 3012,3018 **** else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -92,7 +178,7 @@ #ifdef HAVE_SETLOGIN /* Set login name in the kernel. Warning: setsid() must be called before this. */ ---- 3025,3032 ---- +--- 3084,3091 ---- else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -102,8 +188,8 @@ /* Set login name in the kernel. Warning: setsid() must be called before this. */ *************** -*** 3016,3021 **** ---- 3047,3053 ---- +*** 3033,3038 **** +--- 3106,3112 ---- if (setpcred((char *)pw->pw_name, NULL)) log_msg("setpcred %.100s: %.100s", strerror(errno)); #endif /* HAVE_USERSEC_H */ @@ -112,8 +198,8 @@ /* Save some data that will be needed so that we can do certain cleanups before we switch to user's uid. (We must clear all sensitive data *************** -*** 3086,3091 **** ---- 3118,3181 ---- +*** 3103,3108 **** +--- 3177,3240 ---- if (command != NULL || !options.use_login) #endif /* USELOGIN */ { @@ -179,8 +265,8 @@ if (getuid() == UID_ROOT || geteuid() == UID_ROOT) { *************** -*** 3117,3122 **** ---- 3207,3213 ---- +*** 3134,3139 **** +--- 3266,3272 ---- if (getuid() != user_uid || geteuid() != user_uid) fatal("Failed to set uids to %d.", (int)user_uid); @@ -189,8 +275,8 @@ /* Reset signals to their default settings before starting the user *************** -*** 3127,3137 **** ---- 3218,3233 ---- +*** 3144,3154 **** +--- 3277,3292 ---- and means /bin/sh. */ shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; @@ -208,8 +294,8 @@ #ifdef USELOGIN if (command != NULL || !options.use_login) *************** -*** 3141,3146 **** ---- 3237,3244 ---- +*** 3158,3163 **** +--- 3296,3303 ---- child_set_env(&env, &envsize, "HOME", user_dir); child_set_env(&env, &envsize, "USER", user_name); child_set_env(&env, &envsize, "LOGNAME", user_name); @@ -219,8 +305,8 @@ #ifdef MAIL_SPOOL_DIRECTORY *************** -*** 3152,3157 **** ---- 3250,3256 ---- +*** 3169,3174 **** +--- 3309,3315 ---- child_set_env(&env, &envsize, "MAIL", buf); #endif /* MAIL_SPOOL_FILE */ #endif /* MAIL_SPOOL_DIRECTORY */ @@ -229,8 +315,8 @@ #ifdef HAVE_ETC_DEFAULT_LOGIN /* Read /etc/default/login; this exists at least on Solaris 2.x. Note *************** -*** 3167,3175 **** ---- 3266,3276 ---- +*** 3184,3192 **** +--- 3325,3335 ---- child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); @@ -243,8 +329,8 @@ /* Set custom environment options from RSA authentication. */ while (custom_environment) *************** -*** 3389,3395 **** ---- 3490,3500 ---- +*** 3406,3412 **** +--- 3549,3559 ---- /* Execute the shell. */ argv[0] = buf; argv[1] = NULL; @@ -257,8 +343,8 @@ perror(shell); exit(1); *************** -*** 3410,3416 **** ---- 3515,3525 ---- +*** 3427,3433 **** +--- 3574,3584 ---- argv[1] = "-c"; argv[2] = (char *)command; argv[3] = NULL; diff --git a/security/ssh/files/patch-al b/security/ssh/files/patch-al index 7ca297bc9ea7..9b8ef9f85303 100644 --- a/security/ssh/files/patch-al +++ b/security/ssh/files/patch-al @@ -1,8 +1,8 @@ -*** sshconnect.c.orig Thu Mar 27 09:04:10 1997 ---- sshconnect.c Sat Mar 29 01:16:51 1997 +*** sshconnect.c.orig Sun Apr 6 03:57:04 1997 +--- sshconnect.c Wed Apr 16 23:04:17 1997 *************** -*** 298,303 **** ---- 298,309 ---- +*** 302,307 **** +--- 302,313 ---- { struct sockaddr_in sin; int p; @@ -16,8 +16,8 @@ { sock = socket(AF_INET, SOCK_STREAM, 0); *************** -*** 325,330 **** ---- 331,337 ---- +*** 329,334 **** +--- 335,341 ---- } fatal("bind: %.100s", strerror(errno)); } diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile index fd8320fbc049..faed91eeb44c 100644 --- a/security/ssh2/Makefile +++ b/security/ssh2/Makefile @@ -1,15 +1,15 @@ # New ports collection makefile for: ssh -# Version required: 1.2.18 +# Version required: 1.2.19 # Date created: 30 Jul 1995 # Whom: torstenb@FreeBSD.ORG # -# $Id: Makefile,v 1.36 1996/11/20 12:45:41 adam Exp $ +# $Id: Makefile,v 1.37 1997/03/28 23:30:12 ache Exp $ # # Maximal ssh package requires YES values for # USE_PERL, USE_TCPWRAP # -DISTNAME= ssh-1.2.18 +DISTNAME= ssh-1.2.19 CATEGORIES= security net MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/login/ssh/ diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo index 6faa4f65b675..b921c3e7c359 100644 --- a/security/ssh2/distinfo +++ b/security/ssh2/distinfo @@ -1,2 +1,2 @@ -MD5 (ssh-1.2.18.tar.gz) = 3ed9c159f1ab843966fb705168a69a8f +MD5 (ssh-1.2.19.tar.gz) = a7a1b400788173b548f1c04642a52396 MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d diff --git a/security/ssh2/files/patch-ab b/security/ssh2/files/patch-ab index caa40dcd89fb..fb3ded791e3f 100644 --- a/security/ssh2/files/patch-ab +++ b/security/ssh2/files/patch-ab @@ -1,5 +1,5 @@ -*** configure.orig Thu Mar 27 09:04:06 1997 ---- configure Fri Mar 28 15:18:56 1997 +*** configure.orig Sun Apr 6 03:56:58 1997 +--- configure Wed Apr 16 22:52:47 1997 *************** *** 1634,1645 **** @@ -33,7 +33,7 @@ ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 *************** -*** 6696,6702 **** +*** 6749,6755 **** cat >> $CONFIG_STATUS <<EOF @@ -41,7 +41,7 @@ EOF cat >> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then ---- 6690,6696 ---- +--- 6743,6749 ---- cat >> $CONFIG_STATUS <<EOF @@ -50,8 +50,8 @@ cat >> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then *************** -*** 6900,6905 **** ---- 6894,6901 ---- +*** 6953,6958 **** +--- 6947,6954 ---- done for ac_config_dir in gmp-2.0.2-ssh-2; do diff --git a/security/ssh2/files/patch-ac b/security/ssh2/files/patch-ac index 31084324b943..6823f8a5bd28 100644 --- a/security/ssh2/files/patch-ac +++ b/security/ssh2/files/patch-ac @@ -1,7 +1,7 @@ -*** Makefile.in.orig Thu Mar 27 09:04:06 1997 ---- Makefile.in Fri Mar 28 15:36:08 1997 +*** Makefile.in.orig Sun Apr 6 03:56:58 1997 +--- Makefile.in Wed Apr 16 22:59:17 1997 *************** -*** 225,236 **** +*** 229,240 **** SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -14,7 +14,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source ---- 225,242 ---- +--- 229,246 ---- SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -34,7 +34,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source *************** -*** 324,330 **** +*** 328,334 **** $(CC) -o rfc-pg rfc-pg.o .c.o: @@ -42,7 +42,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd ---- 330,336 ---- +--- 334,340 ---- $(CC) -o rfc-pg rfc-pg.o .c.o: @@ -51,7 +51,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd *************** -*** 361,379 **** +*** 365,383 **** sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -71,7 +71,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ ---- 367,385 ---- +--- 371,389 ---- sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -92,24 +92,24 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ *************** -*** 430,436 **** +*** 434,440 **** # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. ! install: $(PROGRAMS) make-dirs generate-host-key install-configs - $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh - -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \ - rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \ ---- 436,442 ---- + -rm -f $(install_prefix)$(bindir)/ssh.old + -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old + -chmod 755 $(install_prefix)$(bindir)/ssh.old +--- 440,446 ---- # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. ! install: $(PROGRAMS) make-dirs install-configs - $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh - -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \ - rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \ + -rm -f $(install_prefix)$(bindir)/ssh.old + -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old + -chmod 755 $(install_prefix)$(bindir)/ssh.old *************** -*** 531,557 **** +*** 543,569 **** clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -137,7 +137,7 @@ tar pcf $(DISTNAME).tar $(DISTNAME) -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar ---- 537,563 ---- +--- 549,575 ---- clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -166,7 +166,7 @@ -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar *************** -*** 563,569 **** +*** 575,581 **** (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: @@ -174,7 +174,7 @@ tags: -rm -f TAGS ---- 569,575 ---- +--- 581,587 ---- (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: diff --git a/security/ssh2/files/patch-ad b/security/ssh2/files/patch-ad deleted file mode 100644 index 536cf9cf642a..000000000000 --- a/security/ssh2/files/patch-ad +++ /dev/null @@ -1,13 +0,0 @@ -*** ssh-agent.c.bak Thu Mar 27 09:04:12 1997 ---- ssh-agent.c Tue Apr 1 08:08:06 1997 -*************** -*** 586,591 **** ---- 586,593 ---- - av++; - ac--; - } -+ else -+ break; - } - if (erflg) - { diff --git a/security/ssh2/files/patch-af b/security/ssh2/files/patch-af index bd1982e6e60a..81068869685f 100644 --- a/security/ssh2/files/patch-af +++ b/security/ssh2/files/patch-af @@ -1,8 +1,8 @@ -*** sshd.c.orig Thu Mar 27 09:04:08 1997 ---- sshd.c Sat Mar 29 02:11:03 1997 +*** sshd.c.orig Sun Apr 6 03:57:00 1997 +--- sshd.c Wed Apr 16 23:27:28 1997 *************** -*** 370,375 **** ---- 370,379 ---- +*** 379,384 **** +--- 379,388 ---- #include "firewall.h" /* TIS authsrv authentication */ #endif @@ -14,18 +14,76 @@ #define DEFAULT_SHELL _PATH_BSHELL #else *************** -*** 2697,2702 **** ---- 2701,2716 ---- +*** 2617,2622 **** +--- 2621,2629 ---- + struct sockaddr_in from; + int fromlen; + struct pty_cleanup_context cleanup_context; ++ #ifdef HAVE_LOGIN_CAP_H ++ login_cap_t *lc; ++ #endif + + /* We no longer need the child running on user's privileges. */ + userfile_uninit(); +*************** +*** 2688,2698 **** + record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, + &from); + + /* Check if .hushlogin exists. Note that we cannot use userfile + here because we are in the child. */ + sprintf(line, "%.200s/.hushlogin", pw->pw_dir); + quiet_login = stat(line, &st) >= 0; +! + /* If the user has logged in before, display the time of last login. + However, don't display anything extra if a command has been + specified (so that ssh can be used to execute commands on a remote +--- 2695,2713 ---- + record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, + &from); + ++ #ifdef HAVE_LOGIN_CAP_H ++ lc = login_getclass(pw); ++ #endif ++ + /* Check if .hushlogin exists. Note that we cannot use userfile + here because we are in the child. */ + sprintf(line, "%.200s/.hushlogin", pw->pw_dir); + quiet_login = stat(line, &st) >= 0; +! +! #ifdef HAVE_LOGIN_CAP_H +! quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); +! #endif +! + /* If the user has logged in before, display the time of last login. + However, don't display anything extra if a command has been + specified (so that ssh can be used to execute commands on a remote +*************** +*** 2712,2717 **** +--- 2727,2755 ---- printf("Last login: %s from %s\r\n", time_string, buf); } + #ifdef __FreeBSD__ + if (command == NULL && !quiet_login) + { -+ printf("%s\n\t%s %s\n\n", ++ #ifdef HAVE_LOGIN_CAP_H ++ char *cw; ++ FILE *f; ++ ++ cw = login_getcapstr(lc, "copyright", NULL, NULL); ++ if (cw != NULL && (f = fopen(cw, "r")) != NULL) ++ { ++ while (fgets(line, sizeof(line), f)) ++ fputs(line, stdout); ++ fclose(f); ++ } ++ else ++ #endif ++ printf("%s\n\t%s %s\n\n", + "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", -+ "The Regents of the University of California. ", -+ "All rights reserved."); ++ "The Regents of the University of California. ", ++ "All rights reserved."); + } + #endif + @@ -33,25 +91,53 @@ disabled in server options. Note that some machines appear to print it in /etc/profile or similar. */ *************** -*** 2714,2719 **** ---- 2728,2742 ---- +*** 2721,2727 **** +--- 2759,2769 ---- + FILE *f; + + /* Print /etc/motd if it exists. */ ++ #ifdef HAVE_LOGIN_CAP_H ++ f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r"); ++ #else + f = fopen("/etc/motd", "r"); ++ #endif + if (f) + { + while (fgets(line, sizeof(line), f)) +*************** +*** 2729,2734 **** +--- 2771,2799 ---- fclose(f); } } + #ifdef __FreeBSD__ + if (command == NULL && !quiet_login) + { ++ #ifdef HAVE_LOGIN_CAP_H ++ char *mp = getenv("MAIL"); ++ ++ if (mp != NULL) ++ { ++ strncpy(line, mp, sizeof line); ++ line[sizeof line - 1] = '\0'; ++ } ++ else ++ #endif + sprintf(line, "%s/%.200s", _PATH_MAILDIR, pw->pw_name); + if (stat(line, &st) == 0 && st.st_size != 0) + printf("You have %smail.\n", + (st.st_mtime > st.st_atime) ? "new " : ""); + } + #endif ++ ++ #ifdef HAVE_LOGIN_CAP_H ++ login_close(lc); ++ #endif /* Do common processing for the child, such as execing the command. */ do_child(command, pw, term, display, auth_proto, auth_data, ttyname); *************** -*** 2969,2975 **** +*** 2986,2992 **** char *user_shell; char *remote_ip; int remote_port; @@ -59,7 +145,7 @@ /* Check /etc/nologin. */ f = fopen("/etc/nologin", "r"); if (f) ---- 2992,3004 ---- +--- 3051,3063 ---- char *user_shell; char *remote_ip; int remote_port; @@ -74,8 +160,8 @@ f = fopen("/etc/nologin", "r"); if (f) *************** -*** 2983,2988 **** ---- 3012,3018 ---- +*** 3000,3005 **** +--- 3071,3077 ---- if (pw->pw_uid != UID_ROOT) exit(254); } @@ -84,7 +170,7 @@ if (command != NULL) { *************** -*** 2995,3001 **** +*** 3012,3018 **** else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -92,7 +178,7 @@ #ifdef HAVE_SETLOGIN /* Set login name in the kernel. Warning: setsid() must be called before this. */ ---- 3025,3032 ---- +--- 3084,3091 ---- else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -102,8 +188,8 @@ /* Set login name in the kernel. Warning: setsid() must be called before this. */ *************** -*** 3016,3021 **** ---- 3047,3053 ---- +*** 3033,3038 **** +--- 3106,3112 ---- if (setpcred((char *)pw->pw_name, NULL)) log_msg("setpcred %.100s: %.100s", strerror(errno)); #endif /* HAVE_USERSEC_H */ @@ -112,8 +198,8 @@ /* Save some data that will be needed so that we can do certain cleanups before we switch to user's uid. (We must clear all sensitive data *************** -*** 3086,3091 **** ---- 3118,3181 ---- +*** 3103,3108 **** +--- 3177,3240 ---- if (command != NULL || !options.use_login) #endif /* USELOGIN */ { @@ -179,8 +265,8 @@ if (getuid() == UID_ROOT || geteuid() == UID_ROOT) { *************** -*** 3117,3122 **** ---- 3207,3213 ---- +*** 3134,3139 **** +--- 3266,3272 ---- if (getuid() != user_uid || geteuid() != user_uid) fatal("Failed to set uids to %d.", (int)user_uid); @@ -189,8 +275,8 @@ /* Reset signals to their default settings before starting the user *************** -*** 3127,3137 **** ---- 3218,3233 ---- +*** 3144,3154 **** +--- 3277,3292 ---- and means /bin/sh. */ shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; @@ -208,8 +294,8 @@ #ifdef USELOGIN if (command != NULL || !options.use_login) *************** -*** 3141,3146 **** ---- 3237,3244 ---- +*** 3158,3163 **** +--- 3296,3303 ---- child_set_env(&env, &envsize, "HOME", user_dir); child_set_env(&env, &envsize, "USER", user_name); child_set_env(&env, &envsize, "LOGNAME", user_name); @@ -219,8 +305,8 @@ #ifdef MAIL_SPOOL_DIRECTORY *************** -*** 3152,3157 **** ---- 3250,3256 ---- +*** 3169,3174 **** +--- 3309,3315 ---- child_set_env(&env, &envsize, "MAIL", buf); #endif /* MAIL_SPOOL_FILE */ #endif /* MAIL_SPOOL_DIRECTORY */ @@ -229,8 +315,8 @@ #ifdef HAVE_ETC_DEFAULT_LOGIN /* Read /etc/default/login; this exists at least on Solaris 2.x. Note *************** -*** 3167,3175 **** ---- 3266,3276 ---- +*** 3184,3192 **** +--- 3325,3335 ---- child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); @@ -243,8 +329,8 @@ /* Set custom environment options from RSA authentication. */ while (custom_environment) *************** -*** 3389,3395 **** ---- 3490,3500 ---- +*** 3406,3412 **** +--- 3549,3559 ---- /* Execute the shell. */ argv[0] = buf; argv[1] = NULL; @@ -257,8 +343,8 @@ perror(shell); exit(1); *************** -*** 3410,3416 **** ---- 3515,3525 ---- +*** 3427,3433 **** +--- 3574,3584 ---- argv[1] = "-c"; argv[2] = (char *)command; argv[3] = NULL; diff --git a/security/ssh2/files/patch-aj b/security/ssh2/files/patch-aj index 008d4dec5cdc..2227e00716f2 100644 --- a/security/ssh2/files/patch-aj +++ b/security/ssh2/files/patch-aj @@ -1,7 +1,7 @@ -*** configure.in.orig Thu Mar 27 09:04:06 1997 ---- configure.in Sat Mar 29 01:16:51 1997 +*** configure.in.orig Sun Apr 6 03:56:58 1997 +--- configure.in Wed Apr 16 23:04:16 1997 *************** -*** 574,582 **** +*** 579,587 **** export CFLAGS CC @@ -11,7 +11,7 @@ AC_MSG_CHECKING([that the compiler works]) AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], ---- 574,582 ---- +--- 579,587 ---- export CFLAGS CC @@ -22,7 +22,7 @@ AC_MSG_CHECKING([that the compiler works]) AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], *************** -*** 628,634 **** +*** 633,639 **** AC_HEADER_STDC AC_HEADER_SYS_WAIT @@ -30,7 +30,7 @@ AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h) AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) AC_HEADER_TIME ---- 628,634 ---- +--- 633,639 ---- AC_HEADER_STDC AC_HEADER_SYS_WAIT diff --git a/security/ssh2/files/patch-al b/security/ssh2/files/patch-al index 7ca297bc9ea7..9b8ef9f85303 100644 --- a/security/ssh2/files/patch-al +++ b/security/ssh2/files/patch-al @@ -1,8 +1,8 @@ -*** sshconnect.c.orig Thu Mar 27 09:04:10 1997 ---- sshconnect.c Sat Mar 29 01:16:51 1997 +*** sshconnect.c.orig Sun Apr 6 03:57:04 1997 +--- sshconnect.c Wed Apr 16 23:04:17 1997 *************** -*** 298,303 **** ---- 298,309 ---- +*** 302,307 **** +--- 302,313 ---- { struct sockaddr_in sin; int p; @@ -16,8 +16,8 @@ { sock = socket(AF_INET, SOCK_STREAM, 0); *************** -*** 325,330 **** ---- 331,337 ---- +*** 329,334 **** +--- 335,341 ---- } fatal("bind: %.100s", strerror(errno)); } |