diff options
| -rw-r--r-- | security/hpn-ssh/Makefile | 3 | ||||
| -rw-r--r-- | security/hpn-ssh/distinfo | 4 | ||||
| -rw-r--r-- | security/hpn-ssh/files/patch-channels.c | 11 | ||||
| -rw-r--r-- | security/hpn-ssh/files/patch-session.c | 33 | ||||
| -rw-r--r-- | security/openssh-portable/Makefile | 3 | ||||
| -rw-r--r-- | security/openssh-portable/distinfo | 4 | ||||
| -rw-r--r-- | security/openssh-portable/files/patch-channels.c | 11 | ||||
| -rw-r--r-- | security/openssh-portable/files/patch-session.c | 33 | ||||
| -rw-r--r-- | security/openssh/Makefile | 11 | ||||
| -rw-r--r-- | security/openssh/distinfo | 4 | ||||
| -rw-r--r-- | security/openssh/files/patch-al | 10 | ||||
| -rw-r--r-- | security/openssh/files/patch-am | 14 | ||||
| -rw-r--r-- | security/openssh/files/patch-ao | 33 | ||||
| -rw-r--r-- | security/openssh/files/patch-au | 41 | ||||
| -rw-r--r-- | security/openssh/files/patch-channels.c | 11 |
15 files changed, 99 insertions, 127 deletions
diff --git a/security/hpn-ssh/Makefile b/security/hpn-ssh/Makefile index 0412868bda3d..e5b517170347 100644 --- a/security/hpn-ssh/Makefile +++ b/security/hpn-ssh/Makefile @@ -6,8 +6,7 @@ # PORTNAME= openssh -PORTVERSION= 3.0.2p1 -PORTREVISION= 1 +PORTVERSION= 3.1p1 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ diff --git a/security/hpn-ssh/distinfo b/security/hpn-ssh/distinfo index 4f636c0ddd6d..ae7285957283 100644 --- a/security/hpn-ssh/distinfo +++ b/security/hpn-ssh/distinfo @@ -1,3 +1 @@ -MD5 (openssh-3.0.2p1.tar.gz) = 2fa62bf878862cb47a7515c35afe35b6 -MD5 (openssh-3.0.2p1-gssapi.patch) = 66ce171ac4b09603c7069cea198d2090 -MD5 (openssh-3.0.2p1-krb5.patch) = c6fe5622607b3137fa22741897cbd5db +MD5 (openssh-3.1p1.tar.gz) = c6a52d4126ed27eb57c31729ec6b2362 diff --git a/security/hpn-ssh/files/patch-channels.c b/security/hpn-ssh/files/patch-channels.c deleted file mode 100644 index fc11fc9c6bad..000000000000 --- a/security/hpn-ssh/files/patch-channels.c +++ /dev/null @@ -1,11 +0,0 @@ ---- channels.c.orig Wed Oct 10 17:18:47 2001 -+++ channels.c Wed Mar 6 07:49:46 2002 -@@ -145,7 +145,7 @@ - { - Channel *c; - -- if (id < 0 || id > channels_alloc) { -+ if (id < 0 || id >= channels_alloc) { - log("channel_lookup: %d: bad id", id); - return NULL; - } diff --git a/security/hpn-ssh/files/patch-session.c b/security/hpn-ssh/files/patch-session.c index 28dc7a851ec3..211addbf8b13 100644 --- a/security/hpn-ssh/files/patch-session.c +++ b/security/hpn-ssh/files/patch-session.c @@ -1,6 +1,6 @@ ---- session.c.orig Mon Sep 17 00:17:15 2001 -+++ session.c Wed Oct 3 14:18:36 2001 -@@ -437,6 +437,13 @@ +--- session.c.orig Mon Feb 25 16:48:03 2002 ++++ session.c Fri Mar 8 06:28:38 2002 +@@ -423,6 +423,13 @@ log_init(__progname, options.log_level, options.log_facility, log_stderr); /* @@ -14,7 +14,7 @@ * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ -@@ -551,6 +558,14 @@ +@@ -537,6 +544,14 @@ /* Child. Reinitialize the log because the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -29,7 +29,7 @@ /* Close the master side of the pseudo tty. */ close(ptyfd); -@@ -682,6 +697,11 @@ +@@ -665,6 +680,11 @@ time_t last_login_time; struct passwd * pw = s->pw; pid_t pid = getpid(); @@ -41,7 +41,7 @@ /* * Get IP address of client. If the connection is not a socket, let -@@ -742,6 +762,21 @@ +@@ -725,6 +745,21 @@ printf("Last login: %s from %s\r\n", time_string, hostname); } @@ -63,7 +63,7 @@ do_motd(); } -@@ -1340,7 +1375,7 @@ +@@ -1241,7 +1276,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ @@ -71,12 +71,14 @@ + for (i = 3; i < getdtablesize(); i++) close(i); - /* Change current directory to the user\'s home directory. */ -@@ -1376,6 +1411,28 @@ - * in this order). - */ - if (!options.use_login) { + /* +@@ -1271,6 +1306,31 @@ + exit(1); + #endif + } ++ +#ifdef __FreeBSD__ ++ if (!options.use_login) { + /* + * If the password change time is set and has passed, give the + * user a password expiry notice and chance to change it. @@ -97,7 +99,8 @@ + } + } + } ++ } +#endif /* __FreeBSD__ */ - /* ignore _PATH_SSH_USER_RC for subsystems */ - if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { - snprintf(cmd, sizeof cmd, "%s -c '%s %s'", + + if (!options.use_login) + do_rc_files(s, shell); diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 0412868bda3d..e5b517170347 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -6,8 +6,7 @@ # PORTNAME= openssh -PORTVERSION= 3.0.2p1 -PORTREVISION= 1 +PORTVERSION= 3.1p1 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index 4f636c0ddd6d..ae7285957283 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,3 +1 @@ -MD5 (openssh-3.0.2p1.tar.gz) = 2fa62bf878862cb47a7515c35afe35b6 -MD5 (openssh-3.0.2p1-gssapi.patch) = 66ce171ac4b09603c7069cea198d2090 -MD5 (openssh-3.0.2p1-krb5.patch) = c6fe5622607b3137fa22741897cbd5db +MD5 (openssh-3.1p1.tar.gz) = c6a52d4126ed27eb57c31729ec6b2362 diff --git a/security/openssh-portable/files/patch-channels.c b/security/openssh-portable/files/patch-channels.c deleted file mode 100644 index fc11fc9c6bad..000000000000 --- a/security/openssh-portable/files/patch-channels.c +++ /dev/null @@ -1,11 +0,0 @@ ---- channels.c.orig Wed Oct 10 17:18:47 2001 -+++ channels.c Wed Mar 6 07:49:46 2002 -@@ -145,7 +145,7 @@ - { - Channel *c; - -- if (id < 0 || id > channels_alloc) { -+ if (id < 0 || id >= channels_alloc) { - log("channel_lookup: %d: bad id", id); - return NULL; - } diff --git a/security/openssh-portable/files/patch-session.c b/security/openssh-portable/files/patch-session.c index 28dc7a851ec3..211addbf8b13 100644 --- a/security/openssh-portable/files/patch-session.c +++ b/security/openssh-portable/files/patch-session.c @@ -1,6 +1,6 @@ ---- session.c.orig Mon Sep 17 00:17:15 2001 -+++ session.c Wed Oct 3 14:18:36 2001 -@@ -437,6 +437,13 @@ +--- session.c.orig Mon Feb 25 16:48:03 2002 ++++ session.c Fri Mar 8 06:28:38 2002 +@@ -423,6 +423,13 @@ log_init(__progname, options.log_level, options.log_facility, log_stderr); /* @@ -14,7 +14,7 @@ * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ -@@ -551,6 +558,14 @@ +@@ -537,6 +544,14 @@ /* Child. Reinitialize the log because the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -29,7 +29,7 @@ /* Close the master side of the pseudo tty. */ close(ptyfd); -@@ -682,6 +697,11 @@ +@@ -665,6 +680,11 @@ time_t last_login_time; struct passwd * pw = s->pw; pid_t pid = getpid(); @@ -41,7 +41,7 @@ /* * Get IP address of client. If the connection is not a socket, let -@@ -742,6 +762,21 @@ +@@ -725,6 +745,21 @@ printf("Last login: %s from %s\r\n", time_string, hostname); } @@ -63,7 +63,7 @@ do_motd(); } -@@ -1340,7 +1375,7 @@ +@@ -1241,7 +1276,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ @@ -71,12 +71,14 @@ + for (i = 3; i < getdtablesize(); i++) close(i); - /* Change current directory to the user\'s home directory. */ -@@ -1376,6 +1411,28 @@ - * in this order). - */ - if (!options.use_login) { + /* +@@ -1271,6 +1306,31 @@ + exit(1); + #endif + } ++ +#ifdef __FreeBSD__ ++ if (!options.use_login) { + /* + * If the password change time is set and has passed, give the + * user a password expiry notice and chance to change it. @@ -97,7 +99,8 @@ + } + } + } ++ } +#endif /* __FreeBSD__ */ - /* ignore _PATH_SSH_USER_RC for subsystems */ - if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { - snprintf(cmd, sizeof cmd, "%s -c '%s %s'", + + if (!options.use_login) + do_rc_files(s, shell); diff --git a/security/openssh/Makefile b/security/openssh/Makefile index a62d8071483c..a642c882b00e 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -6,8 +6,7 @@ # PORTNAME= openssh -PORTVERSION= 3.0.2 -PORTREVISION= 1 +PORTVERSION= 3.1 CATEGORIES= security MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \ ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \ @@ -16,7 +15,7 @@ DISTNAME= openssh-${PORTVERSION} EXTRACT_SUFX= .tgz PATCH_SITES= ${MASTER_SITES} -PATCHFILES= openbsd28_3.0.2.patch +PATCHFILES= openbsd28_3.1.patch MAINTAINER= dinoex@FreeBSD.org @@ -70,8 +69,6 @@ MAKE_ENV+= SKEY=yes WRKSRC= ${WRKDIR}/ssh post-extract: - @${PERL5} -pi -e "s=/etc/ssh=${PREFIX}/etc/ssh=" ${WRKSRC}/sshd_config - @${PERL5} -pi -e "s=/usr/libex=${PREFIX}/libex=" ${WRKSRC}/sshd_config @${CP} ${FILESDIR}/strlcat.c ${FILESDIR}/strlcpy.c ${WRKSRC}/lib/ @${CP} ${FILESDIR}/sshd.sh ${WRKSRC}/ .if ${OSVERSION} < 400014 @@ -82,7 +79,9 @@ post-extract: .endif post-patch: - @${PERL} -pi -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h \ + @${PERL5} -pi -e "s=/etc/ssh=${PREFIX}/etc/ssh=" ${WRKSRC}/sshd_config + @${PERL5} -pi -e "s=/usr/libex=${PREFIX}/libex=" ${WRKSRC}/sshd_config + @${PERL5} -pi -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h \ ${WRKSRC}/sshd_config ${WRKSRC}/sshd.sh \ ${WRKSRC}/pathnames.h diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 2433c3978ee3..8468fed06b29 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,2 +1,2 @@ -MD5 (openssh-3.0.2.tgz) = 83c508a4be90bf9b089db45ac6e28614 -MD5 (openbsd28_3.0.2.patch) = 44cb043a46770c53f9a0345d79dddfc1 +MD5 (openssh-3.1.tgz) = b43deb1a3b2047216a28c00ccc45f548 +MD5 (openbsd28_3.1.patch) = 5e7fce5fa6fa0f071b53a01dfb435a43 diff --git a/security/openssh/files/patch-al b/security/openssh/files/patch-al index 149d5fa222ac..0eb763623833 100644 --- a/security/openssh/files/patch-al +++ b/security/openssh/files/patch-al @@ -1,16 +1,16 @@ ---- pathnames.h.orig Thu Apr 12 21:15:24 2001 -+++ pathnames.h Sat May 26 15:11:30 2001 +--- pathnames.h.orig Fri Mar 8 05:51:08 2002 ++++ pathnames.h Fri Mar 8 05:52:57 2002 @@ -12,7 +12,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -#define ETCDIR "/etc" +#define ETCDIR "__PREFIX__/etc" + #define SSHDIR ETCDIR #define _PATH_SSH_PIDDIR "/var/run" - /* -@@ -33,7 +33,7 @@ - #define _PATH_HOST_RSA_KEY_FILE ETCDIR "/ssh_host_rsa_key" +@@ -37,7 +37,7 @@ + /* Backwards compatibility */ #define _PATH_DH_PRIMES ETCDIR "/primes" -#define _PATH_SSH_PROGRAM "/usr/bin/ssh" diff --git a/security/openssh/files/patch-am b/security/openssh/files/patch-am index 1cf6fe09175c..07528232bb5a 100644 --- a/security/openssh/files/patch-am +++ b/security/openssh/files/patch-am @@ -1,5 +1,5 @@ ---- sshd/Makefile.orig Fri Nov 16 06:02:09 2001 -+++ sshd/Makefile Fri Nov 16 06:03:51 2001 +--- sshd/Makefile.orig Fri Mar 8 05:54:03 2002 ++++ sshd/Makefile Fri Mar 8 06:00:30 2002 @@ -5,8 +5,8 @@ PROG= sshd BINOWN= root @@ -11,14 +11,18 @@ CFLAGS+=-DHAVE_LOGIN_CAP #CFLAGS+=-DBSD_AUTH -@@ -17,6 +17,7 @@ +@@ -17,9 +17,10 @@ auth-skey.c auth-bsdauth.c .include <bsd.own.mk> # for KERBEROS and AFS +.include "../Makefile.inc" .if (${KERBEROS5:L} == "yes") - CFLAGS+=-DKRB5 -I${DESTDIR}/usr/include/kerberosV +-CFLAGS+=-DKRB5 -I${DESTDIR}/usr/include/kerberosV ++CFLAGS+=-DKRB5 -I/usr/include/kerberosV + SRCS+= auth-krb5.c + LDADD+= -lkrb5 -lkafs -lasn1 -lcom_err + DPADD+= ${LIBKRB5} ${LIBKAFS} ${LIBASN1} @@ -31,15 +32,15 @@ LDADD+= -lkafs DPADD+= ${LIBKRBAFS} @@ -33,7 +37,7 @@ .include <bsd.prog.mk> --LDADD+= -lcrypto -lutil -lz +-LDADD+= -lcrypto -lutil -lz -ldes +LDADD+= ${CRYPTOLIBS} -lcrypt -lutil -lz DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} diff --git a/security/openssh/files/patch-ao b/security/openssh/files/patch-ao index f4b4eea96218..13df05806802 100644 --- a/security/openssh/files/patch-ao +++ b/security/openssh/files/patch-ao @@ -1,24 +1,23 @@ ---- sshd_config.orig Thu Sep 20 22:57:51 2001 -+++ sshd_config Wed Oct 3 12:37:28 2001 -@@ -25,8 +25,8 @@ +--- sshd_config.orig Fri Mar 8 06:01:02 2002 ++++ sshd_config Fri Mar 8 06:03:06 2002 +@@ -30,8 +30,10 @@ # Authentication: --LoginGraceTime 600 --PermitRootLogin yes -+LoginGraceTime 120 -+PermitRootLogin no - StrictModes yes +-#LoginGraceTime 600 +-#PermitRootLogin yes ++#LoginGraceTime 300 ++LoginGraceTime 600 ++#PermitRootLogin no ++PermitRootLogin yes + #StrictModes yes - RSAAuthentication yes -@@ -66,8 +66,9 @@ - #PrintLastLog no - KeepAlive yes + #RSAAuthentication yes +@@ -76,6 +78,7 @@ + #PrintLastLog yes + #KeepAlive yes #UseLogin no +UseLogin yes --#MaxStartups 10:30:60 -+MaxStartups 10:30:60 - #Banner /etc/issue.net - #ReverseMappingCheck yes - + #MaxStartups 10 + # no default banner path diff --git a/security/openssh/files/patch-au b/security/openssh/files/patch-au index 596e74cb551f..abb20c8ac770 100644 --- a/security/openssh/files/patch-au +++ b/security/openssh/files/patch-au @@ -1,5 +1,5 @@ ---- session.c.orig Sun Sep 16 16:46:54 2001 -+++ session.c Wed Oct 3 12:50:00 2001 +--- session.c.orig Fri Mar 8 06:11:56 2002 ++++ session.c Fri Mar 8 06:15:32 2002 @@ -57,6 +57,12 @@ #include "canohost.h" #include "session.h" @@ -13,7 +13,7 @@ /* types */ #define TTYSZ 64 -@@ -392,6 +398,13 @@ +@@ -394,6 +400,13 @@ log_init(__progname, options.log_level, options.log_facility, log_stderr); /* @@ -27,7 +27,7 @@ * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ -@@ -497,6 +510,14 @@ +@@ -499,6 +512,14 @@ /* Child. Reinitialize the log because the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -42,7 +42,7 @@ /* Close the master side of the pseudo tty. */ close(ptyfd); -@@ -591,6 +612,11 @@ +@@ -589,6 +610,11 @@ time_t last_login_time; struct passwd * pw = s->pw; pid_t pid = getpid(); @@ -54,7 +54,7 @@ /* * Get IP address of client. If the connection is not a socket, let -@@ -631,6 +657,21 @@ +@@ -629,6 +655,21 @@ printf("Last login: %s from %s\r\n", time_string, hostname); } @@ -76,7 +76,7 @@ do_motd(); } -@@ -857,6 +898,10 @@ +@@ -775,6 +816,10 @@ env[0] = NULL; if (!options.use_login) { @@ -87,7 +87,7 @@ /* Set basic environment. */ child_set_env(&env, &envsize, "USER", pw->pw_name); child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); -@@ -864,6 +909,12 @@ +@@ -782,6 +827,12 @@ #ifdef HAVE_LOGIN_CAP (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); child_set_env(&env, &envsize, "PATH", getenv("PATH")); @@ -100,7 +100,7 @@ #else child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); #endif -@@ -875,8 +926,13 @@ +@@ -793,8 +844,13 @@ /* Normal systems set SHELL by default. */ child_set_env(&env, &envsize, "SHELL", shell); } @@ -113,8 +113,8 @@ +#endif /* HAVE_LOGIN_CAP */ /* Set custom environment options from RSA authentication. */ - while (custom_environment) { -@@ -968,7 +1024,7 @@ + if (!options.use_login) { +@@ -1057,7 +1113,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ @@ -122,12 +122,14 @@ + for (i = 3; i < getdtablesize(); i++) close(i); - /* Change current directory to the user\'s home directory. */ -@@ -1004,6 +1060,28 @@ - * in this order). - */ - if (!options.use_login) { + /* +@@ -1087,6 +1143,31 @@ + exit(1); + #endif + } ++ +#ifdef __FreeBSD__ ++ if (!options.use_login) { + /* + * If the password change time is set and has passed, give the + * user a password expiry notice and chance to change it. @@ -148,7 +150,8 @@ + } + } + } ++ } +#endif /* __FreeBSD__ */ - /* ignore _PATH_SSH_USER_RC for subsystems */ - if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { - snprintf(cmd, sizeof cmd, "%s -c '%s %s'", + + if (!options.use_login) + do_rc_files(s, shell); diff --git a/security/openssh/files/patch-channels.c b/security/openssh/files/patch-channels.c deleted file mode 100644 index fc11fc9c6bad..000000000000 --- a/security/openssh/files/patch-channels.c +++ /dev/null @@ -1,11 +0,0 @@ ---- channels.c.orig Wed Oct 10 17:18:47 2001 -+++ channels.c Wed Mar 6 07:49:46 2002 -@@ -145,7 +145,7 @@ - { - Channel *c; - -- if (id < 0 || id > channels_alloc) { -+ if (id < 0 || id >= channels_alloc) { - log("channel_lookup: %d: bad id", id); - return NULL; - } |