diff options
Diffstat (limited to 'security/ssh2')
| -rw-r--r-- | security/ssh2/Makefile | 17 | ||||
| -rw-r--r-- | security/ssh2/distinfo | 2 | ||||
| -rw-r--r-- | security/ssh2/files/patch-aa | 8 | ||||
| -rw-r--r-- | security/ssh2/files/patch-ab | 22 | ||||
| -rw-r--r-- | security/ssh2/files/patch-ac | 28 | ||||
| -rw-r--r-- | security/ssh2/files/patch-af | 76 | ||||
| -rw-r--r-- | security/ssh2/files/patch-aj | 12 | ||||
| -rw-r--r-- | security/ssh2/files/patch-al | 12 | 
8 files changed, 93 insertions, 84 deletions
| diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile index f06d971948e9..d00ccc3401ba 100644 --- a/security/ssh2/Makefile +++ b/security/ssh2/Makefile @@ -1,16 +1,16 @@  # New ports collection makefile for:	ssh -# Version required:     1.2.19 +# Version required:     1.2.20  # Date created:		30 Jul 1995  # Whom:			torstenb@FreeBSD.ORG  # -# $Id: Makefile,v 1.38 1997/04/16 19:48:09 ache Exp $ +# $Id: Makefile,v 1.39 1997/04/20 13:53:01 wosch Exp $  #  # Maximal ssh package requires YES values for  # USE_PERL, USE_TCPWRAP  # -DISTNAME=       ssh-1.2.19 -CATEGORIES=	security net perl5 +DISTNAME=       ssh-1.2.20 +CATEGORIES=	security net  MASTER_SITES=   ftp://ftp.funet.fi/pub/unix/security/login/ssh/  MAINTAINER=	torstenb@FreeBSD.ORG @@ -35,6 +35,15 @@ GNU_CONFIGURE=	YES  CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc +#Uncomment if all your users are in their own group and their homedir +#is writeable by that group.  Beware the security implications! +#CONFIGURE_ARGS+= --enable-group-writeability + +#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection +#over a secure medium.  This is normally dangerous since it can lead to the +#disclosure keys and passwords. +#CONFIGURE_ARGS+= --with-none +  .if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES  CONFIGURE_ARGS+= --with-rsaref  .endif diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo index b921c3e7c359..b41c04c76fe8 100644 --- a/security/ssh2/distinfo +++ b/security/ssh2/distinfo @@ -1,2 +1,2 @@ -MD5 (ssh-1.2.19.tar.gz) = a7a1b400788173b548f1c04642a52396 +MD5 (ssh-1.2.20.tar.gz) = 11d88175e5d6d9d59bea0a70330bcab4  MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d diff --git a/security/ssh2/files/patch-aa b/security/ssh2/files/patch-aa index 3ef8ce98cc1e..83e9968ac319 100644 --- a/security/ssh2/files/patch-aa +++ b/security/ssh2/files/patch-aa @@ -1,7 +1,7 @@ -*** make-ssh-known-hosts.pl.in.orig	Thu Mar 27 09:04:06 1997 ---- make-ssh-known-hosts.pl.in	Fri Mar 28 15:11:19 1997 +*** make-ssh-known-hosts.pl.in.orig	Wed Apr 23 08:40:05 1997 +--- make-ssh-known-hosts.pl.in	Fri Apr 25 12:38:21 1997  *************** -*** 84,90 **** +*** 87,93 ****    $debug = 5;    $defserver = '';    $bell='\a'; @@ -9,7 +9,7 @@    $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$";    $timeout = 60;    $ping_timeout = 3; ---- 84,90 ---- +--- 87,93 ----    $debug = 5;    $defserver = '';    $bell='\a'; diff --git a/security/ssh2/files/patch-ab b/security/ssh2/files/patch-ab index fb3ded791e3f..0456b49d4478 100644 --- a/security/ssh2/files/patch-ab +++ b/security/ssh2/files/patch-ab @@ -1,7 +1,7 @@ -*** configure.orig	Sun Apr  6 03:56:58 1997 ---- configure	Wed Apr 16 22:52:47 1997 +*** configure.orig	Wed Apr 23 08:40:06 1997 +--- configure	Fri Apr 25 12:38:54 1997  *************** -*** 1634,1645 **** +*** 1757,1768 ****    export CFLAGS CC @@ -13,10 +13,10 @@  -     echo $ac_n "checking that the compiler works""... $ac_c" 1>&6 -  echo "configure:1646: checking that the compiler works" >&5 ---- 1634,1639 ---- +  echo "configure:1769: checking that the compiler works" >&5 +--- 1757,1762 ----  *************** -*** 2632,2638 **** +*** 2759,2765 ****    fi @@ -24,7 +24,7 @@    do    ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`    echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 ---- 2626,2632 ---- +--- 2753,2759 ----    fi @@ -33,7 +33,7 @@    ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`    echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6  *************** -*** 6749,6755 **** +*** 7031,7037 ****    cat >> $CONFIG_STATUS <<EOF @@ -41,7 +41,7 @@    EOF    cat >> $CONFIG_STATUS <<\EOF    for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then ---- 6743,6749 ---- +--- 7025,7031 ----    cat >> $CONFIG_STATUS <<EOF @@ -50,8 +50,8 @@    cat >> $CONFIG_STATUS <<\EOF    for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then  *************** -*** 6953,6958 **** ---- 6947,6954 ---- +*** 7235,7240 **** +--- 7229,7236 ----      done      for ac_config_dir in gmp-2.0.2-ssh-2; do diff --git a/security/ssh2/files/patch-ac b/security/ssh2/files/patch-ac index 6823f8a5bd28..90cc133acd97 100644 --- a/security/ssh2/files/patch-ac +++ b/security/ssh2/files/patch-ac @@ -1,7 +1,7 @@ -*** Makefile.in.orig	Sun Apr  6 03:56:58 1997 ---- Makefile.in	Wed Apr 16 22:59:17 1997 +*** Makefile.in.orig	Wed Apr 23 08:40:06 1997 +--- Makefile.in	Fri Apr 25 12:39:38 1997  *************** -*** 229,240 **** +*** 237,248 ****    SHELL = /bin/sh    GMPDIR 		= gmp-2.0.2-ssh-2 @@ -14,7 +14,7 @@    RSAREFDIR	= rsaref2    RSAREFSRCDIR 	= $(RSAREFDIR)/source ---- 229,246 ---- +--- 237,254 ----    SHELL = /bin/sh    GMPDIR 		= gmp-2.0.2-ssh-2 @@ -34,7 +34,7 @@    RSAREFDIR	= rsaref2    RSAREFSRCDIR 	= $(RSAREFDIR)/source  *************** -*** 328,334 **** +*** 336,342 ****    	$(CC) -o rfc-pg rfc-pg.o    .c.o: @@ -42,7 +42,7 @@    sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)    	-rm -f sshd ---- 334,340 ---- +--- 342,348 ----    	$(CC) -o rfc-pg rfc-pg.o    .c.o: @@ -51,7 +51,7 @@    sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)    	-rm -f sshd  *************** -*** 365,383 **** +*** 373,391 ****    	sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts    	chmod +x make-ssh-known-hosts @@ -71,7 +71,7 @@    $(RSAREFSRCDIR)/librsaref.a:    	-if test '!' -d $(RSAREFDIR); then \ ---- 371,389 ---- +--- 379,397 ----    	sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts    	chmod +x make-ssh-known-hosts @@ -92,7 +92,7 @@    $(RSAREFSRCDIR)/librsaref.a:    	-if test '!' -d $(RSAREFDIR); then \  *************** -*** 434,440 **** +*** 442,448 ****    # (otherwise it can only log in as the user it runs as, and must be    # bound to a non-privileged port).  Also, password authentication may    # not be available if non-root and using shadow passwords. @@ -100,7 +100,7 @@    	-rm -f $(install_prefix)$(bindir)/ssh.old    	-mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old    	-chmod 755 $(install_prefix)$(bindir)/ssh.old ---- 440,446 ---- +--- 448,454 ----    # (otherwise it can only log in as the user it runs as, and must be    # bound to a non-privileged port).  Also, password authentication may    # not be available if non-root and using shadow passwords. @@ -109,7 +109,7 @@    	-mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old    	-chmod 755 $(install_prefix)$(bindir)/ssh.old  *************** -*** 543,569 **** +*** 551,577 ****    clean:    	-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -137,7 +137,7 @@    	tar pcf $(DISTNAME).tar $(DISTNAME)    	-rm -f $(DISTNAME).tar.gz    	gzip $(DISTNAME).tar ---- 549,575 ---- +--- 557,583 ----    clean:    	-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -166,7 +166,7 @@    	-rm -f $(DISTNAME).tar.gz    	gzip $(DISTNAME).tar  *************** -*** 575,581 **** +*** 583,589 ****    	 (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null    depend: @@ -174,7 +174,7 @@    tags:    	-rm -f TAGS ---- 581,587 ---- +--- 589,595 ----    	 (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null    depend: diff --git a/security/ssh2/files/patch-af b/security/ssh2/files/patch-af index 94bfa1563a51..5e3eb7c79f92 100644 --- a/security/ssh2/files/patch-af +++ b/security/ssh2/files/patch-af @@ -1,8 +1,8 @@ -*** sshd.c.orig	Sun Apr  6 03:57:00 1997 ---- sshd.c	Wed Apr 16 23:27:28 1997 +*** sshd.c.orig	Wed Apr 23 08:40:08 1997 +--- sshd.c	Fri Apr 25 12:40:20 1997  *************** -*** 379,384 **** ---- 379,388 ---- +*** 400,405 **** +--- 400,409 ----    #include "firewall.h"	/* TIS authsrv authentication */    #endif @@ -14,8 +14,8 @@    #define DEFAULT_SHELL		_PATH_BSHELL    #else  *************** -*** 2617,2622 **** ---- 2621,2629 ---- +*** 2654,2659 **** +--- 2658,2666 ----      struct sockaddr_in from;      int fromlen;      struct pty_cleanup_context cleanup_context; @@ -26,7 +26,7 @@      /* We no longer need the child running on user's privileges. */      userfile_uninit();  *************** -*** 2688,2698 **** +*** 2725,2735 ****          record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname,     		   &from); @@ -38,7 +38,7 @@          /* If the user has logged in before, display the time of last login.              However, don't display anything extra if a command has been     	 specified (so that ssh can be used to execute commands on a remote ---- 2695,2713 ---- +--- 2732,2750 ----          record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname,     		   &from); @@ -59,8 +59,8 @@             However, don't display anything extra if a command has been     	 specified (so that ssh can be used to execute commands on a remote  *************** -*** 2712,2717 **** ---- 2727,2755 ---- +*** 2749,2754 **** +--- 2764,2792 ----    	    printf("Last login: %s from %s\r\n", time_string, buf);    	} @@ -91,8 +91,8 @@    	 disabled in server options.  Note that some machines appear to    	 print it in /etc/profile or similar. */  *************** -*** 2721,2727 **** ---- 2759,2769 ---- +*** 2758,2764 **** +--- 2796,2806 ----    	  FILE *f;    	  /* Print /etc/motd if it exists. */ @@ -105,8 +105,8 @@    	    {    	      while (fgets(line, sizeof(line), f))  *************** -*** 2729,2734 **** ---- 2771,2799 ---- +*** 2766,2771 **** +--- 2808,2836 ----    	      fclose(f);    	    }    	} @@ -137,7 +137,7 @@          /* Do common processing for the child, such as execing the command. */          do_child(command, pw, term, display, auth_proto, auth_data, ttyname);  *************** -*** 2986,2992 **** +*** 3017,3023 ****      char *user_shell;      char *remote_ip;      int remote_port; @@ -145,7 +145,7 @@      /* Check /etc/nologin. */      f = fopen("/etc/nologin", "r");      if (f) ---- 3051,3063 ---- +--- 3082,3094 ----      char *user_shell;      char *remote_ip;      int remote_port; @@ -160,8 +160,8 @@      f = fopen("/etc/nologin", "r");      if (f)  *************** -*** 3000,3005 **** ---- 3071,3077 ---- +*** 3031,3036 **** +--- 3102,3108 ----          if (pw->pw_uid != UID_ROOT)    	exit(254);        } @@ -170,7 +170,7 @@      if (command != NULL)        {  *************** -*** 3012,3018 **** +*** 3043,3049 ****          else    	log_msg("executing remote command as user %.200s", pw->pw_name);        } @@ -178,7 +178,7 @@    #ifdef HAVE_SETLOGIN      /* Set login name in the kernel.  Warning: setsid() must be called before         this. */ ---- 3084,3091 ---- +--- 3115,3122 ----          else    	log_msg("executing remote command as user %.200s", pw->pw_name);        } @@ -188,8 +188,8 @@      /* Set login name in the kernel.  Warning: setsid() must be called before         this. */  *************** -*** 3033,3038 **** ---- 3106,3112 ---- +*** 3064,3069 **** +--- 3137,3143 ----      if (setpcred((char *)pw->pw_name, NULL))        log_msg("setpcred %.100s: %.100s", strerror(errno));    #endif /* HAVE_USERSEC_H */ @@ -198,8 +198,8 @@      /* Save some data that will be needed so that we can do certain cleanups         before we switch to user's uid.  (We must clear all sensitive data   *************** -*** 3103,3108 **** ---- 3177,3240 ---- +*** 3134,3139 **** +--- 3208,3271 ----      if (command != NULL || !options.use_login)    #endif /* USELOGIN */        { @@ -265,8 +265,8 @@          if (getuid() == UID_ROOT || geteuid() == UID_ROOT)    	{   *************** -*** 3134,3139 **** ---- 3266,3272 ---- +*** 3165,3170 **** +--- 3297,3303 ----          if (getuid() != user_uid || geteuid() != user_uid)    	fatal("Failed to set uids to %d.", (int)user_uid); @@ -275,8 +275,8 @@      /* Reset signals to their default settings before starting the user  *************** -*** 3144,3154 **** ---- 3277,3292 ---- +*** 3175,3185 **** +--- 3308,3323 ----         and means /bin/sh. */      shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; @@ -294,8 +294,8 @@    #ifdef USELOGIN      if (command != NULL || !options.use_login)  *************** -*** 3158,3163 **** ---- 3296,3303 ---- +*** 3189,3194 **** +--- 3327,3334 ----          child_set_env(&env, &envsize, "HOME", user_dir);          child_set_env(&env, &envsize, "USER", user_name);          child_set_env(&env, &envsize, "LOGNAME", user_name); @@ -305,8 +305,8 @@    #ifdef MAIL_SPOOL_DIRECTORY  *************** -*** 3169,3174 **** ---- 3309,3315 ---- +*** 3200,3205 **** +--- 3340,3346 ----          child_set_env(&env, &envsize, "MAIL", buf);    #endif /* MAIL_SPOOL_FILE */    #endif /* MAIL_SPOOL_DIRECTORY */ @@ -315,8 +315,8 @@    #ifdef HAVE_ETC_DEFAULT_LOGIN          /* Read /etc/default/login; this exists at least on Solaris 2.x.  Note  *************** -*** 3184,3192 **** ---- 3325,3335 ---- +*** 3215,3223 **** +--- 3356,3366 ----        child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",    		  original_command); @@ -329,8 +329,8 @@      /* Set custom environment options from RSA authentication. */      while (custom_environment)   *************** -*** 3406,3412 **** ---- 3549,3559 ---- +*** 3437,3443 **** +--- 3580,3590 ----    	  /* Execute the shell. */    	  argv[0] = buf;    	  argv[1] = NULL; @@ -343,8 +343,8 @@    	  perror(shell);    	  exit(1);  *************** -*** 3427,3433 **** ---- 3574,3584 ---- +*** 3458,3464 **** +--- 3605,3615 ----      argv[1] = "-c";      argv[2] = (char *)command;      argv[3] = NULL; diff --git a/security/ssh2/files/patch-aj b/security/ssh2/files/patch-aj index 2227e00716f2..60f7495697f5 100644 --- a/security/ssh2/files/patch-aj +++ b/security/ssh2/files/patch-aj @@ -1,7 +1,7 @@ -*** configure.in.orig	Sun Apr  6 03:56:58 1997 ---- configure.in	Wed Apr 16 23:04:16 1997 +*** configure.in.orig	Wed Apr 23 08:40:06 1997 +--- configure.in	Fri Apr 25 12:41:26 1997  *************** -*** 579,587 **** +*** 616,624 ****    export CFLAGS CC @@ -11,7 +11,7 @@    AC_MSG_CHECKING([that the compiler works])    AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], ---- 579,587 ---- +--- 616,624 ----    export CFLAGS CC @@ -22,7 +22,7 @@    AC_MSG_CHECKING([that the compiler works])    AC_TRY_RUN([ main(int ac, char **av) { return 0; } ],  *************** -*** 633,639 **** +*** 671,677 ****    AC_HEADER_STDC    AC_HEADER_SYS_WAIT @@ -30,7 +30,7 @@    AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h)    AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h)    AC_HEADER_TIME ---- 633,639 ---- +--- 671,677 ----    AC_HEADER_STDC    AC_HEADER_SYS_WAIT diff --git a/security/ssh2/files/patch-al b/security/ssh2/files/patch-al index 9b8ef9f85303..1da799c26ac5 100644 --- a/security/ssh2/files/patch-al +++ b/security/ssh2/files/patch-al @@ -1,8 +1,8 @@ -*** sshconnect.c.orig	Sun Apr  6 03:57:04 1997 ---- sshconnect.c	Wed Apr 16 23:04:17 1997 +*** sshconnect.c.orig	Wed Apr 23 08:40:11 1997 +--- sshconnect.c	Fri Apr 25 12:41:59 1997  *************** -*** 302,307 **** ---- 302,313 ---- +*** 311,316 **** +--- 311,322 ----        {          struct sockaddr_in sin;          int p; @@ -16,8 +16,8 @@    	{    	  sock = socket(AF_INET, SOCK_STREAM, 0);  *************** -*** 329,334 **** ---- 335,341 ---- +*** 338,343 **** +--- 344,350 ----    	    }    	  fatal("bind: %.100s", strerror(errno));    	} | 
