diff options
| author | kristerw <kristerw@pkgsrc.org> | 2004-06-15 18:44:57 +0000 |
|---|---|---|
| committer | kristerw <kristerw@pkgsrc.org> | 2004-06-15 18:44:57 +0000 |
| commit | e33e13d60b2523962c62f6d0a520bcecb3b1eae1 (patch) | |
| tree | f754d12debae77326551d7217c4c2f2e35b14d21 | |
| parent | 95b6e0e52c6cb1f7fca51f51df172ef261a83c35 (diff) | |
| download | pkgsrc-e33e13d60b2523962c62f6d0a520bcecb3b1eae1.tar.gz | |
Resurrect openssh+gssapi per request of jwise@.
| -rw-r--r-- | security/openssh+gssapi/DESCR | 8 | ||||
| -rw-r--r-- | security/openssh+gssapi/INSTALL | 36 | ||||
| -rw-r--r-- | security/openssh+gssapi/MESSAGE | 17 | ||||
| -rw-r--r-- | security/openssh+gssapi/MESSAGE.pam | 9 | ||||
| -rw-r--r-- | security/openssh+gssapi/MESSAGE.urandom | 8 | ||||
| -rw-r--r-- | security/openssh+gssapi/Makefile | 162 | ||||
| -rw-r--r-- | security/openssh+gssapi/PLIST | 29 | ||||
| -rw-r--r-- | security/openssh+gssapi/PLIST.pam | 2 | ||||
| -rw-r--r-- | security/openssh+gssapi/PLIST.prng | 3 | ||||
| -rw-r--r-- | security/openssh+gssapi/distinfo | 11 | ||||
| -rw-r--r-- | security/openssh+gssapi/files/sshd.sh | 105 | ||||
| -rw-r--r-- | security/openssh+gssapi/patches/patch-aa | 34 | ||||
| -rw-r--r-- | security/openssh+gssapi/patches/patch-ab | 34 | ||||
| -rw-r--r-- | security/openssh+gssapi/patches/patch-ah | 22 | ||||
| -rw-r--r-- | security/openssh+gssapi/patches/patch-ai | 62 | ||||
| -rw-r--r-- | security/openssh+gssapi/patches/patch-aj | 26 |
16 files changed, 568 insertions, 0 deletions
diff --git a/security/openssh+gssapi/DESCR b/security/openssh+gssapi/DESCR new file mode 100644 index 00000000000..784da25242d --- /dev/null +++ b/security/openssh+gssapi/DESCR @@ -0,0 +1,8 @@ +OpenSSH is based on the last free version of Tatu Ylonen's SSH with +all patent-encumbered algorithms removed (to external libraries), all +known security bugs fixed, new features reintroduced and many other +clean-ups. More information about SSH itself can be found in the file +README.Ylonen. OpenSSH has been created by Aaron Campbell, Bob Beck, +Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. + +This package adds enhanced support for GSSAPI, provided by sxw.org.uk. diff --git a/security/openssh+gssapi/INSTALL b/security/openssh+gssapi/INSTALL new file mode 100644 index 00000000000..e0a3e44fb0e --- /dev/null +++ b/security/openssh+gssapi/INSTALL @@ -0,0 +1,36 @@ +# $NetBSD: INSTALL,v 1.4 2004/06/15 18:44:57 kristerw Exp $ + +DIRS="/etc /etc/ssh ${PKG_PREFIX}/etc ${PKG_PREFIX}/etc/ssh" +FILES="sshd.conf sshd_config" + +case ${STAGE} in +POST-INSTALL) + for dir in $DIRS; do + if [ "@PKG_SYSCONFDIR@" != "$dir" ]; then + for file in $FILES; do + path=$dir/$file + if [ -f $path ]; then + ${CAT} <<EOF +=========================================================================== + + *===* NOTICE *===* + +WARNING: previous configuration file $path found. + +The config files for ${PKGNAME} must be located in: + + @PKG_SYSCONFDIR@ + +You will need to ensure your configuration files and/or keys are +placed in the correct directory before using ${PKGNAME}. + +=========================================================================== +EOF + + exit + fi + done + fi + done + ;; +esac diff --git a/security/openssh+gssapi/MESSAGE b/security/openssh+gssapi/MESSAGE new file mode 100644 index 00000000000..a3873a4add6 --- /dev/null +++ b/security/openssh+gssapi/MESSAGE @@ -0,0 +1,17 @@ +=========================================================================== +$NetBSD: MESSAGE,v 1.3 2004/06/15 18:44:57 kristerw Exp $ + + *===* NOTICE *===* + +If you have existing config files for OpenSSH located at /etc/ssh.conf +and /etc/sshd.conf, then you will have to copy them: + + /etc/ssh.conf --> ${PKG_SYSCONFDIR}/ssh_config + /etc/sshd.conf --> ${PKG_SYSCONFDIR}/sshd_config + +The `${OPENSSH_USER}' user and `${OPENSSH_GROUP}' group used for +privilege separation have been created if they did not already exist. +For security reasons, UsePrivilegeSeparation has to be yes +(the default value). + +=========================================================================== diff --git a/security/openssh+gssapi/MESSAGE.pam b/security/openssh+gssapi/MESSAGE.pam new file mode 100644 index 00000000000..df4c02dee8d --- /dev/null +++ b/security/openssh+gssapi/MESSAGE.pam @@ -0,0 +1,9 @@ +=========================================================================== +$NetBSD: MESSAGE.pam,v 1.3 2004/06/15 18:44:57 kristerw Exp $ + +To authenticate for SSH using PAM, add the contents of the file: + + ${EGDIR}/sshd.pam + +to your PAM configuration file. +=========================================================================== diff --git a/security/openssh+gssapi/MESSAGE.urandom b/security/openssh+gssapi/MESSAGE.urandom new file mode 100644 index 00000000000..5f92af1a28d --- /dev/null +++ b/security/openssh+gssapi/MESSAGE.urandom @@ -0,0 +1,8 @@ +=========================================================================== +$NetBSD: MESSAGE.urandom,v 1.3 2004/06/15 18:44:57 kristerw Exp $ + +You will need a working /dev/urandom. Please make sure you have a kernel +compiled from a config file containing the line: + + pseudo-device rnd +=========================================================================== diff --git a/security/openssh+gssapi/Makefile b/security/openssh+gssapi/Makefile new file mode 100644 index 00000000000..79957085900 --- /dev/null +++ b/security/openssh+gssapi/Makefile @@ -0,0 +1,162 @@ +# $NetBSD: Makefile,v 1.16 2004/06/15 18:44:57 kristerw Exp $ + +# NOTE: This package is modeled on ../openssh, but does not share +# files with it as that package may update faster than the gssapi +# patches do. + +DISTNAME= openssh-3.6.1p2 +PKGNAME= openssh+gssapi-3.6.1.2.20030430 +PKGREVISION= 3 +SVR4_PKGNAME= osshgss +CATEGORIES= security +MASTER_SITES= ftp://ftp7.usa.openbsd.org/pub/os/OpenBSD/OpenSSH/portable/ \ + ftp://ftp.stealth.net/pub/mirrors/ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ + http://public.planetmirror.com.au/pub/OpenBSD/OpenSSH/portable/ \ + ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ + ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \ + ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/old/ +PATCH_SITES= http://www.sxw.org.uk/computing/patches/ +PATCHFILES= openssh-3.6.1p2-gssapi-20030430.diff +PATCH_DIST_STRIP= -p1 + +# Don't delete the last entry -- it's there if the pkgsrc version is not +# up-to-date and the mirrors already removed the old distfile. + +MAINTAINER= jwise@NetBSD.org +HOMEPAGE= http://www.openssh.com/ +COMMENT= Open Source Secure shell client and server with enhanced GSSAPI support + +CONFLICTS= sftp-[0-9]* +CONFLICTS+= ssh-[0-9]* ssh6-[0-9]* ssh2-[0-9]* +CONFLICTS+= openssh-[0-9]* + +USE_PERL5= build + +CRYPTO= yes +KERBEROS= yes + +# retain the following line, for IPv6-ready pkgsrc webpage +BUILD_DEFS+= USE_INET6 +#BUILD_DEFS+= KERBEROS + +.include "../../mk/bsd.prefs.mk" + +INSTALL_TARGET= install-nokeys +PLIST_SRC= # empty +MESSAGE_SRC= ${.CURDIR}/MESSAGE + +PKG_USERS= ${OPENSSH_USER}:${OPENSSH_GROUP}:${OPENSSH_UID}:sshd\\ privsep:${OPENSSH_CHROOT}:${NOLOGIN} +PKG_GROUPS= ${OPENSSH_GROUP}:${OPENSSH_GID} + +SSH_PID_DIR= /var/run # default directory for PID files + +PKG_SYSCONFSUBDIR= ssh +MANDIR= man + +PLIST_SUBST+= MANDIR=${MANDIR} + +USE_BUILDLINK3= yes +USE_PKGINSTALL= yes +GNU_CONFIGURE= yes +CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} +CONFIGURE_ARGS+= --mandir=${PREFIX}/${MANDIR} +CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR} +CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE} +CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers} +CONFIGURE_ARGS+= --with-privsep-path=${OPENSSH_CHROOT} +CONFIGURE_ARGS+= --with-privsep-user=${OPENSSH_USER} +CONFIGURE_ARGS+= --with-kerberos5=/usr +CONFIGURE_ARGS+= --with-kerberos4=/usr + +CPPFLAGS+= -I/usr/include/krb5 -I/usr/include/kerberosIV + +# XXX: PAM authentication causes memory faults, and I haven't tracked down +# XXX: why yet. For the moment, disable PAM authentication. +# +#.if defined(USE_PAM) +#.include "../../security/PAM/buildlink3.mk" +#CONFIGURE_ARGS+= --with-pam +#PLIST_SRC+= ${.CURDIR}/PLIST.pam +#MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam +#.endif + +.if (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS") +. include "../../security/skey/buildlink3.mk" +CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey} +.elif ${OPSYS} == "NetBSD" +# XXX: NetBSD has 4 args (4: sslen) to skeychallenge instead of 3 +#CONFIGURE_ARGS+= --with-skey=/usr +CONFIGURE_ARGS+= --without-skey +.else +CONFIGURE_ARGS+= --without-skey +.endif + +.if defined(KERBEROS) +PKG_USE_KERBEROS= yes +CONFIGURE_ARGS+= --with-kerberos4=/usr +LDFLAGS+= -lkrb -lcom_err -lroken -ldes -lcrypto +.endif + +CONFIGURE_ENV+= LD=${CC:Q} + +# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending +# on if it's part of the X11 distribution, or if it's installed from pkgsrc +# (security/ssh-askpass). +# +.if exists(${X11BASE}/bin/ssh-askpass) +ASKPASS_PROGRAM= ${X11BASE}/bin/ssh-askpass +.else +ASKPASS_PROGRAM= ${X11PREFIX}/bin/ssh-askpass +.endif +CONFIGURE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM} +MAKE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM} + +CONFS= ssh_config sshd_config +SUPPS= moduli + +.if exists(/dev/urandom) +MESSAGE_SRC+= ${.CURDIR}/MESSAGE.urandom +.else +CONFIGURE_ARGS+= --without-random +CONFS+= ssh_prng_cmds +PLIST_SRC+= ${.CURDIR}/PLIST.prng +.endif + +EGDIR= ${PREFIX}/share/examples/openssh +CONF_FILES= # empty +.for FILE in ${CONFS} +CONF_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE} +.endfor +SUPPORT_FILES= # empty +.for FILE in ${SUPPS} +SUPPORT_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE} +.endfor +OWN_DIRS= ${OPENSSH_CHROOT} +RCD_SCRIPTS= sshd + +PLIST_SRC+= ${.CURDIR}/PLIST +FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR} +MESSAGE_SUBST+= EGDIR=${EGDIR} +MESSAGE_SUBST+= OPENSSH_USER=${OPENSSH_USER} +MESSAGE_SUBST+= OPENSSH_GROUP=${OPENSSH_GROUP} + +INSTALL_EXTRA_TMPL+= ${.CURDIR}/INSTALL + +pre-configure: + cd ${WRKSRC} && ${AUTORECONF} + +post-install: + ${INSTALL_DATA_DIR} ${EGDIR} + cd ${WRKSRC}; for file in ${CONFS} ${SUPPS}; do \ + ${INSTALL_DATA} $${file}.out ${EGDIR}/$${file}; \ + done +#.if defined(USE_PAM) +# ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.freebsd ${EGDIR}/sshd.pam +#.endif + +.include "../../devel/zlib/buildlink3.mk" +.include "../../security/openssl/buildlink3.mk" +.include "../../security/tcp_wrappers/buildlink3.mk" +.include "../../mk/autoconf.mk" + +.include "../../mk/bsd.pkg.mk" diff --git a/security/openssh+gssapi/PLIST b/security/openssh+gssapi/PLIST new file mode 100644 index 00000000000..df9532567df --- /dev/null +++ b/security/openssh+gssapi/PLIST @@ -0,0 +1,29 @@ +@comment $NetBSD: PLIST,v 1.4 2004/06/15 18:44:57 kristerw Exp $ +bin/scp +bin/sftp +bin/slogin +bin/ssh +bin/ssh-add +bin/ssh-agent +bin/ssh-keygen +bin/ssh-keyscan +libexec/sftp-server +libexec/ssh-keysign +${MANDIR}/man1/scp.1 +${MANDIR}/man1/sftp.1 +${MANDIR}/man1/slogin.1 +${MANDIR}/man1/ssh-add.1 +${MANDIR}/man1/ssh-agent.1 +${MANDIR}/man1/ssh-keygen.1 +${MANDIR}/man1/ssh-keyscan.1 +${MANDIR}/man1/ssh.1 +${MANDIR}/man5/ssh_config.5 +${MANDIR}/man5/sshd_config.5 +${MANDIR}/man8/sftp-server.8 +${MANDIR}/man8/ssh-keysign.8 +${MANDIR}/man8/sshd.8 +sbin/sshd +share/examples/openssh/moduli +share/examples/openssh/ssh_config +share/examples/openssh/sshd_config +@dirrm share/examples/openssh diff --git a/security/openssh+gssapi/PLIST.pam b/security/openssh+gssapi/PLIST.pam new file mode 100644 index 00000000000..1a5bc7cc5ba --- /dev/null +++ b/security/openssh+gssapi/PLIST.pam @@ -0,0 +1,2 @@ +@comment $NetBSD: PLIST.pam,v 1.3 2004/06/15 18:44:57 kristerw Exp $ +share/examples/openssh/sshd.pam diff --git a/security/openssh+gssapi/PLIST.prng b/security/openssh+gssapi/PLIST.prng new file mode 100644 index 00000000000..e0f33eb6481 --- /dev/null +++ b/security/openssh+gssapi/PLIST.prng @@ -0,0 +1,3 @@ +@comment $NetBSD: PLIST.prng,v 1.3 2004/06/15 18:44:57 kristerw Exp $ +libexec/ssh-rand-helper +share/examples/openssh/ssh_prng_cmds diff --git a/security/openssh+gssapi/distinfo b/security/openssh+gssapi/distinfo new file mode 100644 index 00000000000..48f865e6a3b --- /dev/null +++ b/security/openssh+gssapi/distinfo @@ -0,0 +1,11 @@ +$NetBSD: distinfo,v 1.5 2004/06/15 18:44:57 kristerw Exp $ + +SHA1 (openssh-3.6.1p2.tar.gz) = dafe5b6ee2c8ced12c2ee8961530b4e51c2f0bcf +Size (openssh-3.6.1p2.tar.gz) = 879629 bytes +SHA1 (openssh-3.6.1p2-gssapi-20030430.diff) = a938638ad7d861e4f55ef5f8410acfdaac8a9e57 +Size (openssh-3.6.1p2-gssapi-20030430.diff) = 121077 bytes +SHA1 (patch-aa) = 20abe6938aba07ab7b6c7eab5d24a303f0cd2298 +SHA1 (patch-ab) = 1069fe256b7925fcf404781ef14e5c492f52c21e +SHA1 (patch-ah) = 9913c868bde5d318915b1dee2c05dcf454a0f506 +SHA1 (patch-ai) = a564c1c9df9704fa8ed20bd31a5eb36450c72f2b +SHA1 (patch-aj) = a83eed6c0a5703a2953682b4627be38a87bfb65f diff --git a/security/openssh+gssapi/files/sshd.sh b/security/openssh+gssapi/files/sshd.sh new file mode 100644 index 00000000000..64490d99407 --- /dev/null +++ b/security/openssh+gssapi/files/sshd.sh @@ -0,0 +1,105 @@ +#!@RCD_SCRIPTS_SHELL@ +# +# $NetBSD: sshd.sh,v 1.3 2004/06/15 18:44:57 kristerw Exp $ +# +# PROVIDE: sshd +# REQUIRE: DAEMON LOGIN + +if [ -f /etc/rc.subr ] +then + . /etc/rc.subr +fi + +name="sshd" +rcvar=$name +command="@PREFIX@/sbin/${name}" +keygen_command="@PREFIX@/bin/ssh-keygen" +pidfile="@SSH_PID_DIR@/${name}.pid" +required_files="@PKG_SYSCONFDIR@/sshd_config" +extra_commands="keygen reload" + +sshd_keygen() +{ + ( + umask 022 + if [ -f @PKG_SYSCONFDIR@/ssh_host_key ]; then + @ECHO@ "You already have an RSA host key in @PKG_SYSCONFDIR@/ssh_host_key" + @ECHO@ "Skipping protocol version 1 RSA Key Generation" + else + ${keygen_command} -t rsa1 -b 1024 -f @PKG_SYSCONFDIR@/ssh_host_key -N '' + fi + + if [ -f @PKG_SYSCONFDIR@/ssh_host_dsa_key ]; then + @ECHO@ "You already have a DSA host key in @PKG_SYSCONFDIR@/ssh_host_dsa_key" + @ECHO@ "Skipping protocol version 2 DSA Key Generation" + else + ${keygen_command} -t dsa -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -N '' + fi + + if [ -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then + @ECHO@ "You already have a RSA host key in @PKG_SYSCONFDIR@/ssh_host_rsa_key" + @ECHO@ "Skipping protocol version 2 RSA Key Generation" + else + ${keygen_command} -t rsa -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -N '' + fi + ) +} + +sshd_precmd() +{ + if [ ! -f @PKG_SYSCONFDIR@/ssh_host_key -o \ + ! -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -o \ + ! -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then + if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ] + then + run_rc_command keygen + else + eval ${keygen_cmd} + fi + fi +} + +keygen_cmd=sshd_keygen +start_precmd=sshd_precmd + +if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ] +then + load_rc_config $name + run_rc_command "$1" +else + case ${1:-start} in + start) + if [ -x ${command} -a -f ${required_files} ] + then + @ECHO@ "Starting ${name}." + eval ${start_precmd} + eval ${command} ${sshd_flags} ${command_args} + fi + ;; + stop) + if [ -f ${pidfile} ]; then + pid=`@HEAD@ -1 ${pidfile}` + @ECHO@ "Stopping ${name}." + kill -TERM ${pid} + else + @ECHO@ "${name} not running?" + fi + ;; + restart) + ( $0 stop ) + sleep 1 + $0 start + ;; + status) + if [ -f ${pidfile} ]; then + pid=`@HEAD@ -1 ${pidfile}` + @ECHO@ "${name} is running as pid ${pid}." + else + @ECHO@ "${name} is not running." + fi + ;; + keygen) + eval ${keygen_cmd} + ;; + esac +fi diff --git a/security/openssh+gssapi/patches/patch-aa b/security/openssh+gssapi/patches/patch-aa new file mode 100644 index 00000000000..08ea9913140 --- /dev/null +++ b/security/openssh+gssapi/patches/patch-aa @@ -0,0 +1,34 @@ +$NetBSD: patch-aa,v 1.3 2004/06/15 18:44:57 kristerw Exp $ + +--- configure.orig Tue Apr 29 02:37:28 2003 ++++ configure Tue Jun 10 13:38:01 2003 +@@ -4939,6 +4939,9 @@ + ;; + esac + ++# pkgsrc handles any rpath settings this package needs ++need_dash_r= ++ + # Allow user to specify flags + + # Check whether --with-cflags or --without-cflags was given. +@@ -7030,6 +7033,10 @@ + cat >>conftest.$ac_ext <<_ACEOF + /* end confdefs.h. */ + ++#ifdef HAVE_SYS_CDEFS_H ++#include <sys/cdefs.h> ++#endif ++#include <stdio.h> + #include <tcpd.h> + int deny_severity = 0, allow_severity = 0; + +@@ -19123,7 +19130,7 @@ + echo " User binaries: $B" + echo " System binaries: $C" + echo " Configuration files: $D" +-echo " Askpass program: $E" ++echo " Askpass program: ${ASKPASS_PROGRAM}" + echo " Manual pages: $F" + echo " PID file: $G" + echo " Privilege separation chroot path: $H" diff --git a/security/openssh+gssapi/patches/patch-ab b/security/openssh+gssapi/patches/patch-ab new file mode 100644 index 00000000000..f14b7d72251 --- /dev/null +++ b/security/openssh+gssapi/patches/patch-ab @@ -0,0 +1,34 @@ +$NetBSD: patch-ab,v 1.3 2004/06/15 18:44:57 kristerw Exp $ + +--- configure.ac.orig Thu Sep 26 00:38:47 2002 ++++ configure.ac +@@ -341,6 +341,9 @@ mips-sony-bsd|mips-sony-newsos4) + ;; + esac + ++# pkgsrc handles any rpath settings this package needs ++need_dash_r= ++ + # Allow user to specify flags + AC_ARG_WITH(cflags, + [ --with-cflags Specify additional flags to pass to compiler], +@@ -575,6 +578,10 @@ AC_ARG_WITH(tcp-wrappers, + AC_MSG_CHECKING(for libwrap) + AC_TRY_LINK( + [ ++#ifdef HAVE_SYS_CDEFS_H ++#include <sys/cdefs.h> ++#endif ++#include <stdio.h> + #include <tcpd.h> + int deny_severity = 0, allow_severity = 0; + ], +@@ -2449,7 +2456,7 @@ echo "OpenSSH has been configured with t + echo " User binaries: $B" + echo " System binaries: $C" + echo " Configuration files: $D" +-echo " Askpass program: $E" ++echo " Askpass program: ${ASKPASS_PROGRAM}" + echo " Manual pages: $F" + echo " PID file: $G" + echo " Privilege separation chroot path: $H" diff --git a/security/openssh+gssapi/patches/patch-ah b/security/openssh+gssapi/patches/patch-ah new file mode 100644 index 00000000000..9e30e08d778 --- /dev/null +++ b/security/openssh+gssapi/patches/patch-ah @@ -0,0 +1,22 @@ +$NetBSD: patch-ah,v 1.3 2004/06/15 18:44:57 kristerw Exp $ + +--- Makefile.in.orig Fri Jun 21 10:38:53 2002 ++++ Makefile.in Tue Jun 25 10:50:44 2002 +@@ -21,7 +21,7 @@ + DESTDIR= + VPATH=@srcdir@ + SSH_PROGRAM=@bindir@/ssh +-ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass ++#ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass + SFTP_SERVER=$(libexecdir)/sftp-server + SSH_KEYSIGN=$(libexecdir)/ssh-keysign + RAND_HELPER=$(libexecdir)/ssh-rand-helper +@@ -203,7 +203,7 @@ + scard-install: + (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) + +-install-files: scard-install ++install-files: + $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) + $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) diff --git a/security/openssh+gssapi/patches/patch-ai b/security/openssh+gssapi/patches/patch-ai new file mode 100644 index 00000000000..34f38120460 --- /dev/null +++ b/security/openssh+gssapi/patches/patch-ai @@ -0,0 +1,62 @@ +$NetBSD: patch-ai,v 1.4 2004/06/15 18:44:57 kristerw Exp $ +Index: buffer.c +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/buffer.c,v +retrieving revision 1.16 +retrieving revision 1.18 +diff -u -r1.16 -r1.18 +--- buffer.c 26 Jun 2002 08:54:18 -0000 1.16 ++++ buffer.c 16 Sep 2003 21:02:39 -0000 1.18 +@@ -23,8 +23,11 @@ + void + buffer_init(Buffer *buffer) + { +- buffer->alloc = 4096; +- buffer->buf = xmalloc(buffer->alloc); ++ const u_int len = 4096; ++ ++ buffer->alloc = 0; ++ buffer->buf = xmalloc(len); ++ buffer->alloc = len; + buffer->offset = 0; + buffer->end = 0; + } +@@ -34,8 +37,10 @@ + void + buffer_free(Buffer *buffer) + { +- memset(buffer->buf, 0, buffer->alloc); +- xfree(buffer->buf); ++ if (buffer->alloc > 0) { ++ memset(buffer->buf, 0, buffer->alloc); ++ xfree(buffer->buf); ++ } + } + + /* +@@ -69,6 +74,7 @@ + void * + buffer_append_space(Buffer *buffer, u_int len) + { ++ u_int newlen; + void *p; + + if (len > 0x100000) +@@ -98,11 +104,13 @@ + goto restart; + } + /* Increase the size of the buffer and retry. */ +- buffer->alloc += len + 32768; +- if (buffer->alloc > 0xa00000) ++ ++ newlen = buffer->alloc + len + 32768; ++ if (newlen > 0xa00000) + fatal("buffer_append_space: alloc %u not supported", +- buffer->alloc); +- buffer->buf = xrealloc(buffer->buf, buffer->alloc); ++ newlen); ++ buffer->buf = xrealloc(buffer->buf, newlen); ++ buffer->alloc = newlen; + goto restart; + /* NOTREACHED */ + } diff --git a/security/openssh+gssapi/patches/patch-aj b/security/openssh+gssapi/patches/patch-aj new file mode 100644 index 00000000000..2df3b480871 --- /dev/null +++ b/security/openssh+gssapi/patches/patch-aj @@ -0,0 +1,26 @@ +$NetBSD: patch-aj,v 1.3 2004/06/15 18:44:57 kristerw Exp $ +Index: channels.c +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/channels.c,v +retrieving revision 1.194 +retrieving revision 1.195 +diff -u -r1.194 -r1.195 +--- channels.c 29 Aug 2003 10:04:36 -0000 1.194 ++++ channels.c 16 Sep 2003 21:02:40 -0000 1.195 +@@ -228,12 +228,13 @@ + if (found == -1) { + /* There are no free slots. Take last+1 slot and expand the array. */ + found = channels_alloc; +- channels_alloc += 10; + if (channels_alloc > 10000) + fatal("channel_new: internal error: channels_alloc %d " + "too big.", channels_alloc); ++ channels = xrealloc(channels, ++ (channels_alloc + 10) * sizeof(Channel *)); ++ channels_alloc += 10; + debug2("channel: expanding %d", channels_alloc); +- channels = xrealloc(channels, channels_alloc * sizeof(Channel *)); + for (i = found; i < channels_alloc; i++) + channels[i] = NULL; + } + |