diff options
| author | reed <reed@pkgsrc.org> | 2005-09-21 18:07:09 +0000 |
|---|---|---|
| committer | reed <reed@pkgsrc.org> | 2005-09-21 18:07:09 +0000 |
| commit | b86c905ff1992f260b2cb901e3a96646d8235f15 (patch) | |
| tree | b11b18e15d267f0abce8a5ece49a7ff67958eca9 /security/openssh | |
| parent | 6f94e0a0d438a7f06f4ef2b5930212d8cfd8aa73 (diff) | |
| download | pkgsrc-b86c905ff1992f260b2cb901e3a96646d8235f15.tar.gz | |
Update openssh to 4.2p1. This is from PR #31331. Thank you, Jason.
Some changes different from patches provided in that PR are:
- patch-aj, patch-aq, and patch-as not changed (they appeared to
be identical to previous patches)
- DragonFly support also added to configure script (patch-aa)
because compilation failed due to missing crypt
- and install-sysconf target removed from the installation target
in Makefile.in (patch-ah). Just let the pkgsrc framework install
this since it now will allow it to be removed correctly on
deinstall.
- use "pam" instead of "PAM" as option name in the post-install
target.
This removes patch-ai.
This also now uses openssh-4.2p1-hpn11.diff patch.
I didn't test with kerberos and hpn-patch options. I did test with
PAM on Linux. (The PR reported that kerberos and hpn-patch options
were tested for compiling.) I tested on NetBSD 2.0.2, Linux,
and DragonFly.
This includes two security fixes and several bug fixes and many
improvemens. The changes are listed at
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-May/000079.html
TODO: get some of these patches committed upstream.
Diffstat (limited to 'security/openssh')
| -rw-r--r-- | security/openssh/Makefile | 10 | ||||
| -rw-r--r-- | security/openssh/distinfo | 50 | ||||
| -rw-r--r-- | security/openssh/options.mk | 4 | ||||
| -rw-r--r-- | security/openssh/patches/patch-aa | 45 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ab | 42 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ac | 10 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ad | 38 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ae | 6 | ||||
| -rw-r--r-- | security/openssh/patches/patch-af | 22 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ag | 6 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ah | 19 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ai | 13 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ak | 10 | ||||
| -rw-r--r-- | security/openssh/patches/patch-al | 16 | ||||
| -rw-r--r-- | security/openssh/patches/patch-am | 10 | ||||
| -rw-r--r-- | security/openssh/patches/patch-an | 10 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ao | 22 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ap | 6 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ar | 15 | ||||
| -rw-r--r-- | security/openssh/patches/patch-at | 6 | ||||
| -rw-r--r-- | security/openssh/patches/patch-au | 22 | ||||
| -rw-r--r-- | security/openssh/patches/patch-av | 14 |
22 files changed, 202 insertions, 194 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index cdf42ff2e3a..abcbdcbcc69 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.156 2005/08/23 11:48:51 rillig Exp $ +# $NetBSD: Makefile,v 1.157 2005/09/21 18:07:09 reed Exp $ -DISTNAME= openssh-3.9p1 -PKGNAME= openssh-3.9.1 -PKGREVISION= 8 +DISTNAME= openssh-4.2p1 +PKGNAME= openssh-4.2.1 +PKGREVISION= SVR4_PKGNAME= ossh CATEGORIES= security MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ @@ -150,7 +150,7 @@ post-install: cd ${WRKSRC}; for file in ${CONFS}; do \ ${INSTALL_DATA} $${file}.out ${EGDIR}/$${file}; \ done -.if !empty(PKG_OPTIONS:MPAM) && ${OPSYS} == "Linux" +.if !empty(PKG_OPTIONS:Mpam) && ${OPSYS} == "Linux" ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.generic ${EGDIR}/sshd.pam .endif diff --git a/security/openssh/distinfo b/security/openssh/distinfo index adc9594962d..8dc89334e2f 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,29 +1,29 @@ -$NetBSD: distinfo,v 1.40 2005/05/25 23:17:11 reed Exp $ +$NetBSD: distinfo,v 1.41 2005/09/21 18:07:09 reed Exp $ -SHA1 (openssh-3.9p1.tar.gz) = 80b19d83a9d4717f5c38b2d950501e1471f60afc -RMD160 (openssh-3.9p1.tar.gz) = e4abf280a18e3ae046d0dee19dab919bba8e5568 -Size (openssh-3.9p1.tar.gz) = 854027 bytes -SHA1 (openssh-3.9p1-hpn.diff) = 1821c590b9b5effa3750ebf0166fe3f22d00faad -Size (openssh-3.9p1-hpn.diff) = 8387 bytes -SHA1 (patch-aa) = 6bceb5b0480727c6c4e0cf662fa85cffebf91bdb -SHA1 (patch-ab) = f43a6b627a4f2b8ecd74b016ce29b5f8091d877e -SHA1 (patch-ac) = d851513c2a115358671bf9efafab1e3ee9166088 -SHA1 (patch-ad) = 2fe2ea9a661a456351012f88d26e4812d096cf23 -SHA1 (patch-ae) = d7bcee7a84457c96951c3da82aa689fa818a07b6 -SHA1 (patch-af) = ec6b439a3a4a0d2e5b13685c4d94deb26bbece45 -SHA1 (patch-ag) = dbdbefa00b2ec7e6ee3cf4441d1fc817ecefc742 -SHA1 (patch-ah) = 85a8f0fa5ddf13f8342faaff6bf81fcd3ad6648a -SHA1 (patch-ai) = ccc43f0523bf2b0e28d7e169eda59b1ff1a2215b +SHA1 (openssh-4.2p1.tar.gz) = 5e7231cfa8ec673ea856ce291b78fac8b380eb78 +RMD160 (openssh-4.2p1.tar.gz) = e1f45333e66d0afceb9934ab73401b4ca06f03a6 +Size (openssh-4.2p1.tar.gz) = 914165 bytes +SHA1 (openssh-4.2p1-hpn11.diff) = 7a8af1ce909bfee6ac9d498834a503fdae928b88 +RMD160 (openssh-4.2p1-hpn11.diff) = c3cd4cbb53094fb1f248a780c3e5a05af2585f88 +Size (openssh-4.2p1-hpn11.diff) = 14765 bytes +SHA1 (patch-aa) = abedcec1fe1c4461bca2612eb28cc104f836601e +SHA1 (patch-ab) = 9a42cc9bd5e5425cc8251fed081edfcc910ec037 +SHA1 (patch-ac) = 3f693738d3e02aa6abd0687fbd22465db65abfc0 +SHA1 (patch-ad) = 23f73b7ce008c6ccd431d3d80692e59fcf33aa14 +SHA1 (patch-ae) = 21b58d72f4dbf9affed65857518c26ab9277a0f8 +SHA1 (patch-af) = e6a4c6dcf2f556c6175f1a3b0a010e4dcf34e239 +SHA1 (patch-ag) = e60b35b5d6f7db2bd30ef24f503463145689f1ea +SHA1 (patch-ah) = 2beb4ff7989d66b20d2f5afb5d773012353e82ea SHA1 (patch-aj) = 44f2b11949a4dea6a8760b8397db5360b64bf01f -SHA1 (patch-ak) = 6140fe665aa84ab8127e0d9ede44945f196392e4 -SHA1 (patch-al) = 3168440d9e584a504b21802edb4dbeb58e87e8d2 -SHA1 (patch-am) = 50e46970b8eff07b931a34313d863e13af838440 -SHA1 (patch-an) = 1ffc3704bf925f87fb787c93f6f10d1b0c06bdd0 -SHA1 (patch-ao) = 0677e5f8a1a9a2f6b600789ff3fea627af472bc0 -SHA1 (patch-ap) = b006a1b49f19ab322fc179a1f2e4238807a64b87 +SHA1 (patch-ak) = 99f789676e606d4a51effc2abc02a50776f4e781 +SHA1 (patch-al) = 2843c7c6e8b3d93a03b2d66d71c894a9e302f987 +SHA1 (patch-am) = c99132cf25317053dcd6fb50ac19d35b12b0b46b +SHA1 (patch-an) = f32b94365452f8446f0c8872fa244cf1da387570 +SHA1 (patch-ao) = c08515b05456bb2840c2d5ce28622d2f47f12057 +SHA1 (patch-ap) = c9101ae26b01a6b0cb9c9f5b7ddea77f3cf0c4b3 SHA1 (patch-aq) = 3786a41a974d6583f379350068a762a725b8334d -SHA1 (patch-ar) = 90f2534c0fb01f7909ee88c7849092a9e7882a7d +SHA1 (patch-ar) = 66812bf062e8318fcae1535b086fce0068d46a63 SHA1 (patch-as) = ecb23bc4c07d8ac7599b6f6576ad39bb4dcedbab -SHA1 (patch-at) = c6b85eb24279f18a430b86aeda3f8d2fa1c8d018 -SHA1 (patch-au) = 2a8926edfb65a8ecf7786411cee3d1723247764b -SHA1 (patch-av) = ef8fca98fad60cad4ba4197e8579544f37a4fcee +SHA1 (patch-at) = 2468567cc0e91ea375f43c9ebae57644f50a5f27 +SHA1 (patch-au) = 052b0b6d8869ad09144e4fc9e1b3c5e03c669c44 +SHA1 (patch-av) = 5efc471716cecfaa7317c05771ee6d6293ecd1e3 diff --git a/security/openssh/options.mk b/security/openssh/options.mk index b395caf99c0..5bac94e7942 100644 --- a/security/openssh/options.mk +++ b/security/openssh/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.5 2005/07/28 17:54:57 reed Exp $ +# $NetBSD: options.mk,v 1.6 2005/09/21 18:07:09 reed Exp $ .include "../../mk/bsd.prefs.mk" @@ -17,7 +17,7 @@ CONFIGURE_ARGS+= --with-kerberos5=${KRB5BASE} .endif .if !empty(PKG_OPTIONS:Mhpn-patch) -PATCHFILES= openssh-3.9p1-hpn.diff +PATCHFILES= openssh-4.2p1-hpn11.diff PATCH_SITES= http://www.psc.edu/networking/projects/hpn-ssh/ PATCH_DIST_STRIP= -p1 .endif diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa index 4a0e2273257..458f7a7a08a 100644 --- a/security/openssh/patches/patch-aa +++ b/security/openssh/patches/patch-aa @@ -1,46 +1,53 @@ -$NetBSD: patch-aa,v 1.37 2005/03/07 23:29:49 tv Exp $ - ---- configure.orig 2004-08-17 08:54:53.000000000 -0400 -+++ configure -@@ -6101,8 +6101,46 @@ _ACEOF +--- configure.orig 2005-09-01 02:15:24.000000000 -0700 ++++ configure 2005-09-21 09:49:24.000000000 -0700 +@@ -5706,7 +5706,7 @@ + need_dash_r=1 + fi + ;; +-*-*-freebsd*) ++*-*-freebsd*|*-*-dragonfly*) + check_for_libcrypt_later=1 + ;; + *-*-bsdi*) +@@ -6552,8 +6552,46 @@ _ACEOF - ;; -+ + ;; ++ +*-*-interix3) -+ cat >>confdefs.h <<\_ACEOF ++ cat >>confdefs.h <<\_ACEOF +#define HAVE_INTERIX 1 +_ACEOF + -+ cat >>confdefs.h <<\_ACEOF ++ cat >>confdefs.h <<\_ACEOF +#define DISABLE_FD_PASSING 1 +_ACEOF + -+ cat >>confdefs.h <<\_ACEOF ++ cat >>confdefs.h <<\_ACEOF +#define DISABLE_SHADOW 1 +_ACEOF + -+ cat >>confdefs.h <<\_ACEOF ++ cat >>confdefs.h <<\_ACEOF +#define IP_TOS_IS_BROKEN 1 +_ACEOF + -+ cat >>confdefs.h <<\_ACEOF ++ cat >>confdefs.h <<\_ACEOF +#define MISSING_HOWMANY 1 +_ACEOF + -+ cat >>confdefs.h <<\_ACEOF ++ cat >>confdefs.h <<\_ACEOF +#define NO_IPPORT_RESERVED_CONCEPT 1 +_ACEOF + -+ cat >>confdefs.h <<\_ACEOF ++ cat >>confdefs.h <<\_ACEOF +#define SETGROUPS_NOOP 1 +_ACEOF + -+ cat >>confdefs.h <<\_ACEOF ++ cat >>confdefs.h <<\_ACEOF +#define USE_PIPES 1 +_ACEOF + -+ ;; ++ ;; esac +# pkgsrc handles any rpath settings this package needs @@ -49,7 +56,7 @@ $NetBSD: patch-aa,v 1.37 2005/03/07 23:29:49 tv Exp $ # Allow user to specify flags # Check whether --with-cflags or --without-cflags was given. -@@ -23790,12 +23828,19 @@ fi +@@ -25360,12 +25398,19 @@ rm -f conftest.err conftest.$ac_objext conftest.$ac_ext if test -z "$conf_utmpx_location"; then if test x"$system_utmpx_path" = x"no" ; then @@ -72,7 +79,7 @@ $NetBSD: patch-aa,v 1.37 2005/03/07 23:29:49 tv Exp $ cat >>confdefs.h <<_ACEOF #define CONF_UTMPX_FILE "$conf_utmpx_location" _ACEOF -@@ -23864,12 +23909,20 @@ fi +@@ -25434,12 +25479,20 @@ rm -f conftest.err conftest.$ac_objext conftest.$ac_ext if test -z "$conf_wtmpx_location"; then if test x"$system_wtmpx_path" = x"no" ; then @@ -95,7 +102,7 @@ $NetBSD: patch-aa,v 1.37 2005/03/07 23:29:49 tv Exp $ cat >>confdefs.h <<_ACEOF #define CONF_WTMPX_FILE "$conf_wtmpx_location" _ACEOF -@@ -25091,7 +25144,7 @@ echo "OpenSSH has been configured with t +@@ -26665,7 +26718,7 @@ echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab index 6445d9f482a..9e734228534 100644 --- a/security/openssh/patches/patch-ab +++ b/security/openssh/patches/patch-ab @@ -1,22 +1,24 @@ -$NetBSD: patch-ab,v 1.20 2005/03/07 23:29:49 tv Exp $ +$NetBSD: patch-ab,v 1.21 2005/09/21 18:07:09 reed Exp $ ---- configure.ac.orig 2004-08-16 09:12:06.000000000 -0400 +--- configure.ac.orig 2005-08-31 11:59:49.000000000 -0500 +++ configure.ac -@@ -469,8 +469,22 @@ mips-sony-bsd|mips-sony-newsos4) - AC_DEFINE(MISSING_HOWMANY) - AC_DEFINE(MISSING_FD_MASK) - ;; +@@ -570,8 +570,24 @@ + AC_DEFINE(MISSING_HOWMANY) + AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation]) + ;; ++ + +*-*-interix3*) -+ AC_DEFINE(HAVE_INTERIX) -+ AC_DEFINE(DISABLE_FD_PASSING) -+ AC_DEFINE(DISABLE_SHADOW) -+ AC_DEFINE(IP_TOS_IS_BROKEN) -+ AC_DEFINE(MISSING_HOWMANY) -+ AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) -+ AC_DEFINE(SETGROUPS_NOOP) -+ AC_DEFINE(USE_PIPES) -+ ;; ++ AC_DEFINE(HAVE_INTERIX) ++ AC_DEFINE(DISABLE_FD_PASSING) ++ AC_DEFINE(DISABLE_SHADOW) ++ AC_DEFINE(IP_TOS_IS_BROKEN) ++ AC_DEFINE(MISSING_HOWMANY) ++ AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) ++ AC_DEFINE(SETGROUPS_NOOP) ++ AC_DEFINE(USE_PIPES) ++ ;; ++ esac +# pkgsrc handles any rpath settings this package needs @@ -25,7 +27,7 @@ $NetBSD: patch-ab,v 1.20 2005/03/07 23:29:49 tv Exp $ # Allow user to specify flags AC_ARG_WITH(cflags, [ --with-cflags Specify additional flags to pass to compiler], -@@ -2885,9 +2899,17 @@ AC_TRY_COMPILE([ +@@ -3358,9 +3374,17 @@ ) if test -z "$conf_utmpx_location"; then if test x"$system_utmpx_path" = x"no" ; then @@ -43,9 +45,9 @@ $NetBSD: patch-ab,v 1.20 2005/03/07 23:29:49 tv Exp $ +fi +if test -n "$conf_utmpx_location"; then AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location") - fi + fi -@@ -2910,9 +2932,17 @@ AC_TRY_COMPILE([ +@@ -3383,9 +3407,17 @@ ) if test -z "$conf_wtmpx_location"; then if test x"$system_wtmpx_path" = x"no" ; then @@ -63,9 +65,9 @@ $NetBSD: patch-ab,v 1.20 2005/03/07 23:29:49 tv Exp $ +fi +if test -n "$conf_wtmpx_location"; then AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location") - fi + fi -@@ -2953,7 +2983,7 @@ echo "OpenSSH has been configured with t +@@ -3431,7 +3463,7 @@ echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" diff --git a/security/openssh/patches/patch-ac b/security/openssh/patches/patch-ac index da61f89b83d..0132349bb2e 100644 --- a/security/openssh/patches/patch-ac +++ b/security/openssh/patches/patch-ac @@ -1,6 +1,6 @@ -$NetBSD: patch-ac,v 1.12 2005/03/07 23:29:49 tv Exp $ +$NetBSD: patch-ac,v 1.13 2005/09/21 18:07:09 reed Exp $ ---- defines.h.orig 2004-06-21 23:27:16.000000000 -0400 +--- defines.h.orig 2005-08-31 11:59:49.000000000 -0500 +++ defines.h @@ -30,6 +30,15 @@ @@ -18,7 +18,7 @@ $NetBSD: patch-ac,v 1.12 2005/03/07 23:29:49 tv Exp $ #ifndef SHUT_RDWR enum { -@@ -424,8 +433,8 @@ struct winsize { +@@ -442,8 +451,8 @@ # define __attribute__(x) #endif /* !defined(__GNUC__) || (__GNUC__ < 2) */ @@ -28,8 +28,8 @@ $NetBSD: patch-ac,v 1.12 2005/03/07 23:29:49 tv Exp $ +# define __noreturn __attribute__((noreturn)) #endif - /* *-*-nto-qnx doesn't define this macro in the system headers */ -@@ -591,6 +600,24 @@ struct winsize { + #if !defined(HAVE_ATTRIBUTE__SENTINEL__) && !defined(__sentinel__) +@@ -635,6 +644,24 @@ # endif # endif #endif diff --git a/security/openssh/patches/patch-ad b/security/openssh/patches/patch-ad index 1f25ee59265..06259b5c89b 100644 --- a/security/openssh/patches/patch-ad +++ b/security/openssh/patches/patch-ad @@ -1,19 +1,19 @@ -$NetBSD: patch-ad,v 1.10 2005/05/25 23:17:11 reed Exp $ +$NetBSD: patch-ad,v 1.11 2005/09/21 18:07:09 reed Exp $ ---- loginrec.c.orig 2004-08-15 05:12:52.000000000 -0400 +--- loginrec.c.orig 2005-07-17 02:26:44.000000000 -0500 +++ loginrec.c -@@ -406,8 +406,8 @@ login_set_addr(struct logininfo *li, con +@@ -414,8 +414,8 @@ int - login_write (struct logininfo *li) + login_write(struct logininfo *li) { -#ifndef HAVE_CYGWIN -- if ((int)geteuid() != 0) { +- if (geteuid() != 0) { +#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX) -+ if ((int)geteuid() != ROOTUID) { - logit("Attempt to write login records by non-root user (aborting)"); - return 1; ++ if (geteuid() != ROOTUID) { + logit("Attempt to write login records by non-root user (aborting)"); + return (1); } -@@ -415,7 +415,7 @@ login_write (struct logininfo *li) +@@ -423,7 +423,7 @@ /* set the timestamp */ login_set_current_time(li); @@ -22,7 +22,7 @@ $NetBSD: patch-ad,v 1.10 2005/05/25 23:17:11 reed Exp $ syslogin_write_entry(li); #endif #ifdef USE_LASTLOG -@@ -589,7 +589,7 @@ line_abbrevname(char *dst, const char *s +@@ -603,7 +603,7 @@ ** into account. **/ @@ -31,25 +31,27 @@ $NetBSD: patch-ad,v 1.10 2005/05/25 23:17:11 reed Exp $ /* build the utmp structure */ void -@@ -725,8 +725,6 @@ construct_utmpx(struct logininfo *li, st - line_stripname(utx->ut_line, li->line, sizeof(utx->ut_line)); +@@ -740,10 +740,6 @@ set_utmpx_time(li, utx); utx->ut_pid = li->pid; -- /* strncpy(): Don't necessarily want null termination */ -- strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name, li->username)); +- /* strncpy(): Don't necessarily want null termination */ +- strncpy(utx->ut_name, li->username, +- MIN_SIZEOF(utx->ut_name, li->username)); +- if (li->type == LTYPE_LOGOUT) return; -@@ -736,6 +734,8 @@ construct_utmpx(struct logininfo *li, st + +@@ -752,6 +748,8 @@ * for logouts. */ + /* strncpy(): Don't necessarily want null termination */ + strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name, li->username)); # ifdef HAVE_HOST_IN_UTMPX - strncpy(utx->ut_host, li->hostname, MIN_SIZEOF(utx->ut_host, li->hostname)); - # endif -@@ -1357,7 +1357,7 @@ wtmpx_get_entry(struct logininfo *li) + strncpy(utx->ut_host, li->hostname, + MIN_SIZEOF(utx->ut_host, li->hostname)); +@@ -1381,7 +1379,7 @@ ** Low-level libutil login() functions **/ diff --git a/security/openssh/patches/patch-ae b/security/openssh/patches/patch-ae index 73f0dd1010e..4191bc0648a 100644 --- a/security/openssh/patches/patch-ae +++ b/security/openssh/patches/patch-ae @@ -1,8 +1,8 @@ -$NetBSD: patch-ae,v 1.9 2005/03/07 23:29:49 tv Exp $ +$NetBSD: patch-ae,v 1.10 2005/09/21 18:07:09 reed Exp $ ---- includes.h.orig 2004-08-14 10:01:48.000000000 -0400 +--- includes.h.orig 2005-08-26 15:15:20.000000000 -0500 +++ includes.h -@@ -163,6 +163,10 @@ static /**/const char *const rcsid[] = { +@@ -164,6 +164,10 @@ #ifdef HAVE_READPASSPHRASE_H # include <readpassphrase.h> #endif diff --git a/security/openssh/patches/patch-af b/security/openssh/patches/patch-af index 9bac212ffe2..abb35867ea4 100644 --- a/security/openssh/patches/patch-af +++ b/security/openssh/patches/patch-af @@ -1,8 +1,8 @@ -$NetBSD: patch-af,v 1.7 2005/03/07 23:29:50 tv Exp $ +$NetBSD: patch-af,v 1.8 2005/09/21 18:07:09 reed Exp $ ---- auth-passwd.c.orig 2004-06-21 23:37:11.000000000 -0400 +--- auth-passwd.c.orig 2005-07-26 06:54:12.000000000 -0500 +++ auth-passwd.c -@@ -69,7 +69,7 @@ auth_password(Authctxt *authctxt, const +@@ -78,7 +78,7 @@ #endif #ifndef HAVE_CYGWIN @@ -11,16 +11,16 @@ $NetBSD: patch-af,v 1.7 2005/03/07 23:29:50 tv Exp $ ok = 0; #endif if (*password == '\0' && options.permit_empty_passwd == 0) -@@ -106,8 +106,11 @@ auth_password(Authctxt *authctxt, const - } +@@ -113,7 +113,12 @@ + authctxt->force_pwchange = 1; } #endif -- ++ +#ifdef HAVE_INTERIX -+ return (!setuser(pw->pw_name, password, SU_CHECK) && ok); ++ result = (!setuser(pw->pw_name, password, SU_CHECK); +#else - return (sys_auth_passwd(authctxt, password) && ok); + result = sys_auth_passwd(authctxt, password); +#endif - } - - #ifdef BSD_AUTH + if (authctxt->force_pwchange) + disable_forwarding(); + return (result && ok); diff --git a/security/openssh/patches/patch-ag b/security/openssh/patches/patch-ag index 3f9612122ad..abcae6f796a 100644 --- a/security/openssh/patches/patch-ag +++ b/security/openssh/patches/patch-ag @@ -1,8 +1,8 @@ -$NetBSD: patch-ag,v 1.6 2005/03/07 23:29:50 tv Exp $ +$NetBSD: patch-ag,v 1.7 2005/09/21 18:07:09 reed Exp $ ---- config.h.in.orig 2004-08-17 08:54:51.000000000 -0400 +--- config.h.in.orig 2005-09-01 04:15:22.000000000 -0500 +++ config.h.in -@@ -116,6 +116,9 @@ +@@ -113,6 +113,9 @@ /* Define if you are on Cygwin */ #undef HAVE_CYGWIN diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah index 5c62695f9b1..6c892151659 100644 --- a/security/openssh/patches/patch-ah +++ b/security/openssh/patches/patch-ah @@ -1,8 +1,6 @@ -$NetBSD: patch-ah,v 1.21 2004/08/31 11:27:12 wiz Exp $ - ---- Makefile.in.orig 2004-08-15 13:01:37.000000000 +0200 -+++ Makefile.in -@@ -21,7 +21,7 @@ top_srcdir=@top_srcdir@ +--- Makefile.in.orig 2005-05-29 00:22:29.000000000 -0700 ++++ Makefile.in 2005-09-21 10:18:46.000000000 -0700 +@@ -21,7 +21,7 @@ DESTDIR= VPATH=@srcdir@ SSH_PROGRAM=@bindir@/ssh @@ -11,7 +9,16 @@ $NetBSD: patch-ah,v 1.21 2004/08/31 11:27:12 wiz Exp $ SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign RAND_HELPER=$(libexecdir)/ssh-rand-helper -@@ -237,7 +237,7 @@ check-config: +@@ -231,7 +231,7 @@ + (cd scard && $(MAKE) -f Makefile.in distprep) + + install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config +-install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf ++install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files + install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files + + check-config: +@@ -240,7 +240,7 @@ scard-install: (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) diff --git a/security/openssh/patches/patch-ai b/security/openssh/patches/patch-ai deleted file mode 100644 index cf833b8272d..00000000000 --- a/security/openssh/patches/patch-ai +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ai,v 1.7 2005/03/07 23:29:50 tv Exp $ - ---- openbsd-compat/bsd-misc.c.orig 2004-08-15 04:41:00.000000000 -0400 -+++ openbsd-compat/bsd-misc.c -@@ -122,7 +122,7 @@ int truncate(const char *path, off_t len - } - #endif /* HAVE_TRUNCATE */ - --#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP) -+#if defined(SETGROUPS_NOOP) - /* - * Cygwin setgroups should be a noop. - */ diff --git a/security/openssh/patches/patch-ak b/security/openssh/patches/patch-ak index ae734c68bde..294ebd26865 100644 --- a/security/openssh/patches/patch-ak +++ b/security/openssh/patches/patch-ak @@ -1,8 +1,8 @@ -$NetBSD: patch-ak,v 1.6 2005/03/07 23:29:50 tv Exp $ +$NetBSD: patch-ak,v 1.7 2005/09/21 18:07:09 reed Exp $ ---- auth.c.orig 2004-08-12 08:40:25.000000000 -0400 +--- auth.c.orig 2005-08-31 11:59:49.000000000 -0500 +++ auth.c -@@ -356,7 +356,7 @@ check_key_in_hostfiles(struct passwd *pw +@@ -388,7 +388,7 @@ user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); if (options.strict_modes && (stat(user_hostfile, &st) == 0) && @@ -11,7 +11,7 @@ $NetBSD: patch-ak,v 1.6 2005/03/07 23:29:50 tv Exp $ (st.st_mode & 022) != 0)) { logit("Authentication refused for %.100s: " "bad owner or modes for %.200s", -@@ -409,7 +409,7 @@ secure_filename(FILE *f, const char *fil +@@ -441,7 +441,7 @@ /* check the open file to avoid races */ if (fstat(fileno(f), &st) < 0 || @@ -20,7 +20,7 @@ $NetBSD: patch-ak,v 1.6 2005/03/07 23:29:50 tv Exp $ (st.st_mode & 022) != 0) { snprintf(err, errlen, "bad ownership or modes for file %s", buf); -@@ -426,7 +426,7 @@ secure_filename(FILE *f, const char *fil +@@ -458,7 +458,7 @@ debug3("secure_filename: checking '%s'", buf); if (stat(buf, &st) < 0 || diff --git a/security/openssh/patches/patch-al b/security/openssh/patches/patch-al index 36c66fb9415..f1fbc22d859 100644 --- a/security/openssh/patches/patch-al +++ b/security/openssh/patches/patch-al @@ -1,19 +1,19 @@ -$NetBSD: patch-al,v 1.5 2005/03/07 23:29:50 tv Exp $ +$NetBSD: patch-al,v 1.6 2005/09/21 18:07:09 reed Exp $ ---- auth1.c.orig 2004-08-12 08:40:25.000000000 -0400 +--- auth1.c.orig 2005-07-17 02:26:44.000000000 -0500 +++ auth1.c -@@ -244,7 +244,7 @@ do_authloop(Authctxt *authctxt) +@@ -307,7 +307,7 @@ } #else /* Special handling for root */ - if (authenticated && authctxt->pw->pw_uid == 0 && + if (authenticated && authctxt->pw->pw_uid == ROOTUID && - !auth_root_allowed(get_authname(type))) - authenticated = 0; - #endif -@@ -318,8 +318,8 @@ do_authentication(Authctxt *authctxt) + !auth_root_allowed(meth->name)) { + authenticated = 0; + # ifdef SSH_AUDIT_EVENTS +@@ -405,8 +405,8 @@ * If we are not running as root, the user must have the same uid as - * the server. (Unless you are running Windows) + * the server. */ -#ifndef HAVE_CYGWIN - if (!use_privsep && getuid() != 0 && authctxt->pw && diff --git a/security/openssh/patches/patch-am b/security/openssh/patches/patch-am index 6f6406678a9..c12784293db 100644 --- a/security/openssh/patches/patch-am +++ b/security/openssh/patches/patch-am @@ -1,13 +1,13 @@ -$NetBSD: patch-am,v 1.4 2005/03/07 23:29:50 tv Exp $ +$NetBSD: patch-am,v 1.5 2005/09/21 18:07:09 reed Exp $ ---- auth2.c.orig 2004-08-12 08:40:25.000000000 -0400 +--- auth2.c.orig 2005-07-17 02:26:44.000000000 -0500 +++ auth2.c -@@ -211,7 +211,7 @@ userauth_finish(Authctxt *authctxt, int +@@ -216,7 +216,7 @@ authctxt->user); /* Special handling for root */ - if (authenticated && authctxt->pw->pw_uid == 0 && + if (authenticated && authctxt->pw->pw_uid == ROOTUID && - !auth_root_allowed(method)) + !auth_root_allowed(method)) { authenticated = 0; - + #ifdef SSH_AUDIT_EVENTS diff --git a/security/openssh/patches/patch-an b/security/openssh/patches/patch-an index 42cabcf4d5e..2f025fe9c8e 100644 --- a/security/openssh/patches/patch-an +++ b/security/openssh/patches/patch-an @@ -1,8 +1,8 @@ -$NetBSD: patch-an,v 1.5 2005/03/07 23:29:50 tv Exp $ +$NetBSD: patch-an,v 1.6 2005/09/21 18:07:09 reed Exp $ ---- scp.c.orig 2004-08-13 07:19:38.000000000 -0400 +--- scp.c.orig 2005-08-02 02:07:08.000000000 -0500 +++ scp.c -@@ -294,7 +294,11 @@ main(int argc, char **argv) +@@ -298,7 +298,11 @@ argc -= optind; argv += optind; @@ -14,7 +14,7 @@ $NetBSD: patch-an,v 1.5 2005/03/07 23:29:50 tv Exp $ fatal("unknown user %u", (u_int) userid); if (!isatty(STDERR_FILENO)) -@@ -637,8 +641,10 @@ rsource(char *name, struct stat *statp) +@@ -643,8 +647,10 @@ return; } while ((dp = readdir(dirp)) != NULL) { @@ -25,7 +25,7 @@ $NetBSD: patch-an,v 1.5 2005/03/07 23:29:50 tv Exp $ if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, "..")) continue; if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) { -@@ -1086,7 +1092,9 @@ okname(char *cp0) +@@ -1093,7 +1099,9 @@ case '\'': case '"': case '`': diff --git a/security/openssh/patches/patch-ao b/security/openssh/patches/patch-ao index 6b5c21c82fb..5b4f22de5d4 100644 --- a/security/openssh/patches/patch-ao +++ b/security/openssh/patches/patch-ao @@ -1,8 +1,8 @@ -$NetBSD: patch-ao,v 1.6 2005/03/07 23:29:50 tv Exp $ +$NetBSD: patch-ao,v 1.7 2005/09/21 18:07:09 reed Exp $ ---- session.c.orig 2004-08-12 08:40:25.000000000 -0400 +--- session.c.orig 2005-08-31 11:59:49.000000000 -0500 +++ session.c -@@ -326,7 +326,7 @@ do_authenticated1(Authctxt *authctxt) +@@ -331,7 +331,7 @@ break; } debug("Received TCP/IP port forwarding request."); @@ -11,7 +11,7 @@ $NetBSD: patch-ao,v 1.6 2005/03/07 23:29:50 tv Exp $ success = 1; break; -@@ -921,7 +921,7 @@ read_etc_default_login(char ***env, u_in +@@ -930,7 +930,7 @@ if (tmpenv == NULL) return; @@ -20,7 +20,7 @@ $NetBSD: patch-ao,v 1.6 2005/03/07 23:29:50 tv Exp $ var = child_get_env(tmpenv, "SUPATH"); else var = child_get_env(tmpenv, "PATH"); -@@ -1020,7 +1020,7 @@ do_setup_env(Session *s, const char *she +@@ -1036,7 +1036,7 @@ # endif /* HAVE_ETC_DEFAULT_LOGIN */ if (path == NULL || *path == '\0') { child_set_env(&env, &envsize, "PATH", @@ -29,7 +29,7 @@ $NetBSD: patch-ao,v 1.6 2005/03/07 23:29:50 tv Exp $ SUPERUSER_PATH : _PATH_STDPATH); } # endif /* HAVE_CYGWIN */ -@@ -1124,6 +1124,18 @@ do_setup_env(Session *s, const char *she +@@ -1150,6 +1150,18 @@ strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); read_environment_file(&env, &envsize, buf); } @@ -48,7 +48,7 @@ $NetBSD: patch-ao,v 1.6 2005/03/07 23:29:50 tv Exp $ if (debug_flag) { /* dump the environment */ fprintf(stderr, "Environment:\n"); -@@ -1234,9 +1246,9 @@ do_nologin(struct passwd *pw) +@@ -1260,9 +1272,9 @@ void do_setusercontext(struct passwd *pw) { @@ -60,7 +60,7 @@ $NetBSD: patch-ao,v 1.6 2005/03/07 23:29:50 tv Exp $ { #ifdef HAVE_SETPCRED -@@ -1271,11 +1283,13 @@ do_setusercontext(struct passwd *pw) +@@ -1304,11 +1316,13 @@ perror("setgid"); exit(1); } @@ -72,9 +72,9 @@ $NetBSD: patch-ao,v 1.6 2005/03/07 23:29:50 tv Exp $ } +# endif /* !HAVE_INTERIX */ endgrent(); - # ifdef USE_PAM - /* -@@ -1965,7 +1979,7 @@ session_pty_cleanup2(Session *s) + #ifdef GSSAPI + if (options.gss_authentication) { +@@ -2052,7 +2066,7 @@ record_logout(s->pid, s->tty, s->pw->pw_name); /* Release the pseudo-tty. */ diff --git a/security/openssh/patches/patch-ap b/security/openssh/patches/patch-ap index cbaac523636..5fdfdb82a66 100644 --- a/security/openssh/patches/patch-ap +++ b/security/openssh/patches/patch-ap @@ -1,8 +1,8 @@ -$NetBSD: patch-ap,v 1.5 2005/03/07 23:29:50 tv Exp $ +$NetBSD: patch-ap,v 1.6 2005/09/21 18:07:09 reed Exp $ ---- ssh.c.orig 2004-08-15 03:23:34.000000000 -0400 +--- ssh.c.orig 2005-08-12 07:10:56.000000000 -0500 +++ ssh.c -@@ -593,7 +593,7 @@ again: +@@ -636,7 +636,7 @@ /* Open a connection to the remote host. */ if (ssh_connect(host, &hostaddr, options.port, options.address_family, options.connection_attempts, diff --git a/security/openssh/patches/patch-ar b/security/openssh/patches/patch-ar index 80862f82538..f9edbb75d4e 100644 --- a/security/openssh/patches/patch-ar +++ b/security/openssh/patches/patch-ar @@ -1,23 +1,24 @@ -$NetBSD: patch-ar,v 1.4 2005/03/07 23:29:50 tv Exp $ +$NetBSD: patch-ar,v 1.5 2005/09/21 18:07:09 reed Exp $ ---- uidswap.c.orig 2004-02-23 21:17:30.000000000 -0500 +--- uidswap.c.orig 2005-02-22 00:57:13.000000000 -0600 +++ uidswap.c -@@ -56,12 +56,12 @@ temporarily_use_uid(struct passwd *pw) - debug("temporarily_use_uid: %u/%u (e=%u/%u)", +@@ -57,13 +57,13 @@ (u_int)pw->pw_uid, (u_int)pw->pw_gid, (u_int)saved_euid, (u_int)saved_egid); + #ifndef HAVE_CYGWIN - if (saved_euid != 0) { + if (saved_euid != ROOTUID) { privileged = 0; return; } + #endif #else - if (geteuid() != 0) { + if (geteuid() != ROOTUID) { privileged = 0; return; } -@@ -85,9 +85,11 @@ temporarily_use_uid(struct passwd *pw) +@@ -87,9 +87,11 @@ /* set and save the user's groups */ if (user_groupslen == -1) { @@ -29,7 +30,7 @@ $NetBSD: patch-ar,v 1.4 2005/03/07 23:29:50 tv Exp $ user_groupslen = getgroups(0, NULL); if (user_groupslen < 0) -@@ -172,6 +174,10 @@ permanently_set_uid(struct passwd *pw) +@@ -174,6 +176,10 @@ debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); @@ -40,7 +41,7 @@ $NetBSD: patch-ar,v 1.4 2005/03/07 23:29:50 tv Exp $ #if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID) if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); -@@ -218,6 +224,7 @@ permanently_set_uid(struct passwd *pw) +@@ -222,6 +228,7 @@ (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) fatal("%s: was able to restore old [e]uid", __func__); #endif diff --git a/security/openssh/patches/patch-at b/security/openssh/patches/patch-at index fc46d739006..cc31c3f04b1 100644 --- a/security/openssh/patches/patch-at +++ b/security/openssh/patches/patch-at @@ -1,8 +1,8 @@ -$NetBSD: patch-at,v 1.1 2005/03/07 23:29:50 tv Exp $ +$NetBSD: patch-at,v 1.2 2005/09/21 18:07:09 reed Exp $ ---- servconf.c.orig 2004-08-13 07:30:24.000000000 -0400 +--- servconf.c.orig 2005-08-12 07:11:37.000000000 -0500 +++ servconf.c -@@ -233,7 +233,11 @@ fill_default_server_options(ServerOption +@@ -232,7 +232,11 @@ /* Turn privilege separation on by default */ if (use_privsep == -1) diff --git a/security/openssh/patches/patch-au b/security/openssh/patches/patch-au index 1922e4baf54..7c67de63b1f 100644 --- a/security/openssh/patches/patch-au +++ b/security/openssh/patches/patch-au @@ -1,22 +1,24 @@ -$NetBSD: patch-au,v 1.1 2005/03/07 23:29:50 tv Exp $ +$NetBSD: patch-au,v 1.2 2005/09/21 18:07:09 reed Exp $ ---- openbsd-compat/bsd-openpty.c.orig 2004-02-17 00:49:55.000000000 -0500 +--- openbsd-compat/bsd-openpty.c.orig 2005-02-25 17:04:29.000000000 -0600 +++ openbsd-compat/bsd-openpty.c -@@ -102,7 +102,7 @@ openpty(int *amaster, int *aslave, char +@@ -102,15 +102,17 @@ return (-1); } --#ifndef HAVE_CYGWIN -+#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX) ++#if !defined(HAVE_INTERIX) /* * Try to push the appropriate streams modules, as described * in Solaris pts(7). -@@ -112,7 +112,7 @@ openpty(int *amaster, int *aslave, char - # ifndef __hpux + */ + ioctl(*aslave, I_PUSH, "ptem"); + ioctl(*aslave, I_PUSH, "ldterm"); +-# ifndef __hpux ++ # ifndef __hpux ioctl(*aslave, I_PUSH, "ttcompat"); - # endif /* __hpux */ --#endif /* HAVE_CYGWIN */ -+#endif /* !HAVE_CYGWIN && !HAVE_INTERIX */ +-# endif /* __hpux */ ++ # endif /* __hpux */ ++#endif /* !HAVE_INTERIX */ return (0); diff --git a/security/openssh/patches/patch-av b/security/openssh/patches/patch-av index 25a8a4a15a8..44c8b3083a5 100644 --- a/security/openssh/patches/patch-av +++ b/security/openssh/patches/patch-av @@ -1,8 +1,8 @@ -$NetBSD: patch-av,v 1.1 2005/03/07 23:29:50 tv Exp $ +$NetBSD: patch-av,v 1.2 2005/09/21 18:07:09 reed Exp $ ---- sshd.c.orig 2004-08-12 09:08:15.000000000 -0400 +--- sshd.c.orig 2005-07-26 06:54:56.000000000 -0500 +++ sshd.c -@@ -579,10 +579,15 @@ privsep_preauth_child(void) +@@ -574,10 +574,15 @@ /* XXX not ready, too heavy after chroot */ do_setusercontext(pw); #else @@ -18,7 +18,7 @@ $NetBSD: patch-av,v 1.1 2005/03/07 23:29:50 tv Exp $ #endif } -@@ -622,7 +627,7 @@ privsep_preauth(Authctxt *authctxt) +@@ -617,7 +622,7 @@ close(pmonitor->m_sendfd); /* Demote the child */ @@ -27,7 +27,7 @@ $NetBSD: patch-av,v 1.1 2005/03/07 23:29:50 tv Exp $ privsep_preauth_child(); setproctitle("%s", "[net]"); } -@@ -635,7 +640,7 @@ privsep_postauth(Authctxt *authctxt) +@@ -630,7 +635,7 @@ #ifdef DISABLE_FD_PASSING if (1) { #else @@ -36,7 +36,7 @@ $NetBSD: patch-av,v 1.1 2005/03/07 23:29:50 tv Exp $ #endif /* File descriptor passing is broken or root login */ monitor_apply_keystate(pmonitor); -@@ -911,7 +916,7 @@ main(int ac, char **av) +@@ -911,7 +916,7 @@ av = saved_argv; #endif @@ -45,7 +45,7 @@ $NetBSD: patch-av,v 1.1 2005/03/07 23:29:50 tv Exp $ debug("setgroups(): %.200s", strerror(errno)); /* Initialize configuration options to their default values. */ -@@ -1166,7 +1171,7 @@ main(int ac, char **av) +@@ -1168,7 +1173,7 @@ (st.st_uid != getuid () || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) #else |