diff options
| author | martti <martti@pkgsrc.org> | 2010-06-11 20:41:41 +0000 |
|---|---|---|
| committer | martti <martti@pkgsrc.org> | 2010-06-11 20:41:41 +0000 |
| commit | d87125c4ca9be4e7e47a42992a042cccc5f3bfc7 (patch) | |
| tree | 131d8a7e4088a497b6ae936c4a8ba2bc127e1778 /security/openssh | |
| parent | a8e8aabe4136f3a0ac39369bbe283bb4efef951f (diff) | |
| download | pkgsrc-d87125c4ca9be4e7e47a42992a042cccc5f3bfc7.tar.gz | |
Updated security/openssh to 5.5.1
Lots of changes, including
* After a transition period of about 10 years, this release disables
SSH protocol 1 by default. Clients and servers that need to use the
legacy protocol must explicitly enable it in ssh_config / sshd_config
or on the command-line.
* Remove the libsectok/OpenSC-based smartcard code and add support for
PKCS#11 tokens. This support is automatically enabled on all
platforms that support dlopen(3) and was inspired by patches written
by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages.
* Add support for certificate authentication of users and hosts using a
new, minimal OpenSSH certificate format (not X.509). Certificates
contain a public key, identity information and some validity
constraints and are signed with a standard SSH public key using
ssh-keygen(1). CA keys may be marked as trusted in authorized_keys
or via a TrustedUserCAKeys option in sshd_config(5) (for user
authentication), or in known_hosts (for host authentication).
Documentation for certificate support may be found in ssh-keygen(1),
sshd(8) and ssh(1) and a description of the protocol extensions in
PROTOCOL.certkeys.
* Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects
stdio on the client to a single port forward on the server. This
allows, for example, using ssh as a ProxyCommand to route connections
via intermediate servers. bz#1618
Diffstat (limited to 'security/openssh')
| -rw-r--r-- | security/openssh/Makefile | 7 | ||||
| -rw-r--r-- | security/openssh/PLIST | 4 | ||||
| -rw-r--r-- | security/openssh/distinfo | 29 | ||||
| -rw-r--r-- | security/openssh/patches/patch-aa | 53 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ab | 41 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ad | 22 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ag | 10 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ah | 21 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ak | 12 | ||||
| -rw-r--r-- | security/openssh/patches/patch-an | 12 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ao | 18 | ||||
| -rw-r--r-- | security/openssh/patches/patch-av | 20 |
12 files changed, 105 insertions, 144 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 8351220393a..024fce9d76c 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.196 2010/04/17 10:42:55 zafer Exp $ +# $NetBSD: Makefile,v 1.197 2010/06/11 20:41:41 martti Exp $ -DISTNAME= openssh-5.3p1 -PKGNAME= openssh-5.3.1 +DISTNAME= openssh-5.5p1 +PKGNAME= openssh-5.5.1 SVR4_PKGNAME= ossh CATEGORIES= security MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ @@ -12,7 +12,6 @@ MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ # Don't delete the last entry -- it's there if the pkgsrc version is not # up-to-date and the mirrors already removed the old distfile. -DIST_SUBDIR= ${PKGBASE}-5.3.1-20100218 MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.openssh.com/ diff --git a/security/openssh/PLIST b/security/openssh/PLIST index 2d1302747de..ec9da386841 100644 --- a/security/openssh/PLIST +++ b/security/openssh/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.13 2009/06/14 18:13:34 joerg Exp $ +@comment $NetBSD: PLIST,v 1.14 2010/06/11 20:41:41 martti Exp $ bin/scp bin/sftp bin/slogin @@ -9,6 +9,7 @@ bin/ssh-keygen bin/ssh-keyscan libexec/sftp-server libexec/ssh-keysign +libexec/ssh-pkcs11-helper man/man1/scp.1 man/man1/sftp.1 man/man1/slogin.1 @@ -22,6 +23,7 @@ man/man5/ssh_config.5 man/man5/sshd_config.5 man/man8/sftp-server.8 man/man8/ssh-keysign.8 +man/man8/ssh-pkcs11-helper.8 man/man8/sshd.8 sbin/sshd share/examples/openssh/moduli diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 7562a927dec..7a789682423 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,29 +1,26 @@ -$NetBSD: distinfo,v 1.75 2010/02/19 10:17:33 martti Exp $ +$NetBSD: distinfo,v 1.76 2010/06/11 20:41:41 martti Exp $ -SHA1 (openssh-5.3.1-20100218/openssh-5.3p1-hpn13v7.diff.gz) = 724aa137c8c42e89af454ce904845a3a2d9e8ed9 -RMD160 (openssh-5.3.1-20100218/openssh-5.3p1-hpn13v7.diff.gz) = a57c038d6b57a2869295e3000abd50658ebb5b93 -Size (openssh-5.3.1-20100218/openssh-5.3p1-hpn13v7.diff.gz) = 22734 bytes -SHA1 (openssh-5.3.1-20100218/openssh-5.3p1.tar.gz) = d411fde2584ef6022187f565360b2c63a05602b5 -RMD160 (openssh-5.3.1-20100218/openssh-5.3p1.tar.gz) = f8c98b4b91b7e0e02b33837ef6978e8b7570cf9e -Size (openssh-5.3.1-20100218/openssh-5.3p1.tar.gz) = 1027130 bytes -SHA1 (patch-aa) = 94b4427cd6ed2cc4c15728c6721f98b678eafb5d -SHA1 (patch-ab) = ddb47d597893895314b03bdd13d7e2cb9c4c3b6b +SHA1 (openssh-5.5p1.tar.gz) = 361c6335e74809b26ea096b34062ba8ff6c97cd6 +RMD160 (openssh-5.5p1.tar.gz) = 7cee614112b691da5daac9f2579becba2409b727 +Size (openssh-5.5p1.tar.gz) = 1097574 bytes +SHA1 (patch-aa) = 508d47bb19f746acc29d3659f5140ee13cc4f848 +SHA1 (patch-ab) = b93e976f71a358637c6a50bc70073755cbe3e230 SHA1 (patch-ac) = 5c63cb47ffb556a15f685011bc3291d2219613dc -SHA1 (patch-ad) = 254e11c5f56a72bf0b30bb8860e45156b3a0adf2 +SHA1 (patch-ad) = a02e5a24fee128d925939785c06f3fa985fc6f2f SHA1 (patch-ae) = 4ec1007b03d4bf28ddd1dcfdf2ec7c5295a69df5 SHA1 (patch-af) = ca3224af0b648803404776a8c12ed678db4f8ff6 -SHA1 (patch-ag) = b91f89ede11f5ed7ba99cfea883ede969796c0ac -SHA1 (patch-ah) = 0deb24fae95f0a696048d486b11463b380899cb3 +SHA1 (patch-ag) = 385874017f160626d3a95b6ce4a298d442cf9393 +SHA1 (patch-ah) = c8d4b57fd72260e26960ac67d672bebb40759bed SHA1 (patch-ai) = becad6262e5daeef2a6db14097a8971c40088403 SHA1 (patch-aj) = 5c89b4a7da59f05c50c16083aa6dd6e465cd0305 -SHA1 (patch-ak) = 550eae0b47dc220dac2439f57b39b7e4319057c5 +SHA1 (patch-ak) = c718c24c7fd5e2989e40d1a0272faea6434ec578 SHA1 (patch-al) = ffd15b2ef3cb6b57419c0f6f1f4f795e497382d7 SHA1 (patch-am) = 4893a8a059d611d35c1fb9ff03b598c590e0355e -SHA1 (patch-an) = 5b41d9493028dd4dce4a73ea78e43f3a073108e5 -SHA1 (patch-ao) = a02f861855403e4a77323460a2611707d64b2e6b +SHA1 (patch-an) = bb82f8f7f9d3949fde0d797a4c1253ae402f0311 +SHA1 (patch-ao) = cff08e03d10c32175803c6f09992e4659c3e62bd SHA1 (patch-ap) = 5c0ae4dbcdcd50312d1db037867cbaed7c80931d SHA1 (patch-aq) = 1a7d8a4c5e70a0c6211247ba583534ed8ce317d0 SHA1 (patch-ar) = a1099e0175a2b14f3b19db04261891179b1e3299 SHA1 (patch-au) = 6cfdfc531e2267017a15e66ea48c7ecfa2a3926f -SHA1 (patch-av) = ef1274ad93846c7af2a6bdeb20ae59044fac0f1b +SHA1 (patch-av) = 5b4a63dcf8312745253f5c5e68e1d9628ff9e46d SHA1 (patch-aw) = 532f2aebcb93cae5e0dd26a5faa1593a7d3a3c51 diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa index 8bf1e657323..9d5807e3bce 100644 --- a/security/openssh/patches/patch-aa +++ b/security/openssh/patches/patch-aa @@ -1,8 +1,8 @@ -$NetBSD: patch-aa,v 1.45 2010/02/19 10:17:33 martti Exp $ +$NetBSD: patch-aa,v 1.46 2010/06/11 20:41:42 martti Exp $ ---- configure.orig 2009-09-26 09:31:15.000000000 +0300 -+++ configure 2010-02-19 12:06:28.000000000 +0200 -@@ -5997,6 +5997,9 @@ +--- configure.orig 2010-04-16 03:17:11.000000000 +0300 ++++ configure 2010-06-09 21:30:29.000000000 +0300 +@@ -5665,6 +5665,9 @@ fi @@ -12,7 +12,7 @@ $NetBSD: patch-aa,v 1.45 2010/02/19 10:17:33 martti Exp $ # Allow user to specify flags # Check whether --with-cflags was given. -@@ -6142,6 +6145,7 @@ +@@ -5810,6 +5813,7 @@ maillock.h \ ndir.h \ net/if_tun.h \ @@ -20,7 +20,7 @@ $NetBSD: patch-aa,v 1.45 2010/02/19 10:17:33 martti Exp $ netdb.h \ netgroup.h \ pam/pam_appl.h \ -@@ -7965,6 +7969,36 @@ +@@ -7660,6 +7664,36 @@ ;; esac ;; @@ -57,7 +57,7 @@ $NetBSD: patch-aa,v 1.45 2010/02/19 10:17:33 martti Exp $ *-*-irix5*) PATH="$PATH:/usr/etc" -@@ -8537,7 +8571,7 @@ +@@ -8226,7 +8260,7 @@ _ACEOF ;; @@ -66,33 +66,16 @@ $NetBSD: patch-aa,v 1.45 2010/02/19 10:17:33 martti Exp $ check_for_libcrypt_later=1 cat >>confdefs.h <<\_ACEOF -@@ -30831,14 +30865,21 @@ - rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - if test -z "$conf_utmpx_location"; then - if test x"$system_utmpx_path" = x"no" ; then -- cat >>confdefs.h <<\_ACEOF -+ for f in /var/run/utmpx; do -+ if test -f $f ; then -+ conf_utmpx_location=$f -+ fi -+ done -+ if test -z "$conf_utmpx_location"; then -+ cat >>confdefs.h <<\_ACEOF - #define DISABLE_UTMPX 1 - _ACEOF -+ fi - - fi --else -- --cat >>confdefs.h <<_ACEOF -+fi -+if test -n "$conf_utmpx_location"; then -+ cat >>confdefs.h <<_ACEOF - #define CONF_UTMPX_FILE "$conf_utmpx_location" - _ACEOF - -@@ -30903,14 +30944,20 @@ +@@ -12468,7 +12502,7 @@ + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi + fi +- if test "x$use_pkgconfig_for_libedit" == "xyes"; then ++ if test "x$use_pkgconfig_for_libedit" = "xyes"; then + LIBEDIT=`$PKGCONFIG --libs-only-l libedit` + CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" + else +@@ -29573,14 +29607,20 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test -z "$conf_wtmpx_location"; then if test x"$system_wtmpx_path" = x"no" ; then @@ -118,7 +101,7 @@ $NetBSD: patch-aa,v 1.45 2010/02/19 10:17:33 martti Exp $ #define CONF_WTMPX_FILE "$conf_wtmpx_location" _ACEOF -@@ -32200,7 +32247,7 @@ +@@ -30888,7 +30930,7 @@ echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab index 5b27d68ab4f..db3c963f681 100644 --- a/security/openssh/patches/patch-ab +++ b/security/openssh/patches/patch-ab @@ -1,7 +1,7 @@ -$NetBSD: patch-ab,v 1.27 2010/02/19 10:17:33 martti Exp $ +$NetBSD: patch-ab,v 1.28 2010/06/11 20:41:42 martti Exp $ ---- configure.ac.orig 2009-09-11 07:56:08.000000000 +0300 -+++ configure.ac 2010-02-19 12:13:02.000000000 +0200 +--- configure.ac.orig 2010-04-10 15:58:01.000000000 +0300 ++++ configure.ac 2010-06-09 21:32:22.000000000 +0300 @@ -191,6 +191,9 @@ ] ) @@ -20,7 +20,7 @@ $NetBSD: patch-ab,v 1.27 2010/02/19 10:17:33 martti Exp $ netdb.h \ netgroup.h \ pam/pam_appl.h \ -@@ -535,6 +539,15 @@ +@@ -541,6 +545,15 @@ ;; esac ;; @@ -36,27 +36,16 @@ $NetBSD: patch-ab,v 1.27 2010/02/19 10:17:33 martti Exp $ *-*-irix5*) PATH="$PATH:/usr/etc" AC_DEFINE(BROKEN_INET_NTOA, 1, -@@ -4129,9 +4142,17 @@ - ) - if test -z "$conf_utmpx_location"; then - if test x"$system_utmpx_path" = x"no" ; then -- AC_DEFINE(DISABLE_UTMPX) -+ for f in /var/run/utmpx; do -+ if test -f $f ; then -+ conf_utmpx_location=$f -+ fi -+ done -+ if test -z "$conf_utmpx_location"; then -+ AC_DEFINE(DISABLE_UTMPX) -+ fi - fi --else -+fi -+if test -n "$conf_utmpx_location"; then - AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", - [Define if you want to specify the path to your utmpx file]) - fi -@@ -4155,9 +4176,17 @@ +@@ -1273,7 +1286,7 @@ + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi + fi +- if test "x$use_pkgconfig_for_libedit" == "xyes"; then ++ if test "x$use_pkgconfig_for_libedit" = "xyes"; then + LIBEDIT=`$PKGCONFIG --libs-only-l libedit` + CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" + else +@@ -4106,9 +4119,17 @@ ) if test -z "$conf_wtmpx_location"; then if test x"$system_wtmpx_path" = x"no" ; then @@ -76,7 +65,7 @@ $NetBSD: patch-ab,v 1.27 2010/02/19 10:17:33 martti Exp $ AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location", [Define if you want to specify the path to your wtmpx file]) fi -@@ -4204,7 +4233,7 @@ +@@ -4156,7 +4177,7 @@ echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" diff --git a/security/openssh/patches/patch-ad b/security/openssh/patches/patch-ad index 0e40539f65d..128d71e16f6 100644 --- a/security/openssh/patches/patch-ad +++ b/security/openssh/patches/patch-ad @@ -1,8 +1,8 @@ -$NetBSD: patch-ad,v 1.13 2009/05/21 03:22:29 taca Exp $ +$NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $ ---- loginrec.c.orig 2009-02-12 11:12:22.000000000 +0900 -+++ loginrec.c -@@ -431,8 +431,8 @@ login_set_addr(struct logininfo *li, con +--- loginrec.c.orig 2010-04-09 11:13:27.000000000 +0300 ++++ loginrec.c 2010-06-09 21:16:25.000000000 +0300 +@@ -432,8 +432,8 @@ login_set_addr(struct logininfo *li, con int login_write(struct logininfo *li) { @@ -13,7 +13,7 @@ $NetBSD: patch-ad,v 1.13 2009/05/21 03:22:29 taca Exp $ logit("Attempt to write login records by non-root user (aborting)"); return (1); } -@@ -440,7 +440,7 @@ login_write(struct logininfo *li) +@@ -441,7 +441,7 @@ login_write(struct logininfo *li) /* set the timestamp */ login_set_current_time(li); @@ -22,7 +22,7 @@ $NetBSD: patch-ad,v 1.13 2009/05/21 03:22:29 taca Exp $ syslogin_write_entry(li); #endif #ifdef USE_LASTLOG -@@ -620,7 +620,7 @@ line_abbrevname(char *dst, const char *s +@@ -625,7 +625,7 @@ line_abbrevname(char *dst, const char *s ** into account. **/ @@ -31,18 +31,18 @@ $NetBSD: patch-ad,v 1.13 2009/05/21 03:22:29 taca Exp $ /* build the utmp structure */ void -@@ -757,10 +757,6 @@ construct_utmpx(struct logininfo *li, st +@@ -762,10 +762,6 @@ construct_utmpx(struct logininfo *li, st set_utmpx_time(li, utx); utx->ut_pid = li->pid; - /* strncpy(): Don't necessarily want null termination */ -- strncpy(utx->ut_name, li->username, -- MIN_SIZEOF(utx->ut_name, li->username)); +- strncpy(utx->ut_user, li->username, +- MIN_SIZEOF(utx->ut_user, li->username)); - if (li->type == LTYPE_LOGOUT) return; -@@ -769,6 +765,8 @@ construct_utmpx(struct logininfo *li, st +@@ -774,6 +770,8 @@ construct_utmpx(struct logininfo *li, st * for logouts. */ @@ -51,7 +51,7 @@ $NetBSD: patch-ad,v 1.13 2009/05/21 03:22:29 taca Exp $ # ifdef HAVE_HOST_IN_UTMPX strncpy(utx->ut_host, li->hostname, MIN_SIZEOF(utx->ut_host, li->hostname)); -@@ -1398,7 +1396,7 @@ wtmpx_get_entry(struct logininfo *li) +@@ -1403,7 +1401,7 @@ wtmpx_get_entry(struct logininfo *li) ** Low-level libutil login() functions **/ diff --git a/security/openssh/patches/patch-ag b/security/openssh/patches/patch-ag index 88bd15b7f07..76aa3e86b4e 100644 --- a/security/openssh/patches/patch-ag +++ b/security/openssh/patches/patch-ag @@ -1,8 +1,8 @@ -$NetBSD: patch-ag,v 1.12 2010/02/19 10:17:33 martti Exp $ +$NetBSD: patch-ag,v 1.13 2010/06/11 20:41:42 martti Exp $ ---- config.h.in.orig 2009-09-26 09:31:14.000000000 +0300 -+++ config.h.in 2010-02-19 12:08:03.000000000 +0200 -@@ -518,6 +518,9 @@ +--- config.h.in.orig 2010-04-16 03:17:09.000000000 +0300 ++++ config.h.in 2010-06-09 20:27:35.000000000 +0300 +@@ -521,6 +521,9 @@ /* define if you have int64_t data type */ #undef HAVE_INT64_T @@ -12,7 +12,7 @@ $NetBSD: patch-ag,v 1.12 2010/02/19 10:17:33 martti Exp $ /* Define to 1 if you have the <inttypes.h> header file. */ #undef HAVE_INTTYPES_H -@@ -638,6 +641,9 @@ +@@ -641,6 +644,9 @@ /* Define to 1 if you have the <net/if_tun.h> header file. */ #undef HAVE_NET_IF_TUN_H diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah index 80635cd7bf4..91aab5b63c9 100644 --- a/security/openssh/patches/patch-ah +++ b/security/openssh/patches/patch-ah @@ -1,7 +1,7 @@ -$NetBSD: patch-ah,v 1.27 2010/02/19 10:17:33 martti Exp $ +$NetBSD: patch-ah,v 1.28 2010/06/11 20:41:42 martti Exp $ ---- Makefile.in.orig 2009-08-28 03:47:38.000000000 +0300 -+++ Makefile.in 2010-02-19 12:08:24.000000000 +0200 +--- Makefile.in.orig 2010-03-13 23:41:34.000000000 +0200 ++++ Makefile.in 2010-06-09 20:28:52.000000000 +0300 @@ -22,7 +22,7 @@ DESTDIR= VPATH=@srcdir@ @@ -10,9 +10,9 @@ $NetBSD: patch-ah,v 1.27 2010/02/19 10:17:33 martti Exp $ +#ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign - RAND_HELPER=$(libexecdir)/ssh-rand-helper -@@ -235,7 +235,7 @@ - (cd scard && $(MAKE) -f Makefile.in distprep) + SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper +@@ -239,7 +239,7 @@ + -rm -rf autom4te.cache install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config -install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf @@ -20,12 +20,3 @@ $NetBSD: patch-ah,v 1.27 2010/02/19 10:17:33 martti Exp $ install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files check-config: -@@ -244,7 +244,7 @@ - scard-install: - (cd scard && env DESTDIR=$(DESTDIR) $(MAKE) DESTDIR=$(DESTDIR) install) - --install-files: scard-install -+install-files: - $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) diff --git a/security/openssh/patches/patch-ak b/security/openssh/patches/patch-ak index a4c009b6204..ac82f89baac 100644 --- a/security/openssh/patches/patch-ak +++ b/security/openssh/patches/patch-ak @@ -1,8 +1,8 @@ -$NetBSD: patch-ak,v 1.9 2009/05/21 03:22:29 taca Exp $ +$NetBSD: patch-ak,v 1.10 2010/06/11 20:41:42 martti Exp $ ---- auth.c.orig 2008-11-05 14:12:54.000000000 +0900 -+++ auth.c -@@ -378,7 +378,7 @@ check_key_in_hostfiles(struct passwd *pw +--- auth.c.orig 2010-03-07 02:57:00.000000000 +0200 ++++ auth.c 2010-06-09 20:33:47.000000000 +0300 +@@ -384,7 +384,7 @@ user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); if (options.strict_modes && (stat(user_hostfile, &st) == 0) && @@ -11,7 +11,7 @@ $NetBSD: patch-ak,v 1.9 2009/05/21 03:22:29 taca Exp $ (st.st_mode & 022) != 0)) { logit("Authentication refused for %.100s: " "bad owner or modes for %.200s", -@@ -431,7 +431,7 @@ secure_filename(FILE *f, const char *fil +@@ -437,7 +437,7 @@ /* check the open file to avoid races */ if (fstat(fileno(f), &st) < 0 || @@ -20,7 +20,7 @@ $NetBSD: patch-ak,v 1.9 2009/05/21 03:22:29 taca Exp $ (st.st_mode & 022) != 0) { snprintf(err, errlen, "bad ownership or modes for file %s", buf); -@@ -448,7 +448,7 @@ secure_filename(FILE *f, const char *fil +@@ -454,7 +454,7 @@ debug3("secure_filename: checking '%s'", buf); if (stat(buf, &st) < 0 || diff --git a/security/openssh/patches/patch-an b/security/openssh/patches/patch-an index d837aea414e..722e984862f 100644 --- a/security/openssh/patches/patch-an +++ b/security/openssh/patches/patch-an @@ -1,8 +1,8 @@ -$NetBSD: patch-an,v 1.10 2009/05/21 03:22:29 taca Exp $ +$NetBSD: patch-an,v 1.11 2010/06/11 20:41:42 martti Exp $ ---- scp.c.orig 2008-11-03 17:23:45.000000000 +0900 -+++ scp.c -@@ -390,7 +390,11 @@ main(int argc, char **argv) +--- scp.c.orig 2010-01-08 09:53:43.000000000 +0200 ++++ scp.c 2010-06-09 20:34:26.000000000 +0300 +@@ -395,7 +395,11 @@ argc -= optind; argv += optind; @@ -14,7 +14,7 @@ $NetBSD: patch-an,v 1.10 2009/05/21 03:22:29 taca Exp $ fatal("unknown user %u", (u_int) userid); if (!isatty(STDOUT_FILENO)) -@@ -782,8 +786,10 @@ rsource(char *name, struct stat *statp) +@@ -789,8 +793,10 @@ return; } while ((dp = readdir(dirp)) != NULL) { @@ -25,7 +25,7 @@ $NetBSD: patch-an,v 1.10 2009/05/21 03:22:29 taca Exp $ if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, "..")) continue; if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) { -@@ -1233,7 +1239,9 @@ okname(char *cp0) +@@ -1240,7 +1246,9 @@ case '\'': case '"': case '`': diff --git a/security/openssh/patches/patch-ao b/security/openssh/patches/patch-ao index 01ea164d96e..881f5e0c98b 100644 --- a/security/openssh/patches/patch-ao +++ b/security/openssh/patches/patch-ao @@ -1,12 +1,12 @@ -$NetBSD: patch-ao,v 1.15 2010/02/19 10:17:34 martti Exp $ +$NetBSD: patch-ao,v 1.16 2010/06/11 20:41:42 martti Exp $ One more replacing 0 with ROOTUID is handled by using SUBST framework because patch can't handle it when hpn-patch option is enabled. So, don't simply update this file with mkpatch command. ---- session.c.orig 2009-08-20 09:20:50.000000000 +0300 -+++ session.c 2010-02-19 12:09:09.000000000 +0200 -@@ -1066,7 +1066,7 @@ +--- session.c.orig 2010-03-26 02:04:09.000000000 +0200 ++++ session.c 2010-06-09 20:35:03.000000000 +0300 +@@ -1071,7 +1071,7 @@ if (tmpenv == NULL) return; @@ -15,7 +15,7 @@ So, don't simply update this file with mkpatch command. var = child_get_env(tmpenv, "SUPATH"); else var = child_get_env(tmpenv, "PATH"); -@@ -1175,7 +1175,7 @@ +@@ -1180,7 +1180,7 @@ # endif /* HAVE_ETC_DEFAULT_LOGIN */ if (path == NULL || *path == '\0') { child_set_env(&env, &envsize, "PATH", @@ -24,7 +24,7 @@ So, don't simply update this file with mkpatch command. SUPERUSER_PATH : _PATH_STDPATH); } # endif /* HAVE_CYGWIN */ -@@ -1289,6 +1289,18 @@ +@@ -1294,6 +1294,18 @@ strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); read_environment_file(&env, &envsize, buf); } @@ -43,7 +43,7 @@ So, don't simply update this file with mkpatch command. if (debug_flag) { /* dump the environment */ fprintf(stderr, "Environment:\n"); -@@ -1462,9 +1474,9 @@ +@@ -1473,9 +1485,9 @@ (void)ssh_selinux_enabled(); #endif @@ -55,7 +55,7 @@ So, don't simply update this file with mkpatch command. { #ifdef HAVE_LOGIN_CAP # ifdef __bsdi__ -@@ -1493,11 +1505,13 @@ +@@ -1504,11 +1516,13 @@ perror("setgid"); exit(1); } @@ -69,7 +69,7 @@ So, don't simply update this file with mkpatch command. endgrent(); # ifdef USE_PAM /* -@@ -2322,7 +2336,7 @@ +@@ -2356,7 +2370,7 @@ record_logout(s->pid, s->tty, s->pw->pw_name); /* Release the pseudo-tty. */ diff --git a/security/openssh/patches/patch-av b/security/openssh/patches/patch-av index e89bdca5ef1..8fc3fe3e7b9 100644 --- a/security/openssh/patches/patch-av +++ b/security/openssh/patches/patch-av @@ -1,8 +1,8 @@ -$NetBSD: patch-av,v 1.8 2010/02/19 10:17:34 martti Exp $ +$NetBSD: patch-av,v 1.9 2010/06/11 20:41:42 martti Exp $ ---- sshd.c.orig 2009-06-21 13:26:17.000000000 +0300 -+++ sshd.c 2010-02-19 12:10:07.000000000 +0200 -@@ -235,7 +235,11 @@ +--- sshd.c.orig 2010-03-07 14:05:17.000000000 +0200 ++++ sshd.c 2010-06-09 20:36:56.000000000 +0300 +@@ -236,7 +236,11 @@ int startup_pipe; /* in child */ /* variables used for privilege separation */ @@ -14,7 +14,7 @@ $NetBSD: patch-av,v 1.8 2010/02/19 10:17:34 martti Exp $ struct monitor *pmonitor = NULL; /* global authentication context */ -@@ -605,10 +609,15 @@ +@@ -612,10 +616,15 @@ /* XXX not ready, too heavy after chroot */ do_setusercontext(privsep_pw); #else @@ -30,7 +30,7 @@ $NetBSD: patch-av,v 1.8 2010/02/19 10:17:34 martti Exp $ #endif } -@@ -648,7 +657,7 @@ +@@ -655,7 +664,7 @@ close(pmonitor->m_sendfd); /* Demote the child */ @@ -39,7 +39,7 @@ $NetBSD: patch-av,v 1.8 2010/02/19 10:17:34 martti Exp $ privsep_preauth_child(); setproctitle("%s", "[net]"); } -@@ -663,7 +672,7 @@ +@@ -670,7 +679,7 @@ #ifdef DISABLE_FD_PASSING if (1) { #else @@ -48,7 +48,7 @@ $NetBSD: patch-av,v 1.8 2010/02/19 10:17:34 martti Exp $ #endif /* File descriptor passing is broken or root login */ use_privsep = 0; -@@ -1273,8 +1282,10 @@ +@@ -1310,8 +1319,10 @@ av = saved_argv; #endif @@ -60,7 +60,7 @@ $NetBSD: patch-av,v 1.8 2010/02/19 10:17:34 martti Exp $ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); -@@ -1578,7 +1589,7 @@ +@@ -1664,7 +1675,7 @@ (st.st_uid != getuid () || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) #else @@ -69,7 +69,7 @@ $NetBSD: patch-av,v 1.8 2010/02/19 10:17:34 martti Exp $ #endif fatal("%s must be owned by root and not group or " "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); -@@ -1602,8 +1613,10 @@ +@@ -1688,8 +1699,10 @@ * to create a file, and we can't control the code in every * module which might be used). */ |