summaryrefslogtreecommitdiff
path: root/security/openssh
diff options
context:
space:
mode:
authoritojun <itojun@pkgsrc.org>2001-03-22 08:49:28 +0000
committeritojun <itojun@pkgsrc.org>2001-03-22 08:49:28 +0000
commit0904d0520df93ece3e28d7497a55b9d1e230e656 (patch)
tree85e2211addf7c00bed7dd4f4a273379254925b93 /security/openssh
parent8854d5fdc340d54a8c6849492bc400eacc23dfc4 (diff)
downloadpkgsrc-0904d0520df93ece3e28d7497a55b9d1e230e656.tar.gz
upgrade to 2.5.2p2.
20010322 - (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de> - (djm) Released 2.5.2p2 20010321 - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve VanDevender <stevev@darkwing.uoregon.edu> - (djm) Make sure pam_retval is initialised on call to pam_end. Patch from Solar Designer <solar@openwall.com> - (djm) Don't loop forever when changing password via PAM. Patch from Solar Designer <solar@openwall.com> - (djm) Generate config files before build - (djm) Correctly handle SIA and AIX when no tty present. Spotted and suggested fix from Mike Battersby <mib@unimelb.edu.au> 20010320 - (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS). - (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS). - (bal) Oops. Missed globc.h change (OpenBSD CVS). - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2001/03/19 17:07:23 [auth.c readconf.c] undo /etc/shell and proto 2,1 change for openssh-2.5.2 - markus@cvs.openbsd.org 2001/03/19 17:12:10 [version.h] version 2.5.2 - (djm) Update RPM spec version - (djm) Release 2.5.2p1 - tim@mindrot.org 2001/03/19 18:33:47 [defines.h] change S_ISLNK macro to work for UnixWare 2.03 - tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c] add get_arg_max(). Use sysconf() if ARG_MAX is not defined 20010319 - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to do it implicitly. - (djm) Add getusershell() functions from OpenBSD CVS - OpenBSD CVS Sync - markus@cvs.openbsd.org 2001/03/18 12:07:52 [auth-options.c] ignore permitopen="host:port" if AllowTcpForwarding==no - (djm) Make scp work on systems without 64-bit ints - tim@mindrot.org 2001/03/18 18:28:39 [defines.h] move HAVE_LONG_LONG_INT where it works - (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix stuff. Change suggested by Mark Miller <markm@swoon.net> - (bal) Small fix to scp. %lu vs %ld - (bal) NeXTStep lacks S_ISLNK. Plus split up S_IS* - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2001/03/19 03:52:51 [sftp-client.c] Report ssh connection closing correctly; ok deraadt@ - deraadt@cvs.openbsd.org 2001/03/18 23:30:55 [compat.c compat.h sshd.c] specifically version match on ssh scanners. do not log scan information to the console - djm@cvs.openbsd.org 2001/03/19 12:10:17 [sshd.8] Document permitopen authorized_keys option; ok markus@ - djm@cvs.openbsd.org 2001/03/19 05:49:52 [ssh.1] document PreferredAuthentications option; ok markus@ - (bal) Minor NeXT fixed. Forgot to #undef NGROUPS_MAX 20010318 - (bal) Fixed scp type casing issue which causes "scp: protocol error: size not delimited" fatal errors when tranfering. - OpenBSD CVS Sync - markus@cvs.openbsd.org 2001/03/17 17:27:59 [auth.c] check /etc/shells, too - tim@mindrot.org 2001/03/17 18:45:25 [compat.c] openbsd-compat/fake-regex.h 20010317 - Support usrinfo() on AIX. Based on patch from Gert Doering <gert@greenie.muc.de> - OpenBSD CVS Sync - markus@cvs.openbsd.org 2001/03/15 15:05:59 [scp.c] use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi - markus@cvs.openbsd.org 2001/03/15 22:07:08 [session.c] pass Session to do_child + KNF - djm@cvs.openbsd.org 2001/03/16 08:16:18 [sftp-client.c sftp-client.h sftp-glob.c sftp-int.c] Revise globbing for get/put to be more shell-like. In particular, "get/put file* directory/" now works. ok markus@ - markus@cvs.openbsd.org 2001/03/16 09:55:53 [sftp-int.c] fix memset and whitespace - markus@cvs.openbsd.org 2001/03/16 13:44:24 [sftp-int.c] discourage strcat/strcpy - markus@cvs.openbsd.org 2001/03/16 19:06:30 [auth-options.c channels.c channels.h serverloop.c session.c] implement "permitopen" key option, restricts -L style forwarding to to specified host:port pairs. based on work by harlan@genua.de - Check for gl_matchc support in glob_t and fall back to the openbsd-compat/glob.[ch] support if it does not exist. 20010315 - OpenBSD CVS Sync - markus@cvs.openbsd.org 2001/03/14 08:57:14 [sftp-client.c] Wall - markus@cvs.openbsd.org 2001/03/14 15:15:58 [sftp-int.c] add version command - deraadt@cvs.openbsd.org 2001/03/14 22:50:25 [sftp-server.c] note no getopt() - (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h" - (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com> 20010314 - OpenBSD CVS Sync - markus@cvs.openbsd.org 2001/03/13 17:34:42 [auth-options.c] missing xfree, deny key on parse error; ok stevesk@ - djm@cvs.openbsd.org 2001/03/13 22:42:54 [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c] sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@ - (bal) Fix strerror() in bsd-misc.c - (djm) Add replacement glob() from OpenBSD libc if the system glob is missing or lacks the GLOB_ALTDIRFUNC extension - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers relatively. Avoids conflict between glob.h and /usr/include/glob.h 20010313 - OpenBSD CVS Sync - markus@cvs.openbsd.org 2001/03/12 22:02:02 [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c] remove old key_fingerprint interface, s/_ex// 20010312 - OpenBSD CVS Sync - markus@cvs.openbsd.org 2001/03/11 13:25:36 [auth2.c key.c] debug - jakob@cvs.openbsd.org 2001/03/11 15:03:16 [key.c key.h] add improved fingerprint functions. based on work by Carsten Raskgaard <cara@int.tele.dk> and modified by me. ok markus@. - jakob@cvs.openbsd.org 2001/03/11 15:04:16 [ssh-keygen.1 ssh-keygen.c] print both md5, sha1 and bubblebabble fingerprints when using ssh-keygen -l -v. ok markus@. - jakob@cvs.openbsd.org 2001/03/11 15:13:09 [key.c] cleanup & shorten some var names key_fingerprint_bubblebabble. - deraadt@cvs.openbsd.org 2001/03/11 16:39:03 [ssh-keygen.c] KNF, and SHA1 binary output is just creeping featurism - tim@mindrot.org 2001/03/11 17:29:32 [configure.in] test if snprintf() supports %ll add /dev to search path for PRNGD/EGD socket fix my mistake in USER_PATH test program - OpenBSD CVS Sync - markus@cvs.openbsd.org 2001/03/11 18:29:51 [key.c] style+cleanup - markus@cvs.openbsd.org 2001/03/11 22:33:24 [ssh-keygen.1 ssh-keygen.c] remove -v again. use -B instead for bubblebabble. make -B consistent with -l and make -B work with /path/to/known_hosts. ok deraadt@ - (djm) Bump portable version number for generating test RPMs - (djm) Add "static_openssl" RPM build option, remove rsh build dependency - (bal) Reorder includes in Makefile. 20010311 - OpenBSD CVS Sync - markus@cvs.openbsd.org 2001/03/10 12:48:27 [sshconnect2.c] ignore nonexisting private keys; report rjmooney@mediaone.net - deraadt@cvs.openbsd.org 2001/03/10 12:53:51 [readconf.c ssh_config] default to SSH2, now that m68k runs fast - stevesk@cvs.openbsd.org 2001/03/10 15:02:05 [ttymodes.c ttymodes.h] remove unused sgtty macros; ok markus@ - deraadt@cvs.openbsd.org 2001/03/10 15:31:00 [compat.c compat.h sshconnect.c] all known netscreen ssh versions, and older versions of OSU ssh cannot handle password padding (newer OSU is fixed) - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config] make sure $bindir is in USER_PATH so scp will work - OpenBSD CVS Sync - markus@cvs.openbsd.org 2001/03/10 17:51:04 [kex.c match.c match.h readconf.c readconf.h sshconnect2.c] add PreferredAuthentications 20010310 - OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2001/03/09 03:14:39 [ssh-keygen.c] create *.pub files with umask 0644, so that you can mv them to authorized_keys - deraadt@cvs.openbsd.org 2001/03/09 12:30:29 [sshd.c] typo; slade@shore.net - Removed log.o from sftp client. Not needed. 20010309 - OpenBSD CVS Sync - stevesk@cvs.openbsd.org 2001/03/08 18:47:12 [auth1.c] unused; ok markus@ - stevesk@cvs.openbsd.org 2001/03/08 20:44:48 [sftp.1] spelling, cleanup; ok deraadt@ - markus@cvs.openbsd.org 2001/03/08 21:42:33 [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c] implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key -> no need to do enter passphrase or do expensive sign operations if the server does not accept key). 20010308 - OpenBSD CVS Sync - djm@cvs.openbsd.org 2001/03/07 10:11:23 [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h] Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling functions and small protocol change. - markus@cvs.openbsd.org 2001/03/08 00:15:48 [readconf.c ssh.1] turn off useprivilegedports by default. only rhost-auth needs this. older sshd's may need this, too. - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H; Dirk Markwardt <D.Markwardt@tu-bs.de> 20010307 - (bal) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2001/03/06 06:11:18 [ssh-keyscan.c] appease gcc - deraadt@cvs.openbsd.org 2001/03/06 06:11:44 [sftp-int.c sftp.1 sftp.c] sftp -b batchfile; mouring@etoh.eviladmin.org - deraadt@cvs.openbsd.org 2001/03/06 15:10:42 [sftp.1] order things - deraadt@cvs.openbsd.org 2001/03/07 01:19:06 [ssh.1 sshd.8] the name "secure shell" is boring, noone ever uses it - deraadt@cvs.openbsd.org 2001/03/07 04:05:58 [ssh.1] removed dated comment - Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com> 20010306 - (bal) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2001/03/05 14:28:47 [sshd.8] alpha order; jcs@rt.fm - stevesk@cvs.openbsd.org 2001/03/05 15:44:51 [servconf.c] sync error message; ok markus@ - deraadt@cvs.openbsd.org 2001/03/05 15:56:16 [myproposal.h ssh.1] switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster; provos & markus ok - deraadt@cvs.openbsd.org 2001/03/05 16:07:15 [sshd.8] detail default hmac setup too - markus@cvs.openbsd.org 2001/03/05 17:17:21 [kex.c kex.h sshconnect2.c sshd.c] generate a 2*need size (~300 instead of 1024/2048) random private exponent during the DH key agreement. according to Niels (the great german advisor) this is safe since /etc/primes contains strong primes only. References: P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key agreement with short exponents, In Advances in Cryptology - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343. - stevesk@cvs.openbsd.org 2001/03/05 17:40:48 [ssh.1] more ssh_known_hosts2 documentation; ok markus@ - stevesk@cvs.openbsd.org 2001/03/05 17:58:22 [dh.c] spelling - deraadt@cvs.openbsd.org 2001/03/06 00:33:04 [authfd.c cli.c ssh-agent.c] EINTR/EAGAIN handling is required in more cases - millert@cvs.openbsd.org 2001/03/06 01:06:03 [ssh-keyscan.c] Don't assume we wil get the version string all in one read(). deraadt@ OK'd - millert@cvs.openbsd.org 2001/03/06 01:08:27 [clientloop.c] If read() fails with EINTR deal with it the same way we treat EAGAIN 20010305 - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch] - (bal) CVS ID touch up on sftp-int.c - (bal) CVS ID touch up on uuencode.c - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c - (bal) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2001/02/17 23:48:48 [sshd.8] it's the OpenSSH one - deraadt@cvs.openbsd.org 2001/02/21 07:37:04 [ssh-keyscan.c] inline -> __inline__, and some indent - deraadt@cvs.openbsd.org 2001/02/21 09:05:54 [authfile.c] improve fd handling - deraadt@cvs.openbsd.org 2001/02/21 09:12:56 [sftp-server.c] careful with & and &&; markus ok - stevesk@cvs.openbsd.org 2001/02/21 21:14:04 [ssh.c] -i supports DSA identities now; ok markus@ - deraadt@cvs.openbsd.org 2001/02/22 04:29:37 [servconf.c] grammar; slade@shore.net - deraadt@cvs.openbsd.org 2001/02/22 06:43:55 [ssh-keygen.1 ssh-keygen.c] document -d, and -t defaults to rsa1 - deraadt@cvs.openbsd.org 2001/02/22 08:03:51 [ssh-keygen.1 ssh-keygen.c] bye bye -d - deraadt@cvs.openbsd.org 2001/02/22 18:09:06 [sshd_config] activate RSA 2 key - markus@cvs.openbsd.org 2001/02/22 21:57:27 [ssh.1 sshd.8] typos/grammar from matt@anzen.com - markus@cvs.openbsd.org 2001/02/22 21:59:44 [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c] use pwcopy in ssh.c, too - markus@cvs.openbsd.org 2001/02/23 15:34:53 [serverloop.c] debug2->3 - markus@cvs.openbsd.org 2001/02/23 18:15:13 [sshd.c] the random session key depends now on the session_key_int sent by the 'attacker' dig1 = md5(cookie|session_key_int); dig2 = md5(dig1|cookie|session_key_int); fake_session_key = dig1|dig2; this change is caused by a mail from anakin@pobox.com patch based on discussions with my german advisor niels@openbsd.org - deraadt@cvs.openbsd.org 2001/02/24 10:37:55 [readconf.c] look for id_rsa by default, before id_dsa - deraadt@cvs.openbsd.org 2001/02/24 10:37:26 [sshd_config] ssh2 rsa key before dsa key - markus@cvs.openbsd.org 2001/02/27 10:35:27 [packet.c] fix random padding - markus@cvs.openbsd.org 2001/02/27 11:00:11 [compat.c] support SSH-2.0-2.1 ; from Christophe_Moret@hp.com - deraadt@cvs.openbsd.org 2001/02/28 05:34:28 [misc.c] pull in protos - deraadt@cvs.openbsd.org 2001/02/28 05:36:28 [sftp.c] do not kill the subprocess on termination (we will see if this helps things or hurts things) - markus@cvs.openbsd.org 2001/02/28 08:45:39 [clientloop.c] fix byte counts for ssh protocol v1 - markus@cvs.openbsd.org 2001/02/28 08:54:55 [channels.c nchan.c nchan.h] make sure remote stderr does not get truncated. remove closed fd's from the select mask. - markus@cvs.openbsd.org 2001/02/28 09:57:07 [packet.c packet.h sshconnect2.c] in ssh protocol v2 use ignore messages for padding (instead of trailing \0). - markus@cvs.openbsd.org 2001/02/28 12:55:07 [channels.c] unify debug messages - deraadt@cvs.openbsd.org 2001/02/28 17:52:54 [misc.c] for completeness, copy pw_gecos too - markus@cvs.openbsd.org 2001/02/28 21:21:41 [sshd.c] generate a fake session id, too - markus@cvs.openbsd.org 2001/02/28 21:27:48 [channels.c packet.c packet.h serverloop.c] use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message use random content in ignore messages. - markus@cvs.openbsd.org 2001/02/28 21:31:32 [channels.c] typo - deraadt@cvs.openbsd.org 2001/03/01 02:11:25 [authfd.c] split line so that p will have an easier time next time around - deraadt@cvs.openbsd.org 2001/03/01 02:29:04 [ssh.c] shorten usage by a line - deraadt@cvs.openbsd.org 2001/03/01 02:45:10 [auth-rsa.c auth2.c deattack.c packet.c] KNF - deraadt@cvs.openbsd.org 2001/03/01 03:38:33 [cli.c cli.h rijndael.h ssh-keyscan.1] copyright notices on all source files - markus@cvs.openbsd.org 2001/03/01 22:46:37 [ssh.c] don't truncate remote ssh-2 commands; from mkubita@securities.cz use min, not max for logging, fixes overflow. - deraadt@cvs.openbsd.org 2001/03/02 06:21:01 [sshd.8] explain SIGHUP better - deraadt@cvs.openbsd.org 2001/03/02 09:42:49 [sshd.8] doc the dsa/rsa key pair files - deraadt@cvs.openbsd.org 2001/03/02 18:54:31 [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8] make copyright lines the same format - deraadt@cvs.openbsd.org 2001/03/03 06:53:12 [ssh-keyscan.c] standard theo sweep - millert@cvs.openbsd.org 2001/03/03 21:19:41 [ssh-keyscan.c] Dynamically allocate read_wait and its copies. Since maxfd is based on resource limits it is often (usually?) larger than FD_SETSIZE. - millert@cvs.openbsd.org 2001/03/03 21:40:30 [sftp-server.c] Dynamically allocate fd_set; deraadt@ OK - millert@cvs.openbsd.org 2001/03/03 21:41:07 [packet.c] Dynamically allocate fd_set; deraadt@ OK - deraadt@cvs.openbsd.org 2001/03/03 22:07:50 [sftp-server.c] KNF - markus@cvs.openbsd.org 2001/03/03 23:52:22 [sftp.c] clean up arg processing. based on work by Christophe_Moret@hp.com - markus@cvs.openbsd.org 2001/03/03 23:59:34 [log.c ssh.c] log*.c -> log.c - markus@cvs.openbsd.org 2001/03/04 00:03:59 [channels.c] debug1->2 - stevesk@cvs.openbsd.org 2001/03/04 10:57:53 [ssh.c] add -m to usage; ok markus@ - stevesk@cvs.openbsd.org 2001/03/04 11:04:41 [sshd.8] small cleanup and clarify for PermitRootLogin; ok markus@ - stevesk@cvs.openbsd.org 2001/03/04 11:16:06 [servconf.c sshd.8] kill obsolete RandomSeed; ok markus@ deraadt@ - stevesk@cvs.openbsd.org 2001/03/04 12:54:04 [sshd.8] spelling - millert@cvs.openbsd.org 2001/03/04 17:42:28 [authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c ssh.c sshconnect.c sshd.c] log functions should not be passed strings that end in newline as they get passed on to syslog() and when logging to stderr, do_log() appends its own newline. - deraadt@cvs.openbsd.org 2001/03/04 18:21:28 [sshd.8] list SSH2 ciphers - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy() - (bal) Fix up logging since it changed. removed log-*.c - (djm) Fix up LOG_AUTHPRIV for systems that have it - (stevesk) OpenBSD sync: - deraadt@cvs.openbsd.org 2001/03/05 08:37:27 [ssh-keyscan.c] skip inlining, why bother - (stevesk) sftp.c: handle __progname 20010304 - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid. - (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and give Mark Roth credit for mdoc2man.pl 20010303 - (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better. - (djm) Document PAM ChallengeResponseAuthentication in sshd.8 - (djm) Disable and comment ChallengeResponseAuthentication in sshd_config - (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace "--with-egd-pool" configure option with "--with-prngd-socket" and "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
Diffstat (limited to 'security/openssh')
-rw-r--r--security/openssh/Makefile4
-rw-r--r--security/openssh/files/md54
2 files changed, 4 insertions, 4 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index bb7e80d6757..3369b664b7a 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.42 2001/03/11 20:42:28 tron Exp $
+# $NetBSD: Makefile,v 1.43 2001/03/22 08:49:28 itojun Exp $
-DISTNAME= openssh-2.5.1p2
+DISTNAME= openssh-2.5.2p2
CATEGORIES= security
MASTER_SITES= ftp://gd.tuwien.ac.at/OpenBSD/OpenSSH/portable/ \
ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
diff --git a/security/openssh/files/md5 b/security/openssh/files/md5
index 21e3ea73e47..4038e9b80a2 100644
--- a/security/openssh/files/md5
+++ b/security/openssh/files/md5
@@ -1,3 +1,3 @@
-$NetBSD: md5,v 1.12 2001/03/01 04:14:23 itojun Exp $
+$NetBSD: md5,v 1.13 2001/03/22 08:49:29 itojun Exp $
-MD5 (openssh-2.5.1p2.tar.gz) = e09e22ff91cbdf9fc52fdfb5c93e1849
+SHA1 (openssh-2.5.2p2.tar.gz) = 64f1e350b435217aa55d0e97b4c7460145fd7090