Secure Shell package; Originally taken from FreeBSD, hacked by agc and

finished by me.
author: hubertf <hubertf@pkgsrc.org> 1997-12-14 16:17:14 +0000
committer: hubertf <hubertf@pkgsrc.org> 1997-12-14 16:17:14 +0000
commit: 43efe0593ab76f5e81767f05a92acfee07909ba8 (patch)
tree: 382869867dbf6faa175f20f1f3cfddd1c93bded3 /security/ssh
parent: 1eedf0651d1e976611f2669efe4ac879586636a7 (diff)
download: pkgsrc-43efe0593ab76f5e81767f05a92acfee07909ba8.tar.gz
15 files changed, 1009 insertions, 0 deletions
diff --git a/security/ssh/Makefile b/security/ssh/Makefile
new file mode 100644
index 00000000000..58cb00c1556
--- /dev/null
+++ b/security/ssh/Makefile
@@ -0,0 +1,142 @@
+# New ports collection makefile for:	ssh
+# Version required:     		1.2.21
+# Date created:				19971214
+# Whom:					hubertf@netbsd.org
+#
+# $NetBSD: Makefile,v 1.1.1.1 1997/12/14 16:17:14 hubertf Exp $
+# FreeBSD Id: Makefile,v 1.47 1997/11/10 22:04:42 dima Exp
+#
+# Maximal ssh package requires YES values for
+# USE_PERL, USE_TCPWRAP
+#
+
+DISTNAME=       ssh-1.2.21
+CATEGORIES=	security net
+MASTER_SITES=   ftp://ftp.funet.fi/pub/unix/security/login/ssh/
+
+MAINTAINER=	hubertf@netbsd.org
+
+# You can set USA_RESIDENT appropriately in /etc/make.conf if this bugs you..
+.if !defined(USA_RESIDENT)
+USA_RESIDENT=	NO
+.endif
+
+.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
+DISTFILES=	${DISTNAME}.tar.gz rsaref2.tar.gz
+MASTER_SITES=	\
+	ftp://ftp.funet.fi/pub/unix/security/login/ssh/ \
+	ftp://nic.funet.fi/pub/crypt/mirrors/ftp.dsi.unimi.it/applied-crypto/ \
+	ftp://rzsun2.informatik.uni-hamburg.de/pub/virus/crypt/ripem/ \
+	ftp://idea.sec.dsi.unimi.it/pub/security/crypt/math/ \
+	ftp://ftp.univie.ac.at/security/crypt/cryptography/asymmetric/rsa/ \
+	ftp://isdec.vc.cvut.cz/pub/security/unimi/crypt/applied-crypto/
+.endif
+
+RESTRICTED=	"Crypto; export-controlled"
+IS_INTERACTIVE=	YES
+
+GNU_CONFIGURE=	YES
+
+CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc
+
+#Uncomment if all your users are in their own group and their homedir
+#is writeable by that group.  Beware the security implications!
+#CONFIGURE_ARGS+= --enable-group-writeability
+
+#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection
+#over a secure medium.  This is normally dangerous since it can lead to the
+#disclosure keys and passwords.
+#CONFIGURE_ARGS+= --with-none
+
+.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
+CONFIGURE_ARGS+= --with-rsaref
+.endif
+
+# Include support for the SecureID card
+# Warning: untested !
+.if defined(USE_SECUREID) && ${USE_SECUREID} == YES
+CONFIGURE_ARGS+= --with-secureid
+.endif
+
+# Don't use IDEA. IDEA can be freely used for non-commercial use. However,
+# commercial use may require a licence in a number of countries
+# Warning: untested !
+.if defined(DONT_USE_IDEA) && ${DONT_USE_IDEA} == YES
+CONFIGURE_ARGS+= --without-idea
+.endif
+
+MAN1=		scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 \
+		make-ssh-known-hosts.1
+MAN8=		sshd.8
+
+
+pre-patch:
+	@${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \
+	    ${WRKSRC}/make-ssh-known-hosts.pl.in
+
+fetch-depends:
+.if !defined(USA_RESIDENT) || ${USA_RESIDENT} != YES && ${USA_RESIDENT} != NO
+	@echo
+	@echo You must set variable USA_RESIDENT to YES if you are a USA
+	@echo resident or NO otherwise.
+	@echo If you are a USA resident you have to get the RSAREF2
+	@echo library \(RSA Inc. holds a patent on RSA and public key
+	@echo cypto in general - using RSA implementations other than
+	@echo RSAREF will violate the US patent law\)
+	@echo and extract it to ${WRKSRC}.
+	@false
+.endif
+
+post-extract:
+.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
+	@mv ${WRKDIR}/rsaref2 ${WRKSRC}/rsaref2
+.endif
+
+post-install:
+	@ln -sf /etc/ssh_host_key ${PREFIX}/etc
+	@ln -sf /etc/ssh_host_key.pub ${PREFIX}/etc
+	@if [ ! -f ${PREFIX}/etc/ssh_host_key ]; then \
+		echo "Generating a secret host key..."; \
+		${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \
+	fi
+.if defined(MANZ)
+	rm -f ${PREFIX}/man/man1/slogin.1.gz
+	ln -sf ssh.1.gz ${PREFIX}/man/man1/slogin.1.gz
+.else
+	rm -f ${PREFIX}/man/man1/slogin.1
+	ln -sf ssh.1 ${PREFIX}/man/man1/slogin.1
+.endif
+#	@if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \
+#		echo "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
+#		echo "#!/bin/sh" > ${PREFIX}/etc/rc.d/sshd.sh; \
+#		echo "[ -f ${PREFIX}/etc/ssh_host_key ] || ${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ''" >> ${PREFIX}/etc/rc.d/sshd.sh; \
+#		echo "[ -x ${PREFIX}/sbin/sshd ] && ${PREFIX}/sbin/sshd && echo -n ' sshd'" >> ${PREFIX}/etc/rc.d/sshd.sh; \
+#		chmod 755 ${PREFIX}/etc/rc.d/sshd.sh; \
+#	fi
+
+.include <bsd.port.mk>
+
+# Following stuff must be after <bsd.port.mk> to expand exists() properly
+
+.if defined(USE_PERL) && ${USE_PERL} == YES || \
+    exists(${PREFIX}/bin/perl5.00401) && \
+    (!defined(USE_PERL) || ${USE_PERL} != NO)
+BUILD_DEPENDS+= perl5.00404:${PORTSDIR}/lang/perl5
+CONFIGURE_ENV+= PERL=${PREFIX}/bin/perl5.00404
+.else
+CONFIGURE_ENV+= PERL=/replace_it_with_PERL_path
+.endif
+
+# Include tcp-wrapper support (call remote identd)
+.if defined(USE_TCPWRAP) && ${USE_TCPWRAP} == YES || \
+    exists(${PREFIX}/lib/libwrap.a) && \
+    (!defined(USE_TCPWRAP) || ${USE_TCPWRAP} != NO)
+CONFIGURE_ENV+= LDFLAGS=-L${PREFIX}/lib CFLAGS="${CFLAGS} -I${PREFIX}/include"
+CONFIGURE_ARGS+= --with-libwrap
+LIB_DEPENDS+=   wrap\\.7\\.:${PORTSDIR}/security/tcp_wrapper
+.endif
+
+# Include SOCKS firewall support
+.if defined(USE_SOCKS) && ${USE_SOCKS} == YES
+CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5"
+.endif
diff --git a/security/ssh/files/md5 b/security/ssh/files/md5
new file mode 100644
index 00000000000..a539987481f
--- /dev/null
+++ b/security/ssh/files/md5
@@ -0,0 +1,2 @@
+MD5 (ssh-1.2.21.tar.gz) = 881f612cd3598b5370545ab2ad808795
+MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d
diff --git a/security/ssh/patches/patch-aa b/security/ssh/patches/patch-aa
new file mode 100644
index 00000000000..83e9968ac31
--- /dev/null
+++ b/security/ssh/patches/patch-aa
@@ -0,0 +1,19 @@
+*** make-ssh-known-hosts.pl.in.orig	Wed Apr 23 08:40:05 1997
+--- make-ssh-known-hosts.pl.in	Fri Apr 25 12:38:21 1997
+***************
+*** 87,93 ****
+  $debug = 5;
+  $defserver = '';
+  $bell='\a';
+! $public_key = '/etc/ssh_host_key.pub';
+  $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$";
+  $timeout = 60;
+  $ping_timeout = 3;
+--- 87,93 ----
+  $debug = 5;
+  $defserver = '';
+  $bell='\a';
+! $public_key = '@ETCDIR@/ssh_host_key.pub';
+  $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$";
+  $timeout = 60;
+  $ping_timeout = 3;
diff --git a/security/ssh/patches/patch-ab b/security/ssh/patches/patch-ab
new file mode 100644
index 00000000000..dba02a731c0
--- /dev/null
+++ b/security/ssh/patches/patch-ab
@@ -0,0 +1,51 @@
+*** configure.orig	Wed Apr 23 08:40:06 1997
+--- configure	Fri Apr 25 12:38:54 1997
+***************
+*** 1757,1768 ****
+  
+  export CFLAGS CC
+  
+- # Socket pairs appear to be broken on several systems.  I don't know exactly
+- # where, so I'll use pipes everywhere for now.
+- cat >> confdefs.h <<\EOF
+- #define USE_PIPES 1
+- EOF
+- 
+  
+  echo $ac_n "checking that the compiler works""... $ac_c" 1>&6
+  echo "configure:1769: checking that the compiler works" >&5
+--- 1757,1762 ----
+***************
+*** 2759,2765 ****
+  
+  fi
+  
+! for ac_hdr in unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h
+  do
+  ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+  echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+--- 2753,2759 ----
+  
+  fi
+  
+! for ac_hdr in unistd.h rusage.h sys/time.h lastlog.h login_cap.h utmp.h shadow.h
+  do
+  ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+  echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+***************
+*** 7031,7037 ****
+  
+  cat >> $CONFIG_STATUS <<EOF
+  
+! CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile"}
+  EOF
+  cat >> $CONFIG_STATUS <<\EOF
+  for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
+--- 7025,7031 ----
+  
+  cat >> $CONFIG_STATUS <<EOF
+  
+! CONFIG_FILES=\${CONFIG_FILES-"Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 make-ssh-known-hosts.pl"}
+  EOF
+  cat >> $CONFIG_STATUS <<\EOF
+  for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
diff --git a/security/ssh/patches/patch-ac b/security/ssh/patches/patch-ac
new file mode 100644
index 00000000000..6027311b99d
--- /dev/null
+++ b/security/ssh/patches/patch-ac
@@ -0,0 +1,92 @@
+--- Makefile.in.orig	Fri Aug 22 01:28:42 1997
++++ Makefile.in	Mon Nov 24 15:14:18 1997
+@@ -263,8 +263,10 @@
+ GMPDEP 		= $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a
+ 
+ ZLIBDIR		= zlib-1.0.4
+-ZLIBDEP		= $(ZLIBDIR)/libz.a
+-ZLIBLIBS	= -L$(ZLIBDIR) -lz
++ZLIBINCDIR	= /usr/include
++ZLIBLIBDIR	= /usr/lib
++ZLIBDEP		= $(ZLIBINCDIR)/libz.a
++ZLIBLIBS	= -L$(ZLIBLIBDIR) -lz
+ 
+ RSAREFDIR	= rsaref2
+ RSAREFSRCDIR 	= $(RSAREFDIR)/source
+@@ -368,7 +370,7 @@
+ 	$(CC) -o rfc-pg rfc-pg.o
+ 
+ .c.o:
+-	$(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $<
++	$(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $<
+ 
+ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
+ 	-rm -f sshd
+@@ -416,14 +418,14 @@
+ $(GMPDIR)/libgmp.a:
+ 	cd $(GMPDIR); $(MAKE)
+ 
+-$(ZLIBDEP):
+-	-if test '!' -d $(ZLIBDIR); then \
+-	  mkdir $(ZLIBDIR); \
+-	  cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
+-	fi
+-	cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \
+-	  CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \
+-	    -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a
++#$(ZLIBDEP):
++#	-if test '!' -d $(ZLIBDIR); then \
++#	  mkdir $(ZLIBDIR); \
++#	  cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
++#	fi
++#	cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \
++#	  CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \
++#	    -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a
+ 
+ $(RSAREFSRCDIR)/librsaref.a:
+ 	-if test '!' -d $(RSAREFDIR); then \
+@@ -480,7 +482,7 @@
+ # (otherwise it can only log in as the user it runs as, and must be
+ # bound to a non-privileged port).  Also, password authentication may
+ # not be available if non-root and using shadow passwords.
+-install: $(PROGRAMS) make-dirs generate-host-key install-configs
++install: $(PROGRAMS) make-dirs install-configs
+ 	-rm -f $(install_prefix)$(bindir)/ssh.old
+ 	-mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old
+ 	-chmod 755 $(install_prefix)$(bindir)/ssh.old
+@@ -591,13 +593,13 @@
+ 	-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
+ 	cd $(GMPDIR); $(MAKE) clean
+ #	cd $(RSAREFSRCDIR); rm -f *.o *.a
+-	cd $(ZLIBDIR); $(MAKE) clean
++#	cd $(ZLIBDIR); $(MAKE) clean
+ 
+ distclean: clean
+ 	-rm -f Makefile config.status config.cache config.log config.h
+ 	-rm -f ssh.1 sshd.8 make-ssh-known-hosts.1
+ 	cd $(GMPDIR); $(MAKE) distclean
+-	cd $(ZLIBDIR); $(MAKE) distclean
++#	cd $(ZLIBDIR); $(MAKE) distclean
+ 
+ dist: dist-free
+ 
+@@ -632,8 +634,8 @@
+ 	gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - )
+ #	tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -)
+ #	cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a
+-	(cd  $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -)
+-	cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS
++#	(cd  $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -)
++#	cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS
+ 
+ dist-free-make-tar:
+ 	tar pcf $(DISTNAME).tar $(DISTNAME)
+@@ -656,7 +658,7 @@
+ 	 (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
+ 
+ depend:
+-	$(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS)
++	$(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS)
+ 
+ tags:
+ 	-rm -f TAGS
diff --git a/security/ssh/patches/patch-ae b/security/ssh/patches/patch-ae
new file mode 100644
index 00000000000..6c0ffecd0dd
--- /dev/null
+++ b/security/ssh/patches/patch-ae
@@ -0,0 +1,19 @@
+*** server_config.sample.orig	Thu Mar 27 09:04:06 1997
+--- server_config.sample	Fri Mar 28 15:45:53 1997
+***************
+*** 16,22 ****
+  FascistLogging no
+  PrintMotd yes
+  KeepAlive yes
+! SyslogFacility DAEMON
+  RhostsAuthentication no
+  RhostsRSAAuthentication yes
+  RSAAuthentication yes
+--- 16,22 ----
+  FascistLogging no
+  PrintMotd yes
+  KeepAlive yes
+! SyslogFacility AUTH
+  RhostsAuthentication no
+  RhostsRSAAuthentication yes
+  RSAAuthentication yes
diff --git a/security/ssh/patches/patch-af b/security/ssh/patches/patch-af
new file mode 100644
index 00000000000..736cd569902
--- /dev/null
+++ b/security/ssh/patches/patch-af
@@ -0,0 +1,423 @@
+*** sshd.c.orig	Wed Apr 23 04:40:08 1997
+--- sshd.c	Wed Jun 11 14:56:57 1997
+***************
+*** 400,405 ****
+--- 400,409 ----
+  #include "firewall.h"	/* TIS authsrv authentication */
+  #endif
+  
++ #ifdef HAVE_LOGIN_CAP_H
++ #include <login_cap.h>
++ #endif
++ 
+  #ifdef _PATH_BSHELL
+  #define DEFAULT_SHELL		_PATH_BSHELL
+  #else
+***************
+*** 1542,1547 ****
+--- 1546,1583 ----
+      endspent();
+    }
+  #endif /* HAVE_ETC_SHADOW */
++ #ifdef __FreeBSD__
++   {
++     time_t currtime;
++ 
++     if (pwd->pw_change || pwd->pw_expire)
++ 	currtime = time(NULL);
++ 
++     /*
++      * Check for an expired password
++      */
++     if (pwd->pw_change && pwd->pw_change <= currtime)
++       {
++ 	debug("Account %.100s's password is too old - forced to change.",
++ 	      user);
++ 	if (options.forced_passwd_change)
++ 	  forced_command = "/usr/bin/passwd";
++ 	else
++ 	  {
++ 	    return 0;
++ 	  }
++       }
++     
++     /*
++      * Check for expired account
++      */
++     if (pwd->pw_expire && pwd->pw_expire <= currtime)
++       {
++ 	debug("Account %.100s has expired - access denied.", user);
++ 	return 0;
++       }
++   }
++ #else   /* !FreeBSD */
+    /*
+     * Check if account is locked. Check if encrypted password starts
+     * with "*LK*".
+***************
+*** 1553,1558 ****
+--- 1589,1595 ----
+  	return 0;
+        }
+    }
++ #endif  /* !FreeBSD */
+  #ifdef CHECK_ETC_SHELLS
+    {
+      int  invalid = 1;
+***************
+*** 1698,1703 ****
+--- 1735,1743 ----
+    memset(&pwcopy, 0, sizeof(pwcopy));
+    pwcopy.pw_name = xstrdup(pw->pw_name);
+    pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
++ #ifdef HAVE_LOGIN_CAP_H
++   pwcopy.pw_class = xstrdup(pw->pw_class);
++ #endif
+    pwcopy.pw_uid = pw->pw_uid;
+    pwcopy.pw_gid = pw->pw_gid;
+    pwcopy.pw_dir = xstrdup(pw->pw_dir);
+***************
+*** 2654,2659 ****
+--- 2694,2702 ----
+    struct sockaddr_in from;
+    int fromlen;
+    struct pty_cleanup_context cleanup_context;
++ #ifdef HAVE_LOGIN_CAP_H
++   login_cap_t *lc;
++ #endif
+  
+    /* We no longer need the child running on user's privileges. */
+    userfile_uninit();
+***************
+*** 2725,2735 ****
+        record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, 
+  		   &from);
+  
+        /* Check if .hushlogin exists.  Note that we cannot use userfile
+           here because we are in the child. */
+        sprintf(line, "%.200s/.hushlogin", pw->pw_dir);
+        quiet_login = stat(line, &st) >= 0;
+!       
+        /* If the user has logged in before, display the time of last login. 
+           However, don't display anything extra if a command has been 
+  	 specified (so that ssh can be used to execute commands on a remote
+--- 2768,2786 ----
+        record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, 
+  		   &from);
+  
++ #ifdef HAVE_LOGIN_CAP_H
++       lc = login_getclass(pw->pw_class);
++ #endif
++ 
+        /* Check if .hushlogin exists.  Note that we cannot use userfile
+           here because we are in the child. */
+        sprintf(line, "%.200s/.hushlogin", pw->pw_dir);
+        quiet_login = stat(line, &st) >= 0;
+! 
+! #ifdef HAVE_LOGIN_CAP_H
+!       quiet_login = login_getcapbool(lc, "hushlogin", quiet_login);
+! #endif
+! 
+        /* If the user has logged in before, display the time of last login. 
+           However, don't display anything extra if a command has been 
+  	 specified (so that ssh can be used to execute commands on a remote
+***************
+*** 2749,2754 ****
+--- 2800,2828 ----
+  	    printf("Last login: %s from %s\r\n", time_string, buf);
+  	}
+  
++ #ifdef __FreeBSD__
++       if (command == NULL && !quiet_login)
++ 	{
++ #ifdef HAVE_LOGIN_CAP_H
++ 	  char *cw;
++ 	  FILE *f;
++ 
++ 	  cw = login_getcapstr(lc, "copyright", NULL, NULL);
++ 	  if (cw != NULL && (f = fopen(cw, "r")) != NULL)
++ 	    {
++ 	      while (fgets(line, sizeof(line), f))
++ 		fputs(line, stdout);
++ 	      fclose(f);
++ 	    }
++ 	  else
++ #endif
++ 	    printf("%s\n\t%s  %s\n\n",
++ 	    "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
++ 	    "The Regents of the University of California. ",
++ 	    "All rights reserved.");
++ 	}
++ #endif
++       
+        /* Print /etc/motd unless a command was specified or printing it was
+  	 disabled in server options.  Note that some machines appear to
+  	 print it in /etc/profile or similar. */
+***************
+*** 2758,2764 ****
+--- 2832,2842 ----
+  	  FILE *f;
+  
+  	  /* Print /etc/motd if it exists. */
++ #ifdef HAVE_LOGIN_CAP_H
++ 	  f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r");
++ #else
+  	  f = fopen("/etc/motd", "r");
++ #endif
+  	  if (f)
+  	    {
+  	      while (fgets(line, sizeof(line), f))
+***************
+*** 2766,2771 ****
+--- 2844,2872 ----
+  	      fclose(f);
+  	    }
+  	}
++ #ifdef __FreeBSD__
++       if (command == NULL && !quiet_login)
++ 	{
++ #ifdef broken_HAVE_LOGIN_CAP_H
++ 	  char *mp = getenv("MAIL");
++ 
++ 	  if (mp != NULL)
++ 	    {
++ 		strncpy(line, mp, sizeof line);
++ 		line[sizeof line - 1] = '\0';
++ 	    }
++ 	  else
++ #endif
++ 	  sprintf(line, "%s/%.200s", _PATH_MAILDIR, pw->pw_name);
++ 	  if (stat(line, &st) == 0 && st.st_size != 0)
++ 	    printf("You have %smail.\n",
++ 		   (st.st_mtime > st.st_atime) ? "new " : "");
++ 	}
++ #endif
++ 
++ #ifdef HAVE_LOGIN_CAP_H
++       login_close(lc);
++ #endif
+  
+        /* Do common processing for the child, such as execing the command. */
+        do_child(command, pw, term, display, auth_proto, auth_data, ttyname);
+***************
+*** 3017,3023 ****
+    char *user_shell;
+    char *remote_ip;
+    int remote_port;
+!   
+    /* Check /etc/nologin. */
+    f = fopen("/etc/nologin", "r");
+    if (f)
+--- 3118,3130 ----
+    char *user_shell;
+    char *remote_ip;
+    int remote_port;
+! #ifdef HAVE_LOGIN_CAP_H
+!   login_cap_t *lc;
+!   char *real_shell;
+!   
+!   lc = login_getclass(pw->pw_class);
+!   auth_checknologin(lc);
+! #else /* !HAVE_LOGIN_CAP_H */
+    /* Check /etc/nologin. */
+    f = fopen("/etc/nologin", "r");
+    if (f)
+***************
+*** 3031,3036 ****
+--- 3138,3144 ----
+        if (pw->pw_uid != UID_ROOT)
+  	exit(254);
+      }
++ #endif /* HAVE_LOGIN_CAP_H */
+  
+    if (command != NULL)
+      {
+***************
+*** 3043,3049 ****
+        else
+  	log_msg("executing remote command as user %.200s", pw->pw_name);
+      }
+!   
+  #ifdef HAVE_SETLOGIN
+    /* Set login name in the kernel.  Warning: setsid() must be called before
+       this. */
+--- 3151,3158 ----
+        else
+  	log_msg("executing remote command as user %.200s", pw->pw_name);
+      }
+! 
+! #ifndef HAVE_LOGIN_CAP_H
+  #ifdef HAVE_SETLOGIN
+    /* Set login name in the kernel.  Warning: setsid() must be called before
+       this. */
+***************
+*** 3064,3069 ****
+--- 3173,3179 ----
+    if (setpcred((char *)pw->pw_name, NULL))
+      log_msg("setpcred %.100s: %.100s", strerror(errno));
+  #endif /* HAVE_USERSEC_H */
++ #endif /* !HAVE_LOGIN_CAP_H */
+  
+    /* Save some data that will be needed so that we can do certain cleanups
+       before we switch to user's uid.  (We must clear all sensitive data 
+***************
+*** 3134,3139 ****
+--- 3244,3309 ----
+    if (command != NULL || !options.use_login)
+  #endif /* USELOGIN */
+      {
++ #ifdef HAVE_LOGIN_CAP_H
++       char *p, *s, **tmpenv;
++ 
++       /* Initialize the new environment.
++        */
++       envsize = 64;
++       env = xmalloc(envsize * sizeof(char *));
++       env[0] = NULL;
++ 
++       child_set_env(&env, &envsize, "PATH", DEFAULT_PATH);
++ 
++ #ifdef MAIL_SPOOL_DIRECTORY
++       sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name);
++       child_set_env(&env, &envsize, "MAIL", buf);
++ #else /* MAIL_SPOOL_DIRECTORY */
++ #ifdef MAIL_SPOOL_FILE
++       sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE);
++       child_set_env(&env, &envsize, "MAIL", buf);
++ #endif /* MAIL_SPOOL_FILE */
++ #endif /* MAIL_SPOOL_DIRECTORY */
++ 
++       /* Let it inherit timezone if we have one. */
++       if (getenv("TZ"))
++ 	child_set_env(&env, &envsize, "TZ", getenv("TZ"));
++ 
++       /* Save previous environment array
++        */
++       tmpenv = environ;
++       environ = env;
++ 
++       /* Set the user's login environment
++        */
++       if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0)
++ 	{
++ 	  perror("setusercontext");
++ 	  exit(1);
++ 	}
++ 
++       p = getenv("PATH");
++       s = xmalloc((p != NULL ? strlen(p) + 1 : 0) + sizeof(SSH_BINDIR));
++       *s = '\0';
++       if (p != NULL)
++ 	{
++ 	  strcat(s, p);
++ 	  strcat(s, ":");
++ 	}
++       strcat(s, SSH_BINDIR);
++ 
++       env = environ;
++       environ = tmpenv; /* Restore parent environment */
++       for (envsize = 0; env[envsize] != NULL; ++envsize)
++ 	;
++       /* Reallocate this to what is expected */
++       envsize = (envsize < 100) ? 100 : envsize + 16;
++       env = xrealloc(env, envsize * sizeof(char *));
++ 
++       child_set_env(&env, &envsize, "PATH", s);
++       xfree(s);
++ 
++ #else /* !HAVE_LOGIN_CAP_H */
+        /* Set uid, gid, and groups. */
+        if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
+  	{ 
+***************
+*** 3165,3170 ****
+--- 3335,3341 ----
+        
+        if (getuid() != user_uid || geteuid() != user_uid)
+  	fatal("Failed to set uids to %d.", (int)user_uid);
++ #endif /* HAVE_LOGIN_CAP_H */
+      }
+    
+    /* Reset signals to their default settings before starting the user
+***************
+*** 3175,3185 ****
+--- 3346,3361 ----
+       and means /bin/sh. */
+    shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell;
+  
++ #ifdef HAVE_LOGIN_CAP_H
++   real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell);
++   login_close(lc);
++ #else /* !HAVE_LOGIN_CAP_H */
+    /* Initialize the environment.  In the first part we allocate space for
+       all environment variables. */
+    envsize = 100;
+    env = xmalloc(envsize * sizeof(char *));
+    env[0] = NULL;
++ #endif /* HAVE_LOGIN_CAP_H */
+  
+  #ifdef USELOGIN
+    if (command != NULL || !options.use_login)
+***************
+*** 3189,3194 ****
+--- 3365,3372 ----
+        child_set_env(&env, &envsize, "HOME", user_dir);
+        child_set_env(&env, &envsize, "USER", user_name);
+        child_set_env(&env, &envsize, "LOGNAME", user_name);
++ 
++ #ifndef HAVE_LOGIN_CAP_H
+        child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
+        
+  #ifdef MAIL_SPOOL_DIRECTORY
+***************
+*** 3200,3205 ****
+--- 3378,3384 ----
+        child_set_env(&env, &envsize, "MAIL", buf);
+  #endif /* MAIL_SPOOL_FILE */
+  #endif /* MAIL_SPOOL_DIRECTORY */
++ #endif  /* !HAVE_LOGIN_CAP_H */
+        
+  #ifdef HAVE_ETC_DEFAULT_LOGIN
+        /* Read /etc/default/login; this exists at least on Solaris 2.x.  Note
+***************
+*** 3215,3223 ****
+--- 3394,3404 ----
+      child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
+  		  original_command);
+    
++ #ifndef HAVE_LOGIN_CAP_H
+    /* Let it inherit timezone if we have one. */
+    if (getenv("TZ"))
+      child_set_env(&env, &envsize, "TZ", getenv("TZ"));
++ #endif /* !HAVE_LOGIN_CAP_H */
+    
+    /* Set custom environment options from RSA authentication. */
+    while (custom_environment) 
+***************
+*** 3437,3443 ****
+--- 3618,3628 ----
+  	  /* Execute the shell. */
+  	  argv[0] = buf;
+  	  argv[1] = NULL;
++ #ifdef HAVE_LOGIN_CAP_H
++ 	  execve(real_shell, argv, env);
++ #else
+  	  execve(shell, argv, env);
++ #endif /* HAVE_LOGIN_CAP_H */
+  	  /* Executing the shell failed. */
+  	  perror(shell);
+  	  exit(1);
+***************
+*** 3458,3464 ****
+--- 3643,3653 ----
+    argv[1] = "-c";
+    argv[2] = (char *)command;
+    argv[3] = NULL;
++ #ifdef HAVE_LOGIN_CAP_H
++   execve(real_shell, argv, env);
++ #else
+    execve(shell, argv, env);
++ #endif /* HAVE_LOGIN_CAP_H */
+    perror(shell);
+    exit(1);
+  }
diff --git a/security/ssh/patches/patch-ah b/security/ssh/patches/patch-ah
new file mode 100644
index 00000000000..c06b14c7541
--- /dev/null
+++ b/security/ssh/patches/patch-ah
@@ -0,0 +1,14 @@
+*** config.h.in.orig	Wed Apr 23 08:40:06 1997
+--- config.h.in	Fri Apr 25 12:40:48 1997
+***************
+*** 527,532 ****
+--- 527,535 ----
+  /* Define if you have the <lastlog.h> header file.  */
+  #undef HAVE_LASTLOG_H
+  
++ /* Define if you have the <login_cap.h> header file.  */
++ #undef HAVE_LOGIN_CAP_H
++ 
+  /* Define if you have the <machine/endian.h> header file.  */
+  #undef HAVE_MACHINE_ENDIAN_H
+  
diff --git a/security/ssh/patches/patch-ai b/security/ssh/patches/patch-ai
new file mode 100644
index 00000000000..241dbf31f7d
--- /dev/null
+++ b/security/ssh/patches/patch-ai
@@ -0,0 +1,40 @@
+*** userfile.c.orig	Thu Mar 27 09:04:13 1997
+--- userfile.c	Sat Mar 29 01:16:51 1997
+***************
+*** 166,171 ****
+--- 166,175 ----
+  #endif
+  
+  
++ #ifdef HAVE_LOGIN_CAP_H
++ #include <login_cap.h>
++ #endif
++ 
+  /* Protocol message types. */
+  #define USERFILE_OPEN		1
+  #define USERFILE_OPEN_REPLY	2
+***************
+*** 626,631 ****
+--- 630,641 ----
+    /* Child.  We will start serving request. */
+    if (uid != geteuid() || uid != getuid())
+      {
++ #ifdef HAVE_LOGIN_CAP_H
++       struct passwd * pw = getpwuid(uid);
++       login_cap_t * lc = login_getuserclass(pw);
++       if (setusercontext(lc, pw, uid, LOGIN_SETALL&~(LOGIN_SETLOGIN|LOGIN_SETPATH|LOGIN_SETENV)) < 0)
++ 	fatal("setusercontext: %s", strerror(errno));
++ #else
+        if (setgid(gid) < 0)
+  	fatal("setgid: %s", strerror(errno));
+  
+***************
+*** 636,641 ****
+--- 646,652 ----
+  
+        if (setuid(uid) < 0)
+  	fatal("setuid: %s", strerror(errno));
++ #endif /* HAVE_LOGIN_CAP_H */
+      }
+  
+    /* Enter the server main loop. */
diff --git a/security/ssh/patches/patch-aj b/security/ssh/patches/patch-aj
new file mode 100644
index 00000000000..60f7495697f
--- /dev/null
+++ b/security/ssh/patches/patch-aj
@@ -0,0 +1,40 @@
+*** configure.in.orig	Wed Apr 23 08:40:06 1997
+--- configure.in	Fri Apr 25 12:41:26 1997
+***************
+*** 616,624 ****
+  
+  export CFLAGS CC
+  
+! # Socket pairs appear to be broken on several systems.  I don't know exactly
+! # where, so I'll use pipes everywhere for now.
+! AC_DEFINE(USE_PIPES)
+  
+  AC_MSG_CHECKING([that the compiler works])
+  AC_TRY_RUN([ main(int ac, char **av) { return 0; } ],
+--- 616,624 ----
+  
+  export CFLAGS CC
+  
+! dnl # Socket pairs appear to be broken on several systems.  I don't know exactly
+! dnl # where, so I'll use pipes everywhere for now.
+! dnl AC_DEFINE(USE_PIPES)
+  
+  AC_MSG_CHECKING([that the compiler works])
+  AC_TRY_RUN([ main(int ac, char **av) { return 0; } ],
+***************
+*** 671,677 ****
+  
+  AC_HEADER_STDC
+  AC_HEADER_SYS_WAIT
+! AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h)
+  AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h)
+  AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h)
+  AC_HEADER_TIME
+--- 671,677 ----
+  
+  AC_HEADER_STDC
+  AC_HEADER_SYS_WAIT
+! AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h login_cap.h utmp.h shadow.h)
+  AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h)
+  AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h)
+  AC_HEADER_TIME
diff --git a/security/ssh/patches/patch-al b/security/ssh/patches/patch-al
new file mode 100644
index 00000000000..1da799c26ac
--- /dev/null
+++ b/security/ssh/patches/patch-al
@@ -0,0 +1,27 @@
+*** sshconnect.c.orig	Wed Apr 23 08:40:11 1997
+--- sshconnect.c	Fri Apr 25 12:41:59 1997
+***************
+*** 311,316 ****
+--- 311,322 ----
+      {
+        struct sockaddr_in sin;
+        int p;
++ #if defined(__FreeBSD__)  && !defined(SOCKS)
++ 	p = 1023;	/* Compat with old FreeBSD */
++       sock = rresvport(&p);
++       if (sock < 0)
++ 	fatal("rresvport: %.100s", strerror(errno));
++ #else
+        for (p = 1023; p > 512; p--)
+  	{
+  	  sock = socket(AF_INET, SOCK_STREAM, 0);
+***************
+*** 338,343 ****
+--- 344,350 ----
+  	    }
+  	  fatal("bind: %.100s", strerror(errno));
+  	}
++ #endif
+        debug("Allocated local port %d.", p);
+      }
+    else
diff --git a/security/ssh/patches/patch-ao b/security/ssh/patches/patch-ao
new file mode 100644
index 00000000000..5072ce4d394
--- /dev/null
+++ b/security/ssh/patches/patch-ao
@@ -0,0 +1,13 @@
+--- newchannels.c.orig	Tue Apr 22 17:40:11 1997
++++ newchannels.c	Sat Jul 19 11:42:06 1997
+@@ -2139,6 +2139,10 @@
+      ssh-agent connections on your system */
+   old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
+   
++  /* Make sure the socket doesn't already exist, left over from a system
++     crash perhaps. */
++  unlink(channel_forwarded_auth_socket_name);
++
+   if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0)
+     packet_disconnect("Agent socket bind failed: %.100s", strerror(errno));
+   
diff --git a/security/ssh/pkg/COMMENT b/security/ssh/pkg/COMMENT
new file mode 100644
index 00000000000..45e42fd3dd6
--- /dev/null
+++ b/security/ssh/pkg/COMMENT
@@ -0,0 +1 @@
+Secure shell client and server (remote login program).
diff --git a/security/ssh/pkg/DESCR b/security/ssh/pkg/DESCR
new file mode 100644
index 00000000000..307b86088bc
--- /dev/null
+++ b/security/ssh/pkg/DESCR
@@ -0,0 +1,99 @@
+Secure Shell is a program to log into another computer over a network,
+to execute commands in a remote machine, and to move files from one
+machine to another.  It provides strong authentication and secure
+communications over insecure channels.  It is inteded as a replacement
+for rlogin, rsh, and rcp.
+
+FEATURES
+
+ o  Complete replacement for rlogin, rsh, and rcp.
+
+ o  Strong authentication.  Closes several security holes (e.g., IP,
+    routing, and DNS spoofing).  New authentication methods: .rhosts
+    together with RSA based host authentication, and pure RSA
+    authentication.
+
+ o  Improved privacy.  All communications are automatically and
+    transparently encrypted.  RSA is used for key exchange, and a
+    conventional cipher (normally IDEA, DES, or triple-DES) for
+    encrypting the session.  Encryption is started before
+    authentication, and no passwords or other information is
+    transmitted in the clear.  Encryption is also used to protect
+    against spoofed packets.
+
+ o  Secure X11 sessions.  The program automatically sets DISPLAY on
+    the server machine, and forwards any X11 connections over the
+    secure channel.  Fake Xauthority information is automatically
+    generated and forwarded to the remote machine; the local client
+    automatically examines incoming X11 connections and replaces the
+    fake authorization data with the real data (never telling the 
+    remote machine the real information).
+
+ o  Arbitrary TCP/IP ports can be redirected through the encrypted channel
+    in both directions (e.g., for e-cash transactions).
+
+ o  No retraining needed for normal users; everything happens
+    automatically, and old .rhosts files will work with strong
+    authentication if administration installs host key files.
+
+ o  Never trusts the network.  Minimal trust on the remote side of
+    the connection.  Minimal trust on domain name servers.  Pure RSA
+    authentication never trusts anything but the private key.
+
+ o  Client RSA-authenticates the server machine in the beginning of
+    every connection to prevent trojan horses (by routing or DNS
+    spoofing) and man-in-the-middle attacks, and the server
+    RSA-authenticates the client machine before accepting .rhosts or
+    /etc/hosts.equiv authentication (to prevent DNS, routing, or
+    IP-spoofing).
+
+ o  Host authentication key distribution can be centrally by the
+    administration, automatically when the first connection is made
+    to a machine (the key obtained on the first connection will be
+    recorded and used for authentication in the future), or manually
+    by each user for his/her own use.  The central and per-user host
+    key repositories are both used and complement each other.  Host
+    keys can be generated centrally or automatically when the software
+    is installed.  Host authentication keys are typically 1024 bits.
+
+ o  Any user can create any number of user authentication RSA keys for
+    his/her own use.  Each user has a file which lists the RSA public
+    keys for which proof of possession of the corresponding private
+    key is accepted as authentication.  User authentication keys are
+    typically 1024 bits.
+
+ o  The server program has its own server RSA key which is
+    automatically regenerated every hour.  This key is never saved in
+    any file.  Exchanged session keys are encrypted using both the
+    server key and the server host key.  The purpose of the separate
+    server key is to make it impossible to decipher a captured session by
+    breaking into the server machine at a later time; one hour from
+    the connection even the server machine cannot decipher the session
+    key.  The key regeneration interval is configurable.  The server
+    key is normally 768 bits.
+
+ o  An authentication agent, running in the user's laptop or local
+    workstation, can be used to hold the user's RSA authentication
+    keys.  Ssh automatically forwards the connection to the
+    authentication agent over any connections, and there is no need to
+    store the RSA authentication keys on any machine in the network
+    (except the user's own local machine).  The authentication
+    protocols never reveal the keys; they can only be used to verify
+    that the user's agent has a certain key.  Eventually the agent
+    could rely on a smart card to perform all authentication
+    computations.
+
+ o  The software can be installed and used (with restricted
+    functionality) even without root privileges.
+
+ o  The client is customizable in system-wide and per-user
+    configuration files.  Most aspects of the client's operation can
+    be configured.  Different options can be specified on a per-host basis.
+
+ o  Automatically executes conventional rsh (after displaying a
+    warning) if the server machine is not running sshd.
+
+ o  Optional compression of all data with gzip (including forwarded X11
+    and TCP/IP port data), which may result in significant speedups on
+    slow connections.
+
diff --git a/security/ssh/pkg/PLIST b/security/ssh/pkg/PLIST
new file mode 100644
index 00000000000..ac70652f7a4
--- /dev/null
+++ b/security/ssh/pkg/PLIST
@@ -0,0 +1,27 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 1997/12/14 16:17:14 hubertf Exp $
+@comment XXX etc/rc.d/sshd.sh - not yet - hubertf
+bin/scp
+bin/ssh
+@exec ln -fs %f %B/slogin
+@unexec rm -f %B/slogin
+bin/ssh-add
+bin/ssh-agent
+bin/ssh-askpass
+bin/ssh-keygen
+bin/make-ssh-known-hosts
+man/man1/make-ssh-known-hosts.1.gz
+man/man1/scp.1.gz
+man/man1/ssh-add.1.gz
+man/man1/ssh-agent.1.gz
+man/man1/ssh-keygen.1.gz
+man/man1/ssh.1.gz
+man/man1/slogin.1.gz
+man/man8/sshd.8.gz
+sbin/sshd
+etc/ssh_config
+etc/sshd_config
+@exec ln -s /etc/ssh_host_key %B
+@unexec rm -f %B/ssh_host_key
+@exec ln -s /etc/ssh_host_key.pub %B
+@unexec rm -f %B/ssh_host_key.pub
+@exec if [ ! -f %D/etc/ssh_host_key ]; then echo "Generating a secret host key.." ; %D/bin/ssh-keygen -N "" -f %D/etc/ssh_host_key; fi
author	hubertf <hubertf@pkgsrc.org>	1997-12-14 16:17:14 +0000
committer	hubertf <hubertf@pkgsrc.org>	1997-12-14 16:17:14 +0000
commit	43efe0593ab76f5e81767f05a92acfee07909ba8 (patch)
tree	382869867dbf6faa175f20f1f3cfddd1c93bded3 /security/ssh
parent	1eedf0651d1e976611f2669efe4ac879586636a7 (diff)
download	pkgsrc-43efe0593ab76f5e81767f05a92acfee07909ba8.tar.gz