diff options
author | seb <seb@pkgsrc.org> | 2003-01-19 01:26:35 +0000 |
---|---|---|
committer | seb <seb@pkgsrc.org> | 2003-01-19 01:26:35 +0000 |
commit | b95b9f3468d6c6308b3c4e00c49ff67468429aef (patch) | |
tree | fdf146398daf6bbe51e8a6f9b820602973302e7f /security | |
parent | 8837cdd3dcf26f7f7d7dfc635f5cf21fbda68e08 (diff) | |
download | pkgsrc-b95b9f3468d6c6308b3c4e00c49ff67468429aef.tar.gz |
Update to version 3.5p1
Also mark this package as conflicting with ssh2 package.
Changes:
20021003
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/10/01 20:34:12
[ssh-agent.c]
allow root to access the agent, since there is no protection from root.
- markus@cvs.openbsd.org 2002/10/01 13:24:50
[version.h]
OpenSSH 3.5
- (djm) Bump RPM spec version numbers
- (djm) Bug #406 s/msg_send/ssh_msh_send/ for Mac OS X 1.2
20020930
- (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs,
tweak README
- (djm) OpenBSD CVS Sync
- mickey@cvs.openbsd.org 2002/09/27 10:42:09
[compat.c compat.h sshd.c]
add a generic match for a prober, such as sie big brother;
idea from stevesk@; markus@ ok
- stevesk@cvs.openbsd.org 2002/09/27 15:46:21
[ssh.1]
clarify compression level protocol 1 only; ok markus@ deraadt@
20020927
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/09/25 11:17:16
[sshd_config]
sync LoginGraceTime with default
- markus@cvs.openbsd.org 2002/09/25 15:19:02
[sshd.c]
typo; pilot@monkey.org
- markus@cvs.openbsd.org 2002/09/26 11:38:43
[auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h]
krb4 + privsep; ok dugsong@, deraadt@
20020925
- (bal) Fix issue where successfull login does not clear failure counts
in AIX. Patch by dtucker@zip.com.au ok by djm
- (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
This does not include the deattack.c fixes.
20020923
- (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/09/23 20:46:27
[canohost.c]
change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for
non-sockets; fixes a problem passing NULL to snprintf(). ok markus@
- markus@cvs.openbsd.org 2002/09/23 22:11:05
[monitor.c]
only call auth_krb5 if kerberos is enabled; ok deraadt@
- markus@cvs.openbsd.org 2002/09/24 08:46:04
[monitor.c]
only call kerberos code for authctxt->valid
- todd@cvs.openbsd.org 2002/09/24 20:59:44
[sshd.8]
tweak the example $HOME/.ssh/rc script to not show on any cmdline the
sensitive data it handles. This fixes bug # 402 as reported by
kolya@mit.edu (Nickolai Zeldovich).
ok markus@ and stevesk@
20020923
- (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au
20020922
- (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/09/19 14:53:14
[compat.c]
- markus@cvs.openbsd.org 2002/09/19 15:51:23
[ssh-add.c]
typo; cd@kalkatraz.de
- stevesk@cvs.openbsd.org 2002/09/19 16:03:15
[serverloop.c]
log IP address also; ok markus@
- stevesk@cvs.openbsd.org 2002/09/20 18:41:29
[auth.c]
log illegal user here for missing privsep case (ssh2).
this is executed in the monitor. ok markus@
20020919
- (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/09/12 19:11:52
[ssh-agent.c]
%u for uid print; ok markus@
- stevesk@cvs.openbsd.org 2002/09/12 19:50:36
[session.c ssh.1]
add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384. ok markus@
- stevesk@cvs.openbsd.org 2002/09/13 19:23:09
[channels.c sshconnect.c sshd.c]
remove use of SO_LINGER, it should not be needed. error check
SO_REUSEADDR. fixup comments. ok markus@
- stevesk@cvs.openbsd.org 2002/09/16 19:55:33
[session.c]
log when _PATH_NOLOGIN exists; ok markus@
- stevesk@cvs.openbsd.org 2002/09/16 20:12:11
[sshd_config.5]
more details on X11Forwarding security issues and threats; ok markus@
- stevesk@cvs.openbsd.org 2002/09/16 22:03:13
[sshd.8]
reference moduli(5) in FILES /etc/moduli.
- itojun@cvs.openbsd.org 2002/09/17 07:47:02
[channels.c]
don't quit while creating X11 listening socket.
http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
got from portable. markus ok
- djm@cvs.openbsd.org 2002/09/19 01:58:18
[ssh.c sshconnect.c]
bugzilla.mindrot.org #223 - ProxyCommands don't exit.
Patch from dtucker@zip.com.au; ok markus@
20020912
- (djm) Made GNOME askpass programs return non-zero if cancel button is
pressed.
- (djm) Added getpeereid() replacement. Properly implemented for systems
with SO_PEERCRED support. Faked for systems which lack it.
- (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and
fake-queue.h to sys-tree.h and sys-queue.h
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/09/08 20:24:08
[hostfile.h]
no comma at end of enumerator list
- itojun@cvs.openbsd.org 2002/09/09 06:48:06
[auth1.c auth.h auth-krb5.c monitor.c monitor.h]
[monitor_wrap.c monitor_wrap.h]
kerberos support for privsep. confirmed to work by lha@stacken.kth.se
patch from markus
- markus@cvs.openbsd.org 2002/09/09 14:54:15
[channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c]
signed vs unsigned from -pedantic; ok henning@
- markus@cvs.openbsd.org 2002/09/10 20:24:47
[ssh-agent.c]
check the euid of the connecting process with getpeereid(2);
ok provos deraadt stevesk
- stevesk@cvs.openbsd.org 2002/09/11 17:55:03
[ssh.1]
add agent and X11 forwarding warning text from ssh_config.5; ok markus@
- stevesk@cvs.openbsd.org 2002/09/11 18:27:26
[authfd.c authfd.h ssh.c]
don't connect to agent to test for presence if we've previously
connected; ok markus@
- djm@cvs.openbsd.org 2002/09/11 22:41:50
[sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h]
[sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c]
support for short/long listings and globbing in "ls"; ok markus@
- djm@cvs.openbsd.org 2002/09/12 00:13:06
[sftp-int.c]
zap unused var introduced in last commit
20020911
- (djm) Sync openbsd-compat with OpenBSD -current
20020910
- (djm) Bug #365: Read /.ssh/environment properly under CygWin.
Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com>
- (djm) Bug #138: Make protocol 1 blowfish work with old OpenSSL.
Patch from Robert Halubek <rob@adso.com.pl>
20020905
- (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/09/04 18:52:42
[servconf.c sshd.8 sshd_config.5]
default LoginGraceTime to 2m; 1m may be too short for slow systems.
ok markus@
- (djm) Merge openssh-TODO.patch from Redhat (null) beta
- (djm) Add gnome-ssh-askpass2.c (gtk2) by merge with patch from
Nalin Dahyabhai <nalin@redhat.com>
- (djm) Add support for building gtk2 password requestor from Redhat beta
20020903
- (djm) Patch from itojun@ for Darwin OS: test getaddrinfo, reorder libcrypt
- (djm) Fix Redhat RPM build dependancy test
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/08/12 10:46:35
[ssh-agent.c]
make ssh-agent setgid, disallow ptrace.
- espie@cvs.openbsd.org 2002/08/21 11:20:59
[sshd.8]
`RSA' updated to refer to `public key', where it matters.
okay markus@
- stevesk@cvs.openbsd.org 2002/08/21 19:38:06
[servconf.c sshd.8 sshd_config sshd_config.5]
change LoginGraceTime default to 1 minute; ok mouring@ markus@
- stevesk@cvs.openbsd.org 2002/08/21 20:10:28
[ssh-agent.c]
raise listen backlog; ok markus@
- stevesk@cvs.openbsd.org 2002/08/22 19:27:53
[ssh-agent.c]
use common close function; ok markus@
- stevesk@cvs.openbsd.org 2002/08/22 19:38:42
[clientloop.c]
format with current EscapeChar; bugzilla #388 from wknox@mitre.org.
ok markus@
- stevesk@cvs.openbsd.org 2002/08/22 20:57:19
[ssh-agent.c]
shutdown(SHUT_RDWR) not needed before close here; ok markus@
- markus@cvs.openbsd.org 2002/08/22 21:33:58
[auth1.c auth2.c]
auth_root_allowed() is handled by the monitor in the privsep case,
so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
- markus@cvs.openbsd.org 2002/08/22 21:45:41
[session.c]
send signal name (not signal number) in "exit-signal" message; noticed
by galb@vandyke.com
- stevesk@cvs.openbsd.org 2002/08/27 17:13:56
[ssh-rsa.c]
RSA_public_decrypt() returns -1 on error so len must be signed;
ok markus@
- stevesk@cvs.openbsd.org 2002/08/27 17:18:40
[ssh_config.5]
some warning text for ForwardAgent and ForwardX11; ok markus@
- stevesk@cvs.openbsd.org 2002/08/29 15:57:25
[monitor.c session.c sshlogin.c sshlogin.h]
pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
NOTE: there are also p-specific parts to this patch. ok markus@
- stevesk@cvs.openbsd.org 2002/08/29 16:02:54
[ssh.1 ssh.c]
deprecate -P as UsePrivilegedPort defaults to no now; ok markus@
- stevesk@cvs.openbsd.org 2002/08/29 16:09:02
[ssh_config.5]
more on UsePrivilegedPort and setuid root; ok markus@
- stevesk@cvs.openbsd.org 2002/08/29 19:49:42
[ssh.c]
shrink initial privilege bracket for setuid case; ok markus@
- stevesk@cvs.openbsd.org 2002/08/29 22:54:10
[ssh_config.5 sshd_config.5]
state XAuthLocation is a full pathname
20020820
- OpenBSD CVS Sync
- millert@cvs.openbsd.org 2002/08/02 14:43:15
[monitor.c monitor_mm.c]
Change mm_zalloc() sanity checks to be more in line with what
we do in calloc() and add a check to monitor_mm.c.
OK provos@ and markus@
- marc@cvs.openbsd.org 2002/08/02 16:00:07
[ssh.1 sshd.8]
note that .ssh/environment is only read when
allowed (PermitUserEnvironment in sshd_config).
OK markus@
- markus@cvs.openbsd.org 2002/08/02 21:23:41
[ssh-rsa.c]
diff is u_int (2x); ok deraadt/provos
- markus@cvs.openbsd.org 2002/08/02 22:20:30
[ssh-rsa.c]
replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser
for authentication; ok deraadt/djm
- aaron@cvs.openbsd.org 2002/08/08 13:50:23
[sshconnect1.c]
Use & to test if bits are set, not &&; markus@ ok.
- stevesk@cvs.openbsd.org 2002/08/08 23:54:52
[auth.c]
typo in comment
- stevesk@cvs.openbsd.org 2002/08/09 17:21:42
[sshd_config.5]
use Op for mdoc conformance; from esr@golux.thyrsus.com
ok aaron@
- stevesk@cvs.openbsd.org 2002/08/09 17:41:12
[sshd_config.5]
proxy vs. fake display
- stevesk@cvs.openbsd.org 2002/08/12 17:30:35
[ssh.1 sshd.8 sshd_config.5]
more PermitUserEnvironment; ok markus@
- stevesk@cvs.openbsd.org 2002/08/17 23:07:14
[ssh.1]
ForwardAgent has defaulted to no for over 2 years; be more clear here.
- stevesk@cvs.openbsd.org 2002/08/17 23:55:01
[ssh_config.5]
ordered list here
- (bal) [defines.h] Some platforms don't have SIZE_T_MAX. So assign
it to ULONG_MAX.
20020813
- (tim) [configure.ac] Display OpenSSL header/library version.
Patch by dtucker@zip.com.au
20020731
- (bal) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/07/24 16:11:18
[hostfile.c hostfile.h sshconnect.c]
print out all known keys for a host if we get a unknown host key,
see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4
the ssharp mitm tool attacks users in a similar way, so i'd like to
pointed out again:
A MITM attack is always possible if the ssh client prints:
The authenticity of host 'bla' can't be established.
(protocol version 2 with pubkey authentication allows you to detect
MITM attacks)
- mouring@cvs.openbsd.org 2002/07/25 01:16:59
[sftp.c]
FallBackToRsh does not exist anywhere else. Remove it from here.
OK deraadt.
- markus@cvs.openbsd.org 2002/07/29 18:57:30
[sshconnect.c]
print file:line
- markus@cvs.openbsd.org 2002/07/30 17:03:55
[auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
add PermitUserEnvironment (off by default!); from dot@dotat.at;
ok provos, deraadt
20020730
- (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de
20020728
- (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar
- (stevesk) [CREDITS] solar
- (stevesk) [ssh-rand-helper.c] RAND_bytes() and SHA1_Final() unsigned
char arg.
20020725
- (djm) Remove some cruft from INSTALL
- (djm) Latest config.guess and config.sub from ftp://ftp.gnu.org/gnu/config/
20020723
- (bal) [bsd-cray.c bsd-cray.h] Part 2 of Cray merger.
- (bal) sync ID w/ ssh-agent.c
- (bal) OpenBSD Sync
- markus@cvs.openbsd.org 2002/07/19 15:43:33
[log.c log.h session.c sshd.c]
remove fatal cleanups after fork; based on discussions with and code
from solar.
- stevesk@cvs.openbsd.org 2002/07/19 17:42:40
[ssh.c]
display a warning from ssh when XAuthLocation does not exist or xauth
returned no authentication data. ok markus@
- stevesk@cvs.openbsd.org 2002/07/21 18:32:20
[auth-options.c]
unneeded includes
- stevesk@cvs.openbsd.org 2002/07/21 18:34:43
[auth-options.h]
remove invalid comment
- markus@cvs.openbsd.org 2002/07/22 11:03:06
[session.c]
fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors;
- stevesk@cvs.openbsd.org 2002/07/22 17:32:56
[monitor.c]
u_int here; ok provos@
- stevesk@cvs.openbsd.org 2002/07/23 16:03:10
[sshd.c]
utmp_len is unsigned; display error consistent with other options.
ok markus@
- stevesk@cvs.openbsd.org 2002/07/15 17:15:31
[uidswap.c]
little more debugging; ok markus@
20020722
- (bal) AIX tty data limiting patch fix by leigh@solinno.co.uk
- (stevesk) [xmmap.c] missing prototype for fatal()
- (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync
with Cray (mostly #ifdef renaming). Patch by wendyp@cray.com.
- (bal) [configure.ac] Missing ;; from cray patch.
- (bal) [monitor_mm.c openbsd-compat/xmmap.h] Move xmmap() defines
into it's own header.
- (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be
freed by the caller; add free_pam_environment() and use it.
- (stevesk) [auth-pam.c] typo in comment
20020721
- (stevesk) [auth-pam.c] merge cosmetic changes from solar's
openssh-3.4p1-owl-password-changing.diff
- (stevesk) [auth-pam.c] merge rest of solar's PAM patch;
PAM_NEW_AUTHTOK_REQD remains in #if 0 for now.
- (stevesk) [auth-pam.c] cast to avoid initialization type mismatch
warning on pam_conv struct conversation function.
- (stevesk) [auth-pam.h] license
- (stevesk) [auth-pam.h] unneeded include
- (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h
20020720
- (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng().
20020719
- (tim) [contrib/solaris/buildpkg.sh] create privsep user/group if needed.
Patch by dtucker@zip.com.au
- (tim) [configure.ac] test for libxnet on HP. Patch by dtucker@zip.com.au
20020718
- (tim) [defines.h] Bug 313 patch by dirk.meyer@dinoex.sub.org
- (tim) [monitor_mm.c] add missing declaration for xmmap(). Reported
by ayamura@ayamura.org
- (tim) [configure.ac] Bug 267 rework int64_t test.
- (tim) [includes.h] Bug 267 add stdint.h
20020717
- (bal) aixbff package updated by dtucker@zip.com.au
- (tim) [configure.ac] change how we do paths in AC_PATH_PROGS tests
for autoconf 2.53. Based on a patch by jrj@purdue.edu
20020716
- (tim) [contrib/solaris/opensshd.in] Only kill sshd if .pid file found
20020715
- (bal) OpenBSD CVS Sync
- itojun@cvs.openbsd.org 2002/07/12 13:29:09
[sshconnect.c]
print connect failure during debugging mode.
- markus@cvs.openbsd.org 2002/07/12 15:50:17
[cipher.c]
EVP_CIPH_CUSTOM_IV for our own rijndael
- (bal) Remove unused tty defined in do_setusercontext() pointed out by
dtucker@zip.com.au plus a a more KNF since I am near it.
- (bal) Privsep user creation support in Solaris buildpkg.sh by
dtucker@zip.com.au
20020714
- (tim) [Makefile.in] replace "id sshd" with "sshd -t"
- (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c
openbsd-compat/Makefile.in] support compression on platforms that
have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c
Based on patch from nalin@redhat.com of code extracted from Owl's package
- (tim) [ssh_prng_cmds.in] Bug 323 arp -n flag doesn't exist under Solaris.
report by chris@by-design.net
- (tim) [loginrec.c] Bug 347: Fix typo (WTMPX_FILE) report by rodney@bond.net
- (tim) [loginrec.c] Bug 348: add missing found = 1; to wtmpx_islogin()
report by rodney@bond.net
20020712
- (tim) [Makefile.in] quiet down install-files: and check-user:
- (tim) [configure.ac] remove unused filepriv line
20020710
- (tim) [contrib/cygwin/ssh-host-config] explicitely sets the permissions
on /var/empty to 755 Patch by vinschen@redhat.com
- (bal) OpenBSD CVS Sync
- itojun@cvs.openbsd.org 2002/07/09 11:56:50
[sshconnect.c]
silently try next address on connect(2). markus ok
- itojun@cvs.openbsd.org 2002/07/09 11:56:27
[canohost.c]
suppress log on reverse lookup failiure, as there's no real value in
doing so.
markus ok
- itojun@cvs.openbsd.org 2002/07/09 12:04:02
[sshconnect.c]
ed static function (less warnings)
- stevesk@cvs.openbsd.org 2002/07/09 17:46:25
[sshd_config.5]
clarify no preference ordering in protocol list; ok markus@
- itojun@cvs.openbsd.org 2002/07/10 10:28:15
[sshconnect.c]
bark if all connection attempt fails.
- deraadt@cvs.openbsd.org 2002/07/10 17:53:54
[rijndael.c]
use right sizeof in memcpy; markus ok
20020709
- (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms
lacking that concept can share it. Patch by vinschen@redhat.com
20020708
- (tim) [openssh/contrib/solaris/buildpkg.sh] add PKG_INSTALL_ROOT to
work in a jumpstart environment. patch by kbrint@rufus.net
- (tim) [Makefile.in] workaround for broken pakadd on some systems.
- (tim) [configure.ac] fix libc89 utimes test. Mention default path for
--with-privsep-path=
20020707
- (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH)
- (tim) [acconfig.h configure.ac sshd.c]
s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/
- (tim) [contrib/cygwin/ssh-host-config] sshd account creation fixes
patch from vinschen@redhat.com
- (bal) [realpath.c] Updated with OpenBSD tree.
- (bal) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2002/07/04 04:15:33
[key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c]
patch memory leaks; grendel@zeitbombe.org
- deraadt@cvs.openbsd.org 2002/07/04 08:12:15
[channels.c packet.c]
blah blah minor nothing as i read and re-read and re-read...
- markus@cvs.openbsd.org 2002/07/04 10:41:47
[key.c monitor_wrap.c ssh-dss.c ssh-rsa.c]
don't allocate, copy, and discard if there is not interested in the data;
ok deraadt@
- deraadt@cvs.openbsd.org 2002/07/06 01:00:49
[log.c]
KNF
- deraadt@cvs.openbsd.org 2002/07/06 01:01:26
[ssh-keyscan.c]
KNF, realloc fix, and clean usage
- stevesk@cvs.openbsd.org 2002/07/06 17:47:58
[ssh-keyscan.c]
unused variable
- (bal) Minor KNF on ssh-keyscan.c
20020705
- (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs.
Reported by Darren Tucker <dtucker@zip.com.au>
- (tim) [contrib/cygwin/ssh-host-config] double slash corrction
from vinschen@redhat.com
20020704
- (bal) Limit data to TTY for AIX only (Newer versions can't handle the
faster data rate) Bug #124
- (bal) glob.c defines TILDE and AIX also defines it. #undef it first.
bug #265
- (bal) One too many nulls in ports-aix.c
20020703
- (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com
- (bal) minor correction to utimes() replacement. Patch by
onoe@sm.sony.co.jp
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/06/27 08:49:44
[dh.c ssh-keyscan.c sshconnect.c]
more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@
- deraadt@cvs.openbsd.org 2002/06/27 09:08:00
[monitor.c]
improve mm_zalloc check; markus ok
- deraadt@cvs.openbsd.org 2002/06/27 10:35:47
[auth2-none.c monitor.c sftp-client.c]
use xfree()
- stevesk@cvs.openbsd.org 2002/06/27 19:49:08
[ssh-keyscan.c]
use convtime(); ok markus@
- millert@cvs.openbsd.org 2002/06/28 01:49:31
[monitor_mm.c]
tree(3) wants an int return value for its compare functions and
the difference between two pointers is not an int. Just do the
safest thing and store the result in a long and then return 0,
-1, or 1 based on that result.
- deraadt@cvs.openbsd.org 2002/06/28 01:50:37
[monitor_wrap.c]
use ssize_t
- deraadt@cvs.openbsd.org 2002/06/28 10:08:25
[sshd.c]
range check -u option at invocation
- deraadt@cvs.openbsd.org 2002/06/28 23:05:06
[sshd.c]
gidset[2] -> gidset[1]; markus ok
- deraadt@cvs.openbsd.org 2002/06/30 21:54:16
[auth2.c session.c sshd.c]
lint asks that we use names that do not overlap
- deraadt@cvs.openbsd.org 2002/06/30 21:59:45
[auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
sshconnect2.c sshd.c]
minor KNF
- deraadt@cvs.openbsd.org 2002/07/01 16:15:25
[msg.c]
%u
- markus@cvs.openbsd.org 2002/07/01 19:48:46
[sshconnect2.c]
for compression=yes, we fallback to no-compression if the server does
not support compression, vice versa for compression=no. ok mouring@
- markus@cvs.openbsd.org 2002/07/03 09:55:38
[ssh-keysign.c]
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
in order to avoid a possible Kocher timing attack pointed out by Charles
Hannum; ok provos@
- markus@cvs.openbsd.org 2002/07/03 14:21:05
[ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
re-enable ssh-keysign's sbit, but make ssh-keysign read
/etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
globally. based on discussions with deraadt, itojun and sommerfeld;
ok itojun@
- (bal) Failed password attempts don't increment counter on AIX. Bug #145
- (bal) Missed Makefile.in change. keysign needs readconf.o
- (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess.
20020702
- (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &
friends consistently. Spotted by Solar Designer <solar@openwall.com>
20020629
- (bal) fix to auth2-pam.c to swap fatal() arguments, A bit of style
clean up while I'm near it.
20020628
- (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented
options should contain default value. from solar.
- (bal) Cygwin uid0 fix by vinschen@redhat.com
- (bal) s/config.h/includes.h/ in openbsd-compat/ for *.c. Otherwise wise
have issues of our fixes not propogating right (ie bcopy instead of
memmove). OK tim
- (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported.
Bug #303
20020627
- OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2002/06/26 14:49:36
[monitor.c]
correct %u
- deraadt@cvs.openbsd.org 2002/06/26 14:50:04
[monitor_fdpass.c]
use ssize_t for recvmsg() and sendmsg() return
- markus@cvs.openbsd.org 2002/06/26 14:51:33
[ssh-add.c]
fix exit code for -X/-x
- deraadt@cvs.openbsd.org 2002/06/26 15:00:32
[monitor_wrap.c]
more %u
- markus@cvs.openbsd.org 2002/06/26 22:27:32
[ssh-keysign.c]
bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
Diffstat (limited to 'security')
-rw-r--r-- | security/openssh/Makefile | 8 | ||||
-rw-r--r-- | security/openssh/distinfo | 10 | ||||
-rw-r--r-- | security/openssh/patches/patch-aa | 154 | ||||
-rw-r--r-- | security/openssh/patches/patch-ab | 58 |
4 files changed, 19 insertions, 211 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index bacd45d0440..694ca6b0e7f 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.91 2002/09/19 09:04:22 jlam Exp $ +# $NetBSD: Makefile,v 1.92 2003/01/19 01:26:35 seb Exp $ -DISTNAME= openssh-3.4p1 -PKGNAME= openssh-3.4.0.1 +DISTNAME= openssh-3.5p1 +PKGNAME= openssh-3.5.0.1 SVR4_PKGNAME= ossh CATEGORIES= security #MASTER_SITES= ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \ @@ -15,7 +15,7 @@ HOMEPAGE= http://www.openssh.com/ COMMENT= Open Source Secure shell client and server (remote login program) CONFLICTS= sftp-[0-9]* -CONFLICTS+= ssh-[0-9]* ssh6-[0-9]* +CONFLICTS+= ssh-[0-9]* ssh6-[0-9]* ssh2-[0-9]* USE_PERL5= build diff --git a/security/openssh/distinfo b/security/openssh/distinfo index a81a0dedd2b..08f7fa32f00 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.22 2002/09/09 20:16:22 jlam Exp $ +$NetBSD: distinfo,v 1.23 2003/01/19 01:26:36 seb Exp $ -SHA1 (openssh-3.4p1.tar.gz) = 8841326bf79b2c8a88d7a6e371739ec21cee73bc -Size (openssh-3.4p1.tar.gz) = 837668 bytes -SHA1 (patch-aa) = 6ef5aad9f5db134be3b6c2fa34a3e5ab158b7a58 -SHA1 (patch-ab) = a8021e0af1bbc2ea2e74ca117f1210fbd2837699 +SHA1 (openssh-3.5p1.tar.gz) = 44025609bc882933ae8626dd012fd866f07af935 +Size (openssh-3.5p1.tar.gz) = 851486 bytes +SHA1 (patch-aa) = 63aa7c0acb4c568545b684cd9838410a82659bac +SHA1 (patch-ab) = 1069fe256b7925fcf404781ef14e5c492f52c21e SHA1 (patch-ah) = 9913c868bde5d318915b1dee2c05dcf454a0f506 diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa index 15b80194482..4445f258df2 100644 --- a/security/openssh/patches/patch-aa +++ b/security/openssh/patches/patch-aa @@ -1,75 +1,8 @@ -$NetBSD: patch-aa,v 1.26 2002/09/09 20:16:25 jlam Exp $ +$NetBSD: patch-aa,v 1.27 2003/01/19 01:26:38 seb Exp $ ---- configure.orig Wed Jun 26 07:08:18 2002 +--- configure.orig Sun Jan 19 00:38:52 2003 +++ configure -@@ -3683,10 +3683,49 @@ _ACEOF - - ;; - *-*-darwin*) -+ echo "$as_me:$LINENO: checking if we have working getaddrinfo" >&5 -+echo $ECHO_N "checking if we have working getaddrinfo... $ECHO_C" >&6 -+ if test "$cross_compiling" = yes; then -+ echo "$as_me:$LINENO: result: assume it is working" >&5 -+echo "${ECHO_T}assume it is working" >&6 -+else -+ cat >conftest.$ac_ext <<_ACEOF -+#line $LINENO "configure" -+#include "confdefs.h" -+#include <mach-o/dyld.h> -+main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) -+ exit(0); -+ else -+ exit(1); -+} -+_ACEOF -+rm -f conftest$ac_exeext -+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 -+ (eval $ac_link) 2>&5 -+ ac_status=$? -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext' -+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 -+ (eval $ac_try) 2>&5 -+ ac_status=$? -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); }; }; then -+ echo "$as_me:$LINENO: result: working" >&5 -+echo "${ECHO_T}working" >&6 -+else -+ echo "$as_me: program exited with status $ac_status" >&5 -+echo "$as_me: failed program was:" >&5 -+cat conftest.$ac_ext >&5 -+( exit $ac_status ) -+echo "$as_me:$LINENO: result: buggy" >&5 -+echo "${ECHO_T}buggy" >&6 - cat >>confdefs.h <<\_ACEOF - #define BROKEN_GETADDRINFO 1 - _ACEOF - -+fi -+rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -+fi - ;; - *-*-hpux10.26) - if test -z "$GCC"; then -@@ -3920,6 +3959,7 @@ _ACEOF - SONY=1 - ;; - *-*-netbsd*) -+ check_for_libcrypt_before=1 - need_dash_r=1 - ;; - *-*-freebsd*) -@@ -3950,8 +3990,6 @@ _ACEOF - CFLAGS="$CFLAGS" - ;; - *-*-solaris*) -- CPPFLAGS="$CPPFLAGS -I/usr/local/include" -- LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" - need_dash_r=1 - cat >>confdefs.h <<\_ACEOF - #define PAM_SUN_CODEBASE 1 -@@ -4406,6 +4444,9 @@ _ACEOF +@@ -4697,6 +4697,9 @@ _ACEOF ;; esac @@ -79,7 +12,7 @@ $NetBSD: patch-aa,v 1.26 2002/09/09 20:16:25 jlam Exp $ # Allow user to specify flags # Check whether --with-cflags or --without-cflags was given. -@@ -6319,6 +6360,10 @@ echo $ECHO_N "checking for libwrap... $E +@@ -6616,6 +6619,10 @@ echo $ECHO_N "checking for libwrap... $E #line $LINENO "configure" #include "confdefs.h" @@ -90,84 +23,7 @@ $NetBSD: patch-aa,v 1.26 2002/09/09 20:16:25 jlam Exp $ #include <tcpd.h> int deny_severity = 0, allow_severity = 0; -@@ -8090,6 +8135,76 @@ fi - rm -f conftest.$ac_objext conftest.$ac_ext - fi - -+# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, -+# because the system crypt() is more featureful. -+if test "x$check_for_libcrypt_before" = "x1"; then -+ -+echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5 -+echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6 -+if test "${ac_cv_lib_crypt_crypt+set}" = set; then -+ echo $ECHO_N "(cached) $ECHO_C" >&6 -+else -+ ac_check_lib_save_LIBS=$LIBS -+LIBS="-lcrypt $LIBS" -+cat >conftest.$ac_ext <<_ACEOF -+#line $LINENO "configure" -+#include "confdefs.h" -+ -+/* Override any gcc2 internal prototype to avoid an error. */ -+#ifdef __cplusplus -+extern "C" -+#endif -+/* We use char because int might match the return type of a gcc2 -+ builtin and then its argument prototype would still apply. */ -+char crypt (); -+#ifdef F77_DUMMY_MAIN -+# ifdef __cplusplus -+ extern "C" -+# endif -+ int F77_DUMMY_MAIN() { return 1; } -+#endif -+int -+main () -+{ -+crypt (); -+ ; -+ return 0; -+} -+_ACEOF -+rm -f conftest.$ac_objext conftest$ac_exeext -+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 -+ (eval $ac_link) 2>&5 -+ ac_status=$? -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); } && -+ { ac_try='test -s conftest$ac_exeext' -+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 -+ (eval $ac_try) 2>&5 -+ ac_status=$? -+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); }; }; then -+ ac_cv_lib_crypt_crypt=yes -+else -+ echo "$as_me: failed program was:" >&5 -+cat conftest.$ac_ext >&5 -+ac_cv_lib_crypt_crypt=no -+fi -+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext -+LIBS=$ac_check_lib_save_LIBS -+fi -+echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5 -+echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6 -+if test $ac_cv_lib_crypt_crypt = yes; then -+ cat >>confdefs.h <<_ACEOF -+#define HAVE_LIBCRYPT 1 -+_ACEOF -+ -+ LIBS="-lcrypt $LIBS" -+ -+fi -+ -+fi -+ - # Search for OpenSSL - saved_CPPFLAGS="$CPPFLAGS" - saved_LDFLAGS="$LDFLAGS" -@@ -17497,7 +17612,7 @@ echo "OpenSSH has been configured with t +@@ -17846,7 +17853,7 @@ echo "OpenSSH has been configured with t echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab index af0c28a8918..cb659caa00f 100644 --- a/security/openssh/patches/patch-ab +++ b/security/openssh/patches/patch-ab @@ -1,43 +1,8 @@ -$NetBSD: patch-ab,v 1.13 2002/09/09 20:16:26 jlam Exp $ +$NetBSD: patch-ab,v 1.14 2003/01/19 01:26:40 seb Exp $ ---- configure.ac.orig Tue Jun 25 15:35:16 2002 +--- configure.ac.orig Thu Sep 26 00:38:47 2002 +++ configure.ac -@@ -93,7 +93,16 @@ case "$host" in - AC_DEFINE(IP_TOS_IS_BROKEN) - ;; - *-*-darwin*) -- AC_DEFINE(BROKEN_GETADDRINFO) -+ AC_MSG_CHECKING(if we have working getaddrinfo) -+ AC_TRY_RUN([#include <mach-o/dyld.h> -+main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) -+ exit(0); -+ else -+ exit(1); -+}], [AC_MSG_RESULT(working)], -+ [AC_MSG_RESULT(buggy) -+ AC_DEFINE(BROKEN_GETADDRINFO)], -+ [AC_MSG_RESULT(assume it is working)]) - ;; - *-*-hpux10.26) - if test -z "$GCC"; then -@@ -167,6 +176,7 @@ mips-sony-bsd|mips-sony-newsos4) - SONY=1 - ;; - *-*-netbsd*) -+ check_for_libcrypt_before=1 - need_dash_r=1 - ;; - *-*-freebsd*) -@@ -185,8 +195,6 @@ mips-sony-bsd|mips-sony-newsos4) - CFLAGS="$CFLAGS" - ;; - *-*-solaris*) -- CPPFLAGS="$CPPFLAGS -I/usr/local/include" -- LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" - need_dash_r=1 - AC_DEFINE(PAM_SUN_CODEBASE) - AC_DEFINE(LOGIN_NEEDS_UTMPX) -@@ -312,6 +320,9 @@ mips-sony-bsd|mips-sony-newsos4) +@@ -341,6 +341,9 @@ mips-sony-bsd|mips-sony-newsos4) ;; esac @@ -47,7 +12,7 @@ $NetBSD: patch-ab,v 1.13 2002/09/09 20:16:26 jlam Exp $ # Allow user to specify flags AC_ARG_WITH(cflags, [ --with-cflags Specify additional flags to pass to compiler], -@@ -545,6 +556,10 @@ AC_ARG_WITH(tcp-wrappers, +@@ -575,6 +578,10 @@ AC_ARG_WITH(tcp-wrappers, AC_MSG_CHECKING(for libwrap) AC_TRY_LINK( [ @@ -58,20 +23,7 @@ $NetBSD: patch-ab,v 1.13 2002/09/09 20:16:26 jlam Exp $ #include <tcpd.h> int deny_severity = 0, allow_severity = 0; ], -@@ -723,6 +738,12 @@ if test "x$PAM_MSG" = "xyes" ; then - ) - fi - -+# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, -+# because the system crypt() is more featureful. -+if test "x$check_for_libcrypt_before" = "x1"; then -+ AC_CHECK_LIB(crypt, crypt) -+fi -+ - # Search for OpenSSL - saved_CPPFLAGS="$CPPFLAGS" - saved_LDFLAGS="$LDFLAGS" -@@ -2385,7 +2406,7 @@ echo "OpenSSH has been configured with t +@@ -2449,7 +2456,7 @@ echo "OpenSSH has been configured with t echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" |