summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authoritojun <itojun>2000-07-02 22:07:55 +0000
committeritojun <itojun>2000-07-02 22:07:55 +0000
commitdcc7ef1101214bbfd10053f3cab812c9a9538001 (patch)
treec810f6dc5de421a81e580999e4ca6df7be03bdbd /security
parent13fb831180cb42fa7fe48b329d4eec190acd073c (diff)
downloadpkgsrc-dcc7ef1101214bbfd10053f3cab812c9a9538001.tar.gz
upgrade fro 2.1.1p1 to 2.1.1p2.
--- recent changelogs 20000701 - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu> - (djm) Login fixes from Tom Bertelson <tbert@abac.com> - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen <vinschen@cygnus.com> - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM - (djm) Added check for broken snprintf() functions which do not correctly terminate output string and attempt to use replacement. - (djm) Released 2.1.1p2 20000628 - (djm) Fixes to lastlog code for Irix - (djm) Use atomicio in loginrec - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for Irix 6.x array sessions, project id's, and system audit trail id. - (djm) Added 'distprep' make target to simplify packaging - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA support. Enable using "USE_SIA=1 ./configure [options]" 20000627 - (djm) Fixes to login code - not setting li->uid, cleanups - (djm) Formatting 20000626 - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net> - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de> - (djm) Added password expiry checking (no password change support) - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> - (djm) Fix fixed EGD code. - OpenBSD CVS update - provos@cvs.openbsd.org 2000/06/25 14:17:58 [channels.c] correct check for bad channel ids; from Wei Dai <weidai@eskimo.com> 20000623 - (djm) Use sa_family_t in prototype for rresvport_af. Patch from Svante Signell <svante.signell@telia.com> - (djm) Autoconf logic to define sa_family_t if it is missing - OpenBSD CVS Updates: - markus@cvs.openbsd.org 2000/06/22 10:32:27 [sshd.c] missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL - djm@cvs.openbsd.org 2000/06/22 17:55:00 [auth-krb4.c key.c radix.c uuencode.c] Missing CVS idents; ok markus 20000622 - (djm) Automatically generate host key during "make install". Suggested by Gary E. Miller <gem@rellim.com> - (djm) Paranoia before kill() system call - OpenBSD CVS Updates: - markus@cvs.openbsd.org 2000/06/18 18:50:11 [auth2.c compat.c compat.h sshconnect2.c] make userauth+pubkey interop with ssh.com-2.2.0 - markus@cvs.openbsd.org 2000/06/18 20:56:17 [dsa.c] mem leak + be more paranoid in dsa_verify. - markus@cvs.openbsd.org 2000/06/18 21:29:50 [key.c] cleanup fingerprinting, less hardcoded sizes - markus@cvs.openbsd.org 2000/06/19 19:39:45 [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h] [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h] [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c] [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c] [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h] OpenBSD tag - markus@cvs.openbsd.org 2000/06/21 10:46:10 sshconnect2.c missing free; nuke old comment 20000620 - (djm) Replace use of '-o' and '-a' logical operators in configure tests with '||' and '&&'. As suggested by Jim Knoble <jmknoble@pint-stowp.cx> to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com> - (djm) Typo in loginrec.c 20000618 - (djm) Add summary of configure options to end of ./configure run - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from Michael Stone <mstone@cs.loyola.edu> - (djm) rusage is a privileged operation on some Unices (incl. Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com> - (djm) Avoid PAM failures when running without a TTY. Report from Martin Petrak <petrak@spsknm.schools.sk> - (djm) Include sys/types.h when including netinet/in.h in configure tests. Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net> - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support - OpenBSD CVS updates: - deraadt@cvs.openbsd.org 2000/06/17 09:58:46 [channels.c] everyone says "nix it" (remove protocol 2 debugging message) - markus@cvs.openbsd.org 2000/06/17 13:24:34 [sshconnect.c] allow extended server banners - markus@cvs.openbsd.org 2000/06/17 14:30:10 [sshconnect.c] missing atomicio, typo - jakob@cvs.openbsd.org 2000/06/17 16:52:34 [servconf.c servconf.h session.c sshd.8 sshd_config] add support for ssh v2 subsystems. ok markus@. - deraadt@cvs.openbsd.org 2000/06/17 18:57:48 [readconf.c servconf.c] include = in WHITESPACE; markus ok - markus@cvs.openbsd.org 2000/06/17 19:09:10 [auth2.c] implement bug compatibility with ssh-2.0.13 pubkey, server side - markus@cvs.openbsd.org 2000/06/17 21:00:28 [compat.c] initial support for ssh.com's 2.2.0 - markus@cvs.openbsd.org 2000/06/17 21:16:09 [scp.c] typo - markus@cvs.openbsd.org 2000/06/17 22:05:02 [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h] split auth-rsa option parsing into auth-options add options support to authorized_keys2 - markus@cvs.openbsd.org 2000/06/17 22:42:54 [session.c] typo 20000613 - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>: - Platform define for SCO 3.x which breaks on /dev/ptmx - Detect and try to fix missing MAXPATHLEN - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp <P.S.S.Camp@ukc.ac.uk> 20000612 - (djm) Glob manpages in RPM spec files to catch compressed files - (djm) Full license in auth-pam.c - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>: - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is def'd - Set AIX to use preformatted manpages 20000610 - (djm) Minor doc tweaks - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx> 20000609 - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage (in favour of utmpx) on Solaris 8 20000606 - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through list of commands (by default). Removed verbose debugging (by default). - (djm) Increased command entropy estimates and default entropy collection timeout - (djm) Remove duplicate headers from loginrec.c - (djm) Don't add /usr/local/lib to library search path on Irix - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III <tibbs@math.uh.edu> - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg <zack@wolery.cumb.org> - (djm) OpenBSD CVS updates: - todd@cvs.openbsd.org [sshconnect2.c] teach protocol v2 to count login failures properly and also enable an explanation of why the password prompt comes up again like v1; this is NOT crypto - markus@cvs.openbsd.org [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8] xauth_location support; pr 1234 [readconf.c sshconnect2.c] typo, unused [session.c] allow use_login only for login sessions, otherwise remote commands are execed with uid==0 [sshd.8] document UseLogin better [version.h] OpenSSH 2.1.1 [auth-rsa.c] fix match_hostname() logic for auth-rsa: deny access if we have a negative match or no match at all [channels.c hostfile.c match.c] don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via kris@FreeBSD.org
Diffstat (limited to 'security')
-rw-r--r--security/openssh/Makefile4
-rw-r--r--security/openssh/files/md54
-rw-r--r--security/openssh/files/patch-sum8
-rw-r--r--security/openssh/patches/patch-aa23
-rw-r--r--security/openssh/patches/patch-ah26
-rw-r--r--security/openssh/patches/patch-al42
-rw-r--r--security/openssh/patches/patch-am11
7 files changed, 79 insertions, 39 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index 31ec2c9b188..10f832a8dce 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.14 2000/07/01 01:16:39 itojun Exp $
+# $NetBSD: Makefile,v 1.15 2000/07/02 22:07:55 itojun Exp $
#
-DISTNAME= openssh-2.1.1p1
+DISTNAME= openssh-2.1.1p2
CATEGORIES= security
MASTER_SITES= http://the.wiretapped.net/security/cryptography/ssh/OpenSSH/files/ \
http://www.firedrake.org/openssh/files/ \
diff --git a/security/openssh/files/md5 b/security/openssh/files/md5
index 11d5db8fe82..2912b9210ec 100644
--- a/security/openssh/files/md5
+++ b/security/openssh/files/md5
@@ -1,3 +1,3 @@
-$NetBSD: md5,v 1.5 2000/06/15 04:56:50 itojun Exp $
+$NetBSD: md5,v 1.6 2000/07/02 22:07:56 itojun Exp $
-MD5 (openssh-2.1.1p1.tar.gz) = e043cabc802d7d0790f5aaaea31185b2
+MD5 (openssh-2.1.1p2.tar.gz) = 261de4f02ea8f50f1f0566b40821034a
diff --git a/security/openssh/files/patch-sum b/security/openssh/files/patch-sum
index d95aec6470b..ed59caf032f 100644
--- a/security/openssh/files/patch-sum
+++ b/security/openssh/files/patch-sum
@@ -1,11 +1,13 @@
-$NetBSD: patch-sum,v 1.10 2000/06/15 04:56:50 itojun Exp $
+$NetBSD: patch-sum,v 1.11 2000/07/02 22:07:56 itojun Exp $
-MD5 (patch-aa) = 45b54d94970c6b58478641edaea06ee8
+MD5 (patch-aa) = 9de9202a42d721e8027f9f829a3af96c
MD5 (patch-ac) = 5bdf4a142210aea600f3bf6f3ac14010
MD5 (patch-ae) = 0076ca9d2343f21a304a3eee1a82c3cc
MD5 (patch-af) = 601161a5721c12fa31ae5dcfc1f88a91
MD5 (patch-ag) = 037888228d97283b54d1232daf3945a2
-MD5 (patch-ah) = 2699d4a4c560b1896d756d3799e1614b
+MD5 (patch-ah) = 0c144a44edc914f64ebf5bb5fb0ff401
MD5 (patch-ai) = c2621996e146a82e7deea0363a0e68c9
MD5 (patch-aj) = 5397d9fbfe54544fd186831cfe979329
MD5 (patch-ak) = 1bd755c11128b2b8d7ecc894e70b82c7
+MD5 (patch-al) = dde98ebfbbe801c5042a803e0e0df0d3
+MD5 (patch-am) = 6b53bafd568db64bf16d9aa5582733e3
diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa
index 56f3f09ef0e..4d7e5ff7beb 100644
--- a/security/openssh/patches/patch-aa
+++ b/security/openssh/patches/patch-aa
@@ -1,14 +1,11 @@
-$NetBSD: patch-aa,v 1.7 2000/05/31 15:32:44 itojun Exp $
+$NetBSD: patch-aa,v 1.8 2000/07/02 22:07:56 itojun Exp $
---- configure.in Tue May 30 11:57:47 2000
-+++ configure.in Wed May 31 18:31:52 2000
-@@ -447,3 +447,5 @@
- [
-+#include <sys/types.h>
- #include <netinet/in.h>
-+#include <sys/socket.h>
- ],
-@@ -461,2 +463,3 @@
- [
-+#include <sys/types.h>
- #include <netinet/in.h>
+--- configure.in.orig Sat Jul 1 15:52:55 2000
++++ configure.in Mon Jul 3 06:49:00 2000
+@@ -647,2 +647,6 @@
+
++OSSH_CHECK_HEADER_FOR_FIELD(ut_name, utmp.h, HAVE_NAME_IN_UTMP)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_name, utmpx.h, HAVE_NAME_IN_UTMPX)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_user, utmp.h, HAVE_USER_IN_UTMP)
++OSSH_CHECK_HEADER_FOR_FIELD(ut_user, utmpx.h, HAVE_USER_IN_UTMPX)
+ OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah
index c15b1b265ae..f23fe12d35b 100644
--- a/security/openssh/patches/patch-ah
+++ b/security/openssh/patches/patch-ah
@@ -1,19 +1,13 @@
-$NetBSD: patch-ah,v 1.5 2000/05/31 15:32:44 itojun Exp $
+$NetBSD: patch-ah,v 1.6 2000/07/02 22:07:56 itojun Exp $
---- Makefile.in.orig Sat May 20 14:33:44 2000
-+++ Makefile.in Wed May 31 18:55:11 2000
-@@ -6,6 +6,7 @@
- mandir=@mandir@
- mansubdir=@mansubdir@
+--- Makefile.in.orig Tue Jun 27 15:24:49 2000
++++ Makefile.in Sun Jul 2 14:30:43 2000
+@@ -8,2 +8,3 @@
sysconfdir=@sysconfdir@
+examplesdir=@prefix@/share/examples/ssh
piddir=@piddir@
- srcdir=@srcdir@
- top_srcdir=@top_srcdir@
-@@ -131,14 +132,14 @@
- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+@@ -141,6 +142,6 @@
ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
-
- if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config -a ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \
- ./mkinstalldirs $(DESTDIR)$(sysconfdir); \
- $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \
@@ -23,16 +17,12 @@ $NetBSD: patch-ah,v 1.5 2000/05/31 15:32:44 itojun Exp $
+ $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(examplesdir)/ssh_config; \
+ $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(examplesdir)/sshd_config; \
fi
- if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
+@@ -148,3 +149,3 @@
$(PERL) fixprogs ssh_prng_cmds $(ENT); \
- $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \
+ $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(examplesdir)/ssh_prng_cmds; \
fi
-
- host-key: ssh-keygen
-@@ -146,10 +147,10 @@
- ./ssh-keygen -d -f $(sysconfdir)/ssh_host_dsa_key -N ""
-
+@@ -168,6 +169,6 @@
uninstallall: uninstall
- -rm -f $(DESTDIR)$(sysconfdir)/ssh_config
- -rm -f $(DESTDIR)$(sysconfdir)/sshd_config
@@ -43,5 +33,3 @@ $NetBSD: patch-ah,v 1.5 2000/05/31 15:32:44 itojun Exp $
+ -rm -f $(DESTDIR)$(examplesdir)/ssh_prng_cmds
+ -rmdir $(DESTDIR)$(examplesdir)
-rmdir $(DESTDIR)$(bindir)
- -rmdir $(DESTDIR)$(sbindir)
- -rmdir $(DESTDIR)$(mandir)/$(mansubdir)1
diff --git a/security/openssh/patches/patch-al b/security/openssh/patches/patch-al
new file mode 100644
index 00000000000..97badb24e03
--- /dev/null
+++ b/security/openssh/patches/patch-al
@@ -0,0 +1,42 @@
+$NetBSD: patch-al,v 1.1 2000/07/02 22:07:56 itojun Exp $
+
+--- loginrec.c- Mon Jul 3 06:49:20 2000
++++ loginrec.c Mon Jul 3 06:51:59 2000
+@@ -618,3 +618,9 @@
+ /* Use strncpy because we don't necessarily want null termination */
++# ifdef HAVE_USER_IN_UTMP
+ strncpy(ut->ut_user, li->username, MIN_SIZEOF(ut->ut_user, li->username));
++# elif defined(HAVE_NAME_IN_UTMP)
++ strncpy(ut->ut_name, li->username, MIN_SIZEOF(ut->ut_name, li->username));
++# else
++# error no ut_user nor ut_name
++# endif
+ # ifdef HAVE_HOST_IN_UTMP
+@@ -1008,4 +1014,12 @@
+ {
++# ifdef HAVE_USER_IN_UTMP
+ if (strncmp(li->username, ut->ut_user,
+- MIN_SIZEOF(li->username, ut->ut_user)) == 0) {
++ MIN_SIZEOF(li->username, ut->ut_user)) == 0)
++# elif defined(HAVE_NAME_IN_UTMP)
++ if (strncmp(li->username, ut->ut_name,
++ MIN_SIZEOF(li->username, ut->ut_name)) == 0)
++# else
++# error no ut_user nor ut_name
++# endif
++ {
+ # ifdef HAVE_TYPE_IN_UTMP
+@@ -1163,4 +1177,12 @@
+ {
++# ifdef HAVE_USER_IN_UTMP
+ if ( strncmp(li->username, utx->ut_user,
+- MIN_SIZEOF(li->username, utx->ut_user)) == 0 ) {
++ MIN_SIZEOF(li->username, utx->ut_user)) == 0 )
++# elif defined(HAVE_NAME_IN_UTMP)
++ if ( strncmp(li->username, utx->ut_name,
++ MIN_SIZEOF(li->username, utx->ut_name)) == 0 )
++# else
++# error no ut_user nor ut_name
++# endif
++ {
+ # ifdef HAVE_TYPE_IN_UTMPX
diff --git a/security/openssh/patches/patch-am b/security/openssh/patches/patch-am
new file mode 100644
index 00000000000..aff55275033
--- /dev/null
+++ b/security/openssh/patches/patch-am
@@ -0,0 +1,11 @@
+$NetBSD: patch-am,v 1.1 2000/07/02 22:07:56 itojun Exp $
+
+--- acconfig.h- Mon Jul 3 06:58:28 2000
++++ acconfig.h Mon Jul 3 06:58:09 2000
+@@ -49,2 +49,6 @@
+ /* struct utmp and struct utmpx fields */
++#undef HAVE_NAME_IN_UTMP
++#undef HAVE_NAME_IN_UTMPX
++#undef HAVE_USER_IN_UTMP
++#undef HAVE_USER_IN_UTMPX
+ #undef HAVE_HOST_IN_UTMP