diff options
author | seb <seb> | 2003-08-12 19:08:55 +0000 |
---|---|---|
committer | seb <seb> | 2003-08-12 19:08:55 +0000 |
commit | 6fd8ef96672a1b237a2c592ca20d81df0ee0f34f (patch) | |
tree | 832e1e9ec1d40fe176167943bcb42ea3873e127c /security | |
parent | 16cdc9a2b283d6d25b476b5e804cc0e3b2c9b697 (diff) | |
download | pkgsrc-6fd8ef96672a1b237a2c592ca20d81df0ee0f34f.tar.gz |
Update to version 3.2.5
Previous versions have a security issue. Please update!
Thanks to gendalia@ for testing.
Changes since version 3.2.2:
2003-05-09 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.5.
* Fixed a critical security bug with RSA signature
verification. Mitigating factors: DSA is used by default (not
vulnerable). Also, the attack requires that attacker has the
public key and the attacker needs to precompute the signature
data so, that it looks like a valid PKCS#1 signature. This is a
non-trivial task to perform without the private
key. Nonetheless, all users should update their servers and
clients as soon as convenient. Workarounds are to not use RSA
keys as host keys (though connecting to existing hosts with RSA
hostkeys poses a serious risk with a vulnerable client), and
disabling publickey authentication. Update your clients and
servers.
2003-04-22 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.4.
* sshd2: Binary (generated by us) is tagged as a "supported
binary" for SecurID. (no actual code changes)
* Previous: ssh-3.2.3.1.
2003-02-06 Sami J. Lehtinen <sjl@ssh.com>
* sftp2 (etc): Fixed a bug with readline jamming when pressing
backspace (etc) on AIX and some other platforms.
2003-01-12 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.3.
2003-01-03 Sami J. Lehtinen <sjl@ssh.com>
* scp2: Removed broken special handling for SIGHUP, so that
"nohup" can again work.
* ssh2: Check whether we should ignore SIGQUIT, SIGINT, and do so,
if necessary. Thanks for J. Schilling for pointing this one out.
* ssh-add2: Make sure fgets() from pipe to ssh-askpass2 recovers
from if interrupted by signal, i.e. SIGCHLD.
* ssh2 (lib/sshsession/sshtty.c): As entry above, but for tcsetattr().
* During "make install", use default size of key instead of hardcoded
1024 when generating hostkey.
2002-12-18 Sami J. Lehtinen <sjl@ssh.com>
* scp2,sftp2: Print progress output to stdout, to make it
distinguishable from errors in cron jobs etc.
2002-12-17 Sami J. Lehtinen <sjl@ssh.com>
* apps/ssh/sshchsession.c: Fixed a bug which caused sshd2 child
server to jam occasionally after logging an event, if nsswitch had
been configured to use LDAP.
2002-12-13 Sami J. Lehtinen <sjl@ssh.com>
* sshd2: Previous (by Tomi Mickelsson): Fixed a bug where
specifying a local forwarding endpoint as an IP-address which was
unresolvable would result in a crash.
2002-12-12 Sami J. Lehtinen <sjl@ssh.com>
* scp2: Fixed a bug/missing feature from scp2. It now reports
information also when run when there is no tty. Also implemented
--statistics=[no,yes,simple], where "yes" is old-style, "no" is
analogous to "-Q" command-line option, and "simple" is the way
the statistics are printed when there is no tty (no intermittent
reporting, file size, transfer time and full file name are printed
after the transfer for the specific file is finished).
2002-12-11 Sami J. Lehtinen <sjl@ssh.com>
* ssh-keygen2: respect "-P" and "-p" options when converting
ssh1-keys.
2002-12-10 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshutil/sshcore/sshdebug.c: Fixed a compilation problem
manifested on older AIX and debugging enabled (as is default).
* scp2: You can now specify the newline convention when using the
"-a" option. See manual page scp2(1).
2002-11-08 Sami J. Lehtinen <sjl@ssh.com>
* Removed ssh-pubkeymgr and ssh-chrootmgr from the distribution
(they didn't work too well).
* apps/ssh/lib/sshproto/trcommon.c: Fixed a crash if hostkey
algorithms or kex-methods couldn't be negotiated.
2002-11-05 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshapputil/sshuserfile.c: Changed to use
lib/sshsession/sigchld.c, instead of using wait() directly. This
fixes the bug where the number of connections would slowly rise to
the maximum when using MaxConnections and tcp-wrappers (it was a
race-condition).
* lib/sshsession/sigchld.c: Sigchld now keeps a list of recently
exited children. This fixes a race condition, where the child
process could exit before the mother process had registered a
handler for it.
* lib/sshsession: Fixed NetBSD 1.6 compilation. Also, NetBSD 1.6
supports openpty style ptys, so fixed check to actually detect
them on NetBSD. Don't use utmpx on NetBSD, as it doesn't seem to
work (at least not in the way we use it).
* lib/sshsession/sshunixuser.c: Make sure we have room for the
NULL pointer in the groups array.
* ssh2 (ssh1-emulation): Fixed a bug, which in some cases caused
an assertion failure later.
2002-10-29 Sami J. Lehtinen <sjl@ssh.com>
* configure: Added /usr/X11R6/bin and /usr/X11/bin to search PATH
for xauth to ease installation on pristine systems.
2002-10-22 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshutil/sshnet/sshtcp.c: (by Tomi Ollila) Fixed a bug with
SOCKS handling.
2002-10-01 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshutil/sshpacketstream/sshpacketwrapper.c: (by Tomi Kause)
Fixed a latent (in ssh2) bug, when writing to the stream from the
received_cb.
* lib/sshutil/sshnet/sshsocks.c: (by Tomi Ollila) Decode
ipv6-mapped-ipv4-addresses when doing SOCKS4, as SOCKS4 only
supports plain ipv4-addresses.
* scp2: Implemented --overwrite, which controls whether to
overwrite the destination file(s). Default is "yes",
i.e. to overwrite.
* scp2: Implemented interactive mode, i.e. you can make scp2
prompt you whether to overwrite an existing destination
file. Works by giving --interactive (-I) on the command-line.
2002-08-15 Sami J. Lehtinen <sjl@ssh.com>
* sshd2: Fixed a bug with originator-pat with ForwardACLs.
2002-08-02 Sami J. Lehtinen <sjl@ssh.com>
* scp2, sftp2: Fixed a bug, which caused file transfer to stall,
if trying to transfer a zero sized file with ascii transfer
(newline mangling).
2002-07-21 Sami J. Lehtinen <sjl@ssh.com>
* sftp2: Added option "S" and "r" to "ls" (for sorting by size and
reversing the sort order, respectively).
* sftp2: "ls" works much better now. Tab completion understand
directories (appends a '/', for easier directory traversal).
* sftp2, scp2: Extensive rewrite of SshFileCopy, and as a
consequence, of both scp2 and sftp2 core functionality.
2002-06-13 Sami J. Lehtinen <sjl@ssh.com>
* ssh2: Fixed a bug with one-shot forwarding.
Diffstat (limited to 'security')
-rw-r--r-- | security/ssh2/Makefile.common | 14 | ||||
-rw-r--r-- | security/ssh2/PLIST | 6 | ||||
-rw-r--r-- | security/ssh2/distinfo | 21 | ||||
-rw-r--r-- | security/ssh2/patches/patch-aa | 147 | ||||
-rw-r--r-- | security/ssh2/patches/patch-ab | 38 | ||||
-rw-r--r-- | security/ssh2/patches/patch-ac | 148 | ||||
-rw-r--r-- | security/ssh2/patches/patch-ad | 75 | ||||
-rw-r--r-- | security/ssh2/patches/patch-ae | 164 | ||||
-rw-r--r-- | security/ssh2/patches/patch-af | 105 | ||||
-rw-r--r-- | security/ssh2/patches/patch-ag | 59 | ||||
-rw-r--r-- | security/ssh2/patches/patch-ah | 18 |
11 files changed, 520 insertions, 275 deletions
diff --git a/security/ssh2/Makefile.common b/security/ssh2/Makefile.common index 157de58d353..92ea77dc517 100644 --- a/security/ssh2/Makefile.common +++ b/security/ssh2/Makefile.common @@ -1,7 +1,7 @@ -# $NetBSD: Makefile.common,v 1.4 2003/07/24 20:59:04 jwise Exp $ +# $NetBSD: Makefile.common,v 1.5 2003/08/12 19:08:55 seb Exp $ # -DISTNAME= ssh-3.2.2 +DISTNAME= ssh-3.2.5 CATEGORIES= security MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/ @@ -37,8 +37,16 @@ PLIST_SUBST= X11_SUPPORT='@comment ' LICENSE= no-commercial-use .endif +.if ${OPSYS} == "NetBSD" && ${MACHINE_ARCH} == "sparc64" +# Later we may want to put an upper version bound on OS_VERSION or on +# gcc version for this. +CONFIGURE_ARGS+= --disable-compiler-optimizations +.endif + SSH_PID_DIR= /var/run # default directory for PID files -SSH_PID_DIR.SunOS= /etc # Solaris doesn't have a /var/run +.if ${OPSYS} == "SunOS" && !empty(OS_VERSION:M5.[012345678]) +SSH_PID_DIR.SunOS= /etc # Older Solaris doesn't have a /var/run +.endif .if defined(SSH_PID_DIR.${OPSYS}) SSH_PID_DIR= ${SSH_PID_DIR.${OPSYS}} diff --git a/security/ssh2/PLIST b/security/ssh2/PLIST index 16622fb2113..690b7c3437f 100644 --- a/security/ssh2/PLIST +++ b/security/ssh2/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.2 2003/05/10 10:02:34 seb Exp $ +@comment $NetBSD: PLIST,v 1.3 2003/08/12 19:08:55 seb Exp $ bin/scp bin/scp2 bin/sftp @@ -12,13 +12,11 @@ bin/ssh-agent bin/ssh-agent2 ${X11_SUPPORT}bin/ssh-askpass ${X11_SUPPORT}bin/ssh-askpass2 -bin/ssh-chrootmgr bin/ssh-dummy-shell bin/ssh-keygen bin/ssh-keygen2 bin/ssh-probe bin/ssh-probe2 -bin/ssh-pubkeymgr bin/ssh-signer bin/ssh-signer2 bin/ssh2 @@ -31,13 +29,11 @@ man/man1/ssh-add.1 man/man1/ssh-add2.1 man/man1/ssh-agent.1 man/man1/ssh-agent2.1 -man/man1/ssh-chrootmgr.1 man/man1/ssh-dummy-shell.1 man/man1/ssh-keygen.1 man/man1/ssh-keygen2.1 man/man1/ssh-probe.1 man/man1/ssh-probe2.1 -man/man1/ssh-pubkeymgr.1 man/man1/ssh.1 man/man1/ssh2.1 man/man1/sshregex.1 diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo index 1d6c8cf6b07..c6921759b90 100644 --- a/security/ssh2/distinfo +++ b/security/ssh2/distinfo @@ -1,12 +1,11 @@ -$NetBSD: distinfo,v 1.4 2003/05/10 10:02:34 seb Exp $ +$NetBSD: distinfo,v 1.5 2003/08/12 19:08:55 seb Exp $ -SHA1 (ssh-3.2.2.tar.gz) = 19e8c9857d0fc14771c31223249eb56adb5ddf6b -Size (ssh-3.2.2.tar.gz) = 2256690 bytes -SHA1 (patch-aa) = 7781e4c7a567f6465829cdf9026920e45241bca5 -SHA1 (patch-ab) = 450267a0f18684f0b8f8ff611e290a8f478068ad -SHA1 (patch-ac) = b87e967252b1eaafc6e6b7ee95d8e09550957bff -SHA1 (patch-ad) = b6944222c0b84d5f906ad019b5260fb19ee299d9 -SHA1 (patch-ae) = 79288d501031c56fd155f966c905de2e4f5ffc35 -SHA1 (patch-af) = 640bb5f92dc6db36e6ac4337e085e3a9a525c755 -SHA1 (patch-ag) = 5990115dc53a9278f171158df1dcdd4754080e90 -SHA1 (patch-ah) = 5a4314cf70463638d18599dcb3fddbbc19d52b2a +SHA1 (ssh-3.2.5.tar.gz) = 390023a395a6b4cfd42bf0e37b472f0ca44791ce +Size (ssh-3.2.5.tar.gz) = 2258425 bytes +SHA1 (patch-aa) = 34353e23d81916202216dc401e99f17b08f3d6fb +SHA1 (patch-ab) = 314e2e4165fb1d429297f235c9712ddc0d924865 +SHA1 (patch-ac) = d5b564f88105cc2ac58577d37a1b336ce78c1393 +SHA1 (patch-ad) = dcaaf5f545bd4650784dc6fd0dbcaae48cf3f9d3 +SHA1 (patch-ae) = 0d1f358bd97290118002cc0fc489cbf7e334e681 +SHA1 (patch-af) = e7c956b858d02dfaf20e1fe1bfc36322d9eb6d67 +SHA1 (patch-ag) = 0f7a448875262e2536255ace27cf1a8f0c2a0517 diff --git a/security/ssh2/patches/patch-aa b/security/ssh2/patches/patch-aa index 33457f3d124..d0b99413a69 100644 --- a/security/ssh2/patches/patch-aa +++ b/security/ssh2/patches/patch-aa @@ -1,121 +1,40 @@ -$NetBSD: patch-aa,v 1.2 2003/05/10 10:02:35 seb Exp $ +$NetBSD: patch-aa,v 1.3 2003/08/12 19:08:56 seb Exp $ ---- apps/ssh/Makefile.am.orig 2002-10-29 09:27:42.000000000 +0000 -+++ apps/ssh/Makefile.am -@@ -18,7 +18,8 @@ WINCONF_OPTIONS = maintainer=sjl@ssh.com - etcdir = @ETCDIR@ - known_hosts_dir = $(etcdir)/knownhosts - host_keys_dir = $(etcdir)/hostkeys --subconfig_dir = $(etcdir)/subconfig -+egdir = $(prefix)/share/examples/${PKGBASE} -+subconfig_dir = $(egdir)/subconfig - STATIC_FLAG = @STATIC_FLAG@ +--- acconfig.h.orig 2003-06-30 12:22:25.000000000 +0000 ++++ acconfig.h +@@ -253,6 +253,10 @@ library. */ + and logwtmp() calls. */ + #undef HAVE_LIBUTIL_LOGIN - # -@@ -576,13 +577,13 @@ COMPILE = $(CC) $(KERBEROS_INCS) $(INCLU - # - LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) - # -+INSTALL_DATA_DIR= $(BSD_INSTALL_DATA_DIR) -+# - includes: ++/* Define this if libutil.a contains loginx(), logoutx(), ++ and logwtmpx() calls. */ ++#undef HAVE_LIBUTIL_LOGINX ++ + /* Location of system mail spool directory. */ + #undef MAIL_SPOOL_DIRECTORY - make-install-dirs: -- -if test '!' -d $(DESTDIR)$(etcdir); then mkdir -p $(DESTDIR)$(etcdir); fi -- -if test '!' -d $(DESTDIR)$(known_hosts_dir); then mkdir -p $(DESTDIR)$(known_hosts_dir); fi -- -if test '!' -d $(DESTDIR)$(host_keys_dir); then mkdir -p $(DESTDIR)$(host_keys_dir); fi -- -if test '!' -d $(DESTDIR)$(subconfig_dir); then mkdir -p $(DESTDIR)$(subconfig_dir); fi -+ $(INSTALL_DATA_DIR) $(DESTDIR)$(egdir) -+ $(INSTALL_DATA_DIR) $(DESTDIR)$(subconfig_dir) +@@ -268,9 +272,15 @@ library. */ + /* Define this if a prototype for logout() is defined in system headers. */ + #undef HAVE_PROTO_LOGOUT - generate-host-key: - -@if test -f $(DESTDIR)$(etcdir)/hostkey; \ -@@ -593,36 +594,20 @@ generate-host-key: - fi ++/* Define this if a prototype for logoutx() is defined in system headers. */ ++#undef HAVE_PROTO_LOGOUTX ++ + /* Define this if a prototype for logwtmp() is defined in system headers. */ + #undef HAVE_PROTO_LOGWTMP + ++/* Define this if a prototype for logwtmpx() is defined in system headers. */ ++#undef HAVE_PROTO_LOGWTMPX ++ + /* Define this if a prototype for initgroups() is defined in system headers. */ + #undef HAVE_PROTO_INITGROUPS + +@@ -425,6 +435,8 @@ library. */ + /* Define this to point to where sshd2 should store it's pidfile. */ + #undef SSHD_PIDDIR + ++/* Define if both utmp and utmpx entries should be handled */ ++#undef SSH_UTMP_UTMPX - install-symlinks: -- -mv -f $(DESTDIR)$(bindir)/ssh $(DESTDIR)$(bindir)/ssh.old -- -mv -f $(DESTDIR)$(bindir)/ssh-agent $(DESTDIR)$(bindir)/ssh-agent.old -- -mv -f $(DESTDIR)$(bindir)/ssh-add $(DESTDIR)$(bindir)/ssh-add.old -- -mv -f $(DESTDIR)$(bindir)/ssh-askpass $(DESTDIR)$(bindir)/ssh-askpass.old -- -mv -f $(DESTDIR)$(bindir)/ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen.old -- -mv -f $(DESTDIR)$(bindir)/scp $(DESTDIR)$(bindir)/scp.old -- -mv -f $(DESTDIR)$(bindir)/sftp $(DESTDIR)$(bindir)/sftp.old -- -mv -f $(DESTDIR)$(bindir)/sftp-server $(DESTDIR)$(bindir)/sftp-server.old -- -mv -f $(DESTDIR)$(bindir)/ssh-signer $(DESTDIR)$(bindir)/ssh-signer.old -- -mv -f $(DESTDIR)$(bindir)/ssh-probe $(DESTDIR)$(bindir)/ssh-probe.old -- - (cd $(DESTDIR)$(bindir) && $(LN_S) ssh2 ssh) - (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-agent2 ssh-agent) - (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-add2 ssh-add) -- (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-askpass2 ssh-askpass) -+ case x"@CONFPROGRAMS@" in \ -+ x*askpass*) \ -+ (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-askpass2 ssh-askpass) ;; \ -+ esac - (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-keygen2 ssh-keygen) - (cd $(DESTDIR)$(bindir) && $(LN_S) scp2 scp) - (cd $(DESTDIR)$(bindir) && $(LN_S) sftp2 sftp) - (cd $(DESTDIR)$(bindir) && $(LN_S) sftp-server2 sftp-server) - (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-signer2 ssh-signer) - (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-probe2 ssh-probe) -- -mv -f $(DESTDIR)$(sbindir)/sshd $(DESTDIR)$(sbindir)/sshd.old - (cd $(DESTDIR)$(sbindir) && $(LN_S) sshd2 sshd) -- -mv -f $(DESTDIR)$(mandir)/man1/ssh.1 $(DESTDIR)$(mandir)/man1/ssh.old.1 -- -mv -f $(DESTDIR)$(mandir)/man1/ssh-add.1 $(DESTDIR)$(mandir)/man1/ssh-add.old.1 -- -mv -f $(DESTDIR)$(mandir)/man1/ssh-agent.1 $(DESTDIR)$(mandir)/man1/ssh-agent.old.1 -- -mv -f $(DESTDIR)$(mandir)/man1/ssh-keygen.1 $(DESTDIR)$(mandir)/man1/ssh-keygen.old.1 -- -mv -f $(DESTDIR)$(mandir)/man1/scp.1 $(DESTDIR)$(mandir)/man1/scp.old.1 -- -mv -f $(DESTDIR)$(mandir)/man1/sftp.1 $(DESTDIR)$(mandir)/man1/sftp.old.1 -- -mv -f $(DESTDIR)$(mandir)/man1/ssh-probe.1 $(DESTDIR)$(mandir)/man1/ssh-probe.old.1 - (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh2.1 ssh.1) - (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-add2.1 ssh-add.1) - (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-agent2.1 ssh-agent.1) -@@ -630,7 +615,6 @@ install-symlinks: - (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) scp2.1 scp.1) - (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) sftp2.1 sftp.1) - (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-probe2.1 ssh-probe.1) -- -mv -f $(DESTDIR)$(mandir)/man8/sshd.8 $(DESTDIR)$(mandir)/man8/sshd.old.8 - (cd $(DESTDIR)$(mandir)/man8 && $(LN_S) sshd2.8 sshd.8) - clean-up-old: -@@ -649,23 +633,13 @@ install-exec-hook: - -chown root $(DESTDIR)$(bindir)/ssh-signer2 - -chmod $(SSH_SIGNER_INSTALL_MODE) $(DESTDIR)$(bindir)/ssh-signer2 --install-data-hook: make-install-dirs generate-host-key install-symlinks -- -@if test '!' -f $(DESTDIR)$(etcdir)/sshd2_config ; then \ -- echo Installing $(DESTDIR)$(etcdir)/sshd2_config ; \ -+install-data-hook: make-install-dirs install-symlinks -+ echo Installing $(DESTDIR)$(egdir)/sshd2_config ; \ - $(INSTALL_DATA) $(srcdir)/sshd2_config \ -- $(DESTDIR)$(etcdir)/sshd2_config ; \ -- fi -- echo Updating $(DESTDIR)$(etcdir)/sshd2_config.example ; -- $(INSTALL_DATA) $(srcdir)/sshd2_config \ -- $(DESTDIR)$(etcdir)/sshd2_config.example ; -- -@if test '!' -f $(DESTDIR)$(etcdir)/ssh2_config ; then \ -- echo Installing $(DESTDIR)$(etcdir)/ssh2_config ; \ -- $(INSTALL_DATA) $(srcdir)/ssh2_config \ -- $(DESTDIR)$(etcdir)/ssh2_config ; \ -- fi -- echo Updating $(DESTDIR)$(etcdir)/ssh2_config.example ; -+ $(DESTDIR)$(egdir)/sshd2_config ; -+ echo Installing $(DESTDIR)$(egdir)/ssh2_config ; \ - $(INSTALL_DATA) $(srcdir)/ssh2_config \ -- $(DESTDIR)$(etcdir)/ssh2_config.example ; -+ $(DESTDIR)$(egdir)/ssh2_config ; - echo Updating $(DESTDIR)$(subconfig_dir)/host_ext.example ; - $(INSTALL_DATA) $(srcdir)/subconfig/host_ext.example \ - $(DESTDIR)$(subconfig_dir)/host_ext.example ; -@@ -678,8 +652,6 @@ install-data-hook: make-install-dirs gen - echo Updating $(DESTDIR)$(subconfig_dir)/user.example ; - $(INSTALL_DATA) $(srcdir)/subconfig/user.example \ - $(DESTDIR)$(subconfig_dir)/user.example ; -- -@if test '!' -f $(DESTDIR)$(etcdir)/ssh_dummy_shell.out ; then \ -- echo Installing $(DESTDIR)$(etcdir)/ssh_dummy_shell.out ; \ -+ echo Installing $(DESTDIR)$(egdir)/ssh_dummy_shell.out ; \ - $(INSTALL_DATA) $(srcdir)/ssh_dummy_shell.out \ -- $(DESTDIR)$(etcdir)/ssh_dummy_shell.out ; \ -- fi -+ $(DESTDIR)$(egdir)/ssh_dummy_shell.out ; diff --git a/security/ssh2/patches/patch-ab b/security/ssh2/patches/patch-ab index 4353a7df856..e472e95b411 100644 --- a/security/ssh2/patches/patch-ab +++ b/security/ssh2/patches/patch-ab @@ -1,8 +1,8 @@ -$NetBSD: patch-ab,v 1.2 2003/05/10 10:02:35 seb Exp $ +$NetBSD: patch-ab,v 1.3 2003/08/12 19:08:56 seb Exp $ ---- apps/ssh/Makefile.in.orig 2002-10-29 09:27:59.000000000 +0000 -+++ apps/ssh/Makefile.in -@@ -124,7 +124,8 @@ WINCONF_OPTIONS = maintainer=sjl@ssh.com +--- apps/ssh/Makefile.am.orig 2003-06-30 12:22:11.000000000 +0000 ++++ apps/ssh/Makefile.am +@@ -18,7 +18,8 @@ WINCONF_OPTIONS = maintainer=sjl@ssh.com etcdir = @ETCDIR@ known_hosts_dir = $(etcdir)/knownhosts host_keys_dir = $(etcdir)/hostkeys @@ -12,25 +12,12 @@ $NetBSD: patch-ab,v 1.2 2003/05/10 10:02:35 seb Exp $ STATIC_FLAG = @STATIC_FLAG@ # -@@ -455,6 +456,8 @@ SSH_DEFS = -DETCDIR=\"$(etcdir)\" -DSSH_ - COMPILE = $(CC) $(KERBEROS_INCS) $(INCLUDES) $(SSH_DEFS) $(DEFS) $(CPPFLAGS) $(CFLAGS) $(X_CFLAGS) +@@ -569,13 +570,13 @@ COMPILE = $(CC) $(KERBEROS_INCS) $(INCLU # LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) + # ++INSTALL_DATA_DIR= $(BSD_INSTALL_DATA_DIR) +# -+INSTALL_DATA_DIR = $(BSD_INSTALL_DATA_DIR) - mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs - CONFIG_HEADER = ../../sshconf.h - CONFIG_CLEAN_FILES = -@@ -892,7 +895,7 @@ TAGS: tags-recursive $(HEADERS) $(SOURCE - awk ' { files[$$0] = 1; } \ - END { for (i in files) print i; }'`; \ - test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ -- || (cd $(srcdir) && etags -o $$here/TAGS $(ETAGS_ARGS) $$tags $$unique $(LISP)) -+ || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -o $$here/TAGS) - - mostlyclean-tags: - -@@ -1026,10 +1029,8 @@ maintainer-clean-generic clean mostlycle includes: make-install-dirs: @@ -43,7 +30,7 @@ $NetBSD: patch-ab,v 1.2 2003/05/10 10:02:35 seb Exp $ generate-host-key: -@if test -f $(DESTDIR)$(etcdir)/hostkey; \ -@@ -1040,36 +1041,20 @@ generate-host-key: +@@ -586,36 +587,20 @@ generate-host-key: fi install-symlinks: @@ -84,7 +71,7 @@ $NetBSD: patch-ab,v 1.2 2003/05/10 10:02:35 seb Exp $ (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh2.1 ssh.1) (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-add2.1 ssh-add.1) (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-agent2.1 ssh-agent.1) -@@ -1077,7 +1062,6 @@ install-symlinks: +@@ -623,7 +608,6 @@ install-symlinks: (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) scp2.1 scp.1) (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) sftp2.1 sftp.1) (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-probe2.1 ssh-probe.1) @@ -92,7 +79,7 @@ $NetBSD: patch-ab,v 1.2 2003/05/10 10:02:35 seb Exp $ (cd $(DESTDIR)$(mandir)/man8 && $(LN_S) sshd2.8 sshd.8) clean-up-old: -@@ -1096,23 +1080,13 @@ install-exec-hook: +@@ -642,23 +626,13 @@ install-exec-hook: -chown root $(DESTDIR)$(bindir)/ssh-signer2 -chmod $(SSH_SIGNER_INSTALL_MODE) $(DESTDIR)$(bindir)/ssh-signer2 @@ -121,7 +108,7 @@ $NetBSD: patch-ab,v 1.2 2003/05/10 10:02:35 seb Exp $ echo Updating $(DESTDIR)$(subconfig_dir)/host_ext.example ; $(INSTALL_DATA) $(srcdir)/subconfig/host_ext.example \ $(DESTDIR)$(subconfig_dir)/host_ext.example ; -@@ -1125,11 +1099,9 @@ install-data-hook: make-install-dirs gen +@@ -671,8 +645,6 @@ install-data-hook: make-install-dirs gen echo Updating $(DESTDIR)$(subconfig_dir)/user.example ; $(INSTALL_DATA) $(srcdir)/subconfig/user.example \ $(DESTDIR)$(subconfig_dir)/user.example ; @@ -132,6 +119,3 @@ $NetBSD: patch-ab,v 1.2 2003/05/10 10:02:35 seb Exp $ - $(DESTDIR)$(etcdir)/ssh_dummy_shell.out ; \ - fi + $(DESTDIR)$(egdir)/ssh_dummy_shell.out ; - - # Tell versions [3.59,3.63) of GNU make to not export all variables. - # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/security/ssh2/patches/patch-ac b/security/ssh2/patches/patch-ac index 9263fa0d2ec..3bf676dcf28 100644 --- a/security/ssh2/patches/patch-ac +++ b/security/ssh2/patches/patch-ac @@ -1,13 +1,137 @@ -$NetBSD: patch-ac,v 1.1.1.1 2002/08/06 00:48:14 seb Exp $ +$NetBSD: patch-ac,v 1.2 2003/08/12 19:08:57 seb Exp $ ---- apps/ssh/sshchx11.c.orig Thu May 16 10:32:22 2002 -+++ apps/ssh/sshchx11.c -@@ -680,7 +680,7 @@ Boolean ssh_channel_x11_process_request( - size_t len) - { - int display_number; -- char buf[512], hostname[257]; -+ char buf[512], hostname[MAXHOSTNAMELEN+1]; - struct stat st; - SshChannelX11Session session; - SshChannelTypeX11 ct; +--- apps/ssh/Makefile.in.orig 2003-06-30 12:22:38.000000000 +0000 ++++ apps/ssh/Makefile.in +@@ -124,7 +124,8 @@ WINCONF_OPTIONS = maintainer=sjl@ssh.com + etcdir = @ETCDIR@ + known_hosts_dir = $(etcdir)/knownhosts + host_keys_dir = $(etcdir)/hostkeys +-subconfig_dir = $(etcdir)/subconfig ++egdir = $(prefix)/share/examples/${PKGBASE} ++subconfig_dir = $(egdir)/subconfig + STATIC_FLAG = @STATIC_FLAG@ + + # +@@ -456,6 +457,8 @@ SSH_DEFS = -DETCDIR=\"$(etcdir)\" -DSSH_ + COMPILE = $(CC) $(KERBEROS_INCS) $(INCLUDES) $(SSH_DEFS) $(DEFS) $(CPPFLAGS) $(CFLAGS) $(X_CFLAGS) + # + LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) ++# ++INSTALL_DATA_DIR = $(BSD_INSTALL_DATA_DIR) + mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs + CONFIG_HEADER = ../../sshconf.h + CONFIG_CLEAN_FILES = +@@ -871,7 +874,7 @@ TAGS: tags-recursive $(HEADERS) $(SOURCE + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ +- || (cd $(srcdir) && etags -o $$here/TAGS $(ETAGS_ARGS) $$tags $$unique $(LISP)) ++ || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags $$unique $(LISP) -o $$here/TAGS) + + mostlyclean-tags: + +@@ -1002,10 +1005,8 @@ maintainer-clean-generic clean mostlycle + includes: + + make-install-dirs: +- -if test '!' -d $(DESTDIR)$(etcdir); then mkdir -p $(DESTDIR)$(etcdir); fi +- -if test '!' -d $(DESTDIR)$(known_hosts_dir); then mkdir -p $(DESTDIR)$(known_hosts_dir); fi +- -if test '!' -d $(DESTDIR)$(host_keys_dir); then mkdir -p $(DESTDIR)$(host_keys_dir); fi +- -if test '!' -d $(DESTDIR)$(subconfig_dir); then mkdir -p $(DESTDIR)$(subconfig_dir); fi ++ $(INSTALL_DATA_DIR) $(DESTDIR)$(egdir) ++ $(INSTALL_DATA_DIR) $(DESTDIR)$(subconfig_dir) + + generate-host-key: + -@if test -f $(DESTDIR)$(etcdir)/hostkey; \ +@@ -1016,36 +1017,20 @@ generate-host-key: + fi + + install-symlinks: +- -mv -f $(DESTDIR)$(bindir)/ssh $(DESTDIR)$(bindir)/ssh.old +- -mv -f $(DESTDIR)$(bindir)/ssh-agent $(DESTDIR)$(bindir)/ssh-agent.old +- -mv -f $(DESTDIR)$(bindir)/ssh-add $(DESTDIR)$(bindir)/ssh-add.old +- -mv -f $(DESTDIR)$(bindir)/ssh-askpass $(DESTDIR)$(bindir)/ssh-askpass.old +- -mv -f $(DESTDIR)$(bindir)/ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen.old +- -mv -f $(DESTDIR)$(bindir)/scp $(DESTDIR)$(bindir)/scp.old +- -mv -f $(DESTDIR)$(bindir)/sftp $(DESTDIR)$(bindir)/sftp.old +- -mv -f $(DESTDIR)$(bindir)/sftp-server $(DESTDIR)$(bindir)/sftp-server.old +- -mv -f $(DESTDIR)$(bindir)/ssh-signer $(DESTDIR)$(bindir)/ssh-signer.old +- -mv -f $(DESTDIR)$(bindir)/ssh-probe $(DESTDIR)$(bindir)/ssh-probe.old +- + (cd $(DESTDIR)$(bindir) && $(LN_S) ssh2 ssh) + (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-agent2 ssh-agent) + (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-add2 ssh-add) +- (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-askpass2 ssh-askpass) ++ case x"@CONFPROGRAMS@" in \ ++ x*askpass*) \ ++ (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-askpass2 ssh-askpass) ;; \ ++ esac + (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-keygen2 ssh-keygen) + (cd $(DESTDIR)$(bindir) && $(LN_S) scp2 scp) + (cd $(DESTDIR)$(bindir) && $(LN_S) sftp2 sftp) + (cd $(DESTDIR)$(bindir) && $(LN_S) sftp-server2 sftp-server) + (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-signer2 ssh-signer) + (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-probe2 ssh-probe) +- -mv -f $(DESTDIR)$(sbindir)/sshd $(DESTDIR)$(sbindir)/sshd.old + (cd $(DESTDIR)$(sbindir) && $(LN_S) sshd2 sshd) +- -mv -f $(DESTDIR)$(mandir)/man1/ssh.1 $(DESTDIR)$(mandir)/man1/ssh.old.1 +- -mv -f $(DESTDIR)$(mandir)/man1/ssh-add.1 $(DESTDIR)$(mandir)/man1/ssh-add.old.1 +- -mv -f $(DESTDIR)$(mandir)/man1/ssh-agent.1 $(DESTDIR)$(mandir)/man1/ssh-agent.old.1 +- -mv -f $(DESTDIR)$(mandir)/man1/ssh-keygen.1 $(DESTDIR)$(mandir)/man1/ssh-keygen.old.1 +- -mv -f $(DESTDIR)$(mandir)/man1/scp.1 $(DESTDIR)$(mandir)/man1/scp.old.1 +- -mv -f $(DESTDIR)$(mandir)/man1/sftp.1 $(DESTDIR)$(mandir)/man1/sftp.old.1 +- -mv -f $(DESTDIR)$(mandir)/man1/ssh-probe.1 $(DESTDIR)$(mandir)/man1/ssh-probe.old.1 + (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh2.1 ssh.1) + (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-add2.1 ssh-add.1) + (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-agent2.1 ssh-agent.1) +@@ -1053,7 +1038,6 @@ install-symlinks: + (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) scp2.1 scp.1) + (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) sftp2.1 sftp.1) + (cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-probe2.1 ssh-probe.1) +- -mv -f $(DESTDIR)$(mandir)/man8/sshd.8 $(DESTDIR)$(mandir)/man8/sshd.old.8 + (cd $(DESTDIR)$(mandir)/man8 && $(LN_S) sshd2.8 sshd.8) + + clean-up-old: +@@ -1072,23 +1056,13 @@ install-exec-hook: + -chown root $(DESTDIR)$(bindir)/ssh-signer2 + -chmod $(SSH_SIGNER_INSTALL_MODE) $(DESTDIR)$(bindir)/ssh-signer2 + +-install-data-hook: make-install-dirs generate-host-key install-symlinks +- -@if test '!' -f $(DESTDIR)$(etcdir)/sshd2_config ; then \ +- echo Installing $(DESTDIR)$(etcdir)/sshd2_config ; \ ++install-data-hook: make-install-dirs install-symlinks ++ echo Installing $(DESTDIR)$(egdir)/sshd2_config ; \ + $(INSTALL_DATA) $(srcdir)/sshd2_config \ +- $(DESTDIR)$(etcdir)/sshd2_config ; \ +- fi +- echo Updating $(DESTDIR)$(etcdir)/sshd2_config.example ; +- $(INSTALL_DATA) $(srcdir)/sshd2_config \ +- $(DESTDIR)$(etcdir)/sshd2_config.example ; +- -@if test '!' -f $(DESTDIR)$(etcdir)/ssh2_config ; then \ +- echo Installing $(DESTDIR)$(etcdir)/ssh2_config ; \ +- $(INSTALL_DATA) $(srcdir)/ssh2_config \ +- $(DESTDIR)$(etcdir)/ssh2_config ; \ +- fi +- echo Updating $(DESTDIR)$(etcdir)/ssh2_config.example ; ++ $(DESTDIR)$(egdir)/sshd2_config ; ++ echo Installing $(DESTDIR)$(egdir)/ssh2_config ; \ + $(INSTALL_DATA) $(srcdir)/ssh2_config \ +- $(DESTDIR)$(etcdir)/ssh2_config.example ; ++ $(DESTDIR)$(egdir)/ssh2_config ; + echo Updating $(DESTDIR)$(subconfig_dir)/host_ext.example ; + $(INSTALL_DATA) $(srcdir)/subconfig/host_ext.example \ + $(DESTDIR)$(subconfig_dir)/host_ext.example ; +@@ -1101,11 +1075,9 @@ install-data-hook: make-install-dirs gen + echo Updating $(DESTDIR)$(subconfig_dir)/user.example ; + $(INSTALL_DATA) $(srcdir)/subconfig/user.example \ + $(DESTDIR)$(subconfig_dir)/user.example ; +- -@if test '!' -f $(DESTDIR)$(etcdir)/ssh_dummy_shell.out ; then \ +- echo Installing $(DESTDIR)$(etcdir)/ssh_dummy_shell.out ; \ ++ echo Installing $(DESTDIR)$(egdir)/ssh_dummy_shell.out ; \ + $(INSTALL_DATA) $(srcdir)/ssh_dummy_shell.out \ +- $(DESTDIR)$(etcdir)/ssh_dummy_shell.out ; \ +- fi ++ $(DESTDIR)$(egdir)/ssh_dummy_shell.out ; + + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/security/ssh2/patches/patch-ad b/security/ssh2/patches/patch-ad index 95c3a37f440..ed8cf533651 100644 --- a/security/ssh2/patches/patch-ad +++ b/security/ssh2/patches/patch-ad @@ -1,13 +1,70 @@ -$NetBSD: patch-ad,v 1.1.1.1 2002/08/06 00:48:14 seb Exp $ +$NetBSD: patch-ad,v 1.2 2003/08/12 19:08:57 seb Exp $ ---- apps/ssh/sshstdiofilter.c.orig Thu May 16 10:32:22 2002 -+++ apps/ssh/sshstdiofilter.c -@@ -301,7 +301,7 @@ void ssh_escape_char_dump_statistics(int +--- configure.in.orig 2003-06-30 12:22:25.000000000 +0000 ++++ configure.in +@@ -1558,9 +1558,7 @@ dnl + *-*-netbsd*) + # no_shadows_password_checking=yes ? + # ^ (see above comment) +- +- # At least NetBSD 1.6 has a nonfunctional utmpx. +- no_utmpx=yes ++ AC_DEFINE(SSH_UTMP_UTMPX) + ;; + *) + ;; +@@ -1791,6 +1789,8 @@ if test -z "$no_libbsd"; then + fi + AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) + LIBS="$LIBS -lutil") ++AC_CHECK_LIB(util, loginx, AC_DEFINE(HAVE_LIBUTIL_LOGINX) ++ LIBS="$LIBS -lutil") - #endif /* SSHDIST_SSH2_INTERNAL_SSH1_EMULATION */ + if test -z "$no_vhangup"; then + AC_CHECK_FUNCS(vhangup) +@@ -1942,6 +1942,22 @@ if test "$ac_cv_have_proto_logout" = "ye + fi + AC_MSG_RESULT($ac_cv_have_proto_logout) -- ssh_tcp_get_host_name(local_host_name, MAXHOSTNAMELEN); -+ ssh_tcp_get_host_name(local_host_name, sizeof(local_host_name)); ++AC_MSG_CHECKING([whether there is a prototype for logoutx]) ++AC_CACHE_VAL(ac_cv_have_proto_logoutx, ++ [ AC_TRY_COMPILE(changequote(<<, >>)dnl ++ << $session_wtmp_includes ++/* If someone has a prototype like this for anything, then... well. */ ++void * logoutx(void *, int *, char *, int, char, void *[6][8][10][3][4], ...); ++>>, ++ changequote([, ])dnl ++ [ ; ], ++ ac_cv_have_proto_logoutx=no, ++ ac_cv_have_proto_logoutx=yes)]) ++if test "$ac_cv_have_proto_logoutx" = "yes"; then ++ AC_DEFINE(HAVE_PROTO_LOGOUTX) ++fi ++AC_MSG_RESULT($ac_cv_have_proto_logoutx) ++ + AC_MSG_CHECKING([whether there is a prototype for logwtmp]) + AC_CACHE_VAL(ac_cv_have_proto_logwtmp, + [ AC_TRY_COMPILE(changequote(<<, >>)dnl +@@ -1958,6 +1974,22 @@ if test "$ac_cv_have_proto_logwtmp" = "y + fi + AC_MSG_RESULT($ac_cv_have_proto_logwtmp) - if (client->config->host_to_connect) - fprintf(stderr, "remote host: %s\n", client->config->host_to_connect); ++AC_MSG_CHECKING([whether there is a prototype for logwtmpx]) ++AC_CACHE_VAL(ac_cv_have_proto_logwtmpx, ++ [ AC_TRY_COMPILE(changequote(<<, >>)dnl ++ << $session_wtmp_includes ++/* If someone has a prototype like this for anything, then... well. */ ++void * logwtmpx(void *, int *, char *, int, char, void *[6][8][10][3][4], ...); ++>>, ++ changequote([, ])dnl ++ [ ; ], ++ ac_cv_have_proto_logwtmpx=no, ++ ac_cv_have_proto_logwtmpx=yes)]) ++if test "$ac_cv_have_proto_logwtmpx" = "yes"; then ++ AC_DEFINE(HAVE_PROTO_LOGWTMPX) ++fi ++AC_MSG_RESULT($ac_cv_have_proto_logwtmpx) ++ + AC_CHECK_FUNCS(initgroups) + + if test "X$ac_cv_func_initgroups" = "Xyes"; then diff --git a/security/ssh2/patches/patch-ae b/security/ssh2/patches/patch-ae index 077d533707c..f58a9c770be 100644 --- a/security/ssh2/patches/patch-ae +++ b/security/ssh2/patches/patch-ae @@ -1,13 +1,157 @@ -$NetBSD: patch-ae,v 1.2 2002/09/24 00:24:38 jlam Exp $ +$NetBSD: patch-ae,v 1.3 2003/08/12 19:08:57 seb Exp $ ---- configure.in.orig Thu May 16 03:32:33 2002 -+++ configure.in -@@ -1779,6 +1779,8 @@ fi - if test -z "$no_libbsd"; then - AC_CHECK_LIB(bsd, openpty) +--- configure.orig 2003-06-30 12:22:32.000000000 +0000 ++++ configure +@@ -6631,9 +6631,10 @@ EOF + *-*-netbsd*) + # no_shadows_password_checking=yes ? + # ^ (see above comment) ++ cat >> confdefs.h <<\EOF ++#define SSH_UTMP_UTMPX 1 ++EOF + +- # At least NetBSD 1.6 has a nonfunctional utmpx. +- no_utmpx=yes + ;; + *) + ;; +@@ -8339,6 +8340,50 @@ else + echo "$ac_t""no" 1>&6 + fi + ++echo $ac_n "checking for loginx in -lutil""... $ac_c" 1>&6 ++echo "configure:8345: checking for loginx in -lutil" >&5 ++ac_lib_var=`echo util'_'loginx | sed 'y%./+-%__p_%'` ++if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then ++ echo $ac_n "(cached) $ac_c" 1>&6 ++else ++ ac_save_LIBS="$LIBS" ++LIBS="-lutil $LIBS" ++cat > conftest.$ac_ext <<EOF ++#line 8353 "configure" ++#include "confdefs.h" ++/* Override any gcc2 internal prototype to avoid an error. */ ++/* We use char because int might match the return type of a gcc2 ++ builtin and then its argument prototype would still apply. */ ++char loginx(); ++ ++int main() { ++loginx() ++; return 0; } ++EOF ++if { (eval echo configure:8364: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++ rm -rf conftest* ++ eval "ac_cv_lib_$ac_lib_var=yes" ++else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ eval "ac_cv_lib_$ac_lib_var=no" ++fi ++rm -f conftest* ++LIBS="$ac_save_LIBS" ++ ++fi ++if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then ++ echo "$ac_t""yes" 1>&6 ++ cat >> confdefs.h <<\EOF ++#define HAVE_LIBUTIL_LOGINX 1 ++EOF ++ ++ LIBS="$LIBS -lutil" ++else ++ echo "$ac_t""no" 1>&6 ++fi ++ + + if test -z "$no_vhangup"; then + for ac_func in vhangup +@@ -8678,8 +8723,44 @@ EOF + fi + echo "$ac_t""$ac_cv_have_proto_logout" 1>&6 + ++echo $ac_n "checking whether there is a prototype for logoutx""... $ac_c" 1>&6 ++echo "configure:8728: checking whether there is a prototype for logoutx" >&5 ++if eval "test \"`echo '$''{'ac_cv_have_proto_logoutx'+set}'`\" = set"; then ++ echo $ac_n "(cached) $ac_c" 1>&6 ++else ++ cat > conftest.$ac_ext <<EOF ++#line 8733 "configure" ++#include "confdefs.h" ++ $session_wtmp_includes ++/* If someone has a prototype like this for anything, then... well. */ ++void * logoutx(void *, int *, char *, int, char, void *[6][8][10][3][4], ...); ++ ++int main() { ++ ; ++; return 0; } ++EOF ++if { (eval echo configure:8743: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++ rm -rf conftest* ++ ac_cv_have_proto_logoutx=no ++else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ ac_cv_have_proto_logoutx=yes ++fi ++rm -f conftest* ++fi ++ ++if test "$ac_cv_have_proto_logoutx" = "yes"; then ++ cat >> confdefs.h <<\EOF ++#define HAVE_PROTO_LOGOUTX 1 ++EOF ++ ++fi ++echo "$ac_t""$ac_cv_have_proto_logoutx" 1>&6 ++ + echo $ac_n "checking whether there is a prototype for logwtmp""... $ac_c" 1>&6 +-echo "configure:8683: checking whether there is a prototype for logwtmp" >&5 ++echo "configure:8764: checking whether there is a prototype for logwtmp" >&5 + if eval "test \"`echo '$''{'ac_cv_have_proto_logwtmp'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -8714,6 +8795,42 @@ EOF fi -+AC_CHECK_LIB(util, openpty, LIBS="$LIBS -lutil" -+ pty="openpty") - AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) - LIBS="$LIBS -lutil") + echo "$ac_t""$ac_cv_have_proto_logwtmp" 1>&6 ++echo $ac_n "checking whether there is a prototype for logwtmpx""... $ac_c" 1>&6 ++echo "configure:8800: checking whether there is a prototype for logwtmpx" >&5 ++if eval "test \"`echo '$''{'ac_cv_have_proto_logwtmpx'+set}'`\" = set"; then ++ echo $ac_n "(cached) $ac_c" 1>&6 ++else ++ cat > conftest.$ac_ext <<EOF ++#line 8805 "configure" ++#include "confdefs.h" ++ $session_wtmp_includes ++/* If someone has a prototype like this for anything, then... well. */ ++void * logwtmpx(void *, int *, char *, int, char, void *[6][8][10][3][4], ...); ++ ++int main() { ++ ; ++; return 0; } ++EOF ++if { (eval echo configure:8815: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++ rm -rf conftest* ++ ac_cv_have_proto_logwtmpx=no ++else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ ac_cv_have_proto_logwtmpx=yes ++fi ++rm -f conftest* ++fi ++ ++if test "$ac_cv_have_proto_logwtmpx" = "yes"; then ++ cat >> confdefs.h <<\EOF ++#define HAVE_PROTO_LOGWTMPX 1 ++EOF ++ ++fi ++echo "$ac_t""$ac_cv_have_proto_logwtmpx" 1>&6 ++ + for ac_func in initgroups + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 diff --git a/security/ssh2/patches/patch-af b/security/ssh2/patches/patch-af index ac9f0270d49..f263ae111b8 100644 --- a/security/ssh2/patches/patch-af +++ b/security/ssh2/patches/patch-af @@ -1,55 +1,54 @@ -$NetBSD: patch-af,v 1.3 2003/01/12 15:15:52 seb Exp $ +$NetBSD: patch-af,v 1.4 2003/08/12 19:08:58 seb Exp $ ---- configure.orig Sat Jan 11 23:22:52 2003 -+++ configure -@@ -8203,8 +8203,49 @@ else - fi +--- lib/sshsession/wtmp.c.orig 2003-06-30 12:22:13.000000000 +0000 ++++ lib/sshsession/wtmp.c +@@ -34,6 +34,13 @@ In particular, this updates: + # include <sys/mkdev.h> /* for minor() */ + # endif /* HAVE_SYS_MKDEV_H */ + # endif /* !SCO */ ++# if !defined(WTMPX_FILE) ++# if defined(_WTMPX_FILE) /* Solaris without _XPG4_2 or with __EXTENSIONS__ */ ++# define WTMPX_FILE _WTMPX_FILE ++# elif defined(_PATH_WTMPX) /* NetBSD at least */ ++# define WTMPX_FILE _PATH_WTMPX ++# endif ++# endif + #endif /* HAVE_UTMPX_H */ + #ifdef HAVE_USERSEC_H + # include <usersec.h> +@@ -62,9 +69,15 @@ void login(const struct utmp *); + #ifndef HAVE_PROTO_LOGOUT + int logout(const char *); + #endif /* !HAVE_PROTO_LOGOUT */ ++#ifndef HAVE_PROTO_LOGOUTX ++int logoutx(const char *, int, int); ++#endif /* !HAVE_PROTO_LOGOUTX */ + #ifndef HAVE_PROTO_LOGWTMP + void logwtmp(const char *, const char *, const char *); + #endif /* !HAVE_PROTO_LOGWTMP */ ++#ifndef HAVE_PROTO_LOGWTMPX ++void logwtmpx(const char *, const char *, const char *, int, int); ++#endif /* !HAVE_PROTO_LOGWTMPX */ - fi -+echo $ac_n "checking for openpty in -lutil""... $ac_c" 1>&6 -+echo "configure:8208: checking for openpty in -lutil" >&5 -+ac_lib_var=`echo util'_'openpty | sed 'y%./+-%__p_%'` -+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then -+ echo $ac_n "(cached) $ac_c" 1>&6 -+else -+ ac_save_LIBS="$LIBS" -+LIBS="-lutil $LIBS" -+cat > conftest.$ac_ext <<EOF -+#line 8216 "configure" -+#include "confdefs.h" -+/* Override any gcc2 internal prototype to avoid an error. */ -+/* We use char because int might match the return type of a gcc2 -+ builtin and then its argument prototype would still apply. */ -+char openpty(); -+ -+int main() { -+openpty() -+; return 0; } -+EOF -+if { (eval echo configure:8227: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -+ rm -rf conftest* -+ eval "ac_cv_lib_$ac_lib_var=yes" -+else -+ echo "configure: failed program was:" >&5 -+ cat conftest.$ac_ext >&5 -+ rm -rf conftest* -+ eval "ac_cv_lib_$ac_lib_var=no" -+fi -+rm -f conftest* -+LIBS="$ac_save_LIBS" -+ -+fi -+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then -+ echo "$ac_t""yes" 1>&6 -+ LIBS="$LIBS -lutil" -+ pty="openpty" -+else -+ echo "$ac_t""no" 1>&6 -+fi -+ - echo $ac_n "checking for login in -lutil""... $ac_c" 1>&6 --echo "configure:8208: checking for login in -lutil" >&5 -+echo "configure:8249: checking for login in -lutil" >&5 - ac_lib_var=`echo util'_'login | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + /* Returns the time when the user last logged in, and name of the host + from which the user logged in from. Returns 0 if the information +@@ -217,7 +230,7 @@ void ssh_user_record_login(SshUser user, + # endif /* LASTLOG_IS_DIR */ + #endif /* HAVE_LASTLOG_H || HAVE_LASTLOG */ + +-#if defined(HAVE_UTMP_H) && !defined(HAVE_UTMPX_H) ++#if defined(HAVE_UTMP_H) && (!defined(HAVE_UTMPX_H) || defined(SSH_UTMP_UTMPX)) + struct utmp u; + const char *utmp, *wtmp; + +@@ -587,6 +600,10 @@ void ssh_user_record_logout(pid_t pid, c + const char *line = ttyname + 5; /* /dev/ttyq8 -> ttyq8 */ + if (logout((char *)line)) + logwtmp((char *)line, "", ""); ++# ifdef HAVE_LIBUTIL_LOGINX ++ if (logoutx((char *)line, 0, DEAD_PROCESS)) ++ logwtmpx((char *)line, "", "", 0, DEAD_PROCESS); ++# endif + #else /* HAVE_LIBUTIL_LOGIN */ + ssh_user_record_login(NULL, pid, ttyname, "", ""); + #endif /* HAVE_LIBUTIL_LOGIN */ diff --git a/security/ssh2/patches/patch-ag b/security/ssh2/patches/patch-ag index 1c5845ebc8f..53c31bae90f 100644 --- a/security/ssh2/patches/patch-ag +++ b/security/ssh2/patches/patch-ag @@ -1,14 +1,47 @@ -$NetBSD: patch-ag,v 1.1.1.1 2002/08/06 00:48:14 seb Exp $ +$NetBSD: patch-ag,v 1.2 2003/08/12 19:08:58 seb Exp $ ---- lib/sshsession/pty-openpty.c.orig Thu May 16 10:32:17 2002 -+++ lib/sshsession/pty-openpty.c -@@ -18,6 +18,9 @@ and BSD 4.4. - #ifdef HAVE_PTY_H - #include <pty.h> - #endif /* HAVE_PTY_H */ -+#ifdef HAVE_UTIL_H -+#include <util.h> -+#endif /* HAVE_UTIL_H */ - - /* Allocates a pty using a machine-specific method, and returns the - master side pty in *ptyfd, the child side in *ttyfd, and the name of the +--- sshconf.h.in.orig 2003-06-30 12:22:30.000000000 +0000 ++++ sshconf.h.in +@@ -1,4 +1,4 @@ +-/* sshconf.h.in. Generated automatically from configure.in by autoheader 2.13. */ ++/* sshconf.h.in. Generated automatically from configure.in by autoheader. */ + #ifndef SSHCONF_H + #define SSHCONF_H + +@@ -256,6 +256,10 @@ library. */ + and logwtmp() calls. */ + #undef HAVE_LIBUTIL_LOGIN + ++/* Define this if libutil.a contains loginx(), logoutx(), ++ and logwtmpx() calls. */ ++#undef HAVE_LIBUTIL_LOGINX ++ + /* Location of system mail spool directory. */ + #undef MAIL_SPOOL_DIRECTORY + +@@ -271,9 +275,15 @@ library. */ + /* Define this if a prototype for logout() is defined in system headers. */ + #undef HAVE_PROTO_LOGOUT + ++/* Define this if a prototype for logoutx() is defined in system headers. */ ++#undef HAVE_PROTO_LOGOUTX ++ + /* Define this if a prototype for logwtmp() is defined in system headers. */ + #undef HAVE_PROTO_LOGWTMP + ++/* Define this if a prototype for logwtmpx() is defined in system headers. */ ++#undef HAVE_PROTO_LOGWTMPX ++ + /* Define this if a prototype for initgroups() is defined in system headers. */ + #undef HAVE_PROTO_INITGROUPS + +@@ -407,6 +417,9 @@ library. */ + /* Define this to point to where sshd2 should store it's pidfile. */ + #undef SSHD_PIDDIR + ++/* Define if both utmp and utmpx entries should be handled */ ++#undef SSH_UTMP_UTMPX ++ + /* Enable the RSA code. */ + #undef WITH_RSA + diff --git a/security/ssh2/patches/patch-ah b/security/ssh2/patches/patch-ah deleted file mode 100644 index 2fb06b9002d..00000000000 --- a/security/ssh2/patches/patch-ah +++ /dev/null @@ -1,18 +0,0 @@ -$NetBSD: patch-ah,v 1.1.1.1 2002/08/06 00:48:14 seb Exp $ - ---- lib/sshsession/sshunixuser.c.orig Thu May 16 10:32:17 2002 -+++ lib/sshsession/sshunixuser.c -@@ -1854,6 +1854,13 @@ SshGroup *ssh_user_get_groups(SshUser uc - } - - endgrent(); -+ /* groups array is assumed to end in a NULL pointer, so make sure we have -+ room for it */ -+ if (count >= allocated) -+ { -+ allocated++; -+ groups = ssh_xrealloc(groups, allocated*sizeof(SshGroup)); -+ } - groups[count] = NULL; - uc->groups = groups; - #else /* HAVE_GETGRENT */ |