diff options
| author | martti <martti> | 2001-12-03 08:21:21 +0000 |
|---|---|---|
| committer | martti <martti> | 2001-12-03 08:21:21 +0000 |
| commit | c43c2b0254fd77a72b7afa2d08fc7400e93ffd72 (patch) | |
| tree | fbec7bcfd54a69fe9331dca20123fd102d19ed94 /security | |
| parent | 2de7752c54686820f8094e82fece4858f66c6f6c (diff) | |
| download | pkgsrc-c43c2b0254fd77a72b7afa2d08fc7400e93ffd72.tar.gz | |
* Updated to 3.0.2.1
* Disabled scard-install (patch/patch-ah -- Do we need/want it?)
Changes since 2.9.9.2:
- Don't allow authorized_keys specified environment variables when
UseLogin in active
- Fix IPv4 default in ssh-keyscan
- Fix early (and double) free of remote user when using Kerberos
- fix krb5 authorization check
- enable authorized_keys2 again
- ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
- make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
- pad using the padding field from the ssh2 packet instead of sending
extra ignore messages
- missing free and sync dss/rsa code
- crank c->path to 256 so they can hold a full hostname
- cleanup libwrap support
- Fix fd leak in loginrec.c
- avoid possible FD_ISSET overflow for channels established
during channnel_after_select()
- chdir $HOME after krb_afslog()
- stat subsystem command before calling do_exec
- close all channels if the connection to the remote host has been closed,
should fix sshd's hanging with WCHAN==wait
- add NoHostAuthenticationForLocalhost; note that the hostkey is
now check for localhost, too
- loginrec.c: fix type conversion problems exposed when using 64-bit off_t
- Update spec files for new x11-askpass
Diffstat (limited to 'security')
| -rw-r--r-- | security/openssh/Makefile | 6 | ||||
| -rw-r--r-- | security/openssh/distinfo | 12 | ||||
| -rw-r--r-- | security/openssh/patches/patch-aa | 68 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ab | 32 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ah | 25 |
5 files changed, 74 insertions, 69 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 1667b95dd27..f37b7d8f712 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.59 2001/10/21 10:27:21 wiz Exp $ +# $NetBSD: Makefile,v 1.60 2001/12/03 08:21:21 martti Exp $ -DISTNAME= openssh-2.9.9p2 -PKGNAME= openssh-2.9.9.2 +DISTNAME= openssh-3.0.2p1 +PKGNAME= openssh-3.0.2.1 SVR4_PKGNAME= ossh CATEGORIES= security MASTER_SITES= ftp://gd.tuwien.ac.at/OpenBSD/OpenSSH/portable/ \ diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 30c924cdefb..ab7be93d78d 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.7 2001/09/27 05:12:54 itojun Exp $ +$NetBSD: distinfo,v 1.8 2001/12/03 08:21:22 martti Exp $ -SHA1 (openssh-2.9.9p2.tar.gz) = 4b2949dcf87bb484a2dcb6eb03312f97561f819c -Size (openssh-2.9.9p2.tar.gz) = 697371 bytes -SHA1 (patch-aa) = 99e51831871fc9f7fc3799c0092e44b0326da9df -SHA1 (patch-ab) = 15196cd4448f189342dc4c0fa618005832c94cfc -SHA1 (patch-ah) = 7adbe390d4397b284061a213f08a9c7933fcd954 +SHA1 (openssh-3.0.2p1.tar.gz) = c9a7e02936ace163ea58ec42e8e3f95df27fef2a +Size (openssh-3.0.2p1.tar.gz) = 781092 bytes +SHA1 (patch-aa) = 145bf76d30bb1869f58ce7509e2b2052f7423b1d +SHA1 (patch-ab) = 38bd428ecad2ac22e116baf729f06a241e837acb +SHA1 (patch-ah) = 0753da3a941094313a65e8e998fcc2a3434a6ae4 diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa index e12466e114a..3d4f4f3adcf 100644 --- a/security/openssh/patches/patch-aa +++ b/security/openssh/patches/patch-aa @@ -1,8 +1,8 @@ -$NetBSD: patch-aa,v 1.17 2001/09/27 05:12:54 itojun Exp $ +$NetBSD: patch-aa,v 1.18 2001/12/03 08:21:22 martti Exp $ ---- configure.orig Wed Sep 26 07:50:31 2001 -+++ configure Thu Sep 27 13:50:35 2001 -@@ -1811,7 +1811,7 @@ +--- configure.orig Sun Dec 2 00:38:55 2001 ++++ configure Mon Dec 3 08:41:49 2001 +@@ -3557,7 +3557,7 @@ ;; *-*-netbsd*) @@ -11,53 +11,53 @@ $NetBSD: patch-aa,v 1.17 2001/09/27 05:12:54 itojun Exp $ ;; *-*-freebsd*) check_for_libcrypt_later=1 -@@ -1843,7 +1843,7 @@ +@@ -3589,7 +3589,7 @@ *-*-solaris*) CPPFLAGS="$CPPFLAGS -I/usr/local/include" - LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" + LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" - need_dash_r=1 + #need_dash_r=1 # buildlink.mk - cat >> confdefs.h <<\EOF + cat >>confdefs.h <<\_ACEOF #define PAM_SUN_CODEBASE 1 - EOF -@@ -3208,6 +3208,7 @@ + _ACEOF +@@ -6216,6 +6216,7 @@ # Check whether user wants TCP wrappers support - TCPW_MSG="no" + TCPW_MSG="no" +TCPW_LIB="" + # Check whether --with-tcp-wrappers or --without-tcp-wrappers was given. if test "${with_tcp_wrappers+set}" = set; then - withval="$with_tcp_wrappers" -@@ -3221,6 +3222,8 @@ - #line 3222 "configure" +@@ -6252,6 +6253,8 @@ + #line 6252 "configure" #include "confdefs.h" +#include <sys/cdefs.h> +#include <stdio.h> #include <tcpd.h> int deny_severity = 0, allow_severity = 0; - -@@ -3237,6 +3240,7 @@ - EOF - TCPW_MSG="yes" -+ TCPW_LIB="-lwrap" - +@@ -6289,6 +6292,7 @@ + _ACEOF + + TCPW_MSG="yes" ++ TCPW_LIB="-lwrap" + else - echo "configure: failed program was:" >&5 -@@ -3248,6 +3252,7 @@ - + echo "$as_me: failed program was:" >&5 +@@ -6300,6 +6304,7 @@ + fi - rm -f conftest* -+ LIBS="$saved_LIBS" + rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext ++LIBS="$saved_LIBS" fi - - -@@ -9370,6 +9375,7 @@ - s%@TEST_MINUS_S_SH@%$TEST_MINUS_S_SH%g - s%@LOGIN_PROGRAM_FALLBACK@%$LOGIN_PROGRAM_FALLBACK%g - s%@LD@%$LD%g -+s%@TCPW_LIB@%$TCPW_LIB%g - s%@NO_SFTP@%$NO_SFTP%g - s%@rsh_path@%$rsh_path%g - s%@xauth_path@%$xauth_path%g + + fi; +@@ -15590,6 +15595,7 @@ + s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t + s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t + s,@LD@,$LD,;t t ++s,@TCPW_LIB@,$TCPW_LIB,g + s,@NO_SFTP@,$NO_SFTP,;t t + s,@rsh_path@,$rsh_path,;t t + s,@xauth_path@,$xauth_path,;t t diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab index 29c017e92cd..de74fc5f58b 100644 --- a/security/openssh/patches/patch-ab +++ b/security/openssh/patches/patch-ab @@ -1,8 +1,8 @@ -$NetBSD: patch-ab,v 1.5 2001/09/27 05:12:55 itojun Exp $ +$NetBSD: patch-ab,v 1.6 2001/12/03 08:21:23 martti Exp $ ---- configure.in.orig Wed Sep 26 07:39:38 2001 -+++ configure.in Thu Sep 27 13:51:32 2001 -@@ -138,7 +138,7 @@ +--- configure.ac.orig Mon Dec 3 08:43:01 2001 ++++ configure.ac Mon Dec 3 08:44:59 2001 +@@ -132,7 +132,7 @@ ) ;; *-*-netbsd*) @@ -11,7 +11,7 @@ $NetBSD: patch-ab,v 1.5 2001/09/27 05:12:55 itojun Exp $ ;; *-*-freebsd*) check_for_libcrypt_later=1 -@@ -158,7 +158,7 @@ +@@ -152,7 +152,7 @@ *-*-solaris*) CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" @@ -20,15 +20,15 @@ $NetBSD: patch-ab,v 1.5 2001/09/27 05:12:55 itojun Exp $ AC_DEFINE(PAM_SUN_CODEBASE) AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(LOGIN_NEEDS_TERM) -@@ -454,6 +454,7 @@ +@@ -518,6 +518,7 @@ # Check whether user wants TCP wrappers support - TCPW_MSG="no" + TCPW_MSG="no" +TCPW_LIB="" AC_ARG_WITH(tcp-wrappers, - [ --with-tcp-wrappers Enable tcpwrappers support], - [ -@@ -463,6 +464,8 @@ + [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support + (optionally in PATH)], +@@ -550,6 +551,8 @@ AC_MSG_CHECKING(for libwrap) AC_TRY_LINK( [ @@ -37,21 +37,19 @@ $NetBSD: patch-ab,v 1.5 2001/09/27 05:12:55 itojun Exp $ #include <tcpd.h> int deny_severity = 0, allow_severity = 0; ], -@@ -471,14 +474,17 @@ +@@ -558,6 +561,7 @@ AC_MSG_RESULT(yes) AC_DEFINE(LIBWRAP) - TCPW_MSG="yes" -+ TCPW_LIB="-lwrap" + TCPW_MSG="yes" ++ TCPW_LIB="-lwrap" ], [ AC_MSG_ERROR([*** libwrap missing]) - ] - ) -+ LIBS="$saved_LIBS" +@@ -566,6 +570,7 @@ fi ] ) +AC_SUBST(TCPW_LIB) dnl Checks for library functions. - AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_sa clock dirname fchown fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getopt getnameinfo getrlimit getrusage getttyent glob inet_aton inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty readpassphrase realpath rresvport_af setdtablesize setenv setegid seteuid setlogin setproctitle setresgid setreuid setrlimit setsid setvbuf sigaction sigvec snprintf strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp utimes vsnprintf vhangup waitpid _getpty __b64_ntop) + AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_sa \ diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah index 9e154c818e3..1785fd5e954 100644 --- a/security/openssh/patches/patch-ah +++ b/security/openssh/patches/patch-ah @@ -1,7 +1,7 @@ -$NetBSD: patch-ah,v 1.14 2001/09/27 05:12:55 itojun Exp $ +$NetBSD: patch-ah,v 1.15 2001/12/03 08:21:23 martti Exp $ ---- Makefile.in.orig Tue Sep 18 14:06:22 2001 -+++ Makefile.in Thu Sep 27 13:59:36 2001 +--- Makefile.in.orig Mon Nov 12 00:34:23 2001 ++++ Makefile.in Mon Dec 3 09:07:51 2001 @@ -9,6 +9,7 @@ mandir=@mandir@ mansubdir=@mansubdir@ @@ -27,7 +27,7 @@ $NetBSD: patch-ah,v 1.14 2001/09/27 05:12:55 itojun Exp $ AR=@AR@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ -@@ -97,7 +99,7 @@ +@@ -98,7 +100,7 @@ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) @@ -36,16 +36,23 @@ $NetBSD: patch-ah,v 1.14 2001/09/27 05:12:55 itojun Exp $ scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o $(LD) -o $@ scp.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -@@ -173,7 +175,7 @@ +@@ -176,13 +178,13 @@ autoreconf - (cd scard ; $(MAKE) -f Makefile.in distprep) + (cd scard && $(MAKE) -f Makefile.in distprep) -install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key +install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files scard-install: -@@ -187,6 +189,7 @@ + (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) + +-install-files: scard-install ++install-files: + $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) + $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) +@@ -190,6 +192,7 @@ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) @@ -53,7 +60,7 @@ $NetBSD: patch-ah,v 1.14 2001/09/27 05:12:55 itojun Exp $ $(INSTALL) -m $(SSH_MODE) -s ssh $(DESTDIR)$(bindir)/ssh $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add -@@ -213,23 +216,11 @@ +@@ -216,23 +219,11 @@ if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ fi @@ -80,7 +87,7 @@ $NetBSD: patch-ah,v 1.14 2001/09/27 05:12:55 itojun Exp $ fi if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \ if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \ -@@ -267,10 +258,10 @@ +@@ -270,10 +261,10 @@ ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" uninstallall: uninstall |