diff options
| author | itojun <itojun> | 2000-07-02 22:07:55 +0000 |
|---|---|---|
| committer | itojun <itojun> | 2000-07-02 22:07:55 +0000 |
| commit | dcc7ef1101214bbfd10053f3cab812c9a9538001 (patch) | |
| tree | c810f6dc5de421a81e580999e4ca6df7be03bdbd /security | |
| parent | 13fb831180cb42fa7fe48b329d4eec190acd073c (diff) | |
| download | pkgsrc-dcc7ef1101214bbfd10053f3cab812c9a9538001.tar.gz | |
upgrade fro 2.1.1p1 to 2.1.1p2.
--- recent changelogs
20000701
- (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
- (djm) Login fixes from Tom Bertelson <tbert@abac.com>
- (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
<vinschen@cygnus.com>
- (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
- (djm) Added check for broken snprintf() functions which do not correctly
terminate output string and attempt to use replacement.
- (djm) Released 2.1.1p2
20000628
- (djm) Fixes to lastlog code for Irix
- (djm) Use atomicio in loginrec
- (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
Irix 6.x array sessions, project id's, and system audit trail id.
- (djm) Added 'distprep' make target to simplify packaging
- (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
support. Enable using "USE_SIA=1 ./configure [options]"
20000627
- (djm) Fixes to login code - not setting li->uid, cleanups
- (djm) Formatting
20000626
- (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
- (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
- (djm) Added password expiry checking (no password change support)
- (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
- (djm) Fix fixed EGD code.
- OpenBSD CVS update
- provos@cvs.openbsd.org 2000/06/25 14:17:58
[channels.c]
correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
20000623
- (djm) Use sa_family_t in prototype for rresvport_af. Patch from
Svante Signell <svante.signell@telia.com>
- (djm) Autoconf logic to define sa_family_t if it is missing
- OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/06/22 10:32:27
[sshd.c]
missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
- djm@cvs.openbsd.org 2000/06/22 17:55:00
[auth-krb4.c key.c radix.c uuencode.c]
Missing CVS idents; ok markus
20000622
- (djm) Automatically generate host key during "make install". Suggested
by Gary E. Miller <gem@rellim.com>
- (djm) Paranoia before kill() system call
- OpenBSD CVS Updates:
- markus@cvs.openbsd.org 2000/06/18 18:50:11
[auth2.c compat.c compat.h sshconnect2.c]
make userauth+pubkey interop with ssh.com-2.2.0
- markus@cvs.openbsd.org 2000/06/18 20:56:17
[dsa.c]
mem leak + be more paranoid in dsa_verify.
- markus@cvs.openbsd.org 2000/06/18 21:29:50
[key.c]
cleanup fingerprinting, less hardcoded sizes
- markus@cvs.openbsd.org 2000/06/19 19:39:45
[atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
[buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
[clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
[deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
[kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
[nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
[rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
[ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
OpenBSD tag
- markus@cvs.openbsd.org 2000/06/21 10:46:10
sshconnect2.c missing free; nuke old comment
20000620
- (djm) Replace use of '-o' and '-a' logical operators in configure tests
with '||' and '&&'. As suggested by Jim Knoble <jmknoble@pint-stowp.cx>
to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
- (djm) Typo in loginrec.c
20000618
- (djm) Add summary of configure options to end of ./configure run
- (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
Michael Stone <mstone@cs.loyola.edu>
- (djm) rusage is a privileged operation on some Unices (incl.
Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
- (djm) Avoid PAM failures when running without a TTY. Report from
Martin Petrak <petrak@spsknm.schools.sk>
- (djm) Include sys/types.h when including netinet/in.h in configure tests.
Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
- (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
- OpenBSD CVS updates:
- deraadt@cvs.openbsd.org 2000/06/17 09:58:46
[channels.c]
everyone says "nix it" (remove protocol 2 debugging message)
- markus@cvs.openbsd.org 2000/06/17 13:24:34
[sshconnect.c]
allow extended server banners
- markus@cvs.openbsd.org 2000/06/17 14:30:10
[sshconnect.c]
missing atomicio, typo
- jakob@cvs.openbsd.org 2000/06/17 16:52:34
[servconf.c servconf.h session.c sshd.8 sshd_config]
add support for ssh v2 subsystems. ok markus@.
- deraadt@cvs.openbsd.org 2000/06/17 18:57:48
[readconf.c servconf.c]
include = in WHITESPACE; markus ok
- markus@cvs.openbsd.org 2000/06/17 19:09:10
[auth2.c]
implement bug compatibility with ssh-2.0.13 pubkey, server side
- markus@cvs.openbsd.org 2000/06/17 21:00:28
[compat.c]
initial support for ssh.com's 2.2.0
- markus@cvs.openbsd.org 2000/06/17 21:16:09
[scp.c]
typo
- markus@cvs.openbsd.org 2000/06/17 22:05:02
[auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
split auth-rsa option parsing into auth-options
add options support to authorized_keys2
- markus@cvs.openbsd.org 2000/06/17 22:42:54
[session.c]
typo
20000613
- (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
- Platform define for SCO 3.x which breaks on /dev/ptmx
- Detect and try to fix missing MAXPATHLEN
- (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
<P.S.S.Camp@ukc.ac.uk>
20000612
- (djm) Glob manpages in RPM spec files to catch compressed files
- (djm) Full license in auth-pam.c
- (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
- (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
- Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
def'd
- Set AIX to use preformatted manpages
20000610
- (djm) Minor doc tweaks
- (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
20000609
- (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
(in favour of utmpx) on Solaris 8
20000606
- (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
list of commands (by default). Removed verbose debugging (by default).
- (djm) Increased command entropy estimates and default entropy collection
timeout
- (djm) Remove duplicate headers from loginrec.c
- (djm) Don't add /usr/local/lib to library search path on Irix
- (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
<tibbs@math.uh.edu>
- (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
<zack@wolery.cumb.org>
- (djm) OpenBSD CVS updates:
- todd@cvs.openbsd.org
[sshconnect2.c]
teach protocol v2 to count login failures properly and also enable an
explanation of why the password prompt comes up again like v1; this is NOT
crypto
- markus@cvs.openbsd.org
[readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
xauth_location support; pr 1234
[readconf.c sshconnect2.c]
typo, unused
[session.c]
allow use_login only for login sessions, otherwise remote commands are
execed with uid==0
[sshd.8]
document UseLogin better
[version.h]
OpenSSH 2.1.1
[auth-rsa.c]
fix match_hostname() logic for auth-rsa: deny access if we have a
negative match or no match at all
[channels.c hostfile.c match.c]
don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
kris@FreeBSD.org
Diffstat (limited to 'security')
| -rw-r--r-- | security/openssh/Makefile | 4 | ||||
| -rw-r--r-- | security/openssh/files/md5 | 4 | ||||
| -rw-r--r-- | security/openssh/files/patch-sum | 8 | ||||
| -rw-r--r-- | security/openssh/patches/patch-aa | 23 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ah | 26 | ||||
| -rw-r--r-- | security/openssh/patches/patch-al | 42 | ||||
| -rw-r--r-- | security/openssh/patches/patch-am | 11 |
7 files changed, 79 insertions, 39 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 31ec2c9b188..10f832a8dce 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.14 2000/07/01 01:16:39 itojun Exp $ +# $NetBSD: Makefile,v 1.15 2000/07/02 22:07:55 itojun Exp $ # -DISTNAME= openssh-2.1.1p1 +DISTNAME= openssh-2.1.1p2 CATEGORIES= security MASTER_SITES= http://the.wiretapped.net/security/cryptography/ssh/OpenSSH/files/ \ http://www.firedrake.org/openssh/files/ \ diff --git a/security/openssh/files/md5 b/security/openssh/files/md5 index 11d5db8fe82..2912b9210ec 100644 --- a/security/openssh/files/md5 +++ b/security/openssh/files/md5 @@ -1,3 +1,3 @@ -$NetBSD: md5,v 1.5 2000/06/15 04:56:50 itojun Exp $ +$NetBSD: md5,v 1.6 2000/07/02 22:07:56 itojun Exp $ -MD5 (openssh-2.1.1p1.tar.gz) = e043cabc802d7d0790f5aaaea31185b2 +MD5 (openssh-2.1.1p2.tar.gz) = 261de4f02ea8f50f1f0566b40821034a diff --git a/security/openssh/files/patch-sum b/security/openssh/files/patch-sum index d95aec6470b..ed59caf032f 100644 --- a/security/openssh/files/patch-sum +++ b/security/openssh/files/patch-sum @@ -1,11 +1,13 @@ -$NetBSD: patch-sum,v 1.10 2000/06/15 04:56:50 itojun Exp $ +$NetBSD: patch-sum,v 1.11 2000/07/02 22:07:56 itojun Exp $ -MD5 (patch-aa) = 45b54d94970c6b58478641edaea06ee8 +MD5 (patch-aa) = 9de9202a42d721e8027f9f829a3af96c MD5 (patch-ac) = 5bdf4a142210aea600f3bf6f3ac14010 MD5 (patch-ae) = 0076ca9d2343f21a304a3eee1a82c3cc MD5 (patch-af) = 601161a5721c12fa31ae5dcfc1f88a91 MD5 (patch-ag) = 037888228d97283b54d1232daf3945a2 -MD5 (patch-ah) = 2699d4a4c560b1896d756d3799e1614b +MD5 (patch-ah) = 0c144a44edc914f64ebf5bb5fb0ff401 MD5 (patch-ai) = c2621996e146a82e7deea0363a0e68c9 MD5 (patch-aj) = 5397d9fbfe54544fd186831cfe979329 MD5 (patch-ak) = 1bd755c11128b2b8d7ecc894e70b82c7 +MD5 (patch-al) = dde98ebfbbe801c5042a803e0e0df0d3 +MD5 (patch-am) = 6b53bafd568db64bf16d9aa5582733e3 diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa index 56f3f09ef0e..4d7e5ff7beb 100644 --- a/security/openssh/patches/patch-aa +++ b/security/openssh/patches/patch-aa @@ -1,14 +1,11 @@ -$NetBSD: patch-aa,v 1.7 2000/05/31 15:32:44 itojun Exp $ +$NetBSD: patch-aa,v 1.8 2000/07/02 22:07:56 itojun Exp $ ---- configure.in Tue May 30 11:57:47 2000 -+++ configure.in Wed May 31 18:31:52 2000 -@@ -447,3 +447,5 @@ - [ -+#include <sys/types.h> - #include <netinet/in.h> -+#include <sys/socket.h> - ], -@@ -461,2 +463,3 @@ - [ -+#include <sys/types.h> - #include <netinet/in.h> +--- configure.in.orig Sat Jul 1 15:52:55 2000 ++++ configure.in Mon Jul 3 06:49:00 2000 +@@ -647,2 +647,6 @@ + ++OSSH_CHECK_HEADER_FOR_FIELD(ut_name, utmp.h, HAVE_NAME_IN_UTMP) ++OSSH_CHECK_HEADER_FOR_FIELD(ut_name, utmpx.h, HAVE_NAME_IN_UTMPX) ++OSSH_CHECK_HEADER_FOR_FIELD(ut_user, utmp.h, HAVE_USER_IN_UTMP) ++OSSH_CHECK_HEADER_FOR_FIELD(ut_user, utmpx.h, HAVE_USER_IN_UTMPX) + OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP) diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah index c15b1b265ae..f23fe12d35b 100644 --- a/security/openssh/patches/patch-ah +++ b/security/openssh/patches/patch-ah @@ -1,19 +1,13 @@ -$NetBSD: patch-ah,v 1.5 2000/05/31 15:32:44 itojun Exp $ +$NetBSD: patch-ah,v 1.6 2000/07/02 22:07:56 itojun Exp $ ---- Makefile.in.orig Sat May 20 14:33:44 2000 -+++ Makefile.in Wed May 31 18:55:11 2000 -@@ -6,6 +6,7 @@ - mandir=@mandir@ - mansubdir=@mansubdir@ +--- Makefile.in.orig Tue Jun 27 15:24:49 2000 ++++ Makefile.in Sun Jul 2 14:30:43 2000 +@@ -8,2 +8,3 @@ sysconfdir=@sysconfdir@ +examplesdir=@prefix@/share/examples/ssh piddir=@piddir@ - srcdir=@srcdir@ - top_srcdir=@top_srcdir@ -@@ -131,14 +132,14 @@ - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 +@@ -141,6 +142,6 @@ ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 - - if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config -a ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \ - ./mkinstalldirs $(DESTDIR)$(sysconfdir); \ - $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \ @@ -23,16 +17,12 @@ $NetBSD: patch-ah,v 1.5 2000/05/31 15:32:44 itojun Exp $ + $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(examplesdir)/ssh_config; \ + $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(examplesdir)/sshd_config; \ fi - if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ +@@ -148,3 +149,3 @@ $(PERL) fixprogs ssh_prng_cmds $(ENT); \ - $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ + $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(examplesdir)/ssh_prng_cmds; \ fi - - host-key: ssh-keygen -@@ -146,10 +147,10 @@ - ./ssh-keygen -d -f $(sysconfdir)/ssh_host_dsa_key -N "" - +@@ -168,6 +169,6 @@ uninstallall: uninstall - -rm -f $(DESTDIR)$(sysconfdir)/ssh_config - -rm -f $(DESTDIR)$(sysconfdir)/sshd_config @@ -43,5 +33,3 @@ $NetBSD: patch-ah,v 1.5 2000/05/31 15:32:44 itojun Exp $ + -rm -f $(DESTDIR)$(examplesdir)/ssh_prng_cmds + -rmdir $(DESTDIR)$(examplesdir) -rmdir $(DESTDIR)$(bindir) - -rmdir $(DESTDIR)$(sbindir) - -rmdir $(DESTDIR)$(mandir)/$(mansubdir)1 diff --git a/security/openssh/patches/patch-al b/security/openssh/patches/patch-al new file mode 100644 index 00000000000..97badb24e03 --- /dev/null +++ b/security/openssh/patches/patch-al @@ -0,0 +1,42 @@ +$NetBSD: patch-al,v 1.1 2000/07/02 22:07:56 itojun Exp $ + +--- loginrec.c- Mon Jul 3 06:49:20 2000 ++++ loginrec.c Mon Jul 3 06:51:59 2000 +@@ -618,3 +618,9 @@ + /* Use strncpy because we don't necessarily want null termination */ ++# ifdef HAVE_USER_IN_UTMP + strncpy(ut->ut_user, li->username, MIN_SIZEOF(ut->ut_user, li->username)); ++# elif defined(HAVE_NAME_IN_UTMP) ++ strncpy(ut->ut_name, li->username, MIN_SIZEOF(ut->ut_name, li->username)); ++# else ++# error no ut_user nor ut_name ++# endif + # ifdef HAVE_HOST_IN_UTMP +@@ -1008,4 +1014,12 @@ + { ++# ifdef HAVE_USER_IN_UTMP + if (strncmp(li->username, ut->ut_user, +- MIN_SIZEOF(li->username, ut->ut_user)) == 0) { ++ MIN_SIZEOF(li->username, ut->ut_user)) == 0) ++# elif defined(HAVE_NAME_IN_UTMP) ++ if (strncmp(li->username, ut->ut_name, ++ MIN_SIZEOF(li->username, ut->ut_name)) == 0) ++# else ++# error no ut_user nor ut_name ++# endif ++ { + # ifdef HAVE_TYPE_IN_UTMP +@@ -1163,4 +1177,12 @@ + { ++# ifdef HAVE_USER_IN_UTMP + if ( strncmp(li->username, utx->ut_user, +- MIN_SIZEOF(li->username, utx->ut_user)) == 0 ) { ++ MIN_SIZEOF(li->username, utx->ut_user)) == 0 ) ++# elif defined(HAVE_NAME_IN_UTMP) ++ if ( strncmp(li->username, utx->ut_name, ++ MIN_SIZEOF(li->username, utx->ut_name)) == 0 ) ++# else ++# error no ut_user nor ut_name ++# endif ++ { + # ifdef HAVE_TYPE_IN_UTMPX diff --git a/security/openssh/patches/patch-am b/security/openssh/patches/patch-am new file mode 100644 index 00000000000..aff55275033 --- /dev/null +++ b/security/openssh/patches/patch-am @@ -0,0 +1,11 @@ +$NetBSD: patch-am,v 1.1 2000/07/02 22:07:56 itojun Exp $ + +--- acconfig.h- Mon Jul 3 06:58:28 2000 ++++ acconfig.h Mon Jul 3 06:58:09 2000 +@@ -49,2 +49,6 @@ + /* struct utmp and struct utmpx fields */ ++#undef HAVE_NAME_IN_UTMP ++#undef HAVE_NAME_IN_UTMPX ++#undef HAVE_USER_IN_UTMP ++#undef HAVE_USER_IN_UTMPX + #undef HAVE_HOST_IN_UTMP |