summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security/openssh/Makefile8
-rw-r--r--security/openssh/distinfo46
-rw-r--r--security/openssh/options.mk4
-rw-r--r--security/openssh/patches/patch-aa18
-rw-r--r--security/openssh/patches/patch-ab16
-rw-r--r--security/openssh/patches/patch-ad16
-rw-r--r--security/openssh/patches/patch-ag8
-rw-r--r--security/openssh/patches/patch-ah10
-rw-r--r--security/openssh/patches/patch-aj10
-rw-r--r--security/openssh/patches/patch-ak10
-rw-r--r--security/openssh/patches/patch-al8
-rw-r--r--security/openssh/patches/patch-am6
-rw-r--r--security/openssh/patches/patch-an10
-rw-r--r--security/openssh/patches/patch-ao16
-rw-r--r--security/openssh/patches/patch-ap6
-rw-r--r--security/openssh/patches/patch-aq10
-rw-r--r--security/openssh/patches/patch-ar6
-rw-r--r--security/openssh/patches/patch-av18
-rw-r--r--security/openssh/patches/patch-aw6
19 files changed, 116 insertions, 116 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index f496b58b631..986c4ac3c34 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.191 2009/05/01 14:27:34 zafer Exp $
+# $NetBSD: Makefile,v 1.192 2009/05/21 03:22:29 taca Exp $
-DISTNAME= openssh-5.1p1
-PKGNAME= openssh-5.1.1
+DISTNAME= openssh-5.2p1
+PKGNAME= openssh-5.2.1
SVR4_PKGNAME= ossh
CATEGORIES= security
MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
@@ -14,7 +14,7 @@ MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
ftp://mirror.pacific.net.au/OpenBSD/OpenSSH/portable/
# Don't delete the last entry -- it's there if the pkgsrc version is not
# up-to-date and the mirrors already removed the old distfile.
-DIST_SUBDIR= ${PKGBASE}-5.1.1-20080916
+DIST_SUBDIR= ${PKGBASE}-5.2.1-20090521
MAINTAINER= pkgsrc-users@NetBSD.org
HOMEPAGE= http://www.openssh.com/
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index 6f39c5826d3..72ed3233e3e 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,29 +1,29 @@
-$NetBSD: distinfo,v 1.71 2008/09/16 12:53:08 taca Exp $
+$NetBSD: distinfo,v 1.72 2009/05/21 03:22:29 taca Exp $
-SHA1 (openssh-5.1.1-20080916/openssh-5.1p1-hpn13v5.diff.gz) = c2911f04f8d46a28afa9f9cbb7ec226cb2c893d1
-RMD160 (openssh-5.1.1-20080916/openssh-5.1p1-hpn13v5.diff.gz) = 6466cd0825e80366adc1978069e3c61255e0bde7
-Size (openssh-5.1.1-20080916/openssh-5.1p1-hpn13v5.diff.gz) = 23017 bytes
-SHA1 (openssh-5.1.1-20080916/openssh-5.1p1.tar.gz) = 877ea5b283060fe0160e376ea645e8e168047ff5
-RMD160 (openssh-5.1.1-20080916/openssh-5.1p1.tar.gz) = 24293ad89633cfd4791f08eb3442becb7e5788ca
-Size (openssh-5.1.1-20080916/openssh-5.1p1.tar.gz) = 1040041 bytes
-SHA1 (patch-aa) = 8b7a16e9a63cfff3b73d70b9cebb6627b96396e0
-SHA1 (patch-ab) = a105c238c8dc774ed6992791b131da56824869e9
+SHA1 (openssh-5.2.1-20090521/openssh-5.2p1-hpn13v6.diff.gz) = 9683d5feb3f7e302ef836901af5366df6c425815
+RMD160 (openssh-5.2.1-20090521/openssh-5.2p1-hpn13v6.diff.gz) = d647d3b0547e4d698c616f5ed6643b3ddbcced95
+Size (openssh-5.2.1-20090521/openssh-5.2p1-hpn13v6.diff.gz) = 33540 bytes
+SHA1 (openssh-5.2.1-20090521/openssh-5.2p1.tar.gz) = 8273a0237db98179fbdc412207ff8eb14ff3d6de
+RMD160 (openssh-5.2.1-20090521/openssh-5.2p1.tar.gz) = 7c53f342034b16e9faa9f5a09ef46390420722eb
+Size (openssh-5.2.1-20090521/openssh-5.2p1.tar.gz) = 1016612 bytes
+SHA1 (patch-aa) = 38546f8fd8bf6021d43cdf076ab723ad39a5f78e
+SHA1 (patch-ab) = 00e7e50a35e8b3bcfa53b239b520a12498c8dca0
SHA1 (patch-ac) = ba97b23c6527311256b335c58175da9e9a3616e4
-SHA1 (patch-ad) = 7921e029b56c0e4769a7ada03dff3eb2e275db7d
+SHA1 (patch-ad) = 254e11c5f56a72bf0b30bb8860e45156b3a0adf2
SHA1 (patch-ae) = 9585221f9e49b4ebea31c374066d70e11aa804a1
SHA1 (patch-af) = ca3224af0b648803404776a8c12ed678db4f8ff6
-SHA1 (patch-ag) = eeaa6e09f743405af074009ffe80678a5179ed08
-SHA1 (patch-ah) = bc0d7c2903ecf264e62b53f3864812af5f2f04ce
+SHA1 (patch-ag) = b5cb0400d3cda9cb6d60dc729e54b1ffc34ec9e2
+SHA1 (patch-ah) = fa5175734678e95d05dcdcebadeb79df3ecef760
SHA1 (patch-ai) = becad6262e5daeef2a6db14097a8971c40088403
-SHA1 (patch-aj) = 4f477f40d1d891dcda9083cec5521e80410ebd54
-SHA1 (patch-ak) = 3720afb4e95356d5310762cda881820d524dcffc
-SHA1 (patch-al) = d312a068047a375e52180026554bab745efdcdb7
-SHA1 (patch-am) = 4e2278b20e87e530e1819efde976d4414e160e38
-SHA1 (patch-an) = 2f955b8891bedd79986490d282eb09acd4910250
-SHA1 (patch-ao) = a7c5a1832cb2a4584c77577fb125f84a1e9a9deb
-SHA1 (patch-ap) = 3029b847ce83305e8103276e27c75e0338e1fc08
-SHA1 (patch-aq) = a619b57361b04d5ab3d41375c18f7b99d71c8b34
-SHA1 (patch-ar) = fce4dc1011a124f02b8e14980cda1d633b36aa7d
+SHA1 (patch-aj) = 5c89b4a7da59f05c50c16083aa6dd6e465cd0305
+SHA1 (patch-ak) = 550eae0b47dc220dac2439f57b39b7e4319057c5
+SHA1 (patch-al) = a3906a9b6a9a15b948b8bab3a85454f2515400bd
+SHA1 (patch-am) = 4893a8a059d611d35c1fb9ff03b598c590e0355e
+SHA1 (patch-an) = 5b41d9493028dd4dce4a73ea78e43f3a073108e5
+SHA1 (patch-ao) = 6b64be9b230ddb634b9b5fdab22c4944ae605153
+SHA1 (patch-ap) = 041059e25d2331aace0eaa5a6c3032afb3d565b4
+SHA1 (patch-aq) = 1a7d8a4c5e70a0c6211247ba583534ed8ce317d0
+SHA1 (patch-ar) = a1099e0175a2b14f3b19db04261891179b1e3299
SHA1 (patch-au) = 6cfdfc531e2267017a15e66ea48c7ecfa2a3926f
-SHA1 (patch-av) = 00f54c3fae7318b278b16bd0b01881a90bd31365
-SHA1 (patch-aw) = 2a88b7563c6f52163c6c5f716e437ecaea613a30
+SHA1 (patch-av) = 06126d8f83398aa9df8a56792ad55bc769dd2550
+SHA1 (patch-aw) = 532f2aebcb93cae5e0dd26a5faa1593a7d3a3c51
diff --git a/security/openssh/options.mk b/security/openssh/options.mk
index 25b1ea42821..f5b05a73da8 100644
--- a/security/openssh/options.mk
+++ b/security/openssh/options.mk
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.16 2008/09/16 12:53:08 taca Exp $
+# $NetBSD: options.mk,v 1.17 2009/05/21 03:22:29 taca Exp $
.include "../../mk/bsd.prefs.mk"
@@ -17,7 +17,7 @@ CONFIGURE_ARGS+= --with-kerberos5=${KRB5BASE:Q}
.endif
.if !empty(PKG_OPTIONS:Mhpn-patch)
-PATCHFILES= openssh-5.1p1-hpn13v5.diff.gz
+PATCHFILES= openssh-5.2p1-hpn13v6.diff.gz
PATCH_SITES= http://www.psc.edu/networking/projects/hpn-ssh/
PATCH_DIST_STRIP= -p1
.endif
diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa
index 20e523159f8..2efc262c042 100644
--- a/security/openssh/patches/patch-aa
+++ b/security/openssh/patches/patch-aa
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.43 2006/11/08 01:49:22 taca Exp $
+$NetBSD: patch-aa,v 1.44 2009/05/21 03:22:29 taca Exp $
---- configure.orig 2006-11-07 22:07:18.000000000 +0900
+--- configure.orig 2009-02-23 09:18:14.000000000 +0900
+++ configure
-@@ -5835,6 +5835,9 @@ if test "${with_rpath+set}" = set; then
+@@ -5666,6 +5666,9 @@ if test "${with_rpath+set}" = set; then
fi
@@ -12,7 +12,7 @@ $NetBSD: patch-aa,v 1.43 2006/11/08 01:49:22 taca Exp $
# Allow user to specify flags
# Check whether --with-cflags was given.
-@@ -5976,6 +5979,7 @@ for ac_header in \
+@@ -5812,6 +5815,7 @@ for ac_header in \
maillock.h \
ndir.h \
net/if_tun.h \
@@ -20,7 +20,7 @@ $NetBSD: patch-aa,v 1.43 2006/11/08 01:49:22 taca Exp $
netdb.h \
netgroup.h \
pam/pam_appl.h \
-@@ -7919,6 +7923,36 @@ _ACEOF
+@@ -7521,6 +7525,36 @@ _ACEOF
;;
esac
;;
@@ -57,7 +57,7 @@ $NetBSD: patch-aa,v 1.43 2006/11/08 01:49:22 taca Exp $
*-*-irix5*)
PATH="$PATH:/usr/etc"
-@@ -8524,7 +8558,7 @@ cat >>confdefs.h <<\_ACEOF
+@@ -8082,7 +8116,7 @@ cat >>confdefs.h <<\_ACEOF
_ACEOF
;;
@@ -66,7 +66,7 @@ $NetBSD: patch-aa,v 1.43 2006/11/08 01:49:22 taca Exp $
check_for_libcrypt_later=1
cat >>confdefs.h <<\_ACEOF
-@@ -32058,14 +32092,21 @@ fi
+@@ -29187,14 +29221,21 @@ fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
if test -z "$conf_utmpx_location"; then
if test x"$system_utmpx_path" = x"no" ; then
@@ -92,7 +92,7 @@ $NetBSD: patch-aa,v 1.43 2006/11/08 01:49:22 taca Exp $
#define CONF_UTMPX_FILE "$conf_utmpx_location"
_ACEOF
-@@ -32146,14 +32187,20 @@ fi
+@@ -29258,14 +29299,20 @@ fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
if test -z "$conf_wtmpx_location"; then
if test x"$system_wtmpx_path" = x"no" ; then
@@ -118,7 +118,7 @@ $NetBSD: patch-aa,v 1.43 2006/11/08 01:49:22 taca Exp $
#define CONF_WTMPX_FILE "$conf_wtmpx_location"
_ACEOF
-@@ -33386,7 +33433,7 @@ echo "OpenSSH has been configured with t
+@@ -30518,7 +30565,7 @@ echo "OpenSSH has been configured with t
echo " User binaries: $B"
echo " System binaries: $C"
echo " Configuration files: $D"
diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab
index 102af7061a3..45f6cd22c7d 100644
--- a/security/openssh/patches/patch-ab
+++ b/security/openssh/patches/patch-ab
@@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.25 2006/11/08 01:49:22 taca Exp $
+$NetBSD: patch-ab,v 1.26 2009/05/21 03:22:29 taca Exp $
---- configure.ac.orig 2006-10-07 08:07:21.000000000 +0900
+--- configure.ac.orig 2009-02-16 13:37:03.000000000 +0900
+++ configure.ac
-@@ -127,6 +127,9 @@ AC_ARG_WITH(rpath,
+@@ -191,6 +191,9 @@ AC_ARG_WITH(rpath,
]
)
@@ -12,7 +12,7 @@ $NetBSD: patch-ab,v 1.25 2006/11/08 01:49:22 taca Exp $
# Allow user to specify flags
AC_ARG_WITH(cflags,
[ --with-cflags Specify additional flags to pass to compiler],
-@@ -194,6 +197,7 @@ AC_CHECK_HEADERS( \
+@@ -258,6 +261,7 @@ AC_CHECK_HEADERS( \
maillock.h \
ndir.h \
net/if_tun.h \
@@ -20,7 +20,7 @@ $NetBSD: patch-ab,v 1.25 2006/11/08 01:49:22 taca Exp $
netdb.h \
netgroup.h \
pam/pam_appl.h \
-@@ -454,6 +458,15 @@ main() { if (NSVersionOfRunTimeLibrary("
+@@ -531,6 +535,15 @@ main() { if (NSVersionOfRunTimeLibrary("
;;
esac
;;
@@ -36,7 +36,7 @@ $NetBSD: patch-ab,v 1.25 2006/11/08 01:49:22 taca Exp $
*-*-irix5*)
PATH="$PATH:/usr/etc"
AC_DEFINE(BROKEN_INET_NTOA, 1,
-@@ -3876,9 +3889,17 @@ AC_TRY_COMPILE([
+@@ -4063,9 +4076,17 @@ AC_TRY_COMPILE([
)
if test -z "$conf_utmpx_location"; then
if test x"$system_utmpx_path" = x"no" ; then
@@ -56,7 +56,7 @@ $NetBSD: patch-ab,v 1.25 2006/11/08 01:49:22 taca Exp $
AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
[Define if you want to specify the path to your utmpx file])
fi
-@@ -3902,9 +3923,17 @@ AC_TRY_COMPILE([
+@@ -4089,9 +4110,17 @@ AC_TRY_COMPILE([
)
if test -z "$conf_wtmpx_location"; then
if test x"$system_wtmpx_path" = x"no" ; then
@@ -76,7 +76,7 @@ $NetBSD: patch-ab,v 1.25 2006/11/08 01:49:22 taca Exp $
AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
[Define if you want to specify the path to your wtmpx file])
fi
-@@ -3944,7 +3973,7 @@ echo "OpenSSH has been configured with t
+@@ -4138,7 +4167,7 @@ echo "OpenSSH has been configured with t
echo " User binaries: $B"
echo " System binaries: $C"
echo " Configuration files: $D"
diff --git a/security/openssh/patches/patch-ad b/security/openssh/patches/patch-ad
index 12ae915a4e4..0e40539f65d 100644
--- a/security/openssh/patches/patch-ad
+++ b/security/openssh/patches/patch-ad
@@ -1,8 +1,8 @@
-$NetBSD: patch-ad,v 1.12 2006/10/31 03:31:20 taca Exp $
+$NetBSD: patch-ad,v 1.13 2009/05/21 03:22:29 taca Exp $
---- loginrec.c.orig 2006-09-07 21:57:54.000000000 +0900
+--- loginrec.c.orig 2009-02-12 11:12:22.000000000 +0900
+++ loginrec.c
-@@ -430,8 +430,8 @@ login_set_addr(struct logininfo *li, con
+@@ -431,8 +431,8 @@ login_set_addr(struct logininfo *li, con
int
login_write(struct logininfo *li)
{
@@ -13,7 +13,7 @@ $NetBSD: patch-ad,v 1.12 2006/10/31 03:31:20 taca Exp $
logit("Attempt to write login records by non-root user (aborting)");
return (1);
}
-@@ -439,7 +439,7 @@ login_write(struct logininfo *li)
+@@ -440,7 +440,7 @@ login_write(struct logininfo *li)
/* set the timestamp */
login_set_current_time(li);
@@ -22,7 +22,7 @@ $NetBSD: patch-ad,v 1.12 2006/10/31 03:31:20 taca Exp $
syslogin_write_entry(li);
#endif
#ifdef USE_LASTLOG
-@@ -619,7 +619,7 @@ line_abbrevname(char *dst, const char *s
+@@ -620,7 +620,7 @@ line_abbrevname(char *dst, const char *s
** into account.
**/
@@ -31,7 +31,7 @@ $NetBSD: patch-ad,v 1.12 2006/10/31 03:31:20 taca Exp $
/* build the utmp structure */
void
-@@ -756,10 +756,6 @@ construct_utmpx(struct logininfo *li, st
+@@ -757,10 +757,6 @@ construct_utmpx(struct logininfo *li, st
set_utmpx_time(li, utx);
utx->ut_pid = li->pid;
@@ -42,7 +42,7 @@ $NetBSD: patch-ad,v 1.12 2006/10/31 03:31:20 taca Exp $
if (li->type == LTYPE_LOGOUT)
return;
-@@ -768,6 +764,8 @@ construct_utmpx(struct logininfo *li, st
+@@ -769,6 +765,8 @@ construct_utmpx(struct logininfo *li, st
* for logouts.
*/
@@ -51,7 +51,7 @@ $NetBSD: patch-ad,v 1.12 2006/10/31 03:31:20 taca Exp $
# ifdef HAVE_HOST_IN_UTMPX
strncpy(utx->ut_host, li->hostname,
MIN_SIZEOF(utx->ut_host, li->hostname));
-@@ -1397,7 +1395,7 @@ wtmpx_get_entry(struct logininfo *li)
+@@ -1398,7 +1396,7 @@ wtmpx_get_entry(struct logininfo *li)
** Low-level libutil login() functions
**/
diff --git a/security/openssh/patches/patch-ag b/security/openssh/patches/patch-ag
index 60451e45489..63f28b8fe7d 100644
--- a/security/openssh/patches/patch-ag
+++ b/security/openssh/patches/patch-ag
@@ -1,8 +1,8 @@
-$NetBSD: patch-ag,v 1.10 2008/09/16 12:53:08 taca Exp $
+$NetBSD: patch-ag,v 1.11 2009/05/21 03:22:29 taca Exp $
---- config.h.in.orig 2008-07-21 17:30:49.000000000 +0900
+--- config.h.in.orig 2009-02-23 09:18:12.000000000 +0900
+++ config.h.in
-@@ -506,6 +506,9 @@
+@@ -509,6 +509,9 @@
/* define if you have int64_t data type */
#undef HAVE_INT64_T
@@ -12,7 +12,7 @@ $NetBSD: patch-ag,v 1.10 2008/09/16 12:53:08 taca Exp $
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
-@@ -623,6 +626,9 @@
+@@ -626,6 +629,9 @@
/* Define to 1 if you have the <net/if_tun.h> header file. */
#undef HAVE_NET_IF_TUN_H
diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah
index 0899809e42a..abdd6769d4e 100644
--- a/security/openssh/patches/patch-ah
+++ b/security/openssh/patches/patch-ah
@@ -1,8 +1,8 @@
-$NetBSD: patch-ah,v 1.24 2006/10/31 03:31:20 taca Exp $
+$NetBSD: patch-ah,v 1.25 2009/05/21 03:22:29 taca Exp $
---- Makefile.in.orig 2006-09-12 20:54:10.000000000 +0900
+--- Makefile.in.orig 2008-11-05 14:20:46.000000000 +0900
+++ Makefile.in
-@@ -21,7 +21,7 @@ top_srcdir=@top_srcdir@
+@@ -22,7 +22,7 @@ top_srcdir=@top_srcdir@
DESTDIR=
VPATH=@srcdir@
SSH_PROGRAM=@bindir@/ssh
@@ -11,7 +11,7 @@ $NetBSD: patch-ah,v 1.24 2006/10/31 03:31:20 taca Exp $
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
RAND_HELPER=$(libexecdir)/ssh-rand-helper
-@@ -234,7 +234,7 @@ distprep: catman-do
+@@ -233,7 +233,7 @@ distprep: catman-do
(cd scard && $(MAKE) -f Makefile.in distprep)
install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
@@ -20,7 +20,7 @@ $NetBSD: patch-ah,v 1.24 2006/10/31 03:31:20 taca Exp $
install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files
check-config:
-@@ -243,7 +243,7 @@ check-config:
+@@ -242,7 +242,7 @@ check-config:
scard-install:
(cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
diff --git a/security/openssh/patches/patch-aj b/security/openssh/patches/patch-aj
index e403be88acf..d9d31a4e589 100644
--- a/security/openssh/patches/patch-aj
+++ b/security/openssh/patches/patch-aj
@@ -1,8 +1,8 @@
-$NetBSD: patch-aj,v 1.7 2006/10/31 03:31:20 taca Exp $
+$NetBSD: patch-aj,v 1.8 2009/05/21 03:22:29 taca Exp $
---- auth-rhosts.c.orig 2006-08-05 11:39:39.000000000 +0900
+--- auth-rhosts.c.orig 2008-06-14 08:01:25.000000000 +0900
+++ auth-rhosts.c
-@@ -212,7 +212,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
+@@ -230,7 +230,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
return 0;
/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
@@ -11,7 +11,7 @@ $NetBSD: patch-aj,v 1.7 2006/10/31 03:31:20 taca Exp $
if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
client_user, pw->pw_name)) {
auth_debug_add("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
-@@ -238,7 +238,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
+@@ -256,7 +256,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
return 0;
}
if (options.strict_modes &&
@@ -20,7 +20,7 @@ $NetBSD: patch-aj,v 1.7 2006/10/31 03:31:20 taca Exp $
(st.st_mode & 022) != 0)) {
logit("Rhosts authentication refused for %.100s: "
"bad ownership or modes for home directory.", pw->pw_name);
-@@ -265,7 +265,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
+@@ -283,7 +283,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
* allowing access to their account by anyone.
*/
if (options.strict_modes &&
diff --git a/security/openssh/patches/patch-ak b/security/openssh/patches/patch-ak
index 8f219befee9..a4c009b6204 100644
--- a/security/openssh/patches/patch-ak
+++ b/security/openssh/patches/patch-ak
@@ -1,8 +1,8 @@
-$NetBSD: patch-ak,v 1.8 2006/10/31 03:31:20 taca Exp $
+$NetBSD: patch-ak,v 1.9 2009/05/21 03:22:29 taca Exp $
---- auth.c.orig 2006-09-07 09:36:43.000000000 +0900
+--- auth.c.orig 2008-11-05 14:12:54.000000000 +0900
+++ auth.c
-@@ -377,7 +377,7 @@ check_key_in_hostfiles(struct passwd *pw
+@@ -378,7 +378,7 @@ check_key_in_hostfiles(struct passwd *pw
user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
if (options.strict_modes &&
(stat(user_hostfile, &st) == 0) &&
@@ -11,7 +11,7 @@ $NetBSD: patch-ak,v 1.8 2006/10/31 03:31:20 taca Exp $
(st.st_mode & 022) != 0)) {
logit("Authentication refused for %.100s: "
"bad owner or modes for %.200s",
-@@ -430,7 +430,7 @@ secure_filename(FILE *f, const char *fil
+@@ -431,7 +431,7 @@ secure_filename(FILE *f, const char *fil
/* check the open file to avoid races */
if (fstat(fileno(f), &st) < 0 ||
@@ -20,7 +20,7 @@ $NetBSD: patch-ak,v 1.8 2006/10/31 03:31:20 taca Exp $
(st.st_mode & 022) != 0) {
snprintf(err, errlen, "bad ownership or modes for file %s",
buf);
-@@ -447,7 +447,7 @@ secure_filename(FILE *f, const char *fil
+@@ -448,7 +448,7 @@ secure_filename(FILE *f, const char *fil
debug3("secure_filename: checking '%s'", buf);
if (stat(buf, &st) < 0 ||
diff --git a/security/openssh/patches/patch-al b/security/openssh/patches/patch-al
index 3e8b49202b2..67fa78f21c0 100644
--- a/security/openssh/patches/patch-al
+++ b/security/openssh/patches/patch-al
@@ -1,8 +1,8 @@
-$NetBSD: patch-al,v 1.7 2006/10/31 03:31:20 taca Exp $
+$NetBSD: patch-al,v 1.8 2009/05/21 03:22:29 taca Exp $
---- auth1.c.orig 2006-09-01 14:38:36.000000000 +0900
+--- auth1.c.orig 2008-07-09 19:54:05.000000000 +0900
+++ auth1.c
-@@ -325,7 +325,7 @@ do_authloop(Authctxt *authctxt)
+@@ -328,7 +328,7 @@ do_authloop(Authctxt *authctxt)
}
#else
/* Special handling for root */
@@ -11,7 +11,7 @@ $NetBSD: patch-al,v 1.7 2006/10/31 03:31:20 taca Exp $
!auth_root_allowed(meth->name)) {
authenticated = 0;
# ifdef SSH_AUDIT_EVENTS
-@@ -423,8 +423,8 @@ do_authentication(Authctxt *authctxt)
+@@ -426,8 +426,8 @@ do_authentication(Authctxt *authctxt)
* If we are not running as root, the user must have the same uid as
* the server.
*/
diff --git a/security/openssh/patches/patch-am b/security/openssh/patches/patch-am
index 6b4cf1f9a92..9a45a833bb9 100644
--- a/security/openssh/patches/patch-am
+++ b/security/openssh/patches/patch-am
@@ -1,8 +1,8 @@
-$NetBSD: patch-am,v 1.7 2006/10/31 03:31:20 taca Exp $
+$NetBSD: patch-am,v 1.8 2009/05/21 03:22:29 taca Exp $
---- auth2.c.orig 2006-08-05 11:39:39.000000000 +0900
+--- auth2.c.orig 2008-11-05 14:20:46.000000000 +0900
+++ auth2.c
-@@ -223,7 +223,7 @@ userauth_finish(Authctxt *authctxt, int
+@@ -298,7 +298,7 @@ userauth_finish(Authctxt *authctxt, int
authctxt->user);
/* Special handling for root */
diff --git a/security/openssh/patches/patch-an b/security/openssh/patches/patch-an
index dac9e7edfe6..d837aea414e 100644
--- a/security/openssh/patches/patch-an
+++ b/security/openssh/patches/patch-an
@@ -1,8 +1,8 @@
-$NetBSD: patch-an,v 1.9 2007/03/18 12:38:45 taca Exp $
+$NetBSD: patch-an,v 1.10 2009/05/21 03:22:29 taca Exp $
---- scp.c.orig 2007-03-18 16:27:26.000000000 +0900
+--- scp.c.orig 2008-11-03 17:23:45.000000000 +0900
+++ scp.c
-@@ -377,7 +377,11 @@ main(int argc, char **argv)
+@@ -390,7 +390,11 @@ main(int argc, char **argv)
argc -= optind;
argv += optind;
@@ -14,7 +14,7 @@ $NetBSD: patch-an,v 1.9 2007/03/18 12:38:45 taca Exp $
fatal("unknown user %u", (u_int) userid);
if (!isatty(STDOUT_FILENO))
-@@ -724,8 +728,10 @@ rsource(char *name, struct stat *statp)
+@@ -782,8 +786,10 @@ rsource(char *name, struct stat *statp)
return;
}
while ((dp = readdir(dirp)) != NULL) {
@@ -25,7 +25,7 @@ $NetBSD: patch-an,v 1.9 2007/03/18 12:38:45 taca Exp $
if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
continue;
if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) {
-@@ -1175,7 +1181,9 @@ okname(char *cp0)
+@@ -1233,7 +1239,9 @@ okname(char *cp0)
case '\'':
case '"':
case '`':
diff --git a/security/openssh/patches/patch-ao b/security/openssh/patches/patch-ao
index 6823d1e0080..2d3931130a0 100644
--- a/security/openssh/patches/patch-ao
+++ b/security/openssh/patches/patch-ao
@@ -1,12 +1,12 @@
-$NetBSD: patch-ao,v 1.12 2008/04/27 00:34:27 tnn Exp $
+$NetBSD: patch-ao,v 1.13 2009/05/21 03:22:29 taca Exp $
One more replacing 0 with ROOTUID is handled by using SUBST framework
because patch can't handle it when hpn-patch option is enabled.
So, don't simply update this file with mkpatch command.
---- session.c.orig 2008-03-27 01:03:05.000000000 +0100
+--- session.c.orig 2009-01-28 14:29:49.000000000 +0900
+++ session.c
-@@ -955,7 +955,7 @@ read_etc_default_login(char ***env, u_in
+@@ -1068,7 +1068,7 @@ read_etc_default_login(char ***env, u_in
if (tmpenv == NULL)
return;
@@ -15,7 +15,7 @@ So, don't simply update this file with mkpatch command.
var = child_get_env(tmpenv, "SUPATH");
else
var = child_get_env(tmpenv, "PATH");
-@@ -1064,7 +1064,7 @@ do_setup_env(Session *s, const char *she
+@@ -1177,7 +1177,7 @@ do_setup_env(Session *s, const char *she
# endif /* HAVE_ETC_DEFAULT_LOGIN */
if (path == NULL || *path == '\0') {
child_set_env(&env, &envsize, "PATH",
@@ -24,7 +24,7 @@ So, don't simply update this file with mkpatch command.
SUPERUSER_PATH : _PATH_STDPATH);
}
# endif /* HAVE_CYGWIN */
-@@ -1178,6 +1178,18 @@ do_setup_env(Session *s, const char *she
+@@ -1291,6 +1291,18 @@ do_setup_env(Session *s, const char *she
strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
read_environment_file(&env, &envsize, buf);
}
@@ -43,7 +43,7 @@ So, don't simply update this file with mkpatch command.
if (debug_flag) {
/* dump the environment */
fprintf(stderr, "Environment:\n");
-@@ -1351,9 +1363,9 @@ do_setusercontext(struct passwd *pw)
+@@ -1464,9 +1476,9 @@ do_setusercontext(struct passwd *pw)
(void)ssh_selinux_enabled();
#endif
@@ -55,7 +55,7 @@ So, don't simply update this file with mkpatch command.
{
#ifdef HAVE_SETPCRED
-@@ -1387,11 +1399,13 @@ do_setusercontext(struct passwd *pw)
+@@ -1500,11 +1512,13 @@ do_setusercontext(struct passwd *pw)
perror("setgid");
exit(1);
}
@@ -69,7 +69,7 @@ So, don't simply update this file with mkpatch command.
endgrent();
# ifdef USE_PAM
/*
-@@ -2175,7 +2189,7 @@ session_pty_cleanup2(Session *s)
+@@ -2328,7 +2342,7 @@ session_pty_cleanup2(Session *s)
record_logout(s->pid, s->tty, s->pw->pw_name);
/* Release the pseudo-tty. */
diff --git a/security/openssh/patches/patch-ap b/security/openssh/patches/patch-ap
index 3b982f750a3..70377e9c4a1 100644
--- a/security/openssh/patches/patch-ap
+++ b/security/openssh/patches/patch-ap
@@ -1,8 +1,8 @@
-$NetBSD: patch-ap,v 1.9 2008/04/27 00:34:27 tnn Exp $
+$NetBSD: patch-ap,v 1.10 2009/05/21 03:22:29 taca Exp $
---- ssh.c.orig 2008-02-28 09:13:52.000000000 +0100
+--- ssh.c.orig 2009-02-14 14:28:21.000000000 +0900
+++ ssh.c
-@@ -693,7 +693,7 @@ main(int ac, char **av)
+@@ -702,7 +702,7 @@ main(int ac, char **av)
if (ssh_connect(host, &hostaddr, options.port,
options.address_family, options.connection_attempts, &timeout_ms,
options.tcp_keep_alive,
diff --git a/security/openssh/patches/patch-aq b/security/openssh/patches/patch-aq
index 2501dc65c6e..ed29d3f1d2a 100644
--- a/security/openssh/patches/patch-aq
+++ b/security/openssh/patches/patch-aq
@@ -1,17 +1,17 @@
-$NetBSD: patch-aq,v 1.6 2006/10/31 03:31:20 taca Exp $
+$NetBSD: patch-aq,v 1.7 2009/05/21 03:22:29 taca Exp $
---- sshpty.c.orig 2006-08-05 11:39:41.000000000 +0900
+--- sshpty.c.orig 2009-02-12 10:19:21.000000000 +0900
+++ sshpty.c
-@@ -78,7 +78,7 @@ pty_allocate(int *ptyfd, int *ttyfd, cha
- void
+@@ -86,7 +86,7 @@ void
pty_release(const char *tty)
{
+ #ifndef __APPLE_PRIVPTY__
- if (chown(tty, (uid_t) 0, (gid_t) 0) < 0)
+ if (chown(tty, (uid_t) ROOTUID, (gid_t) ROOTGID) < 0)
error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno));
if (chmod(tty, (mode_t) 0666) < 0)
error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno));
-@@ -224,7 +224,7 @@ pty_setowner(struct passwd *pw, const ch
+@@ -233,7 +233,7 @@ pty_setowner(struct passwd *pw, const ch
if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
if (chown(tty, pw->pw_uid, gid) < 0) {
if (errno == EROFS &&
diff --git a/security/openssh/patches/patch-ar b/security/openssh/patches/patch-ar
index b60e7466dae..3c6d715a04f 100644
--- a/security/openssh/patches/patch-ar
+++ b/security/openssh/patches/patch-ar
@@ -1,6 +1,6 @@
-$NetBSD: patch-ar,v 1.7 2006/10/31 03:31:20 taca Exp $
+$NetBSD: patch-ar,v 1.8 2009/05/21 03:22:29 taca Exp $
---- uidswap.c.orig 2006-08-05 11:39:41.000000000 +0900
+--- uidswap.c.orig 2009-01-21 14:04:24.000000000 +0900
+++ uidswap.c
@@ -66,13 +66,13 @@ temporarily_use_uid(struct passwd *pw)
(u_int)pw->pw_uid, (u_int)pw->pw_gid,
@@ -64,7 +64,7 @@ $NetBSD: patch-ar,v 1.7 2006/10/31 03:31:20 taca Exp $
#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-@@ -268,6 +278,7 @@ permanently_set_uid(struct passwd *pw)
+@@ -278,6 +288,7 @@ permanently_set_uid(struct passwd *pw)
(setuid(old_uid) != -1 || seteuid(old_uid) != -1))
fatal("%s: was able to restore old [e]uid", __func__);
#endif
diff --git a/security/openssh/patches/patch-av b/security/openssh/patches/patch-av
index b029a71e43f..3e06c1b1ccd 100644
--- a/security/openssh/patches/patch-av
+++ b/security/openssh/patches/patch-av
@@ -1,8 +1,8 @@
-$NetBSD: patch-av,v 1.6 2006/11/21 17:43:56 tv Exp $
+$NetBSD: patch-av,v 1.7 2009/05/21 03:22:29 taca Exp $
---- sshd.c.orig 2006-10-29 17:01:29.000000000 +0900
+--- sshd.c.orig 2009-01-28 14:31:23.000000000 +0900
+++ sshd.c
-@@ -232,7 +232,11 @@ int *startup_pipes = NULL;
+@@ -234,7 +234,11 @@ int *startup_pipes = NULL;
int startup_pipe; /* in child */
/* variables used for privilege separation */
@@ -14,7 +14,7 @@ $NetBSD: patch-av,v 1.6 2006/11/21 17:43:56 tv Exp $
struct monitor *pmonitor = NULL;
/* global authentication context */
-@@ -608,10 +612,15 @@ privsep_preauth_child(void)
+@@ -604,10 +608,15 @@ privsep_preauth_child(void)
/* XXX not ready, too heavy after chroot */
do_setusercontext(privsep_pw);
#else
@@ -30,7 +30,7 @@ $NetBSD: patch-av,v 1.6 2006/11/21 17:43:56 tv Exp $
#endif
}
-@@ -651,7 +660,7 @@ privsep_preauth(Authctxt *authctxt)
+@@ -647,7 +656,7 @@ privsep_preauth(Authctxt *authctxt)
close(pmonitor->m_sendfd);
/* Demote the child */
@@ -39,7 +39,7 @@ $NetBSD: patch-av,v 1.6 2006/11/21 17:43:56 tv Exp $
privsep_preauth_child();
setproctitle("%s", "[net]");
}
-@@ -664,7 +673,7 @@ privsep_postauth(Authctxt *authctxt)
+@@ -662,7 +671,7 @@ privsep_postauth(Authctxt *authctxt)
#ifdef DISABLE_FD_PASSING
if (1) {
#else
@@ -48,7 +48,7 @@ $NetBSD: patch-av,v 1.6 2006/11/21 17:43:56 tv Exp $
#endif
/* File descriptor passing is broken or root login */
use_privsep = 0;
-@@ -1256,8 +1265,10 @@ main(int ac, char **av)
+@@ -1272,8 +1281,10 @@ main(int ac, char **av)
av = saved_argv;
#endif
@@ -60,7 +60,7 @@ $NetBSD: patch-av,v 1.6 2006/11/21 17:43:56 tv Exp $
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
-@@ -1519,7 +1530,7 @@ main(int ac, char **av)
+@@ -1577,7 +1588,7 @@ main(int ac, char **av)
(st.st_uid != getuid () ||
(st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
#else
@@ -69,7 +69,7 @@ $NetBSD: patch-av,v 1.6 2006/11/21 17:43:56 tv Exp $
#endif
fatal("%s must be owned by root and not group or "
"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
-@@ -1536,8 +1547,10 @@ main(int ac, char **av)
+@@ -1601,8 +1612,10 @@ main(int ac, char **av)
* to create a file, and we can't control the code in every
* module which might be used).
*/
diff --git a/security/openssh/patches/patch-aw b/security/openssh/patches/patch-aw
index 3af175388fb..c61742928c9 100644
--- a/security/openssh/patches/patch-aw
+++ b/security/openssh/patches/patch-aw
@@ -1,8 +1,8 @@
-$NetBSD: patch-aw,v 1.2 2006/10/31 03:31:20 taca Exp $
+$NetBSD: patch-aw,v 1.3 2009/05/21 03:22:29 taca Exp $
---- openbsd-compat/port-tun.c.orig 2006-09-02 14:32:40.000000000 +0900
+--- openbsd-compat/port-tun.c.orig 2008-05-19 14:28:36.000000000 +0900
+++ openbsd-compat/port-tun.c
-@@ -109,6 +109,10 @@ sys_tun_open(int tun, int mode)
+@@ -110,6 +110,10 @@ sys_tun_open(int tun, int mode)
#include <sys/socket.h>
#include <net/if.h>