From 4e4307dd1ecaf2b7b8bb9cd2608ad24e380e9067 Mon Sep 17 00:00:00 2001 From: martti Date: Thu, 18 Feb 2010 08:04:35 +0000 Subject: Updated OpenSSH to 5.3.1 (pkg/42635 by Fredrik Pettai) This is a bugfix release, no new features have been added. Changes since OpenSSH 5.2 ========================= General Bugfixes: * Do not limit home directory paths to 256 characters. bz#1615 * Several minor documentation and correctness fixes. Portable OpenSSH Bugfixes: * This release removes for support for very old versions of Cygwin and for Windows 95/98/ME * Move the deletion of PAM credentials on logout to after the session close. bz#1534 * Make PrintLastLog work on AIX. bz#1595 * Avoid compile errors on FreeBSD from conflicts in glob.h. bz#1634 * Delay dropping of root privileges on AIX so chroot and pam_open_session work correctly. bz#1249 and bz#1567 * Increase client IO buffer on Cygwin to 64K, realising a significant performance improvement. * Roll back bz#1241 (better handling for expired passwords on Tru64). The change broke password logins on some configurations. * Accept ENOSYS as a fallback error when attempting atomic rename(). bz#1535 * Fix passing of variables to recursive make(1) invocations on Solaris. bz#1505 * Skip the tcgetattr call on the pty master on Solaris, since it never succeeds and can hang if large amounts of data is sent to the slave (eg a copy-paste). bz#1528 * Fix detection of krb5-config. bz#1639 * Fix test for server-assigned remote forwarding port for non-root users. bz#1578 * Fix detection of libresolv on OSX 10.6. --- security/openssh/Makefile | 9 ++++----- security/openssh/distinfo | 17 +++++++---------- security/openssh/options.mk | 4 ++-- security/openssh/patches/patch-ah | 6 +++--- security/openssh/patches/patch-al | 10 +++++----- security/openssh/patches/patch-ao | 8 ++++---- 6 files changed, 25 insertions(+), 29 deletions(-) (limited to 'security') diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 35a238ed803..0a809123a85 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.194 2010/01/17 12:02:42 wiz Exp $ +# $NetBSD: Makefile,v 1.195 2010/02/18 08:04:35 martti Exp $ -DISTNAME= openssh-5.2p1 -PKGNAME= openssh-5.2.1 -PKGREVISION= 1 +DISTNAME= openssh-5.3p1 +PKGNAME= openssh-5.3.1 SVR4_PKGNAME= ossh CATEGORIES= security MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ @@ -14,7 +13,7 @@ MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ ftp://mirror.pacific.net.au/OpenBSD/OpenSSH/portable/ # Don't delete the last entry -- it's there if the pkgsrc version is not # up-to-date and the mirrors already removed the old distfile. -DIST_SUBDIR= ${PKGBASE}-5.2.1-20090521 +DIST_SUBDIR= ${PKGBASE}-5.3.1-20100218 MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.openssh.com/ diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 72ed3233e3e..210775fbfab 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,11 +1,8 @@ -$NetBSD: distinfo,v 1.72 2009/05/21 03:22:29 taca Exp $ +$NetBSD: distinfo,v 1.73 2010/02/18 08:04:35 martti Exp $ -SHA1 (openssh-5.2.1-20090521/openssh-5.2p1-hpn13v6.diff.gz) = 9683d5feb3f7e302ef836901af5366df6c425815 -RMD160 (openssh-5.2.1-20090521/openssh-5.2p1-hpn13v6.diff.gz) = d647d3b0547e4d698c616f5ed6643b3ddbcced95 -Size (openssh-5.2.1-20090521/openssh-5.2p1-hpn13v6.diff.gz) = 33540 bytes -SHA1 (openssh-5.2.1-20090521/openssh-5.2p1.tar.gz) = 8273a0237db98179fbdc412207ff8eb14ff3d6de -RMD160 (openssh-5.2.1-20090521/openssh-5.2p1.tar.gz) = 7c53f342034b16e9faa9f5a09ef46390420722eb -Size (openssh-5.2.1-20090521/openssh-5.2p1.tar.gz) = 1016612 bytes +SHA1 (openssh-5.3.1-20100218/openssh-5.3p1.tar.gz) = d411fde2584ef6022187f565360b2c63a05602b5 +RMD160 (openssh-5.3.1-20100218/openssh-5.3p1.tar.gz) = f8c98b4b91b7e0e02b33837ef6978e8b7570cf9e +Size (openssh-5.3.1-20100218/openssh-5.3p1.tar.gz) = 1027130 bytes SHA1 (patch-aa) = 38546f8fd8bf6021d43cdf076ab723ad39a5f78e SHA1 (patch-ab) = 00e7e50a35e8b3bcfa53b239b520a12498c8dca0 SHA1 (patch-ac) = ba97b23c6527311256b335c58175da9e9a3616e4 @@ -13,14 +10,14 @@ SHA1 (patch-ad) = 254e11c5f56a72bf0b30bb8860e45156b3a0adf2 SHA1 (patch-ae) = 9585221f9e49b4ebea31c374066d70e11aa804a1 SHA1 (patch-af) = ca3224af0b648803404776a8c12ed678db4f8ff6 SHA1 (patch-ag) = b5cb0400d3cda9cb6d60dc729e54b1ffc34ec9e2 -SHA1 (patch-ah) = fa5175734678e95d05dcdcebadeb79df3ecef760 +SHA1 (patch-ah) = 6ddd934be038c9177df6856dbcb6e44feab05146 SHA1 (patch-ai) = becad6262e5daeef2a6db14097a8971c40088403 SHA1 (patch-aj) = 5c89b4a7da59f05c50c16083aa6dd6e465cd0305 SHA1 (patch-ak) = 550eae0b47dc220dac2439f57b39b7e4319057c5 -SHA1 (patch-al) = a3906a9b6a9a15b948b8bab3a85454f2515400bd +SHA1 (patch-al) = ffd15b2ef3cb6b57419c0f6f1f4f795e497382d7 SHA1 (patch-am) = 4893a8a059d611d35c1fb9ff03b598c590e0355e SHA1 (patch-an) = 5b41d9493028dd4dce4a73ea78e43f3a073108e5 -SHA1 (patch-ao) = 6b64be9b230ddb634b9b5fdab22c4944ae605153 +SHA1 (patch-ao) = 1343faeb45f8e1fe8126a1c76b41439b275efa9b SHA1 (patch-ap) = 041059e25d2331aace0eaa5a6c3032afb3d565b4 SHA1 (patch-aq) = 1a7d8a4c5e70a0c6211247ba583534ed8ce317d0 SHA1 (patch-ar) = a1099e0175a2b14f3b19db04261891179b1e3299 diff --git a/security/openssh/options.mk b/security/openssh/options.mk index f5b05a73da8..65a438343f1 100644 --- a/security/openssh/options.mk +++ b/security/openssh/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.17 2009/05/21 03:22:29 taca Exp $ +# $NetBSD: options.mk,v 1.18 2010/02/18 08:04:35 martti Exp $ .include "../../mk/bsd.prefs.mk" @@ -17,7 +17,7 @@ CONFIGURE_ARGS+= --with-kerberos5=${KRB5BASE:Q} .endif .if !empty(PKG_OPTIONS:Mhpn-patch) -PATCHFILES= openssh-5.2p1-hpn13v6.diff.gz +PATCHFILES= openssh-5.3p1-hpn13v7.diff.gz PATCH_SITES= http://www.psc.edu/networking/projects/hpn-ssh/ PATCH_DIST_STRIP= -p1 .endif diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah index abdd6769d4e..7f2b7f02544 100644 --- a/security/openssh/patches/patch-ah +++ b/security/openssh/patches/patch-ah @@ -1,4 +1,4 @@ -$NetBSD: patch-ah,v 1.25 2009/05/21 03:22:29 taca Exp $ +$NetBSD: patch-ah,v 1.26 2010/02/18 08:04:35 martti Exp $ --- Makefile.in.orig 2008-11-05 14:20:46.000000000 +0900 +++ Makefile.in @@ -20,9 +20,9 @@ $NetBSD: patch-ah,v 1.25 2009/05/21 03:22:29 taca Exp $ install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files check-config: -@@ -242,7 +242,7 @@ check-config: +@@ -244,7 +244,7 @@ check-config: scard-install: - (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) + (cd scard && env DESTDIR=$(DESTDIR) $(MAKE) DESTDIR=$(DESTDIR) install) -install-files: scard-install +install-files: diff --git a/security/openssh/patches/patch-al b/security/openssh/patches/patch-al index 67fa78f21c0..f4432c8b4ed 100644 --- a/security/openssh/patches/patch-al +++ b/security/openssh/patches/patch-al @@ -1,17 +1,17 @@ -$NetBSD: patch-al,v 1.8 2009/05/21 03:22:29 taca Exp $ +$NetBSD: patch-al,v 1.9 2010/02/18 08:04:35 martti Exp $ --- auth1.c.orig 2008-07-09 19:54:05.000000000 +0900 +++ auth1.c -@@ -328,7 +328,7 @@ do_authloop(Authctxt *authctxt) - } - #else +@@ -320,7 +320,7 @@ do_authloop(Authctxt *authctxt) + + #ifndef HAVE_CYGWIN /* Special handling for root */ - if (authenticated && authctxt->pw->pw_uid == 0 && + if (authenticated && authctxt->pw->pw_uid == ROOTUID && !auth_root_allowed(meth->name)) { authenticated = 0; # ifdef SSH_AUDIT_EVENTS -@@ -426,8 +426,8 @@ do_authentication(Authctxt *authctxt) +@@ -418,8 +418,8 @@ do_authentication(Authctxt *authctxt) * If we are not running as root, the user must have the same uid as * the server. */ diff --git a/security/openssh/patches/patch-ao b/security/openssh/patches/patch-ao index 2d3931130a0..895258c75d3 100644 --- a/security/openssh/patches/patch-ao +++ b/security/openssh/patches/patch-ao @@ -1,4 +1,4 @@ -$NetBSD: patch-ao,v 1.13 2009/05/21 03:22:29 taca Exp $ +$NetBSD: patch-ao,v 1.14 2010/02/18 08:04:35 martti Exp $ One more replacing 0 with ROOTUID is handled by using SUBST framework because patch can't handle it when hpn-patch option is enabled. @@ -43,7 +43,7 @@ So, don't simply update this file with mkpatch command. if (debug_flag) { /* dump the environment */ fprintf(stderr, "Environment:\n"); -@@ -1464,9 +1476,9 @@ do_setusercontext(struct passwd *pw) +@@ -1462,9 +1474,9 @@ do_setusercontext(struct passwd *pw) (void)ssh_selinux_enabled(); #endif @@ -53,8 +53,8 @@ So, don't simply update this file with mkpatch command. -#endif /* HAVE_CYGWIN */ +#endif /* !HAVE_CYGWIN && !HAVE_INTERIX */ { - - #ifdef HAVE_SETPCRED + #ifdef HAVE_LOGIN_CAP + # ifdef __bsdi__ @@ -1500,11 +1512,13 @@ do_setusercontext(struct passwd *pw) perror("setgid"); exit(1); -- cgit v1.2.3