From feeb44ce073bca48ba067d76b40a72404fe1ab18 Mon Sep 17 00:00:00 2001 From: itojun Date: Tue, 25 Jun 2002 02:13:11 +0000 Subject: upgrade to 3.3p1, with privilege separation enabled. (the following change may include pre-3.2.3p1 change) 20020622 - (djm) Update README.privsep; spotted by fries@ - (djm) Release 3.3p1 20020621 - (djm) Sync: - djm@cvs.openbsd.org 2002/06/21 05:50:51 [monitor.c] Don't initialise compression buffers when compression=no in sshd_config; ok Niels@ - ID sync for auth-passwd.c - (djm) Warn and disable compression on platforms which can't handle both useprivilegeseparation=yes and compression=yes - (djm) contrib/redhat/openssh.spec hacking: - Merge in spec changes from seba@iq.pl (Sebastian Pachuta) - Add new {ssh,sshd}_config.5 manpages - Add new ssh-keysign program and remove setuid from ssh client 20020620 - (bal) Fixed AIX environment handling, use setpcred() instead of existing code. (Bugzilla Bug 261) - (bal) OpenBSD CVS Sync - todd@cvs.openbsd.org 2002/06/14 21:35:00 [monitor_wrap.c] spelling; from Brian Poole - markus@cvs.openbsd.org 2002/06/15 00:01:36 [authfd.c authfd.h ssh-add.c ssh-agent.c] break agent key lifetime protocol and allow other contraints for key usage. - markus@cvs.openbsd.org 2002/06/15 00:07:38 [authfd.c authfd.h ssh-add.c ssh-agent.c] fix stupid typo - markus@cvs.openbsd.org 2002/06/15 01:27:48 [authfd.c authfd.h ssh-add.c ssh-agent.c] remove the CONSTRAIN_IDENTITY messages and introduce a new ADD_ID message with contraints instead. contraints can be only added together with the private key. - itojun@cvs.openbsd.org 2002/06/16 21:30:58 [ssh-keyscan.c] use TAILQ_xx macro. from lukem@netbsd. markus ok - deraadt@cvs.openbsd.org 2002/06/17 06:05:56 [scp.c] make usage like man page - deraadt@cvs.openbsd.org 2002/06/19 00:27:55 [auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c xmalloc.h] KNF done automatically while reading.... - markus@cvs.openbsd.org 2002/06/19 18:01:00 [cipher.c monitor.c monitor_wrap.c packet.c packet.h] make the monitor sync the transfer ssh1 session key; transfer keycontext only for RC4 (this is still depends on EVP implementation details and is broken). - stevesk@cvs.openbsd.org 2002/06/20 19:56:07 [ssh.1 sshd.8] move configuration file options from ssh.1/sshd.8 to ssh_config.5/sshd_config.5; ok deraadt@ millert@ - stevesk@cvs.openbsd.org 2002/06/20 20:00:05 [scp.1 sftp.1] ssh_config(5) - stevesk@cvs.openbsd.org 2002/06/20 20:03:34 [ssh_config sshd_config] refer to config file man page - markus@cvs.openbsd.org 2002/06/20 23:05:56 [servconf.c servconf.h session.c sshd.c] allow Compression=yes/no in sshd_config - markus@cvs.openbsd.org 2002/06/20 23:37:12 [sshd_config] add Compression - stevesk@cvs.openbsd.org 2002/05/25 20:40:08 [LICENCE] missed Per Allansson (auth2-chall.c) - (bal) Cygwin special handling of empty passwords wrong. Patch by vinschen@redhat.com - (bal) Missed integrating ssh_config.5 and sshd_config.5 - (bal) Still more Makefile.in updates for ssh{d}_config.5 20020613 - (bal) typo of setgroup for cygwin. Patch by vinschen@redhat.com 20020612 - (bal) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/06/11 23:03:54 [ssh.c] remove unused cruft. - markus@cvs.openbsd.org 2002/06/12 01:09:52 [ssh.c] ssh_connect returns 0 on success - (bal) Build noop setgroups() for cygwin to clean up code (For other platforms without the setgroups() requirement, you MUST define SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com - (bal) Some platforms don't have ONLCR (Notable Mint) 20020611 - (bal) ssh-agent.c RCSD fix (|unexpand already done) - (bal) OpenBSD CVS Sync - stevesk@cvs.openbsd.org 2002/06/09 22:15:15 [ssh.1] update for no setuid root and ssh-keysign; ok deraadt@ - itojun@cvs.openbsd.org 2002/06/09 22:17:21 [sshconnect.c] pass salen to sockaddr_ntop so that we are happy on linux/solaris - stevesk@cvs.openbsd.org 2002/06/10 16:53:06 [auth-rsa.c ssh-rsa.c] display minimum RSA modulus in error(); ok markus@ - stevesk@cvs.openbsd.org 2002/06/10 16:56:30 [ssh-keysign.8] merge in stuff from my man page; ok markus@ - stevesk@cvs.openbsd.org 2002/06/10 17:36:23 [ssh-add.1 ssh-add.c] use convtime() to parse and validate key lifetime. can now use '-t 2h' etc. ok markus@ provos@ - stevesk@cvs.openbsd.org 2002/06/10 17:45:20 [readconf.c ssh.1] change RhostsRSAAuthentication and RhostsAuthentication default to no since ssh is no longer setuid root by default; ok markus@ - stevesk@cvs.openbsd.org 2002/06/10 21:21:10 [ssh_config] update defaults for RhostsRSAAuthentication and RhostsAuthentication here too (all options commented out with default value). - markus@cvs.openbsd.org 2002/06/10 22:28:41 [channels.c channels.h session.c] move creation of agent socket to session.c; no need for uidswapping in channel.c. - markus@cvs.openbsd.org 2002/06/11 04:14:26 [ssh.c sshconnect.c sshconnect.h] no longer use uidswap.[ch] from the ssh client run less code with euid==0 if ssh is installed setuid root just switch the euid, don't switch the complete set of groups (this is only needed by sshd). ok provos@ - mpech@cvs.openbsd.org 2002/06/11 05:46:20 [auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c] pid_t cleanup. Markus need this now to keep hacking. markus@, millert@ ok - itojun@cvs.openbsd.org 2002/06/11 08:11:45 [canohost.c] use "ntop" only after initialized - (bal) Cygwin fix up from swap uid clean up in ssh.c patch by vinschen@redhat.com 20020609 - (bal) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/06/08 05:07:56 [ssh.c] nuke ptrace comment - markus@cvs.openbsd.org 2002/06/08 05:07:09 [ssh-keysign.c] only accept 20 byte session ids - markus@cvs.openbsd.org 2002/06/08 05:17:01 [readconf.c readconf.h ssh.1 ssh.c] deprecate FallBackToRsh and UseRsh; patch from djm@ - markus@cvs.openbsd.org 2002/06/08 05:40:01 [readconf.c] just warn about Deprecated options for now - markus@cvs.openbsd.org 2002/06/08 05:41:18 [ssh_config] remove FallBackToRsh/UseRsh - markus@cvs.openbsd.org 2002/06/08 12:36:53 [scp.c] remove FallBackToRsh - markus@cvs.openbsd.org 2002/06/08 12:46:14 [readconf.c] silently ignore deprecated options, since FallBackToRsh might be passed by remote scp commands. - itojun@cvs.openbsd.org 2002/06/08 21:15:27 [sshconnect.c] always use getnameinfo. (diag message only) - markus@cvs.openbsd.org 2002/06/09 04:33:27 [sshconnect.c] abort() - > fatal() - (bal) RCSID tag updates on channels.c, clientloop.c, nchan.c, sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand independant of them) 20020607 - (bal) Removed --{enable/disable}-suid-ssh - (bal) Missed __progname in ssh-keysign.c patch by dtucker@zip.com.au - (bal) use 'LOGIN_PROGRAM' not '/usr/bin/login' in session.c patch by Bertrand.Velle@apogee-com.fr 20020606 - (bal) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/05/15 21:56:38 [servconf.c sshd.8 sshd_config] re-enable privsep and disable setuid for post-3.2.2 - markus@cvs.openbsd.org 2002/05/16 22:02:50 [cipher.c kex.h mac.c] fix warnings (openssl 0.9.7 requires const) - stevesk@cvs.openbsd.org 2002/05/16 22:09:59 [session.c ssh.c] don't limit xauth pathlen on client side and longer print length on server when debug; ok markus@ - deraadt@cvs.openbsd.org 2002/05/19 20:54:52 [log.h] extra commas in enum not 100% portable - deraadt@cvs.openbsd.org 2002/05/22 23:18:25 [ssh.c sshd.c] spelling; abishoff@arc.nasa.gov - markus@cvs.openbsd.org 2002/05/23 19:24:30 [authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in] add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys). - markus@cvs.openbsd.org 2002/05/23 19:39:34 [ssh.c] add comment about ssh-keysign - markus@cvs.openbsd.org 2002/05/24 08:45:14 [sshconnect2.c] stat ssh-keysign first, print error if stat fails; some debug->error; fix comment - markus@cvs.openbsd.org 2002/05/25 08:50:39 [sshconnect2.c] execlp->execl; from stevesk - markus@cvs.openbsd.org 2002/05/25 18:51:07 [auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c Makefile.in] split auth2.c into one file per method; ok provos@/deraadt@ - stevesk@cvs.openbsd.org 2002/05/26 20:35:10 [ssh.1] sort ChallengeResponseAuthentication; ok markus@ - stevesk@cvs.openbsd.org 2002/05/28 16:45:27 [monitor_mm.c] print strerror(errno) on mmap/munmap error; ok markus@ - stevesk@cvs.openbsd.org 2002/05/28 17:28:02 [uidswap.c] format spec change/casts and some KNF; ok markus@ - stevesk@cvs.openbsd.org 2002/05/28 21:24:00 [uidswap.c] use correct function name in fatal() - stevesk@cvs.openbsd.org 2002/05/29 03:06:30 [ssh.1 sshd.8] spelling - markus@cvs.openbsd.org 2002/05/29 11:21:57 [sshd.c] don't start if privsep is enabled and SSH_PRIVSEP_USER or _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@ - markus@cvs.openbsd.org 2002/05/30 08:07:31 [cipher.c] use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of our own implementation. allow use of AES hardware via libcrypto, ok deraadt@ - markus@cvs.openbsd.org 2002/05/31 10:30:33 [sshconnect2.c] extent ssh-keysign protocol: pass # of socket-fd to ssh-keysign, keysign verfies locally used ip-address using this socket-fd, restricts fake local hostnames to actual local hostnames; ok stevesk@ - markus@cvs.openbsd.org 2002/05/31 11:35:15 [auth.h auth2.c] move Authmethod definitons to per-method file. - markus@cvs.openbsd.org 2002/05/31 13:16:48 [key.c] add comment: key_verify returns 1 for a correct signature, 0 for an incorrect signature and -1 on error. - markus@cvs.openbsd.org 2002/05/31 13:20:50 [ssh-rsa.c] pad received signature with leading zeros, because RSA_verify expects a signature of RSA_size. the drafts says the signature is transmitted unpadded (e.g. putty does not pad), reported by anakin@pobox.com - deraadt@cvs.openbsd.org 2002/06/03 12:04:07 [ssh.h] compatiblity -> compatibility decriptor -> descriptor authentciated -> authenticated transmition -> transmission - markus@cvs.openbsd.org 2002/06/04 19:42:35 [monitor.c] only allow enabled authentication methods; ok provos@ - markus@cvs.openbsd.org 2002/06/04 19:53:40 [monitor.c] save the session id (hash) for ssh2 (it will be passed with the initial sign request) and verify that this value is used during authentication; ok provos@ - markus@cvs.openbsd.org 2002/06/04 23:02:06 [packet.c] remove __FUNCTION__ - markus@cvs.openbsd.org 2002/06/04 23:05:49 [cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c] __FUNCTION__ -> __func__ - markus@cvs.openbsd.org 2002/06/05 16:08:07 [ssh-agent.1 ssh-agent.c] '-a bind_address' binds the agent to user-specified unix-domain socket instead of /tmp/ssh-XXXXXXXX/agent.; ok djm@ (some time ago). - markus@cvs.openbsd.org 2002/06/05 16:08:07 [ssh-agent.1 ssh-agent.c] '-a bind_address' binds the agent to user-specified unix-domain socket instead of /tmp/ssh-XXXXXXXX/agent.; ok djm@ (some time ago). - markus@cvs.openbsd.org 2002/06/05 16:48:54 [ssh-agent.c] copy current request into an extra buffer and just flush this request on errors, ok provos@ - markus@cvs.openbsd.org 2002/06/05 19:57:12 [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c] ssh-add -x for lock and -X for unlocking the agent. todo: encrypt private keys with locked... - markus@cvs.openbsd.org 2002/06/05 20:56:39 [ssh-add.c] add -x/-X to usage - markus@cvs.openbsd.org 2002/06/05 21:55:44 [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c] ssh-add -t life, Set lifetime (in seconds) when adding identities; ok provos@ - stevesk@cvs.openbsd.org 2002/06/06 01:09:41 [monitor.h] no trailing comma in enum; china@thewrittenword.com - markus@cvs.openbsd.org 2002/06/06 17:12:44 [sftp-server.c] discard remaining bytes of current request; ok provos@ - markus@cvs.openbsd.org 2002/06/06 17:30:11 [sftp-server.c] use get_int() macro (hide iqueue) - (bal) Missed msg.[ch] in merge. Required for ssh-keysign. - (bal) Forgot to add msg.c Makefile.in. - (bal) monitor_mm.c typos. - (bal) Refixed auth2.c. It was never fully commited while spliting out authentication to different files. - (bal) ssh-keysign should build and install correctly now. Phase two would be to clean out any dead wood and disable ssh setuid on install. - (bal) Reverse logic, use __func__ first since it's C99 20020604 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed setsockopt from debug to error for now). 20020527 - (tim) [configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address build problem on Irix reported by Dave Love . Back out last monitor_fdpass.c changes that are no longer needed with new tests. Patch tested on Irix by Jan-Frode Myklebust 20020522 - (djm) Fix spelling mistakes, spotted by Solar Designer i - Sync scard/ (not sure when it drifted) - (djm) OpenBSD CVS Sync: [auth.c] Fix typo/thinko. Pass in as to auth_approval(), not NULL. Closes PR 2659. - Crank version - Crank RPM spec versions 20020521 - (stevesk) [sshd.c] bug 245; disable setsid() for now - (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups() 20020517 - (tim) [configure.ac] remove extra MD5_MSG="no" line. 20020515 - (bal) CVS ID fix up on auth-passwd.c - (bal) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2002/05/07 19:54:36 [ssh.h] use ssh uid - deraadt@cvs.openbsd.org 2002/05/08 21:06:34 [ssh.h] move to sshd.sshd instead - stevesk@cvs.openbsd.org 2002/05/11 20:24:48 [ssh.h] typo in comment - itojun@cvs.openbsd.org 2002/05/13 02:37:39 [auth-skey.c auth2.c] less warnings. skey_{respond,query} are public (in auth.h) - markus@cvs.openbsd.org 2002/05/13 20:44:58 [auth-options.c auth.c auth.h] move the packet_send_debug handling from auth-options.c to auth.c; ok provos@ - millert@cvs.openbsd.org 2002/05/13 15:53:19 [sshd.c] Call setsid() in the child after sshd accepts the connection and forks. This is needed for privsep which calls setlogin() when it changes uids. Without this, there is a race where the login name of an existing connection, as returned by getlogin(), may be changed to the privsep user (sshd). markus@ OK - markus@cvs.openbsd.org 2002/05/13 21:26:49 [auth-rhosts.c] handle debug messages during rhosts-rsa and hostbased authentication; ok provos@ - mouring@cvs.openbsd.org 2002/05/15 15:47:49 [kex.c monitor.c monitor_wrap.c sshd.c] 'monitor' variable clashes with at least one lame platform (NeXT). i Renamed to 'pmonitor'. provos@ - deraadt@cvs.openbsd.org 2002/05/04 02:39:35 [servconf.c sshd.8 sshd_config] enable privsep by default; provos ok - millert@cvs.openbsd.org 2002/05/06 23:34:33 [ssh.1 sshd.8] Kill/adjust r(login|exec)d? references now that those are no longer in the tree. - markus@cvs.openbsd.org 2002/05/15 21:02:53 [servconf.c sshd.8 sshd_config] disable privsep and enable setuid for the 3.2.2 release - (bal) Fixed up PAM case. I think. - (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy - (bal) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/05/15 21:05:29 [version.h] enter OpenSSH_3.2.2 - (bal) Caldara, Suse, and Redhat openssh.specs updated. --- security/openssh/Makefile | 16 +++++----------- security/openssh/PLIST | 7 ++++++- security/openssh/distinfo | 12 ++++++------ security/openssh/patches/patch-aa | 21 ++++++++++++++++----- security/openssh/patches/patch-ab | 25 ++++++++++++++++++------- security/openssh/patches/patch-ah | 12 ++++++------ 6 files changed, 57 insertions(+), 36 deletions(-) (limited to 'security') diff --git a/security/openssh/Makefile b/security/openssh/Makefile index bbdce61784f..e435009365d 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.72 2002/06/15 21:20:04 cjep Exp $ +# $NetBSD: Makefile,v 1.73 2002/06/25 02:13:11 itojun Exp $ -DISTNAME= openssh-3.2.3p1 -PKGNAME= openssh-3.2.3.1 +DISTNAME= openssh-3.3p1 +PKGNAME= openssh-3.3.0.1 SVR4_PKGNAME= ossh CATEGORIES= security MASTER_SITES= ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \ @@ -27,7 +27,6 @@ CRYPTO= yes BUILD_DEFS+= USE_INET6 #BUILD_DEFS+= KERBEROS BUILD_DEFS+= PKG_SYSCONFDIR -BUILD_DEFS+= SSH_SUID .include "../../mk/bsd.prefs.mk" @@ -48,8 +47,7 @@ CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR} CONFIGURE_ARGS+= --with-ssl-dir=${BUILDLINK_DIR} CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_DIR} -# necessary until openssh distribution fixes ordering of "-lcrypt -lcrypto" -CONFIGURE_ARGS+= --with-md5-passwords +CONFIGURE_ARGS+= --with-privsep-path=/var/chroot/sshd # XXX: PAM authentication causes memory faults, and I haven't tracked down # XXX: why yet. For the moment, disable PAM authentication. @@ -72,11 +70,6 @@ CONFIGURE_ARGS+= --with-md5-passwords #CONFIGURE_ARGS+= --with-kerberos4=/usr #.endif -# Don't install "ssh" setuid -.if !defined(SSH_SUID) || ${SSH_SUID} != YES -CONFIGURE_ARGS+= --disable-suid-ssh -.endif - # The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending # on if it's part of the X11 distribution, or if it's installed from pkgsrc # (security/ssh-askpass). @@ -127,6 +120,7 @@ post-install: # ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.freebsd ${EGDIR}/sshd.pam #.endif ${INSTALL_SCRIPT} ${WRKDIR}/sshd ${PREFIX}/etc/rc.d/sshd + ${MKDIR} /var/chroot/sshd .include "../../devel/zlib/buildlink.mk" .include "../../security/openssl/buildlink.mk" diff --git a/security/openssh/PLIST b/security/openssh/PLIST index 7068133532c..cd06143f77f 100644 --- a/security/openssh/PLIST +++ b/security/openssh/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.2 2002/02/05 04:17:31 jlam Exp $ +@comment $NetBSD: PLIST,v 1.3 2002/06/25 02:13:12 itojun Exp $ bin/scp bin/sftp bin/slogin @@ -9,6 +9,7 @@ bin/ssh-keygen bin/ssh-keyscan etc/rc.d/sshd libexec/sftp-server +libexec/ssh-keysign man/man1/scp.1 man/man1/sftp.1 man/man1/slogin.1 @@ -17,10 +18,14 @@ man/man1/ssh-agent.1 man/man1/ssh-keygen.1 man/man1/ssh-keyscan.1 man/man1/ssh.1 +man/man5/ssh_config.5 +man/man5/sshd_config.5 man/man8/sftp-server.8 +man/man8/ssh-keysign.8 man/man8/sshd.8 sbin/sshd share/examples/openssh/moduli share/examples/openssh/ssh_config share/examples/openssh/sshd_config @dirrm share/examples/openssh +@exec mkdir -p /var/chroot/sshd diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 816c82163c5..37e00151910 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.17 2002/05/24 04:11:47 itojun Exp $ +$NetBSD: distinfo,v 1.18 2002/06/25 02:13:12 itojun Exp $ -SHA1 (openssh-3.2.3p1.tar.gz) = 537d8401d04e2a41fcfc7489f779cb669b1aea15 -Size (openssh-3.2.3p1.tar.gz) = 823051 bytes -SHA1 (patch-aa) = 719c2780e1f5a97e2f731feac39b8bdab4d8cf7b -SHA1 (patch-ab) = 4b7b8455ac4ce7a6fcaffb9d40aac98e8c42fedf -SHA1 (patch-ah) = e77a6b29294727c6507da10c71092e4f2bf5b71f +SHA1 (openssh-3.3p1.tar.gz) = 386212e32297acec0f0f2e84cca457be61e4ee53 +Size (openssh-3.3p1.tar.gz) = 831189 bytes +SHA1 (patch-aa) = 0287823fc0c5953996891576b4d3571e08618b3d +SHA1 (patch-ab) = 8a7c9c0802a5089ef25ae91a520772a09a2b5000 +SHA1 (patch-ah) = 9913c868bde5d318915b1dee2c05dcf454a0f506 diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa index ebbe50ea835..abd58346255 100644 --- a/security/openssh/patches/patch-aa +++ b/security/openssh/patches/patch-aa @@ -1,8 +1,10 @@ -$NetBSD: patch-aa,v 1.23 2002/05/19 07:43:24 itojun Exp $ +$NetBSD: patch-aa,v 1.24 2002/06/25 02:13:12 itojun Exp $ ---- configure.orig Thu May 16 08:42:51 2002 -+++ configure Sun May 19 16:36:33 2002 -@@ -3941,8 +3941,6 @@ +use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES + +--- configure.orig Sat Jun 22 00:56:52 2002 ++++ configure Tue Jun 25 10:54:48 2002 +@@ -3943,8 +3943,6 @@ CFLAGS="$CFLAGS" ;; *-*-solaris*) @@ -32,7 +34,16 @@ $NetBSD: patch-aa,v 1.23 2002/05/19 07:43:24 itojun Exp $ #include int deny_severity = 0, allow_severity = 0; -@@ -17642,7 +17647,7 @@ +@@ -8051,7 +8056,7 @@ + + + fi; +-LIBS="$LIBS -lcrypto" ++LIBS="$LIBS -lcrypt -lcrypto" + cat >conftest.$ac_ext <<_ACEOF + #line $LINENO "configure" + #include "confdefs.h" +@@ -17485,7 +17490,7 @@ echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab index 2184aa45c47..9e5e6427917 100644 --- a/security/openssh/patches/patch-ab +++ b/security/openssh/patches/patch-ab @@ -1,8 +1,10 @@ -$NetBSD: patch-ab,v 1.10 2002/05/19 07:43:25 itojun Exp $ +$NetBSD: patch-ab,v 1.11 2002/06/25 02:13:13 itojun Exp $ ---- configure.ac.orig Mon May 13 14:14:08 2002 -+++ configure.ac Sun May 19 16:35:27 2002 -@@ -182,8 +182,6 @@ +use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES + +--- configure.ac.orig Fri Jun 21 09:01:19 2002 ++++ configure.ac Tue Jun 25 10:54:10 2002 +@@ -183,8 +183,6 @@ CFLAGS="$CFLAGS" ;; *-*-solaris*) @@ -11,7 +13,7 @@ $NetBSD: patch-ab,v 1.10 2002/05/19 07:43:25 itojun Exp $ need_dash_r=1 AC_DEFINE(PAM_SUN_CODEBASE) AC_DEFINE(LOGIN_NEEDS_UTMPX) -@@ -311,6 +309,9 @@ +@@ -310,6 +308,9 @@ ;; esac @@ -21,7 +23,7 @@ $NetBSD: patch-ab,v 1.10 2002/05/19 07:43:25 itojun Exp $ # Allow user to specify flags AC_ARG_WITH(cflags, [ --with-cflags Specify additional flags to pass to compiler], -@@ -544,6 +545,10 @@ +@@ -543,6 +544,10 @@ AC_MSG_CHECKING(for libwrap) AC_TRY_LINK( [ @@ -32,7 +34,16 @@ $NetBSD: patch-ab,v 1.10 2002/05/19 07:43:25 itojun Exp $ #include int deny_severity = 0, allow_severity = 0; ], -@@ -2383,7 +2388,7 @@ +@@ -725,7 +730,7 @@ + fi + ] + ) +-LIBS="$LIBS -lcrypto" ++LIBS="$LIBS -lcrypt -lcrypto" + AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), + [ + dnl Check default openssl install dir +@@ -2372,7 +2377,7 @@ echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah index 35b7c7da927..2f981f210bd 100644 --- a/security/openssh/patches/patch-ah +++ b/security/openssh/patches/patch-ah @@ -1,7 +1,7 @@ -$NetBSD: patch-ah,v 1.18 2002/05/19 07:43:25 itojun Exp $ +$NetBSD: patch-ah,v 1.19 2002/06/25 02:13:13 itojun Exp $ ---- Makefile.in.orig Mon May 13 13:12:05 2002 -+++ Makefile.in Sun May 19 16:37:28 2002 +--- Makefile.in.orig Fri Jun 21 10:38:53 2002 ++++ Makefile.in Tue Jun 25 10:50:44 2002 @@ -21,7 +21,7 @@ DESTDIR= VPATH=@srcdir@ @@ -9,9 +9,9 @@ $NetBSD: patch-ah,v 1.18 2002/05/19 07:43:25 itojun Exp $ -ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass +#ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass SFTP_SERVER=$(libexecdir)/sftp-server - PRIVSEP_PATH=@PRIVSEP_PATH@ - -@@ -198,7 +198,7 @@ + SSH_KEYSIGN=$(libexecdir)/ssh-keysign + RAND_HELPER=$(libexecdir)/ssh-rand-helper +@@ -203,7 +203,7 @@ scard-install: (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) -- cgit v1.2.3