aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorgarga <garga@FreeBSD.org>2005-09-02 03:24:36 +0800
committergarga <garga@FreeBSD.org>2005-09-02 03:24:36 +0800
commit3232d1c7609cad56e0a87a53bca16cf90e85749c (patch)
treeb7869207c5cd4e2d7a2c6052054623c049972a4c
parentd6a16e0ab9b9feac1f864347e2ee0d9b082c2684 (diff)
downloadfreebsd-ports-gnome-3232d1c7609cad56e0a87a53bca16cf90e85749c.tar.gz
freebsd-ports-gnome-3232d1c7609cad56e0a87a53bca16cf90e85749c.tar.zst
freebsd-ports-gnome-3232d1c7609cad56e0a87a53bca16cf90e85749c.zip
- Update to 4.2p1
PR: ports/85578 Submitted by: Marcus Grando <marcus@corp.grupos.com.br>
-rw-r--r--security/openssh-portable/Makefile73
-rw-r--r--security/openssh-portable/distinfo4
-rw-r--r--security/openssh-portable/files/patch-auth-pam.c65
-rw-r--r--security/openssh-portable/files/patch-auth1.c63
-rw-r--r--security/openssh-portable/files/patch-fake-rfc2553.h11
5 files changed, 70 insertions, 146 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 2b831ec1069f..247aa1e5b0a7 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -6,7 +6,7 @@
#
PORTNAME= openssh
-PORTVERSION= 4.1.0.1
+PORTVERSION= 4.2.0.0
.if defined(OPENSSH_SNAPSHOT)
PORTREVISION!= date -v-1d +%Y%m%d
.endif
@@ -21,7 +21,8 @@ DISTNAME= ${DISTNAME2}
MAINTAINER= ports@FreeBSD.org
COMMENT= The portable version of OpenBSD's OpenSSH
-OPENSSHVERSION= 4.1p1
+OPENSSHVERSION= 4.2p1
+
.if defined(OPENSSH_SNAPSHOT)
MASTER_SITE_SUBDIR2= snapshot/
DISTNAME2= ${PORTNAME}-SNAP-${PORTREVISION}
@@ -52,6 +53,13 @@ PRECIOUS= ssh_config sshd_config \
ETCOLD= ${PREFIX}/etc
PORTABLE_SUFFIX= -portable
+SUDO?=
+MAKE_ENV+= SUDO="${SUDO}"
+
+OPTIONS= SUID_SSH "Enable suid SSH (Recommended off)" off \
+ GSSAPI "Enable GSSAPI support" off \
+ OPENSSH_CHROOT "Enable CHROOT support" off
+
.if exists(/usr/include/security/pam_modules.h)
CONFIGURE_ARGS+= --with-pam
.endif
@@ -60,7 +68,9 @@ CONFIGURE_ARGS+= --with-pam
CONFIGURE_ARGS+= --with-tcp-wrappers
.endif
-.if !defined(ENABLE_SUID_SSH)
+.include <bsd.port.pre.mk>
+
+.if !defined(WITH_SUID_SSH)
CONFIGURE_ARGS+= --disable-suid-ssh
.endif
@@ -69,13 +79,21 @@ PORTABLE_SUFFIX=
GSSAPI_SUFFIX= -gssapi
CONFLICTS+= openssh-portable-*
CONFIGURE_ARGS+= --with-kerberos5=${KRB5_HOME}
+.if ${OPENSSLBASE} == "/usr"
+CONFIGURE_ARGS+= --without-rpath
+LDFLAGS=
+.endif
.else
CONFLICTS+= openssh-gssapi-*
+CONFIGURE_ARGS+= --with-rpath=${OPENSSLRPATH}
.if !defined(WITHOUT_KERBEROS) && exists(/usr/include/krb5.h)
CONFIGURE_ARGS+= --with-kerberos5
EXTRA_PATCHES+= ${FILESDIR}/gss-serv.c.patch
.endif
.endif
+.if ${OPENSSLBASE} != "/usr"
+CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE}
+.endif
.if defined(BATCH)
EXTRA_PATCHES+= ${FILESDIR}/batch.patch
@@ -118,30 +136,30 @@ post-configure:
${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh
pre-install:
-.if defined(OPENSSH_OVERWRITE_BASE)
- -${MKDIR} ${EMPTYDIR}
-.else
- -${MKDIR} ${PREFIX}/empty
-.endif
+. if defined(OPENSSH_OVERWRITE_BASE)
+ -${MKDIR} ${EMPTYDIR}
+. else
+ -${MKDIR} ${PREFIX}/empty
+. endif
if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi
if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \
-h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi
-@[ ! -d ${ETCSSH} ] && ${MKDIR} ${ETCSSH}
-.for i in ${PRECIOUS}
- -@[ -f ${ETCOLD}/${i} ] && [ ! -f ${ETCSSH}/${i} ] && \
- ${ECHO_MSG} ">> Linking ${ETCSSH}/${i} from old layout." && \
- ${LN} ${ETCOLD}/${i} ${ETCSSH}/${i}
-.endfor
+. for i in ${PRECIOUS}
+ -@[ -f ${ETCOLD}/${i} ] && [ ! -f ${ETCSSH}/${i} ] && \
+ ${ECHO_MSG} ">> Linking ${ETCSSH}/${i} from old layout." && \
+ ${LN} ${ETCOLD}/${i} ${ETCSSH}/${i}
+. endfor
post-install:
-.if !defined(OPENSSH_OVERWRITE_BASE)
- ${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample
-.endif
+. if !defined(OPENSSH_OVERWRITE_BASE)
+ ${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample
+. endif
${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist
${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist
-.if !defined(OPENSSH_OVERWRITE_BASE)
- @${CAT} ${PKGMESSAGE}
-.endif
+. if !defined(OPENSSH_OVERWRITE_BASE)
+ @${CAT} ${PKGMESSAGE}
+. endif
test:
(cd ${WRKSRC}/regress && ${SETENV} ${MAKE_ENV} \
@@ -149,21 +167,4 @@ test:
PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} )
-.include <bsd.port.pre.mk>
-
-SUDO?=
-MAKE_ENV+= SUDO="${SUDO}"
-
-.if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI)
-.if ${OPENSSLBASE} == "/usr"
-CONFIGURE_ARGS+= --without-rpath
-LDFLAGS=
-.endif
-.else
-CONFIGURE_ARGS+= --with-rpath=${OPENSSLRPATH}
-.endif
-.if ${OPENSSLBASE} != "/usr"
-CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE}
-.endif
-
.include <bsd.port.post.mk>
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index 6388cc0a9640..621b7d53c932 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,2 +1,2 @@
-MD5 (openssh-4.1p1.tar.gz) = 959c663e709c981f07a3315bfd64f3d0
-SIZE (openssh-4.1p1.tar.gz) = 894234
+MD5 (openssh-4.2p1.tar.gz) = df899194a340c933944b193477c628fa
+SIZE (openssh-4.2p1.tar.gz) = 914165
diff --git a/security/openssh-portable/files/patch-auth-pam.c b/security/openssh-portable/files/patch-auth-pam.c
deleted file mode 100644
index 73641796dfbf..000000000000
--- a/security/openssh-portable/files/patch-auth-pam.c
+++ /dev/null
@@ -1,65 +0,0 @@
---- auth-pam.c.orig Thu Jan 20 03:29:51 2005
-+++ auth-pam.c Sat Mar 19 21:52:37 2005
-@@ -290,7 +290,7 @@
- * Conversation function for authentication thread.
- */
- static int
--sshpam_thread_conv(int n, struct pam_message **msg,
-+sshpam_thread_conv(int n, const struct pam_message **msg,
- struct pam_response **resp, void *data)
- {
- Buffer buffer;
-@@ -390,7 +390,7 @@
- u_int i;
- const char *pam_user;
-
-- pam_get_item(sshpam_handle, PAM_USER, (void **)&pam_user);
-+ pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);
- environ[0] = NULL;
-
- if (sshpam_authctxt != NULL) {
-@@ -482,7 +482,7 @@
- }
-
- static int
--sshpam_null_conv(int n, struct pam_message **msg,
-+sshpam_null_conv(int n, const struct pam_message **msg,
- struct pam_response **resp, void *data)
- {
- debug3("PAM: %s entering, %d messages", __func__, n);
-@@ -492,7 +492,7 @@
- static struct pam_conv null_conv = { sshpam_null_conv, NULL };
-
- static int
--sshpam_store_conv(int n, struct pam_message **msg,
-+sshpam_store_conv(int n, const struct pam_message **msg,
- struct pam_response **resp, void *data)
- {
- struct pam_response *reply;
-@@ -565,7 +565,7 @@
- if (sshpam_handle != NULL) {
- /* We already have a PAM context; check if the user matches */
- sshpam_err = pam_get_item(sshpam_handle,
-- PAM_USER, (void **)&pam_user);
-+ PAM_USER, (const void **)&pam_user);
- if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
- return (0);
- pam_end(sshpam_handle, sshpam_err);
-@@ -881,7 +881,7 @@
- }
-
- static int
--sshpam_tty_conv(int n, struct pam_message **msg,
-+sshpam_tty_conv(int n, const struct pam_message **msg,
- struct pam_response **resp, void *data)
- {
- char input[PAM_MAX_MSG_SIZE];
-@@ -1040,7 +1040,7 @@
- * display.
- */
- static int
--sshpam_passwd_conv(int n, struct pam_message **msg,
-+sshpam_passwd_conv(int n, const struct pam_message **msg,
- struct pam_response **resp, void *data)
- {
- struct pam_response *reply;
diff --git a/security/openssh-portable/files/patch-auth1.c b/security/openssh-portable/files/patch-auth1.c
index 94eaf3729b1d..c574eee773db 100644
--- a/security/openssh-portable/files/patch-auth1.c
+++ b/security/openssh-portable/files/patch-auth1.c
@@ -1,5 +1,5 @@
---- auth1.c.orig Tue Feb 8 11:52:48 2005
-+++ auth1.c Sat Mar 19 21:34:47 2005
+--- auth1.c.orig Sun Jul 17 04:26:44 2005
++++ auth1.c Thu Sep 1 11:23:35 2005
@@ -26,6 +26,7 @@
#include "uidswap.h"
#include "monitor_wrap.h"
@@ -8,10 +8,10 @@
/* import */
extern ServerOptions options;
-@@ -71,6 +72,15 @@
- u_int dlen;
- u_int ulen;
- int prev, type = 0;
+@@ -220,6 +221,15 @@
+ char info[1024];
+ int prev = 0, type = 0;
+ const struct AuthMethod1 *meth;
+#ifdef HAVE_LOGIN_CAP
+ login_cap_t *lc;
+#endif /* HAVE_LOGIN_CAP */
@@ -24,38 +24,37 @@
debug("Attempting authentication for %s%.100s.",
authctxt->valid ? "" : "invalid user ", authctxt->user);
-@@ -219,6 +229,34 @@
- logit("Unknown message during authentication: type %d", type);
- break;
+@@ -270,6 +280,33 @@
+ "type %d", type);
+ goto skip;
}
+
+#ifdef HAVE_LOGIN_CAP
+ if (authctxt->pw != NULL) {
-+ lc = login_getpwclass(authctxt->pw);
-+ if (lc == NULL)
-+ lc = login_getclassbyname(NULL, authctxt->pw);
-+ if (!auth_hostok(lc, from_host, from_ip)) {
-+ logit("Denied connection for %.200s from %.200s [%.200s].",
-+ authctxt->pw->pw_name, from_host, from_ip);
-+ packet_disconnect("Sorry, you are not allowed to connect.");
-+ }
-+ if (!auth_timeok(lc, time(NULL))) {
-+ logit("LOGIN %.200s REFUSED (TIME) FROM %.200s",
-+ authctxt->pw->pw_name, from_host);
-+ packet_disconnect("Logins not available right now.");
-+ }
-+ login_close(lc);
-+ lc = NULL;
++ lc = login_getpwclass(authctxt->pw);
++ if (lc == NULL)
++ lc = login_getclassbyname(NULL, authctxt->pw);
++ if (!auth_hostok(lc, from_host, from_ip)) {
++ logit("Denied connection for %.200s from %.200s [%.200s].",
++ authctxt->pw->pw_name, from_host, from_ip);
++ packet_disconnect("Sorry, you are not allowed to connect.");
++ }
++ if (!auth_timeok(lc, time(NULL))) {
++ logit("LOGIN %.200s REFUSED (TIME) FROM %.200s",
++ authctxt->pw->pw_name, from_host);
++ packet_disconnect("Logins not available right now.");
++ }
++ login_close(lc);
++ lc = NULL;
+ }
+#endif /* HAVE_LOGIN_CAP */
-+#ifdef LOGIN_ACCESS
++#ifdef LOGIN_ACCESS
+ if (authctxt->pw != NULL && !login_access(authctxt->pw->pw_name, from_host)) {
-+ logit("Denied connection for %.200s from %.200s [%.200s].",
-+ authctxt->pw->pw_name, from_host, from_ip);
-+ packet_disconnect("Sorry, you are not allowed to connect.");
++ logit("Denied connection for %.200s from %.200s [%.200s].",
++ authctxt->pw->pw_name, from_host, from_ip);
++ packet_disconnect("Sorry, you are not allowed to connect.");
+ }
+#endif /* LOGIN_ACCESS */
-+
- #ifdef BSD_AUTH
- if (authctxt->as) {
- auth_close(authctxt->as);
+
+ if (!*(meth->enabled)) {
+ verbose("%s authentication disabled.", meth->name);
diff --git a/security/openssh-portable/files/patch-fake-rfc2553.h b/security/openssh-portable/files/patch-fake-rfc2553.h
deleted file mode 100644
index 58577a46aff2..000000000000
--- a/security/openssh-portable/files/patch-fake-rfc2553.h
+++ /dev/null
@@ -1,11 +0,0 @@
---- openbsd-compat/fake-rfc2553.h.orig Fri Feb 11 08:32:13 2005
-+++ openbsd-compat/fake-rfc2553.h Sat Mar 19 21:27:33 2005
-@@ -113,7 +113,7 @@
- # define NI_MAXHOST 1025
- #endif /* !NI_MAXHOST */
-
--#ifndef EAI_NODATA
-+#ifndef EAI_MEMORY
- # define EAI_NODATA 1
- # define EAI_MEMORY 2
- # define EAI_NONAME 3