diff options
author | garga <garga@FreeBSD.org> | 2005-09-02 03:24:36 +0800 |
---|---|---|
committer | garga <garga@FreeBSD.org> | 2005-09-02 03:24:36 +0800 |
commit | 3232d1c7609cad56e0a87a53bca16cf90e85749c (patch) | |
tree | b7869207c5cd4e2d7a2c6052054623c049972a4c | |
parent | d6a16e0ab9b9feac1f864347e2ee0d9b082c2684 (diff) | |
download | freebsd-ports-gnome-3232d1c7609cad56e0a87a53bca16cf90e85749c.tar.gz freebsd-ports-gnome-3232d1c7609cad56e0a87a53bca16cf90e85749c.tar.zst freebsd-ports-gnome-3232d1c7609cad56e0a87a53bca16cf90e85749c.zip |
- Update to 4.2p1
PR: ports/85578
Submitted by: Marcus Grando <marcus@corp.grupos.com.br>
-rw-r--r-- | security/openssh-portable/Makefile | 73 | ||||
-rw-r--r-- | security/openssh-portable/distinfo | 4 | ||||
-rw-r--r-- | security/openssh-portable/files/patch-auth-pam.c | 65 | ||||
-rw-r--r-- | security/openssh-portable/files/patch-auth1.c | 63 | ||||
-rw-r--r-- | security/openssh-portable/files/patch-fake-rfc2553.h | 11 |
5 files changed, 70 insertions, 146 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 2b831ec1069f..247aa1e5b0a7 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -6,7 +6,7 @@ # PORTNAME= openssh -PORTVERSION= 4.1.0.1 +PORTVERSION= 4.2.0.0 .if defined(OPENSSH_SNAPSHOT) PORTREVISION!= date -v-1d +%Y%m%d .endif @@ -21,7 +21,8 @@ DISTNAME= ${DISTNAME2} MAINTAINER= ports@FreeBSD.org COMMENT= The portable version of OpenBSD's OpenSSH -OPENSSHVERSION= 4.1p1 +OPENSSHVERSION= 4.2p1 + .if defined(OPENSSH_SNAPSHOT) MASTER_SITE_SUBDIR2= snapshot/ DISTNAME2= ${PORTNAME}-SNAP-${PORTREVISION} @@ -52,6 +53,13 @@ PRECIOUS= ssh_config sshd_config \ ETCOLD= ${PREFIX}/etc PORTABLE_SUFFIX= -portable +SUDO?= +MAKE_ENV+= SUDO="${SUDO}" + +OPTIONS= SUID_SSH "Enable suid SSH (Recommended off)" off \ + GSSAPI "Enable GSSAPI support" off \ + OPENSSH_CHROOT "Enable CHROOT support" off + .if exists(/usr/include/security/pam_modules.h) CONFIGURE_ARGS+= --with-pam .endif @@ -60,7 +68,9 @@ CONFIGURE_ARGS+= --with-pam CONFIGURE_ARGS+= --with-tcp-wrappers .endif -.if !defined(ENABLE_SUID_SSH) +.include <bsd.port.pre.mk> + +.if !defined(WITH_SUID_SSH) CONFIGURE_ARGS+= --disable-suid-ssh .endif @@ -69,13 +79,21 @@ PORTABLE_SUFFIX= GSSAPI_SUFFIX= -gssapi CONFLICTS+= openssh-portable-* CONFIGURE_ARGS+= --with-kerberos5=${KRB5_HOME} +.if ${OPENSSLBASE} == "/usr" +CONFIGURE_ARGS+= --without-rpath +LDFLAGS= +.endif .else CONFLICTS+= openssh-gssapi-* +CONFIGURE_ARGS+= --with-rpath=${OPENSSLRPATH} .if !defined(WITHOUT_KERBEROS) && exists(/usr/include/krb5.h) CONFIGURE_ARGS+= --with-kerberos5 EXTRA_PATCHES+= ${FILESDIR}/gss-serv.c.patch .endif .endif +.if ${OPENSSLBASE} != "/usr" +CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE} +.endif .if defined(BATCH) EXTRA_PATCHES+= ${FILESDIR}/batch.patch @@ -118,30 +136,30 @@ post-configure: ${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh pre-install: -.if defined(OPENSSH_OVERWRITE_BASE) - -${MKDIR} ${EMPTYDIR} -.else - -${MKDIR} ${PREFIX}/empty -.endif +. if defined(OPENSSH_OVERWRITE_BASE) + -${MKDIR} ${EMPTYDIR} +. else + -${MKDIR} ${PREFIX}/empty +. endif if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \ -h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi -@[ ! -d ${ETCSSH} ] && ${MKDIR} ${ETCSSH} -.for i in ${PRECIOUS} - -@[ -f ${ETCOLD}/${i} ] && [ ! -f ${ETCSSH}/${i} ] && \ - ${ECHO_MSG} ">> Linking ${ETCSSH}/${i} from old layout." && \ - ${LN} ${ETCOLD}/${i} ${ETCSSH}/${i} -.endfor +. for i in ${PRECIOUS} + -@[ -f ${ETCOLD}/${i} ] && [ ! -f ${ETCSSH}/${i} ] && \ + ${ECHO_MSG} ">> Linking ${ETCSSH}/${i} from old layout." && \ + ${LN} ${ETCOLD}/${i} ${ETCSSH}/${i} +. endfor post-install: -.if !defined(OPENSSH_OVERWRITE_BASE) - ${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample -.endif +. if !defined(OPENSSH_OVERWRITE_BASE) + ${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample +. endif ${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist ${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist -.if !defined(OPENSSH_OVERWRITE_BASE) - @${CAT} ${PKGMESSAGE} -.endif +. if !defined(OPENSSH_OVERWRITE_BASE) + @${CAT} ${PKGMESSAGE} +. endif test: (cd ${WRKSRC}/regress && ${SETENV} ${MAKE_ENV} \ @@ -149,21 +167,4 @@ test: PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \ ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} ) -.include <bsd.port.pre.mk> - -SUDO?= -MAKE_ENV+= SUDO="${SUDO}" - -.if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI) -.if ${OPENSSLBASE} == "/usr" -CONFIGURE_ARGS+= --without-rpath -LDFLAGS= -.endif -.else -CONFIGURE_ARGS+= --with-rpath=${OPENSSLRPATH} -.endif -.if ${OPENSSLBASE} != "/usr" -CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE} -.endif - .include <bsd.port.post.mk> diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index 6388cc0a9640..621b7d53c932 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,2 +1,2 @@ -MD5 (openssh-4.1p1.tar.gz) = 959c663e709c981f07a3315bfd64f3d0 -SIZE (openssh-4.1p1.tar.gz) = 894234 +MD5 (openssh-4.2p1.tar.gz) = df899194a340c933944b193477c628fa +SIZE (openssh-4.2p1.tar.gz) = 914165 diff --git a/security/openssh-portable/files/patch-auth-pam.c b/security/openssh-portable/files/patch-auth-pam.c deleted file mode 100644 index 73641796dfbf..000000000000 --- a/security/openssh-portable/files/patch-auth-pam.c +++ /dev/null @@ -1,65 +0,0 @@ ---- auth-pam.c.orig Thu Jan 20 03:29:51 2005 -+++ auth-pam.c Sat Mar 19 21:52:37 2005 -@@ -290,7 +290,7 @@ - * Conversation function for authentication thread. - */ - static int --sshpam_thread_conv(int n, struct pam_message **msg, -+sshpam_thread_conv(int n, const struct pam_message **msg, - struct pam_response **resp, void *data) - { - Buffer buffer; -@@ -390,7 +390,7 @@ - u_int i; - const char *pam_user; - -- pam_get_item(sshpam_handle, PAM_USER, (void **)&pam_user); -+ pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user); - environ[0] = NULL; - - if (sshpam_authctxt != NULL) { -@@ -482,7 +482,7 @@ - } - - static int --sshpam_null_conv(int n, struct pam_message **msg, -+sshpam_null_conv(int n, const struct pam_message **msg, - struct pam_response **resp, void *data) - { - debug3("PAM: %s entering, %d messages", __func__, n); -@@ -492,7 +492,7 @@ - static struct pam_conv null_conv = { sshpam_null_conv, NULL }; - - static int --sshpam_store_conv(int n, struct pam_message **msg, -+sshpam_store_conv(int n, const struct pam_message **msg, - struct pam_response **resp, void *data) - { - struct pam_response *reply; -@@ -565,7 +565,7 @@ - if (sshpam_handle != NULL) { - /* We already have a PAM context; check if the user matches */ - sshpam_err = pam_get_item(sshpam_handle, -- PAM_USER, (void **)&pam_user); -+ PAM_USER, (const void **)&pam_user); - if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0) - return (0); - pam_end(sshpam_handle, sshpam_err); -@@ -881,7 +881,7 @@ - } - - static int --sshpam_tty_conv(int n, struct pam_message **msg, -+sshpam_tty_conv(int n, const struct pam_message **msg, - struct pam_response **resp, void *data) - { - char input[PAM_MAX_MSG_SIZE]; -@@ -1040,7 +1040,7 @@ - * display. - */ - static int --sshpam_passwd_conv(int n, struct pam_message **msg, -+sshpam_passwd_conv(int n, const struct pam_message **msg, - struct pam_response **resp, void *data) - { - struct pam_response *reply; diff --git a/security/openssh-portable/files/patch-auth1.c b/security/openssh-portable/files/patch-auth1.c index 94eaf3729b1d..c574eee773db 100644 --- a/security/openssh-portable/files/patch-auth1.c +++ b/security/openssh-portable/files/patch-auth1.c @@ -1,5 +1,5 @@ ---- auth1.c.orig Tue Feb 8 11:52:48 2005 -+++ auth1.c Sat Mar 19 21:34:47 2005 +--- auth1.c.orig Sun Jul 17 04:26:44 2005 ++++ auth1.c Thu Sep 1 11:23:35 2005 @@ -26,6 +26,7 @@ #include "uidswap.h" #include "monitor_wrap.h" @@ -8,10 +8,10 @@ /* import */ extern ServerOptions options; -@@ -71,6 +72,15 @@ - u_int dlen; - u_int ulen; - int prev, type = 0; +@@ -220,6 +221,15 @@ + char info[1024]; + int prev = 0, type = 0; + const struct AuthMethod1 *meth; +#ifdef HAVE_LOGIN_CAP + login_cap_t *lc; +#endif /* HAVE_LOGIN_CAP */ @@ -24,38 +24,37 @@ debug("Attempting authentication for %s%.100s.", authctxt->valid ? "" : "invalid user ", authctxt->user); -@@ -219,6 +229,34 @@ - logit("Unknown message during authentication: type %d", type); - break; +@@ -270,6 +280,33 @@ + "type %d", type); + goto skip; } + +#ifdef HAVE_LOGIN_CAP + if (authctxt->pw != NULL) { -+ lc = login_getpwclass(authctxt->pw); -+ if (lc == NULL) -+ lc = login_getclassbyname(NULL, authctxt->pw); -+ if (!auth_hostok(lc, from_host, from_ip)) { -+ logit("Denied connection for %.200s from %.200s [%.200s].", -+ authctxt->pw->pw_name, from_host, from_ip); -+ packet_disconnect("Sorry, you are not allowed to connect."); -+ } -+ if (!auth_timeok(lc, time(NULL))) { -+ logit("LOGIN %.200s REFUSED (TIME) FROM %.200s", -+ authctxt->pw->pw_name, from_host); -+ packet_disconnect("Logins not available right now."); -+ } -+ login_close(lc); -+ lc = NULL; ++ lc = login_getpwclass(authctxt->pw); ++ if (lc == NULL) ++ lc = login_getclassbyname(NULL, authctxt->pw); ++ if (!auth_hostok(lc, from_host, from_ip)) { ++ logit("Denied connection for %.200s from %.200s [%.200s].", ++ authctxt->pw->pw_name, from_host, from_ip); ++ packet_disconnect("Sorry, you are not allowed to connect."); ++ } ++ if (!auth_timeok(lc, time(NULL))) { ++ logit("LOGIN %.200s REFUSED (TIME) FROM %.200s", ++ authctxt->pw->pw_name, from_host); ++ packet_disconnect("Logins not available right now."); ++ } ++ login_close(lc); ++ lc = NULL; + } +#endif /* HAVE_LOGIN_CAP */ -+#ifdef LOGIN_ACCESS ++#ifdef LOGIN_ACCESS + if (authctxt->pw != NULL && !login_access(authctxt->pw->pw_name, from_host)) { -+ logit("Denied connection for %.200s from %.200s [%.200s].", -+ authctxt->pw->pw_name, from_host, from_ip); -+ packet_disconnect("Sorry, you are not allowed to connect."); ++ logit("Denied connection for %.200s from %.200s [%.200s].", ++ authctxt->pw->pw_name, from_host, from_ip); ++ packet_disconnect("Sorry, you are not allowed to connect."); + } +#endif /* LOGIN_ACCESS */ -+ - #ifdef BSD_AUTH - if (authctxt->as) { - auth_close(authctxt->as); + + if (!*(meth->enabled)) { + verbose("%s authentication disabled.", meth->name); diff --git a/security/openssh-portable/files/patch-fake-rfc2553.h b/security/openssh-portable/files/patch-fake-rfc2553.h deleted file mode 100644 index 58577a46aff2..000000000000 --- a/security/openssh-portable/files/patch-fake-rfc2553.h +++ /dev/null @@ -1,11 +0,0 @@ ---- openbsd-compat/fake-rfc2553.h.orig Fri Feb 11 08:32:13 2005 -+++ openbsd-compat/fake-rfc2553.h Sat Mar 19 21:27:33 2005 -@@ -113,7 +113,7 @@ - # define NI_MAXHOST 1025 - #endif /* !NI_MAXHOST */ - --#ifndef EAI_NODATA -+#ifndef EAI_MEMORY - # define EAI_NODATA 1 - # define EAI_MEMORY 2 - # define EAI_NONAME 3 |