- Update to 4.2p1

PR: ports/85578 Submitted by: Marcus Grando <marcus@corp.grupos.com.br>
author: garga <garga@FreeBSD.org> 2005-09-02 03:24:36 +0800
committer: garga <garga@FreeBSD.org> 2005-09-02 03:24:36 +0800
commit: 3232d1c7609cad56e0a87a53bca16cf90e85749c (patch)
tree: b7869207c5cd4e2d7a2c6052054623c049972a4c /security/openssh-portable
parent: d6a16e0ab9b9feac1f864347e2ee0d9b082c2684 (diff)
download: freebsd-ports-gnome-3232d1c7609cad56e0a87a53bca16cf90e85749c.tar.gz
freebsd-ports-gnome-3232d1c7609cad56e0a87a53bca16cf90e85749c.tar.zst
freebsd-ports-gnome-3232d1c7609cad56e0a87a53bca16cf90e85749c.zip
5 files changed, 70 insertions, 146 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 2b831ec1069f..247aa1e5b0a7 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	openssh
-PORTVERSION=	4.1.0.1
+PORTVERSION=	4.2.0.0
 .if defined(OPENSSH_SNAPSHOT)
 PORTREVISION!=	date -v-1d +%Y%m%d
 .endif
@@ -21,7 +21,8 @@ DISTNAME=	${DISTNAME2}
 MAINTAINER=	ports@FreeBSD.org
 COMMENT=	The portable version of OpenBSD's OpenSSH
 
-OPENSSHVERSION=	4.1p1
+OPENSSHVERSION=	4.2p1
+
 .if defined(OPENSSH_SNAPSHOT)
 MASTER_SITE_SUBDIR2=	snapshot/
 DISTNAME2=	${PORTNAME}-SNAP-${PORTREVISION}
@@ -52,6 +53,13 @@ PRECIOUS=	ssh_config sshd_config \
 ETCOLD=		${PREFIX}/etc
 PORTABLE_SUFFIX=	-portable
 
+SUDO?=
+MAKE_ENV+=	SUDO="${SUDO}"
+
+OPTIONS=	SUID_SSH	"Enable suid SSH (Recommended off)"	off \
+		GSSAPI		"Enable GSSAPI support"			off \
+		OPENSSH_CHROOT	"Enable CHROOT support"			off
+
 .if exists(/usr/include/security/pam_modules.h)
 CONFIGURE_ARGS+=	--with-pam
 .endif
@@ -60,7 +68,9 @@ CONFIGURE_ARGS+=	--with-pam
 CONFIGURE_ARGS+=	--with-tcp-wrappers
 .endif
 
-.if !defined(ENABLE_SUID_SSH)
+.include <bsd.port.pre.mk>
+
+.if !defined(WITH_SUID_SSH)
 CONFIGURE_ARGS+=	--disable-suid-ssh
 .endif
 
@@ -69,13 +79,21 @@ PORTABLE_SUFFIX=
 GSSAPI_SUFFIX=	-gssapi
 CONFLICTS+=	openssh-portable-*
 CONFIGURE_ARGS+=	--with-kerberos5=${KRB5_HOME}
+.if ${OPENSSLBASE} == "/usr"
+CONFIGURE_ARGS+=	--without-rpath
+LDFLAGS=
+.endif
 .else
 CONFLICTS+=	openssh-gssapi-*
+CONFIGURE_ARGS+=	--with-rpath=${OPENSSLRPATH}
 .if !defined(WITHOUT_KERBEROS) && exists(/usr/include/krb5.h)
 CONFIGURE_ARGS+=	--with-kerberos5
 EXTRA_PATCHES+=		${FILESDIR}/gss-serv.c.patch
 .endif
 .endif
+.if ${OPENSSLBASE} != "/usr"
+CONFIGURE_ARGS+=	--with-ssl-dir=${OPENSSLBASE}
+.endif
 
 .if defined(BATCH)
 EXTRA_PATCHES+=		${FILESDIR}/batch.patch
@@ -118,30 +136,30 @@ post-configure:
 		${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh
 
 pre-install:
-.if defined(OPENSSH_OVERWRITE_BASE)
-	-${MKDIR} ${EMPTYDIR}
-.else
-	-${MKDIR} ${PREFIX}/empty
-.endif
+.	if defined(OPENSSH_OVERWRITE_BASE)
+		-${MKDIR} ${EMPTYDIR}
+.	else
+		-${MKDIR} ${PREFIX}/empty
+.	endif
 	if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi
 	if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \
 		-h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi
 	-@[ ! -d ${ETCSSH} ] && ${MKDIR} ${ETCSSH}
-.for i in ${PRECIOUS}
-	-@[ -f ${ETCOLD}/${i} ] && [ ! -f ${ETCSSH}/${i} ] && \
-		${ECHO_MSG} ">> Linking ${ETCSSH}/${i} from old layout." && \
-		${LN} ${ETCOLD}/${i} ${ETCSSH}/${i}
-.endfor
+.	for i in ${PRECIOUS}
+		-@[ -f ${ETCOLD}/${i} ] && [ ! -f ${ETCSSH}/${i} ] && \
+			${ECHO_MSG} ">> Linking ${ETCSSH}/${i} from old layout." && \
+			${LN} ${ETCOLD}/${i} ${ETCSSH}/${i}
+.	endfor
 
 post-install:
-.if !defined(OPENSSH_OVERWRITE_BASE)
-	${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample
-.endif
+.	if !defined(OPENSSH_OVERWRITE_BASE)
+		${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample
+.	endif
 	${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist
 	${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist
-.if !defined(OPENSSH_OVERWRITE_BASE)
-	@${CAT} ${PKGMESSAGE}
-.endif
+.	if !defined(OPENSSH_OVERWRITE_BASE)
+		@${CAT} ${PKGMESSAGE}
+.	endif
 
 test:
 	(cd ${WRKSRC}/regress && ${SETENV} ${MAKE_ENV} \
@@ -149,21 +167,4 @@ test:
 	PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
 	${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} )
 
-.include <bsd.port.pre.mk>
-
-SUDO?=
-MAKE_ENV+=	SUDO="${SUDO}"
-
-.if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI)
-.if ${OPENSSLBASE} == "/usr"
-CONFIGURE_ARGS+=	--without-rpath
-LDFLAGS=
-.endif
-.else
-CONFIGURE_ARGS+=	--with-rpath=${OPENSSLRPATH}
-.endif
-.if ${OPENSSLBASE} != "/usr"
-CONFIGURE_ARGS+=	--with-ssl-dir=${OPENSSLBASE}
-.endif
-
 .include <bsd.port.post.mk>
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index 6388cc0a9640..621b7d53c932 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,2 +1,2 @@
-MD5 (openssh-4.1p1.tar.gz) = 959c663e709c981f07a3315bfd64f3d0
-SIZE (openssh-4.1p1.tar.gz) = 894234
+MD5 (openssh-4.2p1.tar.gz) = df899194a340c933944b193477c628fa
+SIZE (openssh-4.2p1.tar.gz) = 914165
diff --git a/security/openssh-portable/files/patch-auth-pam.c b/security/openssh-portable/files/patch-auth-pam.c
deleted file mode 100644
index 73641796dfbf..000000000000
--- a/security/openssh-portable/files/patch-auth-pam.c
+++ /dev/null
@@ -1,65 +0,0 @@
---- auth-pam.c.orig	Thu Jan 20 03:29:51 2005
-+++ auth-pam.c	Sat Mar 19 21:52:37 2005
-@@ -290,7 +290,7 @@
-  * Conversation function for authentication thread.
-  */
- static int
--sshpam_thread_conv(int n, struct pam_message **msg,
-+sshpam_thread_conv(int n, const struct pam_message **msg,
-     struct pam_response **resp, void *data)
- {
- 	Buffer buffer;
-@@ -390,7 +390,7 @@
- 	u_int i;
- 	const char *pam_user;
- 
--	pam_get_item(sshpam_handle, PAM_USER, (void **)&pam_user);
-+	pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);
- 	environ[0] = NULL;
- 
- 	if (sshpam_authctxt != NULL) {
-@@ -482,7 +482,7 @@
- }
- 
- static int
--sshpam_null_conv(int n, struct pam_message **msg,
-+sshpam_null_conv(int n, const struct pam_message **msg,
-     struct pam_response **resp, void *data)
- {
- 	debug3("PAM: %s entering, %d messages", __func__, n);
-@@ -492,7 +492,7 @@
- static struct pam_conv null_conv = { sshpam_null_conv, NULL };
- 
- static int
--sshpam_store_conv(int n, struct pam_message **msg,
-+sshpam_store_conv(int n, const struct pam_message **msg,
-     struct pam_response **resp, void *data)
- {
- 	struct pam_response *reply;
-@@ -565,7 +565,7 @@
- 	if (sshpam_handle != NULL) {
- 		/* We already have a PAM context; check if the user matches */
- 		sshpam_err = pam_get_item(sshpam_handle,
--		    PAM_USER, (void **)&pam_user);
-+		    PAM_USER, (const void **)&pam_user);
- 		if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
- 			return (0);
- 		pam_end(sshpam_handle, sshpam_err);
-@@ -881,7 +881,7 @@
- }
- 
- static int
--sshpam_tty_conv(int n, struct pam_message **msg,
-+sshpam_tty_conv(int n, const struct pam_message **msg,
-     struct pam_response **resp, void *data)
- {
- 	char input[PAM_MAX_MSG_SIZE];
-@@ -1040,7 +1040,7 @@
-  * display.
-  */
- static int
--sshpam_passwd_conv(int n, struct pam_message **msg,
-+sshpam_passwd_conv(int n, const struct pam_message **msg,
-     struct pam_response **resp, void *data)
- {
- 	struct pam_response *reply;
diff --git a/security/openssh-portable/files/patch-auth1.c b/security/openssh-portable/files/patch-auth1.c
index 94eaf3729b1d..c574eee773db 100644
--- a/security/openssh-portable/files/patch-auth1.c
+++ b/security/openssh-portable/files/patch-auth1.c
@@ -1,5 +1,5 @@
---- auth1.c.orig	Tue Feb  8 11:52:48 2005
-+++ auth1.c	Sat Mar 19 21:34:47 2005
+--- auth1.c.orig	Sun Jul 17 04:26:44 2005
++++ auth1.c	Thu Sep  1 11:23:35 2005
 @@ -26,6 +26,7 @@
  #include "uidswap.h"
  #include "monitor_wrap.h"
@@ -8,10 +8,10 @@
  
  /* import */
  extern ServerOptions options;
-@@ -71,6 +72,15 @@
- 	u_int dlen;
- 	u_int ulen;
- 	int prev, type = 0;
+@@ -220,6 +221,15 @@
+ 	char info[1024];
+ 	int prev = 0, type = 0;
+ 	const struct AuthMethod1 *meth;
 +#ifdef HAVE_LOGIN_CAP
 +	login_cap_t *lc;
 +#endif /* HAVE_LOGIN_CAP */
@@ -24,38 +24,37 @@
  
  	debug("Attempting authentication for %s%.100s.",
  	    authctxt->valid ? "" : "invalid user ", authctxt->user);
-@@ -219,6 +229,34 @@
- 			logit("Unknown message during authentication: type %d", type);
- 			break;
+@@ -270,6 +280,33 @@
+ 			    "type %d", type);
+ 			goto skip;
  		}
 +
 +#ifdef HAVE_LOGIN_CAP
 +		if (authctxt->pw != NULL) {
-+		  lc = login_getpwclass(authctxt->pw);
-+		  if (lc == NULL)
-+			lc = login_getclassbyname(NULL, authctxt->pw);
-+		  if (!auth_hostok(lc, from_host, from_ip)) {
-+			logit("Denied connection for %.200s from %.200s [%.200s].",
-+		      authctxt->pw->pw_name, from_host, from_ip);
-+			packet_disconnect("Sorry, you are not allowed to connect.");
-+		  }
-+		  if (!auth_timeok(lc, time(NULL))) {
-+			logit("LOGIN %.200s REFUSED (TIME) FROM %.200s",
-+		      authctxt->pw->pw_name, from_host);
-+			packet_disconnect("Logins not available right now.");
-+		  }
-+		  login_close(lc);
-+		  lc = NULL;
++			lc = login_getpwclass(authctxt->pw);
++			if (lc == NULL)
++				lc = login_getclassbyname(NULL, authctxt->pw);
++			if (!auth_hostok(lc, from_host, from_ip)) {
++				logit("Denied connection for %.200s from %.200s [%.200s].",
++				       authctxt->pw->pw_name, from_host, from_ip);
++				packet_disconnect("Sorry, you are not allowed to connect.");
++			}
++			if (!auth_timeok(lc, time(NULL))) {
++				logit("LOGIN %.200s REFUSED (TIME) FROM %.200s",
++				       authctxt->pw->pw_name, from_host);
++				packet_disconnect("Logins not available right now.");
++			}
++			login_close(lc);
++			lc = NULL;
 +		}
 +#endif  /* HAVE_LOGIN_CAP */
-+#ifdef LOGIN_ACCESS
++#ifdef LOGIN_ACCESS                                                       
 +		if (authctxt->pw != NULL && !login_access(authctxt->pw->pw_name, from_host)) {
-+		  logit("Denied connection for %.200s from %.200s [%.200s].",
-+		      authctxt->pw->pw_name, from_host, from_ip);
-+		  packet_disconnect("Sorry, you are not allowed to connect.");
++			logit("Denied connection for %.200s from %.200s [%.200s].",
++			       authctxt->pw->pw_name, from_host, from_ip);
++			packet_disconnect("Sorry, you are not allowed to connect.");
 +		}
 +#endif /* LOGIN_ACCESS */
-+
- #ifdef BSD_AUTH
- 		if (authctxt->as) {
- 			auth_close(authctxt->as);
+ 
+ 		if (!*(meth->enabled)) {
+ 			verbose("%s authentication disabled.", meth->name);
diff --git a/security/openssh-portable/files/patch-fake-rfc2553.h b/security/openssh-portable/files/patch-fake-rfc2553.h
deleted file mode 100644
index 58577a46aff2..000000000000
--- a/security/openssh-portable/files/patch-fake-rfc2553.h
+++ /dev/null
@@ -1,11 +0,0 @@
---- openbsd-compat/fake-rfc2553.h.orig	Fri Feb 11 08:32:13 2005
-+++ openbsd-compat/fake-rfc2553.h	Sat Mar 19 21:27:33 2005
-@@ -113,7 +113,7 @@
- # define NI_MAXHOST 1025
- #endif /* !NI_MAXHOST */
- 
--#ifndef EAI_NODATA
-+#ifndef EAI_MEMORY
- # define EAI_NODATA	1
- # define EAI_MEMORY	2
- # define EAI_NONAME	3
author	garga <garga@FreeBSD.org>	2005-09-02 03:24:36 +0800
committer	garga <garga@FreeBSD.org>	2005-09-02 03:24:36 +0800
commit	3232d1c7609cad56e0a87a53bca16cf90e85749c (patch)
tree	b7869207c5cd4e2d7a2c6052054623c049972a4c /security/openssh-portable
parent	d6a16e0ab9b9feac1f864347e2ee0d9b082c2684 (diff)
download	freebsd-ports-gnome-3232d1c7609cad56e0a87a53bca16cf90e85749c.tar.gz freebsd-ports-gnome-3232d1c7609cad56e0a87a53bca16cf90e85749c.tar.zst freebsd-ports-gnome-3232d1c7609cad56e0a87a53bca16cf90e85749c.zip