diff options
| author | dinoex <dinoex@FreeBSD.org> | 2002-03-08 13:54:04 +0800 |
|---|---|---|
| committer | dinoex <dinoex@FreeBSD.org> | 2002-03-08 13:54:04 +0800 |
| commit | 3b9b4655e8e632d9d30d66f403c35e546511b24c (patch) | |
| tree | dc53332f87ca48e79b4bda26bfd0b9046edaab1f /security/openssh | |
| parent | 9a8f66f5a47e62b397bdc0c6610b72c484b00569 (diff) | |
| download | freebsd-ports-gnome-3b9b4655e8e632d9d30d66f403c35e546511b24c.tar.gz freebsd-ports-gnome-3b9b4655e8e632d9d30d66f403c35e546511b24c.tar.zst freebsd-ports-gnome-3b9b4655e8e632d9d30d66f403c35e546511b24c.zip | |
Update to OpenSSH 3.1 OpennSSH-portable 3.1p1
- update patch-au,patch-session.c for password changes.
- patch-channel.c is now integrated
Excerpt from Changelog:
20020304
- OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2002/02/26 18:52:32
[sftp.1]
Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org
- mouring@cvs.openbsd.org 2002/02/26 19:04:37
[sftp.1]
> Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org
Last Ic on the first line should not have a space between it and the final
comma.
- deraadt@cvs.openbsd.org 2002/02/26 19:06:43
[sftp.1]
no, look closely. the comma was highlighted. split .Ic even more
- stevesk@cvs.openbsd.org 2002/02/26 20:03:51
[misc.c]
use socklen_t
- stevesk@cvs.openbsd.org 2002/02/27 21:23:13
[canohost.c channels.c packet.c sshd.c]
remove unneeded casts in [gs]etsockopt(); ok markus@
- markus@cvs.openbsd.org 2002/02/28 15:46:33
[authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c]
add some const EVP_MD for openssl-0.9.7
- stevesk@cvs.openbsd.org 2002/02/28 19:36:28
[auth.c match.c match.h]
delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
for sshd -u0; ok markus@
- stevesk@cvs.openbsd.org 2002/02/28 20:36:42
[sshd.8]
DenyUsers allows user@host pattern also
- stevesk@cvs.openbsd.org 2002/02/28 20:46:10
[sshd.8]
-u0 DNS for user@host
- stevesk@cvs.openbsd.org 2002/02/28 20:56:00
[auth.c]
log user not allowed details, from dwd@bell-labs.com; ok markus@
- markus@cvs.openbsd.org 2002/03/01 13:12:10
[auth.c match.c match.h]
undo the 'delay hostname lookup' change
match.c must not use compress.c (via canonhost.c/packet.c)
thanks to wilfried@
- markus@cvs.openbsd.org 2002/03/04 12:43:06
[auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
- markus@cvs.openbsd.org 2002/03/04 13:10:46
[misc.c]
error-> debug, because O_NONBLOCK for /dev/null causes too many different
errnos; ok stevesk@, deraadt@
unused include
- stevesk@cvs.openbsd.org 2002/03/04 17:27:39
[auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
uuencode.c xmalloc.h]
$OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
files. ok markus@
- stevesk@cvs.openbsd.org 2002/03/04 18:30:23
[ssh-keyscan.c]
handle connection close during read of protocol version string.
fixes erroneous "bad greeting". ok markus@
- markus@cvs.openbsd.org 2002/03/04 19:37:58
[channels.c]
off by one; thanks to joost@pine.nl
20020226
- (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests
based on patch by mooney@dogbert.cc.ndsu.nodak.edu (Tim Mooney)
Bug 45 [configure.ac] modify skey test to work around conflict with autoconf
reported by nolan@naic.edu (Michael Nolan)
patch by Pekka Savola <pekkas@netcore.fi>
Bug 74 [configure.ac defines.h] add sig_atomic_t test
reported by dwd@bell-labs.com (Dave Dykstra)
Bug 102 [defines.h] UNICOS fixes. patch by wendyp@cray.com
[configure.ac Makefile.in] link libwrap only with sshd
based on patch by Maciej W. Rozycki <macro@ds2.pg.gda.pl>
Bug 123 link libpam only with sshd
reported by peak@argo.troja.mff.cuni.cz (Pavel Kankovsky)
[configure.ac defines.h] modify previous SCO3 fix to not break Solaris 7
[acconfig.h] remove unused HAVE_REGCOMP
[configure.ac] put back in search for prngd-socket
- (stevesk) openbsd-compat/base64.h: typo in comment
- (bal) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/02/15 23:54:10
[auth-krb5.c]
krb5_get_err_text() does not like context==NULL; he@nordu.net via google;
ok provos@
- markus@cvs.openbsd.org 2002/02/22 12:20:34
[log.c log.h ssh-keyscan.c]
overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@
- markus@cvs.openbsd.org 2002/02/23 17:59:02
[kex.c kexdh.c kexgex.c]
don't allow garbage after payload.
- stevesk@cvs.openbsd.org 2002/02/24 16:09:52
[sshd.c]
use u_char* here; ok markus@
- markus@cvs.openbsd.org 2002/02/24 16:57:19
[sftp-client.c]
early close(), missing free; ok stevesk@
- markus@cvs.openbsd.org 2002/02/24 16:58:32
[packet.c]
make 'cp' unsigned and merge with 'ucp'; ok stevesk@
- markus@cvs.openbsd.org 2002/02/24 18:31:09
[uuencode.c]
typo in comment
- markus@cvs.openbsd.org 2002/02/24 19:14:59
[auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
signed vs. unsigned: make size arguments u_int, ok stevesk@
- stevesk@cvs.openbsd.org 2002/02/24 19:59:42
[channels.c misc.c]
disable Nagle in connect_to() and channel_post_port_listener() (port
forwarding endpoints). the intention is to preserve the on-the-wire
appearance to applications at either end; the applications can then
enable TCP_NODELAY according to their requirements. ok markus@
- markus@cvs.openbsd.org 2002/02/25 16:33:27
[ssh-keygen.c sshconnect2.c uuencode.c uuencode.h]
more u_* fixes
- (bal) Imported missing fatal.c and fixed up Makefile.in
- (tim) [configure.ac] correction to Bug 123 fix
[configure.ac] correction to sig_atomic_t test
20020224
- (tim) [loginrec.c session.c sshlogin.c sshlogin.h] Bug 84
patch by wknox@mitre.org (William Knox).
[sshlogin.h] declare record_utmp_only for session.c
20020219
- (djm) OpenBSD CVS Sync
- mpech@cvs.openbsd.org 2002/02/13 08:33:47
[ssh-keyscan.1]
When you give command examples and etc., in a manual page prefix them with: $ command
or
# command
- markus@cvs.openbsd.org 2002/02/14 23:27:59
[channels.c]
increase the SSH v2 window size to 4 packets. comsumes a little
bit more memory for slow receivers but increases througput.
- markus@cvs.openbsd.org 2002/02/14 23:28:00
[channels.h session.c ssh.c]
increase the SSH v2 window size to 4 packets. comsumes a little
bit more memory for slow receivers but increases througput.
- markus@cvs.openbsd.org 2002/02/14 23:41:01
[authfile.c cipher.c cipher.h kex.c kex.h packet.c]
hide some more implementation details of cipher.[ch] and prepares for move
to EVP, ok deraadt@
- stevesk@cvs.openbsd.org 2002/02/16 14:53:37
[ssh-keygen.1]
-t required now for key generation
- stevesk@cvs.openbsd.org 2002/02/16 20:40:08
[ssh-keygen.c]
default to rsa keyfile path for non key generation operations where
keyfile not specified. fixes core dump in those cases. ok markus@
- millert@cvs.openbsd.org 2002/02/16 21:27:53
[auth.h]
Part one of userland __P removal. Done with a simple regexp with
some minor hand editing to make comments line up correctly. Another
pass is forthcoming that handles the cases that could not be done
automatically.
- millert@cvs.openbsd.org 2002/02/17 19:42:32
[auth.h]
Manual cleanup of remaining userland __P use (excluding packages
maintained outside the tree)
- markus@cvs.openbsd.org 2002/02/18 13:05:32
[cipher.c cipher.h]
switch to EVP, ok djm@ deraadt@
- markus@cvs.openbsd.org 2002/02/18 17:55:20
[ssh.1]
-q: Fatal errors are _not_ displayed.
- deraadt@cvs.openbsd.org 2002/02/19 02:50:59
[sshd_config]
stategy is not an english word
- (bal) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/02/15 23:11:26
[session.c]
split do_child(), ok mouring@
- markus@cvs.openbsd.org 2002/02/16 00:51:44
[session.c]
typo
20020218
- (tim) newer config.guess from ftp://ftp.gnu.org/gnu/config/config.guess
20020213
- (djm) Bug #114 - not starting PAM for SSH protocol 1 invalid users
20020213
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/02/11 16:10:15
[kex.c]
restore kexinit handler if we reset the dispatcher, this unbreaks
rekeying s/kex_clear_dispatch/kex_reset_dispatch/
- markus@cvs.openbsd.org 2002/02/11 16:15:46
[sshconnect1.c]
include md5.h, not evp.h
- markus@cvs.openbsd.org 2002/02/11 16:17:55
[sshd.c]
do not complain about port > 1024 if rhosts-auth is disabled
- markus@cvs.openbsd.org 2002/02/11 16:19:39
[sshd.c]
include md5.h not hmac.h
- markus@cvs.openbsd.org 2002/02/11 16:21:42
[match.c]
support up to 40 algorithms per proposal
- djm@cvs.openbsd.org 2002/02/12 12:32:27
[sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
Perform multiple overlapping read/write requests in file transfer. Mostly
done by Tobias Ringstrom <tori@ringstrom.mine.nu>; ok markus@
- djm@cvs.openbsd.org 2002/02/12 12:44:46
[sftp-client.c]
Let overlapped upload path handle servers which reorder ACKs. This may be
permitted by the protocol spec; ok markus@
- markus@cvs.openbsd.org 2002/02/13 00:28:13
[sftp-server.c]
handle SSH2_FILEXFER_ATTR_SIZE in SSH2_FXP_(F)SETSTAT; ok djm@
- markus@cvs.openbsd.org 2002/02/13 00:39:15
[readpass.c]
readpass.c is not longer from UCB, since we now use readpassphrase(3)
- djm@cvs.openbsd.org 2002/02/13 00:59:23
[sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp.h]
[sftp-int.c sftp-int.h]
API cleanup and backwards compat for filexfer v.0 servers; ok markus@
- (djm) Sync openbsd-compat with OpenBSD CVS too
- (djm) Bug #106: Add --without-rpath configure option. Patch from
Nicolas.Williams@ubsw.com
20020210
- (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2002/02/09 17:37:34
[pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
move ssh config files to /etc/ssh
- (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
- deraadt@cvs.openbsd.org 2002/02/10 01:07:05
[readconf.h sshd.8]
more /etc/ssh; openbsd@davidkrause.com
20020208
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/02/04 12:15:25
[sshd.c]
add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
- stevesk@cvs.openbsd.org 2002/02/04 20:41:16
[ssh-agent.1]
more sync for default ssh-add identities; ok markus@
- djm@cvs.openbsd.org 2002/02/05 00:00:46
[sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
Add "-B" option to specify copy buffer length (default 32k); ok markus@
- markus@cvs.openbsd.org 2002/02/05 14:32:55
[channels.c channels.h ssh.c]
merge channel_request() into channel_request_start()
- markus@cvs.openbsd.org 2002/02/06 14:22:42
[sftp.1]
sort options; ok mpech@, stevesk@
- mpech@cvs.openbsd.org 2002/02/06 14:27:23
[sftp.c]
sync usage() with manual.
- markus@cvs.openbsd.org 2002/02/06 14:37:22
[session.c]
minor KNF
- markus@cvs.openbsd.org 2002/02/06 14:55:16
[channels.c clientloop.c serverloop.c ssh.c]
channel_new never returns NULL, mouring@; ok djm@
- markus@cvs.openbsd.org 2002/02/07 09:35:39
[ssh.c]
remove bogus comments
20020205
- (djm) Cleanup after sync:
- :%s/reverse_mapping_check/verify_reverse_mapping/g
- (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/01/24 21:09:25
[channels.c misc.c misc.h packet.c]
add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning).
no nagle changes just yet; ok djm@ markus@
- stevesk@cvs.openbsd.org 2002/01/24 21:13:23
[packet.c]
need misc.h for set_nodelay()
- markus@cvs.openbsd.org 2002/01/25 21:00:24
[sshconnect2.c]
unused include
- markus@cvs.openbsd.org 2002/01/25 21:42:11
[ssh-dss.c ssh-rsa.c]
use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
don't use evp_md->md_size, it's not public.
- markus@cvs.openbsd.org 2002/01/25 22:07:40
[kex.c kexdh.c kexgex.c key.c mac.c]
use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@
- stevesk@cvs.openbsd.org 2002/01/26 16:44:22
[includes.h session.c]
revert code to add x11 localhost display authorization entry for
hostname/unix:d and uts.nodename/unix:d if nodename was different than
hostname. just add entry for unix:d instead. ok markus@
- stevesk@cvs.openbsd.org 2002/01/27 14:57:46
[channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
add X11UseLocalhost; ok markus@
- stevesk@cvs.openbsd.org 2002/01/27 18:08:17
[ssh.c]
handle simple case to identify FamilyLocal display; ok markus@
- markus@cvs.openbsd.org 2002/01/29 14:27:57
[ssh-add.c]
exit 2 if no agent, exit 1 if list fails; debian#61078; ok djm@
- markus@cvs.openbsd.org 2002/01/29 14:32:03
[auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c]
[servconf.c servconf.h session.c sshd.8 sshd_config]
s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion;
ok stevesk@
- stevesk@cvs.openbsd.org 2002/01/29 16:29:02
[session.c]
limit subsystem length in log; ok markus@
- markus@cvs.openbsd.org 2002/01/29 16:41:19
[ssh-add.1]
add DIAGNOSTICS; ok stevesk@
- markus@cvs.openbsd.org 2002/01/29 22:46:41
[session.c]
don't depend on servconf.c; ok djm@
- markus@cvs.openbsd.org 2002/01/29 23:50:37
[scp.1 ssh.1]
mention exit status; ok stevesk@
- markus@cvs.openbsd.org 2002/01/31 13:35:11
[kexdh.c kexgex.c]
cross check announced key type and type from key blob
- markus@cvs.openbsd.org 2002/01/31 15:00:05
[serverloop.c]
no need for WNOHANG; ok stevesk@
- markus@cvs.openbsd.org 2002/02/03 17:53:25
[auth1.c serverloop.c session.c session.h]
don't use channel_input_channel_request and callback
use new server_input_channel_req() instead:
server_input_channel_req does generic request parsing on server side
session_input_channel_req handles just session specific things now
ok djm@
- markus@cvs.openbsd.org 2002/02/03 17:55:55
[channels.c channels.h]
remove unused channel_input_channel_request
- markus@cvs.openbsd.org 2002/02/03 17:58:21
[channels.c channels.h ssh.c]
generic callbacks are not really used, remove and
add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
ok djm@
- markus@cvs.openbsd.org 2002/02/03 17:59:23
[sshconnect2.c]
more cross checking if announced vs. used key type; ok stevesk@
- stevesk@cvs.openbsd.org 2002/02/03 22:35:57
[ssh.1 sshd.8]
some KeepAlive cleanup/clarify; ok markus@
- stevesk@cvs.openbsd.org 2002/02/03 23:22:59
[ssh-agent.1]
ssh-add also adds $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa now.
- stevesk@cvs.openbsd.org 2002/02/04 00:53:39
[ssh-agent.c]
unneeded includes
- markus@cvs.openbsd.org 2002/02/04 11:58:10
[auth2.c]
cross checking of announced vs actual pktype in pubkey/hostbaed auth;
ok stevesk@
- markus@cvs.openbsd.org 2002/02/04 12:15:25
[log.c log.h readconf.c servconf.c]
add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
- stevesk@cvs.openbsd.org 2002/02/04 20:41:16
[ssh-add.1]
more sync for default ssh-add identities; ok markus@
- djm@cvs.openbsd.org 2002/02/04 21:53:12
[sftp.1 sftp.c]
Add "-P" option to directly connect to a local sftp-server. Should be
useful for regression testing; ok markus@
- djm@cvs.openbsd.org 2002/02/05 00:00:46
[sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
Add "-B" option to specify copy buffer length (default 32k); ok markus@
20020130
- (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
- (tim) [configure.ac] fix logic on when ssh-rand-helper is installed.
[sshd_config] put back in line that tells what PATH was compiled into sshd.
20020125
- (djm) Don't grab Xserver or pointer by default. x11-ssh-askpass doesn't
and grabbing can cause deadlocks with kinput2.
20020124
- (stevesk) Makefile.in: bug #61; delete commented line for now.
20020123
- (djm) Fix non-standard shell syntax in autoconf. Patch from
Dave Dykstra <dwd@bell-labs.com>
- (stevesk) fix --with-zlib=
- (djm) Use case statements in autoconf to clean up some tests
20020122
- (djm) autoconf hacking:
- We don't support --without-zlib currently, so don't allow it.
- Rework cryptographic random number support detection. We now detect
whether OpenSSL seeds itself. If it does, then we don't bother with
the ssh-rand-helper program. You can force the use of ssh-rand-helper
using the --with-rand-helper configure argument
- Simplify and clean up ssh-rand-helper configuration
- Add OpenSSL sanity check: verify that header version matches version
reported by library
- (djm) Fix some bugs I introduced into ssh-rand-helper yesterday
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2001/12/21 08:52:22
[ssh-keygen.1 ssh-keygen.c]
Remove default (rsa1) key type; ok markus@
- djm@cvs.openbsd.org 2001/12/21 08:53:45
[readpass.c]
Avoid interruptable passphrase read; ok markus@
- djm@cvs.openbsd.org 2001/12/21 10:06:43
[ssh-add.1 ssh-add.c]
Try all standard key files (id_rsa, id_dsa, identity) when invoked with
no arguments; ok markus@
- markus@cvs.openbsd.org 2001/12/21 12:17:33
[serverloop.c]
remove ifdef for USE_PIPES since fdin != fdout; ok djm@
- deraadt@cvs.openbsd.org 2001/12/24 07:29:43
[ssh-add.c]
try all listed keys.. how did this get broken?
- markus@cvs.openbsd.org 2001/12/25 18:49:56
[key.c]
be more careful on allocation
- markus@cvs.openbsd.org 2001/12/25 18:53:00
[auth1.c]
be more carefull on allocation
- markus@cvs.openbsd.org 2001/12/27 18:10:29
[ssh-keygen.c]
-t is only needed for key generation (unbreaks -i, -e, etc).
- markus@cvs.openbsd.org 2001/12/27 18:22:16
[auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c]
[scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
call fatal() for openssl allocation failures
- stevesk@cvs.openbsd.org 2001/12/27 18:22:53
[sshd.8]
clarify -p; ok markus@
- markus@cvs.openbsd.org 2001/12/27 18:26:13
[authfile.c]
missing include
- markus@cvs.openbsd.org 2001/12/27 19:37:23
[dh.c kexdh.c kexgex.c]
always use BN_clear_free instead of BN_free
- markus@cvs.openbsd.org 2001/12/27 19:54:53
[auth1.c auth.h auth-rh-rsa.c]
auth_rhosts_rsa now accept generic keys.
- markus@cvs.openbsd.org 2001/12/27 20:39:58
[auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h]
[serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
get rid of packet_integrity_check, use packet_done() instead.
- markus@cvs.openbsd.org 2001/12/28 12:14:27
[auth1.c auth2.c auth2-chall.c auth-rsa.c channels.c clientloop.c]
[kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c]
[ssh.c sshconnect1.c sshconnect2.c sshd.c]
s/packet_done/packet_check_eom/ (end-of-message); ok djm@
- markus@cvs.openbsd.org 2001/12/28 13:57:33
[auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
packet_get_bignum* no longer returns a size
- markus@cvs.openbsd.org 2001/12/28 14:13:13
[bufaux.c bufaux.h packet.c]
buffer_get_bignum: int -> void
- markus@cvs.openbsd.org 2001/12/28 14:50:54
[auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c]
[packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c]
[sshconnect2.c sshd.c]
packet_read* no longer return the packet length, since it's not used.
- markus@cvs.openbsd.org 2001/12/28 15:06:00
[auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
[dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
remove plen from the dispatch fn. it's no longer used.
- stevesk@cvs.openbsd.org 2001/12/28 22:37:48
[ssh.1 sshd.8]
document LogLevel DEBUG[123]; ok markus@
- stevesk@cvs.openbsd.org 2001/12/29 21:56:01
[authfile.c channels.c compress.c packet.c sftp-server.c]
[ssh-agent.c ssh-keygen.c]
remove unneeded casts and some char->u_char cleanup; ok markus@
- stevesk@cvs.openbsd.org 2002/01/03 04:11:08
[ssh_config]
grammar in comment
- stevesk@cvs.openbsd.org 2002/01/04 17:59:17
[readconf.c servconf.c]
remove #ifdef _PATH_XAUTH/#endif; ok markus@
- stevesk@cvs.openbsd.org 2002/01/04 18:14:16
[servconf.c sshd.8]
protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
/etc/ssh_host_dsa_key like we have in sshd_config. ok markus@
- markus@cvs.openbsd.org 2002/01/05 10:43:40
[channels.c]
fix hanging x11 channels for rejected cookies (e.g.
XAUTHORITY=/dev/null xbiff) bug #36, based on patch from
djast@cs.toronto.edu
- stevesk@cvs.openbsd.org 2002/01/05 21:51:56
[ssh.1 sshd.8]
some missing and misplaced periods
- markus@cvs.openbsd.org 2002/01/09 13:49:27
[ssh-keygen.c]
append \n only for public keys
- markus@cvs.openbsd.org 2002/01/09 17:16:00
[channels.c]
merge channel_pre_open_15/channel_pre_open_20; ok provos@
- markus@cvs.openbsd.org 2002/01/09 17:26:35
[channels.c nchan.c]
replace buffer_consume(b, buffer_len(b)) with buffer_clear(b);
ok provos@
- markus@cvs.openbsd.org 2002/01/10 11:13:29
[serverloop.c]
skip client_alive_check until there are channels; ok beck@
- markus@cvs.openbsd.org 2002/01/10 11:24:04
[clientloop.c]
handle SSH2_MSG_GLOBAL_REQUEST (just reply with failure); ok djm@
- markus@cvs.openbsd.org 2002/01/10 12:38:26
[nchan.c]
remove dead code (skip drain)
- markus@cvs.openbsd.org 2002/01/10 12:47:59
[nchan.c]
more unused code (with channels.c:1.156)
- markus@cvs.openbsd.org 2002/01/11 10:31:05
[packet.c]
handle received SSH2_MSG_UNIMPLEMENTED messages; ok djm@
- markus@cvs.openbsd.org 2002/01/11 13:36:43
[ssh2.h]
add defines for msg type ranges
- markus@cvs.openbsd.org 2002/01/11 13:39:36
[auth2.c dispatch.c dispatch.h kex.c]
a single dispatch_protocol_error() that sends a message of
type 'UNIMPLEMENTED'
dispatch_range(): set handler for a ranges message types
use dispatch_protocol_ignore() for authentication requests after
successful authentication (the drafts requirement).
serverloop/clientloop now send a 'UNIMPLEMENTED' message instead
of exiting.
- markus@cvs.openbsd.org 2002/01/11 20:14:11
[auth2-chall.c auth-skey.c]
use strlcpy not strlcat; mouring@
- markus@cvs.openbsd.org 2002/01/11 23:02:18
[readpass.c]
use _PATH_TTY
- markus@cvs.openbsd.org 2002/01/11 23:02:51
[auth2-chall.c]
use snprintf; mouring@
- markus@cvs.openbsd.org 2002/01/11 23:26:30
[auth-skey.c]
use snprintf; mouring@
- markus@cvs.openbsd.org 2002/01/12 13:10:29
[auth-skey.c]
undo local change
- provos@cvs.openbsd.org 2002/01/13 17:27:07
[ssh-agent.c]
change to use queue.h macros; okay markus@
- markus@cvs.openbsd.org 2002/01/13 17:57:37
[auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
use buffer API and avoid static strings of fixed size;
ok provos@/mouring@
- markus@cvs.openbsd.org 2002/01/13 21:31:20
[channels.h nchan.c]
add chan_set_[io]state(), order states, state is now an u_int,
simplifies debugging messages; ok provos@
- markus@cvs.openbsd.org 2002/01/14 13:22:35
[nchan.c]
chan_send_oclose1() no longer calls chan_shutdown_write(); ok provos@
- markus@cvs.openbsd.org 2002/01/14 13:34:07
[nchan.c]
merge chan_[io]buf_empty[12]; ok provos@
- markus@cvs.openbsd.org 2002/01/14 13:40:10
[nchan.c]
correct fn names for ssh2, do not switch from closed to closed;
ok provos@
- markus@cvs.openbsd.org 2002/01/14 13:41:13
[nchan.c]
remove duplicated code; ok provos@
- markus@cvs.openbsd.org 2002/01/14 13:55:55
[channels.c channels.h nchan.c]
remove function pointers for events, remove chan_init*; ok provos@
- markus@cvs.openbsd.org 2002/01/14 13:57:03
[channels.h nchan.c]
(c) 2002
- markus@cvs.openbsd.org 2002/01/16 13:17:51
[channels.c channels.h serverloop.c ssh.c]
wrapper for channel_setup_fwd_listener
- stevesk@cvs.openbsd.org 2002/01/16 17:40:23
[sshd_config]
The stategy now used for options in the default sshd_config shipped
with OpenSSH is to specify options with their default value where
possible, but leave them commented. Uncommented options change a
default value. Subsystem is currently the only default option
changed. ok markus@
- stevesk@cvs.openbsd.org 2002/01/16 17:42:33
[ssh.1]
correct defaults for -i/IdentityFile; ok markus@
- stevesk@cvs.openbsd.org 2002/01/16 17:55:33
[ssh_config]
correct some commented defaults. add Ciphers default. ok markus@
- stevesk@cvs.openbsd.org 2002/01/17 04:27:37
[log.c]
casts to silence enum type warnings for bugzilla bug 37; ok markus@
- stevesk@cvs.openbsd.org 2002/01/18 17:14:16
[sshd.8]
correct Ciphers default; paola.mannaro@ubs.com
- stevesk@cvs.openbsd.org 2002/01/18 18:14:17
[authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c]
unneeded cast cleanup; ok markus@
- stevesk@cvs.openbsd.org 2002/01/18 20:46:34
[sshd.8]
clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from
allard@oceanpark.com; ok markus@
- markus@cvs.openbsd.org 2002/01/21 15:13:51
[sshconnect.c]
use read_passphrase+ECHO in confirm(), allows use of ssh-askpass
for hostkey confirm.
- markus@cvs.openbsd.org 2002/01/21 22:30:12
[cipher.c compat.c myproposal.h]
remove "rijndael-*", just use "aes-" since this how rijndael is called
in the drafts; ok stevesk@
- markus@cvs.openbsd.org 2002/01/21 23:27:10
[channels.c nchan.c]
cleanup channels faster if the are empty and we are in drain-state;
ok deraadt@
- stevesk@cvs.openbsd.org 2002/01/22 02:52:41
[servconf.c]
typo in error message; from djast@cs.toronto.edu
- (djm) Make auth2-pam.c compile again after dispatch.h and packet.h
changes
- (djm) Recent Glibc includes an incompatible sys/queue.h. Treat it as
bogus in configure
- (djm) Use local sys/queue.h if necessary in ssh-agent.c
20020121
- (djm) Rework ssh-rand-helper:
- Reduce quantity of ifdef code, in preparation for ssh_rand_conf
- Always seed from system calls, even when doing PRNGd seeding
- Tidy and comment #define knobs
- Remove unused facility for multiple runs through command list
- KNF, cleanup, update copyright
20020114
- (djm) Bug #50 - make autoconf entropy path checks more robust
20020108
- (djm) Merge Cygwin copy_environment with do_pam_environment, removing
fixed env var size limit in the process. Report from Corinna Vinschen
<vinschen@redhat.com>
- (stevesk) defines.h: use "/var/spool/sockets/X11/%u" for HP-UX. does
not depend on transition links. from Lutz Jaenicke.
20020106
- (stevesk) defines.h: determine _PATH_UNIX_X; currently "/tmp/.X11-unix/X%u"
for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u".
20020103
- (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from
Roger Cornelius <rac@tenzing.org>
Diffstat (limited to 'security/openssh')
| -rw-r--r-- | security/openssh/Makefile | 11 | ||||
| -rw-r--r-- | security/openssh/distinfo | 4 | ||||
| -rw-r--r-- | security/openssh/files/patch-al | 10 | ||||
| -rw-r--r-- | security/openssh/files/patch-am | 14 | ||||
| -rw-r--r-- | security/openssh/files/patch-ao | 33 | ||||
| -rw-r--r-- | security/openssh/files/patch-au | 41 | ||||
| -rw-r--r-- | security/openssh/files/patch-channels.c | 11 |
7 files changed, 59 insertions, 65 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index a62d8071483c..a642c882b00e 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -6,8 +6,7 @@ # PORTNAME= openssh -PORTVERSION= 3.0.2 -PORTREVISION= 1 +PORTVERSION= 3.1 CATEGORIES= security MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \ ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \ @@ -16,7 +15,7 @@ DISTNAME= openssh-${PORTVERSION} EXTRACT_SUFX= .tgz PATCH_SITES= ${MASTER_SITES} -PATCHFILES= openbsd28_3.0.2.patch +PATCHFILES= openbsd28_3.1.patch MAINTAINER= dinoex@FreeBSD.org @@ -70,8 +69,6 @@ MAKE_ENV+= SKEY=yes WRKSRC= ${WRKDIR}/ssh post-extract: - @${PERL5} -pi -e "s=/etc/ssh=${PREFIX}/etc/ssh=" ${WRKSRC}/sshd_config - @${PERL5} -pi -e "s=/usr/libex=${PREFIX}/libex=" ${WRKSRC}/sshd_config @${CP} ${FILESDIR}/strlcat.c ${FILESDIR}/strlcpy.c ${WRKSRC}/lib/ @${CP} ${FILESDIR}/sshd.sh ${WRKSRC}/ .if ${OSVERSION} < 400014 @@ -82,7 +79,9 @@ post-extract: .endif post-patch: - @${PERL} -pi -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h \ + @${PERL5} -pi -e "s=/etc/ssh=${PREFIX}/etc/ssh=" ${WRKSRC}/sshd_config + @${PERL5} -pi -e "s=/usr/libex=${PREFIX}/libex=" ${WRKSRC}/sshd_config + @${PERL5} -pi -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h \ ${WRKSRC}/sshd_config ${WRKSRC}/sshd.sh \ ${WRKSRC}/pathnames.h diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 2433c3978ee3..8468fed06b29 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,2 +1,2 @@ -MD5 (openssh-3.0.2.tgz) = 83c508a4be90bf9b089db45ac6e28614 -MD5 (openbsd28_3.0.2.patch) = 44cb043a46770c53f9a0345d79dddfc1 +MD5 (openssh-3.1.tgz) = b43deb1a3b2047216a28c00ccc45f548 +MD5 (openbsd28_3.1.patch) = 5e7fce5fa6fa0f071b53a01dfb435a43 diff --git a/security/openssh/files/patch-al b/security/openssh/files/patch-al index 149d5fa222ac..0eb763623833 100644 --- a/security/openssh/files/patch-al +++ b/security/openssh/files/patch-al @@ -1,16 +1,16 @@ ---- pathnames.h.orig Thu Apr 12 21:15:24 2001 -+++ pathnames.h Sat May 26 15:11:30 2001 +--- pathnames.h.orig Fri Mar 8 05:51:08 2002 ++++ pathnames.h Fri Mar 8 05:52:57 2002 @@ -12,7 +12,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -#define ETCDIR "/etc" +#define ETCDIR "__PREFIX__/etc" + #define SSHDIR ETCDIR #define _PATH_SSH_PIDDIR "/var/run" - /* -@@ -33,7 +33,7 @@ - #define _PATH_HOST_RSA_KEY_FILE ETCDIR "/ssh_host_rsa_key" +@@ -37,7 +37,7 @@ + /* Backwards compatibility */ #define _PATH_DH_PRIMES ETCDIR "/primes" -#define _PATH_SSH_PROGRAM "/usr/bin/ssh" diff --git a/security/openssh/files/patch-am b/security/openssh/files/patch-am index 1cf6fe09175c..07528232bb5a 100644 --- a/security/openssh/files/patch-am +++ b/security/openssh/files/patch-am @@ -1,5 +1,5 @@ ---- sshd/Makefile.orig Fri Nov 16 06:02:09 2001 -+++ sshd/Makefile Fri Nov 16 06:03:51 2001 +--- sshd/Makefile.orig Fri Mar 8 05:54:03 2002 ++++ sshd/Makefile Fri Mar 8 06:00:30 2002 @@ -5,8 +5,8 @@ PROG= sshd BINOWN= root @@ -11,14 +11,18 @@ CFLAGS+=-DHAVE_LOGIN_CAP #CFLAGS+=-DBSD_AUTH -@@ -17,6 +17,7 @@ +@@ -17,9 +17,10 @@ auth-skey.c auth-bsdauth.c .include <bsd.own.mk> # for KERBEROS and AFS +.include "../Makefile.inc" .if (${KERBEROS5:L} == "yes") - CFLAGS+=-DKRB5 -I${DESTDIR}/usr/include/kerberosV +-CFLAGS+=-DKRB5 -I${DESTDIR}/usr/include/kerberosV ++CFLAGS+=-DKRB5 -I/usr/include/kerberosV + SRCS+= auth-krb5.c + LDADD+= -lkrb5 -lkafs -lasn1 -lcom_err + DPADD+= ${LIBKRB5} ${LIBKAFS} ${LIBASN1} @@ -31,15 +32,15 @@ LDADD+= -lkafs DPADD+= ${LIBKRBAFS} @@ -33,7 +37,7 @@ .include <bsd.prog.mk> --LDADD+= -lcrypto -lutil -lz +-LDADD+= -lcrypto -lutil -lz -ldes +LDADD+= ${CRYPTOLIBS} -lcrypt -lutil -lz DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ} diff --git a/security/openssh/files/patch-ao b/security/openssh/files/patch-ao index f4b4eea96218..13df05806802 100644 --- a/security/openssh/files/patch-ao +++ b/security/openssh/files/patch-ao @@ -1,24 +1,23 @@ ---- sshd_config.orig Thu Sep 20 22:57:51 2001 -+++ sshd_config Wed Oct 3 12:37:28 2001 -@@ -25,8 +25,8 @@ +--- sshd_config.orig Fri Mar 8 06:01:02 2002 ++++ sshd_config Fri Mar 8 06:03:06 2002 +@@ -30,8 +30,10 @@ # Authentication: --LoginGraceTime 600 --PermitRootLogin yes -+LoginGraceTime 120 -+PermitRootLogin no - StrictModes yes +-#LoginGraceTime 600 +-#PermitRootLogin yes ++#LoginGraceTime 300 ++LoginGraceTime 600 ++#PermitRootLogin no ++PermitRootLogin yes + #StrictModes yes - RSAAuthentication yes -@@ -66,8 +66,9 @@ - #PrintLastLog no - KeepAlive yes + #RSAAuthentication yes +@@ -76,6 +78,7 @@ + #PrintLastLog yes + #KeepAlive yes #UseLogin no +UseLogin yes --#MaxStartups 10:30:60 -+MaxStartups 10:30:60 - #Banner /etc/issue.net - #ReverseMappingCheck yes - + #MaxStartups 10 + # no default banner path diff --git a/security/openssh/files/patch-au b/security/openssh/files/patch-au index 596e74cb551f..abb20c8ac770 100644 --- a/security/openssh/files/patch-au +++ b/security/openssh/files/patch-au @@ -1,5 +1,5 @@ ---- session.c.orig Sun Sep 16 16:46:54 2001 -+++ session.c Wed Oct 3 12:50:00 2001 +--- session.c.orig Fri Mar 8 06:11:56 2002 ++++ session.c Fri Mar 8 06:15:32 2002 @@ -57,6 +57,12 @@ #include "canohost.h" #include "session.h" @@ -13,7 +13,7 @@ /* types */ #define TTYSZ 64 -@@ -392,6 +398,13 @@ +@@ -394,6 +400,13 @@ log_init(__progname, options.log_level, options.log_facility, log_stderr); /* @@ -27,7 +27,7 @@ * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ -@@ -497,6 +510,14 @@ +@@ -499,6 +512,14 @@ /* Child. Reinitialize the log because the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -42,7 +42,7 @@ /* Close the master side of the pseudo tty. */ close(ptyfd); -@@ -591,6 +612,11 @@ +@@ -589,6 +610,11 @@ time_t last_login_time; struct passwd * pw = s->pw; pid_t pid = getpid(); @@ -54,7 +54,7 @@ /* * Get IP address of client. If the connection is not a socket, let -@@ -631,6 +657,21 @@ +@@ -629,6 +655,21 @@ printf("Last login: %s from %s\r\n", time_string, hostname); } @@ -76,7 +76,7 @@ do_motd(); } -@@ -857,6 +898,10 @@ +@@ -775,6 +816,10 @@ env[0] = NULL; if (!options.use_login) { @@ -87,7 +87,7 @@ /* Set basic environment. */ child_set_env(&env, &envsize, "USER", pw->pw_name); child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); -@@ -864,6 +909,12 @@ +@@ -782,6 +827,12 @@ #ifdef HAVE_LOGIN_CAP (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); child_set_env(&env, &envsize, "PATH", getenv("PATH")); @@ -100,7 +100,7 @@ #else child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); #endif -@@ -875,8 +926,13 @@ +@@ -793,8 +844,13 @@ /* Normal systems set SHELL by default. */ child_set_env(&env, &envsize, "SHELL", shell); } @@ -113,8 +113,8 @@ +#endif /* HAVE_LOGIN_CAP */ /* Set custom environment options from RSA authentication. */ - while (custom_environment) { -@@ -968,7 +1024,7 @@ + if (!options.use_login) { +@@ -1057,7 +1113,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ @@ -122,12 +122,14 @@ + for (i = 3; i < getdtablesize(); i++) close(i); - /* Change current directory to the user\'s home directory. */ -@@ -1004,6 +1060,28 @@ - * in this order). - */ - if (!options.use_login) { + /* +@@ -1087,6 +1143,31 @@ + exit(1); + #endif + } ++ +#ifdef __FreeBSD__ ++ if (!options.use_login) { + /* + * If the password change time is set and has passed, give the + * user a password expiry notice and chance to change it. @@ -148,7 +150,8 @@ + } + } + } ++ } +#endif /* __FreeBSD__ */ - /* ignore _PATH_SSH_USER_RC for subsystems */ - if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { - snprintf(cmd, sizeof cmd, "%s -c '%s %s'", + + if (!options.use_login) + do_rc_files(s, shell); diff --git a/security/openssh/files/patch-channels.c b/security/openssh/files/patch-channels.c deleted file mode 100644 index fc11fc9c6bad..000000000000 --- a/security/openssh/files/patch-channels.c +++ /dev/null @@ -1,11 +0,0 @@ ---- channels.c.orig Wed Oct 10 17:18:47 2001 -+++ channels.c Wed Mar 6 07:49:46 2002 -@@ -145,7 +145,7 @@ - { - Channel *c; - -- if (id < 0 || id > channels_alloc) { -+ if (id < 0 || id >= channels_alloc) { - log("channel_lookup: %d: bad id", id); - return NULL; - } |