aboutsummaryrefslogtreecommitdiffstats
path: root/security/ssh2
diff options
context:
space:
mode:
authorpeter <peter@FreeBSD.org>1997-04-25 13:01:06 +0800
committerpeter <peter@FreeBSD.org>1997-04-25 13:01:06 +0800
commit41086c704391ae15bfb78fb30d1187f0c1433342 (patch)
tree9f56711a06d44fe6024fffc541b1303cb43f613f /security/ssh2
parent49cc230a234daf65f3662bcc80bf1d951e338e8a (diff)
downloadfreebsd-ports-gnome-41086c704391ae15bfb78fb30d1187f0c1433342.tar.gz
freebsd-ports-gnome-41086c704391ae15bfb78fb30d1187f0c1433342.tar.zst
freebsd-ports-gnome-41086c704391ae15bfb78fb30d1187f0c1433342.zip
Update from ssh-1.2.19 to ssh-1.2.20. All patches applied still, I just
regenerated them to fix the line numbers. Also, I added two commented out options in Makefile, one to tell sshd that a group writeable homedir is OK because all users are in their own group, and the other is to allow an unencrypted connection (which is dangerous since it can lead to compromise of keys), but on a secure network it's damn useful for backups etc.
Diffstat (limited to 'security/ssh2')
-rw-r--r--security/ssh2/Makefile17
-rw-r--r--security/ssh2/distinfo2
-rw-r--r--security/ssh2/files/patch-aa8
-rw-r--r--security/ssh2/files/patch-ab22
-rw-r--r--security/ssh2/files/patch-ac28
-rw-r--r--security/ssh2/files/patch-af76
-rw-r--r--security/ssh2/files/patch-aj12
-rw-r--r--security/ssh2/files/patch-al12
8 files changed, 93 insertions, 84 deletions
diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile
index f06d971948e9..d00ccc3401ba 100644
--- a/security/ssh2/Makefile
+++ b/security/ssh2/Makefile
@@ -1,16 +1,16 @@
# New ports collection makefile for: ssh
-# Version required: 1.2.19
+# Version required: 1.2.20
# Date created: 30 Jul 1995
# Whom: torstenb@FreeBSD.ORG
#
-# $Id: Makefile,v 1.38 1997/04/16 19:48:09 ache Exp $
+# $Id: Makefile,v 1.39 1997/04/20 13:53:01 wosch Exp $
#
# Maximal ssh package requires YES values for
# USE_PERL, USE_TCPWRAP
#
-DISTNAME= ssh-1.2.19
-CATEGORIES= security net perl5
+DISTNAME= ssh-1.2.20
+CATEGORIES= security net
MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/login/ssh/
MAINTAINER= torstenb@FreeBSD.ORG
@@ -35,6 +35,15 @@ GNU_CONFIGURE= YES
CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc
+#Uncomment if all your users are in their own group and their homedir
+#is writeable by that group. Beware the security implications!
+#CONFIGURE_ARGS+= --enable-group-writeability
+
+#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection
+#over a secure medium. This is normally dangerous since it can lead to the
+#disclosure keys and passwords.
+#CONFIGURE_ARGS+= --with-none
+
.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
CONFIGURE_ARGS+= --with-rsaref
.endif
diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo
index b921c3e7c359..b41c04c76fe8 100644
--- a/security/ssh2/distinfo
+++ b/security/ssh2/distinfo
@@ -1,2 +1,2 @@
-MD5 (ssh-1.2.19.tar.gz) = a7a1b400788173b548f1c04642a52396
+MD5 (ssh-1.2.20.tar.gz) = 11d88175e5d6d9d59bea0a70330bcab4
MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d
diff --git a/security/ssh2/files/patch-aa b/security/ssh2/files/patch-aa
index 3ef8ce98cc1e..83e9968ac319 100644
--- a/security/ssh2/files/patch-aa
+++ b/security/ssh2/files/patch-aa
@@ -1,7 +1,7 @@
-*** make-ssh-known-hosts.pl.in.orig Thu Mar 27 09:04:06 1997
---- make-ssh-known-hosts.pl.in Fri Mar 28 15:11:19 1997
+*** make-ssh-known-hosts.pl.in.orig Wed Apr 23 08:40:05 1997
+--- make-ssh-known-hosts.pl.in Fri Apr 25 12:38:21 1997
***************
-*** 84,90 ****
+*** 87,93 ****
$debug = 5;
$defserver = '';
$bell='\a';
@@ -9,7 +9,7 @@
$private_ssh_known_hosts = "/tmp/ssh_known_hosts$$";
$timeout = 60;
$ping_timeout = 3;
---- 84,90 ----
+--- 87,93 ----
$debug = 5;
$defserver = '';
$bell='\a';
diff --git a/security/ssh2/files/patch-ab b/security/ssh2/files/patch-ab
index fb3ded791e3f..0456b49d4478 100644
--- a/security/ssh2/files/patch-ab
+++ b/security/ssh2/files/patch-ab
@@ -1,7 +1,7 @@
-*** configure.orig Sun Apr 6 03:56:58 1997
---- configure Wed Apr 16 22:52:47 1997
+*** configure.orig Wed Apr 23 08:40:06 1997
+--- configure Fri Apr 25 12:38:54 1997
***************
-*** 1634,1645 ****
+*** 1757,1768 ****
export CFLAGS CC
@@ -13,10 +13,10 @@
-
echo $ac_n "checking that the compiler works""... $ac_c" 1>&6
- echo "configure:1646: checking that the compiler works" >&5
---- 1634,1639 ----
+ echo "configure:1769: checking that the compiler works" >&5
+--- 1757,1762 ----
***************
-*** 2632,2638 ****
+*** 2759,2765 ****
fi
@@ -24,7 +24,7 @@
do
ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
---- 2626,2632 ----
+--- 2753,2759 ----
fi
@@ -33,7 +33,7 @@
ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
***************
-*** 6749,6755 ****
+*** 7031,7037 ****
cat >> $CONFIG_STATUS <<EOF
@@ -41,7 +41,7 @@
EOF
cat >> $CONFIG_STATUS <<\EOF
for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
---- 6743,6749 ----
+--- 7025,7031 ----
cat >> $CONFIG_STATUS <<EOF
@@ -50,8 +50,8 @@
cat >> $CONFIG_STATUS <<\EOF
for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then
***************
-*** 6953,6958 ****
---- 6947,6954 ----
+*** 7235,7240 ****
+--- 7229,7236 ----
done
for ac_config_dir in gmp-2.0.2-ssh-2; do
diff --git a/security/ssh2/files/patch-ac b/security/ssh2/files/patch-ac
index 6823f8a5bd28..90cc133acd97 100644
--- a/security/ssh2/files/patch-ac
+++ b/security/ssh2/files/patch-ac
@@ -1,7 +1,7 @@
-*** Makefile.in.orig Sun Apr 6 03:56:58 1997
---- Makefile.in Wed Apr 16 22:59:17 1997
+*** Makefile.in.orig Wed Apr 23 08:40:06 1997
+--- Makefile.in Fri Apr 25 12:39:38 1997
***************
-*** 229,240 ****
+*** 237,248 ****
SHELL = /bin/sh
GMPDIR = gmp-2.0.2-ssh-2
@@ -14,7 +14,7 @@
RSAREFDIR = rsaref2
RSAREFSRCDIR = $(RSAREFDIR)/source
---- 229,246 ----
+--- 237,254 ----
SHELL = /bin/sh
GMPDIR = gmp-2.0.2-ssh-2
@@ -34,7 +34,7 @@
RSAREFDIR = rsaref2
RSAREFSRCDIR = $(RSAREFDIR)/source
***************
-*** 328,334 ****
+*** 336,342 ****
$(CC) -o rfc-pg rfc-pg.o
.c.o:
@@ -42,7 +42,7 @@
sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
-rm -f sshd
---- 334,340 ----
+--- 342,348 ----
$(CC) -o rfc-pg rfc-pg.o
.c.o:
@@ -51,7 +51,7 @@
sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
-rm -f sshd
***************
-*** 365,383 ****
+*** 373,391 ****
sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
chmod +x make-ssh-known-hosts
@@ -71,7 +71,7 @@
$(RSAREFSRCDIR)/librsaref.a:
-if test '!' -d $(RSAREFDIR); then \
---- 371,389 ----
+--- 379,397 ----
sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
chmod +x make-ssh-known-hosts
@@ -92,7 +92,7 @@
$(RSAREFSRCDIR)/librsaref.a:
-if test '!' -d $(RSAREFDIR); then \
***************
-*** 434,440 ****
+*** 442,448 ****
# (otherwise it can only log in as the user it runs as, and must be
# bound to a non-privileged port). Also, password authentication may
# not be available if non-root and using shadow passwords.
@@ -100,7 +100,7 @@
-rm -f $(install_prefix)$(bindir)/ssh.old
-mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old
-chmod 755 $(install_prefix)$(bindir)/ssh.old
---- 440,446 ----
+--- 448,454 ----
# (otherwise it can only log in as the user it runs as, and must be
# bound to a non-privileged port). Also, password authentication may
# not be available if non-root and using shadow passwords.
@@ -109,7 +109,7 @@
-mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old
-chmod 755 $(install_prefix)$(bindir)/ssh.old
***************
-*** 543,569 ****
+*** 551,577 ****
clean:
-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
@@ -137,7 +137,7 @@
tar pcf $(DISTNAME).tar $(DISTNAME)
-rm -f $(DISTNAME).tar.gz
gzip $(DISTNAME).tar
---- 549,575 ----
+--- 557,583 ----
clean:
-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
@@ -166,7 +166,7 @@
-rm -f $(DISTNAME).tar.gz
gzip $(DISTNAME).tar
***************
-*** 575,581 ****
+*** 583,589 ****
(echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
depend:
@@ -174,7 +174,7 @@
tags:
-rm -f TAGS
---- 581,587 ----
+--- 589,595 ----
(echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
depend:
diff --git a/security/ssh2/files/patch-af b/security/ssh2/files/patch-af
index 94bfa1563a51..5e3eb7c79f92 100644
--- a/security/ssh2/files/patch-af
+++ b/security/ssh2/files/patch-af
@@ -1,8 +1,8 @@
-*** sshd.c.orig Sun Apr 6 03:57:00 1997
---- sshd.c Wed Apr 16 23:27:28 1997
+*** sshd.c.orig Wed Apr 23 08:40:08 1997
+--- sshd.c Fri Apr 25 12:40:20 1997
***************
-*** 379,384 ****
---- 379,388 ----
+*** 400,405 ****
+--- 400,409 ----
#include "firewall.h" /* TIS authsrv authentication */
#endif
@@ -14,8 +14,8 @@
#define DEFAULT_SHELL _PATH_BSHELL
#else
***************
-*** 2617,2622 ****
---- 2621,2629 ----
+*** 2654,2659 ****
+--- 2658,2666 ----
struct sockaddr_in from;
int fromlen;
struct pty_cleanup_context cleanup_context;
@@ -26,7 +26,7 @@
/* We no longer need the child running on user's privileges. */
userfile_uninit();
***************
-*** 2688,2698 ****
+*** 2725,2735 ****
record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname,
&from);
@@ -38,7 +38,7 @@
/* If the user has logged in before, display the time of last login.
However, don't display anything extra if a command has been
specified (so that ssh can be used to execute commands on a remote
---- 2695,2713 ----
+--- 2732,2750 ----
record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname,
&from);
@@ -59,8 +59,8 @@
However, don't display anything extra if a command has been
specified (so that ssh can be used to execute commands on a remote
***************
-*** 2712,2717 ****
---- 2727,2755 ----
+*** 2749,2754 ****
+--- 2764,2792 ----
printf("Last login: %s from %s\r\n", time_string, buf);
}
@@ -91,8 +91,8 @@
disabled in server options. Note that some machines appear to
print it in /etc/profile or similar. */
***************
-*** 2721,2727 ****
---- 2759,2769 ----
+*** 2758,2764 ****
+--- 2796,2806 ----
FILE *f;
/* Print /etc/motd if it exists. */
@@ -105,8 +105,8 @@
{
while (fgets(line, sizeof(line), f))
***************
-*** 2729,2734 ****
---- 2771,2799 ----
+*** 2766,2771 ****
+--- 2808,2836 ----
fclose(f);
}
}
@@ -137,7 +137,7 @@
/* Do common processing for the child, such as execing the command. */
do_child(command, pw, term, display, auth_proto, auth_data, ttyname);
***************
-*** 2986,2992 ****
+*** 3017,3023 ****
char *user_shell;
char *remote_ip;
int remote_port;
@@ -145,7 +145,7 @@
/* Check /etc/nologin. */
f = fopen("/etc/nologin", "r");
if (f)
---- 3051,3063 ----
+--- 3082,3094 ----
char *user_shell;
char *remote_ip;
int remote_port;
@@ -160,8 +160,8 @@
f = fopen("/etc/nologin", "r");
if (f)
***************
-*** 3000,3005 ****
---- 3071,3077 ----
+*** 3031,3036 ****
+--- 3102,3108 ----
if (pw->pw_uid != UID_ROOT)
exit(254);
}
@@ -170,7 +170,7 @@
if (command != NULL)
{
***************
-*** 3012,3018 ****
+*** 3043,3049 ****
else
log_msg("executing remote command as user %.200s", pw->pw_name);
}
@@ -178,7 +178,7 @@
#ifdef HAVE_SETLOGIN
/* Set login name in the kernel. Warning: setsid() must be called before
this. */
---- 3084,3091 ----
+--- 3115,3122 ----
else
log_msg("executing remote command as user %.200s", pw->pw_name);
}
@@ -188,8 +188,8 @@
/* Set login name in the kernel. Warning: setsid() must be called before
this. */
***************
-*** 3033,3038 ****
---- 3106,3112 ----
+*** 3064,3069 ****
+--- 3137,3143 ----
if (setpcred((char *)pw->pw_name, NULL))
log_msg("setpcred %.100s: %.100s", strerror(errno));
#endif /* HAVE_USERSEC_H */
@@ -198,8 +198,8 @@
/* Save some data that will be needed so that we can do certain cleanups
before we switch to user's uid. (We must clear all sensitive data
***************
-*** 3103,3108 ****
---- 3177,3240 ----
+*** 3134,3139 ****
+--- 3208,3271 ----
if (command != NULL || !options.use_login)
#endif /* USELOGIN */
{
@@ -265,8 +265,8 @@
if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
{
***************
-*** 3134,3139 ****
---- 3266,3272 ----
+*** 3165,3170 ****
+--- 3297,3303 ----
if (getuid() != user_uid || geteuid() != user_uid)
fatal("Failed to set uids to %d.", (int)user_uid);
@@ -275,8 +275,8 @@
/* Reset signals to their default settings before starting the user
***************
-*** 3144,3154 ****
---- 3277,3292 ----
+*** 3175,3185 ****
+--- 3308,3323 ----
and means /bin/sh. */
shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell;
@@ -294,8 +294,8 @@
#ifdef USELOGIN
if (command != NULL || !options.use_login)
***************
-*** 3158,3163 ****
---- 3296,3303 ----
+*** 3189,3194 ****
+--- 3327,3334 ----
child_set_env(&env, &envsize, "HOME", user_dir);
child_set_env(&env, &envsize, "USER", user_name);
child_set_env(&env, &envsize, "LOGNAME", user_name);
@@ -305,8 +305,8 @@
#ifdef MAIL_SPOOL_DIRECTORY
***************
-*** 3169,3174 ****
---- 3309,3315 ----
+*** 3200,3205 ****
+--- 3340,3346 ----
child_set_env(&env, &envsize, "MAIL", buf);
#endif /* MAIL_SPOOL_FILE */
#endif /* MAIL_SPOOL_DIRECTORY */
@@ -315,8 +315,8 @@
#ifdef HAVE_ETC_DEFAULT_LOGIN
/* Read /etc/default/login; this exists at least on Solaris 2.x. Note
***************
-*** 3184,3192 ****
---- 3325,3335 ----
+*** 3215,3223 ****
+--- 3356,3366 ----
child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
original_command);
@@ -329,8 +329,8 @@
/* Set custom environment options from RSA authentication. */
while (custom_environment)
***************
-*** 3406,3412 ****
---- 3549,3559 ----
+*** 3437,3443 ****
+--- 3580,3590 ----
/* Execute the shell. */
argv[0] = buf;
argv[1] = NULL;
@@ -343,8 +343,8 @@
perror(shell);
exit(1);
***************
-*** 3427,3433 ****
---- 3574,3584 ----
+*** 3458,3464 ****
+--- 3605,3615 ----
argv[1] = "-c";
argv[2] = (char *)command;
argv[3] = NULL;
diff --git a/security/ssh2/files/patch-aj b/security/ssh2/files/patch-aj
index 2227e00716f2..60f7495697f5 100644
--- a/security/ssh2/files/patch-aj
+++ b/security/ssh2/files/patch-aj
@@ -1,7 +1,7 @@
-*** configure.in.orig Sun Apr 6 03:56:58 1997
---- configure.in Wed Apr 16 23:04:16 1997
+*** configure.in.orig Wed Apr 23 08:40:06 1997
+--- configure.in Fri Apr 25 12:41:26 1997
***************
-*** 579,587 ****
+*** 616,624 ****
export CFLAGS CC
@@ -11,7 +11,7 @@
AC_MSG_CHECKING([that the compiler works])
AC_TRY_RUN([ main(int ac, char **av) { return 0; } ],
---- 579,587 ----
+--- 616,624 ----
export CFLAGS CC
@@ -22,7 +22,7 @@
AC_MSG_CHECKING([that the compiler works])
AC_TRY_RUN([ main(int ac, char **av) { return 0; } ],
***************
-*** 633,639 ****
+*** 671,677 ****
AC_HEADER_STDC
AC_HEADER_SYS_WAIT
@@ -30,7 +30,7 @@
AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h)
AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h)
AC_HEADER_TIME
---- 633,639 ----
+--- 671,677 ----
AC_HEADER_STDC
AC_HEADER_SYS_WAIT
diff --git a/security/ssh2/files/patch-al b/security/ssh2/files/patch-al
index 9b8ef9f85303..1da799c26ac5 100644
--- a/security/ssh2/files/patch-al
+++ b/security/ssh2/files/patch-al
@@ -1,8 +1,8 @@
-*** sshconnect.c.orig Sun Apr 6 03:57:04 1997
---- sshconnect.c Wed Apr 16 23:04:17 1997
+*** sshconnect.c.orig Wed Apr 23 08:40:11 1997
+--- sshconnect.c Fri Apr 25 12:41:59 1997
***************
-*** 302,307 ****
---- 302,313 ----
+*** 311,316 ****
+--- 311,322 ----
{
struct sockaddr_in sin;
int p;
@@ -16,8 +16,8 @@
{
sock = socket(AF_INET, SOCK_STREAM, 0);
***************
-*** 329,334 ****
---- 335,341 ----
+*** 338,343 ****
+--- 344,350 ----
}
fatal("bind: %.100s", strerror(errno));
}