diff options
author | peter <peter@FreeBSD.org> | 1997-04-25 13:01:06 +0800 |
---|---|---|
committer | peter <peter@FreeBSD.org> | 1997-04-25 13:01:06 +0800 |
commit | 41086c704391ae15bfb78fb30d1187f0c1433342 (patch) | |
tree | 9f56711a06d44fe6024fffc541b1303cb43f613f /security/ssh2 | |
parent | 49cc230a234daf65f3662bcc80bf1d951e338e8a (diff) | |
download | freebsd-ports-gnome-41086c704391ae15bfb78fb30d1187f0c1433342.tar.gz freebsd-ports-gnome-41086c704391ae15bfb78fb30d1187f0c1433342.tar.zst freebsd-ports-gnome-41086c704391ae15bfb78fb30d1187f0c1433342.zip |
Update from ssh-1.2.19 to ssh-1.2.20. All patches applied still, I just
regenerated them to fix the line numbers. Also, I added two commented out
options in Makefile, one to tell sshd that a group writeable homedir
is OK because all users are in their own group, and the other is to allow
an unencrypted connection (which is dangerous since it can lead to
compromise of keys), but on a secure network it's damn useful for backups
etc.
Diffstat (limited to 'security/ssh2')
-rw-r--r-- | security/ssh2/Makefile | 17 | ||||
-rw-r--r-- | security/ssh2/distinfo | 2 | ||||
-rw-r--r-- | security/ssh2/files/patch-aa | 8 | ||||
-rw-r--r-- | security/ssh2/files/patch-ab | 22 | ||||
-rw-r--r-- | security/ssh2/files/patch-ac | 28 | ||||
-rw-r--r-- | security/ssh2/files/patch-af | 76 | ||||
-rw-r--r-- | security/ssh2/files/patch-aj | 12 | ||||
-rw-r--r-- | security/ssh2/files/patch-al | 12 |
8 files changed, 93 insertions, 84 deletions
diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile index f06d971948e9..d00ccc3401ba 100644 --- a/security/ssh2/Makefile +++ b/security/ssh2/Makefile @@ -1,16 +1,16 @@ # New ports collection makefile for: ssh -# Version required: 1.2.19 +# Version required: 1.2.20 # Date created: 30 Jul 1995 # Whom: torstenb@FreeBSD.ORG # -# $Id: Makefile,v 1.38 1997/04/16 19:48:09 ache Exp $ +# $Id: Makefile,v 1.39 1997/04/20 13:53:01 wosch Exp $ # # Maximal ssh package requires YES values for # USE_PERL, USE_TCPWRAP # -DISTNAME= ssh-1.2.19 -CATEGORIES= security net perl5 +DISTNAME= ssh-1.2.20 +CATEGORIES= security net MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/login/ssh/ MAINTAINER= torstenb@FreeBSD.ORG @@ -35,6 +35,15 @@ GNU_CONFIGURE= YES CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc +#Uncomment if all your users are in their own group and their homedir +#is writeable by that group. Beware the security implications! +#CONFIGURE_ARGS+= --enable-group-writeability + +#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection +#over a secure medium. This is normally dangerous since it can lead to the +#disclosure keys and passwords. +#CONFIGURE_ARGS+= --with-none + .if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES CONFIGURE_ARGS+= --with-rsaref .endif diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo index b921c3e7c359..b41c04c76fe8 100644 --- a/security/ssh2/distinfo +++ b/security/ssh2/distinfo @@ -1,2 +1,2 @@ -MD5 (ssh-1.2.19.tar.gz) = a7a1b400788173b548f1c04642a52396 +MD5 (ssh-1.2.20.tar.gz) = 11d88175e5d6d9d59bea0a70330bcab4 MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d diff --git a/security/ssh2/files/patch-aa b/security/ssh2/files/patch-aa index 3ef8ce98cc1e..83e9968ac319 100644 --- a/security/ssh2/files/patch-aa +++ b/security/ssh2/files/patch-aa @@ -1,7 +1,7 @@ -*** make-ssh-known-hosts.pl.in.orig Thu Mar 27 09:04:06 1997 ---- make-ssh-known-hosts.pl.in Fri Mar 28 15:11:19 1997 +*** make-ssh-known-hosts.pl.in.orig Wed Apr 23 08:40:05 1997 +--- make-ssh-known-hosts.pl.in Fri Apr 25 12:38:21 1997 *************** -*** 84,90 **** +*** 87,93 **** $debug = 5; $defserver = ''; $bell='\a'; @@ -9,7 +9,7 @@ $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; $timeout = 60; $ping_timeout = 3; ---- 84,90 ---- +--- 87,93 ---- $debug = 5; $defserver = ''; $bell='\a'; diff --git a/security/ssh2/files/patch-ab b/security/ssh2/files/patch-ab index fb3ded791e3f..0456b49d4478 100644 --- a/security/ssh2/files/patch-ab +++ b/security/ssh2/files/patch-ab @@ -1,7 +1,7 @@ -*** configure.orig Sun Apr 6 03:56:58 1997 ---- configure Wed Apr 16 22:52:47 1997 +*** configure.orig Wed Apr 23 08:40:06 1997 +--- configure Fri Apr 25 12:38:54 1997 *************** -*** 1634,1645 **** +*** 1757,1768 **** export CFLAGS CC @@ -13,10 +13,10 @@ - echo $ac_n "checking that the compiler works""... $ac_c" 1>&6 - echo "configure:1646: checking that the compiler works" >&5 ---- 1634,1639 ---- + echo "configure:1769: checking that the compiler works" >&5 +--- 1757,1762 ---- *************** -*** 2632,2638 **** +*** 2759,2765 **** fi @@ -24,7 +24,7 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 ---- 2626,2632 ---- +--- 2753,2759 ---- fi @@ -33,7 +33,7 @@ ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 *************** -*** 6749,6755 **** +*** 7031,7037 **** cat >> $CONFIG_STATUS <<EOF @@ -41,7 +41,7 @@ EOF cat >> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then ---- 6743,6749 ---- +--- 7025,7031 ---- cat >> $CONFIG_STATUS <<EOF @@ -50,8 +50,8 @@ cat >> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then *************** -*** 6953,6958 **** ---- 6947,6954 ---- +*** 7235,7240 **** +--- 7229,7236 ---- done for ac_config_dir in gmp-2.0.2-ssh-2; do diff --git a/security/ssh2/files/patch-ac b/security/ssh2/files/patch-ac index 6823f8a5bd28..90cc133acd97 100644 --- a/security/ssh2/files/patch-ac +++ b/security/ssh2/files/patch-ac @@ -1,7 +1,7 @@ -*** Makefile.in.orig Sun Apr 6 03:56:58 1997 ---- Makefile.in Wed Apr 16 22:59:17 1997 +*** Makefile.in.orig Wed Apr 23 08:40:06 1997 +--- Makefile.in Fri Apr 25 12:39:38 1997 *************** -*** 229,240 **** +*** 237,248 **** SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -14,7 +14,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source ---- 229,246 ---- +--- 237,254 ---- SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -34,7 +34,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source *************** -*** 328,334 **** +*** 336,342 **** $(CC) -o rfc-pg rfc-pg.o .c.o: @@ -42,7 +42,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd ---- 334,340 ---- +--- 342,348 ---- $(CC) -o rfc-pg rfc-pg.o .c.o: @@ -51,7 +51,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd *************** -*** 365,383 **** +*** 373,391 **** sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -71,7 +71,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ ---- 371,389 ---- +--- 379,397 ---- sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -92,7 +92,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ *************** -*** 434,440 **** +*** 442,448 **** # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. @@ -100,7 +100,7 @@ -rm -f $(install_prefix)$(bindir)/ssh.old -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old -chmod 755 $(install_prefix)$(bindir)/ssh.old ---- 440,446 ---- +--- 448,454 ---- # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. @@ -109,7 +109,7 @@ -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old -chmod 755 $(install_prefix)$(bindir)/ssh.old *************** -*** 543,569 **** +*** 551,577 **** clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -137,7 +137,7 @@ tar pcf $(DISTNAME).tar $(DISTNAME) -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar ---- 549,575 ---- +--- 557,583 ---- clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -166,7 +166,7 @@ -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar *************** -*** 575,581 **** +*** 583,589 **** (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: @@ -174,7 +174,7 @@ tags: -rm -f TAGS ---- 581,587 ---- +--- 589,595 ---- (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: diff --git a/security/ssh2/files/patch-af b/security/ssh2/files/patch-af index 94bfa1563a51..5e3eb7c79f92 100644 --- a/security/ssh2/files/patch-af +++ b/security/ssh2/files/patch-af @@ -1,8 +1,8 @@ -*** sshd.c.orig Sun Apr 6 03:57:00 1997 ---- sshd.c Wed Apr 16 23:27:28 1997 +*** sshd.c.orig Wed Apr 23 08:40:08 1997 +--- sshd.c Fri Apr 25 12:40:20 1997 *************** -*** 379,384 **** ---- 379,388 ---- +*** 400,405 **** +--- 400,409 ---- #include "firewall.h" /* TIS authsrv authentication */ #endif @@ -14,8 +14,8 @@ #define DEFAULT_SHELL _PATH_BSHELL #else *************** -*** 2617,2622 **** ---- 2621,2629 ---- +*** 2654,2659 **** +--- 2658,2666 ---- struct sockaddr_in from; int fromlen; struct pty_cleanup_context cleanup_context; @@ -26,7 +26,7 @@ /* We no longer need the child running on user's privileges. */ userfile_uninit(); *************** -*** 2688,2698 **** +*** 2725,2735 **** record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, &from); @@ -38,7 +38,7 @@ /* If the user has logged in before, display the time of last login. However, don't display anything extra if a command has been specified (so that ssh can be used to execute commands on a remote ---- 2695,2713 ---- +--- 2732,2750 ---- record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, &from); @@ -59,8 +59,8 @@ However, don't display anything extra if a command has been specified (so that ssh can be used to execute commands on a remote *************** -*** 2712,2717 **** ---- 2727,2755 ---- +*** 2749,2754 **** +--- 2764,2792 ---- printf("Last login: %s from %s\r\n", time_string, buf); } @@ -91,8 +91,8 @@ disabled in server options. Note that some machines appear to print it in /etc/profile or similar. */ *************** -*** 2721,2727 **** ---- 2759,2769 ---- +*** 2758,2764 **** +--- 2796,2806 ---- FILE *f; /* Print /etc/motd if it exists. */ @@ -105,8 +105,8 @@ { while (fgets(line, sizeof(line), f)) *************** -*** 2729,2734 **** ---- 2771,2799 ---- +*** 2766,2771 **** +--- 2808,2836 ---- fclose(f); } } @@ -137,7 +137,7 @@ /* Do common processing for the child, such as execing the command. */ do_child(command, pw, term, display, auth_proto, auth_data, ttyname); *************** -*** 2986,2992 **** +*** 3017,3023 **** char *user_shell; char *remote_ip; int remote_port; @@ -145,7 +145,7 @@ /* Check /etc/nologin. */ f = fopen("/etc/nologin", "r"); if (f) ---- 3051,3063 ---- +--- 3082,3094 ---- char *user_shell; char *remote_ip; int remote_port; @@ -160,8 +160,8 @@ f = fopen("/etc/nologin", "r"); if (f) *************** -*** 3000,3005 **** ---- 3071,3077 ---- +*** 3031,3036 **** +--- 3102,3108 ---- if (pw->pw_uid != UID_ROOT) exit(254); } @@ -170,7 +170,7 @@ if (command != NULL) { *************** -*** 3012,3018 **** +*** 3043,3049 **** else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -178,7 +178,7 @@ #ifdef HAVE_SETLOGIN /* Set login name in the kernel. Warning: setsid() must be called before this. */ ---- 3084,3091 ---- +--- 3115,3122 ---- else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -188,8 +188,8 @@ /* Set login name in the kernel. Warning: setsid() must be called before this. */ *************** -*** 3033,3038 **** ---- 3106,3112 ---- +*** 3064,3069 **** +--- 3137,3143 ---- if (setpcred((char *)pw->pw_name, NULL)) log_msg("setpcred %.100s: %.100s", strerror(errno)); #endif /* HAVE_USERSEC_H */ @@ -198,8 +198,8 @@ /* Save some data that will be needed so that we can do certain cleanups before we switch to user's uid. (We must clear all sensitive data *************** -*** 3103,3108 **** ---- 3177,3240 ---- +*** 3134,3139 **** +--- 3208,3271 ---- if (command != NULL || !options.use_login) #endif /* USELOGIN */ { @@ -265,8 +265,8 @@ if (getuid() == UID_ROOT || geteuid() == UID_ROOT) { *************** -*** 3134,3139 **** ---- 3266,3272 ---- +*** 3165,3170 **** +--- 3297,3303 ---- if (getuid() != user_uid || geteuid() != user_uid) fatal("Failed to set uids to %d.", (int)user_uid); @@ -275,8 +275,8 @@ /* Reset signals to their default settings before starting the user *************** -*** 3144,3154 **** ---- 3277,3292 ---- +*** 3175,3185 **** +--- 3308,3323 ---- and means /bin/sh. */ shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; @@ -294,8 +294,8 @@ #ifdef USELOGIN if (command != NULL || !options.use_login) *************** -*** 3158,3163 **** ---- 3296,3303 ---- +*** 3189,3194 **** +--- 3327,3334 ---- child_set_env(&env, &envsize, "HOME", user_dir); child_set_env(&env, &envsize, "USER", user_name); child_set_env(&env, &envsize, "LOGNAME", user_name); @@ -305,8 +305,8 @@ #ifdef MAIL_SPOOL_DIRECTORY *************** -*** 3169,3174 **** ---- 3309,3315 ---- +*** 3200,3205 **** +--- 3340,3346 ---- child_set_env(&env, &envsize, "MAIL", buf); #endif /* MAIL_SPOOL_FILE */ #endif /* MAIL_SPOOL_DIRECTORY */ @@ -315,8 +315,8 @@ #ifdef HAVE_ETC_DEFAULT_LOGIN /* Read /etc/default/login; this exists at least on Solaris 2.x. Note *************** -*** 3184,3192 **** ---- 3325,3335 ---- +*** 3215,3223 **** +--- 3356,3366 ---- child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); @@ -329,8 +329,8 @@ /* Set custom environment options from RSA authentication. */ while (custom_environment) *************** -*** 3406,3412 **** ---- 3549,3559 ---- +*** 3437,3443 **** +--- 3580,3590 ---- /* Execute the shell. */ argv[0] = buf; argv[1] = NULL; @@ -343,8 +343,8 @@ perror(shell); exit(1); *************** -*** 3427,3433 **** ---- 3574,3584 ---- +*** 3458,3464 **** +--- 3605,3615 ---- argv[1] = "-c"; argv[2] = (char *)command; argv[3] = NULL; diff --git a/security/ssh2/files/patch-aj b/security/ssh2/files/patch-aj index 2227e00716f2..60f7495697f5 100644 --- a/security/ssh2/files/patch-aj +++ b/security/ssh2/files/patch-aj @@ -1,7 +1,7 @@ -*** configure.in.orig Sun Apr 6 03:56:58 1997 ---- configure.in Wed Apr 16 23:04:16 1997 +*** configure.in.orig Wed Apr 23 08:40:06 1997 +--- configure.in Fri Apr 25 12:41:26 1997 *************** -*** 579,587 **** +*** 616,624 **** export CFLAGS CC @@ -11,7 +11,7 @@ AC_MSG_CHECKING([that the compiler works]) AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], ---- 579,587 ---- +--- 616,624 ---- export CFLAGS CC @@ -22,7 +22,7 @@ AC_MSG_CHECKING([that the compiler works]) AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], *************** -*** 633,639 **** +*** 671,677 **** AC_HEADER_STDC AC_HEADER_SYS_WAIT @@ -30,7 +30,7 @@ AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h) AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) AC_HEADER_TIME ---- 633,639 ---- +--- 671,677 ---- AC_HEADER_STDC AC_HEADER_SYS_WAIT diff --git a/security/ssh2/files/patch-al b/security/ssh2/files/patch-al index 9b8ef9f85303..1da799c26ac5 100644 --- a/security/ssh2/files/patch-al +++ b/security/ssh2/files/patch-al @@ -1,8 +1,8 @@ -*** sshconnect.c.orig Sun Apr 6 03:57:04 1997 ---- sshconnect.c Wed Apr 16 23:04:17 1997 +*** sshconnect.c.orig Wed Apr 23 08:40:11 1997 +--- sshconnect.c Fri Apr 25 12:41:59 1997 *************** -*** 302,307 **** ---- 302,313 ---- +*** 311,316 **** +--- 311,322 ---- { struct sockaddr_in sin; int p; @@ -16,8 +16,8 @@ { sock = socket(AF_INET, SOCK_STREAM, 0); *************** -*** 329,334 **** ---- 335,341 ---- +*** 338,343 **** +--- 344,350 ---- } fatal("bind: %.100s", strerror(errno)); } |