Thanks to max@wide.ad.jp, maxim, obraun@informatik.unibw-muenchen.de, fjoe

Patch from current, noted by drs@rucus.ru.ac.za: environment variables in the 'setenv' field of login.conf are set now.
author: dinoex <dinoex@FreeBSD.org> 2002-06-26 20:22:25 +0800
committer: dinoex <dinoex@FreeBSD.org> 2002-06-26 20:22:25 +0800
commit: ec7258527c1000ccee3ead0a8165740d8236d79c (patch)
tree: 8d80f1a47176e524cf56baf0b9713ee1abccbaf3 /security
parent: 5178ad69b2ea499e8bc9d0ed8e4b44b7a3bdd0d7 (diff)
download: freebsd-ports-gnome-ec7258527c1000ccee3ead0a8165740d8236d79c.tar.gz
freebsd-ports-gnome-ec7258527c1000ccee3ead0a8165740d8236d79c.tar.zst
freebsd-ports-gnome-ec7258527c1000ccee3ead0a8165740d8236d79c.zip
6 files changed, 102 insertions, 38 deletions
diff --git a/security/hpn-ssh/Makefile b/security/hpn-ssh/Makefile
index a37a28004dc5..d4f6705dfbb8 100644
--- a/security/hpn-ssh/Makefile
+++ b/security/hpn-ssh/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	openssh
 PORTVERSION=	3.3p1
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
 		ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \
@@ -98,7 +98,11 @@ post-configure:
 		${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh
 
 pre-install:
+.if defined(OPENSSH_OVERWRITE_BASE)
+	-${MKDIR} ${EMPTYDIR}
+.else
 	-${MKDIR} ${PREFIX}/empty
+.endif
 	if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi
 	if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \
 		-h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi
@@ -110,7 +114,7 @@ pre-install:
 .endfor
 
 post-install:
-.if defined(OPENSSH_OVERWRITE_BASE)
+.if !defined(OPENSSH_OVERWRITE_BASE)
 	${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample
 .endif
 	${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist
diff --git a/security/hpn-ssh/files/patch-session.c b/security/hpn-ssh/files/patch-session.c
index 0baf6ee51939..91c0cbc4d00d 100644
--- a/security/hpn-ssh/files/patch-session.c
+++ b/security/hpn-ssh/files/patch-session.c
@@ -1,5 +1,5 @@
---- session.c.orig	Mon May 13 02:48:58 2002
-+++ session.c	Thu May 23 14:10:44 2002
+--- session.c.orig	Fri Jun 21 03:09:47 2002
++++ session.c	Wed Jun 26 14:15:41 2002
 @@ -64,6 +64,13 @@
  #define is_winnt       (GetVersion() < 0x80000000)
  #endif
@@ -14,7 +14,7 @@
  /* func */
  
  Session *session_new(void);
-@@ -383,6 +390,13 @@
+@@ -474,6 +481,13 @@
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
  
  		/*
@@ -28,7 +28,7 @@
  		 * Create a new session and process group since the 4.4BSD
  		 * setlogin() affects the entire process group.
  		 */
-@@ -497,6 +511,14 @@
+@@ -588,6 +602,14 @@
  
  		/* Child.  Reinitialize the log because the pid has changed. */
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -43,7 +43,7 @@
  		/* Close the master side of the pseudo tty. */
  		close(ptyfd);
  
-@@ -623,6 +645,18 @@
+@@ -714,6 +736,18 @@
  	struct sockaddr_storage from;
  	struct passwd * pw = s->pw;
  	pid_t pid = getpid();
@@ -62,7 +62,7 @@
  
  	/*
  	 * Get IP address of client. If the connection is not a socket, let
-@@ -656,6 +690,72 @@
+@@ -747,6 +781,72 @@
  	}
  #endif
  
@@ -135,7 +135,7 @@
  	if (check_quietlogin(s, command))
  		return;
  
-@@ -668,7 +768,17 @@
+@@ -759,7 +859,17 @@
  		printf("%s\n", aixloginmsg);
  #endif /* WITH_AIXAUTHENTICATE */
  
@@ -154,7 +154,7 @@
  		time_string = ctime(&s->last_login_time);
  		if (strchr(time_string, '\n'))
  			*strchr(time_string, '\n') = 0;
-@@ -679,7 +789,30 @@
+@@ -770,7 +880,30 @@
  			    s->hostname);
  	}
  
@@ -186,7 +186,7 @@
  }
  
  /*
-@@ -695,9 +828,9 @@
+@@ -786,9 +919,9 @@
  #ifdef HAVE_LOGIN_CAP
  		f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
  		    "/etc/motd"), "r");
@@ -198,7 +198,7 @@
  		if (f) {
  			while (fgets(buf, sizeof(buf), f))
  				fputs(buf, stdout);
-@@ -724,10 +857,10 @@
+@@ -815,10 +948,10 @@
  #ifdef HAVE_LOGIN_CAP
  	if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
  		return 1;
@@ -211,7 +211,18 @@
  	return 0;
  }
  
-@@ -856,6 +989,10 @@
+@@ -931,6 +1064,10 @@
+ 	char buf[256];
+ 	u_int i, envsize;
+ 	char **env;
++#ifdef HAVE_LOGIN_CAP
++	extern char **environ;
++	char **senv;
++#endif
+ 	struct passwd *pw = s->pw;
+ 
+ 	/* Initialize the environment. */
+@@ -947,13 +1084,30 @@
  #endif
  
  	if (!options.use_login) {
@@ -222,9 +233,17 @@
  		/* Set basic environment. */
  		child_set_env(&env, &envsize, "USER", pw->pw_name);
  		child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
-@@ -863,6 +1000,12 @@
+ 		child_set_env(&env, &envsize, "HOME", pw->pw_dir);
  #ifdef HAVE_LOGIN_CAP
- 		(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
+-		(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
++		senv = environ;
++		environ = xmalloc(sizeof(char *));
++		*environ = NULL;
++		(void) setusercontext(lc, pw, pw->pw_uid,
++		    LOGIN_SETENV|LOGIN_SETPATH);
++		copy_environment(environ, &env, &envsize);
++		xfree(environ);
++		environ = senv;
  		child_set_env(&env, &envsize, "PATH", getenv("PATH"));
 +		var= login_getcapstr(lc, "lang", NULL, NULL);
 +		if ( var ) child_set_env(&env, &envsize, "LANG", var);
@@ -235,7 +254,16 @@
  #else /* HAVE_LOGIN_CAP */
  # ifndef HAVE_CYGWIN
  		/*
-@@ -1221,7 +1364,7 @@
+@@ -1162,7 +1316,7 @@
+ #endif /* HAVE_SETPCRED */
+ #ifdef HAVE_LOGIN_CAP
+ 		if (setusercontext(lc, pw, pw->pw_uid,
+-		    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
++		    (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH))) < 0) {
+ 			perror("unable to set user context");
+ 			exit(1);
+ 		}
+@@ -1312,7 +1466,7 @@
  	 * initgroups, because at least on Solaris 2.3 it leaves file
  	 * descriptors open.
  	 */
@@ -244,7 +272,7 @@
  		close(i);
  
  	/*
-@@ -1251,6 +1394,31 @@
+@@ -1342,6 +1496,31 @@
  			exit(1);
  #endif
  	}
diff --git a/security/hpn-ssh/pkg-plist b/security/hpn-ssh/pkg-plist
index 43556e645d64..b2df58c55ca3 100644
--- a/security/hpn-ssh/pkg-plist
+++ b/security/hpn-ssh/pkg-plist
@@ -19,8 +19,8 @@ bin/ssh-keyscan
 %%NOTBASE%%@exec [ -f %D/etc/ssh_host_dsa_key.pub ] && [ ! -f %D/etc/ssh/ssh_host_dsa_key.pub ] && ln %D/etc/ssh_host_dsa_key.pub %D/etc/ssh/ssh_host_dsa_key.pub
 %%NOTBASE%%@unexec if cmp -s %D/etc/ssh/ssh_config %D/etc/ssh/ssh_config-dist; then rm -f %D/etc/ssh/ssh_config; fi
 %%NOTBASE%%@unexec if cmp -s %D/etc/ssh/sshd_config %D/etc/ssh/sshd_config-dist; then rm -f %D/etc/ssh/sshd_config; fi
-etc/ssh/ssh_config-dist
-etc/ssh/sshd_config-dist
+%%NOTBASE%%etc/ssh/ssh_config-dist
+%%NOTBASE%%etc/ssh/sshd_config-dist
 %%NOTBASE%%@exec [ ! -f %D/etc/ssh/ssh_config ] && cp %D/etc/ssh/ssh_config-dist %D/etc/ssh/ssh_config
 %%NOTBASE%%@exec [ ! -f %D/etc/ssh/sshd_config ] && cp %D/etc/ssh/sshd_config-dist %D/etc/ssh/sshd_config
 %%NOTBASE%%@dirrm etc/ssh
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index a37a28004dc5..d4f6705dfbb8 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	openssh
 PORTVERSION=	3.3p1
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
 		ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \
@@ -98,7 +98,11 @@ post-configure:
 		${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh
 
 pre-install:
+.if defined(OPENSSH_OVERWRITE_BASE)
+	-${MKDIR} ${EMPTYDIR}
+.else
 	-${MKDIR} ${PREFIX}/empty
+.endif
 	if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi
 	if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \
 		-h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi
@@ -110,7 +114,7 @@ pre-install:
 .endfor
 
 post-install:
-.if defined(OPENSSH_OVERWRITE_BASE)
+.if !defined(OPENSSH_OVERWRITE_BASE)
 	${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample
 .endif
 	${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist
diff --git a/security/openssh-portable/files/patch-session.c b/security/openssh-portable/files/patch-session.c
index 0baf6ee51939..91c0cbc4d00d 100644
--- a/security/openssh-portable/files/patch-session.c
+++ b/security/openssh-portable/files/patch-session.c
@@ -1,5 +1,5 @@
---- session.c.orig	Mon May 13 02:48:58 2002
-+++ session.c	Thu May 23 14:10:44 2002
+--- session.c.orig	Fri Jun 21 03:09:47 2002
++++ session.c	Wed Jun 26 14:15:41 2002
 @@ -64,6 +64,13 @@
  #define is_winnt       (GetVersion() < 0x80000000)
  #endif
@@ -14,7 +14,7 @@
  /* func */
  
  Session *session_new(void);
-@@ -383,6 +390,13 @@
+@@ -474,6 +481,13 @@
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
  
  		/*
@@ -28,7 +28,7 @@
  		 * Create a new session and process group since the 4.4BSD
  		 * setlogin() affects the entire process group.
  		 */
-@@ -497,6 +511,14 @@
+@@ -588,6 +602,14 @@
  
  		/* Child.  Reinitialize the log because the pid has changed. */
  		log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -43,7 +43,7 @@
  		/* Close the master side of the pseudo tty. */
  		close(ptyfd);
  
-@@ -623,6 +645,18 @@
+@@ -714,6 +736,18 @@
  	struct sockaddr_storage from;
  	struct passwd * pw = s->pw;
  	pid_t pid = getpid();
@@ -62,7 +62,7 @@
  
  	/*
  	 * Get IP address of client. If the connection is not a socket, let
-@@ -656,6 +690,72 @@
+@@ -747,6 +781,72 @@
  	}
  #endif
  
@@ -135,7 +135,7 @@
  	if (check_quietlogin(s, command))
  		return;
  
-@@ -668,7 +768,17 @@
+@@ -759,7 +859,17 @@
  		printf("%s\n", aixloginmsg);
  #endif /* WITH_AIXAUTHENTICATE */
  
@@ -154,7 +154,7 @@
  		time_string = ctime(&s->last_login_time);
  		if (strchr(time_string, '\n'))
  			*strchr(time_string, '\n') = 0;
-@@ -679,7 +789,30 @@
+@@ -770,7 +880,30 @@
  			    s->hostname);
  	}
  
@@ -186,7 +186,7 @@
  }
  
  /*
-@@ -695,9 +828,9 @@
+@@ -786,9 +919,9 @@
  #ifdef HAVE_LOGIN_CAP
  		f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
  		    "/etc/motd"), "r");
@@ -198,7 +198,7 @@
  		if (f) {
  			while (fgets(buf, sizeof(buf), f))
  				fputs(buf, stdout);
-@@ -724,10 +857,10 @@
+@@ -815,10 +948,10 @@
  #ifdef HAVE_LOGIN_CAP
  	if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
  		return 1;
@@ -211,7 +211,18 @@
  	return 0;
  }
  
-@@ -856,6 +989,10 @@
+@@ -931,6 +1064,10 @@
+ 	char buf[256];
+ 	u_int i, envsize;
+ 	char **env;
++#ifdef HAVE_LOGIN_CAP
++	extern char **environ;
++	char **senv;
++#endif
+ 	struct passwd *pw = s->pw;
+ 
+ 	/* Initialize the environment. */
+@@ -947,13 +1084,30 @@
  #endif
  
  	if (!options.use_login) {
@@ -222,9 +233,17 @@
  		/* Set basic environment. */
  		child_set_env(&env, &envsize, "USER", pw->pw_name);
  		child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
-@@ -863,6 +1000,12 @@
+ 		child_set_env(&env, &envsize, "HOME", pw->pw_dir);
  #ifdef HAVE_LOGIN_CAP
- 		(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
+-		(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
++		senv = environ;
++		environ = xmalloc(sizeof(char *));
++		*environ = NULL;
++		(void) setusercontext(lc, pw, pw->pw_uid,
++		    LOGIN_SETENV|LOGIN_SETPATH);
++		copy_environment(environ, &env, &envsize);
++		xfree(environ);
++		environ = senv;
  		child_set_env(&env, &envsize, "PATH", getenv("PATH"));
 +		var= login_getcapstr(lc, "lang", NULL, NULL);
 +		if ( var ) child_set_env(&env, &envsize, "LANG", var);
@@ -235,7 +254,16 @@
  #else /* HAVE_LOGIN_CAP */
  # ifndef HAVE_CYGWIN
  		/*
-@@ -1221,7 +1364,7 @@
+@@ -1162,7 +1316,7 @@
+ #endif /* HAVE_SETPCRED */
+ #ifdef HAVE_LOGIN_CAP
+ 		if (setusercontext(lc, pw, pw->pw_uid,
+-		    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
++		    (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH))) < 0) {
+ 			perror("unable to set user context");
+ 			exit(1);
+ 		}
+@@ -1312,7 +1466,7 @@
  	 * initgroups, because at least on Solaris 2.3 it leaves file
  	 * descriptors open.
  	 */
@@ -244,7 +272,7 @@
  		close(i);
  
  	/*
-@@ -1251,6 +1394,31 @@
+@@ -1342,6 +1496,31 @@
  			exit(1);
  #endif
  	}
diff --git a/security/openssh-portable/pkg-plist b/security/openssh-portable/pkg-plist
index 43556e645d64..b2df58c55ca3 100644
--- a/security/openssh-portable/pkg-plist
+++ b/security/openssh-portable/pkg-plist
@@ -19,8 +19,8 @@ bin/ssh-keyscan
 %%NOTBASE%%@exec [ -f %D/etc/ssh_host_dsa_key.pub ] && [ ! -f %D/etc/ssh/ssh_host_dsa_key.pub ] && ln %D/etc/ssh_host_dsa_key.pub %D/etc/ssh/ssh_host_dsa_key.pub
 %%NOTBASE%%@unexec if cmp -s %D/etc/ssh/ssh_config %D/etc/ssh/ssh_config-dist; then rm -f %D/etc/ssh/ssh_config; fi
 %%NOTBASE%%@unexec if cmp -s %D/etc/ssh/sshd_config %D/etc/ssh/sshd_config-dist; then rm -f %D/etc/ssh/sshd_config; fi
-etc/ssh/ssh_config-dist
-etc/ssh/sshd_config-dist
+%%NOTBASE%%etc/ssh/ssh_config-dist
+%%NOTBASE%%etc/ssh/sshd_config-dist
 %%NOTBASE%%@exec [ ! -f %D/etc/ssh/ssh_config ] && cp %D/etc/ssh/ssh_config-dist %D/etc/ssh/ssh_config
 %%NOTBASE%%@exec [ ! -f %D/etc/ssh/sshd_config ] && cp %D/etc/ssh/sshd_config-dist %D/etc/ssh/sshd_config
 %%NOTBASE%%@dirrm etc/ssh
author	dinoex <dinoex@FreeBSD.org>	2002-06-26 20:22:25 +0800
committer	dinoex <dinoex@FreeBSD.org>	2002-06-26 20:22:25 +0800
commit	ec7258527c1000ccee3ead0a8165740d8236d79c (patch)
tree	8d80f1a47176e524cf56baf0b9713ee1abccbaf3 /security
parent	5178ad69b2ea499e8bc9d0ed8e4b44b7a3bdd0d7 (diff)
download	freebsd-ports-gnome-ec7258527c1000ccee3ead0a8165740d8236d79c.tar.gz freebsd-ports-gnome-ec7258527c1000ccee3ead0a8165740d8236d79c.tar.zst freebsd-ports-gnome-ec7258527c1000ccee3ead0a8165740d8236d79c.zip