diff options
139 files changed, 21 insertions, 6019 deletions
@@ -485,7 +485,6 @@ speedmgmt* net/pppoa Not for redistribution -- see /dsl/disclaimer_lx.htm srd-fpw* japanese/srd-fpw The original dictionary is not free -ssh-* security/ssh* Crypto; export-controlled *mod_ssl* www/apache13-modssl Crypto; export-controlled stat.tar.Z math/unixstat License does not allow redistribution of binaries @@ -1871,3 +1871,24 @@ sysutils/wmmount||2011-05-01|Has expired: Upstream disapear and distfile is no m sysutils/wmpccard||2011-05-01|Has expired: Upstream disapear and distfile is no more available sysutils/wmshutdown||2011-05-01|Has expired: Upstream disapear and distfile is no more available sysutils/wmzazof||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/aafid2||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/bjorb||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/borzoi||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/cmd5checkpw||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/cops||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/find_ddos||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/ftpmap||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/hafiye||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/ident2||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/liedentd||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/pam_pop3||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/poc||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/portscanner||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/ppgen||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/qident||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/quintuple-agent||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/rc5pipe||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/rid||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/ssh||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/tea-total||2011-05-01|Has expired: Upstream disapear and distfile is no more available +security/uberkey||2011-05-01|Has expired: Upstream disapear and distfile is no more available diff --git a/security/Makefile b/security/Makefile index d7e897a7c9d1..df237f0b1f79 100644 --- a/security/Makefile +++ b/security/Makefile @@ -6,7 +6,6 @@ SUBDIR += ADMsmb SUBDIR += ADMsnmp SUBDIR += IMHear - SUBDIR += aafid2 SUBDIR += aescrypt SUBDIR += aespipe SUBDIR += afterglow @@ -37,10 +36,8 @@ SUBDIR += beecrypt SUBDIR += bfbtester SUBDIR += bioapi - SUBDIR += bjorb SUBDIR += blindelephant SUBDIR += blocksshd - SUBDIR += borzoi SUBDIR += botan SUBDIR += bro SUBDIR += bruteblock @@ -78,8 +75,6 @@ SUBDIR += clamsmtp SUBDIR += clamtk SUBDIR += clusterssh - SUBDIR += cmd5checkpw - SUBDIR += cops SUBDIR += courier-authlib SUBDIR += courier-authlib-base SUBDIR += courierpassd @@ -133,7 +128,6 @@ SUBDIR += fcrackzip SUBDIR += fiked SUBDIR += find-zlib - SUBDIR += find_ddos SUBDIR += firewalk SUBDIR += fl0p SUBDIR += flawfinder @@ -148,7 +142,6 @@ SUBDIR += fsh SUBDIR += fswatch SUBDIR += ftimes - SUBDIR += ftpmap SUBDIR += fuzz SUBDIR += fuzzdb SUBDIR += fwanalog @@ -186,7 +179,6 @@ SUBDIR += gtkportscan SUBDIR += gwee SUBDIR += hackbot - SUBDIR += hafiye SUBDIR += hamachi SUBDIR += heimdal SUBDIR += hlfl @@ -201,7 +193,6 @@ SUBDIR += hydra SUBDIR += iaikpkcs11wrapper SUBDIR += idea - SUBDIR += ident2 SUBDIR += identify SUBDIR += ifd-devkit SUBDIR += ifd-gempc410 @@ -271,7 +262,6 @@ SUBDIR += libtasn1 SUBDIR += libtomcrypt SUBDIR += libwhisker - SUBDIR += liedentd SUBDIR += linux-f10-cyrus-sasl2 SUBDIR += linux-f10-libssh2 SUBDIR += linux-f10-nss @@ -580,7 +570,6 @@ SUBDIR += pam_p11 SUBDIR += pam_per_user SUBDIR += pam_pgina - SUBDIR += pam_pop3 SUBDIR += pam_pseudo SUBDIR += pam_pwdfile SUBDIR += pam_require @@ -661,13 +650,10 @@ SUBDIR += pkcs11-helper SUBDIR += pks SUBDIR += pktsuckers - SUBDIR += poc SUBDIR += polarssl SUBDIR += poly1305aes - SUBDIR += portscanner SUBDIR += portsentry SUBDIR += ppars - SUBDIR += ppgen SUBDIR += prelude-lml SUBDIR += prelude-manager SUBDIR += prelude-pflogger @@ -720,11 +706,9 @@ SUBDIR += qca-gnupg SUBDIR += qca-ossl SUBDIR += qca-tls - SUBDIR += qident SUBDIR += qtfw SUBDIR += quantis SUBDIR += quantis-kmod - SUBDIR += quintuple-agent SUBDIR += racoon2 SUBDIR += radiusniff SUBDIR += rain @@ -733,11 +717,9 @@ SUBDIR += rarcrack SUBDIR += ratproxy SUBDIR += rats - SUBDIR += rc5pipe SUBDIR += rdigest SUBDIR += retranslator SUBDIR += revelation - SUBDIR += rid SUBDIR += rkhunter SUBDIR += ruby-acl SUBDIR += ruby-aes @@ -818,7 +800,6 @@ SUBDIR += srp SUBDIR += sscep SUBDIR += ssdeep - SUBDIR += ssh SUBDIR += ssh-copy-id SUBDIR += ssh-gui SUBDIR += ssh-multiadd @@ -854,7 +835,6 @@ SUBDIR += switzerland SUBDIR += symbion-sslproxy SUBDIR += tclsasl - SUBDIR += tea-total SUBDIR += termlog SUBDIR += tinc SUBDIR += tinyca @@ -871,7 +851,6 @@ SUBDIR += trousers SUBDIR += tthsum SUBDIR += tuntun - SUBDIR += uberkey SUBDIR += umit SUBDIR += unhide SUBDIR += unicornscan diff --git a/security/aafid2/Makefile b/security/aafid2/Makefile deleted file mode 100644 index 553eac12a650..000000000000 --- a/security/aafid2/Makefile +++ /dev/null @@ -1,30 +0,0 @@ -# New ports collection makefile for: aafid2 -# Date created: 2000/06/14 16:55 -# Whom: se -# -# $FreeBSD$ -# - -PORTNAME= aafid2 -PORTVERSION= 0.10 -PORTREVISION= 3 -CATEGORIES= security -MASTER_SITES= ftp://ftp.cerias.purdue.edu/pub/tools/unix/ids/AAFID/ -EXTRACT_ONLY= - -MAINTAINER= ports@FreeBSD.org -COMMENT= A distributed monitoring and intrusion detection system - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -RUN_DEPENDS= ptksh:${PORTSDIR}/x11-toolkits/p5-Tk - -NO_WRKSUBDIR= yes -NO_BUILD= yes - -do-install: - tar -C ${PREFIX}/lib -xzf ${DISTDIR}/${DISTNAME}${EXTRACT_SUFX} - ${SH} ${FILESDIR}/post-install ${PREFIX} - -.include <bsd.port.mk> diff --git a/security/aafid2/distinfo b/security/aafid2/distinfo deleted file mode 100644 index 9c7b200c588b..000000000000 --- a/security/aafid2/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (aafid2-0.10.tar.gz) = ac5bfe89ee4e9b1485c41b91af072d46 -SHA256 (aafid2-0.10.tar.gz) = 0790ec3c2a9d54d716ac14f299330ea2472623d7f4b2419781dfacc1d8ef40bd -SIZE (aafid2-0.10.tar.gz) = 1476810 diff --git a/security/aafid2/files/post-install b/security/aafid2/files/post-install deleted file mode 100644 index a257901f979f..000000000000 --- a/security/aafid2/files/post-install +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -PREFIX=$1 -AAFID_DIR=${PREFIX}/lib/aafid2 - -set -e - -cat >> ${AAFID_DIR}/config/AAFID <<*__END__* - -## ------------------------------ -## FreeBSD Port specific defaults -BaseDir=${AAFID_DIR} -*__END__* diff --git a/security/aafid2/pkg-descr b/security/aafid2/pkg-descr deleted file mode 100644 index fecbb3fe4a3d..000000000000 --- a/security/aafid2/pkg-descr +++ /dev/null @@ -1,10 +0,0 @@ -Autonomous Agents For Intrusion Detection - -AAFID(tm) is a distributed monitoring and intrusion detection system -that employs small stand-alone programs (Agents) to perform monitoring -functions in the hosts of a network. AAFID uses a hierarchical -structure to collect the information produced by each agent, by each -host, and by each set of hosts, to be able to detect suspicious -activity. - -WWW: http://www.cerias.purdue.edu/research/aafid/ diff --git a/security/aafid2/pkg-plist b/security/aafid2/pkg-plist deleted file mode 100644 index 354daffb39b6..000000000000 --- a/security/aafid2/pkg-plist +++ /dev/null @@ -1,190 +0,0 @@ -lib/aafid2/aas/00README -lib/aafid2/aas/ARPWatcher.aas -lib/aafid2/aas/CPUload.aas -lib/aafid2/aas/CheckFilePermissions.aas -lib/aafid2/aas/CheckInet.aas -lib/aafid2/aas/CheckInetPeriodic.aas -lib/aafid2/aas/CheckRhosts.aas -lib/aafid2/aas/CmdSequence.aas -lib/aafid2/aas/ConnSameHost.aas -lib/aafid2/aas/DiskSpace.aas -lib/aafid2/aas/FTP.aas -lib/aafid2/aas/GroupFilesChecker.aas -lib/aafid2/aas/LFS.aas -lib/aafid2/aas/Makefile -lib/aafid2/aas/PasswdFilesChecker.aas -lib/aafid2/aas/RootShells.aas -lib/aafid2/aas/SU.aas -lib/aafid2/aas/SYNflood.aas -lib/aafid2/aas/SpaceTmp.aas -lib/aafid2/aas/WeirdConn.aas -lib/aafid2/aas/test.aas -lib/aafid2/00README -lib/aafid2/ANNOUNCE -lib/aafid2/COPYRIGHT -lib/aafid2/CREDITS -lib/aafid2/FEEDBACK -lib/aafid2/HISTORY -lib/aafid2/INSTALL -lib/aafid2/MAILLIST -lib/aafid2/PROBLEMS -lib/aafid2/SIGNATURE -lib/aafid2/classes/Log/Topics.pm -lib/aafid2/classes/Makefile -lib/aafid2/classes/Resources.pm -lib/aafid2/classes/AAFID/GUI/NeXTterm.xpm -lib/aafid2/classes/AAFID/GUI/aafid2.conf -lib/aafid2/classes/AAFID/GUI/aafid2.pm -lib/aafid2/classes/AAFID/GUI/aafid2gui -lib/aafid2/classes/AAFID/GUI/agents1.conf -lib/aafid2/classes/AAFID/GUI/agents2.conf -lib/aafid2/classes/AAFID/GUI/agents3.conf -lib/aafid2/classes/AAFID/GUI/agents4.conf -lib/aafid2/classes/AAFID/GUI/hosts1.conf -lib/aafid2/classes/AAFID/GUI/hosts2.conf -lib/aafid2/classes/AAFID/GUI/killstarter -lib/aafid2/classes/AAFID/GUI/morehosts.conf -lib/aafid2/classes/AAFID/GUI/sequence.txt -lib/aafid2/classes/AAFID/Agent.pm -lib/aafid2/classes/AAFID/Comm.pm -lib/aafid2/classes/AAFID/Common.pm -lib/aafid2/classes/AAFID/Config.pm -lib/aafid2/classes/AAFID/Constants.pm -lib/aafid2/classes/AAFID/ControllerEntity.pm -lib/aafid2/classes/AAFID/Entity.pm -lib/aafid2/classes/AAFID/Filter.pm -lib/aafid2/classes/AAFID/Log.pm -lib/aafid2/classes/AAFID/Makefile -lib/aafid2/classes/AAFID/Message.pm -lib/aafid2/classes/AAFID/Monitor.pm -lib/aafid2/classes/AAFID/PlainTransceiver.pm -lib/aafid2/classes/AAFID/Starter.pm -lib/aafid2/classes/AAFID/System.pm -lib/aafid2/classes/AAFID/makeagent.man -lib/aafid2/classes/AAFID/makeagent.nw -lib/aafid2/classes/AAFID/makeagent.pl -lib/aafid2/classes/AAFID/template_version.pl -lib/aafid2/classes/Agents/00IDEAS -lib/aafid2/classes/Agents/00README -lib/aafid2/classes/Agents/ARPWatcher.pm -lib/aafid2/classes/Agents/CPUload.pm -lib/aafid2/classes/Agents/CheckFilePermissions.pm -lib/aafid2/classes/Agents/CheckInet.pm -lib/aafid2/classes/Agents/CheckInetPeriodic.pm -lib/aafid2/classes/Agents/CheckNFSserver.pm -lib/aafid2/classes/Agents/CheckRhosts.pm -lib/aafid2/classes/Agents/CmdSequence.pm -lib/aafid2/classes/Agents/ConnSameHost.pm -lib/aafid2/classes/Agents/DiskSpace.pm -lib/aafid2/classes/Agents/FTP.pm -lib/aafid2/classes/Agents/GroupFilesChecker.pm -lib/aafid2/classes/Agents/IllegalIPPackets.pm -lib/aafid2/classes/Agents/LFS.pm -lib/aafid2/classes/Agents/Land.pm -lib/aafid2/classes/Agents/LoginFailures.pm -lib/aafid2/classes/Agents/PasswdFilesChecker.pm -lib/aafid2/classes/Agents/SU.pm -lib/aafid2/classes/Agents/SYNFloodAsync.pm -lib/aafid2/classes/Agents/SYNflood.pm -lib/aafid2/classes/Agents/SpaceTmp.pm -lib/aafid2/classes/Agents/WeirdConn.pm -lib/aafid2/classes/Agents/test.pm -lib/aafid2/classes/Comm/Conn.pm -lib/aafid2/classes/Comm/Reactor.pm -lib/aafid2/classes/Comm/Tags.pm -lib/aafid2/classes/Comm/Timer.pm -lib/aafid2/classes/Filter/00README -lib/aafid2/classes/Filter/ActiveSockets.pm -lib/aafid2/classes/Filter/CPUload.pm -lib/aafid2/classes/Filter/FileSystems.pm -lib/aafid2/classes/Filter/Fproc.pm -lib/aafid2/classes/Filter/Ftcpw.pm -lib/aafid2/classes/Filter/LibpcapFilter.pm -lib/aafid2/classes/Util/FiniteQueue.pm -lib/aafid2/classes/Util/NumQueue.pm -lib/aafid2/config/00README -lib/aafid2/config/AAFID -lib/aafid2/config/Agents -lib/aafid2/config/CheckInet -lib/aafid2/config/Filter -lib/aafid2/config/Monitor -lib/aafid2/config/basm/Ftcpw -lib/aafid2/config/fiji/00README -lib/aafid2/config/fiji/AAFID -lib/aafid2/config/fiji/CheckInet -lib/aafid2/doc/00README -lib/aafid2/doc/code/00README -lib/aafid2/doc/code/Agent.ps -lib/aafid2/doc/code/Comm.ps -lib/aafid2/doc/code/Common.ps -lib/aafid2/doc/code/Config.ps -lib/aafid2/doc/code/Conn.ps -lib/aafid2/doc/code/Constants.ps -lib/aafid2/doc/code/ControllerEntity.ps -lib/aafid2/doc/code/Entity.ps -lib/aafid2/doc/code/Filter.ps -lib/aafid2/doc/code/FiniteQueue.ps -lib/aafid2/doc/code/Log.ps -lib/aafid2/doc/code/Message.ps -lib/aafid2/doc/code/Monitor.ps -lib/aafid2/doc/code/NumQueue.ps -lib/aafid2/doc/code/PlainTransceiver.ps -lib/aafid2/doc/code/RMod.ps -lib/aafid2/doc/code/Reactor.ps -lib/aafid2/doc/code/Starter.ps -lib/aafid2/doc/code/System.ps -lib/aafid2/doc/code/Tags.ps -lib/aafid2/doc/code/Timer.ps -lib/aafid2/doc/notes/Attack_and_agent_ideas.txt -lib/aafid2/doc/notes/Config.txt -lib/aafid2/doc/notes/Directory_hierarchy.txt -lib/aafid2/doc/notes/Filters.txt -lib/aafid2/doc/notes/How_to_run.txt -lib/aafid2/doc/notes/How_to_use_GUI.txt -lib/aafid2/doc/notes/How_to_use_filters.txt -lib/aafid2/doc/notes/How_to_write_filters.txt -lib/aafid2/doc/notes/Introspection.txt -lib/aafid2/doc/notes/Reduction_Modules.txt -lib/aafid2/doc/papers/00README -lib/aafid2/doc/papers/architecture_report.ps -lib/aafid2/doc/papers/implementation_report_draft.ps -lib/aafid2/doc/papers/users_guide_draft.ps -lib/aafid2/lib/pixmaps/NeXTterm.xpm -lib/aafid2/misc/Resources.patch -lib/aafid2/misc/Topics.patch -lib/aafid2/utils/00README -lib/aafid2/utils/aafid.vim -@exec mkdir -p %D/lib/aafid2/bin -@exec mkdir -p %D/lib/aafid2/man/man1 -@exec ln -s ../classes/AAFID/makeagent.pl %D/lib/aafid2/bin/makeagent.pl -@exec ln -s makeagent.pl %D/lib/aafid2/bin/makeagent -@exec ln -s ../classes/AAFID/GUI/aafid2gui %D/lib/aafid2/bin/aafid2gui -@exec ln -s ../../classes/AAFID/makeagent.man %D/lib/aafid2/man/man1/makeagent.1 -@unexec rm -f %D/lib/aafid2/bin/makeagent.pl -@unexec rm -f %D/lib/aafid2/bin/makeagent -@unexec rm -f %D/lib/aafid2/bin/aafid2gui -@unexec rm -f %D/lib/aafid2/man/man1/makeagent.1 -@dirrm lib/aafid2/utils -@dirrm lib/aafid2/misc -@dirrm lib/aafid2/man/man1 -@dirrm lib/aafid2/man -@dirrm lib/aafid2/lib/pixmaps -@dirrm lib/aafid2/lib -@dirrm lib/aafid2/doc/papers -@dirrm lib/aafid2/doc/notes -@dirrm lib/aafid2/doc/code -@dirrm lib/aafid2/doc -@dirrm lib/aafid2/config/fiji -@dirrm lib/aafid2/config/basm -@dirrm lib/aafid2/config -@dirrm lib/aafid2/classes/Util -@dirrm lib/aafid2/classes/Log -@dirrm lib/aafid2/classes/Filter -@dirrm lib/aafid2/classes/Comm -@dirrm lib/aafid2/classes/Agents -@dirrm lib/aafid2/classes/AAFID/GUI -@dirrm lib/aafid2/classes/AAFID -@dirrm lib/aafid2/classes -@dirrm lib/aafid2/bin -@dirrm lib/aafid2/aas -@dirrm lib/aafid2 diff --git a/security/bjorb/Makefile b/security/bjorb/Makefile deleted file mode 100644 index 508d265224d5..000000000000 --- a/security/bjorb/Makefile +++ /dev/null @@ -1,60 +0,0 @@ -# New ports collection makefile for: bjorb -# Date created: May 16, 1998 -# Whom: issei@jp.FreeBSD.org -# -# $FreeBSD$ -# - -PORTNAME= bjorb -PORTVERSION= 0.5.5p1 -PORTREVISION= 1 -CATEGORIES= security -MASTER_SITES= http://people.FreeBSD.org/~foxfair/distfiles/ - -MAINTAINER= ports@FreeBSD.org -COMMENT= Secure TCP relay software with SSL - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -USE_OPENSSL= YES -USE_PERL5= yes - -.if !defined(BATCH) -INSTALL_TARGET= install certificate -.endif - -USE_AUTOTOOLS= autoconf213 -CFLAGS+= -I${OPENSSLINC}/openssl -CONFIGURE_ARGS= --with-ssltop=${OPENSSLBASE} --with-ssllib=${OPENSSLLIB} -CONFIGURE_ENV+= LOCALBASE=${LOCALBASE} -WRKSRC= ${WRKDIR}/${DISTNAME}/src -DOCSRC= ${WRKDIR}/${DISTNAME} -DOCS= ChangeLog \ - COPYRIGHT \ - INSTALL \ - README \ - ChangeLog.jp \ - COPYRIGHT.jp \ - INSTALL.jp \ - README.jp \ - doc/bjorb.conf.5.jp.txt \ - doc/features.jp -EXAMPLES= doc/sample/bjorb.conf.doc - -post-install: - @${INSTALL_SCRIPT} ${DOCSRC}/doc/sample/bjorb.sh ${PREFIX}/etc/rc.d/bjorb.sh.sample -.if !defined(NOPORTDOCS) - @${MKDIR} ${DOCSDIR} -.for i in ${DOCS} - @${INSTALL_DATA} ${DOCSRC}/$i ${DOCSDIR} -.endfor -.endif -.if !defined(NOPORTEXAMPLES) - @${MKDIR} ${PREFIX}/share/examples/bjorb -.for i in ${EXAMPLES} - @${INSTALL_DATA} ${DOCSRC}/$i ${PREFIX}/share/examples/bjorb -.endfor -.endif - -.include <bsd.port.mk> diff --git a/security/bjorb/distinfo b/security/bjorb/distinfo deleted file mode 100644 index 7cf186cae605..000000000000 --- a/security/bjorb/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (bjorb-0.5.5p1.tar.gz) = abea77967a1a0fd2dcd1b407d652b3bf -SHA256 (bjorb-0.5.5p1.tar.gz) = b1674580625d7fc9832a49fb175b690db4f8fbaf7af11d0adddceb4ca7dfe7ac -SIZE (bjorb-0.5.5p1.tar.gz) = 70151 diff --git a/security/bjorb/files/patch-Config-staff.cc b/security/bjorb/files/patch-Config-staff.cc deleted file mode 100644 index c048f2edd648..000000000000 --- a/security/bjorb/files/patch-Config-staff.cc +++ /dev/null @@ -1,11 +0,0 @@ ---- Config-staff.cc.orig Fri Feb 21 10:27:31 2003 -+++ Config-staff.cc Fri Feb 21 10:27:47 2003 -@@ -342,7 +342,7 @@ - PUTERR(1, ("Generating a %d bit RSA private key\n", bits)); - - EVP_PKEY *pkey = 0; -- EVP_MD *digest = EVP_md5(); -+ const EVP_MD *digest = EVP_md5(); - X509 *x509 = 0; - X509_NAME *n = 0; - X509_NAME_ENTRY *ne = 0; diff --git a/security/bjorb/files/patch-aa b/security/bjorb/files/patch-aa deleted file mode 100644 index 0f8c5eb490f9..000000000000 --- a/security/bjorb/files/patch-aa +++ /dev/null @@ -1,53 +0,0 @@ ---- Makefile.in.orig Mon Feb 22 05:01:20 1999 -+++ Makefile.in Sun Jan 12 14:46:10 2003 -@@ -29,7 +29,7 @@ - LDFLAGS = - LIBS = @LIBS@ - --PREFIX = @prefix@ -+PREFIX ?= @prefix@ - exec_prefix = $(PREFIX) - sbindir = $(exec_prefix)/sbin - etcdir = $(exec_prefix)/etc -@@ -81,7 +81,7 @@ - $(INSTALL_DATA) ../doc/sample/bjorb.conf.sample $(etcdir)/bjorb.conf.sample - - $(TARGET): $(OBJS) -- $(CC) -o $(TARGET) $(ALL_LDFLAGS) $(OBJS) $(ALL_LIBS) -+ $(CXX) -o $(TARGET) $(ALL_LDFLAGS) $(OBJS) $(ALL_LIBS) - - debug:: - $(MAKE) CFLAGS="-g -DDEBUG" -@@ -116,13 +116,13 @@ - $(CC) -c $(ALL_CFLAGS) $< - - .cc.o: Makefile -- $(CC) -c $(ALL_CFLAGS) $< -+ $(CXX) -c $(ALL_CFLAGS) $< - - Makefile: Makefile.in - CONFIG_FILES=./$@ CONFIG_HEADERS= $(SHELL) ./config.status - - cmd.o: cmd.cc cmd-def.h -- $(CC) -c $(ALL_CFLAGS) $< -+ $(CXX) -c $(ALL_CFLAGS) $< - cmd.cc: cmd.list - gperf -aptCT -N in_word_set_cmdlist $? > $@ - bool.cc:bool.list -@@ -135,9 +135,13 @@ - autoconf - - certificate:: -- $(SSLTOP)/bin/req -new -x509 -out new.pem -nodes -days 365 -- cat new.pem privkey.pem > $(etcdir)/bjorb.pem -- @rm new.pem privkey.pem -+ (\ -+ [ -f $(PREFIX)/certs/bjorb.pem ] && exit 0; \ -+ cd $(PREFIX)/certs; \ -+ openssl req -new -x509 -nodes -days 365 -out bjorb.pem -keyout bjorb.pem; \ -+ ln -s bjorb.pem `openssl x509 -noout -hash < bjorb.pem`.0 ;\ -+ chmod 644 $(PREFIX)/certs/bjorb.pem; \ -+ ) - - install-bsd:: - @if test -f /etc/rc.bjorb ; then chmod +w /etc/rc.bjorb; fi diff --git a/security/bjorb/files/patch-ab b/security/bjorb/files/patch-ab deleted file mode 100644 index 24000248cb5e..000000000000 --- a/security/bjorb/files/patch-ab +++ /dev/null @@ -1,13 +0,0 @@ ---- ../doc/sample/bjorb.conf.sample.orig Tue Jul 7 22:39:16 1998 -+++ ../doc/sample/bjorb.conf.sample Tue Aug 25 14:17:58 1998 -@@ -5,8 +5,8 @@ - error_log /var/log/bjorb-err.log - do_fork true - deny_wait 0 --CA_cert_file /usr/local/etc/bjorb.pem --CA_cert_path /usr/local/etc/CA -+CA_cert_file /usr/local/certs/bjorb.pem -+CA_cert_path /usr/local/certs/CA - max_connection 100 - spare_servers 1 - diff --git a/security/bjorb/files/patch-ac b/security/bjorb/files/patch-ac deleted file mode 100644 index 3d51b891b711..000000000000 --- a/security/bjorb/files/patch-ac +++ /dev/null @@ -1,45 +0,0 @@ ---- configure.in.orig Sun Feb 21 20:40:47 1999 -+++ configure.in Sun Dec 26 12:02:27 1999 -@@ -16,6 +16,7 @@ - prefix=$ac_default_prefix - fi - ssltop=$prefix/ssl -+ssllib=$prefix/ssl - - dnl Checks for programs. - AC_PROG_AWK -@@ -86,6 +87,13 @@ - - AC_SUBST(ssltop) - -+# with SSL lib -+AC_ARG_WITH(ssllib, -+[ --with-ssllib=DIR specifies directory to put SSL libbary.], -+ssllib=$with_ssllib) -+ -+AC_SUBST(ssllib) -+ - dnl Checks for libraries. - - # shared option -@@ -100,12 +108,16 @@ - - # for USA_RESIDENT on FreeBSD - if test X$disable_ssl = X; then -- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$ssltop/lib" -+ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$ssllib" - export LD_LIBRARY_PATH - -- AC_CHECK_LIB(RSAglue, ERR_load_RSAREF_strings,,,-lcrypto -lssl) -- AC_CHECK_LIB(rsaref, DES3_CBCInit) -- ssllibs="-lssl -lcrypto" -+ AC_MSG_CHECKING([for RSAref library]) -+ saved_LIBS="-L$ssllib -lcrypto -lssl" -+ LIBS="$saved_LIBS -L${LOCALBASE}/lib -lRSAglue -lrsaref" -+ AC_TRY_LINK([], [], -+ [AC_MSG_RESULT(yes); ], -+ [AC_MSG_RESULT(no)]; LIBS="$saved_LIBS") -+ ssllibs="$LIBS" - fi - - deflib() diff --git a/security/bjorb/files/patch-ad b/security/bjorb/files/patch-ad deleted file mode 100644 index 0b2209425b9f..000000000000 --- a/security/bjorb/files/patch-ad +++ /dev/null @@ -1,29 +0,0 @@ ---- Config.cc.orig Mon Feb 22 04:07:51 1999 -+++ Config.cc Sun Jan 12 14:34:28 2003 -@@ -334,7 +334,7 @@ - int retval = 1; - - SOCKADDR_IN sa_client; -- int addr_len = sizeof(SOCKADDR_IN); -+ unsigned int addr_len = sizeof(SOCKADDR_IN); - - #ifndef NO_DEBUG - PUTERR(2, ("::accept() begin\n")); -@@ -574,7 +574,7 @@ - if (accept_port.getPortinfo()->isVerify()) { - _SSL_set_verify(ssl, - SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, -- (int (*)(...))BjorbSSLVerifyCallback); -+ BjorbSSLVerifyCallback); - } else { - _SSL_set_verify(ssl, SSL_VERIFY_NONE, 0); - } -@@ -620,7 +620,7 @@ - } else { - _SSL_CTX_set_verify(ctx_connect, - SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, -- (int (*)(...))BjorbSSLVerifyCallback); -+ BjorbSSLVerifyCallback); - } - - ssl = _SSL_new(ctx_connect); diff --git a/security/bjorb/files/patch-ae b/security/bjorb/files/patch-ae deleted file mode 100644 index 15ea1c500bc1..000000000000 --- a/security/bjorb/files/patch-ae +++ /dev/null @@ -1,14 +0,0 @@ ---- bool.cc.orig Mon Feb 22 03:40:47 1999 -+++ bool.cc Sun Jan 12 14:42:05 2003 -@@ -1,6 +1,11 @@ - /* C code produced by gperf version 2.1 (K&R C version) */ - /* Command-line: gperf -aptCT -N in_word_set_boollist bool.list */ - -+#include "config.h" -+ -+#ifdef HAVE_STRING_H -+#include <string.h> -+#endif /* HAVE_STRING_H */ - - #include "common.h" - #include "bool.h" diff --git a/security/bjorb/files/patch-af b/security/bjorb/files/patch-af deleted file mode 100644 index 68ea9f4477a1..000000000000 --- a/security/bjorb/files/patch-af +++ /dev/null @@ -1,14 +0,0 @@ ---- cmd.cc.orig Mon Feb 22 03:40:47 1999 -+++ cmd.cc Sun Jan 12 14:40:41 2003 -@@ -3,6 +3,11 @@ - - - #include "config.h" -+ -+#ifdef HAVE_STRING_H -+#include <string.h> -+#endif /* HAVE_STRING_H */ -+ - #include "cmd.h" - #include "Config.h" - #include "cmd-def.h" diff --git a/security/bjorb/files/patch-ag b/security/bjorb/files/patch-ag deleted file mode 100644 index a1b08e8cf073..000000000000 --- a/security/bjorb/files/patch-ag +++ /dev/null @@ -1,12 +0,0 @@ ---- portinfo.cc.orig Mon Feb 22 03:40:47 1999 -+++ portinfo.cc Sun Jan 12 14:40:05 2003 -@@ -1,3 +1,9 @@ -+#include "config.h" -+ -+#ifdef HAVE_STRING_H -+#include <string.h> -+#endif /* HAVE_STRING_H */ -+ - #include "common.h" - #include "portinfo.h" - #include "token.h" diff --git a/security/bjorb/files/patch-ah b/security/bjorb/files/patch-ah deleted file mode 100644 index 5fb500abdc0c..000000000000 --- a/security/bjorb/files/patch-ah +++ /dev/null @@ -1,14 +0,0 @@ ---- portoption.cc.orig Mon Feb 22 03:40:47 1999 -+++ portoption.cc Sun Jan 12 14:41:00 2003 -@@ -3,6 +3,11 @@ - - - #include "config.h" -+ -+#ifdef HAVE_STRING_H -+#include <string.h> -+#endif /* HAVE_STRING_H */ -+ - #include "Config.h" - - #define MIN_WORD_LENGTH 3 diff --git a/security/bjorb/files/patch-log.cc b/security/bjorb/files/patch-log.cc deleted file mode 100644 index 4ac571db5d01..000000000000 --- a/security/bjorb/files/patch-log.cc +++ /dev/null @@ -1,20 +0,0 @@ ---- log.cc.orig 2008-09-15 18:41:31.000000000 +0000 -+++ log.cc 2008-09-15 18:43:17.000000000 +0000 -@@ -183,7 +183,7 @@ - va_start(ap, fmt); - - #ifndef NO_SYSLOG -- if ((int)fp == -1) { -+ if (fp == (FILE *)-1) { - char buf[512]; - int level; - vsprintf(buf, fmt, ap); -@@ -241,7 +241,7 @@ - { - if (fp && fp != stderr - #ifndef NO_SYSLOG -- && (int)fp != -1 -+ && fp != (FILE *)-1 - #endif - ) { - put("Close log file\n"); diff --git a/security/bjorb/pkg-descr b/security/bjorb/pkg-descr deleted file mode 100644 index e2cc2a854425..000000000000 --- a/security/bjorb/pkg-descr +++ /dev/null @@ -1,10 +0,0 @@ -Bjorb is secure TCP relay software. Bjorb provides you, secure end-to-end -connection over insecure network such as Internet. - -Features: - 1. Encrypt/decrypt any "static port" TCP connection with SSL. - 2. Restrcit access by IP address. - 3. Server side certification. - 4. Client side certification. - -WWW: http://www.hitachi-ms.co.jp/bjorb/ diff --git a/security/bjorb/pkg-plist b/security/bjorb/pkg-plist deleted file mode 100644 index 8e8e1df0a9a9..000000000000 --- a/security/bjorb/pkg-plist +++ /dev/null @@ -1,17 +0,0 @@ -etc/bjorb.conf.sample -etc/rc.d/bjorb.sh.sample -sbin/bjorb -%%PORTDOCS%%%%DOCSDIR%%/ChangeLog -%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT -%%PORTDOCS%%%%DOCSDIR%%/INSTALL -%%PORTDOCS%%%%DOCSDIR%%/README -%%PORTDOCS%%%%DOCSDIR%%/ChangeLog.jp -%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.jp -%%PORTDOCS%%%%DOCSDIR%%/INSTALL.jp -%%PORTDOCS%%%%DOCSDIR%%/README.jp -%%PORTDOCS%%%%DOCSDIR%%/bjorb.conf.5.jp.txt -%%PORTDOCS%%%%DOCSDIR%%/features.jp -%%PORTDOCS%%@dirrm %%DOCSDIR%% -%%PORTEXAMPLES%%%%EXAMPLESDIR%%/bjorb.conf.doc -%%PORTEXAMPLES%%@dirrm %%EXAMPLESDIR%% -@exec ( [ -f %D/certs/bjorb.pem ] && exit ; echo "Making certificate files" ; cd %D/certs ; openssl req -new -x509 -nodes -days 365 -out bjorb.pem -keyout bjorb.pem; ln -s bjorb.pem `openssl x509 -noout -hash < bjorb.pem`.0 ; chmod 644 %D/certs/bjorb.pem ) diff --git a/security/borzoi/Makefile b/security/borzoi/Makefile deleted file mode 100644 index 1e6192042f73..000000000000 --- a/security/borzoi/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -# ex:ts=8 -# New ports collection makefile for: borZoi -# Date created: Aug 23, 2001 -# Whom: ijliao -# -# $FreeBSD$ -# - -PORTNAME= borzoi -PORTVERSION= 1.0.2 -PORTREVISION= 1 -CATEGORIES= security -MASTER_SITES= http://dragongate-technologies.com/borzoi/ -DISTNAME= borZoi-${PORTVERSION} - -MAINTAINER= ports@FreeBSD.org -COMMENT= An Elliptic Curve Cryptography Library - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -BUILD_DEPENDS= ${LOCALBASE}/lib/libntl.a:${PORTSDIR}/math/ntl -RUN_DEPENDS= ${LOCALBASE}/lib/libntl.a:${PORTSDIR}/math/ntl - -USE_AUTOTOOLS= libtool -GNU_CONFIGURE= yes -USE_LDCONFIG= yes - -.include <bsd.port.mk> diff --git a/security/borzoi/distinfo b/security/borzoi/distinfo deleted file mode 100644 index 0df01d2f4521..000000000000 --- a/security/borzoi/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (borZoi-1.0.2.tar.gz) = 31e7b8d243d14c20cc4a0d09f3ae4111 -SHA256 (borZoi-1.0.2.tar.gz) = 69723ad61057c1f6c67a092db856ac0751c2f95d97edb44fd8a1dc0860af2ab7 -SIZE (borZoi-1.0.2.tar.gz) = 605532 diff --git a/security/borzoi/pkg-descr b/security/borzoi/pkg-descr deleted file mode 100644 index 20ef0c68fd5a..000000000000 --- a/security/borzoi/pkg-descr +++ /dev/null @@ -1,3 +0,0 @@ -borZoi - An Elliptic Curve Cryptography Library - -WWW: http://dragongate-technologies.com/products.html#borZoi diff --git a/security/borzoi/pkg-plist b/security/borzoi/pkg-plist deleted file mode 100644 index f26b1f13a701..000000000000 --- a/security/borzoi/pkg-plist +++ /dev/null @@ -1,12 +0,0 @@ -bin/borzoi -include/borzoi.h -include/borzoi_math.h -include/borzoi_util.h -include/mpi.h -include/nist_curves.h -include/rijndael-alg-fst.h -include/rng.h -lib/libborzoi.a -lib/libborzoi.la -lib/libborzoi.so -lib/libborzoi.so.0 diff --git a/security/cmd5checkpw/Makefile b/security/cmd5checkpw/Makefile deleted file mode 100644 index 3e9cea6c7154..000000000000 --- a/security/cmd5checkpw/Makefile +++ /dev/null @@ -1,41 +0,0 @@ -# New ports collection makefile for: cmd5checkpw -# Date created: 8 Sep 2003 -# Whom: Clement Laforet <sheepkiller@cultdeadsheep.org> -# -# $FreeBSD$ -# - -PORTNAME= cmd5checkpw -PORTVERSION= 0.22 -CATEGORIES= security -MASTER_SITES= http://members.elysium.pl/brush/cmd5checkpw/dist/ - -MAINTAINER= ports@FreeBSD.org -COMMENT= Checkpassword compatible authentication program that uses CRAM-MD5 - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -MAN8= cmd5checkpw.8 - -DOCS_FILES= CHANGES CREDITS INSTALL README rfc1321.txt rfc2104.txt - -post-patch: - @${REINPLACE_CMD} -e 's|/etc/poppasswd|${LOCALBASE}/etc/poppasswd|' \ - ${WRKSRC}/main.c - @${REINPLACE_CMD} -e 's|^\(CC\)|#\1|; s|^\(CFLAGS\)|#\1|; \ - s|LD=gcc|LD=$${CC}|; s|LDFLAGS=-g|LDFLAGS=$${CFLAGS} ${LDFLAGS}|;' \ - ${WRKSRC}/Makefile - -do-install: - @${INSTALL_PROGRAM} ${WRKSRC}/cmd5checkpw ${LOCALBASE}/bin - @${INSTALL_DATA} ${WRKSRC}/poppasswd ${LOCALBASE}/etc/poppasswd.dist - @${INSTALL_MAN} ${WRKSRC}/cmd5checkpw.8 ${MANPREFIX}/man/man8 -.if !defined(NOPORTDOCS) - @${MKDIR} ${DOCSDIR} -. for f in ${DOCS_FILES} - @${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR} -. endfor -.endif - -.include <bsd.port.mk> diff --git a/security/cmd5checkpw/distinfo b/security/cmd5checkpw/distinfo deleted file mode 100644 index 8aa87bb07c94..000000000000 --- a/security/cmd5checkpw/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (cmd5checkpw-0.22.tar.gz) = 40092caf3608cbc8bd23220b2b28cb52 -SHA256 (cmd5checkpw-0.22.tar.gz) = 26d375a909520aaf980b59f01d994a796c87dfcf317b9dc31284f14ed92032d9 -SIZE (cmd5checkpw-0.22.tar.gz) = 24323 diff --git a/security/cmd5checkpw/pkg-descr b/security/cmd5checkpw/pkg-descr deleted file mode 100644 index 3c3409443f51..000000000000 --- a/security/cmd5checkpw/pkg-descr +++ /dev/null @@ -1,6 +0,0 @@ -cmd5checkpw is a checkpassword compatible authentication program that uses -CRAM-MD5 authentication mode. It was designed primary to work with qmail -but it can be used by any other program that knows how to use checkpassword -compatible authentication. - -WWW: http://members.elysium.pl/brush/cmd5checkpw/ diff --git a/security/cmd5checkpw/pkg-plist b/security/cmd5checkpw/pkg-plist deleted file mode 100644 index 75b84ff2372b..000000000000 --- a/security/cmd5checkpw/pkg-plist +++ /dev/null @@ -1,9 +0,0 @@ -bin/cmd5checkpw -etc/poppasswd.dist -%%PORTDOCS%%%%DOCSDIR%%/CHANGES -%%PORTDOCS%%%%DOCSDIR%%/CREDITS -%%PORTDOCS%%%%DOCSDIR%%/INSTALL -%%PORTDOCS%%%%DOCSDIR%%/README -%%PORTDOCS%%%%DOCSDIR%%/rfc1321.txt -%%PORTDOCS%%%%DOCSDIR%%/rfc2104.txt -%%PORTDOCS%%@dirrm %%DOCSDIR%% diff --git a/security/cops/Makefile b/security/cops/Makefile deleted file mode 100644 index 29005f5bb1d3..000000000000 --- a/security/cops/Makefile +++ /dev/null @@ -1,50 +0,0 @@ -# New ports collection makefile for: cops -# Date created: 29 August 1996 -# Whom: oly -# -# $FreeBSD$ -# - -PORTNAME= cops -PORTVERSION= 1.04 -CATEGORIES= security -MASTER_SITES= http://www.fish2.com/cops/ \ - http://mirror2.unixfreunde.de/ \ - http://freebsd.unixfreunde.de/sources/ -DISTNAME= ${PORTNAME}${PORTVERSION:S/.//g}+ - -MAINTAINER= ports@FreeBSD.org -COMMENT= A system secureness checker - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -WRKSRC= ${WRKDIR}/${PORTNAME}_${PORTVERSION:S/.//g}+ -HAS_CONFIGURE= yes -CONFIGURE_SCRIPT= reconfig -MAKEFILE= makefile -MAKE_ARGS= EXECUTABLE="${EXECUTABLE}" C_SRC="${C_SRC}" - -EXECUTABLE= home.chk user.chk is_writable crc crc_check \ - addto clearfiles filewriters members tilde is_able -C_SRC= home.chk.c user.chk.c is_able.c is_something.c \ - addto.c clearfiles.c filewriters.c members.c tilde.c \ - crc.c crc_check.c - -pre-build: - ${SED} \ - -e 's,^SECURE=/usr/foo/bar,SECURE=${PREFIX}/cops,g' \ - -e '/^$$SECURE\/passwd\.chk.*/d' \ - -e 's,SECURE_USERS="foo@bar\.edu",SECURE_USERS="root@localhost",g' \ - -e 's/passwd\.chk pass.chk //g' \ - ${WRKSRC}/cops > ${WRKSRC}/cops.out - ${MV} ${WRKSRC}/cops.out ${WRKSRC}/cops - -do-install: - ${MKDIR} ${PREFIX}/cops - ${TAR} -C ${WRKSRC} --exclude "*.old" -cf - . | \ - ${TAR} -C ${PREFIX}/cops --unlink -xf - - ${CHOWN} -R ${BINOWN}:${BINGRP} ${PREFIX}/cops - ${CHMOD} -R go-rwx ${PREFIX}/cops - -.include <bsd.port.mk> diff --git a/security/cops/distinfo b/security/cops/distinfo deleted file mode 100644 index 3175aa8a6622..000000000000 --- a/security/cops/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (cops104+.tar.gz) = d994194c3ee14e4a71b1312e98643606 -SHA256 (cops104+.tar.gz) = 5c673c4868fda0e0c0ac7f7b7aab7f31a2dff8266382b1c24dca94eedfa712b5 -SIZE (cops104+.tar.gz) = 288663 diff --git a/security/cops/files/patch-aa b/security/cops/files/patch-aa deleted file mode 100644 index 53a8e007bd75..000000000000 --- a/security/cops/files/patch-aa +++ /dev/null @@ -1,32 +0,0 @@ ---- perl/cops.orig Sat Feb 21 19:20:10 1998 -+++ perl/cops Sat Feb 21 19:21:06 1998 -@@ -1,8 +1,4 @@ --#!/bin/sh -- need to mention perl here to avoid recursion --'true' || eval 'exec perl -S $0 $argv:q'; --eval '(exit $?0)' && eval 'exec perl -S $0 ${1+"$@"}' --& eval 'exec /usr/local/bin/perl -S $0 $argv:q' -- if 0; -+#!/usr/bin/perl - - # - # Usage: cops [-vx] [-c config file] [-s secure_dir] [architecture] -@@ -83,7 +79,7 @@ - - # Read stuff to do from the config file - die "$0: Can't trust $CONFIG to reconfig!\n" if &'is_writable($CONFIG); --open CONFIG || die "can't open $CONFIG: $!"; -+open (CONFIG) || die "can't open $CONFIG: $!"; - - &argh unless -s $CONFIG; - -@@ -219,8 +215,8 @@ - } - return 1 if (($FILE2 eq "") || (-s $FILE1 != -s $report)); - -- open FILE1 || die "can't open $FILE1: $!\n"; -- open FILE2 || die "can't open $FILE2: $!\n"; -+ open (FILE1) || die "can't open $FILE1: $!\n"; -+ open (FILE2) || die "can't open $FILE2: $!\n"; - - for (1..5) { - $_ = <FILE1>; diff --git a/security/cops/files/patch-ab b/security/cops/files/patch-ab deleted file mode 100644 index 7e02909ab1e8..000000000000 --- a/security/cops/files/patch-ab +++ /dev/null @@ -1,11 +0,0 @@ ---- makefile.orig Tue Mar 9 02:19:18 1993 -+++ makefile Tue Jul 11 21:44:29 2000 -@@ -23,7 +23,7 @@ - # C2 = -DC2 - - # --CFLAGS = -O $(C2) -+CFLAGS+ = $(C2) - # sequents need "-lseq" as well... uncomment this if you're running on one: - # SEQFLAGS = -lseq - diff --git a/security/cops/pkg-descr b/security/cops/pkg-descr deleted file mode 100644 index 6e78a75205b2..000000000000 --- a/security/cops/pkg-descr +++ /dev/null @@ -1,9 +0,0 @@ -Cops is a set of programs to check how secure your system is. It -checks file and directory privileges, SUID programs, etc. It has -support for checking passwords, but this port doesn't include it -as it is DES based. This port installs cops in a single directory -area. The directory has no non-user privileges and cops is meant -to be run locally to that directory. The perl version of cops is -also included in a subdirectory. - -WWW: http://www.fish2.com/cops/ diff --git a/security/cops/pkg-plist b/security/cops/pkg-plist deleted file mode 100644 index 92eb7cdaa301..000000000000 --- a/security/cops/pkg-plist +++ /dev/null @@ -1,237 +0,0 @@ -cops/MANIFEST -cops/README.1 -cops/README.2.pl -cops/README.2.sh -cops/README.3 -cops/README.FIRST -cops/XTRA_CREDIT -cops/addto -cops/bug.chk -cops/bug.chk.aix -cops/bug.chk.apollo -cops/bug.chk.dec -cops/bug.chk.next -cops/bug.chk.sgi -cops/bug.chk.sun -cops/bug.chk.svr4 -cops/bug_cmp -cops/carp/How2Change -cops/carp/README -cops/carp/carp -cops/carp/carp.1 -cops/carp/carp.anlz -cops/carp/carp.anlz.1 -cops/carp/carp.awk -cops/carp/carp.table -cops/carp/carp2ps -cops/carp/carp2ps.1 -cops/checkacct/Article -cops/checkacct/Intro -cops/checkacct/Makefile -cops/checkacct/README.FIRST -cops/checkacct/bsd.m4 -cops/checkacct/ca.src -cops/checkacct/chkacct.1l -cops/checkacct/dotwrite -cops/checkacct/effect.dotwrit -cops/checkacct/effect.owners -cops/checkacct/effect.read -cops/checkacct/effect.rhosts -cops/checkacct/effect.setuid -cops/checkacct/effect.write -cops/checkacct/owners -cops/checkacct/prm.mm -cops/checkacct/prompt.help -cops/checkacct/readable -cops/checkacct/rhosts -cops/checkacct/rhosts.pl -cops/checkacct/setuid -cops/checkacct/sysV.m4 -cops/checkacct/write -cops/chk_strings -cops/clearfiles -cops/cops -cops/cops_filter -cops/cover_letter -cops/crc -cops/crc.chk -cops/crc_check -cops/crc_list -cops/cron.chk -cops/dev.chk -cops/disclaimer -cops/docs/COPS.report -cops/docs/COPS.report.ms -cops/docs/COPS.tex -cops/docs/CRC.README -cops/docs/KUANG.README -cops/docs/SUID.README -cops/docs/bug.chk -cops/docs/bug.chk.1 -cops/docs/cops -cops/docs/cops.1 -cops/docs/cron.chk -cops/docs/cron.chk.1 -cops/docs/dev.chk -cops/docs/dev.chk.1 -cops/docs/ftp.chk -cops/docs/group.chk -cops/docs/group.chk.1 -cops/docs/home.chk -cops/docs/home.chk.1 -cops/docs/is_able -cops/docs/is_able.1 -cops/docs/is_able.chk -cops/docs/is_able.chk.1 -cops/docs/is_writable -cops/docs/is_writable.1 -cops/docs/kuang.1 -cops/docs/kuang.man -cops/docs/kuang.man.ms -cops/docs/makefile -cops/docs/misc.chk -cops/docs/misc.chk.1 -cops/docs/obligatory.album -cops/docs/obligatory.joke -cops/docs/pass.chk -cops/docs/pass.chk.1 -cops/docs/pass_diff.chk -cops/docs/pass_diff.chk.1 -cops/docs/passwd.chk -cops/docs/passwd.chk.1 -cops/docs/rc.chk -cops/docs/rc.chk.1 -cops/docs/readme.C2 -cops/docs/readme.apollo -cops/docs/readme.cfilter -cops/docs/readme.filters -cops/docs/readme.ibm -cops/docs/readme.sequent -cops/docs/readme.shadow -cops/docs/readme.svr4 -cops/docs/readme.xenix -cops/docs/readme.yp -cops/docs/release.notes -cops/docs/root.chk -cops/docs/root.chk.1 -cops/docs/suid.man -cops/docs/suid.man.ms -cops/docs/tilde -cops/docs/user.chk -cops/docs/user.chk.1 -cops/docs/warnings -cops/extensions/THINGS_2_DO -cops/extensions/YAR -cops/extensions/crypto-stuff -cops/extensions/netstuff -cops/extensions/passwords -cops/extensions/questions -cops/extensions/uucp.hardening -cops/extensions/writing.suid -cops/extra_src/README -cops/extra_src/bad_dir.pl -cops/extra_src/diff_last.sh -cops/extra_src/mail.chk -cops/extra_src/pass.mail -cops/extra_src/rhosts_sweeper -cops/extra_src/stop.make -cops/extra_src/trust.pl -cops/extra_src/uucp_1.shar -cops/extra_src/uucp_2.shar -cops/extra_src/uucp_quick.chk -cops/file.paths -cops/filewriters -cops/ftp.chk -cops/gen_fix -cops/group.chk -cops/home.chk -cops/init_kuang -cops/is_able -cops/is_able.chk -cops/is_able.lst -cops/is_writable -cops/kuang -cops/kuang.pl.shar -cops/makefile -cops/makefile.orig -cops/members -cops/misc.chk -cops/pass.words -cops/pass_diff.chk -cops/passwd.chk -cops/patchlevel.h -cops/perl/README.kuang -cops/perl/README.sgi -cops/perl/chk_strings -cops/perl/chk_strings.pl -cops/perl/cops -cops/perl/cops.cf -cops/perl/cops.orig -cops/perl/cron.chk -cops/perl/dev.chk -cops/perl/fgrep.pl -cops/perl/file_mode.pl -cops/perl/file_owner.pl -cops/perl/ftp.chk -cops/perl/get-cf -cops/perl/getopts.pl -cops/perl/glob.pl -cops/perl/group.chk -cops/perl/hostname.pl -cops/perl/is_able.chk -cops/perl/is_able.lst -cops/perl/is_able.pl -cops/perl/kuang -cops/perl/kuang.1 -cops/perl/misc.chk -cops/perl/pass.cache.pl -cops/perl/pass.chk -cops/perl/passwd.chk -cops/perl/pathconf.pl -cops/perl/pathconf.sh -cops/perl/rc.chk -cops/perl/reconfig.pl -cops/perl/root.chk -cops/perl/rules.pl -cops/perl/shadow.sh -cops/perl/stat.pl -cops/perl/suckline.pl -cops/perl/suid.chk -cops/perl/suid.stop -cops/perl/user.chk -cops/perl/yagrip.pl -cops/platform -cops/quick_start -cops/rc.chk -cops/reconfig -cops/res_diff -cops/root.chk -cops/src/addto.c -cops/src/clearfiles.c -cops/src/conf.h -cops/src/crack-fcrypt.c -cops/src/crack-lib.c -cops/src/crack.h -cops/src/crc.c -cops/src/crc_check.c -cops/src/filewriters.c -cops/src/home.chk.c -cops/src/is_able.c -cops/src/is_something.c -cops/src/members.c -cops/src/pass.c -cops/src/tilde.c -cops/src/user.chk.c -cops/suid.chk -cops/suid.stop -cops/tilde -cops/user.chk -cops/yp_pass.chk -@dirrm cops/src -@dirrm cops/perl -@dirrm cops/extra_src -@dirrm cops/extensions -@dirrm cops/docs -@dirrm cops/checkacct -@dirrm cops/carp -@dirrm cops diff --git a/security/find_ddos/Makefile b/security/find_ddos/Makefile deleted file mode 100644 index cb1f2550f31c..000000000000 --- a/security/find_ddos/Makefile +++ /dev/null @@ -1,37 +0,0 @@ -# ex:ts=8 -# Ports collection makefile for: find_ddos -# Date created: Sun Feb 12, 2000 -# Whom: David O'Brien (obrien@NUXI.com) -# -# $FreeBSD$ -# - -PORTNAME= find_ddos -PORTVERSION= 4.2 -PORTREVISION= 1 -CATEGORIES= security -MASTER_SITES= http://www.nipc.gov/warnings/alerts/1999/ \ - http://www.ucl.ac.uk/cert/tools/ -DISTNAME= find_ddos_v42_linux -EXTRACT_SUFX= .tar.Z - -MAINTAINER= ports@FreeBSD.org -COMMENT= Scans a host filesystem for distributed denial of service programs - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -ONLY_FOR_ARCHS= i386 -WRKSRC= ${WRKDIR}/${PORTNAME} - -do-build: - @brandelf -t Linux ${WRKSRC}/find_ddos - -do-install: - @${INSTALL_SCRIPT} ${WRKSRC}/find_ddos ${PREFIX}/sbin -.if !defined(NOPORTDOCS) - @${MKDIR} ${DOCSDIR} - @${INSTALL_MAN} ${WRKSRC}/README ${DOCSDIR} -.endif - -.include <bsd.port.mk> diff --git a/security/find_ddos/distinfo b/security/find_ddos/distinfo deleted file mode 100644 index e4086c9e973b..000000000000 --- a/security/find_ddos/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (find_ddos_v42_linux.tar.Z) = 5af645362aa80a3fb6c1f1c3fab6e7a3 -SHA256 (find_ddos_v42_linux.tar.Z) = 63805d1dc1a201e9c5c99849a4f4092d618ba023fbae47f723f306c23a32ca93 -SIZE (find_ddos_v42_linux.tar.Z) = 367999 diff --git a/security/find_ddos/pkg-descr b/security/find_ddos/pkg-descr deleted file mode 100644 index e9160933227e..000000000000 --- a/security/find_ddos/pkg-descr +++ /dev/null @@ -1,11 +0,0 @@ -In response to a number of distributed denial-of-service (DDOS) attacks that -have been reported, the National Infrastructure Proctection Center (NIPC) -Special Technology Applications Unit (STAU) has developed a tool to assist in -combating this threat. ``find_ddos'' is intended to scan a local system that -is either known or suspected to contain a DDOS program. - -``find_ddos'' will detect tfn2k client, tfn2k daemon, trinoo daemon, trinoo -master, tfn daemon, tfn client, stacheldraht master, stacheldraht client, -stachelddraht demon and tfn-rush client. - -WWW: http://www.nipc.gov/warnings/alerts/1999/trinoo.htm diff --git a/security/find_ddos/pkg-plist b/security/find_ddos/pkg-plist deleted file mode 100644 index 066b73aadb59..000000000000 --- a/security/find_ddos/pkg-plist +++ /dev/null @@ -1,4 +0,0 @@ -@comment $FreeBSD$ -sbin/find_ddos -%%PORTDOCS%%share/doc/find_ddos/README -%%PORTDOCS%%@dirrm share/doc/find_ddos diff --git a/security/ftpmap/Makefile b/security/ftpmap/Makefile deleted file mode 100644 index 19b057dc9f1a..000000000000 --- a/security/ftpmap/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -# New ports collection makefile for: ftpmap -# Date created: 01 Nov 2002 -# Whom: Sergei Kolobov <sergei@kolobov.com> -# -# $FreeBSD$ -# - -PORTNAME= ftpmap -PORTVERSION= 0.4 -CATEGORIES= security ftp -MASTER_SITES= ftp://ftp.pureftpd.org/pub/pure-ftpd/ftpmap/ - -MAINTAINER= ports@FreeBSD.org -COMMENT= Identify remote FTP server software by fingerprinting - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -GNU_CONFIGURE= yes - -DOCS= AUTHORS NEWS README THANKS - -.if !defined(NOPORTDOCS) -post-install: - @${MKDIR} ${DOCSDIR} - cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR} -.endif - -.include <bsd.port.mk> diff --git a/security/ftpmap/distinfo b/security/ftpmap/distinfo deleted file mode 100644 index ad299215c84b..000000000000 --- a/security/ftpmap/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (ftpmap-0.4.tar.gz) = 5095c0712e4a906dae75f082acbabffb -SHA256 (ftpmap-0.4.tar.gz) = f16a705c6aa82aacb83e3b9ff09d2a4007cdaa54d40e62d13bde26d952c87550 -SIZE (ftpmap-0.4.tar.gz) = 95371 diff --git a/security/ftpmap/pkg-descr b/security/ftpmap/pkg-descr deleted file mode 100644 index d53e3498fad7..000000000000 --- a/security/ftpmap/pkg-descr +++ /dev/null @@ -1,6 +0,0 @@ -Ftpmap scans remote FTP servers to indentify what software and what versions -they are running. It uses program-specific fingerprints to discover the name -of the software even when banners have been changed or removed, or when some -features have been disabled. IPv6 is fully supported. - -WWW: http://www.jedi.claranet.fr/ diff --git a/security/ftpmap/pkg-plist b/security/ftpmap/pkg-plist deleted file mode 100644 index 06946609221f..000000000000 --- a/security/ftpmap/pkg-plist +++ /dev/null @@ -1,6 +0,0 @@ -bin/ftpmap -%%PORTDOCS%%%%DOCSDIR%%/AUTHORS -%%PORTDOCS%%%%DOCSDIR%%/NEWS -%%PORTDOCS%%%%DOCSDIR%%/README -%%PORTDOCS%%%%DOCSDIR%%/THANKS -%%PORTDOCS%%@dirrm %%DOCSDIR%% diff --git a/security/hafiye/Makefile b/security/hafiye/Makefile deleted file mode 100644 index 4b7782328855..000000000000 --- a/security/hafiye/Makefile +++ /dev/null @@ -1,32 +0,0 @@ -# ex:ts=8 -# Ports collection makefile for: hafiye -# Date Created: Aug 14, 2002 -# Whom: ijliao -# -# $FreeBSD$ -# - -PORTNAME= hafiye -PORTVERSION= 1.0 -PORTREVISION= 1 -CATEGORIES= security -MASTER_SITES= http://www.enderunix.org/hafiye/ - -MAINTAINER= ports@FreeBSD.org -COMMENT= Multi Platform Customizable TCP/IP Packet Sniffer - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -MAKE_ENV= LDFLAGS="-lpcap" - -post-patch: - @${REINPLACE_CMD} -e "s|^CC|#CC|g ; s|^CFLAGS|#CFLAGS|g ; \ - s|^LDFLAGS|#LDFLAGS|g" ${WRKSRC}/Makefile - -do-install: - ${INSTALL_PROGRAM} ${WRKSRC}/hafiye ${PREFIX}/bin - @${MKDIR} ${DATADIR} - ${CP} -R ${WRKSRC}/KB/* ${DATADIR} - -.include <bsd.port.mk> diff --git a/security/hafiye/distinfo b/security/hafiye/distinfo deleted file mode 100644 index f44bc689bf5e..000000000000 --- a/security/hafiye/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (hafiye-1.0.tar.gz) = 120ea0ed933ffbd6b6831aad638f2f7a -SHA256 (hafiye-1.0.tar.gz) = 18d52fd0fba9ba12a43a7e3c7eb39a657e19994f701e32fcd9f81406bc2e3830 -SIZE (hafiye-1.0.tar.gz) = 9139 diff --git a/security/hafiye/pkg-descr b/security/hafiye/pkg-descr deleted file mode 100644 index 514f5e3c1d79..000000000000 --- a/security/hafiye/pkg-descr +++ /dev/null @@ -1,18 +0,0 @@ -When I looked at the source code for various famous sniffers, I've noticed -that they all had all separate .C files for interpreting various protocols. -Why not have a sniffer that can understand user-supplied protocol details? -Here it is. - -When fired, Hafiye first visits each sub-directory under its knowledge-base -directory and opens to see whether it is a protocol knowledge-base file. If -so, It loads the necessary information from that file and places it into its -memory space. After constructing the supplied knowledge-base, Hafiye starts -looping for receiving packets. When a packet arrives, it demultiplexes the -layers according to its knowledge-base and prints protocol-based information. - -Features - - Multi Platform Support (Posix Compliant) - - Customizable Protocol Definitions (Layer II, III and IV) - - Customizable Packet Interpretation (Layer II, III and IV) - -WWW: http://www.enderunix.org/hafiye/ diff --git a/security/hafiye/pkg-plist b/security/hafiye/pkg-plist deleted file mode 100644 index c5e0fa92e1c2..000000000000 --- a/security/hafiye/pkg-plist +++ /dev/null @@ -1,10 +0,0 @@ -bin/hafiye -share/hafiye/LII/IP -share/hafiye/LIII/ICMP -share/hafiye/LIII/TCP -share/hafiye/LIII/UDP -share/hafiye/LIV/DNS -@dirrm share/hafiye/LII -@dirrm share/hafiye/LIII -@dirrm share/hafiye/LIV -@dirrm share/hafiye diff --git a/security/ident2/Makefile b/security/ident2/Makefile deleted file mode 100644 index a23f8eb1279d..000000000000 --- a/security/ident2/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -# New ports collection makefile for: ident2 -# Date created: 30 Nov 1999 -# Whom: rod@zort.on.ca -# -# $FreeBSD$ -# - -PORTNAME= ident2 -PORTVERSION= 1.07 -CATEGORIES= security net -MASTER_SITES= http://michael.bacarella.com/projects/ident2/ -DISTNAME= ident2-v${PORTVERSION}_FINAL - -MAINTAINER= ports@FreeBSD.org -COMMENT= An RFC1413 identification server which also supports random replies - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -USE_BZIP2= yes -GNU_CONFIGURE= yes -MAN8= ident2.8 -PLIST_FILES= sbin/ident2 - -do-install: - ${INSTALL_PROGRAM} ${WRKSRC}/ident2 ${PREFIX}/sbin - ${INSTALL_MAN} ${WRKSRC}/${MAN8} ${MANPREFIX}/man/man8/ - -.include <bsd.port.mk> diff --git a/security/ident2/distinfo b/security/ident2/distinfo deleted file mode 100644 index bc7ebb7c74d1..000000000000 --- a/security/ident2/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (ident2-v1.07_FINAL.tar.bz2) = be8e2d37a2a9338aeea9933ddda413e9 -SHA256 (ident2-v1.07_FINAL.tar.bz2) = 42d819862da94f7eeefb072e6cbdb0c5a0c38f3ba52e6eeb73641e72826e9a11 -SIZE (ident2-v1.07_FINAL.tar.bz2) = 49411 diff --git a/security/ident2/pkg-descr b/security/ident2/pkg-descr deleted file mode 100644 index 277a7110f307..000000000000 --- a/security/ident2/pkg-descr +++ /dev/null @@ -1,9 +0,0 @@ -This ident daemon runs as either a standalong daemon or as a child of inetd. -Replies of your choice can be generated through a .ident file in the users -home directory. A .noident will make it do an ident will not be conducted -if the file is found in the users home directory. - -The server can also send random replies to all requests. This simplifies -the problem of using IRC through a NATD network. - -WWW: http://michael.bacarella.com/?p=projects#ident2 diff --git a/security/liedentd/Makefile b/security/liedentd/Makefile deleted file mode 100644 index 4797db29f46c..000000000000 --- a/security/liedentd/Makefile +++ /dev/null @@ -1,20 +0,0 @@ -# New ports collection makefile for: liedentd -# Date created: 20 Mar 2001 -# Whom: wes@freebsd.org -# -# $FreeBSD$ -# - -PORTNAME= liedentd -PORTVERSION= 1.1 -CATEGORIES= security net -MASTER_SITES= ${MASTER_SITE_LOCAL} -MASTER_SITE_SUBDIR= wes - -MAINTAINER= ports@FreeBSD.org -COMMENT= An ident server which refuses to divulge security information - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -.include <bsd.port.mk> diff --git a/security/liedentd/distinfo b/security/liedentd/distinfo deleted file mode 100644 index 21d170d9f49b..000000000000 --- a/security/liedentd/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (liedentd-1.1.tar.gz) = 751557eb82472c36629786540f99b3c3e4bb51d207211de59d0df4fcddb63594 -SIZE (liedentd-1.1.tar.gz) = 4262 diff --git a/security/liedentd/pkg-descr b/security/liedentd/pkg-descr deleted file mode 100644 index fb2e35252e54..000000000000 --- a/security/liedentd/pkg-descr +++ /dev/null @@ -1,7 +0,0 @@ -This ident daemon runs as a standalone daemon and lies about users. By -default, a random string is returned for each ident request, in order to -preserve the security of your system. The name returned and the OS name -may be specified on the command line. - -When run on a NAT router, this server simplifies the problem of using IRC -through a NAT network. diff --git a/security/liedentd/pkg-plist b/security/liedentd/pkg-plist deleted file mode 100644 index b0be88e0f527..000000000000 --- a/security/liedentd/pkg-plist +++ /dev/null @@ -1,2 +0,0 @@ -sbin/liedentd -etc/rc.d/liedentd.sh diff --git a/security/pam_pop3/Makefile b/security/pam_pop3/Makefile deleted file mode 100644 index 6c06477818fb..000000000000 --- a/security/pam_pop3/Makefile +++ /dev/null @@ -1,33 +0,0 @@ -# New ports collection makefile for: pam_pop3 -# Date created: 16 July 2002 -# Whom: Gea-Suan Lin <gslin@ccca.nctu.edu.tw> -# -# $FreeBSD$ -# - -PORTNAME= pam_pop3 -PORTVERSION= 1.0 -PORTREVISION= 1 -CATEGORIES= security -MASTER_SITES= http://shum.huji.ac.il/~schapiro/linux/pam_pop3/ - -MAINTAINER= ports@FreeBSD.org -COMMENT= This module authenticates a user against a POP3 server - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -WRKSRC= ${WRKDIR}/${PORTNAME} - -do-build: - ${CC} ${CFLAGS} -fpic -DPIC -Wall -c ${WRKSRC}/pam_pop3.c -o ${WRKSRC}/pam_pop3.o - ${LD} -x --shared -o ${WRKSRC}/pam_pop3.so ${WRKSRC}/pam_pop3.o -lpam -lcrypt - -do-install: - @${INSTALL_DATA} ${WRKSRC}/${PORTNAME}.so ${PREFIX}/lib -.if !defined(NOPORTDOCS) - @${MKDIR} ${DOCSDIR} - ${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR} -.endif - -.include <bsd.port.mk> diff --git a/security/pam_pop3/distinfo b/security/pam_pop3/distinfo deleted file mode 100644 index 685e8eae2d75..000000000000 --- a/security/pam_pop3/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (pam_pop3-1.0.tar.gz) = e9bfebe349f79e308ff8d329e5b25f91 -SHA256 (pam_pop3-1.0.tar.gz) = 82b5f56cd29903051a1deea654cbf35ed5a3ac60271da440ff5de2338d415828 -SIZE (pam_pop3-1.0.tar.gz) = 5271 diff --git a/security/pam_pop3/files/patch-pam_pop3.c b/security/pam_pop3/files/patch-pam_pop3.c deleted file mode 100644 index 6eff9e2bf73c..000000000000 --- a/security/pam_pop3/files/patch-pam_pop3.c +++ /dev/null @@ -1,37 +0,0 @@ ---- pam_pop3.c.orig Tue Jul 16 00:14:29 2002 -+++ pam_pop3.c Tue Jul 16 00:16:38 2002 -@@ -21,6 +21,7 @@ - #include <errno.h> - #include <netdb.h> - #include <sys/types.h> -+#include <sys/time.h> - #include <netinet/in.h> - #include <sys/socket.h> - -@@ -85,7 +86,7 @@ - close(sockfd); - return -1; - } -- if ((numbytes=recv(sockfd,buf,BUFLEN-1,MSG_NOSIGNAL))<=0) -+ if ((numbytes=recv(sockfd,buf,BUFLEN-1,0))<=0) - { - if (numbytes==0) - /* other side closed connection */ -@@ -138,7 +139,7 @@ - close(sockfd); - return -1; - } -- if ((numbytes=send(sockfd,buf,strlen(buf),MSG_NOSIGNAL))<strlen(buf)) -+ if ((numbytes=send(sockfd,buf,strlen(buf),0))<strlen(buf)) - { - /* it did not send everything, try once more and then fail */ - if (numbytes>0) -@@ -153,7 +154,7 @@ - return -1; - } - /* send remaining bytes */ -- numbytes+=send(sockfd,buf+numbytes,strlen(buf)-numbytes,MSG_NOSIGNAL); -+ numbytes+=send(sockfd,buf+numbytes,strlen(buf)-numbytes,0); - } - if (numbytes!=strlen(buf)) - { diff --git a/security/pam_pop3/pkg-descr b/security/pam_pop3/pkg-descr deleted file mode 100644 index 9ffa70f21d9a..000000000000 --- a/security/pam_pop3/pkg-descr +++ /dev/null @@ -1,6 +0,0 @@ -pam_pop3 by Schlomo Schapiro (schapiro@huji.ac.il) - -This module authenticates a user against a POP3 server. -It supplies only the AUTH functions. - -WWW: http://shum.huji.ac.il/~schapiro/linux/ diff --git a/security/pam_pop3/pkg-plist b/security/pam_pop3/pkg-plist deleted file mode 100644 index f84e6e016a45..000000000000 --- a/security/pam_pop3/pkg-plist +++ /dev/null @@ -1,3 +0,0 @@ -lib/pam_pop3.so -%%PORTDOCS%%share/doc/pam_pop3/README -%%PORTDOCS%%@dirrm share/doc/pam_pop3 diff --git a/security/poc/Makefile b/security/poc/Makefile deleted file mode 100644 index e80c5739b126..000000000000 --- a/security/poc/Makefile +++ /dev/null @@ -1,34 +0,0 @@ -# New ports collection makefile for: poc -# Date created: Tue Jun 11 22:43:06 CEST 2002 -# Whom: king@v2project.com -# -# $FreeBSD$ -# - -PORTNAME= poc -PORTVERSION= 1.2 -PORTREVISION= 3 -CATEGORIES= security -MASTER_SITES= ${MASTER_SITE_GNU} -MASTER_SITE_SUBDIR=poc - -MAINTAINER= ports@FreeBSD.org -COMMENT= Program for managing passwords on smartcards - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -LIB_DEPENDS= towitoko.2:${PORTSDIR}/devel/towitoko - -PLIST_FILES= bin/poc -USE_GMAKE= yes -GNU_CONFIGURE= yes -CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \ - LDFLAGS="-L${LOCALBASE}/lib" - -post-patch: - ${REINPLACE_CMD} -e "s,^CFLAGS,#CFLAGS,; \ - s,^CPPFLAGS =,CPPFLAGS = ${CPPFLAGS} -I${LOCALBASE}/include," \ - ${WRKSRC}/src/Makefile.in - -.include <bsd.port.mk> diff --git a/security/poc/distinfo b/security/poc/distinfo deleted file mode 100644 index a16370fe6743..000000000000 --- a/security/poc/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (poc-1.2.tar.gz) = 06cdaa49f3ca5703b170b229e83a0375 -SHA256 (poc-1.2.tar.gz) = e22260de0a6ea8e001ce9e13dee0e88db3bebcfa2d629f662ee2b7c244444727 -SIZE (poc-1.2.tar.gz) = 133376 diff --git a/security/poc/files/patch-src_missing__libs.h b/security/poc/files/patch-src_missing__libs.h deleted file mode 100644 index 0dcf40832e8d..000000000000 --- a/security/poc/files/patch-src_missing__libs.h +++ /dev/null @@ -1,14 +0,0 @@ - -$FreeBSD$ - ---- src/missing_libs.h.orig Thu Jul 25 17:11:57 2002 -+++ src/missing_libs.h Thu Jul 25 17:12:25 2002 -@@ -46,7 +46,7 @@ - #define __bswap_constant_16(x) \ - ((((x) >> 8) & 0xff) | (((x) & 0xff) << 8)) - --#if defined __GNUC__ && __GNUC__ >= 2 -+#if defined __i386__ && defined __GNUC__ && __GNUC__ >= 2 - # define __bswap_16(x) \ - (__extension__ \ - ({ register unsigned short int __v; \ diff --git a/security/poc/pkg-descr b/security/poc/pkg-descr deleted file mode 100644 index 3e2e540e2c76..000000000000 --- a/security/poc/pkg-descr +++ /dev/null @@ -1,15 +0,0 @@ -GNU POC is a program for managing passwords on smartcards - -Each password is stored together with a description on the card. -All data on the card is stored encrypted so others won't be able to -get your passwords by reading the card. - -POC encrypts using Blowfish or Rijndael (AES) with a 192 or 256 bit key -(depending on the security level selected by the user). -Other algorithms can be added easily - -POC needs a CT-API library. I use the one by Carlos Prados -(http://www.geocities.com/cprados/) for TOWITOKO readers. -for TOWITOKO readers - -WWW: http://www.gnu.org/software/poc/poc.html diff --git a/security/portscanner/Makefile b/security/portscanner/Makefile deleted file mode 100644 index 8f33afd22741..000000000000 --- a/security/portscanner/Makefile +++ /dev/null @@ -1,30 +0,0 @@ -# New ports collection makefile for: portscanner -# Date created: 11 August 1998 -# Whom: Bill Fumerola <billf@chc-chimes.com> -# -# $FreeBSD$ -# - -PORTNAME= portscanner -PORTVERSION= 1.2 -PORTREVISION= 1 -CATEGORIES= security -MASTER_SITES= ${MASTER_SITE_PACKETSTORM} -MASTER_SITE_SUBDIR= UNIX/scanners -DISTNAME= PortScanner-${PORTVERSION} - -MAINTAINER= ports@FreeBSD.org -COMMENT= A simple and easy to use TCP port scanner - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -PLIST_FILES= bin/portscanner - -do-build: - @ ${CC} -o ${WRKSRC}/portscanner ${CFLAGS} ${WRKSRC}/portscanner.c - -do-install: - @ ${INSTALL_PROGRAM} ${WRKSRC}/portscanner ${PREFIX}/bin - -.include <bsd.port.mk> diff --git a/security/portscanner/distinfo b/security/portscanner/distinfo deleted file mode 100644 index 1602673a3e0a..000000000000 --- a/security/portscanner/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (PortScanner-1.2.tar.gz) = e03b613ad7bc102d041d1e4b4442b99a -SHA256 (PortScanner-1.2.tar.gz) = 6a73284482200a882d86ebb03397b6d3c4e02dbff78b57e311d409ef479894e9 -SIZE (PortScanner-1.2.tar.gz) = 6825 diff --git a/security/portscanner/files/patch-ab b/security/portscanner/files/patch-ab deleted file mode 100644 index d1656f1d1a75..000000000000 --- a/security/portscanner/files/patch-ab +++ /dev/null @@ -1,12 +0,0 @@ ---- portscanner.c.orig Wed Aug 19 10:37:44 1998 -+++ portscanner.c Sun Jul 7 13:16:39 2002 -@@ -25,8 +25,8 @@ - /***********************************************************/ - - #include <stdio.h> --#include <sys/socket.h> - #include <sys/types.h> -+#include <sys/socket.h> - #include <netinet/in.h> - #include <unistd.h> - #include <netdb.h> diff --git a/security/portscanner/pkg-descr b/security/portscanner/pkg-descr deleted file mode 100644 index 6cc5603187f8..000000000000 --- a/security/portscanner/pkg-descr +++ /dev/null @@ -1,5 +0,0 @@ -PortScanner is a simple and easy to use TCP port scanner. It is usually used to -log the running servers on a remote machine for security purposes and to help -people find services. - -WWW: http://www.ameth.org/~veilleux/ diff --git a/security/ppgen/Makefile b/security/ppgen/Makefile deleted file mode 100644 index a540f15d6393..000000000000 --- a/security/ppgen/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -# Ports collection makefile for: ppgen -# Date created: 22 Aug 2001 -# Whom: Kris Kennaway <kris@FreeBSD.org> -# -# $FreeBSD$ -# - -PORTNAME= ppgen -PORTVERSION= 1.0 -CATEGORIES= security -MASTER_SITES= ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/ppgen/ -DISTFILES= ${DISTNAME}.tar.gz en.gz -EXTRACT_ONLY= ${DISTNAME}.tar.gz - -MAINTAINER= ports@FreeBSD.org -COMMENT= Secure passphrase generator - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -GNU_CONFIGURE= yes - -MAN1= ppgen.1 - -post-install: - ${MKDIR} ${PREFIX}/share/ppgen - ${GZIP_CMD} -dc ${DISTDIR}/en.gz > ${PREFIX}/share/ppgen/en - -.include <bsd.port.mk> diff --git a/security/ppgen/distinfo b/security/ppgen/distinfo deleted file mode 100644 index 783de997d158..000000000000 --- a/security/ppgen/distinfo +++ /dev/null @@ -1,6 +0,0 @@ -MD5 (ppgen-1.0.tar.gz) = 7544cda944428cfc2d17432adda25dc3 -SHA256 (ppgen-1.0.tar.gz) = ac3977cd2312d6006c04284ec2c2ec6a0317102a27944825a94af2e39f192b4c -SIZE (ppgen-1.0.tar.gz) = 18123 -MD5 (en.gz) = 2a84c2d569c334dee1770e49de14455b -SHA256 (en.gz) = 20b88b5abbb2666510a0fd6ce05199adc70b1320403c841cf21a6b55b6810166 -SIZE (en.gz) = 123541 diff --git a/security/ppgen/files/patch-ppg_random_c b/security/ppgen/files/patch-ppg_random_c deleted file mode 100644 index 517f94d07b96..000000000000 --- a/security/ppgen/files/patch-ppg_random_c +++ /dev/null @@ -1,11 +0,0 @@ ---- ppg_random.c.orig Tue Aug 29 04:19:01 1995 -+++ ppg_random.c Sat Aug 12 20:14:39 2000 -@@ -109,7 +109,7 @@ pgp_rand_really_init() - - int i; - -- SRAND(time(NULL)^getpid()); -+ srandomdev(); - - for (i = 0; i < cachesize; i++) { - /* Conservatively, take what RAND() returns and fold it down diff --git a/security/ppgen/files/patch-ppgen_c b/security/ppgen/files/patch-ppgen_c deleted file mode 100644 index e282f1fc7c35..000000000000 --- a/security/ppgen/files/patch-ppgen_c +++ /dev/null @@ -1,10 +0,0 @@ ---- ppgen.c.orig Tue Aug 29 05:10:45 1995 -+++ ppgen.c Sat Aug 12 19:55:51 2000 -@@ -29,6 +29,7 @@ - #else - char *optarg; - #endif -+#include <errno.h> - - #include "ppg_random.h" - diff --git a/security/ppgen/pkg-descr b/security/ppgen/pkg-descr deleted file mode 100644 index 0285d4c9879b..000000000000 --- a/security/ppgen/pkg-descr +++ /dev/null @@ -1,14 +0,0 @@ -From the author (Michael Shields <shields@tembel.org>): - -ppgen generates passphrases using strings of words, long enough to have -an arbitrary level of entropy. It can use any dictionary and the best -available source of randomness, including PGP's cryptographic RNG if you -have version 2.6.2. It is written in portable C, and it is fairly fast. - -You can use ppgen to generate passphrases whenever you have a program that -accepts long passwords. I use it for Kerberos and for local passwords -(I use the FreeBSD MD5-based crypt(3), not the standard limited Unix one), -and for my PGP keyring. - -Because ppgen is so simple, it can also easily be used by passwd(1) -or adduser(1) programs to choose passwords for users. diff --git a/security/ppgen/pkg-plist b/security/ppgen/pkg-plist deleted file mode 100644 index cbbd7627cda0..000000000000 --- a/security/ppgen/pkg-plist +++ /dev/null @@ -1,3 +0,0 @@ -bin/ppgen -share/ppgen/en -@dirrm share/ppgen diff --git a/security/qident/Makefile b/security/qident/Makefile deleted file mode 100644 index 89b65b7e4cd5..000000000000 --- a/security/qident/Makefile +++ /dev/null @@ -1,45 +0,0 @@ -# New ports collection makefile for: qident -# Date created: 30 August 2001 -# Whom: dd -# -# $FreeBSD$ -# - -PORTNAME= qident -PORTVERSION= 1.2 -CATEGORIES= security -MASTER_SITES= http://www.hairylemon.org/~ad/software/qident/ - -MAINTAINER= ports@FreeBSD.org -COMMENT= Query a remote IDENT (RFC 1413) server - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -LIB_DEPENDS= ident.0:${PORTSDIR}/security/libident - -MANSECTS= 1 -MAN1= qident.1 -MANCOMPRESSED= maybe - -# MAN page COMPression SUFFIX -.if !defined(NO_MANCOMPRESS) -MANCOMPSUFFIX= .gz -.else -MANCOMPSUFFIX= -.endif - -PLIST_FILES= bin/qident - -post-patch: - @${REINPLACE_CMD} -e 's/getopt[.]h/unistd.h/g' ${WRKSRC}/* - -do-install: - @${INSTALL_PROGRAM} ${WRKSRC}/qident ${PREFIX}/bin/qident -.for __s in ${MANSECTS} -.for __m in ${MAN${__s}:S/$/${MANCOMPSUFFIX}/} - @${INSTALL_MAN} ${WRKSRC}/${__m} ${PREFIX}/man/man${__s}/${__m} -.endfor -.endfor - -.include <bsd.port.mk> diff --git a/security/qident/distinfo b/security/qident/distinfo deleted file mode 100644 index a1e14297e15b..000000000000 --- a/security/qident/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (qident-1.2.tar.gz) = 0969539b3855f9b67361bde0f7de7448 -SHA256 (qident-1.2.tar.gz) = 413556b060a2096c016053a60622039fc47a3e517b1443d460b599ea1a4e1479 -SIZE (qident-1.2.tar.gz) = 2760 diff --git a/security/qident/pkg-descr b/security/qident/pkg-descr deleted file mode 100644 index 1da5d3ab5ca0..000000000000 --- a/security/qident/pkg-descr +++ /dev/null @@ -1,4 +0,0 @@ -A small program to query an ident protocol server (rfc1413). Uses the -`libident' library. - -WWW: http://www.hairylemon.org/~ad/software/qident/ diff --git a/security/quintuple-agent/Makefile b/security/quintuple-agent/Makefile deleted file mode 100644 index 23c553f37244..000000000000 --- a/security/quintuple-agent/Makefile +++ /dev/null @@ -1,46 +0,0 @@ -# New ports collection makefile for: quintuple-agent -# Date created: 2003-02-06 -# Whom: Volker Stolz <stolz@i2.informatik.rwth-aachen.de> -# -# $FreeBSD$ -# - -PORTNAME= quintuple-agent -PORTVERSION= 1.0.4 -PORTREVISION= 4 -CATEGORIES= security -MASTER_SITES= ${MASTER_SITE_DEBIAN_POOL} -DISTNAME= ${PORTNAME}_${PORTVERSION}.orig - -MAINTAINER= ports@FreeBSD.org -COMMENT= Quintuple Agent is a program that stores secrets for you - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -USE_GETTEXT= yes -USE_GNOME= glib12 -.ifndef(WITHOUT_X11) -USE_GNOME+= gtk12 -PLIST_SUB+= X11="" -.else -PLIST_SUB+= X11="@comment " -.endif - -WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}.orig -GNU_CONFIGURE= yes -CONFIGURE_ENV+= CPPFLAGS="${CPPFLAGS} -I${LOCALBASE}/include" -#catgets disabled because it can't find all messages: -#CONFIGURE_ARGS+=--with-catgets -.ifdef(WITHOUT_X11) -CONFIGURE_ARGS+=--disable-gtktest -.endif -USE_GMAKE= yes -MAKE_ARGS= SUBDIRS="doc intl lib m4 po . test" - -MAN1= agpg.1 apgp.1 q-agent.1 secret-ask.1 q-client.1 secret-query.1 - -post-install: - @${CAT} ${PKGMESSAGE} - -.include <bsd.port.mk> diff --git a/security/quintuple-agent/distinfo b/security/quintuple-agent/distinfo deleted file mode 100644 index e2861d7c2cce..000000000000 --- a/security/quintuple-agent/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (quintuple-agent_1.0.4.orig.tar.gz) = c66079ad6fbb3962aa151b79e414e233 -SHA256 (quintuple-agent_1.0.4.orig.tar.gz) = bd17fd1be36e67ced211f3902d0f77d417963af35214605500d549377ffb17a2 -SIZE (quintuple-agent_1.0.4.orig.tar.gz) = 341223 diff --git a/security/quintuple-agent/files/patch-agpg.c b/security/quintuple-agent/files/patch-agpg.c deleted file mode 100644 index 61cd90a5e093..000000000000 --- a/security/quintuple-agent/files/patch-agpg.c +++ /dev/null @@ -1,21 +0,0 @@ ---- agpg.c 2002-09-28 07:16:01.000000000 +0000 -+++ agpg.c 2005-02-21 21:49:21.466050839 +0000 -@@ -100,11 +100,13 @@ - if (id) - free(buf); - while ((len = getline(&line, &size, gpg)) > 0) { -- if (len > 10 && !strncmp(line, "sec ", 4) && line[10] == '/') { -- char *x; -- if ((x = strchr(line + 11, ' ')) != NULL) { -- *x = 0; -- id = strdup(line + 11); -+#define GPG_SECKEYS_DELIM " \t/" -+ if (strncmp(line, "sec ", 4) == 0 && -+ strtok(line, GPG_SECKEYS_DELIM) && -+ strtok(NULL, GPG_SECKEYS_DELIM)) { -+ char *x; -+ if ((x = strtok(NULL, GPG_SECKEYS_DELIM)) != NULL) { -+ id = strdup(x); - free(line); - pclose(gpg); - return id; diff --git a/security/quintuple-agent/files/patch-configure b/security/quintuple-agent/files/patch-configure deleted file mode 100644 index b67b8754609f..000000000000 --- a/security/quintuple-agent/files/patch-configure +++ /dev/null @@ -1,11 +0,0 @@ ---- configure.orig Tue Mar 15 14:22:33 2005 -+++ configure Tue Mar 15 14:22:43 2005 -@@ -9388,7 +9388,7 @@ - _ACEOF - - -- ac_config_files="$ac_config_files Makefile debian/Makefile doc/Makefile intl/Makefile lib/Makefile m4/Makefile po/Makefile.in test/Makefile" -+ ac_config_files="$ac_config_files Makefile doc/Makefile intl/Makefile lib/Makefile m4/Makefile po/Makefile.in test/Makefile" - cat >confcache <<\_ACEOF - # This file is a shell script that caches the results of configure - # tests run on this system so they can be shared between configure diff --git a/security/quintuple-agent/pkg-descr b/security/quintuple-agent/pkg-descr deleted file mode 100644 index a06c47229fd2..000000000000 --- a/security/quintuple-agent/pkg-descr +++ /dev/null @@ -1,7 +0,0 @@ -Quintuple Agent is a program that stores secrets for you. - - An example usage of Quintuple Agent would be for the storage of a -passphrase. This way you will have to enter the passphrase only once -in a while, not everytime it is needed. - -WWW: http://www.vibe.at/tools/q-agent/ diff --git a/security/quintuple-agent/pkg-message b/security/quintuple-agent/pkg-message deleted file mode 100644 index 861ea46f953a..000000000000 --- a/security/quintuple-agent/pkg-message +++ /dev/null @@ -1,5 +0,0 @@ - -You might want to consider making at least q-agent setuid root -so that it can successfully use mlock() to protect your secrets -in memory. - diff --git a/security/quintuple-agent/pkg-plist b/security/quintuple-agent/pkg-plist deleted file mode 100644 index 9ac7557b472a..000000000000 --- a/security/quintuple-agent/pkg-plist +++ /dev/null @@ -1,13 +0,0 @@ -bin/agpg -bin/apgp -bin/q-agent -bin/q-client -%%X11%%bin/secret-query -%%X11%%bin/secret-ask -share/locale/de/LC_MESSAGES/quintuple-agent.mo -share/locale/es_ES/LC_MESSAGES/quintuple-agent.mo -share/locale/fr/LC_MESSAGES/quintuple-agent.mo -share/locale/it/LC_MESSAGES/quintuple-agent.mo -share/locale/pl/LC_MESSAGES/quintuple-agent.mo -share/locale/pt_BR/LC_MESSAGES/quintuple-agent.mo -share/locale/ru/LC_MESSAGES/quintuple-agent.mo diff --git a/security/rc5pipe/Makefile b/security/rc5pipe/Makefile deleted file mode 100644 index 6cb7bfd4e29e..000000000000 --- a/security/rc5pipe/Makefile +++ /dev/null @@ -1,26 +0,0 @@ -# New ports collection makefile for: rc5pipe -# Date created: 25 June 2002 -# Whom: Frerich Raabe <frerich.raabe@gmx.de> -# -# $FreeBSD$ -# - -PORTNAME= rc5pipe -PORTVERSION= 1.1 -CATEGORIES= security -MASTER_SITES= http://people.fruitsalad.org/bdavis/FreeBSD/ports/distfiles/ -EXTRACT_SUFX= .tgz - -MAINTAINER= ports@FreeBSD.org -COMMENT= RC5 en-/decryption via UNIX pipes - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -PLIST_FILES= bin/rc5pipe -WRKSRC= ${WRKDIR}/rc5pipe - -do-install: - ${INSTALL_PROGRAM} ${WRKSRC}/rc5pipe ${PREFIX}/bin/rc5pipe - -.include <bsd.port.mk> diff --git a/security/rc5pipe/distinfo b/security/rc5pipe/distinfo deleted file mode 100644 index 30bac64f8a94..000000000000 --- a/security/rc5pipe/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (rc5pipe-1.1.tgz) = df7d4b5f1f74ed04060fce577acf637b -SHA256 (rc5pipe-1.1.tgz) = b0422e405227631f664a8d9e76f67f1815532da4dbb2f117bde379fbf135668f -SIZE (rc5pipe-1.1.tgz) = 10637 diff --git a/security/rc5pipe/files/patch-Makefile b/security/rc5pipe/files/patch-Makefile deleted file mode 100644 index 647cf93e542f..000000000000 --- a/security/rc5pipe/files/patch-Makefile +++ /dev/null @@ -1,11 +0,0 @@ ---- Makefile.orig Wed Jun 26 12:18:06 2002 -+++ Makefile Wed Jun 26 12:18:32 2002 -@@ -1,6 +1,5 @@ --CC=gcc --CFLAGS= -I/usr/local/include -s -O2 --LIBS= -L/usr/local/lib -+CFLAGS+= -I${LOCALBASE}/include -s -+LIBS= -L${LOCALBASE}/lib - - all: - $(CC) $(CFLAGS) -o rc5pipe rc5pipe.c $(LIBS) diff --git a/security/rc5pipe/pkg-descr b/security/rc5pipe/pkg-descr deleted file mode 100644 index 84f827117a42..000000000000 --- a/security/rc5pipe/pkg-descr +++ /dev/null @@ -1,3 +0,0 @@ -rc5pipe is a security program for encrypting and decrypting text via UNIX -pipes. It uses the 128-bit RC5 encryption algorithm and takes advantage of -padding, and is especially useful if combined with netcat. diff --git a/security/rid/Makefile b/security/rid/Makefile deleted file mode 100644 index 3d9e90dd7607..000000000000 --- a/security/rid/Makefile +++ /dev/null @@ -1,38 +0,0 @@ -# ex:ts=8 -# Ports collection makefile for: ddos_scan -# Date created: Sun Feb 12, 2000 -# Whom: David O'Brien (obrien@NUXI.com) -# -# $FreeBSD$ -# - -PORTNAME= rid -PORTVERSION= 1.0 -CATEGORIES= security -MASTER_SITES= http://www.phreak.org/archives/exploits/denial/ \ - ftp://ftp.ntua.gr/pub/security/technotronic/denial/ -DISTFILES= ${PORTNAME}-${PORTVERSION:S/./_/}.tgz - -MAINTAINER= ports@FreeBSD.org -COMMENT= Configurable remote distributed denial of service tool detector - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -ALL_TARGET= rid - -DOCS= README - -pre-configure: - @${REINPLACE_CMD} -e 's:config.txt:${PREFIX}/etc/rid.conf.sample:g' \ - ${WRKSRC}/config.h - -do-install: - @${INSTALL_PROGRAM} ${WRKSRC}/rid ${PREFIX}/sbin - @${INSTALL_DATA} ${WRKSRC}/config.txt ${PREFIX}/etc/rid.conf.sample -.if !defined(NOPORTDOCS) - ${MKDIR} ${DOCSDIR} - @${INSTALL_DATA} ${DOCS:S,^,${WRKSRC}/,} ${DOCSDIR}/ -.endif - -.include <bsd.port.mk> diff --git a/security/rid/distinfo b/security/rid/distinfo deleted file mode 100644 index 71deb22318fa..000000000000 --- a/security/rid/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (rid-1_0.tgz) = e954c79898465597d0da783738460554 -SHA256 (rid-1_0.tgz) = 16f99c15f1cd344690a188e10699603f0d8f2c15ca046da9943310393778589c -SIZE (rid-1_0.tgz) = 22964 diff --git a/security/rid/files/patch-Makefile b/security/rid/files/patch-Makefile deleted file mode 100644 index 3403d9a62d28..000000000000 --- a/security/rid/files/patch-Makefile +++ /dev/null @@ -1,11 +0,0 @@ ---- Makefile.orig Tue Feb 8 18:23:08 2000 -+++ Makefile Sun Feb 13 18:32:40 2000 -@@ -1,6 +1,6 @@ - --CC=gcc --LIBS=-lsocket -lnsl -lpcap -ll -ly -+#CC=gcc -+LIBS=-lpcap - SRCS = sender.c main.c pinger.c y.tab.c lex.yy.c listen.c - OBJS = sender.o main.o pinger.o y.tab.o lex.yy.o listen.o - CFLAGS=-g diff --git a/security/rid/files/patch-parser.l b/security/rid/files/patch-parser.l deleted file mode 100644 index 4b89a6c774b5..000000000000 --- a/security/rid/files/patch-parser.l +++ /dev/null @@ -1,8 +0,0 @@ ---- parser.l.orig Fri Jan 28 11:37:32 2000 -+++ parser.l Sun Feb 13 18:32:00 2000 -@@ -1,4 +1,5 @@ - %{ -+#include <sys/types.h> - #include <stdio.h> - #include <stdlib.h> - #include <strings.h> diff --git a/security/rid/pkg-descr b/security/rid/pkg-descr deleted file mode 100644 index 7621341b0587..000000000000 --- a/security/rid/pkg-descr +++ /dev/null @@ -1,12 +0,0 @@ -RID - Remote Intrusion Detection --------------------------------- -RID is a configurable tool which uses intrusion fingerprints to track down -compromised hosts. RID can remotely detect Stacheldraht, TFN, Trinoo and TFN2k -if the attacker did not change the default ports. - -After a compromise, this information can often be turned into a "fingerprint" -of the intrusion. RID is designed to be capable of accurately specifying this -"fingerprint" with little knowledge of network programming. - -RID is based off an extension of ngrep (network grep). It is different because -it extends ngrep into a probing tool. diff --git a/security/rid/pkg-plist b/security/rid/pkg-plist deleted file mode 100644 index 5da7a3f59df0..000000000000 --- a/security/rid/pkg-plist +++ /dev/null @@ -1,5 +0,0 @@ -@comment $FreeBSD$ -sbin/rid -etc/rid.conf.sample -%%PORTDOCS%%%%DOCSDIR%%/README -%%PORTDOCS%%@dirrm %%DOCSDIR%% diff --git a/security/ssh/Makefile b/security/ssh/Makefile deleted file mode 100644 index 9802b2de06d8..000000000000 --- a/security/ssh/Makefile +++ /dev/null @@ -1,136 +0,0 @@ -# New ports collection makefile for: ssh -# Date created: 30 Jul 1995 -# Whom: torstenb@FreeBSD.org -# -# $FreeBSD$ -# - -PORTNAME= ssh -PORTVERSION= 1.2.33 -PORTREVISION= 6 -CATEGORIES= security ipv6 -MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/ \ - ftp://ftp.nsysu.edu.tw/Unix/Security/ssh/ \ - ftp://ftp.cronyx.ru/mirror/ssh/ \ - ftp://ftp.univie.ac.at/applications/ssh.com/ - -MAINTAINER= ports@FreeBSD.org -COMMENT= Secure shell client and server (remote login program) - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -CONFLICTS= openssh-* openssh-portable-* openssh-gssapi-* ssh2-3.* -NO_LATEST_LINK= YES -USE_AUTOTOOLS= autoconf213 -GNU_CONFIGURE= YES -USE_PERL5= YES -CONFIGURE_ENV+= PERL=${PERL5} - -CONFIGURE_ARGS+=--with-etcdir=${PREFIX}/etc - -# Uncomment if all your users are in their own group and their homedir -# is writeable by that group. Beware the security implications! -# -#CONFIGURE_ARGS+= --enable-group-writeability - -# Uncomment if you want to allow ssh to emulate an unencrypted rsh connection -# over a secure medium (i.e. allow SSH connections without encryption). -# This is normally dangerous since it can lead to the disclosure of keys -# and passwords. -# -#CONFIGURE_ARGS+= --with-none - -.if defined(KRB5_HOME) && exists(${KRB5_HOME}) -CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --enable-kerberos-tgt-passing \ - --disable-suid-ssh -.endif - -# Include support for the SecureID card -# Warning: untested ! -# -.if defined(WITH_SECUREID) -CONFIGURE_ARGS+= --with-secureid -.endif - -# Don't use IDEA. IDEA can be freely used for non-commercial use. However, -# commercial use may require a licence in a number of countries. Since SSH -# itself may not be used for commercial purposes without a license, we -# enable IDEA by default since the user would already be getting himself -# into trouble. -# -.if defined(WITHOUT_IDEA) -CONFIGURE_ARGS+= --without-idea -.endif - -LIB_DEPENDS+= gmp.10:${PORTSDIR}/math/gmp -MAKE_ENV+= GMPINCDIR="${LOCALBASE}/include" \ - GMPLIBDIR="${LOCALBASE}/lib" - -.include <bsd.port.pre.mk> - -.if !defined(REALLY_WANT_SSH) -IGNORE= is now deprecated: OpenSSH is a superior version of SSH which has been included in the FreeBSD base system since 4.0-RELEASE. To override this warning set the REALLY_WANT_SSH environment variable and rebuild -.endif - -MAN1= scp1.1 ssh-add1.1 ssh-agent1.1 ssh-keygen1.1 ssh1.1 \ - make-ssh-known-hosts1.1 -MAN8= sshd1.8 -MLINKS= make-ssh-known-hosts1.1 make-ssh-known-hosts.1 \ - scp1.1 scp.1 \ - ssh-add1.1 ssh-add.1 \ - ssh-agent1.1 ssh-agent.1 \ - ssh-keygen1.1 ssh-keygen.1 \ - ssh1.1 ssh.1 \ - ssh.1 slogin.1 \ - ssh1.1 slogin1.1 \ - sshd1.8 sshd.8 - -pre-patch: - @${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \ - ${WRKSRC}/make-ssh-known-hosts.pl.in - -post-install: - @if [ ! -f ${PREFIX}/etc/ssh_host_key ]; then \ - ${ECHO_MSG} "Generating a secret host key..."; \ - ${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \ - fi; \ - if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \ - if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \ - ${ECHO_MSG} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \ - ${SED} -e 's+!!PREFIX!!+${PREFIX}+g' ${FILESDIR}/sshd.sh \ - > ${PREFIX}/etc/rc.d/sshd.sh; \ - ${CHMOD} 751 ${PREFIX}/etc/rc.d/sshd.sh; \ - fi; \ - fi - -# Include tcp-wrapper support (call remote identd) -CONFIGURE_ARGS+= --with-libwrap - -# Original IPv6 patches were obtained from ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ -# ssh-1.2.27-IPv6-1.5-patch.gz -# We still use WITH_INET6 here and try to support pre 4.0 machines with kame -# IPv6 stack -.if defined(WITH_INET6) -CONFIGURE_ARGS+= --enable-ipv6 -.else -CONFIGURE_ARGS+= --disable-ipv6 -.endif - -# Include SOCKS firewall support -.if defined(WITH_SOCKS) -CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5" --with-socks5 -.endif - -# Include extra files if X11 is installed -.if defined(WITH_X11) || (exists(${LOCALBASE}/lib/libX11.a) \ - && !defined(WITHOUT_X11)) -USE_XORG= x11 -PLIST:= ${WRKDIR}/PLIST -pre-install: - @${CAT} ${PKGDIR}/pkg-plist.x11 ${PKGDIR}/pkg-plist > ${PLIST} -.else -CONFIGURE_ARGS+= --without-x -.endif - -.include <bsd.port.post.mk> diff --git a/security/ssh/distinfo b/security/ssh/distinfo deleted file mode 100644 index c2bc8a8f4c08..000000000000 --- a/security/ssh/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (ssh-1.2.33.tar.gz) = 1a0ec35dfa1d8d9c0b650fa99ab21d56 -SHA256 (ssh-1.2.33.tar.gz) = d8ff41a026e77facee349becb79c04099e71012ae6bc386ced5ba58c926c2675 -SIZE (ssh-1.2.33.tar.gz) = 1030252 diff --git a/security/ssh/files/patch-aa b/security/ssh/files/patch-aa deleted file mode 100644 index 3386fc8d68a3..000000000000 --- a/security/ssh/files/patch-aa +++ /dev/null @@ -1,19 +0,0 @@ -*** make-ssh-known-hosts.pl.in.orig Wed May 12 20:18:51 1999 ---- make-ssh-known-hosts.pl.in Sun Jun 6 02:30:08 1999 -*************** -*** 98,104 **** - $debug = 5; - $defserver = ''; - $bell='\a'; -! $public_key = '/etc/ssh_host_key.pub'; - $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; - $timeout = 60; - $ping_timeout = 3; ---- 98,104 ---- - $debug = 5; - $defserver = ''; - $bell='\a'; -! $public_key = '@ETCDIR@/ssh_host_key.pub'; - $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; - $timeout = 60; - $ping_timeout = 3; diff --git a/security/ssh/files/patch-ac b/security/ssh/files/patch-ac deleted file mode 100644 index 2e1d77d2aefb..000000000000 --- a/security/ssh/files/patch-ac +++ /dev/null @@ -1,88 +0,0 @@ ---- Makefile.in.orig Thu Jan 17 08:35:34 2002 -+++ Makefile.in Wed Jan 8 18:13:41 2003 -@@ -307,11 +307,13 @@ - - SHELL = /bin/sh - --GMPDIR = gmp-2.0.2-ssh-2 --GMPLIBS = @ssh_gmp_ldadd_options@ --GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a -+GMPDIR = -+GMPINCDIR ?= /usr/include -+GMPLIBDIR ?= /usr/lib -+GMPLIBS = -L$(GMPLIBDIR) -lgmp -+GMPDEP = $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a - --ZLIBDIR = zlib-1.0.4 -+ZLIBDIR = /usr/lib - ZLIBDEP = $(ZLIBDIR)/libz.a - ZLIBLIBS = @ssh_zlib_ldadd_options@ - -@@ -418,17 +420,19 @@ - $(CC) -o rfc-pg rfc-pg.o - - .c.o: -- $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< -+ $(CC) -c -I. $(KERBEROS_INCS) -I$(GMPINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< - - sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) - -rm -f sshd - $(CC) $(LDFLAGS) -o sshd $(SSHD_OBJS) \ -- $(GMPLIBS) $(ZLIBLIBS) $(WRAPLIBS) $(LIBS) $(KERBEROS_LIBS) -+ $(KERBEROS_LIBS) \ -+ $(GMPLIBS) $(ZLIBLIBS) $(WRAPLIBS) $(LIBS) - - ssh: $(SSH_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) - -rm -f ssh - $(CC) $(LDFLAGS) -o ssh $(SSH_OBJS) \ -- $(GMPLIBS) $(ZLIBLIBS) $(WRAPLIBS) $(LIBS) $(KERBEROS_LIBS) -+ $(KERBEROS_LIBS) \ -+ $(GMPLIBS) $(ZLIBLIBS) $(WRAPLIBS) $(LIBS) - - ssh-keygen: $(KEYGEN_OBJS) $(GMPDEP) $(RSAREFDEP) - -rm -f ssh-keygen -@@ -436,7 +440,9 @@ - - ssh-agent: $(AGENT_OBJS) $(GMPDEP) $(RSAREFDEP) - -rm -f ssh-agent -- $(CC) $(LDFLAGS) -o ssh-agent $(AGENT_OBJS) $(GMPLIBS) $(LIBS) $(KERBEROS_LIBS) -+ $(CC) $(LDFLAGS) -o ssh-agent $(AGENT_OBJS) \ -+ $(KERBEROS_LIBS) \ -+ $(GMPLIBS) $(LIBS) - - ssh-add: $(ADD_OBJS) $(GMPDEP) $(RSAREFDEP) - -rm -f ssh-add -@@ -461,12 +467,12 @@ - sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts - chmod +x make-ssh-known-hosts - --GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \ -+XXX_DONT_GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \ - mpz_mul.c mpz_cmp.c mpz_sqrtrem.c --$(GMPDIR)/libgmp.a: -+XXX_DONT_$(GMPDIR)/libgmp.a: - cd $(GMPDIR); $(MAKE) - --$(ZLIBDEP): -+XXX_DONT_$(ZLIBDEP): - -if test '!' -d $(ZLIBDIR); then \ - mkdir $(ZLIBDIR); \ - cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ -@@ -530,7 +536,7 @@ - # (otherwise it can only log in as the user it runs as, and must be - # bound to a non-privileged port). Also, password authentication may - # not be available if non-root and using shadow passwords. --install: $(PROGRAMS) make-dirs generate-host-key install-configs -+install: $(PROGRAMS) make-dirs install-configs - -rm -f $(install_prefix)$(bindir)/ssh1.old - -chmod 755 $(install_prefix)$(bindir)/ssh1 - -chmod 755 $(install_prefix)$(bindir)/ssh -@@ -756,7 +762,7 @@ - (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null - - depend: -- $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS) -+ $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS) - - tags: - -rm -f TAGS diff --git a/security/ssh/files/patch-ad b/security/ssh/files/patch-ad deleted file mode 100644 index bab4169bca64..000000000000 --- a/security/ssh/files/patch-ad +++ /dev/null @@ -1,13 +0,0 @@ -*** auth-passwd.c.orig Wed May 12 20:19:23 1999 ---- auth-passwd.c Sun Jun 6 02:36:00 1999 -*************** -*** 911,916 **** ---- 911,918 ---- - encrypted_password = crypt(password, - (correct_passwd[0] && correct_passwd[1]) ? - correct_passwd : "xx"); -+ if (!password[0] && correct_passwd[0]) -+ encrypted_password = ":"; - #endif /* HAVE_SCO_ETC_SHADOW */ - - /* Authentication is accepted if the encrypted passwords are identical. */ diff --git a/security/ssh/files/patch-ae b/security/ssh/files/patch-ae deleted file mode 100644 index 0ef0a89ae6c2..000000000000 --- a/security/ssh/files/patch-ae +++ /dev/null @@ -1,58 +0,0 @@ -*** server_config.sample.old Thu Apr 20 23:24:57 2000 ---- server_config.sample Thu Apr 20 23:26:24 2000 -*************** -*** 1,13 **** - # This is ssh server systemwide configuration file. - - Port 22 -! ListenAddress 0.0.0.0 - HostKey _ETCDIR_/ssh_host_key - RandomSeed _ETCDIR_/ssh_random_seed - ServerKeyBits 768 - LoginGraceTime 600 - KeyRegenerationInterval 3600 -! PermitRootLogin yes - IgnoreRhosts no - StrictModes yes - QuietMode no ---- 1,13 ---- - # This is ssh server systemwide configuration file. - - Port 22 -! #Port 722 # Secondary port to listen on - HostKey _ETCDIR_/ssh_host_key - RandomSeed _ETCDIR_/ssh_random_seed - ServerKeyBits 768 - LoginGraceTime 600 - KeyRegenerationInterval 3600 -! PermitRootLogin no - IgnoreRhosts no - StrictModes yes - QuietMode no -*************** -*** 16,27 **** - FascistLogging no - PrintMotd yes - KeepAlive yes -! SyslogFacility DAEMON - RhostsAuthentication no - RhostsRSAAuthentication yes - RSAAuthentication yes - PasswordAuthentication yes -! PermitEmptyPasswords yes - UseLogin no - # CheckMail no - # PidFile /u/zappa/.ssh/pid ---- 16,27 ---- - FascistLogging no - PrintMotd yes - KeepAlive yes -! SyslogFacility AUTH - RhostsAuthentication no - RhostsRSAAuthentication yes - RSAAuthentication yes - PasswordAuthentication yes -! PermitEmptyPasswords no - UseLogin no - # CheckMail no - # PidFile /u/zappa/.ssh/pid diff --git a/security/ssh/files/patch-af b/security/ssh/files/patch-af deleted file mode 100644 index e9f2a66f0dbd..000000000000 --- a/security/ssh/files/patch-af +++ /dev/null @@ -1,564 +0,0 @@ ---- sshd.c.orig Mon Jul 3 19:07:35 2000 -+++ sshd.c Sat Jun 29 22:25:41 2002 -@@ -567,6 +567,19 @@ - /* Name of the server configuration file. */ - char *config_file_name = SERVER_CONFIG_FILE; - -+/* Flag indicating whether IPv4 or IPv6. This can be set on the command line. -+ Default value is AF_UNSPEC means both IPv4 and IPv6. */ -+#ifdef ENABLE_IPV6 -+int IPv4or6 = AF_UNSPEC; -+#else -+int IPv4or6 = AF_INET; -+#endif -+ -+#ifdef ENABLE_LOG_AUTH -+char *unauthenticated_user = NULL; -+int log_auth_flag = 0; -+#endif /* ENABLE_LOG_AUTH */ -+ - /* Debug mode flag. This can be set on the command line. If debug - mode is enabled, extra debugging output will be sent to the system - log, the daemon will not go to background, and will exit after processing -@@ -590,7 +603,17 @@ - - /* This is set to the socket that the server is listening; this is used in - the SIGHUP signal handler. */ --int listen_sock; -+#define MAX_LISTEN_SOCKS 16 -+int listen_socks[MAX_LISTEN_SOCKS]; -+int num_listen_socks = 0; -+void close_listen_socks() -+{ -+ int i; -+ -+ for (i = 0; i < num_listen_socks; i++) -+ close(listen_socks[i]); -+ num_listen_socks = -1; -+} - - /* This is not really needed, and could be eliminated if server-specific - and client-specific code were removed from newchannels.c */ -@@ -680,7 +703,7 @@ - void sighup_restart(void) - { - log_msg("Received SIGHUP; restarting."); -- close(listen_sock); -+ close_listen_socks(); - execvp(saved_argv[0], saved_argv); - log_msg("RESTART FAILED: av[0]='%.100s', error: %.100s.", - saved_argv[0], strerror(errno)); -@@ -694,7 +717,7 @@ - RETSIGTYPE sigterm_handler(int sig) - { - log_msg("Received signal %d; terminating.", sig); -- close(listen_sock); -+ close_listen_socks(); - exit(255); - } - -@@ -773,7 +796,7 @@ - int perm_denied = 0; - int ret; - fd_set fdset; -- struct sockaddr_in sin; -+ struct sockaddr_storage from; - char buf[100]; /* Must not be larger than remote_version. */ - char remote_version[100]; /* Must be at least as big as buf. */ - char *comment; -@@ -783,6 +806,9 @@ - struct linger linger; - #endif /* SO_LINGER */ - int done; -+ struct addrinfo *ai; -+ char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -+ int listen_sock, maxfd; - - /* Save argv[0]. */ - saved_argv = av; -@@ -801,10 +827,26 @@ - initialize_server_options(&options); - - /* Parse command-line arguments. */ -- while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqV:")) != EOF) -+ while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqV:4" -+#ifdef ENABLE_IPV6 -+ "6" -+#endif -+ )) != EOF) - { - switch (opt) - { -+ case '4': -+#ifdef ENABLE_IPV6 -+ IPv4or6 = (IPv4or6 == AF_INET6) ? AF_UNSPEC : AF_INET; -+#else -+ IPv4or6 = AF_INET; -+#endif -+ break; -+#ifdef ENABLE_IPV6 -+ case '6': -+ IPv4or6 = (IPv4or6 == AF_INET) ? AF_UNSPEC : AF_INET6; -+ break; -+#endif - case 'f': - config_file_name = optarg; - break; -@@ -821,7 +863,7 @@ - options.server_key_bits = atoi(optarg); - break; - case 'p': -- options.port = atoi(optarg); -+ options.ports[options.num_ports++] = atoi(optarg); - break; - case 'g': - options.login_grace_time = atoi(optarg); -@@ -843,6 +885,10 @@ - fprintf(stderr, "sshd version %s [%s]\n", SSH_VERSION, HOSTTYPE); - fprintf(stderr, "Usage: %s [options]\n", av0); - fprintf(stderr, "Options:\n"); -+ fprintf(stderr, " -4 Use IPv4 only\n"); -+#ifdef ENABLE_IPV6 -+ fprintf(stderr, " -6 Use IPv6 only\n"); -+#endif - fprintf(stderr, " -f file Configuration file (default %s/sshd_config)\n", ETCDIR); - fprintf(stderr, " -d Debugging mode\n"); - fprintf(stderr, " -i Started from inetd\n"); -@@ -871,16 +917,15 @@ - fprintf(stderr, "fatal: Bad server key size.\n"); - exit(1); - } -- if (options.port < 1 || options.port > 65535) -- { -- fprintf(stderr, "fatal: Bad port number.\n"); -- exit(1); -- } - if (options.umask != -1) - { - umask(options.umask); - } - -+#ifdef ENABLE_LOG_AUTH -+ log_auth_flag = options.log_auth; -+#endif /* ENABLE_LOG_AUTH */ -+ - /* Check that there are no remaining arguments. */ - if (optind < ac) - { -@@ -1048,10 +1093,13 @@ - } - else - { -+ for (ai = options.listen_addrs; ai; ai = ai->ai_next) -+ { - /* Create socket for listening. */ -- listen_sock = socket(AF_INET, SOCK_STREAM, 0); -+ listen_sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (listen_sock < 0) - fatal("socket: %.100s", strerror(errno)); -+ listen_socks[num_listen_socks] = listen_sock; - - /* Set socket options. We try to make the port reusable and have it - close as fast as possible without waiting in unnecessary wait states -@@ -1065,21 +1113,30 @@ - sizeof(linger)); - #endif /* SO_LINGER */ - -- /* Initialize the socket address. */ -- memset(&sin, 0, sizeof(sin)); -- sin.sin_family = AF_INET; -- sin.sin_addr = options.listen_addr; -- sin.sin_port = htons(options.port); -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); - - /* Bind the socket to the desired port. */ -- if (bind(listen_sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) -+ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -- error("bind: %.100s", strerror(errno)); -- shutdown(listen_sock, 2); -+ error("Bind to port %s on %s failed: %.200s.", -+ strport, ntop, strerror(errno)); - close(listen_sock); -- fatal("Bind to port %d failed: %.200s.", options.port, -- strerror(errno)); -+ continue; - } -+ num_listen_socks++; -+ -+ /* Start listening on the port. */ -+ log_msg("Server listening on %s port %s.", ntop, strport); -+ if (listen(listen_sock, 5) < 0) -+ fatal("listen: %.100s", strerror(errno)); -+ -+ } /* for (ai = options.listen_addrs; ai; ai = ai->ai_next) */ -+ freeaddrinfo(options.listen_addrs); -+ -+ if (!num_listen_socks) -+ fatal("Cannot bind all addresses."); - - if (!debug_flag) - { -@@ -1095,11 +1152,6 @@ - } - } - -- /* Start listening on the port. */ -- log_msg("Server listening on port %d.", options.port); -- if (listen(listen_sock, 5) < 0) -- fatal("listen: %.100s", strerror(errno)); -- - /* Generate an rsa key. */ - log_msg("Generating %d bit RSA key.", options.server_key_bits); - rsa_generate_key(&sensitive_data.private_key, &public_key, -@@ -1153,18 +1205,28 @@ - - /* Wait in select until there is a connection. */ - FD_ZERO(&fdset); -- FD_SET(listen_sock, &fdset); -- ret = select(listen_sock + 1, &fdset, NULL, NULL, NULL); -- if (ret < 0 || !FD_ISSET(listen_sock, &fdset)) -+ maxfd = 0; -+ for (i = 0; i < num_listen_socks; i++) -+ { -+ FD_SET(listen_socks[i], &fdset); -+ if (listen_socks[i] > maxfd) -+ maxfd = listen_socks[i]; -+ } -+ ret = select(maxfd + 1, &fdset, NULL, NULL, NULL); -+ if (ret < 0) - { - if (errno == EINTR) - continue; - error("select: %.100s", strerror(errno)); - continue; - } -- -- aux = sizeof(sin); -- newsock = accept(listen_sock, (struct sockaddr *)&sin, &aux); -+ -+ for (i = 0; i < num_listen_socks; i++) -+ { -+ if (!FD_ISSET(listen_socks[i], &fdset)) -+ continue; -+ aux = sizeof(from); -+ newsock = accept(listen_socks[i], (struct sockaddr *)&from, &aux); - if (newsock < 0) - { - if (errno == EINTR) -@@ -1180,7 +1242,7 @@ - /* In debugging mode. Close the listening socket, and start - processing the connection without forking. */ - debug("Server will not fork when running in debugging mode."); -- close(listen_sock); -+ close_listen_socks(); - sock_in = newsock; - sock_out = newsock; - pid = getpid(); -@@ -1209,7 +1271,7 @@ - the accepted socket. Reinitialize logging (since our - pid has changed). We break out of the loop to handle - the connection. */ -- close(listen_sock); -+ close_listen_socks(); - sock_in = newsock; - sock_out = newsock; - #ifdef LIBWRAP -@@ -1247,6 +1309,10 @@ - - /* Close the new socket (the child is now taking care of it). */ - close(newsock); -+ } /* for (i = 0; i < num_host_socks; i++) */ -+ /* child process check (or debug mode) */ -+ if (num_listen_socks < 0) -+ break; - } - } - -@@ -2219,6 +2285,9 @@ - krb5_parse_name(ssh_context, user, &client); - #endif /* defined(KERBEROS) && defined(KRB5) */ - -+#ifdef ENABLE_LOG_AUTH -+ unauthenticated_user = user; -+#endif /* ENABLE_LOG_AUTH */ - /* Verify that the user is a valid user. We disallow usernames starting - with any characters that are commonly used to start NIS entries. */ - pw = getpwnam(user); -@@ -2236,7 +2305,7 @@ - pwcopy.pw_class = xstrdup(pw->pw_class); - pwcopy.pw_change = pw->pw_change; - pwcopy.pw_expire = pw->pw_expire; --#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ -+#endif /* (__bsdi__ && _BSDI_VERSION >= 199510) || (__FreeBSD__ && HAVE_LOGIN_CAP_H) */ - pwcopy.pw_dir = xstrdup(pw->pw_dir); - pwcopy.pw_shell = xstrdup(pw->pw_shell); - pw = &pwcopy; -@@ -2274,6 +2343,11 @@ - { - /* Authentication with empty password succeeded. */ - debug("Login for user %.100s accepted without authentication.", user); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "empty password accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_PASSWORD; - authenticated = 1; - /* Success packet will be sent after loop below. */ -@@ -2348,6 +2422,11 @@ - /* Client has successfully authenticated to us. */ - log_msg("Kerberos authentication accepted %.100s for login to account %.100s from %.200s", - tkt_user, user, get_canonical_hostname()); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "kerberos authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_KERBEROS; - authenticated = 1; - break; -@@ -2396,6 +2475,11 @@ - /* Authentication accepted. */ - log_msg("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.", - user, client_user, get_canonical_hostname()); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.100s@%.700s (%s)", -+ user, client_user, get_canonical_hostname(), -+ "rhosts authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RHOSTS; - authenticated = 1; - remote_user_name = client_user; -@@ -2455,6 +2539,11 @@ - options.strict_modes)) - { - /* Authentication accepted. */ -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.100s@%.700s (%s)", -+ user, client_user, get_canonical_hostname(), -+ "rhosts with RSA host authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RHOSTS_RSA; - authenticated = 1; - remote_user_name = client_user; -@@ -2488,6 +2577,11 @@ - /* Successful authentication. */ - mpz_clear(&n); - log_msg("RSA authentication for %.100s accepted.", user); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "RSA user authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_RSA; - authenticated = 1; - break; -@@ -2622,6 +2716,11 @@ - auth_close(); - memset(password, 0, strlen(password)); - xfree(password); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from @%.700s (%s)", -+ user, get_canonical_hostname(), -+ "TIS authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_TIS; - authenticated = 1; - break; -@@ -2682,6 +2781,11 @@ - memset(password, 0, strlen(password)); - xfree(password); - log_msg("Password authentication for %.100s accepted.", user); -+#ifdef ENABLE_LOG_AUTH -+ log_auth("%.100s from %.700s (%s)", -+ user, get_canonical_hostname(), -+ "password authentication accepted"); -+#endif /* ENABLE_LOG_AUTH */ - authentication_type = SSH_AUTH_PASSWORD; - authenticated = 1; - break; -@@ -2722,6 +2826,11 @@ - } - - /* Check if the user is logging in as root and root logins are disallowed. */ -+#ifdef ENABLE_LOG_AUTH -+ if ((pw->pw_uid == UID_ROOT && options.permit_root_login == 1) || -+ (pw->pw_uid == UID_ROOT && options.permit_root_login == 0 && !forced_command)) -+ log_auth("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname()); -+#endif /* ENABLE_LOG_AUTH */ - if (pw->pw_uid == UID_ROOT && options.permit_root_login == 1) - { - if (authentication_type == SSH_AUTH_PASSWORD) -@@ -2789,6 +2898,9 @@ - packet_start(SSH_SMSG_SUCCESS); - packet_send(); - packet_write_wait(); -+#ifdef ENABLE_LOG_AUTH -+ unauthenticated_user = NULL; -+#endif /* ENABLE_LOG_AUTH */ - - /* Perform session preparation. */ - do_authenticated(pw); -@@ -3383,15 +3495,16 @@ - char line[256]; - struct stat st; - int quiet_login; -- struct sockaddr_in from; -+ struct sockaddr_storage from; - int fromlen; - struct pty_cleanup_context cleanup_context; - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; -+ time_t warnpassword, warnexpire; - #endif --#if defined (__bsdi__) && _BSDI_VERSION >= 199510 -+#if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510) - struct timeval tp; --#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */ -+#endif /* __FreeBSD__ || (__bsdi__ && _BSDI_VERSION >= 199510) */ - - /* We no longer need the child running on user's privileges. */ - userfile_uninit(); -@@ -3490,7 +3603,7 @@ - - /* Record that there was a login on that terminal. */ - record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, -- &from); -+ (struct sockaddr *)&from); - - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - lc = login_getclass(pw->pw_class); -@@ -3549,6 +3662,14 @@ - "The Regents of the University of California. ", - "All rights reserved."); - } -+#ifdef HAVE_LOGIN_CAP_H -+#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ -+ -+ warnpassword = login_getcaptime(lc, "warnpassword", -+ DEFAULT_WARN, DEFAULT_WARN); -+ warnexpire = login_getcaptime(lc, "warnexpire", -+ DEFAULT_WARN, DEFAULT_WARN); -+#endif - #endif - - /* Print /etc/motd unless a command was specified or printing it was -@@ -3572,7 +3693,7 @@ - fputs(line, stdout); - fclose(f); - } --#if defined (__bsdi__) && _BSDI_VERSION >= 199510 -+#if defined(__FreeBSD__) || (defined(__bsdi__) && _BSDI_VERSION >= 199510) - if (pw->pw_change || pw->pw_expire) - (void)gettimeofday(&tp, (struct timezone *)NULL); - if (pw->pw_change) -@@ -3979,6 +4100,7 @@ - char *user_shell; - char *remote_ip; - int remote_port; -+ int local_port; - #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H) - login_cap_t *lc; - char *real_shell; -@@ -4025,7 +4147,7 @@ - while (fgets(buf, sizeof(buf), f)) - fputs(buf, stderr); - fclose(f); --#if defined (__bsdi__) && _BSDI_VERSION >= 199510 -+#if (defined(__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)) || (defined (__bsdi__) && _BSDI_VERSION >= 199510) - if (pw->pw_uid != UID_ROOT && - !login_getcapbool(lc, "ignorenologin", 0)) - exit(254); -@@ -4084,6 +4206,7 @@ - user_shell = xstrdup(pw->pw_shell); - remote_ip = xstrdup(get_remote_ipaddr()); - remote_port = get_remote_port(); -+ local_port = get_local_port(); - - /* Close the connection descriptors; note that this is the child, and the - server will still have the socket open, and it is important that we -@@ -4103,7 +4226,6 @@ - /* Close any extra file descriptors. Note that there may still be - descriptors left by system functions. They will be closed later. */ - endpwent(); -- endhostent(); - - /* Set dummy encryption key to clear information about the key from - memory. This key will never be used. */ -@@ -4360,7 +4482,7 @@ - - /* Set SSH_CLIENT. */ - snprintf(buf, sizeof(buf), -- "%.50s %d %d", remote_ip, remote_port, options.port); -+ "%.50s %d %d", remote_ip, remote_port, local_port); - child_set_env(&env, &envsize, "SSH_CLIENT", buf); - - /* Set SSH_TTY if we have a pty. */ -@@ -4533,7 +4655,8 @@ - int i; - char name[255], *p; - char line[256]; -- struct hostent *hp; -+ struct addrinfo hints, *ai, *aitop; -+ char ntop[ADDRSTRLEN]; - - strncpy(name, display, sizeof(name)); - name[sizeof(name) - 1] = '\0'; -@@ -4550,7 +4673,10 @@ - /* Moved this call here to avoid a nasty buf in SunOS - 4.1.4 libc where gethostbyname closes an unrelated - file descriptor. */ -- hp = gethostbyname(name); -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) -+ aitop = 0; - - snprintf(line, sizeof(line), - "%.200s -q -", options.xauth_path); -@@ -4568,21 +4694,24 @@ - cp - display, display, cp, auth_proto, - auth_data); - #endif -- if (hp) -+ if (aitop) - { -- for(i = 0; hp->h_addr_list[i]; i++) -+ for (ai = aitop; ai; ai = ai->ai_next) - { -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), NULL, 0, -+ NI_NUMERICHOST); -+ if (strchr(ntop, ':')) -+ continue; /* XXX - xauth doesn't accept it */ - if (debug_flag) - { - fprintf(stderr, "Running %s add %s%s %s %s\n", - options.xauth_path, -- inet_ntoa(*((struct in_addr *) -- hp->h_addr_list[i])), -+ ntop, - cp, auth_proto, auth_data); - } - fprintf(f, "add %s%s %s %s\n", -- inet_ntoa(*((struct in_addr *) -- hp->h_addr_list[i])), -+ ntop, - cp, auth_proto, auth_data); - } - } -@@ -4632,7 +4761,11 @@ - struct stat mailbuf; - - if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0) -+#ifdef __FreeBSD__ -+ ; -+#else - printf("No mail.\n"); -+#endif - else if (mailbuf.st_atime > mailbuf.st_mtime) - printf("You have mail.\n"); - else diff --git a/security/ssh/files/patch-ag b/security/ssh/files/patch-ag deleted file mode 100644 index 71f3b7e168f8..000000000000 --- a/security/ssh/files/patch-ag +++ /dev/null @@ -1,54 +0,0 @@ -*** auth-kerberos.c.orig Tue Jan 11 20:33:46 2000 ---- auth-kerberos.c Tue Jan 11 20:33:38 2000 -*************** -*** 120,129 **** ---- 120,137 ---- - - debug("Kerberos invalid service name (%.100s).", server); - packet_send_debug("Kerberos invalid service name (%.100s).", server); -+ #ifdef krb5_xfree - krb5_xfree(server); -+ #else -+ free(server); -+ #endif - return 0; - } -+ #ifdef krb5_xfree - krb5_xfree(server); -+ #else -+ free(server); -+ #endif - - /* Extract the users name from the ticket client principal */ - problem = krb5_copy_principal(ssh_context, ticket->enc_part2->client, -*************** -*** 159,165 **** ---- 167,177 ---- - packet_put_string((char *) reply.data, reply.length); - packet_send(); - packet_write_wait(); -+ #ifdef krb5_xfree - krb5_xfree(reply.data); -+ #else -+ krb5_free_data_contents(ssh_context, &reply); -+ #endif - return 1; - } - #endif /* KRB5 */ -*************** -*** 177,183 **** - extern char *ticket; - static krb5_principal rcache_server = 0; - static krb5_rcache rcache; -! struct sockaddr_in local, foreign; - krb5_address *local_addr, *remote_addr; - int s; - ---- 189,195 ---- - extern char *ticket; - static krb5_principal rcache_server = 0; - static krb5_rcache rcache; -! struct sockaddr_storage local, foreign; - krb5_address *local_addr, *remote_addr; - int s; - diff --git a/security/ssh/files/patch-al b/security/ssh/files/patch-al deleted file mode 100644 index 35a191b5561a..000000000000 --- a/security/ssh/files/patch-al +++ /dev/null @@ -1,408 +0,0 @@ -*** sshconnect.c.orig Wed May 12 20:19:29 1999 ---- sshconnect.c Thu Feb 24 22:34:47 2000 -*************** -*** 337,343 **** - - /* Creates a (possibly privileged) socket for use as the ssh connection. */ - -! int ssh_create_socket(uid_t original_real_uid, int privileged) - { - int sock; - ---- 337,343 ---- - - /* Creates a (possibly privileged) socket for use as the ssh connection. */ - -! int ssh_create_socket(uid_t original_real_uid, int privileged, int family) - { - int sock; - -*************** -*** 345,379 **** - bind our own socket to a privileged port. */ - if (privileged) - { -! struct sockaddr_in sin; - int p; - for (p = 1023; p > 512; p--) - { -! sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock < 0) -! fatal("socket: %.100s", strerror(errno)); - -! /* Initialize the desired sockaddr_in structure. */ -! memset(&sin, 0, sizeof(sin)); -! sin.sin_family = AF_INET; -! sin.sin_addr.s_addr = INADDR_ANY; -! sin.sin_port = htons(p); - - /* Try to bind the socket to the privileged port. */ - #if defined(SOCKS) -! if (Rbind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0) - break; /* Success. */ - #else /* SOCKS */ -! if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0) - break; /* Success. */ - #endif /* SOCKS */ - if (errno == EADDRINUSE) - { - close(sock); - continue; - } -! fatal("bind: %.100s", strerror(errno)); - } - debug("Allocated local port %d.", p); - } - else ---- 345,404 ---- - bind our own socket to a privileged port. */ - if (privileged) - { -! struct addrinfo hints, *ai = NULL; -! int errgai; -! char strport[PORTSTRLEN]; - int p; -+ #if (defined(__OpenBSD__) || defined(__FreeBSD__)) && !defined(SOCKS) -+ p = 1023; /* Compat with old FreeBSD */ -+ #if __FreeBSD__ >= 400014 -+ sock = rresvport_af(&p, family); -+ if (sock < 0) -+ error("rresvport_af: %.100s", strerror(errno)); -+ #else -+ sock = rresvport(&p); -+ if (sock < 0) -+ error("rresvport: %.100s", strerror(errno)); -+ #endif -+ #else - for (p = 1023; p > 512; p--) - { -! sock = socket(family, SOCK_STREAM, 0); - if (sock < 0) -! error("socket: %.100s", strerror(errno)); - -! /* Initialize the desired addrinfo structure. */ -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = family; -! hints.ai_flags = AI_PASSIVE; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", p); -! #if defined(SOCKS) -! if ((errgai = Rgetaddrinfo(NULL, strport, &hints, &ai)) != 0) -! fatal("getaddrinfo: %.100s", gai_strerror(errgai)); -! #else /* SOCKS */ -! if ((errgai = getaddrinfo(NULL, strport, &hints, &ai)) != 0) -! fatal("getaddrinfo: %.100s", gai_strerror(errgai)); -! #endif /* SOCKS */ - - /* Try to bind the socket to the privileged port. */ - #if defined(SOCKS) -! if (Rbind(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - break; /* Success. */ - #else /* SOCKS */ -! if (bind(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - break; /* Success. */ - #endif /* SOCKS */ - if (errno == EADDRINUSE) - { - close(sock); -+ freeaddrinfo(ai); - continue; - } -! error("bind: %.100s", strerror(errno)); - } -+ freeaddrinfo(ai); -+ #endif - debug("Allocated local port %d.", p); - } - else -*************** -*** 396,409 **** - the daemon. */ - - int ssh_connect(const char *host, int port, int connection_attempts, - int anonymous, uid_t original_real_uid, - const char *proxy_command, RandomState *random_state) - { - int sock = -1, attempt, i; - int on = 1; - struct servent *sp; -! struct hostent *hp; -! struct sockaddr_in hostaddr; - #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) - struct linger linger; - #endif /* SO_LINGER */ ---- 421,439 ---- - the daemon. */ - - int ssh_connect(const char *host, int port, int connection_attempts, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - int anonymous, uid_t original_real_uid, - const char *proxy_command, RandomState *random_state) - { - int sock = -1, attempt, i; - int on = 1; - struct servent *sp; -! struct addrinfo hints, *ai, *aitop, *aitmp; -! struct sockaddr_storage hostaddr; -! char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -! int gaierr; - #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) - struct linger linger; - #endif /* SO_LINGER */ -*************** -*** 421,430 **** - port = SSH_DEFAULT_PORT; - } - -- /* Map localhost to ip-address locally */ -- if (strcmp(host, "localhost") == 0) -- host = "127.0.0.1"; -- - /* If a proxy command is given, connect using it. */ - if (proxy_command != NULL && *proxy_command) - return ssh_proxy_connect(host, port, original_real_uid, proxy_command, ---- 451,456 ---- -*************** -*** 432,440 **** - - /* No proxy command. */ - -! /* No host lookup made yet. */ -! hp = NULL; -! - /* Try to connect several times. On some machines, the first time will - sometimes fail. In general socket code appears to behave quite - magically on many machines. */ ---- 458,495 ---- - - /* No proxy command. */ - -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", port); -! #if defined(SOCKS) -! if ((gaierr = Rgetaddrinfo(host, strport, &hints, &aitop)) != 0) -! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -! #else /* SOCKS */ -! if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) -! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -! #endif /* SOCKS */ -! -! #ifdef ENABLE_ANOTHER_PORT_TRY -! if (another_port) -! { -! aitmp = aitop; -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", another_port); -! #if defined(SOCKS) -! if ((gaierr = Rgetaddrinfo(host, strport, &hints, &aitop)) != 0) -! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -! #else /* SOCKS */ -! if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) -! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr)); -! #endif /* SOCKS */ -! for (ai = aitop; ai->ai_next; ai = ai->ai_next); -! ai->ai_next = aitmp; -! } -! #endif /* ENABLE_ANOTHER_PORT_TRY */ -! - /* Try to connect several times. On some machines, the first time will - sometimes fail. In general socket code appears to behave quite - magically on many machines. */ -*************** -*** 443,545 **** - if (attempt > 0) - debug("Trying again..."); - -- /* Try to parse the host name as a numeric inet address. */ -- memset(&hostaddr, 0, sizeof(hostaddr)); -- hostaddr.sin_family = AF_INET; -- hostaddr.sin_port = htons(port); -- #ifdef BROKEN_INET_ADDR -- hostaddr.sin_addr.s_addr = inet_network(host); -- #else /* BROKEN_INET_ADDR */ -- hostaddr.sin_addr.s_addr = inet_addr(host); -- #endif /* BROKEN_INET_ADDR */ -- if ((hostaddr.sin_addr.s_addr & 0xffffffff) != 0xffffffff) -- { -- /* Create a socket. */ -- sock = ssh_create_socket(original_real_uid, -- !anonymous && geteuid() == UID_ROOT); -- -- /* Valid numeric IP address */ -- debug("Connecting to %.100s port %d.", -- inet_ntoa(hostaddr.sin_addr), port); -- -- /* Connect to the host. */ -- #if defined(SOCKS) -- if (Rconnect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr)) -- #else /* SOCKS */ -- if (connect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr)) -- #endif /* SOCKS */ -- >= 0) -- { -- /* Successful connect. */ -- break; -- } -- debug("connect: %.100s", strerror(errno)); -- -- /* Destroy the failed socket. */ -- shutdown(sock, 2); -- close(sock); -- } -- else -- { -- /* Not a valid numeric inet address. */ -- /* Map host name to an address. */ -- if (!hp) -- { -- struct hostent *hp_static; -- -- #if defined(SOCKS5) -- hp_static = Rgethostbyname(host); -- #else -- hp_static = gethostbyname(host); -- #endif -- if (hp_static) -- { -- hp = xmalloc(sizeof(struct hostent)); -- memcpy(hp, hp_static, sizeof(struct hostent)); -- -- /* Copy list of addresses, not just pointers. -- We don't use h_name & h_aliases so leave them as is */ -- for (i = 0; hp_static->h_addr_list[i]; i++) -- ; /* count them */ -- hp->h_addr_list = xmalloc((i + 1) * -- sizeof(hp_static->h_addr_list[0])); -- for (i = 0; hp_static->h_addr_list[i]; i++) -- { -- hp->h_addr_list[i] = xmalloc(hp->h_length); -- memcpy(hp->h_addr_list[i], hp_static->h_addr_list[i], -- hp->h_length); -- } -- hp->h_addr_list[i] = NULL; /* last one */ -- } -- } -- if (!hp) -- fatal("Bad host name: %.100s", host); -- if (!hp->h_addr_list[0]) -- fatal("Host does not have an IP address: %.100s", host); -- - /* Loop through addresses for this host, and try each one in - sequence until the connection succeeds. */ -! for (i = 0; hp->h_addr_list[i]; i++) - { -! /* Set the address to connect to. */ -! hostaddr.sin_family = hp->h_addrtype; -! memcpy(&hostaddr.sin_addr, hp->h_addr_list[i], -! sizeof(hostaddr.sin_addr)); - -! debug("Connecting to %.200s [%.100s] port %d.", -! host, inet_ntoa(hostaddr.sin_addr), port); - - /* Create a socket for connecting. */ - sock = ssh_create_socket(original_real_uid, -! !anonymous && geteuid() == UID_ROOT); - - /* Connect to the host. */ - #if defined(SOCKS) -! if (Rconnect(sock, (struct sockaddr *)&hostaddr, -! sizeof(hostaddr)) >= 0) - #else /* SOCKS */ -! if (connect(sock, (struct sockaddr *)&hostaddr, -! sizeof(hostaddr)) >= 0) - #endif /* SOCKS */ - { - /* Successful connection. */ ---- 498,526 ---- - if (attempt > 0) - debug("Trying again..."); - - /* Loop through addresses for this host, and try each one in - sequence until the connection succeeds. */ -! for (ai = aitop; ai; ai = ai->ai_next) - { -! getnameinfo(ai->ai_addr, ai->ai_addrlen, -! ntop, sizeof(ntop), strport, sizeof(strport), -! NI_NUMERICHOST|NI_NUMERICSERV); - -! debug("Connecting to %.200s [%.100s] port %s.", -! host, ntop, strport); - - /* Create a socket for connecting. */ - sock = ssh_create_socket(original_real_uid, -! !anonymous && geteuid() == UID_ROOT, -! ai->ai_family); -! if (sock < 0) -! continue; - - /* Connect to the host. */ - #if defined(SOCKS) -! if (Rconnect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - #else /* SOCKS */ -! if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) - #endif /* SOCKS */ - { - /* Successful connection. */ -*************** -*** 552,573 **** - returned an error. */ - shutdown(sock, 2); - close(sock); -! } -! if (hp->h_addr_list[i]) - break; /* Successful connection. */ -- } - - /* Sleep a moment before retrying. */ - sleep(1); - } - -! if (hp) -! { -! for (i = 0; hp->h_addr_list[i]; i++) -! xfree(hp->h_addr_list[i]); -! xfree(hp->h_addr_list); -! xfree(hp); -! } - - /* Return failure if we didn't get a successful connection. */ - if (attempt >= connection_attempts) ---- 533,547 ---- - returned an error. */ - shutdown(sock, 2); - close(sock); -! } /* for (ai = aitop; ai; ai = ai->ai_next) */ -! if (ai) - break; /* Successful connection. */ - - /* Sleep a moment before retrying. */ - sleep(1); - } - -! freeaddrinfo(aitop); - - /* Return failure if we didn't get a successful connection. */ - if (attempt >= connection_attempts) -*************** -*** 946,952 **** - int ap_opts, ret_stat = 0; - krb5_keyblock *session_key = 0; - krb5_ap_rep_enc_part *repl = 0; -! struct sockaddr_in local, foreign; - - memset(&auth, 0 , sizeof(auth)); - remotehost = (char *) get_canonical_hostname(); ---- 920,926 ---- - int ap_opts, ret_stat = 0; - krb5_keyblock *session_key = 0; - krb5_ap_rep_enc_part *repl = 0; -! struct sockaddr_storage local, foreign; - - memset(&auth, 0 , sizeof(auth)); - remotehost = (char *) get_canonical_hostname(); diff --git a/security/ssh/files/patch-ao b/security/ssh/files/patch-ao deleted file mode 100644 index 0c5f76b3ed1b..000000000000 --- a/security/ssh/files/patch-ao +++ /dev/null @@ -1,583 +0,0 @@ -*** newchannels.c.orig Tue Jan 11 20:38:09 2000 ---- newchannels.c Tue Jan 11 20:38:02 2000 -*************** -*** 282,287 **** ---- 282,292 ---- - #endif /* NEED_SYS_SYSLOG_H */ - #endif /* LIBWRAP */ - -+ #ifdef __FreeBSD__ -+ #include <utmp.h> -+ #include <osreldate.h> -+ #endif -+ - /* Directory in which the fake unix-domain X11 displays reside. */ - #ifndef X11_DIR - #define X11_DIR "/tmp/.X11-unix" -*************** -*** 1405,1417 **** - int host_port, int gatewayports) - { - int ch, sock; -! struct sockaddr_in sin; - - if (strlen(host) > sizeof(channels[0].path) - 1) - packet_disconnect("Forward host name too long."); - - /* Create a port to listen for the host. */ -! sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock < 0) - packet_disconnect("socket: %.100s", strerror(errno)); - ---- 1410,1438 ---- - int host_port, int gatewayports) - { - int ch, sock; -! struct addrinfo hints, *ai, *aitop; -! char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; - - if (strlen(host) > sizeof(channels[0].path) - 1) - packet_disconnect("Forward host name too long."); - -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_flags = gatewayports ? AI_PASSIVE : 0; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", port); -+ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) -+ packet_disconnect("getaddrinfo: fatal error"); -+ -+ for (ai = aitop; ai; ai = ai->ai_next) -+ { -+ -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); -+ - /* Create a port to listen for the host. */ -! sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - packet_disconnect("socket: %.100s", strerror(errno)); - -*************** -*** 1421,1441 **** - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -! /* Initialize socket address. */ -! memset(&sin, 0, sizeof(sin)); -! sin.sin_family = AF_INET; -! if (gatewayports) -! sin.sin_addr.s_addr = INADDR_ANY; -! else -! #ifdef BROKEN_INET_ADDR -! sin.sin_addr.s_addr = inet_network("127.0.0.1"); -! #else /* BROKEN_INET_ADDR */ -! sin.sin_addr.s_addr = inet_addr("127.0.0.1"); -! #endif /* BROKEN_INET_ADDR */ -! sin.sin_port = htons(port); -! - /* Bind the socket to the address. */ -! if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) - packet_disconnect("bind: %.100s", strerror(errno)); - - /* Start listening for connections on the socket. */ ---- 1442,1451 ---- - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -! debug("Listening on %s port %s.", ntop, strport); -! - /* Bind the socket to the address. */ -! if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) - packet_disconnect("bind: %.100s", strerror(errno)); - - /* Start listening for connections on the socket. */ -*************** -*** 1448,1453 **** ---- 1458,1466 ---- - strcpy(channels[ch].path, host); /* note: host name stored here */ - channels[ch].host_port = host_port; /* port on host to connect to */ - channels[ch].listening_port = port; /* port being listened */ -+ -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); - } - - /* Initiate forwarding of connections to port "port" on remote host through -*************** -*** 1636,1644 **** - void channel_input_port_open(void) - { - int remote_channel, sock, newch, host_port, i; -- struct sockaddr_in sin; - char *host, *originator_string; -! struct hostent *hp; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); ---- 1649,1658 ---- - void channel_input_port_open(void) - { - int remote_channel, sock, newch, host_port, i; - char *host, *originator_string; -! struct addrinfo hints, *ai, *aitop; -! char ntop[ADDRSTRLEN], strport[PORTSTRLEN]; -! int gaierr; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); -*************** -*** 1678,1713 **** - } - } - -! memset(&sin, 0, sizeof(sin)); -! #ifdef BROKEN_INET_ADDR -! sin.sin_addr.s_addr = inet_network(host); -! #else /* BROKEN_INET_ADDR */ -! sin.sin_addr.s_addr = inet_addr(host); -! #endif /* BROKEN_INET_ADDR */ -! if ((sin.sin_addr.s_addr & 0xffffffff) != 0xffffffff) -! { -! /* It was a valid numeric host address. */ -! sin.sin_family = AF_INET; -! } -! else - { -! /* Look up the host address from the name servers. */ -! hp = gethostbyname(host); -! if (!hp) -! { -! error("%.100s: unknown host.", host); -! goto fail; -! } -! if (!hp->h_addr_list[0]) -! { -! error("%.100s: host has no IP address.", host); -! goto fail; -! } -! sin.sin_family = hp->h_addrtype; -! memcpy(&sin.sin_addr, hp->h_addr_list[0], -! sizeof(sin.sin_addr)); - } -- sin.sin_port = htons(host_port); - - #ifdef F_SECURE_COMMERCIAL - ---- 1692,1706 ---- - } - } - -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", host_port); -! if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) - { -! error("%.100s: unknown host (%s)", host, gai_strerror(gaierr)); -! goto fail; - } - - #ifdef F_SECURE_COMMERCIAL - -*************** -*** 1744,1751 **** - - #endif /* F_SECURE_COMMERCIAL */ - - /* Create the socket. */ -! sock = socket(sin.sin_family, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); ---- 1737,1751 ---- - - #endif /* F_SECURE_COMMERCIAL */ - -+ for (ai = aitop; ai; ai = ai->ai_next) -+ { -+ -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ ntop, sizeof(ntop), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV); -+ - /* Create the socket. */ -! sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); -*************** -*** 1753,1767 **** - } - - /* Connect to the host/port. */ -! if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) - { -! error("connect %.100s:%d: %.100s", host, host_port, -! strerror(errno)); - close(sock); - goto fail; - } - - /* Successful connection. */ - - #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN) - (void)fcntl(sock, F_SETFL, O_NONBLOCK); ---- 1753,1777 ---- - } - - /* Connect to the host/port. */ -! if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -! debug("connect %.100s port %s: %.100s", ntop, strport, strerror(errno)); - close(sock); -+ continue; /* fail -- try next */ -+ } -+ break; /* success */ -+ -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); -+ -+ if (!ai) -+ { -+ error("connect %.100s:%d: failed.", host, host_port); - goto fail; - } - - /* Successful connection. */ -+ debug("Connecting to %.200s [%.100s] port %s.", host, ntop, strport); - - #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN) - (void)fcntl(sock, F_SETFL, O_NONBLOCK); -*************** -*** 1803,1809 **** - { - extern ServerOptions options; - int display_number, port, sock; -! struct sockaddr_in sin; - char buf[512]; - #ifdef HAVE_GETHOSTNAME - char hostname[257]; ---- 1813,1822 ---- - { - extern ServerOptions options; - int display_number, port, sock; -! struct addrinfo hints, *ai, *aitop; -! char strport[PORTSTRLEN]; -! #define NUM_SOCKS 10 -! int gaierr, n, nn, num_socks = 0, socks[NUM_SOCKS]; - char buf[512]; - #ifdef HAVE_GETHOSTNAME - char hostname[257]; -*************** -*** 1817,1828 **** - for (display_number = options.x11_display_offset; display_number < MAX_DISPLAYS; display_number++) - { - port = 6000 + display_number; -! memset(&sin, 0, sizeof(sin)); -! sin.sin_family = AF_INET; -! sin.sin_addr.s_addr = INADDR_ANY; -! sin.sin_port = htons(port); - -! sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); ---- 1830,1850 ---- - for (display_number = options.x11_display_offset; display_number < MAX_DISPLAYS; display_number++) - { - port = 6000 + display_number; -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_flags = AI_PASSIVE; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", port); -! if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) -! { -! error("getaddrinfo: %.100s", gai_strerror(gaierr)); -! return NULL; -! } -! -! for (ai = aitop; ai; ai = ai->ai_next) -! { - -! sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { - error("socket: %.100s", strerror(errno)); -*************** -*** 1835,1847 **** - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -! if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) - { - debug("bind port %d: %.100s", port, strerror(errno)); - shutdown(sock, 2); - close(sock); -! continue; - } - break; - } - if (display_number >= MAX_DISPLAYS) ---- 1857,1882 ---- - (void)fcntl(sock, F_SETFL, O_NDELAY); - #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */ - -! if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { - debug("bind port %d: %.100s", port, strerror(errno)); - shutdown(sock, 2); - close(sock); -! for (n = 0; n < num_socks; n++) -! { -! shutdown(socks[n], 2); -! close(socks[n]); -! } -! num_socks = 0; -! break; - } -+ -+ socks[num_socks++] = sock; -+ if (num_socks == NUM_SOCKS) -+ break; -+ } /* for (ai = aitop; ai; ai = ai->ai_next) */ -+ -+ if (num_socks > 0) - break; - } - if (display_number >= MAX_DISPLAYS) -*************** -*** 1851,1863 **** ---- 1886,1907 ---- - } - - /* Start listening for connections on the socket. */ -+ for (n = 0; n < num_socks; n++) -+ { -+ sock = socks[n]; - if (listen(sock, 5) < 0) - { - error("listen: %.100s", strerror(errno)); - shutdown(sock, 2); - close(sock); -+ for (nn = 0; nn < n; nn++) -+ { -+ shutdown(socks[nn], 2); -+ close(socks[nn]); -+ } - return NULL; - } -+ } /* for (n = 0; n < num_socks; n++) */ - - /* Set up a suitable value for the DISPLAY variable. */ - #ifdef NONSTANDARD_IP_ADDRESS_X11_KLUDGE -*************** -*** 1868,1877 **** - if (gethostname(hostname, sizeof(hostname)) < 0) - fatal("gethostname: %.100s", strerror(errno)); - { -! struct hostent *hp; -! struct in_addr addr; -! hp = gethostbyname(hostname); -! if (hp == NULL || !hp->h_addr_list[0]) - { - error("Could not get server IP address for %.200s.", hostname); - packet_send_debug("Could not get server IP address for %.200s.", ---- 1912,1922 ---- - if (gethostname(hostname, sizeof(hostname)) < 0) - fatal("gethostname: %.100s", strerror(errno)); - { -! struct addrinfo hints, *ai; -! char ntop[ADDRSTRLEN]; -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! if (getaddrinfo(hostname, NULL, &hints, &ai) != 0 || !ai) - { - error("Could not get server IP address for %.200s.", hostname); - packet_send_debug("Could not get server IP address for %.200s.", -*************** -*** 1880,1888 **** - close(sock); - return NULL; - } -! memcpy(&addr, hp->h_addr_list[0], sizeof(addr)); - snprintf(buf, sizeof(buf), -! "%.100s:%d.%d", inet_ntoa(addr), display_number, - screen_number); - } - #else /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ ---- 1925,1934 ---- - close(sock); - return NULL; - } -! getnameinfo(ai->ai_addr, ai->ai_addrlen, -! ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST); - snprintf(buf, sizeof(buf), -! "%.100s:%d.%d", ntop, display_number, - screen_number); - } - #else /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ -*************** -*** 1891,1896 **** ---- 1937,1945 ---- - fatal("gethostname: %.100s", strerror(errno)); - snprintf(buf, sizeof(buf), - "%.400s:%d.%d", hostname, display_number, screen_number); -+ #if __FreeBSD_version >= 320000 -+ trimdomain(buf, UT_HOSTSIZE); -+ #endif - #else /* HAVE_GETHOSTNAME */ - if (uname(&uts) < 0) - fatal("uname: %.100s", strerror(errno)); -*************** -*** 1900,1907 **** ---- 1949,1960 ---- - #endif /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */ - - /* Allocate a channel for the socket. */ -+ for (n = 0; n < num_socks; n++) -+ { -+ sock = socks[n]; - (void)channel_allocate(SSH_CHANNEL_X11_LISTENER, sock, - xstrdup("X11 inet listener")); -+ } /* for (n = 0; n < num_socks; n++) */ - - /* Return a suitable value for the DISPLAY environment variable. */ - return xstrdup(buf); -*************** -*** 1916,1924 **** - int remote_channel, display_number, sock, newch; - const char *display; - struct sockaddr_un ssun; -- struct sockaddr_in sin; - char buf[255], *cp, *remote_host; -! struct hostent *hp; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); ---- 1969,1978 ---- - int remote_channel, display_number, sock, newch; - const char *display; - struct sockaddr_un ssun; - char buf[255], *cp, *remote_host; -! struct addrinfo hints, *ai, *aitop; -! char strport[PORTSTRLEN]; -! int gaierr; - - /* Get remote channel number. */ - remote_channel = packet_get_int(); -*************** -*** 2058,2110 **** - goto fail; - } - -! /* Try to parse the host name as a numeric IP address. */ -! memset(&sin, 0, sizeof(sin)); -! #ifdef BROKEN_INET_ADDR -! sin.sin_addr.s_addr = inet_network(buf); -! #else /* BROKEN_INET_ADDR */ -! sin.sin_addr.s_addr = inet_addr(buf); -! #endif /* BROKEN_INET_ADDR */ -! if ((sin.sin_addr.s_addr & 0xffffffff) != 0xffffffff) - { -! /* It was a valid numeric host address. */ -! sin.sin_family = AF_INET; - } -! else - { -- /* Not a numeric IP address. */ -- /* Look up the host address from the name servers. */ -- hp = gethostbyname(buf); -- if (!hp) -- { -- error("%.100s: unknown host.", buf); -- goto fail; -- } -- if (!hp->h_addr_list[0]) -- { -- error("%.100s: host has no IP address.", buf); -- goto fail; -- } -- sin.sin_family = hp->h_addrtype; -- memcpy(&sin.sin_addr, hp->h_addr_list[0], -- sizeof(sin.sin_addr)); -- } -- /* Set port number. */ -- sin.sin_port = htons(6000 + display_number); - - /* Create a socket. */ -! sock = socket(sin.sin_family, SOCK_STREAM, 0); - if (sock < 0) - { -! error("socket: %.100s", strerror(errno)); -! goto fail; - } - /* Connect it to the display. */ -! if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) - { -! error("connect %.100s:%d: %.100s", buf, 6000 + display_number, - strerror(errno)); - close(sock); - goto fail; - } - ---- 2112,2155 ---- - goto fail; - } - -! /* Look up the host address */ -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = IPv4or6; -! hints.ai_socktype = SOCK_STREAM; -! sprintf(strport, "%d", 6000 + display_number); -! if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) - { -! error("%.100s: unknown host. (%s)", buf, gai_strerror(gaierr)); -! goto fail; - } -! -! for (ai = aitop; ai; ai = ai->ai_next) - { - - /* Create a socket. */ -! sock = socket(ai->ai_family, SOCK_STREAM, 0); - if (sock < 0) - { -! debug("socket: %.100s", strerror(errno)); -! continue; - } - /* Connect it to the display. */ -! if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) - { -! debug("connect %.100s:%d: %.100s", buf, 6000 + display_number, - strerror(errno)); - close(sock); -+ continue; -+ } -+ /* Success */ -+ break; -+ -+ } /* (ai = aitop, ai; ai = ai->ai_next) */ -+ freeaddrinfo(aitop); -+ if (!ai) -+ { -+ error("connect %.100s:%d: %.100s", buf, 6000 + display_number, -+ strerror(errno)); - goto fail; - } - -*************** -*** 2412,2417 **** ---- 2457,2466 ---- - ssh-agent connections on your system */ - old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - -+ /* Make sure the socket doesn't already exist, left over from a system -+ crash perhaps. */ -+ unlink(channel_forwarded_auth_socket_name); -+ - if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0) - packet_disconnect("Agent socket bind failed: %.100s", strerror(errno)); - diff --git a/security/ssh/files/patch-aw b/security/ssh/files/patch-aw deleted file mode 100644 index 697f32393bf6..000000000000 --- a/security/ssh/files/patch-aw +++ /dev/null @@ -1,73 +0,0 @@ -*** login.c.orig Tue Jan 11 20:36:37 2000 ---- login.c Tue Jan 11 20:36:34 2000 -*************** -*** 117,122 **** ---- 117,125 ---- - #include <hpsecurity.h> - #include <prot.h> - #endif /* HAVE_HPUX_TCB_AUTH */ -+ #ifdef __FreeBSD__ -+ #include <osreldate.h> -+ #endif - #include "ssh.h" - - /* Returns the time when the user last logged in. Returns 0 if the -*************** -*** 255,261 **** - were more standardized. */ - - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -! const char *host, struct sockaddr_in *addr) - { - int fd; - ---- 258,264 ---- - were more standardized. */ - - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -! const char *host, struct sockaddr *addr) - { - int fd; - -*************** -*** 301,317 **** - strncpy(u.ut_user, user, sizeof(u.ut_user)); - #endif /* HAVE_NAME_IN_UTMP */ - #ifdef HAVE_HOST_IN_UTMP -- strncpy(u.ut_host, host, sizeof(u.ut_host)); - #ifdef __FreeBSD__ - if (strlen(host) > sizeof(u.ut_host)) { - strncpy(u.ut_host, get_remote_ipaddr(), sizeof(u.ut_host)); -! } - #endif /* __FreeBSD__ */ - #endif /* HAVE_HOST_IN_UTMP */ - #ifdef HAVE_ADDR_IN_UTMP - if (addr) - memcpy(&u.ut_addr, &addr->sin_addr, sizeof(u.ut_addr)); - else - memset(&u.ut_addr, 0, sizeof(u.ut_addr)); - #endif - ---- 304,325 ---- - strncpy(u.ut_user, user, sizeof(u.ut_user)); - #endif /* HAVE_NAME_IN_UTMP */ - #ifdef HAVE_HOST_IN_UTMP - #ifdef __FreeBSD__ -+ #if __FreeBSD_version >= 320000 -+ trimdomain(host, sizeof u.ut_host); -+ #endif - if (strlen(host) > sizeof(u.ut_host)) { - strncpy(u.ut_host, get_remote_ipaddr(), sizeof(u.ut_host)); -! } else - #endif /* __FreeBSD__ */ -+ strncpy(u.ut_host, host, sizeof(u.ut_host)); - #endif /* HAVE_HOST_IN_UTMP */ - #ifdef HAVE_ADDR_IN_UTMP -+ #if 0 /* XXX */ - if (addr) - memcpy(&u.ut_addr, &addr->sin_addr, sizeof(u.ut_addr)); - else -+ #endif /* XXX */ - memset(&u.ut_addr, 0, sizeof(u.ut_addr)); - #endif - diff --git a/security/ssh/files/patch-ba b/security/ssh/files/patch-ba deleted file mode 100644 index 69ad90067e8c..000000000000 --- a/security/ssh/files/patch-ba +++ /dev/null @@ -1,176 +0,0 @@ -*** README-IPv6.orig Mon Jan 10 22:56:13 2000 ---- README-IPv6 Mon Jan 10 22:56:13 2000 -*************** -*** 0 **** ---- 1,171 ---- -+ ssh-1.2.27-IPv6 version 1.5 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * ssh-1.2.27-IPv6 can handle both IPv4 and IPv6. -+ -+ To enable sshd/ssh to handle both IPv4 and IPv6, -+ -+ ./configure --enable-ipv6 -+ -+ Otherwise sshd/ssh handle IPv4 only as same as original ssh. -+ -+ * You can have multiple ListenAddress lines in /etc/sshd_config. -+ It means that sshd can listen multiple addresses. -+ -+ Example1: sshd will bind on these four adresses. -+ -+ ListenAddress 202.249.17.50 -+ ListenAddress 202.249.17.137 -+ ListenAddress 3ffe:501:c0b::1 -+ ListenAddress 3ffe:501:c0b:20:2a0:c9ff:fe3e:f5fc -+ -+ Example2: as same as example1. -+ (Because bertemu.rcac.tdi.co.jp has these four addresses.) -+ -+ ListenAddress bertemu.rcac.tdi.co.jp -+ -+ Example3: sshd will bind on any address both IPv4 and IPv6. -+ -+ ListenAddress :: -+ ListenAddress 0.0.0.0 -+ -+ Example4: as same as example3. -+ -+ No ListenAddress line in /etc/sshd_config. -+ -+ * You don't mind whether the host has IPv4 or IPv6 address. -+ You can also specify using only IPv4 (or only IPv6). -+ -+ Example1: ssh will try all IPv4 and IPv6 addresses that the host has. -+ -+ ssh host -+ -+ Example2: ssh will try all IPv4 addresses that the host has. -+ -+ ssh -4 host -+ -+ Example3: ssh will try all IPv6 addresses that the host has. -+ -+ ssh -6 host -+ -+ * You can have multiple Port lines in /etc/sshd_config and -p options. -+ It means that sshd can listen multiple ports, not only port 22. -+ -+ For example, you run sshd that listens port 22 and port 722, -+ and you can use port 22 for slogin and port 722 for scp. -+ It's useful if you have preference for interactive traffic in the router. -+ -+ You can have "AnotherPort 722" line in /etc/ssh_config or your -+ config file (maybe ~/.ssh/config). In this case, ssh with -A option -+ try to connect to port 722 at first, and try to connect to original -+ port (maybe port 22) if port 722 fails. scp executes ssh with -A option. -+ -+ * IPv6 supported platform -+ -+ IPv6 feature is available on follwing platforms now. -+ -+ kame -- http://www.kame.net/ (used to be called Hydrangea) -+ v6d -- http://onoe2.sm.sony.co.jp/ipv6/ (IPv6 daemon) -+ -+ On the other environments you can compile and run ssh-1.2.27-IPv6 if -+ you have a good getaddrinfo() in your library. -+ -+ * How to get ssh-1.2.27-IPv6 -+ -+ You can get tar.gz or patch to ssh-1.2.27.tar.gz: -+ -+ ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ssh-1.2.27-IPv6-1.5.tar.gz -+ ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ssh-1.2.27-IPv6-1.5-patch.gz -+ -+ * How to install ssh-1.2.27-IPv6 -+ -+ Apply ssh-1.2.27-IPv6-1.5-patch to ssh-1.2.27.tar.gz (or use -+ ssh-1.2.27-IPv6-1.5.tar.gz) and then see INSTALL file of ssh-1.2.27. -+ -+ If you want to enable ssh to handle IPv6, for example, -+ -+ % ./configure --enable-ipv6 -+ % make -+ % make install -+ -+ and you will be able to enjoy ssh handling both IPv6 and IPv4. -+ -+ * Change Log -+ -+ v1.5 1999-05-15 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * for ssh-1.2.27 -+ * supported scp with bracketed ipv6 ip address -+ * used struct sockaddr_storage instead of union sockunion -+ -+ v1.4 1998-08-21 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed ipv6 address checking bug at match_host() in match.c -+ * cleanup comparing ip address at get_remote_hostname() in canohost.c -+ -+ v1.3 1998-08-14 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed ipv6 address checking bug at match_host() in match.c -+ pointed out by Kenji Rikitake <kenji@k2r.org> -+ -+ v1.2.2 1998-08-07 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed IPv6 enable checking bug in configure.in -+ -+ v1.2.1 1998-08-05 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * fixed AuthLog enable handling bug -+ -+ v1.2 1998-08-01 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * for ssh-1.2.26 -+ -+ v1.1.5 1998-06-13 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * supported AuthLog (logging authenticated info) in /etc/sshd_config -+ -+ v1.1.4 1998-06-11 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * supported multiple Port lines in /etc/sshd_config -+ * supported AnotherPort line in /etc/ssh_config -+ * supported -A option of ssh for another port try -+ -+ v1.1.3 1998-06-01 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * X11 connection forwarding IPv6 support -+ * removeed all hostent and sockaddr_in from *.c -+ -+ v1.1.2 1998-05-31 Jun-ichiro itojun Itoh <itojun@itojun.org> -+ -+ * configuration support for v6d. -+ -+ v1.1.1 1998-05-31 Jun-ichiro itojun Itoh <itojun@itojun.org> -+ -+ * add getaddinfo.c, getnameinfo.c and gai.h (delete fakelibinet6.c) -+ * configure checks whether getaddrinfo exists or not. -+ -+ v1.1 1998-05-31 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * add fakelibinet6.c (including getaddrinfo and getnameinfo) -+ * compilation support on non-IPv6 environment. -+ * fixed port forwarding bug -+ -+ v1.0.1 1998-05-30 Jun-ichiro itojun Itoh <itojun@itojun.org> -+ -+ * add ENABLE_IPV6 flag. -+ * configuration support --enable-ipv6 for IPv6 platforms. -+ -+ v1.0 1998-05-30 created by KIKUCHI Takahiro <kick@kyoto.wide.ad.jp> -+ -+ * first release -+ * IPv6 support except X11 connection forwarding -+ -+ * Guideline for making this patch -+ -+ * protocol family independent (using AF_UNSPEC) -+ * use getaddrinfo and getnameinfo (see RFC2133) -+ * don't use sockaddr_in and AF_INET (but option -4 uses AF_INET) -+ * don't use sockaddr_in6 and AF_INET6 (but option -6 uses AF_INET6) -+ * don't use gethostbyname, gethostbyaddr and hostent -+ * listen to all addresses for all available protocol family -+ * try to connect to all addresses for all available protocol family -+ diff --git a/security/ssh/files/patch-bb b/security/ssh/files/patch-bb deleted file mode 100644 index 945e1fd83b2e..000000000000 --- a/security/ssh/files/patch-bb +++ /dev/null @@ -1,29 +0,0 @@ -*** acconfig.h.orig Wed May 12 13:19:23 1999 ---- acconfig.h Mon Jan 10 22:56:13 2000 -*************** -*** 274,279 **** ---- 274,297 ---- - /etc/nologin.allow. */ - #undef NOLOGIN_ALLOW - -+ /* Define this if you have struct sockaddr_storage. */ -+ #undef HAVE_SOCKADDR_STORAGE -+ -+ /* Define this if you have __sa_family in struct sockaddr_storage. */ -+ #undef HAVE_NEW_SS_FAMILY -+ -+ /* Define this if you have ss_len in struct sockaddr. */ -+ #undef HAVE_SOCKADDR_LEN -+ -+ /* Define this if you want to enable IPv6 support. */ -+ #undef ENABLE_IPV6 -+ -+ /* Define this if you want to enable another port try support. */ -+ #undef ENABLE_ANOTHER_PORT_TRY -+ -+ /* Define this if you want to enable logging auth info support. */ -+ #undef ENABLE_LOG_AUTH -+ - /* Where to find the X11 socket */ - #undef X11_DIR - diff --git a/security/ssh/files/patch-bc b/security/ssh/files/patch-bc deleted file mode 100644 index 63b079f2e35c..000000000000 --- a/security/ssh/files/patch-bc +++ /dev/null @@ -1,401 +0,0 @@ -*** canohost.c.orig Wed May 12 13:19:24 1999 ---- canohost.c Mon Jan 10 22:56:13 2000 -*************** -*** 59,68 **** - - char *get_remote_hostname(int socket) - { -! struct sockaddr_in from; - int fromlen, i; -! struct hostent *hp; - char name[255]; - - /* Get IP address of client. */ - fromlen = sizeof(from); ---- 59,69 ---- - - char *get_remote_hostname(int socket) - { -! struct sockaddr_storage from; - int fromlen, i; -! struct addrinfo hints, *ai, *aitop; - char name[255]; -+ char ntop[ADDRSTRLEN], ntop2[ADDRSTRLEN]; - - /* Get IP address of client. */ - fromlen = sizeof(from); -*************** -*** 73,86 **** - strcpy(name, "UNKNOWN"); - goto check_ip_options; - } - - /* Map the IP address to a host name. */ -! hp = gethostbyaddr((char *)&from.sin_addr, sizeof(struct in_addr), -! from.sin_family); -! if (hp) - { - /* Got host name. */ -- strncpy(name, hp->h_name, sizeof(name)); - name[sizeof(name) - 1] = '\0'; - - /* Convert it to all lowercase (which is expected by the rest of this ---- 74,89 ---- - strcpy(name, "UNKNOWN"); - goto check_ip_options; - } -+ -+ getnameinfo((struct sockaddr *)&from, fromlen, -+ ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST); - - /* Map the IP address to a host name. */ -! if (getnameinfo((struct sockaddr *)&from, fromlen, -! name, sizeof(name), -! NULL, 0, NI_NAMEREQD) == 0) - { - /* Got host name. */ - name[sizeof(name) - 1] = '\0'; - - /* Convert it to all lowercase (which is expected by the rest of this -*************** -*** 95,119 **** - Mapping from name to IP address can be trusted better (but can still - be fooled if the intruder has access to the name server of the - domain). */ -! hp = gethostbyname(name); -! if (!hp) - { - log_msg("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name); -! strcpy(name, inet_ntoa(from.sin_addr)); - goto check_ip_options; - } - /* Look for the address from the list of addresses. */ -! for (i = 0; hp->h_addr_list[i]; i++) -! if (memcmp(hp->h_addr_list[i], &from.sin_addr, sizeof(from.sin_addr)) -! == 0) -! break; - /* If we reached the end of the list, the address was not there. */ -! if (!hp->h_addr_list[i]) - { - /* Address not found for the host name. */ - log_msg("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!", -! inet_ntoa(from.sin_addr), name); -! strcpy(name, inet_ntoa(from.sin_addr)); - goto check_ip_options; - } - /* Address was found for the host name. We accept the host name. */ ---- 98,127 ---- - Mapping from name to IP address can be trusted better (but can still - be fooled if the intruder has access to the name server of the - domain). */ -! memset(&hints, 0, sizeof(hints)); -! hints.ai_family = from.__ss_family; -! if (getaddrinfo(name, NULL, &hints, &aitop) != 0) - { - log_msg("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name); -! strcpy(name, ntop); - goto check_ip_options; - } - /* Look for the address from the list of addresses. */ -! for (ai = aitop; ai; ai = ai->ai_next) -! { -! getnameinfo(ai->ai_addr, ai->ai_addrlen, -! ntop2, sizeof(ntop2), NULL, 0, NI_NUMERICHOST); -! if (strcmp(ntop, ntop2) == 0) -! break; -! } -! freeaddrinfo(aitop); - /* If we reached the end of the list, the address was not there. */ -! if (!ai) - { - /* Address not found for the host name. */ - log_msg("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!", -! ntop, name); -! strcpy(name, ntop); - goto check_ip_options; - } - /* Address was found for the host name. We accept the host name. */ -*************** -*** 121,127 **** - else - { - /* Host name not found. Use ascii representation of the address. */ -! strcpy(name, inet_ntoa(from.sin_addr)); - log_msg("Could not reverse map address %.100s.", name); - } - ---- 129,135 ---- - else - { - /* Host name not found. Use ascii representation of the address. */ -! strcpy(name, ntop); - log_msg("Could not reverse map address %.100s.", name); - } - -*************** -*** 136,141 **** ---- 144,150 ---- - Notice also that if we just dropped source routing here, the other - side could use IP spoofing to do rest of the interaction and could still - bypass security. So we exit here if we detect any IP options. */ -+ if (from.__ss_family == AF_INET) /* IP options -- IPv4 only */ - { - unsigned char options[200], *ucp; - char text[1024], *cp; -*************** -*** 157,165 **** - for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3) - sprintf(cp, " %2.2x", *ucp); - log_msg("Connection from %.100s with IP options:%.800s", -! inet_ntoa(from.sin_addr), text); - packet_disconnect("Connection from %.100s with IP options:%.800s", -! inet_ntoa(from.sin_addr), text); - } - } - #endif ---- 166,174 ---- - for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3) - sprintf(cp, " %2.2x", *ucp); - log_msg("Connection from %.100s with IP options:%.800s", -! ntop, text); - packet_disconnect("Connection from %.100s with IP options:%.800s", -! ntop, text); - } - } - #endif -*************** -*** 177,183 **** - const char *get_canonical_hostname(void) - { - int fromlen, tolen; -! struct sockaddr_in from, to; - - /* Check if we have previously retrieved this same name. */ - if (canonical_host_name != NULL) ---- 186,192 ---- - const char *get_canonical_hostname(void) - { - int fromlen, tolen; -! struct sockaddr_storage from, to; - - /* Check if we have previously retrieved this same name. */ - if (canonical_host_name != NULL) -*************** -*** 200,207 **** - &tolen) < 0) - goto no_ip_addr; - -! if (from.sin_family == AF_INET && to.sin_family == AF_INET && -! memcmp(&from, &to, sizeof(from)) == 0) - goto return_ip_addr; - - no_ip_addr: ---- 209,215 ---- - &tolen) < 0) - goto no_ip_addr; - -! if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) - goto return_ip_addr; - - no_ip_addr: -*************** -*** 221,228 **** - - const char *get_remote_ipaddr(void) - { -! struct sockaddr_in from, to; - int fromlen, tolen, socket; - - /* Check if we have previously retrieved this same name. */ - if (canonical_host_ip != NULL) ---- 229,237 ---- - - const char *get_remote_ipaddr(void) - { -! struct sockaddr_storage from, to; - int fromlen, tolen, socket; -+ char ntop[ADDRSTRLEN]; - - /* Check if we have previously retrieved this same name. */ - if (canonical_host_ip != NULL) -*************** -*** 245,252 **** - &tolen) < 0) - goto no_ip_addr; - -! if (from.sin_family == AF_INET && to.sin_family == AF_INET && -! memcmp(&from, &to, sizeof(from)) == 0) - goto return_ip_addr; - - no_ip_addr: ---- 254,260 ---- - &tolen) < 0) - goto no_ip_addr; - -! if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) - goto return_ip_addr; - - no_ip_addr: -*************** -*** 269,275 **** - } - - /* Get the IP address in ascii. */ -! canonical_host_ip = xstrdup(inet_ntoa(from.sin_addr)); - - /* Return ip address string. */ - return canonical_host_ip; ---- 277,285 ---- - } - - /* Get the IP address in ascii. */ -! getnameinfo((struct sockaddr *)&from, fromlen, -! ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST); -! canonical_host_ip = xstrdup(ntop); - - /* Return ip address string. */ - return canonical_host_ip; -*************** -*** 279,286 **** - - int get_peer_port(int sock) - { -! struct sockaddr_in from; - int fromlen; - - /* Get IP address of client. */ - fromlen = sizeof(from); ---- 289,297 ---- - - int get_peer_port(int sock) - { -! struct sockaddr_storage from; - int fromlen; -+ char strport[PORTSTRLEN]; - - /* Get IP address of client. */ - fromlen = sizeof(from); -*************** -*** 292,298 **** - } - - /* Return port number. */ -! return ntohs(from.sin_port); - } - - /* Returns the port number of the remote host. */ ---- 303,311 ---- - } - - /* Return port number. */ -! getnameinfo((struct sockaddr *)&from, fromlen, -! NULL, 0, strport, sizeof(strport), NI_NUMERICSERV); -! return atoi(strport); - } - - /* Returns the port number of the remote host. */ -*************** -*** 301,307 **** - { - int socket; - int fromlen, tolen; -! struct sockaddr_in from, to; - - /* If two different descriptors, check if they are internet-domain, and - have the same address. */ ---- 314,320 ---- - { - int socket; - int fromlen, tolen; -! struct sockaddr_storage from, to; - - /* If two different descriptors, check if they are internet-domain, and - have the same address. */ -*************** -*** 319,326 **** - &tolen) < 0) - goto no_ip_addr; - -! if (from.sin_family == AF_INET && to.sin_family == AF_INET && -! memcmp(&from, &to, sizeof(from)) == 0) - goto return_port; - - no_ip_addr: ---- 332,338 ---- - &tolen) < 0) - goto no_ip_addr; - -! if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) - goto return_port; - - no_ip_addr: -*************** -*** 335,337 **** ---- 347,413 ---- - /* Get and return the peer port number. */ - return get_peer_port(socket); - } -+ -+ /* Returns the port of the local of the socket. */ -+ -+ int get_sock_port(int sock) -+ { -+ struct sockaddr_storage from; -+ int fromlen; -+ char strport[PORTSTRLEN]; -+ -+ /* Get IP address of client. */ -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) -+ { -+ error("getsockname failed: %.100s", strerror(errno)); -+ return 0; -+ } -+ -+ /* Return port number. */ -+ getnameinfo((struct sockaddr *)&from, fromlen, -+ NULL, 0, strport, sizeof(strport), NI_NUMERICSERV); -+ return atoi(strport); -+ } -+ -+ /* Returns the port number of the local host. */ -+ -+ int get_local_port() -+ { -+ int socket; -+ int fromlen, tolen; -+ struct sockaddr_storage from, to; -+ -+ /* If two different descriptors, check if they are internet-domain, and -+ have the same address. */ -+ if (packet_get_connection_in() != packet_get_connection_out()) -+ { -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getsockname(packet_get_connection_in(), (struct sockaddr *)&from, -+ &fromlen) < 0) -+ goto no_ip_addr; -+ -+ tolen = sizeof(to); -+ memset(&to, 0, sizeof(to)); -+ if (getsockname(packet_get_connection_out(), (struct sockaddr *)&to, -+ &tolen) < 0) -+ goto no_ip_addr; -+ -+ if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0) -+ goto return_port; -+ -+ no_ip_addr: -+ return 65535; -+ } -+ -+ return_port: -+ -+ /* Get client socket. */ -+ socket = packet_get_connection_in(); -+ -+ /* Get and return the local port number. */ -+ return get_sock_port(socket); -+ } -+ diff --git a/security/ssh/files/patch-bd b/security/ssh/files/patch-bd deleted file mode 100644 index 7cb3c119c216..000000000000 --- a/security/ssh/files/patch-bd +++ /dev/null @@ -1,60 +0,0 @@ -*** config.h.in.orig Wed May 12 13:20:04 1999 ---- config.h.in Thu Feb 24 17:12:10 2000 -*************** -*** 285,290 **** ---- 285,292 ---- - #undef Rdup2 - #undef Rfclose - #undef Rgethostbyname -+ #undef Rgetaddrinfo -+ - - /* Set this to allow group writeability of $HOME, .ssh and authorized_keys */ - #undef ALLOW_GROUP_WRITEABILITY -*************** -*** 323,328 **** ---- 325,348 ---- - /etc/nologin.allow. */ - #undef NOLOGIN_ALLOW - -+ /* Define this if you have struct sockaddr_storage. */ -+ #undef HAVE_SOCKADDR_STORAGE -+ -+ /* Define this if you have __sa_family in struct sockaddr_storage. */ -+ #undef HAVE_NEW_SS_FAMILY -+ -+ /* Define this if you have ss_len in struct sockaddr. */ -+ #undef HAVE_SOCKADDR_LEN -+ -+ /* Define this if you want to enable IPv6 support. */ -+ #undef ENABLE_IPV6 -+ -+ /* Define this if you want to enable another port try support. */ -+ #undef ENABLE_ANOTHER_PORT_TRY -+ -+ /* Define this if you want to enable logging auth info support. */ -+ #undef ENABLE_LOG_AUTH -+ - /* Where to find the X11 socket */ - #undef X11_DIR - -*************** -*** 375,385 **** ---- 395,411 ---- - /* Define if you have the ftruncate function. */ - #undef HAVE_FTRUNCATE - -+ /* Define if you have the getaddrinfo function. */ -+ #undef HAVE_GETADDRINFO -+ - /* Define if you have the getdtablesize function. */ - #undef HAVE_GETDTABLESIZE - - /* Define if you have the gethostname function. */ - #undef HAVE_GETHOSTNAME -+ -+ /* Define if you have the getnameinfo function. */ -+ #undef HAVE_GETNAMEINFO - - /* Define if you have the getpseudotty function. */ - #undef HAVE_GETPSEUDOTTY diff --git a/security/ssh/files/patch-be b/security/ssh/files/patch-be deleted file mode 100644 index 553d8e6447f2..000000000000 --- a/security/ssh/files/patch-be +++ /dev/null @@ -1,370 +0,0 @@ ---- configure.in.orig Thu Jan 17 08:36:05 2002 -+++ configure.in Wed Jan 8 18:24:51 2003 -@@ -30,8 +30,140 @@ - fi - - AC_PROG_CC -+AC_PROG_CPP - AC_ISC_POSIX - -+AC_MSG_CHECKING([whether to enable ipv6]) -+AC_ARG_ENABLE(ipv6, -+[ --enable-ipv6 Enable ipv6 (with ipv4) support -+ --disable-ipv6 Disable ipv6 support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ipv6=no -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_IPV6) -+ ipv6=yes -+ ;; -+ esac ], -+ -+ AC_TRY_RUN([ /* AF_INET6 avalable check */ -+#include <sys/types.h> -+#include <sys/socket.h> -+main() -+{ -+ if (socket(AF_INET6, SOCK_STREAM, 0) < 0) -+ exit(1); -+ else -+ exit(0); -+} -+], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_IPV6) -+ ipv6=yes, -+ AC_MSG_RESULT(no) -+ ipv6=no, -+ AC_MSG_RESULT(no) -+ ipv6=no -+)) -+ -+ipv6type=unknown -+ipv6lib=none -+ -+if test "$ipv6" = "yes"; then -+ AC_MSG_CHECKING([ipv6 stack type]) -+ for i in inria kame linux toshiba v6d zeta; do -+ case $i in -+ inria) -+ dnl http://www.kame.net/ -+ AC_EGREP_CPP(yes, [dnl -+#include <netinet/in.h> -+#ifdef IPV6_INRIA_VERSION -+yes -+#endif], -+ [ipv6type=$i; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ kame) -+ dnl http://www.kame.net/ -+ AC_EGREP_CPP(yes, [dnl -+#include <netinet/in.h> -+#ifdef __KAME__ -+yes -+#endif], -+ [ipv6type=$i; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ linux) -+ dnl http://www.v6.linux.or.jp/ -+ if test -d /usr/inet6; then -+ ipv6type=$i -+ ipv6lib=inet6 -+ ipv6libdir=/usr/inet6/lib -+ CPPFLAGS="-DINET6 -I/usr/inet6/include $CPPFLAGS" -+ fi -+ ;; -+ toshiba) -+ AC_EGREP_CPP(yes, [dnl -+#include <sys/param.h> -+#ifdef _TOSHIBA_INET6 -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=inet6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ v6d) -+ AC_EGREP_CPP(yes, [dnl -+#include </usr/local/v6/include/sys/v6config.h> -+#ifdef __V6D__ -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=v6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-I/usr/local/v6/include $CPPFLAGS"]) -+ ;; -+ zeta) -+ AC_EGREP_CPP(yes, [dnl -+#include <sys/param.h> -+#ifdef _ZETA_MINAMI_INET6 -+yes -+#endif], -+ [ipv6type=$i; -+ ipv6lib=inet6; -+ ipv6libdir=/usr/local/v6/lib; -+ CPPFLAGS="-DINET6 $CPPFLAGS"]) -+ ;; -+ esac -+ if test "$ipv6type" != "unknown"; then -+ break -+ fi -+ done -+ AC_MSG_RESULT($ipv6type) -+fi -+ -+if test "$ipv6" = "yes" -a -f /usr/local/v6/lib/libinet6.a; then -+ ac_inet6_LDFLAGS="inet6" -+ ipv6libdir=/usr/local/v6/lib -+ LDFLAGS="$LDFLAGS -L/usr/local/v6/lib" -+ AC_CHECK_LIB(inet6, getaddrinfo, , ipv6lib="$ac_inet6_LDFLAGS") -+fi -+ -+ -+if test "$ipv6" = "yes" -a "$ipv6lib" != "none"; then -+ if test -d $ipv6libdir -a -f $ipv6libdir/lib$ipv6lib.a; then -+ LIBS="-L$ipv6libdir -l$ipv6lib $LIBS" -+ else -+ echo 'Fatal: no $ipv6lib library found. cannot continue.' -+ echo "You need to fetch lib$ipv6lib.a from appropriate" -+ echo 'ipv6 kit and compile beforehand.' -+ exit 1 -+ fi -+fi -+ - AC_DEFINE_UNQUOTED(HOSTTYPE, "$host") - - case "$host" in -@@ -313,7 +445,7 @@ - - # Socket pairs appear to be broken on several systems. I don't know exactly - # where, so I'll use pipes everywhere for now. --AC_DEFINE(USE_PIPES) -+# AC_DEFINE(USE_PIPES) - - AC_MSG_CHECKING([that the compiler works]) - AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], -@@ -369,7 +501,7 @@ - - AC_HEADER_STDC - AC_HEADER_SYS_WAIT --AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h) -+AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h login_cap.h utmp.h shadow.h) - AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h) - AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h) - AC_CHECK_HEADERS(netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) -@@ -399,6 +531,16 @@ - [ AC_DEFINE(HAVE_INCOMPATIBLE_SIGINFO) - AC_MSG_RESULT(yes)] , AC_MSG_RESULT(no)) - -+AC_MSG_CHECKING([whether sys/socket.h have struct sockaddr_storage]) -+AC_EGREP_HEADER(sockaddr_storage, sys/socket.h, -+ [ AC_DEFINE(HAVE_SOCKADDR_STORAGE) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+AC_MSG_CHECKING([whether sys/socket.h have __ss_family]) -+AC_EGREP_HEADER(__ss_family, sys/socket.h, -+ [ AC_DEFINE(HAVE_NEW_SS_FAMILY) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+AC_MSG_CHECKING([whether sys/socket.h have sa_len]) -+AC_EGREP_HEADER(sa_len, sys/socket.h, -+ [ AC_DEFINE(HAVE_SOCKADDR_LEN) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no)) -+ - AC_CHECK_LIB(c, crypt, [true], AC_CHECK_LIB(crypt, crypt)) - AC_CHECK_LIB(sec, getspnam) - AC_CHECK_LIB(seq, get_process_stats) -@@ -438,6 +580,107 @@ - - AC_REPLACE_FUNCS(strerror memmove remove random putenv crypt socketpair snprintf) - -+AC_MSG_CHECKING(getaddrinfo bug) -+AC_TRY_RUN([ -+#include <sys/types.h> -+#include <netdb.h> -+#include <string.h> -+#include <sys/socket.h> -+#include <netinet/in.h> -+ -+main() -+{ -+ int passive, gaierr, inet4 = 0, inet6 = 0; -+ struct addrinfo hints, *ai, *aitop; -+ char straddr[INET6_ADDRSTRLEN], strport[16]; -+ -+ for (passive = 0; passive <= 1; passive++) { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = AF_UNSPEC; -+ hints.ai_flags = passive ? AI_PASSIVE : 0; -+ hints.ai_socktype = SOCK_STREAM; -+ if ((gaierr = getaddrinfo(NULL, "54321", &hints, &aitop)) != 0) { -+ (void)gai_strerror(gaierr); -+ goto bad; -+ } -+ for (ai = aitop; ai; ai = ai->ai_next) { -+ if (ai->ai_addr == NULL || -+ ai->ai_addrlen == 0 || -+ getnameinfo(ai->ai_addr, ai->ai_addrlen, -+ straddr, sizeof(straddr), strport, sizeof(strport), -+ NI_NUMERICHOST|NI_NUMERICSERV) != 0) { -+ goto bad; -+ } -+ if (strcmp(strport, "54321") != 0) { -+ goto bad; -+ } -+ switch (ai->ai_family) { -+ case AF_INET: -+ if (passive) { -+ if (strcmp(straddr, "0.0.0.0") != 0) { -+ goto bad; -+ } -+ } else { -+ if (strcmp(straddr, "127.0.0.1") != 0) { -+ goto bad; -+ } -+ } -+ inet4++; -+ break; -+ case AF_INET6: -+ if (passive) { -+ if (strcmp(straddr, "::") != 0) { -+ goto bad; -+ } -+ } else { -+ if (strcmp(straddr, "::1") != 0) { -+ goto bad; -+ } -+ } -+ inet6++; -+ break; -+ case AF_UNSPEC: -+ goto bad; -+ break; -+ default: -+ /* another family support? */ -+ break; -+ } -+ } -+ } -+ -+ if (!(inet4 == 0 || inet4 == 2)) -+ goto bad; -+ if (!(inet6 == 0 || inet6 == 2)) -+ goto bad; -+ -+ if (aitop) -+ freeaddrinfo(aitop); -+ exit(0); -+ -+ bad: -+ if (aitop) -+ freeaddrinfo(aitop); -+ exit(1); -+} -+], -+AC_MSG_RESULT(good) -+buggygetaddrinfo=no, -+AC_MSG_RESULT(buggy) -+buggygetaddrinfo=yes, -+AC_MSG_RESULT(buggy) -+buggygetaddrinfo=yes) -+ -+if test "$buggygetaddrinfo" = "yes"; then -+ if test "$ipv6" = "yes"; then -+ echo 'Fatal: You must get working getaddrinfo() function.' -+ echo ' or you can specify "--disable-ipv6"'. -+ exit 1 -+ else -+ AC_REPLACE_FUNCS(getaddrinfo getnameinfo) -+ fi -+fi -+ - AC_PROG_LN_S - AC_PROG_INSTALL - AC_CHECK_PROG(AR, ar, ar, echo) -@@ -934,7 +1177,11 @@ - AC_DEFINE(KRB5) - KERBEROS_ROOT="$with_kerberos5" - KERBEROS_INCS="-I${KERBEROS_ROOT}/include" -- KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" -+ if test -f ${KERBEROS_ROOT}/lib/libk5crypto.a ; then -+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -R${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" -+ else -+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -R${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err" -+ fi - AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm") - KERBEROS_OBJS="auth-kerberos.o" - ;; -@@ -1125,6 +1372,7 @@ - AC_DEFINE(Rdup2,SOCKSdup2) - AC_DEFINE(Rfclose,SOCKSfclose) - AC_DEFINE(Rgethostbyname,SOCKSgethostbyname) -+ AC_DEFINE(Rgetaddrinfo,SOCKSgetaddrinfo) - fi - - AC_MSG_CHECKING(whether to use rsaref) -@@ -1254,6 +1502,38 @@ - AC_DEFINE(ENABLE_TCP_NODELAY) - ) - -+AC_MSG_CHECKING(whether to enable another port try support) -+AC_ARG_ENABLE(another-port-try, -+[ --enable-another-port-try Enable another port try support (default) -+ --disable-another-port-try Disable another port try support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_ANOTHER_PORT_TRY) -+ ;; -+ esac ], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_ANOTHER_PORT_TRY) -+) -+ -+AC_MSG_CHECKING(whether to enable logging auth info support) -+AC_ARG_ENABLE(log-auth, -+[ --enable-log-auth Enable logging auth info support (default) -+ --disable-log-auth Disable logging auth info support], -+[ case "$enableval" in -+ no) -+ AC_MSG_RESULT(no) -+ ;; -+ *) AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_LOG_AUTH) -+ ;; -+ esac ], -+ AC_MSG_RESULT(yes) -+ AC_DEFINE(ENABLE_LOG_AUTH) -+) -+ - AC_MSG_CHECKING(whether to enable SO_LINGER) - AC_ARG_ENABLE(so-linger, - [ --enable-so-linger Enable setting SO_LINGER socket option], -@@ -1313,6 +1593,8 @@ - AC_DEFINE(SCP_ALL_STATISTICS_ENABLED) - ) - -+CFLAGS="$CPPFLAGS $CFLAGS" -+ - # We include this here only to make it visible in --help; this is only used - # in the gmp subdirectory. - AC_ARG_ENABLE(asm, -@@ -1326,7 +1608,7 @@ - fi - AC_MSG_RESULT($PIDDIR) - --AC_CONFIG_SUBDIRS(gmp-2.0.2-ssh-2) -+#AC_CONFIG_SUBDIRS(gmp-2.0.2-ssh-2) - - AC_ARG_PROGRAM - -@@ -1357,4 +1639,4 @@ - AC_SUBST(SSHDCONFOBJS) - AC_SUBST(SSHINSTALLMODE) - --AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile) -+AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 make-ssh-known-hosts.pl) diff --git a/security/ssh/files/patch-bf b/security/ssh/files/patch-bf deleted file mode 100644 index d8d53bc45530..000000000000 --- a/security/ssh/files/patch-bf +++ /dev/null @@ -1,17 +0,0 @@ -*** gai.h.orig Mon Jan 10 22:56:13 2000 ---- gai.h Mon Jan 10 22:56:13 2000 -*************** -*** 0 **** ---- 1,12 ---- -+ /* -+ * fake library for ssh -+ * -+ * This file is included in getaddrinfo.c and getnameinfo.c. -+ * See getaddrinfo.c and getnameinfo.c. -+ */ -+ -+ /* for old netdb.h */ -+ #ifndef EAI_NODATA -+ #define EAI_NODATA 1 -+ #define EAI_MEMORY 2 -+ #endif diff --git a/security/ssh/files/patch-bg b/security/ssh/files/patch-bg deleted file mode 100644 index 689982094b9a..000000000000 --- a/security/ssh/files/patch-bg +++ /dev/null @@ -1,120 +0,0 @@ -*** getaddrinfo.c.orig Mon Jan 10 22:56:13 2000 ---- getaddrinfo.c Mon Jan 10 22:56:13 2000 -*************** -*** 0 **** ---- 1,115 ---- -+ /* -+ * fake library for ssh -+ * -+ * This file includes getaddrinfo(), freeaddrinfo() and gai_strerror(). -+ * These funtions are defined in rfc2133. -+ * -+ * But these functions are not implemented correctly. The minimum subset -+ * is implemented for ssh use only. For exapmle, this routine assumes -+ * that ai_family is AF_INET. Don't use it for another purpose. -+ * -+ * In the case not using 'configure --enable-ipv6', this getaddrinfo.c -+ * will be used if you have broken getaddrinfo or no getaddrinfo. -+ */ -+ -+ #include "includes.h" -+ #include "ssh.h" -+ -+ #include "gai.h" -+ -+ static struct addrinfo * -+ malloc_ai(port, addr) -+ int port; -+ u_long addr; -+ { -+ struct addrinfo *ai; -+ -+ if (ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) + -+ sizeof(struct sockaddr_in))) { -+ memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); -+ ai->ai_addr = (struct sockaddr *)(ai + 1); -+ /* XXX -- ssh doesn't use sa_len */ -+ ai->ai_addrlen = sizeof(struct sockaddr_in); -+ ai->ai_addr->sa_family = ai->ai_family = AF_INET; -+ ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; -+ ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; -+ return ai; -+ } else { -+ return NULL; -+ } -+ } -+ -+ char * -+ gai_strerror(ecode) -+ int ecode; -+ { -+ switch (ecode) { -+ case EAI_NODATA: -+ return "no address associated with hostname."; -+ case EAI_MEMORY: -+ return "memory allocation failure."; -+ default: -+ return "unknown error."; -+ } -+ } -+ -+ void -+ freeaddrinfo(ai) -+ struct addrinfo *ai; -+ { -+ struct addrinfo *next; -+ -+ do { -+ next = ai->ai_next; -+ free(ai); -+ } while (ai = next); -+ } -+ -+ int -+ getaddrinfo(hostname, servname, hints, res) -+ const char *hostname, *servname; -+ const struct addrinfo *hints; -+ struct addrinfo **res; -+ { -+ struct addrinfo *cur, *prev = NULL; -+ struct hostent *hp; -+ int i, port; -+ -+ if (servname) -+ port = htons(atoi(servname)); -+ else -+ port = 0; -+ if (hints && hints->ai_flags & AI_PASSIVE) -+ if (*res = malloc_ai(port, htonl(0x00000000))) -+ return 0; -+ else -+ return EAI_MEMORY; -+ if (!hostname) -+ if (*res = malloc_ai(port, htonl(0x7f000001))) -+ return 0; -+ else -+ return EAI_MEMORY; -+ if (inet_addr(hostname) != -1) -+ if (*res = malloc_ai(port, inet_addr(hostname))) -+ return 0; -+ else -+ return EAI_MEMORY; -+ if ((hp = gethostbyname(hostname)) && -+ hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { -+ for (i = 0; hp->h_addr_list[i]; i++) -+ if (cur = malloc_ai(port, -+ ((struct in_addr *)hp->h_addr_list[i])->s_addr)) { -+ if (prev) -+ prev->ai_next = cur; -+ else -+ *res = cur; -+ prev = cur; -+ } else { -+ if (*res) -+ freeaddrinfo(*res); -+ return EAI_MEMORY; -+ } -+ return 0; -+ } -+ return EAI_NODATA; -+ } diff --git a/security/ssh/files/patch-bh b/security/ssh/files/patch-bh deleted file mode 100644 index 3e50aaeda092..000000000000 --- a/security/ssh/files/patch-bh +++ /dev/null @@ -1,66 +0,0 @@ -*** getnameinfo.c.orig Mon Jan 10 22:56:13 2000 ---- getnameinfo.c Mon Jan 10 22:56:13 2000 -*************** -*** 0 **** ---- 1,61 ---- -+ /* -+ * fake library for ssh -+ * -+ * This file includes getnameinfo(). -+ * These funtions are defined in rfc2133. -+ * -+ * But these functions are not implemented correctly. The minimum subset -+ * is implemented for ssh use only. For exapmle, this routine assumes -+ * that ai_family is AF_INET. Don't use it for another purpose. -+ * -+ * In the case not using 'configure --enable-ipv6', this getnameinfo.c -+ * will be used if you have broken getnameinfo or no getnameinfo. -+ */ -+ -+ #include "includes.h" -+ #include "ssh.h" -+ -+ #include "gai.h" -+ -+ int -+ getnameinfo(sa, salen, host, hostlen, serv, servlen, flags) -+ const struct sockaddr *sa; -+ size_t salen; -+ char *host; -+ size_t hostlen; -+ char *serv; -+ size_t servlen; -+ int flags; -+ { -+ struct sockaddr_in *sin = (struct sockaddr_in *)sa; -+ struct hostent *hp; -+ char tmpserv[16]; -+ -+ if (serv) { -+ sprintf(tmpserv, "%d", ntohs(sin->sin_port)); -+ if (strlen(tmpserv) > servlen) -+ return EAI_MEMORY; -+ else -+ strcpy(serv, tmpserv); -+ } -+ if (host) -+ if (flags & NI_NUMERICHOST) -+ if (strlen(inet_ntoa(sin->sin_addr)) > hostlen) -+ return EAI_MEMORY; -+ else { -+ strcpy(host, inet_ntoa(sin->sin_addr)); -+ return 0; -+ } -+ else -+ if (hp = gethostbyaddr((char *)&sin->sin_addr, sizeof(struct in_addr), -+ AF_INET)) -+ if (strlen(hp->h_name) > hostlen) -+ return EAI_MEMORY; -+ else { -+ strcpy(host, hp->h_name); -+ return 0; -+ } -+ else -+ return EAI_NODATA; -+ return 0; -+ } diff --git a/security/ssh/files/patch-bi b/security/ssh/files/patch-bi deleted file mode 100644 index b4108fd81d49..000000000000 --- a/security/ssh/files/patch-bi +++ /dev/null @@ -1,54 +0,0 @@ ---- log-server.c.orig Thu Jan 17 05:35:33 2002 -+++ log-server.c Sat Jun 29 14:50:00 2002 -@@ -163,6 +163,27 @@ - closelog(); - } - -+#ifdef ENABLE_LOG_AUTH -+void log_auth(const char *fmt, ...) -+{ -+ char buf[1024]; -+ va_list args; -+ extern int log_auth_flag; -+ if (!log_auth_flag) -+ return; -+ if (log_quiet) -+ return; -+ va_start(args, fmt); -+ vsprintf(buf, fmt, args); -+ va_end(args); -+ if (log_on_stderr) -+ fprintf(stderr, "log: %s\n", buf); -+ syslog(LOG_INFO|LOG_AUTH, "%.500s", buf); -+} -+ -+extern char *unauthenticated_user; -+#endif /* ENABLE_LOG_AUTH */ -+ - /* Converts portable syslog severity to machine-specific syslog severity. */ - - static int syslog_severity(int severity) -@@ -336,6 +357,11 @@ - fprintf(stderr, "fatal: %s\n", buf); - openlog(prg_name, LOG_PID, log_facility); - syslog(LOG_ERR, "fatal: %.500s", buf); -+#ifdef ENABLE_LOG_AUTH -+ if (unauthenticated_user) -+ log_auth("LOGIN FAILED %.100s from %.200s", -+ unauthenticated_user, get_canonical_hostname()); -+#endif /* ENABLE_LOG_AUTH */ - closelog(); - - do_fatal_cleanups(); -@@ -357,6 +383,11 @@ - fprintf(stderr, "fatal: %s\n", buf); - openlog(prg_name, LOG_PID, log_facility); - syslog(syslog_severity(severity), "fatal: %.500s", buf); -+#ifdef ENABLE_LOG_AUTH -+ if (unauthenticated_user) -+ log_auth("LOGIN FAILED %.100s from %.200s", -+ unauthenticated_user, get_canonical_hostname()); -+#endif /* ENABLE_LOG_AUTH */ - closelog(); - - do_fatal_cleanups(); diff --git a/security/ssh/files/patch-bj b/security/ssh/files/patch-bj deleted file mode 100644 index fb897af4865c..000000000000 --- a/security/ssh/files/patch-bj +++ /dev/null @@ -1,16 +0,0 @@ -*** match.c.orig Wed May 12 13:19:27 1999 ---- match.c Mon Jan 10 22:56:13 2000 -*************** -*** 129,134 **** ---- 129,139 ---- - is_ip_pattern = 0; - break; - } -+ for(p = pattern; *p; p++) -+ if (!(isxdigit(*p) || *p == ':' || *p == '?' || *p == '*')) -+ break; -+ if (ip && !*p) -+ is_ip_pattern = 1; - if (is_ip_pattern) - { - return match_pattern(ip, pattern); diff --git a/security/ssh/files/patch-bl b/security/ssh/files/patch-bl deleted file mode 100644 index 60296a9735bb..000000000000 --- a/security/ssh/files/patch-bl +++ /dev/null @@ -1,66 +0,0 @@ -*** readconf.c.orig Wed May 12 13:19:27 1999 ---- readconf.c Mon Jan 10 22:56:13 2000 -*************** -*** 171,176 **** ---- 171,179 ---- - oBatchMode, oStrictHostKeyChecking, oCompression, oCompressionLevel, - oKeepAlives, oUsePrivilegedPort, oKerberosAuthentication, - oKerberosTgtPassing, oClearAllForwardings, oNumberOfPasswordPrompts, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ oAnotherPort, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - oXauthPath, oGatewayPorts, oPasswordPromptLogin, oPasswordPromptHost - } OpCodes; - -*************** -*** 194,199 **** ---- 197,205 ---- - { "hostname", oHostName }, - { "proxycommand", oProxyCommand }, - { "port", oPort }, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ { "anotherport", oAnotherPort }, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - { "cipher", oCipher }, - { "remoteforward", oRemoteForward }, - { "localforward", oLocalForward }, -*************** -*** 497,502 **** ---- 503,514 ---- - *intptr = value; - break; - -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ case oAnotherPort: -+ intptr = &options->another_port; -+ goto parse_int; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ -+ - case oConnectionAttempts: - intptr = &options->connection_attempts; - goto parse_int; -*************** -*** 689,694 **** ---- 701,709 ---- - options->keepalives = -1; - options->compression_level = -1; - options->port = -1; -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ options->another_port = -1; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - options->connection_attempts = -1; - options->number_of_password_prompts = -1; - options->password_prompt_login = -1; -*************** -*** 759,764 **** ---- 774,783 ---- - options->compression_level = 6; - if (options->port == -1) - options->port = 0; /* Filled in ssh_connect. */ -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ if (options->another_port == -1) -+ options->another_port = 0; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - if (options->connection_attempts == -1) - options->connection_attempts = 4; - if (options->number_of_password_prompts == -1) diff --git a/security/ssh/files/patch-bm b/security/ssh/files/patch-bm deleted file mode 100644 index 78c9833bb6bf..000000000000 --- a/security/ssh/files/patch-bm +++ /dev/null @@ -1,12 +0,0 @@ ---- readconf.h.orig Thu Jan 17 05:35:34 2002 -+++ readconf.h Fri Jun 21 16:36:20 2002 -@@ -102,6 +102,9 @@ - int use_privileged_port; /* Use privileged port */ - - int port; /* Port to connect. */ -+#ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port; /* Port to connect for -A option. */ -+#endif /* ENABLE_ANOTHER_PORT_TRY */ - int connection_attempts; /* Max attempts (seconds) before giving up */ - int number_of_password_prompts; /* Max number of password prompts */ - int password_prompt_login; /* Show remote login at password prompt */ diff --git a/security/ssh/files/patch-bn b/security/ssh/files/patch-bn deleted file mode 100644 index 7f625fcea26d..000000000000 --- a/security/ssh/files/patch-bn +++ /dev/null @@ -1,191 +0,0 @@ -*** scp.c.orig Wed May 12 13:19:28 1999 ---- scp.c Mon Jan 10 22:56:13 2000 -*************** -*** 180,185 **** ---- 180,193 ---- - #define STDERR_FILENO 2 - #endif - -+ /* This is set to non-zero if IPv4 is desired. */ -+ int IPv4 = 0; -+ -+ #ifdef ENABLE_IPV6 -+ /* This is set to non-zero if IPv6 is desired. */ -+ int IPv6 = 0; -+ #endif -+ - /* This is set to non-zero to enable verbose mode. */ - int verbose = 0; - -*************** -*** 295,302 **** ---- 303,319 ---- - } - args[i++] = "-x"; - args[i++] = "-a"; -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ args[i++] = "-A"; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - args[i++] = "-oFallBackToRsh no"; - args[i++] = "-oClearAllForwardings yes"; -+ if (IPv4) -+ args[i++] = "-4"; -+ #ifdef ENABLE_IPV6 -+ if (IPv6) -+ args[i++] = "-6"; -+ #endif - if (verbose) - args[i++] = "-v"; - if (compress) -*************** -*** 441,448 **** - statistics = 0; - - fflag = tflag = 0; -! while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:")) != EOF) - switch(ch) { /* User-visible flags. */ - case 'S': - ssh_program = optarg; - break; ---- 458,477 ---- - statistics = 0; - - fflag = tflag = 0; -! while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:4" -! #ifdef ENABLE_IPV6 -! "6" -! #endif -! )) != EOF) - switch(ch) { /* User-visible flags. */ -+ case '4': -+ IPv4 = 1; -+ break; -+ #ifdef ENABLE_IPV6 -+ case '6': -+ IPv6 = 1; -+ break; -+ #endif - case 'S': - ssh_program = optarg; - break; -*************** -*** 589,594 **** ---- 618,634 ---- - exit(errs != 0); - } - -+ char * -+ cleanhostname(host) -+ char *host; -+ { -+ if (*host == '[' && host[strlen(host) - 1] == ']') { -+ host[strlen(host) - 1] = '\0'; -+ return (host + 1); -+ } else -+ return host; -+ } -+ - void - toremote(targ, argc, argv) - char *targ, *argv[]; -*************** -*** 644,649 **** ---- 684,690 ---- - bp = xmalloc(len); - if (host) { - *host++ = 0; -+ host = cleanhostname(host); - suser = argv[i]; - if (*suser == '\0') - suser = pwd->pw_name; -*************** -*** 655,667 **** - suser, host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); -! } else - (void)snprintf(bp, len, - "exec %s%s %s -x -o'FallBackToRsh no' -o'ClearAllForwardings yes' -n %s %s %s '%s%s%s:%s'", - ssh_program, verbose ? " -v" : "", options, -! argv[i], cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); - if (verbose) - fprintf(stderr, "Executing: %s\n", bp); - if (system(bp)) errs++; ---- 696,710 ---- - suser, host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); -! } else { -! host = cleanhostname(argv[i]); - (void)snprintf(bp, len, - "exec %s%s %s -x -o'FallBackToRsh no' -o'ClearAllForwardings yes' -n %s %s %s '%s%s%s:%s'", - ssh_program, verbose ? " -v" : "", options, -! host, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); -+ } - if (verbose) - fprintf(stderr, "Executing: %s\n", bp); - if (system(bp)) errs++; -*************** -*** 671,677 **** - len = strlen(targ) + CMDNEEDS + 20; - bp = xmalloc(len); - (void)snprintf(bp, len, "%s -t %s", cmd, targ); -! host = thost; - if (do_cmd(host, tuser, - bp, &remin, &remout) < 0) - exit(1); ---- 714,720 ---- - len = strlen(targ) + CMDNEEDS + 20; - bp = xmalloc(len); - (void)snprintf(bp, len, "%s -t %s", cmd, targ); -! host = cleanhostname(thost); - if (do_cmd(host, tuser, - bp, &remin, &remout) < 0) - exit(1); -*************** -*** 721,726 **** ---- 764,770 ---- - else if (!okname(suser)) - continue; - } -+ host = cleanhostname(host); - len = strlen(src) + CMDNEEDS + 20; - bp = xmalloc(len); - (void)snprintf(bp, len, "%s -f %s", cmd, src); -*************** -*** 1365,1375 **** - colon(cp) - char *cp; - { - if (*cp == ':') /* Leading colon is part of file name. */ - return (0); - - for (; *cp; ++cp) { -! if (*cp == ':') - return (cp); - if (*cp == '/') - return (0); ---- 1409,1427 ---- - colon(cp) - char *cp; - { -+ int flag = 0; -+ - if (*cp == ':') /* Leading colon is part of file name. */ - return (0); -+ if (*cp == '[') -+ flag = 1; - - for (; *cp; ++cp) { -! if (*cp == '@' && *(cp+1) == '[') -! flag = 1; -! if (*cp == ']' && *(cp+1) == ':' && flag) -! return (cp+1); -! if (*cp == ':' && !flag) - return (cp); - if (*cp == '/') - return (0); diff --git a/security/ssh/files/patch-bo b/security/ssh/files/patch-bo deleted file mode 100644 index 941fef6346e7..000000000000 --- a/security/ssh/files/patch-bo +++ /dev/null @@ -1,158 +0,0 @@ ---- servconf.c.orig Thu Jan 17 05:35:34 2002 -+++ servconf.c Fri Jun 21 16:22:56 2002 -@@ -88,8 +88,8 @@ - void initialize_server_options(ServerOptions *options) - { - memset(options, 0, sizeof(*options)); -- options->port = -1; -- options->listen_addr.s_addr = INADDR_ANY; -+ options->num_ports = 0; -+ options->listen_addrs = NULL; - options->host_key_file = NULL; - options->random_seed_file = NULL; - options->pid_file = NULL; -@@ -99,6 +99,9 @@ - options->permit_root_login = -1; - options->ignore_rhosts = -1; - options->ignore_root_rhosts = -1; -+#ifdef ENABLE_LOG_AUTH -+ options->log_auth = -1; -+#endif /* ENABLE_LOG_AUTH */ - options->quiet_mode = -1; - options->fascist_logging = -1; - options->print_motd = -1; -@@ -145,17 +148,33 @@ - - void fill_default_server_options(ServerOptions *options) - { -- if (options->port == -1) -+ struct addrinfo hints, *ai, *aitop; -+ char strport[PORTSTRLEN]; -+ int i; -+ -+ if (options->num_ports == 0) -+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT; -+ if (options->listen_addrs == NULL) - { -- struct servent *sp; -+ for (i = 0; i < options->num_ports; i++) -+ { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_flags = AI_PASSIVE; -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", options->ports[i]); -+ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) -+ { -+ fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n"); -+ exit(1); -+ } -+ for (ai = aitop; ai->ai_next; ai = ai->ai_next); -+ ai->ai_next = options->listen_addrs; -+ options->listen_addrs = aitop; -+ } -+ /* freeaddrinfo(options->listen_addrs) in sshd.c */ -+ } - -- sp = getservbyname(SSH_SERVICE_NAME, "tcp"); -- if (sp) -- options->port = ntohs(sp->s_port); -- else -- options->port = SSH_DEFAULT_PORT; -- endservent(); -- } - if (options->host_key_file == NULL) - options->host_key_file = HOST_KEY_FILE; - if (options->random_seed_file == NULL) -@@ -250,6 +269,9 @@ - { - sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, - sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility, -+#ifdef ENABLE_LOG_AUTH -+ sLogAuth, -+#endif /* ENABLE_LOG_AUTH */ - sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, - sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts, - sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, -@@ -282,6 +304,9 @@ - { "quietmode", sQuietMode }, - { "fascistlogging", sFascistLogging }, - { "syslogfacility", sLogFacility }, -+#ifdef ENABLE_LOG_AUTH -+ { "logauth", sLogAuth }, -+#endif /* ENABLE_LOG_AUTH */ - { "rhostsauthentication", sRhostsAuthentication }, - { "rhostsrsaauthentication", sRhostsRSAAuthentication }, - { "rsaauthentication", sRSAAuthentication }, -@@ -375,6 +400,9 @@ - char *cp, **charptr; - int linenum, *intptr, i, value; - ServerOpCodes opcode; -+ struct addrinfo hints, *ai, *aitop; -+ char strport[PORTSTRLEN]; -+ int gaierr; - - f = fopen(filename, "r"); - if (!f) -@@ -397,7 +425,14 @@ - switch (opcode) - { - case sPort: -- intptr = &options->port; -+ if (options->num_ports >= MAX_PORTS) -+ { -+ fprintf(stderr, "%s line %d: too many ports.\n", -+ filename, linenum); -+ exit(1); -+ } -+ options->ports[options->num_ports] = -1; -+ intptr = &options->ports[options->num_ports++]; - parse_int: - cp = strtok(NULL, WHITESPACE); - if (!cp) -@@ -460,12 +495,26 @@ - filename, linenum); - exit(1); - } --#ifdef BROKEN_INET_ADDR -- options->listen_addr.s_addr = inet_network(cp); --#else /* BROKEN_INET_ADDR */ -- options->listen_addr.s_addr = inet_addr(cp); --#endif /* BROKEN_INET_ADDR */ -- break; -+ if (options->num_ports == 0) -+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT; -+ for (i = 0; i < options->num_ports; i++) -+ { -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = IPv4or6; -+ hints.ai_socktype = SOCK_STREAM; -+ sprintf(strport, "%d", options->ports[i]); -+ if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0) -+ { -+ fprintf(stderr, "%s line %d: bad addr or host. (%s)\n", -+ filename, linenum, gai_strerror(gaierr)); -+ exit(1); -+ } -+ for (ai = aitop; ai->ai_next; ai = ai->ai_next); -+ ai->ai_next = options->listen_addrs; -+ options->listen_addrs = aitop; -+ } -+ strtok(cp, WHITESPACE); /* getaddrinfo() may use strtok() */ -+ break; - - case sHostKeyFile: - charptr = &options->host_key_file; -@@ -539,6 +588,12 @@ - if (*intptr == -1) - *intptr = value; - break; -+ -+#ifdef ENABLE_LOG_AUTH -+ case sLogAuth: -+ intptr = &options->log_auth; -+ goto parse_flag; -+#endif /* ENABLE_LOG_AUTH */ - - case sIgnoreRhosts: - intptr = &options->ignore_rhosts; diff --git a/security/ssh/files/patch-bp b/security/ssh/files/patch-bp deleted file mode 100644 index a9cd9987ef37..000000000000 --- a/security/ssh/files/patch-bp +++ /dev/null @@ -1,32 +0,0 @@ ---- servconf.h.orig Thu Jan 17 05:35:34 2002 -+++ servconf.h Fri Jun 21 16:24:35 2002 -@@ -68,6 +68,7 @@ - #ifndef SERVCONF_H - #define SERVCONF_H - -+#define MAX_PORTS 256 /* Max # hosts on allow list. */ - #define MAX_ALLOW_SHOSTS 256 /* Max # hosts on allow shosts list. */ - #define MAX_DENY_SHOSTS 256 /* Max # hosts on deny shosts list. */ - #define MAX_ALLOW_HOSTS 256 /* Max # hosts on allow list. */ -@@ -86,8 +87,9 @@ - - typedef struct - { -- int port; /* Port number to listen on. */ -- struct in_addr listen_addr; /* Address on which the server listens. */ -+ unsigned int num_ports; -+ int ports[MAX_PORTS]; /* Port number to listen on. */ -+ struct addrinfo *listen_addrs;/* Addresses on which the server listens. */ - char *host_key_file; /* File containing host key. */ - char *random_seed_file; /* File containing random seed. */ - char *pid_file; /* File containing process ID number. */ -@@ -95,6 +97,9 @@ - int login_grace_time; /* Disconnect if no auth in this time (sec). */ - int key_regeneration_time; /* Server key lifetime (seconds). */ - int permit_root_login; /* 0 = forced cmd only, 1 = no pwd, 2 = yes. */ -+#ifdef ENABLE_LOG_AUTH -+ int log_auth; /* If true, log authentication info. */ -+#endif /* ENABLE_LOG_AUTH */ - int ignore_rhosts; /* Ignore .rhosts and .shosts. */ - int ignore_root_rhosts; /* Ignore .rhosts and .shosts for root, - defaults to ignore_rhosts if not given. */ diff --git a/security/ssh/files/patch-br b/security/ssh/files/patch-br deleted file mode 100644 index 28dd08a5be56..000000000000 --- a/security/ssh/files/patch-br +++ /dev/null @@ -1,97 +0,0 @@ -*** ssh.c.orig Wed May 12 13:19:28 1999 ---- ssh.c Mon Jan 10 22:56:13 2000 -*************** -*** 218,223 **** ---- 218,231 ---- - other functions. */ - RandomState random_state; - -+ /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. -+ Default value is AF_UNSPEC means both IPv4 and IPv6. */ -+ #ifdef ENABLE_IPV6 -+ int IPv4or6 = AF_UNSPEC; -+ #else -+ int IPv4or6 = AF_INET; -+ #endif -+ - /* Flag indicating whether debug mode is on. This can be set on the - command line. */ - int debug_flag = 0; -*************** -*** 277,282 **** ---- 285,297 ---- - { - fprintf(stderr, "Usage: %s [options] host [command]\n", av0); - fprintf(stderr, "Options:\n"); -+ fprintf(stderr, " -4 Use IPv4 only.\n"); -+ #ifdef ENABLE_IPV6 -+ fprintf(stderr, " -6 Use IPv6 only.\n"); -+ #endif -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ fprintf(stderr, " -A Try to connect to another port before original port.\n"); -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - fprintf(stderr, " -l user Log in using this user name.\n"); - fprintf(stderr, " -n Redirect input from /dev/null.\n"); - fprintf(stderr, " -a Disable authentication agent forwarding.\n"); -*************** -*** 413,418 **** ---- 428,436 ---- - #ifdef SIGWINCH - struct winsize ws; - #endif /* SIGWINCH */ -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port_flag = 0; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - - /* Save the original real uid. It will be needed later (uid-swapping may - clobber the real uid). */ -*************** -*** 522,527 **** ---- 540,565 ---- - } - switch (opt) - { -+ case '4': -+ #ifdef ENABLE_IPV6 -+ IPv4or6 = (IPv4or6 == AF_INET6) ? AF_UNSPEC : AF_INET; -+ #else -+ IPv4or6 = AF_INET; -+ #endif -+ break; -+ -+ #ifdef ENABLE_IPV6 -+ case '6': -+ IPv4or6 = (IPv4or6 == AF_INET) ? AF_UNSPEC : AF_INET6; -+ break; -+ #endif -+ -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ case 'A': -+ another_port_flag = 1; -+ break; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ -+ - case 'n': - stdin_null_flag = 1; - break; -*************** -*** 789,799 **** ---- 827,844 ---- - { - use_privileged_port = 0; - } -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ if (!another_port_flag) -+ options.another_port = 0; -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - /* Open a connection to the remote host. This needs root privileges if - rhosts_authentication is true. Note that the random_state is not - yet used by this call, although a pointer to it is stored, and thus it - need not be initialized. */ - ok = ssh_connect(host, options.port, options.connection_attempts, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ options.another_port, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - !use_privileged_port, - original_real_uid, options.proxy_command, &random_state); - diff --git a/security/ssh/files/patch-bs b/security/ssh/files/patch-bs deleted file mode 100644 index ec0e1a86ef92..000000000000 --- a/security/ssh/files/patch-bs +++ /dev/null @@ -1,94 +0,0 @@ -*** ssh.h.orig Wed May 12 13:19:28 1999 ---- ssh.h Mon Jan 10 22:56:13 2000 -*************** -*** 430,436 **** - /* Records that the user has logged in. This does many things normally - done by login(1). */ - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -! const char *host, struct sockaddr_in *addr); - - /* Records that the user has logged out. This does many thigs normally - done by login(1) or init. */ ---- 430,436 ---- - /* Records that the user has logged in. This does many things normally - done by login(1). */ - void record_login(int pid, const char *ttyname, const char *user, uid_t uid, -! const char *host, struct sockaddr *addr); - - /* Records that the user has logged out. This does many thigs normally - done by login(1) or init. */ -*************** -*** 447,452 **** ---- 447,455 ---- - connection is successful, this calls packet_set_connection for the - connection. */ - int ssh_connect(const char *host, int port, int connection_attempts, -+ #ifdef ENABLE_ANOTHER_PORT_TRY -+ int another_port, -+ #endif /* ENABLE_ANOTHER_PORT_TRY */ - int anonymous, uid_t original_real_uid, - const char *proxy_command, RandomState *random_state); - -*************** -*** 872,876 **** ---- 875,934 ---- - #else - #define UID_ROOT 0 - #endif -+ -+ #ifdef HAVE_SOCKADDR_STORAGE -+ #ifndef HAVE_NEW_SS_FAMILY -+ #define __ss_len ss_len -+ #define __ss_family ss_family -+ #endif -+ #else -+ #define _SS_MAXSIZE 128 /* Implementation specific max size */ -+ #define _SS_ALIGNSIZE (sizeof(int)) -+ #define _SS_PAD1SIZE (_SS_ALIGNSIZE - sizeof(u_short)) -+ #define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof(u_short) + \ -+ _SS_PAD1SIZE + _SS_ALIGNSIZE)) -+ struct sockaddr_storage { -+ #ifdef HAVE_SOCKADDR_LEN -+ u_char __ss_len; -+ u_char __ss_family; -+ #else -+ u_short __ss_family; -+ #endif -+ char __ss_pad1[_SS_PAD1SIZE]; -+ int __ss_align; -+ char __ss_pad2[_SS_PAD2SIZE]; -+ }; -+ #endif -+ -+ #ifdef INET6_ADDRSTRLEN -+ #define ADDRSTRLEN INET6_ADDRSTRLEN -+ #else -+ #define ADDRSTRLEN 46 -+ #endif -+ -+ #define PORTSTRLEN 16 -+ -+ /* AF_UNSPEC or AF_INET or AF_INET6 */ -+ extern int IPv4or6; -+ -+ #ifndef ENABLE_IPV6 -+ /* dummy value for old netdb.h */ -+ #ifndef AI_PASSIVE -+ #define AI_PASSIVE 1 -+ #define NI_NUMERICHOST 2 -+ #define NI_NAMEREQD 4 -+ #define NI_NUMERICSERV 8 -+ struct addrinfo { -+ int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ -+ int ai_family; /* PF_xxx */ -+ int ai_socktype; /* SOCK_xxx */ -+ int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ -+ size_t ai_addrlen; /* length of ai_addr */ -+ char *ai_canonname; /* canonical name for hostname */ -+ struct sockaddr *ai_addr; /* binary address */ -+ struct addrinfo *ai_next; /* next structure in linked list */ -+ }; -+ #endif -+ #endif /* not ENABLE_IPV6 */ - - #endif /* SSH_H */ diff --git a/security/ssh/files/sshd.sh b/security/ssh/files/sshd.sh deleted file mode 100644 index dd882003037c..000000000000 --- a/security/ssh/files/sshd.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -case "$1" in - start) - !!PREFIX!!/sbin/sshd - echo -n ' sshd' - ;; - stop) - if [ -f /var/run/sshd.pid ]; then - kill -TERM `cat /var/run/sshd.pid` - rm -f /var/run/sshd.pid - echo -n ' sshd' - fi - ;; - restart) - if [ -f /var/run/sshd.pid ]; then - kill -HUP `cat /var/run/sshd.pid` - echo 'sshd restarted' - fi - ;; - -h) - echo "Usage: `basename $0` { start | stop | restart }" - ;; - *) - !!PREFIX!!/sbin/sshd - echo -n ' sshd' - ;; -esac diff --git a/security/ssh/pkg-descr b/security/ssh/pkg-descr deleted file mode 100644 index e08cd3baca01..000000000000 --- a/security/ssh/pkg-descr +++ /dev/null @@ -1,5 +0,0 @@ -Secure Shell is a program to log into another computer over a network, -to execute commands in a remote machine, and to move files from one -machine to another. It provides strong authentication and secure -communications over insecure channels. It is intended as a replacement -for rlogin, rsh, and rcp. diff --git a/security/ssh/pkg-plist b/security/ssh/pkg-plist deleted file mode 100644 index 28e0ce057044..000000000000 --- a/security/ssh/pkg-plist +++ /dev/null @@ -1,19 +0,0 @@ -bin/make-ssh-known-hosts -bin/make-ssh-known-hosts1 -bin/scp -bin/scp1 -bin/slogin -bin/ssh -bin/ssh-add -bin/ssh-add1 -bin/ssh-agent -bin/ssh-agent1 -bin/ssh-keygen -bin/ssh-keygen1 -bin/ssh1 -etc/rc.d/sshd.sh -etc/ssh_config -etc/sshd_config -sbin/sshd -sbin/sshd1 -@exec if [ ! -f %D/etc/ssh_host_key ]; then echo "Generating a secret host key.." ; %D/bin/ssh-keygen1 -N "" -f %D/etc/ssh_host_key; fi diff --git a/security/ssh/pkg-plist.x11 b/security/ssh/pkg-plist.x11 deleted file mode 100644 index 3d4ac02a7dba..000000000000 --- a/security/ssh/pkg-plist.x11 +++ /dev/null @@ -1,2 +0,0 @@ -bin/ssh-askpass -bin/ssh-askpass1 diff --git a/security/tea-total/Makefile b/security/tea-total/Makefile deleted file mode 100644 index 405b6b2d8456..000000000000 --- a/security/tea-total/Makefile +++ /dev/null @@ -1,26 +0,0 @@ -# Ports collection makefile for: tea-total -# Date created: Tue Dec 19, 2000 -# Whom: David O'Brien (obrien@NUXI.com) -# -# $FreeBSD$ -# - -PORTNAME= tea-total -PORTVERSION= 0.4 -PORTREVISION= 3 -CATEGORIES= security -MASTER_SITES= http://www.alexholden.net/pub/${PORTNAME}/ - -MAINTAINER= ports@FreeBSD.org -COMMENT= Extremely small 128 bit private key based encryption/decryption system - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -# code is not 64-bit clean... -ONLY_FOR_ARCHS= i386 - -USE_GMAKE= yes -MAN1= teatotal.1 tea.1 untea.1 tea-kgen.1 - -.include <bsd.port.mk> diff --git a/security/tea-total/distinfo b/security/tea-total/distinfo deleted file mode 100644 index 07d5490184eb..000000000000 --- a/security/tea-total/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (tea-total-0.4.tar.gz) = 702a83ad861e74f64bf0fa7a353c85a2 -SHA256 (tea-total-0.4.tar.gz) = d1cf5f744759f45aa6cfb683ed08697dec302cc18ce480e664b93d0ace7ee0ee -SIZE (tea-total-0.4.tar.gz) = 77975 diff --git a/security/tea-total/files/patch-Makefile b/security/tea-total/files/patch-Makefile deleted file mode 100644 index 123b351cd29c..000000000000 --- a/security/tea-total/files/patch-Makefile +++ /dev/null @@ -1,44 +0,0 @@ ---- Makefile.orig Tue Jan 2 22:04:34 2001 -+++ Makefile Fri Oct 25 03:32:00 2002 -@@ -1,6 +1,6 @@ - include config.inc - --CC = $(CROSS_PREFIX)gcc -+#CC = $(CROSS_PREFIX)gcc - CP = cp -f - RM = rm -f - LN = ln -sf -@@ -8,7 +8,7 @@ - CD = cd - MKDIR = mkdir -p - CMP = cmp --CFLAGS = -O2 -Wall -DARCH_$(ARCH) -+CFLAGS += -DARCH_FREEBSD - LDFLAGS = - BINDIR = $(PREFIX)/bin - TEATOTAL = teatotal -@@ -26,6 +26,9 @@ - ifeq ($(ARCH), OPENBSD) - MANDIR = $(PREFIX)/share/man/man1 - RANDOM_DEVICE = \"/dev/srandom\" -+else -+MANDIR = $(PREFIX)/man/man1 -+RANDOM_DEVICE = \"/dev/random\" - endif - endif - -@@ -115,12 +120,12 @@ - - install: all - $(MKDIR) $(BINDIR) -- $(CP) $(TEATOTAL) $(BINDIR) -+ ${BSD_INSTALL_PROGRAM} $(TEATOTAL) $(BINDIR) - $(LN) $(TEATOTAL) $(BINDIR)/$(TEA) - $(LN) $(TEATOTAL) $(BINDIR)/$(UNTEA) - $(LN) $(TEATOTAL) $(BINDIR)/$(TEA-KGEN) - $(MKDIR) $(MANDIR) -- $(CP) $(MANPAGES) $(MANDIR) -+ ${BSD_INSTALL_MAN} $(MANPAGES) $(MANDIR) - - clean: - $(RM) core *.o $(PROGRAMS) testout.tea test.out test2.key test3.key \ diff --git a/security/tea-total/files/patch-arch.h b/security/tea-total/files/patch-arch.h deleted file mode 100644 index 8266529f0a99..000000000000 --- a/security/tea-total/files/patch-arch.h +++ /dev/null @@ -1,18 +0,0 @@ ---- arch.h.orig Sun Dec 31 09:16:53 2000 -+++ arch.h Sun Oct 20 19:01:52 2002 -@@ -9,10 +9,14 @@ - * warranties of merchantability and fitness for a particular purpose. - */ - -+#if defined(ARCH_OPENBSD) || defined(ARCH_FREEBSD) - #if defined(ARCH_OPENBSD) -- - #include <machine/types.h> - #include <machine/endian.h> -+#endif -+#if defined(ARCH_FREEBSD) -+#include <sys/types.h> -+#endif - typedef uint32_t u32; - typedef int32_t s32; - typedef uint16_t u16; diff --git a/security/tea-total/files/patch-config.inc b/security/tea-total/files/patch-config.inc deleted file mode 100644 index 9a4bc1c3cf4f..000000000000 --- a/security/tea-total/files/patch-config.inc +++ /dev/null @@ -1,10 +0,0 @@ ---- config.inc.orig Tue Jan 2 05:09:08 2001 -+++ config.inc Fri Jan 12 02:19:15 2001 -@@ -2,5 +2,6 @@ - # LINUX should hopefully work for all recent versions of Linux (but not ELKS). --ARCH = LINUX -+# ARCH = LINUX - # OPENBSD may work for other BSDs. Please let me know if it does. - # ARCH = OPENBSD -+ARCH = FREEBSD - # ARCH = DJGPP diff --git a/security/tea-total/files/patch-getarg.c b/security/tea-total/files/patch-getarg.c deleted file mode 100644 index 47c7f64b3533..000000000000 --- a/security/tea-total/files/patch-getarg.c +++ /dev/null @@ -1,28 +0,0 @@ ---- getarg.c.orig Sun Nov 24 04:04:44 2002 -+++ getarg.c Thu May 9 04:30:09 2002 -@@ -110,7 +110,7 @@ - - /* Copy the arguments, ignoring the first argument (the program name) */ - for(i = 1; i < argc; i++) { -- len = strlen(argv[i]); -+ len = strlen(argv[i]) + 1; - if(!(state->argv[i - 1] = malloc(len))) { - /* It failed, so free the list and return */ - while(i-- > 1) free(state->argv[i]); -@@ -199,7 +199,6 @@ - return(state->realargv[i + 2]); - } else continue; - } -- - - /* For each character until the terminating zero */ - for(p = &state->argv[i][1]; *p; p++) { -@@ -235,7 +234,7 @@ - if((!*++p)&&(p = next_arg(state, i))) { - *p = GETARG_USEDFLAG; - return(state->realargv[i + 2]); -- } else continue; -+ } else return NULL; - } - } - diff --git a/security/tea-total/files/patch-heap.c b/security/tea-total/files/patch-heap.c deleted file mode 100644 index c258786d3b93..000000000000 --- a/security/tea-total/files/patch-heap.c +++ /dev/null @@ -1,6 +0,0 @@ ---- heap.c.orig Fri Dec 29 16:16:55 2000 -+++ heap.c Fri Jan 12 02:26:58 2001 -@@ -45,2 +45,3 @@ - -+#include <sys/types.h> - #include <stdlib.h> diff --git a/security/tea-total/files/patch-huffman.c b/security/tea-total/files/patch-huffman.c deleted file mode 100644 index 8304d17d8901..000000000000 --- a/security/tea-total/files/patch-huffman.c +++ /dev/null @@ -1,6 +0,0 @@ ---- huffman.c.orig Fri Dec 29 16:17:17 2000 -+++ huffman.c Fri Jan 12 02:26:23 2001 -@@ -11,2 +11,3 @@ - -+#include <sys/types.h> - #include <stdlib.h> diff --git a/security/tea-total/pkg-descr b/security/tea-total/pkg-descr deleted file mode 100644 index f9aa0c78a16d..000000000000 --- a/security/tea-total/pkg-descr +++ /dev/null @@ -1,10 +0,0 @@ -TEA Total is an extremely small 128 bit private key based -encryption/decryption system which uses the new variant of TEA (Tiny -Encryption Algorithm) by David Wheeler and Roger Needham of the Cambridge -Computer Laboratory. - -TEA is said to be several times faster than DES, as well as being much -smaller and more secure. It also isn't encumbered by any patents and the -reference implementation is in the public domain. - -WWW: http://www.linuxhacker.org/tea-total/ diff --git a/security/tea-total/pkg-plist b/security/tea-total/pkg-plist deleted file mode 100644 index d9a4312059a2..000000000000 --- a/security/tea-total/pkg-plist +++ /dev/null @@ -1,5 +0,0 @@ -@comment $FreeBSD$ -bin/teatotal -bin/tea -bin/tea-kgen -bin/untea diff --git a/security/uberkey/Makefile b/security/uberkey/Makefile deleted file mode 100644 index a744f45def97..000000000000 --- a/security/uberkey/Makefile +++ /dev/null @@ -1,30 +0,0 @@ -# New ports collection makefile for: uberkey -# Date created: 2007-10-29 -# Whom: chinsan -# -# $FreeBSD$ -# - -PORTNAME= uberkey -PORTVERSION= 1.2 -CATEGORIES= security -MASTER_SITES= http://www.linuks.mine.nu/uberkey/ LOCAL/chinsan - -MAINTAINER= ports@FreeBSD.org -COMMENT= A keylogger for x86 systems - -DEPRECATED= Upstream disapear and distfile is no more available -EXPIRATION_DATE= 2011-05-01 - -ONLY_FOR_ARCHS= i386 -MAN8= uberkey.8 -PLIST_FILES= bin/uberkey - -do-build: - @cd ${WRKSRC} && ${CC} ${CFLAGS} *.c -o ${PORTNAME} - -do-install: - @${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${PREFIX}/bin - @${INSTALL_MAN} ${WRKSRC}/${MAN8} ${MAN1PREFIX}/man/man8 - -.include <bsd.port.mk> diff --git a/security/uberkey/distinfo b/security/uberkey/distinfo deleted file mode 100644 index 17fc4d55c57a..000000000000 --- a/security/uberkey/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -MD5 (uberkey-1.2.tar.gz) = 5724b911650ffe9cb32f16d01a96fe9a -SHA256 (uberkey-1.2.tar.gz) = 0892ce89bf4e6cb27848c876b350f39a72a5bc6002c16b6821f33f440ffb97c7 -SIZE (uberkey-1.2.tar.gz) = 1624 diff --git a/security/uberkey/pkg-descr b/security/uberkey/pkg-descr deleted file mode 100644 index 312b689baea5..000000000000 --- a/security/uberkey/pkg-descr +++ /dev/null @@ -1,5 +0,0 @@ -uberkey is a keylogger for x86 systems. -It directly reads keyboard input from the keyboard controller and -does a basic translation. - -WWW: http://www.linuks.mine.nu/uberkey/ |