diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/ssh/Makefile | 17 | ||||
| -rw-r--r-- | security/ssh/distinfo | 2 | ||||
| -rw-r--r-- | security/ssh/files/patch-aa | 8 | ||||
| -rw-r--r-- | security/ssh/files/patch-ac | 28 | ||||
| -rw-r--r-- | security/ssh/files/patch-af | 76 | ||||
| -rw-r--r-- | security/ssh/files/patch-al | 12 | ||||
| -rw-r--r-- | security/ssh2/Makefile | 17 | ||||
| -rw-r--r-- | security/ssh2/distinfo | 2 | ||||
| -rw-r--r-- | security/ssh2/files/patch-aa | 8 | ||||
| -rw-r--r-- | security/ssh2/files/patch-ab | 22 | ||||
| -rw-r--r-- | security/ssh2/files/patch-ac | 28 | ||||
| -rw-r--r-- | security/ssh2/files/patch-af | 76 | ||||
| -rw-r--r-- | security/ssh2/files/patch-aj | 12 | ||||
| -rw-r--r-- | security/ssh2/files/patch-al | 12 |
14 files changed, 169 insertions, 151 deletions
diff --git a/security/ssh/Makefile b/security/ssh/Makefile index f06d971948e9..d00ccc3401ba 100644 --- a/security/ssh/Makefile +++ b/security/ssh/Makefile @@ -1,16 +1,16 @@ # New ports collection makefile for: ssh -# Version required: 1.2.19 +# Version required: 1.2.20 # Date created: 30 Jul 1995 # Whom: torstenb@FreeBSD.ORG # -# $Id: Makefile,v 1.38 1997/04/16 19:48:09 ache Exp $ +# $Id: Makefile,v 1.39 1997/04/20 13:53:01 wosch Exp $ # # Maximal ssh package requires YES values for # USE_PERL, USE_TCPWRAP # -DISTNAME= ssh-1.2.19 -CATEGORIES= security net perl5 +DISTNAME= ssh-1.2.20 +CATEGORIES= security net MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/login/ssh/ MAINTAINER= torstenb@FreeBSD.ORG @@ -35,6 +35,15 @@ GNU_CONFIGURE= YES CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc +#Uncomment if all your users are in their own group and their homedir +#is writeable by that group. Beware the security implications! +#CONFIGURE_ARGS+= --enable-group-writeability + +#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection +#over a secure medium. This is normally dangerous since it can lead to the +#disclosure keys and passwords. +#CONFIGURE_ARGS+= --with-none + .if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES CONFIGURE_ARGS+= --with-rsaref .endif diff --git a/security/ssh/distinfo b/security/ssh/distinfo index b921c3e7c359..b41c04c76fe8 100644 --- a/security/ssh/distinfo +++ b/security/ssh/distinfo @@ -1,2 +1,2 @@ -MD5 (ssh-1.2.19.tar.gz) = a7a1b400788173b548f1c04642a52396 +MD5 (ssh-1.2.20.tar.gz) = 11d88175e5d6d9d59bea0a70330bcab4 MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d diff --git a/security/ssh/files/patch-aa b/security/ssh/files/patch-aa index 3ef8ce98cc1e..83e9968ac319 100644 --- a/security/ssh/files/patch-aa +++ b/security/ssh/files/patch-aa @@ -1,7 +1,7 @@ -*** make-ssh-known-hosts.pl.in.orig Thu Mar 27 09:04:06 1997 ---- make-ssh-known-hosts.pl.in Fri Mar 28 15:11:19 1997 +*** make-ssh-known-hosts.pl.in.orig Wed Apr 23 08:40:05 1997 +--- make-ssh-known-hosts.pl.in Fri Apr 25 12:38:21 1997 *************** -*** 84,90 **** +*** 87,93 **** $debug = 5; $defserver = ''; $bell='\a'; @@ -9,7 +9,7 @@ $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; $timeout = 60; $ping_timeout = 3; ---- 84,90 ---- +--- 87,93 ---- $debug = 5; $defserver = ''; $bell='\a'; diff --git a/security/ssh/files/patch-ac b/security/ssh/files/patch-ac index 6823f8a5bd28..90cc133acd97 100644 --- a/security/ssh/files/patch-ac +++ b/security/ssh/files/patch-ac @@ -1,7 +1,7 @@ -*** Makefile.in.orig Sun Apr 6 03:56:58 1997 ---- Makefile.in Wed Apr 16 22:59:17 1997 +*** Makefile.in.orig Wed Apr 23 08:40:06 1997 +--- Makefile.in Fri Apr 25 12:39:38 1997 *************** -*** 229,240 **** +*** 237,248 **** SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -14,7 +14,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source ---- 229,246 ---- +--- 237,254 ---- SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -34,7 +34,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source *************** -*** 328,334 **** +*** 336,342 **** $(CC) -o rfc-pg rfc-pg.o .c.o: @@ -42,7 +42,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd ---- 334,340 ---- +--- 342,348 ---- $(CC) -o rfc-pg rfc-pg.o .c.o: @@ -51,7 +51,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd *************** -*** 365,383 **** +*** 373,391 **** sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -71,7 +71,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ ---- 371,389 ---- +--- 379,397 ---- sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -92,7 +92,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ *************** -*** 434,440 **** +*** 442,448 **** # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. @@ -100,7 +100,7 @@ -rm -f $(install_prefix)$(bindir)/ssh.old -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old -chmod 755 $(install_prefix)$(bindir)/ssh.old ---- 440,446 ---- +--- 448,454 ---- # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. @@ -109,7 +109,7 @@ -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old -chmod 755 $(install_prefix)$(bindir)/ssh.old *************** -*** 543,569 **** +*** 551,577 **** clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -137,7 +137,7 @@ tar pcf $(DISTNAME).tar $(DISTNAME) -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar ---- 549,575 ---- +--- 557,583 ---- clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -166,7 +166,7 @@ -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar *************** -*** 575,581 **** +*** 583,589 **** (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: @@ -174,7 +174,7 @@ tags: -rm -f TAGS ---- 581,587 ---- +--- 589,595 ---- (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: diff --git a/security/ssh/files/patch-af b/security/ssh/files/patch-af index 94bfa1563a51..5e3eb7c79f92 100644 --- a/security/ssh/files/patch-af +++ b/security/ssh/files/patch-af @@ -1,8 +1,8 @@ -*** sshd.c.orig Sun Apr 6 03:57:00 1997 ---- sshd.c Wed Apr 16 23:27:28 1997 +*** sshd.c.orig Wed Apr 23 08:40:08 1997 +--- sshd.c Fri Apr 25 12:40:20 1997 *************** -*** 379,384 **** ---- 379,388 ---- +*** 400,405 **** +--- 400,409 ---- #include "firewall.h" /* TIS authsrv authentication */ #endif @@ -14,8 +14,8 @@ #define DEFAULT_SHELL _PATH_BSHELL #else *************** -*** 2617,2622 **** ---- 2621,2629 ---- +*** 2654,2659 **** +--- 2658,2666 ---- struct sockaddr_in from; int fromlen; struct pty_cleanup_context cleanup_context; @@ -26,7 +26,7 @@ /* We no longer need the child running on user's privileges. */ userfile_uninit(); *************** -*** 2688,2698 **** +*** 2725,2735 **** record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, &from); @@ -38,7 +38,7 @@ /* If the user has logged in before, display the time of last login. However, don't display anything extra if a command has been specified (so that ssh can be used to execute commands on a remote ---- 2695,2713 ---- +--- 2732,2750 ---- record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, &from); @@ -59,8 +59,8 @@ However, don't display anything extra if a command has been specified (so that ssh can be used to execute commands on a remote *************** -*** 2712,2717 **** ---- 2727,2755 ---- +*** 2749,2754 **** +--- 2764,2792 ---- printf("Last login: %s from %s\r\n", time_string, buf); } @@ -91,8 +91,8 @@ disabled in server options. Note that some machines appear to print it in /etc/profile or similar. */ *************** -*** 2721,2727 **** ---- 2759,2769 ---- +*** 2758,2764 **** +--- 2796,2806 ---- FILE *f; /* Print /etc/motd if it exists. */ @@ -105,8 +105,8 @@ { while (fgets(line, sizeof(line), f)) *************** -*** 2729,2734 **** ---- 2771,2799 ---- +*** 2766,2771 **** +--- 2808,2836 ---- fclose(f); } } @@ -137,7 +137,7 @@ /* Do common processing for the child, such as execing the command. */ do_child(command, pw, term, display, auth_proto, auth_data, ttyname); *************** -*** 2986,2992 **** +*** 3017,3023 **** char *user_shell; char *remote_ip; int remote_port; @@ -145,7 +145,7 @@ /* Check /etc/nologin. */ f = fopen("/etc/nologin", "r"); if (f) ---- 3051,3063 ---- +--- 3082,3094 ---- char *user_shell; char *remote_ip; int remote_port; @@ -160,8 +160,8 @@ f = fopen("/etc/nologin", "r"); if (f) *************** -*** 3000,3005 **** ---- 3071,3077 ---- +*** 3031,3036 **** +--- 3102,3108 ---- if (pw->pw_uid != UID_ROOT) exit(254); } @@ -170,7 +170,7 @@ if (command != NULL) { *************** -*** 3012,3018 **** +*** 3043,3049 **** else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -178,7 +178,7 @@ #ifdef HAVE_SETLOGIN /* Set login name in the kernel. Warning: setsid() must be called before this. */ ---- 3084,3091 ---- +--- 3115,3122 ---- else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -188,8 +188,8 @@ /* Set login name in the kernel. Warning: setsid() must be called before this. */ *************** -*** 3033,3038 **** ---- 3106,3112 ---- +*** 3064,3069 **** +--- 3137,3143 ---- if (setpcred((char *)pw->pw_name, NULL)) log_msg("setpcred %.100s: %.100s", strerror(errno)); #endif /* HAVE_USERSEC_H */ @@ -198,8 +198,8 @@ /* Save some data that will be needed so that we can do certain cleanups before we switch to user's uid. (We must clear all sensitive data *************** -*** 3103,3108 **** ---- 3177,3240 ---- +*** 3134,3139 **** +--- 3208,3271 ---- if (command != NULL || !options.use_login) #endif /* USELOGIN */ { @@ -265,8 +265,8 @@ if (getuid() == UID_ROOT || geteuid() == UID_ROOT) { *************** -*** 3134,3139 **** ---- 3266,3272 ---- +*** 3165,3170 **** +--- 3297,3303 ---- if (getuid() != user_uid || geteuid() != user_uid) fatal("Failed to set uids to %d.", (int)user_uid); @@ -275,8 +275,8 @@ /* Reset signals to their default settings before starting the user *************** -*** 3144,3154 **** ---- 3277,3292 ---- +*** 3175,3185 **** +--- 3308,3323 ---- and means /bin/sh. */ shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; @@ -294,8 +294,8 @@ #ifdef USELOGIN if (command != NULL || !options.use_login) *************** -*** 3158,3163 **** ---- 3296,3303 ---- +*** 3189,3194 **** +--- 3327,3334 ---- child_set_env(&env, &envsize, "HOME", user_dir); child_set_env(&env, &envsize, "USER", user_name); child_set_env(&env, &envsize, "LOGNAME", user_name); @@ -305,8 +305,8 @@ #ifdef MAIL_SPOOL_DIRECTORY *************** -*** 3169,3174 **** ---- 3309,3315 ---- +*** 3200,3205 **** +--- 3340,3346 ---- child_set_env(&env, &envsize, "MAIL", buf); #endif /* MAIL_SPOOL_FILE */ #endif /* MAIL_SPOOL_DIRECTORY */ @@ -315,8 +315,8 @@ #ifdef HAVE_ETC_DEFAULT_LOGIN /* Read /etc/default/login; this exists at least on Solaris 2.x. Note *************** -*** 3184,3192 **** ---- 3325,3335 ---- +*** 3215,3223 **** +--- 3356,3366 ---- child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); @@ -329,8 +329,8 @@ /* Set custom environment options from RSA authentication. */ while (custom_environment) *************** -*** 3406,3412 **** ---- 3549,3559 ---- +*** 3437,3443 **** +--- 3580,3590 ---- /* Execute the shell. */ argv[0] = buf; argv[1] = NULL; @@ -343,8 +343,8 @@ perror(shell); exit(1); *************** -*** 3427,3433 **** ---- 3574,3584 ---- +*** 3458,3464 **** +--- 3605,3615 ---- argv[1] = "-c"; argv[2] = (char *)command; argv[3] = NULL; diff --git a/security/ssh/files/patch-al b/security/ssh/files/patch-al index 9b8ef9f85303..1da799c26ac5 100644 --- a/security/ssh/files/patch-al +++ b/security/ssh/files/patch-al @@ -1,8 +1,8 @@ -*** sshconnect.c.orig Sun Apr 6 03:57:04 1997 ---- sshconnect.c Wed Apr 16 23:04:17 1997 +*** sshconnect.c.orig Wed Apr 23 08:40:11 1997 +--- sshconnect.c Fri Apr 25 12:41:59 1997 *************** -*** 302,307 **** ---- 302,313 ---- +*** 311,316 **** +--- 311,322 ---- { struct sockaddr_in sin; int p; @@ -16,8 +16,8 @@ { sock = socket(AF_INET, SOCK_STREAM, 0); *************** -*** 329,334 **** ---- 335,341 ---- +*** 338,343 **** +--- 344,350 ---- } fatal("bind: %.100s", strerror(errno)); } diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile index f06d971948e9..d00ccc3401ba 100644 --- a/security/ssh2/Makefile +++ b/security/ssh2/Makefile @@ -1,16 +1,16 @@ # New ports collection makefile for: ssh -# Version required: 1.2.19 +# Version required: 1.2.20 # Date created: 30 Jul 1995 # Whom: torstenb@FreeBSD.ORG # -# $Id: Makefile,v 1.38 1997/04/16 19:48:09 ache Exp $ +# $Id: Makefile,v 1.39 1997/04/20 13:53:01 wosch Exp $ # # Maximal ssh package requires YES values for # USE_PERL, USE_TCPWRAP # -DISTNAME= ssh-1.2.19 -CATEGORIES= security net perl5 +DISTNAME= ssh-1.2.20 +CATEGORIES= security net MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/login/ssh/ MAINTAINER= torstenb@FreeBSD.ORG @@ -35,6 +35,15 @@ GNU_CONFIGURE= YES CONFIGURE_ARGS= --prefix=${PREFIX} --with-etcdir=${PREFIX}/etc +#Uncomment if all your users are in their own group and their homedir +#is writeable by that group. Beware the security implications! +#CONFIGURE_ARGS+= --enable-group-writeability + +#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection +#over a secure medium. This is normally dangerous since it can lead to the +#disclosure keys and passwords. +#CONFIGURE_ARGS+= --with-none + .if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES CONFIGURE_ARGS+= --with-rsaref .endif diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo index b921c3e7c359..b41c04c76fe8 100644 --- a/security/ssh2/distinfo +++ b/security/ssh2/distinfo @@ -1,2 +1,2 @@ -MD5 (ssh-1.2.19.tar.gz) = a7a1b400788173b548f1c04642a52396 +MD5 (ssh-1.2.20.tar.gz) = 11d88175e5d6d9d59bea0a70330bcab4 MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d diff --git a/security/ssh2/files/patch-aa b/security/ssh2/files/patch-aa index 3ef8ce98cc1e..83e9968ac319 100644 --- a/security/ssh2/files/patch-aa +++ b/security/ssh2/files/patch-aa @@ -1,7 +1,7 @@ -*** make-ssh-known-hosts.pl.in.orig Thu Mar 27 09:04:06 1997 ---- make-ssh-known-hosts.pl.in Fri Mar 28 15:11:19 1997 +*** make-ssh-known-hosts.pl.in.orig Wed Apr 23 08:40:05 1997 +--- make-ssh-known-hosts.pl.in Fri Apr 25 12:38:21 1997 *************** -*** 84,90 **** +*** 87,93 **** $debug = 5; $defserver = ''; $bell='\a'; @@ -9,7 +9,7 @@ $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; $timeout = 60; $ping_timeout = 3; ---- 84,90 ---- +--- 87,93 ---- $debug = 5; $defserver = ''; $bell='\a'; diff --git a/security/ssh2/files/patch-ab b/security/ssh2/files/patch-ab index fb3ded791e3f..0456b49d4478 100644 --- a/security/ssh2/files/patch-ab +++ b/security/ssh2/files/patch-ab @@ -1,7 +1,7 @@ -*** configure.orig Sun Apr 6 03:56:58 1997 ---- configure Wed Apr 16 22:52:47 1997 +*** configure.orig Wed Apr 23 08:40:06 1997 +--- configure Fri Apr 25 12:38:54 1997 *************** -*** 1634,1645 **** +*** 1757,1768 **** export CFLAGS CC @@ -13,10 +13,10 @@ - echo $ac_n "checking that the compiler works""... $ac_c" 1>&6 - echo "configure:1646: checking that the compiler works" >&5 ---- 1634,1639 ---- + echo "configure:1769: checking that the compiler works" >&5 +--- 1757,1762 ---- *************** -*** 2632,2638 **** +*** 2759,2765 **** fi @@ -24,7 +24,7 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 ---- 2626,2632 ---- +--- 2753,2759 ---- fi @@ -33,7 +33,7 @@ ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 *************** -*** 6749,6755 **** +*** 7031,7037 **** cat >> $CONFIG_STATUS <<EOF @@ -41,7 +41,7 @@ EOF cat >> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then ---- 6743,6749 ---- +--- 7025,7031 ---- cat >> $CONFIG_STATUS <<EOF @@ -50,8 +50,8 @@ cat >> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then *************** -*** 6953,6958 **** ---- 6947,6954 ---- +*** 7235,7240 **** +--- 7229,7236 ---- done for ac_config_dir in gmp-2.0.2-ssh-2; do diff --git a/security/ssh2/files/patch-ac b/security/ssh2/files/patch-ac index 6823f8a5bd28..90cc133acd97 100644 --- a/security/ssh2/files/patch-ac +++ b/security/ssh2/files/patch-ac @@ -1,7 +1,7 @@ -*** Makefile.in.orig Sun Apr 6 03:56:58 1997 ---- Makefile.in Wed Apr 16 22:59:17 1997 +*** Makefile.in.orig Wed Apr 23 08:40:06 1997 +--- Makefile.in Fri Apr 25 12:39:38 1997 *************** -*** 229,240 **** +*** 237,248 **** SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -14,7 +14,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source ---- 229,246 ---- +--- 237,254 ---- SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -34,7 +34,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source *************** -*** 328,334 **** +*** 336,342 **** $(CC) -o rfc-pg rfc-pg.o .c.o: @@ -42,7 +42,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd ---- 334,340 ---- +--- 342,348 ---- $(CC) -o rfc-pg rfc-pg.o .c.o: @@ -51,7 +51,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd *************** -*** 365,383 **** +*** 373,391 **** sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -71,7 +71,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ ---- 371,389 ---- +--- 379,397 ---- sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -92,7 +92,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ *************** -*** 434,440 **** +*** 442,448 **** # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. @@ -100,7 +100,7 @@ -rm -f $(install_prefix)$(bindir)/ssh.old -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old -chmod 755 $(install_prefix)$(bindir)/ssh.old ---- 440,446 ---- +--- 448,454 ---- # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. @@ -109,7 +109,7 @@ -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old -chmod 755 $(install_prefix)$(bindir)/ssh.old *************** -*** 543,569 **** +*** 551,577 **** clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -137,7 +137,7 @@ tar pcf $(DISTNAME).tar $(DISTNAME) -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar ---- 549,575 ---- +--- 557,583 ---- clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -166,7 +166,7 @@ -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar *************** -*** 575,581 **** +*** 583,589 **** (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: @@ -174,7 +174,7 @@ tags: -rm -f TAGS ---- 581,587 ---- +--- 589,595 ---- (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: diff --git a/security/ssh2/files/patch-af b/security/ssh2/files/patch-af index 94bfa1563a51..5e3eb7c79f92 100644 --- a/security/ssh2/files/patch-af +++ b/security/ssh2/files/patch-af @@ -1,8 +1,8 @@ -*** sshd.c.orig Sun Apr 6 03:57:00 1997 ---- sshd.c Wed Apr 16 23:27:28 1997 +*** sshd.c.orig Wed Apr 23 08:40:08 1997 +--- sshd.c Fri Apr 25 12:40:20 1997 *************** -*** 379,384 **** ---- 379,388 ---- +*** 400,405 **** +--- 400,409 ---- #include "firewall.h" /* TIS authsrv authentication */ #endif @@ -14,8 +14,8 @@ #define DEFAULT_SHELL _PATH_BSHELL #else *************** -*** 2617,2622 **** ---- 2621,2629 ---- +*** 2654,2659 **** +--- 2658,2666 ---- struct sockaddr_in from; int fromlen; struct pty_cleanup_context cleanup_context; @@ -26,7 +26,7 @@ /* We no longer need the child running on user's privileges. */ userfile_uninit(); *************** -*** 2688,2698 **** +*** 2725,2735 **** record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, &from); @@ -38,7 +38,7 @@ /* If the user has logged in before, display the time of last login. However, don't display anything extra if a command has been specified (so that ssh can be used to execute commands on a remote ---- 2695,2713 ---- +--- 2732,2750 ---- record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, &from); @@ -59,8 +59,8 @@ However, don't display anything extra if a command has been specified (so that ssh can be used to execute commands on a remote *************** -*** 2712,2717 **** ---- 2727,2755 ---- +*** 2749,2754 **** +--- 2764,2792 ---- printf("Last login: %s from %s\r\n", time_string, buf); } @@ -91,8 +91,8 @@ disabled in server options. Note that some machines appear to print it in /etc/profile or similar. */ *************** -*** 2721,2727 **** ---- 2759,2769 ---- +*** 2758,2764 **** +--- 2796,2806 ---- FILE *f; /* Print /etc/motd if it exists. */ @@ -105,8 +105,8 @@ { while (fgets(line, sizeof(line), f)) *************** -*** 2729,2734 **** ---- 2771,2799 ---- +*** 2766,2771 **** +--- 2808,2836 ---- fclose(f); } } @@ -137,7 +137,7 @@ /* Do common processing for the child, such as execing the command. */ do_child(command, pw, term, display, auth_proto, auth_data, ttyname); *************** -*** 2986,2992 **** +*** 3017,3023 **** char *user_shell; char *remote_ip; int remote_port; @@ -145,7 +145,7 @@ /* Check /etc/nologin. */ f = fopen("/etc/nologin", "r"); if (f) ---- 3051,3063 ---- +--- 3082,3094 ---- char *user_shell; char *remote_ip; int remote_port; @@ -160,8 +160,8 @@ f = fopen("/etc/nologin", "r"); if (f) *************** -*** 3000,3005 **** ---- 3071,3077 ---- +*** 3031,3036 **** +--- 3102,3108 ---- if (pw->pw_uid != UID_ROOT) exit(254); } @@ -170,7 +170,7 @@ if (command != NULL) { *************** -*** 3012,3018 **** +*** 3043,3049 **** else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -178,7 +178,7 @@ #ifdef HAVE_SETLOGIN /* Set login name in the kernel. Warning: setsid() must be called before this. */ ---- 3084,3091 ---- +--- 3115,3122 ---- else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -188,8 +188,8 @@ /* Set login name in the kernel. Warning: setsid() must be called before this. */ *************** -*** 3033,3038 **** ---- 3106,3112 ---- +*** 3064,3069 **** +--- 3137,3143 ---- if (setpcred((char *)pw->pw_name, NULL)) log_msg("setpcred %.100s: %.100s", strerror(errno)); #endif /* HAVE_USERSEC_H */ @@ -198,8 +198,8 @@ /* Save some data that will be needed so that we can do certain cleanups before we switch to user's uid. (We must clear all sensitive data *************** -*** 3103,3108 **** ---- 3177,3240 ---- +*** 3134,3139 **** +--- 3208,3271 ---- if (command != NULL || !options.use_login) #endif /* USELOGIN */ { @@ -265,8 +265,8 @@ if (getuid() == UID_ROOT || geteuid() == UID_ROOT) { *************** -*** 3134,3139 **** ---- 3266,3272 ---- +*** 3165,3170 **** +--- 3297,3303 ---- if (getuid() != user_uid || geteuid() != user_uid) fatal("Failed to set uids to %d.", (int)user_uid); @@ -275,8 +275,8 @@ /* Reset signals to their default settings before starting the user *************** -*** 3144,3154 **** ---- 3277,3292 ---- +*** 3175,3185 **** +--- 3308,3323 ---- and means /bin/sh. */ shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; @@ -294,8 +294,8 @@ #ifdef USELOGIN if (command != NULL || !options.use_login) *************** -*** 3158,3163 **** ---- 3296,3303 ---- +*** 3189,3194 **** +--- 3327,3334 ---- child_set_env(&env, &envsize, "HOME", user_dir); child_set_env(&env, &envsize, "USER", user_name); child_set_env(&env, &envsize, "LOGNAME", user_name); @@ -305,8 +305,8 @@ #ifdef MAIL_SPOOL_DIRECTORY *************** -*** 3169,3174 **** ---- 3309,3315 ---- +*** 3200,3205 **** +--- 3340,3346 ---- child_set_env(&env, &envsize, "MAIL", buf); #endif /* MAIL_SPOOL_FILE */ #endif /* MAIL_SPOOL_DIRECTORY */ @@ -315,8 +315,8 @@ #ifdef HAVE_ETC_DEFAULT_LOGIN /* Read /etc/default/login; this exists at least on Solaris 2.x. Note *************** -*** 3184,3192 **** ---- 3325,3335 ---- +*** 3215,3223 **** +--- 3356,3366 ---- child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); @@ -329,8 +329,8 @@ /* Set custom environment options from RSA authentication. */ while (custom_environment) *************** -*** 3406,3412 **** ---- 3549,3559 ---- +*** 3437,3443 **** +--- 3580,3590 ---- /* Execute the shell. */ argv[0] = buf; argv[1] = NULL; @@ -343,8 +343,8 @@ perror(shell); exit(1); *************** -*** 3427,3433 **** ---- 3574,3584 ---- +*** 3458,3464 **** +--- 3605,3615 ---- argv[1] = "-c"; argv[2] = (char *)command; argv[3] = NULL; diff --git a/security/ssh2/files/patch-aj b/security/ssh2/files/patch-aj index 2227e00716f2..60f7495697f5 100644 --- a/security/ssh2/files/patch-aj +++ b/security/ssh2/files/patch-aj @@ -1,7 +1,7 @@ -*** configure.in.orig Sun Apr 6 03:56:58 1997 ---- configure.in Wed Apr 16 23:04:16 1997 +*** configure.in.orig Wed Apr 23 08:40:06 1997 +--- configure.in Fri Apr 25 12:41:26 1997 *************** -*** 579,587 **** +*** 616,624 **** export CFLAGS CC @@ -11,7 +11,7 @@ AC_MSG_CHECKING([that the compiler works]) AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], ---- 579,587 ---- +--- 616,624 ---- export CFLAGS CC @@ -22,7 +22,7 @@ AC_MSG_CHECKING([that the compiler works]) AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], *************** -*** 633,639 **** +*** 671,677 **** AC_HEADER_STDC AC_HEADER_SYS_WAIT @@ -30,7 +30,7 @@ AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h) AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h) AC_HEADER_TIME ---- 633,639 ---- +--- 671,677 ---- AC_HEADER_STDC AC_HEADER_SYS_WAIT diff --git a/security/ssh2/files/patch-al b/security/ssh2/files/patch-al index 9b8ef9f85303..1da799c26ac5 100644 --- a/security/ssh2/files/patch-al +++ b/security/ssh2/files/patch-al @@ -1,8 +1,8 @@ -*** sshconnect.c.orig Sun Apr 6 03:57:04 1997 ---- sshconnect.c Wed Apr 16 23:04:17 1997 +*** sshconnect.c.orig Wed Apr 23 08:40:11 1997 +--- sshconnect.c Fri Apr 25 12:41:59 1997 *************** -*** 302,307 **** ---- 302,313 ---- +*** 311,316 **** +--- 311,322 ---- { struct sockaddr_in sin; int p; @@ -16,8 +16,8 @@ { sock = socket(AF_INET, SOCK_STREAM, 0); *************** -*** 329,334 **** ---- 335,341 ---- +*** 338,343 **** +--- 344,350 ---- } fatal("bind: %.100s", strerror(errno)); } |