From 7824f7761f26a51025cd162832b5022a6f5c0d24 Mon Sep 17 00:00:00 2001 From: dinoex Date: Wed, 3 Oct 2001 15:19:27 +0000 Subject: - Update to OpenSSH 2.9.9p2 - security-patch for cookie files obsolete - MD5 password support activated Approved by: dwcjr@FreeBSD.org --- security/openssh-portable/Makefile | 4 +- security/openssh-portable/distinfo | 2 +- security/openssh-portable/files/patch-cookie | 66 ---------------------- security/openssh-portable/files/patch-session.c | 19 ++++--- security/openssh-portable/files/patch-sshconnect.c | 11 ++-- security/openssh-portable/pkg-plist | 1 + 6 files changed, 20 insertions(+), 83 deletions(-) delete mode 100644 security/openssh-portable/files/patch-cookie (limited to 'security/openssh-portable') diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index df1724ad80a0..e0cd644300c7 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -6,7 +6,7 @@ # PORTNAME= openssh -PORTVERSION= 2.9p2 +PORTVERSION= 2.9.9p2 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ @@ -22,7 +22,7 @@ MAN8= sftp-server.8 sshd.8 CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto USE_OPENSSL= YES GNU_CONFIGURE= yes -CONFIGURE_ARGS?= --prefix=${PREFIX} +CONFIGURE_ARGS?= --prefix=${PREFIX} --with-md5-passwords .if exists(/usr/include/security/pam_modules.h) CONFIGURE_ARGS+= --with-pam diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index 1643af453488..840caabbab0d 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1 +1 @@ -MD5 (openssh-2.9p2.tar.gz) = fb5ea44cb5a894bed7b610c5a517542d +MD5 (openssh-2.9.9p2.tar.gz) = 5061e6e0748713bca1b40fc8b13ff5ce diff --git a/security/openssh-portable/files/patch-cookie b/security/openssh-portable/files/patch-cookie deleted file mode 100644 index 4b7d3b7c7d73..000000000000 --- a/security/openssh-portable/files/patch-cookie +++ /dev/null @@ -1,66 +0,0 @@ ---- channels.c.orig Tue Apr 17 14:55:03 2001 -+++ channels.c Sat Jun 9 06:43:41 2001 -@@ -1612,7 +1612,7 @@ - switch (channels[i].type) { - case SSH_CHANNEL_AUTH_SOCKET: - close(channels[i].sock); -- unlink(channels[i].path); -+ /* auth_sock_cleanup_proc deletes the socket */ - channel_free(i); - break; - case SSH_CHANNEL_PORT_LISTENER: ---- session.c.orig Sun Jun 17 05:40:51 2001 -+++ session.c Sun Aug 19 18:20:27 2001 -@@ -235,6 +235,7 @@ - int success, type, n_bytes, plen, screen_flag, have_pty = 0; - int compression_level = 0, enable_compression_after_reply = 0; - u_int proto_len, data_len, dlen; -+ struct stat st; - - s = session_new(); - s->pw = authctxt->pw; -@@ -317,7 +318,8 @@ - packet_send_debug("X11 forwarding disabled in server configuration file."); - break; - } -- if (!options.xauth_location) { -+ if (!options.xauth_location || -+ (stat(options.xauth_location, &st) == -1)) { - packet_send_debug("No xauth program; cannot forward with spoofing."); - break; - } -@@ -1384,10 +1386,11 @@ - if (!options.use_login) { - /* ignore _PATH_SSH_USER_RC for subsystems */ - if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) { -+ snprintf(cmd, sizeof cmd, "%s -c '%s %s'", -+ shell, _PATH_BSHELL, _PATH_SSH_USER_RC); - if (debug_flag) -- fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, -- _PATH_SSH_USER_RC); -- f = popen(_PATH_BSHELL " " _PATH_SSH_USER_RC, "w"); -+ fprintf(stderr, "Running %s\n", cmd); -+ f = popen(cmd, "w"); - if (f) { - if (do_xauth) - fprintf(f, "%s %s\n", s->auth_proto, -@@ -1707,12 +1710,19 @@ - int - session_x11_req(Session *s) - { -+ struct stat st; -+ - if (no_x11_forwarding_flag) { - debug("X11 forwarding disabled in user configuration file."); - return 0; - } - if (!options.x11_forwarding) { - debug("X11 forwarding disabled in server configuration file."); -+ return 0; -+ } -+ if (!options.xauth_location || -+ (stat(options.xauth_location, &st) == -1)) { -+ packet_send_debug("No xauth program; cannot forward with spoofig."); - return 0; - } - debug("Received request for X11 forwarding with auth spoofing."); diff --git a/security/openssh-portable/files/patch-session.c b/security/openssh-portable/files/patch-session.c index 57febb0f33b7..28dc7a851ec3 100644 --- a/security/openssh-portable/files/patch-session.c +++ b/security/openssh-portable/files/patch-session.c @@ -1,6 +1,6 @@ ---- session.c.orig Sun Jun 10 17:22:44 2001 -+++ session.c Sun Jun 10 17:23:22 2001 -@@ -514,6 +514,13 @@ +--- session.c.orig Mon Sep 17 00:17:15 2001 ++++ session.c Wed Oct 3 14:18:36 2001 +@@ -437,6 +437,13 @@ log_init(__progname, options.log_level, options.log_facility, log_stderr); /* @@ -14,10 +14,11 @@ * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ -@@ -628,6 +635,13 @@ +@@ -551,6 +558,14 @@ + /* Child. Reinitialize the log because the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); - ++ + /* + * Using login and executing a specific "command" are mutually + * exclusive, so turn off use_login if there's a command. @@ -28,7 +29,7 @@ /* Close the master side of the pseudo tty. */ close(ptyfd); -@@ -707,6 +721,11 @@ +@@ -682,6 +697,11 @@ time_t last_login_time; struct passwd * pw = s->pw; pid_t pid = getpid(); @@ -40,7 +41,7 @@ /* * Get IP address of client. If the connection is not a socket, let -@@ -767,6 +786,21 @@ +@@ -742,6 +762,21 @@ printf("Last login: %s from %s\r\n", time_string, hostname); } @@ -62,7 +63,7 @@ do_motd(); } -@@ -1376,7 +1410,7 @@ +@@ -1340,7 +1375,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ @@ -71,7 +72,7 @@ close(i); /* Change current directory to the user\'s home directory. */ -@@ -1400,6 +1434,28 @@ +@@ -1376,6 +1411,28 @@ * in this order). */ if (!options.use_login) { diff --git a/security/openssh-portable/files/patch-sshconnect.c b/security/openssh-portable/files/patch-sshconnect.c index 0d2e317b7147..ba0aa01906a8 100644 --- a/security/openssh-portable/files/patch-sshconnect.c +++ b/security/openssh-portable/files/patch-sshconnect.c @@ -1,12 +1,13 @@ ---- sshconnect.c.orig Fri Apr 13 01:34:36 2001 -+++ sshconnect.c Fri Jun 1 08:01:05 2001 -@@ -504,10 +504,12 @@ - local = (ntohl(((struct sockaddr_in *)hostaddr)->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET; +--- sshconnect.c.orig Wed Aug 8 00:29:09 2001 ++++ sshconnect.c Wed Oct 3 14:28:15 2001 +@@ -577,11 +577,13 @@ + sin_addr.s_addr) >> 24) == IN_LOOPBACKNET; salen = sizeof(struct sockaddr_in); break; +#ifdef INET6 case AF_INET6: - local = IN6_IS_ADDR_LOOPBACK(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr)); + local = IN6_IS_ADDR_LOOPBACK( + &(((struct sockaddr_in6 *)hostaddr)->sin6_addr)); salen = sizeof(struct sockaddr_in6); break; +#endif diff --git a/security/openssh-portable/pkg-plist b/security/openssh-portable/pkg-plist index 63d354393c92..b2b6276a5695 100644 --- a/security/openssh-portable/pkg-plist +++ b/security/openssh-portable/pkg-plist @@ -8,4 +8,5 @@ bin/ssh-keygen bin/ssh-keyscan bin/sftp sbin/sshd +share/Ssh.bin libexec/sftp-server -- cgit