From 41086c704391ae15bfb78fb30d1187f0c1433342 Mon Sep 17 00:00:00 2001 From: peter Date: Fri, 25 Apr 1997 05:01:06 +0000 Subject: Update from ssh-1.2.19 to ssh-1.2.20. All patches applied still, I just regenerated them to fix the line numbers. Also, I added two commented out options in Makefile, one to tell sshd that a group writeable homedir is OK because all users are in their own group, and the other is to allow an unencrypted connection (which is dangerous since it can lead to compromise of keys), but on a secure network it's damn useful for backups etc. --- security/ssh/files/patch-aa | 8 ++--- security/ssh/files/patch-ac | 28 ++++++++--------- security/ssh/files/patch-af | 76 ++++++++++++++++++++++----------------------- security/ssh/files/patch-al | 12 +++---- 4 files changed, 62 insertions(+), 62 deletions(-) (limited to 'security/ssh/files') diff --git a/security/ssh/files/patch-aa b/security/ssh/files/patch-aa index 3ef8ce98cc1e..83e9968ac319 100644 --- a/security/ssh/files/patch-aa +++ b/security/ssh/files/patch-aa @@ -1,7 +1,7 @@ -*** make-ssh-known-hosts.pl.in.orig Thu Mar 27 09:04:06 1997 ---- make-ssh-known-hosts.pl.in Fri Mar 28 15:11:19 1997 +*** make-ssh-known-hosts.pl.in.orig Wed Apr 23 08:40:05 1997 +--- make-ssh-known-hosts.pl.in Fri Apr 25 12:38:21 1997 *************** -*** 84,90 **** +*** 87,93 **** $debug = 5; $defserver = ''; $bell='\a'; @@ -9,7 +9,7 @@ $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$"; $timeout = 60; $ping_timeout = 3; ---- 84,90 ---- +--- 87,93 ---- $debug = 5; $defserver = ''; $bell='\a'; diff --git a/security/ssh/files/patch-ac b/security/ssh/files/patch-ac index 6823f8a5bd28..90cc133acd97 100644 --- a/security/ssh/files/patch-ac +++ b/security/ssh/files/patch-ac @@ -1,7 +1,7 @@ -*** Makefile.in.orig Sun Apr 6 03:56:58 1997 ---- Makefile.in Wed Apr 16 22:59:17 1997 +*** Makefile.in.orig Wed Apr 23 08:40:06 1997 +--- Makefile.in Fri Apr 25 12:39:38 1997 *************** -*** 229,240 **** +*** 237,248 **** SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -14,7 +14,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source ---- 229,246 ---- +--- 237,254 ---- SHELL = /bin/sh GMPDIR = gmp-2.0.2-ssh-2 @@ -34,7 +34,7 @@ RSAREFDIR = rsaref2 RSAREFSRCDIR = $(RSAREFDIR)/source *************** -*** 328,334 **** +*** 336,342 **** $(CC) -o rfc-pg rfc-pg.o .c.o: @@ -42,7 +42,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd ---- 334,340 ---- +--- 342,348 ---- $(CC) -o rfc-pg rfc-pg.o .c.o: @@ -51,7 +51,7 @@ sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) -rm -f sshd *************** -*** 365,383 **** +*** 373,391 **** sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -71,7 +71,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ ---- 371,389 ---- +--- 379,397 ---- sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts chmod +x make-ssh-known-hosts @@ -92,7 +92,7 @@ $(RSAREFSRCDIR)/librsaref.a: -if test '!' -d $(RSAREFDIR); then \ *************** -*** 434,440 **** +*** 442,448 **** # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. @@ -100,7 +100,7 @@ -rm -f $(install_prefix)$(bindir)/ssh.old -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old -chmod 755 $(install_prefix)$(bindir)/ssh.old ---- 440,446 ---- +--- 448,454 ---- # (otherwise it can only log in as the user it runs as, and must be # bound to a non-privileged port). Also, password authentication may # not be available if non-root and using shadow passwords. @@ -109,7 +109,7 @@ -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old -chmod 755 $(install_prefix)$(bindir)/ssh.old *************** -*** 543,569 **** +*** 551,577 **** clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -137,7 +137,7 @@ tar pcf $(DISTNAME).tar $(DISTNAME) -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar ---- 549,575 ---- +--- 557,583 ---- clean: -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg @@ -166,7 +166,7 @@ -rm -f $(DISTNAME).tar.gz gzip $(DISTNAME).tar *************** -*** 575,581 **** +*** 583,589 **** (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: @@ -174,7 +174,7 @@ tags: -rm -f TAGS ---- 581,587 ---- +--- 589,595 ---- (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null depend: diff --git a/security/ssh/files/patch-af b/security/ssh/files/patch-af index 94bfa1563a51..5e3eb7c79f92 100644 --- a/security/ssh/files/patch-af +++ b/security/ssh/files/patch-af @@ -1,8 +1,8 @@ -*** sshd.c.orig Sun Apr 6 03:57:00 1997 ---- sshd.c Wed Apr 16 23:27:28 1997 +*** sshd.c.orig Wed Apr 23 08:40:08 1997 +--- sshd.c Fri Apr 25 12:40:20 1997 *************** -*** 379,384 **** ---- 379,388 ---- +*** 400,405 **** +--- 400,409 ---- #include "firewall.h" /* TIS authsrv authentication */ #endif @@ -14,8 +14,8 @@ #define DEFAULT_SHELL _PATH_BSHELL #else *************** -*** 2617,2622 **** ---- 2621,2629 ---- +*** 2654,2659 **** +--- 2658,2666 ---- struct sockaddr_in from; int fromlen; struct pty_cleanup_context cleanup_context; @@ -26,7 +26,7 @@ /* We no longer need the child running on user's privileges. */ userfile_uninit(); *************** -*** 2688,2698 **** +*** 2725,2735 **** record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, &from); @@ -38,7 +38,7 @@ /* If the user has logged in before, display the time of last login. However, don't display anything extra if a command has been specified (so that ssh can be used to execute commands on a remote ---- 2695,2713 ---- +--- 2732,2750 ---- record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname, &from); @@ -59,8 +59,8 @@ However, don't display anything extra if a command has been specified (so that ssh can be used to execute commands on a remote *************** -*** 2712,2717 **** ---- 2727,2755 ---- +*** 2749,2754 **** +--- 2764,2792 ---- printf("Last login: %s from %s\r\n", time_string, buf); } @@ -91,8 +91,8 @@ disabled in server options. Note that some machines appear to print it in /etc/profile or similar. */ *************** -*** 2721,2727 **** ---- 2759,2769 ---- +*** 2758,2764 **** +--- 2796,2806 ---- FILE *f; /* Print /etc/motd if it exists. */ @@ -105,8 +105,8 @@ { while (fgets(line, sizeof(line), f)) *************** -*** 2729,2734 **** ---- 2771,2799 ---- +*** 2766,2771 **** +--- 2808,2836 ---- fclose(f); } } @@ -137,7 +137,7 @@ /* Do common processing for the child, such as execing the command. */ do_child(command, pw, term, display, auth_proto, auth_data, ttyname); *************** -*** 2986,2992 **** +*** 3017,3023 **** char *user_shell; char *remote_ip; int remote_port; @@ -145,7 +145,7 @@ /* Check /etc/nologin. */ f = fopen("/etc/nologin", "r"); if (f) ---- 3051,3063 ---- +--- 3082,3094 ---- char *user_shell; char *remote_ip; int remote_port; @@ -160,8 +160,8 @@ f = fopen("/etc/nologin", "r"); if (f) *************** -*** 3000,3005 **** ---- 3071,3077 ---- +*** 3031,3036 **** +--- 3102,3108 ---- if (pw->pw_uid != UID_ROOT) exit(254); } @@ -170,7 +170,7 @@ if (command != NULL) { *************** -*** 3012,3018 **** +*** 3043,3049 **** else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -178,7 +178,7 @@ #ifdef HAVE_SETLOGIN /* Set login name in the kernel. Warning: setsid() must be called before this. */ ---- 3084,3091 ---- +--- 3115,3122 ---- else log_msg("executing remote command as user %.200s", pw->pw_name); } @@ -188,8 +188,8 @@ /* Set login name in the kernel. Warning: setsid() must be called before this. */ *************** -*** 3033,3038 **** ---- 3106,3112 ---- +*** 3064,3069 **** +--- 3137,3143 ---- if (setpcred((char *)pw->pw_name, NULL)) log_msg("setpcred %.100s: %.100s", strerror(errno)); #endif /* HAVE_USERSEC_H */ @@ -198,8 +198,8 @@ /* Save some data that will be needed so that we can do certain cleanups before we switch to user's uid. (We must clear all sensitive data *************** -*** 3103,3108 **** ---- 3177,3240 ---- +*** 3134,3139 **** +--- 3208,3271 ---- if (command != NULL || !options.use_login) #endif /* USELOGIN */ { @@ -265,8 +265,8 @@ if (getuid() == UID_ROOT || geteuid() == UID_ROOT) { *************** -*** 3134,3139 **** ---- 3266,3272 ---- +*** 3165,3170 **** +--- 3297,3303 ---- if (getuid() != user_uid || geteuid() != user_uid) fatal("Failed to set uids to %d.", (int)user_uid); @@ -275,8 +275,8 @@ /* Reset signals to their default settings before starting the user *************** -*** 3144,3154 **** ---- 3277,3292 ---- +*** 3175,3185 **** +--- 3308,3323 ---- and means /bin/sh. */ shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell; @@ -294,8 +294,8 @@ #ifdef USELOGIN if (command != NULL || !options.use_login) *************** -*** 3158,3163 **** ---- 3296,3303 ---- +*** 3189,3194 **** +--- 3327,3334 ---- child_set_env(&env, &envsize, "HOME", user_dir); child_set_env(&env, &envsize, "USER", user_name); child_set_env(&env, &envsize, "LOGNAME", user_name); @@ -305,8 +305,8 @@ #ifdef MAIL_SPOOL_DIRECTORY *************** -*** 3169,3174 **** ---- 3309,3315 ---- +*** 3200,3205 **** +--- 3340,3346 ---- child_set_env(&env, &envsize, "MAIL", buf); #endif /* MAIL_SPOOL_FILE */ #endif /* MAIL_SPOOL_DIRECTORY */ @@ -315,8 +315,8 @@ #ifdef HAVE_ETC_DEFAULT_LOGIN /* Read /etc/default/login; this exists at least on Solaris 2.x. Note *************** -*** 3184,3192 **** ---- 3325,3335 ---- +*** 3215,3223 **** +--- 3356,3366 ---- child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); @@ -329,8 +329,8 @@ /* Set custom environment options from RSA authentication. */ while (custom_environment) *************** -*** 3406,3412 **** ---- 3549,3559 ---- +*** 3437,3443 **** +--- 3580,3590 ---- /* Execute the shell. */ argv[0] = buf; argv[1] = NULL; @@ -343,8 +343,8 @@ perror(shell); exit(1); *************** -*** 3427,3433 **** ---- 3574,3584 ---- +*** 3458,3464 **** +--- 3605,3615 ---- argv[1] = "-c"; argv[2] = (char *)command; argv[3] = NULL; diff --git a/security/ssh/files/patch-al b/security/ssh/files/patch-al index 9b8ef9f85303..1da799c26ac5 100644 --- a/security/ssh/files/patch-al +++ b/security/ssh/files/patch-al @@ -1,8 +1,8 @@ -*** sshconnect.c.orig Sun Apr 6 03:57:04 1997 ---- sshconnect.c Wed Apr 16 23:04:17 1997 +*** sshconnect.c.orig Wed Apr 23 08:40:11 1997 +--- sshconnect.c Fri Apr 25 12:41:59 1997 *************** -*** 302,307 **** ---- 302,313 ---- +*** 311,316 **** +--- 311,322 ---- { struct sockaddr_in sin; int p; @@ -16,8 +16,8 @@ { sock = socket(AF_INET, SOCK_STREAM, 0); *************** -*** 329,334 **** ---- 335,341 ---- +*** 338,343 **** +--- 344,350 ---- } fatal("bind: %.100s", strerror(errno)); } -- cgit