aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authordinoex <dinoex@FreeBSD.org>2001-10-03 23:19:27 +0800
committerdinoex <dinoex@FreeBSD.org>2001-10-03 23:19:27 +0800
commit7824f7761f26a51025cd162832b5022a6f5c0d24 (patch)
tree48b0e2d64040c2d14960316c58b88f5da0cffeea /security
parentb3d3c2e2217b3759bb1b862b60ed9d3029706acf (diff)
downloadfreebsd-ports-graphics-7824f7761f26a51025cd162832b5022a6f5c0d24.tar.gz
freebsd-ports-graphics-7824f7761f26a51025cd162832b5022a6f5c0d24.tar.zst
freebsd-ports-graphics-7824f7761f26a51025cd162832b5022a6f5c0d24.zip
- Update to OpenSSH 2.9.9p2
- security-patch for cookie files obsolete - MD5 password support activated Approved by: dwcjr@FreeBSD.org
Diffstat (limited to 'security')
-rw-r--r--security/hpn-ssh/Makefile4
-rw-r--r--security/hpn-ssh/distinfo2
-rw-r--r--security/hpn-ssh/files/patch-cookie66
-rw-r--r--security/hpn-ssh/files/patch-session.c19
-rw-r--r--security/hpn-ssh/files/patch-sshconnect.c11
-rw-r--r--security/hpn-ssh/pkg-plist1
-rw-r--r--security/openssh-portable/Makefile4
-rw-r--r--security/openssh-portable/distinfo2
-rw-r--r--security/openssh-portable/files/patch-cookie66
-rw-r--r--security/openssh-portable/files/patch-session.c19
-rw-r--r--security/openssh-portable/files/patch-sshconnect.c11
-rw-r--r--security/openssh-portable/pkg-plist1
12 files changed, 40 insertions, 166 deletions
diff --git a/security/hpn-ssh/Makefile b/security/hpn-ssh/Makefile
index df1724ad80a..e0cd644300c 100644
--- a/security/hpn-ssh/Makefile
+++ b/security/hpn-ssh/Makefile
@@ -6,7 +6,7 @@
#
PORTNAME= openssh
-PORTVERSION= 2.9p2
+PORTVERSION= 2.9.9p2
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \
@@ -22,7 +22,7 @@ MAN8= sftp-server.8 sshd.8
CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto
USE_OPENSSL= YES
GNU_CONFIGURE= yes
-CONFIGURE_ARGS?= --prefix=${PREFIX}
+CONFIGURE_ARGS?= --prefix=${PREFIX} --with-md5-passwords
.if exists(/usr/include/security/pam_modules.h)
CONFIGURE_ARGS+= --with-pam
diff --git a/security/hpn-ssh/distinfo b/security/hpn-ssh/distinfo
index 1643af45348..840caabbab0 100644
--- a/security/hpn-ssh/distinfo
+++ b/security/hpn-ssh/distinfo
@@ -1 +1 @@
-MD5 (openssh-2.9p2.tar.gz) = fb5ea44cb5a894bed7b610c5a517542d
+MD5 (openssh-2.9.9p2.tar.gz) = 5061e6e0748713bca1b40fc8b13ff5ce
diff --git a/security/hpn-ssh/files/patch-cookie b/security/hpn-ssh/files/patch-cookie
deleted file mode 100644
index 4b7d3b7c7d7..00000000000
--- a/security/hpn-ssh/files/patch-cookie
+++ /dev/null
@@ -1,66 +0,0 @@
---- channels.c.orig Tue Apr 17 14:55:03 2001
-+++ channels.c Sat Jun 9 06:43:41 2001
-@@ -1612,7 +1612,7 @@
- switch (channels[i].type) {
- case SSH_CHANNEL_AUTH_SOCKET:
- close(channels[i].sock);
-- unlink(channels[i].path);
-+ /* auth_sock_cleanup_proc deletes the socket */
- channel_free(i);
- break;
- case SSH_CHANNEL_PORT_LISTENER:
---- session.c.orig Sun Jun 17 05:40:51 2001
-+++ session.c Sun Aug 19 18:20:27 2001
-@@ -235,6 +235,7 @@
- int success, type, n_bytes, plen, screen_flag, have_pty = 0;
- int compression_level = 0, enable_compression_after_reply = 0;
- u_int proto_len, data_len, dlen;
-+ struct stat st;
-
- s = session_new();
- s->pw = authctxt->pw;
-@@ -317,7 +318,8 @@
- packet_send_debug("X11 forwarding disabled in server configuration file.");
- break;
- }
-- if (!options.xauth_location) {
-+ if (!options.xauth_location ||
-+ (stat(options.xauth_location, &st) == -1)) {
- packet_send_debug("No xauth program; cannot forward with spoofing.");
- break;
- }
-@@ -1384,10 +1386,11 @@
- if (!options.use_login) {
- /* ignore _PATH_SSH_USER_RC for subsystems */
- if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
-+ snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
-+ shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
- if (debug_flag)
-- fprintf(stderr, "Running %s %s\n", _PATH_BSHELL,
-- _PATH_SSH_USER_RC);
-- f = popen(_PATH_BSHELL " " _PATH_SSH_USER_RC, "w");
-+ fprintf(stderr, "Running %s\n", cmd);
-+ f = popen(cmd, "w");
- if (f) {
- if (do_xauth)
- fprintf(f, "%s %s\n", s->auth_proto,
-@@ -1707,12 +1710,19 @@
- int
- session_x11_req(Session *s)
- {
-+ struct stat st;
-+
- if (no_x11_forwarding_flag) {
- debug("X11 forwarding disabled in user configuration file.");
- return 0;
- }
- if (!options.x11_forwarding) {
- debug("X11 forwarding disabled in server configuration file.");
-+ return 0;
-+ }
-+ if (!options.xauth_location ||
-+ (stat(options.xauth_location, &st) == -1)) {
-+ packet_send_debug("No xauth program; cannot forward with spoofig.");
- return 0;
- }
- debug("Received request for X11 forwarding with auth spoofing.");
diff --git a/security/hpn-ssh/files/patch-session.c b/security/hpn-ssh/files/patch-session.c
index 57febb0f33b..28dc7a851ec 100644
--- a/security/hpn-ssh/files/patch-session.c
+++ b/security/hpn-ssh/files/patch-session.c
@@ -1,6 +1,6 @@
---- session.c.orig Sun Jun 10 17:22:44 2001
-+++ session.c Sun Jun 10 17:23:22 2001
-@@ -514,6 +514,13 @@
+--- session.c.orig Mon Sep 17 00:17:15 2001
++++ session.c Wed Oct 3 14:18:36 2001
+@@ -437,6 +437,13 @@
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
@@ -14,10 +14,11 @@
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
*/
-@@ -628,6 +635,13 @@
+@@ -551,6 +558,14 @@
+
/* Child. Reinitialize the log because the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
-
++
+ /*
+ * Using login and executing a specific "command" are mutually
+ * exclusive, so turn off use_login if there's a command.
@@ -28,7 +29,7 @@
/* Close the master side of the pseudo tty. */
close(ptyfd);
-@@ -707,6 +721,11 @@
+@@ -682,6 +697,11 @@
time_t last_login_time;
struct passwd * pw = s->pw;
pid_t pid = getpid();
@@ -40,7 +41,7 @@
/*
* Get IP address of client. If the connection is not a socket, let
-@@ -767,6 +786,21 @@
+@@ -742,6 +762,21 @@
printf("Last login: %s from %s\r\n", time_string, hostname);
}
@@ -62,7 +63,7 @@
do_motd();
}
-@@ -1376,7 +1410,7 @@
+@@ -1340,7 +1375,7 @@
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
*/
@@ -71,7 +72,7 @@
close(i);
/* Change current directory to the user\'s home directory. */
-@@ -1400,6 +1434,28 @@
+@@ -1376,6 +1411,28 @@
* in this order).
*/
if (!options.use_login) {
diff --git a/security/hpn-ssh/files/patch-sshconnect.c b/security/hpn-ssh/files/patch-sshconnect.c
index 0d2e317b714..ba0aa01906a 100644
--- a/security/hpn-ssh/files/patch-sshconnect.c
+++ b/security/hpn-ssh/files/patch-sshconnect.c
@@ -1,12 +1,13 @@
---- sshconnect.c.orig Fri Apr 13 01:34:36 2001
-+++ sshconnect.c Fri Jun 1 08:01:05 2001
-@@ -504,10 +504,12 @@
- local = (ntohl(((struct sockaddr_in *)hostaddr)->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
+--- sshconnect.c.orig Wed Aug 8 00:29:09 2001
++++ sshconnect.c Wed Oct 3 14:28:15 2001
+@@ -577,11 +577,13 @@
+ sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
salen = sizeof(struct sockaddr_in);
break;
+#ifdef INET6
case AF_INET6:
- local = IN6_IS_ADDR_LOOPBACK(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr));
+ local = IN6_IS_ADDR_LOOPBACK(
+ &(((struct sockaddr_in6 *)hostaddr)->sin6_addr));
salen = sizeof(struct sockaddr_in6);
break;
+#endif
diff --git a/security/hpn-ssh/pkg-plist b/security/hpn-ssh/pkg-plist
index 63d354393c9..b2b6276a569 100644
--- a/security/hpn-ssh/pkg-plist
+++ b/security/hpn-ssh/pkg-plist
@@ -8,4 +8,5 @@ bin/ssh-keygen
bin/ssh-keyscan
bin/sftp
sbin/sshd
+share/Ssh.bin
libexec/sftp-server
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index df1724ad80a..e0cd644300c 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -6,7 +6,7 @@
#
PORTNAME= openssh
-PORTVERSION= 2.9p2
+PORTVERSION= 2.9.9p2
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \
@@ -22,7 +22,7 @@ MAN8= sftp-server.8 sshd.8
CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto
USE_OPENSSL= YES
GNU_CONFIGURE= yes
-CONFIGURE_ARGS?= --prefix=${PREFIX}
+CONFIGURE_ARGS?= --prefix=${PREFIX} --with-md5-passwords
.if exists(/usr/include/security/pam_modules.h)
CONFIGURE_ARGS+= --with-pam
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index 1643af45348..840caabbab0 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1 +1 @@
-MD5 (openssh-2.9p2.tar.gz) = fb5ea44cb5a894bed7b610c5a517542d
+MD5 (openssh-2.9.9p2.tar.gz) = 5061e6e0748713bca1b40fc8b13ff5ce
diff --git a/security/openssh-portable/files/patch-cookie b/security/openssh-portable/files/patch-cookie
deleted file mode 100644
index 4b7d3b7c7d7..00000000000
--- a/security/openssh-portable/files/patch-cookie
+++ /dev/null
@@ -1,66 +0,0 @@
---- channels.c.orig Tue Apr 17 14:55:03 2001
-+++ channels.c Sat Jun 9 06:43:41 2001
-@@ -1612,7 +1612,7 @@
- switch (channels[i].type) {
- case SSH_CHANNEL_AUTH_SOCKET:
- close(channels[i].sock);
-- unlink(channels[i].path);
-+ /* auth_sock_cleanup_proc deletes the socket */
- channel_free(i);
- break;
- case SSH_CHANNEL_PORT_LISTENER:
---- session.c.orig Sun Jun 17 05:40:51 2001
-+++ session.c Sun Aug 19 18:20:27 2001
-@@ -235,6 +235,7 @@
- int success, type, n_bytes, plen, screen_flag, have_pty = 0;
- int compression_level = 0, enable_compression_after_reply = 0;
- u_int proto_len, data_len, dlen;
-+ struct stat st;
-
- s = session_new();
- s->pw = authctxt->pw;
-@@ -317,7 +318,8 @@
- packet_send_debug("X11 forwarding disabled in server configuration file.");
- break;
- }
-- if (!options.xauth_location) {
-+ if (!options.xauth_location ||
-+ (stat(options.xauth_location, &st) == -1)) {
- packet_send_debug("No xauth program; cannot forward with spoofing.");
- break;
- }
-@@ -1384,10 +1386,11 @@
- if (!options.use_login) {
- /* ignore _PATH_SSH_USER_RC for subsystems */
- if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
-+ snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
-+ shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
- if (debug_flag)
-- fprintf(stderr, "Running %s %s\n", _PATH_BSHELL,
-- _PATH_SSH_USER_RC);
-- f = popen(_PATH_BSHELL " " _PATH_SSH_USER_RC, "w");
-+ fprintf(stderr, "Running %s\n", cmd);
-+ f = popen(cmd, "w");
- if (f) {
- if (do_xauth)
- fprintf(f, "%s %s\n", s->auth_proto,
-@@ -1707,12 +1710,19 @@
- int
- session_x11_req(Session *s)
- {
-+ struct stat st;
-+
- if (no_x11_forwarding_flag) {
- debug("X11 forwarding disabled in user configuration file.");
- return 0;
- }
- if (!options.x11_forwarding) {
- debug("X11 forwarding disabled in server configuration file.");
-+ return 0;
-+ }
-+ if (!options.xauth_location ||
-+ (stat(options.xauth_location, &st) == -1)) {
-+ packet_send_debug("No xauth program; cannot forward with spoofig.");
- return 0;
- }
- debug("Received request for X11 forwarding with auth spoofing.");
diff --git a/security/openssh-portable/files/patch-session.c b/security/openssh-portable/files/patch-session.c
index 57febb0f33b..28dc7a851ec 100644
--- a/security/openssh-portable/files/patch-session.c
+++ b/security/openssh-portable/files/patch-session.c
@@ -1,6 +1,6 @@
---- session.c.orig Sun Jun 10 17:22:44 2001
-+++ session.c Sun Jun 10 17:23:22 2001
-@@ -514,6 +514,13 @@
+--- session.c.orig Mon Sep 17 00:17:15 2001
++++ session.c Wed Oct 3 14:18:36 2001
+@@ -437,6 +437,13 @@
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
@@ -14,10 +14,11 @@
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
*/
-@@ -628,6 +635,13 @@
+@@ -551,6 +558,14 @@
+
/* Child. Reinitialize the log because the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
-
++
+ /*
+ * Using login and executing a specific "command" are mutually
+ * exclusive, so turn off use_login if there's a command.
@@ -28,7 +29,7 @@
/* Close the master side of the pseudo tty. */
close(ptyfd);
-@@ -707,6 +721,11 @@
+@@ -682,6 +697,11 @@
time_t last_login_time;
struct passwd * pw = s->pw;
pid_t pid = getpid();
@@ -40,7 +41,7 @@
/*
* Get IP address of client. If the connection is not a socket, let
-@@ -767,6 +786,21 @@
+@@ -742,6 +762,21 @@
printf("Last login: %s from %s\r\n", time_string, hostname);
}
@@ -62,7 +63,7 @@
do_motd();
}
-@@ -1376,7 +1410,7 @@
+@@ -1340,7 +1375,7 @@
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
*/
@@ -71,7 +72,7 @@
close(i);
/* Change current directory to the user\'s home directory. */
-@@ -1400,6 +1434,28 @@
+@@ -1376,6 +1411,28 @@
* in this order).
*/
if (!options.use_login) {
diff --git a/security/openssh-portable/files/patch-sshconnect.c b/security/openssh-portable/files/patch-sshconnect.c
index 0d2e317b714..ba0aa01906a 100644
--- a/security/openssh-portable/files/patch-sshconnect.c
+++ b/security/openssh-portable/files/patch-sshconnect.c
@@ -1,12 +1,13 @@
---- sshconnect.c.orig Fri Apr 13 01:34:36 2001
-+++ sshconnect.c Fri Jun 1 08:01:05 2001
-@@ -504,10 +504,12 @@
- local = (ntohl(((struct sockaddr_in *)hostaddr)->sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
+--- sshconnect.c.orig Wed Aug 8 00:29:09 2001
++++ sshconnect.c Wed Oct 3 14:28:15 2001
+@@ -577,11 +577,13 @@
+ sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
salen = sizeof(struct sockaddr_in);
break;
+#ifdef INET6
case AF_INET6:
- local = IN6_IS_ADDR_LOOPBACK(&(((struct sockaddr_in6 *)hostaddr)->sin6_addr));
+ local = IN6_IS_ADDR_LOOPBACK(
+ &(((struct sockaddr_in6 *)hostaddr)->sin6_addr));
salen = sizeof(struct sockaddr_in6);
break;
+#endif
diff --git a/security/openssh-portable/pkg-plist b/security/openssh-portable/pkg-plist
index 63d354393c9..b2b6276a569 100644
--- a/security/openssh-portable/pkg-plist
+++ b/security/openssh-portable/pkg-plist
@@ -8,4 +8,5 @@ bin/ssh-keygen
bin/ssh-keyscan
bin/sftp
sbin/sshd
+share/Ssh.bin
libexec/sftp-server