Subject: pkg/31331: Update for security/openssh => v4.2p1
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <jdwhite@jdwhite.org>
List: pkgsrc-bugs
Date: 09/17/2005 06:56:00
>Number:         31331
>Category:       pkg
>Synopsis:       Updates package to latest, 4.2p1
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sat Sep 17 06:56:00 +0000 2005
>Originator:     Jason White
>Release:        NetBSD 2.0
>Organization:
Jason White (jdwhite@jdwhite.org)        http://www.jdwhite.org/~jdwhite
Jabber:jdwhite(jabber.org)                IRC:irc.netbsd.org/jdwhite
PGP KeyID: 0x5290E477/A8A2 3FDB AB33 98EB ED74  EDAA F538 9A30 5290 E477
>Environment:
System: NetBSD bender.jdwhite.org 2.0 NetBSD 2.0 (BENDER) #8: Mon Nov 29 20:52:24 CST 2004 gendalia@satai:/usr/obj/i386/BENDER i386
Architecture: i386
Machine: i386
>Description:
Pkgsrc version is a bit out of date.
>How-To-Repeat:
>Fix:
Patches follow.  A tarball of my homegrown "openssh42" package can be found 
at http://jdwhite.public.iastate.edu/openssh42.tgz.  Test compiled with 
kerberos and hpn-patch options.  "patch-ai" no longer needed.  Have NOT test 
compiled on Interix.

Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/Makefile,v
retrieving revision 1.156
diff -b -u -r1.156 Makefile
--- Makefile	23 Aug 2005 11:48:51 -0000	1.156
+++ Makefile	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 # $NetBSD: Makefile,v 1.156 2005/08/23 11:48:51 rillig Exp $
 
-DISTNAME=		openssh-3.9p1
-PKGNAME=		openssh-3.9.1
-PKGREVISION=		8
+DISTNAME=		openssh-4.2p1
+PKGNAME=		openssh-4.2.1
+PKGREVISION=		
 SVR4_PKGNAME=		ossh
 CATEGORIES=		security
 MASTER_SITES=		ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/distinfo,v
retrieving revision 1.40
diff -b -u -r1.40 distinfo
--- distinfo	25 May 2005 23:17:11 -0000	1.40
+++ distinfo	17 Sep 2005 06:45:27 -0000
@@ -1,29 +1,29 @@
 $NetBSD: distinfo,v 1.40 2005/05/25 23:17:11 reed Exp $
 
-SHA1 (openssh-3.9p1.tar.gz) = 80b19d83a9d4717f5c38b2d950501e1471f60afc
-RMD160 (openssh-3.9p1.tar.gz) = e4abf280a18e3ae046d0dee19dab919bba8e5568
-Size (openssh-3.9p1.tar.gz) = 854027 bytes
-SHA1 (openssh-3.9p1-hpn.diff) = 1821c590b9b5effa3750ebf0166fe3f22d00faad
-Size (openssh-3.9p1-hpn.diff) = 8387 bytes
-SHA1 (patch-aa) = 6bceb5b0480727c6c4e0cf662fa85cffebf91bdb
-SHA1 (patch-ab) = f43a6b627a4f2b8ecd74b016ce29b5f8091d877e
-SHA1 (patch-ac) = d851513c2a115358671bf9efafab1e3ee9166088
-SHA1 (patch-ad) = 2fe2ea9a661a456351012f88d26e4812d096cf23
-SHA1 (patch-ae) = d7bcee7a84457c96951c3da82aa689fa818a07b6
-SHA1 (patch-af) = ec6b439a3a4a0d2e5b13685c4d94deb26bbece45
-SHA1 (patch-ag) = dbdbefa00b2ec7e6ee3cf4441d1fc817ecefc742
-SHA1 (patch-ah) = 85a8f0fa5ddf13f8342faaff6bf81fcd3ad6648a
-SHA1 (patch-ai) = ccc43f0523bf2b0e28d7e169eda59b1ff1a2215b
-SHA1 (patch-aj) = 44f2b11949a4dea6a8760b8397db5360b64bf01f
-SHA1 (patch-ak) = 6140fe665aa84ab8127e0d9ede44945f196392e4
-SHA1 (patch-al) = 3168440d9e584a504b21802edb4dbeb58e87e8d2
-SHA1 (patch-am) = 50e46970b8eff07b931a34313d863e13af838440
-SHA1 (patch-an) = 1ffc3704bf925f87fb787c93f6f10d1b0c06bdd0
-SHA1 (patch-ao) = 0677e5f8a1a9a2f6b600789ff3fea627af472bc0
-SHA1 (patch-ap) = b006a1b49f19ab322fc179a1f2e4238807a64b87
-SHA1 (patch-aq) = 3786a41a974d6583f379350068a762a725b8334d
-SHA1 (patch-ar) = 90f2534c0fb01f7909ee88c7849092a9e7882a7d
-SHA1 (patch-as) = ecb23bc4c07d8ac7599b6f6576ad39bb4dcedbab
-SHA1 (patch-at) = c6b85eb24279f18a430b86aeda3f8d2fa1c8d018
-SHA1 (patch-au) = 2a8926edfb65a8ecf7786411cee3d1723247764b
-SHA1 (patch-av) = ef8fca98fad60cad4ba4197e8579544f37a4fcee
+SHA1 (openssh-4.2p1.tar.gz) = 5e7231cfa8ec673ea856ce291b78fac8b380eb78
+RMD160 (openssh-4.2p1.tar.gz) = e1f45333e66d0afceb9934ab73401b4ca06f03a6
+Size (openssh-4.2p1.tar.gz) = 914165 bytes
+SHA1 (openssh-4.2p1-hpn11.diff) = 7a8af1ce909bfee6ac9d498834a503fdae928b88
+RMD160 (openssh-4.2p1-hpn11.diff) = c3cd4cbb53094fb1f248a780c3e5a05af2585f88
+Size (openssh-4.2p1-hpn11.diff) = 14765 bytes
+SHA1 (patch-aa) = 64f386102156ce883caa90dd8890a957f18ebff1
+SHA1 (patch-ab) = 9a42cc9bd5e5425cc8251fed081edfcc910ec037
+SHA1 (patch-ac) = 3f693738d3e02aa6abd0687fbd22465db65abfc0
+SHA1 (patch-ad) = 23f73b7ce008c6ccd431d3d80692e59fcf33aa14
+SHA1 (patch-ae) = 21b58d72f4dbf9affed65857518c26ab9277a0f8
+SHA1 (patch-af) = e6a4c6dcf2f556c6175f1a3b0a010e4dcf34e239
+SHA1 (patch-ag) = e60b35b5d6f7db2bd30ef24f503463145689f1ea
+SHA1 (patch-ah) = 758d7b831b549c18cc38d847d697588ad15648ee
+SHA1 (patch-aj) = 7ea36ff35e681cb3a32f2de1d38936bde25f7e0c
+SHA1 (patch-ak) = 99f789676e606d4a51effc2abc02a50776f4e781
+SHA1 (patch-al) = 2843c7c6e8b3d93a03b2d66d71c894a9e302f987
+SHA1 (patch-am) = c99132cf25317053dcd6fb50ac19d35b12b0b46b
+SHA1 (patch-an) = f32b94365452f8446f0c8872fa244cf1da387570
+SHA1 (patch-ao) = c08515b05456bb2840c2d5ce28622d2f47f12057
+SHA1 (patch-ap) = c9101ae26b01a6b0cb9c9f5b7ddea77f3cf0c4b3
+SHA1 (patch-aq) = 5e1177b1cc25e821df42bc8329e24188d9d8c75c
+SHA1 (patch-ar) = 66812bf062e8318fcae1535b086fce0068d46a63
+SHA1 (patch-as) = 7162e88ed06ff2528ef17e8097f87bdaf92ad855
+SHA1 (patch-at) = 2468567cc0e91ea375f43c9ebae57644f50a5f27
+SHA1 (patch-au) = 052b0b6d8869ad09144e4fc9e1b3c5e03c669c44
+SHA1 (patch-av) = 5efc471716cecfaa7317c05771ee6d6293ecd1e3
Index: options.mk
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/options.mk,v
retrieving revision 1.5
diff -b -u -r1.5 options.mk
--- options.mk	28 Jul 2005 17:54:57 -0000	1.5
+++ options.mk	17 Sep 2005 06:45:27 -0000
@@ -17,7 +17,7 @@
 .endif
 
 .if !empty(PKG_OPTIONS:Mhpn-patch)
-PATCHFILES=		openssh-3.9p1-hpn.diff
+PATCHFILES=		openssh-4.2p1-hpn11.diff
 PATCH_SITES=		http://www.psc.edu/networking/projects/hpn-ssh/
 PATCH_DIST_STRIP=	-p1
 .endif
Index: patches/patch-aa
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-aa,v
retrieving revision 1.37
diff -b -u -r1.37 patch-aa
--- patches/patch-aa	7 Mar 2005 23:29:49 -0000	1.37
+++ patches/patch-aa	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 $NetBSD: patch-aa,v 1.37 2005/03/07 23:29:49 tv Exp $
 
---- configure.orig	2004-08-17 08:54:53.000000000 -0400
+--- configure.orig	2005-09-01 04:15:24.000000000 -0500
 +++ configure
-@@ -6101,8 +6101,46 @@ _ACEOF
+@@ -6552,8 +6552,46 @@
  _ACEOF
  
  	;;
@@ -49,7 +49,7 @@
  # Allow user to specify flags
  
  # Check whether --with-cflags or --without-cflags was given.
-@@ -23790,12 +23828,19 @@ fi
+@@ -25360,12 +25398,19 @@
  rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
  if test -z "$conf_utmpx_location"; then
  	if test x"$system_utmpx_path" = x"no" ; then
@@ -72,7 +72,7 @@
  	cat >>confdefs.h <<_ACEOF
  #define CONF_UTMPX_FILE "$conf_utmpx_location"
  _ACEOF
-@@ -23864,12 +23909,20 @@ fi
+@@ -25434,12 +25479,20 @@
  rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
  if test -z "$conf_wtmpx_location"; then
  	if test x"$system_wtmpx_path" = x"no" ; then
@@ -95,7 +95,7 @@
  	cat >>confdefs.h <<_ACEOF
  #define CONF_WTMPX_FILE "$conf_wtmpx_location"
  _ACEOF
-@@ -25091,7 +25144,7 @@ echo "OpenSSH has been configured with t
+@@ -26665,7 +26718,7 @@
  echo "                     User binaries: $B"
  echo "                   System binaries: $C"
  echo "               Configuration files: $D"
Index: patches/patch-ab
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ab,v
retrieving revision 1.20
diff -b -u -r1.20 patch-ab
--- patches/patch-ab	7 Mar 2005 23:29:49 -0000	1.20
+++ patches/patch-ab	17 Sep 2005 06:45:27 -0000
@@ -1,12 +1,13 @@
 $NetBSD: patch-ab,v 1.20 2005/03/07 23:29:49 tv Exp $
 
---- configure.ac.orig	2004-08-16 09:12:06.000000000 -0400
+--- configure.ac.orig	2005-08-31 11:59:49.000000000 -0500
 +++ configure.ac
-@@ -469,8 +469,22 @@ mips-sony-bsd|mips-sony-newsos4)
+@@ -570,8 +570,24 @@
  	AC_DEFINE(MISSING_HOWMANY)
- 	AC_DEFINE(MISSING_FD_MASK)
+         AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
  	;;
 +
++
 +*-*-interix3*)
 +	AC_DEFINE(HAVE_INTERIX)
 +	AC_DEFINE(DISABLE_FD_PASSING)
@@ -17,6 +18,7 @@
 +	AC_DEFINE(SETGROUPS_NOOP)
 +	AC_DEFINE(USE_PIPES)
 +	;;
++
  esac
  
 +# pkgsrc handles any rpath settings this package needs
@@ -25,7 +27,7 @@
  # Allow user to specify flags
  AC_ARG_WITH(cflags,
  	[  --with-cflags           Specify additional flags to pass to compiler],
-@@ -2885,9 +2899,17 @@ AC_TRY_COMPILE([
+@@ -3358,9 +3374,17 @@
  )
  if test -z "$conf_utmpx_location"; then
  	if test x"$system_utmpx_path" = x"no" ; then
@@ -45,7 +47,7 @@
  	AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
  fi	
  
-@@ -2910,9 +2932,17 @@ AC_TRY_COMPILE([
+@@ -3383,9 +3407,17 @@
  )
  if test -z "$conf_wtmpx_location"; then
  	if test x"$system_wtmpx_path" = x"no" ; then
@@ -65,7 +67,7 @@
  	AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
  fi	
  
-@@ -2953,7 +2983,7 @@ echo "OpenSSH has been configured with t
+@@ -3431,7 +3463,7 @@
  echo "                     User binaries: $B"
  echo "                   System binaries: $C"
  echo "               Configuration files: $D"
Index: patches/patch-ac
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ac,v
retrieving revision 1.12
diff -b -u -r1.12 patch-ac
--- patches/patch-ac	7 Mar 2005 23:29:49 -0000	1.12
+++ patches/patch-ac	17 Sep 2005 06:45:27 -0000
@@ -1,6 +1,6 @@
 $NetBSD: patch-ac,v 1.12 2005/03/07 23:29:49 tv Exp $
 
---- defines.h.orig	2004-06-21 23:27:16.000000000 -0400
+--- defines.h.orig	2005-08-31 11:59:49.000000000 -0500
 +++ defines.h
 @@ -30,6 +30,15 @@
  
@@ -18,7 +18,7 @@
  #ifndef SHUT_RDWR
  enum
  {
-@@ -424,8 +433,8 @@ struct winsize {
+@@ -442,8 +451,8 @@
  # define __attribute__(x)
  #endif /* !defined(__GNUC__) || (__GNUC__ < 2) */
  
@@ -28,8 +28,8 @@
 +# define __noreturn __attribute__((noreturn))
  #endif
  
- /* *-*-nto-qnx doesn't define this macro in the system headers */
-@@ -591,6 +600,24 @@ struct winsize {
+ #if !defined(HAVE_ATTRIBUTE__SENTINEL__) && !defined(__sentinel__)
+@@ -635,6 +644,24 @@
  #    endif
  #  endif
  #endif
Index: patches/patch-ad
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ad,v
retrieving revision 1.10
diff -b -u -r1.10 patch-ad
--- patches/patch-ad	25 May 2005 23:17:11 -0000	1.10
+++ patches/patch-ad	17 Sep 2005 06:45:27 -0000
@@ -1,19 +1,19 @@
 $NetBSD: patch-ad,v 1.10 2005/05/25 23:17:11 reed Exp $
 
---- loginrec.c.orig	2004-08-15 05:12:52.000000000 -0400
+--- loginrec.c.orig	2005-07-17 02:26:44.000000000 -0500
 +++ loginrec.c
-@@ -406,8 +406,8 @@ login_set_addr(struct logininfo *li, con
+@@ -414,8 +414,8 @@
  int
- login_write (struct logininfo *li)
+ login_write(struct logininfo *li)
  {
 -#ifndef HAVE_CYGWIN
--	if ((int)geteuid() != 0) {
+-	if (geteuid() != 0) {
 +#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
-+	if ((int)geteuid() != ROOTUID) {
++        if (geteuid() != ROOTUID) {
  	  logit("Attempt to write login records by non-root user (aborting)");
- 	  return 1;
+ 		return (1);
  	}
-@@ -415,7 +415,7 @@ login_write (struct logininfo *li)
+@@ -423,7 +423,7 @@
  
  	/* set the timestamp */
  	login_set_current_time(li);
@@ -22,7 +22,7 @@
  	syslogin_write_entry(li);
  #endif
  #ifdef USE_LASTLOG
-@@ -589,7 +589,7 @@ line_abbrevname(char *dst, const char *s
+@@ -603,7 +603,7 @@
   ** into account.
   **/
  
@@ -31,25 +31,27 @@
  
  /* build the utmp structure */
  void
-@@ -725,8 +725,6 @@ construct_utmpx(struct logininfo *li, st
- 	line_stripname(utx->ut_line, li->line, sizeof(utx->ut_line));
+@@ -740,10 +740,6 @@
  	set_utmpx_time(li, utx);
  	utx->ut_pid = li->pid;
--	/* strncpy(): Don't necessarily want null termination */
--	strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name, li->username));
  
+-	/* strncpy(): Don't necessarily want null termination */
+-	strncpy(utx->ut_name, li->username,
+-	    MIN_SIZEOF(utx->ut_name, li->username));
+-
  	if (li->type == LTYPE_LOGOUT)
  		return;
-@@ -736,6 +734,8 @@ construct_utmpx(struct logininfo *li, st
+ 
+@@ -752,6 +748,8 @@
  	 * for logouts.
  	 */
  
 +	/* strncpy(): Don't necessarily want null termination */
 +	strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name, li->username));
  # ifdef HAVE_HOST_IN_UTMPX
- 	strncpy(utx->ut_host, li->hostname, MIN_SIZEOF(utx->ut_host, li->hostname));
- # endif
-@@ -1357,7 +1357,7 @@ wtmpx_get_entry(struct logininfo *li)
+ 	strncpy(utx->ut_host, li->hostname,
+ 	    MIN_SIZEOF(utx->ut_host, li->hostname));
+@@ -1381,7 +1379,7 @@
   ** Low-level libutil login() functions
   **/
  
Index: patches/patch-ae
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ae,v
retrieving revision 1.9
diff -b -u -r1.9 patch-ae
--- patches/patch-ae	7 Mar 2005 23:29:49 -0000	1.9
+++ patches/patch-ae	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 $NetBSD: patch-ae,v 1.9 2005/03/07 23:29:49 tv Exp $
 
---- includes.h.orig	2004-08-14 10:01:48.000000000 -0400
+--- includes.h.orig	2005-08-26 15:15:20.000000000 -0500
 +++ includes.h
-@@ -163,6 +163,10 @@ static /**/const char *const rcsid[] = {
+@@ -164,6 +164,10 @@
  #ifdef HAVE_READPASSPHRASE_H
  # include <readpassphrase.h>
  #endif
Index: patches/patch-af
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-af,v
retrieving revision 1.7
diff -b -u -r1.7 patch-af
--- patches/patch-af	7 Mar 2005 23:29:50 -0000	1.7
+++ patches/patch-af	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 $NetBSD: patch-af,v 1.7 2005/03/07 23:29:50 tv Exp $
 
---- auth-passwd.c.orig	2004-06-21 23:37:11.000000000 -0400
+--- auth-passwd.c.orig	2005-07-26 06:54:12.000000000 -0500
 +++ auth-passwd.c
-@@ -69,7 +69,7 @@ auth_password(Authctxt *authctxt, const 
+@@ -78,7 +78,7 @@
  #endif
  
  #ifndef HAVE_CYGWIN
@@ -11,16 +11,16 @@
  		ok = 0;
  #endif
  	if (*password == '\0' && options.permit_empty_passwd == 0)
-@@ -106,8 +106,11 @@ auth_password(Authctxt *authctxt, const 
- 		}
+@@ -113,7 +113,12 @@
+ 			authctxt->force_pwchange = 1;
  	}
  #endif
--		
++
 +#ifdef HAVE_INTERIX
-+	return (!setuser(pw->pw_name, password, SU_CHECK) && ok);
++        result = (!setuser(pw->pw_name, password, SU_CHECK);
 +#else
- 	return (sys_auth_passwd(authctxt, password) && ok);
+ 	result = sys_auth_passwd(authctxt, password);
 +#endif
- }
- 
- #ifdef BSD_AUTH
+ 	if (authctxt->force_pwchange)
+ 		disable_forwarding();
+ 	return (result && ok);
Index: patches/patch-ag
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ag,v
retrieving revision 1.6
diff -b -u -r1.6 patch-ag
--- patches/patch-ag	7 Mar 2005 23:29:50 -0000	1.6
+++ patches/patch-ag	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 $NetBSD: patch-ag,v 1.6 2005/03/07 23:29:50 tv Exp $
 
---- config.h.in.orig	2004-08-17 08:54:51.000000000 -0400
+--- config.h.in.orig	2005-09-01 04:15:22.000000000 -0500
 +++ config.h.in
-@@ -116,6 +116,9 @@
+@@ -113,6 +113,9 @@
  /* Define if you are on Cygwin */
  #undef HAVE_CYGWIN
  
Index: patches/patch-ah
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ah,v
retrieving revision 1.21
diff -b -u -r1.21 patch-ah
--- patches/patch-ah	31 Aug 2004 11:27:12 -0000	1.21
+++ patches/patch-ah	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 $NetBSD: patch-ah,v 1.21 2004/08/31 11:27:12 wiz Exp $
 
---- Makefile.in.orig	2004-08-15 13:01:37.000000000 +0200
+--- Makefile.in.orig	2005-05-29 02:22:29.000000000 -0500
 +++ Makefile.in
-@@ -21,7 +21,7 @@ top_srcdir=@top_srcdir@
+@@ -21,7 +21,7 @@
  DESTDIR=
  VPATH=@srcdir@
  SSH_PROGRAM=@bindir@/ssh
@@ -11,7 +11,7 @@
  SFTP_SERVER=$(libexecdir)/sftp-server
  SSH_KEYSIGN=$(libexecdir)/ssh-keysign
  RAND_HELPER=$(libexecdir)/ssh-rand-helper
-@@ -237,7 +237,7 @@ check-config:
+@@ -240,7 +240,7 @@
  scard-install:
  	(cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
  
Index: patches/patch-aj
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-aj,v
retrieving revision 1.6
diff -b -u -r1.6 patch-aj
--- patches/patch-aj	7 Mar 2005 23:29:50 -0000	1.6
+++ patches/patch-aj	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 $NetBSD: patch-aj,v 1.6 2005/03/07 23:29:50 tv Exp $
 
---- auth-rhosts.c.orig	2003-11-17 05:13:41.000000000 -0500
+--- auth-rhosts.c.orig	2005-07-17 02:22:45.000000000 -0500
 +++ auth-rhosts.c
-@@ -198,7 +198,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
+@@ -198,7 +198,7 @@
  		return 0;
  
  	/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
@@ -11,7 +11,7 @@
  		if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
  		    client_user, pw->pw_name)) {
  			auth_debug_add("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
-@@ -224,7 +224,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
+@@ -224,7 +224,7 @@
  		return 0;
  	}
  	if (options.strict_modes &&
@@ -20,7 +20,7 @@
  	    (st.st_mode & 022) != 0)) {
  		logit("Rhosts authentication refused for %.100s: "
  		    "bad ownership or modes for home directory.", pw->pw_name);
-@@ -251,7 +251,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
+@@ -251,7 +251,7 @@
  		 * allowing access to their account by anyone.
  		 */
  		if (options.strict_modes &&
Index: patches/patch-ak
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ak,v
retrieving revision 1.6
diff -b -u -r1.6 patch-ak
--- patches/patch-ak	7 Mar 2005 23:29:50 -0000	1.6
+++ patches/patch-ak	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 $NetBSD: patch-ak,v 1.6 2005/03/07 23:29:50 tv Exp $
 
---- auth.c.orig	2004-08-12 08:40:25.000000000 -0400
+--- auth.c.orig	2005-08-31 11:59:49.000000000 -0500
 +++ auth.c
-@@ -356,7 +356,7 @@ check_key_in_hostfiles(struct passwd *pw
+@@ -388,7 +388,7 @@
  		user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
  		if (options.strict_modes &&
  		    (stat(user_hostfile, &st) == 0) &&
@@ -11,7 +11,7 @@
  		    (st.st_mode & 022) != 0)) {
  			logit("Authentication refused for %.100s: "
  			    "bad owner or modes for %.200s",
-@@ -409,7 +409,7 @@ secure_filename(FILE *f, const char *fil
+@@ -441,7 +441,7 @@
  
  	/* check the open file to avoid races */
  	if (fstat(fileno(f), &st) < 0 ||
@@ -20,7 +20,7 @@
  	    (st.st_mode & 022) != 0) {
  		snprintf(err, errlen, "bad ownership or modes for file %s",
  		    buf);
-@@ -426,7 +426,7 @@ secure_filename(FILE *f, const char *fil
+@@ -458,7 +458,7 @@
  
  		debug3("secure_filename: checking '%s'", buf);
  		if (stat(buf, &st) < 0 ||
Index: patches/patch-al
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-al,v
retrieving revision 1.5
diff -b -u -r1.5 patch-al
--- patches/patch-al	7 Mar 2005 23:29:50 -0000	1.5
+++ patches/patch-al	17 Sep 2005 06:45:27 -0000
@@ -1,19 +1,19 @@
 $NetBSD: patch-al,v 1.5 2005/03/07 23:29:50 tv Exp $
 
---- auth1.c.orig	2004-08-12 08:40:25.000000000 -0400
+--- auth1.c.orig	2005-07-17 02:26:44.000000000 -0500
 +++ auth1.c
-@@ -244,7 +244,7 @@ do_authloop(Authctxt *authctxt)
+@@ -307,7 +307,7 @@
  		}
  #else
  		/* Special handling for root */
 -		if (authenticated && authctxt->pw->pw_uid == 0 &&
 +		if (authenticated && authctxt->pw->pw_uid == ROOTUID &&
- 		    !auth_root_allowed(get_authname(type)))
+ 		    !auth_root_allowed(meth->name)) {
  			authenticated = 0;
- #endif
-@@ -318,8 +318,8 @@ do_authentication(Authctxt *authctxt)
+ # ifdef SSH_AUDIT_EVENTS
+@@ -405,8 +405,8 @@
  	 * If we are not running as root, the user must have the same uid as
- 	 * the server. (Unless you are running Windows)
+ 	 * the server.
  	 */
 -#ifndef HAVE_CYGWIN
 -	if (!use_privsep && getuid() != 0 && authctxt->pw &&
Index: patches/patch-am
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-am,v
retrieving revision 1.4
diff -b -u -r1.4 patch-am
--- patches/patch-am	7 Mar 2005 23:29:50 -0000	1.4
+++ patches/patch-am	17 Sep 2005 06:45:27 -0000
@@ -1,13 +1,13 @@
 $NetBSD: patch-am,v 1.4 2005/03/07 23:29:50 tv Exp $
 
---- auth2.c.orig	2004-08-12 08:40:25.000000000 -0400
+--- auth2.c.orig	2005-07-17 02:26:44.000000000 -0500
 +++ auth2.c
-@@ -211,7 +211,7 @@ userauth_finish(Authctxt *authctxt, int 
+@@ -216,7 +216,7 @@
  		    authctxt->user);
  
  	/* Special handling for root */
 -	if (authenticated && authctxt->pw->pw_uid == 0 &&
 +	if (authenticated && authctxt->pw->pw_uid == ROOTUID &&
- 	    !auth_root_allowed(method))
+ 	    !auth_root_allowed(method)) {
  		authenticated = 0;
- 
+ #ifdef SSH_AUDIT_EVENTS
Index: patches/patch-an
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-an,v
retrieving revision 1.5
diff -b -u -r1.5 patch-an
--- patches/patch-an	7 Mar 2005 23:29:50 -0000	1.5
+++ patches/patch-an	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 $NetBSD: patch-an,v 1.5 2005/03/07 23:29:50 tv Exp $
 
---- scp.c.orig	2004-08-13 07:19:38.000000000 -0400
+--- scp.c.orig	2005-08-02 02:07:08.000000000 -0500
 +++ scp.c
-@@ -294,7 +294,11 @@ main(int argc, char **argv)
+@@ -298,7 +298,11 @@
  	argc -= optind;
  	argv += optind;
  
@@ -14,7 +14,7 @@
  		fatal("unknown user %u", (u_int) userid);
  
  	if (!isatty(STDERR_FILENO))
-@@ -637,8 +641,10 @@ rsource(char *name, struct stat *statp)
+@@ -643,8 +647,10 @@
  		return;
  	}
  	while ((dp = readdir(dirp)) != NULL) {
@@ -25,7 +25,7 @@
  		if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
  			continue;
  		if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) {
-@@ -1086,7 +1092,9 @@ okname(char *cp0)
+@@ -1093,7 +1099,9 @@
  			case '\'':
  			case '"':
  			case '`':
Index: patches/patch-ao
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ao,v
retrieving revision 1.6
diff -b -u -r1.6 patch-ao
--- patches/patch-ao	7 Mar 2005 23:29:50 -0000	1.6
+++ patches/patch-ao	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 $NetBSD: patch-ao,v 1.6 2005/03/07 23:29:50 tv Exp $
 
---- session.c.orig	2004-08-12 08:40:25.000000000 -0400
+--- session.c.orig	2005-08-31 11:59:49.000000000 -0500
 +++ session.c
-@@ -326,7 +326,7 @@ do_authenticated1(Authctxt *authctxt)
+@@ -331,7 +331,7 @@
  				break;
  			}
  			debug("Received TCP/IP port forwarding request.");
@@ -11,7 +11,7 @@
  			success = 1;
  			break;
  
-@@ -921,7 +921,7 @@ read_etc_default_login(char ***env, u_in
+@@ -930,7 +930,7 @@
  	if (tmpenv == NULL)
  		return;
  
@@ -20,7 +20,7 @@
  		var = child_get_env(tmpenv, "SUPATH");
  	else
  		var = child_get_env(tmpenv, "PATH");
-@@ -1020,7 +1020,7 @@ do_setup_env(Session *s, const char *she
+@@ -1036,7 +1036,7 @@
  #  endif /* HAVE_ETC_DEFAULT_LOGIN */
  		if (path == NULL || *path == '\0') {
  			child_set_env(&env, &envsize, "PATH",
@@ -29,7 +29,7 @@
  				SUPERUSER_PATH : _PATH_STDPATH);
  		}
  # endif /* HAVE_CYGWIN */
-@@ -1124,6 +1124,18 @@ do_setup_env(Session *s, const char *she
+@@ -1150,6 +1150,18 @@
  		    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
  		read_environment_file(&env, &envsize, buf);
  	}
@@ -48,7 +48,7 @@
  	if (debug_flag) {
  		/* dump the environment */
  		fprintf(stderr, "Environment:\n");
-@@ -1234,9 +1246,9 @@ do_nologin(struct passwd *pw)
+@@ -1260,9 +1272,9 @@
  void
  do_setusercontext(struct passwd *pw)
  {
@@ -60,7 +60,7 @@
  	{
  
  #ifdef HAVE_SETPCRED
-@@ -1271,11 +1283,13 @@ do_setusercontext(struct passwd *pw)
+@@ -1304,11 +1316,13 @@
  			perror("setgid");
  			exit(1);
  		}
@@ -72,9 +72,9 @@
  		}
 +# endif /* !HAVE_INTERIX */
  		endgrent();
- # ifdef USE_PAM
- 		/*
-@@ -1965,7 +1979,7 @@ session_pty_cleanup2(Session *s)
+ #ifdef GSSAPI
+ 		if (options.gss_authentication) {
+@@ -2052,7 +2066,7 @@
  		record_logout(s->pid, s->tty, s->pw->pw_name);
  
  	/* Release the pseudo-tty. */
Index: patches/patch-ap
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ap,v
retrieving revision 1.5
diff -b -u -r1.5 patch-ap
--- patches/patch-ap	7 Mar 2005 23:29:50 -0000	1.5
+++ patches/patch-ap	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 $NetBSD: patch-ap,v 1.5 2005/03/07 23:29:50 tv Exp $
 
---- ssh.c.orig	2004-08-15 03:23:34.000000000 -0400
+--- ssh.c.orig	2005-08-12 07:10:56.000000000 -0500
 +++ ssh.c
-@@ -593,7 +593,7 @@ again:
+@@ -636,7 +636,7 @@
  	/* Open a connection to the remote host. */
  	if (ssh_connect(host, &hostaddr, options.port,
  	    options.address_family, options.connection_attempts,
Index: patches/patch-aq
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-aq,v
retrieving revision 1.5
diff -b -u -r1.5 patch-aq
--- patches/patch-aq	7 Mar 2005 23:29:50 -0000	1.5
+++ patches/patch-aq	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 $NetBSD: patch-aq,v 1.5 2005/03/07 23:29:50 tv Exp $
 
---- sshpty.c.orig	2004-06-21 22:56:02.000000000 -0400
+--- sshpty.c.orig	2005-05-27 06:13:41.000000000 -0500
 +++ sshpty.c
-@@ -62,7 +62,7 @@ pty_allocate(int *ptyfd, int *ttyfd, cha
+@@ -62,7 +62,7 @@
  void
  pty_release(const char *tty)
  {
@@ -11,7 +11,7 @@
  		error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno));
  	if (chmod(tty, (mode_t) 0666) < 0)
  		error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno));
-@@ -203,7 +203,7 @@ pty_setowner(struct passwd *pw, const ch
+@@ -203,7 +203,7 @@
  	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
  		if (chown(tty, pw->pw_uid, gid) < 0) {
  			if (errno == EROFS &&
Index: patches/patch-ar
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ar,v
retrieving revision 1.4
diff -b -u -r1.4 patch-ar
--- patches/patch-ar	7 Mar 2005 23:29:50 -0000	1.4
+++ patches/patch-ar	17 Sep 2005 06:45:27 -0000
@@ -1,23 +1,24 @@
 $NetBSD: patch-ar,v 1.4 2005/03/07 23:29:50 tv Exp $
 
---- uidswap.c.orig	2004-02-23 21:17:30.000000000 -0500
+--- uidswap.c.orig	2005-02-22 00:57:13.000000000 -0600
 +++ uidswap.c
-@@ -56,12 +56,12 @@ temporarily_use_uid(struct passwd *pw)
- 	debug("temporarily_use_uid: %u/%u (e=%u/%u)",
+@@ -57,13 +57,13 @@
  	    (u_int)pw->pw_uid, (u_int)pw->pw_gid,
  	    (u_int)saved_euid, (u_int)saved_egid);
+ #ifndef HAVE_CYGWIN
 -	if (saved_euid != 0) {
 +	if (saved_euid != ROOTUID) {
  		privileged = 0;
  		return;
  	}
+ #endif
  #else
 -	if (geteuid() != 0) {
 +	if (geteuid() != ROOTUID) {
  		privileged = 0;
  		return;
  	}
-@@ -85,9 +85,11 @@ temporarily_use_uid(struct passwd *pw)
+@@ -87,9 +87,11 @@
  
  	/* set and save the user's groups */
  	if (user_groupslen == -1) {
@@ -29,7 +30,7 @@
  
  		user_groupslen = getgroups(0, NULL);
  		if (user_groupslen < 0)
-@@ -172,6 +174,10 @@ permanently_set_uid(struct passwd *pw)
+@@ -174,6 +176,10 @@
  	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
  	    (u_int)pw->pw_gid);
  
@@ -40,7 +41,7 @@
  #if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
  	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
  		fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-@@ -218,6 +224,7 @@ permanently_set_uid(struct passwd *pw)
+@@ -222,6 +228,7 @@
  	    (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
  		fatal("%s: was able to restore old [e]uid", __func__);
  #endif
Index: patches/patch-as
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-as,v
retrieving revision 1.3
diff -b -u -r1.3 patch-as
--- patches/patch-as	7 Mar 2005 23:29:50 -0000	1.3
+++ patches/patch-as	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 $NetBSD: patch-as,v 1.3 2005/03/07 23:29:50 tv Exp $
 
---- log.h.orig	2004-06-21 22:57:44.000000000 -0400
+--- log.h.orig	2004-06-21 21:57:44.000000000 -0500
 +++ log.h
-@@ -53,7 +53,7 @@ void     log_init(char *, LogLevel, Sysl
+@@ -53,7 +53,7 @@
  SyslogFacility	log_facility_number(char *);
  LogLevel log_level_number(char *);
  
@@ -11,7 +11,7 @@
  void     error(const char *, ...) __attribute__((format(printf, 1, 2)));
  void     logit(const char *, ...) __attribute__((format(printf, 1, 2)));
  void     verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
-@@ -62,5 +62,5 @@ void     debug2(const char *, ...) __att
+@@ -62,5 +62,5 @@
  void     debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
  
  void	 do_log(LogLevel, const char *, va_list);
Index: patches/patch-at
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-at,v
retrieving revision 1.1
diff -b -u -r1.1 patch-at
--- patches/patch-at	7 Mar 2005 23:29:50 -0000	1.1
+++ patches/patch-at	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 $NetBSD: patch-at,v 1.1 2005/03/07 23:29:50 tv Exp $
 
---- servconf.c.orig	2004-08-13 07:30:24.000000000 -0400
+--- servconf.c.orig	2005-08-12 07:11:37.000000000 -0500
 +++ servconf.c
-@@ -233,7 +233,11 @@ fill_default_server_options(ServerOption
+@@ -232,7 +232,11 @@
  
  	/* Turn privilege separation on by default */
  	if (use_privsep == -1)
Index: patches/patch-au
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-au,v
retrieving revision 1.1
diff -b -u -r1.1 patch-au
--- patches/patch-au	7 Mar 2005 23:29:50 -0000	1.1
+++ patches/patch-au	17 Sep 2005 06:45:27 -0000
@@ -1,22 +1,24 @@
 $NetBSD: patch-au,v 1.1 2005/03/07 23:29:50 tv Exp $
 
---- openbsd-compat/bsd-openpty.c.orig	2004-02-17 00:49:55.000000000 -0500
+--- openbsd-compat/bsd-openpty.c.orig	2005-02-25 17:04:29.000000000 -0600
 +++ openbsd-compat/bsd-openpty.c
-@@ -102,7 +102,7 @@ openpty(int *amaster, int *aslave, char 
+@@ -102,15 +102,17 @@
  		return (-1);
  	}
  
--#ifndef HAVE_CYGWIN
-+#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
++#if !defined(HAVE_INTERIX)
  	/*
  	 * Try to push the appropriate streams modules, as described 
  	 * in Solaris pts(7).
-@@ -112,7 +112,7 @@ openpty(int *amaster, int *aslave, char 
- # ifndef __hpux
+ 	 */
+ 	ioctl(*aslave, I_PUSH, "ptem");
+ 	ioctl(*aslave, I_PUSH, "ldterm");
+-# ifndef __hpux
++  # ifndef __hpux
  	ioctl(*aslave, I_PUSH, "ttcompat");
- # endif /* __hpux */
--#endif /* HAVE_CYGWIN */
-+#endif /* !HAVE_CYGWIN && !HAVE_INTERIX */
+-# endif /* __hpux */
++  # endif /* __hpux */
++#endif /* !HAVE_INTERIX */
  
  	return (0);
  
Index: patches/patch-av
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-av,v
retrieving revision 1.1
diff -b -u -r1.1 patch-av
--- patches/patch-av	7 Mar 2005 23:29:50 -0000	1.1
+++ patches/patch-av	17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
 $NetBSD: patch-av,v 1.1 2005/03/07 23:29:50 tv Exp $
 
---- sshd.c.orig	2004-08-12 09:08:15.000000000 -0400
+--- sshd.c.orig	2005-07-26 06:54:56.000000000 -0500
 +++ sshd.c
-@@ -579,10 +579,15 @@ privsep_preauth_child(void)
+@@ -574,10 +574,15 @@
  	/* XXX not ready, too heavy after chroot */
  	do_setusercontext(pw);
  #else
@@ -18,7 +18,7 @@
  #endif
  }
  
-@@ -622,7 +627,7 @@ privsep_preauth(Authctxt *authctxt)
+@@ -617,7 +622,7 @@
  		close(pmonitor->m_sendfd);
  
  		/* Demote the child */
@@ -27,7 +27,7 @@
  			privsep_preauth_child();
  		setproctitle("%s", "[net]");
  	}
-@@ -635,7 +640,7 @@ privsep_postauth(Authctxt *authctxt)
+@@ -630,7 +635,7 @@
  #ifdef DISABLE_FD_PASSING
  	if (1) {
  #else
@@ -36,7 +36,7 @@
  #endif
  		/* File descriptor passing is broken or root login */
  		monitor_apply_keystate(pmonitor);
-@@ -911,7 +916,7 @@ main(int ac, char **av)
+@@ -911,7 +916,7 @@
  	av = saved_argv;
  #endif
  
@@ -45,7 +45,7 @@
  		debug("setgroups(): %.200s", strerror(errno));
  
  	/* Initialize configuration options to their default values. */
-@@ -1166,7 +1171,7 @@ main(int ac, char **av)
+@@ -1168,7 +1173,7 @@
  		    (st.st_uid != getuid () ||
  		    (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
  #else