Subject: pkg/31331: Update for security/openssh => v4.2p1
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <jdwhite@jdwhite.org>
List: pkgsrc-bugs
Date: 09/17/2005 06:56:00
>Number: 31331
>Category: pkg
>Synopsis: Updates package to latest, 4.2p1
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sat Sep 17 06:56:00 +0000 2005
>Originator: Jason White
>Release: NetBSD 2.0
>Organization:
Jason White (jdwhite@jdwhite.org) http://www.jdwhite.org/~jdwhite
Jabber:jdwhite(jabber.org) IRC:irc.netbsd.org/jdwhite
PGP KeyID: 0x5290E477/A8A2 3FDB AB33 98EB ED74 EDAA F538 9A30 5290 E477
>Environment:
System: NetBSD bender.jdwhite.org 2.0 NetBSD 2.0 (BENDER) #8: Mon Nov 29 20:52:24 CST 2004 gendalia@satai:/usr/obj/i386/BENDER i386
Architecture: i386
Machine: i386
>Description:
Pkgsrc version is a bit out of date.
>How-To-Repeat:
>Fix:
Patches follow. A tarball of my homegrown "openssh42" package can be found
at http://jdwhite.public.iastate.edu/openssh42.tgz. Test compiled with
kerberos and hpn-patch options. "patch-ai" no longer needed. Have NOT test
compiled on Interix.
Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/Makefile,v
retrieving revision 1.156
diff -b -u -r1.156 Makefile
--- Makefile 23 Aug 2005 11:48:51 -0000 1.156
+++ Makefile 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
# $NetBSD: Makefile,v 1.156 2005/08/23 11:48:51 rillig Exp $
-DISTNAME= openssh-3.9p1
-PKGNAME= openssh-3.9.1
-PKGREVISION= 8
+DISTNAME= openssh-4.2p1
+PKGNAME= openssh-4.2.1
+PKGREVISION=
SVR4_PKGNAME= ossh
CATEGORIES= security
MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/distinfo,v
retrieving revision 1.40
diff -b -u -r1.40 distinfo
--- distinfo 25 May 2005 23:17:11 -0000 1.40
+++ distinfo 17 Sep 2005 06:45:27 -0000
@@ -1,29 +1,29 @@
$NetBSD: distinfo,v 1.40 2005/05/25 23:17:11 reed Exp $
-SHA1 (openssh-3.9p1.tar.gz) = 80b19d83a9d4717f5c38b2d950501e1471f60afc
-RMD160 (openssh-3.9p1.tar.gz) = e4abf280a18e3ae046d0dee19dab919bba8e5568
-Size (openssh-3.9p1.tar.gz) = 854027 bytes
-SHA1 (openssh-3.9p1-hpn.diff) = 1821c590b9b5effa3750ebf0166fe3f22d00faad
-Size (openssh-3.9p1-hpn.diff) = 8387 bytes
-SHA1 (patch-aa) = 6bceb5b0480727c6c4e0cf662fa85cffebf91bdb
-SHA1 (patch-ab) = f43a6b627a4f2b8ecd74b016ce29b5f8091d877e
-SHA1 (patch-ac) = d851513c2a115358671bf9efafab1e3ee9166088
-SHA1 (patch-ad) = 2fe2ea9a661a456351012f88d26e4812d096cf23
-SHA1 (patch-ae) = d7bcee7a84457c96951c3da82aa689fa818a07b6
-SHA1 (patch-af) = ec6b439a3a4a0d2e5b13685c4d94deb26bbece45
-SHA1 (patch-ag) = dbdbefa00b2ec7e6ee3cf4441d1fc817ecefc742
-SHA1 (patch-ah) = 85a8f0fa5ddf13f8342faaff6bf81fcd3ad6648a
-SHA1 (patch-ai) = ccc43f0523bf2b0e28d7e169eda59b1ff1a2215b
-SHA1 (patch-aj) = 44f2b11949a4dea6a8760b8397db5360b64bf01f
-SHA1 (patch-ak) = 6140fe665aa84ab8127e0d9ede44945f196392e4
-SHA1 (patch-al) = 3168440d9e584a504b21802edb4dbeb58e87e8d2
-SHA1 (patch-am) = 50e46970b8eff07b931a34313d863e13af838440
-SHA1 (patch-an) = 1ffc3704bf925f87fb787c93f6f10d1b0c06bdd0
-SHA1 (patch-ao) = 0677e5f8a1a9a2f6b600789ff3fea627af472bc0
-SHA1 (patch-ap) = b006a1b49f19ab322fc179a1f2e4238807a64b87
-SHA1 (patch-aq) = 3786a41a974d6583f379350068a762a725b8334d
-SHA1 (patch-ar) = 90f2534c0fb01f7909ee88c7849092a9e7882a7d
-SHA1 (patch-as) = ecb23bc4c07d8ac7599b6f6576ad39bb4dcedbab
-SHA1 (patch-at) = c6b85eb24279f18a430b86aeda3f8d2fa1c8d018
-SHA1 (patch-au) = 2a8926edfb65a8ecf7786411cee3d1723247764b
-SHA1 (patch-av) = ef8fca98fad60cad4ba4197e8579544f37a4fcee
+SHA1 (openssh-4.2p1.tar.gz) = 5e7231cfa8ec673ea856ce291b78fac8b380eb78
+RMD160 (openssh-4.2p1.tar.gz) = e1f45333e66d0afceb9934ab73401b4ca06f03a6
+Size (openssh-4.2p1.tar.gz) = 914165 bytes
+SHA1 (openssh-4.2p1-hpn11.diff) = 7a8af1ce909bfee6ac9d498834a503fdae928b88
+RMD160 (openssh-4.2p1-hpn11.diff) = c3cd4cbb53094fb1f248a780c3e5a05af2585f88
+Size (openssh-4.2p1-hpn11.diff) = 14765 bytes
+SHA1 (patch-aa) = 64f386102156ce883caa90dd8890a957f18ebff1
+SHA1 (patch-ab) = 9a42cc9bd5e5425cc8251fed081edfcc910ec037
+SHA1 (patch-ac) = 3f693738d3e02aa6abd0687fbd22465db65abfc0
+SHA1 (patch-ad) = 23f73b7ce008c6ccd431d3d80692e59fcf33aa14
+SHA1 (patch-ae) = 21b58d72f4dbf9affed65857518c26ab9277a0f8
+SHA1 (patch-af) = e6a4c6dcf2f556c6175f1a3b0a010e4dcf34e239
+SHA1 (patch-ag) = e60b35b5d6f7db2bd30ef24f503463145689f1ea
+SHA1 (patch-ah) = 758d7b831b549c18cc38d847d697588ad15648ee
+SHA1 (patch-aj) = 7ea36ff35e681cb3a32f2de1d38936bde25f7e0c
+SHA1 (patch-ak) = 99f789676e606d4a51effc2abc02a50776f4e781
+SHA1 (patch-al) = 2843c7c6e8b3d93a03b2d66d71c894a9e302f987
+SHA1 (patch-am) = c99132cf25317053dcd6fb50ac19d35b12b0b46b
+SHA1 (patch-an) = f32b94365452f8446f0c8872fa244cf1da387570
+SHA1 (patch-ao) = c08515b05456bb2840c2d5ce28622d2f47f12057
+SHA1 (patch-ap) = c9101ae26b01a6b0cb9c9f5b7ddea77f3cf0c4b3
+SHA1 (patch-aq) = 5e1177b1cc25e821df42bc8329e24188d9d8c75c
+SHA1 (patch-ar) = 66812bf062e8318fcae1535b086fce0068d46a63
+SHA1 (patch-as) = 7162e88ed06ff2528ef17e8097f87bdaf92ad855
+SHA1 (patch-at) = 2468567cc0e91ea375f43c9ebae57644f50a5f27
+SHA1 (patch-au) = 052b0b6d8869ad09144e4fc9e1b3c5e03c669c44
+SHA1 (patch-av) = 5efc471716cecfaa7317c05771ee6d6293ecd1e3
Index: options.mk
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/options.mk,v
retrieving revision 1.5
diff -b -u -r1.5 options.mk
--- options.mk 28 Jul 2005 17:54:57 -0000 1.5
+++ options.mk 17 Sep 2005 06:45:27 -0000
@@ -17,7 +17,7 @@
.endif
.if !empty(PKG_OPTIONS:Mhpn-patch)
-PATCHFILES= openssh-3.9p1-hpn.diff
+PATCHFILES= openssh-4.2p1-hpn11.diff
PATCH_SITES= http://www.psc.edu/networking/projects/hpn-ssh/
PATCH_DIST_STRIP= -p1
.endif
Index: patches/patch-aa
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-aa,v
retrieving revision 1.37
diff -b -u -r1.37 patch-aa
--- patches/patch-aa 7 Mar 2005 23:29:49 -0000 1.37
+++ patches/patch-aa 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
$NetBSD: patch-aa,v 1.37 2005/03/07 23:29:49 tv Exp $
---- configure.orig 2004-08-17 08:54:53.000000000 -0400
+--- configure.orig 2005-09-01 04:15:24.000000000 -0500
+++ configure
-@@ -6101,8 +6101,46 @@ _ACEOF
+@@ -6552,8 +6552,46 @@
_ACEOF
;;
@@ -49,7 +49,7 @@
# Allow user to specify flags
# Check whether --with-cflags or --without-cflags was given.
-@@ -23790,12 +23828,19 @@ fi
+@@ -25360,12 +25398,19 @@
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
if test -z "$conf_utmpx_location"; then
if test x"$system_utmpx_path" = x"no" ; then
@@ -72,7 +72,7 @@
cat >>confdefs.h <<_ACEOF
#define CONF_UTMPX_FILE "$conf_utmpx_location"
_ACEOF
-@@ -23864,12 +23909,20 @@ fi
+@@ -25434,12 +25479,20 @@
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
if test -z "$conf_wtmpx_location"; then
if test x"$system_wtmpx_path" = x"no" ; then
@@ -95,7 +95,7 @@
cat >>confdefs.h <<_ACEOF
#define CONF_WTMPX_FILE "$conf_wtmpx_location"
_ACEOF
-@@ -25091,7 +25144,7 @@ echo "OpenSSH has been configured with t
+@@ -26665,7 +26718,7 @@
echo " User binaries: $B"
echo " System binaries: $C"
echo " Configuration files: $D"
Index: patches/patch-ab
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ab,v
retrieving revision 1.20
diff -b -u -r1.20 patch-ab
--- patches/patch-ab 7 Mar 2005 23:29:49 -0000 1.20
+++ patches/patch-ab 17 Sep 2005 06:45:27 -0000
@@ -1,12 +1,13 @@
$NetBSD: patch-ab,v 1.20 2005/03/07 23:29:49 tv Exp $
---- configure.ac.orig 2004-08-16 09:12:06.000000000 -0400
+--- configure.ac.orig 2005-08-31 11:59:49.000000000 -0500
+++ configure.ac
-@@ -469,8 +469,22 @@ mips-sony-bsd|mips-sony-newsos4)
+@@ -570,8 +570,24 @@
AC_DEFINE(MISSING_HOWMANY)
- AC_DEFINE(MISSING_FD_MASK)
+ AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
;;
+
++
+*-*-interix3*)
+ AC_DEFINE(HAVE_INTERIX)
+ AC_DEFINE(DISABLE_FD_PASSING)
@@ -17,6 +18,7 @@
+ AC_DEFINE(SETGROUPS_NOOP)
+ AC_DEFINE(USE_PIPES)
+ ;;
++
esac
+# pkgsrc handles any rpath settings this package needs
@@ -25,7 +27,7 @@
# Allow user to specify flags
AC_ARG_WITH(cflags,
[ --with-cflags Specify additional flags to pass to compiler],
-@@ -2885,9 +2899,17 @@ AC_TRY_COMPILE([
+@@ -3358,9 +3374,17 @@
)
if test -z "$conf_utmpx_location"; then
if test x"$system_utmpx_path" = x"no" ; then
@@ -45,7 +47,7 @@
AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
fi
-@@ -2910,9 +2932,17 @@ AC_TRY_COMPILE([
+@@ -3383,9 +3407,17 @@
)
if test -z "$conf_wtmpx_location"; then
if test x"$system_wtmpx_path" = x"no" ; then
@@ -65,7 +67,7 @@
AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
fi
-@@ -2953,7 +2983,7 @@ echo "OpenSSH has been configured with t
+@@ -3431,7 +3463,7 @@
echo " User binaries: $B"
echo " System binaries: $C"
echo " Configuration files: $D"
Index: patches/patch-ac
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ac,v
retrieving revision 1.12
diff -b -u -r1.12 patch-ac
--- patches/patch-ac 7 Mar 2005 23:29:49 -0000 1.12
+++ patches/patch-ac 17 Sep 2005 06:45:27 -0000
@@ -1,6 +1,6 @@
$NetBSD: patch-ac,v 1.12 2005/03/07 23:29:49 tv Exp $
---- defines.h.orig 2004-06-21 23:27:16.000000000 -0400
+--- defines.h.orig 2005-08-31 11:59:49.000000000 -0500
+++ defines.h
@@ -30,6 +30,15 @@
@@ -18,7 +18,7 @@
#ifndef SHUT_RDWR
enum
{
-@@ -424,8 +433,8 @@ struct winsize {
+@@ -442,8 +451,8 @@
# define __attribute__(x)
#endif /* !defined(__GNUC__) || (__GNUC__ < 2) */
@@ -28,8 +28,8 @@
+# define __noreturn __attribute__((noreturn))
#endif
- /* *-*-nto-qnx doesn't define this macro in the system headers */
-@@ -591,6 +600,24 @@ struct winsize {
+ #if !defined(HAVE_ATTRIBUTE__SENTINEL__) && !defined(__sentinel__)
+@@ -635,6 +644,24 @@
# endif
# endif
#endif
Index: patches/patch-ad
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ad,v
retrieving revision 1.10
diff -b -u -r1.10 patch-ad
--- patches/patch-ad 25 May 2005 23:17:11 -0000 1.10
+++ patches/patch-ad 17 Sep 2005 06:45:27 -0000
@@ -1,19 +1,19 @@
$NetBSD: patch-ad,v 1.10 2005/05/25 23:17:11 reed Exp $
---- loginrec.c.orig 2004-08-15 05:12:52.000000000 -0400
+--- loginrec.c.orig 2005-07-17 02:26:44.000000000 -0500
+++ loginrec.c
-@@ -406,8 +406,8 @@ login_set_addr(struct logininfo *li, con
+@@ -414,8 +414,8 @@
int
- login_write (struct logininfo *li)
+ login_write(struct logininfo *li)
{
-#ifndef HAVE_CYGWIN
-- if ((int)geteuid() != 0) {
+- if (geteuid() != 0) {
+#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
-+ if ((int)geteuid() != ROOTUID) {
++ if (geteuid() != ROOTUID) {
logit("Attempt to write login records by non-root user (aborting)");
- return 1;
+ return (1);
}
-@@ -415,7 +415,7 @@ login_write (struct logininfo *li)
+@@ -423,7 +423,7 @@
/* set the timestamp */
login_set_current_time(li);
@@ -22,7 +22,7 @@
syslogin_write_entry(li);
#endif
#ifdef USE_LASTLOG
-@@ -589,7 +589,7 @@ line_abbrevname(char *dst, const char *s
+@@ -603,7 +603,7 @@
** into account.
**/
@@ -31,25 +31,27 @@
/* build the utmp structure */
void
-@@ -725,8 +725,6 @@ construct_utmpx(struct logininfo *li, st
- line_stripname(utx->ut_line, li->line, sizeof(utx->ut_line));
+@@ -740,10 +740,6 @@
set_utmpx_time(li, utx);
utx->ut_pid = li->pid;
-- /* strncpy(): Don't necessarily want null termination */
-- strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name, li->username));
+- /* strncpy(): Don't necessarily want null termination */
+- strncpy(utx->ut_name, li->username,
+- MIN_SIZEOF(utx->ut_name, li->username));
+-
if (li->type == LTYPE_LOGOUT)
return;
-@@ -736,6 +734,8 @@ construct_utmpx(struct logininfo *li, st
+
+@@ -752,6 +748,8 @@
* for logouts.
*/
+ /* strncpy(): Don't necessarily want null termination */
+ strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name, li->username));
# ifdef HAVE_HOST_IN_UTMPX
- strncpy(utx->ut_host, li->hostname, MIN_SIZEOF(utx->ut_host, li->hostname));
- # endif
-@@ -1357,7 +1357,7 @@ wtmpx_get_entry(struct logininfo *li)
+ strncpy(utx->ut_host, li->hostname,
+ MIN_SIZEOF(utx->ut_host, li->hostname));
+@@ -1381,7 +1379,7 @@
** Low-level libutil login() functions
**/
Index: patches/patch-ae
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ae,v
retrieving revision 1.9
diff -b -u -r1.9 patch-ae
--- patches/patch-ae 7 Mar 2005 23:29:49 -0000 1.9
+++ patches/patch-ae 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
$NetBSD: patch-ae,v 1.9 2005/03/07 23:29:49 tv Exp $
---- includes.h.orig 2004-08-14 10:01:48.000000000 -0400
+--- includes.h.orig 2005-08-26 15:15:20.000000000 -0500
+++ includes.h
-@@ -163,6 +163,10 @@ static /**/const char *const rcsid[] = {
+@@ -164,6 +164,10 @@
#ifdef HAVE_READPASSPHRASE_H
# include <readpassphrase.h>
#endif
Index: patches/patch-af
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-af,v
retrieving revision 1.7
diff -b -u -r1.7 patch-af
--- patches/patch-af 7 Mar 2005 23:29:50 -0000 1.7
+++ patches/patch-af 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
$NetBSD: patch-af,v 1.7 2005/03/07 23:29:50 tv Exp $
---- auth-passwd.c.orig 2004-06-21 23:37:11.000000000 -0400
+--- auth-passwd.c.orig 2005-07-26 06:54:12.000000000 -0500
+++ auth-passwd.c
-@@ -69,7 +69,7 @@ auth_password(Authctxt *authctxt, const
+@@ -78,7 +78,7 @@
#endif
#ifndef HAVE_CYGWIN
@@ -11,16 +11,16 @@
ok = 0;
#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
-@@ -106,8 +106,11 @@ auth_password(Authctxt *authctxt, const
- }
+@@ -113,7 +113,12 @@
+ authctxt->force_pwchange = 1;
}
#endif
--
++
+#ifdef HAVE_INTERIX
-+ return (!setuser(pw->pw_name, password, SU_CHECK) && ok);
++ result = (!setuser(pw->pw_name, password, SU_CHECK);
+#else
- return (sys_auth_passwd(authctxt, password) && ok);
+ result = sys_auth_passwd(authctxt, password);
+#endif
- }
-
- #ifdef BSD_AUTH
+ if (authctxt->force_pwchange)
+ disable_forwarding();
+ return (result && ok);
Index: patches/patch-ag
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ag,v
retrieving revision 1.6
diff -b -u -r1.6 patch-ag
--- patches/patch-ag 7 Mar 2005 23:29:50 -0000 1.6
+++ patches/patch-ag 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
$NetBSD: patch-ag,v 1.6 2005/03/07 23:29:50 tv Exp $
---- config.h.in.orig 2004-08-17 08:54:51.000000000 -0400
+--- config.h.in.orig 2005-09-01 04:15:22.000000000 -0500
+++ config.h.in
-@@ -116,6 +116,9 @@
+@@ -113,6 +113,9 @@
/* Define if you are on Cygwin */
#undef HAVE_CYGWIN
Index: patches/patch-ah
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ah,v
retrieving revision 1.21
diff -b -u -r1.21 patch-ah
--- patches/patch-ah 31 Aug 2004 11:27:12 -0000 1.21
+++ patches/patch-ah 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
$NetBSD: patch-ah,v 1.21 2004/08/31 11:27:12 wiz Exp $
---- Makefile.in.orig 2004-08-15 13:01:37.000000000 +0200
+--- Makefile.in.orig 2005-05-29 02:22:29.000000000 -0500
+++ Makefile.in
-@@ -21,7 +21,7 @@ top_srcdir=@top_srcdir@
+@@ -21,7 +21,7 @@
DESTDIR=
VPATH=@srcdir@
SSH_PROGRAM=@bindir@/ssh
@@ -11,7 +11,7 @@
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
RAND_HELPER=$(libexecdir)/ssh-rand-helper
-@@ -237,7 +237,7 @@ check-config:
+@@ -240,7 +240,7 @@
scard-install:
(cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
Index: patches/patch-aj
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-aj,v
retrieving revision 1.6
diff -b -u -r1.6 patch-aj
--- patches/patch-aj 7 Mar 2005 23:29:50 -0000 1.6
+++ patches/patch-aj 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
$NetBSD: patch-aj,v 1.6 2005/03/07 23:29:50 tv Exp $
---- auth-rhosts.c.orig 2003-11-17 05:13:41.000000000 -0500
+--- auth-rhosts.c.orig 2005-07-17 02:22:45.000000000 -0500
+++ auth-rhosts.c
-@@ -198,7 +198,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
+@@ -198,7 +198,7 @@
return 0;
/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
@@ -11,7 +11,7 @@
if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
client_user, pw->pw_name)) {
auth_debug_add("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
-@@ -224,7 +224,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
+@@ -224,7 +224,7 @@
return 0;
}
if (options.strict_modes &&
@@ -20,7 +20,7 @@
(st.st_mode & 022) != 0)) {
logit("Rhosts authentication refused for %.100s: "
"bad ownership or modes for home directory.", pw->pw_name);
-@@ -251,7 +251,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
+@@ -251,7 +251,7 @@
* allowing access to their account by anyone.
*/
if (options.strict_modes &&
Index: patches/patch-ak
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ak,v
retrieving revision 1.6
diff -b -u -r1.6 patch-ak
--- patches/patch-ak 7 Mar 2005 23:29:50 -0000 1.6
+++ patches/patch-ak 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
$NetBSD: patch-ak,v 1.6 2005/03/07 23:29:50 tv Exp $
---- auth.c.orig 2004-08-12 08:40:25.000000000 -0400
+--- auth.c.orig 2005-08-31 11:59:49.000000000 -0500
+++ auth.c
-@@ -356,7 +356,7 @@ check_key_in_hostfiles(struct passwd *pw
+@@ -388,7 +388,7 @@
user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
if (options.strict_modes &&
(stat(user_hostfile, &st) == 0) &&
@@ -11,7 +11,7 @@
(st.st_mode & 022) != 0)) {
logit("Authentication refused for %.100s: "
"bad owner or modes for %.200s",
-@@ -409,7 +409,7 @@ secure_filename(FILE *f, const char *fil
+@@ -441,7 +441,7 @@
/* check the open file to avoid races */
if (fstat(fileno(f), &st) < 0 ||
@@ -20,7 +20,7 @@
(st.st_mode & 022) != 0) {
snprintf(err, errlen, "bad ownership or modes for file %s",
buf);
-@@ -426,7 +426,7 @@ secure_filename(FILE *f, const char *fil
+@@ -458,7 +458,7 @@
debug3("secure_filename: checking '%s'", buf);
if (stat(buf, &st) < 0 ||
Index: patches/patch-al
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-al,v
retrieving revision 1.5
diff -b -u -r1.5 patch-al
--- patches/patch-al 7 Mar 2005 23:29:50 -0000 1.5
+++ patches/patch-al 17 Sep 2005 06:45:27 -0000
@@ -1,19 +1,19 @@
$NetBSD: patch-al,v 1.5 2005/03/07 23:29:50 tv Exp $
---- auth1.c.orig 2004-08-12 08:40:25.000000000 -0400
+--- auth1.c.orig 2005-07-17 02:26:44.000000000 -0500
+++ auth1.c
-@@ -244,7 +244,7 @@ do_authloop(Authctxt *authctxt)
+@@ -307,7 +307,7 @@
}
#else
/* Special handling for root */
- if (authenticated && authctxt->pw->pw_uid == 0 &&
+ if (authenticated && authctxt->pw->pw_uid == ROOTUID &&
- !auth_root_allowed(get_authname(type)))
+ !auth_root_allowed(meth->name)) {
authenticated = 0;
- #endif
-@@ -318,8 +318,8 @@ do_authentication(Authctxt *authctxt)
+ # ifdef SSH_AUDIT_EVENTS
+@@ -405,8 +405,8 @@
* If we are not running as root, the user must have the same uid as
- * the server. (Unless you are running Windows)
+ * the server.
*/
-#ifndef HAVE_CYGWIN
- if (!use_privsep && getuid() != 0 && authctxt->pw &&
Index: patches/patch-am
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-am,v
retrieving revision 1.4
diff -b -u -r1.4 patch-am
--- patches/patch-am 7 Mar 2005 23:29:50 -0000 1.4
+++ patches/patch-am 17 Sep 2005 06:45:27 -0000
@@ -1,13 +1,13 @@
$NetBSD: patch-am,v 1.4 2005/03/07 23:29:50 tv Exp $
---- auth2.c.orig 2004-08-12 08:40:25.000000000 -0400
+--- auth2.c.orig 2005-07-17 02:26:44.000000000 -0500
+++ auth2.c
-@@ -211,7 +211,7 @@ userauth_finish(Authctxt *authctxt, int
+@@ -216,7 +216,7 @@
authctxt->user);
/* Special handling for root */
- if (authenticated && authctxt->pw->pw_uid == 0 &&
+ if (authenticated && authctxt->pw->pw_uid == ROOTUID &&
- !auth_root_allowed(method))
+ !auth_root_allowed(method)) {
authenticated = 0;
-
+ #ifdef SSH_AUDIT_EVENTS
Index: patches/patch-an
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-an,v
retrieving revision 1.5
diff -b -u -r1.5 patch-an
--- patches/patch-an 7 Mar 2005 23:29:50 -0000 1.5
+++ patches/patch-an 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
$NetBSD: patch-an,v 1.5 2005/03/07 23:29:50 tv Exp $
---- scp.c.orig 2004-08-13 07:19:38.000000000 -0400
+--- scp.c.orig 2005-08-02 02:07:08.000000000 -0500
+++ scp.c
-@@ -294,7 +294,11 @@ main(int argc, char **argv)
+@@ -298,7 +298,11 @@
argc -= optind;
argv += optind;
@@ -14,7 +14,7 @@
fatal("unknown user %u", (u_int) userid);
if (!isatty(STDERR_FILENO))
-@@ -637,8 +641,10 @@ rsource(char *name, struct stat *statp)
+@@ -643,8 +647,10 @@
return;
}
while ((dp = readdir(dirp)) != NULL) {
@@ -25,7 +25,7 @@
if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
continue;
if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) {
-@@ -1086,7 +1092,9 @@ okname(char *cp0)
+@@ -1093,7 +1099,9 @@
case '\'':
case '"':
case '`':
Index: patches/patch-ao
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ao,v
retrieving revision 1.6
diff -b -u -r1.6 patch-ao
--- patches/patch-ao 7 Mar 2005 23:29:50 -0000 1.6
+++ patches/patch-ao 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
$NetBSD: patch-ao,v 1.6 2005/03/07 23:29:50 tv Exp $
---- session.c.orig 2004-08-12 08:40:25.000000000 -0400
+--- session.c.orig 2005-08-31 11:59:49.000000000 -0500
+++ session.c
-@@ -326,7 +326,7 @@ do_authenticated1(Authctxt *authctxt)
+@@ -331,7 +331,7 @@
break;
}
debug("Received TCP/IP port forwarding request.");
@@ -11,7 +11,7 @@
success = 1;
break;
-@@ -921,7 +921,7 @@ read_etc_default_login(char ***env, u_in
+@@ -930,7 +930,7 @@
if (tmpenv == NULL)
return;
@@ -20,7 +20,7 @@
var = child_get_env(tmpenv, "SUPATH");
else
var = child_get_env(tmpenv, "PATH");
-@@ -1020,7 +1020,7 @@ do_setup_env(Session *s, const char *she
+@@ -1036,7 +1036,7 @@
# endif /* HAVE_ETC_DEFAULT_LOGIN */
if (path == NULL || *path == '\0') {
child_set_env(&env, &envsize, "PATH",
@@ -29,7 +29,7 @@
SUPERUSER_PATH : _PATH_STDPATH);
}
# endif /* HAVE_CYGWIN */
-@@ -1124,6 +1124,18 @@ do_setup_env(Session *s, const char *she
+@@ -1150,6 +1150,18 @@
strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
read_environment_file(&env, &envsize, buf);
}
@@ -48,7 +48,7 @@
if (debug_flag) {
/* dump the environment */
fprintf(stderr, "Environment:\n");
-@@ -1234,9 +1246,9 @@ do_nologin(struct passwd *pw)
+@@ -1260,9 +1272,9 @@
void
do_setusercontext(struct passwd *pw)
{
@@ -60,7 +60,7 @@
{
#ifdef HAVE_SETPCRED
-@@ -1271,11 +1283,13 @@ do_setusercontext(struct passwd *pw)
+@@ -1304,11 +1316,13 @@
perror("setgid");
exit(1);
}
@@ -72,9 +72,9 @@
}
+# endif /* !HAVE_INTERIX */
endgrent();
- # ifdef USE_PAM
- /*
-@@ -1965,7 +1979,7 @@ session_pty_cleanup2(Session *s)
+ #ifdef GSSAPI
+ if (options.gss_authentication) {
+@@ -2052,7 +2066,7 @@
record_logout(s->pid, s->tty, s->pw->pw_name);
/* Release the pseudo-tty. */
Index: patches/patch-ap
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ap,v
retrieving revision 1.5
diff -b -u -r1.5 patch-ap
--- patches/patch-ap 7 Mar 2005 23:29:50 -0000 1.5
+++ patches/patch-ap 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
$NetBSD: patch-ap,v 1.5 2005/03/07 23:29:50 tv Exp $
---- ssh.c.orig 2004-08-15 03:23:34.000000000 -0400
+--- ssh.c.orig 2005-08-12 07:10:56.000000000 -0500
+++ ssh.c
-@@ -593,7 +593,7 @@ again:
+@@ -636,7 +636,7 @@
/* Open a connection to the remote host. */
if (ssh_connect(host, &hostaddr, options.port,
options.address_family, options.connection_attempts,
Index: patches/patch-aq
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-aq,v
retrieving revision 1.5
diff -b -u -r1.5 patch-aq
--- patches/patch-aq 7 Mar 2005 23:29:50 -0000 1.5
+++ patches/patch-aq 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
$NetBSD: patch-aq,v 1.5 2005/03/07 23:29:50 tv Exp $
---- sshpty.c.orig 2004-06-21 22:56:02.000000000 -0400
+--- sshpty.c.orig 2005-05-27 06:13:41.000000000 -0500
+++ sshpty.c
-@@ -62,7 +62,7 @@ pty_allocate(int *ptyfd, int *ttyfd, cha
+@@ -62,7 +62,7 @@
void
pty_release(const char *tty)
{
@@ -11,7 +11,7 @@
error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno));
if (chmod(tty, (mode_t) 0666) < 0)
error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno));
-@@ -203,7 +203,7 @@ pty_setowner(struct passwd *pw, const ch
+@@ -203,7 +203,7 @@
if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
if (chown(tty, pw->pw_uid, gid) < 0) {
if (errno == EROFS &&
Index: patches/patch-ar
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-ar,v
retrieving revision 1.4
diff -b -u -r1.4 patch-ar
--- patches/patch-ar 7 Mar 2005 23:29:50 -0000 1.4
+++ patches/patch-ar 17 Sep 2005 06:45:27 -0000
@@ -1,23 +1,24 @@
$NetBSD: patch-ar,v 1.4 2005/03/07 23:29:50 tv Exp $
---- uidswap.c.orig 2004-02-23 21:17:30.000000000 -0500
+--- uidswap.c.orig 2005-02-22 00:57:13.000000000 -0600
+++ uidswap.c
-@@ -56,12 +56,12 @@ temporarily_use_uid(struct passwd *pw)
- debug("temporarily_use_uid: %u/%u (e=%u/%u)",
+@@ -57,13 +57,13 @@
(u_int)pw->pw_uid, (u_int)pw->pw_gid,
(u_int)saved_euid, (u_int)saved_egid);
+ #ifndef HAVE_CYGWIN
- if (saved_euid != 0) {
+ if (saved_euid != ROOTUID) {
privileged = 0;
return;
}
+ #endif
#else
- if (geteuid() != 0) {
+ if (geteuid() != ROOTUID) {
privileged = 0;
return;
}
-@@ -85,9 +85,11 @@ temporarily_use_uid(struct passwd *pw)
+@@ -87,9 +87,11 @@
/* set and save the user's groups */
if (user_groupslen == -1) {
@@ -29,7 +30,7 @@
user_groupslen = getgroups(0, NULL);
if (user_groupslen < 0)
-@@ -172,6 +174,10 @@ permanently_set_uid(struct passwd *pw)
+@@ -174,6 +176,10 @@
debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
(u_int)pw->pw_gid);
@@ -40,7 +41,7 @@
#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-@@ -218,6 +224,7 @@ permanently_set_uid(struct passwd *pw)
+@@ -222,6 +228,7 @@
(setuid(old_uid) != -1 || seteuid(old_uid) != -1))
fatal("%s: was able to restore old [e]uid", __func__);
#endif
Index: patches/patch-as
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-as,v
retrieving revision 1.3
diff -b -u -r1.3 patch-as
--- patches/patch-as 7 Mar 2005 23:29:50 -0000 1.3
+++ patches/patch-as 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
$NetBSD: patch-as,v 1.3 2005/03/07 23:29:50 tv Exp $
---- log.h.orig 2004-06-21 22:57:44.000000000 -0400
+--- log.h.orig 2004-06-21 21:57:44.000000000 -0500
+++ log.h
-@@ -53,7 +53,7 @@ void log_init(char *, LogLevel, Sysl
+@@ -53,7 +53,7 @@
SyslogFacility log_facility_number(char *);
LogLevel log_level_number(char *);
@@ -11,7 +11,7 @@
void error(const char *, ...) __attribute__((format(printf, 1, 2)));
void logit(const char *, ...) __attribute__((format(printf, 1, 2)));
void verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
-@@ -62,5 +62,5 @@ void debug2(const char *, ...) __att
+@@ -62,5 +62,5 @@
void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
void do_log(LogLevel, const char *, va_list);
Index: patches/patch-at
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-at,v
retrieving revision 1.1
diff -b -u -r1.1 patch-at
--- patches/patch-at 7 Mar 2005 23:29:50 -0000 1.1
+++ patches/patch-at 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
$NetBSD: patch-at,v 1.1 2005/03/07 23:29:50 tv Exp $
---- servconf.c.orig 2004-08-13 07:30:24.000000000 -0400
+--- servconf.c.orig 2005-08-12 07:11:37.000000000 -0500
+++ servconf.c
-@@ -233,7 +233,11 @@ fill_default_server_options(ServerOption
+@@ -232,7 +232,11 @@
/* Turn privilege separation on by default */
if (use_privsep == -1)
Index: patches/patch-au
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-au,v
retrieving revision 1.1
diff -b -u -r1.1 patch-au
--- patches/patch-au 7 Mar 2005 23:29:50 -0000 1.1
+++ patches/patch-au 17 Sep 2005 06:45:27 -0000
@@ -1,22 +1,24 @@
$NetBSD: patch-au,v 1.1 2005/03/07 23:29:50 tv Exp $
---- openbsd-compat/bsd-openpty.c.orig 2004-02-17 00:49:55.000000000 -0500
+--- openbsd-compat/bsd-openpty.c.orig 2005-02-25 17:04:29.000000000 -0600
+++ openbsd-compat/bsd-openpty.c
-@@ -102,7 +102,7 @@ openpty(int *amaster, int *aslave, char
+@@ -102,15 +102,17 @@
return (-1);
}
--#ifndef HAVE_CYGWIN
-+#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
++#if !defined(HAVE_INTERIX)
/*
* Try to push the appropriate streams modules, as described
* in Solaris pts(7).
-@@ -112,7 +112,7 @@ openpty(int *amaster, int *aslave, char
- # ifndef __hpux
+ */
+ ioctl(*aslave, I_PUSH, "ptem");
+ ioctl(*aslave, I_PUSH, "ldterm");
+-# ifndef __hpux
++ # ifndef __hpux
ioctl(*aslave, I_PUSH, "ttcompat");
- # endif /* __hpux */
--#endif /* HAVE_CYGWIN */
-+#endif /* !HAVE_CYGWIN && !HAVE_INTERIX */
+-# endif /* __hpux */
++ # endif /* __hpux */
++#endif /* !HAVE_INTERIX */
return (0);
Index: patches/patch-av
===================================================================
RCS file: /cvsroot/pkgsrc/security/openssh/patches/patch-av,v
retrieving revision 1.1
diff -b -u -r1.1 patch-av
--- patches/patch-av 7 Mar 2005 23:29:50 -0000 1.1
+++ patches/patch-av 17 Sep 2005 06:45:27 -0000
@@ -1,8 +1,8 @@
$NetBSD: patch-av,v 1.1 2005/03/07 23:29:50 tv Exp $
---- sshd.c.orig 2004-08-12 09:08:15.000000000 -0400
+--- sshd.c.orig 2005-07-26 06:54:56.000000000 -0500
+++ sshd.c
-@@ -579,10 +579,15 @@ privsep_preauth_child(void)
+@@ -574,10 +574,15 @@
/* XXX not ready, too heavy after chroot */
do_setusercontext(pw);
#else
@@ -18,7 +18,7 @@
#endif
}
-@@ -622,7 +627,7 @@ privsep_preauth(Authctxt *authctxt)
+@@ -617,7 +622,7 @@
close(pmonitor->m_sendfd);
/* Demote the child */
@@ -27,7 +27,7 @@
privsep_preauth_child();
setproctitle("%s", "[net]");
}
-@@ -635,7 +640,7 @@ privsep_postauth(Authctxt *authctxt)
+@@ -630,7 +635,7 @@
#ifdef DISABLE_FD_PASSING
if (1) {
#else
@@ -36,7 +36,7 @@
#endif
/* File descriptor passing is broken or root login */
monitor_apply_keystate(pmonitor);
-@@ -911,7 +916,7 @@ main(int ac, char **av)
+@@ -911,7 +916,7 @@
av = saved_argv;
#endif
@@ -45,7 +45,7 @@
debug("setgroups(): %.200s", strerror(errno));
/* Initialize configuration options to their default values. */
-@@ -1166,7 +1171,7 @@ main(int ac, char **av)
+@@ -1168,7 +1173,7 @@
(st.st_uid != getuid () ||
(st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
#else