[pkgsrc/trunk]: pkgsrc/security/openssh Update to 3.7.1p2:

[jschauma <jschauma%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/1861afcf0b00
branches:  trunk
changeset: 461913:1861afcf0b00
user:      jschauma <jschauma%pkgsrc.org@localhost>
date:      Tue Sep 23 17:52:33 2003 +0000

description:
Update to 3.7.1p2:
Most important chcanges: security relevant bug fixes in new PAM authentication code

Changes since OpenSSH 3.7.1p1:
==============================

* This release disables PAM by default. To enable it, set "UsePAM yes" in
  sshd_config. Due to complexity, inconsistencies in the specification and
  differences between vendors' PAM implementations we recommend that PAM
  be left disabled in sshd_config unless there is a need for its use.
  Sites using only public key or simple password authentication usually
  have little need to enable PAM support.

* This release now requires zlib 1.1.4 to build correctly. Previous
  versions have security problems.

* Fix compilation for versions of OpenSSL before 0.9.6. Some cipher modes
  are not supported for older OpenSSL versions.

* Fix compilation problems on systems with a missing or lacking inet_ntoa()
  function.

* Workaround problems related to unimplemented or broken setresuid/setreuid
  functions on several platforms.

* Fix compilation on older OpenBSD systems.

* Fix handling of password-less authentication (PermitEmptyPasswords=yes)
  that has not worked since the 3.7p1 release.

diffstat:

 security/openssh/Makefile         |   6 +++---
 security/openssh/distinfo         |   9 ++++-----
 security/openssh/patches/patch-aa |  14 ++++++--------
 security/openssh/patches/patch-ai |  10 ----------
 4 files changed, 13 insertions(+), 26 deletions(-)

diffs (79 lines):

diff -r af9570349380 -r 1861afcf0b00 security/openssh/Makefile
--- a/security/openssh/Makefile Tue Sep 23 15:45:16 2003 +0000
+++ b/security/openssh/Makefile Tue Sep 23 17:52:33 2003 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.114 2003/09/22 01:18:38 grant Exp $
+# $NetBSD: Makefile,v 1.115 2003/09/23 17:52:33 jschauma Exp $
 
-DISTNAME=              openssh-3.7.1p1
-PKGNAME=               openssh-3.7.1.1
+DISTNAME=              openssh-3.7.1p2
+PKGNAME=               openssh-3.7.1.2
 SVR4_PKGNAME=          ossh
 CATEGORIES=            security
 MASTER_SITES=          ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
diff -r af9570349380 -r 1861afcf0b00 security/openssh/distinfo
--- a/security/openssh/distinfo Tue Sep 23 15:45:16 2003 +0000
+++ b/security/openssh/distinfo Tue Sep 23 17:52:33 2003 +0000
@@ -1,8 +1,7 @@
-$NetBSD: distinfo,v 1.28 2003/09/18 02:11:40 jschauma Exp $
+$NetBSD: distinfo,v 1.29 2003/09/23 17:52:34 jschauma Exp $
 
-SHA1 (openssh-3.7.1p1.tar.gz) = b936ca7528fb46318febe02042a0e1bccf31c127
-Size (openssh-3.7.1p1.tar.gz) = 791161 bytes
-SHA1 (patch-aa) = 6d9fda6b4258a295cef814021b06fa7b3709f59e
+SHA1 (openssh-3.7.1p2.tar.gz) = 9b7d026710a3017c448b0e531eb95be6b2081963
+Size (openssh-3.7.1p2.tar.gz) = 792280 bytes
+SHA1 (patch-aa) = 62918b930d51411b0067e77c43c830c35b07c457
 SHA1 (patch-ab) = 1069fe256b7925fcf404781ef14e5c492f52c21e
 SHA1 (patch-ah) = 9913c868bde5d318915b1dee2c05dcf454a0f506
-SHA1 (patch-ai) = 3f1ec11561916388c5ed9ce36e531bce411d54a4
diff -r af9570349380 -r 1861afcf0b00 security/openssh/patches/patch-aa
--- a/security/openssh/patches/patch-aa Tue Sep 23 15:45:16 2003 +0000
+++ b/security/openssh/patches/patch-aa Tue Sep 23 17:52:33 2003 +0000
@@ -1,8 +1,6 @@
-$NetBSD: patch-aa,v 1.29 2003/09/16 13:52:31 grant Exp $
-
---- configure.orig     2003-09-16 16:19:17.000000000 +1000
-+++ configure
-@@ -4583,6 +4583,9 @@ EOF
+--- configure.orig     Tue Sep 23 02:55:43 2003
++++ configure  Tue Sep 23 13:27:33 2003
+@@ -4646,6 +4646,9 @@
        ;;
  esac
  
@@ -12,8 +10,8 @@
  # Allow user to specify flags
  
  # Check whether --with-cflags or --without-cflags was given.
-@@ -6428,6 +6431,10 @@ echo $ECHO_N "checking for libwrap... $E
- #line 6428 "configure"
+@@ -6491,6 +6494,10 @@
+ #line 6491 "configure"
  #include "confdefs.h"
  
 +#ifdef HAVE_SYS_CDEFS_H
@@ -23,7 +21,7 @@
  #include <tcpd.h>
                                        int deny_severity = 0, allow_severity = 0;
  
-@@ -16950,7 +16957,7 @@ echo "OpenSSH has been configured with t
+@@ -17138,7 +17145,7 @@
  echo "                     User binaries: $B"
  echo "                   System binaries: $C"
  echo "               Configuration files: $D"
diff -r af9570349380 -r 1861afcf0b00 security/openssh/patches/patch-ai
--- a/security/openssh/patches/patch-ai Tue Sep 23 15:45:16 2003 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
---- openbsd-compat/inet_ntoa.c.orig    Wed Sep 17 21:35:26 2003
-+++ openbsd-compat/inet_ntoa.c Wed Sep 17 21:35:37 2003
-@@ -43,7 +43,6 @@
- #include <netinet/in.h>
- #include <arpa/inet.h>
- #include <stdio.h>
--#include "inet_ntoa.h"
- 
- char *inet_ntoa(struct in_addr in)
- {