pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/openssh Update to 3.9p1:
details: https://anonhg.NetBSD.org/pkgsrc/rev/0ac702ae9716
branches: trunk
changeset: 480143:0ac702ae9716
user: wiz <wiz%pkgsrc.org@localhost>
date: Tue Aug 31 11:27:11 2004 +0000
description:
Update to 3.9p1:
* Added new "IdentitiesOnly" option to ssh(1), which specifies that it should
use keys specified in ssh_config, rather than any keys in ssh-agent(1)
* Make sshd(8) re-execute itself on accepting a new connection. This security
measure ensures that all execute-time randomisations are reapplied for each
connection rather than once, for the master process' lifetime. This includes
mmap and malloc mappings, shared library addressing, shared library mapping
order, ProPolice and StackGhost cookies on systems that support such things
* Add strict permission and ownership checks to programs reading ~/.ssh/config
NB ssh(1) will now exit instead of trying to process a config with poor
ownership or permissions
* Implemented the ability to pass selected environment variables between the
client and the server. See "AcceptEnv" in sshd_config(5) and "SendEnv" in
ssh_config(5) for details
* Added a "MaxAuthTries" option to sshd(8), allowing control over the maximum
number of authentication attempts permitted per connection
* Added support for cancellation of active remote port forwarding sessions.
This may be performed using the ~C escape character, see "Escape Characters"
in ssh(1) for details
* Many sftp(1) interface improvements, including greatly enhanced "ls" support
and the ability to cancel active transfers using SIGINT (^C)
* Implement session multiplexing: a single ssh(1) connection can now carry
multiple login/command/file transfer sessions. Refer to the "ControlMaster"
and "ControlPath" options in ssh_config(5) for more information
* The sftp-server has improved support for non-POSIX filesystems (e.g. FAT)
* Portable OpenSSH: Re-introduce support for PAM password authentication, in
addition to the keyboard-interactive driver. PAM password authentication
is less flexible, and doesn't support pre-authentication password expiry but
runs in-process so Kerberos tokens, etc are retained
* Improved and more extensive regression tests
* Many bugfixes and small improvements
diffstat:
security/openssh/Makefile | 6 ++--
security/openssh/distinfo | 30 +++++++++++++-------------
security/openssh/patches/patch-aa | 42 +++++++++++++++++++-------------------
security/openssh/patches/patch-ab | 12 +++++-----
security/openssh/patches/patch-ac | 6 ++--
security/openssh/patches/patch-ad | 12 +++++-----
security/openssh/patches/patch-ag | 6 ++--
security/openssh/patches/patch-ah | 6 ++--
security/openssh/patches/patch-aj | 12 +++++-----
security/openssh/patches/patch-ak | 12 +++++-----
security/openssh/patches/patch-al | 6 ++--
security/openssh/patches/patch-an | 16 +++++++-------
security/openssh/patches/patch-ap | 6 ++--
security/openssh/patches/patch-aq | 6 ++--
14 files changed, 89 insertions(+), 89 deletions(-)
diffs (truncated from 468 to 300 lines):
diff -r e0741d957de8 -r 0ac702ae9716 security/openssh/Makefile
--- a/security/openssh/Makefile Tue Aug 31 10:53:02 2004 +0000
+++ b/security/openssh/Makefile Tue Aug 31 11:27:11 2004 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.141 2004/08/04 06:43:52 minskim Exp $
+# $NetBSD: Makefile,v 1.142 2004/08/31 11:27:11 wiz Exp $
-DISTNAME= openssh-3.8.1p1
-PKGNAME= openssh-3.8.1.1
+DISTNAME= openssh-3.9p1
+PKGNAME= openssh-3.9.1
SVR4_PKGNAME= ossh
CATEGORIES= security
MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
diff -r e0741d957de8 -r 0ac702ae9716 security/openssh/distinfo
--- a/security/openssh/distinfo Tue Aug 31 10:53:02 2004 +0000
+++ b/security/openssh/distinfo Tue Aug 31 11:27:11 2004 +0000
@@ -1,21 +1,21 @@
-$NetBSD: distinfo,v 1.34 2004/08/04 06:43:52 minskim Exp $
+$NetBSD: distinfo,v 1.35 2004/08/31 11:27:11 wiz Exp $
-SHA1 (openssh-3.8.1p1.tar.gz) = 772c3a69014a8a7bf8c1bde8ab6770f9c91049e4
-Size (openssh-3.8.1p1.tar.gz) = 817932 bytes
-SHA1 (patch-aa) = 171d144d781b28a6665e022ffbb449888f6302e3
-SHA1 (patch-ab) = 8c1b1d92cf45ea921db650e2eb50fcafbdd83407
-SHA1 (patch-ac) = 2652a918c43bb780c8b0e5e3691d2a1ffba74700
-SHA1 (patch-ad) = 15627b65ea3607bf5a66d0def463b05f57ed303d
+SHA1 (openssh-3.9p1.tar.gz) = 80b19d83a9d4717f5c38b2d950501e1471f60afc
+Size (openssh-3.9p1.tar.gz) = 854027 bytes
+SHA1 (patch-aa) = 5d0b1cf5cf92e0d314e6458b225074a73f35f857
+SHA1 (patch-ab) = 662440f96d38e43b0c8de7bef260f82d8b7ab737
+SHA1 (patch-ac) = 3ad72f42b066ef1f48e276bccd438da2d6fde980
+SHA1 (patch-ad) = 6a0c4edd2217f22f7c9622fb38124287e93c5fc8
SHA1 (patch-ae) = fece020b1c2432f4ac5b62104be808aa3f70ea22
SHA1 (patch-af) = 444fadaafdb45adc1008cbf106cd28c075700616
-SHA1 (patch-ag) = 873d2b8c3293a3a9c4da7581da574e22bddca15e
-SHA1 (patch-ah) = 8f1fa190e4fb115bb5311b4ccd839a649e1b09e5
+SHA1 (patch-ag) = d0c93842739da39b588acdb0449a2562e05497d3
+SHA1 (patch-ah) = 85a8f0fa5ddf13f8342faaff6bf81fcd3ad6648a
SHA1 (patch-ai) = da31e53b3ccbef24abc6418ee466f1e43fdd7447
-SHA1 (patch-aj) = 677e614947c884c4208a6ca76fc9c6237d7aa6f7
-SHA1 (patch-ak) = 97bc28537830eaa889bd807cd9b3f2c20dc938a2
-SHA1 (patch-al) = 958c5516996e4040ac779bf1f53c486253c40cfb
+SHA1 (patch-aj) = ea07f23e66863e78bbe2cfced747795cb6c2f7ba
+SHA1 (patch-ak) = fe65dbf8771f6515d32ed994723b979f8e3211d6
+SHA1 (patch-al) = 5a0aed20f0c75b5bbcf4abce1e50d1ced3990ca7
SHA1 (patch-am) = a88eb34b83789453b8e212b14f33d8e98d153667
-SHA1 (patch-an) = e92a4e3b3bc07eda155a17009743c110d88c8c22
+SHA1 (patch-an) = 4694cd36c85d76fe42411600a482dcfa1421f704
SHA1 (patch-ao) = 00750c5f80bced34c54558cbd5ad3b96384e0d00
-SHA1 (patch-ap) = c2182328f9f108df14ce379c8dfa50fd53815a4a
-SHA1 (patch-aq) = 009f4696f32f0addde1c953aaab759f920816692
+SHA1 (patch-ap) = ba0a85060632dfa3939b7316f0acecfa3100082d
+SHA1 (patch-aq) = ee466164b653f521445884e119627f4927fabbe0
diff -r e0741d957de8 -r 0ac702ae9716 security/openssh/patches/patch-aa
--- a/security/openssh/patches/patch-aa Tue Aug 31 10:53:02 2004 +0000
+++ b/security/openssh/patches/patch-aa Tue Aug 31 11:27:11 2004 +0000
@@ -1,9 +1,9 @@
-$NetBSD: patch-aa,v 1.35 2004/08/04 06:43:52 minskim Exp $
+$NetBSD: patch-aa,v 1.36 2004/08/31 11:27:11 wiz Exp $
---- configure.orig Sun Apr 18 07:51:57 2004
+--- configure.orig 2004-08-17 14:54:53.000000000 +0200
+++ configure
-@@ -4814,8 +4814,18 @@ EOF
- EOF
+@@ -6101,8 +6101,18 @@ _ACEOF
+ _ACEOF
;;
+
@@ -21,53 +21,53 @@
# Allow user to specify flags
# Check whether --with-cflags or --without-cflags was given.
-@@ -17263,12 +17273,20 @@ fi
- rm -f conftest.$ac_objext conftest.$ac_ext
+@@ -23790,12 +23800,19 @@ fi
+ rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
if test -z "$conf_utmpx_location"; then
if test x"$system_utmpx_path" = x"no" ; then
-- cat >>confdefs.h <<\EOF
+- cat >>confdefs.h <<\_ACEOF
+ for f in /var/run/utmpx; do
+ if test -f $f ; then
+ conf_utmpx_location=$f
+ fi
+ done
+ if test -z "$conf_utmpx_location"; then
-+ cat >>confdefs.h <<\EOF
++ cat >>confdefs.h <<\_ACEOF
#define DISABLE_UTMPX 1
- EOF
-
+ _ACEOF
+-
+ fi
fi
-else
+fi
+if test -n "$conf_utmpx_location"; then
- cat >>confdefs.h <<EOF
+ cat >>confdefs.h <<_ACEOF
#define CONF_UTMPX_FILE "$conf_utmpx_location"
- EOF
-@@ -17323,12 +17341,20 @@ fi
- rm -f conftest.$ac_objext conftest.$ac_ext
+ _ACEOF
+@@ -23864,12 +23881,20 @@ fi
+ rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
if test -z "$conf_wtmpx_location"; then
if test x"$system_wtmpx_path" = x"no" ; then
-- cat >>confdefs.h <<\EOF
+- cat >>confdefs.h <<\_ACEOF
+ for f in /var/log/wtmpx; do
+ if test -f $f ; then
+ conf_wtmpx_location=$f
+ fi
+ done
+ if test -z "$conf_wtmpx_location"; then
-+ cat >>confdefs.h <<\EOF
++ cat >>confdefs.h <<\_ACEOF
#define DISABLE_WTMPX 1
- EOF
+ _ACEOF
++ fi
-+ fi
fi
-else
+fi
+if test -n "$conf_wtmpx_location"; then
- cat >>confdefs.h <<EOF
+ cat >>confdefs.h <<_ACEOF
#define CONF_WTMPX_FILE "$conf_wtmpx_location"
- EOF
-@@ -18237,7 +18263,7 @@ echo "OpenSSH has been configured with t
+ _ACEOF
+@@ -25091,7 +25116,7 @@ echo "OpenSSH has been configured with t
echo " User binaries: $B"
echo " System binaries: $C"
echo " Configuration files: $D"
diff -r e0741d957de8 -r 0ac702ae9716 security/openssh/patches/patch-ab
--- a/security/openssh/patches/patch-ab Tue Aug 31 10:53:02 2004 +0000
+++ b/security/openssh/patches/patch-ab Tue Aug 31 11:27:11 2004 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.18 2004/08/04 06:43:52 minskim Exp $
+$NetBSD: patch-ab,v 1.19 2004/08/31 11:27:12 wiz Exp $
---- configure.ac.orig Fri Apr 16 22:03:07 2004
+--- configure.ac.orig 2004-08-16 15:12:06.000000000 +0200
+++ configure.ac
-@@ -454,8 +454,15 @@ mips-sony-bsd|mips-sony-newsos4)
+@@ -469,8 +469,15 @@ mips-sony-bsd|mips-sony-newsos4)
AC_DEFINE(MISSING_HOWMANY)
AC_DEFINE(MISSING_FD_MASK)
;;
@@ -18,7 +18,7 @@
# Allow user to specify flags
AC_ARG_WITH(cflags,
[ --with-cflags Specify additional flags to pass to compiler],
-@@ -2824,9 +2831,17 @@ AC_TRY_COMPILE([
+@@ -2885,9 +2892,17 @@ AC_TRY_COMPILE([
)
if test -z "$conf_utmpx_location"; then
if test x"$system_utmpx_path" = x"no" ; then
@@ -38,7 +38,7 @@
AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
fi
-@@ -2849,9 +2864,17 @@ AC_TRY_COMPILE([
+@@ -2910,9 +2925,17 @@ AC_TRY_COMPILE([
)
if test -z "$conf_wtmpx_location"; then
if test x"$system_wtmpx_path" = x"no" ; then
@@ -58,7 +58,7 @@
AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
fi
-@@ -2892,7 +2915,7 @@ echo "OpenSSH has been configured with t
+@@ -2953,7 +2976,7 @@ echo "OpenSSH has been configured with t
echo " User binaries: $B"
echo " System binaries: $C"
echo " Configuration files: $D"
diff -r e0741d957de8 -r 0ac702ae9716 security/openssh/patches/patch-ac
--- a/security/openssh/patches/patch-ac Tue Aug 31 10:53:02 2004 +0000
+++ b/security/openssh/patches/patch-ac Tue Aug 31 11:27:11 2004 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ac,v 1.10 2004/05/10 18:12:24 wiz Exp $
+$NetBSD: patch-ac,v 1.11 2004/08/31 11:27:12 wiz Exp $
---- defines.h.orig 2004-04-14 09:24:30.000000000 +0200
+--- defines.h.orig 2004-06-22 05:27:16.000000000 +0200
+++ defines.h
-@@ -584,6 +584,24 @@ struct winsize {
+@@ -591,6 +591,24 @@ struct winsize {
# endif
# endif
#endif
diff -r e0741d957de8 -r 0ac702ae9716 security/openssh/patches/patch-ad
--- a/security/openssh/patches/patch-ad Tue Aug 31 10:53:02 2004 +0000
+++ b/security/openssh/patches/patch-ad Tue Aug 31 11:27:11 2004 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-ad,v 1.7 2004/08/04 06:43:52 minskim Exp $
+$NetBSD: patch-ad,v 1.8 2004/08/31 11:27:12 wiz Exp $
---- loginrec.c.orig Thu Apr 8 01:16:06 2004
+--- loginrec.c.orig 2004-08-15 11:12:52.000000000 +0200
+++ loginrec.c
@@ -415,7 +415,7 @@ login_write (struct logininfo *li)
@@ -11,7 +11,7 @@
syslogin_write_entry(li);
#endif
#ifdef USE_LASTLOG
-@@ -584,7 +584,7 @@ line_abbrevname(char *dst, const char *s
+@@ -589,7 +589,7 @@ line_abbrevname(char *dst, const char *s
** into account.
**/
@@ -20,7 +20,7 @@
/* build the utmp structure */
void
-@@ -720,8 +720,6 @@ construct_utmpx(struct logininfo *li, st
+@@ -725,8 +725,6 @@ construct_utmpx(struct logininfo *li, st
line_stripname(utx->ut_line, li->line, sizeof(utx->ut_line));
set_utmpx_time(li, utx);
utx->ut_pid = li->pid;
@@ -29,7 +29,7 @@
if (li->type == LTYPE_LOGOUT)
return;
-@@ -731,6 +729,8 @@ construct_utmpx(struct logininfo *li, st
+@@ -736,6 +734,8 @@ construct_utmpx(struct logininfo *li, st
* for logouts.
*/
@@ -38,7 +38,7 @@
# ifdef HAVE_HOST_IN_UTMPX
strncpy(utx->ut_host, li->hostname, MIN_SIZEOF(utx->ut_host, li->hostname));
# endif
-@@ -1333,7 +1333,7 @@ wtmpx_get_entry(struct logininfo *li)
+@@ -1357,7 +1357,7 @@ wtmpx_get_entry(struct logininfo *li)
** Low-level libutil login() functions
**/
diff -r e0741d957de8 -r 0ac702ae9716 security/openssh/patches/patch-ag
--- a/security/openssh/patches/patch-ag Tue Aug 31 10:53:02 2004 +0000
+++ b/security/openssh/patches/patch-ag Tue Aug 31 11:27:11 2004 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ag,v 1.4 2004/08/04 06:43:52 minskim Exp $
+$NetBSD: patch-ag,v 1.5 2004/08/31 11:27:12 wiz Exp $
---- readconf.c.orig Mon Mar 8 06:12:36 2004
+--- readconf.c.orig 2004-07-17 08:12:08.000000000 +0200
+++ readconf.c
-@@ -186,7 +186,9 @@ static struct {
+@@ -187,7 +187,9 @@ static struct {
#endif
{ "clearallforwardings", oClearAllForwardings },
{ "enablesshkeysign", oEnableSSHKeysign },
diff -r e0741d957de8 -r 0ac702ae9716 security/openssh/patches/patch-ah
--- a/security/openssh/patches/patch-ah Tue Aug 31 10:53:02 2004 +0000
+++ b/security/openssh/patches/patch-ah Tue Aug 31 11:27:11 2004 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-ah,v 1.20 2004/03/12 19:24:47 wiz Exp $
+$NetBSD: patch-ah,v 1.21 2004/08/31 11:27:12 wiz Exp $
---- Makefile.in.orig Wed Feb 18 04:35:11 2004
+--- Makefile.in.orig 2004-08-15 13:01:37.000000000 +0200
+++ Makefile.in
@@ -21,7 +21,7 @@ top_srcdir=@top_srcdir@
DESTDIR=
@@ -11,7 +11,7 @@
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
RAND_HELPER=$(libexecdir)/ssh-rand-helper
-@@ -235,7 +235,7 @@ check-config:
+@@ -237,7 +237,7 @@ check-config:
scard-install:
(cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
diff -r e0741d957de8 -r 0ac702ae9716 security/openssh/patches/patch-aj
--- a/security/openssh/patches/patch-aj Tue Aug 31 10:53:02 2004 +0000
+++ b/security/openssh/patches/patch-aj Tue Aug 31 11:27:11 2004 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-aj,v 1.4 2004/08/04 06:43:52 minskim Exp $
+$NetBSD: patch-aj,v 1.5 2004/08/31 11:27:12 wiz Exp $
---- ssh-keygen.c.orig Tue Dec 30 18:34:52 2003
+--- ssh-keygen.c.orig 2004-07-17 08:12:08.000000000 +0200
+++ ssh-keygen.c
-@@ -623,6 +623,7 @@ do_change_passphrase(struct passwd *pw)
+@@ -622,6 +622,7 @@ do_change_passphrase(struct passwd *pw)
exit(0);
}
@@ -10,7 +10,7 @@
/*
Home |
Main Index |
Thread Index |
Old Index