Subject: CVS commit: pkgsrc/security/openssh
To: None <>
From: Stoned Elipot <>
List: pkgsrc-changes
Date: 01/19/2003 03:26:43
Module Name:	pkgsrc
Committed By:	seb
Date:		Sun Jan 19 01:26:41 UTC 2003

Modified Files:
	pkgsrc/security/openssh: Makefile distinfo
	pkgsrc/security/openssh/patches: patch-aa patch-ab

Log Message:
Update to version 3.5p1

Also mark this package as conflicting with ssh2 package.


 - (djm) OpenBSD CVS Sync
   - 2002/10/01 20:34:12
     allow root to access the agent, since there is no protection from root.
   - 2002/10/01 13:24:50
     OpenSSH 3.5
 - (djm) Bump RPM spec version numbers
 - (djm) Bug #406 s/msg_send/ssh_msh_send/ for Mac OS X 1.2

 - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs,
   tweak README
 - (djm) OpenBSD CVS Sync
   - 2002/09/27 10:42:09
     [compat.c compat.h sshd.c]
     add a generic match for a prober, such as sie big brother;
     idea from stevesk@; markus@ ok
   - 2002/09/27 15:46:21
     clarify compression level protocol 1 only; ok markus@ deraadt@

 - (djm) OpenBSD CVS Sync
   - 2002/09/25 11:17:16
     sync LoginGraceTime with default
   - 2002/09/25 15:19:02
   - 2002/09/26 11:38:43
     [auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
     krb4 + privsep; ok dugsong@, deraadt@

 - (bal) Fix issue where successfull login does not clear failure counts
   in AIX.  Patch by ok by djm
 - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
    This does not include the deattack.c fixes.

 - (djm) OpenBSD CVS Sync
   - 2002/09/23 20:46:27
     change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for
     non-sockets; fixes a problem passing NULL to snprintf(). ok markus@
   - 2002/09/23 22:11:05
     only call auth_krb5 if kerberos is enabled; ok deraadt@
   - 2002/09/24 08:46:04
     only call kerberos code for authctxt->valid
   - 2002/09/24 20:59:44
     tweak the example $HOME/.ssh/rc script to not show on any cmdline the
     sensitive data it handles. This fixes bug # 402 as reported by (Nickolai Zeldovich).
     ok markus@ and stevesk@

 - (tim) [] s/return/exit/ patch by

 - (djm) OpenBSD CVS Sync
   - 2002/09/19 14:53:14
   - 2002/09/19 15:51:23
   - 2002/09/19 16:03:15
     log IP address also; ok markus@
   - 2002/09/20 18:41:29
     log illegal user here for missing privsep case (ssh2).
     this is executed in the monitor. ok markus@

 - (djm) OpenBSD CVS Sync
   - 2002/09/12 19:11:52
     %u for uid print; ok markus@
   - 2002/09/12 19:50:36
     [session.c ssh.1]
     add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384.  ok markus@
   - 2002/09/13 19:23:09
     [channels.c sshconnect.c sshd.c]
     remove use of SO_LINGER, it should not be needed. error check
     SO_REUSEADDR. fixup comments. ok markus@
   - 2002/09/16 19:55:33
     log when _PATH_NOLOGIN exists; ok markus@
   - 2002/09/16 20:12:11
     more details on X11Forwarding security issues and threats; ok markus@
   - 2002/09/16 22:03:13
     reference moduli(5) in FILES /etc/moduli.
   - 2002/09/17 07:47:02
     don't quit while creating X11 listening socket.
     got from portable.  markus ok
   - 2002/09/19 01:58:18
     [ssh.c sshconnect.c] #223 - ProxyCommands don't exit.
     Patch from; ok markus@

 - (djm) Made GNOME askpass programs return non-zero if cancel button is
 - (djm) Added getpeereid() replacement. Properly implemented for systems
   with SO_PEERCRED support. Faked for systems which lack it.
 - (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and
   fake-queue.h to sys-tree.h and sys-queue.h
 - (djm) OpenBSD CVS Sync
   - 2002/09/08 20:24:08
     no comma at end of enumerator list
   - 2002/09/09 06:48:06
     [auth1.c auth.h auth-krb5.c monitor.c monitor.h]
     [monitor_wrap.c monitor_wrap.h]
     kerberos support for privsep.  confirmed to work by
     patch from markus
   - 2002/09/09 14:54:15
     [channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c]
     signed vs unsigned from -pedantic; ok henning@
   - 2002/09/10 20:24:47
     check the euid of the connecting process with getpeereid(2);
     ok provos deraadt stevesk
   - 2002/09/11 17:55:03
     add agent and X11 forwarding warning text from ssh_config.5; ok markus@
   - 2002/09/11 18:27:26
     [authfd.c authfd.h ssh.c]
     don't connect to agent to test for presence if we've previously
     connected; ok markus@
   - 2002/09/11 22:41:50
     [sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h]
     [sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c]
     support for short/long listings and globbing in "ls"; ok markus@
   - 2002/09/12 00:13:06
     zap unused var introduced in last commit

 - (djm) Sync openbsd-compat with OpenBSD -current

 - (djm) Bug #365: Read /.ssh/environment properly under CygWin.
   Patch from Mark Bradshaw <>
 - (djm) Bug #138: Make protocol 1 blowfish work with old OpenSSL.
   Patch from Robert Halubek <>

 - (djm) OpenBSD CVS Sync
   - 2002/09/04 18:52:42
     [servconf.c sshd.8 sshd_config.5]
     default LoginGraceTime to 2m; 1m may be too short for slow systems.
     ok markus@
 - (djm) Merge openssh-TODO.patch from Redhat (null) beta
 - (djm) Add gnome-ssh-askpass2.c (gtk2) by merge with patch from
    Nalin Dahyabhai <>
 - (djm) Add support for building gtk2 password requestor from Redhat beta

 - (djm) Patch from itojun@ for Darwin OS: test getaddrinfo, reorder libcrypt
 - (djm) Fix Redhat RPM build dependancy test
 - (djm) OpenBSD CVS Sync
   - 2002/08/12 10:46:35
     make ssh-agent setgid, disallow ptrace.
   - 2002/08/21 11:20:59
     `RSA' updated to refer to `public key', where it matters.
     okay markus@
   - 2002/08/21 19:38:06
     [servconf.c sshd.8 sshd_config sshd_config.5]
     change LoginGraceTime default to 1 minute; ok mouring@ markus@
   - 2002/08/21 20:10:28
     raise listen backlog; ok markus@
   - 2002/08/22 19:27:53
     use common close function; ok markus@
   - 2002/08/22 19:38:42
     format with current EscapeChar; bugzilla #388 from
     ok markus@
   - 2002/08/22 20:57:19
     shutdown(SHUT_RDWR) not needed before close here; ok markus@
   - 2002/08/22 21:33:58
     [auth1.c auth2.c]
     auth_root_allowed() is handled by the monitor in the privsep case,
     so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
   - 2002/08/22 21:45:41
     send signal name (not signal number) in "exit-signal" message; noticed
   - 2002/08/27 17:13:56
     RSA_public_decrypt() returns -1 on error so len must be signed;
     ok markus@
   - 2002/08/27 17:18:40
     some warning text for ForwardAgent and ForwardX11; ok markus@
   - 2002/08/29 15:57:25
     [monitor.c session.c sshlogin.c sshlogin.h]
     pass addrlen with sockaddr *; from Hajimu UMEMOTO <>
     NOTE: there are also p-specific parts to this patch. ok markus@
   - 2002/08/29 16:02:54
     [ssh.1 ssh.c]
     deprecate -P as UsePrivilegedPort defaults to no now; ok markus@
   - 2002/08/29 16:09:02
     more on UsePrivilegedPort and setuid root; ok markus@
   - 2002/08/29 19:49:42
     shrink initial privilege bracket for setuid case; ok markus@
   - 2002/08/29 22:54:10
     [ssh_config.5 sshd_config.5]
     state XAuthLocation is a full pathname

 - OpenBSD CVS Sync
   - 2002/08/02 14:43:15
     [monitor.c monitor_mm.c]
     Change mm_zalloc() sanity checks to be more in line with what
     we do in calloc() and add a check to monitor_mm.c.
     OK provos@ and markus@
   - 2002/08/02 16:00:07
     [ssh.1 sshd.8]
     note that .ssh/environment is only read when
     allowed (PermitUserEnvironment in sshd_config).
     OK markus@
   - 2002/08/02 21:23:41
     diff is u_int (2x); ok deraadt/provos
   - 2002/08/02 22:20:30
     replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser
     for authentication; ok deraadt/djm
   - 2002/08/08 13:50:23
     Use & to test if bits are set, not &&; markus@ ok.
   - 2002/08/08 23:54:52
     typo in comment
   - 2002/08/09 17:21:42
     use Op for mdoc conformance; from
     ok aaron@
   - 2002/08/09 17:41:12
     proxy vs. fake display
   - 2002/08/12 17:30:35
     [ssh.1 sshd.8 sshd_config.5]
     more PermitUserEnvironment; ok markus@
   - 2002/08/17 23:07:14
     ForwardAgent has defaulted to no for over 2 years; be more clear here.
   - 2002/08/17 23:55:01
     ordered list here
 - (bal) [defines.h] Some platforms don't have SIZE_T_MAX.  So assign
   it to ULONG_MAX.

 - (tim) [] Display OpenSSL header/library version.
   Patch by

 - (bal) OpenBSD CVS Sync
   - 2002/07/24 16:11:18
     [hostfile.c hostfile.h sshconnect.c]
     print out all known keys for a host if we get a unknown host key,
     see discussion at

     the ssharp mitm tool attacks users in a similar way, so i'd like to
     pointed out again:
        A MITM attack is always possible if the ssh client prints:
        The authenticity of host 'bla' can't be established.
     (protocol version 2 with pubkey authentication allows you to detect
     MITM attacks)
   - 2002/07/25 01:16:59
     FallBackToRsh does not exist anywhere else.  Remove it from here.
     OK deraadt.
   - 2002/07/29 18:57:30
     print file:line
   - 2002/07/30 17:03:55
     [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
     add PermitUserEnvironment (off by default!); from;
     ok provos, deraadt

 - (bal) [uidswap.c] SCO compile correction by

 - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar
 - (stevesk) [CREDITS] solar
 - (stevesk) [ssh-rand-helper.c] RAND_bytes() and SHA1_Final() unsigned
   char arg.

 - (djm) Remove some cruft from INSTALL
 - (djm) Latest config.guess and config.sub from

 - (bal) [bsd-cray.c bsd-cray.h] Part 2 of Cray merger.
 - (bal) sync ID w/ ssh-agent.c
 - (bal) OpenBSD Sync
   - 2002/07/19 15:43:33
     [log.c log.h session.c sshd.c]
     remove fatal cleanups after fork; based on discussions with and code
     from solar.
   - 2002/07/19 17:42:40
     display a warning from ssh when XAuthLocation does not exist or xauth
     returned no authentication data. ok markus@
   - 2002/07/21 18:32:20
     unneeded includes
   - 2002/07/21 18:34:43
     remove invalid comment
   - 2002/07/22 11:03:06
     fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors;
   - 2002/07/22 17:32:56
     u_int here; ok provos@
   - 2002/07/23 16:03:10
     utmp_len is unsigned; display error consistent with other options.
     ok markus@
   - 2002/07/15 17:15:31
     little more debugging; ok markus@

 - (bal) AIX tty data limiting patch fix by
 - (stevesk) [xmmap.c] missing prototype for fatal()
 - (bal) [ defines.h loginrec.c sshd.c sshpty.c] Partial sync
   with Cray (mostly #ifdef renaming).  Patch by
 - (bal) []  Missing ;; from cray patch.
 - (bal) [monitor_mm.c openbsd-compat/xmmap.h] Move xmmap() defines
   into it's own header.
 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be
   freed by the caller; add free_pam_environment() and use it.
 - (stevesk) [auth-pam.c] typo in comment

 - (stevesk) [auth-pam.c] merge cosmetic changes from solar's
 - (stevesk) [auth-pam.c] merge rest of solar's PAM patch;
   PAM_NEW_AUTHTOK_REQD remains in #if 0 for now.
 - (stevesk) [auth-pam.c] cast to avoid initialization type mismatch
   warning on pam_conv struct conversation function.
 - (stevesk) [auth-pam.h] license
 - (stevesk) [auth-pam.h] unneeded include
 - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h

 - (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng().

 - (tim) [contrib/solaris/] create privsep user/group if needed.
   Patch by
 - (tim) []  test for libxnet on HP. Patch by

 - (tim) [defines.h] Bug 313 patch by
 - (tim) [monitor_mm.c] add missing declaration for xmmap(). Reported
 - (tim) [] Bug 267 rework int64_t test.
 - (tim) [includes.h] Bug 267 add stdint.h

 - (bal) aixbff package updated by
 - (tim) [] change how we do paths in AC_PATH_PROGS tests
   for autoconf 2.53. Based on a patch by

 - (tim) [contrib/solaris/] Only kill sshd if .pid file found

 - (bal) OpenBSD CVS Sync
   - 2002/07/12 13:29:09
     print connect failure during debugging mode.
   - 2002/07/12 15:50:17
     EVP_CIPH_CUSTOM_IV for our own rijndael
 - (bal) Remove unused tty defined in do_setusercontext() pointed out by plus a a more KNF since I am near it.
 - (bal) Privsep user creation support in Solaris by

 - (tim) [] replace "id sshd" with "sshd -t"
 - (bal/tim) [acconfig.h monitor_mm.c servconf.c
   openbsd-compat/] support compression on platforms that
   have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c
   Based on patch from of code extracted from Owl's package
 - (tim) [] Bug 323 arp -n flag doesn't exist under Solaris.
   report by
 - (tim) [loginrec.c] Bug 347: Fix typo (WTMPX_FILE) report by
 - (tim) [loginrec.c] Bug 348: add missing found = 1; to wtmpx_islogin()
   report by

 - (tim) [] quiet down install-files: and check-user:
 - (tim) [] remove unused filepriv line

 - (tim) [contrib/cygwin/ssh-host-config] explicitely sets the permissions
   on /var/empty to 755 Patch by
 - (bal) OpenBSD CVS Sync
   - 2002/07/09 11:56:50
     silently try next address on connect(2).  markus ok
   - 2002/07/09 11:56:27
     suppress log on reverse lookup failiure, as there's no real value in
     doing so.
     markus ok
   - 2002/07/09 12:04:02
     ed static function (less warnings)
   - 2002/07/09 17:46:25
     clarify no preference ordering in protocol list; ok markus@
   - 2002/07/10 10:28:15
     bark if all connection attempt fails.
   - 2002/07/10 17:53:54
     use right sizeof in memcpy; markus ok

 - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms
   lacking that concept can share it. Patch by

 - (tim) [openssh/contrib/solaris/] add PKG_INSTALL_ROOT to
   work in a jumpstart environment. patch by
 - (tim) [] workaround for broken pakadd on some systems.
 - (tim) [] fix libc89 utimes test. Mention default path for

 - (tim) [] use umask instead of chmod on $(PRIVSEP_PATH)
 - (tim) [acconfig.h sshd.c]
 - (tim) [contrib/cygwin/ssh-host-config] sshd account creation fixes
   patch from
 - (bal) [realpath.c] Updated with OpenBSD tree.
 - (bal) OpenBSD CVS Sync
   - 2002/07/04 04:15:33
     [key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c]
     patch memory leaks;
   - 2002/07/04 08:12:15
     [channels.c packet.c]
     blah blah minor nothing as i read and re-read and re-read...
   - 2002/07/04 10:41:47
     [key.c monitor_wrap.c ssh-dss.c ssh-rsa.c]
     don't allocate, copy, and discard if there is not interested in the data;
     ok deraadt@
   - 2002/07/06 01:00:49
   - 2002/07/06 01:01:26
     KNF, realloc fix, and clean usage
   - 2002/07/06 17:47:58
     unused variable
 - (bal) Minor KNF on ssh-keyscan.c

 - (tim) [] AIX 4.2.1 has authenticate() in libs.
   Reported by Darren Tucker <>
 - (tim) [contrib/cygwin/ssh-host-config] double slash corrction

 - (bal) Limit data to TTY for AIX only (Newer versions can't handle the
   faster data rate)  Bug #124
 - (bal) glob.c defines TILDE and AIX also defines it.  #undef it first.
   bug #265
 - (bal) One too many nulls in ports-aix.c

 - (bal) Updated contrib/cygwin/  patch by
 - (bal) minor correction to utimes() replacement.  Patch by
 - OpenBSD CVS Sync
   - 2002/06/27 08:49:44
     [dh.c ssh-keyscan.c sshconnect.c]
     more checks for NULL pointers; from; ok deraadt@
   - 2002/06/27 09:08:00
     improve mm_zalloc check; markus ok
   - 2002/06/27 10:35:47
     [auth2-none.c monitor.c sftp-client.c]
     use xfree()
   - 2002/06/27 19:49:08
     use convtime(); ok markus@
   - 2002/06/28 01:49:31
     tree(3) wants an int return value for its compare functions and
     the difference between two pointers is not an int.  Just do the
     safest thing and store the result in a long and then return 0,
     -1, or 1 based on that result.
   - 2002/06/28 01:50:37
     use ssize_t
   - 2002/06/28 10:08:25
     range check -u option at invocation
   - 2002/06/28 23:05:06
     gidset[2] -> gidset[1]; markus ok
   - 2002/06/30 21:54:16
     [auth2.c session.c sshd.c]
     lint asks that we use names that do not overlap
   - 2002/06/30 21:59:45
     [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
      monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
      sshconnect2.c sshd.c]
     minor KNF
   - 2002/07/01 16:15:25
   - 2002/07/01 19:48:46
     for compression=yes, we fallback to no-compression if the server does
     not support compression, vice versa for compression=no. ok mouring@
   - 2002/07/03 09:55:38
     use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
     in order to avoid a possible Kocher timing attack pointed out by Charles
     Hannum; ok provos@
   - 2002/07/03 14:21:05
     [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
     re-enable ssh-keysign's sbit, but make ssh-keysign read
     /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
     globally. based on discussions with deraadt, itojun and sommerfeld;
     ok itojun@
 - (bal) Failed password attempts don't increment counter on AIX. Bug #145
 - (bal) Missed change.  keysign needs readconf.o
 - (bal) Clean up aix_usrinfo().  Ignore TTY= period I guess.

 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &
   friends consistently. Spotted by Solar Designer <>

 - (bal) fix to auth2-pam.c to swap fatal() arguments,  A bit of style
   clean up while I'm near it.

 - (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented
   options should contain default value.  from solar.
 - (bal) Cygwin uid0 fix by
 - (bal) s/config.h/includes.h/ in openbsd-compat/ for *.c.  Otherwise wise
   have issues of our fixes not propogating right (ie bcopy instead of
   memmove).  OK tim
 - (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported.
   Bug #303

 - OpenBSD CVS Sync
   - 2002/06/26 14:49:36
     correct %u
   - 2002/06/26 14:50:04
     use ssize_t for recvmsg() and sendmsg() return
   - 2002/06/26 14:51:33
     fix exit code for -X/-x
   - 2002/06/26 15:00:32
     more %u
   - 2002/06/26 22:27:32
     bug #304, xfree(data) called to early;

To generate a diff of this commit:
cvs rdiff -r1.91 -r1.92 pkgsrc/security/openssh/Makefile
cvs rdiff -r1.22 -r1.23 pkgsrc/security/openssh/distinfo
cvs rdiff -r1.26 -r1.27 pkgsrc/security/openssh/patches/patch-aa
cvs rdiff -r1.13 -r1.14 pkgsrc/security/openssh/patches/patch-ab

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.