From 58ee8f139f5a7f8a8b7c6e315baaf48d9ba4d13a Mon Sep 17 00:00:00 2001
From: Simon Schubert <corecode@dragonflybsd.org>
Date: Mon, 11 Jul 2005 22:49:46 +0000
Subject: [PATCH] Switch to OpenSSH-4.1p1.

---
 secure/Makefile.ssh.common                    |   4 +-
 secure/lib/libssh/config.h                    | 129 ++++++++++++++++--
 secure/lib/libssh/version.h                   |   9 +-
 secure/usr.bin/ssh/readconf.c.patch           |  12 +-
 secure/usr.bin/ssh/ssh.1.no_obj.patch         |  11 +-
 secure/usr.sbin/sshd/auth2-pam-freebsd.c      |  10 +-
 secure/usr.sbin/sshd/loginrec.c.patch         |  15 +-
 secure/usr.sbin/sshd/sshd_config.no_obj.patch |  24 ++--
 8 files changed, 154 insertions(+), 60 deletions(-)

diff --git a/secure/Makefile.ssh.common b/secure/Makefile.ssh.common
index e21e556711..f616ac2be2 100644
--- a/secure/Makefile.ssh.common
+++ b/secure/Makefile.ssh.common
@@ -1,6 +1,6 @@
-# $DragonFly: src/secure/Makefile.ssh.common,v 1.2 2004/08/30 21:59:58 geekgod Exp $
+# $DragonFly: src/secure/Makefile.ssh.common,v 1.3 2005/07/11 22:49:45 corecode Exp $
 
-SSHDIR=		${.CURDIR}/../../../crypto/openssh-3.9p1
+SSHDIR=		${.CURDIR}/../../../crypto/openssh-4
 
 CONTRIBDIR=	${SSHDIR}
 
diff --git a/secure/lib/libssh/config.h b/secure/lib/libssh/config.h
index 4f69bbafbb..42309acd8a 100644
--- a/secure/lib/libssh/config.h
+++ b/secure/lib/libssh/config.h
@@ -1,7 +1,8 @@
 /* config.h.  Generated by configure.  */
 /* config.h.in.  Generated from configure.ac by autoheader.  */
-/* $Id: acconfig.h,v 1.177 2004/04/15 23:22:40 dtucker Exp $ */
-/* $DragonFly: src/secure/lib/libssh/config.h,v 1.2 2005/04/08 11:30:07 joerg Exp $ */
+/* $Id: acconfig.h,v 1.181 2005/02/25 23:07:38 dtucker Exp $ */
+/* $DragonFly: src/secure/lib/libssh/config.h,v 1.3 2005/07/11 22:49:45 corecode Exp $ */
+
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
  *
@@ -53,9 +54,6 @@
 /* #undef SPT_TYPE */
 /* #undef SPT_PADCHAR */
 
-/* setgroups() NOOP allowed */
-/* #undef SETGROUPS_NOOP */
-
 /* SCO workaround */
 /* #undef BROKEN_SYS_TERMIO_H */
 
@@ -105,6 +103,9 @@
 /* Work around problematic Linux PAM modules handling of PAM_TTY */
 /* #undef PAM_TTY_KLUDGE */
 
+/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */
+/* #undef SSHPAM_CHAUTHTOK_NEEDS_RUID */
+
 /* Use PIPES instead of a socketpair() */
 /* #undef USE_PIPES */
 
@@ -272,9 +273,6 @@
 /* Define if you want S/Key support */
 /* #undef SKEY */
 
-/* Define if you want OPIE support */
-/* #undef OPIE */
-
 /* Define if you want TCP Wrappers support */
 #define LIBWRAP 1
 
@@ -438,6 +436,12 @@
 /* Define if cmsg_type is not passed correctly */
 /* #undef BROKEN_CMSG_TYPE */
 
+/*
+ * Define to whatever link() returns for "not supported" if it doesn't
+ * return EOPNOTSUPP.
+ */
+/* #undef LINK_OPNOTSUPP_ERRNO */
+
 /* Strings used in /etc/passwd to denote locked account */
 /* #undef LOCKED_PASSWD_STRING */
 /* #undef LOCKED_PASSWD_PREFIX */
@@ -452,10 +456,20 @@
 /* Define if your resolver libs need this for getrrsetbyname */
 /* #undef BIND_8_COMPAT */
 
+/* Define if you have /proc/$pid/fd */
+/* #undef HAVE_PROC_PID */
+
+
+/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
+   */
+/* #undef AIX_GETNAMEINFO_HACK */
 
 /* Define to 1 if the `getpgrp' function requires zero arguments. */
 #define GETPGRP_VOID 1
 
+/* Conflicting defs for getspnam */
+/* #undef GETSPNAM_CONFLICTING_DEFS */
+
 /* Define to 1 if you have the `arc4random' function. */
 #define HAVE_ARC4RANDOM 1
 
@@ -471,12 +485,16 @@
 /* Define to 1 if you have the `bindresvport_sa' function. */
 #define HAVE_BINDRESVPORT_SA 1
 
+/* Define to 1 if you have the <bsm/audit.h> header file. */
+/* #undef HAVE_BSM_AUDIT_H */
+
 /* Define to 1 if you have the <bstring.h> header file. */
 /* #undef HAVE_BSTRING_H */
 
 /* Define to 1 if you have the `clock' function. */
 #define HAVE_CLOCK 1
 
+/* Define to 1 if you have the `closefrom' function. */
 #define HAVE_CLOSEFROM 1
 
 /* Define if gai_strerror() returns const char * */
@@ -485,6 +503,40 @@
 /* Define to 1 if you have the <crypt.h> header file. */
 /* #undef HAVE_CRYPT_H */
 
+/* Define to 1 if you have the declaration of `authenticate', and to 0 if you
+   don't. */
+/* #undef HAVE_DECL_AUTHENTICATE */
+
+/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
+   don't. */
+#define HAVE_DECL_H_ERRNO 1
+
+/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you
+   don't. */
+/* #undef HAVE_DECL_LOGINFAILED */
+
+/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if
+   you don't. */
+/* #undef HAVE_DECL_LOGINRESTRICTIONS */
+
+/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you
+   don't. */
+/* #undef HAVE_DECL_LOGINSUCCESS */
+
+/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you
+   don't. */
+/* #undef HAVE_DECL_PASSWDEXPIRED */
+
+/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you
+   don't. */
+/* #undef HAVE_DECL_SETAUTHDB */
+
+/* Define to 1 if you have the <dirent.h> header file. */
+#define HAVE_DIRENT_H 1
+
+/* Define to 1 if you have the `dirfd' function. */
+/* #undef HAVE_DIRFD */
+
 /* Define to 1 if you have the `dirname' function. */
 #define HAVE_DIRNAME 1
 
@@ -497,6 +549,9 @@
 /* Define to 1 if you have the `endutxent' function. */
 /* #undef HAVE_ENDUTXENT */
 
+/* Define to 1 if you have the `fchdir' function. */
+#define HAVE_FCHDIR 1
+
 /* Define to 1 if you have the `fchmod' function. */
 #define HAVE_FCHMOD 1
 
@@ -521,6 +576,12 @@
 /* Define to 1 if you have the `getaddrinfo' function. */
 #define HAVE_GETADDRINFO 1
 
+/* Define to 1 if you have the `getaudit' function. */
+/* #undef HAVE_GETAUDIT */
+
+/* Define to 1 if you have the `getaudit_addr' function. */
+/* #undef HAVE_GETAUDIT_ADDR */
+
 /* Define to 1 if you have the `getcwd' function. */
 #define HAVE_GETCWD 1
 
@@ -617,9 +678,15 @@
 /* Define to 1 if you have the <inttypes.h> header file. */
 #define HAVE_INTTYPES_H 1
 
+/* Define to 1 if the system has the type `in_addr_t'. */
+#define HAVE_IN_ADDR_T 1
+
 /* Define to 1 if you have the <lastlog.h> header file. */
 /* #undef HAVE_LASTLOG_H */
 
+/* Define to 1 if you have the `bsm' library (-lbsm). */
+/* #undef HAVE_LIBBSM */
+
 /* Define to 1 if you have the `crypt' library (-lcrypt). */
 /* #undef HAVE_LIBCRYPT */
 
@@ -686,6 +753,9 @@
 /* Define to 1 if you have the `mmap' function. */
 #define HAVE_MMAP 1
 
+/* Define to 1 if you have the <ndir.h> header file. */
+/* #undef HAVE_NDIR_H */
+
 /* Define to 1 if you have the <netdb.h> header file. */
 #define HAVE_NETDB_H 1
 
@@ -839,6 +909,9 @@
 /* Define to 1 if you have the `socketpair' function. */
 #define HAVE_SOCKETPAIR 1
 
+/* Have PEERCRED socket option */
+/* #undef HAVE_SO_PEERCRED */
+
 /* Define to 1 if you have the <stddef.h> header file. */
 #define HAVE_STDDEF_H 1
 
@@ -899,9 +972,15 @@
 /* Define to 1 if you have the <sys/cdefs.h> header file. */
 #define HAVE_SYS_CDEFS_H 1
 
+/* Define to 1 if you have the <sys/dir.h> header file. */
+#define HAVE_SYS_DIR_H 1
+
 /* Define to 1 if you have the <sys/mman.h> header file. */
 #define HAVE_SYS_MMAN_H 1
 
+/* Define to 1 if you have the <sys/ndir.h> header file. */
+/* #undef HAVE_SYS_NDIR_H */
+
 /* Define to 1 if you have the <sys/prctl.h> header file. */
 /* #undef HAVE_SYS_PRCTL_H */
 
@@ -1002,7 +1081,7 @@
 /* #undef HAVE_VHANGUP */
 
 /* Define to 1 if you have the <vis.h> header file. */
-/* #undef HAVE_VIS_H */
+#define HAVE_VIS_H 1
 
 /* Define to 1 if you have the `vsnprintf' function. */
 #define HAVE_VSNPRINTF 1
@@ -1029,16 +1108,19 @@
 #define PACKAGE_BUGREPORT ""
 
 /* Define to the full name of this package. */
-#define PACKAGE_NAME ""
+#define PACKAGE_NAME "OpenSSH"
 
 /* Define to the full name and version of this package. */
-#define PACKAGE_STRING ""
+#define PACKAGE_STRING "OpenSSH Portable"
 
 /* Define to the one symbol short name of this package. */
-#define PACKAGE_TARNAME ""
+#define PACKAGE_TARNAME "openssh"
 
 /* Define to the version of this package. */
-#define PACKAGE_VERSION ""
+#define PACKAGE_VERSION "Portable"
+
+/* must supply username to passwd */
+/* #undef PASSWD_NEEDS_USERNAME */
 
 /* The size of a `char', as computed by sizeof. */
 #define SIZEOF_CHAR 1
@@ -1055,9 +1137,21 @@
 /* The size of a `short int', as computed by sizeof. */
 #define SIZEOF_SHORT_INT 2
 
+/* Use audit debugging module */
+/* #undef SSH_AUDIT_EVENTS */
+
 /* Define to 1 if you have the ANSI C header files. */
 #define STDC_HEADERS 1
 
+/* Use BSM audit module */
+/* #undef USE_BSM_AUDIT */
+
+/* Use btmp to log bad logins */
+/* #undef USE_BTMP */
+
+/* Use libedit for sftp */
+/* #undef USE_LIBEDIT */
+
 /* Define to 1 if your processor stores words with the most significant byte
    first (like Motorola and SPARC, unlike Intel and VAX). */
 /* #undef WORDS_BIGENDIAN */
@@ -1068,9 +1162,14 @@
 /* Define for large files, on AIX-style hosts. */
 /* #undef _LARGE_FILES */
 
-/* Define as `__inline' if that's what the C compiler calls it, or to nothing
-   if it is not supported. */
+/* log for bad login attempts */
+/* #undef _PATH_BTMP */
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+   calls it, or to nothing if 'inline' is not supported under any name.  */
+#ifndef __cplusplus
 /* #undef inline */
+#endif
 
 /* type to use in place of socklen_t if not defined */
 /* #undef socklen_t */
diff --git a/secure/lib/libssh/version.h b/secure/lib/libssh/version.h
index 12183cae77..5a21052c73 100644
--- a/secure/lib/libssh/version.h
+++ b/secure/lib/libssh/version.h
@@ -1,11 +1,12 @@
-/* $OpenBSD: version.h,v 1.41 2004/03/20 10:40:59 markus Exp $ */
-/* $DragonFly: src/secure/lib/libssh/version.h,v 1.2 2004/08/30 21:59:58 geekgod Exp $ */
+/* $OpenBSD: version.h,v 1.44 2005/03/16 21:17:39 markus Exp $ */
+/* $DragonFly: src/secure/lib/libssh/version.h,v 1.3 2005/07/11 22:49:45 corecode Exp $ */
 
 #ifndef SSH_VERSION
 
 #define SSH_VERSION             (ssh_version_get())
-#define SSH_VERSION_BASE        "OpenSSH_3.9p1"
-#define SSH_VERSION_ADDENDUM    "DragonFly-20040822"
+#define SSH_RELEASE		(ssh_version_get())
+#define SSH_VERSION_BASE        "OpenSSH_4.1p1"
+#define SSH_VERSION_ADDENDUM    "DragonFly-20050712"
 
 const char *ssh_version_get(void);
 void ssh_version_set_addendum(const char *add);
diff --git a/secure/usr.bin/ssh/readconf.c.patch b/secure/usr.bin/ssh/readconf.c.patch
index 6280d943e7..44a1b7ca93 100644
--- a/secure/usr.bin/ssh/readconf.c.patch
+++ b/secure/usr.bin/ssh/readconf.c.patch
@@ -1,6 +1,6 @@
-# $DragonFly: src/secure/usr.bin/ssh/Attic/readconf.c.patch,v 1.2 2004/08/30 21:59:58 geekgod Exp $
---- /home/sullrich/openssh-3.9p1/readconf.c	2004-07-17 06:12:08.000000000 +0000
-+++ readconf.c	2004-08-20 16:35:01.000000000 +0000
+$DragonFly: src/secure/usr.bin/ssh/Attic/readconf.c.patch,v 1.3 2005/07/11 22:49:45 corecode Exp $
+--- readconf.c.orig	2005-03-14 13:08:12.000000000 +0100
++++ readconf.c	2005-07-11 11:01:23.000000000 +0200
 @@ -25,6 +25,7 @@
  #include "misc.h"
  #include "kex.h"
@@ -14,7 +14,7 @@
  	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
  	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
 +	oVersionAddendum,
- 	oSendEnv, oControlPath, oControlMaster,
+ 	oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
  	oDeprecated, oUnsupported
  } OpCodes;
 @@ -194,6 +196,7 @@
@@ -25,7 +25,7 @@
  	{ "sendenv", oSendEnv },
  	{ "controlpath", oControlPath },
  	{ "controlmaster", oControlMaster },
-@@ -753,6 +756,13 @@
+@@ -772,6 +775,13 @@
  		intptr = &options->server_alive_count_max;
  		goto parse_int;
  
@@ -39,7 +39,7 @@
  	case oSendEnv:
  		while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
  			if (strchr(arg, '=') != NULL)
-@@ -962,7 +972,7 @@
+@@ -988,7 +998,7 @@
  	if (options->batch_mode == -1)
  		options->batch_mode = 0;
  	if (options->check_host_ip == -1)
diff --git a/secure/usr.bin/ssh/ssh.1.no_obj.patch b/secure/usr.bin/ssh/ssh.1.no_obj.patch
index 5ecdb88da4..6baeab5c30 100644
--- a/secure/usr.bin/ssh/ssh.1.no_obj.patch
+++ b/secure/usr.bin/ssh/ssh.1.no_obj.patch
@@ -1,4 +1,4 @@
-$DragonFly: src/secure/usr.bin/ssh/Attic/ssh.1.no_obj.patch,v 1.1 2004/07/31 20:05:00 geekgod Exp $
+$DragonFly: src/secure/usr.bin/ssh/Attic/ssh.1.no_obj.patch,v 1.2 2005/07/11 22:49:45 corecode Exp $
 --- ssh.1.orig	2004-03-08 13:12:36.000000000 +0100
 +++ ssh.1	2004-07-23 13:16:14.000000000 +0200
 @@ -105,7 +105,7 @@
@@ -10,15 +10,6 @@ $DragonFly: src/secure/usr.bin/ssh/Attic/ssh.1.no_obj.patch,v 1.1 2004/07/31 20:
  on the remote machine, and the user names are
  the same on both sides, the user is immediately permitted to log in.
  Second, if
-@@ -129,7 +129,7 @@
- .Pa $HOME/.shosts ,
- .Pa /etc/hosts.equiv ,
- or
--.Pa /etc/shosts.equiv ,
-+.Pa /etc/ssh/shosts.equiv ,
- and if additionally the server can verify the client's
- host key (see
- .Pa /etc/ssh/ssh_known_hosts
 @@ -332,6 +332,7 @@
  .Ev DISPLAY .
  Forwarding of X11 connections can be
diff --git a/secure/usr.sbin/sshd/auth2-pam-freebsd.c b/secure/usr.sbin/sshd/auth2-pam-freebsd.c
index 2d6c980ef0..9de5b03d15 100644
--- a/secure/usr.sbin/sshd/auth2-pam-freebsd.c
+++ b/secure/usr.sbin/sshd/auth2-pam-freebsd.c
@@ -29,7 +29,7 @@
  * SUCH DAMAGE.
  *
  * $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.1.2.6 2003/04/07 09:56:46 des Exp $
- * $DragonFly: src/secure/usr.sbin/sshd/Attic/auth2-pam-freebsd.c,v 1.2 2004/08/30 21:59:58 geekgod Exp $
+ * $DragonFly: src/secure/usr.sbin/sshd/Attic/auth2-pam-freebsd.c,v 1.3 2005/07/11 22:49:46 corecode Exp $
  */
 
 #include "includes.h"
@@ -549,6 +549,12 @@ do_pam_session(void)
 	sshpam_session_open = 1;
 }
 
+int
+is_pam_session_open(void)
+{
+	return sshpam_session_open;
+}
+
 void
 do_pam_setcred(int init)
 {
@@ -689,7 +695,7 @@ free_pam_environment(char **env)
  * display.
  */
 static int
-sshpam_passwd_conv(int n, struct pam_message **msg,
+sshpam_passwd_conv(int n, const struct pam_message **msg,
     struct pam_response **resp, void *data)
 {
         struct pam_response *reply;
diff --git a/secure/usr.sbin/sshd/loginrec.c.patch b/secure/usr.sbin/sshd/loginrec.c.patch
index ef1725d9eb..3847df6432 100644
--- a/secure/usr.sbin/sshd/loginrec.c.patch
+++ b/secure/usr.sbin/sshd/loginrec.c.patch
@@ -1,11 +1,12 @@
-$DragonFly: src/secure/usr.sbin/sshd/Attic/loginrec.c.patch,v 1.1 2004/07/31 20:05:00 geekgod Exp $
---- loginrec.c.orig	2004-07-23 14:26:51.000000000 +0200
-+++ loginrec.c	2004-07-23 14:20:00.000000000 +0200
-@@ -652,7 +652,8 @@
- 	/* Use strncpy because we don't necessarily want null termination */
- 	strncpy(ut->ut_name, li->username, MIN_SIZEOF(ut->ut_name, li->username));
+$DragonFly: src/secure/usr.sbin/sshd/Attic/loginrec.c.patch,v 1.2 2005/07/11 22:49:46 corecode Exp $
+--- loginrec.c.orig	2005-07-11 11:14:15.000000000 +0200
++++ loginrec.c	2005-07-11 11:13:37.000000000 +0200
+@@ -670,8 +670,8 @@
+ 	strncpy(ut->ut_name, li->username,
+ 	    MIN_SIZEOF(ut->ut_name, li->username));
  # ifdef HAVE_HOST_IN_UTMP
--	strncpy(ut->ut_host, li->hostname, MIN_SIZEOF(ut->ut_host, li->hostname));
+-	strncpy(ut->ut_host, li->hostname,
+-	    MIN_SIZEOF(ut->ut_host, li->hostname));
 +	realhostname_sa(ut->ut_host, sizeof ut->ut_host,
 +	    &li->hostaddr.sa, li->hostaddr.sa.sa_len);
  # endif
diff --git a/secure/usr.sbin/sshd/sshd_config.no_obj.patch b/secure/usr.sbin/sshd/sshd_config.no_obj.patch
index 1018e5cf0a..efa13704f4 100644
--- a/secure/usr.sbin/sshd/sshd_config.no_obj.patch
+++ b/secure/usr.sbin/sshd/sshd_config.no_obj.patch
@@ -1,12 +1,7 @@
-$DragonFly: src/secure/usr.sbin/sshd/Attic/sshd_config.no_obj.patch,v 1.2 2005/06/16 08:14:02 corecode Exp $
-Index: sshd_config
-===================================================================
-RCS file: /space/cvs/dragonfly/src/crypto/openssh-3.9p1/sshd_config,v
-retrieving revision 1.1
-diff -u -r1.1 sshd_config
---- sshd_config	30 Aug 2004 21:59:58 -0000	1.1
-+++ sshd_config	16 Jun 2005 08:11:07 -0000
-@@ -10,15 +10,19 @@
+$DragonFly: src/secure/usr.sbin/sshd/Attic/sshd_config.no_obj.patch,v 1.3 2005/07/11 22:49:46 corecode Exp $
+--- ../../../crypto/openssh-4/sshd_config	2005-01-20 00:57:56.000000000 +0100
++++ sshd_config	2005-07-11 23:39:43.000000000 +0200
+@@ -10,8 +10,13 @@
  # possible, but leave them commented.  Uncommented options change a
  # default value.
  
@@ -18,9 +13,10 @@ diff -u -r1.1 sshd_config
  #Port 22
 -#Protocol 2,1
 +#Protocol 2
+ #AddressFamily any
  #ListenAddress 0.0.0.0
  #ListenAddress ::
- 
+@@ -19,7 +24,6 @@
  # HostKey for protocol version 1
  #HostKey /etc/ssh/ssh_host_key
  # HostKeys for protocol version 2
@@ -28,7 +24,7 @@ diff -u -r1.1 sshd_config
  #HostKey /etc/ssh/ssh_host_dsa_key
  
  # Lifetime and size of ephemeral version 1 server key
-@@ -33,7 +37,7 @@
+@@ -34,7 +38,7 @@
  # Authentication:
  
  #LoginGraceTime 2m
@@ -37,7 +33,7 @@ diff -u -r1.1 sshd_config
  #StrictModes yes
  #MaxAuthTries 6
  
-@@ -55,7 +59,7 @@
+@@ -56,7 +60,7 @@
  #PasswordAuthentication yes
  #PermitEmptyPasswords no
  
@@ -46,7 +42,7 @@ diff -u -r1.1 sshd_config
  #ChallengeResponseAuthentication yes
  
  # Kerberos options
-@@ -80,7 +84,7 @@
+@@ -81,7 +85,7 @@
  
  #AllowTcpForwarding yes
  #GatewayPorts no
@@ -55,7 +51,7 @@ diff -u -r1.1 sshd_config
  #X11DisplayOffset 10
  #X11UseLocalhost yes
  #PrintMotd yes
-@@ -96,6 +100,9 @@
+@@ -97,6 +101,9 @@
  #PidFile /var/run/sshd.pid
  #MaxStartups 10
  
-- 
2.41.0