From e979a2dd511396e531ea2b435a4d1fe235bf3043 Mon Sep 17 00:00:00 2001 From: Simon Schubert Date: Thu, 28 Sep 2006 18:42:50 +0000 Subject: [PATCH] Update build infrastructure for openssh-4.4p1 --- secure/lib/libssh/Makefile | 12 +-- secure/lib/libssh/config.h | 72 +++++++++++++++-- .../libssh/openbsd-compat,port-tun.c.patch | 14 ++-- secure/lib/libssh/version.h | 6 +- secure/usr.bin/ssh/ssh_config.5.no_obj.patch | 16 ++-- secure/usr.sbin/sshd/Makefile | 4 +- secure/usr.sbin/sshd/auth-passwd-freebsd.c | 5 +- secure/usr.sbin/sshd/auth2.c.patch | 18 ++--- secure/usr.sbin/sshd/servconf.c.patch | 42 +++++----- secure/usr.sbin/sshd/session.c.patch | 37 +++++---- secure/usr.sbin/sshd/sshd.8.no_obj.patch | 78 +++++++++---------- secure/usr.sbin/sshd/sshd.c.patch | 20 ++--- .../usr.sbin/sshd/sshd_config.5.no_obj.patch | 36 ++++----- 13 files changed, 209 insertions(+), 151 deletions(-) diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile index 184e2d33a1..38d6da71dd 100644 --- a/secure/lib/libssh/Makefile +++ b/secure/lib/libssh/Makefile @@ -1,16 +1,16 @@ # $FreeBSD: src/secure/lib/libssh/Makefile,v 1.2.2.7 2003/02/03 17:31:12 des Exp $ -# $DragonFly: src/secure/lib/libssh/Makefile,v 1.8 2006/02/13 14:47:58 corecode Exp $ +# $DragonFly: src/secure/lib/libssh/Makefile,v 1.9 2006/09/28 18:42:50 corecode Exp $ LIB= ssh SHLIB_MAJOR= 4 -SRCS= acss.c authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c \ - cipher.c cipher-acss.c cipher-aes.c cipher-bf1.c cipher-ctr.c \ - cipher-3des1.c cleanup.c compat.c compress.c crc32.c deattack.c \ - fatal.c hostfile.c log.c match.c moduli.c nchan.c packet.c \ +SRCS= acss.c authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c \ + channels.c cipher.c cipher-acss.c cipher-aes.c cipher-bf1.c \ + cipher-ctr.c cipher-3des1.c cleanup.c compat.c compress.c crc32.c \ + deattack.c fatal.c hostfile.c log.c match.c moduli.c nchan.c packet.c \ readpass.c rsa.c ttymodes.c xmalloc.c atomicio.c \ key.c dispatch.c kex.c mac.c uuencode.c misc.c rijndael.c ssh-dss.c \ ssh-rsa.c dh.c kexdh.c kexgex.c kexdhc.c kexgexc.c scard.c msg.c \ - progressmeter.c dns.c scard-opensc.c getrrsetbyname.c + progressmeter.c dns.c scard-opensc.c getrrsetbyname.c uidswap.c # Portability layer SRCS+= bsd-misc.c entropy.c # FreeBSD additions diff --git a/secure/lib/libssh/config.h b/secure/lib/libssh/config.h index 9af9cd48a7..9a2c5722bc 100644 --- a/secure/lib/libssh/config.h +++ b/secure/lib/libssh/config.h @@ -1,4 +1,4 @@ -/* $DragonFly: src/secure/lib/libssh/config.h,v 1.8 2006/05/16 16:26:08 corecode Exp $ */ +/* $DragonFly: src/secure/lib/libssh/config.h,v 1.9 2006/09/28 18:42:50 corecode Exp $ */ /* config.h. Generated by configure. */ /* config.h.in. Generated from configure.ac by autoheader. */ @@ -125,7 +125,7 @@ #define GLOB_HAS_ALTDIRFUNC 1 /* Define if your system glob() function has gl_matchc options in glob_t */ -/* #undef GLOB_HAS_GL_MATCHC */ +#define GLOB_HAS_GL_MATCHC 1 /* Define this if you want GSSAPI support in the version 2 protocol */ /* #undef GSSAPI */ @@ -196,6 +196,9 @@ /* Define if your system uses ancillary data style file descriptor passing */ #define HAVE_CONTROL_IN_MSGHDR 1 +/* Define to 1 if you have the header file. */ +/* #undef HAVE_CRYPTO_SHA2_H */ + /* Define to 1 if you have the header file. */ /* #undef HAVE_CRYPT_H */ @@ -209,6 +212,10 @@ don't. */ /* #undef HAVE_DECL_AUTHENTICATE */ +/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you + don't. */ +#define HAVE_DECL_GLOB_NOMATCH 1 + /* Define to 1 if you have the declaration of `h_errno', and to 0 if you don't. */ #define HAVE_DECL_H_ERRNO 1 @@ -225,6 +232,10 @@ don't. */ /* #undef HAVE_DECL_LOGINSUCCESS */ +/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you + don't. */ +#define HAVE_DECL_O_NONBLOCK 1 + /* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you don't. */ /* #undef HAVE_DECL_PASSWDEXPIRED */ @@ -233,6 +244,14 @@ don't. */ /* #undef HAVE_DECL_SETAUTHDB */ +/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you + don't. */ +#define HAVE_DECL_SHUT_RD 1 + +/* Define to 1 if you have the declaration of `writev', and to 0 if you don't. + */ +#define HAVE_DECL_WRITEV 1 + /* Define to 1 if you have the declaration of `_getlong', and to 0 if you don't. */ #define HAVE_DECL__GETLONG 0 @@ -268,6 +287,9 @@ /* Define if your system has /etc/default/login */ /* #undef HAVE_ETC_DEFAULT_LOGIN */ +/* Define to 1 if you have the `EVP_sha256' function. */ +#define HAVE_EVP_SHA256 1 + /* Define if you have ut_exit in utmp.h */ /* #undef HAVE_EXIT_IN_UTMP */ @@ -277,6 +299,12 @@ /* Define to 1 if you have the `fchown' function. */ #define HAVE_FCHOWN 1 +/* Use F_CLOSEM fcntl for closefrom */ +/* #undef HAVE_FCNTL_CLOSEM */ + +/* Define to 1 if you have the header file. */ +#define HAVE_FCNTL_H 1 + /* Define to 1 if you have the header file. */ /* #undef HAVE_FEATURES_H */ @@ -340,6 +368,9 @@ /* Define to 1 if you have the `getrusage' function. */ #define HAVE_GETRUSAGE 1 +/* Define to 1 if you have the `getseuserbyname' function. */ +/* #undef HAVE_GETSEUSERBYNAME */ + /* Define to 1 if you have the `gettimeofday' function. */ #define HAVE_GETTIMEOFDAY 1 @@ -364,6 +395,9 @@ /* Define to 1 if you have the `getutxline' function. */ /* #undef HAVE_GETUTXLINE */ +/* Define to 1 if you have the `get_default_context_with_level' function. */ +/* #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL */ + /* Define to 1 if you have the `glob' function. */ #define HAVE_GLOB 1 @@ -538,6 +572,9 @@ /* Define to 1 if you have the header file. */ /* #undef HAVE_NETGROUP_H */ +/* Define to 1 if you have the header file. */ +#define HAVE_NET_IF_TUN_H 1 /* well, almost */ + /* Define if you are on NeXT */ /* #undef HAVE_NEXT */ @@ -701,6 +738,12 @@ /* Define to 1 if you have the `setvbuf' function. */ #define HAVE_SETVBUF 1 +/* Define to 1 if you have the `SHA256_Update' function. */ +#define HAVE_SHA256_UPDATE 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SHA2_H */ + /* Define to 1 if you have the header file. */ /* #undef HAVE_SHADOW_H */ @@ -1130,22 +1173,25 @@ /* Location of PRNGD/EGD random number socket */ /* #undef PRNGD_SOCKET */ +/* read(1) can return 0 for a non-closed fd */ +/* #undef PTY_ZEROREAD */ + /* Define if your platform breaks doing a seteuid before a setuid */ /* #undef SETEUID_BREAKS_SETUID */ -/* The size of a `char', as computed by sizeof. */ +/* The size of `char', as computed by sizeof. */ #define SIZEOF_CHAR 1 -/* The size of a `int', as computed by sizeof. */ +/* The size of `int', as computed by sizeof. */ #define SIZEOF_INT 4 -/* The size of a `long int', as computed by sizeof. */ +/* The size of `long int', as computed by sizeof. */ #define SIZEOF_LONG_INT 4 -/* The size of a `long long int', as computed by sizeof. */ +/* The size of `long long int', as computed by sizeof. */ #define SIZEOF_LONG_LONG_INT 8 -/* The size of a `short int', as computed by sizeof. */ +/* The size of `short int', as computed by sizeof. */ #define SIZEOF_SHORT_INT 2 /* Define if you want S/Key support */ @@ -1200,6 +1246,9 @@ /* Define if you want a different $PATH for the superuser */ /* #undef SUPERUSER_PATH */ +/* syslog_r function is safe to use in in a signal handler */ +/* #undef SYSLOG_R_SAFE_IN_SIGHAND */ + /* Support passwords > 8 chars */ /* #undef UNIXWARE_LONG_PASSWORDS */ @@ -1221,6 +1270,9 @@ /* Define if you want smartcard support using OpenSC */ /* #undef USE_OPENSC */ +/* Enable OpenSSL engine support */ +/* #undef USE_OPENSSL_ENGINE */ + /* Define if you want to enable PAM support */ #define USE_PAM 1 @@ -1230,6 +1282,9 @@ /* Define if you want smartcard support using sectok */ /* #undef USE_SECTOK */ +/* Define if you have Solaris process contracts */ +/* #undef USE_SOLARIS_PROCESS_CONTRACTS */ + /* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */ /* #undef WITH_ABBREV_NO_TTY */ @@ -1249,6 +1304,9 @@ /* Define if you want IRIX project management */ /* #undef WITH_IRIX_PROJECT */ +/* Define if you want SELinux support. */ +/* #undef WITH_SELINUX */ + /* Define to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel and VAX). */ /* #undef WORDS_BIGENDIAN */ diff --git a/secure/lib/libssh/openbsd-compat,port-tun.c.patch b/secure/lib/libssh/openbsd-compat,port-tun.c.patch index ba66aaf152..845aabbf92 100644 --- a/secure/lib/libssh/openbsd-compat,port-tun.c.patch +++ b/secure/lib/libssh/openbsd-compat,port-tun.c.patch @@ -1,12 +1,12 @@ -$DragonFly: src/secure/lib/libssh/Attic/openbsd-compat,port-tun.c.patch,v 1.1 2006/02/13 14:47:58 corecode Exp $ ---- port-tun.c 2006-01-01 11:15:51.000000000 +0100 -+++ port-tun.c 2006-02-12 23:37:21.000000000 +0100 -@@ -93,7 +93,7 @@ - #ifdef SSH_TUN_FREEBSD - #include +$DragonFly: src/secure/lib/libssh/Attic/openbsd-compat,port-tun.c.patch,v 1.2 2006/09/28 18:42:50 corecode Exp $ +--- port-tun.c 2006-09-02 07:32:40.000000000 +0200 ++++ port-tun.c 2006-09-28 19:39:51.000000000 +0200 +@@ -110,7 +110,7 @@ #include + + #ifdef HAVE_NET_IF_TUN_H -#include +#include + #endif int - sys_tun_open(int tun, int mode) diff --git a/secure/lib/libssh/version.h b/secure/lib/libssh/version.h index fada8315ed..2648c73afa 100644 --- a/secure/lib/libssh/version.h +++ b/secure/lib/libssh/version.h @@ -1,12 +1,12 @@ /* $OpenBSD: version.h,v 1.46 2006/02/01 11:27:22 markus Exp $ */ -/* $DragonFly: src/secure/lib/libssh/version.h,v 1.4 2006/02/13 14:47:58 corecode Exp $ */ +/* $DragonFly: src/secure/lib/libssh/version.h,v 1.5 2006/09/28 18:42:50 corecode Exp $ */ #ifndef SSH_VERSION #define SSH_VERSION (ssh_version_get()) #define SSH_RELEASE (ssh_version_get()) -#define SSH_VERSION_BASE "OpenSSH_4.3p2" -#define SSH_VERSION_ADDENDUM "DragonFly-20060212" +#define SSH_VERSION_BASE "OpenSSH_4.4p1" +#define SSH_VERSION_ADDENDUM "DragonFly-20060928" const char *ssh_version_get(void); void ssh_version_set_addendum(const char *add); diff --git a/secure/usr.bin/ssh/ssh_config.5.no_obj.patch b/secure/usr.bin/ssh/ssh_config.5.no_obj.patch index 9731a92657..c5d22d6b62 100644 --- a/secure/usr.bin/ssh/ssh_config.5.no_obj.patch +++ b/secure/usr.bin/ssh/ssh_config.5.no_obj.patch @@ -1,7 +1,7 @@ -$DragonFly: src/secure/usr.bin/ssh/Attic/ssh_config.5.no_obj.patch,v 1.1 2004/07/31 20:05:00 geekgod Exp $ ---- ssh_config.5.orig 2004-03-08 13:12:36.000000000 +0100 -+++ ssh_config.5 2004-07-23 13:16:14.000000000 +0200 -@@ -161,7 +161,7 @@ +$DragonFly: src/secure/usr.bin/ssh/Attic/ssh_config.5.no_obj.patch,v 1.2 2006/09/28 18:42:50 corecode Exp $ +--- ssh_config.5 2006-08-05 03:34:51.000000000 +0200 ++++ ssh_config.5 2006-09-28 19:50:01.000000000 +0200 +@@ -165,7 +165,7 @@ .Dq no , the check will not be executed. The default is @@ -10,10 +10,10 @@ $DragonFly: src/secure/usr.bin/ssh/Attic/ssh_config.5.no_obj.patch,v 1.1 2004/07 .It Cm Cipher Specifies the cipher to use for encrypting the session in protocol version 1. -@@ -714,6 +714,11 @@ - The default is - .Dq no . - Note that this option applies to protocol version 2 only. +@@ -1035,6 +1035,11 @@ + .Sx VERIFYING HOST KEYS + in + .Xr ssh 1 . +.It Cm VersionAddendum +Specifies a string to append to the regular version string to identify +OS- or site-specific modifications. diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index 421580ac5d..c235976e7c 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -1,5 +1,5 @@ # $FreeBSD: src/secure/usr.sbin/sshd/Makefile,v 1.5.2.9 2003/02/03 17:31:12 des Exp $ -# $DragonFly: src/secure/usr.sbin/sshd/Makefile,v 1.12 2005/09/06 18:55:35 dillon Exp $ +# $DragonFly: src/secure/usr.sbin/sshd/Makefile,v 1.13 2006/09/28 18:42:50 corecode Exp $ # PROG= sshd @@ -10,7 +10,7 @@ SRCS= sshd.c auth-rhosts.c auth-pam.c auth-passwd.c auth-rsa.c \ auth-bsdauth.c auth2-hostbased.c \ auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c \ monitor_mm.c monitor.c monitor_wrap.c monitor_fdpass.c \ - kexdhs.c kexgexs.c misc.c dh.c kex.c channels.c + kexdhs.c kexgexs.c misc.c dh.c kex.c channels.c platform.c # Portability layer SRCS+= loginrec.c xmmap.c diff --git a/secure/usr.sbin/sshd/auth-passwd-freebsd.c b/secure/usr.sbin/sshd/auth-passwd-freebsd.c index 1ef70c2bce..0fcddc3736 100644 --- a/secure/usr.sbin/sshd/auth-passwd-freebsd.c +++ b/secure/usr.sbin/sshd/auth-passwd-freebsd.c @@ -1,9 +1,12 @@ /* - * $DragonFly: src/secure/usr.sbin/sshd/auth-passwd-freebsd.c,v 1.1 2004/07/31 20:05:00 geekgod Exp $ + * $DragonFly: src/secure/usr.sbin/sshd/auth-passwd-freebsd.c,v 1.2 2006/09/28 18:42:50 corecode Exp $ */ #include +#include "buffer.h" +#include "key.h" +#include "hostfile.h" #include "auth.h" int diff --git a/secure/usr.sbin/sshd/auth2.c.patch b/secure/usr.sbin/sshd/auth2.c.patch index 72ab7c6f5a..b626e6dfe5 100644 --- a/secure/usr.sbin/sshd/auth2.c.patch +++ b/secure/usr.sbin/sshd/auth2.c.patch @@ -1,15 +1,15 @@ -$DragonFly: src/secure/usr.sbin/sshd/Attic/auth2.c.patch,v 1.1 2004/07/31 20:05:00 geekgod Exp $ ---- auth2.c.orig 2004-07-23 14:26:51.000000000 +0200 -+++ auth2.c 2004-07-23 14:20:00.000000000 +0200 -@@ -25,6 +25,7 @@ - #include "includes.h" - RCSID("$OpenBSD: auth2.c,v 1.104 2003/11/04 08:54:09 djm Exp $"); +$DragonFly: src/secure/usr.sbin/sshd/Attic/auth2.c.patch,v 1.2 2006/09/28 18:42:50 corecode Exp $ +--- auth2.c 2006-08-05 04:39:39.000000000 +0200 ++++ auth2.c 2006-09-28 19:53:14.000000000 +0200 +@@ -32,6 +32,7 @@ + #include + #include "xmalloc.h" +#include "canohost.h" #include "ssh2.h" - #include "xmalloc.h" #include "packet.h" -@@ -134,6 +135,13 @@ + #include "log.h" +@@ -147,6 +148,13 @@ Authmethod *m = NULL; char *user, *service, *method, *style = NULL; int authenticated = 0; @@ -23,7 +23,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/auth2.c.patch,v 1.1 2004/07/31 20:05: if (authctxt == NULL) fatal("input_userauth_request: no authctxt"); -@@ -178,6 +186,27 @@ +@@ -190,6 +198,27 @@ "(%s,%s) -> (%s,%s)", authctxt->user, authctxt->service, user, service); } diff --git a/secure/usr.sbin/sshd/servconf.c.patch b/secure/usr.sbin/sshd/servconf.c.patch index 1cf4c22bda..1f31120789 100644 --- a/secure/usr.sbin/sshd/servconf.c.patch +++ b/secure/usr.sbin/sshd/servconf.c.patch @@ -1,7 +1,7 @@ -# $DragonFly: src/secure/usr.sbin/sshd/Attic/servconf.c.patch,v 1.2 2004/08/30 21:59:58 geekgod Exp $ ---- /home/sullrich/openssh-3.9p1/servconf.c 2004-08-13 11:30:24.000000000 +0000 -+++ servconf.c 2004-08-20 17:23:25.000000000 +0000 -@@ -116,7 +116,7 @@ +$DragonFly: src/secure/usr.sbin/sshd/Attic/servconf.c.patch,v 1.3 2006/09/28 18:42:50 corecode Exp $ +--- servconf.c 2006-08-18 16:23:15.000000000 +0200 ++++ servconf.c 2006-09-28 19:55:05.000000000 +0200 +@@ -133,7 +133,7 @@ /* Standard Options */ if (options->protocol == SSH_PROTO_UNKNOWN) @@ -10,7 +10,7 @@ if (options->num_host_key_files == 0) { /* fill default hostkeys for protocols */ if (options->protocol & SSH_PROTO_1) -@@ -124,8 +124,6 @@ +@@ -141,8 +141,6 @@ _PATH_HOST_KEY_FILE; if (options->protocol & SSH_PROTO_2) { options->host_key_files[options->num_host_key_files++] = @@ -19,7 +19,7 @@ _PATH_HOST_DSA_KEY_FILE; } } -@@ -142,7 +140,7 @@ +@@ -159,7 +157,7 @@ if (options->key_regeneration_time == -1) options->key_regeneration_time = 3600; if (options->permit_root_login == PERMIT_NOT_SET) @@ -28,7 +28,7 @@ if (options->ignore_rhosts == -1) options->ignore_rhosts = 1; if (options->ignore_user_known_hosts == -1) -@@ -152,7 +150,7 @@ +@@ -169,7 +167,7 @@ if (options->print_lastlog == -1) options->print_lastlog = 1; if (options->x11_forwarding == -1) @@ -37,25 +37,25 @@ if (options->x11_display_offset == -1) options->x11_display_offset = 10; if (options->x11_use_localhost == -1) -@@ -272,6 +270,7 @@ - sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, +@@ -293,6 +291,7 @@ + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, + sMatch, sPermitOpen, sForceCommand, sUsePrivilegeSeparation, + sVersionAddendum, sDeprecated, sUnsupported } ServerOpCodes; -@@ -371,6 +370,7 @@ - { "authorizedkeysfile", sAuthorizedKeysFile }, - { "authorizedkeysfile2", sAuthorizedKeysFile2 }, - { "useprivilegeseparation", sUsePrivilegeSeparation}, -+ { "versionaddendum", sVersionAddendum }, - { "acceptenv", sAcceptEnv }, - { NULL, sBadOption } - }; -@@ -915,6 +915,13 @@ - } - break; +@@ -398,6 +397,7 @@ + { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL }, + { "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL }, + { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL }, ++ { "versionaddendum", sVersionAddendum , SSHCFG_GLOBAL }, + { "acceptenv", sAcceptEnv, SSHCFG_GLOBAL }, + { "permittunnel", sPermitTunnel, SSHCFG_GLOBAL }, + { "match", sMatch, SSHCFG_ALL }, +@@ -1253,6 +1253,13 @@ + options->adm_forced_command = xstrdup(cp + len); + return 0; + case sVersionAddendum: + ssh_version_set_addendum(strtok(cp, "\n")); diff --git a/secure/usr.sbin/sshd/session.c.patch b/secure/usr.sbin/sshd/session.c.patch index 9ec0a899b6..c160431065 100644 --- a/secure/usr.sbin/sshd/session.c.patch +++ b/secure/usr.sbin/sshd/session.c.patch @@ -1,7 +1,7 @@ -$DragonFly: src/secure/usr.sbin/sshd/Attic/session.c.patch,v 1.1 2004/07/31 20:05:00 geekgod Exp $ ---- session.c.orig 2004-07-23 14:26:51.000000000 +0200 -+++ session.c 2004-07-23 14:20:00.000000000 +0200 -@@ -748,6 +748,24 @@ +$DragonFly: src/secure/usr.sbin/sshd/Attic/session.c.patch,v 1.2 2006/09/28 18:42:50 corecode Exp $ +--- session.c 2006-09-01 07:38:37.000000000 +0200 ++++ session.c 2006-09-28 20:03:43.000000000 +0200 +@@ -776,6 +776,24 @@ { FILE *f; char buf[256]; @@ -26,19 +26,18 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/session.c.patch,v 1.1 2004/07/31 20:0 if (options.print_motd) { #ifdef HAVE_LOGIN_CAP -@@ -972,6 +990,10 @@ - char buf[256]; - u_int i, envsize; - char **env, *laddr, *path = NULL; -+#ifdef HAVE_LOGIN_CAP +@@ -1004,6 +1022,9 @@ + struct passwd *pw = s->pw; + #ifndef HAVE_LOGIN_CAP + char *path = NULL; ++#else + extern char **environ; + char **senv, **var; -+#endif - struct passwd *pw = s->pw; + #endif /* Initialize the environment. */ -@@ -987,6 +1009,9 @@ - copy_environment(environ, &env, &envsize); +@@ -1025,6 +1046,9 @@ + } #endif + if (getenv("TZ")) @@ -47,7 +46,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/session.c.patch,v 1.1 2004/07/31 20:0 #ifdef GSSAPI /* Allow any GSSAPI methods that we've used to alter * the childs environment as they see fit -@@ -1002,11 +1027,22 @@ +@@ -1044,11 +1068,22 @@ child_set_env(&env, &envsize, "LOGIN", pw->pw_name); #endif child_set_env(&env, &envsize, "HOME", pw->pw_dir); @@ -74,7 +73,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/session.c.patch,v 1.1 2004/07/31 20:0 #else /* HAVE_LOGIN_CAP */ # ifndef HAVE_CYGWIN /* -@@ -1027,15 +1063,9 @@ +@@ -1069,15 +1104,9 @@ # endif /* HAVE_CYGWIN */ #endif /* HAVE_LOGIN_CAP */ @@ -90,7 +89,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/session.c.patch,v 1.1 2004/07/31 20:0 /* Set custom environment options from RSA authentication. */ if (!options.use_login) { -@@ -1255,7 +1285,7 @@ +@@ -1314,7 +1343,7 @@ } # endif /* USE_PAM */ if (setusercontext(lc, pw, pw->pw_uid, @@ -99,7 +98,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/session.c.patch,v 1.1 2004/07/31 20:0 perror("unable to set user context"); exit(1); } -@@ -1391,6 +1421,9 @@ +@@ -1472,6 +1501,9 @@ char *argv[10]; const char *shell, *shell0, *hostname = NULL; struct passwd *pw = s->pw; @@ -109,7 +108,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/session.c.patch,v 1.1 2004/07/31 20:0 /* remove hostkey from the child's memory */ destroy_sensitive_data(); -@@ -1461,6 +1494,10 @@ +@@ -1559,6 +1591,10 @@ */ environ = env; @@ -120,7 +119,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/session.c.patch,v 1.1 2004/07/31 20:0 #if defined(KRB5) && defined(USE_AFS) /* * At this point, we check to see if AFS is active and if we have -@@ -1492,7 +1529,7 @@ +@@ -1590,7 +1626,7 @@ fprintf(stderr, "Could not chdir to home directory %s: %s\n", pw->pw_dir, strerror(errno)); #ifdef HAVE_LOGIN_CAP diff --git a/secure/usr.sbin/sshd/sshd.8.no_obj.patch b/secure/usr.sbin/sshd/sshd.8.no_obj.patch index 5f533098b2..ffb2da5390 100644 --- a/secure/usr.sbin/sshd/sshd.8.no_obj.patch +++ b/secure/usr.sbin/sshd/sshd.8.no_obj.patch @@ -1,16 +1,16 @@ -$DragonFly: src/secure/usr.sbin/sshd/Attic/sshd.8.no_obj.patch,v 1.1 2004/07/31 20:05:00 geekgod Exp $ ---- sshd.8.orig 2004-07-23 14:26:51.000000000 +0200 -+++ sshd.8 2004-07-23 14:20:00.000000000 +0200 -@@ -67,7 +67,7 @@ +$DragonFly: src/secure/usr.sbin/sshd/Attic/sshd.8.no_obj.patch,v 1.2 2006/09/28 18:42:50 corecode Exp $ +--- sshd.8 2006-08-30 03:07:01.000000000 +0200 ++++ sshd.8 2006-09-28 20:06:19.000000000 +0200 +@@ -65,7 +65,7 @@ .Nm - is the daemon that listens for connections from clients. + listens for connections from clients. It is normally started at boot from -.Pa /etc/rc . +.Pa /etc/rc.d/sshd . It forks a new daemon for each incoming connection. The forked daemons handle -@@ -253,8 +253,6 @@ +@@ -138,8 +138,6 @@ The default is .Pa /etc/ssh/ssh_host_key for protocol version 1, and @@ -19,7 +19,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/sshd.8.no_obj.patch,v 1.1 2004/07/31 .Pa /etc/ssh/ssh_host_dsa_key for protocol version 2. It is possible to have multiple host key files for -@@ -365,8 +363,9 @@ +@@ -342,8 +340,9 @@ If the login is on a tty, records login time. .It Checks @@ -31,7 +31,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/sshd.8.no_obj.patch,v 1.1 2004/07/31 (unless root). .It Changes to run with normal user privileges. -@@ -388,11 +387,12 @@ +@@ -365,11 +364,12 @@ exists, runs it; else if .Pa /etc/ssh/sshrc exists, runs @@ -43,44 +43,44 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/sshd.8.no_obj.patch,v 1.1 2004/07/31 files are given the X11 -authentication protocol and cookie in standard input. +authentication protocol and cookie (if applicable) in standard input. - .It - Runs user's shell or command. - .El -@@ -596,15 +596,15 @@ - .Nm sshd . - The file format and configuration options are described in - .Xr sshd_config 5 . --.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key + See + .Sx SSHRC , + below. +@@ -734,7 +734,7 @@ + .Xr ssh 1 ) . + It should only be writable by root. + .Pp +-.It /etc/moduli ++.It /etc/ssh/moduli + Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". + The file format is described in + .Xr moduli 5 . +@@ -752,7 +752,7 @@ + refused. + The file should be world-readable. + .Pp +-.It /etc/shosts.equiv ++.It /etc/ssh/shosts.equiv + This file is used in exactly the same way as + .Pa hosts.equiv , + but allows host-based authentication without permitting login with +@@ -769,8 +769,7 @@ + .Pp + .It /etc/ssh/ssh_host_key + .It /etc/ssh/ssh_host_dsa_key +-.It /etc/ssh/ssh_host_rsa_key -These three files contain the private parts of the host keys. -+.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key +These two files contain the private parts of the host keys. These files should only be owned by root, readable only by root, and not accessible to others. Note that - .Nm - does not start if this file is group/world-accessible. --.It Pa /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_rsa_key.pub +@@ -779,8 +778,7 @@ + .Pp + .It /etc/ssh/ssh_host_key.pub + .It /etc/ssh/ssh_host_dsa_key.pub +-.It /etc/ssh/ssh_host_rsa_key.pub -These three files contain the public parts of the host keys. -+.It Pa /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub +These two files contain the public parts of the host keys. These files should be world-readable but writable only by root. Their contents should match the respective private parts. -@@ -613,7 +613,7 @@ - the user so their contents can be copied to known hosts files. - These files are created using - .Xr ssh-keygen 1 . --.It Pa /etc/moduli -+.It Pa /etc/ssh/moduli - Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". - The file format is described in - .Xr moduli 5 . -@@ -725,7 +725,7 @@ - of is in negative entries. - .Pp - Note that this warning also applies to rsh/rlogin. --.It Pa /etc/shosts.equiv -+.It Pa /etc/ssh/shosts.equiv - This is processed exactly as - .Pa /etc/hosts.equiv . - However, this file may be useful in environments that want to run both diff --git a/secure/usr.sbin/sshd/sshd.c.patch b/secure/usr.sbin/sshd/sshd.c.patch index dbd9d36ac1..e6af307fcd 100644 --- a/secure/usr.sbin/sshd/sshd.c.patch +++ b/secure/usr.sbin/sshd/sshd.c.patch @@ -1,7 +1,7 @@ -# $DragonFly: src/secure/usr.sbin/sshd/Attic/sshd.c.patch,v 1.2 2004/08/30 21:59:58 geekgod Exp $ ---- ./sshd.c 2004-08-12 13:08:15.000000000 +0000 -+++ /home/sullrich/openssh-3.9p1/sshd.c 2004-08-19 17:37:10.000000000 +0000 -@@ -53,6 +53,10 @@ +$DragonFly: src/secure/usr.sbin/sshd/Attic/sshd.c.patch,v 1.3 2006/09/28 18:42:50 corecode Exp $ +--- sshd.c 2006-09-17 06:04:46.000000000 +0200 ++++ sshd.c 2006-09-28 19:58:34.000000000 +0200 +@@ -80,6 +80,10 @@ #include #endif @@ -9,12 +9,12 @@ +#include +#endif + + #include "xmalloc.h" #include "ssh.h" #include "ssh1.h" - #include "ssh2.h" -@@ -1623,6 +1627,17 @@ - sizeof(on)) < 0) - error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); +@@ -1630,6 +1634,17 @@ + /* This is the child processing a new connection. */ + setproctitle("%s", "[accepted]"); +#ifdef __DragonFly__ + /* @@ -28,5 +28,5 @@ +#endif + /* - * Register our connection. This turns encryption off because we do - * not have a key. + * Create a new session and process group since the 4.4BSD + * setlogin() affects the entire process group. We don't diff --git a/secure/usr.sbin/sshd/sshd_config.5.no_obj.patch b/secure/usr.sbin/sshd/sshd_config.5.no_obj.patch index 5f62afd163..37082eac3a 100644 --- a/secure/usr.sbin/sshd/sshd_config.5.no_obj.patch +++ b/secure/usr.sbin/sshd/sshd_config.5.no_obj.patch @@ -1,17 +1,15 @@ -$DragonFly: src/secure/usr.sbin/sshd/Attic/sshd_config.5.no_obj.patch,v 1.1 2004/07/31 20:05:00 geekgod Exp $ ---- sshd_config.5.orig 2004-07-23 14:26:51.000000000 +0200 -+++ sshd_config.5 2004-07-23 14:26:49.000000000 +0200 -@@ -122,10 +122,17 @@ +$DragonFly: src/secure/usr.sbin/sshd/Attic/sshd_config.5.no_obj.patch,v 1.2 2006/09/28 18:42:50 corecode Exp $ +--- sshd_config.5 2006-08-30 03:06:34.000000000 +0200 ++++ sshd_config.5 2006-09-28 20:08:26.000000000 +0200 +@@ -169,9 +169,16 @@ By default, no banner is displayed. - .Pp .It Cm ChallengeResponseAuthentication --Specifies whether challenge response authentication is allowed. + Specifies whether challenge-response authentication is allowed. -All authentication styles from -.Xr login.conf 5 -are supported. -+Specifies whether challenge-response authentication is allowed. +Specifically, in -+.Fx , ++.Dx , +this controls the use of PAM (see +.Xr pam 3 ) +for authentication. @@ -23,7 +21,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/sshd_config.5.no_obj.patch,v 1.1 2004 The default is .Dq yes . .It Cm Ciphers -@@ -251,8 +258,6 @@ +@@ -358,8 +365,6 @@ The default is .Pa /etc/ssh/ssh_host_key for protocol version 1, and @@ -32,7 +30,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/sshd_config.5.no_obj.patch,v 1.1 2004 .Pa /etc/ssh/ssh_host_dsa_key for protocol version 2. Note that -@@ -277,7 +282,7 @@ +@@ -384,7 +389,7 @@ .Pp .Pa /etc/hosts.equiv and @@ -41,7 +39,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/sshd_config.5.no_obj.patch,v 1.1 2004 are still used. The default is .Dq yes . -@@ -415,6 +420,20 @@ +@@ -555,6 +560,20 @@ Specifies whether password authentication is allowed. The default is .Dq yes . @@ -62,7 +60,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/sshd_config.5.no_obj.patch,v 1.1 2004 .It Cm PermitEmptyPasswords When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings. -@@ -430,7 +449,14 @@ +@@ -597,7 +616,14 @@ or .Dq no . The default is @@ -77,9 +75,9 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/sshd_config.5.no_obj.patch,v 1.1 2004 +.Dq without-password . .Pp If this option is set to - .Dq without-password -@@ -506,7 +532,7 @@ - .Dq 2 . + .Dq without-password , +@@ -690,7 +716,7 @@ + .Sq 2 . Multiple versions must be comma-separated. The default is -.Dq 2,1 . @@ -87,7 +85,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/sshd_config.5.no_obj.patch,v 1.1 2004 Note that the order of the protocol list does not indicate preference, because the client selects among multiple protocol versions offered by the server. -@@ -520,7 +546,9 @@ +@@ -704,7 +730,9 @@ .Dq yes . Note that this option applies to protocol version 2 only. .It Cm RhostsRSAAuthentication @@ -98,7 +96,7 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/sshd_config.5.no_obj.patch,v 1.1 2004 with successful RSA host authentication is allowed. The default is .Dq no . -@@ -626,6 +654,11 @@ +@@ -826,6 +854,11 @@ escalation by containing any corruption within the unprivileged processes. The default is .Dq yes . @@ -109,8 +107,8 @@ $DragonFly: src/secure/usr.sbin/sshd/Attic/sshd_config.5.no_obj.patch,v 1.1 2004 +.Dq DragonFly-20040710 . .It Cm X11DisplayOffset Specifies the first display number available for - .Nm sshd Ns 's -@@ -641,7 +674,7 @@ + .Xr sshd 8 Ns 's +@@ -839,7 +872,7 @@ or .Dq no . The default is -- 2.41.0