svn commit: r315920 - in head/security/openssh-portable: . files
Bryan Drewery
bdrewery at FreeBSD.org
Wed Apr 17 00:35:36 UTC 2013
Author: bdrewery
Date: Wed Apr 17 00:35:31 2013
New Revision: 315920
URL: http://svnweb.freebsd.org/changeset/ports/315920
Log:
- Remove compatibiliy for FreeBSD <4.x
* /var/empty has been in hier(7) since 4.x
* User sshd has been in base since 4.x
* Simplify a patch for realhostname_sa(3) usage
- Remove SUID_SSH - It was removed from ssh in 2002
- Fix 'make test'
- Add some hints into the patches on where they came from
- Mirror all patches
- Move LPK patch out of files/
- Remove the need for 2 patches
* Removal of 'host-key check-config' in install phase
* Adding -lutil
- Add SCTP support [1]
- Remove FILECONTROL as it has not been supported since the 5.8
update
- Replace tab with space pkg-descr
- Remove default WRKSRC
- Add 'configtest' command to rc script
- Mark X509 broken with other patches due to PATCH_DIST_STRIP=-p1
PR: ports/174570 [1]
Submitted by: oleg <proler at gmail.com> [1]
Obtained from: https://bugzilla.mindrot.org/show_bug.cgi?id=2016 (upstream) [1]
Feature safe: yes
Deleted:
head/security/openssh-portable/files/extra-patch-configure
head/security/openssh-portable/files/openssh-lpk-5.8p2.patch
head/security/openssh-portable/files/patch-Makefile.in
Modified:
head/security/openssh-portable/Makefile
head/security/openssh-portable/distinfo
head/security/openssh-portable/files/openssh.in
head/security/openssh-portable/files/patch-auth.c
head/security/openssh-portable/files/patch-auth1.c
head/security/openssh-portable/files/patch-auth2.c
head/security/openssh-portable/files/patch-loginrec.c
head/security/openssh-portable/files/patch-readconf.c
head/security/openssh-portable/files/patch-servconf.c
head/security/openssh-portable/files/patch-session.c
head/security/openssh-portable/files/patch-ssh-agent.c
head/security/openssh-portable/files/patch-ssh.c
head/security/openssh-portable/files/patch-ssh_config
head/security/openssh-portable/files/patch-ssh_config.5
head/security/openssh-portable/files/patch-sshd.8
head/security/openssh-portable/files/patch-sshd.c
head/security/openssh-portable/files/patch-sshd_config
head/security/openssh-portable/files/patch-sshd_config.5
head/security/openssh-portable/pkg-descr
head/security/openssh-portable/pkg-plist
Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/Makefile Wed Apr 17 00:35:31 2013 (r315920)
@@ -13,8 +13,6 @@ PKGNAMESUFFIX= -portable
MAINTAINER= bdrewery at FreeBSD.org
COMMENT= The portable version of OpenBSD's OpenSSH
-WRKSRC= ${WRKDIR}/${PORTNAME}-${DISTVERSION}
-
MAN1= sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1
MLINKS= ssh.1 slogin.1
MAN5= moduli.5 ssh_config.5 sshd_config.5
@@ -22,7 +20,12 @@ MAN8= sftp-server.8 sshd.8 ssh-keysign.8
CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.*
+# XXX: ports/52706 will allow using DEFAULT,x509,gsskex here.
+PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/ \
+ http://mirror.shatow.net/freebsd/${PORTNAME}/:x509,gsskex
+
USE_PERL5_BUILD= yes
+USE_AUTOTOOLS= autoconf autoheader
USE_OPENSSL= yes
GNU_CONFIGURE= yes
CONFIGURE_ENV= ac_cv_func_strnvis=no
@@ -36,37 +39,46 @@ ETCOLD= ${PREFIX}/etc
SUDO?= # empty
MAKE_ENV+= SUDO="${SUDO}"
-OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT SUID_SSH BSM KERBEROS \
- KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 FILECONTROL \
- OVERWRITE_BASE
+OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT BSM KERBEROS \
+ KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 \
+ OVERWRITE_BASE SCTP
OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS
TCP_WRAPPERS_DESC= Enable tcp_wrappers support
-SUID_SSH_DESC= Enable suid SSH (Recommended off)
BSM_DESC= Enable OpenBSM Auditing
KERB_GSSAPI_DESC= Enable Kerberos/GSSAPI patch (req: GSSAPI)
OPENSSH_CHROOT_DESC= Enable CHROOT support
HPN_DESC= Enable HPN-SSH patch
LPK_DESC= Enable LDAP Public Key (LPK) patch
X509_DESC= Enable x509 certificate patch
-FILECONTROL_DESC= Enable file control patch (broken)
+SCTP_DESC= Enable SCTP support
OVERWRITE_BASE_DESC= OpenSSH overwrite base
.include <bsd.port.pre.mk>
.if ${OSVERSION} >= 900000
-EXTRA_PATCHES= ${FILESDIR}/extra-patch-configure
+CONFIGURE_LIBS+= -lutil
.endif
.if ${OSVERSION} >= 900007
CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog
.endif
-.if ${PORT_OPTIONS:MX509} && ${PORT_OPTIONS:MHPN}
-BROKEN= X509 patches and HPN patches do not apply cleanly together
-.endif
+.if ${PORT_OPTIONS:MX509}
+. if ${PORT_OPTIONS:MHPN}
+BROKEN= X509 patch and HPN patch do not apply cleanly together
+. endif
-.if ${PORT_OPTIONS:MX509} && ${PORT_OPTIONS:MKERB_GSSAPI}
+. if ${PORT_OPTIONS:MKERB_GSSAPI}
BROKEN= X509 patch incompatible with KERB_GSSAPI patch
+. endif
+
+. if ${PORT_OPTIONS:MSCTP}
+BROKEN= X509 patch and SCTP patch do not apply cleanly together
+. endif
+
+. if ${PORT_OPTIONS:MLPK}
+BROKEN= X509 patch and LPK patch do not apply cleanly together
+. endif
.endif
.if defined(OPENSSH_OVERWRITE_BASE)
@@ -85,10 +97,6 @@ CONFIGURE_ARGS+= --with-tcp-wrappers
CONFIGURE_ARGS+= --with-libedit
.endif
-.if !${PORT_OPTIONS:MSUID_SSH}
-CONFIGURE_ARGS+= --disable-suid-ssh
-.endif
-
.if ${PORT_OPTIONS:MBSM}
CONFIGURE_ARGS+= --with-audit=bsm
.endif
@@ -97,8 +105,8 @@ CONFIGURE_ARGS+= --with-audit=bsm
CONFIGURE_ARGS+= --with-kerberos5
LIB_DEPENDS+= krb5.3:${PORTSDIR}/security/krb5
.if ${PORT_OPTIONS:MKERB_GSSAPI}
-PATCH_SITES+= http://www.sxw.org.uk/computing/patches/
-PATCHFILES+= openssh-5.7p1-gsskex-all-20110125.patch
+PATCH_SITES+= http://www.sxw.org.uk/computing/patches/:gsskex
+PATCHFILES+= openssh-5.7p1-gsskex-all-20110125.patch:gsskex
PATCH_DIST_STRIP=
.endif
.if ${OPENSSLBASE} == "/usr"
@@ -115,8 +123,8 @@ CONFIGURE_ARGS+= --with-ssl-dir=${OPENSS
CFLAGS+= -DCHROOT
.endif
+# http://www.psc.edu/index.php/hpn-ssh
.if ${PORT_OPTIONS:MHPN}
-PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/
PATCHFILES+= ${PORTNAME}-5.8p1-hpn13v11.diff.gz
PATCH_DIST_STRIP=
.endif
@@ -125,19 +133,19 @@ PATCH_DIST_STRIP=
# and svn repo described here:
# http://code.google.com/p/openssh-lpk/source/checkout
.if ${PORT_OPTIONS:MLPK}
-EXTRA_PATCHES+= ${FILESDIR}/openssh-lpk-5.8p2.patch
+PATCHFILES+= ${PORTNAME}-lpk-5.8p2.patch.gz
USE_OPENLDAP= yes
CPPFLAGS+= -I${LOCALBASE}/include
CONFIGURE_ARGS+= --with-ldap=yes \
- --with-libs='-lldap' \
--with-ldflags='-L${LOCALBASE}/lib' \
--with-cppflags='${CPPFLAGS}'
+CONFIGURE_LIBS+= -lldap
.endif
# See http://www.roumenpetrov.info/openssh/
.if ${PORT_OPTIONS:MX509}
-PATCH_SITES+= http://www.roumenpetrov.info/openssh/x509-7.0/
-PATCHFILES+= ${PORTNAME}-5.8p1+x509-7.0.diff.gz
+PATCH_SITES+= http://www.roumenpetrov.info/openssh/x509-7.0/:x509
+PATCHFILES+= ${PORTNAME}-5.8p1+x509-7.0.diff.gz:x509
PATCH_DIST_STRIP= -p1
PLIST_SUB+= X509=""
MAN5+= ssh_engine.5
@@ -145,33 +153,24 @@ MAN5+= ssh_engine.5
PLIST_SUB+= X509="@comment "
.endif
-# See http://sftpfilecontrol.sourceforge.net/
-.if ${PORT_OPTIONS:MFILECONTROL}
-# Latest sftpfilecontrol patch is against 5.4p1 which does not apply
-# cleanly against 5.8p2, but it's close.
-BROKEN= latest upstream sftp file control public key patch is not up to date for OpenSSH 5.8p2
-EXTRA_PATCHES+= ${FILESDIR}/openssh-${DISTVERSION}.sftpfilecontrol-v1.3.patch
+# See https://bugzilla.mindrot.org/show_bug.cgi?id=2016
+.if ${PORT_OPTIONS:MSCTP}
+PATCHFILES+= ${PORTNAME}-sctp-2163.patch.gz
+CONFIGURE_ARGS+= --with-sctp
.endif
+EMPTYDIR= /var/empty
+
.if ${PORT_OPTIONS:MOVERWRITE_BASE}
WITH_OPENSSL_BASE= yes
CONFIGURE_ARGS+= --localstatedir=/var
-EMPTYDIR= /var/empty
PREFIX= /usr
ETCSSH= /etc/ssh
USE_RCORDER= openssh
PLIST_SUB+= NOTBASE="@comment "
PLIST_SUB+= BASE=""
PLIST_SUB+= BASEPREFIX="${PREFIX}"
-PLIST_SUB+= ERASEEMPTY="@comment "
.else
-.if exists(/var/empty)
-EMPTYDIR= /var/empty
-PLIST_SUB+= ERASEEMPTY="@comment "
-.else
-EMPTYDIR= ${PREFIX}/empty
-PLIST_SUB+= ERASEEMPTY=""
-.endif
ETCSSH= ${PREFIX}/etc/ssh
USE_RC_SUBR= openssh
PLIST_SUB+= NOTBASE=""
@@ -180,13 +179,16 @@ PLIST_SUB+= BASE="@comment "
# After all
SUB_LIST+= ETCSSH="${ETCSSH}"
-PLIST_SUB+= EMPTYDIR="${EMPTYDIR}"
CONFIGURE_ARGS+= --sysconfdir=${ETCSSH} --with-privsep-path=${EMPTYDIR}
+.if !empty(CONFIGURE_LIBS)
+CONFIGURE_ARGS+= --with-libs='${CONFIGURE_LIBS}'
+.endif
RC_SCRIPT_NAME= openssh
post-patch:
@${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure
+ @${REINPLACE_CMD} -e 's|install: \(.*\) host-key check-config|install: \1|g' ${WRKSRC}/Makefile.in
@${REINPLACE_CMD} -e 's|%%PREFIX%%|${LOCALBASE}|' \
-e 's|%%RC_SCRIPT_NAME%%|${RC_SCRIPT_NAME}|' ${WRKSRC}/sshd.8
@${REINPLACE_CMD} -E -e 's|SSH_VERSION|TMP_SSH_VERSION|' \
@@ -203,10 +205,6 @@ post-patch:
.endif
pre-su-install:
- @${MKDIR} ${EMPTYDIR}
- if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi
- if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \
- -h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi
.if !exists(${ETCSSH})
@${MKDIR} ${ETCSSH}
.endif
@@ -224,7 +222,7 @@ post-install:
@${CAT} ${PKGMESSAGE}
test: build
- (cd ${WRKSRC}/regress && ${SETENV} ${MAKE_ENV} TEST_SHELL=/bin/sh \
+ (cd ${WRKSRC}/regress && ${SETENV} OBJ=${WRKDIR} ${MAKE_ENV} TEST_SHELL=/bin/sh \
PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS})
Modified: head/security/openssh-portable/distinfo
==============================================================================
--- head/security/openssh-portable/distinfo Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/distinfo Wed Apr 17 00:35:31 2013 (r315920)
@@ -6,3 +6,7 @@ SHA256 (openssh-5.8p1+x509-7.0.diff.gz)
SIZE (openssh-5.8p1+x509-7.0.diff.gz) = 184277
SHA256 (openssh-5.7p1-gsskex-all-20110125.patch) = bfdc72c3d7d5d4f9f8a78b649988dff8fad780cfa72bad4a69eb94c54de9a359
SIZE (openssh-5.7p1-gsskex-all-20110125.patch) = 91889
+SHA256 (openssh-lpk-5.8p2.patch.gz) = 718221d13a09fdf5be857cc4b349e61698c42ae47bd357bd5c83f331d490c6c7
+SIZE (openssh-lpk-5.8p2.patch.gz) = 17822
+SHA256 (openssh-sctp-2163.patch.gz) = 86ac3a59119c9c26193334d8ba7c3be9f143209080e4f8a2a00577c24c0c9e03
+SIZE (openssh-sctp-2163.patch.gz) = 6764
Modified: head/security/openssh-portable/files/openssh.in
==============================================================================
--- head/security/openssh-portable/files/openssh.in Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/openssh.in Wed Apr 17 00:35:31 2013 (r315920)
@@ -25,9 +25,11 @@ load_rc_config ${name}
: ${openssh_skipportscheck="NO"}
command=%%PREFIX%%/sbin/sshd
-extra_commands="reload keygen"
+extra_commands="configtest reload keygen"
start_precmd="${name}_checks"
+reload_precmd="${name}_configtest"
restart_precmd="${name}_checks"
+configtest_cmd="${name}_configtest"
keygen_cmd="${name}_keygen"
pidfile=${openssh_pidfile:="/var/run/sshd.pid"}
@@ -137,6 +139,12 @@ openssh_check_same_ports(){
fi
}
+openssh_configtest()
+{
+ echo "Performing sanity check on ${name} configuration."
+ eval ${command} ${openssh_flags} -t
+}
+
openssh_checks()
{
if checkyesno sshd_enable ; then
@@ -146,7 +154,7 @@ openssh_checks()
fi
run_rc_command keygen
- eval "${command} -t"
+ openssh_configtest
}
run_rc_command "$1"
Modified: head/security/openssh-portable/files/patch-auth.c
==============================================================================
--- head/security/openssh-portable/files/patch-auth.c Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-auth.c Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,3 +1,12 @@
+r100838 | fanf | 2002-07-28 19:36:24 -0500 (Sun, 28 Jul 2002) | 7 lines
+Changed paths:
+ M /head/crypto/openssh/auth.c
+
+Use login_getpwclass() instead of login_getclass() so that the root
+vs. default login class distinction is made correctly.
+
+PR: 37416
+
--- auth.c.orig 2010-08-12 11:33:01.000000000 -0600
+++ auth.c 2010-09-14 16:14:12.000000000 -0600
@@ -594,7 +594,7 @@
Modified: head/security/openssh-portable/files/patch-auth1.c
==============================================================================
--- head/security/openssh-portable/files/patch-auth1.c Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-auth1.c Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,3 +1,20 @@
+r56266 | dinoex | 2002-03-17 14:24:24 -0600 (Sun, 17 Mar 2002) | 4 lines
+Changed paths:
+ M /head/security/hpn-ssh/Makefile
+ M /head/security/hpn-ssh/files/patch-auth.c
+ A /head/security/hpn-ssh/files/patch-auth1.c
+ A /head/security/hpn-ssh/files/patch-auth2.c
+ M /head/security/hpn-ssh/files/patch-session.c
+ M /head/security/openssh-portable/Makefile
+ M /head/security/openssh-portable/files/patch-auth.c
+ A /head/security/openssh-portable/files/patch-auth1.c
+ A /head/security/openssh-portable/files/patch-auth2.c
+ M /head/security/openssh-portable/files/patch-session.c
+
+Merged patches for HAVE_LOGIN_CAP from stable
+
+PR: 35904
+
--- auth1.c.orig 2010-06-25 18:01:33.000000000 -0600
+++ auth1.c 2010-09-14 16:14:12.000000000 -0600
@@ -40,6 +40,7 @@
Modified: head/security/openssh-portable/files/patch-auth2.c
==============================================================================
--- head/security/openssh-portable/files/patch-auth2.c Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-auth2.c Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,3 +1,20 @@
+r56266 | dinoex | 2002-03-17 14:24:24 -0600 (Sun, 17 Mar 2002) | 4 lines
+Changed paths:
+ M /head/security/hpn-ssh/Makefile
+ M /head/security/hpn-ssh/files/patch-auth.c
+ A /head/security/hpn-ssh/files/patch-auth1.c
+ A /head/security/hpn-ssh/files/patch-auth2.c
+ M /head/security/hpn-ssh/files/patch-session.c
+ M /head/security/openssh-portable/Makefile
+ M /head/security/openssh-portable/files/patch-auth.c
+ A /head/security/openssh-portable/files/patch-auth1.c
+ A /head/security/openssh-portable/files/patch-auth2.c
+ M /head/security/openssh-portable/files/patch-session.c
+
+Merged patches for HAVE_LOGIN_CAP from stable
+
+PR: 35904
+
--- auth2.c.orig 2009-06-22 00:11:07.000000000 -0600
+++ auth2.c 2010-09-14 16:14:12.000000000 -0600
@@ -46,6 +46,7 @@
Modified: head/security/openssh-portable/files/patch-loginrec.c
==============================================================================
--- head/security/openssh-portable/files/patch-loginrec.c Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-loginrec.c Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,26 +1,28 @@
---- loginrec.c.orig 2010-04-09 02:13:27.000000000 -0600
-+++ loginrec.c 2010-09-14 16:14:12.000000000 -0600
-@@ -179,6 +179,9 @@
- #ifdef HAVE_UTIL_H
- # include <util.h>
- #endif
-+#ifdef __FreeBSD__
-+#include <osreldate.h>
-+#endif
-
- #ifdef HAVE_LIBUTIL_H
- # include <libutil.h>
-@@ -693,8 +696,13 @@
+r63028 | dinoex | 2002-07-15 15:08:01 -0500 (Mon, 15 Jul 2002) | 6 lines
+
+- Fix Problem with HAVE_HOST_IN_UTMP
+- update monitor.c
+
+PR: 40576
+Submitted by: lxv at a-send-pr.sink.omut.org
+
+r99768 | des | 2002-07-11 05:36:10 -0500 (Thu, 11 Jul 2002) | 6 lines
+
+Use realhostname_sa(3) so the IP address will be used instead of the
+hostname if the latter is too long for utmp.
+
+Submitted by: ru
+
+--- loginrec.c.orig 2013-04-14 08:28:40.482762815 -0500
++++ loginrec.c 2013-04-14 08:29:03.723757797 -0500
+@@ -694,8 +694,8 @@
strncpy(ut->ut_name, li->username,
MIN_SIZEOF(ut->ut_name, li->username));
# ifdef HAVE_HOST_IN_UTMP
-+# if defined(__FreeBSD__) && __FreeBSD_version < 400000
- strncpy(ut->ut_host, li->hostname,
- MIN_SIZEOF(ut->ut_host, li->hostname));
-+# else
+- strncpy(ut->ut_host, li->hostname,
+- MIN_SIZEOF(ut->ut_host, li->hostname));
+ realhostname_sa(ut->ut_host, sizeof ut->ut_host,
+ &li->hostaddr.sa, li->hostaddr.sa.sa_len);
-+# endif
# endif
# ifdef HAVE_ADDR_IN_UTMP
/* this is just a 32-bit IP address */
Modified: head/security/openssh-portable/files/patch-readconf.c
==============================================================================
--- head/security/openssh-portable/files/patch-readconf.c Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-readconf.c Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,3 +1,11 @@
+r99048 | des | 2002-06-29 05:51:56 -0500 (Sat, 29 Jun 2002) | 4 lines
+Changed paths:
+ M /head/crypto/openssh/myproposal.h
+ M /head/crypto/openssh/readconf.c
+ M /head/crypto/openssh/servconf.c
+
+Apply FreeBSD's configuration defaults.
+
--- readconf.c.orig 2010-08-03 00:04:46.000000000 -0600
+++ readconf.c 2010-09-14 16:14:12.000000000 -0600
@@ -1169,7 +1169,7 @@
Modified: head/security/openssh-portable/files/patch-servconf.c
==============================================================================
--- head/security/openssh-portable/files/patch-servconf.c Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-servconf.c Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,3 +1,11 @@
+r99048 | des | 2002-06-29 05:51:56 -0500 (Sat, 29 Jun 2002) | 4 lines
+Changed paths:
+ M /head/crypto/openssh/myproposal.h
+ M /head/crypto/openssh/readconf.c
+ M /head/crypto/openssh/servconf.c
+
+Apply FreeBSD's configuration defaults.
+
--- servconf.c.orig 2010-06-25 17:38:45.000000000 -0600
+++ servconf.c 2010-09-14 16:14:12.000000000 -0600
@@ -139,7 +139,7 @@
Modified: head/security/openssh-portable/files/patch-session.c
==============================================================================
--- head/security/openssh-portable/files/patch-session.c Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-session.c Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,3 +1,20 @@
+r56266 | dinoex | 2002-03-17 14:24:24 -0600 (Sun, 17 Mar 2002) | 4 lines
+Changed paths:
+ M /head/security/hpn-ssh/Makefile
+ M /head/security/hpn-ssh/files/patch-auth.c
+ A /head/security/hpn-ssh/files/patch-auth1.c
+ A /head/security/hpn-ssh/files/patch-auth2.c
+ M /head/security/hpn-ssh/files/patch-session.c
+ M /head/security/openssh-portable/Makefile
+ M /head/security/openssh-portable/files/patch-auth.c
+ A /head/security/openssh-portable/files/patch-auth1.c
+ A /head/security/openssh-portable/files/patch-auth2.c
+ M /head/security/openssh-portable/files/patch-session.c
+
+Merged patches for HAVE_LOGIN_CAP from stable
+
+PR: 35904
+
--- session.c.orig 2011-07-21 18:55:33.883559116 +0200
+++ session.c 2011-07-21 19:02:17.789294035 +0200
@@ -896,6 +896,24 @@
Modified: head/security/openssh-portable/files/patch-ssh-agent.c
==============================================================================
--- head/security/openssh-portable/files/patch-ssh-agent.c Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-ssh-agent.c Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,3 +1,7 @@
+r110506 | des | 2003-02-07 09:48:27 -0600 (Fri, 07 Feb 2003) | 4 lines
+
+Set the ruid to the euid at startup as a workaround for a bug in pam_ssh.
+
--- ssh-agent.c.orig 2010-04-15 23:56:22.000000000 -0600
+++ ssh-agent.c 2010-09-14 16:14:13.000000000 -0600
@@ -1086,6 +1086,7 @@
Modified: head/security/openssh-portable/files/patch-ssh.c
==============================================================================
--- head/security/openssh-portable/files/patch-ssh.c Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-ssh.c Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,6 +1,10 @@
$FreeBSD$
-Make the same change to use the canonical hostname as the base FreeBSD ssh.
+r99054 | des | 2002-06-29 05:57:53 -0500 (Sat, 29 Jun 2002) | 4 lines
+Changed paths:
+ M /head/crypto/openssh/ssh.c
+
+Canonicize the host name before looking it up in the host file.
--- ssh.c.orig 2010-08-16 09:59:31.000000000 -0600
+++ ssh.c 2010-08-25 17:55:01.000000000 -0600
Modified: head/security/openssh-portable/files/patch-ssh_config
==============================================================================
--- head/security/openssh-portable/files/patch-ssh_config Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-ssh_config Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,3 +1,8 @@
+r100678 | fanf | 2002-07-25 10:59:40 -0500 (Thu, 25 Jul 2002) | 5 lines
+
+Document the FreeBSD default for CheckHostIP, which was changed in
+rev 1.2 of readconf.c.
+
--- ssh_config.orig 2010-01-12 01:40:27.000000000 -0700
+++ ssh_config 2010-09-14 16:14:13.000000000 -0600
@@ -27,7 +27,7 @@
Modified: head/security/openssh-portable/files/patch-ssh_config.5
==============================================================================
--- head/security/openssh-portable/files/patch-ssh_config.5 Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-ssh_config.5 Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,3 +1,8 @@
+r100678 | fanf | 2002-07-25 10:59:40 -0500 (Thu, 25 Jul 2002) | 5 lines
+
+Document the FreeBSD default for CheckHostIP, which was changed in
+rev 1.2 of readconf.c.
+
--- ssh_config.5.orig 2010-08-04 21:03:13.000000000 -0600
+++ ssh_config.5 2010-09-14 16:14:13.000000000 -0600
@@ -164,7 +164,7 @@
Modified: head/security/openssh-portable/files/patch-sshd.8
==============================================================================
--- head/security/openssh-portable/files/patch-sshd.8 Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-sshd.8 Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,3 +1,5 @@
+Document FreeBSD/port-specific paths
+
--- sshd.8.orig 2010-08-04 21:03:13.000000000 -0600
+++ sshd.8 2010-09-14 16:14:14.000000000 -0600
@@ -70,7 +70,7 @@
Modified: head/security/openssh-portable/files/patch-sshd.c
==============================================================================
--- head/security/openssh-portable/files/patch-sshd.c Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-sshd.c Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,3 +1,13 @@
+r109683 | des | 2003-01-22 08:12:59 -0600 (Wed, 22 Jan 2003) | 7 lines
+Changed paths:
+ M /head/crypto/openssh/sshd.c
+
+Force early initialization of the resolver library, since the resolver
+configuration files will no longer be available once sshd is chrooted.
+
+PR: 39953, 40894
+Submitted by: dinoex
+
--- sshd.c.orig 2010-04-15 23:56:22.000000000 -0600
+++ sshd.c 2010-09-14 16:14:13.000000000 -0600
@@ -83,6 +83,13 @@
Modified: head/security/openssh-portable/files/patch-sshd_config
==============================================================================
--- head/security/openssh-portable/files/patch-sshd_config Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-sshd_config Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,3 +1,10 @@
+r99051 | des | 2002-06-29 05:55:18 -0500 (Sat, 29 Jun 2002) | 4 lines
+Changed paths:
+ M /head/crypto/openssh/ssh_config
+ M /head/crypto/openssh/sshd_config
+
+Document FreeBSD defaults.
+
--- sshd_config.orig 2009-10-11 04:51:09.000000000 -0600
+++ sshd_config 2010-09-14 16:14:13.000000000 -0600
@@ -36,7 +36,7 @@
Modified: head/security/openssh-portable/files/patch-sshd_config.5
==============================================================================
--- head/security/openssh-portable/files/patch-sshd_config.5 Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/files/patch-sshd_config.5 Wed Apr 17 00:35:31 2013 (r315920)
@@ -1,3 +1,5 @@
+Document defaults
+
--- sshd_config.5.orig 2010-07-01 21:37:17.000000000 -0600
+++ sshd_config.5 2010-08-31 05:27:27.000000000 -0600
@@ -223,7 +223,9 @@
Modified: head/security/openssh-portable/pkg-descr
==============================================================================
--- head/security/openssh-portable/pkg-descr Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/pkg-descr Wed Apr 17 00:35:31 2013 (r315920)
@@ -12,4 +12,4 @@ are not synchronized. Portable releases
The official OpenBSD source will never use the 'p' suffix, but will instead
increment the version number when they hit 'stable spots' in their development.
-WWW: http://www.openssh.org/portable.html
+WWW: http://www.openssh.org/portable.html
Modified: head/security/openssh-portable/pkg-plist
==============================================================================
--- head/security/openssh-portable/pkg-plist Tue Apr 16 23:29:04 2013 (r315919)
+++ head/security/openssh-portable/pkg-plist Wed Apr 17 00:35:31 2013 (r315920)
@@ -24,7 +24,3 @@ sbin/sshd
libexec/sftp-server
libexec/ssh-keysign
libexec/ssh-pkcs11-helper
- at exec if [ ! -d %%EMPTYDIR%% ]; then mkdir -p %%EMPTYDIR%% ; fi
-%%ERASEEMPTY%%@dirrm empty
- at exec if ! pw groupshow sshd 2>/dev/null; then pw groupadd sshd -g 22; fi
- at exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u 22 -h - -d %%EMPTYDIR%% -s /nonexistent -c "sshd privilege separation"; fi
More information about the svn-ports-all
mailing list