Date: Fri, 7 Nov 2008 23:51:03 +0800 (CST) From: Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: mnag@FreeBSD.org Subject: ports/128679: [PATCH] security/openssh-portable: update to 5.1p1 Message-ID: <20081107155103.5D2E44CE@sunpoet.net> Resent-Message-ID: <200811071600.mA7G0ESS077411@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 128679 >Category: ports >Synopsis: [PATCH] security/openssh-portable: update to 5.1p1 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Nov 07 16:00:14 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Sunpoet Po-Chuan Hsieh >Release: FreeBSD 7.1-PRERELEASE amd64 >Organization: SUNPOET.net >Environment: System: FreeBSD bonjour.sunpoet.net 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #12: Thu Sep 4 10:55:47 CST >Description: - Update to 5.1p1 Port maintainer (mnag@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- openssh-portable-5.1.p1,1.patch begins here --- diff -ruN --exclude=CVS /usr/ports/security/openssh-portable/Makefile /usr/ports/sunpoet/openssh-portable/Makefile --- /usr/ports/security/openssh-portable/Makefile 2008-08-21 14:18:19.000000000 +0800 +++ /usr/ports/sunpoet/openssh-portable/Makefile 2008-11-07 09:03:56.932276730 +0800 @@ -6,7 +6,7 @@ # PORTNAME= openssh -DISTVERSION= 5.0p1 +DISTVERSION= 5.1p1 PORTEPOCH= 1 CATEGORIES= security ipv6 .if defined(OPENSSH_SNAPSHOT) @@ -142,7 +142,7 @@ .if defined(WITH_HPN) PATCH_DIST_STRIP= -p1 PATCH_SITES+= http://www.psc.edu/networking/projects/hpn-ssh/ -PATCHFILES+= openssh-5.0p1-hpn13v3.diff.gz +PATCHFILES+= openssh-5.1p1-hpn13v5.diff.gz .endif # See http://dev.inversepath.com/trac/openssh-lpk diff -ruN --exclude=CVS /usr/ports/security/openssh-portable/distinfo /usr/ports/sunpoet/openssh-portable/distinfo --- /usr/ports/security/openssh-portable/distinfo 2008-04-19 21:46:24.000000000 +0800 +++ /usr/ports/sunpoet/openssh-portable/distinfo 2008-11-07 09:03:59.472546513 +0800 @@ -1,9 +1,6 @@ -MD5 (openssh-5.0p1.tar.gz) = 1f1dfaa775f33dd3328169de9bdc292a -SHA256 (openssh-5.0p1.tar.gz) = 73a58620cd475155be8524f46997ba1942bc9e54204eeb15f0465e54ca279f4f -SIZE (openssh-5.0p1.tar.gz) = 1011556 -MD5 (openssh-5.0p1-gsskex-20080404.patch) = d13bf38e852e38b7f29b9e6993b00b52 -SHA256 (openssh-5.0p1-gsskex-20080404.patch) = 8f8b9910af767ce8e2a5d4854e95c8eb8b089bb250b290d22add38e9ddb1791e -SIZE (openssh-5.0p1-gsskex-20080404.patch) = 68272 -MD5 (openssh-5.0p1-hpn13v3.diff.gz) = 95e7f78d63b419babd820c0653aa47ef -SHA256 (openssh-5.0p1-hpn13v3.diff.gz) = e9000f969705dbdf72f7ea069e5f8a2475eb89e88e014c678ecb102ddf4bcde2 -SIZE (openssh-5.0p1-hpn13v3.diff.gz) = 24060 +MD5 (openssh-5.1p1.tar.gz) = 03f2d0c1b5ec60d4ac9997a146d2faec +SHA256 (openssh-5.1p1.tar.gz) = f05358164dae1021386ae57be53a5e9f5cba7a1f8c9beaa428299e28a5666d75 +SIZE (openssh-5.1p1.tar.gz) = 1040041 +MD5 (openssh-5.1p1-hpn13v5.diff.gz) = 614f2cc34817bb9460e3b700be21b94b +SHA256 (openssh-5.1p1-hpn13v5.diff.gz) = 81bebd71fb0aa8a265c0576aa3c42c0fdf263712db771f12d35c8aff09523aab +SIZE (openssh-5.1p1-hpn13v5.diff.gz) = 23017 diff -ruN --exclude=CVS /usr/ports/security/openssh-portable/files/patch-session.c /usr/ports/sunpoet/openssh-portable/files/patch-session.c --- /usr/ports/security/openssh-portable/files/patch-session.c 2008-04-19 21:46:24.000000000 +0800 +++ /usr/ports/sunpoet/openssh-portable/files/patch-session.c 2008-11-07 23:35:59.000000000 +0800 @@ -1,6 +1,6 @@ ---- session.c.orig 2008-03-26 21:03:05.000000000 -0300 -+++ session.c 2008-04-07 21:57:52.000000000 -0300 -@@ -776,6 +776,24 @@ +--- session.c.orig 2008-11-07 09:06:00.463747629 +0800 ++++ session.c 2008-11-07 23:35:15.063890103 +0800 +@@ -884,6 +884,24 @@ { FILE *f; char buf[256]; @@ -25,7 +25,7 @@ if (options.print_motd) { #ifdef HAVE_LOGIN_CAP -@@ -1005,6 +1023,9 @@ +@@ -1113,6 +1131,9 @@ struct passwd *pw = s->pw; #ifndef HAVE_LOGIN_CAP char *path = NULL; @@ -35,7 +35,7 @@ #endif /* Initialize the environment. */ -@@ -1026,6 +1047,9 @@ +@@ -1134,6 +1155,9 @@ } #endif @@ -45,7 +45,7 @@ #ifdef GSSAPI /* Allow any GSSAPI methods that we've used to alter * the childs environment as they see fit -@@ -1045,11 +1069,22 @@ +@@ -1153,11 +1177,22 @@ child_set_env(&env, &envsize, "LOGIN", pw->pw_name); #endif child_set_env(&env, &envsize, "HOME", pw->pw_dir); @@ -72,7 +72,7 @@ #else /* HAVE_LOGIN_CAP */ # ifndef HAVE_CYGWIN /* -@@ -1070,15 +1105,9 @@ +@@ -1178,15 +1213,9 @@ # endif /* HAVE_CYGWIN */ #endif /* HAVE_LOGIN_CAP */ @@ -88,7 +88,7 @@ /* Set custom environment options from RSA authentication. */ if (!options.use_login) { -@@ -1344,6 +1373,9 @@ +@@ -1452,6 +1481,9 @@ void do_setusercontext(struct passwd *pw) { @@ -98,7 +98,7 @@ char *chroot_path, *tmp; #ifdef WITH_SELINUX -@@ -1369,8 +1401,25 @@ +@@ -1477,8 +1509,25 @@ do_pam_setcred(use_privsep); } # endif /* USE_PAM */ @@ -125,33 +125,24 @@ perror("unable to set user context"); exit(1); } -@@ -1540,6 +1589,9 @@ - char *argv[ARGV_MAX]; - const char *shell, *shell0, *hostname = NULL; - struct passwd *pw = s->pw; -+#ifdef HAVE_LOGIN_CAP -+ int lc_requirehome; -+#endif - - /* remove hostkey from the child's memory */ - destroy_sensitive_data(); -@@ -1627,6 +1679,10 @@ +@@ -1736,6 +1785,10 @@ */ environ = env; +#ifdef HAVE_LOGIN_CAP -+ lc_requirehome = login_getcapbool(lc, "requirehome", 0); ++ r = login_getcapbool(lc, "requirehome", 0); + login_close(lc); +#endif #if defined(KRB5) && defined(USE_AFS) /* * At this point, we check to see if AFS is active and if we have -@@ -1658,7 +1714,7 @@ - fprintf(stderr, "Could not chdir to home directory %s: %s\n", - pw->pw_dir, strerror(errno)); - #ifdef HAVE_LOGIN_CAP -- if (login_getcapbool(lc, "requirehome", 0)) -+ if (lc_requirehome) - exit(1); - #endif - } +@@ -1765,9 +1818,6 @@ + /* Change current directory to the user's home directory. */ + if (chdir(pw->pw_dir) < 0) { + /* Suppress missing homedir warning for chroot case */ +-#ifdef HAVE_LOGIN_CAP +- r = login_getcapbool(lc, "requirehome", 0); +-#endif + if (r || options.chroot_directory == NULL) + fprintf(stderr, "Could not chdir to home " + "directory %s: %s\n", pw->pw_dir, diff -ruN --exclude=CVS /usr/ports/security/openssh-portable/files/patch-sshd_config /usr/ports/sunpoet/openssh-portable/files/patch-sshd_config --- /usr/ports/security/openssh-portable/files/patch-sshd_config 2006-10-01 10:15:00.000000000 +0800 +++ /usr/ports/sunpoet/openssh-portable/files/patch-sshd_config 2008-11-07 23:41:13.586655427 +0800 @@ -1,6 +1,6 @@ ---- sshd_config.orig Mon Jul 24 01:06:47 2006 -+++ sshd_config Sat Sep 30 21:52:31 2006 -@@ -34,7 +34,7 @@ +--- sshd_config.orig 2008-07-02 20:35:43.000000000 +0800 ++++ sshd_config 2008-11-07 23:40:56.957018978 +0800 +@@ -38,7 +38,7 @@ # Authentication: #LoginGraceTime 2m @@ -8,8 +8,8 @@ +#PermitRootLogin no #StrictModes yes #MaxAuthTries 6 - -@@ -52,11 +52,11 @@ + #MaxSessions 10 +@@ -57,11 +57,11 @@ # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes @@ -24,7 +24,7 @@ #ChallengeResponseAuthentication yes # Kerberos options -@@ -69,7 +69,7 @@ +@@ -74,7 +74,7 @@ #GSSAPIAuthentication no #GSSAPICleanupCredentials yes @@ -33,13 +33,14 @@ # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, -@@ -78,11 +78,11 @@ +@@ -83,12 +83,12 @@ # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. -#UsePAM no +#UsePAM yes + #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no -#X11Forwarding no --- openssh-portable-5.1.p1,1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081107155103.5D2E44CE>