diff --git a/security/hpn-ssh/Makefile b/security/hpn-ssh/Makefile index a37a28004dc5..d4f6705dfbb8 100644 --- a/security/hpn-ssh/Makefile +++ b/security/hpn-ssh/Makefile @@ -7,7 +7,7 @@ PORTNAME= openssh PORTVERSION= 3.3p1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ @@ -98,7 +98,11 @@ post-configure: ${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh pre-install: +.if defined(OPENSSH_OVERWRITE_BASE) + -${MKDIR} ${EMPTYDIR} +.else -${MKDIR} ${PREFIX}/empty +.endif if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \ -h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi @@ -110,7 +114,7 @@ pre-install: .endfor post-install: -.if defined(OPENSSH_OVERWRITE_BASE) +.if !defined(OPENSSH_OVERWRITE_BASE) ${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample .endif ${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist diff --git a/security/hpn-ssh/files/patch-session.c b/security/hpn-ssh/files/patch-session.c index 0baf6ee51939..91c0cbc4d00d 100644 --- a/security/hpn-ssh/files/patch-session.c +++ b/security/hpn-ssh/files/patch-session.c @@ -1,5 +1,5 @@ ---- session.c.orig Mon May 13 02:48:58 2002 -+++ session.c Thu May 23 14:10:44 2002 +--- session.c.orig Fri Jun 21 03:09:47 2002 ++++ session.c Wed Jun 26 14:15:41 2002 @@ -64,6 +64,13 @@ #define is_winnt (GetVersion() < 0x80000000) #endif @@ -14,7 +14,7 @@ /* func */ Session *session_new(void); -@@ -383,6 +390,13 @@ +@@ -474,6 +481,13 @@ log_init(__progname, options.log_level, options.log_facility, log_stderr); /* @@ -28,7 +28,7 @@ * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ -@@ -497,6 +511,14 @@ +@@ -588,6 +602,14 @@ /* Child. Reinitialize the log because the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -43,7 +43,7 @@ /* Close the master side of the pseudo tty. */ close(ptyfd); -@@ -623,6 +645,18 @@ +@@ -714,6 +736,18 @@ struct sockaddr_storage from; struct passwd * pw = s->pw; pid_t pid = getpid(); @@ -62,7 +62,7 @@ /* * Get IP address of client. If the connection is not a socket, let -@@ -656,6 +690,72 @@ +@@ -747,6 +781,72 @@ } #endif @@ -135,7 +135,7 @@ if (check_quietlogin(s, command)) return; -@@ -668,7 +768,17 @@ +@@ -759,7 +859,17 @@ printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ @@ -154,7 +154,7 @@ time_string = ctime(&s->last_login_time); if (strchr(time_string, '\n')) *strchr(time_string, '\n') = 0; -@@ -679,7 +789,30 @@ +@@ -770,7 +880,30 @@ s->hostname); } @@ -186,7 +186,7 @@ } /* -@@ -695,9 +828,9 @@ +@@ -786,9 +919,9 @@ #ifdef HAVE_LOGIN_CAP f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r"); @@ -198,7 +198,7 @@ if (f) { while (fgets(buf, sizeof(buf), f)) fputs(buf, stdout); -@@ -724,10 +857,10 @@ +@@ -815,10 +948,10 @@ #ifdef HAVE_LOGIN_CAP if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) return 1; @@ -211,7 +211,18 @@ return 0; } -@@ -856,6 +989,10 @@ +@@ -931,6 +1064,10 @@ + char buf[256]; + u_int i, envsize; + char **env; ++#ifdef HAVE_LOGIN_CAP ++ extern char **environ; ++ char **senv; ++#endif + struct passwd *pw = s->pw; + + /* Initialize the environment. */ +@@ -947,13 +1084,30 @@ #endif if (!options.use_login) { @@ -222,9 +233,17 @@ /* Set basic environment. */ child_set_env(&env, &envsize, "USER", pw->pw_name); child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); -@@ -863,6 +1000,12 @@ + child_set_env(&env, &envsize, "HOME", pw->pw_dir); #ifdef HAVE_LOGIN_CAP - (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); +- (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); ++ senv = environ; ++ environ = xmalloc(sizeof(char *)); ++ *environ = NULL; ++ (void) setusercontext(lc, pw, pw->pw_uid, ++ LOGIN_SETENV|LOGIN_SETPATH); ++ copy_environment(environ, &env, &envsize); ++ xfree(environ); ++ environ = senv; child_set_env(&env, &envsize, "PATH", getenv("PATH")); + var= login_getcapstr(lc, "lang", NULL, NULL); + if ( var ) child_set_env(&env, &envsize, "LANG", var); @@ -235,7 +254,16 @@ #else /* HAVE_LOGIN_CAP */ # ifndef HAVE_CYGWIN /* -@@ -1221,7 +1364,7 @@ +@@ -1162,7 +1316,7 @@ + #endif /* HAVE_SETPCRED */ + #ifdef HAVE_LOGIN_CAP + if (setusercontext(lc, pw, pw->pw_uid, +- (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { ++ (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH))) < 0) { + perror("unable to set user context"); + exit(1); + } +@@ -1312,7 +1466,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ @@ -244,7 +272,7 @@ close(i); /* -@@ -1251,6 +1394,31 @@ +@@ -1342,6 +1496,31 @@ exit(1); #endif } diff --git a/security/hpn-ssh/pkg-plist b/security/hpn-ssh/pkg-plist index 43556e645d64..b2df58c55ca3 100644 --- a/security/hpn-ssh/pkg-plist +++ b/security/hpn-ssh/pkg-plist @@ -19,8 +19,8 @@ bin/ssh-keyscan %%NOTBASE%%@exec [ -f %D/etc/ssh_host_dsa_key.pub ] && [ ! -f %D/etc/ssh/ssh_host_dsa_key.pub ] && ln %D/etc/ssh_host_dsa_key.pub %D/etc/ssh/ssh_host_dsa_key.pub %%NOTBASE%%@unexec if cmp -s %D/etc/ssh/ssh_config %D/etc/ssh/ssh_config-dist; then rm -f %D/etc/ssh/ssh_config; fi %%NOTBASE%%@unexec if cmp -s %D/etc/ssh/sshd_config %D/etc/ssh/sshd_config-dist; then rm -f %D/etc/ssh/sshd_config; fi -etc/ssh/ssh_config-dist -etc/ssh/sshd_config-dist +%%NOTBASE%%etc/ssh/ssh_config-dist +%%NOTBASE%%etc/ssh/sshd_config-dist %%NOTBASE%%@exec [ ! -f %D/etc/ssh/ssh_config ] && cp %D/etc/ssh/ssh_config-dist %D/etc/ssh/ssh_config %%NOTBASE%%@exec [ ! -f %D/etc/ssh/sshd_config ] && cp %D/etc/ssh/sshd_config-dist %D/etc/ssh/sshd_config %%NOTBASE%%@dirrm etc/ssh diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index a37a28004dc5..d4f6705dfbb8 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -7,7 +7,7 @@ PORTNAME= openssh PORTVERSION= 3.3p1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \ @@ -98,7 +98,11 @@ post-configure: ${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh pre-install: +.if defined(OPENSSH_OVERWRITE_BASE) + -${MKDIR} ${EMPTYDIR} +.else -${MKDIR} ${PREFIX}/empty +.endif if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \ -h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi @@ -110,7 +114,7 @@ pre-install: .endfor post-install: -.if defined(OPENSSH_OVERWRITE_BASE) +.if !defined(OPENSSH_OVERWRITE_BASE) ${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample .endif ${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist diff --git a/security/openssh-portable/files/patch-session.c b/security/openssh-portable/files/patch-session.c index 0baf6ee51939..91c0cbc4d00d 100644 --- a/security/openssh-portable/files/patch-session.c +++ b/security/openssh-portable/files/patch-session.c @@ -1,5 +1,5 @@ ---- session.c.orig Mon May 13 02:48:58 2002 -+++ session.c Thu May 23 14:10:44 2002 +--- session.c.orig Fri Jun 21 03:09:47 2002 ++++ session.c Wed Jun 26 14:15:41 2002 @@ -64,6 +64,13 @@ #define is_winnt (GetVersion() < 0x80000000) #endif @@ -14,7 +14,7 @@ /* func */ Session *session_new(void); -@@ -383,6 +390,13 @@ +@@ -474,6 +481,13 @@ log_init(__progname, options.log_level, options.log_facility, log_stderr); /* @@ -28,7 +28,7 @@ * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. */ -@@ -497,6 +511,14 @@ +@@ -588,6 +602,14 @@ /* Child. Reinitialize the log because the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -43,7 +43,7 @@ /* Close the master side of the pseudo tty. */ close(ptyfd); -@@ -623,6 +645,18 @@ +@@ -714,6 +736,18 @@ struct sockaddr_storage from; struct passwd * pw = s->pw; pid_t pid = getpid(); @@ -62,7 +62,7 @@ /* * Get IP address of client. If the connection is not a socket, let -@@ -656,6 +690,72 @@ +@@ -747,6 +781,72 @@ } #endif @@ -135,7 +135,7 @@ if (check_quietlogin(s, command)) return; -@@ -668,7 +768,17 @@ +@@ -759,7 +859,17 @@ printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ @@ -154,7 +154,7 @@ time_string = ctime(&s->last_login_time); if (strchr(time_string, '\n')) *strchr(time_string, '\n') = 0; -@@ -679,7 +789,30 @@ +@@ -770,7 +880,30 @@ s->hostname); } @@ -186,7 +186,7 @@ } /* -@@ -695,9 +828,9 @@ +@@ -786,9 +919,9 @@ #ifdef HAVE_LOGIN_CAP f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r"); @@ -198,7 +198,7 @@ if (f) { while (fgets(buf, sizeof(buf), f)) fputs(buf, stdout); -@@ -724,10 +857,10 @@ +@@ -815,10 +948,10 @@ #ifdef HAVE_LOGIN_CAP if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) return 1; @@ -211,7 +211,18 @@ return 0; } -@@ -856,6 +989,10 @@ +@@ -931,6 +1064,10 @@ + char buf[256]; + u_int i, envsize; + char **env; ++#ifdef HAVE_LOGIN_CAP ++ extern char **environ; ++ char **senv; ++#endif + struct passwd *pw = s->pw; + + /* Initialize the environment. */ +@@ -947,13 +1084,30 @@ #endif if (!options.use_login) { @@ -222,9 +233,17 @@ /* Set basic environment. */ child_set_env(&env, &envsize, "USER", pw->pw_name); child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); -@@ -863,6 +1000,12 @@ + child_set_env(&env, &envsize, "HOME", pw->pw_dir); #ifdef HAVE_LOGIN_CAP - (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); +- (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); ++ senv = environ; ++ environ = xmalloc(sizeof(char *)); ++ *environ = NULL; ++ (void) setusercontext(lc, pw, pw->pw_uid, ++ LOGIN_SETENV|LOGIN_SETPATH); ++ copy_environment(environ, &env, &envsize); ++ xfree(environ); ++ environ = senv; child_set_env(&env, &envsize, "PATH", getenv("PATH")); + var= login_getcapstr(lc, "lang", NULL, NULL); + if ( var ) child_set_env(&env, &envsize, "LANG", var); @@ -235,7 +254,16 @@ #else /* HAVE_LOGIN_CAP */ # ifndef HAVE_CYGWIN /* -@@ -1221,7 +1364,7 @@ +@@ -1162,7 +1316,7 @@ + #endif /* HAVE_SETPCRED */ + #ifdef HAVE_LOGIN_CAP + if (setusercontext(lc, pw, pw->pw_uid, +- (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { ++ (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH))) < 0) { + perror("unable to set user context"); + exit(1); + } +@@ -1312,7 +1466,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ @@ -244,7 +272,7 @@ close(i); /* -@@ -1251,6 +1394,31 @@ +@@ -1342,6 +1496,31 @@ exit(1); #endif } diff --git a/security/openssh-portable/pkg-plist b/security/openssh-portable/pkg-plist index 43556e645d64..b2df58c55ca3 100644 --- a/security/openssh-portable/pkg-plist +++ b/security/openssh-portable/pkg-plist @@ -19,8 +19,8 @@ bin/ssh-keyscan %%NOTBASE%%@exec [ -f %D/etc/ssh_host_dsa_key.pub ] && [ ! -f %D/etc/ssh/ssh_host_dsa_key.pub ] && ln %D/etc/ssh_host_dsa_key.pub %D/etc/ssh/ssh_host_dsa_key.pub %%NOTBASE%%@unexec if cmp -s %D/etc/ssh/ssh_config %D/etc/ssh/ssh_config-dist; then rm -f %D/etc/ssh/ssh_config; fi %%NOTBASE%%@unexec if cmp -s %D/etc/ssh/sshd_config %D/etc/ssh/sshd_config-dist; then rm -f %D/etc/ssh/sshd_config; fi -etc/ssh/ssh_config-dist -etc/ssh/sshd_config-dist +%%NOTBASE%%etc/ssh/ssh_config-dist +%%NOTBASE%%etc/ssh/sshd_config-dist %%NOTBASE%%@exec [ ! -f %D/etc/ssh/ssh_config ] && cp %D/etc/ssh/ssh_config-dist %D/etc/ssh/ssh_config %%NOTBASE%%@exec [ ! -f %D/etc/ssh/sshd_config ] && cp %D/etc/ssh/sshd_config-dist %D/etc/ssh/sshd_config %%NOTBASE%%@dirrm etc/ssh