mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-24 00:45:52 +00:00
Code Issues Releases Activity

Remove expired ports

Browse Source 
2010-10-15 security/ssh2: abandoned upstream
2010-10-15 security/ssh2-nox11: abandoned upstream
This commit is contained in:
Renato Botelho 2010-10-15 17:40:31 +00:00
parent cd2afe1c1e
commit 31ecf3c3a5
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=263053
34 changed files with 2 additions and 1292 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
MOVED
View File

@ -4634,3 +4634,5 @@ net-mgmt/net-snmp4||2010-10-14|Has expired: Use net-mgmt/net-snmp port instead
net/gkrellm_snmp||2010-10-14|Has expired: Depends of net-snmp4, that is deprecated also and will be removed soon.
net/Sockets-devel||2010-10-14|Has expired: Older than net/Sockets and unmaintained.
devel/clang|lang/clang|2010-10-14|Compilers typically live in the lang category
security/ssh2||2010-10-15|Has expired: abandoned upstream
security/ssh2-nox11||2010-10-15|Has expired: abandoned upstream

2
security/Makefile
View File

@ -821,8 +821,6 @@
SUBDIR += ssh
SUBDIR += ssh-gui
SUBDIR += ssh-multiadd
SUBDIR += ssh2
SUBDIR += ssh2-nox11
SUBDIR += ssh_askpass_gtk2
SUBDIR += sshblock
SUBDIR += sshguard

11
security/ssh2-nox11/Makefile
View File

@ -1,11 +0,0 @@
# New ports collection makefile for: ssh2-nox11
# Date created: 12 April 2004
# Whom: marius@alchemy.franken.de
#
# $FreeBSD$
#
MASTERDIR= ${.CURDIR}/../ssh2
WITHOUT_X11= yes
.include "${MASTERDIR}/Makefile"

175
security/ssh2/Makefile
View File

@ -1,175 +0,0 @@
# New ports collection makefile for: ssh2
# Date created: 5 Oct 1998
# Whom: Issei Suzuki <issei@jp.FreeBSD.org>
#
# $FreeBSD$
#
PORTNAME= ssh2
PORTVERSION= 3.2.9.1
PORTREVISION= 8
CATEGORIES= security ipv6
# The list of official mirror sites is at:
# http://www.ssh.com/support/downloads/secureshellserver/non-commercial.html
MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/ \
ftp://ftp.wiretapped.net/pub/security/cryptography/apps/ssh/SSH/ \
http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/SSH/ \
ftp://gd.tuwien.ac.at/utils/shells/ssh/ \
ftp://ftp.ut.ee/pub/unix/security/ssh/ \
ftp://ftp.funet.fi/pub/mirrors/ftp.ssh.com/pub/ssh/ \
ftp://ftp.crihan.fr/mirrors/ftp.ssh.com/ \
http://ftp.crihan.fr/mirrors/ftp.ssh.com/ \
ftp://ftp.cert.dfn.de/pub/tools/net/ssh/ \
ftp://ftp.ntua.gr/pub/security/ssh/ \
ftp://ftp.unina.it/pub/Unix/ssh/ \
ftp://core.ring.gr.jp/pub/net/ssh/ \
http://core.ring.gr.jp/archives/net/ssh/ \
ftp://ftp.ring.gr.jp/pub/net/ssh/ \
http://www.ring.gr.jp/archives/net/ssh/ \
ftp://ftp.wsisiz.edu.pl/pub/Unix/ssh/ \
ftp://ftp.ulak.net.tr/ssh/ \
ftp://metalab.unc.edu/pub/packages/security/ssh/ \
ftp://ftp.keystealth.org/pub/ssh/ \
ftp://ftp.epix.net/pub/ssh/ \
ftp://mirror.pa.msu.edu/ssh/
DISTNAME= ssh-${PORTVERSION}
MAINTAINER= marius@FreeBSD.org
COMMENT= Secure shell client and server for V.2 SSH protocol
DEPRECATED= abandoned upstream
EXPIRATION_DATE=2010-10-15
.if !defined(WITHOUT_X11)
CONFLICTS= openssh-* ssh-* ssh2-nox11-*
.else
PKGNAMESUFFIX= -nox11
CONFLICTS= openssh-* ssh-* ssh2-[0-9]*
.endif
GNU_CONFIGURE= yes
MANCOMPRESSED= no
USE_RC_SUBR= sshd2.sh
MAN1= ssh2.1 ssh-keygen2.1 ssh-add2.1 ssh-agent2.1 scp2.1 sftp2.1 \
sshregex.1 ssh-probe2.1 ssh-dummy-shell.1
MAN5= ssh2_config.5 sshd-check-conf.5 sshd2_config.5 \
sshd2_subconfig.5
MAN8= sshd2.8
MLINKS= ssh2.1 ssh.1 ssh-add2.1 ssh-add.1 ssh-agent2.1 ssh-agent.1 \
ssh-keygen2.1 ssh-keygen.1 scp2.1 scp.1 sftp2.1 sftp.1 \
ssh-probe2.1 ssh-probe.1 sshd2.8 sshd.8
DOCS= CHANGES FAQ HOWTO.anonymous.sftp LICENSE NEWS README \
REGEX-SYNTAX SSH2.QUICKSTART \
RFC.authorization_program_protocol RFC.kbdint_plugin_protocol
EXAMPLES= ext_authorization_example.sh kbdint_plugin_example.sh
.include <bsd.port.pre.mk>
CONFIGURE_ARGS+= --disable-debug --with-foreign-etcdir=${PREFIX}/etc \
--with-libwrap
PKGMESSAGE= ${WRKDIR}/pkg-message
# Define if all your users are in their own group and their homedir
# is writeable by that group. Beware the security implications!
#
.if defined(WITH_GROUP_WRITEABILITY)
CONFIGURE_ARGS+= --enable-group-writeability
.endif
# Kerberos5 support in ssh2 is EXPERIMENTAL and requires MIT Kerberos,
# Heimdal is unsupported.
#
.if !defined(WITHOUT_KERBEROS) && defined(KRB5_HOME) && \
exists(${KRB5_HOME}/lib/libk5crypto.a)
LIB_DEPENDS+= krb5.3:${PORTSDIR}/security/krb5
CONFIGURE_ARGS+= --with-kerberos5=${KRB5_HOME} --disable-suid-ssh-signer
EXTRA_PATCHES+= ${FILESDIR}/kerberos-patch-apps::ssh::ssh2_config \
${FILESDIR}/kerberos-patch-apps::ssh::sshd2_config
.endif
.if !defined(WITHOUT_X11)
BUILD_DEPENDS+= xauth:${PORTSDIR}/x11/xauth
RUN_DEPENDS+= xauth:${PORTSDIR}/x11/xauth
USE_XORG= x11
PLIST_SUB+= WITH_X11:=""
.else
CONFIGURE_ARGS+= --without-x
PLIST_SUB+= WITH_X11:="@comment "
.endif
pre-everything::
.if !defined(WITH_GROUP_WRITEABILITY) || (!defined(WITHOUT_KERBEROS) && \
defined(KRB5_HOME) && exists(${KRB5_HOME}/lib/libk5crypto.a)) || \
!defined(WITHOUT_X11)
@${ECHO_MSG} ""
@${ECHO_MSG} "You may use the following build option(s):"
@${ECHO_MSG} ""
.if !defined(WITH_GROUP_WRITEABILITY)
@${ECHO_MSG} "WITH_GROUP_WRITEABILITY=yes builds with widened permissions check of home"
@${ECHO_MSG} " directories in hostbased- and publickey-"
@${ECHO_MSG} " authentication. May be usefull if all users"
@${ECHO_MSG} " are in their own group."
@${ECHO_MSG} " Beware the security implications!"
.endif
.if !defined(WITHOUT_KERBEROS) && defined(KRB5_HOME) && \
exists(${KRB5_HOME}/lib/libk5crypto.a)
@${ECHO_MSG} "WITHOUT_KERBEROS=yes builds without MIT Kerberos support even when"
@${ECHO_MSG} " security/krb5 is installed."
.endif
.if !defined(WITHOUT_X11)
@${ECHO_MSG} "WITHOUT_X11=yes builds without X11 support. Setting this is"
@${ECHO_MSG} " the same as compiling security/ssh2-nox11."
.endif
@${ECHO_MSG} ""
.endif
post-patch:
.for i in ${MAN1} ${MAN5} ${MAN8} ssh2_config sshd2_config
@${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g; \
s|\/usr\/local|${LOCALBASE}|g' \
${WRKSRC}/apps/ssh/${i}
.endfor
.for i in anonymous.example host_ext.example host_int.example
@${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g' \
${WRKSRC}/apps/ssh/subconfig/${i}
.endfor
@${FIND} ${WRKSRC} -name Makefile.in -print0 -type f | \
${XARGS} -0 ${REINPLACE_CMD} -E -e \
's|-I\$$\(top_srcdir\)\/lib\/zlib||g; \
s|\$$\(top_builddir\)\/lib\/zlib\/libz.a||g'
@${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g' \
${WRKSRC}/HOWTO.anonymous.sftp
@${REINPLACE_CMD} -e \
's|$$PATH:\/usr\/X11R6\/bin:\/usr\/X11\/bin|${LOCALBASE}\/bin|' \
${WRKSRC}/configure
@${REINPLACE_CMD} -E -e 's|\$$\(ETCDIR\)|${PREFIX}\/etc|g' \
${WRKSRC}/apps/ssh/ssh_dummy_shell.out
@${REINPLACE_CMD} -E -e 's|(^TESTS.+)(t-filecopy)|\1|g' \
${WRKSRC}/apps/ssh/tests/Makefile.in
@${SED} 's|%%PREFIX%%|${PREFIX}|g' \
${PKGDIR}/pkg-message > ${WRKDIR}/pkg-message
pre-install:
# Make sure there's no startup script left over from a previous installation.
@${RM} -f ${PREFIX}/etc/rc.d/sshd2.sh
post-install:
@${MKDIR} ${EXAMPLESDIR}
.for i in ${EXAMPLES}
@${INSTALL_DATA} ${WRKSRC}/$i ${EXAMPLESDIR}
.endfor
.if !defined(NOPORTDOCS)
@${MKDIR} ${DOCSDIR}
.for i in ${DOCS}
@${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR}
.endfor
.endif
@${CAT} ${WRKDIR}/pkg-message
test: build
@-cd ${WRKSRC}/lib/sshcrypto/tests && ${MAKE} check-TESTS
@-cd ${WRKSRC}/apps/ssh/lib/sshproto/tests && ${MAKE} check-TESTS
@-cd ${WRKSRC}/apps/ssh/tests && ${MAKE} check-TESTS
.include <bsd.port.post.mk>

3
security/ssh2/distinfo
View File

@ -1,3 +0,0 @@
MD5 (ssh-3.2.9.1.tar.gz) = f3ed49f13419d97dc1d0d3bfb4bb99bf
SHA256 (ssh-3.2.9.1.tar.gz) = 9d989fa1d99e2c95bd8a9dbf73b9495fc831061b8b6a951effd4c1bb1902a373
SIZE (ssh-3.2.9.1.tar.gz) = 2269281

10
security/ssh2/files/kerberos-patch-apps::ssh::ssh2_config
View File

@ -1,10 +0,0 @@
--- apps/ssh/ssh2_config.orig Wed Jan 21 19:14:28 2004
+++ apps/ssh/ssh2_config Wed Jan 21 19:26:01 2004
@@ -76,6 +76,7 @@
# AllowedAuthentications publickey,keyboard-interactive,password
# AllowedAuthentications hostbased,publickey,keyboard-interactive,password
+ AllowedAuthentications kerberos-tgt-2@ssh.com,kerberos-2@ssh.com,password
# For ssh-signer2 (only effective if set in the global configuration

19
security/ssh2/files/kerberos-patch-apps::ssh::sshd2_config
View File

@ -1,19 +0,0 @@
--- apps/ssh/sshd2_config.orig Wed Jan 21 19:12:25 2004
+++ apps/ssh/sshd2_config Wed Jan 21 19:24:11 2004
@@ -101,6 +101,7 @@
# AllowedAuthentications publickey,password
# AllowedAuthentications hostbased,publickey,password
# AllowedAuthentications hostbased,publickey,keyboard-interactive
+ AllowedAuthentications kerberos-tgt-2@ssh.com,kerberos-2@ssh.com,password
# RequiredAuthentications publickey,password
# LoginGraceTime 600
# AuthInteractiveFailureTimeout 2
@@ -169,7 +170,7 @@
# AllowGroups staff,users
# DenyGroups guest,anonymous
# PermitRootLogin yes
-# PermitRootLogin nopwd
+ PermitRootLogin nopwd
## Chrooted environment

117
security/ssh2/files/patch-HOWTO.anonymous.sftp
View File

@ -1,117 +0,0 @@
--- HOWTO.anonymous.sftp.orig Wed Dec 3 14:17:17 2003
+++ HOWTO.anonymous.sftp Thu Jan 1 19:18:54 2004
@@ -3,57 +3,27 @@
Author: Sami Lehtinen <sjl@ssh.com>
Created: Thu Oct 18 18:21:56 2001
-1. Follow the standard build process otherwise, except for the following
+1. Create a dedicated user account for the guest user (e.g. "ssh-guest").
- % ./configure --enable-static <your-flags-here>
-
- If your system doesn't support fully static binaries (atleast newer
- Solarises), you have to copy extra files after step 5, so that the
- necessary shared libraries and system configuration files can be
- found by ssh-dummy-shell and sftp-server in the chrooted
- environment.
-
- With internal sftp-server:
- You may also use the internal sftp-server. It simplifies logging and
- chrooting considerably. You don't need to build the static binaries.
-
-2. Create a dedicated user account for the guest user (e.g. "ssh-guest").
-
- In RH Linux:
-
- % useradd [-d home_dir] [-u uid] [-g group] [-s default-shell] ssh-guest
+ % pw useradd ssh-guest -m -s /nonexistent [-d homedir] [-u uid] [-g group]
Remember that the home directory will be the root ("/") of the
chrooted environment, so choose wisely (you can change it later, of
course).
-3. Set some known password (e.g. "guest") for the account with "passwd".
+2. Set some known password (e.g. "guest") for the account with "passwd".
-4. Change the user's shell to "ssh-dummy-shell" with "vipw".
+ % passwd ssh-guest
- With internal sftp-server:
- If you're using the internal sftp-server, you can use /bin/false or
- whatever as the user's shell. The sftp service isn't executed with
- the shell in this case. The user's shell doesn't even need to exist.
-
-5. Run
-
- % ssh-chrootmgr -v ssh-guest # (or the account you created)
-
- This will copy necessary static binaries to the user's home directory.
-
- With internal sftp-server:
- You don't need this step if you don't need the static
- ssh-dummy-shell.
-
-6. Modify /etc/ssh2/sshd2_config. Add the following line:
+3. Modify /etc/ssh2/sshd2_config. Add the following line:
ChRootUsers ssh-guest
-7. If you wish, you may announce the existence of this account in your
- login banner message. The file /etc/ssh2/ssh_banner_message, if not
- empty, will be displayed to incoming users before they authenticate. Or
- you can change the default by modifying the sshd2_config:
+4. If you wish, you may announce the existence of this account in your
+ login banner message. The file /etc/ssh2/ssh_banner_message,
+ if not empty, will be displayed to incoming users before they
+ authenticate. Or you can change the default by modifying the
+ /etc/ssh2/sshd2_config:
BannerMessageFile /etc/ssh2/some_other_ssh_banner_message
@@ -74,7 +44,7 @@
Remember that you may use subconfiguration files to change a banner
message based on e.g. user name (xxx example file).
-8. You most probably want to restrict access to read-only. For this,
+5. You most probably want to restrict access to read-only. For this,
change the accounts owner to something else (e.g. root):
% chown -R root:root ~ssh-guest
@@ -82,7 +52,7 @@
If you want to give some directories write access, change ownership of
those to "ssh-guest".
-9. To enable logging, you have to add the following line to sshd2_config
+6. To enable logging, you have to add the following line to sshd2_config
(or possibly to a subconfig file (see sshd2_subconfig(5))):
SftpSysLogFacility <facility>
@@ -90,26 +60,11 @@
<facility> could be LOCAL7, or whatever you wish. See sshd2_config(5)
for additional documentation.
- Note, that logging in the chrooted environment with a separate
- binary for sftp-server is tricky. Most likely you have to create a
- /dev/log device under the chrooted jail, and add that to the listened
- devices (with the full path) of your syslogd. See the documentation of
- syslog daemon for this. However, see below.
-
- With internal sftp-server:
- Logging in the chrooted jail is much simpler with the internal
- sftp-server. Just specify the correct SftpSysLogFacility, and you are
- set.
-
-10. Add your sftp-server to sshd2_config (if not already there):
-
- subsystem-sftp sftp-server
-
- With internal sftp-server:
+7. Add your sftp-server to sshd2_config (if not already there):
subsystem-sftp internal://sftp-server
-11. Remember to restart the sshd2 daemon after you modify the configuration
+8. Remember to restart the sshd2 daemon after you modify the configuration
file for the changes to take effect!
Have fun.

60
security/ssh2/files/patch-apps::ssh::Makefile.in
View File

@ -1,60 +0,0 @@
--- apps/ssh/Makefile.in.orig Wed Dec 3 14:17:48 2003
+++ apps/ssh/Makefile.in Fri Jan 2 09:23:14 2004
@@ -1019,36 +1019,20 @@
fi
install-symlinks:
- -mv -f $(DESTDIR)$(bindir)/ssh $(DESTDIR)$(bindir)/ssh.old
- -mv -f $(DESTDIR)$(bindir)/ssh-agent $(DESTDIR)$(bindir)/ssh-agent.old
- -mv -f $(DESTDIR)$(bindir)/ssh-add $(DESTDIR)$(bindir)/ssh-add.old
- -mv -f $(DESTDIR)$(bindir)/ssh-askpass $(DESTDIR)$(bindir)/ssh-askpass.old
- -mv -f $(DESTDIR)$(bindir)/ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen.old
- -mv -f $(DESTDIR)$(bindir)/scp $(DESTDIR)$(bindir)/scp.old
- -mv -f $(DESTDIR)$(bindir)/sftp $(DESTDIR)$(bindir)/sftp.old
- -mv -f $(DESTDIR)$(bindir)/sftp-server $(DESTDIR)$(bindir)/sftp-server.old
- -mv -f $(DESTDIR)$(bindir)/ssh-signer $(DESTDIR)$(bindir)/ssh-signer.old
- -mv -f $(DESTDIR)$(bindir)/ssh-probe $(DESTDIR)$(bindir)/ssh-probe.old
-
(cd $(DESTDIR)$(bindir) && $(LN_S) ssh2 ssh)
(cd $(DESTDIR)$(bindir) && $(LN_S) ssh-agent2 ssh-agent)
(cd $(DESTDIR)$(bindir) && $(LN_S) ssh-add2 ssh-add)
- (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-askpass2 ssh-askpass)
+ case x"@CONFPROGRAMS@" in \
+ x*askpass*) \
+ (cd $(DESTDIR)$(bindir) && $(LN_S) ssh-askpass2 ssh-askpass) ;; \
+ esac
(cd $(DESTDIR)$(bindir) && $(LN_S) ssh-keygen2 ssh-keygen)
(cd $(DESTDIR)$(bindir) && $(LN_S) scp2 scp)
(cd $(DESTDIR)$(bindir) && $(LN_S) sftp2 sftp)
(cd $(DESTDIR)$(bindir) && $(LN_S) sftp-server2 sftp-server)
(cd $(DESTDIR)$(bindir) && $(LN_S) ssh-signer2 ssh-signer)
(cd $(DESTDIR)$(bindir) && $(LN_S) ssh-probe2 ssh-probe)
- -mv -f $(DESTDIR)$(sbindir)/sshd $(DESTDIR)$(sbindir)/sshd.old
(cd $(DESTDIR)$(sbindir) && $(LN_S) sshd2 sshd)
- -mv -f $(DESTDIR)$(mandir)/man1/ssh.1 $(DESTDIR)$(mandir)/man1/ssh.old.1
- -mv -f $(DESTDIR)$(mandir)/man1/ssh-add.1 $(DESTDIR)$(mandir)/man1/ssh-add.old.1
- -mv -f $(DESTDIR)$(mandir)/man1/ssh-agent.1 $(DESTDIR)$(mandir)/man1/ssh-agent.old.1
- -mv -f $(DESTDIR)$(mandir)/man1/ssh-keygen.1 $(DESTDIR)$(mandir)/man1/ssh-keygen.old.1
- -mv -f $(DESTDIR)$(mandir)/man1/scp.1 $(DESTDIR)$(mandir)/man1/scp.old.1
- -mv -f $(DESTDIR)$(mandir)/man1/sftp.1 $(DESTDIR)$(mandir)/man1/sftp.old.1
- -mv -f $(DESTDIR)$(mandir)/man1/ssh-probe.1 $(DESTDIR)$(mandir)/man1/ssh-probe.old.1
(cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh2.1 ssh.1)
(cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-add2.1 ssh-add.1)
(cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-agent2.1 ssh-agent.1)
@@ -1056,7 +1040,6 @@
(cd $(DESTDIR)$(mandir)/man1 && $(LN_S) scp2.1 scp.1)
(cd $(DESTDIR)$(mandir)/man1 && $(LN_S) sftp2.1 sftp.1)
(cd $(DESTDIR)$(mandir)/man1 && $(LN_S) ssh-probe2.1 ssh-probe.1)
- -mv -f $(DESTDIR)$(mandir)/man8/sshd.8 $(DESTDIR)$(mandir)/man8/sshd.old.8
(cd $(DESTDIR)$(mandir)/man8 && $(LN_S) sshd2.8 sshd.8)
clean-up-old:
@@ -1075,7 +1058,7 @@
-chown root $(DESTDIR)$(bindir)/ssh-signer2
-chmod $(SSH_SIGNER_INSTALL_MODE) $(DESTDIR)$(bindir)/ssh-signer2
-install-data-hook: make-install-dirs generate-host-key install-symlinks
+install-data-hook: make-install-dirs install-symlinks
-@if test '!' -f $(DESTDIR)$(etcdir)/sshd2_config ; then \
echo Installing $(DESTDIR)$(etcdir)/sshd2_config ; \
$(INSTALL_DATA) $(srcdir)/sshd2_config \

22
security/ssh2/files/patch-apps::ssh::lib::sshproto::sshconn.c
View File

@ -1,22 +0,0 @@
--- apps/ssh/lib/sshproto/sshconn.c.orig 2003-12-03 15:17:34.000000000 +0200
+++ apps/ssh/lib/sshproto/sshconn.c
@@ -452,7 +452,8 @@ Boolean ssh_conn_send_channel_data_type(
(unsigned int) SSH_MSG_CHANNEL_DATA,
SSH_FORMAT_UINT32, (SshUInt32)
channel->remote_id,
- SSH_FORMAT_UINT32_STR, buf, len,
+ SSH_FORMAT_UINT32_STR, buf,
+ (size_t) len,
SSH_FORMAT_END);
}
else
@@ -465,7 +466,8 @@ Boolean ssh_conn_send_channel_data_type(
SSH_FORMAT_UINT32, (SshUInt32)
channel->remote_id,
SSH_FORMAT_UINT32, (SshUInt32) i,
- SSH_FORMAT_UINT32_STR, buf, len,
+ SSH_FORMAT_UINT32_STR, buf,
+ (size_t) len,
SSH_FORMAT_END);
}

20
security/ssh2/files/patch-apps::ssh::lib::sshproto::trcommon.c
View File

@ -1,20 +0,0 @@
--- apps/ssh/lib/sshproto/trcommon.c.orig 2003-12-03 15:17:33.000000000 +0200
+++ apps/ssh/lib/sshproto/trcommon.c
@@ -555,7 +555,7 @@ void ssh_tr_send_packet(SshTransportComm
SSH_DEBUG(5, ("Outgoing empty, sending empty ignore packet."));
ret = ssh_encode_buffer(&new_packet,
SSH_FORMAT_CHAR, (unsigned int) SSH_MSG_IGNORE,
- SSH_FORMAT_UINT32, 0L,
+ SSH_FORMAT_UINT32, (SshUInt32) 0,
SSH_FORMAT_END);
SSH_VERIFY(ret > 0);
ssh_tr_encode_packet(tr, ssh_buffer_ptr(&new_packet),
@@ -3171,7 +3171,7 @@ void ssh_tr_process_up_incoming_packet(S
ssh_encode_buffer(new_packet,
SSH_FORMAT_CHAR, (unsigned int) SSH_MSG_IGNORE,
- SSH_FORMAT_UINT32, ignore_len,
+ SSH_FORMAT_UINT32, (SshUInt32) ignore_len,
SSH_FORMAT_END);
ssh_xbuffer_append_space(new_packet, &datap, ignore_len);

11
security/ssh2/files/patch-apps::ssh::ssh-agent2.c
View File

@ -1,11 +0,0 @@
--- apps/ssh/ssh-agent2.c.orig 2003-12-03 15:17:27.000000000 +0200
+++ apps/ssh/ssh-agent2.c
@@ -1802,7 +1802,7 @@ void ssh_agenti_ssh1_encode_mp(SshBuffer
num_buf = ssh_xmalloc(num_buf_len);
ssh_mp_get_buf(num_buf, num_buf_len, n);
ssh_encode_buffer(buffer,
- SSH_FORMAT_DATA, len_buf, 2,
+ SSH_FORMAT_DATA, len_buf, (size_t) 2,
SSH_FORMAT_DATA, num_buf, num_buf_len,
SSH_FORMAT_END);
ssh_xfree(num_buf);

11
security/ssh2/files/patch-apps::ssh::ssh-signer2.c
View File

@ -1,11 +0,0 @@
--- apps/ssh/ssh-signer2.c.orig 2003-12-03 15:17:26.000000000 +0200
+++ apps/ssh/ssh-signer2.c
@@ -264,7 +264,7 @@ SSH_FSM_STEP(signer_send_error)
(unsigned int) gdata->error_code_to_ssh2,
SSH_FORMAT_UINT32_STR, gdata->error_message_to_ssh2,
strlen(gdata->error_message_to_ssh2),
- SSH_FORMAT_UINT32_STR, "en", 2,
+ SSH_FORMAT_UINT32_STR, "en", (size_t) 2,
SSH_FORMAT_END);
ssh_packet_wrapper_can_receive(gdata->wrapper, FALSE);

11
security/ssh2/files/patch-apps::ssh::ssh1proto.c
View File

@ -1,11 +0,0 @@
--- apps/ssh/ssh1proto.c.orig 2003-12-03 15:17:26.000000000 +0200
+++ apps/ssh/ssh1proto.c
@@ -3918,7 +3918,7 @@ void ssh1_handle_packet_smsg_auth_rsa_ch
SSH_FORMAT_UINT32_STR,
challenge_buf, challenge_len,
SSH_FORMAT_UINT32_STR,
- ssh1->session_id, 16,
+ ssh1->session_id, (size_t) 16,
SSH_FORMAT_END);
ssh_xfree(challenge_buf);
ssh1->mode = SSH1_AGENT_OPERATION_IN_PROGRESS;

17
security/ssh2/files/patch-apps::ssh::ssh2_config.5
View File

@ -1,17 +0,0 @@
--- apps/ssh/ssh2_config.5.orig Wed Dec 3 17:05:48 2003
+++ apps/ssh/ssh2_config.5 Wed Dec 3 17:06:25 2003
@@ -136,14 +136,6 @@
.ne 3
.TP
-.B Cert.RSA.Compat.HashScheme
-Older SSH Secure Shell clients and servers used hashes in an incoherent
-manner (sometimes MD5, sometimes SHA-1). With this option, you can set
-what hash is used. Valid values are "\fBmd5\fR" and "\fBsha1\fR". The
-default is "\fBmd5\fR" (works in most cases).
-.ne 3
-
-.TP
.B Ciphers
Specifies the ciphers to use for encrypting the
session. Currently,

289
security/ssh2/files/patch-apps::ssh::sshchsession.c
View File

@ -1,289 +0,0 @@
--- apps/ssh/sshchsession.c.orig Thu Jul 3 00:19:57 2003
+++ apps/ssh/sshchsession.c Thu Jul 3 00:21:12 2003
@@ -122,6 +122,11 @@
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+#include <login_cap.h>
+#include <sys/copyright.h>
+#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
+
#define SSH_DEBUG_MODULE "Ssh2ChannelSession"
#define SSH_SESSION_INTERACTIVE_WINDOW 10000
@@ -487,6 +492,14 @@
char *user_conf_dir = NULL;
int i;
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ extern char **environ;
+ char *path, *newpath, **saveenv;
+ struct passwd *pw;
+
+ pw = getpwuid(ssh_user_uid(session->common->user_data));
+#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
+
user_name = session->common->user;
if (ssh_user_needs_chroot(session->common->user_data, session->common))
@@ -502,7 +515,11 @@
ssh_child_set_env(envp, envsizep, "HOME", user_dir);
ssh_child_set_env(envp, envsizep, "USER", user_name);
ssh_child_set_env(envp, envsizep, "LOGNAME", user_name);
+#ifdef __FreeBSD__
+ ssh_child_set_env(envp, envsizep, "PATH", _PATH_STDPATH SSH_BINDIR);
+#else
ssh_child_set_env(envp, envsizep, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
+#endif
#ifdef MAIL_SPOOL_DIRECTORY
ssh_snprintf(buf, sizeof(buf), "%s/%s", MAIL_SPOOL_DIRECTORY, user_name);
@@ -529,6 +546,39 @@
if (getenv("TZ"))
ssh_child_set_env(envp, envsizep, "TZ", getenv("TZ"));
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ saveenv = environ;
+ environ = *envp;
+
+ if (setusercontext(NULL, pw, ssh_user_uid(session->common->user_data),
+ LOGIN_SETPATH | LOGIN_SETENV) == 0)
+ {
+ if ((path = getenv("PATH")) == NULL)
+ newpath = ssh_xstrdup(SSH_BINDIR);
+ else if (strstr(path, SSH_BINDIR) == NULL)
+ ssh_dsprintf(&newpath, "%s:%s", path, SSH_BINDIR);
+ else
+ newpath = ssh_xstrdup(path);
+
+ *envp = environ;
+ environ = saveenv;
+ for (*envsizep = 0; (*envp)[*envsizep] != NULL; (*envsizep)++)
+ ; /* nothing */
+ *envsizep += 51;
+ (*envp) = ssh_xrealloc(*envp, (*envsizep) * sizeof(char *));
+
+ ssh_child_set_env(envp, envsizep, "PATH", newpath);
+ ssh_xfree(newpath);
+ }
+ else
+ {
+ *envp = environ;
+ environ = saveenv;
+ ssh_debug("setusercontext: unable to set user context");
+ }
+ endpwent();
+#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
+
/* Set SSH_CLIENT. */
ssh_snprintf(buf, sizeof(buf), "%s %s %s %s",
session->common->remote_ip, session->common->remote_port,
@@ -632,6 +682,11 @@
FILE *f;
char *user_conf_dir = NULL;
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ struct passwd *pw;
+ login_cap_t *lc;
+#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
+
#ifdef SSH_CHANNEL_X11
const char *auth_protocol;
const char *auth_cookie;
@@ -643,6 +698,18 @@
#endif /* SSH_CHANNEL_X11 */
shell = ssh_user_shell(session->common->user_data);
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ pw = getpwuid(ssh_user_uid(session->common->user_data));
+ lc = login_getpwclass(pw);
+ if (lc == NULL)
+ ssh_debug("Unable to get login class: %s", session->common->user);
+ else
+ {
+ shell = login_getcapstr(lc, "shell", (char *) shell, (char *) shell);
+ login_close(lc);
+ }
+ endpwent();
+#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
user_conf_dir = ssh_user_conf_dir(session->common->user_data,
session->common->config);
@@ -844,12 +911,24 @@
extern char **environ;
unsigned int envsize;
int i;
- FILE *f;
+ FILE *f = NULL;
char *subsystem_path = NULL;
Boolean needs_chroot = FALSE, run_internal_sftp_server = FALSE;
const char *chroot_dir = NULL;
SshUserFDCloseCB close_fds = NULL_FNPTR;
SshConfig config = session->common->config;
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ struct passwd *pw;
+ login_cap_t *lc;
+
+ pw = getpwuid(ssh_user_uid(session->common->user_data));
+ lc = login_getpwclass(pw);
+ if (lc == NULL)
+ {
+ ssh_debug("Unable to get login class: %s", session->common->user);
+ exit(254);
+ }
+#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
@@ -865,6 +944,11 @@
#endif /* HAVE_IF */
/* Check /etc/nologin. */
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ if (pw->pw_uid != UID_ROOT && !login_getcapbool(lc, "ignorenologin", 0))
+ f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN, _PATH_NOLOGIN),
+ "r");
+#else /* ! (__FreeBSD && HAVE_LOGIN_CAP_H) */
if ((f = fopen("/etc/nologin", "r")) == NULL)
{
char hname[MAXHOSTNAMELEN];
@@ -877,12 +961,17 @@
ssh_debug("%s %s.", nologin_path, f ? "exists" : "does not exist");
ssh_xfree(nologin_path);
}
+#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
if (f)
{ /* /etc/nologin exists. Print its contents and exit. */
/* Print a message about /etc/nologin existing; I am getting
questions because of this every week. */
+#ifdef __FreeBSD__
+ ssh_warning("Logins are currently denied with " _PATH_NOLOGIN ":");
+#else
ssh_warning("Logins are currently denied with /etc/nologin:");
+#endif
while (fgets(buf, sizeof(buf), f))
fputs(buf, stderr);
fclose(f);
@@ -963,8 +1052,8 @@
{
if (chdir("/") < 0)
{
- ssh_debug("Chroot to user '%s' home directory failed!",
- session->common->user);
+ ssh_debug("Chroot to user '%s' home directory failed: %s",
+ session->common->user, strerror(errno));
exit(254);
}
}
@@ -975,6 +1064,10 @@
ssh_warning("Could not chdir to home directory %s: %s",
ssh_user_dir(session->common->user_data),
strerror(errno));
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ if (login_getcapbool(lc, "requirehome", 0))
+ exit(254);
+#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
chdir("/");
}
}
@@ -1128,6 +1221,12 @@
shell = ssh_user_shell(session->common->user_data);
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ shell = login_getcapstr(lc, "shell", (char *) shell, (char *) shell);
+ login_close(lc);
+ endpwent();
+#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
+
argv[0] = (char *)shell;
argv[1] = "-c";
argv[2] = (char *)session->common->forced_command;
@@ -1158,6 +1257,9 @@
/* Get the user's shell, and the last component of it. */
shell = ssh_user_shell(session->common->user_data);
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ shell = login_getcapstr(lc, "shell", (char *) shell, (char *) shell);
+#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
shell_no_path = strrchr(shell, '/');
if (shell_no_path)
@@ -1188,6 +1290,9 @@
(needs_chroot ? "" :
ssh_user_dir(session->common->user_data)));
quiet_login = stat(linebuf, &st) >= 0;
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ quiet_login |= login_getcapbool(lc, "hushlogin", 0);
+#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
if (!quiet_login)
{
@@ -1217,11 +1322,28 @@
ssh_xfree(time_string);
}
#endif /* HAVE_SIA */
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ SSH_DEBUG(7, ("Printing copyright."));
+ f = fopen(login_getcapstr(lc, "copyright", NULL, NULL), "r");
+ if (f)
+ {
+ while (fgets(linebuf, sizeof(linebuf), f) != NULL)
+ fputs(linebuf, stdout);
+ fclose(f);
+ }
+ else
+ fputs(COPYRIGHT_UCB "\n", stdout);
+#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
/* print motd, if "PrintMotd yes" and it exists */
if (config->print_motd)
{
SSH_DEBUG(7, ("Printing MOTD."));
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
+ "/etc/motd"), "r");
+#else /* ! (__FreeBSD && HAVE_LOGIN_CAP_H) */
f = fopen("/etc/motd", "r");
+#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
if (f)
{
while (fgets(linebuf, sizeof(linebuf), f))
@@ -1239,7 +1361,11 @@
{
struct stat mailbuf;
if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0)
+#ifndef __FreeBSD__
printf("No mail.\n");
+#else
+ ; /* nothing */
+#endif
else if (mailbuf.st_atime > mailbuf.st_mtime)
printf("You have mail.\n");
else
@@ -1249,6 +1375,11 @@
}
}
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ login_close(lc);
+ endpwent();
+#endif /* __FreeBSD__ && HAVE_LOGIN_CAP_H */
+
execve(shell, argv, env);
/* Executing the shell failed. */
perror(shell);
@@ -2315,9 +2446,9 @@
{
ssh_encode_buffer(&buffer,
SSH_FORMAT_UINT32, (SshUInt32) -exit_status,
- SSH_FORMAT_BOOLEAN, FALSE,
- SSH_FORMAT_UINT32_STR, NULL, 0,
- SSH_FORMAT_UINT32_STR, NULL, 0,
+ SSH_FORMAT_BOOLEAN, (Boolean) FALSE,
+ SSH_FORMAT_UINT32_STR, NULL, (size_t) 0,
+ SSH_FORMAT_UINT32_STR, NULL, (size_t) 0,
SSH_FORMAT_END);

24
security/ssh2/files/patch-apps::ssh::sshd2.8
View File

@ -1,24 +0,0 @@
--- apps/ssh/sshd2.8.orig Wed Dec 3 14:17:23 2003
+++ apps/ssh/sshd2.8 Sun Dec 28 17:09:32 2003
@@ -241,20 +241,11 @@
login time, message of the day and mailcheck.)
.TP
-.I /etc/nologin
+.I /var/run/nologin
If this file exists,
.B sshd2
refuses to let anyone except root log in. The contents of the file
is displayed to anyone trying to log in. The file should be world-readable.
-
-.TP
-.I /etc/nologin_<hostname>
-As above, but the filename is constructed from the name of the
-host. Check output of
-.B hostname
-to see what name you should use in the filename. This functionality is
-supposed to be used by clustered machines (which share
-.IR /etc ).
.TP
.I \&$HOME/\s+2.\s0rhosts

26
security/ssh2/files/patch-apps::ssh::sshd2_config
View File

@ -1,26 +0,0 @@
--- apps/ssh/sshd2_config.orig Wed Dec 3 14:17:28 2003
+++ apps/ssh/sshd2_config Thu Jan 1 19:33:35 2004
@@ -22,9 +22,8 @@
## Network
-# Port is not commented out, as it is needed by the example startup
-# scripts. Well, the default won't likely change.
- Port 22
+# Port is commented out as it is specified by the startup script.
+# Port 22
# ListenAddress any
# ResolveClientHostName yes
# RequireReverseMapping no
@@ -188,9 +187,9 @@
## subsystem definitions
# Subsystems don't have defaults, so this is needed here (uncommented).
- subsystem-sftp sftp-server
+# subsystem-sftp sftp-server
# Also internal sftp-server subsystem can be used.
-# subsystem-sftp internal://sftp-server
+ subsystem-sftp internal://sftp-server
## Subconfiguration
# There are no default subconfiguration files. When specified the last

23
security/ssh2/files/patch-apps::ssh::sshd2_config.5
View File

@ -1,23 +0,0 @@
--- apps/ssh/sshd2_config.5.orig Wed Dec 3 17:08:53 2003
+++ apps/ssh/sshd2_config.5 Wed Dec 3 17:09:35 2003
@@ -288,20 +288,6 @@
.ne 3
.TP
-.B Cert.RSA.Compat.HashScheme
-Older SSH Secure Shell clients and servers used hashes in an incoherent
-manner (sometimes MD5, sometimes SHA-1). With this option, you can set
-what hash is used. This option can be set in
-.BR HostSpecificConfig ,
-and then reset in
-.BR UserSpecificConfig ,
-in which case the value set in host-specific configuration will apply to
-the initial key exchange and during authentication the value in the
-user-specific configuration will be used. Valid values are "\fBmd5\fR"
-and "\fBsha1\fR". The default is "\fBmd5\fR" (works in most cases).
-.ne 3
-
-.TP
.B CheckMail
Makes \fBsshd2\fR print information whether there is new mail or not
when a user logs in interactively. (On some systems this information

11
security/ssh2/files/patch-apps::ssh::sshd2_subconfig.5
View File

@ -1,11 +0,0 @@
--- apps/ssh/sshd2_subconfig.5.orig Wed Dec 3 17:13:11 2003
+++ apps/ssh/sshd2_subconfig.5 Wed Dec 3 17:13:31 2003
@@ -136,8 +136,6 @@
.LP
.B AuthPublicKey.MinSize
.LP
-.B Cert.RSA.Compat.HashScheme
-.LP
.B CheckMail
.LP
.B DenyShosts

10
security/ssh2/files/patch-apps::ssh::sshfilecopy.c
View File

@ -1,10 +0,0 @@
--- apps/ssh/sshfilecopy.c.orig Wed Dec 3 14:17:25 2003
+++ apps/ssh/sshfilecopy.c Sun Feb 19 20:33:18 2006
@@ -915,6 +915,7 @@
/* This file is at it's end. */
fprintf(stdout, "\r\n");
}
+ fflush(stdout);
}

12
security/ssh2/files/patch-apps::ssh::sshpamserver.c
View File

@ -1,12 +0,0 @@
--- apps/ssh/sshpamserver.c.orig 2003-12-03 15:17:26.000000000 +0200
+++ apps/ssh/sshpamserver.c
@@ -306,7 +306,8 @@ int send_packet(int fd, SshPacketType pa
buffer = ssh_xbuffer_allocate();
ssh_encode_buffer(buffer,
- SSH_FORMAT_UINT32, ssh_buffer_len(packet) + 1,
+ SSH_FORMAT_UINT32,
+ (SshUInt32) (ssh_buffer_len(packet) + 1),
SSH_FORMAT_CHAR, (unsigned int)packet_type,
SSH_FORMAT_DATA, ssh_buffer_ptr(packet),
ssh_buffer_len(packet),

49
security/ssh2/files/patch-configure
View File

@ -1,49 +0,0 @@
--- configure.orig Wed Dec 3 14:17:42 2003
+++ configure Mon Dec 29 01:43:15 2003
@@ -3773,7 +3773,7 @@
#
# So many systems seem to need this that it is better do it here automatically.
-LIBS="-L/usr/local/lib $LIBS"
+#LIBS="-L/usr/local/lib $LIBS"
# Platform-specific stuff.
case "$target" in
@@ -9731,6 +9731,9 @@
no_ranlib=yes
CFLAGS="$CFLAGS -UM_I86SM"
;;
+ *-*-freebsd*)
+ os_freebsd=yes
+ ;;
*)
;;
esac
@@ -10994,7 +10997,7 @@
fi
if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
echo "$ac_t""yes" 1>&6
- X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE"
+# X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE"
else
echo "$ac_t""no" 1>&6
fi
@@ -11112,7 +11115,7 @@
#include "confdefs.h"
#include <$ac_hdr>
EOF
-ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+ac_try="$ac_cpp -I$x_includes conftest.$ac_ext >/dev/null 2>conftest.out"
{ (eval echo configure:11117: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
@@ -13011,6 +13014,9 @@
fi
else
ssh2_ldadd_options="-L. -Llib/sshkeyutil -Llib/sshproto -L../../lib -lssh2 -lsshproto -lsshkeyutil $SCM_LDADD $ssh2_toolkit_ldadd -lssh"
+ if test -n "$os_freebsd"; then
+ ssh2_ldadd_options="$ssh2_ldadd_options -lz"
+ fi
fi

23
security/ssh2/files/patch-lib::Makefile.in
View File

@ -1,23 +0,0 @@
--- lib/Makefile.in.orig Wed Dec 3 14:17:43 2003
+++ lib/Makefile.in Sun Jul 30 14:39:00 2006
@@ -124,7 +124,7 @@
AUTOMAKE_OPTIONS = 1.0 foreign dist-zip no-dependencies
-SUBDIRS = sshutil zlib sshmath sshasn1 sshreadline sshcrypto sshsession sshpgp sshapputil sshfilexfer
+SUBDIRS = sshutil sshmath sshasn1 sshreadline sshcrypto sshsession sshpgp sshapputil sshfilexfer
#
@@ -449,11 +449,6 @@
local-includes:
-if test '!' -d ../include; then mkdir ../include; fi
- for i in zlib/zlib.h zlib/zconf.h; do \
- if test -f $(srcdir)/$$i; then \
- $(COPY_INCLUDE) $(srcdir)/$$i ../include; \
- fi; \
- done
includes: local-includes
for d in $(SUBDIRS); do (cd $$d && $(MAKE) includes); done

20
security/ssh2/files/patch-lib::sshapputil::sshuserfile.c
View File

@ -1,20 +0,0 @@
--- lib/sshapputil/sshuserfile.c.orig Wed Dec 3 14:17:21 2003
+++ lib/sshapputil/sshuserfile.c Mon Dec 29 20:58:27 2003
@@ -742,12 +742,13 @@
if (uid != geteuid() || uid != getuid())
{
#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
- struct passwd * pw = getpwuid(uid);
- login_cap_t * lc = login_getuserclass(pw);
- if (setusercontext(lc, pw, uid,
+ struct passwd *pw;
+
+ pw = getpwuid(uid);
+ if (setusercontext(NULL, pw, uid,
LOGIN_SETALL & ~(LOGIN_SETLOGIN | LOGIN_SETPATH |
LOGIN_SETENV)) < 0)
- ssh_fatal("setusercontext: %s", strerror(errno));
+ ssh_fatal("setusercontext: unable to set user context");
#else /* ! (__FreeBSD && HAVE_LOGIN_CAP_H) */
if (setgid(gid) < 0)
ssh_fatal("setgid: %s", strerror(errno));

21
security/ssh2/files/patch-lib::sshfilexfer::sshfilexfers.c
View File

@ -1,21 +0,0 @@
--- lib/sshfilexfer/sshfilexfers.c.orig 2003-12-03 15:17:22.000000000 +0200
+++ lib/sshfilexfer/sshfilexfers.c 2006-02-22 10:44:25.000000000 +0200
@@ -5,7 +5,7 @@
Authors: Tatu Ylonen <ylo@ssh.com>
Sami Lehtinen <sjl@ssh.com>
- Copyright (c) 1998-2001 SSH Communications Security Corp, Finland
+ Copyright (c) 1998-2001, 2006 SSH Communications Security Corp, Finland
All rights reserved
Generic file transfer module, server side.
@@ -115,7 +115,8 @@
if (server->log_facility >= 0) \
{ \
char *msg = ssh_debug_format varcall; \
- ssh_log_event(det_fac(category, server->log_facility), severity, msg); \
+ ssh_log_event(det_fac(category, server->log_facility), severity, \
+ "%s", msg); \
ssh_xfree(msg); \
} \
} while (0)

32
security/ssh2/files/patch-lib::sshreadline::sshreadline.c
View File

@ -1,32 +0,0 @@
--- lib/sshreadline/sshreadline.c.orig Wed Dec 3 14:17:20 2003
+++ lib/sshreadline/sshreadline.c Fri Aug 18 20:58:55 2006
@@ -500,8 +500,13 @@
new_term.c_lflag &= ~(ECHO | ICANON);
new_term.c_cc[VMIN] = 1;
new_term.c_cc[VTIME] = 1;
- if (tcsetattr(fd, TCSAFLUSH, &new_term) < 0)
+ while (tcsetattr(fd, TCSAFLUSH, &new_term) < 0)
{
+ if (errno == EINTR)
+ {
+ errno = 0; /* For Solaris; just to make sure. */
+ continue;
+ }
ssh_warning("tcsetattr failed in ssh_rl_set_tty_modes_for_fd: "
"fd %d: %.200s", fd, strerror(errno));
return -1;
@@ -561,8 +566,13 @@
{
fcntl(fd, F_SETFL, fcntl_flags);
- if (tcsetattr(fd, TCSAFLUSH, saved_tio) < 0)
+ while (tcsetattr(fd, TCSAFLUSH, saved_tio) < 0)
{
+ if (errno == EINTR)
+ {
+ errno = 0; /* For Solaris; just to make sure. */
+ continue;
+ }
ssh_warning("tcsetattr failed in ssh_rl_restore_tty_modes_for_fd: "
"fd %d: %.200s", fd, strerror(errno));
return -1;

69
security/ssh2/files/patch-lib::sshsession::sshunixuser.c
View File

@ -1,69 +0,0 @@
--- lib/sshsession/sshunixuser.c.orig Wed Dec 3 14:17:21 2003
+++ lib/sshsession/sshunixuser.c Mon Dec 29 20:57:45 2003
@@ -104,6 +104,10 @@
#define SSH_DEBUG_MODULE "SshUnixUser"
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+#include <login_cap.h>
+#endif /* __FreeBSD && HAVE_LOGIN_CAP_H */
+
extern char *crypt(const char *key, const char *salt);
/* Group structure. */
@@ -1477,6 +1481,37 @@
/* Set uid, gid, and groups. */
if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
{
+#if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ struct passwd *pw;
+
+ pw = getpwuid(ssh_user_uid(uc));
+ if (setusercontext(NULL, pw, ssh_user_uid(uc),
+ LOGIN_SETALL & ~(LOGIN_SETLOGIN | LOGIN_SETUSER |
+ LOGIN_SETPATH | LOGIN_SETENV)) < 0)
+ {
+ SSH_DEBUG(2, ("setusercontext: unable to set user context"));
+ return FALSE;
+ }
+ endgrent();
+
+ /* chrooting at this point. */
+ if (chroot_dir)
+ {
+ if (chroot(chroot_dir) < 0)
+ {
+ ssh_warning("Chroot to '%s' failed: %s", chroot_dir,
+ strerror(errno));
+ return FALSE;
+ }
+ }
+
+ if (setusercontext(NULL, pw, ssh_user_uid(uc), LOGIN_SETUSER) < 0)
+ {
+ SSH_DEBUG(2, ("setusercontext: unable to set user context"));
+ return FALSE;
+ }
+ endpwent();
+#else /* ! (__FreeBSD && HAVE_LOGIN_CAP_H) */
if (setgid(ssh_user_gid(uc)) < 0)
{
SSH_DEBUG(2, ("setgid: %s", strerror(errno)));
@@ -1524,7 +1559,8 @@
{
if (chroot(chroot_dir) < 0)
{
- ssh_warning("Chroot to '%s' failed!", chroot_dir);
+ ssh_warning("Chroot to '%s' failed: %s", chroot_dir,
+ strerror(errno));
return FALSE;
}
}
@@ -1578,6 +1614,7 @@
return FALSE;
}
#endif /* HAVE_SIA */
+#endif /* __FreeBSD && HAVE_LOGIN_CAP_H */
}
#ifdef KERBEROS

20
security/ssh2/files/patch-lib::sshutil::sshincludes.h
View File

@ -1,20 +0,0 @@
--- lib/sshutil/sshincludes.h.orig Wed Dec 3 14:17:18 2003
+++ lib/sshutil/sshincludes.h Sun Jul 30 15:27:37 2006
@@ -331,7 +331,7 @@
#define UID_ROOT 0
#endif /* UID_ROOT */
-#ifdef SSHDIST_ZLIB
+#if defined(SSHDIST_ZLIB) && !defined(__FreeBSD__)
/* Define zlib to have ssh prefix, so we will not care if there is another zlib
in the kernel */
#define deflateInit_ ssh_z_deflateInit_
@@ -367,7 +367,7 @@
#define uLongf ssh_z_uLongf
#define voidpf ssh_z_voidpf
#define voidp ssh_z_voidp
-#endif /* SSHDIST_ZLIB */
+#endif /* SSHDIST_ZLIB && !__FreeBSD__ */

12
security/ssh2/files/patch-sshdistdefs.h
View File

@ -1,12 +0,0 @@
--- sshdistdefs.h.orig Wed Dec 3 14:17:34 2003
+++ sshdistdefs.h Sun Jul 30 15:29:21 2006
@@ -12,7 +12,9 @@
#ifndef SSHDISTDEFS_H
#define SSHDISTDEFS_H
+#if !defined(__FreeBSD__)
#define SSHDIST_ZLIB_LEVEL_DETECTION
+#endif
#define SSHDIST_CRYPT_HMAC
#define SSHDIST_SESSION_SIA
#define SSHDIST_SSH2_SOCKS_FILTER

64
security/ssh2/files/sshd2.sh.in
View File

@ -1,64 +0,0 @@
#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: sshd2
# REQUIRE: LOGIN
#
# Available configuration variables for sshd2 are:
#
# sshd2_enable (bool): Set to "YES" to enable sshd2. Defaults to "NO".
# sshd2_flags (flags): Extra flags to sshd2 (see sshd2(8)). Defaults to "".
# sshd2_port (port): Listening port of sshd2. Defaults to "22".
#
# Add at least the following line to /etc/rc.conf or /etc/rc.conf.local to
# enable sshd2:
#
# sshd2_enable="YES"
#
. /etc/rc.subr
name="sshd2"
rcvar=${name}_enable
command=%%PREFIX%%/sbin/${name}
command_args="2> /dev/null"
required_files=/usr/local/etc/ssh2/${name}_config
keygen_cmd="sshd2_keygen"
start_precmd="sshd2_precmd"
extra_commands="keygen reload"
sshd2_keygen()
{
(
umask 022
if [ -f %%PREFIX%%/etc/ssh2/hostkey ]; then
echo "You already have a host key in" \
"%%PREFIX%%/etc/ssh2/hostkey."
echo "Skipping key generation."
else
%%PREFIX%%/bin/ssh-keygen2 -P -t dsa -c "DSA hostkey" \
%%PREFIX%%/etc/ssh2/hostkey
fi
)
}
sshd2_precmd()
{
if [ ! -f %%PREFIX%%/etc/ssh2/hostkey ]; then
run_rc_command keygen
fi
rc_flags="${rc_flags} -p ${sshd2_port}"
}
load_rc_config $name
: ${sshd2_enable="NO"}
: ${sshd2_port="22"}
pidfile=/var/run/${name}_${sshd2_port}.pid
run_rc_command "$1"

23
security/ssh2/pkg-descr
View File

@ -1,23 +0,0 @@
SSH Protocols and Secure Shell
Secure Shell is the secure login program that revolutionized remote
management of networks hosts over the Internet. It is a powerful,
very easy-to-use program that uses strong cryptography for protecting
all transmitted confidential data, including passwords, binary files,
and administrative commands.
The benefits of SSH include:
o Automatic authentication of users, no passwords sent in cleartext to
prevent the stealing of passwords.
o Multiple strong authentication methods that prevent such security
threats as spoofing identity.
o Authentication of both ends of connection, the server and the client
are authenticated to prevent identity spoofing, trojan horses, etc.
o Automatic authentication using agents to enable strong
authentication to multiple systems with a single-sign-on.
o Encryption and compression of data for security and speed.
o Secure file transfer.
o Tunneling and encryption of arbitrary connections.
WWW: http://www.ssh.com/

20
security/ssh2/pkg-message
View File

@ -1,20 +0,0 @@
===========================================================================
Depending on how you would like to start sshd2(8) you have two choices:
1) Add the following line to /etc/rc.conf or /etc/rc.conf.local:
sshd2_enable="YES"
For further available configuration variables when using this method see
%%PREFIX%%/etc/rc.d/sshd2{,.sh}.
2) Add the following entries to your /etc/inetd.conf:
ssh stream tcp nowait root %%PREFIX%%/sbin/sshd2 sshd -i
ssh stream tcp6 nowait root %%PREFIX%%/sbin/sshd2 sshd -i
Using this method requires to manually generate a host key by either
executing `%%PREFIX%%/etc/rc.d/sshd2{,.sh} keygen` or by issuing
ssh-keygen2(1) directly.
===========================================================================

55
security/ssh2/pkg-plist
View File

@ -1,55 +0,0 @@
bin/scp
bin/scp2
bin/sftp
bin/sftp2
bin/sftp-server
bin/sftp-server2
bin/ssh
bin/ssh-add
bin/ssh-add2
bin/ssh-agent
bin/ssh-agent2
%%WITH_X11:%%bin/ssh-askpass
%%WITH_X11:%%bin/ssh-askpass2
bin/ssh-dummy-shell
bin/ssh-keygen
bin/ssh-keygen2
bin/ssh-probe
bin/ssh-probe2
bin/ssh-signer
bin/ssh-signer2
bin/ssh2
@unexec if cmp -s %D/etc/ssh2/sshd2_config %D/etc/ssh2/sshd2_config.example; then rm -f %D/etc/ssh2/sshd2_config; fi
etc/ssh2/sshd2_config.example
@exec [ -f %B/sshd2_config ] || cp %B/%f %B/sshd2_config
@unexec if cmp -s %D/etc/ssh2/ssh2_config %D/etc/ssh2/ssh2_config.example; then rm -f %D/etc/ssh2/ssh2_config; fi
etc/ssh2/ssh2_config.example
@exec [ -f %B/ssh2_config ] || cp %B/%f %B/ssh2_config
etc/ssh2/ssh_dummy_shell.out
etc/ssh2/subconfig/anonymous.example
etc/ssh2/subconfig/host_ext.example
etc/ssh2/subconfig/host_int.example
etc/ssh2/subconfig/user.example
@exec [ -d %D/etc/ssh2/hostkeys ] || mkdir %D/etc/ssh2/hostkeys
@exec [ -d %D/etc/ssh2/knownhosts ] || mkdir %D/etc/ssh2/knownhosts
sbin/sshd
sbin/sshd-check-conf
sbin/sshd2
%%PORTDOCS%%%%DOCSDIR%%/CHANGES
%%PORTDOCS%%%%DOCSDIR%%/FAQ
%%PORTDOCS%%%%DOCSDIR%%/HOWTO.anonymous.sftp
%%PORTDOCS%%%%DOCSDIR%%/LICENSE
%%PORTDOCS%%%%DOCSDIR%%/NEWS
%%PORTDOCS%%%%DOCSDIR%%/README
%%PORTDOCS%%%%DOCSDIR%%/REGEX-SYNTAX
%%PORTDOCS%%%%DOCSDIR%%/SSH2.QUICKSTART
%%PORTDOCS%%%%DOCSDIR%%/RFC.authorization_program_protocol
%%PORTDOCS%%%%DOCSDIR%%/RFC.kbdint_plugin_protocol
%%PORTDOCS%%@dirrm %%DOCSDIR%%
%%EXAMPLESDIR%%/ext_authorization_example.sh
%%EXAMPLESDIR%%/kbdint_plugin_example.sh
@dirrm %%EXAMPLESDIR%%
@dirrmtry etc/ssh2/hostkeys
@dirrmtry etc/ssh2/knownhosts
@dirrmtry etc/ssh2/subconfig
@unexec rmdir %D/etc/ssh2 2> /dev/null || echo "If permanently deleting this package, %D/etc/ssh2 and its contents must be removed manually."