mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-24 21:01:20 +00:00
Update to version 1.2.28.
This commit is contained in:
parent
994018cd8a
commit
468e326fba
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=62177
@ -9,17 +9,13 @@
|
||||
#
|
||||
|
||||
PORTNAME= ssh
|
||||
PORTVERSION= 1.2.27 # Note, 1.2.30 is under a more restrictive license
|
||||
PORTREVISION= 3
|
||||
PORTVERSION= 1.2.28 # Note, 1.2.30 is under a more restrictive license
|
||||
PORTREVISION= 0
|
||||
CATEGORIES= security ipv6
|
||||
MASTER_SITES= ftp://ftp.cs.umn.edu/dept/users/rybski/ \
|
||||
ftp://ftp.net.ohio-state.edu/disk/d/security/ssh/ \
|
||||
ftp://ftp.cronyx.ru/mirror/ssh/old/ \
|
||||
MASTER_SITES= ftp://ftp.tokyonet.ad.jp/pub/security/ssh/old/ \
|
||||
ftp://ftp.nsysu.edu.tw/Unix/Security/ssh/old/ \
|
||||
ftp://ftp.tokyonet.ad.jp/.da0/security/ssh/old/ \
|
||||
ftp://ftp.comp.hkbu.edu.hk/.6/unix/ \
|
||||
ftp://ftp.dei.uc.pt/.disk2/Crypto/SSH/old/
|
||||
|
||||
ftp://ftp.cronyx.ru/mirror/ssh/old/
|
||||
|
||||
MAINTAINER= ports@FreeBSD.org
|
||||
|
||||
USE_AUTOCONF= YES
|
||||
@ -66,13 +62,13 @@ CONFIGURE_ARGS+= --without-idea
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
.if ${OSVERSION} > 500023
|
||||
LIB_DEPENDS+= gmp.5:${PORTSDIR}/math/libgmp4
|
||||
LIB_DEPENDS+= gmp.3:${PORTSDIR}/math/libgmp-freebsd
|
||||
MAKE_ENV+= GMPINCDIR="${LOCALBASE}/include" \
|
||||
GMPLIBDIR="${LOCALBASE}/lib"
|
||||
.endif
|
||||
|
||||
.if (${OSVERSION} >= 400016 && !defined(REALLY_WANT_SSH))
|
||||
FORBIDDEN= "OpenSSH is a superior version of SSH which has been included in the FreeBSD base system since 4.0-RELEASE. This port is now deprecated and will be removed at some point in the future. To override this warning set the REALLY_WANT_SSH environment variable and rebuild."
|
||||
FORBIDDEN= "OpenSSH is a superior version of SSH which has been included in the FreeBSD base system since 4.0-RELEASE. This port is now deprecated. To override this warning set the REALLY_WANT_SSH environment variable and rebuild."
|
||||
.endif
|
||||
|
||||
MAN1= scp1.1 ssh-add1.1 ssh-agent1.1 ssh-keygen1.1 ssh1.1 \
|
||||
|
@ -1 +1 @@
|
||||
MD5 (ssh-1.2.27.tar.gz) = c22bc000bee0f7d6f4845eab72a81395
|
||||
MD5 (ssh-1.2.28.tar.gz) = ce811a4844742e2ecadab1a1b53a954a
|
||||
|
@ -1,70 +1,52 @@
|
||||
--- Makefile.in.orig Wed May 12 14:19:31 1999
|
||||
+++ Makefile.in Fri Apr 26 09:19:30 2002
|
||||
@@ -301,12 +301,17 @@
|
||||
--- Makefile.in.orig Mon Jul 3 10:07:39 2000
|
||||
+++ Makefile.in Fri Jun 21 17:50:07 2002
|
||||
@@ -307,13 +307,15 @@
|
||||
|
||||
SHELL = /bin/sh
|
||||
|
||||
GMPDIR = gmp-2.0.2-ssh-2
|
||||
-GMPLIBS = -L$(GMPDIR) -lgmp
|
||||
-GMPDIR = gmp-2.0.2-ssh-2
|
||||
-GMPLIBS = @ssh_gmp_ldadd_options@
|
||||
-GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a
|
||||
+# We have the same libgmp in the system, so use it instead
|
||||
+# We have the same libgmp in the base system, so use it instead
|
||||
+GMPINCDIR ?= /usr/include
|
||||
+GMPLIBDIR ?= /usr/lib
|
||||
+GMPLIBS = -L$(GMPLIBDIR) -lgmp
|
||||
+GMPDEP = $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a
|
||||
|
||||
ZLIBDIR = zlib-1.0.4
|
||||
-ZLIBDEP = $(ZLIBDIR)/libz.a
|
||||
-ZLIBLIBS = -L$(ZLIBDIR) -lz
|
||||
+ZLIBINCDIR = /usr/include
|
||||
+ZLIBLIBDIR = /usr/lib
|
||||
+ZLIBDEP = $(ZLIBINCDIR)/libz.a
|
||||
-ZLIBDIR = zlib-1.0.4
|
||||
+ZLIBDIR = /usr/lib
|
||||
ZLIBDEP = $(ZLIBDIR)/libz.a
|
||||
-ZLIBLIBS = @ssh_zlib_ldadd_options@
|
||||
+ZLIBLIBS = -lz
|
||||
|
||||
RSAREFDIR = rsaref2
|
||||
RSAREFSRCDIR = $(RSAREFDIR)/source
|
||||
@@ -411,7 +416,7 @@
|
||||
@@ -418,7 +420,7 @@
|
||||
$(CC) -o rfc-pg rfc-pg.o
|
||||
|
||||
.c.o:
|
||||
- $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $<
|
||||
+ $(CC) -c -I. $(KERBEROS_INCS) -I$(GMPINCDIR) -I$(srcdir)/$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $<
|
||||
+ $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $<
|
||||
|
||||
sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
|
||||
-rm -f sshd
|
||||
@@ -454,19 +459,19 @@
|
||||
@@ -461,12 +463,12 @@
|
||||
sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
|
||||
chmod +x make-ssh-known-hosts
|
||||
|
||||
-GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \
|
||||
- mpz_mul.c mpz_cmp.c mpz_sqrtrem.c
|
||||
+XXX_DONT_GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \
|
||||
mpz_mul.c mpz_cmp.c mpz_sqrtrem.c
|
||||
-$(GMPDIR)/libgmp.a:
|
||||
- cd $(GMPDIR); $(MAKE)
|
||||
-
|
||||
-$(ZLIBDEP):
|
||||
- -if test '!' -d $(ZLIBDIR); then \
|
||||
- mkdir $(ZLIBDIR); \
|
||||
- cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
|
||||
- fi
|
||||
- cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \
|
||||
- CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \
|
||||
- -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a
|
||||
+#GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \
|
||||
+# mpz_mul.c mpz_cmp.c mpz_sqrtrem.c
|
||||
+#$(GMPDIR)/libgmp.a:
|
||||
+# cd $(GMPDIR); $(MAKE)
|
||||
+#
|
||||
+#$(ZLIBDEP):
|
||||
+# -if test '!' -d $(ZLIBDIR); then \
|
||||
+# mkdir $(ZLIBDIR); \
|
||||
+# cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
|
||||
+# fi
|
||||
+# cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \
|
||||
+# CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \
|
||||
+# -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a
|
||||
+XXX_DONT_$(GMPDIR)/libgmp.a:
|
||||
cd $(GMPDIR); $(MAKE)
|
||||
|
||||
$(RSAREFSRCDIR)/librsaref.a:
|
||||
-if test '!' -d $(RSAREFDIR); then \
|
||||
@@ -523,7 +528,7 @@
|
||||
-$(ZLIBDEP):
|
||||
+XXX_DONT_$(ZLIBDEP):
|
||||
-if test '!' -d $(ZLIBDIR); then \
|
||||
mkdir $(ZLIBDIR); \
|
||||
cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
|
||||
@@ -530,7 +532,7 @@
|
||||
# (otherwise it can only log in as the user it runs as, and must be
|
||||
# bound to a non-privileged port). Also, password authentication may
|
||||
# not be available if non-root and using shadow passwords.
|
||||
@ -73,49 +55,12 @@
|
||||
-rm -f $(install_prefix)$(bindir)/ssh1.old
|
||||
-chmod 755 $(install_prefix)$(bindir)/ssh1
|
||||
-chmod 755 $(install_prefix)$(bindir)/ssh
|
||||
@@ -679,15 +684,15 @@
|
||||
|
||||
clean:
|
||||
-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
|
||||
- cd $(GMPDIR); $(MAKE) clean
|
||||
+# cd $(GMPDIR); $(MAKE) clean
|
||||
# cd $(RSAREFSRCDIR); rm -f *.o *.a
|
||||
- cd $(ZLIBDIR); $(MAKE) clean
|
||||
+# cd $(ZLIBDIR); $(MAKE) clean
|
||||
|
||||
distclean: clean
|
||||
-rm -f Makefile config.status config.cache config.log config.h
|
||||
-rm -f ssh.1 sshd.8 make-ssh-known-hosts.1
|
||||
- cd $(GMPDIR); $(MAKE) distclean
|
||||
- cd $(ZLIBDIR); $(MAKE) distclean
|
||||
+# cd $(GMPDIR); $(MAKE) distclean
|
||||
+# cd $(ZLIBDIR); $(MAKE) distclean
|
||||
|
||||
dist: dist-free
|
||||
|
||||
@@ -716,12 +721,12 @@
|
||||
-mkdir $(DISTNAME)
|
||||
cp $(DISTFILES) $(DISTNAME)
|
||||
for i in $(DISTSRCS); do cp $(srcdir)/$$i $(DISTNAME); done
|
||||
- (cd $(GMPDIR); make dist)
|
||||
- gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - )
|
||||
+# (cd $(GMPDIR); make dist)
|
||||
+# gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - )
|
||||
# tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -)
|
||||
# cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a
|
||||
- (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -)
|
||||
- cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS
|
||||
+# (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -)
|
||||
+# cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS
|
||||
|
||||
#ifdef F_SECURE_COMMERCIAL
|
||||
#
|
||||
@@ -749,7 +754,7 @@
|
||||
@@ -756,7 +758,7 @@
|
||||
(echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
|
||||
|
||||
depend:
|
||||
- $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS)
|
||||
+ $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS)
|
||||
+ $(MAKEDEP) -I$(srcdir) -I. -I$(GMPINCDIR) $(DEFS) $(SRCS)
|
||||
|
||||
tags:
|
||||
-rm -f TAGS
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,25 +0,0 @@
|
||||
--- rsaglue.c.orig Tue Nov 9 11:12:32 1999
|
||||
+++ rsaglue.c Tue Nov 9 11:17:58 1999
|
||||
@@ -139,6 +139,10 @@
|
||||
|
||||
input_bits = mpz_sizeinbase(input, 2);
|
||||
input_len = (input_bits + 7) / 8;
|
||||
+ if(input_bits > MAX_RSA_MODULUS_BITS)
|
||||
+ fatal("Attempted to encrypt a block too large (%d bits, %d max) (malicious?).",
|
||||
+ input_bits, MAX_RSA_MODULUS_BITS);
|
||||
+
|
||||
gmp_to_rsaref(input_data, input_len, input);
|
||||
|
||||
rsaref_public_key(&public_key, key);
|
||||
@@ -172,6 +176,10 @@
|
||||
|
||||
input_bits = mpz_sizeinbase(input, 2);
|
||||
input_len = (input_bits + 7) / 8;
|
||||
+ if(input_bits > MAX_RSA_MODULUS_BITS)
|
||||
+ fatal("Received session key too long (%d bits, %d max) (malicious?).",
|
||||
+ input_bits, MAX_RSA_MODULUS_BITS);
|
||||
+
|
||||
gmp_to_rsaref(input_data, input_len, input);
|
||||
|
||||
rsaref_private_key(&private_key, key);
|
||||
|
@ -1,14 +1,12 @@
|
||||
*** readconf.h.orig Wed May 12 13:19:27 1999
|
||||
--- readconf.h Mon Jan 10 22:56:13 2000
|
||||
***************
|
||||
*** 98,103 ****
|
||||
--- 98,106 ----
|
||||
int use_privileged_port; /* Use privileged port */
|
||||
|
||||
int port; /* Port to connect. */
|
||||
+ #ifdef ENABLE_ANOTHER_PORT_TRY
|
||||
+ int another_port; /* Port to connect for -A option. */
|
||||
+ #endif /* ENABLE_ANOTHER_PORT_TRY */
|
||||
int connection_attempts; /* Max attempts (seconds) before giving up */
|
||||
int number_of_password_prompts; /* Max number of password prompts */
|
||||
int password_prompt_login; /* Show remote login at password prompt */
|
||||
--- readconf.h.orig Thu Jan 17 05:35:34 2002
|
||||
+++ readconf.h Fri Jun 21 16:36:20 2002
|
||||
@@ -102,6 +102,9 @@
|
||||
int use_privileged_port; /* Use privileged port */
|
||||
|
||||
int port; /* Port to connect. */
|
||||
+#ifdef ENABLE_ANOTHER_PORT_TRY
|
||||
+ int another_port; /* Port to connect for -A option. */
|
||||
+#endif /* ENABLE_ANOTHER_PORT_TRY */
|
||||
int connection_attempts; /* Max attempts (seconds) before giving up */
|
||||
int number_of_password_prompts; /* Max number of password prompts */
|
||||
int password_prompt_login; /* Show remote login at password prompt */
|
||||
|
@ -1,197 +1,158 @@
|
||||
*** servconf.c.orig Wed May 12 13:19:28 1999
|
||||
--- servconf.c Mon Jan 10 22:56:13 2000
|
||||
***************
|
||||
*** 81,88 ****
|
||||
void initialize_server_options(ServerOptions *options)
|
||||
{
|
||||
memset(options, 0, sizeof(*options));
|
||||
! options->port = -1;
|
||||
! options->listen_addr.s_addr = INADDR_ANY;
|
||||
options->host_key_file = NULL;
|
||||
options->random_seed_file = NULL;
|
||||
options->pid_file = NULL;
|
||||
--- 81,88 ----
|
||||
void initialize_server_options(ServerOptions *options)
|
||||
{
|
||||
memset(options, 0, sizeof(*options));
|
||||
! options->num_ports = 0;
|
||||
! options->listen_addrs = NULL;
|
||||
options->host_key_file = NULL;
|
||||
options->random_seed_file = NULL;
|
||||
options->pid_file = NULL;
|
||||
***************
|
||||
*** 92,97 ****
|
||||
--- 92,100 ----
|
||||
options->permit_root_login = -1;
|
||||
options->ignore_rhosts = -1;
|
||||
options->ignore_root_rhosts = -1;
|
||||
+ #ifdef ENABLE_LOG_AUTH
|
||||
+ options->log_auth = -1;
|
||||
+ #endif /* ENABLE_LOG_AUTH */
|
||||
options->quiet_mode = -1;
|
||||
options->fascist_logging = -1;
|
||||
options->print_motd = -1;
|
||||
***************
|
||||
*** 138,153 ****
|
||||
|
||||
void fill_default_server_options(ServerOptions *options)
|
||||
{
|
||||
! if (options->port == -1)
|
||||
{
|
||||
! struct servent *sp;
|
||||
!
|
||||
! sp = getservbyname(SSH_SERVICE_NAME, "tcp");
|
||||
! if (sp)
|
||||
! options->port = ntohs(sp->s_port);
|
||||
! else
|
||||
! options->port = SSH_DEFAULT_PORT;
|
||||
! endservent();
|
||||
}
|
||||
if (options->host_key_file == NULL)
|
||||
options->host_key_file = HOST_KEY_FILE;
|
||||
--- 141,171 ----
|
||||
|
||||
void fill_default_server_options(ServerOptions *options)
|
||||
{
|
||||
! struct addrinfo hints, *ai, *aitop;
|
||||
! char strport[PORTSTRLEN];
|
||||
! int i;
|
||||
!
|
||||
! if (options->num_ports == 0)
|
||||
! options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
|
||||
! if (options->listen_addrs == NULL)
|
||||
{
|
||||
! for (i = 0; i < options->num_ports; i++)
|
||||
! {
|
||||
! memset(&hints, 0, sizeof(hints));
|
||||
! hints.ai_flags = AI_PASSIVE;
|
||||
! hints.ai_family = IPv4or6;
|
||||
! hints.ai_socktype = SOCK_STREAM;
|
||||
! sprintf(strport, "%d", options->ports[i]);
|
||||
! if (getaddrinfo(NULL, strport, &hints, &aitop) != 0)
|
||||
! {
|
||||
! fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n");
|
||||
! exit(1);
|
||||
! }
|
||||
! for (ai = aitop; ai->ai_next; ai = ai->ai_next);
|
||||
! ai->ai_next = options->listen_addrs;
|
||||
! options->listen_addrs = aitop;
|
||||
! }
|
||||
! /* freeaddrinfo(options->listen_addrs) in sshd.c */
|
||||
}
|
||||
if (options->host_key_file == NULL)
|
||||
options->host_key_file = HOST_KEY_FILE;
|
||||
***************
|
||||
*** 243,248 ****
|
||||
--- 261,269 ----
|
||||
{
|
||||
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
|
||||
sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
|
||||
+ #ifdef ENABLE_LOG_AUTH
|
||||
+ sLogAuth,
|
||||
+ #endif /* ENABLE_LOG_AUTH */
|
||||
sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
|
||||
sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts,
|
||||
sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
|
||||
***************
|
||||
*** 275,280 ****
|
||||
--- 296,304 ----
|
||||
{ "quietmode", sQuietMode },
|
||||
{ "fascistlogging", sFascistLogging },
|
||||
{ "syslogfacility", sLogFacility },
|
||||
+ #ifdef ENABLE_LOG_AUTH
|
||||
+ { "logauth", sLogAuth },
|
||||
+ #endif /* ENABLE_LOG_AUTH */
|
||||
{ "rhostsauthentication", sRhostsAuthentication },
|
||||
{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
|
||||
{ "rsaauthentication", sRSAAuthentication },
|
||||
***************
|
||||
*** 367,372 ****
|
||||
--- 391,399 ----
|
||||
char *cp, **charptr;
|
||||
int linenum, *intptr, i, value;
|
||||
ServerOpCodes opcode;
|
||||
+ struct addrinfo hints, *ai, *aitop;
|
||||
+ char strport[PORTSTRLEN];
|
||||
+ int gaierr;
|
||||
|
||||
f = fopen(filename, "r");
|
||||
if (!f)
|
||||
***************
|
||||
*** 389,395 ****
|
||||
switch (opcode)
|
||||
{
|
||||
case sPort:
|
||||
! intptr = &options->port;
|
||||
parse_int:
|
||||
cp = strtok(NULL, WHITESPACE);
|
||||
if (!cp)
|
||||
--- 416,429 ----
|
||||
switch (opcode)
|
||||
{
|
||||
case sPort:
|
||||
! if (options->num_ports >= MAX_PORTS)
|
||||
! {
|
||||
! fprintf(stderr, "%s line %d: too many ports.\n",
|
||||
! filename, linenum);
|
||||
! exit(1);
|
||||
! }
|
||||
! options->ports[options->num_ports] = -1;
|
||||
! intptr = &options->ports[options->num_ports++];
|
||||
parse_int:
|
||||
cp = strtok(NULL, WHITESPACE);
|
||||
if (!cp)
|
||||
***************
|
||||
*** 452,462 ****
|
||||
filename, linenum);
|
||||
exit(1);
|
||||
}
|
||||
! #ifdef BROKEN_INET_ADDR
|
||||
! options->listen_addr.s_addr = inet_network(cp);
|
||||
! #else /* BROKEN_INET_ADDR */
|
||||
! options->listen_addr.s_addr = inet_addr(cp);
|
||||
! #endif /* BROKEN_INET_ADDR */
|
||||
break;
|
||||
|
||||
case sHostKeyFile:
|
||||
--- 486,510 ----
|
||||
filename, linenum);
|
||||
exit(1);
|
||||
}
|
||||
! if (options->num_ports == 0)
|
||||
! options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
|
||||
! for (i = 0; i < options->num_ports; i++)
|
||||
! {
|
||||
! memset(&hints, 0, sizeof(hints));
|
||||
! hints.ai_family = IPv4or6;
|
||||
! hints.ai_socktype = SOCK_STREAM;
|
||||
! sprintf(strport, "%d", options->ports[i]);
|
||||
! if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0)
|
||||
! {
|
||||
! fprintf(stderr, "%s line %d: bad addr or host. (%s)\n",
|
||||
! filename, linenum, gai_strerror(gaierr));
|
||||
! exit(1);
|
||||
! }
|
||||
! for (ai = aitop; ai->ai_next; ai = ai->ai_next);
|
||||
! ai->ai_next = options->listen_addrs;
|
||||
! options->listen_addrs = aitop;
|
||||
! }
|
||||
! strtok(cp, WHITESPACE); /* getaddrinfo() may use strtok() */
|
||||
break;
|
||||
|
||||
case sHostKeyFile:
|
||||
***************
|
||||
*** 531,536 ****
|
||||
--- 579,590 ----
|
||||
if (*intptr == -1)
|
||||
*intptr = value;
|
||||
break;
|
||||
+
|
||||
+ #ifdef ENABLE_LOG_AUTH
|
||||
+ case sLogAuth:
|
||||
+ intptr = &options->log_auth;
|
||||
+ goto parse_flag;
|
||||
+ #endif /* ENABLE_LOG_AUTH */
|
||||
|
||||
case sIgnoreRhosts:
|
||||
intptr = &options->ignore_rhosts;
|
||||
--- servconf.c.orig Thu Jan 17 05:35:34 2002
|
||||
+++ servconf.c Fri Jun 21 16:22:56 2002
|
||||
@@ -88,8 +88,8 @@
|
||||
void initialize_server_options(ServerOptions *options)
|
||||
{
|
||||
memset(options, 0, sizeof(*options));
|
||||
- options->port = -1;
|
||||
- options->listen_addr.s_addr = INADDR_ANY;
|
||||
+ options->num_ports = 0;
|
||||
+ options->listen_addrs = NULL;
|
||||
options->host_key_file = NULL;
|
||||
options->random_seed_file = NULL;
|
||||
options->pid_file = NULL;
|
||||
@@ -99,6 +99,9 @@
|
||||
options->permit_root_login = -1;
|
||||
options->ignore_rhosts = -1;
|
||||
options->ignore_root_rhosts = -1;
|
||||
+#ifdef ENABLE_LOG_AUTH
|
||||
+ options->log_auth = -1;
|
||||
+#endif /* ENABLE_LOG_AUTH */
|
||||
options->quiet_mode = -1;
|
||||
options->fascist_logging = -1;
|
||||
options->print_motd = -1;
|
||||
@@ -145,17 +148,33 @@
|
||||
|
||||
void fill_default_server_options(ServerOptions *options)
|
||||
{
|
||||
- if (options->port == -1)
|
||||
+ struct addrinfo hints, *ai, *aitop;
|
||||
+ char strport[PORTSTRLEN];
|
||||
+ int i;
|
||||
+
|
||||
+ if (options->num_ports == 0)
|
||||
+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
|
||||
+ if (options->listen_addrs == NULL)
|
||||
{
|
||||
- struct servent *sp;
|
||||
+ for (i = 0; i < options->num_ports; i++)
|
||||
+ {
|
||||
+ memset(&hints, 0, sizeof(hints));
|
||||
+ hints.ai_flags = AI_PASSIVE;
|
||||
+ hints.ai_family = IPv4or6;
|
||||
+ hints.ai_socktype = SOCK_STREAM;
|
||||
+ sprintf(strport, "%d", options->ports[i]);
|
||||
+ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0)
|
||||
+ {
|
||||
+ fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ for (ai = aitop; ai->ai_next; ai = ai->ai_next);
|
||||
+ ai->ai_next = options->listen_addrs;
|
||||
+ options->listen_addrs = aitop;
|
||||
+ }
|
||||
+ /* freeaddrinfo(options->listen_addrs) in sshd.c */
|
||||
+ }
|
||||
|
||||
- sp = getservbyname(SSH_SERVICE_NAME, "tcp");
|
||||
- if (sp)
|
||||
- options->port = ntohs(sp->s_port);
|
||||
- else
|
||||
- options->port = SSH_DEFAULT_PORT;
|
||||
- endservent();
|
||||
- }
|
||||
if (options->host_key_file == NULL)
|
||||
options->host_key_file = HOST_KEY_FILE;
|
||||
if (options->random_seed_file == NULL)
|
||||
@@ -250,6 +269,9 @@
|
||||
{
|
||||
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
|
||||
sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
|
||||
+#ifdef ENABLE_LOG_AUTH
|
||||
+ sLogAuth,
|
||||
+#endif /* ENABLE_LOG_AUTH */
|
||||
sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
|
||||
sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts,
|
||||
sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
|
||||
@@ -282,6 +304,9 @@
|
||||
{ "quietmode", sQuietMode },
|
||||
{ "fascistlogging", sFascistLogging },
|
||||
{ "syslogfacility", sLogFacility },
|
||||
+#ifdef ENABLE_LOG_AUTH
|
||||
+ { "logauth", sLogAuth },
|
||||
+#endif /* ENABLE_LOG_AUTH */
|
||||
{ "rhostsauthentication", sRhostsAuthentication },
|
||||
{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
|
||||
{ "rsaauthentication", sRSAAuthentication },
|
||||
@@ -375,6 +400,9 @@
|
||||
char *cp, **charptr;
|
||||
int linenum, *intptr, i, value;
|
||||
ServerOpCodes opcode;
|
||||
+ struct addrinfo hints, *ai, *aitop;
|
||||
+ char strport[PORTSTRLEN];
|
||||
+ int gaierr;
|
||||
|
||||
f = fopen(filename, "r");
|
||||
if (!f)
|
||||
@@ -397,7 +425,14 @@
|
||||
switch (opcode)
|
||||
{
|
||||
case sPort:
|
||||
- intptr = &options->port;
|
||||
+ if (options->num_ports >= MAX_PORTS)
|
||||
+ {
|
||||
+ fprintf(stderr, "%s line %d: too many ports.\n",
|
||||
+ filename, linenum);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ options->ports[options->num_ports] = -1;
|
||||
+ intptr = &options->ports[options->num_ports++];
|
||||
parse_int:
|
||||
cp = strtok(NULL, WHITESPACE);
|
||||
if (!cp)
|
||||
@@ -460,12 +495,26 @@
|
||||
filename, linenum);
|
||||
exit(1);
|
||||
}
|
||||
-#ifdef BROKEN_INET_ADDR
|
||||
- options->listen_addr.s_addr = inet_network(cp);
|
||||
-#else /* BROKEN_INET_ADDR */
|
||||
- options->listen_addr.s_addr = inet_addr(cp);
|
||||
-#endif /* BROKEN_INET_ADDR */
|
||||
- break;
|
||||
+ if (options->num_ports == 0)
|
||||
+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
|
||||
+ for (i = 0; i < options->num_ports; i++)
|
||||
+ {
|
||||
+ memset(&hints, 0, sizeof(hints));
|
||||
+ hints.ai_family = IPv4or6;
|
||||
+ hints.ai_socktype = SOCK_STREAM;
|
||||
+ sprintf(strport, "%d", options->ports[i]);
|
||||
+ if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0)
|
||||
+ {
|
||||
+ fprintf(stderr, "%s line %d: bad addr or host. (%s)\n",
|
||||
+ filename, linenum, gai_strerror(gaierr));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ for (ai = aitop; ai->ai_next; ai = ai->ai_next);
|
||||
+ ai->ai_next = options->listen_addrs;
|
||||
+ options->listen_addrs = aitop;
|
||||
+ }
|
||||
+ strtok(cp, WHITESPACE); /* getaddrinfo() may use strtok() */
|
||||
+ break;
|
||||
|
||||
case sHostKeyFile:
|
||||
charptr = &options->host_key_file;
|
||||
@@ -539,6 +588,12 @@
|
||||
if (*intptr == -1)
|
||||
*intptr = value;
|
||||
break;
|
||||
+
|
||||
+#ifdef ENABLE_LOG_AUTH
|
||||
+ case sLogAuth:
|
||||
+ intptr = &options->log_auth;
|
||||
+ goto parse_flag;
|
||||
+#endif /* ENABLE_LOG_AUTH */
|
||||
|
||||
case sIgnoreRhosts:
|
||||
intptr = &options->ignore_rhosts;
|
||||
|
@ -1,45 +1,32 @@
|
||||
*** servconf.h.orig Wed May 12 13:19:28 1999
|
||||
--- servconf.h Mon Jan 10 22:56:13 2000
|
||||
***************
|
||||
*** 64,69 ****
|
||||
--- 64,71 ----
|
||||
#ifndef SERVCONF_H
|
||||
#define SERVCONF_H
|
||||
|
||||
+ #define MAX_PORTS 256 /* Max # hosts on allow list. */
|
||||
+
|
||||
#define MAX_ALLOW_SHOSTS 256 /* Max # hosts on allow shosts list. */
|
||||
#define MAX_DENY_SHOSTS 256 /* Max # hosts on deny shosts list. */
|
||||
#define MAX_ALLOW_HOSTS 256 /* Max # hosts on allow list. */
|
||||
***************
|
||||
*** 82,89 ****
|
||||
|
||||
typedef struct
|
||||
{
|
||||
! int port; /* Port number to listen on. */
|
||||
! struct in_addr listen_addr; /* Address on which the server listens. */
|
||||
char *host_key_file; /* File containing host key. */
|
||||
char *random_seed_file; /* File containing random seed. */
|
||||
char *pid_file; /* File containing process ID number. */
|
||||
--- 84,92 ----
|
||||
|
||||
typedef struct
|
||||
{
|
||||
! unsigned int num_ports;
|
||||
! int ports[MAX_PORTS]; /* Port number to listen on. */
|
||||
! struct addrinfo *listen_addrs;/* Addresses on which the server listens. */
|
||||
char *host_key_file; /* File containing host key. */
|
||||
char *random_seed_file; /* File containing random seed. */
|
||||
char *pid_file; /* File containing process ID number. */
|
||||
***************
|
||||
*** 91,96 ****
|
||||
--- 94,102 ----
|
||||
int login_grace_time; /* Disconnect if no auth in this time (sec). */
|
||||
int key_regeneration_time; /* Server key lifetime (seconds). */
|
||||
int permit_root_login; /* 0 = forced cmd only, 1 = no pwd, 2 = yes. */
|
||||
+ #ifdef ENABLE_LOG_AUTH
|
||||
+ int log_auth; /* If true, log authentication info. */
|
||||
+ #endif /* ENABLE_LOG_AUTH */
|
||||
int ignore_rhosts; /* Ignore .rhosts and .shosts. */
|
||||
int ignore_root_rhosts; /* Ignore .rhosts and .shosts for root,
|
||||
defaults to ignore_rhosts if not given. */
|
||||
--- servconf.h.orig Thu Jan 17 05:35:34 2002
|
||||
+++ servconf.h Fri Jun 21 16:24:35 2002
|
||||
@@ -68,6 +68,7 @@
|
||||
#ifndef SERVCONF_H
|
||||
#define SERVCONF_H
|
||||
|
||||
+#define MAX_PORTS 256 /* Max # hosts on allow list. */
|
||||
#define MAX_ALLOW_SHOSTS 256 /* Max # hosts on allow shosts list. */
|
||||
#define MAX_DENY_SHOSTS 256 /* Max # hosts on deny shosts list. */
|
||||
#define MAX_ALLOW_HOSTS 256 /* Max # hosts on allow list. */
|
||||
@@ -86,8 +87,9 @@
|
||||
|
||||
typedef struct
|
||||
{
|
||||
- int port; /* Port number to listen on. */
|
||||
- struct in_addr listen_addr; /* Address on which the server listens. */
|
||||
+ unsigned int num_ports;
|
||||
+ int ports[MAX_PORTS]; /* Port number to listen on. */
|
||||
+ struct addrinfo *listen_addrs;/* Addresses on which the server listens. */
|
||||
char *host_key_file; /* File containing host key. */
|
||||
char *random_seed_file; /* File containing random seed. */
|
||||
char *pid_file; /* File containing process ID number. */
|
||||
@@ -95,6 +97,9 @@
|
||||
int login_grace_time; /* Disconnect if no auth in this time (sec). */
|
||||
int key_regeneration_time; /* Server key lifetime (seconds). */
|
||||
int permit_root_login; /* 0 = forced cmd only, 1 = no pwd, 2 = yes. */
|
||||
+#ifdef ENABLE_LOG_AUTH
|
||||
+ int log_auth; /* If true, log authentication info. */
|
||||
+#endif /* ENABLE_LOG_AUTH */
|
||||
int ignore_rhosts; /* Ignore .rhosts and .shosts. */
|
||||
int ignore_root_rhosts; /* Ignore .rhosts and .shosts for root,
|
||||
defaults to ignore_rhosts if not given. */
|
||||
|
@ -1,167 +0,0 @@
|
||||
Note that this patch has been incorporated into the port due to problems
|
||||
with patching a autoconf generated configure script. The script itself contains
|
||||
linenumbers and in case of two patches against that script the second one fails
|
||||
because it expects something that the first patch has already changed. The
|
||||
only clean way is to re-generate it with autoconf. *sigh*
|
||||
This patch was fetched from
|
||||
http://www.ssh.org/patches/patch-ssh-1.2.27-bsd.tty.chown
|
||||
- torstenb@FreeBSD.org, Tue Jan 11 21:36:46 CET 2000
|
||||
|
||||
|
||||
Patch for problem with tty ownership with chflags and chown in BSD 4.4
|
||||
variants. Fixes a security bug in tty allocation.
|
||||
|
||||
This patch works for ssh-1.2.27.
|
||||
|
||||
Apply with the following commands:
|
||||
|
||||
% cd /wherever/you/hold/your/sources/ssh-1.2.27
|
||||
% patch -p1 -l < /path/to/where/you/saved/patch-ssh-1.2.27-bsd.tty.chown
|
||||
% ./configure --whatever-config-flags-you-use
|
||||
% make clean
|
||||
% make
|
||||
% su
|
||||
Password: ***********
|
||||
# make install
|
||||
# kill -HUP `cat /var/run/sshd.pid`
|
||||
|
||||
You should be all set.
|
||||
|
||||
Sami Lehtinen <sjl@ssh.fi>
|
||||
|
||||
--begin patch--
|
||||
diff -u --recursive -X /u/sjl/bin/diff-src-db auth-passwd.c.orig auth-passwd.c
|
||||
--- auth-passwd.c.orig Wed May 12 14:19:23 1999
|
||||
+++ auth-passwd.c Wed Aug 11 19:49:32 1999
|
||||
@@ -613,7 +613,13 @@
|
||||
/* get_name pulls out just the name not the
|
||||
type */
|
||||
strcpy(ccname + 5, krb5_cc_get_name(ssh_context, ccache));
|
||||
- (void) chown(ccname + 5, pw->pw_uid, pw->pw_gid);
|
||||
+ if (chown(ccname + 5, pw->pw_uid, pw->pw_gid) < 0)
|
||||
+ {
|
||||
+ log_msg("Kerberos: chown failed for %s, error: %s",
|
||||
+ ccname + 5, strerror(errno));
|
||||
+ packet_send_debug("Kerberos: chown failed for %s", ccname + 5);
|
||||
+ goto errout;
|
||||
+ }
|
||||
|
||||
/* If tgt was passed unlink file */
|
||||
if (ticket)
|
||||
diff -u --recursive -X /u/sjl/bin/diff-src-db config.h.in.orig config.h.in
|
||||
--- config.h.in.orig Wed May 12 14:20:04 1999
|
||||
+++ config.h.in Wed Aug 11 20:20:51 1999
|
||||
@@ -360,6 +360,9 @@
|
||||
/* Define if you have the authenticate function. */
|
||||
#undef HAVE_AUTHENTICATE
|
||||
|
||||
+/* Define if you have the chflags function. */
|
||||
+#undef HAVE_CHFLAGS
|
||||
+
|
||||
/* Define if you have the clock function. */
|
||||
#undef HAVE_CLOCK
|
||||
|
||||
diff -u --recursive -X /u/sjl/bin/diff-src-db configure.in.orig configure.in
|
||||
--- configure.in.orig Wed May 12 14:20:02 1999
|
||||
+++ configure.in Wed Aug 11 20:05:13 1999
|
||||
@@ -433,6 +433,7 @@
|
||||
AC_CHECK_FUNCS(strchr memcpy setlogin openpty _getpty clock fchmod ulimit)
|
||||
AC_CHECK_FUNCS(gethostname getdtablesize umask innetgr initgroups setpgrp)
|
||||
AC_CHECK_FUNCS(setpgid daemon waitpid ttyslot authenticate getpt isastream)
|
||||
+AC_CHECK_FUNCS(chflags)
|
||||
|
||||
AC_REPLACE_FUNCS(strerror memmove remove random putenv crypt socketpair snprintf)
|
||||
|
||||
diff -u --recursive -X /u/sjl/bin/diff-src-db sshd.c.orig sshd.c
|
||||
--- sshd.c.orig Wed May 12 14:19:29 1999
|
||||
+++ sshd.c Wed Aug 11 20:26:31 1999
|
||||
@@ -2897,9 +2897,87 @@
|
||||
tty_mode = S_IRUSR|S_IWUSR|S_IWGRP|S_IWOTH;
|
||||
}
|
||||
|
||||
+ retry_chown:
|
||||
+
|
||||
/* Change ownership of the tty. */
|
||||
- (void)chown(ttyname, pw->pw_uid, tty_gid);
|
||||
- (void)chmod(ttyname, tty_mode);
|
||||
+ if (chown(ttyname, pw->pw_uid, tty_gid) < 0)
|
||||
+ {
|
||||
+ /* chown failed. Atleast two possibilities. Either we are not
|
||||
+ running as root, in which case this is OK, or we are running
|
||||
+ on BSD, and somebody has put some flags to the tty. */
|
||||
+
|
||||
+ /* Check whether we are root or not.*/
|
||||
+ if (getuid() != UID_ROOT)
|
||||
+ {
|
||||
+ /* We are not, and then this is OK. */
|
||||
+ debug("chown failed (but we're not root anyway) for "
|
||||
+ "%s, error %s", ttyname, strerror(errno));
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+#ifdef HAVE_CHFLAGS
|
||||
+ static int retrying = 0;
|
||||
+ struct stat st;
|
||||
+
|
||||
+ if (!retrying)
|
||||
+ {
|
||||
+ debug("chown failed for %s, error: %s. Removing "
|
||||
+ "user-settable flags, and retrying.",
|
||||
+ ttyname, strerror(errno));
|
||||
+
|
||||
+ if (stat(ttyname, &st) < 0)
|
||||
+ {
|
||||
+ error("stat failed for %s, error: %s",
|
||||
+ ttyname, strerror(errno));
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ debug("Removing user-settable flags with "
|
||||
+ "chflags.");
|
||||
+ /* Remove user definable flags. */
|
||||
+ if (chflags(ttyname, st.st_flags &
|
||||
+ ~(UF_NODUMP | UF_IMMUTABLE |
|
||||
+ UF_APPEND | UF_OPAQUE)) < 0)
|
||||
+ {
|
||||
+ debug("chflags failed for %s, error: %s",
|
||||
+ ttyname, strerror(errno));
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ debug("Retrying...");
|
||||
+ retrying = 1;
|
||||
+ goto retry_chown;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ debug("chown failed even with retry. error: %s",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+
|
||||
+#endif /* HAVE_CHFLAGS */
|
||||
+ error("ssh_pty_allocate_and_fork: chown failed for %s.",
|
||||
+ ttyname);
|
||||
+ goto fail;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (chmod(ttyname, tty_mode) < 0)
|
||||
+ {
|
||||
+ if (getuid() != UID_ROOT)
|
||||
+ {
|
||||
+ /* We are not, and then this is (probably) OK. */
|
||||
+ debug("chmod failed (but we're not root anyway) for "
|
||||
+ "%s, error %s", ttyname, strerror(errno));
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ error("ssh_pty_allocate_and_fork: chmod %s: %s",
|
||||
+ ttyname, strerror(errno));
|
||||
+ goto fail;
|
||||
+ }
|
||||
+ }
|
||||
|
||||
/* Get TERM from the packet. Note that the value may be of arbitrary
|
||||
length. */
|
Loading…
Reference in New Issue
Block a user