- Update to 4.2p1

PR: ports/85578 Submitted by: Marcus Grando <marcus@corp.grupos.com.br>
svn path=/head/; revision=141730
2024-11-27 00:57:50 +00:00 · 2005-09-01 19:24:36 +00:00 · 2005-09-01 19:24:36 +00:00 · 509cdc26e4 · 2021-03-31 03:12:20 +00:00
commit 509cdc26e4
parent 9a53da9f9a
5 changed files with 70 additions and 146 deletions
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@ -6,7 +6,7 @@
 #

 PORTNAME=	openssh
-PORTVERSION=	4.1.0.1
+PORTVERSION=	4.2.0.0
 .if defined(OPENSSH_SNAPSHOT)
 PORTREVISION!=	date -v-1d +%Y%m%d
 .endif
@ -21,7 +21,8 @@ DISTNAME=	${DISTNAME2}
 MAINTAINER=	ports@FreeBSD.org
 COMMENT=	The portable version of OpenBSD's OpenSSH

-OPENSSHVERSION=	4.1p1
+OPENSSHVERSION=	4.2p1
+
 .if defined(OPENSSH_SNAPSHOT)
 MASTER_SITE_SUBDIR2=	snapshot/
 DISTNAME2=	${PORTNAME}-SNAP-${PORTREVISION}
@ -52,6 +53,13 @@ PRECIOUS=	ssh_config sshd_config \
 ETCOLD=		${PREFIX}/etc
 PORTABLE_SUFFIX=	-portable

+SUDO?=
+MAKE_ENV+=	SUDO="${SUDO}"
+
+OPTIONS=	SUID_SSH	"Enable suid SSH (Recommended off)"	off \
+		GSSAPI		"Enable GSSAPI support"			off \
+		OPENSSH_CHROOT	"Enable CHROOT support"			off
+
 .if exists(/usr/include/security/pam_modules.h)
 CONFIGURE_ARGS+=	--with-pam
 .endif
@ -60,7 +68,9 @@ CONFIGURE_ARGS+=	--with-pam
 CONFIGURE_ARGS+=	--with-tcp-wrappers
 .endif

-.if !defined(ENABLE_SUID_SSH)
+.include <bsd.port.pre.mk>
+
+.if !defined(WITH_SUID_SSH)
 CONFIGURE_ARGS+=	--disable-suid-ssh
 .endif

@ -69,13 +79,21 @@ PORTABLE_SUFFIX=
 GSSAPI_SUFFIX=	-gssapi
 CONFLICTS+=	openssh-portable-*
 CONFIGURE_ARGS+=	--with-kerberos5=${KRB5_HOME}
+.if ${OPENSSLBASE} == "/usr"
+CONFIGURE_ARGS+=	--without-rpath
+LDFLAGS=
+.endif
 .else
 CONFLICTS+=	openssh-gssapi-*
+CONFIGURE_ARGS+=	--with-rpath=${OPENSSLRPATH}
 .if !defined(WITHOUT_KERBEROS) && exists(/usr/include/krb5.h)
 CONFIGURE_ARGS+=	--with-kerberos5
 EXTRA_PATCHES+=		${FILESDIR}/gss-serv.c.patch
 .endif
 .endif
+.if ${OPENSSLBASE} != "/usr"
+CONFIGURE_ARGS+=	--with-ssl-dir=${OPENSSLBASE}
+.endif

 .if defined(BATCH)
 EXTRA_PATCHES+=		${FILESDIR}/batch.patch
@ -118,30 +136,30 @@ post-configure:
 		${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh

 pre-install:
-.if defined(OPENSSH_OVERWRITE_BASE)
-	-${MKDIR} ${EMPTYDIR}
-.else
-	-${MKDIR} ${PREFIX}/empty
-.endif
+.	if defined(OPENSSH_OVERWRITE_BASE)
+		-${MKDIR} ${EMPTYDIR}
+.	else
+		-${MKDIR} ${PREFIX}/empty
+.	endif
 	if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi
 	if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \
 		-h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi
 	-@[ ! -d ${ETCSSH} ] && ${MKDIR} ${ETCSSH}
-.for i in ${PRECIOUS}
-	-@[ -f ${ETCOLD}/${i} ] && [ ! -f ${ETCSSH}/${i} ] && \
-		${ECHO_MSG} ">> Linking ${ETCSSH}/${i} from old layout." && \
-		${LN} ${ETCOLD}/${i} ${ETCSSH}/${i}
-.endfor
+.	for i in ${PRECIOUS}
+		-@[ -f ${ETCOLD}/${i} ] && [ ! -f ${ETCSSH}/${i} ] && \
+			${ECHO_MSG} ">> Linking ${ETCSSH}/${i} from old layout." && \
+			${LN} ${ETCOLD}/${i} ${ETCSSH}/${i}
+.	endfor

 post-install:
-.if !defined(OPENSSH_OVERWRITE_BASE)
-	${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample
-.endif
+.	if !defined(OPENSSH_OVERWRITE_BASE)
+		${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample
+.	endif
 	${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist
 	${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist
-.if !defined(OPENSSH_OVERWRITE_BASE)
-	@${CAT} ${PKGMESSAGE}
-.endif
+.	if !defined(OPENSSH_OVERWRITE_BASE)
+		@${CAT} ${PKGMESSAGE}
+.	endif

 test:
 	(cd ${WRKSRC}/regress && ${SETENV} ${MAKE_ENV} \
@ -149,21 +167,4 @@ test:
 	PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
 	${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} )

-.include <bsd.port.pre.mk>
-
-SUDO?=
-MAKE_ENV+=	SUDO="${SUDO}"
-
-.if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI)
-.if ${OPENSSLBASE} == "/usr"
-CONFIGURE_ARGS+=	--without-rpath
-LDFLAGS=
-.endif
-.else
-CONFIGURE_ARGS+=	--with-rpath=${OPENSSLRPATH}
-.endif
-.if ${OPENSSLBASE} != "/usr"
-CONFIGURE_ARGS+=	--with-ssl-dir=${OPENSSLBASE}
-.endif
-
 .include <bsd.port.post.mk>
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@ -1,2 +1,2 @@
-MD5 (openssh-4.1p1.tar.gz) = 959c663e709c981f07a3315bfd64f3d0
-SIZE (openssh-4.1p1.tar.gz) = 894234
+MD5 (openssh-4.2p1.tar.gz) = df899194a340c933944b193477c628fa
+SIZE (openssh-4.2p1.tar.gz) = 914165
--- a/security/openssh-portable/files/patch-auth-pam.c
+++ b/security/openssh-portable/files/patch-auth-pam.c
@ -1,65 +0,0 @@
--- auth-pam.c.orig	Thu Jan 20 03:29:51 2005
-+++ auth-pam.c	Sat Mar 19 21:52:37 2005
-@@ -290,7 +290,7 @@
-  * Conversation function for authentication thread.
-  */
- static int
-sshpam_thread_conv(int n, struct pam_message **msg,
-+sshpam_thread_conv(int n, const struct pam_message **msg,
-     struct pam_response **resp, void *data)
- {
- 	Buffer buffer;
-@@ -390,7 +390,7 @@
- 	u_int i;
- 	const char *pam_user;
- 
-	pam_get_item(sshpam_handle, PAM_USER, (void **)&pam_user);
-+	pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);
- 	environ[0] = NULL;
- 
- 	if (sshpam_authctxt != NULL) {
-@@ -482,7 +482,7 @@
- }
- 
- static int
-sshpam_null_conv(int n, struct pam_message **msg,
-+sshpam_null_conv(int n, const struct pam_message **msg,
-     struct pam_response **resp, void *data)
- {
- 	debug3("PAM: %s entering, %d messages", __func__, n);
-@@ -492,7 +492,7 @@
- static struct pam_conv null_conv = { sshpam_null_conv, NULL };
- 
- static int
-sshpam_store_conv(int n, struct pam_message **msg,
-+sshpam_store_conv(int n, const struct pam_message **msg,
-     struct pam_response **resp, void *data)
- {
- 	struct pam_response *reply;
-@@ -565,7 +565,7 @@
- 	if (sshpam_handle != NULL) {
- 		/* We already have a PAM context; check if the user matches */
- 		sshpam_err = pam_get_item(sshpam_handle,
-		    PAM_USER, (void **)&pam_user);
-+		    PAM_USER, (const void **)&pam_user);
- 		if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
- 			return (0);
- 		pam_end(sshpam_handle, sshpam_err);
-@@ -881,7 +881,7 @@
- }
- 
- static int
-sshpam_tty_conv(int n, struct pam_message **msg,
-+sshpam_tty_conv(int n, const struct pam_message **msg,
-     struct pam_response **resp, void *data)
- {
- 	char input[PAM_MAX_MSG_SIZE];
-@@ -1040,7 +1040,7 @@
-  * display.
-  */
- static int
-sshpam_passwd_conv(int n, struct pam_message **msg,
-+sshpam_passwd_conv(int n, const struct pam_message **msg,
-     struct pam_response **resp, void *data)
- {
- 	struct pam_response *reply;
--- a/security/openssh-portable/files/patch-auth1.c
+++ b/security/openssh-portable/files/patch-auth1.c
@ -1,5 +1,5 @@
--- auth1.c.orig	Tue Feb  8 11:52:48 2005
-+++ auth1.c	Sat Mar 19 21:34:47 2005
+--- auth1.c.orig	Sun Jul 17 04:26:44 2005
+++ auth1.c	Thu Sep  1 11:23:35 2005
@@ -26,6 +26,7 @@
 #include "uidswap.h"
 #include "monitor_wrap.h"
@ -8,10 +8,10 @@
 
 /* import */
 extern ServerOptions options;
-@@ -71,6 +72,15 @@
- 	u_int dlen;
- 	u_int ulen;
- 	int prev, type = 0;
+@@ -220,6 +221,15 @@
+ 	char info[1024];
+ 	int prev = 0, type = 0;
+ 	const struct AuthMethod1 *meth;
 +#ifdef HAVE_LOGIN_CAP
 +	login_cap_t *lc;
 +#endif /* HAVE_LOGIN_CAP */
@ -24,38 +24,37 @@
 
 	debug("Attempting authentication for %s%.100s.",
 	    authctxt->valid ? "" : "invalid user ", authctxt->user);
-@@ -219,6 +229,34 @@
- 			logit("Unknown message during authentication: type %d", type);
- 			break;
+@@ -270,6 +280,33 @@
+ 			    "type %d", type);
+ 			goto skip;
 		}
 +
 +#ifdef HAVE_LOGIN_CAP
 +		if (authctxt->pw != NULL) {
-+		  lc = login_getpwclass(authctxt->pw);
-+		  if (lc == NULL)
-+			lc = login_getclassbyname(NULL, authctxt->pw);
-+		  if (!auth_hostok(lc, from_host, from_ip)) {
-+			logit("Denied connection for %.200s from %.200s [%.200s].",
-+		      authctxt->pw->pw_name, from_host, from_ip);
-+			packet_disconnect("Sorry, you are not allowed to connect.");
-+		  }
-+		  if (!auth_timeok(lc, time(NULL))) {
-+			logit("LOGIN %.200s REFUSED (TIME) FROM %.200s",
-+		      authctxt->pw->pw_name, from_host);
-+			packet_disconnect("Logins not available right now.");
-+		  }
-+		  login_close(lc);
-+		  lc = NULL;
+			lc = login_getpwclass(authctxt->pw);
+			if (lc == NULL)
+				lc = login_getclassbyname(NULL, authctxt->pw);
+			if (!auth_hostok(lc, from_host, from_ip)) {
+				logit("Denied connection for %.200s from %.200s [%.200s].",
+				       authctxt->pw->pw_name, from_host, from_ip);
+				packet_disconnect("Sorry, you are not allowed to connect.");
+			}
+			if (!auth_timeok(lc, time(NULL))) {
+				logit("LOGIN %.200s REFUSED (TIME) FROM %.200s",
+				       authctxt->pw->pw_name, from_host);
+				packet_disconnect("Logins not available right now.");
+			}
+			login_close(lc);
+			lc = NULL;
 +		}
 +#endif  /* HAVE_LOGIN_CAP */
-+#ifdef LOGIN_ACCESS
+#ifdef LOGIN_ACCESS                                                       
 +		if (authctxt->pw != NULL && !login_access(authctxt->pw->pw_name, from_host)) {
-+		  logit("Denied connection for %.200s from %.200s [%.200s].",
-+		      authctxt->pw->pw_name, from_host, from_ip);
-+		  packet_disconnect("Sorry, you are not allowed to connect.");
+			logit("Denied connection for %.200s from %.200s [%.200s].",
+			       authctxt->pw->pw_name, from_host, from_ip);
+			packet_disconnect("Sorry, you are not allowed to connect.");
 +		}
 +#endif /* LOGIN_ACCESS */
-+
- #ifdef BSD_AUTH
- 		if (authctxt->as) {
- 			auth_close(authctxt->as);
+ 
+ 		if (!*(meth->enabled)) {
+ 			verbose("%s authentication disabled.", meth->name);
--- a/security/openssh-portable/files/patch-fake-rfc2553.h
+++ b/security/openssh-portable/files/patch-fake-rfc2553.h
@ -1,11 +0,0 @@
--- openbsd-compat/fake-rfc2553.h.orig	Fri Feb 11 08:32:13 2005
-+++ openbsd-compat/fake-rfc2553.h	Sat Mar 19 21:27:33 2005
-@@ -113,7 +113,7 @@
- # define NI_MAXHOST 1025
- #endif /* !NI_MAXHOST */
- 
-#ifndef EAI_NODATA
-+#ifndef EAI_MEMORY
- # define EAI_NODATA	1
- # define EAI_MEMORY	2
- # define EAI_NONAME	3