1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-29 01:13:08 +00:00

Update to OpenSSH 3.1 OpennSSH-portable 3.1p1

- update patch-au,patch-session.c for password changes.
- patch-channel.c is now integrated

Excerpt from Changelog:

20020304
 - OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2002/02/26 18:52:32
     [sftp.1]
     Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org
   - mouring@cvs.openbsd.org 2002/02/26 19:04:37
     [sftp.1]
     > Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org
     Last Ic on the first line should not have a space between it and the final
     comma.
   - deraadt@cvs.openbsd.org 2002/02/26 19:06:43
     [sftp.1]
     no, look closely.  the comma was highlighted. split .Ic even more
   - stevesk@cvs.openbsd.org 2002/02/26 20:03:51
     [misc.c]
     use socklen_t
   - stevesk@cvs.openbsd.org 2002/02/27 21:23:13
     [canohost.c channels.c packet.c sshd.c]
     remove unneeded casts in [gs]etsockopt(); ok markus@
   - markus@cvs.openbsd.org 2002/02/28 15:46:33
     [authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c]
     add some const EVP_MD for openssl-0.9.7
   - stevesk@cvs.openbsd.org 2002/02/28 19:36:28
     [auth.c match.c match.h]
     delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
     for sshd -u0; ok markus@
   - stevesk@cvs.openbsd.org 2002/02/28 20:36:42
     [sshd.8]
     DenyUsers allows user@host pattern also
   - stevesk@cvs.openbsd.org 2002/02/28 20:46:10
     [sshd.8]
     -u0 DNS for user@host
   - stevesk@cvs.openbsd.org 2002/02/28 20:56:00
     [auth.c]
     log user not allowed details, from dwd@bell-labs.com; ok markus@
   - markus@cvs.openbsd.org 2002/03/01 13:12:10
     [auth.c match.c match.h]
     undo the 'delay hostname lookup' change
     match.c must not use compress.c (via canonhost.c/packet.c)
     thanks to wilfried@
   - markus@cvs.openbsd.org 2002/03/04 12:43:06
     [auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
   - markus@cvs.openbsd.org 2002/03/04 13:10:46
     [misc.c]
     error-> debug, because O_NONBLOCK for /dev/null causes too many different
     errnos; ok stevesk@, deraadt@
     unused include
   - stevesk@cvs.openbsd.org 2002/03/04 17:27:39
     [auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
      channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
      groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
      servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
      uuencode.c xmalloc.h]
     $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
     missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
     files.  ok markus@
   - stevesk@cvs.openbsd.org 2002/03/04 18:30:23
     [ssh-keyscan.c]
     handle connection close during read of protocol version string.
     fixes erroneous "bad greeting".  ok markus@
   - markus@cvs.openbsd.org 2002/03/04 19:37:58
     [channels.c]
     off by one; thanks to joost@pine.nl
20020226
 - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests
   based on patch by mooney@dogbert.cc.ndsu.nodak.edu (Tim Mooney)
   Bug 45 [configure.ac] modify skey test to work around conflict with autoconf
   reported by nolan@naic.edu (Michael Nolan)
   patch by  Pekka Savola <pekkas@netcore.fi>
   Bug 74 [configure.ac defines.h] add sig_atomic_t test
   reported by dwd@bell-labs.com (Dave Dykstra)
   Bug 102 [defines.h] UNICOS fixes. patch by wendyp@cray.com
   [configure.ac Makefile.in] link libwrap only with sshd
   based on patch by Maciej W. Rozycki <macro@ds2.pg.gda.pl>
   Bug 123 link libpam only with sshd
   reported by peak@argo.troja.mff.cuni.cz (Pavel Kankovsky)
   [configure.ac defines.h] modify previous SCO3 fix to not break Solaris 7
   [acconfig.h] remove unused HAVE_REGCOMP
   [configure.ac] put back in search for prngd-socket
 - (stevesk) openbsd-compat/base64.h: typo in comment
 - (bal) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/02/15 23:54:10
     [auth-krb5.c]
     krb5_get_err_text() does not like context==NULL; he@nordu.net via google;
     ok provos@
   - markus@cvs.openbsd.org 2002/02/22 12:20:34
     [log.c log.h ssh-keyscan.c]
     overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@
   - markus@cvs.openbsd.org 2002/02/23 17:59:02
     [kex.c kexdh.c kexgex.c]
     don't allow garbage after payload.
   - stevesk@cvs.openbsd.org 2002/02/24 16:09:52
     [sshd.c]
     use u_char* here; ok markus@
   - markus@cvs.openbsd.org 2002/02/24 16:57:19
     [sftp-client.c]
     early close(), missing free; ok stevesk@
   - markus@cvs.openbsd.org 2002/02/24 16:58:32
     [packet.c]
     make 'cp' unsigned and merge with 'ucp'; ok stevesk@
   - markus@cvs.openbsd.org 2002/02/24 18:31:09
     [uuencode.c]
     typo in comment
   - markus@cvs.openbsd.org 2002/02/24 19:14:59
     [auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
      ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
     signed vs. unsigned: make size arguments u_int, ok stevesk@
   - stevesk@cvs.openbsd.org 2002/02/24 19:59:42
     [channels.c misc.c]
     disable Nagle in connect_to() and channel_post_port_listener() (port
     forwarding endpoints).  the intention is to preserve the on-the-wire
     appearance to applications at either end; the applications can then
     enable TCP_NODELAY according to their requirements. ok markus@
   - markus@cvs.openbsd.org 2002/02/25 16:33:27
     [ssh-keygen.c sshconnect2.c uuencode.c uuencode.h]
     more u_* fixes
 - (bal) Imported missing fatal.c and fixed up Makefile.in
 - (tim) [configure.ac] correction to Bug 123 fix
     [configure.ac] correction to sig_atomic_t test

20020224
 - (tim) [loginrec.c session.c sshlogin.c sshlogin.h] Bug 84
   patch by wknox@mitre.org (William Knox).
   [sshlogin.h] declare record_utmp_only for session.c

20020219
 - (djm) OpenBSD CVS Sync
   - mpech@cvs.openbsd.org 2002/02/13 08:33:47
     [ssh-keyscan.1]
     When you give command examples and etc., in a manual page prefix them with:     $ command
     or
     # command
   - markus@cvs.openbsd.org 2002/02/14 23:27:59
     [channels.c]
     increase the SSH v2 window size to 4 packets. comsumes a little
     bit more memory for slow receivers but increases througput.
   - markus@cvs.openbsd.org 2002/02/14 23:28:00
     [channels.h session.c ssh.c]
     increase the SSH v2 window size to 4 packets. comsumes a little
     bit more memory for slow receivers but increases througput.
   - markus@cvs.openbsd.org 2002/02/14 23:41:01
     [authfile.c cipher.c cipher.h kex.c kex.h packet.c]
     hide some more implementation details of cipher.[ch] and prepares for move
     to EVP, ok deraadt@
   - stevesk@cvs.openbsd.org 2002/02/16 14:53:37
     [ssh-keygen.1]
     -t required now for key generation
   - stevesk@cvs.openbsd.org 2002/02/16 20:40:08
     [ssh-keygen.c]
     default to rsa keyfile path for non key generation operations where
     keyfile not specified.  fixes core dump in those cases.  ok markus@
   - millert@cvs.openbsd.org 2002/02/16 21:27:53
     [auth.h]
     Part one of userland __P removal.  Done with a simple regexp with
     some minor hand editing to make comments line up correctly.  Another
     pass is forthcoming that handles the cases that could not be done
     automatically.
   - millert@cvs.openbsd.org 2002/02/17 19:42:32
     [auth.h]
     Manual cleanup of remaining userland __P use (excluding packages
     maintained outside the tree)
   - markus@cvs.openbsd.org 2002/02/18 13:05:32
     [cipher.c cipher.h]
     switch to EVP, ok djm@ deraadt@
   - markus@cvs.openbsd.org 2002/02/18 17:55:20
     [ssh.1]
     -q: Fatal errors are _not_ displayed.
   - deraadt@cvs.openbsd.org 2002/02/19 02:50:59
     [sshd_config]
     stategy is not an english word
 - (bal) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/02/15 23:11:26
     [session.c]
     split do_child(), ok mouring@
   - markus@cvs.openbsd.org 2002/02/16 00:51:44
     [session.c]
     typo

20020218
 - (tim) newer config.guess from ftp://ftp.gnu.org/gnu/config/config.guess

20020213
 - (djm) Bug #114 - not starting PAM for SSH protocol 1 invalid users

20020213
 - (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/02/11 16:10:15
     [kex.c]
     restore kexinit handler if we reset the dispatcher, this unbreaks
     rekeying s/kex_clear_dispatch/kex_reset_dispatch/
   - markus@cvs.openbsd.org 2002/02/11 16:15:46
     [sshconnect1.c]
     include md5.h, not evp.h
   - markus@cvs.openbsd.org 2002/02/11 16:17:55
     [sshd.c]
     do not complain about port > 1024 if rhosts-auth is disabled
   - markus@cvs.openbsd.org 2002/02/11 16:19:39
     [sshd.c]
     include md5.h not hmac.h
   - markus@cvs.openbsd.org 2002/02/11 16:21:42
     [match.c]
     support up to 40 algorithms per proposal
   - djm@cvs.openbsd.org 2002/02/12 12:32:27
     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
     Perform multiple overlapping read/write requests in file transfer. Mostly
     done by Tobias Ringstrom <tori@ringstrom.mine.nu>; ok markus@
   - djm@cvs.openbsd.org 2002/02/12 12:44:46
     [sftp-client.c]
     Let overlapped upload path handle servers which reorder ACKs. This may be
     permitted by the protocol spec; ok markus@
   - markus@cvs.openbsd.org 2002/02/13 00:28:13
     [sftp-server.c]
     handle SSH2_FILEXFER_ATTR_SIZE in SSH2_FXP_(F)SETSTAT; ok djm@
   - markus@cvs.openbsd.org 2002/02/13 00:39:15
     [readpass.c]
     readpass.c is not longer from UCB, since we now use readpassphrase(3)
   - djm@cvs.openbsd.org 2002/02/13 00:59:23
     [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp.h]
     [sftp-int.c sftp-int.h]
     API cleanup and backwards compat for filexfer v.0 servers; ok markus@
 - (djm) Sync openbsd-compat with OpenBSD CVS too
 - (djm) Bug #106: Add --without-rpath configure option. Patch from
   Nicolas.Williams@ubsw.com

20020210
 - (djm) OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2002/02/09 17:37:34
     [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
     move ssh config files to /etc/ssh
 - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
   - deraadt@cvs.openbsd.org 2002/02/10 01:07:05
     [readconf.h sshd.8]
     more /etc/ssh; openbsd@davidkrause.com

20020208
 - (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/02/04 12:15:25
     [sshd.c]
     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
     fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
   - stevesk@cvs.openbsd.org 2002/02/04 20:41:16
     [ssh-agent.1]
     more sync for default ssh-add identities; ok markus@
   - djm@cvs.openbsd.org 2002/02/05 00:00:46
     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
     Add "-B" option to specify copy buffer length (default 32k); ok markus@
   - markus@cvs.openbsd.org 2002/02/05 14:32:55
     [channels.c channels.h ssh.c]
     merge channel_request() into channel_request_start()
   - markus@cvs.openbsd.org 2002/02/06 14:22:42
     [sftp.1]
     sort options; ok mpech@, stevesk@
   - mpech@cvs.openbsd.org 2002/02/06 14:27:23
     [sftp.c]
     sync usage() with manual.
   - markus@cvs.openbsd.org 2002/02/06 14:37:22
     [session.c]
     minor KNF
   - markus@cvs.openbsd.org 2002/02/06 14:55:16
     [channels.c clientloop.c serverloop.c ssh.c]
     channel_new never returns NULL, mouring@; ok djm@
   - markus@cvs.openbsd.org 2002/02/07 09:35:39
     [ssh.c]
     remove bogus comments

20020205
 - (djm) Cleanup after sync:
   - :%s/reverse_mapping_check/verify_reverse_mapping/g
 - (djm) OpenBSD CVS Sync
   - stevesk@cvs.openbsd.org 2002/01/24 21:09:25
     [channels.c misc.c misc.h packet.c]
     add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning).
     no nagle changes just yet; ok djm@ markus@
   - stevesk@cvs.openbsd.org 2002/01/24 21:13:23
     [packet.c]
     need misc.h for set_nodelay()
   - markus@cvs.openbsd.org 2002/01/25 21:00:24
     [sshconnect2.c]
     unused include
   - markus@cvs.openbsd.org 2002/01/25 21:42:11
     [ssh-dss.c ssh-rsa.c]
     use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
     don't use evp_md->md_size, it's not public.
   - markus@cvs.openbsd.org 2002/01/25 22:07:40
     [kex.c kexdh.c kexgex.c key.c mac.c]
     use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@
   - stevesk@cvs.openbsd.org 2002/01/26 16:44:22
     [includes.h session.c]
     revert code to add x11 localhost display authorization entry for
     hostname/unix:d and uts.nodename/unix:d if nodename was different than
     hostname.  just add entry for unix:d instead.  ok markus@
   - stevesk@cvs.openbsd.org 2002/01/27 14:57:46
     [channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
     add X11UseLocalhost; ok markus@
   - stevesk@cvs.openbsd.org 2002/01/27 18:08:17
     [ssh.c]
     handle simple case to identify FamilyLocal display; ok markus@
   - markus@cvs.openbsd.org 2002/01/29 14:27:57
     [ssh-add.c]
     exit 2 if no agent, exit 1 if list fails; debian#61078; ok djm@
   - markus@cvs.openbsd.org 2002/01/29 14:32:03
     [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c]
     [servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion;
     ok stevesk@
   - stevesk@cvs.openbsd.org 2002/01/29 16:29:02
     [session.c]
     limit subsystem length in log; ok markus@
   - markus@cvs.openbsd.org 2002/01/29 16:41:19
     [ssh-add.1]
     add DIAGNOSTICS; ok stevesk@
   - markus@cvs.openbsd.org 2002/01/29 22:46:41
     [session.c]
     don't depend on servconf.c; ok djm@
   - markus@cvs.openbsd.org 2002/01/29 23:50:37
     [scp.1 ssh.1]
     mention exit status; ok stevesk@
   - markus@cvs.openbsd.org 2002/01/31 13:35:11
     [kexdh.c kexgex.c]
     cross check announced key type and type from key blob
   - markus@cvs.openbsd.org 2002/01/31 15:00:05
     [serverloop.c]
     no need for WNOHANG; ok stevesk@
   - markus@cvs.openbsd.org 2002/02/03 17:53:25
     [auth1.c serverloop.c session.c session.h]
     don't use channel_input_channel_request and callback
     use new server_input_channel_req() instead:
     	server_input_channel_req does generic request parsing on server side
     	session_input_channel_req handles just session specific things now
     ok djm@
   - markus@cvs.openbsd.org 2002/02/03 17:55:55
     [channels.c channels.h]
     remove unused channel_input_channel_request
   - markus@cvs.openbsd.org 2002/02/03 17:58:21
     [channels.c channels.h ssh.c]
     generic callbacks are not really used, remove and
     add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
     ok djm@
   - markus@cvs.openbsd.org 2002/02/03 17:59:23
     [sshconnect2.c]
     more cross checking if announced vs. used key type; ok stevesk@
   - stevesk@cvs.openbsd.org 2002/02/03 22:35:57
     [ssh.1 sshd.8]
     some KeepAlive cleanup/clarify; ok markus@
   - stevesk@cvs.openbsd.org 2002/02/03 23:22:59
     [ssh-agent.1]
     ssh-add also adds $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa now.
   - stevesk@cvs.openbsd.org 2002/02/04 00:53:39
     [ssh-agent.c]
     unneeded includes
   - markus@cvs.openbsd.org 2002/02/04 11:58:10
     [auth2.c]
     cross checking of announced vs actual pktype in pubkey/hostbaed auth;
     ok stevesk@
   - markus@cvs.openbsd.org 2002/02/04 12:15:25
     [log.c log.h readconf.c servconf.c]
     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
     fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
   - stevesk@cvs.openbsd.org 2002/02/04 20:41:16
     [ssh-add.1]
     more sync for default ssh-add identities; ok markus@
   - djm@cvs.openbsd.org 2002/02/04 21:53:12
     [sftp.1 sftp.c]
     Add "-P" option to directly connect to a local sftp-server. Should be
     useful for regression testing; ok markus@
   - djm@cvs.openbsd.org 2002/02/05 00:00:46
     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
     Add "-B" option to specify copy buffer length (default 32k); ok markus@

20020130
 - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
 - (tim) [configure.ac] fix logic on when ssh-rand-helper is installed.
   [sshd_config] put back in line that tells what PATH was compiled into sshd.

20020125
 - (djm) Don't grab Xserver or pointer by default. x11-ssh-askpass doesn't
   and grabbing can cause deadlocks with kinput2.

20020124
 - (stevesk) Makefile.in: bug #61; delete commented line for now.

20020123
 - (djm) Fix non-standard shell syntax in autoconf. Patch from
   Dave Dykstra <dwd@bell-labs.com>
 - (stevesk) fix --with-zlib=
 - (djm) Use case statements in autoconf to clean up some tests

20020122
 - (djm) autoconf hacking:
   - We don't support --without-zlib currently, so don't allow it.
   - Rework cryptographic random number support detection. We now detect
     whether OpenSSL seeds itself. If it does, then we don't bother with
     the ssh-rand-helper program. You can force the use of ssh-rand-helper
     using the --with-rand-helper configure argument
   - Simplify and clean up ssh-rand-helper configuration
   - Add OpenSSL sanity check: verify that header version matches version
     reported by library
 - (djm) Fix some bugs I introduced into ssh-rand-helper yesterday
 - OpenBSD CVS Sync
   - djm@cvs.openbsd.org 2001/12/21 08:52:22
     [ssh-keygen.1 ssh-keygen.c]
     Remove default (rsa1) key type; ok markus@
   - djm@cvs.openbsd.org 2001/12/21 08:53:45
     [readpass.c]
     Avoid interruptable passphrase read; ok markus@
   - djm@cvs.openbsd.org 2001/12/21 10:06:43
     [ssh-add.1 ssh-add.c]
     Try all standard key files (id_rsa, id_dsa, identity) when invoked with
     no arguments; ok markus@
   - markus@cvs.openbsd.org 2001/12/21 12:17:33
     [serverloop.c]
     remove ifdef for USE_PIPES since fdin != fdout; ok djm@
   - deraadt@cvs.openbsd.org 2001/12/24 07:29:43
     [ssh-add.c]
     try all listed keys.. how did this get broken?
   - markus@cvs.openbsd.org 2001/12/25 18:49:56
     [key.c]
     be more careful on allocation
   - markus@cvs.openbsd.org 2001/12/25 18:53:00
     [auth1.c]
     be more carefull on allocation
   - markus@cvs.openbsd.org 2001/12/27 18:10:29
     [ssh-keygen.c]
     -t is only needed for key generation (unbreaks -i, -e, etc).
   - markus@cvs.openbsd.org 2001/12/27 18:22:16
     [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c]
     [scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
     call fatal() for openssl allocation failures
   - stevesk@cvs.openbsd.org 2001/12/27 18:22:53
     [sshd.8]
     clarify -p; ok markus@
   - markus@cvs.openbsd.org 2001/12/27 18:26:13
     [authfile.c]
     missing include
   - markus@cvs.openbsd.org 2001/12/27 19:37:23
     [dh.c kexdh.c kexgex.c]
     always use BN_clear_free instead of BN_free
   - markus@cvs.openbsd.org 2001/12/27 19:54:53
     [auth1.c auth.h auth-rh-rsa.c]
     auth_rhosts_rsa now accept generic keys.
   - markus@cvs.openbsd.org 2001/12/27 20:39:58
     [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h]
     [serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
   - markus@cvs.openbsd.org 2001/12/28 12:14:27
     [auth1.c auth2.c auth2-chall.c auth-rsa.c channels.c clientloop.c]
     [kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c]
     [ssh.c sshconnect1.c sshconnect2.c sshd.c]
     s/packet_done/packet_check_eom/ (end-of-message); ok djm@
   - markus@cvs.openbsd.org 2001/12/28 13:57:33
     [auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
     packet_get_bignum* no longer returns a size
   - markus@cvs.openbsd.org 2001/12/28 14:13:13
     [bufaux.c bufaux.h packet.c]
     buffer_get_bignum: int -> void
   - markus@cvs.openbsd.org 2001/12/28 14:50:54
     [auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c]
     [packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c]
     [sshconnect2.c sshd.c]
     packet_read* no longer return the packet length, since it's not used.
   - markus@cvs.openbsd.org 2001/12/28 15:06:00
     [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
     [dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
     remove plen from the dispatch fn. it's no longer used.
   - stevesk@cvs.openbsd.org 2001/12/28 22:37:48
     [ssh.1 sshd.8]
     document LogLevel DEBUG[123]; ok markus@
   - stevesk@cvs.openbsd.org 2001/12/29 21:56:01
     [authfile.c channels.c compress.c packet.c sftp-server.c]
     [ssh-agent.c ssh-keygen.c]
     remove unneeded casts and some char->u_char cleanup; ok markus@
   - stevesk@cvs.openbsd.org 2002/01/03 04:11:08
     [ssh_config]
     grammar in comment
   - stevesk@cvs.openbsd.org 2002/01/04 17:59:17
     [readconf.c servconf.c]
     remove #ifdef _PATH_XAUTH/#endif; ok markus@
   - stevesk@cvs.openbsd.org 2002/01/04 18:14:16
     [servconf.c sshd.8]
     protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
     /etc/ssh_host_dsa_key like we have in sshd_config.  ok markus@
   - markus@cvs.openbsd.org 2002/01/05 10:43:40
     [channels.c]
     fix hanging x11 channels for rejected cookies (e.g.
     XAUTHORITY=/dev/null xbiff) bug #36, based on patch from
     djast@cs.toronto.edu
   - stevesk@cvs.openbsd.org 2002/01/05 21:51:56
     [ssh.1 sshd.8]
     some missing and misplaced periods
   - markus@cvs.openbsd.org 2002/01/09 13:49:27
     [ssh-keygen.c]
     append \n only for public keys
   - markus@cvs.openbsd.org 2002/01/09 17:16:00
     [channels.c]
     merge channel_pre_open_15/channel_pre_open_20; ok provos@
   - markus@cvs.openbsd.org 2002/01/09 17:26:35
     [channels.c nchan.c]
     replace buffer_consume(b, buffer_len(b)) with buffer_clear(b);
     ok provos@
   - markus@cvs.openbsd.org 2002/01/10 11:13:29
     [serverloop.c]
     skip client_alive_check until there are channels; ok beck@
   - markus@cvs.openbsd.org 2002/01/10 11:24:04
     [clientloop.c]
     handle SSH2_MSG_GLOBAL_REQUEST (just reply with failure); ok djm@
   - markus@cvs.openbsd.org 2002/01/10 12:38:26
     [nchan.c]
     remove dead code (skip drain)
   - markus@cvs.openbsd.org 2002/01/10 12:47:59
     [nchan.c]
     more unused code (with channels.c:1.156)
   - markus@cvs.openbsd.org 2002/01/11 10:31:05
     [packet.c]
     handle received SSH2_MSG_UNIMPLEMENTED messages; ok djm@
   - markus@cvs.openbsd.org 2002/01/11 13:36:43
     [ssh2.h]
     add defines for msg type ranges
   - markus@cvs.openbsd.org 2002/01/11 13:39:36
     [auth2.c dispatch.c dispatch.h kex.c]
     a single dispatch_protocol_error() that sends a message of
     type 'UNIMPLEMENTED'
     dispatch_range(): set handler for a ranges message types
     use dispatch_protocol_ignore() for authentication requests after
     successful authentication (the drafts requirement).
     serverloop/clientloop now send a 'UNIMPLEMENTED' message instead
     of exiting.
   - markus@cvs.openbsd.org 2002/01/11 20:14:11
     [auth2-chall.c auth-skey.c]
     use strlcpy not strlcat; mouring@
   - markus@cvs.openbsd.org 2002/01/11 23:02:18
     [readpass.c]
     use _PATH_TTY
   - markus@cvs.openbsd.org 2002/01/11 23:02:51
     [auth2-chall.c]
     use snprintf; mouring@
   - markus@cvs.openbsd.org 2002/01/11 23:26:30
     [auth-skey.c]
     use snprintf; mouring@
   - markus@cvs.openbsd.org 2002/01/12 13:10:29
     [auth-skey.c]
     undo local change
   - provos@cvs.openbsd.org 2002/01/13 17:27:07
     [ssh-agent.c]
     change to use queue.h macros; okay markus@
   - markus@cvs.openbsd.org 2002/01/13 17:57:37
     [auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
     use buffer API and avoid static strings of fixed size;
     ok provos@/mouring@
   - markus@cvs.openbsd.org 2002/01/13 21:31:20
     [channels.h nchan.c]
     add chan_set_[io]state(), order states, state is now an u_int,
     simplifies debugging messages; ok provos@
   - markus@cvs.openbsd.org 2002/01/14 13:22:35
     [nchan.c]
     chan_send_oclose1() no longer calls chan_shutdown_write(); ok provos@
   - markus@cvs.openbsd.org 2002/01/14 13:34:07
     [nchan.c]
     merge chan_[io]buf_empty[12]; ok provos@
   - markus@cvs.openbsd.org 2002/01/14 13:40:10
     [nchan.c]
     correct fn names for ssh2, do not switch from closed to closed;
     ok provos@
   - markus@cvs.openbsd.org 2002/01/14 13:41:13
     [nchan.c]
     remove duplicated code; ok provos@
   - markus@cvs.openbsd.org 2002/01/14 13:55:55
     [channels.c channels.h nchan.c]
     remove function pointers for events, remove chan_init*; ok provos@
   - markus@cvs.openbsd.org 2002/01/14 13:57:03
     [channels.h nchan.c]
     (c) 2002
   - markus@cvs.openbsd.org 2002/01/16 13:17:51
     [channels.c channels.h serverloop.c ssh.c]
     wrapper for channel_setup_fwd_listener
   - stevesk@cvs.openbsd.org 2002/01/16 17:40:23
     [sshd_config]
     The stategy now used for options in the default sshd_config shipped
     with OpenSSH is to specify options with their default value where
     possible, but leave them commented.  Uncommented options change a
     default value.  Subsystem is currently the only default option
     changed.  ok markus@
   - stevesk@cvs.openbsd.org 2002/01/16 17:42:33
     [ssh.1]
     correct defaults for -i/IdentityFile; ok markus@
   - stevesk@cvs.openbsd.org 2002/01/16 17:55:33
     [ssh_config]
     correct some commented defaults.  add Ciphers default.  ok markus@
   - stevesk@cvs.openbsd.org 2002/01/17 04:27:37
     [log.c]
     casts to silence enum type warnings for bugzilla bug 37; ok markus@
   - stevesk@cvs.openbsd.org 2002/01/18 17:14:16
     [sshd.8]
     correct Ciphers default; paola.mannaro@ubs.com
   - stevesk@cvs.openbsd.org 2002/01/18 18:14:17
     [authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c]
     unneeded cast cleanup; ok markus@
   - stevesk@cvs.openbsd.org 2002/01/18 20:46:34
     [sshd.8]
     clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from
     allard@oceanpark.com; ok markus@
   - markus@cvs.openbsd.org 2002/01/21 15:13:51
     [sshconnect.c]
     use read_passphrase+ECHO in confirm(), allows use of ssh-askpass
     for hostkey confirm.
   - markus@cvs.openbsd.org 2002/01/21 22:30:12
     [cipher.c compat.c myproposal.h]
     remove "rijndael-*", just use "aes-" since this how rijndael is called
     in the drafts; ok stevesk@
   - markus@cvs.openbsd.org 2002/01/21 23:27:10
     [channels.c nchan.c]
     cleanup channels faster if the are empty and we are in drain-state;
     ok deraadt@
   - stevesk@cvs.openbsd.org 2002/01/22 02:52:41
     [servconf.c]
     typo in error message; from djast@cs.toronto.edu
 - (djm) Make auth2-pam.c compile again after dispatch.h and packet.h
   changes
 - (djm) Recent Glibc includes an incompatible sys/queue.h. Treat it as
   bogus in configure
 - (djm) Use local sys/queue.h if necessary in ssh-agent.c

20020121
 - (djm) Rework ssh-rand-helper:
   - Reduce quantity of ifdef code, in preparation for ssh_rand_conf
   - Always seed from system calls, even when doing PRNGd seeding
   - Tidy and comment #define knobs
   - Remove unused facility for multiple runs through command list
   - KNF, cleanup, update copyright

20020114
 - (djm) Bug #50 - make autoconf entropy path checks more robust

20020108
 - (djm) Merge Cygwin copy_environment with do_pam_environment, removing
   fixed env var size limit in the process. Report from Corinna Vinschen
   <vinschen@redhat.com>
 - (stevesk) defines.h: use "/var/spool/sockets/X11/%u" for HP-UX.  does
   not depend on transition links.  from Lutz Jaenicke.

20020106
 - (stevesk) defines.h: determine _PATH_UNIX_X; currently "/tmp/.X11-unix/X%u"
   for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u".

20020103
 - (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from
   Roger Cornelius <rac@tenzing.org>
This commit is contained in:
Dirk Meyer 2002-03-08 05:54:04 +00:00
parent 5ac4aadbfa
commit e95e5c70ff
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=55710
15 changed files with 99 additions and 127 deletions

View File

@ -6,8 +6,7 @@
#
PORTNAME= openssh
PORTVERSION= 3.0.2p1
PORTREVISION= 1
PORTVERSION= 3.1p1
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \

View File

@ -1,3 +1 @@
MD5 (openssh-3.0.2p1.tar.gz) = 2fa62bf878862cb47a7515c35afe35b6
MD5 (openssh-3.0.2p1-gssapi.patch) = 66ce171ac4b09603c7069cea198d2090
MD5 (openssh-3.0.2p1-krb5.patch) = c6fe5622607b3137fa22741897cbd5db
MD5 (openssh-3.1p1.tar.gz) = c6a52d4126ed27eb57c31729ec6b2362

View File

@ -1,11 +0,0 @@
--- channels.c.orig Wed Oct 10 17:18:47 2001
+++ channels.c Wed Mar 6 07:49:46 2002
@@ -145,7 +145,7 @@
{
Channel *c;
- if (id < 0 || id > channels_alloc) {
+ if (id < 0 || id >= channels_alloc) {
log("channel_lookup: %d: bad id", id);
return NULL;
}

View File

@ -1,6 +1,6 @@
--- session.c.orig Mon Sep 17 00:17:15 2001
+++ session.c Wed Oct 3 14:18:36 2001
@@ -437,6 +437,13 @@
--- session.c.orig Mon Feb 25 16:48:03 2002
+++ session.c Fri Mar 8 06:28:38 2002
@@ -423,6 +423,13 @@
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
@ -14,7 +14,7 @@
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
*/
@@ -551,6 +558,14 @@
@@ -537,6 +544,14 @@
/* Child. Reinitialize the log because the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
@ -29,7 +29,7 @@
/* Close the master side of the pseudo tty. */
close(ptyfd);
@@ -682,6 +697,11 @@
@@ -665,6 +680,11 @@
time_t last_login_time;
struct passwd * pw = s->pw;
pid_t pid = getpid();
@ -41,7 +41,7 @@
/*
* Get IP address of client. If the connection is not a socket, let
@@ -742,6 +762,21 @@
@@ -725,6 +745,21 @@
printf("Last login: %s from %s\r\n", time_string, hostname);
}
@ -63,7 +63,7 @@
do_motd();
}
@@ -1340,7 +1375,7 @@
@@ -1241,7 +1276,7 @@
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
*/
@ -71,12 +71,14 @@
+ for (i = 3; i < getdtablesize(); i++)
close(i);
/* Change current directory to the user\'s home directory. */
@@ -1376,6 +1411,28 @@
* in this order).
*/
if (!options.use_login) {
/*
@@ -1271,6 +1306,31 @@
exit(1);
#endif
}
+
+#ifdef __FreeBSD__
+ if (!options.use_login) {
+ /*
+ * If the password change time is set and has passed, give the
+ * user a password expiry notice and chance to change it.
@ -97,7 +99,8 @@
+ }
+ }
+ }
+ }
+#endif /* __FreeBSD__ */
/* ignore _PATH_SSH_USER_RC for subsystems */
if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
if (!options.use_login)
do_rc_files(s, shell);

View File

@ -6,8 +6,7 @@
#
PORTNAME= openssh
PORTVERSION= 3.0.2p1
PORTREVISION= 1
PORTVERSION= 3.1p1
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \

View File

@ -1,3 +1 @@
MD5 (openssh-3.0.2p1.tar.gz) = 2fa62bf878862cb47a7515c35afe35b6
MD5 (openssh-3.0.2p1-gssapi.patch) = 66ce171ac4b09603c7069cea198d2090
MD5 (openssh-3.0.2p1-krb5.patch) = c6fe5622607b3137fa22741897cbd5db
MD5 (openssh-3.1p1.tar.gz) = c6a52d4126ed27eb57c31729ec6b2362

View File

@ -1,11 +0,0 @@
--- channels.c.orig Wed Oct 10 17:18:47 2001
+++ channels.c Wed Mar 6 07:49:46 2002
@@ -145,7 +145,7 @@
{
Channel *c;
- if (id < 0 || id > channels_alloc) {
+ if (id < 0 || id >= channels_alloc) {
log("channel_lookup: %d: bad id", id);
return NULL;
}

View File

@ -1,6 +1,6 @@
--- session.c.orig Mon Sep 17 00:17:15 2001
+++ session.c Wed Oct 3 14:18:36 2001
@@ -437,6 +437,13 @@
--- session.c.orig Mon Feb 25 16:48:03 2002
+++ session.c Fri Mar 8 06:28:38 2002
@@ -423,6 +423,13 @@
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
@ -14,7 +14,7 @@
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
*/
@@ -551,6 +558,14 @@
@@ -537,6 +544,14 @@
/* Child. Reinitialize the log because the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
@ -29,7 +29,7 @@
/* Close the master side of the pseudo tty. */
close(ptyfd);
@@ -682,6 +697,11 @@
@@ -665,6 +680,11 @@
time_t last_login_time;
struct passwd * pw = s->pw;
pid_t pid = getpid();
@ -41,7 +41,7 @@
/*
* Get IP address of client. If the connection is not a socket, let
@@ -742,6 +762,21 @@
@@ -725,6 +745,21 @@
printf("Last login: %s from %s\r\n", time_string, hostname);
}
@ -63,7 +63,7 @@
do_motd();
}
@@ -1340,7 +1375,7 @@
@@ -1241,7 +1276,7 @@
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
*/
@ -71,12 +71,14 @@
+ for (i = 3; i < getdtablesize(); i++)
close(i);
/* Change current directory to the user\'s home directory. */
@@ -1376,6 +1411,28 @@
* in this order).
*/
if (!options.use_login) {
/*
@@ -1271,6 +1306,31 @@
exit(1);
#endif
}
+
+#ifdef __FreeBSD__
+ if (!options.use_login) {
+ /*
+ * If the password change time is set and has passed, give the
+ * user a password expiry notice and chance to change it.
@ -97,7 +99,8 @@
+ }
+ }
+ }
+ }
+#endif /* __FreeBSD__ */
/* ignore _PATH_SSH_USER_RC for subsystems */
if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
if (!options.use_login)
do_rc_files(s, shell);

View File

@ -6,8 +6,7 @@
#
PORTNAME= openssh
PORTVERSION= 3.0.2
PORTREVISION= 1
PORTVERSION= 3.1
CATEGORIES= security
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
@ -16,7 +15,7 @@ DISTNAME= openssh-${PORTVERSION}
EXTRACT_SUFX= .tgz
PATCH_SITES= ${MASTER_SITES}
PATCHFILES= openbsd28_3.0.2.patch
PATCHFILES= openbsd28_3.1.patch
MAINTAINER= dinoex@FreeBSD.org
@ -70,8 +69,6 @@ MAKE_ENV+= SKEY=yes
WRKSRC= ${WRKDIR}/ssh
post-extract:
@${PERL5} -pi -e "s=/etc/ssh=${PREFIX}/etc/ssh=" ${WRKSRC}/sshd_config
@${PERL5} -pi -e "s=/usr/libex=${PREFIX}/libex=" ${WRKSRC}/sshd_config
@${CP} ${FILESDIR}/strlcat.c ${FILESDIR}/strlcpy.c ${WRKSRC}/lib/
@${CP} ${FILESDIR}/sshd.sh ${WRKSRC}/
.if ${OSVERSION} < 400014
@ -82,7 +79,9 @@ post-extract:
.endif
post-patch:
@${PERL} -pi -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h \
@${PERL5} -pi -e "s=/etc/ssh=${PREFIX}/etc/ssh=" ${WRKSRC}/sshd_config
@${PERL5} -pi -e "s=/usr/libex=${PREFIX}/libex=" ${WRKSRC}/sshd_config
@${PERL5} -pi -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h \
${WRKSRC}/sshd_config ${WRKSRC}/sshd.sh \
${WRKSRC}/pathnames.h

View File

@ -1,2 +1,2 @@
MD5 (openssh-3.0.2.tgz) = 83c508a4be90bf9b089db45ac6e28614
MD5 (openbsd28_3.0.2.patch) = 44cb043a46770c53f9a0345d79dddfc1
MD5 (openssh-3.1.tgz) = b43deb1a3b2047216a28c00ccc45f548
MD5 (openbsd28_3.1.patch) = 5e7fce5fa6fa0f071b53a01dfb435a43

View File

@ -1,16 +1,16 @@
--- pathnames.h.orig Thu Apr 12 21:15:24 2001
+++ pathnames.h Sat May 26 15:11:30 2001
--- pathnames.h.orig Fri Mar 8 05:51:08 2002
+++ pathnames.h Fri Mar 8 05:52:57 2002
@@ -12,7 +12,7 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-#define ETCDIR "/etc"
+#define ETCDIR "__PREFIX__/etc"
#define SSHDIR ETCDIR
#define _PATH_SSH_PIDDIR "/var/run"
/*
@@ -33,7 +33,7 @@
#define _PATH_HOST_RSA_KEY_FILE ETCDIR "/ssh_host_rsa_key"
@@ -37,7 +37,7 @@
/* Backwards compatibility */
#define _PATH_DH_PRIMES ETCDIR "/primes"
-#define _PATH_SSH_PROGRAM "/usr/bin/ssh"

View File

@ -1,5 +1,5 @@
--- sshd/Makefile.orig Fri Nov 16 06:02:09 2001
+++ sshd/Makefile Fri Nov 16 06:03:51 2001
--- sshd/Makefile.orig Fri Mar 8 05:54:03 2002
+++ sshd/Makefile Fri Mar 8 06:00:30 2002
@@ -5,8 +5,8 @@
PROG= sshd
BINOWN= root
@ -11,14 +11,18 @@
CFLAGS+=-DHAVE_LOGIN_CAP
#CFLAGS+=-DBSD_AUTH
@@ -17,6 +17,7 @@
@@ -17,9 +17,10 @@
auth-skey.c auth-bsdauth.c
.include <bsd.own.mk> # for KERBEROS and AFS
+.include "../Makefile.inc"
.if (${KERBEROS5:L} == "yes")
CFLAGS+=-DKRB5 -I${DESTDIR}/usr/include/kerberosV
-CFLAGS+=-DKRB5 -I${DESTDIR}/usr/include/kerberosV
+CFLAGS+=-DKRB5 -I/usr/include/kerberosV
SRCS+= auth-krb5.c
LDADD+= -lkrb5 -lkafs -lasn1 -lcom_err
DPADD+= ${LIBKRB5} ${LIBKAFS} ${LIBASN1}
@@ -31,15 +32,15 @@
LDADD+= -lkafs
DPADD+= ${LIBKRBAFS}
@ -33,7 +37,7 @@
.include <bsd.prog.mk>
-LDADD+= -lcrypto -lutil -lz
-LDADD+= -lcrypto -lutil -lz -ldes
+LDADD+= ${CRYPTOLIBS} -lcrypt -lutil -lz
DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ}

View File

@ -1,24 +1,23 @@
--- sshd_config.orig Thu Sep 20 22:57:51 2001
+++ sshd_config Wed Oct 3 12:37:28 2001
@@ -25,8 +25,8 @@
--- sshd_config.orig Fri Mar 8 06:01:02 2002
+++ sshd_config Fri Mar 8 06:03:06 2002
@@ -30,8 +30,10 @@
# Authentication:
-LoginGraceTime 600
-PermitRootLogin yes
+LoginGraceTime 120
+PermitRootLogin no
StrictModes yes
-#LoginGraceTime 600
-#PermitRootLogin yes
+#LoginGraceTime 300
+LoginGraceTime 600
+#PermitRootLogin no
+PermitRootLogin yes
#StrictModes yes
RSAAuthentication yes
@@ -66,8 +66,9 @@
#PrintLastLog no
KeepAlive yes
#RSAAuthentication yes
@@ -76,6 +78,7 @@
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
+UseLogin yes
-#MaxStartups 10:30:60
+MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
#MaxStartups 10
# no default banner path

View File

@ -1,5 +1,5 @@
--- session.c.orig Sun Sep 16 16:46:54 2001
+++ session.c Wed Oct 3 12:50:00 2001
--- session.c.orig Fri Mar 8 06:11:56 2002
+++ session.c Fri Mar 8 06:15:32 2002
@@ -57,6 +57,12 @@
#include "canohost.h"
#include "session.h"
@ -13,7 +13,7 @@
/* types */
#define TTYSZ 64
@@ -392,6 +398,13 @@
@@ -394,6 +400,13 @@
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
@ -27,7 +27,7 @@
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
*/
@@ -497,6 +510,14 @@
@@ -499,6 +512,14 @@
/* Child. Reinitialize the log because the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
@ -42,7 +42,7 @@
/* Close the master side of the pseudo tty. */
close(ptyfd);
@@ -591,6 +612,11 @@
@@ -589,6 +610,11 @@
time_t last_login_time;
struct passwd * pw = s->pw;
pid_t pid = getpid();
@ -54,7 +54,7 @@
/*
* Get IP address of client. If the connection is not a socket, let
@@ -631,6 +657,21 @@
@@ -629,6 +655,21 @@
printf("Last login: %s from %s\r\n", time_string, hostname);
}
@ -76,7 +76,7 @@
do_motd();
}
@@ -857,6 +898,10 @@
@@ -775,6 +816,10 @@
env[0] = NULL;
if (!options.use_login) {
@ -87,7 +87,7 @@
/* Set basic environment. */
child_set_env(&env, &envsize, "USER", pw->pw_name);
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
@@ -864,6 +909,12 @@
@@ -782,6 +827,12 @@
#ifdef HAVE_LOGIN_CAP
(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
child_set_env(&env, &envsize, "PATH", getenv("PATH"));
@ -100,7 +100,7 @@
#else
child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
#endif
@@ -875,8 +926,13 @@
@@ -793,8 +844,13 @@
/* Normal systems set SHELL by default. */
child_set_env(&env, &envsize, "SHELL", shell);
}
@ -113,8 +113,8 @@
+#endif /* HAVE_LOGIN_CAP */
/* Set custom environment options from RSA authentication. */
while (custom_environment) {
@@ -968,7 +1024,7 @@
if (!options.use_login) {
@@ -1057,7 +1113,7 @@
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
*/
@ -122,12 +122,14 @@
+ for (i = 3; i < getdtablesize(); i++)
close(i);
/* Change current directory to the user\'s home directory. */
@@ -1004,6 +1060,28 @@
* in this order).
*/
if (!options.use_login) {
/*
@@ -1087,6 +1143,31 @@
exit(1);
#endif
}
+
+#ifdef __FreeBSD__
+ if (!options.use_login) {
+ /*
+ * If the password change time is set and has passed, give the
+ * user a password expiry notice and chance to change it.
@ -148,7 +150,8 @@
+ }
+ }
+ }
+ }
+#endif /* __FreeBSD__ */
/* ignore _PATH_SSH_USER_RC for subsystems */
if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
if (!options.use_login)
do_rc_files(s, shell);

View File

@ -1,11 +0,0 @@
--- channels.c.orig Wed Oct 10 17:18:47 2001
+++ channels.c Wed Mar 6 07:49:46 2002
@@ -145,7 +145,7 @@
{
Channel *c;
- if (id < 0 || id > channels_alloc) {
+ if (id < 0 || id >= channels_alloc) {
log("channel_lookup: %d: bad id", id);
return NULL;
}