1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-18 03:46:03 +00:00
Commit Graph

50 Commits

Author SHA1 Message Date
Dirk Meyer
0ebfc963fb - Extend patches in submakefiles, to build under 3.5 STABLE
PR:		28921
Submitted by:	aito@sets.ne.jp
2001-07-22 03:47:11 +00:00
Dirk Meyer
817e1df8d4 This adds two environment variables into environment of user: LANG & MM_CHARSET,
when used standard login via telnet or console

However when used openssh, then sshd does not setup LANG & MM_CHARSET into envir
onment for user in russian class

Code for this operation did not exists in openssh port !

PR:		21146
Submitted by:	odip@bionet.nsc.ru
2001-06-25 06:28:48 +00:00
Dirk Meyer
3934d71996 - Fix FreeBSD specific patch, exit now if change of password fails.
Forwarded by dwcjr

Submitted by:	Udo.Schweigert@cert.siemens.de
2001-06-10 20:01:52 +00:00
Dirk Meyer
66795bb241 - Switch to the user's uid before attempting to unlink the auth forwarding
file, nullifying the effects of a race.
- Bump PORTREVISION

Submitted by:	green@FreeBSD.org
2001-06-09 04:59:10 +00:00
Dirk Meyer
152bebfc5c - Update from OpenSSH 2.2.0 to OpenSSH 2.9
- Features:
  Possible use of sftp/sftp-server with older FreeBSD releases.
  Use a newer version independently from the Base system.
  Easier to test and fix possible security bugs.
- Bugs:
  build of pam_ssm.so isn't be supported any more
  Any file named "cookie" can be deleted by this and any older "sshd"
  with X11 Forwarding.
2001-06-08 08:03:26 +00:00
Kris Kennaway
06572d0f8f Add patch to prevent Bleichenbacher attack on SSH1 server. Bump
PORTREVISION.
2001-02-12 08:06:56 +00:00
Kris Kennaway
2ec13ccae9 Add patch to deal with possible remote root exploit found by
Michal Zalewski of the Bindview RAZOR Team, and some patches to hopefully
deal with compilation on older versions of FreeBSD.

Submitted by:	alfred
2001-02-09 22:37:50 +00:00
Brian Feldman
287b0cc0f0 Add the security fix for inability to actually deny ssh-agent or X11
forwarding requests.
2000-11-14 04:51:10 +00:00
Brian Feldman
c512ae8ac9 Update to OpenSSH 2.2.0. This is an end-of-life update for the
ports-based OpenSSH.  OpenSSH has been in the base system for more
than long enough to justify not having to maintain two separate
FreeBSD versions of OpenSSH.
2000-11-04 23:04:25 +00:00
Brian Feldman
562b1a452e Fix Kerberos 4 support.
Mostly submitted by:	Mark A Gebert <geeb@thugsrus.org>
2000-07-30 19:14:17 +00:00
Brian Feldman
64e68af6e2 Update to OpenSSH 2.1.1 and fix SSHv2 serving (passwd botch). 2000-06-27 21:30:39 +00:00
Brian Feldman
c58d074b48 Fix this for OpenSSL versions <= 0.9.4. It seems that the OpenSSH people
think that it's good to immediately switch to the newest API, despite
the old API call being left deliberately compatible so that that wouldn't
have to happen.   OpenSSL_add_all_algorithms() is now, again,
SSLeay_add_all_algorithms.
2000-05-20 05:09:04 +00:00
Brian Feldman
108d8c4e59 Using login and executing a specific "command" are mutually exclusive,
so turn off use_login if there's a command.

Submitted by:	Vadim Vygonets <vadik@cs.huji.ac.il>
2000-05-13 19:52:35 +00:00
Brian Feldman
1078626db3 Fix a mistake with pwcopy-related patches. 2000-05-13 19:25:57 +00:00
Brian Feldman
361c7337a3 Update to OpenSSH 2.1.0. They _FINALLY_ have distfiles, so now the CVS is
not needed for the port.

Big thanks to Issei-san for doing the majority of the work necessary for
this upgrade!

Submitted by:	Issei Suzuki <issei@jp.FreeBSD.org>
2000-05-13 17:11:01 +00:00
Brian Feldman
1083bcdc4f Upgrade to version 1.2.3 with a CVS of a few hours ago. New stuff in
this release is mostly the support for lots of ssh2.  Note that SSH2 is
not fully supported here yet, but it's mostly there; see README.openssh2.
2000-04-20 22:24:19 +00:00
Munechika SUMIKAWA
7fbdf514d9 update compatible libraries to -current. 2000-04-17 22:20:24 +00:00
Bill Fenner
b144d742c6 Fix socklen_t for FreeBSD 3.
PR:		ports/17491
2000-03-20 04:51:02 +00:00
Brian Feldman
672ba2f225 Update this to a CVS_DATE of a few minutes ago. 2000-03-03 06:10:10 +00:00
Yoshinobu Inoue
f24b58ff79 Woops fix my previous incorrect patch.
For green's honor, the patch I sent him for review was correct.
But because it is one line fix, I hand merged it into my
cvs committing environment, and then mistake happend.

This time, I applied correct fix which should have been aplied
at last commit.
2000-02-27 20:07:10 +00:00
Brian Feldman
50cae6391f Fix a coredump-y bug that crept in recently. 2000-02-25 05:35:33 +00:00
Brian Feldman
81d4a6cdbd Change install -C usage to install -c usage, fixing the install for older
install(1)s.

Submitted by:	Jim Archuleta <JimArchuleta@usa.net>
2000-02-23 11:30:04 +00:00
Yoshinobu Inoue
5b8db68630 Use 'IPv4or6' instead of AF_UNSPEC for 1st getaddrinfo() ai_family.
Without this fix, still query to AAAA recored happens even if
  -4 options is specified.

Reviewed by: green
2000-02-19 16:50:55 +00:00
Munechika SUMIKAWA
abcd350dae When IPv4-only client connected to a server which have IPv4 and IPv6
addresses, the client couldn't connect to the server via IPv4 because
the client gave up on first rresevport_af().
2000-02-15 13:09:45 +00:00
Brian Feldman
df4e9a1d72 Clean things up by using the new knob for OpenSSL usage.
Submitted by:	kris
2000-02-12 23:55:48 +00:00
Munechika SUMIKAWA
442343e099 Simplify IPv6 checking.
Suggested by:	green
2000-02-09 03:28:48 +00:00
Munechika SUMIKAWA
9df24a1938 - remove me from another MAINTAINER
- add 'ipv6' on CATEGORIES
- use ${OSVERSION} instead of ${USE_INET6} for checking getaddrinfo()
  existence.
- fix broken ${ECHO_MSG}
- avoid duplicate copying rcmd.c
2000-01-18 11:18:25 +00:00
Brian Feldman
dcd2c0fc89 Add the actual change of names in sockaddr_storage. This broke things
for people after what time my system was previously made.  Sorry.

Submitted by:	sumikawa
2000-01-14 07:07:18 +00:00
Brian Feldman
8d55d19095 Update to a more current OpenSSH, including...
IPv6 support!!

Thank you very much, Sumikawa san.

Submitted by:	Munechika SUMIKAWA <sumikawa@ebina.hitachi.co.jp>
2000-01-13 23:22:17 +00:00
Brian Feldman
f2bfcd0cca Upgrade to the pam_ssh module, version 1.1..
(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used.  XDM and its variants
should now work without modification.  Note that the new code uses
the macros in <sys/queue.h>.

Submitted by:	Andrew J. Korty <ajk@iu.edu>
1999-12-28 05:32:54 +00:00
Brian Feldman
ccf991de8f Update to today's OpenSSH.
The version is now 1.2.1, from 1.2.  You can mv your old distfiles/OpenSSH-1.2
dir to distfiles/OpenSSH-1.2.1, if you want to not waste time/space.

Some minor nits have been fixed, and a couple bugs.  One sizeof(len)
should have just been len, and, in markus's words,
"fix get_remote_port() and friends for sshd -i".
1999-12-23 06:37:30 +00:00
Brian Feldman
d64b6e2fd2 I've cleaned up ${CVS_DATE} usage a bit (keep spaces correctly), and
updated to today's snapshot of OpenSSH.

Various updates from the latest ${CVS_DATE}, and requisite patch
changes, are the "big new thing".  Nothing major has changed;  the
biggest ones would be using atomicio() in a lot of places and a
fix for a SIGHUP not updating sshd(8)'s configuration until the
next connection.
1999-12-08 04:06:38 +00:00
Brian Feldman
7db4f457f6 In the meantime (while things are being worked and decided on on the
OpenBSD OpenSSH front), add ConnectionsPerPeriod to prevent DoS via
running the system out of resources.  In reality, this wouldn't
be a full DoS, but would make a system slower, but this is a better
thing to do than let the system get loaded down.
   So here we are, rate-limiting.  The default settings are now:
Five connections are allowed to authenticate (and not be rejected) in
a period of ten seconds.
One minute is given for login grace time.
   More work in this area is being done by alfred@FreeBSD.org and
markus@OpenBSD.org, at the very least.  This is, essentially, a
stopgap solution;  however, it is a properly implemented and documented
one, and has an easily modifiable framework.
1999-12-06 06:32:22 +00:00
Brian Feldman
99f8fb2572 Reduce LoginGraceTime from 10 minutes (!!!) to 30 seconds. More to
come, soon.
1999-12-04 12:40:39 +00:00
Brian Feldman
c52ee5193f Add the PAM SSH RSA key authentication module. For example, you can add,
"login  auth    sufficient      pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)

PR:		15158
Submitted by:	Andrew J. Korty <ajk@waterspout.com>
Reviewed by:	obrien
1999-11-29 07:09:45 +00:00
Brian Feldman
8e53bbefee Update to a current CVS_DATE. The only real change I see is the (big)
change of KNFization being finalized :)

Patches had to be modified, but should look "better" according to
style(9), now.
1999-11-28 22:40:28 +00:00
Brian Feldman
cc029c1647 Change CFLAGS to get modified in Makefile.inc, fixing the
problem several people have reported with make.conf setting ${CFLAGS}.

Partially submitted by:	Jos Backus <Jos.Backus@nl.origin-it.com>
1999-11-28 21:40:58 +00:00
Brian Feldman
56a0d0c739 Also, set SSH_PROGRAM correctly. 1999-11-24 03:39:54 +00:00
Brian Feldman
f0ca59b2b5 Update the CVS_DATE. This brings in support for TIS authentication,
obsoleting a couple patches (it's the same code, though, except for
additions).

This also brings in KNFization of everything (please hold the cheering
down :) and made me reroll all my patches.

My patches have been almost entirely rewritten.  The places are the
same, but the code's rewritten.  It fits with the style (KNF) now,
and looks better.

I've also added strlcat.c to the build, which, just like strlcpy.c, is
necessary for compatibility with older libcs.  After strlcat() snuck
into the OpenSSH code recently, this would prevent OpenSSH from
building on (e.g.) FreeBSD 3.2.  Adding it to ssh/lib/ makes it work
yet again :)
1999-11-24 03:36:23 +00:00
Brian Feldman
7b3d367711 Update to the latest CVS_DATE, obsoleting patches patch-a[yz].
Add "ignorelogin" login.conf functionality to sshd.

The biggest change: new port functionality.  Making "fetchsrctarball"
will soon work for those of you who cannot use CVS to get OpenSSH.
Mark Murray, the savior he is :), will use "make makesrctarball" and
put the snapshots of OpenSSH source in the proper place.

The current ${MASTER_SITES} is just a guess at where the snapshot
files could be hosted; something definite should be worked out very
soon.
1999-11-21 16:42:44 +00:00
Brian Feldman
5ef3dcc5cb Give OpenSSH TIS client-side authentication.
Submitted by:	peter
1999-11-20 06:59:57 +00:00
Brian Feldman
7382aa363a Change around sshd.sh for the last time. 1999-11-20 03:42:05 +00:00
Brian Feldman
6ddc61a499 Make the second CVS site work for real.
Move sshd.sh to files and ${INSTALL_SCRIPT}/${PERL} -pi it.

Clean up the Makefile's style a bit (MNF anyone? :)

Add WWW: to pkg/DESCR.

Change MASTER_SITES back to CVS_SITES to avoid problems with
MASTER_SITE_OVERRIDE.

Parts submitted by:	Christian Weisgerber <naddy@mips.rhein-neckar.de>, Robert Muir <rmuir@gibralter.net>
1999-11-18 01:46:43 +00:00
Brian Feldman
fd06b5f819 Thanks to those who replied! The include (ssl versus openssl) transform
is now done in post-patch.

Submitted by:	Anton Berezin <tobez@plab.ku.dk>, Christian Weisgerber <naddy@unix-ag.uni-kl.de>
1999-11-17 17:19:28 +00:00
Brian Feldman
cd2a8b0406 Prompted by Kris Kennaway <kris@FreeBSD.org>
Update to to the current time for OpenSSH.  The notable commit given to me
for this new date is:

(provos@cvs.openbsd.org)

        usr.bin/ssh    : hostfile.c

in known_hosts key lookup the entry for the bits does not need to match, all
the information is contained in n and e.  This solves the problem with buggy
servers announcing the wrong modulus length.  markus and me.
1999-11-17 00:56:07 +00:00
Brian Feldman
db6ff5ab61 Enable TCP wrapper support (conditionalized to turn off if tcpd.h is
nonexistant).  Also, add the Makefile hooks for AFS, Kerberos, and S/Key.
1999-11-15 06:18:46 +00:00
Brian Feldman
828e1fc6be Add support for setting login.conf class things including rlimits, priority,
and umask.  Also support /var/run/nologin, copyright, and support motd
correctly.  The PR was used as a base, thanks!

PR:	14859
Submitted by:	Dan Harnett <danh@wzrd.com>
1999-11-13 23:37:58 +00:00
Brian Feldman
ac3b838e7f Quite a bit of change to OpenSSH made:
Add "/usr/local/bin" to _PATH_STDPATH (makes scp work inbound, for instance.)
Fetch OpenSSH from OpenBSD's src tree.  This uses a script and ftp(1).
Add strlcpy.c to ssh/lib, so this port should build on 3.X now.
Make TCP_WRAPPERS conditional on /usr/include/tcpd.h like the PR, so it
 should build on older RELEASEs without TCP Wrappers.

The PR is still open because I am taking more from it.

PR:		ports/14653
1999-11-11 14:33:23 +00:00
Brian Feldman
2122dd8811 Make some various cleanups. Note that I did not add RESTRICTED since this is
in no way cryptographically encumbered code.  The fact that it's
redistributed by me from freefall is completely coincidental.

Submitted by:	obrien, Christian Weisgerber <naddy@unix-ag.uni-kl.de>
1999-11-09 12:43:45 +00:00
Brian Feldman
406efcfe3b Say hello to OpenSSH! It's more secure, has a better license, and
is actively maintained by members of the OpenBSD project.
1999-11-08 06:20:54 +00:00