1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-10-29 21:39:24 +00:00
Commit Graph

81 Commits

Author SHA1 Message Date
Kris Kennaway
b2e36fd5b7 Bump PORTREVISION due to security fix. 2001-02-09 22:45:16 +00:00
Kris Kennaway
2ec13ccae9 Add patch to deal with possible remote root exploit found by
Michal Zalewski of the Bindview RAZOR Team, and some patches to hopefully
deal with compilation on older versions of FreeBSD.

Submitted by:	alfred
2001-02-09 22:37:50 +00:00
Kris Kennaway
41d5ec3b8e Mark FORBIDDEN: several problems including possible remote root
compromise. OpenSSH 2.3.0 included in 4.2-STABLE is not vulnerable.
2001-02-09 04:58:24 +00:00
Brian Feldman
287b0cc0f0 Add the security fix for inability to actually deny ssh-agent or X11
forwarding requests.
2000-11-14 04:51:10 +00:00
Brian Feldman
c512ae8ac9 Update to OpenSSH 2.2.0. This is an end-of-life update for the
ports-based OpenSSH.  OpenSSH has been in the base system for more
than long enough to justify not having to maintain two separate
FreeBSD versions of OpenSSH.
2000-11-04 23:04:25 +00:00
Satoshi Asami
7acef1cd7a Change PKGDIR from pkg/ to . Also fix places where ${PKGDIR} is
spelled out (many of which are ${PKGDIR}/MESSAGE -> ${PKGMESSAGE} type
fixes that shouldn't have been necessary) and the string "/pkg/"
appear.
2000-10-08 10:23:48 +00:00
Kris Kennaway
e088a4f458 Update all ports using OpenSSL and RSA to work without rsaref since
it is no longer required. Apologies to the various maintainers whom I
did not yet hear back from, but the ports freeze is coming up in a few
hours and I will be verifying all of these ports on a 4.1 machine
myself to catch any problems.
2000-09-22 01:59:06 +00:00
Brian Feldman
562b1a452e Fix Kerberos 4 support.
Mostly submitted by:	Mark A Gebert <geeb@thugsrus.org>
2000-07-30 19:14:17 +00:00
Brian Feldman
64e68af6e2 Update to OpenSSH 2.1.1 and fix SSHv2 serving (passwd botch). 2000-06-27 21:30:39 +00:00
Will Andrews
1dbf0287c0 Remove redundant/inappropriate CATEGORIES. People need to start reading
the Porter's Handbook.  :-)
2000-06-02 03:18:54 +00:00
Brian Feldman
fb5ef7a539 Also generate the DSA key from a package install.
Submitted by:	Dmitry Grigorovich <odip@bionet.nsc.ru>
2000-05-30 20:43:29 +00:00
Brian Feldman
c58d074b48 Fix this for OpenSSL versions <= 0.9.4. It seems that the OpenSSH people
think that it's good to immediately switch to the newest API, despite
the old API call being left deliberately compatible so that that wouldn't
have to happen.   OpenSSL_add_all_algorithms() is now, again,
SSLeay_add_all_algorithms.
2000-05-20 05:09:04 +00:00
Brian Feldman
108d8c4e59 Using login and executing a specific "command" are mutually exclusive,
so turn off use_login if there's a command.

Submitted by:	Vadim Vygonets <vadik@cs.huji.ac.il>
2000-05-13 19:52:35 +00:00
Brian Feldman
d14f2efe51 Oops, put the I back in INSTALL_SCRIPT. 2000-05-13 19:50:57 +00:00
Brian Feldman
1078626db3 Fix a mistake with pwcopy-related patches. 2000-05-13 19:25:57 +00:00
Brian Feldman
361c7337a3 Update to OpenSSH 2.1.0. They _FINALLY_ have distfiles, so now the CVS is
not needed for the port.

Big thanks to Issei-san for doing the majority of the work necessary for
this upgrade!

Submitted by:	Issei Suzuki <issei@jp.FreeBSD.org>
2000-05-13 17:11:01 +00:00
Brian Feldman
1083bcdc4f Upgrade to version 1.2.3 with a CVS of a few hours ago. New stuff in
this release is mostly the support for lots of ssh2.  Note that SSH2 is
not fully supported here yet, but it's mostly there; see README.openssh2.
2000-04-20 22:24:19 +00:00
Munechika SUMIKAWA
7fbdf514d9 update compatible libraries to -current. 2000-04-17 22:20:24 +00:00
Chris Piazza
3df86a88a9 Update with the new PORTNAME/PORTVERSION variables 2000-04-09 18:34:06 +00:00
Bill Fenner
b144d742c6 Fix socklen_t for FreeBSD 3.
PR:		ports/17491
2000-03-20 04:51:02 +00:00
Brian Feldman
672ba2f225 Update this to a CVS_DATE of a few minutes ago. 2000-03-03 06:10:10 +00:00
Brian Somers
b29a09511f Allow manual PORTS_CVS_SERVER and CVS_SITES settings.
Approved by:	maintainer
2000-03-02 06:43:18 +00:00
Yoshinobu Inoue
f24b58ff79 Woops fix my previous incorrect patch.
For green's honor, the patch I sent him for review was correct.
But because it is one line fix, I hand merged it into my
cvs committing environment, and then mistake happend.

This time, I applied correct fix which should have been aplied
at last commit.
2000-02-27 20:07:10 +00:00
Brian Feldman
50cae6391f Fix a coredump-y bug that crept in recently. 2000-02-25 05:35:33 +00:00
Brian Feldman
81d4a6cdbd Change install -C usage to install -c usage, fixing the install for older
install(1)s.

Submitted by:	Jim Archuleta <JimArchuleta@usa.net>
2000-02-23 11:30:04 +00:00
Yoshinobu Inoue
5b8db68630 Use 'IPv4or6' instead of AF_UNSPEC for 1st getaddrinfo() ai_family.
Without this fix, still query to AAAA recored happens even if
  -4 options is specified.

Reviewed by: green
2000-02-19 16:50:55 +00:00
Brian Feldman
ca2a43f884 Change a MAKE_ENV= to MAKE_ENV+=. This may fix problems people on
-STABLE are reporting.
2000-02-16 04:52:59 +00:00
Munechika SUMIKAWA
abcd350dae When IPv4-only client connected to a server which have IPv4 and IPv6
addresses, the client couldn't connect to the server via IPv4 because
the client gave up on first rresevport_af().
2000-02-15 13:09:45 +00:00
Brian Feldman
df4e9a1d72 Clean things up by using the new knob for OpenSSL usage.
Submitted by:	kris
2000-02-12 23:55:48 +00:00
Brian Feldman
145cf70f67 Tell the user that they're doing something wrong when USA_RESIDENT is
not set.
2000-02-10 12:23:49 +00:00
Munechika SUMIKAWA
442343e099 Simplify IPv6 checking.
Suggested by:	green
2000-02-09 03:28:48 +00:00
Munechika SUMIKAWA
ff51f86e8c the condition for USE_INET6 setting was opposite. 2000-02-01 17:04:02 +00:00
Brian Feldman
168595c023 Fix a "USET" -> "USE" again. IPv6 should work for this port. Again.
Go to a much more convenient scheme for distfiles/ignorefiles.  There
will be a lot less change from now on... the release name not being
embedded in them helps a lot.

Fix an unquoted "${CVS_DATE}" so cvs update isn't always run when
we're in one of the first 9 days of a month in CVS_DATE.

Update to OpenSSH-1.2.2, which doesn't really mean anything since there
are no source releases anyway...

The port has been verified to work with pdksh 5.2.14 as /bin/sh, and
about 7 times faster.
2000-02-01 08:12:06 +00:00
Brian Feldman
d9da1a8a4c Take off RESTRICTED, since this has been a proper package for some
time now, and is not a legal problem (see Bruce Schneier's latest
Crypto-Gram).  Basically, since it's unencumbered, it is alright.
2000-01-27 21:19:20 +00:00
Satoshi Asami
c34477283d List CVS files in IGNOREFILES so they will be properly deleted by "distclean".
Approved by:	green (well, I thought he was going to *do* it, but anyway....)
2000-01-26 11:34:28 +00:00
Munechika SUMIKAWA
857a522865 Use ${OSVERSION} instead of ${USE_INET6}. 2000-01-25 22:12:09 +00:00
Brian Feldman
47be594a53 Fix IPv6 support: change a typo "USET_IPV6" to "USE_IPV6". 2000-01-19 02:53:21 +00:00
Munechika SUMIKAWA
9df24a1938 - remove me from another MAINTAINER
- add 'ipv6' on CATEGORIES
- use ${OSVERSION} instead of ${USE_INET6} for checking getaddrinfo()
  existence.
- fix broken ${ECHO_MSG}
- avoid duplicate copying rcmd.c
2000-01-18 11:18:25 +00:00
Brian Feldman
28632e4637 Add sumikawa@FreeBSD.org as another MAINTAINER. Hopefully, this will
reduce my workload, and maybe there'll now be someone who remembers
to notify markm when updating CVS_DATE ;)
2000-01-15 23:17:13 +00:00
Brian Feldman
dcd2c0fc89 Add the actual change of names in sockaddr_storage. This broke things
for people after what time my system was previously made.  Sorry.

Submitted by:	sumikawa
2000-01-14 07:07:18 +00:00
Brian Feldman
8d55d19095 Update to a more current OpenSSH, including...
IPv6 support!!

Thank you very much, Sumikawa san.

Submitted by:	Munechika SUMIKAWA <sumikawa@ebina.hitachi.co.jp>
2000-01-13 23:22:17 +00:00
Satoshi Asami
2ca1fe047a Don't include bsd.port.pre.mk twice. This usually is caused by first
including bsd.port.pre.mk and then later including bsd.port.mk (the
latter of which of course should be bsd.port.post.mk).
2000-01-07 16:40:17 +00:00
Brian Feldman
f2bfcd0cca Upgrade to the pam_ssh module, version 1.1..
(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used.  XDM and its variants
should now work without modification.  Note that the new code uses
the macros in <sys/queue.h>.

Submitted by:	Andrew J. Korty <ajk@iu.edu>
1999-12-28 05:32:54 +00:00
Brian Feldman
ccf991de8f Update to today's OpenSSH.
The version is now 1.2.1, from 1.2.  You can mv your old distfiles/OpenSSH-1.2
dir to distfiles/OpenSSH-1.2.1, if you want to not waste time/space.

Some minor nits have been fixed, and a couple bugs.  One sizeof(len)
should have just been len, and, in markus's words,
"fix get_remote_port() and friends for sshd -i".
1999-12-23 06:37:30 +00:00
Brian Feldman
d64b6e2fd2 I've cleaned up ${CVS_DATE} usage a bit (keep spaces correctly), and
updated to today's snapshot of OpenSSH.

Various updates from the latest ${CVS_DATE}, and requisite patch
changes, are the "big new thing".  Nothing major has changed;  the
biggest ones would be using atomicio() in a lot of places and a
fix for a SIGHUP not updating sshd(8)'s configuration until the
next connection.
1999-12-08 04:06:38 +00:00
Brian Feldman
7db4f457f6 In the meantime (while things are being worked and decided on on the
OpenBSD OpenSSH front), add ConnectionsPerPeriod to prevent DoS via
running the system out of resources.  In reality, this wouldn't
be a full DoS, but would make a system slower, but this is a better
thing to do than let the system get loaded down.
   So here we are, rate-limiting.  The default settings are now:
Five connections are allowed to authenticate (and not be rejected) in
a period of ten seconds.
One minute is given for login grace time.
   More work in this area is being done by alfred@FreeBSD.org and
markus@OpenBSD.org, at the very least.  This is, essentially, a
stopgap solution;  however, it is a properly implemented and documented
one, and has an easily modifiable framework.
1999-12-06 06:32:22 +00:00
Brian Feldman
c249079362 Under advisories, put RESTRICTED back. It more accurately reflects
reality, though.  One file, cipher.c, calls cryptographic routines
from external libraries.  This really cannot encumber OpenSSH in
any case, but I put RESTRICTED back since it would give people a
false hope of being able to install the OpenSSH package but
not the requisite, RESTRICTED (so nonexistant) openssl package.
1999-12-06 06:26:17 +00:00
Brian Feldman
1394b1ef56 Good-bye, RESTRICTED.
Reasons:
1. It's not crypto.
2. It links with crypto.
	a. That crypto is in the public domain.
	b. Linking with crypto does not constitute cryptography.
3. Even if it were crypto, the description of the entire protocol, etc.,
   is in the public domain.  The RFC is PD in the USA, and the white paper
   in Europe.
4. Precedence?  Even if it were crypto, the Bernstein case has set
   precedence for allowing export of that.  But it's not even crypto.
1999-12-06 04:49:22 +00:00
Brian Feldman
99f8fb2572 Reduce LoginGraceTime from 10 minutes (!!!) to 30 seconds. More to
come, soon.
1999-12-04 12:40:39 +00:00
Brian Feldman
c52ee5193f Add the PAM SSH RSA key authentication module. For example, you can add,
"login  auth    sufficient      pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)

PR:		15158
Submitted by:	Andrew J. Korty <ajk@waterspout.com>
Reviewed by:	obrien
1999-11-29 07:09:45 +00:00