1) pw->pw_class was always zero since not copied
2) login_getuserclass() used instead of login_getclass(), so
default class always returned
3) env pointer can be redefined at the moment of setusercontext() call
regenerated them to fix the line numbers. Also, I added two commented out
options in Makefile, one to tell sshd that a group writeable homedir
is OK because all users are in their own group, and the other is to allow
an unencrypted connection (which is dangerous since it can lead to
compromise of keys), but on a secure network it's damn useful for backups
etc.
ignores it's argument (it's meaningless, the kernel keeps the state), but
2.1.x use it. ssh was effectively giving a random port to 2.1.
Originally noticed by: John Polstra <jdp@polstra.com>
reporting bug which happens if the remote end uses tcp_wrappers to control
sshd access (it says something like "read: no such file or directory" or
"read: permission denied" instead of "connection closed"). I already sent it
in to the ssh mailing list.
Submitted by: fenner
all the COMMENTs! No package names, no version numbers, no "this is
absolutix-3.1.2" type comments that have zero information contents.
Now, without any bad examples to follow, nobody has an excuse to import
a port with those kind of comments. :)
Phew! 238 ports modified!
- protect the secret RSA etc/ssh_host_key. It is now generated on install
(either by pkg_add or make install) if not already present and is not
ever added to a package since it's your host's credentials. It should
not be removed on pkg_delete, since you are in big trouble if you did
this (for example) pkg_delete ssh-1.2.14; pkg_add ssh-1.2.15.tgz.
- fix the broken manpage symlink when compressing man pages (slogin.1
has been causing /etc/weekly to generate cron messages)
- zlib 1.0.4 is now "blessed" again, the ssh working sources now use this
instead of v0.95. The decompression problem was fixed in either 1.0.3
or 1.0.4. Also, the current version of cvs uses zlib 1.0.4 as well..
- perl5.002 -> perl5.003
Reviewed by: torstenb
ssh for transport. FreeBSD does not have the implementation bugs that some
other systems appear to have, this option only hurts us.
Reviewed by: torstenb
People, if you do a "make makesum" on a non-US machine, don't forget
to add this line back before commiting it:
MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d
ssh-askpass no longer uses wish, so chop the make rules that attempt to
locate it.
Go further to try and protect the ssh_host_key, since it's critical to
the operation and security of the machine.