1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-24 04:33:24 +00:00
Commit Graph

58 Commits

Author SHA1 Message Date
Kris Kennaway
ccd8c2a771 Sigh, the patch released by ssh.com was wrong (kill() had the arguments
in the wrong order). Fix this, and bump PORTREVISION again. The window
was only a few minutes, but this won't disrupt things, and someone may
have updated in that window given the prominence of the problem.

Obtained from:	Matt Power <mhpower@BOS.BINDVIEW.COM> via Bugtraq
2001-02-09 23:06:50 +00:00
Kris Kennaway
d6bcba7837 Commit fixes for the two recent security problems found by BINDVIEW
and Core-SDI, and bump PORTREVISION.
2001-02-09 22:56:39 +00:00
Kris Kennaway
1d852620cb Remove dependency on rsaref, comment out RESTRICTED line (but leave it
there for reference in case we replace these with a CRYPTO variable), and
bump PORTREVISION.
2000-09-17 08:45:12 +00:00
Kris Kennaway
db4a1e6d2d Don't make sshd listen on two ports by default (!) - this "feature" was
silently added on 2000/01/14 as part of the IPv6 support. The default sshd
config had sshd listening both on port 22 and port 722 (this was apparently
intended to facilitate traffic-shaping in that different queueing priorities
could be assigned to ssh sessions on the two ports).

Combine two patches into one.

Submitted by:	peter
2000-04-21 06:35:12 +00:00
Kris Kennaway
36e2fdf71b Unbreak Kerberos5 support. 2000-04-21 06:21:46 +00:00
Kris Kennaway
5cbe0e5066 Convert patch to unidiff; no functional changes. 2000-04-21 06:18:48 +00:00
Will Andrews
810b23015a Add better sshd startup scripts; specifically, allow restarting and
stopping the server.

Martti's submission did not include -h, which I added because if I had
added the scripts the way he submitted them, the server wouldn't be
started on startup.

PR:		10196
Submitted by:	Martti Kuparinen <martti.kuparinen@ericsson.com>
Reviewed by:	kris (partially)
No response:	maintainers (PR opened February 22, 1999)
2000-04-05 22:21:44 +00:00
Munechika SUMIKAWA
b734a81d1c - re-enable TCP_NODELAY
Submitted by:	Arjan.deVet@adv.iae.nl (Arjan de Vet)

- do not exit in failure to connect using IPv6 and try to IPv4
  when connecting to dualstack hosts.

Approved by:	torstenb
2000-02-24 14:11:58 +00:00
Munechika SUMIKAWA
6e0bfd0c33 Make IPv6-enable ssh works on socks environment.
Submitted by:	Masahide -mac- NODA <mac@clave.gr.jp>
Reviewed by:	shin, Robert Muir <rmuir@looksharp.net>
		Toshihiko Kodama <kodama@ayame.mfd.cs.fujitsu.co.jp>
Approved by:	torstenb
2000-02-24 08:27:36 +00:00
Munechika SUMIKAWA
7b2ffcdb39 Make buildable on IPv4-only kernel.
Specified by:	ache
Reviewed by:	torstenb
2000-02-20 17:30:54 +00:00
Torsten Blum
62e8b86072 Checfor OSVERSION _or_ USE_INET6 when deciding if IPv6 support should
be added. This is done to support the build on pre 4.0 machines with
the KAME IPv6 stack installed. It has been verified to build+work
with both 4.0 and 3.4+kame.

Org. patch Submitted By: Munechika SUMIKAWA <sumikawa@ebina.hitachi.co.jp>
2000-02-12 19:27:40 +00:00
Torsten Blum
eb66565459 Add IPv6 support to ssh.
The IPv6 patch was obtained from the kame repository and has been
been writen by KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>

Due to the whole mess with different patches it was necessary to include
both the IPv6 patch and patch-ssh-1.2.27-bsd.tty.chown in ${PATCHDIR}.
Since both patches modify the configure script it was also necessary
to rebuild it via autoconf from configure.in. I've decided to use
USE_AUTOCONF instead of including the re-build configure script in
${FILESDIR}

Obtained from:	KAME/WIDE
2000-01-14 19:37:39 +00:00
Warner Losh
ab96a24696 Default to not allowing root logins. This makes it consistant with
OpenSSH.  Users desiring the old functionality can edit their
sshd-config files by hand for new installs.
1999-11-20 19:54:31 +00:00
Warner Losh
272f7058db Don't overflow rsa bits. As seen on bugtraq and elsewhere.
Submitted by: drow@false.org
Reviewed by: ache
PR: 14749
1999-11-16 07:21:36 +00:00
Torsten Blum
4bc02dcc5e Turn Root Login on again.
It has been changed in rev. 1.4 of this file, but the committer forgot to
mention it on the log.
1999-09-10 21:01:55 +00:00
Brian Somers
2170922420 Only use trimdomain() if __FreeBSD_version > 320000
It was available in 3.0 & 3.1 but would truncate at UT_HOSTSIZE-1
1999-06-18 11:37:30 +00:00
SADA Kenji
48500b76a6 PR: ports/12037
Submitted by:	Issei Suzuki <issei@jp.FreeBSD.ORG>
Upgrade to 1.2.27.
# I'm not maintainer but it seems that torstenb is too busy to
# look the PR and many people want new version ssh port.
1999-06-15 20:14:04 +00:00
Brian Somers
ec05f7b3ba Always use trimdomain(), not just #if __FreeBSD_version >= 400004
The port maintainer must be away....
1999-05-07 15:41:49 +00:00
Brian Somers
efca57d6d3 Reduce the copy of the DISPLAY variable using
trimdomain() so that ``ssh machine.domain xterm''
comes out with a machine name of (say) ``machine:10.0''.
Reviewed by: torstenb@
1999-04-11 09:10:34 +00:00
Brian Somers
f58bba4d52 Call trimdomain() to reduce the size of the ut_host
field before reveting to storing an IP number.
Reviewed by: torstenb@
1999-04-11 09:08:31 +00:00
Andrey A. Chernov
f5f3107e73 add official kerberos patch 1998-11-10 13:20:21 +00:00
Jordan K. Hubbard
564a72f782 Properly reference the rsaref sources, which are required during the build
of ssh now.  If anyone knows of a way of making the build dependency here
less gross, I'm listening! :)
1998-10-08 03:42:23 +00:00
Chuck Robey
62728f8f6f Repair a linkage problem, whereis the ssh port was trying to
specify the location of system libs.
Reviewed by:	Mark Murray, David O'Brien
1998-09-13 20:38:06 +00:00
Dima Ruban
64e630d83b 1.2.22 -> 1.2.25
Somebody needs to go through patch-af to check it, since I'm not sure
about some of the stuff.

This version fixes a security flaw in previous version.
1998-06-12 07:55:14 +00:00
Andrey A. Chernov
810624b0c8 Fix rare DES empty passwords bug 1998-02-13 22:02:39 +00:00
Andrey A. Chernov
07199742b4 Don't print "No mail" for FreeBSD , just print nothing 1998-01-22 13:37:55 +00:00
Andrey A. Chernov
8cff771ce2 Fix .hushlogin support
Remove FreeBSD mail check, now done elsewhere in the code
Use bsdi code to warn about expired/changed passwords
Move misplaced login_close up
1998-01-22 12:04:15 +00:00
Warner Losh
935e28b3a2 Upgrade to ssh 1.2.22. Please send problems with the upgrade to me.
1.2.22 fixes a security hole with ssh-agent, so users are encouraged
to upgrade.

OK'd by: Torsten Blum (torstenb@freebsd.org)
1998-01-20 23:50:15 +00:00
Warner Losh
957ddb3bd6 Merge in change requested by theo:
OpenBSD and FreeBSD now both use rresvport.  This is a nop for
	FreeBSD, but for OpenBSD this picks random port numbers.
Submitted by:	deraadt@cvs.openbsd.org
1997-12-24 18:48:46 +00:00
Torsten Blum
c2119976db Upgrade to 1.2.21 1997-09-16 00:13:25 +00:00
John Polstra
4b40e7aa2b Prevent this server error message:
fatal: Local: Agent socket bind failed: Address already in use

It would happen when the server tried to create the Unix domain
socket "/tmp/ssh-username/agent-socket-123", if the file already
existed.  It could already exist if it happened to be left over from
a system crash.  This patch unlinks the file before attempting the
bind operation.

I will send this patch to ssh-bugs@cs.hut.fi too.
1997-07-19 19:28:35 +00:00
Andrey A. Chernov
e8c4d489b5 Handle expired and changed password timeouts now 1997-06-11 11:09:00 +00:00
David Nugent
9c41c4452d login_getclass() -> login_getpwclass(). 1997-05-10 19:03:09 +00:00
Andrey A. Chernov
e2101afed1 Fix 3 error with login.conf
1) pw->pw_class was always zero since not copied
2) login_getuserclass() used instead of login_getclass(), so
default class always returned
3) env pointer can be redefined at the moment of setusercontext() call
1997-05-02 20:20:49 +00:00
Peter Wemm
25c2756dd9 Update from ssh-1.2.19 to ssh-1.2.20. All patches applied still, I just
regenerated them to fix the line numbers.  Also, I added two commented out
options in Makefile, one to tell sshd that a group writeable homedir
is OK because all users are in their own group, and the other is to allow
an unencrypted connection (which is dangerous since it can lead to
compromise of keys), but on a secure network it's damn useful for backups
etc.
1997-04-25 05:01:06 +00:00
Andrey A. Chernov
62128c83d1 Disable extended LOGIN_CAP $MAIL processing until it will be fixed
properly. In old variant /var/mail/root was always checked instead of
/var/mail/<user>
1997-04-16 21:07:36 +00:00
Andrey A. Chernov
29fe1065ad Upgrade to 1.2.19 1997-04-16 19:48:30 +00:00
Andrey A. Chernov
f742a35be3 Fix argument parsing loop in ssh-agent (original 1.2.18 bug) 1997-04-01 04:17:21 +00:00
Andrey A. Chernov
797920ff49 Upgrade to 1.2.18 1997-03-28 23:30:39 +00:00
Andrey A. Chernov
96a7483d0d Add LOGIN_CAP abilities
Submitted by: davidn
1997-02-27 00:44:35 +00:00
Peter Wemm
67faab29d6 Make one of our changes for -current work on 2.1. In -current, rresvport()
ignores it's argument (it's meaningless, the kernel keeps the state), but
2.1.x use it.  ssh was effectively giving a random port to 2.1.

Originally noticed by: John Polstra <jdp@polstra.com>
1996-12-27 08:42:41 +00:00
Adam David
80926da9e8 1.2.16 --> 1.2.17
(new agent forwarding protocol that is said to work this time)
1996-11-20 12:45:59 +00:00
Andrey A. Chernov
d67a4ad9e9 Remove my ptys patch, because this code is unused, openpty is used instead
Mimic login more closely now:
1) Put usual Copyright line
2) You have mail
1996-11-12 01:47:39 +00:00
Andrey A. Chernov
a13d148e44 Use BSD naming convention for pty names, it fixes two problems:
1) Too many false open syscalls on pty allocation
2) (more serious) ssh not use about half of available ptys
1996-11-12 00:13:38 +00:00
Andrey A. Chernov
4a2478071f Change syslog facility from DAEMON to AUTH 1996-11-02 00:18:49 +00:00
Andrey A. Chernov
d6d04d104d Use system shared libgmp now 1996-10-24 23:46:15 +00:00
Andrey A. Chernov
3c3ae1773e It fixes a really annoying error
reporting bug which happens if the remote end uses tcp_wrappers to control
sshd access (it says something like "read: no such file or directory" or
"read: permission denied" instead of "connection closed").  I already sent it
in to the ssh mailing list.
Submitted by: fenner
1996-10-17 23:00:41 +00:00
Andrey A. Chernov
dfd4904911 Upgrade to official 1.2.16
Fix PLIST
1996-10-16 04:56:12 +00:00
Peter Wemm
4f8ec254e4 Have ssh use rresvport() to get a privileged socket instead of doing it
itself.  This means it obeys the portrange sysctl's.
1996-08-12 14:17:53 +00:00
Torsten Blum
e1b1692d10 Back out andrews change - 1.2.14.1 is not an official ssh release. 1996-07-18 11:33:47 +00:00