aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorDima Ruban <dima@FreeBSD.org>1998-06-12 07:55:14 +0000
committerDima Ruban <dima@FreeBSD.org>1998-06-12 07:55:14 +0000
commit64e630d83b270be14e7925de47e1c6983b6d8028 (patch)
tree1423c8c8b67a2d4659015c4c3b52bceccc4b930b /security
parent6c276731a82cbcab7a3b3dbb09862c0fb7ba8b97 (diff)
downloadports-64e630d83b270be14e7925de47e1c6983b6d8028.tar.gz
ports-64e630d83b270be14e7925de47e1c6983b6d8028.zip
1.2.22 -> 1.2.25
Somebody needs to go through patch-af to check it, since I'm not sure about some of the stuff. This version fixes a security flaw in previous version.
Notes
Notes: svn path=/head/; revision=11400
Diffstat (limited to 'security')
-rw-r--r--security/ssh/Makefile30
-rw-r--r--security/ssh/distinfo2
-rw-r--r--security/ssh/files/patch-ac62
-rw-r--r--security/ssh/files/patch-af502
-rw-r--r--security/ssh/pkg-plist16
-rw-r--r--security/ssh2/Makefile30
-rw-r--r--security/ssh2/distinfo2
-rw-r--r--security/ssh2/files/patch-ac62
-rw-r--r--security/ssh2/files/patch-af502
-rw-r--r--security/ssh2/pkg-plist16
10 files changed, 352 insertions, 872 deletions
diff --git a/security/ssh/Makefile b/security/ssh/Makefile
index a0944bedf576..0376792c88d3 100644
--- a/security/ssh/Makefile
+++ b/security/ssh/Makefile
@@ -1,15 +1,15 @@
# New ports collection makefile for: ssh
-# Version required: 1.2.22
+# Version required: 1.2.25
# Date created: 30 Jul 1995
# Whom: torstenb@FreeBSD.ORG
#
-# $Id: Makefile,v 1.53 1998/05/22 06:05:43 mph Exp $
+# $Id: Makefile,v 1.54 1998/05/23 08:53:38 obrien Exp $
#
# Maximal ssh package requires YES values for
# USE_PERL, USE_TCPWRAP
#
-DISTNAME= ssh-1.2.22
+DISTNAME= ssh-1.2.25
CATEGORIES= security net
MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/login/ssh/
@@ -32,10 +32,11 @@ MASTER_SITES= \
# Download by hand from http://www.cryptography.org/cgi-bin/crypto.cgi/ssh/
# and put in distfiles directory.
#
-.if defined(FAST_DES_PATCHKIT) && ${FAST_DES_PATCHKIT} == YES
-PATCHFILES=ssh-1.2.22-patchkit
-PATCH_DIST_STRIP=-p1
-.endif
+# Disabled for now, since there's not such a patchkit for 1.2.25 version.
+#.if defined(FAST_DES_PATCHKIT) && ${FAST_DES_PATCHKIT} == YES
+#PATCHFILES=ssh-1.2.22-patchkit
+#PATCH_DIST_STRIP=-p1
+#.endif
RESTRICTED= "Crypto; export-controlled"
IS_INTERACTIVE= YES
@@ -70,9 +71,9 @@ CONFIGURE_ARGS+= --with-secureid
CONFIGURE_ARGS+= --without-idea
.endif
-MAN1= scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 \
- make-ssh-known-hosts.1
-MAN8= sshd.8
+MAN1= scp1.1 ssh-add1.1 ssh-agent1.1 ssh-keygen1.1 ssh1.1 \
+ make-ssh-known-hosts1.1
+MAN8= sshd1.8
pre-patch:
@@ -103,8 +104,17 @@ post-install:
${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \
fi
.if !defined(NOMANCOMPRESS)
+ for file in make-ssh-known-hosts scp ssh-add ssh-agent \
+ ssh-keygen ssh; do \
+ rm -f ${PREFIX}/man/man1/$${file}.1; \
+ ln -sf $${file}1.1.gz ${PREFIX}/man/man1/$${file}.1.gz; \
+ done
rm -f ${PREFIX}/man/man1/slogin.1
+ rm -f ${PREFIX}/man/man1/slogin1.1
+ rm -f ${PREFIX}/man/man8/sshd.8
ln -sf ssh.1.gz ${PREFIX}/man/man1/slogin.1.gz
+ ln -sf ssh1.1.gz ${PREFIX}/man/man1/slogin1.1.gz
+ ln -sf sshd1.8.gz ${PREFIX}/man/man8/sshd.8.gz
.endif
@if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \
echo "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
diff --git a/security/ssh/distinfo b/security/ssh/distinfo
index c7ab762b4ddf..7ccf3ba2900e 100644
--- a/security/ssh/distinfo
+++ b/security/ssh/distinfo
@@ -1,3 +1,3 @@
-MD5 (ssh-1.2.22.tar.gz) = 011f2b6d1935c59be0dae299db4ed7fa
+MD5 (ssh-1.2.25.tar.gz) = f16c579f8d60d2f0eaabd3c30e46ca2c
MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d
MD5 (ssh-1.2.22-patchkit) = 5228897d59be91ad3ae88e992d61cd50
diff --git a/security/ssh/files/patch-ac b/security/ssh/files/patch-ac
index 9c56f8aded01..884c43b96929 100644
--- a/security/ssh/files/patch-ac
+++ b/security/ssh/files/patch-ac
@@ -1,7 +1,7 @@
-*** Makefile.in.orig Tue Sep 16 01:59:13 1997
---- Makefile.in Tue Sep 16 02:06:08 1997
+*** Makefile.in.orig Thu Jun 11 07:01:13 1998
+--- Makefile.in Thu Jun 11 20:48:59 1998
***************
-*** 259,270 ****
+*** 287,298 ****
SHELL = /bin/sh
GMPDIR = gmp-2.0.2-ssh-2
@@ -14,7 +14,7 @@
RSAREFDIR = rsaref2
RSAREFSRCDIR = $(RSAREFDIR)/source
---- 259,275 ----
+--- 287,303 ----
SHELL = /bin/sh
GMPDIR = gmp-2.0.2-ssh-2
@@ -33,7 +33,7 @@
RSAREFDIR = rsaref2
RSAREFSRCDIR = $(RSAREFDIR)/source
***************
-*** 368,374 ****
+*** 397,403 ****
$(CC) -o rfc-pg rfc-pg.o
.c.o:
@@ -41,7 +41,7 @@
sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
-rm -f sshd
---- 373,379 ----
+--- 402,408 ----
$(CC) -o rfc-pg rfc-pg.o
.c.o:
@@ -50,7 +50,7 @@
sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
-rm -f sshd
***************
-*** 411,429 ****
+*** 440,458 ****
sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
chmod +x make-ssh-known-hosts
@@ -70,7 +70,7 @@
$(RSAREFSRCDIR)/librsaref.a:
-if test '!' -d $(RSAREFDIR); then \
---- 416,434 ----
+--- 445,463 ----
sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
chmod +x make-ssh-known-hosts
@@ -91,24 +91,24 @@
$(RSAREFSRCDIR)/librsaref.a:
-if test '!' -d $(RSAREFDIR); then \
***************
-*** 480,486 ****
+*** 509,515 ****
# (otherwise it can only log in as the user it runs as, and must be
# bound to a non-privileged port). Also, password authentication may
# not be available if non-root and using shadow passwords.
! install: $(PROGRAMS) make-dirs generate-host-key install-configs
- -rm -f $(install_prefix)$(bindir)/ssh.old
- -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old
- -chmod 755 $(install_prefix)$(bindir)/ssh.old
---- 485,491 ----
+ -rm -f $(install_prefix)$(bindir)/ssh1.old
+ -mv $(install_prefix)$(bindir)/ssh1 $(install_prefix)$(bindir)/ssh1.old
+ -chmod 755 $(install_prefix)$(bindir)/ssh1.old
+--- 514,520 ----
# (otherwise it can only log in as the user it runs as, and must be
# bound to a non-privileged port). Also, password authentication may
# not be available if non-root and using shadow passwords.
! install: $(PROGRAMS) make-dirs install-configs
- -rm -f $(install_prefix)$(bindir)/ssh.old
- -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old
- -chmod 755 $(install_prefix)$(bindir)/ssh.old
+ -rm -f $(install_prefix)$(bindir)/ssh1.old
+ -mv $(install_prefix)$(bindir)/ssh1 $(install_prefix)$(bindir)/ssh1.old
+ -chmod 755 $(install_prefix)$(bindir)/ssh1.old
***************
-*** 589,603 ****
+*** 665,679 ****
clean:
-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
@@ -122,9 +122,9 @@
! cd $(GMPDIR); $(MAKE) distclean
! cd $(ZLIBDIR); $(MAKE) distclean
- dist: dist-free
+ dist: dist-commercial
---- 594,608 ----
+--- 670,684 ----
clean:
-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
@@ -138,12 +138,12 @@
! # cd $(GMPDIR); $(MAKE) distclean
! # cd $(ZLIBDIR); $(MAKE) distclean
- dist: dist-free
+ dist: dist-commercial
***************
-*** 628,639 ****
- #
- #endif F_SECURE_COMMERCIAL
+*** 702,713 ****
+ -mkdir $(DISTNAME)
+ cp $(DISTFILES) $(DISTNAME)
for i in $(DISTSRCS); do cp $(srcdir)/$$i $(DISTNAME); done
! (cd $(GMPDIR); make dist)
! gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - )
@@ -152,11 +152,11 @@
! (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -)
! cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS
- dist-free-make-tar:
- tar pcf $(DISTNAME).tar $(DISTNAME)
---- 633,644 ----
+ #ifdef F_SECURE_COMMERCIAL
#
- #endif F_SECURE_COMMERCIAL
+--- 707,718 ----
+ -mkdir $(DISTNAME)
+ cp $(DISTFILES) $(DISTNAME)
for i in $(DISTSRCS); do cp $(srcdir)/$$i $(DISTNAME); done
! # (cd $(GMPDIR); make dist)
! # gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - )
@@ -165,10 +165,10 @@
! # (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -)
! # cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS
- dist-free-make-tar:
- tar pcf $(DISTNAME).tar $(DISTNAME)
+ #ifdef F_SECURE_COMMERCIAL
+ #
***************
-*** 656,662 ****
+*** 735,741 ****
(echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
depend:
@@ -176,7 +176,7 @@
tags:
-rm -f TAGS
---- 661,667 ----
+--- 740,746 ----
(echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
depend:
diff --git a/security/ssh/files/patch-af b/security/ssh/files/patch-af
index 0dfba6e1e2f0..f0cea2252274 100644
--- a/security/ssh/files/patch-af
+++ b/security/ssh/files/patch-af
@@ -1,394 +1,108 @@
---- sshd.c.orig Tue Jan 20 15:24:10 1998
-+++ sshd.c Thu Jan 22 16:29:19 1998
-@@ -428,6 +428,10 @@
- #include "firewall.h" /* TIS authsrv authentication */
- #endif
-
-+#ifdef HAVE_LOGIN_CAP_H
-+#include <login_cap.h>
-+#endif
-+
- #ifdef _PATH_BSHELL
- #define DEFAULT_SHELL _PATH_BSHELL
- #else
-@@ -1594,6 +1598,38 @@
- endspent();
- }
- #endif /* HAVE_ETC_SHADOW */
-+#ifdef __FreeBSD__
-+ {
-+ time_t currtime;
-+
-+ if (pwd->pw_change || pwd->pw_expire)
-+ currtime = time(NULL);
-+
-+ /*
-+ * Check for an expired password
-+ */
-+ if (pwd->pw_change && pwd->pw_change <= currtime)
-+ {
-+ debug("Account %.100s's password is too old - forced to change.",
-+ user);
-+ if (options.forced_passwd_change)
-+ forced_command = "/usr/bin/passwd";
-+ else
-+ {
-+ return 0;
-+ }
-+ }
-+
-+ /*
-+ * Check for expired account
-+ */
-+ if (pwd->pw_expire && pwd->pw_expire <= currtime)
-+ {
-+ debug("Account %.100s has expired - access denied.", user);
-+ return 0;
-+ }
-+ }
-+#else /* !FreeBSD */
- /*
- * Check if account is locked. Check if encrypted password starts
- * with "*LK*".
-@@ -1605,6 +1641,7 @@
- return 0;
- }
- }
-+#endif /* !FreeBSD */
- #ifdef CHECK_ETC_SHELLS
- {
- int invalid = 1;
-@@ -1819,8 +1856,10 @@
- pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
- pwcopy.pw_uid = pw->pw_uid;
- pwcopy.pw_gid = pw->pw_gid;
--#if defined (__bsdi__) && _BSDI_VERSION >= 199510
-+#if defined (HAVE_LOGIN_CAP_H) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
- pwcopy.pw_class = xstrdup(pw->pw_class);
-+#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
-+#if defined (__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
- pwcopy.pw_change = pw->pw_change;
- pwcopy.pw_expire = pw->pw_expire;
- #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
-@@ -2793,9 +2832,13 @@
- struct sockaddr_in from;
- int fromlen;
- struct pty_cleanup_context cleanup_context;
--#if defined (__bsdi__) && _BSDI_VERSION >= 199510
-+#if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
- struct timeval tp;
- #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
-+#ifdef HAVE_LOGIN_CAP_H
-+ login_cap_t *lc;
-+ time_t warnpassword, warnexpire;
-+#endif
-
- /* We no longer need the child running on user's privileges. */
- userfile_uninit();
-@@ -2867,10 +2910,18 @@
- record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname,
- &from);
-
-+#ifdef HAVE_LOGIN_CAP_H
-+ lc = login_getclass(pw->pw_class);
-+ quiet_login = login_getcapbool(lc, "hushlogin", quiet_login);
-+ if (!quiet_login) {
-+#endif
- /* Check if .hushlogin exists. Note that we cannot use userfile
- here because we are in the child. */
- sprintf(line, "%.200s/.hushlogin", pw->pw_dir);
- quiet_login = stat(line, &st) >= 0;
-+#ifdef HAVE_LOGIN_CAP_H
-+ }
-+#endif
-
- /* If the user has logged in before, display the time of last login.
- However, don't display anything extra if a command has been
-@@ -2890,6 +2941,38 @@
- else
- printf("Last login: %s from %s\r\n", time_string, buf);
- }
-+#ifdef __FreeBSD__
-+ if (command == NULL && !quiet_login)
-+ {
-+#ifdef HAVE_LOGIN_CAP_H
-+ char *cw;
-+ FILE *f;
-+
-+ cw = login_getcapstr(lc, "copyright", NULL, NULL);
-+ if (cw != NULL && (f = fopen(cw, "r")) != NULL)
-+ {
-+ while (fgets(line, sizeof(line), f))
-+ fputs(line, stdout);
-+ fclose(f);
-+ }
-+ else
-+#endif
-+ printf("%s\n\t%s %s\n\n",
-+ "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
-+ "The Regents of the University of California. ",
-+ "All rights reserved.");
-+ }
-+#endif
-+
-+#ifdef HAVE_LOGIN_CAP_H
-+#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */
-+
-+ warnpassword = login_getcaptime(lc, "warnpassword",
-+ DEFAULT_WARN, DEFAULT_WARN);
-+ warnexpire = login_getcaptime(lc, "warnexpire",
-+ DEFAULT_WARN, DEFAULT_WARN);
-+ login_close(lc);
-+#endif
-
- /* Print /etc/motd unless a command was specified or printing it was
- disabled in server options. Note that some machines appear to
-@@ -2900,14 +2983,18 @@
- FILE *f;
-
- /* Print /etc/motd if it exists. */
-- f = fopen("/etc/motd", "r");
-+#ifdef HAVE_LOGIN_CAP_H
-+ f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r");
-+#else
-+ f = fopen("/etc/motd", "r");
-+#endif
- if (f)
- {
- while (fgets(line, sizeof(line), f))
- fputs(line, stdout);
- fclose(f);
- }
--#if defined (__bsdi__) && _BSDI_VERSION >= 199510
-+#if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
- if (pw->pw_change || pw->pw_expire)
- (void)gettimeofday(&tp, (struct timezone *)NULL);
- if (pw->pw_change)
-@@ -2915,7 +3002,11 @@
- fprintf(stderr,"Sorry -- your password has expired.\n");
- exit(254);
- } else if (pw->pw_change - tp.tv_sec <
-+#ifdef HAVE_LOGIN_CAP_H
-+ warnpassword)
-+#else
- 2 * DAYSPERWEEK * SECSPERDAY)
-+#endif
- fprintf(stderr,"Warning: your password expires on %s",
- ctime(&pw->pw_change));
- if (pw->pw_expire)
-@@ -2923,7 +3014,11 @@
- fprintf(stderr,"Sorry -- your account has expired.\n");
- exit(254);
- } else if (pw->pw_expire - tp.tv_sec <
-+#ifdef HAVE_LOGIN_CAP_H
-+ warnexpire)
-+#else
- 2 * DAYSPERWEEK * SECSPERDAY)
-+#endif
- fprintf(stderr,"Warning: your account expires on %s",
- ctime(&pw->pw_expire));
- #endif /* __bsdi__ & _BSDI_VERSION >= 199510 */
-@@ -3182,6 +3277,13 @@
- #if defined (__bsdi__) && _BSDI_VERSION >= 199510
- login_cap_t *lc = 0;
- #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
-+#ifdef HAVE_LOGIN_CAP_H
-+ login_cap_t *lc;
-+ char *real_shell;
-+
-+ lc = login_getclass(pw->pw_class);
-+ auth_checknologin(lc);
-+#else /* !HAVE_LOGIN_CAP_H */
-
- /* Check /etc/nologin. */
- f = fopen("/etc/nologin", "r");
-@@ -3199,10 +3301,16 @@
- if (pw->pw_uid != UID_ROOT && !login_getcapbool(lc, "ignorenologin", 0))
- exit(254);
- #else
-+#ifdef HAVE_LOGIN_CAP_H
-+ if (pw->pw_uid != UID_ROOT && !login_getcapbool(lc, "ignorenologin", 0))
-+ exit(254);
-+#else
- if (pw->pw_uid != UID_ROOT)
- exit(254);
-+#endif
- #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
- }
-+#endif /* HAVE_LOGIN_CAP_H */
-
- if (command != NULL)
- {
-@@ -3216,6 +3324,7 @@
- log_msg("executing remote command as user %.200s", pw->pw_name);
- }
-
-+#ifndef HAVE_LOGIN_CAP_H
- #ifdef HAVE_SETLOGIN
- /* Set login name in the kernel. Warning: setsid() must be called before
- this. */
-@@ -3236,6 +3345,7 @@
- if (setpcred((char *)pw->pw_name, NULL))
- log_msg("setpcred %.100s: %.100s", strerror(errno));
- #endif /* HAVE_USERSEC_H */
-+#endif /* !HAVE_LOGIN_CAP_H */
-
- /* Save some data that will be needed so that we can do certain cleanups
- before we switch to user's uid. (We must clear all sensitive data
-@@ -3306,6 +3416,66 @@
- if (command != NULL || !options.use_login)
- #endif /* USELOGIN */
- {
-+#ifdef HAVE_LOGIN_CAP_H
-+ char *p, *s, **tmpenv;
-+
-+ /* Initialize the new environment.
-+ */
-+ envsize = 64;
-+ env = xmalloc(envsize * sizeof(char *));
-+ env[0] = NULL;
-+
-+ child_set_env(&env, &envsize, "PATH", DEFAULT_PATH);
-+
-+#ifdef MAIL_SPOOL_DIRECTORY
-+ sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name);
-+ child_set_env(&env, &envsize, "MAIL", buf);
-+#else /* MAIL_SPOOL_DIRECTORY */
-+#ifdef MAIL_SPOOL_FILE
-+ sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE);
-+ child_set_env(&env, &envsize, "MAIL", buf);
-+#endif /* MAIL_SPOOL_FILE */
-+#endif /* MAIL_SPOOL_DIRECTORY */
-+
-+ /* Let it inherit timezone if we have one. */
-+ if (getenv("TZ"))
-+ child_set_env(&env, &envsize, "TZ", getenv("TZ"));
-+
-+ /* Save previous environment array
-+ */
-+ tmpenv = environ;
-+ environ = env;
-+
-+ /* Set the user's login environment
-+ */
-+ if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0)
-+ {
-+ perror("setusercontext");
-+ exit(1);
-+ }
-+
-+ p = getenv("PATH");
-+ s = xmalloc((p != NULL ? strlen(p) + 1 : 0) + sizeof(SSH_BINDIR));
-+ *s = '\0';
-+ if (p != NULL)
-+ {
-+ strcat(s, p);
-+ strcat(s, ":");
-+ }
-+ strcat(s, SSH_BINDIR);
-+
-+ env = environ;
-+ environ = tmpenv; /* Restore parent environment */
-+ for (envsize = 0; env[envsize] != NULL; ++envsize)
-+ ;
-+ /* Reallocate this to what is expected */
-+ envsize = (envsize < 100) ? 100 : envsize + 16;
-+ env = xrealloc(env, envsize * sizeof(char *));
-+
-+ child_set_env(&env, &envsize, "PATH", s);
-+ xfree(s);
-+
-+#else /* !HAVE_LOGIN_CAP_H */
- /* Set uid, gid, and groups. */
- if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
- {
-@@ -3337,6 +3507,7 @@
-
- if (getuid() != user_uid || geteuid() != user_uid)
- fatal("Failed to set uids to %d.", (int)user_uid);
-+#endif /* HAVE_LOGIN_CAP_H */
- }
-
- /* Reset signals to their default settings before starting the user
-@@ -3364,11 +3535,16 @@
- and means /bin/sh. */
- shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell;
-
-+#ifdef HAVE_LOGIN_CAP_H
-+ real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell);
-+ login_close(lc);
-+#else /* !HAVE_LOGIN_CAP_H */
- /* Initialize the environment. In the first part we allocate space for
- all environment variables. */
- envsize = 100;
- env = xmalloc(envsize * sizeof(char *));
- env[0] = NULL;
-+#endif /* HAVE_LOGIN_CAP_H */
-
- #ifdef USELOGIN
- if (command != NULL || !options.use_login)
-@@ -3378,6 +3554,8 @@
- child_set_env(&env, &envsize, "HOME", user_dir);
- child_set_env(&env, &envsize, "USER", user_name);
- child_set_env(&env, &envsize, "LOGNAME", user_name);
-+
-+#ifndef HAVE_LOGIN_CAP_H
- child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
-
- #ifdef MAIL_SPOOL_DIRECTORY
-@@ -3389,6 +3567,7 @@
- child_set_env(&env, &envsize, "MAIL", buf);
- #endif /* MAIL_SPOOL_FILE */
- #endif /* MAIL_SPOOL_DIRECTORY */
-+#endif /* !HAVE_LOGIN_CAP_H */
-
- #ifdef HAVE_ETC_DEFAULT_LOGIN
- /* Read /etc/default/login; this exists at least on Solaris 2.x. Note
-@@ -3404,9 +3583,11 @@
- child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
- original_command);
-
-+#ifndef HAVE_LOGIN_CAP_H
- /* Let it inherit timezone if we have one. */
- if (getenv("TZ"))
- child_set_env(&env, &envsize, "TZ", getenv("TZ"));
-+#endif /* !HAVE_LOGIN_CAP_H */
-
- /* Set custom environment options from RSA authentication. */
- while (custom_environment)
-@@ -3632,7 +3813,11 @@
- struct stat mailbuf;
-
- if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0)
-+#ifdef __FreeBSD__
-+ ;
-+#else
- printf("No mail.\n");
-+#endif
- else if (mailbuf.st_atime > mailbuf.st_mtime)
- printf("You have mail.\n");
- else
-@@ -3647,7 +3832,11 @@
- /* Execute the shell. */
- argv[0] = buf;
- argv[1] = NULL;
-+#ifdef HAVE_LOGIN_CAP_H
-+ execve(real_shell, argv, env);
-+#else
- execve(shell, argv, env);
-+#endif /* HAVE_LOGIN_CAP_H */
- /* Executing the shell failed. */
- perror(shell);
- exit(1);
-@@ -3668,7 +3857,11 @@
- argv[1] = "-c";
- argv[2] = (char *)command;
- argv[3] = NULL;
-+#ifdef HAVE_LOGIN_CAP_H
-+ execve(real_shell, argv, env);
-+#else
- execve(shell, argv, env);
-+#endif /* HAVE_LOGIN_CAP_H */
- perror(shell);
- exit(1);
- }
+*** sshd.c.WAS Thu Jun 11 23:11:47 1998
+--- sshd.c Thu Jun 11 23:30:30 1998
+***************
+*** 2014,2020 ****
+ pwcopy.pw_class = xstrdup(pw->pw_class);
+ pwcopy.pw_change = pw->pw_change;
+ pwcopy.pw_expire = pw->pw_expire;
+! #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
+ pwcopy.pw_dir = xstrdup(pw->pw_dir);
+ pwcopy.pw_shell = xstrdup(pw->pw_shell);
+ pw = &pwcopy;
+--- 2014,2020 ----
+ pwcopy.pw_class = xstrdup(pw->pw_class);
+ pwcopy.pw_change = pw->pw_change;
+ pwcopy.pw_expire = pw->pw_expire;
+! #endif /* (__bsdi__ && _BSDI_VERSION >= 199510) || (__FreeBSD__ && HAVE_LOGIN_CAP_H) */
+ pwcopy.pw_dir = xstrdup(pw->pw_dir);
+ pwcopy.pw_shell = xstrdup(pw->pw_shell);
+ pw = &pwcopy;
+***************
+*** 3045,3054 ****
+ struct pty_cleanup_context cleanup_context;
+ #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ login_cap_t *lc;
+ #endif
+! #if defined (__bsdi__) && _BSDI_VERSION >= 199510
+ struct timeval tp;
+! #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
+
+ #ifdef HAVE_OSF1_C2_SECURITY
+ {
+--- 3045,3055 ----
+ struct pty_cleanup_context cleanup_context;
+ #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ login_cap_t *lc;
++ time_t warnpassword, warnexpire;
+ #endif
+! #if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
+ struct timeval tp;
+! #endif /* __FreeBSD__ || (__bsdi__ && _BSDI_VERSION >= 199510) */
+
+ #ifdef HAVE_OSF1_C2_SECURITY
+ {
+***************
+*** 3183,3188 ****
+--- 3184,3197 ----
+ "The Regents of the University of California. ",
+ "All rights reserved.");
+ }
++ #ifdef HAVE_LOGIN_CAP_H
++ #define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */
++
++ warnpassword = login_getcaptime(lc, "warnpassword",
++ DEFAULT_WARN, DEFAULT_WARN);
++ warnexpire = login_getcaptime(lc, "warnexpire",
++ DEFAULT_WARN, DEFAULT_WARN);
++ #endif
+ #endif
+
+ /* Print /etc/motd unless a command was specified or printing it was
+***************
+*** 3206,3212 ****
+ fputs(line, stdout);
+ fclose(f);
+ }
+! #if defined (__bsdi__) && _BSDI_VERSION >= 199510
+ if (pw->pw_change || pw->pw_expire)
+ (void)gettimeofday(&tp, (struct timezone *)NULL);
+ if (pw->pw_change)
+--- 3215,3221 ----
+ fputs(line, stdout);
+ fclose(f);
+ }
+! #if defined(__FreeBSD__) || (defined(__bsdi__) && _BSDI_VERSION >= 199510)
+ if (pw->pw_change || pw->pw_expire)
+ (void)gettimeofday(&tp, (struct timezone *)NULL);
+ if (pw->pw_change)
+***************
+*** 3575,3581 ****
+ while (fgets(buf, sizeof(buf), f))
+ fputs(buf, stderr);
+ fclose(f);
+! #if defined (__bsdi__) && _BSDI_VERSION >= 199510
+ if (pw->pw_uid != UID_ROOT &&
+ !login_getcapbool(lc, "ignorenologin", 0))
+ exit(254);
+--- 3584,3590 ----
+ while (fgets(buf, sizeof(buf), f))
+ fputs(buf, stderr);
+ fclose(f);
+! #if (defined(__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
+ if (pw->pw_uid != UID_ROOT &&
+ !login_getcapbool(lc, "ignorenologin", 0))
+ exit(254);
+***************
+*** 4121,4127 ****
+--- 4130,4140 ----
+ struct stat mailbuf;
+
+ if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0)
++ #ifdef __FreeBSD__
++ ;
++ #else
+ printf("No mail.\n");
++ #endif
+ else if (mailbuf.st_atime > mailbuf.st_mtime)
+ printf("You have mail.\n");
+ else
diff --git a/security/ssh/pkg-plist b/security/ssh/pkg-plist
index c632301bd8c8..ff4c33783eb0 100644
--- a/security/ssh/pkg-plist
+++ b/security/ssh/pkg-plist
@@ -1,23 +1,39 @@
etc/rc.d/sshd.sh
bin/scp
+bin/scp1
bin/ssh
+bin/ssh1
@exec ln -fs %f %B/slogin
@unexec rm -f %B/slogin
bin/ssh-add
+bin/ssh-add1
bin/ssh-agent
+bin/ssh-agent1
bin/ssh-askpass
+bin/ssh-askpass1
bin/ssh-keygen
+bin/ssh-keygen1
bin/make-ssh-known-hosts
+bin/make-ssh-known-hosts1
etc/ssh_config
etc/sshd_config
man/man1/make-ssh-known-hosts.1.gz
+man/man1/make-ssh-known-hosts1.1.gz
man/man1/scp.1.gz
+man/man1/scp1.1.gz
man/man1/ssh-add.1.gz
+man/man1/ssh-add1.1.gz
man/man1/ssh-agent.1.gz
+man/man1/ssh-agent1.1.gz
man/man1/ssh-keygen.1.gz
+man/man1/ssh-keygen1.1.gz
man/man1/ssh.1.gz
+man/man1/ssh1.1.gz
@exec ln -fs %f %B/slogin.1.gz
@unexec rm -f %B/slogin.1.gz
+@unexec rm -f %B/slogin1.1.gz
man/man8/sshd.8.gz
+man/man8/sshd1.8.gz
sbin/sshd
+sbin/sshd1
@exec if [ ! -f %D/etc/ssh_host_key ]; then echo "Generating a secret host key.." ; %D/bin/ssh-keygen -N "" -f %D/etc/ssh_host_key; fi
diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile
index a0944bedf576..0376792c88d3 100644
--- a/security/ssh2/Makefile
+++ b/security/ssh2/Makefile
@@ -1,15 +1,15 @@
# New ports collection makefile for: ssh
-# Version required: 1.2.22
+# Version required: 1.2.25
# Date created: 30 Jul 1995
# Whom: torstenb@FreeBSD.ORG
#
-# $Id: Makefile,v 1.53 1998/05/22 06:05:43 mph Exp $
+# $Id: Makefile,v 1.54 1998/05/23 08:53:38 obrien Exp $
#
# Maximal ssh package requires YES values for
# USE_PERL, USE_TCPWRAP
#
-DISTNAME= ssh-1.2.22
+DISTNAME= ssh-1.2.25
CATEGORIES= security net
MASTER_SITES= ftp://ftp.funet.fi/pub/unix/security/login/ssh/
@@ -32,10 +32,11 @@ MASTER_SITES= \
# Download by hand from http://www.cryptography.org/cgi-bin/crypto.cgi/ssh/
# and put in distfiles directory.
#
-.if defined(FAST_DES_PATCHKIT) && ${FAST_DES_PATCHKIT} == YES
-PATCHFILES=ssh-1.2.22-patchkit
-PATCH_DIST_STRIP=-p1
-.endif
+# Disabled for now, since there's not such a patchkit for 1.2.25 version.
+#.if defined(FAST_DES_PATCHKIT) && ${FAST_DES_PATCHKIT} == YES
+#PATCHFILES=ssh-1.2.22-patchkit
+#PATCH_DIST_STRIP=-p1
+#.endif
RESTRICTED= "Crypto; export-controlled"
IS_INTERACTIVE= YES
@@ -70,9 +71,9 @@ CONFIGURE_ARGS+= --with-secureid
CONFIGURE_ARGS+= --without-idea
.endif
-MAN1= scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 \
- make-ssh-known-hosts.1
-MAN8= sshd.8
+MAN1= scp1.1 ssh-add1.1 ssh-agent1.1 ssh-keygen1.1 ssh1.1 \
+ make-ssh-known-hosts1.1
+MAN8= sshd1.8
pre-patch:
@@ -103,8 +104,17 @@ post-install:
${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \
fi
.if !defined(NOMANCOMPRESS)
+ for file in make-ssh-known-hosts scp ssh-add ssh-agent \
+ ssh-keygen ssh; do \
+ rm -f ${PREFIX}/man/man1/$${file}.1; \
+ ln -sf $${file}1.1.gz ${PREFIX}/man/man1/$${file}.1.gz; \
+ done
rm -f ${PREFIX}/man/man1/slogin.1
+ rm -f ${PREFIX}/man/man1/slogin1.1
+ rm -f ${PREFIX}/man/man8/sshd.8
ln -sf ssh.1.gz ${PREFIX}/man/man1/slogin.1.gz
+ ln -sf ssh1.1.gz ${PREFIX}/man/man1/slogin1.1.gz
+ ln -sf sshd1.8.gz ${PREFIX}/man/man8/sshd.8.gz
.endif
@if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \
echo "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo
index c7ab762b4ddf..7ccf3ba2900e 100644
--- a/security/ssh2/distinfo
+++ b/security/ssh2/distinfo
@@ -1,3 +1,3 @@
-MD5 (ssh-1.2.22.tar.gz) = 011f2b6d1935c59be0dae299db4ed7fa
+MD5 (ssh-1.2.25.tar.gz) = f16c579f8d60d2f0eaabd3c30e46ca2c
MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d
MD5 (ssh-1.2.22-patchkit) = 5228897d59be91ad3ae88e992d61cd50
diff --git a/security/ssh2/files/patch-ac b/security/ssh2/files/patch-ac
index 9c56f8aded01..884c43b96929 100644
--- a/security/ssh2/files/patch-ac
+++ b/security/ssh2/files/patch-ac
@@ -1,7 +1,7 @@
-*** Makefile.in.orig Tue Sep 16 01:59:13 1997
---- Makefile.in Tue Sep 16 02:06:08 1997
+*** Makefile.in.orig Thu Jun 11 07:01:13 1998
+--- Makefile.in Thu Jun 11 20:48:59 1998
***************
-*** 259,270 ****
+*** 287,298 ****
SHELL = /bin/sh
GMPDIR = gmp-2.0.2-ssh-2
@@ -14,7 +14,7 @@
RSAREFDIR = rsaref2
RSAREFSRCDIR = $(RSAREFDIR)/source
---- 259,275 ----
+--- 287,303 ----
SHELL = /bin/sh
GMPDIR = gmp-2.0.2-ssh-2
@@ -33,7 +33,7 @@
RSAREFDIR = rsaref2
RSAREFSRCDIR = $(RSAREFDIR)/source
***************
-*** 368,374 ****
+*** 397,403 ****
$(CC) -o rfc-pg rfc-pg.o
.c.o:
@@ -41,7 +41,7 @@
sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
-rm -f sshd
---- 373,379 ----
+--- 402,408 ----
$(CC) -o rfc-pg rfc-pg.o
.c.o:
@@ -50,7 +50,7 @@
sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
-rm -f sshd
***************
-*** 411,429 ****
+*** 440,458 ****
sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
chmod +x make-ssh-known-hosts
@@ -70,7 +70,7 @@
$(RSAREFSRCDIR)/librsaref.a:
-if test '!' -d $(RSAREFDIR); then \
---- 416,434 ----
+--- 445,463 ----
sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
chmod +x make-ssh-known-hosts
@@ -91,24 +91,24 @@
$(RSAREFSRCDIR)/librsaref.a:
-if test '!' -d $(RSAREFDIR); then \
***************
-*** 480,486 ****
+*** 509,515 ****
# (otherwise it can only log in as the user it runs as, and must be
# bound to a non-privileged port). Also, password authentication may
# not be available if non-root and using shadow passwords.
! install: $(PROGRAMS) make-dirs generate-host-key install-configs
- -rm -f $(install_prefix)$(bindir)/ssh.old
- -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old
- -chmod 755 $(install_prefix)$(bindir)/ssh.old
---- 485,491 ----
+ -rm -f $(install_prefix)$(bindir)/ssh1.old
+ -mv $(install_prefix)$(bindir)/ssh1 $(install_prefix)$(bindir)/ssh1.old
+ -chmod 755 $(install_prefix)$(bindir)/ssh1.old
+--- 514,520 ----
# (otherwise it can only log in as the user it runs as, and must be
# bound to a non-privileged port). Also, password authentication may
# not be available if non-root and using shadow passwords.
! install: $(PROGRAMS) make-dirs install-configs
- -rm -f $(install_prefix)$(bindir)/ssh.old
- -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old
- -chmod 755 $(install_prefix)$(bindir)/ssh.old
+ -rm -f $(install_prefix)$(bindir)/ssh1.old
+ -mv $(install_prefix)$(bindir)/ssh1 $(install_prefix)$(bindir)/ssh1.old
+ -chmod 755 $(install_prefix)$(bindir)/ssh1.old
***************
-*** 589,603 ****
+*** 665,679 ****
clean:
-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
@@ -122,9 +122,9 @@
! cd $(GMPDIR); $(MAKE) distclean
! cd $(ZLIBDIR); $(MAKE) distclean
- dist: dist-free
+ dist: dist-commercial
---- 594,608 ----
+--- 670,684 ----
clean:
-rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg
@@ -138,12 +138,12 @@
! # cd $(GMPDIR); $(MAKE) distclean
! # cd $(ZLIBDIR); $(MAKE) distclean
- dist: dist-free
+ dist: dist-commercial
***************
-*** 628,639 ****
- #
- #endif F_SECURE_COMMERCIAL
+*** 702,713 ****
+ -mkdir $(DISTNAME)
+ cp $(DISTFILES) $(DISTNAME)
for i in $(DISTSRCS); do cp $(srcdir)/$$i $(DISTNAME); done
! (cd $(GMPDIR); make dist)
! gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - )
@@ -152,11 +152,11 @@
! (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -)
! cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS
- dist-free-make-tar:
- tar pcf $(DISTNAME).tar $(DISTNAME)
---- 633,644 ----
+ #ifdef F_SECURE_COMMERCIAL
#
- #endif F_SECURE_COMMERCIAL
+--- 707,718 ----
+ -mkdir $(DISTNAME)
+ cp $(DISTFILES) $(DISTNAME)
for i in $(DISTSRCS); do cp $(srcdir)/$$i $(DISTNAME); done
! # (cd $(GMPDIR); make dist)
! # gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - )
@@ -165,10 +165,10 @@
! # (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -)
! # cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS
- dist-free-make-tar:
- tar pcf $(DISTNAME).tar $(DISTNAME)
+ #ifdef F_SECURE_COMMERCIAL
+ #
***************
-*** 656,662 ****
+*** 735,741 ****
(echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
depend:
@@ -176,7 +176,7 @@
tags:
-rm -f TAGS
---- 661,667 ----
+--- 740,746 ----
(echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
depend:
diff --git a/security/ssh2/files/patch-af b/security/ssh2/files/patch-af
index 0dfba6e1e2f0..f0cea2252274 100644
--- a/security/ssh2/files/patch-af
+++ b/security/ssh2/files/patch-af
@@ -1,394 +1,108 @@
---- sshd.c.orig Tue Jan 20 15:24:10 1998
-+++ sshd.c Thu Jan 22 16:29:19 1998
-@@ -428,6 +428,10 @@
- #include "firewall.h" /* TIS authsrv authentication */
- #endif
-
-+#ifdef HAVE_LOGIN_CAP_H
-+#include <login_cap.h>
-+#endif
-+
- #ifdef _PATH_BSHELL
- #define DEFAULT_SHELL _PATH_BSHELL
- #else
-@@ -1594,6 +1598,38 @@
- endspent();
- }
- #endif /* HAVE_ETC_SHADOW */
-+#ifdef __FreeBSD__
-+ {
-+ time_t currtime;
-+
-+ if (pwd->pw_change || pwd->pw_expire)
-+ currtime = time(NULL);
-+
-+ /*
-+ * Check for an expired password
-+ */
-+ if (pwd->pw_change && pwd->pw_change <= currtime)
-+ {
-+ debug("Account %.100s's password is too old - forced to change.",
-+ user);
-+ if (options.forced_passwd_change)
-+ forced_command = "/usr/bin/passwd";
-+ else
-+ {
-+ return 0;
-+ }
-+ }
-+
-+ /*
-+ * Check for expired account
-+ */
-+ if (pwd->pw_expire && pwd->pw_expire <= currtime)
-+ {
-+ debug("Account %.100s has expired - access denied.", user);
-+ return 0;
-+ }
-+ }
-+#else /* !FreeBSD */
- /*
- * Check if account is locked. Check if encrypted password starts
- * with "*LK*".
-@@ -1605,6 +1641,7 @@
- return 0;
- }
- }
-+#endif /* !FreeBSD */
- #ifdef CHECK_ETC_SHELLS
- {
- int invalid = 1;
-@@ -1819,8 +1856,10 @@
- pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
- pwcopy.pw_uid = pw->pw_uid;
- pwcopy.pw_gid = pw->pw_gid;
--#if defined (__bsdi__) && _BSDI_VERSION >= 199510
-+#if defined (HAVE_LOGIN_CAP_H) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
- pwcopy.pw_class = xstrdup(pw->pw_class);
-+#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
-+#if defined (__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
- pwcopy.pw_change = pw->pw_change;
- pwcopy.pw_expire = pw->pw_expire;
- #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
-@@ -2793,9 +2832,13 @@
- struct sockaddr_in from;
- int fromlen;
- struct pty_cleanup_context cleanup_context;
--#if defined (__bsdi__) && _BSDI_VERSION >= 199510
-+#if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
- struct timeval tp;
- #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
-+#ifdef HAVE_LOGIN_CAP_H
-+ login_cap_t *lc;
-+ time_t warnpassword, warnexpire;
-+#endif
-
- /* We no longer need the child running on user's privileges. */
- userfile_uninit();
-@@ -2867,10 +2910,18 @@
- record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname,
- &from);
-
-+#ifdef HAVE_LOGIN_CAP_H
-+ lc = login_getclass(pw->pw_class);
-+ quiet_login = login_getcapbool(lc, "hushlogin", quiet_login);
-+ if (!quiet_login) {
-+#endif
- /* Check if .hushlogin exists. Note that we cannot use userfile
- here because we are in the child. */
- sprintf(line, "%.200s/.hushlogin", pw->pw_dir);
- quiet_login = stat(line, &st) >= 0;
-+#ifdef HAVE_LOGIN_CAP_H
-+ }
-+#endif
-
- /* If the user has logged in before, display the time of last login.
- However, don't display anything extra if a command has been
-@@ -2890,6 +2941,38 @@
- else
- printf("Last login: %s from %s\r\n", time_string, buf);
- }
-+#ifdef __FreeBSD__
-+ if (command == NULL && !quiet_login)
-+ {
-+#ifdef HAVE_LOGIN_CAP_H
-+ char *cw;
-+ FILE *f;
-+
-+ cw = login_getcapstr(lc, "copyright", NULL, NULL);
-+ if (cw != NULL && (f = fopen(cw, "r")) != NULL)
-+ {
-+ while (fgets(line, sizeof(line), f))
-+ fputs(line, stdout);
-+ fclose(f);
-+ }
-+ else
-+#endif
-+ printf("%s\n\t%s %s\n\n",
-+ "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
-+ "The Regents of the University of California. ",
-+ "All rights reserved.");
-+ }
-+#endif
-+
-+#ifdef HAVE_LOGIN_CAP_H
-+#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */
-+
-+ warnpassword = login_getcaptime(lc, "warnpassword",
-+ DEFAULT_WARN, DEFAULT_WARN);
-+ warnexpire = login_getcaptime(lc, "warnexpire",
-+ DEFAULT_WARN, DEFAULT_WARN);
-+ login_close(lc);
-+#endif
-
- /* Print /etc/motd unless a command was specified or printing it was
- disabled in server options. Note that some machines appear to
-@@ -2900,14 +2983,18 @@
- FILE *f;
-
- /* Print /etc/motd if it exists. */
-- f = fopen("/etc/motd", "r");
-+#ifdef HAVE_LOGIN_CAP_H
-+ f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r");
-+#else
-+ f = fopen("/etc/motd", "r");
-+#endif
- if (f)
- {
- while (fgets(line, sizeof(line), f))
- fputs(line, stdout);
- fclose(f);
- }
--#if defined (__bsdi__) && _BSDI_VERSION >= 199510
-+#if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
- if (pw->pw_change || pw->pw_expire)
- (void)gettimeofday(&tp, (struct timezone *)NULL);
- if (pw->pw_change)
-@@ -2915,7 +3002,11 @@
- fprintf(stderr,"Sorry -- your password has expired.\n");
- exit(254);
- } else if (pw->pw_change - tp.tv_sec <
-+#ifdef HAVE_LOGIN_CAP_H
-+ warnpassword)
-+#else
- 2 * DAYSPERWEEK * SECSPERDAY)
-+#endif
- fprintf(stderr,"Warning: your password expires on %s",
- ctime(&pw->pw_change));
- if (pw->pw_expire)
-@@ -2923,7 +3014,11 @@
- fprintf(stderr,"Sorry -- your account has expired.\n");
- exit(254);
- } else if (pw->pw_expire - tp.tv_sec <
-+#ifdef HAVE_LOGIN_CAP_H
-+ warnexpire)
-+#else
- 2 * DAYSPERWEEK * SECSPERDAY)
-+#endif
- fprintf(stderr,"Warning: your account expires on %s",
- ctime(&pw->pw_expire));
- #endif /* __bsdi__ & _BSDI_VERSION >= 199510 */
-@@ -3182,6 +3277,13 @@
- #if defined (__bsdi__) && _BSDI_VERSION >= 199510
- login_cap_t *lc = 0;
- #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
-+#ifdef HAVE_LOGIN_CAP_H
-+ login_cap_t *lc;
-+ char *real_shell;
-+
-+ lc = login_getclass(pw->pw_class);
-+ auth_checknologin(lc);
-+#else /* !HAVE_LOGIN_CAP_H */
-
- /* Check /etc/nologin. */
- f = fopen("/etc/nologin", "r");
-@@ -3199,10 +3301,16 @@
- if (pw->pw_uid != UID_ROOT && !login_getcapbool(lc, "ignorenologin", 0))
- exit(254);
- #else
-+#ifdef HAVE_LOGIN_CAP_H
-+ if (pw->pw_uid != UID_ROOT && !login_getcapbool(lc, "ignorenologin", 0))
-+ exit(254);
-+#else
- if (pw->pw_uid != UID_ROOT)
- exit(254);
-+#endif
- #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
- }
-+#endif /* HAVE_LOGIN_CAP_H */
-
- if (command != NULL)
- {
-@@ -3216,6 +3324,7 @@
- log_msg("executing remote command as user %.200s", pw->pw_name);
- }
-
-+#ifndef HAVE_LOGIN_CAP_H
- #ifdef HAVE_SETLOGIN
- /* Set login name in the kernel. Warning: setsid() must be called before
- this. */
-@@ -3236,6 +3345,7 @@
- if (setpcred((char *)pw->pw_name, NULL))
- log_msg("setpcred %.100s: %.100s", strerror(errno));
- #endif /* HAVE_USERSEC_H */
-+#endif /* !HAVE_LOGIN_CAP_H */
-
- /* Save some data that will be needed so that we can do certain cleanups
- before we switch to user's uid. (We must clear all sensitive data
-@@ -3306,6 +3416,66 @@
- if (command != NULL || !options.use_login)
- #endif /* USELOGIN */
- {
-+#ifdef HAVE_LOGIN_CAP_H
-+ char *p, *s, **tmpenv;
-+
-+ /* Initialize the new environment.
-+ */
-+ envsize = 64;
-+ env = xmalloc(envsize * sizeof(char *));
-+ env[0] = NULL;
-+
-+ child_set_env(&env, &envsize, "PATH", DEFAULT_PATH);
-+
-+#ifdef MAIL_SPOOL_DIRECTORY
-+ sprintf(buf, "%.200s/%.50s", MAIL_SPOOL_DIRECTORY, user_name);
-+ child_set_env(&env, &envsize, "MAIL", buf);
-+#else /* MAIL_SPOOL_DIRECTORY */
-+#ifdef MAIL_SPOOL_FILE
-+ sprintf(buf, "%.200s/%.50s", user_dir, MAIL_SPOOL_FILE);
-+ child_set_env(&env, &envsize, "MAIL", buf);
-+#endif /* MAIL_SPOOL_FILE */
-+#endif /* MAIL_SPOOL_DIRECTORY */
-+
-+ /* Let it inherit timezone if we have one. */
-+ if (getenv("TZ"))
-+ child_set_env(&env, &envsize, "TZ", getenv("TZ"));
-+
-+ /* Save previous environment array
-+ */
-+ tmpenv = environ;
-+ environ = env;
-+
-+ /* Set the user's login environment
-+ */
-+ if (setusercontext(lc, pw, user_uid, LOGIN_SETALL) < 0)
-+ {
-+ perror("setusercontext");
-+ exit(1);
-+ }
-+
-+ p = getenv("PATH");
-+ s = xmalloc((p != NULL ? strlen(p) + 1 : 0) + sizeof(SSH_BINDIR));
-+ *s = '\0';
-+ if (p != NULL)
-+ {
-+ strcat(s, p);
-+ strcat(s, ":");
-+ }
-+ strcat(s, SSH_BINDIR);
-+
-+ env = environ;
-+ environ = tmpenv; /* Restore parent environment */
-+ for (envsize = 0; env[envsize] != NULL; ++envsize)
-+ ;
-+ /* Reallocate this to what is expected */
-+ envsize = (envsize < 100) ? 100 : envsize + 16;
-+ env = xrealloc(env, envsize * sizeof(char *));
-+
-+ child_set_env(&env, &envsize, "PATH", s);
-+ xfree(s);
-+
-+#else /* !HAVE_LOGIN_CAP_H */
- /* Set uid, gid, and groups. */
- if (getuid() == UID_ROOT || geteuid() == UID_ROOT)
- {
-@@ -3337,6 +3507,7 @@
-
- if (getuid() != user_uid || geteuid() != user_uid)
- fatal("Failed to set uids to %d.", (int)user_uid);
-+#endif /* HAVE_LOGIN_CAP_H */
- }
-
- /* Reset signals to their default settings before starting the user
-@@ -3364,11 +3535,16 @@
- and means /bin/sh. */
- shell = (user_shell[0] == '\0') ? DEFAULT_SHELL : user_shell;
-
-+#ifdef HAVE_LOGIN_CAP_H
-+ real_shell = login_getcapstr(lc, "shell", (char*)shell, (char*)shell);
-+ login_close(lc);
-+#else /* !HAVE_LOGIN_CAP_H */
- /* Initialize the environment. In the first part we allocate space for
- all environment variables. */
- envsize = 100;
- env = xmalloc(envsize * sizeof(char *));
- env[0] = NULL;
-+#endif /* HAVE_LOGIN_CAP_H */
-
- #ifdef USELOGIN
- if (command != NULL || !options.use_login)
-@@ -3378,6 +3554,8 @@
- child_set_env(&env, &envsize, "HOME", user_dir);
- child_set_env(&env, &envsize, "USER", user_name);
- child_set_env(&env, &envsize, "LOGNAME", user_name);
-+
-+#ifndef HAVE_LOGIN_CAP_H
- child_set_env(&env, &envsize, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
-
- #ifdef MAIL_SPOOL_DIRECTORY
-@@ -3389,6 +3567,7 @@
- child_set_env(&env, &envsize, "MAIL", buf);
- #endif /* MAIL_SPOOL_FILE */
- #endif /* MAIL_SPOOL_DIRECTORY */
-+#endif /* !HAVE_LOGIN_CAP_H */
-
- #ifdef HAVE_ETC_DEFAULT_LOGIN
- /* Read /etc/default/login; this exists at least on Solaris 2.x. Note
-@@ -3404,9 +3583,11 @@
- child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
- original_command);
-
-+#ifndef HAVE_LOGIN_CAP_H
- /* Let it inherit timezone if we have one. */
- if (getenv("TZ"))
- child_set_env(&env, &envsize, "TZ", getenv("TZ"));
-+#endif /* !HAVE_LOGIN_CAP_H */
-
- /* Set custom environment options from RSA authentication. */
- while (custom_environment)
-@@ -3632,7 +3813,11 @@
- struct stat mailbuf;
-
- if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0)
-+#ifdef __FreeBSD__
-+ ;
-+#else
- printf("No mail.\n");
-+#endif
- else if (mailbuf.st_atime > mailbuf.st_mtime)
- printf("You have mail.\n");
- else
-@@ -3647,7 +3832,11 @@
- /* Execute the shell. */
- argv[0] = buf;
- argv[1] = NULL;
-+#ifdef HAVE_LOGIN_CAP_H
-+ execve(real_shell, argv, env);
-+#else
- execve(shell, argv, env);
-+#endif /* HAVE_LOGIN_CAP_H */
- /* Executing the shell failed. */
- perror(shell);
- exit(1);
-@@ -3668,7 +3857,11 @@
- argv[1] = "-c";
- argv[2] = (char *)command;
- argv[3] = NULL;
-+#ifdef HAVE_LOGIN_CAP_H
-+ execve(real_shell, argv, env);
-+#else
- execve(shell, argv, env);
-+#endif /* HAVE_LOGIN_CAP_H */
- perror(shell);
- exit(1);
- }
+*** sshd.c.WAS Thu Jun 11 23:11:47 1998
+--- sshd.c Thu Jun 11 23:30:30 1998
+***************
+*** 2014,2020 ****
+ pwcopy.pw_class = xstrdup(pw->pw_class);
+ pwcopy.pw_change = pw->pw_change;
+ pwcopy.pw_expire = pw->pw_expire;
+! #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
+ pwcopy.pw_dir = xstrdup(pw->pw_dir);
+ pwcopy.pw_shell = xstrdup(pw->pw_shell);
+ pw = &pwcopy;
+--- 2014,2020 ----
+ pwcopy.pw_class = xstrdup(pw->pw_class);
+ pwcopy.pw_change = pw->pw_change;
+ pwcopy.pw_expire = pw->pw_expire;
+! #endif /* (__bsdi__ && _BSDI_VERSION >= 199510) || (__FreeBSD__ && HAVE_LOGIN_CAP_H) */
+ pwcopy.pw_dir = xstrdup(pw->pw_dir);
+ pwcopy.pw_shell = xstrdup(pw->pw_shell);
+ pw = &pwcopy;
+***************
+*** 3045,3054 ****
+ struct pty_cleanup_context cleanup_context;
+ #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ login_cap_t *lc;
+ #endif
+! #if defined (__bsdi__) && _BSDI_VERSION >= 199510
+ struct timeval tp;
+! #endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
+
+ #ifdef HAVE_OSF1_C2_SECURITY
+ {
+--- 3045,3055 ----
+ struct pty_cleanup_context cleanup_context;
+ #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
+ login_cap_t *lc;
++ time_t warnpassword, warnexpire;
+ #endif
+! #if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
+ struct timeval tp;
+! #endif /* __FreeBSD__ || (__bsdi__ && _BSDI_VERSION >= 199510) */
+
+ #ifdef HAVE_OSF1_C2_SECURITY
+ {
+***************
+*** 3183,3188 ****
+--- 3184,3197 ----
+ "The Regents of the University of California. ",
+ "All rights reserved.");
+ }
++ #ifdef HAVE_LOGIN_CAP_H
++ #define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */
++
++ warnpassword = login_getcaptime(lc, "warnpassword",
++ DEFAULT_WARN, DEFAULT_WARN);
++ warnexpire = login_getcaptime(lc, "warnexpire",
++ DEFAULT_WARN, DEFAULT_WARN);
++ #endif
+ #endif
+
+ /* Print /etc/motd unless a command was specified or printing it was
+***************
+*** 3206,3212 ****
+ fputs(line, stdout);
+ fclose(f);
+ }
+! #if defined (__bsdi__) && _BSDI_VERSION >= 199510
+ if (pw->pw_change || pw->pw_expire)
+ (void)gettimeofday(&tp, (struct timezone *)NULL);
+ if (pw->pw_change)
+--- 3215,3221 ----
+ fputs(line, stdout);
+ fclose(f);
+ }
+! #if defined(__FreeBSD__) || (defined(__bsdi__) && _BSDI_VERSION >= 199510)
+ if (pw->pw_change || pw->pw_expire)
+ (void)gettimeofday(&tp, (struct timezone *)NULL);
+ if (pw->pw_change)
+***************
+*** 3575,3581 ****
+ while (fgets(buf, sizeof(buf), f))
+ fputs(buf, stderr);
+ fclose(f);
+! #if defined (__bsdi__) && _BSDI_VERSION >= 199510
+ if (pw->pw_uid != UID_ROOT &&
+ !login_getcapbool(lc, "ignorenologin", 0))
+ exit(254);
+--- 3584,3590 ----
+ while (fgets(buf, sizeof(buf), f))
+ fputs(buf, stderr);
+ fclose(f);
+! #if (defined(__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
+ if (pw->pw_uid != UID_ROOT &&
+ !login_getcapbool(lc, "ignorenologin", 0))
+ exit(254);
+***************
+*** 4121,4127 ****
+--- 4130,4140 ----
+ struct stat mailbuf;
+
+ if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0)
++ #ifdef __FreeBSD__
++ ;
++ #else
+ printf("No mail.\n");
++ #endif
+ else if (mailbuf.st_atime > mailbuf.st_mtime)
+ printf("You have mail.\n");
+ else
diff --git a/security/ssh2/pkg-plist b/security/ssh2/pkg-plist
index c632301bd8c8..ff4c33783eb0 100644
--- a/security/ssh2/pkg-plist
+++ b/security/ssh2/pkg-plist
@@ -1,23 +1,39 @@
etc/rc.d/sshd.sh
bin/scp
+bin/scp1
bin/ssh
+bin/ssh1
@exec ln -fs %f %B/slogin
@unexec rm -f %B/slogin
bin/ssh-add
+bin/ssh-add1
bin/ssh-agent
+bin/ssh-agent1
bin/ssh-askpass
+bin/ssh-askpass1
bin/ssh-keygen
+bin/ssh-keygen1
bin/make-ssh-known-hosts
+bin/make-ssh-known-hosts1
etc/ssh_config
etc/sshd_config
man/man1/make-ssh-known-hosts.1.gz
+man/man1/make-ssh-known-hosts1.1.gz
man/man1/scp.1.gz
+man/man1/scp1.1.gz
man/man1/ssh-add.1.gz
+man/man1/ssh-add1.1.gz
man/man1/ssh-agent.1.gz
+man/man1/ssh-agent1.1.gz
man/man1/ssh-keygen.1.gz
+man/man1/ssh-keygen1.1.gz
man/man1/ssh.1.gz
+man/man1/ssh1.1.gz
@exec ln -fs %f %B/slogin.1.gz
@unexec rm -f %B/slogin.1.gz
+@unexec rm -f %B/slogin1.1.gz
man/man8/sshd.8.gz
+man/man8/sshd1.8.gz
sbin/sshd
+sbin/sshd1
@exec if [ ! -f %D/etc/ssh_host_key ]; then echo "Generating a secret host key.." ; %D/bin/ssh-keygen -N "" -f %D/etc/ssh_host_key; fi