kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

- Update from OpenSSH 2.2.0 to OpenSSH 2.9

Browse source 
- Features:
  Possible use of sftp/sftp-server with older FreeBSD releases.
  Use a newer version independently from the Base system.
  Easier to test and fix possible security bugs.
- Bugs:
  build of pam_ssm.so isn't be supported any more
  Any file named "cookie" can be deleted by this and any older "sshd"
  with X11 Forwarding.
This commit is contained in:
Dirk Meyer 2001-06-08 08:03:26 +00:00
parent 8eb353d24d
commit 152bebfc5c
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=43631
26 changed files with 184 additions and 925 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
security/openssh/Makefile
View file

@ -6,8 +6,7 @@
#
PORTNAME= OpenSSH
PORTVERSION= 2.2.0
PORTREVISION= 2
PORTVERSION= 2.9
CATEGORIES= security
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
@ -15,7 +14,7 @@ MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
DISTNAME= openssh-${PORTVERSION}
EXTRACT_SUFX= .tgz
MAINTAINER= ports@FreeBSD.org
MAINTAINER= dirk.meyer@dinoex.sub.org
USE_OPENSSL= YES
@ -62,23 +61,11 @@ post-extract:
@${CP} ${FILESDIR}/getnameinfo.c ${WRKSRC}/lib/
@${CP} ${FILESDIR}/netdb.h ${WRKSRC}/
.endif
@${MKDIR} ${WRKSRC}/pam_ssh
@${CP} ${FILESDIR}/pam_ssh_Makefile ${WRKSRC}/pam_ssh/Makefile
@${CP} ${FILESDIR}/pam_ssh.c ${WRKSRC}/pam_ssh/
post-patch:
@${PERL} -pi -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h \
${WRKSRC}/sshd_config ${WRKSRC}/pam_ssh/pam_ssh.c \
${WRKSRC}/sshd.sh
.if ${PAM} == yes
PLIST= ${WRKDIR}/PLIST
do-configure:
@${CP} ${PKGDIR}/pkg-plist ${PLIST}
@${ECHO} "@cwd /usr" >> ${PLIST}
@${ECHO} "lib/pam_ssh.so" >> ${PLIST}
.endif
${WRKSRC}/sshd_config ${WRKSRC}/sshd.sh \
${WRKSRC}/pathnames.h
post-install:
.if !exists(${PREFIX}/etc/ssh_host_key)

2
security/openssh/distinfo
View file

@ -1 +1 @@
MD5 (openssh-2.2.0.tgz) = 8ecfebc800f1c0646cbe09231a012764
MD5 (openssh-2.9.tgz) = 80b842f8bae8786b2a8b81ba8a09772a

496
security/openssh/files/pam_ssh.c
View file

@ -1,496 +0,0 @@
/*-
* Copyright (c) 1999 Andrew J. Korty
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*
*/
#include <sys/param.h>
#include <sys/queue.h>
#include <fcntl.h>
#include <paths.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#define PAM_SM_AUTH
#define PAM_SM_SESSION
#include <security/pam_modules.h>
#include <security/pam_mod_misc.h>
#include <openssl/dsa.h>
#include "includes.h"
#include "rsa.h"
#include "key.h"
#include "ssh.h"
#include "authfd.h"
#include "authfile.h"
#define MODULE_NAME "pam_ssh"
#define NEED_PASSPHRASE "Need passphrase for %s (%s).\nEnter passphrase: "
#define PATH_SSH_AGENT "__PREFIX__/bin/ssh-agent"
void
rsa_cleanup(pam_handle_t *pamh, void *data, int error_status)
{
if (data)
RSA_free(data);
}
void
ssh_cleanup(pam_handle_t *pamh, void *data, int error_status)
{
if (data)
free(data);
}
/*
* The following set of functions allow the module to manipulate the
* environment without calling the putenv() or setenv() stdlib functions.
* At least one version of these functions, on the first call, copies
* the environment into dynamically-allocated memory and then augments
* it. On subsequent calls, the realloc() call is used to grow the
* previously allocated buffer. Problems arise when the "environ"
* variable is changed to point to static memory after putenv()/setenv()
* have been called.
*
* We don't use putenv() or setenv() in case the application subsequently
* manipulates environ, (e.g., to clear the environment by pointing
* environ at an array of one element equal to NULL).
*/
SLIST_HEAD(env_head, env_entry);
struct env_entry {
char *ee_env;
SLIST_ENTRY(env_entry) ee_entries;
};
typedef struct env {
char **e_environ_orig;
char **e_environ_new;
int e_count;
struct env_head e_head;
int e_committed;
} ENV;
extern char **environ;
static ENV *
env_new(void)
{
ENV *self;
if (!(self = malloc(sizeof (ENV)))) {
syslog(LOG_CRIT, "%m");
return NULL;
}
SLIST_INIT(&self->e_head);
self->e_count = 0;
self->e_committed = 0;
return self;
}
static int
env_put(ENV *self, char *s)
{
struct env_entry *env;
if (!(env = malloc(sizeof (struct env_entry))) ||
!(env->ee_env = strdup(s))) {
syslog(LOG_CRIT, "%m");
return PAM_SERVICE_ERR;
}
SLIST_INSERT_HEAD(&self->e_head, env, ee_entries);
++self->e_count;
return PAM_SUCCESS;
}
static void
env_swap(ENV *self, int which)
{
environ = which ? self->e_environ_new : self->e_environ_orig;
}
static int
env_commit(ENV *self)
{
int n;
struct env_entry *p;
char **v;
for (v = environ, n = 0; v && *v; v++, n++)
;
if (!(v = malloc((n + self->e_count + 1) * sizeof (char *)))) {
syslog(LOG_CRIT, "%m");
return PAM_SERVICE_ERR;
}
self->e_committed = 1;
(void)memcpy(v, environ, n * sizeof (char *));
SLIST_FOREACH(p, &self->e_head, ee_entries)
v[n++] = p->ee_env;
v[n] = NULL;
self->e_environ_orig = environ;
self->e_environ_new = v;
env_swap(self, 1);
return PAM_SUCCESS;
}
static void
env_destroy(ENV *self)
{
struct env_entry *p;
env_swap(self, 0);
SLIST_FOREACH(p, &self->e_head, ee_entries) {
free(p->ee_env);
free(p);
}
if (self->e_committed)
free(self->e_environ_new);
free(self);
}
void
env_cleanup(pam_handle_t *pamh, void *data, int error_status)
{
if (data)
env_destroy(data);
}
typedef struct passwd PASSWD;
PAM_EXTERN int
pam_sm_authenticate(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
char *comment_priv; /* on private key */
char *comment_pub; /* on public key */
char *identity; /* user's identity file */
Key key; /* user's private key */
int options; /* module options */
const char *pass; /* passphrase */
char *prompt; /* passphrase prompt */
Key public_key; /* user's public key */
const PASSWD *pwent; /* user's passwd entry */
PASSWD *pwent_keep; /* our own copy */
int retval; /* from calls */
uid_t saved_uid; /* caller's uid */
const char *user; /* username */
options = 0;
while (argc--)
pam_std_option(&options, *argv++);
if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
return retval;
if (!((pwent = getpwnam(user)) && pwent->pw_dir)) {
/* delay? */
return PAM_AUTH_ERR;
}
/* locate the user's private key file */
if (!asprintf(&identity, "%s/%s", pwent->pw_dir,
SSH_CLIENT_IDENTITY)) {
syslog(LOG_CRIT, "%s: %m", MODULE_NAME);
return PAM_SERVICE_ERR;
}
/*
* Fail unless we can load the public key. Change to the
* owner's UID to appease load_public_key().
*/
key.type = KEY_RSA;
key.rsa = RSA_new();
public_key.type = KEY_RSA;
public_key.rsa = RSA_new();
saved_uid = getuid();
(void)setreuid(pwent->pw_uid, saved_uid);
retval = load_public_key(identity, &public_key, &comment_pub);
(void)setuid(saved_uid);
if (!retval) {
free(identity);
return PAM_AUTH_ERR;
}
RSA_free(public_key.rsa);
/* build the passphrase prompt */
retval = asprintf(&prompt, NEED_PASSPHRASE, identity, comment_pub);
free(comment_pub);
if (!retval) {
syslog(LOG_CRIT, "%s: %m", MODULE_NAME);
free(identity);
return PAM_SERVICE_ERR;
}
/* pass prompt message to application and receive passphrase */
retval = pam_get_pass(pamh, &pass, prompt, options);
free(prompt);
if (retval != PAM_SUCCESS) {
free(identity);
return retval;
}
/*
* Try to decrypt the private key with the passphrase provided.
* If success, the user is authenticated.
*/
(void)setreuid(pwent->pw_uid, saved_uid);
retval = load_private_key(identity, pass, &key, &comment_priv);
free(identity);
(void)setuid(saved_uid);
if (!retval)
return PAM_AUTH_ERR;
/*
* Save the key and comment to pass to ssh-agent in the session
* phase.
*/
if ((retval = pam_set_data(pamh, "ssh_private_key", key.rsa,
rsa_cleanup)) != PAM_SUCCESS) {
RSA_free(key.rsa);
free(comment_priv);
return retval;
}
if ((retval = pam_set_data(pamh, "ssh_key_comment", comment_priv,
ssh_cleanup)) != PAM_SUCCESS) {
free(comment_priv);
return retval;
}
/*
* Copy the passwd entry (in case successive calls are made)
* and save it for the session phase.
*/
if (!(pwent_keep = malloc(sizeof *pwent))) {
syslog(LOG_CRIT, "%m");
return PAM_SERVICE_ERR;
}
(void)memcpy(pwent_keep, pwent, sizeof *pwent_keep);
if ((retval = pam_set_data(pamh, "ssh_passwd_entry", pwent_keep,
ssh_cleanup)) != PAM_SUCCESS) {
free(pwent_keep);
return retval;
}
return PAM_SUCCESS;
}
PAM_EXTERN int
pam_sm_setcred(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
return PAM_SUCCESS;
}
typedef AuthenticationConnection AC;
PAM_EXTERN int
pam_sm_open_session(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
AC *ac; /* to ssh-agent */
char *comment; /* on private key */
char *env_end; /* end of env */
char *env_file; /* to store env */
FILE *env_fp; /* env_file handle */
Key key; /* user's private key */
FILE *pipe; /* ssh-agent handle */
const PASSWD *pwent; /* user's passwd entry */
int retval; /* from calls */
uid_t saved_uid; /* caller's uid */
ENV *ssh_env; /* env handle */
const char *tty; /* tty or display name */
char hname[MAXHOSTNAMELEN]; /* local hostname */
char parse[BUFSIZ]; /* commands output */
/* dump output of ssh-agent in ~/.ssh */
if ((retval = pam_get_data(pamh, "ssh_passwd_entry",
(const void **)&pwent)) != PAM_SUCCESS)
return retval;
/* use the tty or X display name in the filename */
if ((retval = pam_get_item(pamh, PAM_TTY, (const void **)&tty))
!= PAM_SUCCESS)
return retval;
if (*tty == ':' && gethostname(hname, sizeof hname) == 0) {
if (asprintf(&env_file, "%s/.ssh/agent-%s%s",
pwent->pw_dir, hname, tty) == -1) {
syslog(LOG_CRIT, "%s: %m", MODULE_NAME);
return PAM_SERVICE_ERR;
}
} else if (asprintf(&env_file, "%s/.ssh/agent-%s", pwent->pw_dir,
tty) == -1) {
syslog(LOG_CRIT, "%s: %m", MODULE_NAME);
return PAM_SERVICE_ERR;
}
/* save the filename so we can delete the file on session close */
if ((retval = pam_set_data(pamh, "ssh_agent_env", env_file,
ssh_cleanup)) != PAM_SUCCESS) {
free(env_file);
return retval;
}
/* start the agent as the user */
saved_uid = geteuid();
(void)seteuid(pwent->pw_uid);
env_fp = fopen(env_file, "w");
pipe = popen(PATH_SSH_AGENT, "r");
(void)seteuid(saved_uid);
if (!pipe) {
syslog(LOG_ERR, "%s: %s: %m", MODULE_NAME, PATH_SSH_AGENT);
if (env_fp)
(void)fclose(env_fp);
return PAM_SESSION_ERR;
}
if (!(ssh_env = env_new()))
return PAM_SESSION_ERR;
if ((retval = pam_set_data(pamh, "ssh_env_handle", ssh_env,
env_cleanup)) != PAM_SUCCESS)
return retval;
while (fgets(parse, sizeof parse, pipe)) {
if (env_fp)
(void)fputs(parse, env_fp);
/*
* Save environment for application with pam_putenv()
* but also with env_* functions for our own call to
* ssh_get_authentication_connection().
*/
if (strchr(parse, '=') && (env_end = strchr(parse, ';'))) {
*env_end = '\0';
/* pass to the application ... */
if (!((retval = pam_putenv(pamh, parse)) ==
PAM_SUCCESS)) {
(void)pclose(pipe);
if (env_fp)
(void)fclose(env_fp);
env_destroy(ssh_env);
return PAM_SERVICE_ERR;
}
env_put(ssh_env, parse);
}
}
if (env_fp)
(void)fclose(env_fp);
switch (retval = pclose(pipe)) {
case -1:
syslog(LOG_ERR, "%s: %s: %m", MODULE_NAME, PATH_SSH_AGENT);
env_destroy(ssh_env);
return PAM_SESSION_ERR;
case 0:
break;
case 127:
syslog(LOG_ERR, "%s: cannot execute %s", MODULE_NAME,
PATH_SSH_AGENT);
env_destroy(ssh_env);
return PAM_SESSION_ERR;
default:
syslog(LOG_ERR, "%s: %s exited with status %d",
MODULE_NAME, PATH_SSH_AGENT, WEXITSTATUS(retval));
env_destroy(ssh_env);
return PAM_SESSION_ERR;
}
key.type = KEY_RSA;
/* connect to the agent and hand off the private key */
if ((retval = pam_get_data(pamh, "ssh_private_key",
(const void **)&key.rsa)) != PAM_SUCCESS ||
(retval = pam_get_data(pamh, "ssh_key_comment",
(const void **)&comment)) != PAM_SUCCESS ||
(retval = env_commit(ssh_env)) != PAM_SUCCESS) {
env_destroy(ssh_env);
return retval;
}
if (!(ac = ssh_get_authentication_connection())) {
syslog(LOG_ERR, "%s: could not connect to agent",
MODULE_NAME);
env_destroy(ssh_env);
return PAM_SESSION_ERR;
}
retval = ssh_add_identity(ac, &key, comment);
ssh_close_authentication_connection(ac);
env_swap(ssh_env, 0);
return retval ? PAM_SUCCESS : PAM_SESSION_ERR;
}
PAM_EXTERN int
pam_sm_close_session(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
const char *env_file; /* ssh-agent environment */
int retval; /* from calls */
ENV *ssh_env; /* env handle */
if ((retval = pam_get_data(pamh, "ssh_env_handle",
(const void **)&ssh_env)) != PAM_SUCCESS)
return retval;
env_swap(ssh_env, 1);
/* kill the agent */
retval = system(PATH_SSH_AGENT " -k");
env_destroy(ssh_env);
switch (retval) {
case -1:
syslog(LOG_ERR, "%s: %s -k: %m", MODULE_NAME,
PATH_SSH_AGENT);
return PAM_SESSION_ERR;
case 0:
break;
case 127:
syslog(LOG_ERR, "%s: cannot execute %s -k", MODULE_NAME,
PATH_SSH_AGENT);
return PAM_SESSION_ERR;
default:
syslog(LOG_ERR, "%s: %s -k exited with status %d",
MODULE_NAME, PATH_SSH_AGENT, WEXITSTATUS(retval));
return PAM_SESSION_ERR;
}
/* retrieve environment filename, then remove the file */
if ((retval = pam_get_data(pamh, "ssh_agent_env",
(const void **)&env_file)) != PAM_SUCCESS)
return retval;
(void)unlink(env_file);
return PAM_SUCCESS;
}
PAM_MODULE_ENTRY(MODULE_NAME);

15
security/openssh/files/pam_ssh_Makefile
View file

@ -1,15 +0,0 @@
# PAM module for SSH
# $FreeBSD$
.PATH: ${.CURDIR}/..
LIB= pam_ssh
DESTDIR=
SHLIB_NAME= pam_ssh.so
SRCS= log-client.c pam_ssh.c
CFLAGS+= -Wall
DPADD+= ${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ} ${LIBGCC_PIC}
LDADD+= ${CRYPTOLIBS} -lutil -lz -lgcc_pic
INTERNALLIB= yes
INTERNALSTATICLIB=yes
.include <bsd.lib.mk>

14
security/openssh/files/patch-aa
View file

@ -1,15 +1,13 @@
--- Makefile.orig Wed Feb 23 06:18:58 2000
+++ Makefile Wed Feb 23 06:22:22 2000
@@ -1,13 +1,17 @@
# $OpenBSD: Makefile,v 1.5 1999/10/25 20:27:26 markus Exp $
--- Makefile.orig Sun Feb 4 12:11:53 2001
+++ Makefile Sat May 26 16:03:54 2001
@@ -1,14 +1,15 @@
# $OpenBSD: Makefile,v 1.8 2001/02/04 11:11:53 djm Exp $
.include <bsd.own.mk>
+.include "Makefile.inc"
SUBDIR= lib ssh sshd ssh-add ssh-keygen ssh-agent scp
+.if ${PAM} == yes
+SUBDIR+= pam_ssh
+.endif
SUBDIR= lib ssh sshd ssh-add ssh-keygen ssh-agent scp sftp-server \
ssh-keyscan sftp
distribution:
- install -C -o root -g wheel -m 0644 ${.CURDIR}/ssh_config \

16
security/openssh/files/patch-ad
View file

@ -1,11 +1,11 @@
--- lib/Makefile.orig Sat Aug 19 17:34:44 2000
+++ lib/Makefile Sat Nov 4 16:41:11 2000
@@ -5,7 +5,12 @@
cipher.c compat.c compress.c crc32.c deattack.c \
--- lib/Makefile.orig Tue Apr 3 21:53:30 2001
+++ lib/Makefile Sat May 26 14:39:03 2001
@@ -8,7 +8,12 @@
hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \
rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
- key.c dispatch.c dsa.c kex.c hmac.c uuencode.c util.c
+ key.c dispatch.c dsa.c kex.c hmac.c uuencode.c util.c \
key.c dispatch.c kex.c mac.c uuencode.c misc.c \
- cli.c rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c
+ cli.c rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \
+ strlcpy.c strlcat.c
+
+.if defined(COMPAT_GETADDRINFO)
@ -14,11 +14,11 @@
NOPROFILE= yes
NOPIC= yes
@@ -14,6 +19,7 @@
@@ -17,6 +22,7 @@
@echo -n
.include <bsd.own.mk>
+.include "../Makefile.inc"
.if (${KERBEROS} == "yes")
.if (${KERBEROS:L} == "yes")
CFLAGS+= -DKRB4 -I${DESTDIR}/usr/include/kerberosIV

12
security/openssh/files/patch-ae
View file

@ -1,8 +1,8 @@
--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/login.c Tue Nov 23 18:55:14 1999
+++ ./login.c Tue Nov 23 19:35:08 1999
@@ -20,7 +20,11 @@
--- sshlogin.c.orig Sat Mar 24 17:43:27 2001
+++ sshlogin.c Sat May 26 14:42:30 2001
@@ -41,7 +41,11 @@
#include "includes.h"
RCSID("$Id: login.c,v 1.8 1999/11/23 22:25:54 markus Exp $");
RCSID("$OpenBSD: sshlogin.c,v 1.2 2001/03/24 16:43:27 stevesk Exp $");
+#ifdef __FreeBSD__
+#include <libutil.h>
@ -10,5 +10,5 @@
#include <util.h>
+#endif /* __FreeBSD__ */
#include <utmp.h>
#include "ssh.h"
#include "sshlogin.h"
#include "log.h"

20
security/openssh/files/patch-ag
View file

@ -1,6 +1,6 @@
--- ssh/Makefile.orig Thu Jun 29 14:35:47 2000
+++ ssh/Makefile Sat Nov 4 16:58:41 2000
@@ -5,8 +5,8 @@
--- ssh/Makefile.orig Sat Apr 14 18:33:20 2001
+++ ssh/Makefile Sat May 26 14:54:24 2001
@@ -7,8 +7,8 @@
BINMODE?=4555
@ -11,26 +11,26 @@
LINKS= ${BINDIR}/ssh ${BINDIR}/slogin
MLINKS= ssh.1 slogin.1
@@ -14,10 +14,11 @@
@@ -16,10 +16,11 @@
sshconnect.c sshconnect1.c sshconnect2.c
.include <bsd.own.mk> # for AFS
+.include "../Makefile.inc"
.if (${KERBEROS} == "yes")
.if (${KERBEROS:L} == "yes")
-CFLAGS+= -DKRB4 -I${DESTDIR}/usr/include/kerberosIV
-LDADD+= -lkrb
+CFLAGS+= -DKRB4 -I/usr/include/kerberosIV
+LDADD+= -lkrb -lcom_err
DPADD+= ${LIBKRB}
.if (${AFS} == "yes")
.if (${AFS:L} == "yes")
CFLAGS+= -DAFS
@@ -27,6 +28,7 @@
@@ -29,6 +30,7 @@
.endif # KERBEROS
.include <bsd.prog.mk>
+.include "../Makefile.inc"
-LDADD+= -lutil -lz -lcrypto
+LDADD+= -lutil -lz ${CRYPTOLIBS}
DPADD+= ${LIBCRYPTO} ${LIBUTIL} ${LIBZ}
-LDADD+= -lcrypto -lz
+LDADD+= ${CRYPTOLIBS} -lz
DPADD+= ${LIBCRYPTO} ${LIBZ}

14
security/openssh/files/patch-ah
View file

@ -1,6 +1,6 @@
--- ssh-add/Makefile.orig Thu Jun 29 14:35:47 2000
+++ ssh-add/Makefile Sat Nov 4 17:01:50 2000
@@ -5,12 +5,12 @@
--- ssh-add/Makefile.orig Sun Mar 4 01:51:25 2001
+++ ssh-add/Makefile Sat May 26 14:56:29 2001
@@ -7,12 +7,12 @@
BINMODE?=555
@ -9,10 +9,10 @@
+BINDIR= /bin
+MAN1= ssh-add.1
SRCS= ssh-add.c log-client.c
SRCS= ssh-add.c
.include <bsd.prog.mk>
-LDADD+= -lcrypto -lutil -lz
+LDADD+= ${CRYPTOLIBS} -lutil -lz
DPADD+= ${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ}
-LDADD+= -lcrypto
+LDADD+= ${CRYPTOLIBS}
DPADD+= ${LIBCRYPTO}

14
security/openssh/files/patch-ai
View file

@ -1,6 +1,6 @@
--- ssh-agent/Makefile.orig Thu Jun 29 14:35:48 2000
+++ ssh-agent/Makefile Sat Nov 4 17:06:34 2000
@@ -5,12 +5,12 @@
--- ssh-agent/Makefile.orig Sun Mar 4 01:51:25 2001
+++ ssh-agent/Makefile Sat May 26 14:58:48 2001
@@ -7,12 +7,12 @@
BINMODE?=555
@ -9,10 +9,10 @@
+BINDIR= /bin
+MAN1= ssh-agent.1
SRCS= ssh-agent.c log-client.c
SRCS= ssh-agent.c
.include <bsd.prog.mk>
-LDADD+= -lcrypto -lutil -lz
+LDADD+= ${CRYPTOLIBS} -lutil -lz
DPADD+= ${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ}
-LDADD+= -lcrypto
+LDADD+= ${CRYPTOLIBS}
DPADD+= ${LIBCRYPTO}

14
security/openssh/files/patch-aj
View file

@ -1,6 +1,6 @@
--- ssh-keygen/Makefile.orig Thu Jun 29 14:35:48 2000
+++ ssh-keygen/Makefile Sat Nov 4 17:06:49 2000
@@ -5,12 +5,12 @@
--- ssh-keygen/Makefile.orig Sun Mar 4 01:51:26 2001
+++ ssh-keygen/Makefile Sat May 26 15:02:25 2001
@@ -7,12 +7,12 @@
BINMODE?=555
@ -9,10 +9,10 @@
+BINDIR= /bin
+MAN1= ssh-keygen.1
SRCS= ssh-keygen.c log-client.c
SRCS= ssh-keygen.c
.include <bsd.prog.mk>
-LDADD+= -lcrypto -lutil -lz
+LDADD+= ${CRYPTOLIBS} -lutil -lz
DPADD+= ${LIBCRYPTO} ${LIBDES} ${LIBUTIL} ${LIBZ}
-LDADD+= -lcrypto
+LDADD+= ${CRYPTOLIBS}
DPADD+= ${LIBCRYPTO}

18
security/openssh/files/patch-ak
View file

@ -1,6 +1,6 @@
--- ssh.c.orig Tue May 30 23:36:40 2000
+++ ssh.c Tue Jun 20 16:15:29 2000
@@ -156,6 +156,9 @@
--- ssh.c.orig Tue Apr 17 14:55:04 2001
+++ ssh.c Sat May 26 15:05:28 2001
@@ -199,6 +199,9 @@
log("Using rsh. WARNING: Connection will not be encrypted.");
/* Build argument list for rsh. */
i = 0;
@ -10,15 +10,3 @@
args[i++] = _PATH_RSH;
/* host may have to come after user on some systems */
args[i++] = host;
@@ -482,6 +485,11 @@
pwcopy.pw_gid = pw->pw_gid;
pwcopy.pw_dir = xstrdup(pw->pw_dir);
pwcopy.pw_shell = xstrdup(pw->pw_shell);
+#ifdef __FreeBSD__
+ pwcopy.pw_class = xstrdup(pw->pw_class);
+ pwcopy.pw_expire = pw->pw_expire;
+ pwcopy.pw_change = pw->pw_change;
+#endif /* __FreeBSD__ */
pw = &pwcopy;
/* Initialize "log" output. Since we are the client all output

24
security/openssh/files/patch-al
View file

@ -1,20 +1,20 @@
--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/ssh.h Sun Nov 28 16:47:46 1999
+++ ssh.h Sun Nov 28 17:00:07 1999
@@ -61,7 +61,7 @@
--- pathnames.h.orig Thu Apr 12 21:15:24 2001
+++ pathnames.h Sat May 26 15:11:30 2001
@@ -12,7 +12,7 @@
* called by a name other than "ssh" or "Secure Shell".
*/
#define SSH_SERVICE_NAME "ssh"
-#define ETCDIR "/etc"
+#define ETCDIR "__PREFIX__/etc"
#define PIDDIR "/var/run"
-#define ETCDIR "/etc"
+#define ETCDIR "__PREFIX__/etc"
#define _PATH_SSH_PIDDIR "/var/run"
/*
@@ -78,7 +78,7 @@
#define SERVER_CONFIG_FILE ETCDIR "/sshd_config"
#define HOST_CONFIG_FILE ETCDIR "/ssh_config"
@@ -33,7 +33,7 @@
#define _PATH_HOST_RSA_KEY_FILE ETCDIR "/ssh_host_rsa_key"
#define _PATH_DH_PRIMES ETCDIR "/primes"
-#define SSH_PROGRAM "/usr/bin/ssh"
+#define SSH_PROGRAM "__PREFIX__/bin/ssh"
-#define _PATH_SSH_PROGRAM "/usr/bin/ssh"
+#define _PATH_SSH_PROGRAM "__PREFIX__/bin/ssh"
/*
* The process id of the daemon listening for connections is saved here to

22
security/openssh/files/patch-ao
View file

@ -1,29 +1,35 @@
--- sshd_config.orig Fri Aug 4 16:30:35 2000
+++ sshd_config Sat Nov 4 17:32:28 2000
@@ -4,12 +4,11 @@
--- sshd_config.orig Sat May 26 14:48:18 2001
+++ sshd_config Sat May 26 15:15:11 2001
@@ -7,13 +7,13 @@
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
-HostKey /etc/ssh_host_key
-HostKey /etc/ssh_host_rsa_key
-HostKey /etc/ssh_host_dsa_key
+HostKey /usr/local/etc/ssh_host_key
+HostKey /usr/local/etc/ssh_host_rsa_key
+HostKey /usr/local/etc/ssh_host_dsa_key
ServerKeyBits 768
-LoginGraceTime 600
+LoginGraceTime 120
KeyRegenerationInterval 3600
-PermitRootLogin yes
-#
+PermitRootLogin no
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
@@ -48,7 +47,7 @@
@@ -57,10 +57,10 @@
#KerberosTgtPassing yes
#CheckMail yes
-#UseLogin no
+UseLogin no
-#Subsystem sftp /usr/local/sbin/sftpd
-#MaxStartups 10:30:60
+Subsystem sftp /usr/local/sbin/sftpd
+MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
-Subsystem sftp /usr/libexec/sftp-server
+Subsystem sftp /usr/local/libexec/sftp-server

59
security/openssh/files/patch-ap
View file

@ -1,50 +1,11 @@
Index: clientloop.c
===================================================================
RCS file: /usr2/ncvs/src/crypto/openssh/clientloop.c,v
retrieving revision 1.1.1.3
diff -u -r1.1.1.3 clientloop.c
--- clientloop.c 2000/09/10 08:29:25 1.1.1.3
+++ clientloop.c 2000/11/14 03:15:02
@@ -75,6 +75,8 @@
#include "buffer.h"
#include "bufaux.h"
--- clientloop.c.orig Fri Apr 20 09:17:51 2001
+++ clientloop.c Sat May 26 15:18:51 2001
@@ -1131,7 +1131,7 @@
+extern Options options;
+
/* Flag indicating that stdin should be redirected from /dev/null. */
extern int stdin_null_flag;
@@ -793,7 +795,6 @@
int
client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
{
- extern Options options;
double start_time, total_time;
int len;
char buf[100];
@@ -1036,7 +1037,7 @@
debug("client_input_channel_open: ctype %s rchan %d win %d max %d",
ctype, rchan, rwindow, rmaxpack);
- if (strcmp(ctype, "x11") == 0) {
+ if (strcmp(ctype, "x11") == 0 && options.forward_x11) {
int sock;
char *originator;
int originator_port;
@@ -1108,11 +1109,14 @@
dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
- dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request);
dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status);
dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data);
dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
- dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open);
+
+ dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ?
+ &auth_input_open_request : NULL);
+ dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
+ &x11_input_open : NULL);
}
void
client_init_dispatch_15()
if (strcmp(ctype, "forwarded-tcpip") == 0) {
c = client_request_forwarded_tcpip(ctype, rchan);
- } else if (strcmp(ctype, "x11") == 0) {
+ } else if (strcmp(ctype, "x11") == 0 && options.forward_x11) {
c = client_request_x11(ctype, rchan);
} else if (strcmp(ctype, "auth-agent@openssh.com") == 0) {
c = client_request_agent(ctype, rchan);

12
security/openssh/files/patch-as
View file

@ -1,14 +1,14 @@
--- pty.c.orig Thu Dec 23 01:13:10 1999
+++ pty.c Thu Dec 23 01:14:05 1999
@@ -16,7 +16,11 @@
--- sshpty.c.orig Sun Mar 4 02:46:30 2001
+++ sshpty.c Sat May 26 15:21:34 2001
@@ -14,7 +14,11 @@
#include "includes.h"
RCSID("$Id: pty.c,v 1.11 1999/12/11 09:35:46 markus Exp $");
RCSID("$OpenBSD: sshpty.c,v 1.1 2001/03/04 01:46:30 djm Exp $");
+#ifdef __FreeBSD__
+#include <libutil.h>
+#else
#include <util.h>
+#endif
#include "pty.h"
#include "ssh.h"
#include "sshpty.h"
#include "log.h"

53
security/openssh/files/patch-au
View file

@ -1,8 +1,8 @@
--- /home/bright/ssh/ssh/session.c Sun Aug 27 20:50:54 2000
+++ session.c Fri Feb 9 11:19:14 2001
@@ -28,6 +28,12 @@
#include "auth.h"
#include "auth-options.h"
--- session.c.orig Tue Apr 17 21:34:25 2001
+++ session.c Sat May 26 15:45:15 2001
@@ -58,6 +58,12 @@
#include "canohost.h"
#include "session.h"
+#ifdef __FreeBSD__
+#include <libutil.h>
@ -10,10 +10,10 @@
+#include <time.h>
+#endif /* __FreeBSD__ */
+
#ifdef HAVE_LOGIN_CAP
#include <login_cap.h>
#endif
@@ -413,6 +419,13 @@
/* types */
#define TTYSZ 64
@@ -461,6 +467,13 @@
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
@ -22,12 +22,12 @@
+ */
+ if (command != NULL)
+ options.use_login = 0;
+
+
+ /*
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
*/
@@ -516,6 +529,13 @@
@@ -566,6 +579,13 @@
/* Child. Reinitialize the log because the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
@ -37,22 +37,26 @@
+ */
+ if (command != NULL)
+ options.use_login = 0;
+
+
/* Close the master side of the pseudo tty. */
close(ptyfd);
@@ -602,6 +622,7 @@
@@ -639,6 +659,11 @@
time_t last_login_time;
struct passwd * pw = s->pw;
pid_t pid = getpid();
+#ifdef HAVE_LOGIN_CAP
+ FILE *f;
+ char buf[256];
+ char *fname;
+#endif /* HAVE_LOGIN_CAP */
/*
* Get IP address of client. If the connection is not a socket, let
@@ -644,6 +665,20 @@
else
printf("Last login: %s from %s\r\n", time_string, buf);
@@ -679,6 +704,21 @@
printf("Last login: %s from %s\r\n", time_string, hostname);
}
+#ifdef HAVE_LOGIN_CAP
+ if (!options.use_login) {
+ fname = login_getcapstr(lc, "copyright", NULL, NULL);
@ -67,10 +71,11 @@
+ "All rights reserved.");
+ }
+#endif /* HAVE_LOGIN_CAP */
if (options.print_motd) {
#ifdef HAVE_LOGIN_CAP
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
@@ -949,7 +984,7 @@
+
do_motd();
}
@@ -1027,7 +1067,7 @@
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
*/
@ -79,11 +84,10 @@
close(i);
/* Change current directory to the user\'s home directory. */
@@ -973,7 +1008,27 @@
@@ -1051,6 +1091,26 @@
* in this order).
*/
if (!options.use_login) {
- if (stat(SSH_USER_RC, &st) >= 0) {
+#ifdef __FreeBSD__
+ /*
+ * If the password change time is set and has passed, give the
@ -104,7 +108,6 @@
+ }
+ }
+#endif /* __FreeBSD__ */
+ if (stat(SSH_USER_RC, &st) >= 0) {
/* ignore _PATH_SSH_USER_RC for subsystems */
if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
if (debug_flag)
fprintf(stderr, "Running /bin/sh %s\n", SSH_USER_RC);

14
security/openssh/files/patch-aw
View file

@ -1,14 +0,0 @@
--- auth1.c.orig Thu Apr 20 17:21:58 2000
+++ auth1.c Thu Apr 20 17:50:06 2000
@@ -523,6 +532,11 @@
pwcopy.pw_gid = pw->pw_gid;
pwcopy.pw_dir = xstrdup(pw->pw_dir);
pwcopy.pw_shell = xstrdup(pw->pw_shell);
+#ifdef __FreeBSD__
+ pwcopy.pw_class = xstrdup(pw->pw_class);
+ pwcopy.pw_expire = pw->pw_expire;
+ pwcopy.pw_change = pw->pw_change;
+#endif /* __FreeBSD__ */
pw = &pwcopy;
/*

14
security/openssh/files/patch-ay
View file

@ -1,14 +0,0 @@
--- auth2.c.orig Tue Jun 27 14:20:06 2000
+++ auth2.c Tue Jun 27 14:21:20 2000
@@ -357,6 +357,11 @@
copy->pw_gid = pw->pw_gid;
copy->pw_dir = xstrdup(pw->pw_dir);
copy->pw_shell = xstrdup(pw->pw_shell);
+#ifdef __FreeBSD__
+ copy->pw_class = xstrdup(pw->pw_class);
+ copy->pw_expire = pw->pw_expire;
+ copy->pw_change = pw->pw_change;
+#endif /* __FreeBSD__ */
authctxt->valid = 1;
} else {
if (strcmp(u, authctxt->user) != 0 ||

11
security/openssh/files/patch-az
View file

@ -1,11 +0,0 @@
--- /home/bright/ssh/ssh/deattack.c Fri Aug 18 19:17:12 2000
+++ deattack.c Fri Feb 9 10:58:54 2001
@@ -84,7 +84,7 @@
detect_attack(unsigned char *buf, u_int32_t len, unsigned char *IV)
{
static u_int16_t *h = (u_int16_t *) NULL;
- static u_int16_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
register u_int32_t i, j;
u_int32_t l;
register unsigned char *c;

189
security/openssh/files/patch-bleichenbacher
View file

@ -1,189 +0,0 @@
Index: rsa.h
===================================================================
RCS file: /usr2/ncvs/src/crypto/openssh/rsa.h,v
retrieving revision 1.2.2.2
diff -u -r1.2.2.2 rsa.h
--- rsa.h 2000/10/28 23:00:49 1.2.2.2
+++ rsa.h 2001/02/12 04:03:40
@@ -32,6 +32,6 @@
int rsa_alive __P((void));
void rsa_public_encrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv));
-void rsa_private_decrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv));
+int rsa_private_decrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv));
#endif /* RSA_H */
Index: ssh-agent.c
===================================================================
RCS file: /usr2/ncvs/src/crypto/openssh/ssh-agent.c,v
retrieving revision 1.2.2.5
diff -u -r1.2.2.5 ssh-agent.c
--- ssh-agent.c 2001/02/04 20:24:33 1.2.2.5
+++ ssh-agent.c 2001/02/12 04:03:40
@@ -194,7 +194,8 @@
private = lookup_private_key(key, NULL, 1);
if (private != NULL) {
/* Decrypt the challenge using the private key. */
- rsa_private_decrypt(challenge, challenge, private->rsa);
+ if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0)
+ goto failure;
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
Index: sshconnect1.c
===================================================================
RCS file: /usr2/ncvs/src/crypto/openssh/sshconnect1.c,v
retrieving revision 1.2.2.3
diff -u -r1.2.2.3 sshconnect1.c
--- sshconnect1.c 2001/01/12 04:25:58 1.2.2.3
+++ sshconnect1.c 2001/02/12 04:03:40
@@ -152,14 +152,17 @@
int i, len;
/* Decrypt the challenge using the private key. */
- rsa_private_decrypt(challenge, challenge, prv);
+ /* XXX think about Bleichenbacher, too */
+ if (rsa_private_decrypt(challenge, challenge, prv) <= 0)
+ packet_disconnect(
+ "respond_to_rsa_challenge: rsa_private_decrypt failed");
/* Compute the response. */
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
if (len <= 0 || len > sizeof(buf))
- packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
- len);
+ packet_disconnect(
+ "respond_to_rsa_challenge: bad challenge length %d", len);
memset(buf, 0, sizeof(buf));
BN_bn2bin(challenge, buf + sizeof(buf) - len);
Index: sshd.c
===================================================================
RCS file: /usr2/ncvs/src/crypto/openssh/sshd.c,v
retrieving revision 1.6.2.5
diff -u -r1.6.2.5 sshd.c
--- sshd.c 2001/01/18 22:36:53 1.6.2.5
+++ sshd.c 2001/02/12 04:09:43
@@ -1108,6 +1108,7 @@
{
int i, len;
int plen, slen;
+ int rsafail = 0;
BIGNUM *session_key_int;
unsigned char session_key[SSH_SESSION_KEY_LENGTH];
unsigned char cookie[8];
@@ -1229,7 +1230,7 @@
* with larger modulus first).
*/
if (BN_cmp(sensitive_data.private_key->n, sensitive_data.host_key->n) > 0) {
- /* Private key has bigger modulus. */
+ /* Server key has bigger modulus. */
if (BN_num_bits(sensitive_data.private_key->n) <
BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED) {
fatal("do_connection: %s: private_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
@@ -1238,10 +1239,12 @@
BN_num_bits(sensitive_data.host_key->n),
SSH_KEY_BITS_RESERVED);
}
- rsa_private_decrypt(session_key_int, session_key_int,
- sensitive_data.private_key);
- rsa_private_decrypt(session_key_int, session_key_int,
- sensitive_data.host_key);
+ if (rsa_private_decrypt(session_key_int, session_key_int,
+ sensitive_data.private_key) <= 0)
+ rsafail++;
+ if (rsa_private_decrypt(session_key_int, session_key_int,
+ sensitive_data.host_key) <= 0)
+ rsafail++;
} else {
/* Host key has bigger modulus (or they are equal). */
if (BN_num_bits(sensitive_data.host_key->n) <
@@ -1252,10 +1255,12 @@
BN_num_bits(sensitive_data.private_key->n),
SSH_KEY_BITS_RESERVED);
}
- rsa_private_decrypt(session_key_int, session_key_int,
- sensitive_data.host_key);
- rsa_private_decrypt(session_key_int, session_key_int,
- sensitive_data.private_key);
+ if (rsa_private_decrypt(session_key_int, session_key_int,
+ sensitive_data.host_key) < 0)
+ rsafail++;
+ if (rsa_private_decrypt(session_key_int, session_key_int,
+ sensitive_data.private_key) < 0)
+ rsafail++;
}
compute_session_id(session_id, cookie,
@@ -1270,14 +1275,29 @@
* least significant 256 bits of the integer; the first byte of the
* key is in the highest bits.
*/
- BN_mask_bits(session_key_int, sizeof(session_key) * 8);
- len = BN_num_bytes(session_key_int);
- if (len < 0 || len > sizeof(session_key))
- fatal("do_connection: bad len from %s: session_key_int %d > sizeof(session_key) %d",
- get_remote_ipaddr(),
- len, sizeof(session_key));
- memset(session_key, 0, sizeof(session_key));
- BN_bn2bin(session_key_int, session_key + sizeof(session_key) - len);
+ if (!rsafail) {
+ BN_mask_bits(session_key_int, sizeof(session_key) * 8);
+ len = BN_num_bytes(session_key_int);
+ if (len < 0 || len > sizeof(session_key)) {
+ error("do_connection: bad session key len from %s: "
+ "session_key_int %d > sizeof(session_key) %d",
+ get_remote_ipaddr(), len, sizeof(session_key));
+ rsafail++;
+ } else {
+ memset(session_key, 0, sizeof(session_key));
+ BN_bn2bin(session_key_int,
+ session_key + sizeof(session_key) - len);
+ }
+ }
+ if (rsafail) {
+ log("do_connection: generating a fake encryption key");
+ for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
+ if (i % 4 == 0)
+ rand = arc4random();
+ session_key[i] = rand & 0xff;
+ rand >>= 8;
+ }
+ }
/* Destroy the decrypted integer. It is no longer needed. */
BN_clear_free(session_key_int);
--- rsa.c.orig Mon Jun 19 18:39:44 2000
+++ rsa.c Mon Feb 12 00:04:02 2001
@@ -135,7 +135,7 @@
xfree(inbuf);
}
-void
+int
rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
{
unsigned char *inbuf, *outbuf;
@@ -149,15 +149,16 @@
BN_bn2bin(in, inbuf);
if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
- RSA_PKCS1_PADDING)) <= 0)
- fatal("rsa_private_decrypt() failed");
-
- BN_bin2bn(outbuf, len, out);
-
+ RSA_PKCS1_PADDING)) <= 0) {
+ error("rsa_private_decrypt() failed");
+ } else {
+ BN_bin2bn(outbuf, len, out);
+ }
memset(outbuf, 0, olen);
memset(inbuf, 0, ilen);
xfree(outbuf);
xfree(inbuf);
+ return len;
}
/* Set whether to output verbose messages during key generation. */

13
security/openssh/files/patch-misc.c Normal file
View file

@ -0,0 +1,13 @@
--- misc.c.orig Thu Apr 12 22:09:37 2001
+++ misc.c Sat May 26 15:39:25 2001
@@ -111,6 +111,10 @@
copy->pw_class = xstrdup(pw->pw_class);
copy->pw_dir = xstrdup(pw->pw_dir);
copy->pw_shell = xstrdup(pw->pw_shell);
+#ifdef __FreeBSD__
+ copy->pw_expire = pw->pw_expire;
+ copy->pw_change = pw->pw_change;
+#endif /* __FreeBSD__ */
return copy;
}

13
security/openssh/files/patch-sftp-Makefile Normal file
View file

@ -0,0 +1,13 @@
--- sftp/Makefile.orig Mon Apr 16 04:31:52 2001
+++ sftp/Makefile Sat May 26 15:49:42 2001
@@ -7,8 +7,8 @@
BINMODE?=555
-BINDIR= /usr/bin
-MAN= sftp.1
+BINDIR= /bin
+MAN1= sftp.1
SRCS= sftp.c sftp-client.c sftp-int.c sftp-common.c sftp-glob.c scp-common.c

13
security/openssh/files/patch-sftp-server-Makefile Normal file
View file

@ -0,0 +1,13 @@
--- sftp-server/Makefile.orig Sun Mar 4 00:59:36 2001
+++ sftp-server/Makefile Sat May 26 15:47:57 2001
@@ -7,8 +7,8 @@
BINMODE?=555
-BINDIR= /usr/libexec
-MAN= sftp-server.8
+BINDIR= /libexec
+MAN8= sftp-server.8
SRCS= sftp-server.c sftp-common.c

13
security/openssh/files/patch-ssh-keyscan-Makefile Normal file
View file

@ -0,0 +1,13 @@
--- ssh-keyscan/Makefile.orig Sun Mar 4 00:59:39 2001
+++ ssh-keyscan/Makefile Sat May 26 16:14:05 2001
@@ -7,8 +7,8 @@
BINMODE?=555
-BINDIR= /usr/bin
-MAN= ssh-keyscan.1
+BINDIR= /bin
+MAN1= ssh-keyscan.1
SRCS= ssh-keyscan.c

3
security/openssh/pkg-plist
View file

@ -1,13 +1,16 @@
bin/scp
bin/sftp
bin/slogin
bin/ssh
bin/ssh-add
bin/ssh-agent
bin/ssh-keygen
bin/ssh-keyscan
etc/rc.d/sshd.sh
etc/ssh_config
etc/sshd_config
sbin/sshd
libexec/sftp-server
@exec if [ ! -f %D/etc/ssh_host_key ]; then echo ">> Generating a secret RSA host key."; %D/bin/ssh-keygen -N "" -f %D/etc/ssh_host_key; fi
@exec if [ ! -f %D/etc/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -d -N "" -f %D/etc/ssh_host_dsa_key; fi
@exec if [ ! -x %D/etc/rc.d/sshd.sh ]; then echo "#!/bin/sh" > %D/etc/rc.d/sshd.sh && exec echo "[ -x %D/sbin/sshd ] && %D/sbin/sshd && echo -n ' sshd'" >> %D/etc/rc.d/sshd.sh && exec chmod 0555 %D/etc/rc.d/sshd.sh; fi