upgrade to 2.5.2p2.
20010322
- (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
- (djm) Released 2.5.2p2
20010321
- (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
VanDevender <stevev@darkwing.uoregon.edu>
- (djm) Make sure pam_retval is initialised on call to pam_end. Patch
from Solar Designer <solar@openwall.com>
- (djm) Don't loop forever when changing password via PAM. Patch
from Solar Designer <solar@openwall.com>
- (djm) Generate config files before build
- (djm) Correctly handle SIA and AIX when no tty present. Spotted and
suggested fix from Mike Battersby <mib@unimelb.edu.au>
20010320
- (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
- (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
- (bal) Oops. Missed globc.h change (OpenBSD CVS).
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/19 17:07:23
[auth.c readconf.c]
undo /etc/shell and proto 2,1 change for openssh-2.5.2
- markus@cvs.openbsd.org 2001/03/19 17:12:10
[version.h]
version 2.5.2
- (djm) Update RPM spec version
- (djm) Release 2.5.2p1
- tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
change S_ISLNK macro to work for UnixWare 2.03
- tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
add get_arg_max(). Use sysconf() if ARG_MAX is not defined
20010319
- (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
do it implicitly.
- (djm) Add getusershell() functions from OpenBSD CVS
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/18 12:07:52
[auth-options.c]
ignore permitopen="host:port" if AllowTcpForwarding==no
- (djm) Make scp work on systems without 64-bit ints
- tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
move HAVE_LONG_LONG_INT where it works
- (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
stuff. Change suggested by Mark Miller <markm@swoon.net>
- (bal) Small fix to scp. %lu vs %ld
- (bal) NeXTStep lacks S_ISLNK. Plus split up S_IS*
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2001/03/19 03:52:51
[sftp-client.c]
Report ssh connection closing correctly; ok deraadt@
- deraadt@cvs.openbsd.org 2001/03/18 23:30:55
[compat.c compat.h sshd.c]
specifically version match on ssh scanners. do not log scan
information to the console
- djm@cvs.openbsd.org 2001/03/19 12:10:17
[sshd.8]
Document permitopen authorized_keys option; ok markus@
- djm@cvs.openbsd.org 2001/03/19 05:49:52
[ssh.1]
document PreferredAuthentications option; ok markus@
- (bal) Minor NeXT fixed. Forgot to #undef NGROUPS_MAX
20010318
- (bal) Fixed scp type casing issue which causes "scp: protocol error:
size not delimited" fatal errors when tranfering.
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/17 17:27:59
[auth.c]
check /etc/shells, too
- tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
openbsd-compat/fake-regex.h
20010317
- Support usrinfo() on AIX. Based on patch from Gert Doering
<gert@greenie.muc.de>
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/15 15:05:59
[scp.c]
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
- markus@cvs.openbsd.org 2001/03/15 22:07:08
[session.c]
pass Session to do_child + KNF
- djm@cvs.openbsd.org 2001/03/16 08:16:18
[sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
Revise globbing for get/put to be more shell-like. In particular,
"get/put file* directory/" now works. ok markus@
- markus@cvs.openbsd.org 2001/03/16 09:55:53
[sftp-int.c]
fix memset and whitespace
- markus@cvs.openbsd.org 2001/03/16 13:44:24
[sftp-int.c]
discourage strcat/strcpy
- markus@cvs.openbsd.org 2001/03/16 19:06:30
[auth-options.c channels.c channels.h serverloop.c session.c]
implement "permitopen" key option, restricts -L style forwarding to
to specified host:port pairs. based on work by harlan@genua.de
- Check for gl_matchc support in glob_t and fall back to the
openbsd-compat/glob.[ch] support if it does not exist.
20010315
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/14 08:57:14
[sftp-client.c]
Wall
- markus@cvs.openbsd.org 2001/03/14 15:15:58
[sftp-int.c]
add version command
- deraadt@cvs.openbsd.org 2001/03/14 22:50:25
[sftp-server.c]
note no getopt()
- (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
- (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>
20010314
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/13 17:34:42
[auth-options.c]
missing xfree, deny key on parse error; ok stevesk@
- djm@cvs.openbsd.org 2001/03/13 22:42:54
[sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
- (bal) Fix strerror() in bsd-misc.c
- (djm) Add replacement glob() from OpenBSD libc if the system glob is
missing or lacks the GLOB_ALTDIRFUNC extension
- (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
relatively. Avoids conflict between glob.h and /usr/include/glob.h
20010313
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/12 22:02:02
[key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
remove old key_fingerprint interface, s/_ex//
20010312
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/11 13:25:36
[auth2.c key.c]
debug
- jakob@cvs.openbsd.org 2001/03/11 15:03:16
[key.c key.h]
add improved fingerprint functions. based on work by Carsten
Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
- jakob@cvs.openbsd.org 2001/03/11 15:04:16
[ssh-keygen.1 ssh-keygen.c]
print both md5, sha1 and bubblebabble fingerprints when using
ssh-keygen -l -v. ok markus@.
- jakob@cvs.openbsd.org 2001/03/11 15:13:09
[key.c]
cleanup & shorten some var names key_fingerprint_bubblebabble.
- deraadt@cvs.openbsd.org 2001/03/11 16:39:03
[ssh-keygen.c]
KNF, and SHA1 binary output is just creeping featurism
- tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
test if snprintf() supports %ll
add /dev to search path for PRNGD/EGD socket
fix my mistake in USER_PATH test program
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/11 18:29:51
[key.c]
style+cleanup
- markus@cvs.openbsd.org 2001/03/11 22:33:24
[ssh-keygen.1 ssh-keygen.c]
remove -v again. use -B instead for bubblebabble. make -B consistent
with -l and make -B work with /path/to/known_hosts. ok deraadt@
- (djm) Bump portable version number for generating test RPMs
- (djm) Add "static_openssl" RPM build option, remove rsh build dependency
- (bal) Reorder includes in Makefile.
20010311
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/10 12:48:27
[sshconnect2.c]
ignore nonexisting private keys; report rjmooney@mediaone.net
- deraadt@cvs.openbsd.org 2001/03/10 12:53:51
[readconf.c ssh_config]
default to SSH2, now that m68k runs fast
- stevesk@cvs.openbsd.org 2001/03/10 15:02:05
[ttymodes.c ttymodes.h]
remove unused sgtty macros; ok markus@
- deraadt@cvs.openbsd.org 2001/03/10 15:31:00
[compat.c compat.h sshconnect.c]
all known netscreen ssh versions, and older versions of OSU ssh cannot
handle password padding (newer OSU is fixed)
- tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
make sure $bindir is in USER_PATH so scp will work
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/10 17:51:04
[kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
add PreferredAuthentications
20010310
- OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/03/09 03:14:39
[ssh-keygen.c]
create *.pub files with umask 0644, so that you can mv them to
authorized_keys
- deraadt@cvs.openbsd.org 2001/03/09 12:30:29
[sshd.c]
typo; slade@shore.net
- Removed log.o from sftp client. Not needed.
20010309
- OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2001/03/08 18:47:12
[auth1.c]
unused; ok markus@
- stevesk@cvs.openbsd.org 2001/03/08 20:44:48
[sftp.1]
spelling, cleanup; ok deraadt@
- markus@cvs.openbsd.org 2001/03/08 21:42:33
[compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
no need to do enter passphrase or do expensive sign operations if the
server does not accept key).
20010308
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2001/03/07 10:11:23
[sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
functions and small protocol change.
- markus@cvs.openbsd.org 2001/03/08 00:15:48
[readconf.c ssh.1]
turn off useprivilegedports by default. only rhost-auth needs
this. older sshd's may need this, too.
- (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
Dirk Markwardt <D.Markwardt@tu-bs.de>
20010307
- (bal) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/03/06 06:11:18
[ssh-keyscan.c]
appease gcc
- deraadt@cvs.openbsd.org 2001/03/06 06:11:44
[sftp-int.c sftp.1 sftp.c]
sftp -b batchfile; mouring@etoh.eviladmin.org
- deraadt@cvs.openbsd.org 2001/03/06 15:10:42
[sftp.1]
order things
- deraadt@cvs.openbsd.org 2001/03/07 01:19:06
[ssh.1 sshd.8]
the name "secure shell" is boring, noone ever uses it
- deraadt@cvs.openbsd.org 2001/03/07 04:05:58
[ssh.1]
removed dated comment
- Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
20010306
- (bal) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/03/05 14:28:47
[sshd.8]
alpha order; jcs@rt.fm
- stevesk@cvs.openbsd.org 2001/03/05 15:44:51
[servconf.c]
sync error message; ok markus@
- deraadt@cvs.openbsd.org 2001/03/05 15:56:16
[myproposal.h ssh.1]
switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
provos & markus ok
- deraadt@cvs.openbsd.org 2001/03/05 16:07:15
[sshd.8]
detail default hmac setup too
- markus@cvs.openbsd.org 2001/03/05 17:17:21
[kex.c kex.h sshconnect2.c sshd.c]
generate a 2*need size (~300 instead of 1024/2048) random private
exponent during the DH key agreement. according to Niels (the great
german advisor) this is safe since /etc/primes contains strong
primes only.
References:
P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
agreement with short exponents, In Advances in Cryptology
- EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
- stevesk@cvs.openbsd.org 2001/03/05 17:40:48
[ssh.1]
more ssh_known_hosts2 documentation; ok markus@
- stevesk@cvs.openbsd.org 2001/03/05 17:58:22
[dh.c]
spelling
- deraadt@cvs.openbsd.org 2001/03/06 00:33:04
[authfd.c cli.c ssh-agent.c]
EINTR/EAGAIN handling is required in more cases
- millert@cvs.openbsd.org 2001/03/06 01:06:03
[ssh-keyscan.c]
Don't assume we wil get the version string all in one read().
deraadt@ OK'd
- millert@cvs.openbsd.org 2001/03/06 01:08:27
[clientloop.c]
If read() fails with EINTR deal with it the same way we treat EAGAIN
20010305
- (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
- (bal) CVS ID touch up on sftp-int.c
- (bal) CVS ID touch up on uuencode.c
- (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
- (bal) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/02/17 23:48:48
[sshd.8]
it's the OpenSSH one
- deraadt@cvs.openbsd.org 2001/02/21 07:37:04
[ssh-keyscan.c]
inline -> __inline__, and some indent
- deraadt@cvs.openbsd.org 2001/02/21 09:05:54
[authfile.c]
improve fd handling
- deraadt@cvs.openbsd.org 2001/02/21 09:12:56
[sftp-server.c]
careful with & and &&; markus ok
- stevesk@cvs.openbsd.org 2001/02/21 21:14:04
[ssh.c]
-i supports DSA identities now; ok markus@
- deraadt@cvs.openbsd.org 2001/02/22 04:29:37
[servconf.c]
grammar; slade@shore.net
- deraadt@cvs.openbsd.org 2001/02/22 06:43:55
[ssh-keygen.1 ssh-keygen.c]
document -d, and -t defaults to rsa1
- deraadt@cvs.openbsd.org 2001/02/22 08:03:51
[ssh-keygen.1 ssh-keygen.c]
bye bye -d
- deraadt@cvs.openbsd.org 2001/02/22 18:09:06
[sshd_config]
activate RSA 2 key
- markus@cvs.openbsd.org 2001/02/22 21:57:27
[ssh.1 sshd.8]
typos/grammar from matt@anzen.com
- markus@cvs.openbsd.org 2001/02/22 21:59:44
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
use pwcopy in ssh.c, too
- markus@cvs.openbsd.org 2001/02/23 15:34:53
[serverloop.c]
debug2->3
- markus@cvs.openbsd.org 2001/02/23 18:15:13
[sshd.c]
the random session key depends now on the session_key_int
sent by the 'attacker'
dig1 = md5(cookie|session_key_int);
dig2 = md5(dig1|cookie|session_key_int);
fake_session_key = dig1|dig2;
this change is caused by a mail from anakin@pobox.com
patch based on discussions with my german advisor niels@openbsd.org
- deraadt@cvs.openbsd.org 2001/02/24 10:37:55
[readconf.c]
look for id_rsa by default, before id_dsa
- deraadt@cvs.openbsd.org 2001/02/24 10:37:26
[sshd_config]
ssh2 rsa key before dsa key
- markus@cvs.openbsd.org 2001/02/27 10:35:27
[packet.c]
fix random padding
- markus@cvs.openbsd.org 2001/02/27 11:00:11
[compat.c]
support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
- deraadt@cvs.openbsd.org 2001/02/28 05:34:28
[misc.c]
pull in protos
- deraadt@cvs.openbsd.org 2001/02/28 05:36:28
[sftp.c]
do not kill the subprocess on termination (we will see if this helps
things or hurts things)
- markus@cvs.openbsd.org 2001/02/28 08:45:39
[clientloop.c]
fix byte counts for ssh protocol v1
- markus@cvs.openbsd.org 2001/02/28 08:54:55
[channels.c nchan.c nchan.h]
make sure remote stderr does not get truncated.
remove closed fd's from the select mask.
- markus@cvs.openbsd.org 2001/02/28 09:57:07
[packet.c packet.h sshconnect2.c]
in ssh protocol v2 use ignore messages for padding (instead of
trailing \0).
- markus@cvs.openbsd.org 2001/02/28 12:55:07
[channels.c]
unify debug messages
- deraadt@cvs.openbsd.org 2001/02/28 17:52:54
[misc.c]
for completeness, copy pw_gecos too
- markus@cvs.openbsd.org 2001/02/28 21:21:41
[sshd.c]
generate a fake session id, too
- markus@cvs.openbsd.org 2001/02/28 21:27:48
[channels.c packet.c packet.h serverloop.c]
use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
use random content in ignore messages.
- markus@cvs.openbsd.org 2001/02/28 21:31:32
[channels.c]
typo
- deraadt@cvs.openbsd.org 2001/03/01 02:11:25
[authfd.c]
split line so that p will have an easier time next time around
- deraadt@cvs.openbsd.org 2001/03/01 02:29:04
[ssh.c]
shorten usage by a line
- deraadt@cvs.openbsd.org 2001/03/01 02:45:10
[auth-rsa.c auth2.c deattack.c packet.c]
KNF
- deraadt@cvs.openbsd.org 2001/03/01 03:38:33
[cli.c cli.h rijndael.h ssh-keyscan.1]
copyright notices on all source files
- markus@cvs.openbsd.org 2001/03/01 22:46:37
[ssh.c]
don't truncate remote ssh-2 commands; from mkubita@securities.cz
use min, not max for logging, fixes overflow.
- deraadt@cvs.openbsd.org 2001/03/02 06:21:01
[sshd.8]
explain SIGHUP better
- deraadt@cvs.openbsd.org 2001/03/02 09:42:49
[sshd.8]
doc the dsa/rsa key pair files
- deraadt@cvs.openbsd.org 2001/03/02 18:54:31
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
make copyright lines the same format
- deraadt@cvs.openbsd.org 2001/03/03 06:53:12
[ssh-keyscan.c]
standard theo sweep
- millert@cvs.openbsd.org 2001/03/03 21:19:41
[ssh-keyscan.c]
Dynamically allocate read_wait and its copies. Since maxfd is
based on resource limits it is often (usually?) larger than FD_SETSIZE.
- millert@cvs.openbsd.org 2001/03/03 21:40:30
[sftp-server.c]
Dynamically allocate fd_set; deraadt@ OK
- millert@cvs.openbsd.org 2001/03/03 21:41:07
[packet.c]
Dynamically allocate fd_set; deraadt@ OK
- deraadt@cvs.openbsd.org 2001/03/03 22:07:50
[sftp-server.c]
KNF
- markus@cvs.openbsd.org 2001/03/03 23:52:22
[sftp.c]
clean up arg processing. based on work by Christophe_Moret@hp.com
- markus@cvs.openbsd.org 2001/03/03 23:59:34
[log.c ssh.c]
log*.c -> log.c
- markus@cvs.openbsd.org 2001/03/04 00:03:59
[channels.c]
debug1->2
- stevesk@cvs.openbsd.org 2001/03/04 10:57:53
[ssh.c]
add -m to usage; ok markus@
- stevesk@cvs.openbsd.org 2001/03/04 11:04:41
[sshd.8]
small cleanup and clarify for PermitRootLogin; ok markus@
- stevesk@cvs.openbsd.org 2001/03/04 11:16:06
[servconf.c sshd.8]
kill obsolete RandomSeed; ok markus@ deraadt@
- stevesk@cvs.openbsd.org 2001/03/04 12:54:04
[sshd.8]
spelling
- millert@cvs.openbsd.org 2001/03/04 17:42:28
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
ssh.c sshconnect.c sshd.c]
log functions should not be passed strings that end in newline as they
get passed on to syslog() and when logging to stderr, do_log() appends
its own newline.
- deraadt@cvs.openbsd.org 2001/03/04 18:21:28
[sshd.8]
list SSH2 ciphers
- (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
- (bal) Fix up logging since it changed. removed log-*.c
- (djm) Fix up LOG_AUTHPRIV for systems that have it
- (stevesk) OpenBSD sync:
- deraadt@cvs.openbsd.org 2001/03/05 08:37:27
[ssh-keyscan.c]
skip inlining, why bother
- (stevesk) sftp.c: handle __progname
20010304
- (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
- (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
give Mark Roth credit for mdoc2man.pl
20010303
- (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
- (djm) Document PAM ChallengeResponseAuthentication in sshd.8
- (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
- (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
"--with-egd-pool" configure option with "--with-prngd-socket" and
"--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
<Lutz.Jaenicke@aet.TU-Cottbus.DE>
2001-03-22 09:49:28 +01:00
|
|
|
# $NetBSD: Makefile,v 1.43 2001/03/22 08:49:28 itojun Exp $
|
2000-01-17 06:34:32 +01:00
|
|
|
|
upgrade to 2.5.2p2.
20010322
- (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
- (djm) Released 2.5.2p2
20010321
- (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
VanDevender <stevev@darkwing.uoregon.edu>
- (djm) Make sure pam_retval is initialised on call to pam_end. Patch
from Solar Designer <solar@openwall.com>
- (djm) Don't loop forever when changing password via PAM. Patch
from Solar Designer <solar@openwall.com>
- (djm) Generate config files before build
- (djm) Correctly handle SIA and AIX when no tty present. Spotted and
suggested fix from Mike Battersby <mib@unimelb.edu.au>
20010320
- (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
- (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
- (bal) Oops. Missed globc.h change (OpenBSD CVS).
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/19 17:07:23
[auth.c readconf.c]
undo /etc/shell and proto 2,1 change for openssh-2.5.2
- markus@cvs.openbsd.org 2001/03/19 17:12:10
[version.h]
version 2.5.2
- (djm) Update RPM spec version
- (djm) Release 2.5.2p1
- tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
change S_ISLNK macro to work for UnixWare 2.03
- tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
add get_arg_max(). Use sysconf() if ARG_MAX is not defined
20010319
- (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
do it implicitly.
- (djm) Add getusershell() functions from OpenBSD CVS
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/18 12:07:52
[auth-options.c]
ignore permitopen="host:port" if AllowTcpForwarding==no
- (djm) Make scp work on systems without 64-bit ints
- tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
move HAVE_LONG_LONG_INT where it works
- (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
stuff. Change suggested by Mark Miller <markm@swoon.net>
- (bal) Small fix to scp. %lu vs %ld
- (bal) NeXTStep lacks S_ISLNK. Plus split up S_IS*
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2001/03/19 03:52:51
[sftp-client.c]
Report ssh connection closing correctly; ok deraadt@
- deraadt@cvs.openbsd.org 2001/03/18 23:30:55
[compat.c compat.h sshd.c]
specifically version match on ssh scanners. do not log scan
information to the console
- djm@cvs.openbsd.org 2001/03/19 12:10:17
[sshd.8]
Document permitopen authorized_keys option; ok markus@
- djm@cvs.openbsd.org 2001/03/19 05:49:52
[ssh.1]
document PreferredAuthentications option; ok markus@
- (bal) Minor NeXT fixed. Forgot to #undef NGROUPS_MAX
20010318
- (bal) Fixed scp type casing issue which causes "scp: protocol error:
size not delimited" fatal errors when tranfering.
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/17 17:27:59
[auth.c]
check /etc/shells, too
- tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
openbsd-compat/fake-regex.h
20010317
- Support usrinfo() on AIX. Based on patch from Gert Doering
<gert@greenie.muc.de>
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/15 15:05:59
[scp.c]
use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
- markus@cvs.openbsd.org 2001/03/15 22:07:08
[session.c]
pass Session to do_child + KNF
- djm@cvs.openbsd.org 2001/03/16 08:16:18
[sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
Revise globbing for get/put to be more shell-like. In particular,
"get/put file* directory/" now works. ok markus@
- markus@cvs.openbsd.org 2001/03/16 09:55:53
[sftp-int.c]
fix memset and whitespace
- markus@cvs.openbsd.org 2001/03/16 13:44:24
[sftp-int.c]
discourage strcat/strcpy
- markus@cvs.openbsd.org 2001/03/16 19:06:30
[auth-options.c channels.c channels.h serverloop.c session.c]
implement "permitopen" key option, restricts -L style forwarding to
to specified host:port pairs. based on work by harlan@genua.de
- Check for gl_matchc support in glob_t and fall back to the
openbsd-compat/glob.[ch] support if it does not exist.
20010315
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/14 08:57:14
[sftp-client.c]
Wall
- markus@cvs.openbsd.org 2001/03/14 15:15:58
[sftp-int.c]
add version command
- deraadt@cvs.openbsd.org 2001/03/14 22:50:25
[sftp-server.c]
note no getopt()
- (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
- (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>
20010314
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/13 17:34:42
[auth-options.c]
missing xfree, deny key on parse error; ok stevesk@
- djm@cvs.openbsd.org 2001/03/13 22:42:54
[sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
- (bal) Fix strerror() in bsd-misc.c
- (djm) Add replacement glob() from OpenBSD libc if the system glob is
missing or lacks the GLOB_ALTDIRFUNC extension
- (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
relatively. Avoids conflict between glob.h and /usr/include/glob.h
20010313
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/12 22:02:02
[key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
remove old key_fingerprint interface, s/_ex//
20010312
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/11 13:25:36
[auth2.c key.c]
debug
- jakob@cvs.openbsd.org 2001/03/11 15:03:16
[key.c key.h]
add improved fingerprint functions. based on work by Carsten
Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
- jakob@cvs.openbsd.org 2001/03/11 15:04:16
[ssh-keygen.1 ssh-keygen.c]
print both md5, sha1 and bubblebabble fingerprints when using
ssh-keygen -l -v. ok markus@.
- jakob@cvs.openbsd.org 2001/03/11 15:13:09
[key.c]
cleanup & shorten some var names key_fingerprint_bubblebabble.
- deraadt@cvs.openbsd.org 2001/03/11 16:39:03
[ssh-keygen.c]
KNF, and SHA1 binary output is just creeping featurism
- tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
test if snprintf() supports %ll
add /dev to search path for PRNGD/EGD socket
fix my mistake in USER_PATH test program
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/11 18:29:51
[key.c]
style+cleanup
- markus@cvs.openbsd.org 2001/03/11 22:33:24
[ssh-keygen.1 ssh-keygen.c]
remove -v again. use -B instead for bubblebabble. make -B consistent
with -l and make -B work with /path/to/known_hosts. ok deraadt@
- (djm) Bump portable version number for generating test RPMs
- (djm) Add "static_openssl" RPM build option, remove rsh build dependency
- (bal) Reorder includes in Makefile.
20010311
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/10 12:48:27
[sshconnect2.c]
ignore nonexisting private keys; report rjmooney@mediaone.net
- deraadt@cvs.openbsd.org 2001/03/10 12:53:51
[readconf.c ssh_config]
default to SSH2, now that m68k runs fast
- stevesk@cvs.openbsd.org 2001/03/10 15:02:05
[ttymodes.c ttymodes.h]
remove unused sgtty macros; ok markus@
- deraadt@cvs.openbsd.org 2001/03/10 15:31:00
[compat.c compat.h sshconnect.c]
all known netscreen ssh versions, and older versions of OSU ssh cannot
handle password padding (newer OSU is fixed)
- tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
make sure $bindir is in USER_PATH so scp will work
- OpenBSD CVS Sync
- markus@cvs.openbsd.org 2001/03/10 17:51:04
[kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
add PreferredAuthentications
20010310
- OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/03/09 03:14:39
[ssh-keygen.c]
create *.pub files with umask 0644, so that you can mv them to
authorized_keys
- deraadt@cvs.openbsd.org 2001/03/09 12:30:29
[sshd.c]
typo; slade@shore.net
- Removed log.o from sftp client. Not needed.
20010309
- OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2001/03/08 18:47:12
[auth1.c]
unused; ok markus@
- stevesk@cvs.openbsd.org 2001/03/08 20:44:48
[sftp.1]
spelling, cleanup; ok deraadt@
- markus@cvs.openbsd.org 2001/03/08 21:42:33
[compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
no need to do enter passphrase or do expensive sign operations if the
server does not accept key).
20010308
- OpenBSD CVS Sync
- djm@cvs.openbsd.org 2001/03/07 10:11:23
[sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
functions and small protocol change.
- markus@cvs.openbsd.org 2001/03/08 00:15:48
[readconf.c ssh.1]
turn off useprivilegedports by default. only rhost-auth needs
this. older sshd's may need this, too.
- (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
Dirk Markwardt <D.Markwardt@tu-bs.de>
20010307
- (bal) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/03/06 06:11:18
[ssh-keyscan.c]
appease gcc
- deraadt@cvs.openbsd.org 2001/03/06 06:11:44
[sftp-int.c sftp.1 sftp.c]
sftp -b batchfile; mouring@etoh.eviladmin.org
- deraadt@cvs.openbsd.org 2001/03/06 15:10:42
[sftp.1]
order things
- deraadt@cvs.openbsd.org 2001/03/07 01:19:06
[ssh.1 sshd.8]
the name "secure shell" is boring, noone ever uses it
- deraadt@cvs.openbsd.org 2001/03/07 04:05:58
[ssh.1]
removed dated comment
- Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
20010306
- (bal) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/03/05 14:28:47
[sshd.8]
alpha order; jcs@rt.fm
- stevesk@cvs.openbsd.org 2001/03/05 15:44:51
[servconf.c]
sync error message; ok markus@
- deraadt@cvs.openbsd.org 2001/03/05 15:56:16
[myproposal.h ssh.1]
switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
provos & markus ok
- deraadt@cvs.openbsd.org 2001/03/05 16:07:15
[sshd.8]
detail default hmac setup too
- markus@cvs.openbsd.org 2001/03/05 17:17:21
[kex.c kex.h sshconnect2.c sshd.c]
generate a 2*need size (~300 instead of 1024/2048) random private
exponent during the DH key agreement. according to Niels (the great
german advisor) this is safe since /etc/primes contains strong
primes only.
References:
P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
agreement with short exponents, In Advances in Cryptology
- EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
- stevesk@cvs.openbsd.org 2001/03/05 17:40:48
[ssh.1]
more ssh_known_hosts2 documentation; ok markus@
- stevesk@cvs.openbsd.org 2001/03/05 17:58:22
[dh.c]
spelling
- deraadt@cvs.openbsd.org 2001/03/06 00:33:04
[authfd.c cli.c ssh-agent.c]
EINTR/EAGAIN handling is required in more cases
- millert@cvs.openbsd.org 2001/03/06 01:06:03
[ssh-keyscan.c]
Don't assume we wil get the version string all in one read().
deraadt@ OK'd
- millert@cvs.openbsd.org 2001/03/06 01:08:27
[clientloop.c]
If read() fails with EINTR deal with it the same way we treat EAGAIN
20010305
- (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
- (bal) CVS ID touch up on sftp-int.c
- (bal) CVS ID touch up on uuencode.c
- (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
- (bal) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2001/02/17 23:48:48
[sshd.8]
it's the OpenSSH one
- deraadt@cvs.openbsd.org 2001/02/21 07:37:04
[ssh-keyscan.c]
inline -> __inline__, and some indent
- deraadt@cvs.openbsd.org 2001/02/21 09:05:54
[authfile.c]
improve fd handling
- deraadt@cvs.openbsd.org 2001/02/21 09:12:56
[sftp-server.c]
careful with & and &&; markus ok
- stevesk@cvs.openbsd.org 2001/02/21 21:14:04
[ssh.c]
-i supports DSA identities now; ok markus@
- deraadt@cvs.openbsd.org 2001/02/22 04:29:37
[servconf.c]
grammar; slade@shore.net
- deraadt@cvs.openbsd.org 2001/02/22 06:43:55
[ssh-keygen.1 ssh-keygen.c]
document -d, and -t defaults to rsa1
- deraadt@cvs.openbsd.org 2001/02/22 08:03:51
[ssh-keygen.1 ssh-keygen.c]
bye bye -d
- deraadt@cvs.openbsd.org 2001/02/22 18:09:06
[sshd_config]
activate RSA 2 key
- markus@cvs.openbsd.org 2001/02/22 21:57:27
[ssh.1 sshd.8]
typos/grammar from matt@anzen.com
- markus@cvs.openbsd.org 2001/02/22 21:59:44
[auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
use pwcopy in ssh.c, too
- markus@cvs.openbsd.org 2001/02/23 15:34:53
[serverloop.c]
debug2->3
- markus@cvs.openbsd.org 2001/02/23 18:15:13
[sshd.c]
the random session key depends now on the session_key_int
sent by the 'attacker'
dig1 = md5(cookie|session_key_int);
dig2 = md5(dig1|cookie|session_key_int);
fake_session_key = dig1|dig2;
this change is caused by a mail from anakin@pobox.com
patch based on discussions with my german advisor niels@openbsd.org
- deraadt@cvs.openbsd.org 2001/02/24 10:37:55
[readconf.c]
look for id_rsa by default, before id_dsa
- deraadt@cvs.openbsd.org 2001/02/24 10:37:26
[sshd_config]
ssh2 rsa key before dsa key
- markus@cvs.openbsd.org 2001/02/27 10:35:27
[packet.c]
fix random padding
- markus@cvs.openbsd.org 2001/02/27 11:00:11
[compat.c]
support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
- deraadt@cvs.openbsd.org 2001/02/28 05:34:28
[misc.c]
pull in protos
- deraadt@cvs.openbsd.org 2001/02/28 05:36:28
[sftp.c]
do not kill the subprocess on termination (we will see if this helps
things or hurts things)
- markus@cvs.openbsd.org 2001/02/28 08:45:39
[clientloop.c]
fix byte counts for ssh protocol v1
- markus@cvs.openbsd.org 2001/02/28 08:54:55
[channels.c nchan.c nchan.h]
make sure remote stderr does not get truncated.
remove closed fd's from the select mask.
- markus@cvs.openbsd.org 2001/02/28 09:57:07
[packet.c packet.h sshconnect2.c]
in ssh protocol v2 use ignore messages for padding (instead of
trailing \0).
- markus@cvs.openbsd.org 2001/02/28 12:55:07
[channels.c]
unify debug messages
- deraadt@cvs.openbsd.org 2001/02/28 17:52:54
[misc.c]
for completeness, copy pw_gecos too
- markus@cvs.openbsd.org 2001/02/28 21:21:41
[sshd.c]
generate a fake session id, too
- markus@cvs.openbsd.org 2001/02/28 21:27:48
[channels.c packet.c packet.h serverloop.c]
use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
use random content in ignore messages.
- markus@cvs.openbsd.org 2001/02/28 21:31:32
[channels.c]
typo
- deraadt@cvs.openbsd.org 2001/03/01 02:11:25
[authfd.c]
split line so that p will have an easier time next time around
- deraadt@cvs.openbsd.org 2001/03/01 02:29:04
[ssh.c]
shorten usage by a line
- deraadt@cvs.openbsd.org 2001/03/01 02:45:10
[auth-rsa.c auth2.c deattack.c packet.c]
KNF
- deraadt@cvs.openbsd.org 2001/03/01 03:38:33
[cli.c cli.h rijndael.h ssh-keyscan.1]
copyright notices on all source files
- markus@cvs.openbsd.org 2001/03/01 22:46:37
[ssh.c]
don't truncate remote ssh-2 commands; from mkubita@securities.cz
use min, not max for logging, fixes overflow.
- deraadt@cvs.openbsd.org 2001/03/02 06:21:01
[sshd.8]
explain SIGHUP better
- deraadt@cvs.openbsd.org 2001/03/02 09:42:49
[sshd.8]
doc the dsa/rsa key pair files
- deraadt@cvs.openbsd.org 2001/03/02 18:54:31
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
make copyright lines the same format
- deraadt@cvs.openbsd.org 2001/03/03 06:53:12
[ssh-keyscan.c]
standard theo sweep
- millert@cvs.openbsd.org 2001/03/03 21:19:41
[ssh-keyscan.c]
Dynamically allocate read_wait and its copies. Since maxfd is
based on resource limits it is often (usually?) larger than FD_SETSIZE.
- millert@cvs.openbsd.org 2001/03/03 21:40:30
[sftp-server.c]
Dynamically allocate fd_set; deraadt@ OK
- millert@cvs.openbsd.org 2001/03/03 21:41:07
[packet.c]
Dynamically allocate fd_set; deraadt@ OK
- deraadt@cvs.openbsd.org 2001/03/03 22:07:50
[sftp-server.c]
KNF
- markus@cvs.openbsd.org 2001/03/03 23:52:22
[sftp.c]
clean up arg processing. based on work by Christophe_Moret@hp.com
- markus@cvs.openbsd.org 2001/03/03 23:59:34
[log.c ssh.c]
log*.c -> log.c
- markus@cvs.openbsd.org 2001/03/04 00:03:59
[channels.c]
debug1->2
- stevesk@cvs.openbsd.org 2001/03/04 10:57:53
[ssh.c]
add -m to usage; ok markus@
- stevesk@cvs.openbsd.org 2001/03/04 11:04:41
[sshd.8]
small cleanup and clarify for PermitRootLogin; ok markus@
- stevesk@cvs.openbsd.org 2001/03/04 11:16:06
[servconf.c sshd.8]
kill obsolete RandomSeed; ok markus@ deraadt@
- stevesk@cvs.openbsd.org 2001/03/04 12:54:04
[sshd.8]
spelling
- millert@cvs.openbsd.org 2001/03/04 17:42:28
[authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
ssh.c sshconnect.c sshd.c]
log functions should not be passed strings that end in newline as they
get passed on to syslog() and when logging to stderr, do_log() appends
its own newline.
- deraadt@cvs.openbsd.org 2001/03/04 18:21:28
[sshd.8]
list SSH2 ciphers
- (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
- (bal) Fix up logging since it changed. removed log-*.c
- (djm) Fix up LOG_AUTHPRIV for systems that have it
- (stevesk) OpenBSD sync:
- deraadt@cvs.openbsd.org 2001/03/05 08:37:27
[ssh-keyscan.c]
skip inlining, why bother
- (stevesk) sftp.c: handle __progname
20010304
- (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
- (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
give Mark Roth credit for mdoc2man.pl
20010303
- (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
- (djm) Document PAM ChallengeResponseAuthentication in sshd.8
- (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
- (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
"--with-egd-pool" configure option with "--with-prngd-socket" and
"--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
<Lutz.Jaenicke@aet.TU-Cottbus.DE>
2001-03-22 09:49:28 +01:00
|
|
|
DISTNAME= openssh-2.5.2p2
|
2000-01-17 06:34:32 +01:00
|
|
|
CATEGORIES= security
|
2001-02-15 16:18:17 +01:00
|
|
|
MASTER_SITES= ftp://gd.tuwien.ac.at/OpenBSD/OpenSSH/portable/ \
|
2000-08-09 19:47:31 +02:00
|
|
|
ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
|
2000-05-28 13:28:51 +02:00
|
|
|
ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/old/
|
2000-08-09 19:47:31 +02:00
|
|
|
# Don't delete the last entry -- it's there if the pkgsrc version is not
|
|
|
|
|
# up-to-date and the mirrors already removed the old distfile.
|
2000-01-17 06:34:32 +01:00
|
|
|
|
|
|
|
|
MAINTAINER= packages@netbsd.org
|
2000-03-07 13:02:35 +01:00
|
|
|
HOMEPAGE= http://www.openssh.com/
|
2001-02-17 18:42:09 +01:00
|
|
|
COMMENT= Open Source Secure shell client and server (remote login program)
|
2000-01-17 06:34:32 +01:00
|
|
|
|
2000-09-05 11:33:15 +02:00
|
|
|
BUILD_DEPENDS+= ${PERL5}:../../lang/perl5-base
|
2001-02-06 04:16:56 +01:00
|
|
|
BUILD_DEPENDS+= ${LOCALBASE}/bin/autoreconf:../../devel/autoconf
|
2000-01-17 06:34:32 +01:00
|
|
|
|
Reorganize crypto handling, as discussed on tech-pkg. Remove all
RESTRICTED= variables that were predicated on former U.S. export
regulations. Add CRYPTO=, as necessary, so it's still possible to
exclude all crypto packages from a build by setting MKCRYPTO=no
(but "lintpkgsrc -R" will no longer catch them).
Specifically,
- - All packages which set USE_SSL just lose their RESTRICTED
variable, since MKCRYPTO responds to USE_SSL directly.
- - realplayer7 and ns-flash keep their RESTRICTED, which is based
on license terms, but also gain the CRYPTO variable.
- - srp-client is now marked broken, since the distfile is evidently
no longer available. On this, we're no worse off than before.
[We haven't been mirroring the distfile, or testing the build!]
- - isakmpd gets CRYPTO for RESTRICTED, but remains broken.
- - crack loses all restrictions, as it does not evidently empower
a user to utilize strong encryption (working definition: ability
to encode a message that requires a secret key plus big number
arithmetic to decode).
2000-09-09 21:40:14 +02:00
|
|
|
CRYPTO= yes
|
|
|
|
|
|
2000-07-22 10:21:59 +02:00
|
|
|
# Check for a usable installed version of OpenSSL. Version must be greater
|
|
|
|
|
# than 0.9.5a. If a usable version isn't present, then use the pkgsrc
|
|
|
|
|
# OpenSSL package.
|
|
|
|
|
#
|
|
|
|
|
.if exists(/usr/include/openssl/rsa.h)
|
|
|
|
|
OPENSSLV_H= /usr/include/openssl/opensslv.h
|
|
|
|
|
OPENSSL_VERSION!= awk '/.*OPENSSL_VERSION_NUMBER.*/ { print $$3 }' \
|
|
|
|
|
${OPENSSLV_H}
|
|
|
|
|
OPENSSL_VERSION_095a= 0x0090581fL
|
|
|
|
|
.if (${OPENSSL_VERSION} != ${OPENSSL_VERSION_095a})
|
upgrade to 2.2.0p1.
---
20000901
- (djm) Pick up Jim's new X11-askpass
- (djm) Release 2.2.0p1
20000831
- (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox
<acox@cv.telegroup.com>
- (djm) Pick up new version (2.2.0) from OpenBSD CVS
20000830
- (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
- (djm) Periodically rekey arc4random
- (djm) Clean up diff against OpenBSD.
- (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves
<stevesk@sweden.hp.com>
- (djm) Quieten the pam delete credentials error message
- (djm) Fix printing of $DISPLAY hack if set by system type. Report from
Kevin Steves <stevesk@sweden.hp.com>
- (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
- (djm) Fix doh in bsd-arc4random.c
20000829
- (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and
Garrick James <garrick@james.net>
- (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from
Bastian Trompetter <btrompetter@firemail.de>
- (djm) NeXT tweaks from Ben Lindstrom <mouring@pconline.com>
- More OpenBSD updates:
- deraadt@cvs.openbsd.org 2000/08/24 15:46:59
[scp.c]
off_t in sink, to fix files > 2GB, i think, test is still running ;-)
- deraadt@cvs.openbsd.org 2000/08/25 10:10:06
[session.c]
Wall
- markus@cvs.openbsd.org 2000/08/26 04:33:43
[compat.c]
ssh.com-2.3.0
- markus@cvs.openbsd.org 2000/08/27 12:18:05
[compat.c]
compatibility with future ssh.com versions
- deraadt@cvs.openbsd.org 2000/08/27 21:50:55
[auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
print uid/gid as unsigned
- markus@cvs.openbsd.org 2000/08/28 13:51:00
[ssh.c]
enable -n and -f for ssh2
- markus@cvs.openbsd.org 2000/08/28 14:19:53
[ssh.c]
allow combination of -N and -f
- markus@cvs.openbsd.org 2000/08/28 14:20:56
[util.c]
util.c
- markus@cvs.openbsd.org 2000/08/28 14:22:02
[util.c]
undo
- markus@cvs.openbsd.org 2000/08/28 14:23:38
[util.c]
don't complain if setting NONBLOCK fails with ENODEV
20000823
- (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4
Avoids "scp never exits" problem. Reports from Lutz Jaenicke
<Lutz.Jaenicke@aet.TU-Cottbus.DE> and Tamito KAJIYAMA
<kajiyama@grad.sccs.chukyo-u.ac.jp>
- (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
- (djm) Add local version to version.h
- (djm) Don't reseed arc4random everytime it is used
- (djm) OpenBSD CVS updates:
- deraadt@cvs.openbsd.org 2000/08/18 20:07:23
[ssh.c]
accept remsh as a valid name as well; roman@buildpoint.com
- deraadt@cvs.openbsd.org 2000/08/18 20:17:13
[deattack.c crc32.c packet.c]
rename crc32() to ssh_crc32() to avoid zlib name clash. do not move to
libz crc32 function yet, because it has ugly "long"'s in it;
oneill@cs.sfu.ca
- deraadt@cvs.openbsd.org 2000/08/18 20:26:08
[scp.1 scp.c]
-S prog support; tv@debian.org
- deraadt@cvs.openbsd.org 2000/08/18 20:50:07
[scp.c]
knf
- deraadt@cvs.openbsd.org 2000/08/18 20:57:33
[log-client.c]
shorten
- markus@cvs.openbsd.org 2000/08/19 12:48:11
[channels.c channels.h clientloop.c ssh.c ssh.h]
support for ~. in ssh2
- deraadt@cvs.openbsd.org 2000/08/19 15:29:40
[crc32.h]
proper prototype
- markus@cvs.openbsd.org 2000/08/19 15:34:44
[authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
[ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
[fingerprint.c fingerprint.h]
add SSH2/DSA support to the agent and some other DSA related cleanups.
(note that we cannot talk to ssh.com's ssh2 agents)
- markus@cvs.openbsd.org 2000/08/19 15:55:52
[channels.c channels.h clientloop.c]
more ~ support for ssh2
- markus@cvs.openbsd.org 2000/08/19 16:21:19
[clientloop.c]
oops
- millert@cvs.openbsd.org 2000/08/20 12:25:53
[session.c]
We have to stash the result of get_remote_name_or_ip() before we
close our socket or getpeername() will get EBADF and the process
will exit. Only a problem for "UseLogin yes".
- millert@cvs.openbsd.org 2000/08/20 12:30:59
[session.c]
Only check /etc/nologin if "UseLogin no" since login(1) may have its
own policy on determining who is allowed to login when /etc/nologin
is present. Also use the _PATH_NOLOGIN define.
- millert@cvs.openbsd.org 2000/08/20 12:42:43
[auth1.c auth2.c session.c ssh.c]
Add calls to setusercontext() and login_get*(). We basically call
setusercontext() in most places where previously we did a setlogin().
Add default login.conf file and put root in the "daemon" login class.
- millert@cvs.openbsd.org 2000/08/21 10:23:31
[session.c]
Fix incorrect PATH setting; noted by Markus.
20000818
- (djm) OpenBSD CVS changes:
- markus@cvs.openbsd.org 2000/07/22 03:14:37
[servconf.c servconf.h sshd.8 sshd.c sshd_config]
random early drop; ok theo, niels
- deraadt@cvs.openbsd.org 2000/07/26 11:46:51
[ssh.1]
typo
- deraadt@cvs.openbsd.org 2000/08/01 11:46:11
[sshd.8]
many fixes from pepper@mail.reppep.com
- provos@cvs.openbsd.org 2000/08/01 13:01:42
[Makefile.in util.c aux.c]
rename aux.c to util.c to help with cygwin port
- deraadt@cvs.openbsd.org 2000/08/02 00:23:31
[authfd.c]
correct sun_len; Alexander@Leidinger.net
- provos@cvs.openbsd.org 2000/08/02 10:27:17
[readconf.c sshd.8]
disable kerberos authentication by default
- provos@cvs.openbsd.org 2000/08/02 11:27:05
[sshd.8 readconf.c auth-krb4.c]
disallow kerberos authentication if we can't verify the TGT; from
dugsong@
kerberos authentication is on by default only if you have a srvtab.
- markus@cvs.openbsd.org 2000/08/04 14:30:07
[auth.c]
unused
- markus@cvs.openbsd.org 2000/08/04 14:30:35
[sshd_config]
MaxStartups
- markus@cvs.openbsd.org 2000/08/15 13:20:46
[authfd.c]
cleanup; ok niels@
- markus@cvs.openbsd.org 2000/08/17 14:05:10
[session.c]
cleanup login(1)-like jobs, no duplicate utmp entries
- markus@cvs.openbsd.org 2000/08/17 14:06:34
[session.c sshd.8 sshd.c]
sshd -u len, similar to telnetd
- (djm) Lastlog was not getting closed after writing login entry
- (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com>
20000816
- (djm) Replacement for inet_ntoa for Irix (which breaks on gcc)
- (djm) Fix strerror replacement for old SunOS. Based on patch from
Charles Levert <charles@comm.polymtl.ca>
- (djm) Seperate arc4random into seperate file and use OpenSSL's RC4
implementation.
- (djm) SUN_LEN macro for systems which lack it
20000815
- (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com>
- (djm) Avoid failures on Irix when ssh is not setuid. Fix from
Michael Stone <mstone@cs.loyola.edu>
- (djm) Don't seek in directory based lastlogs
- (djm) Fix --with-ipaddr-display configure option test. Patch from
Jarno Huuskonen <jhuuskon@messi.uku.fi>
- (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br>
20000813
- (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from
Fabrice bacchella <fabrice.bacchella@marchfirst.fr>
20000809
- (djm) Define AIX hard limits if headers don't. Report from
Bill Painter <william.t.painter@lmco.com>
- (djm) utmp direct write & SunOS 4 patch from Charles Levert
<charles@comm.polymtl.ca>
20000808
- (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
time, spec file cleanup.
20000807
- (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
- (djm) Suppress error messages on channel close shutdown() failurs
works around Linux bug. Patch from Zack Weinberg <zack@wolery.cumb.org>
- (djm) Add some more entropy collection commands from Lutz Jaenicke
20000725
- (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF
20000721
- (djm) OpenBSD CVS updates:
- markus@cvs.openbsd.org 2000/07/16 02:27:22
[authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
[sshconnect1.c sshconnect2.c]
make ssh-add accept dsa keys (the agent does not)
- djm@cvs.openbsd.org 2000/07/17 19:25:02
[sshd.c]
Another closing of stdin; ok deraadt
- markus@cvs.openbsd.org 2000/07/19 18:33:12
[dsa.c]
missing free, reorder
- markus@cvs.openbsd.org 2000/07/20 16:23:14
[ssh-keygen.1]
document input and output files
20000720
- (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>
20000716
- (djm) Release 2.1.1p4
2000-09-04 02:47:49 +02:00
|
|
|
DEPENDS+= openssl-0.9.5a:../../security/openssl
|
2000-07-22 10:21:59 +02:00
|
|
|
SSLBASE= ${LOCALBASE}
|
|
|
|
|
.else
|
|
|
|
|
SSLBASE= /usr
|
|
|
|
|
.endif
|
|
|
|
|
.else
|
2000-08-31 15:08:37 +02:00
|
|
|
DEPENDS+= openssl-0.9.5a:../../security/openssl
|
2000-07-22 10:21:59 +02:00
|
|
|
SSLBASE= ${LOCALBASE}
|
|
|
|
|
.endif
|
2000-03-27 01:57:31 +02:00
|
|
|
|
2000-03-26 16:36:24 +02:00
|
|
|
CONFLICTS= ssh-[0-9]* ssh6-[0-9]*
|
|
|
|
|
|
|
|
|
|
# retain the following line, for IPv6-ready pkgsrc webpage
|
|
|
|
|
BUILD_DEFS+= USE_INET6
|
2000-07-22 10:21:59 +02:00
|
|
|
BUILD_DEFS+= SSH_CONF_DIR
|
2000-08-19 00:46:29 +02:00
|
|
|
|
Clean this up, sync with the ssh package, and update to
1.2.2 (fixing PR 9304 by David Rankin <drankin@bohemians.lexington.ky.us>.
Changes:
20000125
- Fix NULL pointer dereference in login.c. Fix from Andre Lucas
<andre.lucas@dial.pipex.com>
- Reorder PAM initialisation so it does not mess up lastlog. Reported
by Andre Lucas <andre.lucas@dial.pipex.com>
- Use preformatted manpages on SCO, report from Gary E. Miller
<gem@rellim.com>
- New URL for x11-ssh-askpass.
- Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
<jmknoble@pobox.com>
- Added 'DESTDIR' option to Makefile to ease package building. Patch from
Jim Knoble <jmknoble@pobox.com>
- Updated RPM spec files to use DESTDIR
20000124
- Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
increment)
20000123
- OpenBSD CVS:
- [packet.c]
getsockname() requires initialized tolen; andy@guildsoftware.com
- AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
<drankin@bohemians.lexington.ky.us>
- Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
20000122
- Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
<bent@clark.net>
- Merge preformatted manpage patch from Andre Lucas
<andre.lucas@dial.pipex.com>
- Make IPv4 use the default in RPM packages
- Irix uses preformatted manpages
- Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
<Holger.Trapp@Informatik.TU-Chemnitz.DE>
- OpenBSD CVS updates:
- [packet.c]
use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
from Holger.Trapp@Informatik.TU-Chemnitz.DE
- [sshd.c]
log with level log() not fatal() if peer behaves badly.
- [readpass.c]
instead of blocking SIGINT, catch it ourselves, so that we can clean
the tty modes up and kill ourselves -- instead of our process group
leader (scp, cvs, ...) going away and leaving us in noecho mode.
people with cbreak shells never even noticed..
- [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
ie. -> i.e.,
20000120
- Don't use getaddrinfo on AIX
- Update to latest OpenBSD CVS:
- [auth-rsa.c]
- fix user/1056, sshd keeps restrictions; dbt@meat.net
- [sshconnect.c]
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- destroy keys earlier
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- [sshd.c]
- no need for poll.h; from bright@wintelcom.net
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- [sshd.c]
- no need for poll.h; from bright@wintelcom.net
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- Big manpage and config file cleanup from Andre Lucas
<andre.lucas@dial.pipex.com>
- Re-added latest (unmodified) OpenBSD manpages
- Doc updates
- NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
Christos Zoulas <christos@netbsd.org>
20000119
- SCO compile fixes from Gary E. Miller <gem@rellim.com>
- Compile fix from Darren_Hall@progressive.com
- Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
addresses using getaddrinfo(). Added a configure switch to make the
default lookup mode AF_INET
20000118
- Fixed --with-pid-dir option
- Makefile fix from Gary E. Miller <gem@rellim.com>
- Compile fix for HPUX and Solaris from Andre Lucas
<andre.lucas@dial.pipex.com>
2000-01-27 18:12:02 +01:00
|
|
|
DEINSTALL_FILE= ${WRKDIR}/DEINSTALL
|
2000-07-22 10:21:59 +02:00
|
|
|
INSTALL_FILE= ${WRKDIR}/INSTALL
|
2000-01-17 06:34:32 +01:00
|
|
|
|
2000-09-28 18:31:15 +02:00
|
|
|
# matches what's in `Configure' (except sparc64 and alpha, see PR 10984)
|
|
|
|
|
ONLY_FOR_PLATFORM= NetBSD-*-arm32 NetBSD-*-i386 \
|
2000-01-17 06:34:32 +01:00
|
|
|
NetBSD-*-m68k NetBSD-*-mips NetBSD-*-mipseb \
|
|
|
|
|
NetBSD-*-mipsel NetBSD-*-ns32k NetBSD-*-powerpc \
|
2001-01-10 16:10:59 +01:00
|
|
|
NetBSD-*-sparc NetBSD-*-vax SunOS-*-*
|
2000-01-17 06:34:32 +01:00
|
|
|
|
|
|
|
|
.include "../../mk/bsd.prefs.mk"
|
2000-07-22 10:21:59 +02:00
|
|
|
|
2000-01-17 06:34:32 +01:00
|
|
|
SSH_CONF_DIR?= /etc
|
2000-07-22 10:21:59 +02:00
|
|
|
|
2001-01-29 12:34:21 +01:00
|
|
|
MESSAGE_SUBST+= SSH_CONF_DIR=${SSH_CONF_DIR}
|
|
|
|
|
|
2000-07-22 10:21:59 +02:00
|
|
|
GNU_CONFIGURE= yes
|
|
|
|
|
CONFIGURE_ARGS+= --sysconfdir=${SSH_CONF_DIR}
|
|
|
|
|
CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE}
|
Clean this up, sync with the ssh package, and update to
1.2.2 (fixing PR 9304 by David Rankin <drankin@bohemians.lexington.ky.us>.
Changes:
20000125
- Fix NULL pointer dereference in login.c. Fix from Andre Lucas
<andre.lucas@dial.pipex.com>
- Reorder PAM initialisation so it does not mess up lastlog. Reported
by Andre Lucas <andre.lucas@dial.pipex.com>
- Use preformatted manpages on SCO, report from Gary E. Miller
<gem@rellim.com>
- New URL for x11-ssh-askpass.
- Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
<jmknoble@pobox.com>
- Added 'DESTDIR' option to Makefile to ease package building. Patch from
Jim Knoble <jmknoble@pobox.com>
- Updated RPM spec files to use DESTDIR
20000124
- Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
increment)
20000123
- OpenBSD CVS:
- [packet.c]
getsockname() requires initialized tolen; andy@guildsoftware.com
- AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
<drankin@bohemians.lexington.ky.us>
- Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
20000122
- Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
<bent@clark.net>
- Merge preformatted manpage patch from Andre Lucas
<andre.lucas@dial.pipex.com>
- Make IPv4 use the default in RPM packages
- Irix uses preformatted manpages
- Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
<Holger.Trapp@Informatik.TU-Chemnitz.DE>
- OpenBSD CVS updates:
- [packet.c]
use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
from Holger.Trapp@Informatik.TU-Chemnitz.DE
- [sshd.c]
log with level log() not fatal() if peer behaves badly.
- [readpass.c]
instead of blocking SIGINT, catch it ourselves, so that we can clean
the tty modes up and kill ourselves -- instead of our process group
leader (scp, cvs, ...) going away and leaving us in noecho mode.
people with cbreak shells never even noticed..
- [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
ie. -> i.e.,
20000120
- Don't use getaddrinfo on AIX
- Update to latest OpenBSD CVS:
- [auth-rsa.c]
- fix user/1056, sshd keeps restrictions; dbt@meat.net
- [sshconnect.c]
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- destroy keys earlier
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- [sshd.c]
- no need for poll.h; from bright@wintelcom.net
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- [sshd.c]
- no need for poll.h; from bright@wintelcom.net
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- Big manpage and config file cleanup from Andre Lucas
<andre.lucas@dial.pipex.com>
- Re-added latest (unmodified) OpenBSD manpages
- Doc updates
- NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
Christos Zoulas <christos@netbsd.org>
20000119
- SCO compile fixes from Gary E. Miller <gem@rellim.com>
- Compile fix from Darren_Hall@progressive.com
- Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
addresses using getaddrinfo(). Added a configure switch to make the
default lookup mode AF_INET
20000118
- Fixed --with-pid-dir option
- Makefile fix from Gary E. Miller <gem@rellim.com>
- Compile fix for HPUX and Solaris from Andre Lucas
<andre.lucas@dial.pipex.com>
2000-01-27 18:12:02 +01:00
|
|
|
|
2000-09-05 11:43:02 +02:00
|
|
|
# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
|
|
|
|
|
# on if it's part of the X11 distribution, or if it's installed from pkgsrc
|
|
|
|
|
# (security/ssh-askpass).
|
2000-08-11 07:19:42 +02:00
|
|
|
#
|
2000-09-05 11:43:02 +02:00
|
|
|
.if exists(${X11BASE}/bin/ssh-askpass)
|
|
|
|
|
MAKE_ENV+= ASKPASS_LOCATION=${X11BASE}/bin
|
|
|
|
|
.else
|
2000-08-11 07:19:42 +02:00
|
|
|
MAKE_ENV+= ASKPASS_LOCATION=${X11PREFIX}/bin
|
2000-09-05 11:43:02 +02:00
|
|
|
.endif
|
2000-08-11 07:19:42 +02:00
|
|
|
|
2001-01-10 17:05:52 +01:00
|
|
|
.if (${OPSYS} == SunOS)
|
2001-03-11 21:42:28 +01:00
|
|
|
DEPENDS+= zlib-*:../../devel/zlib
|
|
|
|
|
|
2001-01-10 17:05:52 +01:00
|
|
|
INSTALL_FILE= ${WRKDIR}/INSTALL.SunOS
|
|
|
|
|
PLIST_SRC= ${PKGDIR}/PLIST.SunOS
|
|
|
|
|
.endif
|
|
|
|
|
|
2000-05-31 17:32:44 +02:00
|
|
|
pre-configure:
|
2001-02-06 04:16:56 +01:00
|
|
|
cd ${WRKSRC} && ${LOCALBASE}/bin/autoreconf
|
2000-05-31 17:32:44 +02:00
|
|
|
|
Clean this up, sync with the ssh package, and update to
1.2.2 (fixing PR 9304 by David Rankin <drankin@bohemians.lexington.ky.us>.
Changes:
20000125
- Fix NULL pointer dereference in login.c. Fix from Andre Lucas
<andre.lucas@dial.pipex.com>
- Reorder PAM initialisation so it does not mess up lastlog. Reported
by Andre Lucas <andre.lucas@dial.pipex.com>
- Use preformatted manpages on SCO, report from Gary E. Miller
<gem@rellim.com>
- New URL for x11-ssh-askpass.
- Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
<jmknoble@pobox.com>
- Added 'DESTDIR' option to Makefile to ease package building. Patch from
Jim Knoble <jmknoble@pobox.com>
- Updated RPM spec files to use DESTDIR
20000124
- Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
increment)
20000123
- OpenBSD CVS:
- [packet.c]
getsockname() requires initialized tolen; andy@guildsoftware.com
- AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
<drankin@bohemians.lexington.ky.us>
- Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
20000122
- Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
<bent@clark.net>
- Merge preformatted manpage patch from Andre Lucas
<andre.lucas@dial.pipex.com>
- Make IPv4 use the default in RPM packages
- Irix uses preformatted manpages
- Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
<Holger.Trapp@Informatik.TU-Chemnitz.DE>
- OpenBSD CVS updates:
- [packet.c]
use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
from Holger.Trapp@Informatik.TU-Chemnitz.DE
- [sshd.c]
log with level log() not fatal() if peer behaves badly.
- [readpass.c]
instead of blocking SIGINT, catch it ourselves, so that we can clean
the tty modes up and kill ourselves -- instead of our process group
leader (scp, cvs, ...) going away and leaving us in noecho mode.
people with cbreak shells never even noticed..
- [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
ie. -> i.e.,
20000120
- Don't use getaddrinfo on AIX
- Update to latest OpenBSD CVS:
- [auth-rsa.c]
- fix user/1056, sshd keeps restrictions; dbt@meat.net
- [sshconnect.c]
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- destroy keys earlier
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- [sshd.c]
- no need for poll.h; from bright@wintelcom.net
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- [sshd.c]
- no need for poll.h; from bright@wintelcom.net
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- Big manpage and config file cleanup from Andre Lucas
<andre.lucas@dial.pipex.com>
- Re-added latest (unmodified) OpenBSD manpages
- Doc updates
- NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
Christos Zoulas <christos@netbsd.org>
20000119
- SCO compile fixes from Gary E. Miller <gem@rellim.com>
- Compile fix from Darren_Hall@progressive.com
- Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
addresses using getaddrinfo(). Added a configure switch to make the
default lookup mode AF_INET
20000118
- Fixed --with-pid-dir option
- Makefile fix from Gary E. Miller <gem@rellim.com>
- Compile fix for HPUX and Solaris from Andre Lucas
<andre.lucas@dial.pipex.com>
2000-01-27 18:12:02 +01:00
|
|
|
post-build:
|
2000-07-22 10:21:59 +02:00
|
|
|
for FILE in \
|
|
|
|
|
${PKGDIR}/DEINSTALL \
|
|
|
|
|
${PKGDIR}/INSTALL \
|
2001-01-10 17:05:52 +01:00
|
|
|
${PKGDIR}/INSTALL.SunOS \
|
2000-07-22 10:21:59 +02:00
|
|
|
${FILESDIR}/sshd.sh; \
|
|
|
|
|
do \
|
|
|
|
|
${SED} -e 's#@SSH_CONF_DIR@#${SSH_CONF_DIR}#g' \
|
|
|
|
|
-e 's#@PREFIX@#${PREFIX}#g' \
|
2001-01-10 17:05:52 +01:00
|
|
|
-e 's#@INSTALL_DATA@#${INSTALL_DATA}#g' \
|
2000-07-22 10:21:59 +02:00
|
|
|
< $${FILE} > ${WRKDIR}/`basename $${FILE}`; \
|
Clean this up, sync with the ssh package, and update to
1.2.2 (fixing PR 9304 by David Rankin <drankin@bohemians.lexington.ky.us>.
Changes:
20000125
- Fix NULL pointer dereference in login.c. Fix from Andre Lucas
<andre.lucas@dial.pipex.com>
- Reorder PAM initialisation so it does not mess up lastlog. Reported
by Andre Lucas <andre.lucas@dial.pipex.com>
- Use preformatted manpages on SCO, report from Gary E. Miller
<gem@rellim.com>
- New URL for x11-ssh-askpass.
- Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
<jmknoble@pobox.com>
- Added 'DESTDIR' option to Makefile to ease package building. Patch from
Jim Knoble <jmknoble@pobox.com>
- Updated RPM spec files to use DESTDIR
20000124
- Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
increment)
20000123
- OpenBSD CVS:
- [packet.c]
getsockname() requires initialized tolen; andy@guildsoftware.com
- AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
<drankin@bohemians.lexington.ky.us>
- Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
20000122
- Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
<bent@clark.net>
- Merge preformatted manpage patch from Andre Lucas
<andre.lucas@dial.pipex.com>
- Make IPv4 use the default in RPM packages
- Irix uses preformatted manpages
- Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
<Holger.Trapp@Informatik.TU-Chemnitz.DE>
- OpenBSD CVS updates:
- [packet.c]
use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
from Holger.Trapp@Informatik.TU-Chemnitz.DE
- [sshd.c]
log with level log() not fatal() if peer behaves badly.
- [readpass.c]
instead of blocking SIGINT, catch it ourselves, so that we can clean
the tty modes up and kill ourselves -- instead of our process group
leader (scp, cvs, ...) going away and leaving us in noecho mode.
people with cbreak shells never even noticed..
- [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
ie. -> i.e.,
20000120
- Don't use getaddrinfo on AIX
- Update to latest OpenBSD CVS:
- [auth-rsa.c]
- fix user/1056, sshd keeps restrictions; dbt@meat.net
- [sshconnect.c]
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- destroy keys earlier
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- [sshd.c]
- no need for poll.h; from bright@wintelcom.net
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- [sshd.c]
- no need for poll.h; from bright@wintelcom.net
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- Big manpage and config file cleanup from Andre Lucas
<andre.lucas@dial.pipex.com>
- Re-added latest (unmodified) OpenBSD manpages
- Doc updates
- NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
Christos Zoulas <christos@netbsd.org>
20000119
- SCO compile fixes from Gary E. Miller <gem@rellim.com>
- Compile fix from Darren_Hall@progressive.com
- Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
addresses using getaddrinfo(). Added a configure switch to make the
default lookup mode AF_INET
20000118
- Fixed --with-pid-dir option
- Makefile fix from Gary E. Miller <gem@rellim.com>
- Compile fix for HPUX and Solaris from Andre Lucas
<andre.lucas@dial.pipex.com>
2000-01-27 18:12:02 +01:00
|
|
|
done
|
|
|
|
|
|
2000-12-08 09:52:35 +01:00
|
|
|
pre-install:
|
|
|
|
|
PKG_PREFIX=${PREFIX} ${SH} ${INSTALL_FILE} ${PKGNAME} PRE-INSTALL
|
|
|
|
|
|
Clean this up, sync with the ssh package, and update to
1.2.2 (fixing PR 9304 by David Rankin <drankin@bohemians.lexington.ky.us>.
Changes:
20000125
- Fix NULL pointer dereference in login.c. Fix from Andre Lucas
<andre.lucas@dial.pipex.com>
- Reorder PAM initialisation so it does not mess up lastlog. Reported
by Andre Lucas <andre.lucas@dial.pipex.com>
- Use preformatted manpages on SCO, report from Gary E. Miller
<gem@rellim.com>
- New URL for x11-ssh-askpass.
- Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
<jmknoble@pobox.com>
- Added 'DESTDIR' option to Makefile to ease package building. Patch from
Jim Knoble <jmknoble@pobox.com>
- Updated RPM spec files to use DESTDIR
20000124
- Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
increment)
20000123
- OpenBSD CVS:
- [packet.c]
getsockname() requires initialized tolen; andy@guildsoftware.com
- AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
<drankin@bohemians.lexington.ky.us>
- Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
20000122
- Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
<bent@clark.net>
- Merge preformatted manpage patch from Andre Lucas
<andre.lucas@dial.pipex.com>
- Make IPv4 use the default in RPM packages
- Irix uses preformatted manpages
- Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
<Holger.Trapp@Informatik.TU-Chemnitz.DE>
- OpenBSD CVS updates:
- [packet.c]
use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
from Holger.Trapp@Informatik.TU-Chemnitz.DE
- [sshd.c]
log with level log() not fatal() if peer behaves badly.
- [readpass.c]
instead of blocking SIGINT, catch it ourselves, so that we can clean
the tty modes up and kill ourselves -- instead of our process group
leader (scp, cvs, ...) going away and leaving us in noecho mode.
people with cbreak shells never even noticed..
- [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
ie. -> i.e.,
20000120
- Don't use getaddrinfo on AIX
- Update to latest OpenBSD CVS:
- [auth-rsa.c]
- fix user/1056, sshd keeps restrictions; dbt@meat.net
- [sshconnect.c]
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- destroy keys earlier
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- [sshd.c]
- no need for poll.h; from bright@wintelcom.net
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- [sshd.c]
- no need for poll.h; from bright@wintelcom.net
- disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
- split key exchange (kex) and user authentication (user-auth),
ok: provos@
- Big manpage and config file cleanup from Andre Lucas
<andre.lucas@dial.pipex.com>
- Re-added latest (unmodified) OpenBSD manpages
- Doc updates
- NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
Christos Zoulas <christos@netbsd.org>
20000119
- SCO compile fixes from Gary E. Miller <gem@rellim.com>
- Compile fix from Darren_Hall@progressive.com
- Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
addresses using getaddrinfo(). Added a configure switch to make the
default lookup mode AF_INET
20000118
- Fixed --with-pid-dir option
- Makefile fix from Gary E. Miller <gem@rellim.com>
- Compile fix for HPUX and Solaris from Andre Lucas
<andre.lucas@dial.pipex.com>
2000-01-27 18:12:02 +01:00
|
|
|
post-install:
|
2000-09-20 06:49:19 +02:00
|
|
|
${INSTALL_SCRIPT} ${WRKDIR}/sshd.sh ${PREFIX}/etc/rc.d/sshd
|
2000-07-22 10:21:59 +02:00
|
|
|
PKG_PREFIX=${PREFIX} ${SH} ${INSTALL_FILE} ${PKGNAME} POST-INSTALL
|
2000-01-17 06:34:32 +01:00
|
|
|
|
|
|
|
|
.include "../../mk/bsd.pkg.mk"
|
