svn commit: r315920 - in head/security/openssh-portable: . files

Philip M. Gollucci pgollucci at p6m7g8.com
Wed Apr 17 18:43:31 UTC 2013


Thank you!


On Wed, Apr 17, 2013 at 12:35 AM, Bryan Drewery <bdrewery at freebsd.org>wrote:

> Author: bdrewery
> Date: Wed Apr 17 00:35:31 2013
> New Revision: 315920
> URL: http://svnweb.freebsd.org/changeset/ports/315920
>
> Log:
>   - Remove compatibiliy for FreeBSD <4.x
>     * /var/empty has been in hier(7) since 4.x
>     * User sshd has been in base since 4.x
>     * Simplify a patch for realhostname_sa(3) usage
>   - Remove SUID_SSH - It was removed from ssh in 2002
>   - Fix 'make test'
>   - Add some hints into the patches on where they came from
>   - Mirror all patches
>   - Move LPK patch out of files/
>   - Remove the need for 2 patches
>     * Removal of 'host-key check-config' in install phase
>     * Adding -lutil
>   - Add SCTP support [1]
>   - Remove FILECONTROL as it has not been supported since the 5.8
>     update
>   - Replace tab with space pkg-descr
>   - Remove default WRKSRC
>   - Add 'configtest' command to rc script
>   - Mark X509 broken with other patches due to PATCH_DIST_STRIP=-p1
>
>   PR:           ports/174570 [1]
>   Submitted by: oleg <proler at gmail.com> [1]
>   Obtained from:        https://bugzilla.mindrot.org/show_bug.cgi?id=2016(upstream) [1]
>   Feature safe: yes
>
> Deleted:
>   head/security/openssh-portable/files/extra-patch-configure
>   head/security/openssh-portable/files/openssh-lpk-5.8p2.patch
>   head/security/openssh-portable/files/patch-Makefile.in
> Modified:
>   head/security/openssh-portable/Makefile
>   head/security/openssh-portable/distinfo
>   head/security/openssh-portable/files/openssh.in
>   head/security/openssh-portable/files/patch-auth.c
>   head/security/openssh-portable/files/patch-auth1.c
>   head/security/openssh-portable/files/patch-auth2.c
>   head/security/openssh-portable/files/patch-loginrec.c
>   head/security/openssh-portable/files/patch-readconf.c
>   head/security/openssh-portable/files/patch-servconf.c
>   head/security/openssh-portable/files/patch-session.c
>   head/security/openssh-portable/files/patch-ssh-agent.c
>   head/security/openssh-portable/files/patch-ssh.c
>   head/security/openssh-portable/files/patch-ssh_config
>   head/security/openssh-portable/files/patch-ssh_config.5
>   head/security/openssh-portable/files/patch-sshd.8
>   head/security/openssh-portable/files/patch-sshd.c
>   head/security/openssh-portable/files/patch-sshd_config
>   head/security/openssh-portable/files/patch-sshd_config.5
>   head/security/openssh-portable/pkg-descr
>   head/security/openssh-portable/pkg-plist
>
> Modified: head/security/openssh-portable/Makefile
>
> ==============================================================================
> --- head/security/openssh-portable/Makefile     Tue Apr 16 23:29:04 2013
>      (r315919)
> +++ head/security/openssh-portable/Makefile     Wed Apr 17 00:35:31 2013
>      (r315920)
> @@ -13,8 +13,6 @@ PKGNAMESUFFIX=        -portable
>  MAINTAINER=    bdrewery at FreeBSD.org
>  COMMENT=       The portable version of OpenBSD's OpenSSH
>
> -WRKSRC=                ${WRKDIR}/${PORTNAME}-${DISTVERSION}
> -
>  MAN1=  sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1
>  MLINKS=        ssh.1 slogin.1
>  MAN5=  moduli.5 ssh_config.5 sshd_config.5
> @@ -22,7 +20,12 @@ MAN8=        sftp-server.8 sshd.8 ssh-keysign.8
>
>  CONFLICTS?=            openssh-3.* ssh-1.* ssh2-3.*
>
> +# XXX: ports/52706 will allow using DEFAULT,x509,gsskex here.
> +PATCH_SITES+=          http://mirror.shatow.net/freebsd/${PORTNAME}/ \
> +
> http://mirror.shatow.net/freebsd/${PORTNAME}/:x509,gsskex
> +
>  USE_PERL5_BUILD=       yes
> +USE_AUTOTOOLS=         autoconf autoheader
>  USE_OPENSSL=           yes
>  GNU_CONFIGURE=         yes
>  CONFIGURE_ENV=         ac_cv_func_strnvis=no
> @@ -36,37 +39,46 @@ ETCOLD=                     ${PREFIX}/etc
>  SUDO?=         # empty
>  MAKE_ENV+=     SUDO="${SUDO}"
>
> -OPTIONS_DEFINE=                PAM TCP_WRAPPERS LIBEDIT SUID_SSH BSM
> KERBEROS \
> -                       KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509
> FILECONTROL \
> -                       OVERWRITE_BASE
> +OPTIONS_DEFINE=                PAM TCP_WRAPPERS LIBEDIT BSM KERBEROS \
> +                       KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 \
> +                       OVERWRITE_BASE SCTP
>  OPTIONS_DEFAULT=       LIBEDIT PAM TCP_WRAPPERS
>  TCP_WRAPPERS_DESC=     Enable tcp_wrappers support
> -SUID_SSH_DESC=         Enable suid SSH (Recommended off)
>  BSM_DESC=              Enable OpenBSM Auditing
>  KERB_GSSAPI_DESC=      Enable Kerberos/GSSAPI patch (req: GSSAPI)
>  OPENSSH_CHROOT_DESC=   Enable CHROOT support
>  HPN_DESC=              Enable HPN-SSH patch
>  LPK_DESC=              Enable LDAP Public Key (LPK) patch
>  X509_DESC=             Enable x509 certificate patch
> -FILECONTROL_DESC=      Enable file control patch (broken)
> +SCTP_DESC=             Enable SCTP support
>  OVERWRITE_BASE_DESC=   OpenSSH overwrite base
>
>  .include <bsd.port.pre.mk>
>
>  .if ${OSVERSION} >= 900000
> -EXTRA_PATCHES= ${FILESDIR}/extra-patch-configure
> +CONFIGURE_LIBS+=       -lutil
>  .endif
>
>  .if ${OSVERSION} >= 900007
>  CONFIGURE_ARGS+=       --disable-utmp --disable-wtmp --disable-wtmpx
> --without-lastlog
>  .endif
>
> -.if ${PORT_OPTIONS:MX509} && ${PORT_OPTIONS:MHPN}
> -BROKEN=                X509 patches and HPN patches do not apply cleanly
> together
> -.endif
> +.if ${PORT_OPTIONS:MX509}
> +.  if ${PORT_OPTIONS:MHPN}
> +BROKEN=                X509 patch and HPN patch do not apply cleanly
> together
> +.  endif
>
> -.if ${PORT_OPTIONS:MX509} && ${PORT_OPTIONS:MKERB_GSSAPI}
> +.  if ${PORT_OPTIONS:MKERB_GSSAPI}
>  BROKEN=                X509 patch incompatible with KERB_GSSAPI patch
> +.  endif
> +
> +.  if ${PORT_OPTIONS:MSCTP}
> +BROKEN=                X509 patch and SCTP patch do not apply cleanly
> together
> +.  endif
> +
> +.  if ${PORT_OPTIONS:MLPK}
> +BROKEN=                X509 patch and LPK patch do not apply cleanly
> together
> +.  endif
>  .endif
>
>  .if defined(OPENSSH_OVERWRITE_BASE)
> @@ -85,10 +97,6 @@ CONFIGURE_ARGS+=     --with-tcp-wrappers
>  CONFIGURE_ARGS+=       --with-libedit
>  .endif
>
> -.if !${PORT_OPTIONS:MSUID_SSH}
> -CONFIGURE_ARGS+=       --disable-suid-ssh
> -.endif
> -
>  .if ${PORT_OPTIONS:MBSM}
>  CONFIGURE_ARGS+=       --with-audit=bsm
>  .endif
> @@ -97,8 +105,8 @@ CONFIGURE_ARGS+=     --with-audit=bsm
>  CONFIGURE_ARGS+=       --with-kerberos5
>  LIB_DEPENDS+=          krb5.3:${PORTSDIR}/security/krb5
>  .if ${PORT_OPTIONS:MKERB_GSSAPI}
> -PATCH_SITES+=          http://www.sxw.org.uk/computing/patches/
> -PATCHFILES+=           openssh-5.7p1-gsskex-all-20110125.patch
> +PATCH_SITES+=          http://www.sxw.org.uk/computing/patches/:gsskex
> +PATCHFILES+=           openssh-5.7p1-gsskex-all-20110125.patch:gsskex
>  PATCH_DIST_STRIP=
>  .endif
>  .if ${OPENSSLBASE} == "/usr"
> @@ -115,8 +123,8 @@ CONFIGURE_ARGS+=    --with-ssl-dir=${OPENSS
>  CFLAGS+=               -DCHROOT
>  .endif
>
> +# http://www.psc.edu/index.php/hpn-ssh
>  .if ${PORT_OPTIONS:MHPN}
> -PATCH_SITES+=          http://mirror.shatow.net/freebsd/${PORTNAME}/
>  PATCHFILES+=           ${PORTNAME}-5.8p1-hpn13v11.diff.gz
>  PATCH_DIST_STRIP=
>  .endif
> @@ -125,19 +133,19 @@ PATCH_DIST_STRIP=
>  # and svn repo described here:
>  # http://code.google.com/p/openssh-lpk/source/checkout
>  .if ${PORT_OPTIONS:MLPK}
> -EXTRA_PATCHES+=                ${FILESDIR}/openssh-lpk-5.8p2.patch
> +PATCHFILES+=           ${PORTNAME}-lpk-5.8p2.patch.gz
>  USE_OPENLDAP=          yes
>  CPPFLAGS+=             -I${LOCALBASE}/include
>  CONFIGURE_ARGS+=       --with-ldap=yes \
> -                       --with-libs='-lldap' \
>                         --with-ldflags='-L${LOCALBASE}/lib' \
>                         --with-cppflags='${CPPFLAGS}'
> +CONFIGURE_LIBS+=       -lldap
>  .endif
>
>  # See http://www.roumenpetrov.info/openssh/
>  .if ${PORT_OPTIONS:MX509}
> -PATCH_SITES+=          http://www.roumenpetrov.info/openssh/x509-7.0/
> -PATCHFILES+=           ${PORTNAME}-5.8p1+x509-7.0.diff.gz
> +PATCH_SITES+=
> http://www.roumenpetrov.info/openssh/x509-7.0/:x509
> +PATCHFILES+=           ${PORTNAME}-5.8p1+x509-7.0.diff.gz:x509
>  PATCH_DIST_STRIP=      -p1
>  PLIST_SUB+=            X509=""
>  MAN5+=                 ssh_engine.5
> @@ -145,33 +153,24 @@ MAN5+=                    ssh_engine.5
>  PLIST_SUB+=            X509="@comment "
>  .endif
>
> -# See http://sftpfilecontrol.sourceforge.net/
> -.if ${PORT_OPTIONS:MFILECONTROL}
> -# Latest sftpfilecontrol patch is against 5.4p1 which does not apply
> -# cleanly against 5.8p2, but it's close.
> -BROKEN=                        latest upstream sftp file control public
> key patch is not up to date for OpenSSH 5.8p2
> -EXTRA_PATCHES+=
>  ${FILESDIR}/openssh-${DISTVERSION}.sftpfilecontrol-v1.3.patch
> +# See https://bugzilla.mindrot.org/show_bug.cgi?id=2016
> +.if ${PORT_OPTIONS:MSCTP}
> +PATCHFILES+=           ${PORTNAME}-sctp-2163.patch.gz
> +CONFIGURE_ARGS+=       --with-sctp
>  .endif
>
> +EMPTYDIR=              /var/empty
> +
>  .if ${PORT_OPTIONS:MOVERWRITE_BASE}
>  WITH_OPENSSL_BASE=     yes
>  CONFIGURE_ARGS+=       --localstatedir=/var
> -EMPTYDIR=              /var/empty
>  PREFIX=                        /usr
>  ETCSSH=                        /etc/ssh
>  USE_RCORDER=           openssh
>  PLIST_SUB+=            NOTBASE="@comment "
>  PLIST_SUB+=            BASE=""
>  PLIST_SUB+=            BASEPREFIX="${PREFIX}"
> -PLIST_SUB+=            ERASEEMPTY="@comment "
>  .else
> -.if exists(/var/empty)
> -EMPTYDIR=              /var/empty
> -PLIST_SUB+=            ERASEEMPTY="@comment "
> -.else
> -EMPTYDIR=              ${PREFIX}/empty
> -PLIST_SUB+=            ERASEEMPTY=""
> -.endif
>  ETCSSH=                        ${PREFIX}/etc/ssh
>  USE_RC_SUBR=           openssh
>  PLIST_SUB+=            NOTBASE=""
> @@ -180,13 +179,16 @@ PLIST_SUB+=               BASE="@comment "
>
>  # After all
>  SUB_LIST+=             ETCSSH="${ETCSSH}"
> -PLIST_SUB+=            EMPTYDIR="${EMPTYDIR}"
>  CONFIGURE_ARGS+=       --sysconfdir=${ETCSSH}
> --with-privsep-path=${EMPTYDIR}
> +.if !empty(CONFIGURE_LIBS)
> +CONFIGURE_ARGS+=       --with-libs='${CONFIGURE_LIBS}'
> +.endif
>
>  RC_SCRIPT_NAME=                openssh
>
>  post-patch:
>         @${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure
> +       @${REINPLACE_CMD} -e 's|install: \(.*\) host-key
> check-config|install: \1|g' ${WRKSRC}/Makefile.in
>         @${REINPLACE_CMD} -e 's|%%PREFIX%%|${LOCALBASE}|' \
>                 -e 's|%%RC_SCRIPT_NAME%%|${RC_SCRIPT_NAME}|'
> ${WRKSRC}/sshd.8
>         @${REINPLACE_CMD} -E -e 's|SSH_VERSION|TMP_SSH_VERSION|' \
> @@ -203,10 +205,6 @@ post-patch:
>  .endif
>
>  pre-su-install:
> -       @${MKDIR} ${EMPTYDIR}
> -       if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi
> -       if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \
> -               -h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege
> separation"; fi
>  .if !exists(${ETCSSH})
>         @${MKDIR} ${ETCSSH}
>  .endif
> @@ -224,7 +222,7 @@ post-install:
>         @${CAT} ${PKGMESSAGE}
>
>  test:  build
> -       (cd ${WRKSRC}/regress && ${SETENV} ${MAKE_ENV} TEST_SHELL=/bin/sh \
> +       (cd ${WRKSRC}/regress && ${SETENV} OBJ=${WRKDIR} ${MAKE_ENV}
> TEST_SHELL=/bin/sh \
>                 PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
>                 ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS})
>
>
> Modified: head/security/openssh-portable/distinfo
>
> ==============================================================================
> --- head/security/openssh-portable/distinfo     Tue Apr 16 23:29:04 2013
>      (r315919)
> +++ head/security/openssh-portable/distinfo     Wed Apr 17 00:35:31 2013
>      (r315920)
> @@ -6,3 +6,7 @@ SHA256 (openssh-5.8p1+x509-7.0.diff.gz)
>  SIZE (openssh-5.8p1+x509-7.0.diff.gz) = 184277
>  SHA256 (openssh-5.7p1-gsskex-all-20110125.patch) =
> bfdc72c3d7d5d4f9f8a78b649988dff8fad780cfa72bad4a69eb94c54de9a359
>  SIZE (openssh-5.7p1-gsskex-all-20110125.patch) = 91889
> +SHA256 (openssh-lpk-5.8p2.patch.gz) =
> 718221d13a09fdf5be857cc4b349e61698c42ae47bd357bd5c83f331d490c6c7
> +SIZE (openssh-lpk-5.8p2.patch.gz) = 17822
> +SHA256 (openssh-sctp-2163.patch.gz) =
> 86ac3a59119c9c26193334d8ba7c3be9f143209080e4f8a2a00577c24c0c9e03
> +SIZE (openssh-sctp-2163.patch.gz) = 6764
>
> Modified: head/security/openssh-portable/files/openssh.in
>
> ==============================================================================
> --- head/security/openssh-portable/files/openssh.in     Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/openssh.in     Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -25,9 +25,11 @@ load_rc_config ${name}
>  : ${openssh_skipportscheck="NO"}
>
>  command=%%PREFIX%%/sbin/sshd
> -extra_commands="reload keygen"
> +extra_commands="configtest reload keygen"
>  start_precmd="${name}_checks"
> +reload_precmd="${name}_configtest"
>  restart_precmd="${name}_checks"
> +configtest_cmd="${name}_configtest"
>  keygen_cmd="${name}_keygen"
>  pidfile=${openssh_pidfile:="/var/run/sshd.pid"}
>
> @@ -137,6 +139,12 @@ openssh_check_same_ports(){
>      fi
>  }
>
> +openssh_configtest()
> +{
> +       echo "Performing sanity check on ${name} configuration."
> +       eval ${command} ${openssh_flags} -t
> +}
> +
>  openssh_checks()
>  {
>         if checkyesno sshd_enable ; then
> @@ -146,7 +154,7 @@ openssh_checks()
>         fi
>
>         run_rc_command keygen
> -       eval "${command} -t"
> +       openssh_configtest
>  }
>
>  run_rc_command "$1"
>
> Modified: head/security/openssh-portable/files/patch-auth.c
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-auth.c   Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-auth.c   Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,3 +1,12 @@
> +r100838 | fanf | 2002-07-28 19:36:24 -0500 (Sun, 28 Jul 2002) | 7 lines
> +Changed paths:
> +   M /head/crypto/openssh/auth.c
> +
> +Use login_getpwclass() instead of login_getclass() so that the root
> +vs. default login class distinction is made correctly.
> +
> +PR:             37416
> +
>  --- auth.c.orig        2010-08-12 11:33:01.000000000 -0600
>  +++ auth.c     2010-09-14 16:14:12.000000000 -0600
>  @@ -594,7 +594,7 @@
>
> Modified: head/security/openssh-portable/files/patch-auth1.c
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-auth1.c  Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-auth1.c  Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,3 +1,20 @@
> +r56266 | dinoex | 2002-03-17 14:24:24 -0600 (Sun, 17 Mar 2002) | 4 lines
> +Changed paths:
> +   M /head/security/hpn-ssh/Makefile
> +   M /head/security/hpn-ssh/files/patch-auth.c
> +   A /head/security/hpn-ssh/files/patch-auth1.c
> +   A /head/security/hpn-ssh/files/patch-auth2.c
> +   M /head/security/hpn-ssh/files/patch-session.c
> +   M /head/security/openssh-portable/Makefile
> +   M /head/security/openssh-portable/files/patch-auth.c
> +   A /head/security/openssh-portable/files/patch-auth1.c
> +   A /head/security/openssh-portable/files/patch-auth2.c
> +   M /head/security/openssh-portable/files/patch-session.c
> +
> +Merged patches for HAVE_LOGIN_CAP from stable
> +
> +PR:             35904
> +
>  --- auth1.c.orig       2010-06-25 18:01:33.000000000 -0600
>  +++ auth1.c    2010-09-14 16:14:12.000000000 -0600
>  @@ -40,6 +40,7 @@
>
> Modified: head/security/openssh-portable/files/patch-auth2.c
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-auth2.c  Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-auth2.c  Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,3 +1,20 @@
> +r56266 | dinoex | 2002-03-17 14:24:24 -0600 (Sun, 17 Mar 2002) | 4 lines
> +Changed paths:
> +   M /head/security/hpn-ssh/Makefile
> +   M /head/security/hpn-ssh/files/patch-auth.c
> +   A /head/security/hpn-ssh/files/patch-auth1.c
> +   A /head/security/hpn-ssh/files/patch-auth2.c
> +   M /head/security/hpn-ssh/files/patch-session.c
> +   M /head/security/openssh-portable/Makefile
> +   M /head/security/openssh-portable/files/patch-auth.c
> +   A /head/security/openssh-portable/files/patch-auth1.c
> +   A /head/security/openssh-portable/files/patch-auth2.c
> +   M /head/security/openssh-portable/files/patch-session.c
> +
> +Merged patches for HAVE_LOGIN_CAP from stable
> +
> +PR:             35904
> +
>  --- auth2.c.orig       2009-06-22 00:11:07.000000000 -0600
>  +++ auth2.c    2010-09-14 16:14:12.000000000 -0600
>  @@ -46,6 +46,7 @@
>
> Modified: head/security/openssh-portable/files/patch-loginrec.c
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-loginrec.c       Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-loginrec.c       Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,26 +1,28 @@
> ---- loginrec.c.orig    2010-04-09 02:13:27.000000000 -0600
> -+++ loginrec.c 2010-09-14 16:14:12.000000000 -0600
> -@@ -179,6 +179,9 @@
> - #ifdef HAVE_UTIL_H
> - # include <util.h>
> - #endif
> -+#ifdef __FreeBSD__
> -+#include <osreldate.h>
> -+#endif
> -
> - #ifdef HAVE_LIBUTIL_H
> - # include <libutil.h>
> -@@ -693,8 +696,13 @@
> +r63028 | dinoex | 2002-07-15 15:08:01 -0500 (Mon, 15 Jul 2002) | 6 lines
> +
> +- Fix Problem with HAVE_HOST_IN_UTMP
> +- update monitor.c
> +
> +PR:             40576
> +Submitted by:   lxv at a-send-pr.sink.omut.org
> +
> +r99768 | des | 2002-07-11 05:36:10 -0500 (Thu, 11 Jul 2002) | 6 lines
> +
> +Use realhostname_sa(3) so the IP address will be used instead of the
> +hostname if the latter is too long for utmp.
> +
> +Submitted by:   ru
> +
> +--- loginrec.c.orig    2013-04-14 08:28:40.482762815 -0500
> ++++ loginrec.c 2013-04-14 08:29:03.723757797 -0500
> +@@ -694,8 +694,8 @@
>         strncpy(ut->ut_name, li->username,
>             MIN_SIZEOF(ut->ut_name, li->username));
>   # ifdef HAVE_HOST_IN_UTMP
> -+# if defined(__FreeBSD__) && __FreeBSD_version < 400000
> -       strncpy(ut->ut_host, li->hostname,
> -           MIN_SIZEOF(ut->ut_host, li->hostname));
> -+# else
> +-      strncpy(ut->ut_host, li->hostname,
> +-          MIN_SIZEOF(ut->ut_host, li->hostname));
>  +      realhostname_sa(ut->ut_host, sizeof ut->ut_host,
>  +          &li->hostaddr.sa, li->hostaddr.sa.sa_len);
> -+# endif
>   # endif
>   # ifdef HAVE_ADDR_IN_UTMP
>         /* this is just a 32-bit IP address */
>
> Modified: head/security/openssh-portable/files/patch-readconf.c
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-readconf.c       Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-readconf.c       Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,3 +1,11 @@
> +r99048 | des | 2002-06-29 05:51:56 -0500 (Sat, 29 Jun 2002) | 4 lines
> +Changed paths:
> +   M /head/crypto/openssh/myproposal.h
> +   M /head/crypto/openssh/readconf.c
> +   M /head/crypto/openssh/servconf.c
> +
> +Apply FreeBSD's configuration defaults.
> +
>  --- readconf.c.orig    2010-08-03 00:04:46.000000000 -0600
>  +++ readconf.c 2010-09-14 16:14:12.000000000 -0600
>  @@ -1169,7 +1169,7 @@
>
> Modified: head/security/openssh-portable/files/patch-servconf.c
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-servconf.c       Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-servconf.c       Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,3 +1,11 @@
> +r99048 | des | 2002-06-29 05:51:56 -0500 (Sat, 29 Jun 2002) | 4 lines
> +Changed paths:
> +   M /head/crypto/openssh/myproposal.h
> +   M /head/crypto/openssh/readconf.c
> +   M /head/crypto/openssh/servconf.c
> +
> +Apply FreeBSD's configuration defaults.
> +
>  --- servconf.c.orig    2010-06-25 17:38:45.000000000 -0600
>  +++ servconf.c 2010-09-14 16:14:12.000000000 -0600
>  @@ -139,7 +139,7 @@
>
> Modified: head/security/openssh-portable/files/patch-session.c
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-session.c        Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-session.c        Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,3 +1,20 @@
> +r56266 | dinoex | 2002-03-17 14:24:24 -0600 (Sun, 17 Mar 2002) | 4 lines
> +Changed paths:
> +   M /head/security/hpn-ssh/Makefile
> +   M /head/security/hpn-ssh/files/patch-auth.c
> +   A /head/security/hpn-ssh/files/patch-auth1.c
> +   A /head/security/hpn-ssh/files/patch-auth2.c
> +   M /head/security/hpn-ssh/files/patch-session.c
> +   M /head/security/openssh-portable/Makefile
> +   M /head/security/openssh-portable/files/patch-auth.c
> +   A /head/security/openssh-portable/files/patch-auth1.c
> +   A /head/security/openssh-portable/files/patch-auth2.c
> +   M /head/security/openssh-portable/files/patch-session.c
> +
> +Merged patches for HAVE_LOGIN_CAP from stable
> +
> +PR:             35904
> +
>  --- session.c.orig     2011-07-21 18:55:33.883559116 +0200
>  +++ session.c  2011-07-21 19:02:17.789294035 +0200
>  @@ -896,6 +896,24 @@
>
> Modified: head/security/openssh-portable/files/patch-ssh-agent.c
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-ssh-agent.c      Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-ssh-agent.c      Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,3 +1,7 @@
> +r110506 | des | 2003-02-07 09:48:27 -0600 (Fri, 07 Feb 2003) | 4 lines
> +
> +Set the ruid to the euid at startup as a workaround for a bug in pam_ssh.
> +
>  --- ssh-agent.c.orig   2010-04-15 23:56:22.000000000 -0600
>  +++ ssh-agent.c        2010-09-14 16:14:13.000000000 -0600
>  @@ -1086,6 +1086,7 @@
>
> Modified: head/security/openssh-portable/files/patch-ssh.c
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-ssh.c    Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-ssh.c    Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,6 +1,10 @@
>  $FreeBSD$
>
> -Make the same change to use the canonical hostname as the base FreeBSD
> ssh.
> +r99054 | des | 2002-06-29 05:57:53 -0500 (Sat, 29 Jun 2002) | 4 lines
> +Changed paths:
> +   M /head/crypto/openssh/ssh.c
> +
> +Canonicize the host name before looking it up in the host file.
>
>  --- ssh.c.orig 2010-08-16 09:59:31.000000000 -0600
>  +++ ssh.c      2010-08-25 17:55:01.000000000 -0600
>
> Modified: head/security/openssh-portable/files/patch-ssh_config
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-ssh_config       Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-ssh_config       Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,3 +1,8 @@
> +r100678 | fanf | 2002-07-25 10:59:40 -0500 (Thu, 25 Jul 2002) | 5 lines
> +
> +Document the FreeBSD default for CheckHostIP, which was changed in
> +rev 1.2 of readconf.c.
> +
>  --- ssh_config.orig    2010-01-12 01:40:27.000000000 -0700
>  +++ ssh_config 2010-09-14 16:14:13.000000000 -0600
>  @@ -27,7 +27,7 @@
>
> Modified: head/security/openssh-portable/files/patch-ssh_config.5
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-ssh_config.5     Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-ssh_config.5     Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,3 +1,8 @@
> +r100678 | fanf | 2002-07-25 10:59:40 -0500 (Thu, 25 Jul 2002) | 5 lines
> +
> +Document the FreeBSD default for CheckHostIP, which was changed in
> +rev 1.2 of readconf.c.
> +
>  --- ssh_config.5.orig  2010-08-04 21:03:13.000000000 -0600
>  +++ ssh_config.5       2010-09-14 16:14:13.000000000 -0600
>  @@ -164,7 +164,7 @@
>
> Modified: head/security/openssh-portable/files/patch-sshd.8
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-sshd.8   Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-sshd.8   Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,3 +1,5 @@
> +Document FreeBSD/port-specific paths
> +
>  --- sshd.8.orig        2010-08-04 21:03:13.000000000 -0600
>  +++ sshd.8     2010-09-14 16:14:14.000000000 -0600
>  @@ -70,7 +70,7 @@
>
> Modified: head/security/openssh-portable/files/patch-sshd.c
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-sshd.c   Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-sshd.c   Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,3 +1,13 @@
> +r109683 | des | 2003-01-22 08:12:59 -0600 (Wed, 22 Jan 2003) | 7 lines
> +Changed paths:
> +   M /head/crypto/openssh/sshd.c
> +
> +Force early initialization of the resolver library, since the resolver
> +configuration files will no longer be available once sshd is chrooted.
> +
> +PR:             39953, 40894
> +Submitted by:   dinoex
> +
>  --- sshd.c.orig        2010-04-15 23:56:22.000000000 -0600
>  +++ sshd.c     2010-09-14 16:14:13.000000000 -0600
>  @@ -83,6 +83,13 @@
>
> Modified: head/security/openssh-portable/files/patch-sshd_config
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-sshd_config      Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-sshd_config      Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,3 +1,10 @@
> +r99051 | des | 2002-06-29 05:55:18 -0500 (Sat, 29 Jun 2002) | 4 lines
> +Changed paths:
> +   M /head/crypto/openssh/ssh_config
> +   M /head/crypto/openssh/sshd_config
> +
> +Document FreeBSD defaults.
> +
>  --- sshd_config.orig   2009-10-11 04:51:09.000000000 -0600
>  +++ sshd_config        2010-09-14 16:14:13.000000000 -0600
>  @@ -36,7 +36,7 @@
>
> Modified: head/security/openssh-portable/files/patch-sshd_config.5
>
> ==============================================================================
> --- head/security/openssh-portable/files/patch-sshd_config.5    Tue Apr 16
> 23:29:04 2013        (r315919)
> +++ head/security/openssh-portable/files/patch-sshd_config.5    Wed Apr 17
> 00:35:31 2013        (r315920)
> @@ -1,3 +1,5 @@
> +Document defaults
> +
>  --- sshd_config.5.orig 2010-07-01 21:37:17.000000000 -0600
>  +++ sshd_config.5      2010-08-31 05:27:27.000000000 -0600
>  @@ -223,7 +223,9 @@
>
> Modified: head/security/openssh-portable/pkg-descr
>
> ==============================================================================
> --- head/security/openssh-portable/pkg-descr    Tue Apr 16 23:29:04 2013
>      (r315919)
> +++ head/security/openssh-portable/pkg-descr    Wed Apr 17 00:35:31 2013
>      (r315920)
> @@ -12,4 +12,4 @@ are not synchronized. Portable releases
>  The official OpenBSD source will never use the 'p' suffix, but will
> instead
>  increment the version number when they hit 'stable spots' in their
> development.
>
> -WWW:   http://www.openssh.org/portable.html
> +WWW: http://www.openssh.org/portable.html
>
> Modified: head/security/openssh-portable/pkg-plist
>
> ==============================================================================
> --- head/security/openssh-portable/pkg-plist    Tue Apr 16 23:29:04 2013
>      (r315919)
> +++ head/security/openssh-portable/pkg-plist    Wed Apr 17 00:35:31 2013
>      (r315920)
> @@ -24,7 +24,3 @@ sbin/sshd
>  libexec/sftp-server
>  libexec/ssh-keysign
>  libexec/ssh-pkcs11-helper
> - at exec if [ ! -d %%EMPTYDIR%% ]; then mkdir -p %%EMPTYDIR%% ; fi
> -%%ERASEEMPTY%%@dirrm empty
> - at exec if ! pw groupshow sshd 2>/dev/null; then pw groupadd sshd -g 22; fi
> - at exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u
> 22 -h - -d %%EMPTYDIR%% -s /nonexistent -c "sshd privilege separation"; fi
>



-- 
---------------------------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70  3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci at p6m7g8.com) c: 703.336.9354
Member,                           Apache Software Foundation
Committer,                        FreeBSD Foundation
Consultant,                       P6M7G8 Inc.
Director Operations,      Ridecharge Inc.

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.


More information about the svn-ports-head mailing list