svn commit: r484825 - in branches/2018Q4/security/openssh-portable: . files
Bryan Drewery
bdrewery at FreeBSD.org
Mon Nov 12 21:06:50 UTC 2018
Author: bdrewery
Date: Mon Nov 12 21:06:47 2018
New Revision: 484825
URL: https://svnweb.freebsd.org/changeset/ports/484825
Log:
MFH: r484765 r484823 r484824
Update to 7.9p1.
- Fixes build on 12, head, and openssl-devel.
- GSSAPI and HPN are currently marked BROKEN as I don't want to block
the main update for anyone.
http://www.openssh.com/txt/release-7.8
http://www.openssh.com/txt/release-7.9
- Fix HPN for 7.9p1
- DOCS is required for HPN but it's not exclusively a flavor so needs to be
in the default list.
- Fix a build-time OpenSSL version comparison [1]
PR: 233157 [1]
Reported by: Robert Schulze <rs at bytecamp.net> [1]
Obtained from: upstream c0a35265907533be10ca151ac797f34ae0d68969 [1]
- Update KERB_GSSAPI for 7.9p1
Approved by: portmgr (implicit)
Added:
branches/2018Q4/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969
- copied unchanged from r484823, head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969
branches/2018Q4/security/openssh-portable/files/patch-serverloop.c
- copied unchanged from r484765, head/security/openssh-portable/files/patch-serverloop.c
Deleted:
branches/2018Q4/security/openssh-portable/files/patch-341727df910e12e26ef161508ed76d91c40a61eb
branches/2018Q4/security/openssh-portable/files/patch-85fe48fd49f2e81fa30902841b362cfbb7f1933b
branches/2018Q4/security/openssh-portable/files/patch-868afa68469de50d8a43e5daf867d7c624a34d20
branches/2018Q4/security/openssh-portable/files/patch-b81b2d120e9c8a83489e241620843687758925ad
branches/2018Q4/security/openssh-portable/files/patch-f5baa36ba79a6e8c534fb4e0a00f2614ccc42ea6
branches/2018Q4/security/openssh-portable/files/patch-misc.c
Modified:
branches/2018Q4/security/openssh-portable/Makefile
branches/2018Q4/security/openssh-portable/distinfo
branches/2018Q4/security/openssh-portable/files/extra-patch-hpn
branches/2018Q4/security/openssh-portable/files/extra-patch-hpn-compat
branches/2018Q4/security/openssh-portable/files/extra-patch-tcpwrappers
branches/2018Q4/security/openssh-portable/files/patch-auth2.c
branches/2018Q4/security/openssh-portable/files/patch-session.c
Directory Properties:
branches/2018Q4/ (props changed)
Modified: branches/2018Q4/security/openssh-portable/Makefile
==============================================================================
--- branches/2018Q4/security/openssh-portable/Makefile Mon Nov 12 21:04:05 2018 (r484824)
+++ branches/2018Q4/security/openssh-portable/Makefile Mon Nov 12 21:06:47 2018 (r484825)
@@ -2,8 +2,8 @@
# $FreeBSD$
PORTNAME= openssh
-DISTVERSION= 7.7p1
-PORTREVISION= 6
+DISTVERSION= 7.9p1
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= security ipv6
MASTER_SITES= OPENBSD/OpenSSH/portable
@@ -26,20 +26,16 @@ CONFIGURE_ARGS= --prefix=${PREFIX} --with-md5-passwor
ETCOLD= ${PREFIX}/etc
-BROKEN_SSL= openssl-devel
-BROKEN_SSL_REASON_openssl-devel= error: OpenSSL >= 1.1.0 is not yet supported
-
FLAVORS= default hpn
default_CONFLICTS_INSTALL= openssl-portable-hpn
hpn_CONFLICTS_INSTALL= openssh-portable
hpn_PKGNAMESUFFIX= -portable-hpn
-OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT BSM \
+OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \
HPN X509 KERB_GSSAPI \
LDNS NONECIPHER XMSS
OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS
.if ${FLAVOR:U} == hpn
-OPTIONS_DEFINE+= DOCS
OPTIONS_DEFAULT+= HPN NONECIPHER
.endif
OPTIONS_RADIO= KERBEROS
@@ -70,10 +66,10 @@ HPN_CONFIGURE_WITH= hpn
NONECIPHER_CONFIGURE_WITH= nonecipher
# See http://www.roumenpetrov.info/openssh/
-X509_VERSION= 11.3.2
+X509_VERSION= 11.5
X509_PATCH_SITES= http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509
X509_EXTRA_PATCHES+= ${FILESDIR}/extra-patch-x509-glue
-X509_PATCHFILES= ${PORTNAME}-7.7p1+x509-${X509_VERSION}.diff.gz:-p1:x509
+X509_PATCHFILES= ${PORTNAME}-7.9p1+x509-${X509_VERSION}.diff.gz:-p1:x509
MIT_LIB_DEPENDS= libkrb5.so.3:security/krb5
HEIMDAL_LIB_DEPENDS= libkrb5.so.26:security/heimdal
@@ -113,7 +109,7 @@ PATCHFILES+= openssh-7.7p1-gsskex-all-20141021-debian-
# https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1
.if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
-#BROKEN= HPN: Not yet updated for ${DISTVERSION} and disabled in base
+#BROKEN= HPN: Not yet updated for ${DISTVERSION} yet.
PORTDOCS+= HPN-README
HPN_VERSION= 14v15
HPN_DISTVERSION= 7.7p1
Modified: branches/2018Q4/security/openssh-portable/distinfo
==============================================================================
--- branches/2018Q4/security/openssh-portable/distinfo Mon Nov 12 21:04:05 2018 (r484824)
+++ branches/2018Q4/security/openssh-portable/distinfo Mon Nov 12 21:06:47 2018 (r484825)
@@ -1,7 +1,7 @@
-TIMESTAMP = 1524589531
-SHA256 (openssh-7.7p1.tar.gz) = d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f
-SIZE (openssh-7.7p1.tar.gz) = 1536900
-SHA256 (openssh-7.7p1+x509-11.3.2.diff.gz) = f0549007b2bdb99c41d83e622b6504365a3fa0a5ac22e3d0755c89cb0e29a02f
-SIZE (openssh-7.7p1+x509-11.3.2.diff.gz) = 492142
-SHA256 (openssh-7.7p1-gsskex-all-20141021-debian-rh-20171004.patch.gz) = c58f10ed5d9550e6e4ac09898a1aa131321e69c4d65a742ab95d357b35576ef4
-SIZE (openssh-7.7p1-gsskex-all-20141021-debian-rh-20171004.patch.gz) = 27251
+TIMESTAMP = 1541877994
+SHA256 (openssh-7.9p1.tar.gz) = 6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad
+SIZE (openssh-7.9p1.tar.gz) = 1565384
+SHA256 (openssh-7.9p1+x509-11.5.diff.gz) = 1d15099ce54614f158f10f55b6b4992d915353f92a05e179a64b0655650c00bb
+SIZE (openssh-7.9p1+x509-11.5.diff.gz) = 594995
+SHA256 (openssh-7.9p1-gsskex-all-20141021-debian-rh-20181020.patch.gz) = a9fe46bc97ebb6f32dad44c6e62e712b224392463b2084300835736fe848eabc
+SIZE (openssh-7.9p1-gsskex-all-20141021-debian-rh-20181020.patch.gz) = 27612
Modified: branches/2018Q4/security/openssh-portable/files/extra-patch-hpn
==============================================================================
--- branches/2018Q4/security/openssh-portable/files/extra-patch-hpn Mon Nov 12 21:04:05 2018 (r484824)
+++ branches/2018Q4/security/openssh-portable/files/extra-patch-hpn Mon Nov 12 21:06:47 2018 (r484825)
@@ -1064,9 +1064,9 @@ diff -urN -x configure -x config.guess -x config.h.in
#define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */
#define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */
#define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */
---- work/openssh-7.7p1/sshconnect.c.orig 2018-04-01 22:38:28.000000000 -0700
-+++ work/openssh-7.7p1/sshconnect.c 2018-06-26 15:55:19.103812000 -0700
-@@ -337,7 +337,32 @@ check_ifaddrs(const char *ifname, int af, const struct
+--- work/openssh/sshconnect.c.orig 2018-10-16 17:01:20.000000000 -0700
++++ work/openssh/sshconnect.c 2018-11-12 09:04:24.340706000 -0800
+@@ -327,7 +327,32 @@ check_ifaddrs(const char *ifname, int af, const struct
}
#endif
@@ -1096,10 +1096,10 @@ diff -urN -x configure -x config.guess -x config.h.in
+#endif
+
+/*
- * Creates a (possibly privileged) socket for use as the ssh connection.
+ * Creates a socket for use as the ssh connection.
*/
static int
-@@ -359,6 +384,11 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
+@@ -349,6 +374,11 @@ ssh_create_socket(struct addrinfo *ai)
}
fcntl(sock, F_SETFD, FD_CLOEXEC);
@@ -1109,9 +1109,9 @@ diff -urN -x configure -x config.guess -x config.h.in
+#endif
+
/* Bind the socket to an alternative local IP address */
- if (options.bind_address == NULL && options.bind_interface == NULL &&
- !privileged)
-@@ -637,8 +667,14 @@ static void
+ if (options.bind_address == NULL && options.bind_interface == NULL)
+ return sock;
+@@ -608,8 +638,14 @@ static void
send_client_banner(int connection_out, int minor1)
{
/* Send our own protocol version identification. */
@@ -1128,8 +1128,8 @@ diff -urN -x configure -x config.guess -x config.h.in
if (atomicio(vwrite, connection_out, client_version_string,
strlen(client_version_string)) != strlen(client_version_string))
fatal("write: %.100s", strerror(errno));
---- work/openssh-7.7p1/sshconnect2.c.orig 2018-04-01 22:38:28.000000000 -0700
-+++ work/openssh-7.7p1/sshconnect2.c 2018-06-27 17:11:17.543893000 -0700
+--- work/openssh/sshconnect2.c.orig 2018-10-16 17:01:20.000000000 -0700
++++ work/openssh/sshconnect2.c 2018-11-12 09:06:06.338515000 -0800
@@ -81,7 +81,13 @@
extern char *client_version_string;
extern char *server_version_string;
@@ -1144,7 +1144,7 @@ diff -urN -x configure -x config.guess -x config.h.in
/*
* SSH2 key exchange
*/
-@@ -154,14 +160,17 @@ order_hostkeyalgs(char *host, struct sockaddr *hostadd
+@@ -154,10 +160,11 @@ order_hostkeyalgs(char *host, struct sockaddr *hostadd
return ret;
}
@@ -1154,16 +1154,18 @@ diff -urN -x configure -x config.guess -x config.h.in
ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
{
- char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
- char *s;
+ char *s, *all_key;
struct kex *kex;
int r;
-
-+ memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
-+
+@@ -165,6 +172,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_shor
xxx_host = host;
xxx_hostaddr = hostaddr;
-@@ -409,6 +418,30 @@ ssh_userauth2(const char *local_user, const char *serv
++ memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
+ if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
+ fatal("%s: kex_names_cat", __func__);
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
+@@ -412,6 +420,30 @@ ssh_userauth2(const char *local_user, const char *serv
if (!authctxt.success)
fatal("Authentication failed.");
Modified: branches/2018Q4/security/openssh-portable/files/extra-patch-hpn-compat
==============================================================================
--- branches/2018Q4/security/openssh-portable/files/extra-patch-hpn-compat Mon Nov 12 21:04:05 2018 (r484824)
+++ branches/2018Q4/security/openssh-portable/files/extra-patch-hpn-compat Mon Nov 12 21:06:47 2018 (r484825)
@@ -31,12 +31,12 @@ r294563 was incomplete; re-add the client-side options
{ NULL, oBadOption }
};
---- servconf.c.orig 2017-10-02 12:34:26.000000000 -0700
-+++ servconf.c 2017-10-12 12:20:19.089884000 -0700
-@@ -618,6 +618,10 @@ static struct {
- { "disableforwarding", sDisableForwarding, SSHCFG_ALL },
+--- servconf.c.orig 2018-10-16 17:01:20.000000000 -0700
++++ servconf.c 2018-11-10 11:32:09.835817000 -0800
+@@ -645,6 +645,10 @@ static struct {
{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
{ "rdomain", sRDomain, SSHCFG_ALL },
+ { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
+ { "noneenabled", sUnsupported, SSHCFG_ALL },
+ { "hpndisabled", sDeprecated, SSHCFG_ALL },
+ { "hpnbuffersize", sDeprecated, SSHCFG_ALL },
Modified: branches/2018Q4/security/openssh-portable/files/extra-patch-tcpwrappers
==============================================================================
--- branches/2018Q4/security/openssh-portable/files/extra-patch-tcpwrappers Mon Nov 12 21:04:05 2018 (r484824)
+++ branches/2018Q4/security/openssh-portable/files/extra-patch-tcpwrappers Mon Nov 12 21:06:47 2018 (r484825)
@@ -85,11 +85,11 @@ index 0ade557..045f149 100644
laddr = get_local_ipaddr(sock_in);
diff --git configure.ac configure.ac
index f48ba4a..66fbe82 100644
---- configure.ac
-+++ configure.ac
-@@ -1380,6 +1380,62 @@ AC_ARG_WITH([skey],
- ]
- )
+--- configure.ac.orig 2018-10-16 17:01:20.000000000 -0700
++++ configure.ac 2018-11-10 11:29:32.626326000 -0800
+@@ -1493,6 +1493,62 @@ else
+ AC_MSG_RESULT([no])
+ fi
+# Check whether user wants TCP wrappers support
+TCPW_MSG="no"
@@ -150,11 +150,11 @@ index f48ba4a..66fbe82 100644
# Check whether user wants to use ldns
LDNS_MSG="no"
AC_ARG_WITH(ldns,
-@@ -4803,6 +4859,7 @@ echo " KerberosV support: $KRB5_MSG"
+@@ -5305,6 +5361,7 @@ echo " PAM support: $PAM_MSG"
+ echo " OSF SIA support: $SIA_MSG"
+ echo " KerberosV support: $KRB5_MSG"
echo " SELinux support: $SELINUX_MSG"
- echo " Smartcard support: $SCARD_MSG"
- echo " S/KEY support: $SKEY_MSG"
+echo " TCP Wrappers support: $TCPW_MSG"
echo " MD5 password support: $MD5_MSG"
echo " libedit support: $LIBEDIT_MSG"
- echo " Solaris process contract support: $SPC_MSG"
+ echo " libldns support: $LDNS_MSG"
Modified: branches/2018Q4/security/openssh-portable/files/patch-auth2.c
==============================================================================
--- branches/2018Q4/security/openssh-portable/files/patch-auth2.c Mon Nov 12 21:04:05 2018 (r484824)
+++ branches/2018Q4/security/openssh-portable/files/patch-auth2.c Mon Nov 12 21:06:47 2018 (r484825)
@@ -5,31 +5,32 @@ Changed paths:
Apply class-imposed login restrictions.
---- auth2.c.orig 2017-03-19 19:39:27.000000000 -0700
-+++ auth2.c 2017-03-20 11:52:27.960733000 -0700
-@@ -47,6 +47,7 @@
- #include "key.h"
+--- auth2.c.orig 2018-10-16 17:01:20.000000000 -0700
++++ auth2.c 2018-11-10 11:35:07.816193000 -0800
+@@ -48,6 +48,7 @@
+ #include "sshkey.h"
#include "hostfile.h"
#include "auth.h"
+#include "canohost.h"
#include "dispatch.h"
#include "pathnames.h"
- #include "buffer.h"
-@@ -217,6 +218,13 @@ input_userauth_request(int type, u_int32
- Authmethod *m = NULL;
+ #include "sshbuf.h"
+@@ -258,7 +259,14 @@ input_userauth_request(int type, u_int32_t seq, struct
char *user, *service, *method, *style = NULL;
int authenticated = 0;
+ double tstart = monotime_double();
+#ifdef HAVE_LOGIN_CAP
+ login_cap_t *lc;
+ const char *from_host, *from_ip;
-+
+
+ from_host = auth_get_canonical_hostname(ssh, options.use_dns);
+ from_ip = ssh_remote_ipaddr(ssh);
+#endif
-
++
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
-@@ -266,6 +274,27 @@ input_userauth_request(int type, u_int32
+
+@@ -307,6 +315,27 @@ input_userauth_request(int type, u_int32_t seq, struct
"(%s,%s) -> (%s,%s)",
authctxt->user, authctxt->service, user, service);
}
@@ -55,5 +56,5 @@ Apply class-imposed login restrictions.
+#endif /* HAVE_LOGIN_CAP */
+
/* reset state */
- auth2_challenge_stop(authctxt);
+ auth2_challenge_stop(ssh);
Copied: branches/2018Q4/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 (from r484823, head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2018Q4/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 Mon Nov 12 21:06:47 2018 (r484825, copy of r484823, head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969)
@@ -0,0 +1,19 @@
+commit c0a35265907533be10ca151ac797f34ae0d68969
+Author: Damien Miller <djm at mindrot.org>
+Date: Mon Oct 22 11:22:50 2018 +1100
+
+ fix compile for openssl 1.0.x w/ --with-ssl-engine
+
+ bz#2921, patch from cotequeiroz
+
+--- openbsd-compat/openssl-compat.c.orig 2018-11-12 12:52:26 UTC
++++ openbsd-compat/openssl-compat.c
+@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void)
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+
+-#if OPENSSL_VERSION_NUMBER < 0x10001000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ OPENSSL_config(NULL);
+ #else
+ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
Copied: branches/2018Q4/security/openssh-portable/files/patch-serverloop.c (from r484765, head/security/openssh-portable/files/patch-serverloop.c)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2018Q4/security/openssh-portable/files/patch-serverloop.c Mon Nov 12 21:06:47 2018 (r484825, copy of r484765, head/security/openssh-portable/files/patch-serverloop.c)
@@ -0,0 +1,43 @@
+------------------------------------------------------------------------
+r181918 | des | 2008-08-20 05:40:07 -0500 (Wed, 20 Aug 2008) | 6 lines
+Changed paths:
+ M /head/crypto/openssh/readconf.c
+
+Use net.inet.ip.portrange.reservedhigh instead of IPPORT_RESERVED.
+Submitted upstream, no reaction.
+
+Submitted by: delphij@
+[rewritten for 7.4 by bdrewery@]
+
+--- serverloop.c.orig 2018-11-10 11:38:16.728617000 -0800
++++ serverloop.c 2018-11-10 11:38:19.497300000 -0800
+@@ -55,6 +55,8 @@
+ #include <unistd.h>
+ #include <stdarg.h>
+
++#include <sys/sysctl.h>
++
+ #include "openbsd-compat/sys-queue.h"
+ #include "xmalloc.h"
+ #include "packet.h"
+@@ -109,7 +111,19 @@ bind_permitted(int port, uid_t uid)
+ {
+ if (use_privsep)
+ return 1; /* allow system to decide */
+- if (port < IPPORT_RESERVED && uid != 0)
++ int ipport_reserved;
++#ifdef __FreeBSD__
++ size_t len_ipport_reserved = sizeof(ipport_reserved);
++
++ if (sysctlbyname("net.inet.ip.portrange.reservedhigh",
++ &ipport_reserved, &len_ipport_reserved, NULL, 0) != 0)
++ ipport_reserved = IPPORT_RESERVED;
++ else
++ ipport_reserved++;
++#else
++ ipport_reserved = IPPORT_RESERVED;
++#endif
++ if (port < ipport_reserved && uid != 0)
+ return 0;
+ return 1;
+ }
Modified: branches/2018Q4/security/openssh-portable/files/patch-session.c
==============================================================================
--- branches/2018Q4/security/openssh-portable/files/patch-session.c Mon Nov 12 21:04:05 2018 (r484824)
+++ branches/2018Q4/security/openssh-portable/files/patch-session.c Mon Nov 12 21:06:47 2018 (r484825)
@@ -10,9 +10,9 @@ Reviewed by: ache
Sponsored by: DARPA, NAI Labs
---- session.c.orig 2018-04-01 22:38:28.000000000 -0700
-+++ session.c 2018-04-03 13:56:49.599400000 -0700
-@@ -982,6 +982,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+--- session.c.orig 2018-10-16 17:01:20.000000000 -0700
++++ session.c 2018-11-10 11:45:14.645263000 -0800
+@@ -1020,6 +1020,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
struct passwd *pw = s->pw;
#if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
char *path = NULL;
@@ -22,7 +22,7 @@ Sponsored by: DARPA, NAI Labs
#endif
/* Initialize the environment. */
-@@ -1003,6 +1006,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+@@ -1041,6 +1044,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
}
#endif
@@ -32,7 +32,7 @@ Sponsored by: DARPA, NAI Labs
#ifdef GSSAPI
/* Allow any GSSAPI methods that we've used to alter
* the childs environment as they see fit
-@@ -1020,11 +1026,21 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+@@ -1058,11 +1064,21 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
#endif
child_set_env(&env, &envsize, "HOME", pw->pw_dir);
@@ -58,7 +58,7 @@ Sponsored by: DARPA, NAI Labs
#else /* HAVE_LOGIN_CAP */
# ifndef HAVE_CYGWIN
/*
-@@ -1044,15 +1060,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+@@ -1082,14 +1098,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
# endif /* HAVE_CYGWIN */
#endif /* HAVE_LOGIN_CAP */
@@ -70,11 +70,10 @@ Sponsored by: DARPA, NAI Labs
- if (getenv("TZ"))
- child_set_env(&env, &envsize, "TZ", getenv("TZ"));
--
- /* Set custom environment options from pubkey authentication. */
- if (options.permit_user_env) {
- for (n = 0 ; n < auth_opts->nenv; n++) {
-@@ -1331,7 +1341,7 @@ do_setusercontext(struct passwd *pw)
+ if (s->term)
+ child_set_env(&env, &envsize, "TERM", s->term);
+ if (s->display)
+@@ -1389,7 +1400,7 @@ do_setusercontext(struct passwd *pw)
if (platform_privileged_uidswap()) {
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid,
More information about the svn-ports-all
mailing list