Attachment #181011 for bug #217962

View | Details | Raw Unified | Return to bug 217962
Collapse All | Expand All




# $FreeBSD$

PORTNAME=	openssh
DISTVERSION=	7.5p1
PORTREVISION=	1
PORTEPOCH=	1
CATEGORIES=	security ipv6
MASTER_SITES=	OPENBSD/OpenSSH/portable


CONFLICTS?=		openssh-3.* ssh-1.* ssh2-3.* openssh-portable-devel-*

USES=			alias autoreconf ncurses ssl
USE_AUTOTOOLS=		autoconf autoheader
GNU_CONFIGURE=		yes
CONFIGURE_ENV=		ac_cv_func_strnvis=no
CONFIGURE_ARGS=		--prefix=${PREFIX} --with-md5-passwords \

Lines 1-9 Link Here

(-)security/openssh-portable/distinfo (-9 / +3 lines)
1	TIMESTAMP = 1484161900	1	TIMESTAMP = 1490017286
2	SHA256 (openssh-7.4p1.tar.gz) = 1b1fc4a14e2024293181924ed24872e6f2e06293f3e8926a376b8aec481f19d1	2	SHA256 (openssh-7.5p1.tar.gz) = 9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0
3	SIZE (openssh-7.4p1.tar.gz) = 1511780	3	SIZE (openssh-7.5p1.tar.gz) = 1510857
4	SHA256 (openssh-7.2_p1-sctp.patch.gz) = fb67e3e23f39fabf44ef198e3e19527417c75c9352747547448512032365dbfc
5	SIZE (openssh-7.2_p1-sctp.patch.gz) = 8501
6	SHA256 (openssh-7.4p1+x509-9.3.diff.gz) = 1d3fd23b3d02a3baad50890bf5498ef01af6dab6375da0aeb00a0d59fd3ac9ee
7	SIZE (openssh-7.4p1+x509-9.3.diff.gz) = 446572
8	SHA256 (openssh-7.4p1-gsskex-all-20141021-debian-rh-20161228.patch.gz) = f77ac434e6914814bc2f16d1581efd74baedaa86f1249a3cee00566d458c5f6b
9	SIZE (openssh-7.4p1-gsskex-all-20141021-debian-rh-20161228.patch.gz) = 27091





Apply class-imposed login restrictions.

--- auth2.c.orig	2017-03-20 02:39:27 UTC
+++ auth2.c
@@ -47,6 +47,7 @@
 #include "key.h"
 #include "hostfile.h"
 #include "auth.h"

 #include "dispatch.h"
 #include "pathnames.h"
 #include "buffer.h"
@@ -217,6 +218,13 @@ input_userauth_request(int type, u_int32
 	Authmethod *m = NULL;
 	char *user, *service, *method, *style = NULL;
 	int authenticated = 0;
+#ifdef HAVE_LOGIN_CAP
+	struct ssh *ssh = active_state; /* XXX */
+	login_cap_t *lc;
+	const char *from_host, *from_ip;
+

 
 	if (authctxt == NULL)
 		fatal("input_userauth_request: no authctxt");
@@ -266,6 +274,27 @@ input_userauth_request(int type, u_int32
 		    "(%s,%s) -> (%s,%s)",
 		    authctxt->user, authctxt->service, user, service);
 	}

Lines 9-15 Link Here

(-)security/openssh-portable/pkg-plist (-1 / +1 lines)
9	@sample %%ETCDIR%%/ssh_config.sample	9	@sample %%ETCDIR%%/ssh_config.sample
10	@sample %%ETCDIR%%/sshd_config.sample	10	@sample %%ETCDIR%%/sshd_config.sample
11	%%X509%%@dir %%ETCDIR%%/ca	11	%%X509%%@dir %%ETCDIR%%/ca
12	@exec if [ -f %D/%%ETCDIR%%/ssh_host_ecdsa_key ] && grep -q DSA %D/%%ETCDIR%%/ssh_host_ecdsa_key; then echo; echo "\!/ Warning \!/"; echo; echo "Your %D/%%ETCDIR%%/ssh_host_ecdsa_key is not a valid ECDSA key. It is incorrectly"; echo "a DSA key due to a bug fixed in 2012 in the security/openssh-portable port."; echo; echo "Regenerate a proper one with: rm -f %D/%%ETCDIR%%/ssh_host_ecdsa_key*; service openssh restart"; echo; echo "Clients should not see any key change warning since the ECDSA was not valid and was not actually"; echo "used by the server."; echo; echo "\!/ Warning \!/"; fi	12	@postexec if [ -f %D/%%ETCDIR%%/ssh_host_ecdsa_key ] && grep -q DSA %D/%%ETCDIR%%/ssh_host_ecdsa_key; then echo; echo "\!/ Warning \!/"; echo; echo "Your %D/%%ETCDIR%%/ssh_host_ecdsa_key is not a valid ECDSA key. It is incorrectly"; echo "a DSA key due to a bug fixed in 2012 in the security/openssh-portable port."; echo; echo "Regenerate a proper one with: rm -f %D/%%ETCDIR%%/ssh_host_ecdsa_key*; service openssh restart"; echo; echo "Clients should not see any key change warning since the ECDSA was not valid and was not actually"; echo "used by the server."; echo; echo "\!/ Warning \!/"; fi
13	sbin/sshd	13	sbin/sshd
14	libexec/sftp-server	14	libexec/sftp-server
15	libexec/ssh-keysign	15	libexec/ssh-keysign

Return to bug 217962

Lines 2-9 Link Here

(-)security/openssh-portable/Makefile (-4 / +2 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= openssh	4	PORTNAME= openssh
5	DISTVERSION= 7.4p1	5	DISTVERSION= 7.5p1
6	PORTREVISION= 1
7	PORTEPOCH= 1	6	PORTEPOCH= 1
8	CATEGORIES= security ipv6	7	CATEGORIES= security ipv6
9	MASTER_SITES= OPENBSD/OpenSSH/portable	8	MASTER_SITES= OPENBSD/OpenSSH/portable
Lines 17-24 Link Here
17		16
18	CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.* openssh-portable-devel-*	17	CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.* openssh-portable-devel-*
19		18
20	USES= alias ncurses ssl	19	USES= alias autoreconf ncurses ssl
21	USE_AUTOTOOLS= autoconf autoheader
22	GNU_CONFIGURE= yes	20	GNU_CONFIGURE= yes
23	CONFIGURE_ENV= ac_cv_func_strnvis=no	21	CONFIGURE_ENV= ac_cv_func_strnvis=no
24	CONFIGURE_ARGS= --prefix=${PREFIX} --with-md5-passwords \	22	CONFIGURE_ARGS= --prefix=${PREFIX} --with-md5-passwords \

Lines 5-13 Link Here

(-)security/openssh-portable/files/patch-auth2.c (-6 / +5 lines)
5		5
6	Apply class-imposed login restrictions.	6	Apply class-imposed login restrictions.
7		7
8	--- auth2.c.orig 2012-12-02 16:53:20.000000000 -0600	8	--- auth2.c.orig 2017-03-20 02:39:27 UTC
9	+++ auth2.c 2013-05-22 17:21:37.979631466 -0500	9	+++ auth2.c
10	@@ -46,6 +46,7 @@	10	@@ -47,6 +47,7 @@
11	#include "key.h"	11	#include "key.h"
12	#include "hostfile.h"	12	#include "hostfile.h"
13	#include "auth.h"	13	#include "auth.h"
Lines 15-26 Link Here
15	#include "dispatch.h"	15	#include "dispatch.h"
16	#include "pathnames.h"	16	#include "pathnames.h"
17	#include "buffer.h"	17	#include "buffer.h"
18	@@ -216,6 +217,14 @@ input_userauth_request(int type, u_int32	18	@@ -217,6 +218,13 @@ input_userauth_request(int type, u_int32
19	Authmethod *m = NULL;	19	Authmethod *m = NULL;
20	char user, service, method, style = NULL;	20	char user, service, method, style = NULL;
21	int authenticated = 0;	21	int authenticated = 0;
22	+#ifdef HAVE_LOGIN_CAP	22	+#ifdef HAVE_LOGIN_CAP
23	+ struct ssh ssh = active_state; / XXX */
24	+ login_cap_t *lc;	23	+ login_cap_t *lc;
25	+ const char from_host, from_ip;	24	+ const char from_host, from_ip;
26	+	25	+
Lines 30-36 Link Here
30		29
31	if (authctxt == NULL)	30	if (authctxt == NULL)
32	fatal("input_userauth_request: no authctxt");	31	fatal("input_userauth_request: no authctxt");
33	@@ -262,6 +271,27 @@ input_userauth_request(int type, u_int32	32	@@ -266,6 +274,27 @@ input_userauth_request(int type, u_int32
34	"(%s,%s) -> (%s,%s)",	33	"(%s,%s) -> (%s,%s)",
35	authctxt->user, authctxt->service, user, service);	34	authctxt->user, authctxt->service, user, service);
36	}	35	}