Pullup ticket #4262 - requested by taca security/openssh: security update Revisions pulled up: - security/openssh/Makefile 1.214 - security/openssh/distinfo 1.85 - security/openssh/options.mk 1.26 - security/openssh/patches/patch-Makefile.in 1.2 - security/openssh/patches/patch-auth.c 1.2 - security/openssh/patches/patch-auth1.c 1.2 - security/openssh/patches/patch-auth2.c 1.2 - security/openssh/patches/patch-config.h.in 1.2 - security/openssh/patches/patch-configure 1.2 - security/openssh/patches/patch-configure.ac 1.2 - security/openssh/patches/patch-includes.h 1.2 - security/openssh/patches/patch-scp.c 1.2 - security/openssh/patches/patch-session.c 1.2 - security/openssh/patches/patch-sftp-common.c 1.1 - security/openssh/patches/patch-ssh.c 1.2 - security/openssh/patches/patch-sshd.c 1.2 - security/openssh/patches/patch-uidswap.c 1.2 --- Module Name: pkgsrc Committed By: taca Date: Sun Dec 1 06:11:41 UTC 2013 Modified Files: pkgsrc/security/openssh: Makefile distinfo options.mk pkgsrc/security/openssh/patches: patch-Makefile.in patch-auth.c patch-auth1.c patch-auth2.c patch-config.h.in patch-configure patch-configure.ac patch-includes.h patch-scp.c patch-session.c patch-ssh.c patch-sshd.c patch-uidswap.c Added Files: pkgsrc/security/openssh/patches: patch-sftp-common.c Log Message: Update openssh to 6.4.1 (OpenSSH 6.4p1). Changes since OpenSSH 6.3 ========================= This release fixes a security bug: * sshd(8): fix a memory corruption problem triggered during rekeying when an AES-GCM cipher is selected. Full details of the vulnerability are available at: http://www.openssh.com/txt/gcmrekey.adv Changes since OpenSSH 6.2 is too many to write here, please refer the release note: http://www.openssh.com/txt/release-6.3.diff -r1.213 -r1.213.2.1 pkgsrc/security/openssh/Makefile
(tron)
@@ -1,18 +1,17 @@ | @@ -1,18 +1,17 @@ | |||
1 | # $NetBSD: Makefile,v 1.213 2013/07/12 10:45:02 jperkin Exp $ | 1 | # $NetBSD: Makefile,v 1.213.2.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | DISTNAME= openssh-6.2p1 | 3 | DISTNAME= openssh-6.4p1 | |
4 | PKGNAME= openssh-6.2.1 | 4 | PKGNAME= openssh-6.4.1 | |
5 | PKGREVISION= 2 | |||
6 | SVR4_PKGNAME= ossh | 5 | SVR4_PKGNAME= ossh | |
7 | CATEGORIES= security | 6 | CATEGORIES= security | |
8 | MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ | 7 | MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ | |
9 | ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ | 8 | ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ | |
10 | ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \ | 9 | ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \ | |
11 | ftp://ftp.freenet.de/pub/ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ | 10 | ftp://ftp.freenet.de/pub/ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ | |
12 | ftp://ftp.jaist.ac.jp/pub/OpenBSD/OpenSSH/portable/ \ | 11 | ftp://ftp.jaist.ac.jp/pub/OpenBSD/OpenSSH/portable/ \ | |
13 | ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ | 12 | ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ | |
14 | # Don't delete the last entry -- it's there if the pkgsrc version is not | 13 | # Don't delete the last entry -- it's there if the pkgsrc version is not | |
15 | # up-to-date and the mirrors already removed the old distfile. | 14 | # up-to-date and the mirrors already removed the old distfile. | |
16 | 15 | |||
17 | MAINTAINER= pkgsrc-users@NetBSD.org | 16 | MAINTAINER= pkgsrc-users@NetBSD.org | |
18 | HOMEPAGE= http://www.openssh.com/ | 17 | HOMEPAGE= http://www.openssh.com/ |
@@ -1,31 +1,32 @@ | @@ -1,31 +1,32 @@ | |||
1 | $NetBSD: distinfo,v 1.84 2013/05/01 19:58:25 imil Exp $ | 1 | $NetBSD: distinfo,v 1.84.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (openssh-6.2p1-hpn13v14.diff) = 71bbd99961b8b7665a481cf0a4bc9604e55d75b3 | 3 | SHA1 (openssh-6.4p1-hpn14v2.diff.gz) = 2713d734d5f652c6dccd13d779c1e116ccca2e7e | |
4 | RMD160 (openssh-6.2p1-hpn13v14.diff) = b859fbdf4395534621cc5ffae0cce39621582927 | 4 | RMD160 (openssh-6.4p1-hpn14v2.diff.gz) = 45366b1f61241fc29a87918790182bd4f29a1f29 | |
5 | Size (openssh-6.2p1-hpn13v14.diff) = 61437 bytes | 5 | Size (openssh-6.4p1-hpn14v2.diff.gz) = 23792 bytes | |
6 | SHA1 (openssh-6.2p1.tar.gz) = 8824708c617cc781b2bb29fa20bd905fd3d2a43d | 6 | SHA1 (openssh-6.4p1.tar.gz) = cf5fe0eb118d7e4f9296fbc5d6884965885fc55d | |
7 | RMD160 (openssh-6.2p1.tar.gz) = 3651a43c8d466646e760cb1cbc9097dbba5151ca | 7 | RMD160 (openssh-6.4p1.tar.gz) = d0e757c90350351bb92ebd4fa9f045586fb54f97 | |
8 | Size (openssh-6.2p1.tar.gz) = 1182181 bytes | 8 | Size (openssh-6.4p1.tar.gz) = 1201402 bytes | |
9 | SHA1 (patch-Makefile.in) = 514edd12500e89059d3bda7f5ac8c651001fd7c6 | 9 | SHA1 (patch-Makefile.in) = 1cf8bda061df1b76822be2886d9c231cc3cb39b9 | |
10 | SHA1 (patch-atomicio.c) = 6bb3c3ca1491693918ce1ac7481e0852c90e0b4e | 10 | SHA1 (patch-atomicio.c) = 6bb3c3ca1491693918ce1ac7481e0852c90e0b4e | |
11 | SHA1 (patch-auth-passwd.c) = de9f5487fe1f5848cc702e549bce949fd75d70cd | 11 | SHA1 (patch-auth-passwd.c) = de9f5487fe1f5848cc702e549bce949fd75d70cd | |
12 | SHA1 (patch-auth-rhosts.c) = ab8dd3e375accc5bed3e15b158a85a1b1f9a2e3e | 12 | SHA1 (patch-auth-rhosts.c) = ab8dd3e375accc5bed3e15b158a85a1b1f9a2e3e | |
13 | SHA1 (patch-auth.c) = ee757e5c80a14398c4835a1c1502cdaa03ca8655 | 13 | SHA1 (patch-auth.c) = 950b0380bcbb0fa1681014cfbb41528d09a10a18 | |
14 | SHA1 (patch-auth1.c) = 97693bbd970cf036892099493f0f64e59a252a35 | 14 | SHA1 (patch-auth1.c) = 7b0481f445bc85cce9d7539b00bf581b9aa09fea | |
15 | SHA1 (patch-auth2.c) = bb638fda90e80cd2f74702e01dc3320da01e4e80 | 15 | SHA1 (patch-auth2.c) = f4c5ab6ffb83f649e7d3566097e0dec8323f0d29 | |
16 | SHA1 (patch-config.h.in) = 805a5ba9be430a7123dc958d43c401d6f57d0bf5 | 16 | SHA1 (patch-config.h.in) = c838507e83224d842e25170ea8faa63c8559ea37 | |
17 | SHA1 (patch-configure) = d8977e444ffd2217229726161ebf0b5868d9f650 | 17 | SHA1 (patch-configure) = 91bd541c6dc19aed54f20bb31bea958847dae738 | |
18 | SHA1 (patch-configure.ac) = b981b8b2e28edc4fa461c9c487f3f7e82412b826 | 18 | SHA1 (patch-configure.ac) = 896aac81d96fe09775ef5b7c6942c37309097b33 | |
19 | SHA1 (patch-defines.h) = e2aebe7dcf0927d8afcca7a96c4001a6e0130cc2 | 19 | SHA1 (patch-defines.h) = e2aebe7dcf0927d8afcca7a96c4001a6e0130cc2 | |
20 | SHA1 (patch-includes.h) = f7fad7b3599d677a5991b140c66e3a67bedbe13b | 20 | SHA1 (patch-includes.h) = 0a899d3b38ef3de7f5b08fec022696b4e998b54e | |
21 | SHA1 (patch-loginrec.c) = 0305a5b552c88ac99d8f894d3cda9686e0b0ccdd | 21 | SHA1 (patch-loginrec.c) = 0305a5b552c88ac99d8f894d3cda9686e0b0ccdd | |
22 | SHA1 (patch-openbsd-compat_bsd-openpty.c) = a1318cf691f0ad844a8761a77e3bb32a9e20c695 | 22 | SHA1 (patch-openbsd-compat_bsd-openpty.c) = a1318cf691f0ad844a8761a77e3bb32a9e20c695 | |
23 | SHA1 (patch-openbsd-compat_openbsd-compat.h) = 17690feb6962bd27fef96bd6fb1acfa60e9af9dc | 23 | SHA1 (patch-openbsd-compat_openbsd-compat.h) = 17690feb6962bd27fef96bd6fb1acfa60e9af9dc | |
24 | SHA1 (patch-openbsd-compat_port-tun.c) = 8288e2b9336ea1fcc1129d8a2ab5e55816b2ccbf | 24 | SHA1 (patch-openbsd-compat_port-tun.c) = 8288e2b9336ea1fcc1129d8a2ab5e55816b2ccbf | |
25 | SHA1 (patch-platform.c) = fcb85cca516d992ec50dfb259b9cc8ddbb032b5c | 25 | SHA1 (patch-platform.c) = fcb85cca516d992ec50dfb259b9cc8ddbb032b5c | |
26 | SHA1 (patch-scp.c) = 0460cee3ad2626c71ce0a6e484fb4ed9ae559d1f | 26 | SHA1 (patch-scp.c) = 97e33843cc1b93babb6c45225c07ac74555e6d54 | |
27 | SHA1 (patch-session.c) = aba585358f22db8b37b6673526af96765c65dc49 | 27 | SHA1 (patch-session.c) = dc7fd9ec8956c734cb4a6427243133919cb47158 | |
28 | SHA1 (patch-ssh.c) = eecce1698455567f9e48b498fe937d235890c315 | 28 | SHA1 (patch-sftp-common.c) = 5467a25bc996dac8e4c6e4cb657ad722a3284388 | |
29 | SHA1 (patch-sshd.c) = faf9ff468a0938e20f7cf18192c47dec46763e8c | 29 | SHA1 (patch-ssh.c) = e878057032340425ed01230ca6abc8bbfdb07dfb | |
30 | SHA1 (patch-sshd.c) = 547bf87e572229ab4e568d1e7b03e722d8a63302 | |||
30 | SHA1 (patch-sshpty.c) = 9f08f899919d05567998087a060b90800c2c7b11 | 31 | SHA1 (patch-sshpty.c) = 9f08f899919d05567998087a060b90800c2c7b11 | |
31 | SHA1 (patch-uidswap.c) = 4c7c4e1621dc54a180bcba9a81d58f114a819eb0 | 32 | SHA1 (patch-uidswap.c) = cbed1c1db63e7f198efaa76581e8f5a5aa9615da |
@@ -1,30 +1,30 @@ | @@ -1,30 +1,30 @@ | |||
1 | # $NetBSD: options.mk,v 1.25 2013/05/01 19:58:25 imil Exp $ | 1 | # $NetBSD: options.mk,v 1.25.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | .include "../../mk/bsd.prefs.mk" | 3 | .include "../../mk/bsd.prefs.mk" | |
4 | 4 | |||
5 | PKG_OPTIONS_VAR= PKG_OPTIONS.openssh | 5 | PKG_OPTIONS_VAR= PKG_OPTIONS.openssh | |
6 | PKG_SUPPORTED_OPTIONS= kerberos hpn-patch pam | 6 | PKG_SUPPORTED_OPTIONS= kerberos hpn-patch pam | |
7 | 7 | |||
8 | .include "../../mk/bsd.options.mk" | 8 | .include "../../mk/bsd.options.mk" | |
9 | 9 | |||
10 | .if !empty(PKG_OPTIONS:Mkerberos) | 10 | .if !empty(PKG_OPTIONS:Mkerberos) | |
11 | . include "../../mk/krb5.buildlink3.mk" | 11 | . include "../../mk/krb5.buildlink3.mk" | |
12 | CONFIGURE_ARGS+= --with-kerberos5=${KRB5BASE:Q} | 12 | CONFIGURE_ARGS+= --with-kerberos5=${KRB5BASE:Q} | |
13 | . if ${KRB5_TYPE} == "mit-krb5" | 13 | . if ${KRB5_TYPE} == "mit-krb5" | |
14 | CONFIGURE_ENV+= ac_cv_search_k_hasafs=no | 14 | CONFIGURE_ENV+= ac_cv_search_k_hasafs=no | |
15 | . endif | 15 | . endif | |
16 | .endif | 16 | .endif | |
17 | 17 | |||
18 | .if !empty(PKG_OPTIONS:Mhpn-patch) | 18 | .if !empty(PKG_OPTIONS:Mhpn-patch) | |
19 | PATCHFILES= openssh-6.2p1-hpn13v14.diff | 19 | PATCHFILES= openssh-6.4p1-hpn14v2.diff.gz | |
20 | PATCH_SITES= ftp://ftp.NetBSD.org/pub/NetBSD/misc/imil/openssh/ | 20 | PATCH_SITES= ftp://ftp.NetBSD.org/pub/NetBSD/misc/openssh/ | |
21 | PATCH_DIST_STRIP= -p1 | 21 | PATCH_DIST_STRIP= -p1 | |
22 | .endif | 22 | .endif | |
23 | 23 | |||
24 | .if !empty(PKG_OPTIONS:Mpam) | 24 | .if !empty(PKG_OPTIONS:Mpam) | |
25 | .include "../../mk/pam.buildlink3.mk" | 25 | .include "../../mk/pam.buildlink3.mk" | |
26 | CONFIGURE_ARGS+= --with-pam | 26 | CONFIGURE_ARGS+= --with-pam | |
27 | PLIST_SRC+= ${.CURDIR}/PLIST.pam | 27 | PLIST_SRC+= ${.CURDIR}/PLIST.pam | |
28 | MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam | 28 | MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam | |
29 | MESSAGE_SUBST+= EGDIR=${EGDIR} | 29 | MESSAGE_SUBST+= EGDIR=${EGDIR} | |
30 | .endif | 30 | .endif |
@@ -1,24 +1,27 @@ | @@ -1,24 +1,27 @@ | |||
1 | $NetBSD: patch-Makefile.in,v 1.1 2013/05/01 19:58:26 imil Exp $ | 1 | $NetBSD: patch-Makefile.in,v 1.1.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | Removed install-sysconf as we handle that phase through post-install | 3 | Removed install-sysconf as we handle that phase through post-install | |
4 | 4 | |||
5 | --- Makefile.in.orig 2013-03-07 15:37:13.000000000 +0000 | 5 | --- Makefile.in.orig 2013-06-11 01:26:10.000000000 +0000 | |
6 | +++ Makefile.in | 6 | +++ Makefile.in | |
7 | @@ -22,7 +22,7 @@ top_srcdir=@top_srcdir@ | 7 | @@ -2,5 +2,5 @@ | |
8 | DESTDIR= | 8 | ||
9 | # uncomment if you run a non bourne compatable shell. Ie. csh | |||
10 | -#SHELL = @SH@ | |||
11 | +SHELL = @SH@ | |||
12 | ||||
13 | AUTORECONF=autoreconf | |||
14 | @@ -23,5 +23,5 @@ DESTDIR= | |||
9 | VPATH=@srcdir@ | 15 | VPATH=@srcdir@ | |
10 | SSH_PROGRAM=@bindir@/ssh | 16 | SSH_PROGRAM=@bindir@/ssh | |
11 | -ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass | 17 | -ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass | |
12 | +#ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass | 18 | +#ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass | |
13 | SFTP_SERVER=$(libexecdir)/sftp-server | 19 | SFTP_SERVER=$(libexecdir)/sftp-server | |
14 | SSH_KEYSIGN=$(libexecdir)/ssh-keysign | 20 | SSH_KEYSIGN=$(libexecdir)/ssh-keysign | |
15 | SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper | 21 | @@ -246,5 +246,5 @@ distprep: catman-do | |
16 | @@ -242,7 +242,7 @@ distprep: catman-do | |||
17 | -rm -rf autom4te.cache | |||
18 | 22 | |||
19 | install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config | 23 | install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config | |
20 | -install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf | 24 | -install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf | |
21 | +install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files | 25 | +install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files | |
22 | install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files | 26 | install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files | |
23 | 27 | |||
24 | check-config: |
@@ -1,15 +1,15 @@ | @@ -1,15 +1,15 @@ | |||
1 | $NetBSD: patch-auth.c,v 1.1 2013/05/01 19:58:26 imil Exp $ | 1 | $NetBSD: patch-auth.c,v 1.1.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | Replace uid 0 with ROOTUID macro | 3 | Replace uid 0 with ROOTUID macro | |
4 | 4 | |||
5 | --- auth.c.orig 2013-03-12 00:31:05.000000000 +0000 | 5 | --- auth.c.orig 2013-06-01 21:41:51.000000000 +0000 | |
6 | +++ auth.c | 6 | +++ auth.c | |
7 | @@ -385,7 +385,7 @@ check_key_in_hostfiles(struct passwd *pw | 7 | @@ -407,7 +407,7 @@ check_key_in_hostfiles(struct passwd *pw | |
8 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); | 8 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); | |
9 | if (options.strict_modes && | 9 | if (options.strict_modes && | |
10 | (stat(user_hostfile, &st) == 0) && | 10 | (stat(user_hostfile, &st) == 0) && | |
11 | - ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || | 11 | - ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || | |
12 | + ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) || | 12 | + ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) || | |
13 | (st.st_mode & 022) != 0)) { | 13 | (st.st_mode & 022) != 0)) { | |
14 | logit("Authentication refused for %.100s: " | 14 | logit("Authentication refused for %.100s: " | |
15 | "bad owner or modes for %.200s", | 15 | "bad owner or modes for %.200s", |
@@ -1,26 +1,26 @@ | @@ -1,26 +1,26 @@ | |||
1 | $NetBSD: patch-auth1.c,v 1.1 2013/05/01 19:58:26 imil Exp $ | 1 | $NetBSD: patch-auth1.c,v 1.1.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | Replace uid 0 with ROOTUID macro | 3 | Replace uid 0 with ROOTUID macro | |
4 | 4 | |||
5 | --- auth1.c.orig 2012-12-02 22:53:20.000000000 +0000 | 5 | --- auth1.c.orig 2013-06-01 22:01:24.000000000 +0000 | |
6 | +++ auth1.c | 6 | +++ auth1.c | |
7 | @@ -321,7 +321,7 @@ do_authloop(Authctxt *authctxt) | 7 | @@ -319,7 +319,7 @@ do_authloop(Authctxt *authctxt) | |
8 | 8 | |||
9 | #ifndef HAVE_CYGWIN | 9 | #ifndef HAVE_CYGWIN | |
10 | /* Special handling for root */ | 10 | /* Special handling for root */ | |
11 | - if (authenticated && authctxt->pw->pw_uid == 0 && | 11 | - if (authenticated && authctxt->pw->pw_uid == 0 && | |
12 | + if (authenticated && authctxt->pw->pw_uid == ROOTUID && | 12 | + if (authenticated && authctxt->pw->pw_uid == ROOTUID && | |
13 | !auth_root_allowed(meth->name)) { | 13 | !auth_root_allowed(meth->name)) { | |
14 | authenticated = 0; | 14 | authenticated = 0; | |
15 | # ifdef SSH_AUDIT_EVENTS | 15 | # ifdef SSH_AUDIT_EVENTS | |
16 | @@ -425,8 +425,8 @@ do_authentication(Authctxt *authctxt) | 16 | @@ -420,8 +420,8 @@ do_authentication(Authctxt *authctxt) | |
17 | * If we are not running as root, the user must have the same uid as | 17 | * If we are not running as root, the user must have the same uid as | |
18 | * the server. | 18 | * the server. | |
19 | */ | 19 | */ | |
20 | -#ifndef HAVE_CYGWIN | 20 | -#ifndef HAVE_CYGWIN | |
21 | - if (!use_privsep && getuid() != 0 && authctxt->pw && | 21 | - if (!use_privsep && getuid() != 0 && authctxt->pw && | |
22 | +#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX) | 22 | +#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX) | |
23 | + if (!use_privsep && getuid() != ROOTUID && authctxt->pw && | 23 | + if (!use_privsep && getuid() != ROOTUID && authctxt->pw && | |
24 | authctxt->pw->pw_uid != getuid()) | 24 | authctxt->pw->pw_uid != getuid()) | |
25 | packet_disconnect("Cannot change user when server not running as root."); | 25 | packet_disconnect("Cannot change user when server not running as root."); | |
26 | #endif | 26 | #endif |
@@ -1,15 +1,15 @@ | @@ -1,15 +1,15 @@ | |||
1 | $NetBSD: patch-auth2.c,v 1.1 2013/05/01 19:58:26 imil Exp $ | 1 | $NetBSD: patch-auth2.c,v 1.1.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | Replace uid 0 with ROOTUID macro | 3 | Replace uid 0 with ROOTUID macro | |
4 | 4 | |||
5 | --- auth2.c.orig 2012-12-02 22:53:20.000000000 +0000 | 5 | --- auth2.c.orig 2013-06-01 21:41:51.000000000 +0000 | |
6 | +++ auth2.c | 6 | +++ auth2.c | |
7 | @@ -307,7 +307,7 @@ userauth_finish(Authctxt *authctxt, int | 7 | @@ -310,7 +310,7 @@ userauth_finish(Authctxt *authctxt, int | |
8 | fatal("INTERNAL ERROR: authenticated and postponed"); | 8 | fatal("INTERNAL ERROR: authenticated and postponed"); | |
9 | 9 | |||
10 | /* Special handling for root */ | 10 | /* Special handling for root */ | |
11 | - if (authenticated && authctxt->pw->pw_uid == 0 && | 11 | - if (authenticated && authctxt->pw->pw_uid == 0 && | |
12 | + if (authenticated && authctxt->pw->pw_uid == ROOTUID && | 12 | + if (authenticated && authctxt->pw->pw_uid == ROOTUID && | |
13 | !auth_root_allowed(method)) { | 13 | !auth_root_allowed(method)) { | |
14 | authenticated = 0; | 14 | authenticated = 0; | |
15 | #ifdef SSH_AUDIT_EVENTS | 15 | #ifdef SSH_AUDIT_EVENTS |
@@ -1,26 +1,26 @@ | @@ -1,26 +1,26 @@ | |||
1 | $NetBSD: patch-config.h.in,v 1.1 2013/05/01 19:58:26 imil Exp $ | 1 | $NetBSD: patch-config.h.in,v 1.1.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | Added Interix and define new path to if_tun.h | 3 | Added Interix and define new path to if_tun.h | |
4 | 4 | |||
5 | --- config.h.in.orig 2013-03-21 23:38:18.000000000 +0000 | 5 | --- config.h.in.orig 2013-11-08 01:41:08.000000000 +0000 | |
6 | +++ config.h.in | 6 | +++ config.h.in | |
7 | @@ -561,6 +561,9 @@ | 7 | @@ -584,6 +584,9 @@ | |
8 | /* define if you have int64_t data type */ | 8 | /* define if you have int64_t data type */ | |
9 | #undef HAVE_INT64_T | 9 | #undef HAVE_INT64_T | |
10 | 10 | |||
11 | +/* Define if you are on Interix */ | 11 | +/* Define if you are on Interix */ | |
12 | +#undef HAVE_INTERIX | 12 | +#undef HAVE_INTERIX | |
13 | + | 13 | + | |
14 | /* Define to 1 if you have the <inttypes.h> header file. */ | 14 | /* Define to 1 if you have the <inttypes.h> header file. */ | |
15 | #undef HAVE_INTTYPES_H | 15 | #undef HAVE_INTTYPES_H | |
16 | 16 | |||
17 | @@ -699,6 +702,9 @@ | 17 | @@ -737,6 +740,9 @@ | |
18 | /* Define to 1 if you have the <net/if_tun.h> header file. */ | 18 | /* Define to 1 if you have the <net/if_tun.h> header file. */ | |
19 | #undef HAVE_NET_IF_TUN_H | 19 | #undef HAVE_NET_IF_TUN_H | |
20 | 20 | |||
21 | +/* Define to 1 if you have the <net/tun/if_tun.h> header file. */ | 21 | +/* Define to 1 if you have the <net/tun/if_tun.h> header file. */ | |
22 | +#undef HAVE_NET_TUN_IF_TUN_H | 22 | +#undef HAVE_NET_TUN_IF_TUN_H | |
23 | + | 23 | + | |
24 | /* Define if you are on NeXT */ | 24 | /* Define if you are on NeXT */ | |
25 | #undef HAVE_NEXT | 25 | #undef HAVE_NEXT | |
26 | 26 |
@@ -1,38 +1,38 @@ | @@ -1,38 +1,38 @@ | |||
1 | $NetBSD: patch-configure,v 1.1 2013/05/01 19:58:26 imil Exp $ | 1 | $NetBSD: patch-configure,v 1.1.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | Various fixes regarding portability | 3 | Various fixes regarding portability | |
4 | 4 | |||
5 | --- configure.orig 2013-03-21 23:38:28.000000000 +0000 | 5 | --- configure.orig 2013-11-08 01:41:15.000000000 +0000 | |
6 | +++ configure | 6 | +++ configure | |
7 | @@ -5993,6 +5993,9 @@ if test "${with_rpath+set}" = set; then | 7 | @@ -6159,6 +6159,9 @@ if test "${with_rpath+set}" = set; then | |
8 | fi | 8 | fi | |
9 | 9 | |||
10 | 10 | |||
11 | +# pkgsrc handles any rpath settings this package needs | 11 | +# pkgsrc handles any rpath settings this package needs | |
12 | +need_dash_r= | 12 | +need_dash_r= | |
13 | + | 13 | + | |
14 | # Allow user to specify flags | 14 | # Allow user to specify flags | |
15 | 15 | |||
16 | # Check whether --with-cflags was given. | 16 | # Check whether --with-cflags was given. | |
17 | @@ -6076,6 +6079,7 @@ for ac_header in \ | 17 | @@ -6243,6 +6246,7 @@ for ac_header in \ | |
18 | maillock.h \ | 18 | maillock.h \ | |
19 | ndir.h \ | 19 | ndir.h \ | |
20 | net/if_tun.h \ | 20 | net/if_tun.h \ | |
21 | + net/tun/if_tun.h \ | 21 | + net/tun/if_tun.h \ | |
22 | netdb.h \ | 22 | netdb.h \ | |
23 | netgroup.h \ | 23 | netgroup.h \ | |
24 | pam/pam_appl.h \ | 24 | pam/pam_appl.h \ | |
25 | @@ -6786,6 +6790,36 @@ $as_echo "#define HAVE_SECUREWARE 1" >>c | 25 | @@ -6978,6 +6982,36 @@ $as_echo "#define HAVE_SECUREWARE 1" >>c | |
26 | ;; | 26 | ;; | |
27 | esac | 27 | esac | |
28 | ;; | 28 | ;; | |
29 | +*-*-interix*) | 29 | +*-*-interix*) | |
30 | + cat >>confdefs.h <<\_ACEOF | 30 | + cat >>confdefs.h <<\_ACEOF | |
31 | +#define HAVE_INTERIX 1 | 31 | +#define HAVE_INTERIX 1 | |
32 | +_ACEOF | 32 | +_ACEOF | |
33 | + | 33 | + | |
34 | + cat >>confdefs.h <<\_ACEOF | 34 | + cat >>confdefs.h <<\_ACEOF | |
35 | +#define DISABLE_FD_PASSING 1 | 35 | +#define DISABLE_FD_PASSING 1 | |
36 | +_ACEOF | 36 | +_ACEOF | |
37 | + | 37 | + | |
38 | + cat >>confdefs.h <<\_ACEOF | 38 | + cat >>confdefs.h <<\_ACEOF | |
@@ -49,55 +49,55 @@ Various fixes regarding portability | @@ -49,55 +49,55 @@ Various fixes regarding portability | |||
49 | + | 49 | + | |
50 | + cat >>confdefs.h <<\_ACEOF | 50 | + cat >>confdefs.h <<\_ACEOF | |
51 | +#define NO_IPPORT_RESERVED_CONCEPT 1 | 51 | +#define NO_IPPORT_RESERVED_CONCEPT 1 | |
52 | +_ACEOF | 52 | +_ACEOF | |
53 | + | 53 | + | |
54 | + cat >>confdefs.h <<\_ACEOF | 54 | + cat >>confdefs.h <<\_ACEOF | |
55 | +#define USE_PIPES 1 | 55 | +#define USE_PIPES 1 | |
56 | +_ACEOF | 56 | +_ACEOF | |
57 | + | 57 | + | |
58 | + ;; | 58 | + ;; | |
59 | *-*-irix5*) | 59 | *-*-irix5*) | |
60 | PATH="$PATH:/usr/etc" | 60 | PATH="$PATH:/usr/etc" | |
61 | 61 | |||
62 | @@ -6987,7 +7021,7 @@ fi | 62 | @@ -7179,7 +7213,7 @@ fi | |
63 | $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h | 63 | $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h | |
64 | 64 | |||
65 | ;; | 65 | ;; | |
66 | -*-*-freebsd*) | 66 | -*-*-freebsd*) | |
67 | +*-*-freebsd*|*-*-dragonfly*) | 67 | +*-*-freebsd*|*-*-dragonfly*) | |
68 | check_for_libcrypt_later=1 | 68 | check_for_libcrypt_later=1 | |
69 | 69 | |||
70 | $as_echo "#define LOCKED_PASSWD_PREFIX \"*LOCKED*\"" >>confdefs.h | 70 | $as_echo "#define LOCKED_PASSWD_PREFIX \"*LOCKED*\"" >>confdefs.h | |
71 | @@ -17033,12 +17067,18 @@ fi | 71 | @@ -17406,12 +17440,18 @@ fi | |
72 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | 72 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | |
73 | if test -z "$conf_wtmpx_location"; then | 73 | if test -z "$conf_wtmpx_location"; then | |
74 | if test x"$system_wtmpx_path" = x"no" ; then | 74 | if test x"$system_wtmpx_path" = x"no" ; then | |
75 | - $as_echo "#define DISABLE_WTMPX 1" >>confdefs.h | 75 | - $as_echo "#define DISABLE_WTMPX 1" >>confdefs.h | |
76 | - | 76 | - | |
77 | + for f in /var/log/wtmpx; do | 77 | + for f in /var/log/wtmpx; do | |
78 | + if test -f $f ; then | 78 | + if test -f $f ; then | |
79 | + conf_wtmpx_location=$f | 79 | + conf_wtmpx_location=$f | |
80 | + fi | 80 | + fi | |
81 | + done | 81 | + done | |
82 | + if test -z "$conf_wtmpx_location"; then | 82 | + if test -z "$conf_wtmpx_location"; then | |
83 | + $as_echo "#define DISABLE_WTMPX 1" >>confdefs.h | 83 | + $as_echo "#define DISABLE_WTMPX 1" >>confdefs.h | |
84 | + fi | 84 | + fi | |
85 | fi | 85 | fi | |
86 | -else | 86 | -else | |
87 | - | 87 | - | |
88 | -cat >>confdefs.h <<_ACEOF | 88 | -cat >>confdefs.h <<_ACEOF | |
89 | +fi | 89 | +fi | |
90 | +if test -n "$conf_wtmpx_location"; then | 90 | +if test -n "$conf_wtmpx_location"; then | |
91 | + cat >>confdefs.h <<_ACEOF | 91 | + cat >>confdefs.h <<_ACEOF | |
92 | #define CONF_WTMPX_FILE "$conf_wtmpx_location" | 92 | #define CONF_WTMPX_FILE "$conf_wtmpx_location" | |
93 | _ACEOF | 93 | _ACEOF | |
94 | 94 | |||
95 | @@ -18441,7 +18481,7 @@ echo "OpenSSH has been configured with t | 95 | @@ -18816,7 +18856,7 @@ echo "OpenSSH has been configured with t | |
96 | echo " User binaries: $B" | 96 | echo " User binaries: $B" | |
97 | echo " System binaries: $C" | 97 | echo " System binaries: $C" | |
98 | echo " Configuration files: $D" | 98 | echo " Configuration files: $D" | |
99 | -echo " Askpass program: $E" | 99 | -echo " Askpass program: $E" | |
100 | +echo " Askpass program: ${ASKPASS_PROGRAM}" | 100 | +echo " Askpass program: ${ASKPASS_PROGRAM}" | |
101 | echo " Manual pages: $F" | 101 | echo " Manual pages: $F" | |
102 | echo " PID file: $G" | 102 | echo " PID file: $G" | |
103 | echo " Privilege separation chroot path: $H" | 103 | echo " Privilege separation chroot path: $H" |
@@ -1,69 +1,69 @@ | @@ -1,69 +1,69 @@ | |||
1 | $NetBSD: patch-configure.ac,v 1.1 2013/05/01 19:58:26 imil Exp $ | 1 | $NetBSD: patch-configure.ac,v 1.1.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | Various fixes regarding portability | 3 | Various fixes regarding portability | |
4 | 4 | |||
5 | --- configure.ac.orig 2013-03-20 01:55:15.000000000 +0000 | 5 | --- configure.ac.orig 2013-08-04 11:48:41.000000000 +0000 | |
6 | +++ configure.ac | 6 | +++ configure.ac | |
7 | @@ -241,6 +241,9 @@ AC_ARG_WITH([rpath], | 7 | @@ -246,6 +246,9 @@ AC_ARG_WITH([rpath], | |
8 | ] | 8 | ] | |
9 | ) | 9 | ) | |
10 | 10 | |||
11 | +# pkgsrc handles any rpath settings this package needs | 11 | +# pkgsrc handles any rpath settings this package needs | |
12 | +need_dash_r= | 12 | +need_dash_r= | |
13 | + | 13 | + | |
14 | # Allow user to specify flags | 14 | # Allow user to specify flags | |
15 | AC_ARG_WITH([cflags], | 15 | AC_ARG_WITH([cflags], | |
16 | [ --with-cflags Specify additional flags to pass to compiler], | 16 | [ --with-cflags Specify additional flags to pass to compiler], | |
17 | @@ -309,6 +312,7 @@ AC_CHECK_HEADERS([ \ | 17 | @@ -315,6 +318,7 @@ AC_CHECK_HEADERS([ \ | |
18 | maillock.h \ | 18 | maillock.h \ | |
19 | ndir.h \ | 19 | ndir.h \ | |
20 | net/if_tun.h \ | 20 | net/if_tun.h \ | |
21 | + net/tun/if_tun.h \ | 21 | + net/tun/if_tun.h \ | |
22 | netdb.h \ | 22 | netdb.h \ | |
23 | netgroup.h \ | 23 | netgroup.h \ | |
24 | pam/pam_appl.h \ | 24 | pam/pam_appl.h \ | |
25 | @@ -603,6 +607,15 @@ main() { if (NSVersionOfRunTimeLibrary(" | 25 | @@ -618,6 +622,15 @@ main() { if (NSVersionOfRunTimeLibrary(" | |
26 | ;; | 26 | ;; | |
27 | esac | 27 | esac | |
28 | ;; | 28 | ;; | |
29 | +*-*-interix*) | 29 | +*-*-interix*) | |
30 | + AC_DEFINE(HAVE_INTERIX) | 30 | + AC_DEFINE(HAVE_INTERIX) | |
31 | + AC_DEFINE(DISABLE_FD_PASSING) | 31 | + AC_DEFINE(DISABLE_FD_PASSING) | |
32 | + AC_DEFINE(DISABLE_SHADOW) | 32 | + AC_DEFINE(DISABLE_SHADOW) | |
33 | + AC_DEFINE(IP_TOS_IS_BROKEN) | 33 | + AC_DEFINE(IP_TOS_IS_BROKEN) | |
34 | + AC_DEFINE(MISSING_HOWMANY) | 34 | + AC_DEFINE(MISSING_HOWMANY) | |
35 | + AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) | 35 | + AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) | |
36 | + AC_DEFINE(USE_PIPES) | 36 | + AC_DEFINE(USE_PIPES) | |
37 | + ;; | 37 | + ;; | |
38 | *-*-irix5*) | 38 | *-*-irix5*) | |
39 | PATH="$PATH:/usr/etc" | 39 | PATH="$PATH:/usr/etc" | |
40 | AC_DEFINE([BROKEN_INET_NTOA], [1], | 40 | AC_DEFINE([BROKEN_INET_NTOA], [1], | |
41 | @@ -4460,9 +4473,17 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | 41 | @@ -4500,9 +4513,17 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | |
42 | ]) | 42 | ]) | |
43 | if test -z "$conf_wtmpx_location"; then | 43 | if test -z "$conf_wtmpx_location"; then | |
44 | if test x"$system_wtmpx_path" = x"no" ; then | 44 | if test x"$system_wtmpx_path" = x"no" ; then | |
45 | - AC_DEFINE([DISABLE_WTMPX]) | 45 | - AC_DEFINE([DISABLE_WTMPX]) | |
46 | + for f in /var/log/wtmpx; do | 46 | + for f in /var/log/wtmpx; do | |
47 | + if test -f $f ; then | 47 | + if test -f $f ; then | |
48 | + conf_wtmpx_location=$f | 48 | + conf_wtmpx_location=$f | |
49 | + fi | 49 | + fi | |
50 | + done | 50 | + done | |
51 | + if test -z "$conf_wtmpx_location"; then | 51 | + if test -z "$conf_wtmpx_location"; then | |
52 | + AC_DEFINE(DISABLE_WTMPX) | 52 | + AC_DEFINE(DISABLE_WTMPX) | |
53 | + fi | 53 | + fi | |
54 | fi | 54 | fi | |
55 | -else | 55 | -else | |
56 | +fi | 56 | +fi | |
57 | +if test -n "$conf_wtmpx_location"; then | 57 | +if test -n "$conf_wtmpx_location"; then | |
58 | AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], | 58 | AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], | |
59 | [Define if you want to specify the path to your wtmpx file]) | 59 | [Define if you want to specify the path to your wtmpx file]) | |
60 | fi | 60 | fi | |
61 | @@ -4547,7 +4568,7 @@ echo "OpenSSH has been configured with t | 61 | @@ -4588,7 +4609,7 @@ echo "OpenSSH has been configured with t | |
62 | echo " User binaries: $B" | 62 | echo " User binaries: $B" | |
63 | echo " System binaries: $C" | 63 | echo " System binaries: $C" | |
64 | echo " Configuration files: $D" | 64 | echo " Configuration files: $D" | |
65 | -echo " Askpass program: $E" | 65 | -echo " Askpass program: $E" | |
66 | +echo " Askpass program: ${ASKPASS_PROGRAM}" | 66 | +echo " Askpass program: ${ASKPASS_PROGRAM}" | |
67 | echo " Manual pages: $F" | 67 | echo " Manual pages: $F" | |
68 | echo " PID file: $G" | 68 | echo " PID file: $G" | |
69 | echo " Privilege separation chroot path: $H" | 69 | echo " Privilege separation chroot path: $H" |
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | $NetBSD: patch-includes.h,v 1.1 2013/05/01 19:58:26 imil Exp $ | 1 | $NetBSD: patch-includes.h,v 1.1.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | Interix support | 3 | Interix support | |
4 | 4 | |||
5 | --- includes.h.orig 2013-02-22 22:12:24.000000000 +0000 | 5 | --- includes.h.orig 2013-03-22 01:51:09.000000000 +0000 | |
6 | +++ includes.h | 6 | +++ includes.h | |
7 | @@ -124,6 +124,10 @@ | 7 | @@ -126,6 +126,10 @@ | |
8 | #ifdef HAVE_READPASSPHRASE_H | 8 | #ifdef HAVE_READPASSPHRASE_H | |
9 | # include <readpassphrase.h> | 9 | # include <readpassphrase.h> | |
10 | #endif | 10 | #endif | |
11 | +#ifdef HAVE_INTERIX | 11 | +#ifdef HAVE_INTERIX | |
12 | +# include <interix/env.h> | 12 | +# include <interix/env.h> | |
13 | +# include <interix/security.h> | 13 | +# include <interix/security.h> | |
14 | +#endif | 14 | +#endif | |
15 | 15 | |||
16 | #ifdef HAVE_IA_H | 16 | #ifdef HAVE_IA_H | |
17 | # include <ia.h> | 17 | # include <ia.h> |
@@ -1,39 +1,39 @@ | @@ -1,39 +1,39 @@ | |||
1 | $NetBSD: patch-scp.c,v 1.1 2013/05/01 19:58:26 imil Exp $ | 1 | $NetBSD: patch-scp.c,v 1.1.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | Interix support | 3 | Interix support | |
4 | 4 | |||
5 | --- scp.c.orig 2013-03-20 01:55:15.000000000 +0000 | 5 | --- scp.c.orig 2013-07-18 06:11:25.000000000 +0000 | |
6 | +++ scp.c | 6 | +++ scp.c | |
7 | @@ -477,7 +477,11 @@ main(int argc, char **argv) | 7 | @@ -477,7 +477,11 @@ main(int argc, char **argv) | |
8 | argc -= optind; | 8 | argc -= optind; | |
9 | argv += optind; | 9 | argv += optind; | |
10 | 10 | |||
11 | +#ifdef HAVE_INTERIX | 11 | +#ifdef HAVE_INTERIX | |
12 | + if ((pwd = getpwuid_ex(userid = getuid(), PW_FULLNAME)) == NULL) | 12 | + if ((pwd = getpwuid_ex(userid = getuid(), PW_FULLNAME)) == NULL) | |
13 | +#else | 13 | +#else | |
14 | if ((pwd = getpwuid(userid = getuid())) == NULL) | 14 | if ((pwd = getpwuid(userid = getuid())) == NULL) | |
15 | +#endif | 15 | +#endif | |
16 | fatal("unknown user %u", (u_int) userid); | 16 | fatal("unknown user %u", (u_int) userid); | |
17 | 17 | |||
18 | if (!isatty(STDOUT_FILENO)) | 18 | if (!isatty(STDOUT_FILENO)) | |
19 | @@ -881,8 +885,10 @@ rsource(char *name, struct stat *statp) | 19 | @@ -881,8 +885,10 @@ rsource(char *name, struct stat *statp) | |
20 | return; | 20 | return; | |
21 | } | 21 | } | |
22 | while ((dp = readdir(dirp)) != NULL) { | 22 | while ((dp = readdir(dirp)) != NULL) { | |
23 | +#ifndef HAVE_INTERIX | 23 | +#ifndef HAVE_INTERIX | |
24 | if (dp->d_ino == 0) | 24 | if (dp->d_ino == 0) | |
25 | continue; | 25 | continue; | |
26 | +#endif | 26 | +#endif | |
27 | if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, "..")) | 27 | if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, "..")) | |
28 | continue; | 28 | continue; | |
29 | if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) { | 29 | if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) { | |
30 | @@ -1279,7 +1285,9 @@ okname(char *cp0) | 30 | @@ -1292,7 +1298,9 @@ okname(char *cp0) | |
31 | case '\'': | 31 | case '\'': | |
32 | case '"': | 32 | case '"': | |
33 | case '`': | 33 | case '`': | |
34 | +#ifndef HAVE_INTERIX | 34 | +#ifndef HAVE_INTERIX | |
35 | case ' ': | 35 | case ' ': | |
36 | +#endif | 36 | +#endif | |
37 | case '#': | 37 | case '#': | |
38 | goto bad; | 38 | goto bad; | |
39 | default: | 39 | default: |
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | $NetBSD: patch-session.c,v 1.1 2013/05/01 19:58:26 imil Exp $ | 1 | $NetBSD: patch-session.c,v 1.1.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | Interix support | 3 | Interix support | |
4 | 4 | |||
5 | --- session.c.orig 2013-03-15 00:22:37.000000000 +0000 | 5 | --- session.c.orig 2013-07-20 03:21:53.000000000 +0000 | |
6 | +++ session.c | 6 | +++ session.c | |
7 | @@ -1081,7 +1081,7 @@ read_etc_default_login(char ***env, u_in | 7 | @@ -1081,7 +1081,7 @@ read_etc_default_login(char ***env, u_in | |
8 | if (tmpenv == NULL) | 8 | if (tmpenv == NULL) | |
9 | return; | 9 | return; | |
10 | 10 | |||
11 | - if (uid == 0) | 11 | - if (uid == 0) | |
12 | + if (uid == ROOTUID) | 12 | + if (uid == ROOTUID) | |
13 | var = child_get_env(tmpenv, "SUPATH"); | 13 | var = child_get_env(tmpenv, "SUPATH"); | |
14 | else | 14 | else | |
15 | var = child_get_env(tmpenv, "PATH"); | 15 | var = child_get_env(tmpenv, "PATH"); | |
16 | @@ -1190,7 +1190,7 @@ do_setup_env(Session *s, const char *she | 16 | @@ -1190,7 +1190,7 @@ do_setup_env(Session *s, const char *she | |
17 | # endif /* HAVE_ETC_DEFAULT_LOGIN */ | 17 | # endif /* HAVE_ETC_DEFAULT_LOGIN */ | |
18 | if (path == NULL || *path == '\0') { | 18 | if (path == NULL || *path == '\0') { | |
@@ -45,22 +45,22 @@ Interix support | @@ -45,22 +45,22 @@ Interix support | |||
45 | perror("setgid"); | 45 | perror("setgid"); | |
46 | exit(1); | 46 | exit(1); | |
47 | } | 47 | } | |
48 | +# if !defined(HAVE_INTERIX) | 48 | +# if !defined(HAVE_INTERIX) | |
49 | /* Initialize the group list. */ | 49 | /* Initialize the group list. */ | |
50 | if (initgroups(pw->pw_name, pw->pw_gid) < 0) { | 50 | if (initgroups(pw->pw_name, pw->pw_gid) < 0) { | |
51 | perror("initgroups"); | 51 | perror("initgroups"); | |
52 | exit(1); | 52 | exit(1); | |
53 | } | 53 | } | |
54 | +# endif /* !HAVE_INTERIX */ | 54 | +# endif /* !HAVE_INTERIX */ | |
55 | endgrent(); | 55 | endgrent(); | |
56 | #endif | 56 | #endif | |
57 | 57 | |||
58 | @@ -2313,7 +2327,7 @@ session_pty_cleanup2(Session *s) | 58 | @@ -2325,7 +2339,7 @@ session_pty_cleanup2(Session *s) | |
59 | record_logout(s->pid, s->tty, s->pw->pw_name); | 59 | record_logout(s->pid, s->tty, s->pw->pw_name); | |
60 | 60 | |||
61 | /* Release the pseudo-tty. */ | 61 | /* Release the pseudo-tty. */ | |
62 | - if (getuid() == 0) | 62 | - if (getuid() == 0) | |
63 | + if (getuid() == ROOTUID) | 63 | + if (getuid() == ROOTUID) | |
64 | pty_release(s->tty); | 64 | pty_release(s->tty); | |
65 | 65 | |||
66 | /* | 66 | /* |
@@ -1,15 +1,15 @@ | @@ -1,15 +1,15 @@ | |||
1 | $NetBSD: patch-ssh.c,v 1.1 2013/05/01 19:58:26 imil Exp $ | 1 | $NetBSD: patch-ssh.c,v 1.1.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | Interix support | 3 | Interix support | |
4 | 4 | |||
5 | --- ssh.c.orig 2012-07-06 03:45:01.000000000 +0000 | 5 | --- ssh.c.orig 2013-07-25 01:55:53.000000000 +0000 | |
6 | +++ ssh.c | 6 | +++ ssh.c | |
7 | @@ -794,7 +794,7 @@ main(int ac, char **av) | 7 | @@ -820,7 +820,7 @@ main(int ac, char **av) | |
8 | if (ssh_connect(host, &hostaddr, options.port, | 8 | if (ssh_connect(host, &hostaddr, options.port, | |
9 | options.address_family, options.connection_attempts, &timeout_ms, | 9 | options.address_family, options.connection_attempts, &timeout_ms, | |
10 | options.tcp_keep_alive, | 10 | options.tcp_keep_alive, | |
11 | -#ifdef HAVE_CYGWIN | 11 | -#ifdef HAVE_CYGWIN | |
12 | +#if defined(HAVE_CYGWIN) || defined(HAVE_INTERIX) | 12 | +#if defined(HAVE_CYGWIN) || defined(HAVE_INTERIX) | |
13 | options.use_privileged_port, | 13 | options.use_privileged_port, | |
14 | #else | 14 | #else | |
15 | original_effective_uid == 0 && options.use_privileged_port, | 15 | original_effective_uid == 0 && options.use_privileged_port, |
@@ -1,84 +1,84 @@ | @@ -1,84 +1,84 @@ | |||
1 | $NetBSD: patch-sshd.c,v 1.1 2013/05/01 19:58:27 imil Exp $ | 1 | $NetBSD: patch-sshd.c,v 1.1.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | Interix support | 3 | Interix support | |
4 | 4 | |||
5 | --- sshd.c.orig 2013-02-12 00:04:48.000000000 +0000 | 5 | --- sshd.c.orig 2013-07-20 03:21:53.000000000 +0000 | |
6 | +++ sshd.c | 6 | +++ sshd.c | |
7 | @@ -237,7 +237,11 @@ int *startup_pipes = NULL; | 7 | @@ -243,7 +243,11 @@ int *startup_pipes = NULL; | |
8 | int startup_pipe; /* in child */ | 8 | int startup_pipe; /* in child */ | |
9 | 9 | |||
10 | /* variables used for privilege separation */ | 10 | /* variables used for privilege separation */ | |
11 | +#ifdef HAVE_INTERIX | 11 | +#ifdef HAVE_INTERIX | |
12 | int use_privsep = -1; | 12 | int use_privsep = -1; | |
13 | +#else | 13 | +#else | |
14 | +int use_privsep = 0; | 14 | +int use_privsep = 0; | |
15 | +#endif | 15 | +#endif | |
16 | struct monitor *pmonitor = NULL; | 16 | struct monitor *pmonitor = NULL; | |
17 | int privsep_is_preauth = 1; | 17 | int privsep_is_preauth = 1; | |
18 | 18 | |||
19 | @@ -625,10 +629,15 @@ privsep_preauth_child(void) | 19 | @@ -631,10 +635,15 @@ privsep_preauth_child(void) | |
20 | /* XXX not ready, too heavy after chroot */ | 20 | /* XXX not ready, too heavy after chroot */ | |
21 | do_setusercontext(privsep_pw); | 21 | do_setusercontext(privsep_pw); | |
22 | #else | 22 | #else | |
23 | +#ifdef HAVE_INTERIX | 23 | +#ifdef HAVE_INTERIX | |
24 | + if (setuser(privsep_pw->pw_name, NULL, SU_COMPLETE)) | 24 | + if (setuser(privsep_pw->pw_name, NULL, SU_COMPLETE)) | |
25 | + fatal("setuser: %.100s", strerror(errno)); | 25 | + fatal("setuser: %.100s", strerror(errno)); | |
26 | +#else | 26 | +#else | |
27 | gidset[0] = privsep_pw->pw_gid; | 27 | gidset[0] = privsep_pw->pw_gid; | |
28 | if (setgroups(1, gidset) < 0) | 28 | if (setgroups(1, gidset) < 0) | |
29 | fatal("setgroups: %.100s", strerror(errno)); | 29 | fatal("setgroups: %.100s", strerror(errno)); | |
30 | permanently_set_uid(privsep_pw); | 30 | permanently_set_uid(privsep_pw); | |
31 | +#endif /* HAVE_INTERIX */ | 31 | +#endif /* HAVE_INTERIX */ | |
32 | #endif | 32 | #endif | |
33 | } | 33 | } | |
34 | 34 | |||
35 | @@ -688,7 +697,7 @@ privsep_preauth(Authctxt *authctxt) | 35 | @@ -696,7 +705,7 @@ privsep_preauth(Authctxt *authctxt) | |
36 | set_log_handler(mm_log_handler, pmonitor); | 36 | set_log_handler(mm_log_handler, pmonitor); | |
37 | 37 | |||
38 | /* Demote the child */ | 38 | /* Demote the child */ | |
39 | - if (getuid() == 0 || geteuid() == 0) | 39 | - if (getuid() == 0 || geteuid() == 0) | |
40 | + if (getuid() == ROOTUID || geteuid() == ROOTUID) | 40 | + if (getuid() == ROOTUID || geteuid() == ROOTUID) | |
41 | privsep_preauth_child(); | 41 | privsep_preauth_child(); | |
42 | setproctitle("%s", "[net]"); | 42 | setproctitle("%s", "[net]"); | |
43 | if (box != NULL) | 43 | if (box != NULL) | |
44 | @@ -706,7 +715,7 @@ privsep_postauth(Authctxt *authctxt) | 44 | @@ -714,7 +723,7 @@ privsep_postauth(Authctxt *authctxt) | |
45 | #ifdef DISABLE_FD_PASSING | 45 | #ifdef DISABLE_FD_PASSING | |
46 | if (1) { | 46 | if (1) { | |
47 | #else | 47 | #else | |
48 | - if (authctxt->pw->pw_uid == 0 || options.use_login) { | 48 | - if (authctxt->pw->pw_uid == 0 || options.use_login) { | |
49 | + if (authctxt->pw->pw_uid == ROOTUID || options.use_login) { | 49 | + if (authctxt->pw->pw_uid == ROOTUID || options.use_login) { | |
50 | #endif | 50 | #endif | |
51 | /* File descriptor passing is broken or root login */ | 51 | /* File descriptor passing is broken or root login */ | |
52 | use_privsep = 0; | 52 | use_privsep = 0; | |
53 | @@ -1363,8 +1372,10 @@ main(int ac, char **av) | 53 | @@ -1390,8 +1399,10 @@ main(int ac, char **av) | |
54 | av = saved_argv; | 54 | av = saved_argv; | |
55 | #endif | 55 | #endif | |
56 | 56 | |||
57 | - if (geteuid() == 0 && setgroups(0, NULL) == -1) | 57 | - if (geteuid() == 0 && setgroups(0, NULL) == -1) | |
58 | +#ifndef HAVE_INTERIX | 58 | +#ifndef HAVE_INTERIX | |
59 | + if (geteuid() == ROOTUID && setgroups(0, NULL) == -1) | 59 | + if (geteuid() == ROOTUID && setgroups(0, NULL) == -1) | |
60 | debug("setgroups(): %.200s", strerror(errno)); | 60 | debug("setgroups(): %.200s", strerror(errno)); | |
61 | +#endif | 61 | +#endif | |
62 | 62 | |||
63 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 63 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | |
64 | sanitise_stdfd(); | 64 | sanitise_stdfd(); | |
65 | @@ -1732,7 +1743,7 @@ main(int ac, char **av) | 65 | @@ -1790,7 +1801,7 @@ main(int ac, char **av) | |
66 | (st.st_uid != getuid () || | 66 | (st.st_uid != getuid () || | |
67 | (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) | 67 | (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) | |
68 | #else | 68 | #else | |
69 | - if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) | 69 | - if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) | |
70 | + if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) | 70 | + if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) | |
71 | #endif | 71 | #endif | |
72 | fatal("%s must be owned by root and not group or " | 72 | fatal("%s must be owned by root and not group or " | |
73 | "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); | 73 | "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); | |
74 | @@ -1755,8 +1766,10 @@ main(int ac, char **av) | 74 | @@ -1813,8 +1824,10 @@ main(int ac, char **av) | |
75 | * to create a file, and we can't control the code in every | 75 | * to create a file, and we can't control the code in every | |
76 | * module which might be used). | 76 | * module which might be used). | |
77 | */ | 77 | */ | |
78 | +#ifndef HAVE_INTERIX | 78 | +#ifndef HAVE_INTERIX | |
79 | if (setgroups(0, NULL) < 0) | 79 | if (setgroups(0, NULL) < 0) | |
80 | debug("setgroups() failed: %.200s", strerror(errno)); | 80 | debug("setgroups() failed: %.200s", strerror(errno)); | |
81 | +#endif | 81 | +#endif | |
82 | 82 | |||
83 | if (rexec_flag) { | 83 | if (rexec_flag) { | |
84 | rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); | 84 | rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); |
@@ -1,76 +1,76 @@ | @@ -1,76 +1,76 @@ | |||
1 | $NetBSD: patch-uidswap.c,v 1.1 2013/05/01 19:58:27 imil Exp $ | 1 | $NetBSD: patch-uidswap.c,v 1.1.4.1 2013/12/05 09:52:53 tron Exp $ | |
2 | 2 | |||
3 | Interix support | 3 | Interix support | |
4 | 4 | |||
5 | --- uidswap.c.orig 2012-11-05 06:04:37.000000000 +0000 | 5 | --- uidswap.c.orig 2013-06-01 22:07:32.000000000 +0000 | |
6 | +++ uidswap.c | 6 | +++ uidswap.c | |
7 | @@ -66,13 +66,13 @@ temporarily_use_uid(struct passwd *pw) | 7 | @@ -66,13 +66,13 @@ temporarily_use_uid(struct passwd *pw) | |
8 | (u_int)pw->pw_uid, (u_int)pw->pw_gid, | 8 | (u_int)pw->pw_uid, (u_int)pw->pw_gid, | |
9 | (u_int)saved_euid, (u_int)saved_egid); | 9 | (u_int)saved_euid, (u_int)saved_egid); | |
10 | #ifndef HAVE_CYGWIN | 10 | #ifndef HAVE_CYGWIN | |
11 | - if (saved_euid != 0) { | 11 | - if (saved_euid != 0) { | |
12 | + if (saved_euid != ROOTUID) { | 12 | + if (saved_euid != ROOTUID) { | |
13 | privileged = 0; | 13 | privileged = 0; | |
14 | return; | 14 | return; | |
15 | } | 15 | } | |
16 | #endif | 16 | #endif | |
17 | #else | 17 | #else | |
18 | - if (geteuid() != 0) { | 18 | - if (geteuid() != 0) { | |
19 | + if (geteuid() != ROOTUID) { | 19 | + if (geteuid() != ROOTUID) { | |
20 | privileged = 0; | 20 | privileged = 0; | |
21 | return; | 21 | return; | |
22 | } | 22 | } | |
23 | @@ -96,9 +96,11 @@ temporarily_use_uid(struct passwd *pw) | 23 | @@ -95,9 +95,11 @@ temporarily_use_uid(struct passwd *pw) | |
24 | 24 | |||
25 | /* set and save the user's groups */ | 25 | /* set and save the user's groups */ | |
26 | if (user_groupslen == -1) { | 26 | if (user_groupslen == -1) { | |
27 | +#ifndef HAVE_INTERIX | 27 | +#ifndef HAVE_INTERIX | |
28 | if (initgroups(pw->pw_name, pw->pw_gid) < 0) | 28 | if (initgroups(pw->pw_name, pw->pw_gid) < 0) | |
29 | fatal("initgroups: %s: %.100s", pw->pw_name, | 29 | fatal("initgroups: %s: %.100s", pw->pw_name, | |
30 | strerror(errno)); | 30 | strerror(errno)); | |
31 | +#endif | 31 | +#endif | |
32 | 32 | |||
33 | user_groupslen = getgroups(0, NULL); | 33 | user_groupslen = getgroups(0, NULL); | |
34 | if (user_groupslen < 0) | 34 | if (user_groupslen < 0) | |
35 | @@ -113,9 +115,11 @@ temporarily_use_uid(struct passwd *pw) | 35 | @@ -111,9 +113,11 @@ temporarily_use_uid(struct passwd *pw) | |
36 | xfree(user_groups); | 36 | free(user_groups); | |
37 | } | 37 | } | |
38 | } | 38 | } | |
39 | +#ifndef HAVE_INTERIX | 39 | +#ifndef HAVE_INTERIX | |
40 | /* Set the effective uid to the given (unprivileged) uid. */ | 40 | /* Set the effective uid to the given (unprivileged) uid. */ | |
41 | if (setgroups(user_groupslen, user_groups) < 0) | 41 | if (setgroups(user_groupslen, user_groups) < 0) | |
42 | fatal("setgroups: %.100s", strerror(errno)); | 42 | fatal("setgroups: %.100s", strerror(errno)); | |
43 | +#endif | 43 | +#endif | |
44 | #ifndef SAVED_IDS_WORK_WITH_SETEUID | 44 | #ifndef SAVED_IDS_WORK_WITH_SETEUID | |
45 | /* Propagate the privileged gid to all of our gids. */ | 45 | /* Propagate the privileged gid to all of our gids. */ | |
46 | if (setgid(getegid()) < 0) | 46 | if (setgid(getegid()) < 0) | |
47 | @@ -186,8 +190,10 @@ restore_uid(void) | 47 | @@ -184,8 +188,10 @@ restore_uid(void) | |
48 | setgid(getgid()); | 48 | setgid(getgid()); | |
49 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ | 49 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ | |
50 | 50 | |||
51 | +#ifndef HAVE_INTERIX | 51 | +#ifndef HAVE_INTERIX | |
52 | if (setgroups(saved_egroupslen, saved_egroups) < 0) | 52 | if (setgroups(saved_egroupslen, saved_egroups) < 0) | |
53 | fatal("setgroups: %.100s", strerror(errno)); | 53 | fatal("setgroups: %.100s", strerror(errno)); | |
54 | +#endif | 54 | +#endif | |
55 | temporarily_use_uid_effective = 0; | 55 | temporarily_use_uid_effective = 0; | |
56 | } | 56 | } | |
57 | 57 | |||
58 | @@ -208,6 +214,10 @@ permanently_set_uid(struct passwd *pw) | 58 | @@ -206,6 +212,10 @@ permanently_set_uid(struct passwd *pw) | |
59 | debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, | 59 | debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, | |
60 | (u_int)pw->pw_gid); | 60 | (u_int)pw->pw_gid); | |
61 | 61 | |||
62 | +#if defined(HAVE_INTERIX) | 62 | +#if defined(HAVE_INTERIX) | |
63 | + if (setuser(pw->pw_name, NULL, SU_COMPLETE)) | 63 | + if (setuser(pw->pw_name, NULL, SU_COMPLETE)) | |
64 | + fatal("setuser %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); | 64 | + fatal("setuser %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); | |
65 | +#else | 65 | +#else | |
66 | if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) | 66 | if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) | |
67 | fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); | 67 | fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); | |
68 | 68 | |||
69 | @@ -244,6 +254,7 @@ permanently_set_uid(struct passwd *pw) | 69 | @@ -242,6 +252,7 @@ permanently_set_uid(struct passwd *pw) | |
70 | (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) | 70 | (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) | |
71 | fatal("%s: was able to restore old [e]uid", __func__); | 71 | fatal("%s: was able to restore old [e]uid", __func__); | |
72 | #endif | 72 | #endif | |
73 | +#endif /* HAVE_INTERIX */ | 73 | +#endif /* HAVE_INTERIX */ | |
74 | 74 | |||
75 | /* Verify UID drop was successful */ | 75 | /* Verify UID drop was successful */ | |
76 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) { | 76 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) { |
$NetBSD: patch-sftp-common.c,v 1.1.2.2 2013/12/05 09:52:53 tron Exp $
Include <unistd.h> for strmode(3).
--- sftp-common.c.orig 2013-06-01 21:31:19.000000000 +0000
+++ sftp-common.c
@@ -36,6 +36,9 @@
#include <string.h>
#include <time.h>
#include <stdarg.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
#ifdef HAVE_UTIL_H
#include <util.h>
#endif