pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/openssh Updated security/openssh to 5.5.1



details:   https://anonhg.NetBSD.org/pkgsrc/rev/573ed5eca4a9
branches:  trunk
changeset: 576453:573ed5eca4a9
user:      martti <martti%pkgsrc.org@localhost>
date:      Fri Jun 11 20:41:41 2010 +0000

description:
Updated security/openssh to 5.5.1

Lots of changes, including

 * After a transition period of about 10 years, this release disables
   SSH protocol 1 by default. Clients and servers that need to use the
   legacy protocol must explicitly enable it in ssh_config / sshd_config
   or on the command-line.

 * Remove the libsectok/OpenSC-based smartcard code and add support for
   PKCS#11 tokens. This support is automatically enabled on all
   platforms that support dlopen(3) and was inspired by patches written
   by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages.

 * Add support for certificate authentication of users and hosts using a
   new, minimal OpenSSH certificate format (not X.509). Certificates
   contain a public key, identity information and some validity
   constraints and are signed with a standard SSH public key using
   ssh-keygen(1). CA keys may be marked as trusted in authorized_keys
   or via a TrustedUserCAKeys option in sshd_config(5) (for user
   authentication), or in known_hosts (for host authentication).

   Documentation for certificate support may be found in ssh-keygen(1),
   sshd(8) and ssh(1) and a description of the protocol extensions in
   PROTOCOL.certkeys.

 * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects
   stdio on the client to a single port forward on the server. This
   allows, for example, using ssh as a ProxyCommand to route connections
   via intermediate servers. bz#1618

diffstat:

 security/openssh/Makefile         |   7 ++--
 security/openssh/PLIST            |   4 ++-
 security/openssh/distinfo         |  29 +++++++++-----------
 security/openssh/patches/patch-aa |  53 +++++++++++++-------------------------
 security/openssh/patches/patch-ab |  41 +++++++++++-------------------
 security/openssh/patches/patch-ad |  22 ++++++++--------
 security/openssh/patches/patch-ag |  10 +++---
 security/openssh/patches/patch-ah |  21 ++++-----------
 security/openssh/patches/patch-ak |  12 ++++----
 security/openssh/patches/patch-an |  12 ++++----
 security/openssh/patches/patch-ao |  18 ++++++------
 security/openssh/patches/patch-av |  20 +++++++-------
 12 files changed, 105 insertions(+), 144 deletions(-)

diffs (truncated from 593 to 300 lines):

diff -r 52fa0729a0e0 -r 573ed5eca4a9 security/openssh/Makefile
--- a/security/openssh/Makefile Fri Jun 11 15:16:16 2010 +0000
+++ b/security/openssh/Makefile Fri Jun 11 20:41:41 2010 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.196 2010/04/17 10:42:55 zafer Exp $
+# $NetBSD: Makefile,v 1.197 2010/06/11 20:41:41 martti Exp $
 
-DISTNAME=              openssh-5.3p1
-PKGNAME=               openssh-5.3.1
+DISTNAME=              openssh-5.5p1
+PKGNAME=               openssh-5.5.1
 SVR4_PKGNAME=          ossh
 CATEGORIES=            security
 MASTER_SITES=          ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
@@ -12,7 +12,6 @@
                        ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/
 # Don't delete the last entry -- it's there if the pkgsrc version is not
 # up-to-date and the mirrors already removed the old distfile.
-DIST_SUBDIR=           ${PKGBASE}-5.3.1-20100218
 
 MAINTAINER=            pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=              http://www.openssh.com/
diff -r 52fa0729a0e0 -r 573ed5eca4a9 security/openssh/PLIST
--- a/security/openssh/PLIST    Fri Jun 11 15:16:16 2010 +0000
+++ b/security/openssh/PLIST    Fri Jun 11 20:41:41 2010 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.13 2009/06/14 18:13:34 joerg Exp $
+@comment $NetBSD: PLIST,v 1.14 2010/06/11 20:41:41 martti Exp $
 bin/scp
 bin/sftp
 bin/slogin
@@ -9,6 +9,7 @@
 bin/ssh-keyscan
 libexec/sftp-server
 libexec/ssh-keysign
+libexec/ssh-pkcs11-helper
 man/man1/scp.1
 man/man1/sftp.1
 man/man1/slogin.1
@@ -22,6 +23,7 @@
 man/man5/sshd_config.5
 man/man8/sftp-server.8
 man/man8/ssh-keysign.8
+man/man8/ssh-pkcs11-helper.8
 man/man8/sshd.8
 sbin/sshd
 share/examples/openssh/moduli
diff -r 52fa0729a0e0 -r 573ed5eca4a9 security/openssh/distinfo
--- a/security/openssh/distinfo Fri Jun 11 15:16:16 2010 +0000
+++ b/security/openssh/distinfo Fri Jun 11 20:41:41 2010 +0000
@@ -1,29 +1,26 @@
-$NetBSD: distinfo,v 1.75 2010/02/19 10:17:33 martti Exp $
+$NetBSD: distinfo,v 1.76 2010/06/11 20:41:41 martti Exp $
 
-SHA1 (openssh-5.3.1-20100218/openssh-5.3p1-hpn13v7.diff.gz) = 724aa137c8c42e89af454ce904845a3a2d9e8ed9
-RMD160 (openssh-5.3.1-20100218/openssh-5.3p1-hpn13v7.diff.gz) = a57c038d6b57a2869295e3000abd50658ebb5b93
-Size (openssh-5.3.1-20100218/openssh-5.3p1-hpn13v7.diff.gz) = 22734 bytes
-SHA1 (openssh-5.3.1-20100218/openssh-5.3p1.tar.gz) = d411fde2584ef6022187f565360b2c63a05602b5
-RMD160 (openssh-5.3.1-20100218/openssh-5.3p1.tar.gz) = f8c98b4b91b7e0e02b33837ef6978e8b7570cf9e
-Size (openssh-5.3.1-20100218/openssh-5.3p1.tar.gz) = 1027130 bytes
-SHA1 (patch-aa) = 94b4427cd6ed2cc4c15728c6721f98b678eafb5d
-SHA1 (patch-ab) = ddb47d597893895314b03bdd13d7e2cb9c4c3b6b
+SHA1 (openssh-5.5p1.tar.gz) = 361c6335e74809b26ea096b34062ba8ff6c97cd6
+RMD160 (openssh-5.5p1.tar.gz) = 7cee614112b691da5daac9f2579becba2409b727
+Size (openssh-5.5p1.tar.gz) = 1097574 bytes
+SHA1 (patch-aa) = 508d47bb19f746acc29d3659f5140ee13cc4f848
+SHA1 (patch-ab) = b93e976f71a358637c6a50bc70073755cbe3e230
 SHA1 (patch-ac) = 5c63cb47ffb556a15f685011bc3291d2219613dc
-SHA1 (patch-ad) = 254e11c5f56a72bf0b30bb8860e45156b3a0adf2
+SHA1 (patch-ad) = a02e5a24fee128d925939785c06f3fa985fc6f2f
 SHA1 (patch-ae) = 4ec1007b03d4bf28ddd1dcfdf2ec7c5295a69df5
 SHA1 (patch-af) = ca3224af0b648803404776a8c12ed678db4f8ff6
-SHA1 (patch-ag) = b91f89ede11f5ed7ba99cfea883ede969796c0ac
-SHA1 (patch-ah) = 0deb24fae95f0a696048d486b11463b380899cb3
+SHA1 (patch-ag) = 385874017f160626d3a95b6ce4a298d442cf9393
+SHA1 (patch-ah) = c8d4b57fd72260e26960ac67d672bebb40759bed
 SHA1 (patch-ai) = becad6262e5daeef2a6db14097a8971c40088403
 SHA1 (patch-aj) = 5c89b4a7da59f05c50c16083aa6dd6e465cd0305
-SHA1 (patch-ak) = 550eae0b47dc220dac2439f57b39b7e4319057c5
+SHA1 (patch-ak) = c718c24c7fd5e2989e40d1a0272faea6434ec578
 SHA1 (patch-al) = ffd15b2ef3cb6b57419c0f6f1f4f795e497382d7
 SHA1 (patch-am) = 4893a8a059d611d35c1fb9ff03b598c590e0355e
-SHA1 (patch-an) = 5b41d9493028dd4dce4a73ea78e43f3a073108e5
-SHA1 (patch-ao) = a02f861855403e4a77323460a2611707d64b2e6b
+SHA1 (patch-an) = bb82f8f7f9d3949fde0d797a4c1253ae402f0311
+SHA1 (patch-ao) = cff08e03d10c32175803c6f09992e4659c3e62bd
 SHA1 (patch-ap) = 5c0ae4dbcdcd50312d1db037867cbaed7c80931d
 SHA1 (patch-aq) = 1a7d8a4c5e70a0c6211247ba583534ed8ce317d0
 SHA1 (patch-ar) = a1099e0175a2b14f3b19db04261891179b1e3299
 SHA1 (patch-au) = 6cfdfc531e2267017a15e66ea48c7ecfa2a3926f
-SHA1 (patch-av) = ef1274ad93846c7af2a6bdeb20ae59044fac0f1b
+SHA1 (patch-av) = 5b4a63dcf8312745253f5c5e68e1d9628ff9e46d
 SHA1 (patch-aw) = 532f2aebcb93cae5e0dd26a5faa1593a7d3a3c51
diff -r 52fa0729a0e0 -r 573ed5eca4a9 security/openssh/patches/patch-aa
--- a/security/openssh/patches/patch-aa Fri Jun 11 15:16:16 2010 +0000
+++ b/security/openssh/patches/patch-aa Fri Jun 11 20:41:41 2010 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.45 2010/02/19 10:17:33 martti Exp $
+$NetBSD: patch-aa,v 1.46 2010/06/11 20:41:42 martti Exp $
 
---- configure.orig     2009-09-26 09:31:15.000000000 +0300
-+++ configure  2010-02-19 12:06:28.000000000 +0200
-@@ -5997,6 +5997,9 @@
+--- configure.orig     2010-04-16 03:17:11.000000000 +0300
++++ configure  2010-06-09 21:30:29.000000000 +0300
+@@ -5665,6 +5665,9 @@
  fi
  
  
@@ -12,7 +12,7 @@
  # Allow user to specify flags
  
  # Check whether --with-cflags was given.
-@@ -6142,6 +6145,7 @@
+@@ -5810,6 +5813,7 @@
        maillock.h \
        ndir.h \
        net/if_tun.h \
@@ -20,7 +20,7 @@
        netdb.h \
        netgroup.h \
        pam/pam_appl.h \
-@@ -7965,6 +7969,36 @@
+@@ -7660,6 +7664,36 @@
                ;;
        esac
        ;;
@@ -57,7 +57,7 @@
  *-*-irix5*)
        PATH="$PATH:/usr/etc"
  
-@@ -8537,7 +8571,7 @@
+@@ -8226,7 +8260,7 @@
  _ACEOF
  
        ;;
@@ -66,33 +66,16 @@
        check_for_libcrypt_later=1
  
  cat >>confdefs.h <<\_ACEOF
-@@ -30831,14 +30865,21 @@
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- if test -z "$conf_utmpx_location"; then
-       if test x"$system_utmpx_path" = x"no" ; then
--              cat >>confdefs.h <<\_ACEOF
-+              for f in /var/run/utmpx; do
-+                      if test -f $f ; then
-+                              conf_utmpx_location=$f
-+                      fi
-+              done
-+              if test -z "$conf_utmpx_location"; then
-+                      cat >>confdefs.h <<\_ACEOF
- #define DISABLE_UTMPX 1
- _ACEOF
-+              fi
- 
-       fi
--else
--
--cat >>confdefs.h <<_ACEOF
-+fi
-+if test -n "$conf_utmpx_location"; then
-+      cat >>confdefs.h <<_ACEOF
- #define CONF_UTMPX_FILE "$conf_utmpx_location"
- _ACEOF
- 
-@@ -30903,14 +30944,20 @@
+@@ -12468,7 +12502,7 @@
+                               LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+                       fi
+               fi
+-              if test "x$use_pkgconfig_for_libedit" == "xyes"; then
++              if test "x$use_pkgconfig_for_libedit" = "xyes"; then
+                       LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
+                       CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
+               else
+@@ -29573,14 +29607,20 @@
  rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
  if test -z "$conf_wtmpx_location"; then
        if test x"$system_wtmpx_path" = x"no" ; then
@@ -118,7 +101,7 @@
  #define CONF_WTMPX_FILE "$conf_wtmpx_location"
  _ACEOF
  
-@@ -32200,7 +32247,7 @@
+@@ -30888,7 +30930,7 @@
  echo "                     User binaries: $B"
  echo "                   System binaries: $C"
  echo "               Configuration files: $D"
diff -r 52fa0729a0e0 -r 573ed5eca4a9 security/openssh/patches/patch-ab
--- a/security/openssh/patches/patch-ab Fri Jun 11 15:16:16 2010 +0000
+++ b/security/openssh/patches/patch-ab Fri Jun 11 20:41:41 2010 +0000
@@ -1,7 +1,7 @@
-$NetBSD: patch-ab,v 1.27 2010/02/19 10:17:33 martti Exp $
+$NetBSD: patch-ab,v 1.28 2010/06/11 20:41:42 martti Exp $
 
---- configure.ac.orig  2009-09-11 07:56:08.000000000 +0300
-+++ configure.ac       2010-02-19 12:13:02.000000000 +0200
+--- configure.ac.orig  2010-04-10 15:58:01.000000000 +0300
++++ configure.ac       2010-06-09 21:32:22.000000000 +0300
 @@ -191,6 +191,9 @@
        ]
  )
@@ -20,7 +20,7 @@
        netdb.h \
        netgroup.h \
        pam/pam_appl.h \
-@@ -535,6 +539,15 @@
+@@ -541,6 +545,15 @@
                ;;
        esac
        ;;
@@ -36,27 +36,16 @@
  *-*-irix5*)
        PATH="$PATH:/usr/etc"
        AC_DEFINE(BROKEN_INET_NTOA, 1,
-@@ -4129,9 +4142,17 @@
- )
- if test -z "$conf_utmpx_location"; then
-       if test x"$system_utmpx_path" = x"no" ; then
--              AC_DEFINE(DISABLE_UTMPX)
-+              for f in /var/run/utmpx; do
-+                      if test -f $f ; then
-+                              conf_utmpx_location=$f
-+                      fi
-+              done
-+              if test -z "$conf_utmpx_location"; then
-+                      AC_DEFINE(DISABLE_UTMPX)
-+              fi
-       fi
--else
-+fi
-+if test -n "$conf_utmpx_location"; then
-       AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
-               [Define if you want to specify the path to your utmpx file])
- fi
-@@ -4155,9 +4176,17 @@
+@@ -1273,7 +1286,7 @@
+                               LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+                       fi
+               fi
+-              if test "x$use_pkgconfig_for_libedit" == "xyes"; then
++              if test "x$use_pkgconfig_for_libedit" = "xyes"; then
+                       LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
+                       CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
+               else
+@@ -4106,9 +4119,17 @@
  )
  if test -z "$conf_wtmpx_location"; then
        if test x"$system_wtmpx_path" = x"no" ; then
@@ -76,7 +65,7 @@
        AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
                [Define if you want to specify the path to your wtmpx file])
  fi
-@@ -4204,7 +4233,7 @@
+@@ -4156,7 +4177,7 @@
  echo "                     User binaries: $B"
  echo "                   System binaries: $C"
  echo "               Configuration files: $D"
diff -r 52fa0729a0e0 -r 573ed5eca4a9 security/openssh/patches/patch-ad
--- a/security/openssh/patches/patch-ad Fri Jun 11 15:16:16 2010 +0000
+++ b/security/openssh/patches/patch-ad Fri Jun 11 20:41:41 2010 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ad,v 1.13 2009/05/21 03:22:29 taca Exp $
+$NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $
 
---- loginrec.c.orig    2009-02-12 11:12:22.000000000 +0900
-+++ loginrec.c
-@@ -431,8 +431,8 @@ login_set_addr(struct logininfo *li, con
+--- loginrec.c.orig    2010-04-09 11:13:27.000000000 +0300
++++ loginrec.c 2010-06-09 21:16:25.000000000 +0300
+@@ -432,8 +432,8 @@ login_set_addr(struct logininfo *li, con
  int
  login_write(struct logininfo *li)
  {
@@ -13,7 +13,7 @@
                logit("Attempt to write login records by non-root user (aborting)");
                return (1);
        }
-@@ -440,7 +440,7 @@ login_write(struct logininfo *li)
+@@ -441,7 +441,7 @@ login_write(struct logininfo *li)
  
        /* set the timestamp */
        login_set_current_time(li);
@@ -22,7 +22,7 @@
        syslogin_write_entry(li);
  #endif
  #ifdef USE_LASTLOG
-@@ -620,7 +620,7 @@ line_abbrevname(char *dst, const char *s
+@@ -625,7 +625,7 @@ line_abbrevname(char *dst, const char *s
   ** into account.
   **/
  
@@ -31,18 +31,18 @@
  
  /* build the utmp structure */
  void
-@@ -757,10 +757,6 @@ construct_utmpx(struct logininfo *li, st
+@@ -762,10 +762,6 @@ construct_utmpx(struct logininfo *li, st
        set_utmpx_time(li, utx);



Home | Main Index | Thread Index | Old Index