pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/openssh Updated security/openssh to 5.5.1
details: https://anonhg.NetBSD.org/pkgsrc/rev/573ed5eca4a9
branches: trunk
changeset: 576453:573ed5eca4a9
user: martti <martti%pkgsrc.org@localhost>
date: Fri Jun 11 20:41:41 2010 +0000
description:
Updated security/openssh to 5.5.1
Lots of changes, including
* After a transition period of about 10 years, this release disables
SSH protocol 1 by default. Clients and servers that need to use the
legacy protocol must explicitly enable it in ssh_config / sshd_config
or on the command-line.
* Remove the libsectok/OpenSC-based smartcard code and add support for
PKCS#11 tokens. This support is automatically enabled on all
platforms that support dlopen(3) and was inspired by patches written
by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages.
* Add support for certificate authentication of users and hosts using a
new, minimal OpenSSH certificate format (not X.509). Certificates
contain a public key, identity information and some validity
constraints and are signed with a standard SSH public key using
ssh-keygen(1). CA keys may be marked as trusted in authorized_keys
or via a TrustedUserCAKeys option in sshd_config(5) (for user
authentication), or in known_hosts (for host authentication).
Documentation for certificate support may be found in ssh-keygen(1),
sshd(8) and ssh(1) and a description of the protocol extensions in
PROTOCOL.certkeys.
* Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects
stdio on the client to a single port forward on the server. This
allows, for example, using ssh as a ProxyCommand to route connections
via intermediate servers. bz#1618
diffstat:
security/openssh/Makefile | 7 ++--
security/openssh/PLIST | 4 ++-
security/openssh/distinfo | 29 +++++++++-----------
security/openssh/patches/patch-aa | 53 +++++++++++++-------------------------
security/openssh/patches/patch-ab | 41 +++++++++++-------------------
security/openssh/patches/patch-ad | 22 ++++++++--------
security/openssh/patches/patch-ag | 10 +++---
security/openssh/patches/patch-ah | 21 ++++-----------
security/openssh/patches/patch-ak | 12 ++++----
security/openssh/patches/patch-an | 12 ++++----
security/openssh/patches/patch-ao | 18 ++++++------
security/openssh/patches/patch-av | 20 +++++++-------
12 files changed, 105 insertions(+), 144 deletions(-)
diffs (truncated from 593 to 300 lines):
diff -r 52fa0729a0e0 -r 573ed5eca4a9 security/openssh/Makefile
--- a/security/openssh/Makefile Fri Jun 11 15:16:16 2010 +0000
+++ b/security/openssh/Makefile Fri Jun 11 20:41:41 2010 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.196 2010/04/17 10:42:55 zafer Exp $
+# $NetBSD: Makefile,v 1.197 2010/06/11 20:41:41 martti Exp $
-DISTNAME= openssh-5.3p1
-PKGNAME= openssh-5.3.1
+DISTNAME= openssh-5.5p1
+PKGNAME= openssh-5.5.1
SVR4_PKGNAME= ossh
CATEGORIES= security
MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
@@ -12,7 +12,6 @@
ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/
# Don't delete the last entry -- it's there if the pkgsrc version is not
# up-to-date and the mirrors already removed the old distfile.
-DIST_SUBDIR= ${PKGBASE}-5.3.1-20100218
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
HOMEPAGE= http://www.openssh.com/
diff -r 52fa0729a0e0 -r 573ed5eca4a9 security/openssh/PLIST
--- a/security/openssh/PLIST Fri Jun 11 15:16:16 2010 +0000
+++ b/security/openssh/PLIST Fri Jun 11 20:41:41 2010 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.13 2009/06/14 18:13:34 joerg Exp $
+@comment $NetBSD: PLIST,v 1.14 2010/06/11 20:41:41 martti Exp $
bin/scp
bin/sftp
bin/slogin
@@ -9,6 +9,7 @@
bin/ssh-keyscan
libexec/sftp-server
libexec/ssh-keysign
+libexec/ssh-pkcs11-helper
man/man1/scp.1
man/man1/sftp.1
man/man1/slogin.1
@@ -22,6 +23,7 @@
man/man5/sshd_config.5
man/man8/sftp-server.8
man/man8/ssh-keysign.8
+man/man8/ssh-pkcs11-helper.8
man/man8/sshd.8
sbin/sshd
share/examples/openssh/moduli
diff -r 52fa0729a0e0 -r 573ed5eca4a9 security/openssh/distinfo
--- a/security/openssh/distinfo Fri Jun 11 15:16:16 2010 +0000
+++ b/security/openssh/distinfo Fri Jun 11 20:41:41 2010 +0000
@@ -1,29 +1,26 @@
-$NetBSD: distinfo,v 1.75 2010/02/19 10:17:33 martti Exp $
+$NetBSD: distinfo,v 1.76 2010/06/11 20:41:41 martti Exp $
-SHA1 (openssh-5.3.1-20100218/openssh-5.3p1-hpn13v7.diff.gz) = 724aa137c8c42e89af454ce904845a3a2d9e8ed9
-RMD160 (openssh-5.3.1-20100218/openssh-5.3p1-hpn13v7.diff.gz) = a57c038d6b57a2869295e3000abd50658ebb5b93
-Size (openssh-5.3.1-20100218/openssh-5.3p1-hpn13v7.diff.gz) = 22734 bytes
-SHA1 (openssh-5.3.1-20100218/openssh-5.3p1.tar.gz) = d411fde2584ef6022187f565360b2c63a05602b5
-RMD160 (openssh-5.3.1-20100218/openssh-5.3p1.tar.gz) = f8c98b4b91b7e0e02b33837ef6978e8b7570cf9e
-Size (openssh-5.3.1-20100218/openssh-5.3p1.tar.gz) = 1027130 bytes
-SHA1 (patch-aa) = 94b4427cd6ed2cc4c15728c6721f98b678eafb5d
-SHA1 (patch-ab) = ddb47d597893895314b03bdd13d7e2cb9c4c3b6b
+SHA1 (openssh-5.5p1.tar.gz) = 361c6335e74809b26ea096b34062ba8ff6c97cd6
+RMD160 (openssh-5.5p1.tar.gz) = 7cee614112b691da5daac9f2579becba2409b727
+Size (openssh-5.5p1.tar.gz) = 1097574 bytes
+SHA1 (patch-aa) = 508d47bb19f746acc29d3659f5140ee13cc4f848
+SHA1 (patch-ab) = b93e976f71a358637c6a50bc70073755cbe3e230
SHA1 (patch-ac) = 5c63cb47ffb556a15f685011bc3291d2219613dc
-SHA1 (patch-ad) = 254e11c5f56a72bf0b30bb8860e45156b3a0adf2
+SHA1 (patch-ad) = a02e5a24fee128d925939785c06f3fa985fc6f2f
SHA1 (patch-ae) = 4ec1007b03d4bf28ddd1dcfdf2ec7c5295a69df5
SHA1 (patch-af) = ca3224af0b648803404776a8c12ed678db4f8ff6
-SHA1 (patch-ag) = b91f89ede11f5ed7ba99cfea883ede969796c0ac
-SHA1 (patch-ah) = 0deb24fae95f0a696048d486b11463b380899cb3
+SHA1 (patch-ag) = 385874017f160626d3a95b6ce4a298d442cf9393
+SHA1 (patch-ah) = c8d4b57fd72260e26960ac67d672bebb40759bed
SHA1 (patch-ai) = becad6262e5daeef2a6db14097a8971c40088403
SHA1 (patch-aj) = 5c89b4a7da59f05c50c16083aa6dd6e465cd0305
-SHA1 (patch-ak) = 550eae0b47dc220dac2439f57b39b7e4319057c5
+SHA1 (patch-ak) = c718c24c7fd5e2989e40d1a0272faea6434ec578
SHA1 (patch-al) = ffd15b2ef3cb6b57419c0f6f1f4f795e497382d7
SHA1 (patch-am) = 4893a8a059d611d35c1fb9ff03b598c590e0355e
-SHA1 (patch-an) = 5b41d9493028dd4dce4a73ea78e43f3a073108e5
-SHA1 (patch-ao) = a02f861855403e4a77323460a2611707d64b2e6b
+SHA1 (patch-an) = bb82f8f7f9d3949fde0d797a4c1253ae402f0311
+SHA1 (patch-ao) = cff08e03d10c32175803c6f09992e4659c3e62bd
SHA1 (patch-ap) = 5c0ae4dbcdcd50312d1db037867cbaed7c80931d
SHA1 (patch-aq) = 1a7d8a4c5e70a0c6211247ba583534ed8ce317d0
SHA1 (patch-ar) = a1099e0175a2b14f3b19db04261891179b1e3299
SHA1 (patch-au) = 6cfdfc531e2267017a15e66ea48c7ecfa2a3926f
-SHA1 (patch-av) = ef1274ad93846c7af2a6bdeb20ae59044fac0f1b
+SHA1 (patch-av) = 5b4a63dcf8312745253f5c5e68e1d9628ff9e46d
SHA1 (patch-aw) = 532f2aebcb93cae5e0dd26a5faa1593a7d3a3c51
diff -r 52fa0729a0e0 -r 573ed5eca4a9 security/openssh/patches/patch-aa
--- a/security/openssh/patches/patch-aa Fri Jun 11 15:16:16 2010 +0000
+++ b/security/openssh/patches/patch-aa Fri Jun 11 20:41:41 2010 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.45 2010/02/19 10:17:33 martti Exp $
+$NetBSD: patch-aa,v 1.46 2010/06/11 20:41:42 martti Exp $
---- configure.orig 2009-09-26 09:31:15.000000000 +0300
-+++ configure 2010-02-19 12:06:28.000000000 +0200
-@@ -5997,6 +5997,9 @@
+--- configure.orig 2010-04-16 03:17:11.000000000 +0300
++++ configure 2010-06-09 21:30:29.000000000 +0300
+@@ -5665,6 +5665,9 @@
fi
@@ -12,7 +12,7 @@
# Allow user to specify flags
# Check whether --with-cflags was given.
-@@ -6142,6 +6145,7 @@
+@@ -5810,6 +5813,7 @@
maillock.h \
ndir.h \
net/if_tun.h \
@@ -20,7 +20,7 @@
netdb.h \
netgroup.h \
pam/pam_appl.h \
-@@ -7965,6 +7969,36 @@
+@@ -7660,6 +7664,36 @@
;;
esac
;;
@@ -57,7 +57,7 @@
*-*-irix5*)
PATH="$PATH:/usr/etc"
-@@ -8537,7 +8571,7 @@
+@@ -8226,7 +8260,7 @@
_ACEOF
;;
@@ -66,33 +66,16 @@
check_for_libcrypt_later=1
cat >>confdefs.h <<\_ACEOF
-@@ -30831,14 +30865,21 @@
- rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- if test -z "$conf_utmpx_location"; then
- if test x"$system_utmpx_path" = x"no" ; then
-- cat >>confdefs.h <<\_ACEOF
-+ for f in /var/run/utmpx; do
-+ if test -f $f ; then
-+ conf_utmpx_location=$f
-+ fi
-+ done
-+ if test -z "$conf_utmpx_location"; then
-+ cat >>confdefs.h <<\_ACEOF
- #define DISABLE_UTMPX 1
- _ACEOF
-+ fi
-
- fi
--else
--
--cat >>confdefs.h <<_ACEOF
-+fi
-+if test -n "$conf_utmpx_location"; then
-+ cat >>confdefs.h <<_ACEOF
- #define CONF_UTMPX_FILE "$conf_utmpx_location"
- _ACEOF
-
-@@ -30903,14 +30944,20 @@
+@@ -12468,7 +12502,7 @@
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ fi
+- if test "x$use_pkgconfig_for_libedit" == "xyes"; then
++ if test "x$use_pkgconfig_for_libedit" = "xyes"; then
+ LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
+ CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
+ else
+@@ -29573,14 +29607,20 @@
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
if test -z "$conf_wtmpx_location"; then
if test x"$system_wtmpx_path" = x"no" ; then
@@ -118,7 +101,7 @@
#define CONF_WTMPX_FILE "$conf_wtmpx_location"
_ACEOF
-@@ -32200,7 +32247,7 @@
+@@ -30888,7 +30930,7 @@
echo " User binaries: $B"
echo " System binaries: $C"
echo " Configuration files: $D"
diff -r 52fa0729a0e0 -r 573ed5eca4a9 security/openssh/patches/patch-ab
--- a/security/openssh/patches/patch-ab Fri Jun 11 15:16:16 2010 +0000
+++ b/security/openssh/patches/patch-ab Fri Jun 11 20:41:41 2010 +0000
@@ -1,7 +1,7 @@
-$NetBSD: patch-ab,v 1.27 2010/02/19 10:17:33 martti Exp $
+$NetBSD: patch-ab,v 1.28 2010/06/11 20:41:42 martti Exp $
---- configure.ac.orig 2009-09-11 07:56:08.000000000 +0300
-+++ configure.ac 2010-02-19 12:13:02.000000000 +0200
+--- configure.ac.orig 2010-04-10 15:58:01.000000000 +0300
++++ configure.ac 2010-06-09 21:32:22.000000000 +0300
@@ -191,6 +191,9 @@
]
)
@@ -20,7 +20,7 @@
netdb.h \
netgroup.h \
pam/pam_appl.h \
-@@ -535,6 +539,15 @@
+@@ -541,6 +545,15 @@
;;
esac
;;
@@ -36,27 +36,16 @@
*-*-irix5*)
PATH="$PATH:/usr/etc"
AC_DEFINE(BROKEN_INET_NTOA, 1,
-@@ -4129,9 +4142,17 @@
- )
- if test -z "$conf_utmpx_location"; then
- if test x"$system_utmpx_path" = x"no" ; then
-- AC_DEFINE(DISABLE_UTMPX)
-+ for f in /var/run/utmpx; do
-+ if test -f $f ; then
-+ conf_utmpx_location=$f
-+ fi
-+ done
-+ if test -z "$conf_utmpx_location"; then
-+ AC_DEFINE(DISABLE_UTMPX)
-+ fi
- fi
--else
-+fi
-+if test -n "$conf_utmpx_location"; then
- AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
- [Define if you want to specify the path to your utmpx file])
- fi
-@@ -4155,9 +4176,17 @@
+@@ -1273,7 +1286,7 @@
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ fi
+- if test "x$use_pkgconfig_for_libedit" == "xyes"; then
++ if test "x$use_pkgconfig_for_libedit" = "xyes"; then
+ LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
+ CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
+ else
+@@ -4106,9 +4119,17 @@
)
if test -z "$conf_wtmpx_location"; then
if test x"$system_wtmpx_path" = x"no" ; then
@@ -76,7 +65,7 @@
AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
[Define if you want to specify the path to your wtmpx file])
fi
-@@ -4204,7 +4233,7 @@
+@@ -4156,7 +4177,7 @@
echo " User binaries: $B"
echo " System binaries: $C"
echo " Configuration files: $D"
diff -r 52fa0729a0e0 -r 573ed5eca4a9 security/openssh/patches/patch-ad
--- a/security/openssh/patches/patch-ad Fri Jun 11 15:16:16 2010 +0000
+++ b/security/openssh/patches/patch-ad Fri Jun 11 20:41:41 2010 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ad,v 1.13 2009/05/21 03:22:29 taca Exp $
+$NetBSD: patch-ad,v 1.14 2010/06/11 20:41:42 martti Exp $
---- loginrec.c.orig 2009-02-12 11:12:22.000000000 +0900
-+++ loginrec.c
-@@ -431,8 +431,8 @@ login_set_addr(struct logininfo *li, con
+--- loginrec.c.orig 2010-04-09 11:13:27.000000000 +0300
++++ loginrec.c 2010-06-09 21:16:25.000000000 +0300
+@@ -432,8 +432,8 @@ login_set_addr(struct logininfo *li, con
int
login_write(struct logininfo *li)
{
@@ -13,7 +13,7 @@
logit("Attempt to write login records by non-root user (aborting)");
return (1);
}
-@@ -440,7 +440,7 @@ login_write(struct logininfo *li)
+@@ -441,7 +441,7 @@ login_write(struct logininfo *li)
/* set the timestamp */
login_set_current_time(li);
@@ -22,7 +22,7 @@
syslogin_write_entry(li);
#endif
#ifdef USE_LASTLOG
-@@ -620,7 +620,7 @@ line_abbrevname(char *dst, const char *s
+@@ -625,7 +625,7 @@ line_abbrevname(char *dst, const char *s
** into account.
**/
@@ -31,18 +31,18 @@
/* build the utmp structure */
void
-@@ -757,10 +757,6 @@ construct_utmpx(struct logininfo *li, st
+@@ -762,10 +762,6 @@ construct_utmpx(struct logininfo *li, st
set_utmpx_time(li, utx);
Home |
Main Index |
Thread Index |
Old Index