OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 29-Sep-2006 08:46:21
Branch: OPENPKG_2_STABLE Handle: 2006092907461901
Modified files: (Branch: OPENPKG_2_STABLE)
openpkg-src/openssh openssh.patch openssh.patch.alias
openssh.patch.chroot openssh.patch.scpbindir
openssh.patch.sftplogging openssh.spec
Log:
MFC: security fixed version
Summary:
Revision Changes Path
1.16.2.1 +8 -8 openpkg-src/openssh/openssh.patch
1.7.2.1 +35 -35 openpkg-src/openssh/openssh.patch.alias
1.7.2.1 +14 -14 openpkg-src/openssh/openssh.patch.chroot
1.10.2.1 +8 -8 openpkg-src/openssh/openssh.patch.scpbindir
1.7.2.1 +131 -184 openpkg-src/openssh/openssh.patch.sftplogging
1.161.2.2 +20 -7 openpkg-src/openssh/openssh.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch
============================================================================
$ cvs diff -u -r1.16 -r1.16.2.1 openssh.patch
--- openpkg-src/openssh/openssh.patch 11 Feb 2006 08:29:38 -0000 1.16
+++ openpkg-src/openssh/openssh.patch 29 Sep 2006 06:46:19 -0000 1.16.2.1
@@ -1,7 +1,7 @@
Index: Makefile.in
---- Makefile.in.orig 2006-01-01 09:47:05 +0100
-+++ Makefile.in 2006-02-11 09:25:19 +0100
-@@ -230,7 +230,7 @@
+--- Makefile.in.orig 2006-09-12 13:54:10 +0200
++++ Makefile.in 2006-09-28 08:00:38 +0200
+@@ -233,7 +233,7 @@
-rm -rf autom4te.cache
(cd scard && $(MAKE) -f Makefile.in distprep)
@@ -12,7 +12,7 @@
Index: auth-pam.h
--- auth-pam.h.orig 2004-09-11 14:17:26 +0200
-+++ auth-pam.h 2006-02-11 09:25:19 +0100
++++ auth-pam.h 2006-09-28 08:00:38 +0200
@@ -28,7 +28,7 @@
#ifdef USE_PAM
@@ -23,11 +23,11 @@
void start_pam(Authctxt *);
Index: version.h
---- version.h.orig 2006-02-11 01:00:45 +0100
-+++ version.h 2006-02-11 09:25:19 +0100
+--- version.h.orig 2006-08-30 03:09:01 +0200
++++ version.h 2006-09-28 08:00:38 +0200
@@ -3,4 +3,4 @@
- #define SSH_VERSION "OpenSSH_4.3"
+ #define SSH_VERSION "OpenSSH_4.4"
- #define SSH_PORTABLE "p2"
+ #define SSH_PORTABLE "p1"
-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE " @l_openpkg_release@"
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch.alias
============================================================================
$ cvs diff -u -r1.7 -r1.7.2.1 openssh.patch.alias
--- openpkg-src/openssh/openssh.patch.alias 11 Feb 2006 08:29:38 -0000
1.7
+++ openpkg-src/openssh/openssh.patch.alias 29 Sep 2006 06:46:19 -0000
1.7.2.1
@@ -1,8 +1,8 @@
Index: auth1.c
---- auth1.c.orig 2005-07-17 09:26:44 +0200
-+++ auth1.c 2006-02-11 09:26:30 +0100
-@@ -26,6 +26,9 @@
- #include "uidswap.h"
+--- auth1.c.orig 2006-09-01 07:38:36 +0200
++++ auth1.c 2006-09-28 08:00:58 +0200
+@@ -39,6 +39,9 @@
+ #endif
#include "monitor_wrap.h"
#include "buffer.h"
+#ifdef USE_ALIAS
@@ -11,7 +11,7 @@
/* import */
extern ServerOptions options;
-@@ -371,6 +374,10 @@
+@@ -389,6 +392,10 @@
{
u_int ulen;
char *user, *style = NULL;
@@ -22,7 +22,7 @@
/* Get the name of the user that we wish to log in as. */
packet_read_expect(SSH_CMSG_USER);
-@@ -382,6 +389,25 @@
+@@ -400,6 +407,25 @@
if ((style = strchr(user, ':')) != NULL)
*style++ = '\0';
@@ -49,11 +49,11 @@
authctxt->style = style;
Index: auth2.c
---- auth2.c.orig 2005-09-24 04:43:51 +0200
-+++ auth2.c 2006-02-11 09:26:30 +0100
-@@ -36,6 +36,9 @@
+--- auth2.c.orig 2006-08-05 04:39:39 +0200
++++ auth2.c 2006-09-28 08:00:58 +0200
+@@ -44,6 +44,9 @@
+ #include "dispatch.h"
#include "pathnames.h"
- #include "monitor_wrap.h"
#include "buffer.h"
+#ifdef USE_ALIAS
+#include "match.h"
@@ -61,7 +61,7 @@
#ifdef GSSAPI
#include "ssh-gss.h"
-@@ -136,6 +139,10 @@
+@@ -147,6 +150,10 @@
Authmethod *m = NULL;
char *user, *service, *method, *style = NULL;
int authenticated = 0;
@@ -72,7 +72,7 @@
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
-@@ -149,6 +156,25 @@
+@@ -160,6 +167,25 @@
if ((style = strchr(user, ':')) != NULL)
*style++ = 0;
@@ -99,21 +99,21 @@
/* setup auth context */
authctxt->pw = PRIVSEP(getpwnamallow(user));
Index: servconf.c
---- servconf.c.orig 2005-12-13 09:33:20 +0100
-+++ servconf.c 2006-02-11 09:26:30 +0100
-@@ -102,6 +102,9 @@
- options->authorized_keys_file2 = NULL;
- options->num_accept_env = 0;
+--- servconf.c.orig 2006-08-18 16:23:15 +0200
++++ servconf.c 2006-09-28 08:01:48 +0200
+@@ -122,6 +122,9 @@
options->permit_tun = -1;
+ options->num_permitted_opens = -1;
+ options->adm_forced_command = NULL;
+#ifdef USE_ALIAS
+ options->num_alias = 0;
+#endif
+ }
- /* Needs to be accessable in many places */
- use_privsep = -1;
-@@ -275,6 +278,9 @@
- sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+ void
+@@ -293,6 +296,9 @@
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ sMatch, sPermitOpen, sForceCommand,
sUsePrivilegeSeparation,
+#ifdef USE_ALIAS
+ sAlias,
@@ -121,17 +121,17 @@
sDeprecated, sUnsupported
} ServerOpCodes;
-@@ -377,6 +383,9 @@
- { "useprivilegeseparation", sUsePrivilegeSeparation},
- { "acceptenv", sAcceptEnv },
- { "permittunnel", sPermitTunnel },
+@@ -403,6 +409,9 @@
+ { "match", sMatch, SSHCFG_ALL },
+ { "permitopen", sPermitOpen, SSHCFG_ALL },
+ { "forcecommand", sForceCommand, SSHCFG_ALL },
+#ifdef USE_ALIAS
+ { "alias", sAlias },
+#endif
- { NULL, sBadOption }
+ { NULL, sBadOption, 0 }
};
-@@ -995,6 +1004,26 @@
+@@ -1260,6 +1269,26 @@
arg = strdelim(&cp);
break;
@@ -159,12 +159,12 @@
logit("%s line %d: Unsupported option %s",
filename, linenum, arg);
Index: servconf.h
---- servconf.h.orig 2005-12-13 09:29:03 +0100
-+++ servconf.h 2006-02-11 09:26:30 +0100
-@@ -137,6 +137,14 @@
- int use_pam; /* Enable auth via PAM */
-
+--- servconf.h.orig 2006-08-18 16:23:15 +0200
++++ servconf.h 2006-09-28 08:02:15 +0200
+@@ -141,6 +141,14 @@
int permit_tun;
+
+ int num_permitted_opens;
+#ifdef USE_ALIAS
+#define MAX_ALIAS 256
+ u_int num_alias;
@@ -177,9 +177,9 @@
void initialize_server_options(ServerOptions *);
Index: sshd_config.5
---- sshd_config.5.orig 2006-01-03 08:47:31 +0100
-+++ sshd_config.5 2006-02-11 09:26:30 +0100
-@@ -94,6 +94,15 @@
+--- sshd_config.5.orig 2006-08-30 03:06:34 +0200
++++ sshd_config.5 2006-09-28 08:00:58 +0200
+@@ -97,6 +97,15 @@
(use IPv6 only).
The default is
.Dq any .
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch.chroot
============================================================================
$ cvs diff -u -r1.7 -r1.7.2.1 openssh.patch.chroot
--- openpkg-src/openssh/openssh.patch.chroot 11 Feb 2006 08:29:38 -0000
1.7
+++ openpkg-src/openssh/openssh.patch.chroot 29 Sep 2006 06:46:19 -0000
1.7.2.1
@@ -1,7 +1,7 @@
Index: scp.c
---- scp.c.orig 2006-01-31 12:11:38 +0100
-+++ scp.c 2006-02-11 09:27:20 +0100
-@@ -102,6 +102,11 @@
+--- scp.c.orig 2006-08-05 04:39:40 +0200
++++ scp.c 2006-09-28 08:02:41 +0200
+@@ -128,6 +128,11 @@
/* This is the program to execute for the secured connection. ("ssh" or -S)
*/
char *ssh_program = _PATH_SSH_PROGRAM;
@@ -13,7 +13,7 @@
/* This is used to store the pid of ssh_program */
pid_t do_cmd_pid = -1;
-@@ -278,7 +283,11 @@
+@@ -310,7 +315,11 @@
addargs(&args, "-oClearAllForwardings yes");
fflag = tflag = 0;
@@ -25,7 +25,7 @@
switch (ch) {
/* User-visible flags. */
case '1':
-@@ -339,6 +348,11 @@
+@@ -371,6 +380,11 @@
setmode(0, O_BINARY);
#endif
break;
@@ -37,7 +37,7 @@
default:
usage();
}
-@@ -354,6 +368,19 @@
+@@ -386,6 +400,19 @@
remin = STDIN_FILENO;
remout = STDOUT_FILENO;
@@ -58,9 +58,9 @@
/* Follow "protocol", send data. */
(void) response();
Index: session.c
---- session.c.orig 2006-02-08 00:18:55 +0100
-+++ session.c 2006-02-11 09:27:20 +0100
-@@ -1301,6 +1301,26 @@
+--- session.c.orig 2006-09-01 07:38:37 +0200
++++ session.c 2006-09-28 08:02:41 +0200
+@@ -1337,6 +1337,26 @@
exit(1);
}
endgrent();
@@ -88,11 +88,11 @@
if (options.gss_authentication) {
temporarily_use_uid(pw);
Index: sftp-server.c
---- sftp-server.c.orig 2006-01-02 13:40:51 +0100
-+++ sftp-server.c 2006-02-11 09:27:20 +0100
-@@ -1049,6 +1049,38 @@
- log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
- #endif
+--- sftp-server.c.orig 2006-08-05 04:39:40 +0200
++++ sftp-server.c 2006-09-28 08:02:41 +0200
+@@ -1270,6 +1270,38 @@
+
+ handle_init();
+#ifdef USE_CHROOT
+{
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch.scpbindir
============================================================================
$ cvs diff -u -r1.10 -r1.10.2.1 openssh.patch.scpbindir
--- openpkg-src/openssh/openssh.patch.scpbindir 11 Feb 2006 08:29:38
-0000 1.10
+++ openpkg-src/openssh/openssh.patch.scpbindir 29 Sep 2006 06:46:20
-0000 1.10.2.1
@@ -1,8 +1,8 @@
Index: session.c
---- session.c.orig 2006-02-08 00:18:55 +0100
-+++ session.c 2006-02-11 09:27:54 +0100
-@@ -67,6 +67,10 @@
- #include "ssh-gss.h"
+--- session.c.orig 2006-09-01 07:38:37 +0200
++++ session.c 2006-09-28 08:04:00 +0200
+@@ -92,6 +92,10 @@
+ #include <kafs.h>
#endif
+#ifndef SCPBINDIR
@@ -12,7 +12,7 @@
/* func */
Session *session_new(void);
-@@ -651,6 +655,21 @@
+@@ -680,6 +684,21 @@
void
do_exec(Session *s, const char *command)
{
@@ -31,10 +31,10 @@
+ debug("Forced SCP command '%.900s'", command);
+ }
+
- if (forced_command) {
+ if (options.adm_forced_command) {
original_command = command;
- command = forced_command;
-@@ -675,6 +694,8 @@
+ command = options.adm_forced_command;
+@@ -708,6 +727,8 @@
do_exec_no_pty(s, command);
original_command = NULL;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch.sftplogging
============================================================================
$ cvs diff -u -r1.7 -r1.7.2.1 openssh.patch.sftplogging
--- openpkg-src/openssh/openssh.patch.sftplogging 11 Feb 2006 08:29:38
-0000 1.7
+++ openpkg-src/openssh/openssh.patch.sftplogging 29 Sep 2006 06:46:20
-0000 1.7.2.1
@@ -1,23 +1,20 @@
Index: servconf.c
---- servconf.c.orig 2005-12-13 09:33:20 +0100
-+++ servconf.c 2006-02-11 09:28:21 +0100
-@@ -103,6 +103,15 @@
- options->num_accept_env = 0;
+--- servconf.c.orig 2006-08-18 16:23:15 +0200
++++ servconf.c 2006-09-28 08:06:00 +0200
+@@ -122,6 +122,12 @@
options->permit_tun = -1;
-
+ options->num_permitted_opens = -1;
+ options->adm_forced_command = NULL;
+ options->log_sftp = LOG_SFTP_NOT_SET;
-+ options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET;
-+ options->sftp_log_level = SYSLOG_LEVEL_NOT_SET;
-+
++ options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET;
++ options->sftp_log_level = SYSLOG_LEVEL_NOT_SET;
+ memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH);
-+
+ options->sftp_permit_chmod = SFTP_PERMIT_NOT_SET;
+ options->sftp_permit_chown = SFTP_PERMIT_NOT_SET;
-+
- /* Needs to be accessable in many places */
- use_privsep = -1;
}
-@@ -233,6 +242,24 @@
+
+ void
+@@ -250,6 +256,24 @@
if (options->permit_tun == -1)
options->permit_tun = SSH_TUNMODE_NO;
@@ -42,9 +39,9 @@
/* Turn privilege separation on by default */
if (use_privsep == -1)
use_privsep = 1;
-@@ -275,6 +302,9 @@
- sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+@@ -293,6 +317,9 @@
sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ sMatch, sPermitOpen, sForceCommand,
sUsePrivilegeSeparation,
+ sLogSftp, sSftpLogFacility, sSftpLogLevel,
+ sSftpUmask,
@@ -52,8 +49,8 @@
sDeprecated, sUnsupported
} ServerOpCodes;
-@@ -284,6 +314,12 @@
- ServerOpCodes opcode;
+@@ -307,6 +334,12 @@
+ u_int flags;
} keywords[] = {
/* Portable-specific options */
+ { "logsftp", sLogSftp},
@@ -63,18 +60,18 @@
+ { "sftppermitchmod", sSftpPermitChmod},
+ { "sftppermitchown", sSftpPermitChown},
#ifdef USE_PAM
- { "usepam", sUsePAM },
+ { "usepam", sUsePAM, SSHCFG_GLOBAL },
#else
-@@ -446,6 +482,8 @@
- ServerOpCodes opcode;
- u_short port;
+@@ -431,6 +464,8 @@
+ add_listen_addr(ServerOptions *options, char *addr, u_short port)
+ {
u_int i;
+ unsigned int umaskvalue = 0;
+ char *umaskptr;
- cp = line;
- arg = strdelim(&cp);
-@@ -932,6 +970,58 @@
+ if (options->num_ports == 0)
+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
+@@ -1146,6 +1181,58 @@
case sBanner:
charptr = &options->banner;
goto parse_filename;
@@ -134,9 +131,9 @@
* These options can contain %X options expanded at
* connect time, so that you can specify paths like:
Index: servconf.h
---- servconf.h.orig 2005-12-13 09:29:03 +0100
-+++ servconf.h 2006-02-11 09:28:21 +0100
-@@ -35,6 +35,19 @@
+--- servconf.h.orig 2006-08-18 16:23:15 +0200
++++ servconf.h 2006-09-28 08:05:25 +0200
+@@ -34,6 +34,19 @@
#define PERMIT_NO_PASSWD 2
#define PERMIT_YES 3
@@ -156,10 +153,10 @@
#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */
typedef struct {
-@@ -137,6 +150,13 @@
- int use_pam; /* Enable auth via PAM */
-
+@@ -141,6 +154,13 @@
int permit_tun;
+
+ int num_permitted_opens;
+ int log_sftp; /* perform sftp-server logging */
+ SyslogFacility sftp_log_facility; /* Facility for sftp subsystem
logging. */
+ LogLevel sftp_log_level; /* Level for sftp subsystem logging. */
@@ -171,9 +168,9 @@
void initialize_server_options(ServerOptions *);
Index: session.c
---- session.c.orig 2006-02-08 00:18:55 +0100
-+++ session.c 2006-02-11 09:28:21 +0100
-@@ -113,6 +113,15 @@
+--- session.c.orig 2006-09-01 07:38:37 +0200
++++ session.c 2006-09-28 08:04:35 +0200
+@@ -138,6 +138,15 @@
static int is_child = 0;
@@ -189,15 +186,15 @@
/* Name and directory of socket for authentication agent forwarding. */
static char *auth_sock_name = NULL;
static char *auth_sock_dir = NULL;
-@@ -975,6 +984,7 @@
- env = xmalloc(envsize * sizeof(char *));
+@@ -1011,6 +1020,7 @@
+ env = xcalloc(envsize, sizeof(char *));
env[0] = NULL;
+
#ifdef HAVE_CYGWIN
/*
* The Windows environment contains some setting which are
-@@ -1135,6 +1145,67 @@
+@@ -1171,6 +1181,67 @@
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
auth_sock_name);
@@ -266,11 +263,11 @@
if (options.permit_user_env && !options.use_login) {
snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
Index: sftp-server.8
---- sftp-server.8.orig 2003-10-15 07:50:43 +0200
-+++ sftp-server.8 2006-02-11 09:28:22 +0100
-@@ -41,6 +41,20 @@
+--- sftp-server.8.orig 2006-09-26 12:57:06 +0200
++++ sftp-server.8 2006-09-28 08:04:35 +0200
+@@ -49,6 +49,20 @@
.Cm Subsystem
- option.
+ declaration.
See
+.Xr sshd 8
+for more information. Sftp-server transactions may be logged
@@ -288,40 +285,37 @@
+. See
.Xr sshd_config 5
for more information.
- .Sh SEE ALSO
+ .Pp
Index: sftp-server.c
---- sftp-server.c.orig 2006-01-02 13:40:51 +0100
-+++ sftp-server.c 2006-02-11 09:28:22 +0100
-@@ -32,6 +32,13 @@
- #define get_string(lenp) buffer_get_string(&iqueue, lenp);
- #define TRACE debug
+--- sftp-server.c.orig 2006-08-05 04:39:40 +0200
++++ sftp-server.c 2006-09-28 08:18:48 +0200
+@@ -53,6 +53,12 @@
+ /* Our verbosity */
+ LogLevel log_level = SYSLOG_LEVEL_ERROR;
+/* SFTP_UMASK */
+static mode_t setumask = 0;
-+
+static int permit_chmod = 1;
+static int permit_chown = 1;
+static int permit_logging = 0;
+
- extern char *__progname;
-
- /* input and output queue */
-@@ -382,6 +389,14 @@
+ /* Our client */
+ struct passwd *pw = NULL;
+ char *client_addr = NULL;
+@@ -498,6 +504,12 @@
a = get_attrib();
flags = flags_from_portable(pflags);
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
-+
+ if (setumask != 0) {
-+ if ( permit_logging == 1 )
-+ logit("setting file creation mode to 0666 and umask to %o",
setumask);
++ if (permit_logging == 0)
++ logit("setting file creation mode to 0666 and umask to
%o", setumask);
+ mode = 0666;
+ umask(setumask);
+ }
-+
- TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
+ logit("open \"%s\" flags %s mode 0%o",
+ name, string_from_portable(pflags), mode);
fd = open(name, flags, mode);
- if (fd < 0) {
-@@ -395,6 +410,8 @@
+@@ -512,6 +524,8 @@
status = SSH2_FX_OK;
}
}
@@ -330,15 +324,7 @@
if (status != SSH2_FX_OK)
send_status(id, status);
xfree(name);
-@@ -431,6 +448,7 @@
- (unsigned long long)off, len);
- if (len > sizeof buf) {
- len = sizeof buf;
-+ if ( permit_logging == 1 )
- logit("read change len %d", len);
- }
- fd = handle_to_fd(handle);
-@@ -450,6 +468,8 @@
+@@ -569,6 +583,8 @@
}
}
}
@@ -347,70 +333,59 @@
if (status != SSH2_FX_OK)
send_status(id, status);
}
-@@ -484,10 +504,13 @@
- } else if ((size_t)ret == len) {
- status = SSH2_FX_OK;
- } else {
-+ if ( permit_logging == 1 )
- logit("nothing at all written");
+@@ -608,6 +624,8 @@
}
}
}
-+ if ( permit_logging == 1 )
-+ logit("writing file");
++ if (permit_logging == 1)
++ logit("writing file");
send_status(id, status);
xfree(data);
}
-@@ -580,24 +603,46 @@
- a = get_attrib();
- TRACE("setstat id %u name %s", id, name);
- if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
-+if ( permit_logging == 1 )
-+logit("process_setstat: truncate");
- ret = truncate(name, a->size);
- if (ret == -1)
+@@ -708,10 +726,19 @@
status = errno_to_portable(errno);
}
if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
+ if (permit_chmod == 1) {
+ logit("set \"%s\" mode %04o", name, a->perm);
ret = chmod(name, a->perm & 0777);
if (ret == -1)
status = errno_to_portable(errno);
-+ else
-+ if ( permit_logging == 1 )
++ else
++ if (permit_logging == 1)
+ logit("chmod'ed %s", name);
+ } else {
+ status = SSH2_FX_PERMISSION_DENIED;
-+ if ( permit_logging == 1 )
-+ logit("chmod %s: operation prohibited by sftp-server
configuration.", name);
++ if (permit_logging == 1)
++ logit("chmod %s: operation prohibited by
sftp-server configuration.", name);
+ }
}
if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
-+if ( permit_logging == 1 )
-+logit("process_setstat: utimes");
- ret = utimes(name, attrib_to_tv(a));
- if (ret == -1)
+ char buf[64];
+@@ -725,11 +752,20 @@
status = errno_to_portable(errno);
}
if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
+ if (permit_chown == 1) {
+ logit("set \"%s\" owner %lu group %lu", name,
+ (u_long)a->uid, (u_long)a->gid);
ret = chown(name, a->uid, a->gid);
if (ret == -1)
status = errno_to_portable(errno);
-+ else
-+ if ( permit_logging == 1 )
++ else
++ if (permit_logging == 1)
+ logit("chown'ed %s.", name);
+ } else {
+ status = SSH2_FX_PERMISSION_DENIED;
-+ if ( permit_logging == 1 )
-+ logit("chown %s: operation prohibited by sftp-server
configuration.", name);
++ if (permit_logging == 1)
++ logit("chown %s: operation prohibited by
sftp-server configuration.", name);
+ }
}
send_status(id, status);
xfree(name);
-@@ -612,6 +657,9 @@
+@@ -743,6 +779,9 @@
+ int handle, fd, ret;
int status = SSH2_FX_OK;
- char *name;
+if ( permit_logging == 1 )
+logit("process_fsetstat");
@@ -418,64 +393,53 @@
id = get_int();
handle = get_handle();
a = get_attrib();
-@@ -622,11 +670,14 @@
- status = SSH2_FX_FAILURE;
- } else {
- if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
-+if ( permit_logging == 1 )
-+logit("process_fsetstat: ftruncate");
- ret = ftruncate(fd, a->size);
- if (ret == -1)
+@@ -760,6 +799,7 @@
status = errno_to_portable(errno);
}
if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
+ if (permit_chmod == 1) {
+ logit("set \"%s\" mode %04o", name, a->perm);
#ifdef HAVE_FCHMOD
ret = fchmod(fd, a->perm & 0777);
- #else
-@@ -634,8 +685,18 @@
+@@ -768,6 +808,14 @@
#endif
if (ret == -1)
status = errno_to_portable(errno);
-+ else
-+ if ( permit_logging == 1 )
++ else
++ if (permit_logging == 1)
+ logit("chmod: succeeded.");
+ } else {
+ status = SSH2_FX_PERMISSION_DENIED;
-+ if ( permit_logging == 1 )
-+ logit("chmod: operation prohibited by
sftp-server configuration.");
++ if (permit_logging == 1)
++ logit("chmod: operation prohibited by
sftp-server configuration.");
+ }
}
if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
-+if ( permit_logging == 1 )
-+logit("process_fsetstat: utimes");
- #ifdef HAVE_FUTIMES
- ret = futimes(fd, attrib_to_tv(a));
- #else
-@@ -645,6 +706,7 @@
+ char buf[64];
+@@ -785,6 +833,7 @@
status = errno_to_portable(errno);
}
if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
+ if (permit_chown == 1) {
+ logit("set \"%s\" owner %lu group %lu", name,
+ (u_long)a->uid, (u_long)a->gid);
#ifdef HAVE_FCHOWN
- ret = fchown(fd, a->uid, a->gid);
- #else
-@@ -652,6 +714,14 @@
+@@ -794,6 +843,14 @@
#endif
if (ret == -1)
status = errno_to_portable(errno);
-+ else
-+ if ( permit_logging == 1 )
++ else
++ if (permit_logging == 1)
+ logit("chown: succeeded");
+ } else {
+ status = SSH2_FX_PERMISSION_DENIED;
-+ if ( permit_logging == 1 )
-+ logit("chown: operation prohibited by
sftp-server configuration.");
++ if (permit_logging == 1)
++ logit("chown: operation prohibited by
sftp-server configuration.");
+ }
}
}
send_status(id, status);
-@@ -681,6 +751,8 @@
+@@ -824,6 +881,8 @@
}
}
@@ -484,8 +448,8 @@
if (status != SSH2_FX_OK)
send_status(id, status);
xfree(path);
-@@ -754,6 +826,8 @@
- TRACE("remove id %u name %s", id, name);
+@@ -899,6 +958,8 @@
+ logit("remove name \"%s\"", name);
ret = unlink(name);
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+ if ( permit_logging == 1 )
@@ -493,28 +457,21 @@
send_status(id, status);
xfree(name);
}
-@@ -771,9 +845,19 @@
+@@ -916,6 +977,12 @@
a = get_attrib();
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
a->perm & 0777 : 0777;
-+
+ if (setumask != 0) {
-+ if ( permit_logging == 1 )
-+ logit("setting directory creation mode to 0777 and umask to
%o.", setumask);
++ if (permit_logging == 1)
++ logit("setting directory creation mode to 0777 and
umask to %o.", setumask);
+ mode = 0777;
+ umask(setumask);
+ }
-+
- TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
+ debug3("request %u: mkdir", id);
+ logit("mkdir name \"%s\" mode 0%o", name, mode);
ret = mkdir(name, mode);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
-+ if ( permit_logging == 1 )
-+ logit("mkdir %s", name);
- send_status(id, status);
- xfree(name);
- }
-@@ -790,6 +874,8 @@
- TRACE("rmdir id %u name %s", id, name);
+@@ -937,6 +1004,8 @@
+ logit("rmdir name \"%s\"", name);
ret = rmdir(name);
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+ if ( permit_logging == 1 )
@@ -522,7 +479,7 @@
send_status(id, status);
xfree(name);
}
-@@ -816,6 +902,8 @@
+@@ -964,6 +1033,8 @@
s.name = s.long_name = resolvedname;
send_names(id, 1, &s);
}
@@ -531,7 +488,7 @@
xfree(path);
}
-@@ -871,6 +959,8 @@
+@@ -1020,6 +1091,8 @@
status = SSH2_FX_OK;
}
send_status(id, status);
@@ -540,7 +497,7 @@
xfree(oldpath);
xfree(newpath);
}
-@@ -896,6 +986,8 @@
+@@ -1046,6 +1119,8 @@
s.name = s.long_name = buf;
send_names(id, 1, &s);
}
@@ -549,7 +506,7 @@
xfree(path);
}
-@@ -914,6 +1006,8 @@
+@@ -1065,6 +1140,8 @@
ret = symlink(oldpath, newpath);
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
@@ -558,33 +515,29 @@
xfree(oldpath);
xfree(newpath);
}
-@@ -1035,6 +1129,8 @@
- {
- fd_set *rset, *wset;
- int in, out, max;
+@@ -1212,6 +1289,8 @@
+ ssize_t len, olen, set_size;
+ SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
+ char *cp;
+ unsigned int val = 0;
+ char *umask_env;
- ssize_t len, olen, set_size;
- /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
-@@ -1045,6 +1141,16 @@
- __progname = ssh_get_progname(av[0]);
- handle_init();
+ extern char *optarg;
+ extern char *__progname;
+@@ -1250,6 +1329,12 @@
+ }
+ }
-+ /* Transaction logging */
-+
-+ if (atoi(getenv("LOG_SFTP")) == 1)
-+ {
++ if (atoi(getenv("LOG_SFTP")) == 1) {
+ permit_logging = 1;
+ log_init("sftp-server", atoi(getenv("SFTP_LOG_LEVEL")),
+ atoi(getenv("SFTP_LOG_FACILITY")), 0);
-+ };
-+
-+
- #ifdef DEBUG_SFTP_SERVER
- log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
- #endif
-@@ -1052,6 +1158,39 @@
++ }
++ else
+ log_init(__progname, log_level, log_facility, log_stderr);
+
+ if ((cp = getenv("SSH_CONNECTION")) != NULL) {
+@@ -1273,6 +1358,39 @@
in = dup(STDIN_FILENO);
out = dup(STDOUT_FILENO);
@@ -624,19 +577,10 @@
#ifdef HAVE_CYGWIN
setmode(in, O_BINARY);
setmode(out, O_BINARY);
-@@ -1091,6 +1230,8 @@
- len = read(in, buf, sizeof buf);
- if (len == 0) {
- debug("read eof");
-+ if ( permit_logging == 1 )
-+ logit("sftp-server finished.");
- exit(0);
- } else if (len < 0) {
- error("read error");
Index: sshd_config.5
---- sshd_config.5.orig 2006-01-03 08:47:31 +0100
-+++ sshd_config.5 2006-02-11 09:28:22 +0100
-@@ -426,6 +426,10 @@
+--- sshd_config.5.orig 2006-08-30 03:06:34 +0200
++++ sshd_config.5 2006-09-28 08:04:35 +0200
+@@ -485,6 +485,10 @@
DEBUG and DEBUG1 are equivalent.
DEBUG2 and DEBUG3 each specify higher levels of debugging output.
Logging with a DEBUG level violates the privacy of users and is not
recommended.
@@ -647,7 +591,7 @@
.It Cm MACs
Specifies the available MAC (message authentication code) algorithms.
The MAC algorithm is used in protocol version 2
-@@ -597,6 +601,37 @@
+@@ -717,6 +721,37 @@
.It Cm ServerKeyBits
Defines the number of bits in the ephemeral protocol version 1 server key.
The minimum value is 512, and the default is 768.
@@ -684,15 +628,14 @@
+mode specified by the sftp client. The default is for no umask.
.It Cm StrictModes
Specifies whether
- .Nm sshd
+ .Xr sshd 8
Index: sshd_config
---- sshd_config.orig 2005-12-13 09:29:03 +0100
-+++ sshd_config 2006-02-11 09:28:22 +0100
-@@ -103,3 +103,14 @@
-
+--- sshd_config.orig 2006-07-24 06:06:47 +0200
++++ sshd_config 2006-09-28 08:19:22 +0200
+@@ -105,6 +105,17 @@
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
-+
+
+# sftp-server logging
+#LogSftp no
+#SftpLogFacility AUTH
@@ -703,3 +646,7 @@
+
+#SftpPermitChmod yes
+#SftpPermitChown yes
++
+ # Example of overriding settings on a per-user basis
+ #Match User anoncvs
+ # X11Forwarding no
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.spec
============================================================================
$ cvs diff -u -r1.161.2.1 -r1.161.2.2 openssh.spec
--- openpkg-src/openssh/openssh.spec 20 Jun 2006 15:22:28 -0000
1.161.2.1
+++ openpkg-src/openssh/openssh.spec 29 Sep 2006 06:46:20 -0000
1.161.2.2
@@ -23,12 +23,13 @@
##
# package versions
-%define V_base 4.3
-%define V_portable p2
+%define V_base 4.4
+%define V_portable p1
%define V_watchdog 4.0p1
%define V_ldap_base 4.3p1
%define V_ldap_vers 0.3.7
%define V_connect 1.96
+%define V_hpn 4.3p2-hpn12
# package information
Name: openssh
@@ -38,10 +39,10 @@
Packager: OpenPKG
Distribution: OpenPKG
Class: CORE
-Group: Security
+Group: SSH
License: BSD
Version: %{V_base}%{V_portable}
-Release: 2.20060622
+Release: 2.20060929
# package options
%option with_fsl yes
@@ -57,6 +58,7 @@
%option with_x11 no
%option with_trysetpath no
%option with_libedit no
+%option with_hpn no
# list of sources
Source0:
ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@@ -76,6 +78,7 @@
Patch4:
http://www.opendarwin.org/projects/openssh-lpk/files/openssh-lpk-%{V_ldap_base}-%{V_ldap_vers}.patch
Patch5: openssh.patch.sftplogging
Patch6: openssh.patch.scpbindir
+Patch7:
http://www.psc.edu/networking/projects/hpn-ssh/openssh-%{V_hpn}.diff.gz
# build information
Prefix: %{l_prefix}
@@ -142,6 +145,11 @@
url = http://www.opendarwin.org/projects/openssh-lpk/
regex = openssh-lpk-(__VER__)\.patch
}
+ prog openssh:hpn = {
+ version = %{V_hpn}
+ url = http://www.psc.edu/networking/projects/hpn-ssh/
+ regex = openssh-(__VER__-hpn__VER__)\.diff\.gz
+ }
%prep
# unpack and patch distribution
@@ -151,7 +159,7 @@
%endif
%patch -p0 -P 0
%{l_shtool} subst \
- -e 's;@l_openpkg_release@;%{l_openpkg_release -F "OpenPKG-%s"};' \
+ -e 's;@l_openpkg_release@;%{l_openpkg_release -F "OpenPKG-%%t"};' \
version.h
%if "%{with_chroot}" == "yes"
%patch -p0 -P 1
@@ -169,6 +177,11 @@
%if "%{with_sftplogging}" == "yes"
%patch -p0 -P 5
%endif
+%if "%{with_hpn}" == "yes"
+ %{l_gzip} -d -c %{SOURCE openssh-%{version}-hpn%{V_hpn}.diff.gz} |\
+ sed -e '/^diff.*\/version\.h/,$d' | %{l_patch} -p1 -b
+ %{l_shtool} subst -e 's;\(SSH_VERSION SSH_PORTABLE\);\1 "-hpn";'
version.h
+%endif
sed -e 's;@l_prefix@;%{l_prefix};g' %{SOURCE openssh.patch.scpbindir} |
%{l_patch} -p0 -b
case "%{l_platform -t}" in
*-darwin* )
@@ -241,8 +254,8 @@
--with-mantype=man \
%if "%{with_trysetpath}" == "yes"
--enable-etc-default-login \
- --with-default-path=%{l_prefix}/bin:/bin:/usr/bin:/usr/local/bin \
- --with-superuser-path=%{l_prefix}/bin:/usr/bin:/sbin:/usr/sbin \
+ --with-default-path=%{l_prefix}/bin:/bin:/usr/bin \
+
--with-superuser-path=%{l_prefix}/bin:/bin:/usr/bin:%{l_prefix}/sbin:/sbin:/usr/sbin
\
%else
--disable-etc-default-login \
--with-default-path=/bin:/usr/bin \
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
