From dbf3738866565a2428782aa7a47bc061ca5b489b Mon Sep 17 00:00:00 2001 From: Lionel Sambuc Date: Sun, 13 Mar 2016 21:26:49 +0000 Subject: [PATCH] security/openssh: Fixes --- security/openssh/Makefile | 4 ++++ security/openssh/distinfo | 2 +- security/openssh/files/sshd.sh | 17 ++++++++++------- security/openssh/patches/patch-zz-minix | 24 ++++++++++++++++-------- 4 files changed, 31 insertions(+), 16 deletions(-) diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 17f816556..526ab305e 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -110,6 +110,10 @@ CONFIGURE_ARGS+= --disable-libutil # prior version don't have it. So, disable use of strnvis(3) now. # CONFIGURE_ENV+= ac_cv_func_strnvis=no +. if ${OS_VARIANT} == "Minix" +CPPFLAGS+= -D_OPENBSD_SOURCE +CONFIGURE_ARGS+= ac_cv_have_decl_O_NONBLOCK=no +. endif # ${OS_VARIANT} == "Minix" .endif .if (${OPSYS} == "SunOS") && (${OS_VERSION} == "5.8" || ${OS_VERSION} == "5.9") diff --git a/security/openssh/distinfo b/security/openssh/distinfo index f76928e14..fc9f2ad5b 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -29,4 +29,4 @@ SHA1 (patch-sshd.8) = 50154729a94aeaef17213d92979967b12d9c4e15 SHA1 (patch-sshd.c) = d381db6d05067d0f28be8268847df97a0c8e9ba4 SHA1 (patch-sshpty.c) = f87451e49e39fe137c8876fae52110dc2569958a SHA1 (patch-uidswap.c) = 875be63bb6d1a7dd8c3d1c008c85aa4bf37dfdc2 -SHA1 (patch-zz-minix) = 1098c7642641e49952c358a4a9ca6f7e66a54c63 +SHA1 (patch-zz-minix) = fb0b798db80ae4c652f0b56ac8ea4920388df48d diff --git a/security/openssh/files/sshd.sh b/security/openssh/files/sshd.sh index 039d30440..67c3900d2 100644 --- a/security/openssh/files/sshd.sh +++ b/security/openssh/files/sshd.sh @@ -22,12 +22,13 @@ sshd_keygen() { ( umask 022 - if [ -f @PKG_SYSCONFDIR@/ssh_host_key ]; then - @ECHO@ "You already have an RSA host key in @PKG_SYSCONFDIR@/ssh_host_key" - @ECHO@ "Skipping protocol version 1 RSA Key Generation" - else - ${keygen_command} -t rsa1 -b 1024 -f @PKG_SYSCONFDIR@/ssh_host_key -N '' - fi +# LSC: For Minix: rsa1 is not supported anymore +# if [ -f @PKG_SYSCONFDIR@/ssh_host_key ]; then +# @ECHO@ "You already have an RSA host key in @PKG_SYSCONFDIR@/ssh_host_key" +# @ECHO@ "Skipping protocol version 1 RSA Key Generation" +# else +# ${keygen_command} -t rsa1 -b 1024 -f @PKG_SYSCONFDIR@/ssh_host_key -N '' +# fi if [ -f @PKG_SYSCONFDIR@/ssh_host_dsa_key ]; then @ECHO@ "You already have a DSA host key in @PKG_SYSCONFDIR@/ssh_host_dsa_key" @@ -63,7 +64,9 @@ sshd_keygen() sshd_precmd() { - if [ ! -f @PKG_SYSCONFDIR@/ssh_host_key -o \ +# LSC: For Minix: rsa1 is now unsupported +# if [ ! -f @PKG_SYSCONFDIR@/ssh_host_key -o \ + if [ \ ! -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -o \ ! -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -o \ ! -f @PKG_SYSCONFDIR@/ssh_host_ecdsa_key -o \ diff --git a/security/openssh/patches/patch-zz-minix b/security/openssh/patches/patch-zz-minix index ed1c1d93f..f12c9778f 100644 --- a/security/openssh/patches/patch-zz-minix +++ b/security/openssh/patches/patch-zz-minix @@ -1,15 +1,23 @@ --- sshd_config.orig Sun Jan 12 08:20:47 2014 -+++ sshd_config Sat Apr 25 09:28:41 2015 -@@ -99,6 +99,12 @@ - #AllowAgentForwarding yes - #AllowTcpForwarding yes - #GatewayPorts no ++++ sshd_config Thu Apr 17 23:51:34 2014 +@@ -102,12 +102,19 @@ AuthorizedKeysFile .ssh/authorized_keys + #X11Forwarding no + #X11DisplayOffset 10 + #X11UseLocalhost yes + +# LSC: Uncomment if you wish to use X11 forwarding. To actually +# activate X11 forwarding, you also need to set X11Forwarding yes. +#XAuthLocation /usr/X11R7/bin/xauth # LSC: Use Native xauth +#X11UseLocalhost no # LSC: Workaround SSHD bug + - #X11Forwarding no - #X11DisplayOffset 10 - #X11UseLocalhost yes + #PermitTTY yes + #PrintMotd yes + #PrintLastLog yes + #TCPKeepAlive yes + #UseLogin no +-UsePrivilegeSeparation sandbox # Default for new installations. ++#UsePrivilegeSeparation sandbox # Default for new installations. ++UsePrivilegeSeparation no # LSC: for Minix, this is not supported ATM. + #PermitUserEnvironment no + #Compression delayed + #ClientAliveInterval 0