head	1.15;
access;
symbols
	RELEASE_4_5_0:1.14
	RELEASE_4_4_0:1.12
	RELEASE_4_3_0:1.11
	RELEASE_4_2_0:1.11
	RELEASE_4_1_1:1.10
	RELEASE_4_1_0:1.10
	RELEASE_3_5_0:1.9
	RELEASE_4_0_0:1.7
	RELEASE_3_4_0:1.5
	openssh_1_2:1.1.1.1
	OPENBSD:1.1.1;
locks; strict;
comment	@# @;


1.15
date	2002.03.12.17.54.07;	author dinoex;	state dead;
branches;
next	1.14;

1.14
date	2001.11.18.08.42.58;	author dinoex;	state Exp;
branches;
next	1.13;

1.13
date	2001.10.03.13.15.16;	author dinoex;	state Exp;
branches;
next	1.12;

1.12
date	2001.06.08.08.03.26;	author dinoex;	state Exp;
branches;
next	1.11;

1.11
date	2000.11.04.23.04.25;	author green;	state Exp;
branches;
next	1.10;

1.10
date	2000.06.27.21.30.38;	author green;	state Exp;
branches;
next	1.9;

1.9
date	2000.05.13.17.11.01;	author green;	state Exp;
branches;
next	1.8;

1.8
date	2000.04.20.22.24.17;	author green;	state Exp;
branches;
next	1.7;

1.7
date	2000.01.18.11.18.25;	author sumikawa;	state Exp;
branches;
next	1.6;

1.6
date	2000.01.13.23.22.16;	author green;	state Exp;
branches;
next	1.5;

1.5
date	99.12.08.04.06.38;	author green;	state Exp;
branches;
next	1.4;

1.4
date	99.11.24.03.36.20;	author green;	state Exp;
branches;
next	1.3;

1.3
date	99.11.20.06.59.56;	author green;	state Exp;
branches;
next	1.2;

1.2
date	99.11.17.17.19.24;	author green;	state dead;
branches;
next	1.1;

1.1
date	99.11.08.06.20.52;	author green;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	99.11.08.06.20.52;	author green;	state Exp;
branches;
next	;


desc
@@


1.15
log
@Rename Patches to make navigation much more easier.
@
text
@--- lib/Makefile.orig	Tue Jun 26 19:52:41 2001
+++ lib/Makefile	Thu Nov 15 06:10:43 2001
@@@@ -9,7 +9,11 @@@@
 	rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
 	key.c dispatch.c kex.c mac.c uuencode.c misc.c \
 	rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \
-	scard.c
+	scard.c strlcpy.c strlcat.c
+
+.if defined(COMPAT_GETADDRINFO)
+SRCS+=	getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c
+.endif
 
 NOPROFILE= yes
 NOPIC=	yes
@@@@ -18,6 +22,8 @@@@
 	@@echo -n
 
 .include <bsd.own.mk>
+IGNORE_LIBSSH=yes
+.include "../Makefile.inc"
 
 .if (${KERBEROS:L} == "yes")
 CFLAGS+= -DKRB4 -I${DESTDIR}/usr/include/kerberosIV
@


1.14
log
@Update to openssh-3.0.1 and openssh-portable-3.0.1p1

- now in protocol2:
Background ssh at logout when waiting for forwarded connection / X11 sessions
to terminate

disabled -DSKEY

from Changelog (not complete):

20011115
 - (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian
   <djast@@cs.toronto.edu> Fix from markus@@
 - (djm) Release 3.0.1p1

20011113
 - (djm) Fix early (and double) free of remote user when using Kerberos.
   Patch from Simon Wilkinson <simon@@sxw.org.uk>
 - (djm) AIX login{success,failed} changes. Move loginsuccess call to
   do_authenticated. Call loginfailed for protocol 2 failures > MAX like
   we do for protocol 1. Reports from Ralf Wenk <wera0003@@fh-karlsruhe.de>,
   K.Wolkersdorfer@@fz-juelich.de and others
 - (djm) OpenBSD CVS Sync
   - dugsong@@cvs.openbsd.org 2001/11/11 18:47:10
     [auth-krb5.c]
     fix krb5 authorization check. found by <jhawk@@MIT.EDU>. from
     art@@, deraadt@@ ok
   - markus@@cvs.openbsd.org  2001/11/12 11:17:07
     [servconf.c]
     enable authorized_keys2 again. tested by fries@@

20011112
 - OpenBSD CVS Sync
   - markus@@cvs.openbsd.org 2001/10/24 08:41:41
     [sshd.c]
     mention remote port in debug message
   - markus@@cvs.openbsd.org 2001/10/24 08:51:35
     [clientloop.c ssh.c]
     ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@@
   - markus@@cvs.openbsd.org 2001/10/24 19:57:40
     [clientloop.c]
     make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
   - markus@@cvs.openbsd.org 2001/10/25 21:14:32
     [ssh-keygen.1 ssh-keygen.c]
     better docu for fingerprinting, ok deraadt@@
   - markus@@cvs.openbsd.org 2001/10/29 19:27:15
     [sshconnect2.c]
     hostbased: check for client hostkey before building chost
   - markus@@cvs.openbsd.org 2001/11/07 16:03:17
     [packet.c packet.h sshconnect2.c]
     pad using the padding field from the ssh2 packet instead of sending
     extra ignore messages. tested against several other ssh servers.
   - markus@@cvs.openbsd.org 2001/11/07 21:40:21
     [ssh-rsa.c]
     ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported
   - markus@@cvs.openbsd.org 2001/11/07 22:10:28
     [ssh-dss.c ssh-rsa.c]
     missing free and sync dss/rsa code.
   - markus@@cvs.openbsd.org 2001/11/07 22:53:21
     [channels.h]
     crank c->path to 256 so they can hold a full hostname; dwd@@bell-labs.com
   - markus@@cvs.openbsd.org 2001/11/08 10:51:08
     [readpass.c]
     don't strdup too much data; from gotoh@@taiyo.co.jp; ok millert.
   - markus@@cvs.openbsd.org 2001/11/10 13:22:42
     [ssh-rsa.c]
     KNF (unexpand)
   - markus@@cvs.openbsd.org 2001/11/11 13:02:31
     [servconf.c]
     make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if
     AuthorizedKeysFile is specified.

20011109
 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
   if permit_empty_passwd == 0 so null password check cannot be bypassed.
   jayaraj@@amritapuri.com OpenBSD bug 2168
@
text
@@


1.13
log
@- Update to OpenSSH 2.9.9
- convert portname into lowercase
- PREFIX support for default sshd_config
- security-patch for cookie files obsolete
@
text
@d1 3
a3 3
--- lib/Makefile.orig	Mon Sep 24 22:34:07 2001
+++ lib/Makefile	Wed Oct  3 13:45:40 2001
@@@@ -9,10 +9,14 @@@@
d9 1
a9 3
 
 SRCS+=	readpassphrase.c
 
d13 1
a13 1
+
d16 1
a16 2
 
@@@@ -20,6 +24,8 @@@@
@


1.12
log
@- Update from OpenSSH 2.2.0 to OpenSSH 2.9
- Features:
  Possible use of sftp/sftp-server with older FreeBSD releases.
  Use a newer version independently from the Base system.
  Easier to test and fix possible security bugs.
- Bugs:
  build of pam_ssm.so isn't be supported any more
  Any file named "cookie" can be deleted by this and any older "sshd"
  with X11 Forwarding.
@
text
@d1 3
a3 4
--- lib/Makefile.orig	Tue Apr  3 21:53:30 2001
+++ lib/Makefile	Sat May 26 14:39:03 2001
@@@@ -8,7 +8,12 @@@@
 	hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \
d6 6
a11 4
-	cli.c rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c
+	cli.c rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \
+	strlcpy.c strlcat.c
+
d15 1
a15 1
 
d18 2
a19 1
@@@@ -17,6 +22,7 @@@@
d23 1
@


1.11
log
@Update to OpenSSH 2.2.0.  This is an end-of-life update for the
ports-based OpenSSH.  OpenSSH has been in the base system for more
than long enough to justify not having to maintain two separate
FreeBSD versions of OpenSSH.
@
text
@d1 3
a3 4
--- lib/Makefile.orig	Sat Aug 19 17:34:44 2000
+++ lib/Makefile	Sat Nov  4 16:41:11 2000
@@@@ -5,7 +5,12 @@@@
 	cipher.c compat.c compress.c crc32.c deattack.c \
d6 3
a8 2
-	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c util.c
+	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c util.c \
d17 1
a17 1
@@@@ -14,6 +19,7 @@@@
d23 1
a23 1
 .if (${KERBEROS} == "yes")
@


1.10
log
@Update to OpenSSH 2.1.1 and fix SSHv2 serving (passwd botch).
@
text
@d1 2
a2 2
--- lib/Makefile.orig	Wed May 17 01:20:16 2000
+++ lib/Makefile	Tue Jun 20 16:14:06 2000
d4 1
a4 1
 	cipher.c compat.c compress.c crc32.c deattack.c fingerprint.c \
d7 3
a9 3
-	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c aux.c
+	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c aux.c \
+	strlcat.c strlcpy.c
@


1.9
log
@Update to OpenSSH 2.1.0.  They _FINALLY_ have distfiles, so now the CVS is
not needed for the port.

Big thanks to Issei-san for doing the majority of the work necessary for
this upgrade!

Submitted by:	Issei Suzuki <issei@@jp.FreeBSD.org>
@
text
@d1 3
a3 3
--- lib/Makefile.orig	Thu Apr 27 05:56:30 2000
+++ lib/Makefile	Fri May 12 07:07:30 2000
@@@@ -5,7 +5,11 @@@@
d7 3
a9 2
-	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c
+	key.c dispatch.c dsa.c kex.c hmac.c uuencode.c strlcat.c strlcpy.c
d17 1
a17 1
@@@@ -14,6 +18,7 @@@@
@


1.8
log
@Upgrade to version 1.2.3 with a CVS of a few hours ago.  New stuff in
this release is mostly the support for lots of ssh2.  Note that SSH2 is
not fully supported here yet, but it's mostly there; see README.openssh2.
@
text
@d1 2
a2 2
--- /usr/ports/distfiles/OpenSSH-1.2.3/src/usr.bin/ssh/lib/Makefile	Thu Apr 20 17:02:17 2000
+++ lib/Makefile	Thu Apr 20 17:08:05 2000
d7 2
a8 2
-	key.c dispatch.c dsa.c kex.c hmac.c
+	key.c dispatch.c dsa.c kex.c hmac.c strlcat.c strlcpy.c
@


1.7
log
@- remove me from another MAINTAINER
- add 'ipv6' on CATEGORIES
- use ${OSVERSION} instead of ${USE_INET6} for checking getaddrinfo()
  existence.
- fix broken ${ECHO_MSG}
- avoid duplicate copying rcmd.c
@
text
@d1 3
a3 4
--- lib/Makefile.orig	Sun Jan 16 07:10:10 2000
+++ lib/Makefile	Tue Jan 18 14:56:00 2000
@@@@ -4,7 +4,12 @@@@
 SRCS=   authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c \
d6 3
a8 3
-	rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c
+	rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
+	strlcat.c strlcpy.c
d16 1
a16 1
@@@@ -13,6 +18,7 @@@@
d23 1
a23 1
 CFLAGS+= -DKRB4 -I/usr/include/kerberosIV
@


1.6
log
@Update to a more current OpenSSH, including...

	IPv6 support!!

Thank you very much, Sumikawa san.

Submitted by:	Munechika SUMIKAWA <sumikawa@@ebina.hitachi.co.jp>
@
text
@d1 2
a2 2
--- lib/Makefile.orig	Fri Jan 14 04:55:08 2000
+++ lib/Makefile	Fri Jan 14 08:01:17 2000
d11 1
a11 1
+.if !defined(USE_INET6)
@


1.5
log
@I've cleaned up ${CVS_DATE} usage a bit (keep spaces correctly), and
updated to today's snapshot of OpenSSH.

Various updates from the latest ${CVS_DATE}, and requisite patch
changes, are the "big new thing".  Nothing major has changed;  the
biggest ones would be using atomicio() in a lot of places and a
fix for a SIGHUP not updating sshd(8)'s configuration until the
next connection.
@
text
@d1 3
a3 3
--- lib/Makefile.orig	Tue Dec  7 22:50:49 1999
+++ lib/Makefile	Tue Dec  7 22:53:22 1999
@@@@ -4,7 +4,8 @@@@
d10 4
d17 1
a17 1
@@@@ -13,6 +14,7 @@@@
@


1.4
log
@Update the CVS_DATE.  This brings in support for TIS authentication,
obsoleting a couple patches (it's the same code, though, except for
additions).

This also brings in KNFization of everything (please hold the cheering
down :) and made me reroll all my patches.

My patches have been almost entirely rewritten.  The places are the
same, but the code's rewritten.  It fits with the style (KNF) now,
and looks better.

I've also added strlcat.c to the build, which, just like strlcpy.c, is
necessary for compatibility with older libcs.  After strlcat() snuck
into the OpenSSH code recently, this would prevent OpenSSH from
building on (e.g.) FreeBSD 3.2.  Adding it to ssh/lib/ makes it work
yet again :)
@
text
@d1 4
a4 3
--- /usr/ports/distfiles/OpenSSH-1.2/src/usr.bin/ssh/lib/Makefile	Tue Nov 16 17:49:29 1999
+++ ./lib/Makefile	Tue Nov 23 19:21:19 1999
@@@@ -5,6 +5,7 @@@@
d7 3
a9 2
 	rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c
+SRCS+=	strlcat.c strlcpy.c
a20 2
Only in ./lib: strlcat.c
Only in ./lib: strlcpy.c
@


1.3
log
@Give OpenSSH TIS client-side authentication.

Submitted by:	peter
@
text
@d1 7
a7 15
--- readconf.c.dist	Fri Nov 19 23:32:48 1999
+++ readconf.c	Fri Nov 19 23:41:27 1999
@@@@ -369,13 +369,8 @@@@
       goto parse_int;
       
     case oTISAuthentication:
-      cp = strtok(NULL, WHITESPACE);
-      if (cp != 0 && (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0))
-	fprintf(stderr,
-		"%.99s line %d: Warning, TIS is not supported.\n",
-		filename,
-		linenum);
-      break;
+      intptr = &options->tis_authentication;
+      goto parse_flag;
d9 4
a12 8
     case oCompressionLevel:
       intptr = &options->compression_level;
@@@@ -655,6 +650,7 @@@@
   options->num_local_forwards = 0;
   options->num_remote_forwards = 0;
   options->log_level = (LogLevel)-1;
+  options->tis_authentication = -1;
 }
d14 7
a20 10
 /* Called after processing other sources of option data, this fills those
@@@@ -727,6 +723,8 @@@@
     options->user_hostfile = SSH_USER_HOSTFILE;
   if (options->log_level == (LogLevel)-1)
     options->log_level = SYSLOG_LEVEL_INFO;
+  if (options->tis_authentication == -1)
+    options->tis_authentication = 0;
   /* options->proxy_command should not be set by default */
   /* options->user will be set in the main program if appropriate */
   /* options->hostname will be set in the main program if appropriate */
@


1.2
log
@Thanks to those who replied!  The include (ssl versus openssl) transform
is now done in post-patch.

Submitted by:	Anton Berezin <tobez@@plab.ku.dk>, Christian Weisgerber <naddy@@unix-ag.uni-kl.de>
@
text
@d1 15
a15 6
diff -ru /home/green/ssh/authfd.c ./authfd.c
--- /home/green/ssh/authfd.c	Fri Oct 15 03:34:00 1999
+++ ./authfd.c	Mon Nov  8 00:06:40 1999
@@@@ -24,7 +24,7 @@@@
 #include "xmalloc.h"
 #include "getput.h"
d17 8
a24 4
-#include <ssl/rsa.h>
+#include <openssl/rsa.h>
 
 /* Returns the number of the authentication fd, or -1 if there is none. */
d26 10
@


1.1
log
@Initial revision
@
text
@@


1.1.1.1
log
@Say hello to OpenSSH!  It's more secure, has a better license, and
is actively maintained by members of the OpenBSD project.
@
text
@@
