From 3da6b13f1eb136d0899bd2e8dd217048bb4d9030 Mon Sep 17 00:00:00 2001 From: Parabola Date: Wed, 20 Jul 2011 14:44:01 +0000 Subject: Wed Jul 20 14:43:57 UTC 2011 --- staging/openssh/PKGBUILD | 70 -------------- staging/openssh/authfile.c.patch | 198 --------------------------------------- staging/openssh/sshd | 48 ---------- staging/openssh/sshd.confd | 4 - staging/openssh/sshd.pam | 11 --- 5 files changed, 331 deletions(-) delete mode 100644 staging/openssh/PKGBUILD delete mode 100644 staging/openssh/authfile.c.patch delete mode 100755 staging/openssh/sshd delete mode 100644 staging/openssh/sshd.confd delete mode 100644 staging/openssh/sshd.pam (limited to 'staging/openssh') diff --git a/staging/openssh/PKGBUILD b/staging/openssh/PKGBUILD deleted file mode 100644 index bf45e6396..000000000 --- a/staging/openssh/PKGBUILD +++ /dev/null @@ -1,70 +0,0 @@ -# $Id: PKGBUILD 131644 2011-07-13 07:48:58Z bisson $ -# Maintainer: Gaetan Bisson -# Contributor: Aaron Griffin -# Contributor: judd - -pkgname=openssh -pkgver=5.8p2 -pkgrel=9 -pkgdesc='Free version of the SSH connectivity tools' -arch=('i686' 'x86_64') -license=('custom:BSD') -url='http://www.openssh.org/portable.html' -backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd') -depends=('krb5' 'openssl' 'libedit') -source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz" - 'authfile.c.patch' - 'sshd.confd' - 'sshd.pam' - 'sshd') -sha1sums=('64798328d310e4f06c9f01228107520adbc8b3e5' - '3669cb5ca6149f69015df5ce8e60b82c540eb0a4' - 'ec102deb69cad7d14f406289d2fc11fee6eddbdd' - '07fecd5880b1c4fdd8c94ddb2e89ddce88effdc1' - '6b7f8ebf0c1cc37137a7d9a53447ac8a0ee6a2b5') - -build() { - cd "${srcdir}/${pkgname}-${pkgver}" - - patch -p1 -i ../authfile.c.patch # fix FS#24693 using http://anoncvs.mindrot.org/index.cgi/openssh/authfile.c?revision=1.95 - - ./configure \ - --prefix=/usr \ - --libexecdir=/usr/lib/ssh \ - --sysconfdir=/etc/ssh \ - --with-privsep-user=nobody \ - --with-md5-passwords \ - --with-pam \ - --with-mantype=man \ - --mandir=/usr/share/man \ - --with-xauth=/usr/bin/xauth \ - --with-kerberos5=/usr \ - --with-ssl-engine \ - --with-libedit=/usr/lib \ - --disable-strip # stripping is done by makepkg - - make -} - -package() { - cd "${srcdir}/${pkgname}-${pkgver}" - make DESTDIR="${pkgdir}" install - - install -Dm755 ../sshd "${pkgdir}"/etc/rc.d/sshd - install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd - install -Dm644 ../sshd.confd "${pkgdir}"/etc/conf.d/sshd - install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE" - - rm "${pkgdir}"/usr/share/man/man1/slogin.1 - ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz - - # additional contrib scripts that we like - install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh - install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id - install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1 - - # PAM is a common, standard feature to have - sed -i -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \ - -e '/^#UsePAM no$/c UsePAM yes' \ - "${pkgdir}"/etc/ssh/sshd_config -} diff --git a/staging/openssh/authfile.c.patch b/staging/openssh/authfile.c.patch deleted file mode 100644 index 6c18fe807..000000000 --- a/staging/openssh/authfile.c.patch +++ /dev/null @@ -1,198 +0,0 @@ -diff -aur old/authfile.c new/authfile.c ---- old/authfile.c 2011-06-12 02:21:52.262338254 +0200 -+++ new/authfile.c 2011-06-12 02:13:43.051467269 +0200 -@@ -1,4 +1,4 @@ --/* $OpenBSD: authfile.c,v 1.87 2010/11/29 18:57:04 markus Exp $ */ -+/* $OpenBSD: authfile.c,v 1.95 2011/05/29 11:42:08 djm Exp $ */ - /* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -@@ -69,6 +69,8 @@ - #include "misc.h" - #include "atomicio.h" - -+#define MAX_KEY_FILE_SIZE (1024 * 1024) -+ - /* Version identification string for SSH v1 identity files. */ - static const char authfile_id_string[] = - "SSH PRIVATE KEY FILE FORMAT 1.1\n"; -@@ -312,12 +314,12 @@ - return pub; - } - --/* Load the contents of a key file into a buffer */ --static int -+/* Load a key from a fd into a buffer */ -+int - key_load_file(int fd, const char *filename, Buffer *blob) - { -+ u_char buf[1024]; - size_t len; -- u_char *cp; - struct stat st; - - if (fstat(fd, &st) < 0) { -@@ -325,30 +327,45 @@ - filename == NULL ? "" : filename, - filename == NULL ? "" : " ", - strerror(errno)); -- close(fd); - return 0; - } -- if (st.st_size > 1*1024*1024) { -+ if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && -+ st.st_size > MAX_KEY_FILE_SIZE) { -+ toobig: - error("%s: key file %.200s%stoo large", __func__, - filename == NULL ? "" : filename, - filename == NULL ? "" : " "); -- close(fd); - return 0; - } -- len = (size_t)st.st_size; /* truncated */ -- - buffer_init(blob); -- cp = buffer_append_space(blob, len); -- -- if (atomicio(read, fd, cp, len) != len) { -- debug("%s: read from key file %.200s%sfailed: %.100s", __func__, -- filename == NULL ? "" : filename, -- filename == NULL ? "" : " ", -- strerror(errno)); -+ for (;;) { -+ if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { -+ if (errno == EPIPE) -+ break; -+ debug("%s: read from key file %.200s%sfailed: %.100s", -+ __func__, filename == NULL ? "" : filename, -+ filename == NULL ? "" : " ", strerror(errno)); -+ buffer_clear(blob); -+ bzero(buf, sizeof(buf)); -+ return 0; -+ } -+ buffer_append(blob, buf, len); -+ if (buffer_len(blob) > MAX_KEY_FILE_SIZE) { -+ buffer_clear(blob); -+ bzero(buf, sizeof(buf)); -+ goto toobig; -+ } -+ } -+ bzero(buf, sizeof(buf)); -+ if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && -+ st.st_size != buffer_len(blob)) { -+ debug("%s: key file %.200s%schanged size while reading", -+ __func__, filename == NULL ? "" : filename, -+ filename == NULL ? "" : " "); - buffer_clear(blob); -- close(fd); - return 0; - } -+ - return 1; - } - -@@ -606,7 +623,7 @@ - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("Permissions 0%3.3o for '%s' are too open.", - (u_int)st.st_mode & 0777, filename); -- error("It is recommended that your private key files are NOT accessible by others."); -+ error("It is required that your private key files are NOT accessible by others."); - error("This private key will be ignored."); - return 0; - } -@@ -626,6 +643,7 @@ - case KEY_UNSPEC: - return key_parse_private_pem(blob, type, passphrase, commentp); - default: -+ error("%s: cannot parse key type %d", __func__, type); - break; - } - return NULL; -@@ -670,11 +688,38 @@ - } - - Key * -+key_parse_private(Buffer *buffer, const char *filename, -+ const char *passphrase, char **commentp) -+{ -+ Key *pub, *prv; -+ Buffer pubcopy; -+ -+ buffer_init(&pubcopy); -+ buffer_append(&pubcopy, buffer_ptr(buffer), buffer_len(buffer)); -+ /* it's a SSH v1 key if the public key part is readable */ -+ pub = key_parse_public_rsa1(&pubcopy, commentp); -+ buffer_free(&pubcopy); -+ if (pub == NULL) { -+ prv = key_parse_private_type(buffer, KEY_UNSPEC, -+ passphrase, NULL); -+ /* use the filename as a comment for PEM */ -+ if (commentp && prv) -+ *commentp = xstrdup(filename); -+ } else { -+ key_free(pub); -+ /* key_parse_public_rsa1() has already loaded the comment */ -+ prv = key_parse_private_type(buffer, KEY_RSA1, passphrase, -+ NULL); -+ } -+ return prv; -+} -+ -+Key * - key_load_private(const char *filename, const char *passphrase, - char **commentp) - { -- Key *pub, *prv; -- Buffer buffer, pubcopy; -+ Key *prv; -+ Buffer buffer; - int fd; - - fd = open(filename, O_RDONLY); -@@ -697,23 +742,7 @@ - } - close(fd); - -- buffer_init(&pubcopy); -- buffer_append(&pubcopy, buffer_ptr(&buffer), buffer_len(&buffer)); -- /* it's a SSH v1 key if the public key part is readable */ -- pub = key_parse_public_rsa1(&pubcopy, commentp); -- buffer_free(&pubcopy); -- if (pub == NULL) { -- prv = key_parse_private_type(&buffer, KEY_UNSPEC, -- passphrase, NULL); -- /* use the filename as a comment for PEM */ -- if (commentp && prv) -- *commentp = xstrdup(filename); -- } else { -- key_free(pub); -- /* key_parse_public_rsa1() has already loaded the comment */ -- prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase, -- NULL); -- } -+ prv = key_parse_private(&buffer, filename, passphrase, commentp); - buffer_free(&buffer); - return prv; - } -@@ -737,13 +766,19 @@ - case '\0': - continue; - } -+ /* Abort loading if this looks like a private key */ -+ if (strncmp(cp, "-----BEGIN", 10) == 0) -+ break; - /* Skip leading whitespace. */ - for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) - ; - if (*cp) { - if (key_read(k, &cp) == 1) { -- if (commentp) -- *commentp=xstrdup(filename); -+ cp[strcspn(cp, "\r\n")] = '\0'; -+ if (commentp) { -+ *commentp = xstrdup(*cp ? -+ cp : filename); -+ } - fclose(f); - return 1; - } diff --git a/staging/openssh/sshd b/staging/openssh/sshd deleted file mode 100755 index 2ee1091f0..000000000 --- a/staging/openssh/sshd +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash - -. /etc/rc.conf -. /etc/rc.d/functions -. /etc/conf.d/sshd - -PIDFILE=/var/run/sshd.pid -PID=$(cat $PIDFILE 2>/dev/null) -if ! readlink -q /proc/$PID/exe | grep -q '^/usr/sbin/sshd'; then - PID= - rm $PIDFILE 2>/dev/null -fi - -case "$1" in - start) - stat_busy "Starting Secure Shell Daemon" - [ -f /etc/ssh/ssh_host_key ] || { /usr/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh/ssh_host_key >/dev/null; } - [ -f /etc/ssh/ssh_host_rsa_key ] || { /usr/bin/ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key >/dev/null; } - [ -f /etc/ssh/ssh_host_dsa_key ] || { /usr/bin/ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key >/dev/null; } - [ -f /etc/ssh/ssh_host_ecdsa_key ] || { /usr/bin/ssh-keygen -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key >/dev/null; } - [ -d /var/empty ] || mkdir -p /var/empty - [ -z "$PID" ] && /usr/sbin/sshd $SSHD_ARGS - if [ $? -gt 0 ]; then - stat_fail - else - add_daemon sshd - stat_done - fi - ;; - stop) - stat_busy "Stopping Secure Shell Daemon" - [ ! -z "$PID" ] && kill $PID &> /dev/null - if [ $? -gt 0 ]; then - stat_fail - else - rm_daemon sshd - stat_done - fi - ;; - restart) - $0 stop - sleep 1 - $0 start - ;; - *) - echo "usage: $0 {start|stop|restart}" -esac -exit 0 diff --git a/staging/openssh/sshd.confd b/staging/openssh/sshd.confd deleted file mode 100644 index 5ce7c0079..000000000 --- a/staging/openssh/sshd.confd +++ /dev/null @@ -1,4 +0,0 @@ -# -# Parameters to be passed to sshd -# -SSHD_ARGS="" diff --git a/staging/openssh/sshd.pam b/staging/openssh/sshd.pam deleted file mode 100644 index ff8829fe9..000000000 --- a/staging/openssh/sshd.pam +++ /dev/null @@ -1,11 +0,0 @@ -#%PAM-1.0 -#auth required pam_securetty.so #Disable remote root -auth required pam_unix.so -auth required pam_env.so -account required pam_nologin.so -account required pam_unix.so -account required pam_time.so -password required pam_unix.so -session required pam_unix_session.so -session required pam_limits.so --session optional pam_ck_connector.so nox11 -- cgit v1.2.3-54-g00ecf