[Midnightbsd-cvs] mports [18060] trunk/security/openssh-portable/files/ extra-patch-tcpwrappers: add missing patch
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sat Mar 7 16:07:12 EST 2015
Revision: 18060
http://svnweb.midnightbsd.org/mports/?rev=18060
Author: laffer1
Date: 2015-03-07 16:07:11 -0500 (Sat, 07 Mar 2015)
Log Message:
-----------
add missing patch
Added Paths:
-----------
trunk/security/openssh-portable/files/extra-patch-tcpwrappers
Added: trunk/security/openssh-portable/files/extra-patch-tcpwrappers
===================================================================
--- trunk/security/openssh-portable/files/extra-patch-tcpwrappers (rev 0)
+++ trunk/security/openssh-portable/files/extra-patch-tcpwrappers 2015-03-07 21:07:11 UTC (rev 18060)
@@ -0,0 +1,179 @@
+Revert TCPWRAPPER removal -bdrewery
+$FreeBSD$
+
+commit f2719b7c2b8a3b14d778d8a6d8dc729b5174b054
+Author: Damien Miller <djm at mindrot.org>
+Date: Sun Apr 20 13:22:18 2014 +1000
+
+ - tedu at cvs.openbsd.org 2014/03/26 19:58:37
+ [sshd.8 sshd.c]
+ remove libwrap support. ok deraadt djm mfriedl
+
+diff --git sshd.8 sshd.8
+index 289e13d..e6a900b 100644
+--- sshd.8
++++ sshd.8
+@@ -851,6 +851,12 @@ the user's home directory becomes accessible.
+ This file should be writable only by the user, and need not be
+ readable by anyone else.
+ .Pp
++.It Pa /etc/hosts.allow
++.It Pa /etc/hosts.deny
++Access controls that should be enforced by tcp-wrappers are defined here.
++Further details are described in
++.Xr hosts_access 5 .
++.Pp
+ .It Pa /etc/hosts.equiv
+ This file is for host-based authentication (see
+ .Xr ssh 1 ) .
+@@ -954,6 +960,7 @@ The content of this file is not sensitive; it can be world-readable.
+ .Xr ssh-keygen 1 ,
+ .Xr ssh-keyscan 1 ,
+ .Xr chroot 2 ,
++.Xr hosts_access 5 ,
+ .Xr login.conf 5 ,
+ .Xr moduli 5 ,
+ .Xr sshd_config 5 ,
+diff --git sshd.c sshd.c
+index 0ade557..045f149 100644
+--- sshd.c
++++ sshd.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: sshd.c,v 1.421 2014/03/26 19:58:37 tedu Exp $ */
++/* $OpenBSD: sshd.c,v 1.422 2014/03/27 23:01:27 markus Exp $ */
+ /*
+ * Author: Tatu Ylonen <ylo at cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
+@@ -122,6 +122,13 @@
+ #include "ssh-sandbox.h"
+ #include "version.h"
+
++#ifdef LIBWRAP
++#include <tcpd.h>
++#include <syslog.h>
++int allow_severity;
++int deny_severity;
++#endif /* LIBWRAP */
++
+ #ifndef O_NOCTTY
+ #define O_NOCTTY 0
+ #endif
+@@ -2027,6 +2034,24 @@ main(int ac, char **av)
+ #ifdef SSH_AUDIT_EVENTS
+ audit_connection_from(remote_ip, remote_port);
+ #endif
++#ifdef LIBWRAP
++ allow_severity = options.log_facility|LOG_INFO;
++ deny_severity = options.log_facility|LOG_WARNING;
++ /* Check whether logins are denied from this host. */
++ if (packet_connection_is_on_socket()) {
++ struct request_info req;
++
++ request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
++ fromhost(&req);
++
++ if (!hosts_access(&req)) {
++ debug("Connection refused by tcp wrapper");
++ refuse(&req);
++ /* NOTREACHED */
++ fatal("libwrap refuse returns");
++ }
++ }
++#endif /* LIBWRAP */
+
+ /* Log the connection. */
+ verbose("Connection from %s port %d on %s port %d",
+commit f9696566fb41320820f3b257ab564fa321bb3751
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Fri Jun 13 11:06:04 2014 +1000
+
+ - (dtucker) [configure.ac] Remove tcpwrappers support, support has already
+ been removed from sshd.c.
+
+diff --git ChangeLog ChangeLog
+index f4c6ea6..1c043ae 100644
+--- ChangeLog
++++ ChangeLog
+@@ -1,7 +1,3 @@
+-20140612
+- - (dtucker) [configure.ac] Remove tcpwrappers support, support has already
+- been removed from sshd.c.
+-
+ 20140611
+ - (dtucker) [defines.h] Add va_copy if we don't already have it, taken from
+ openbsd-compat/bsd-asprintf.c.
+diff --git configure.ac configure.ac
+index f48ba4a..66fbe82 100644
+--- configure.ac
++++ configure.ac
+@@ -1380,6 +1380,62 @@ AC_ARG_WITH([skey],
+ ]
+ )
+
++# Check whether user wants TCP wrappers support
++TCPW_MSG="no"
++AC_ARG_WITH([tcp-wrappers],
++ [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
++ [
++ if test "x$withval" != "xno" ; then
++ saved_LIBS="$LIBS"
++ saved_LDFLAGS="$LDFLAGS"
++ saved_CPPFLAGS="$CPPFLAGS"
++ if test -n "${withval}" && \
++ test "x${withval}" != "xyes"; then
++ if test -d "${withval}/lib"; then
++ if test -n "${need_dash_r}"; then
++ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
++ else
++ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
++ fi
++ else
++ if test -n "${need_dash_r}"; then
++ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
++ else
++ LDFLAGS="-L${withval} ${LDFLAGS}"
++ fi
++ fi
++ if test -d "${withval}/include"; then
++ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
++ else
++ CPPFLAGS="-I${withval} ${CPPFLAGS}"
++ fi
++ fi
++ LIBS="-lwrap $LIBS"
++ AC_MSG_CHECKING([for libwrap])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <netinet/in.h>
++#include <tcpd.h>
++int deny_severity = 0, allow_severity = 0;
++ ]], [[
++ hosts_access(0);
++ ]])], [
++ AC_MSG_RESULT([yes])
++ AC_DEFINE([LIBWRAP], [1],
++ [Define if you want
++ TCP Wrappers support])
++ SSHDLIBS="$SSHDLIBS -lwrap"
++ TCPW_MSG="yes"
++ ], [
++ AC_MSG_ERROR([*** libwrap missing])
++
++ ])
++ LIBS="$saved_LIBS"
++ fi
++ ]
++)
++
+ # Check whether user wants to use ldns
+ LDNS_MSG="no"
+ AC_ARG_WITH(ldns,
+@@ -4803,6 +4859,7 @@ echo " KerberosV support: $KRB5_MSG"
+ echo " SELinux support: $SELINUX_MSG"
+ echo " Smartcard support: $SCARD_MSG"
+ echo " S/KEY support: $SKEY_MSG"
++echo " TCP Wrappers support: $TCPW_MSG"
+ echo " MD5 password support: $MD5_MSG"
+ echo " libedit support: $LIBEDIT_MSG"
+ echo " Solaris process contract support: $SPC_MSG"
Property changes on: trunk/security/openssh-portable/files/extra-patch-tcpwrappers
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
More information about the Midnightbsd-cvs
mailing list