diff options
| author | Waldemar Brodkorb <wbx@openadk.org> | 2010-04-04 10:34:02 +0200 |
|---|---|---|
| committer | Waldemar Brodkorb <wbx@openadk.org> | 2010-04-04 10:34:02 +0200 |
| commit | 5042ac8e5927d0089d3902b1c37e5bcc1565d053 (patch) | |
| tree | cd2be3085808c5ac59dd70f9c610c6a40bfe3ffd /package/openssh | |
| parent | 401dabf66529cfb5ab47b4c78d5e25fd493eef1f (diff) | |
| parent | 4d569ed1a3305c7b7abe8fa4273cea3b559cc85a (diff) | |
Merge branch 'master' of git+ssh://openadk.org/git/openadk
Conflicts:
BUGS
package/autoconf/Makefile
Diffstat (limited to 'package/openssh')
20 files changed, 56 insertions, 598 deletions
diff --git a/package/openssh/Config.in b/package/openssh/Config.in deleted file mode 100644 index 136333826..000000000 --- a/package/openssh/Config.in +++ /dev/null @@ -1,140 +0,0 @@ -config ADK_COMPILE_OPENSSH - prompt "openssh........................... OpenSSH software" - bool - default n - -config ADK_COMPILE_OPENSSH_WITH_KERBEROS - prompt "Enable Kerberos support" - bool - depends on ADK_COMPILE_OPENSSH - -choice -prompt "Kerberos implementation" -depends on ADK_COMPILE_OPENSSH_WITH_KERBEROS -config ADK_COMPILE_OPENSSH_WITH_KRB5 - prompt "MIT" - bool - select ADK_PACKAGE_KRB5_LIBS - help - Use MIT kerberos libraries. - -config ADK_COMPILE_OPENSSH_WITH_HEIMDAL - prompt "Heimdal" - bool - select ADK_COMPILE_HEIMDAL - select ADK_PACKAGE_HEIMDAL_LIBS - help - Use heimdal kerberos libraries. - -endchoice - -config ADK_PACKAGE_OPENSSH_CLIENT - prompt "openssh-client.................... OpenSSH clients" - tristate - default n - select ADK_PACKAGE_LIBOPENSSL - select ADK_PACKAGE_ZLIB - depends on ADK_COMPILE_OPENSSH - help - OpenSSH is a FREE version of the SSH protocol suite of network - connectivity tools that increasing numbers of people on the Internet - are coming to rely on. Many users of telnet, rlogin, ftp, and other - such programs might not realize that their password is transmitted - across the Internet unencrypted, but it is. OpenSSH encrypts all - traffic (including passwords) to effectively eliminate eavesdropping, - connection hijacking, and other network-level attacks. Additionally, - OpenSSH provides a myriad of secure tunneling capabilities, as well - as a variety of authentication methods. - - This package contains the ssh(1) client and the scp(1) client/server. - - http://www.openssh.com/ - -config ADK_PACKAGE_OPENSSH_CLIENT_UTILS - prompt "openssh-client-utils............ OpenSSH client utilities" - tristate - default n - depends on ADK_PACKAGE_OPENSSH_CLIENT - depends on ADK_COMPILE_OPENSSH - help - OpenSSH is a FREE version of the SSH protocol suite of network - connectivity tools that increasing numbers of people on the Internet - are coming to rely on. Many users of telnet, rlogin, ftp, and other - such programs might not realize that their password is transmitted - across the Internet unencrypted, but it is. OpenSSH encrypts all - traffic (including passwords) to effectively eliminate eavesdropping, - connection hijacking, and other network-level attacks. Additionally, - OpenSSH provides a myriad of secure tunneling capabilities, as well - as a variety of authentication methods. - - This package contains ssh-agent and ssh-add as well as ssh-keyscan. - - http://www.openssh.com/ - -config ADK_PACKAGE_OPENSSH_SERVER - prompt "openssh-server.................... OpenSSH server" - tristate - default n - select ADK_PACKAGE_LIBOPENSSL - select ADK_PACKAGE_ZLIB - depends on ADK_COMPILE_OPENSSH - help - OpenSSH is a FREE version of the SSH protocol suite of network - connectivity tools that increasing numbers of people on the Internet - are coming to rely on. Many users of telnet, rlogin, ftp, and other - such programs might not realize that their password is transmitted - across the Internet unencrypted, but it is. OpenSSH encrypts all - traffic (including passwords) to effectively eliminate eavesdropping, - connection hijacking, and other network-level attacks. Additionally, - OpenSSH provides a myriad of secure tunneling capabilities, as well - as a variety of authentication methods. - - This package contains sshd(8) and ssh-keygen(8), but not scp(1), - which is needed for SCP server support. - - http://www.openssh.com/ - - -config ADK_PACKAGE_OPENSSH_SFTP_CLIENT - prompt "openssh-sftp-client............... OpenSSH SFTP client" - tristate - default n - select ADK_PACKAGE_LIBOPENSSL - select ADK_PACKAGE_ZLIB - depends on ADK_COMPILE_OPENSSH - help - OpenSSH is a FREE version of the SSH protocol suite of network - connectivity tools that increasing numbers of people on the Internet - are coming to rely on. Many users of telnet, rlogin, ftp, and other - such programs might not realize that their password is transmitted - across the Internet unencrypted, but it is. OpenSSH encrypts all - traffic (including passwords) to effectively eliminate eavesdropping, - connection hijacking, and other network-level attacks. Additionally, - OpenSSH provides a myriad of secure tunneling capabilities, as well - as a variety of authentication methods. - - This package contains the /usr/bin/sftp client utility. - - http://www.openssh.com/ - -config ADK_PACKAGE_OPENSSH_SFTP_SERVER - prompt "openssh-sftp-server............... OpenSSH SFTP server" - tristate - default n - select ADK_PACKAGE_LIBOPENSSL - select ADK_PACKAGE_ZLIB - depends on ADK_COMPILE_OPENSSH - help - OpenSSH is a FREE version of the SSH protocol suite of network - connectivity tools that increasing numbers of people on the Internet - are coming to rely on. Many users of telnet, rlogin, ftp, and other - such programs might not realize that their password is transmitted - across the Internet unencrypted, but it is. OpenSSH encrypts all - traffic (including passwords) to effectively eliminate eavesdropping, - connection hijacking, and other network-level attacks. Additionally, - OpenSSH provides a myriad of secure tunneling capabilities, as well - as a variety of authentication methods. - - This package contains the SFTP server helper programme. - - http://www.openssh.com/ diff --git a/package/openssh/Config.in.kerberos b/package/openssh/Config.in.kerberos new file mode 100644 index 000000000..9d546b668 --- /dev/null +++ b/package/openssh/Config.in.kerberos @@ -0,0 +1,24 @@ +config ADK_COMPILE_OPENSSH_WITH_KERBEROS + prompt "Enable Kerberos support" + bool + depends on ADK_COMPILE_OPENSSH + +choice +prompt "Kerberos implementation" +depends on ADK_COMPILE_OPENSSH_WITH_KERBEROS +config ADK_COMPILE_OPENSSH_WITH_KRB5 + prompt "MIT" + bool + select ADK_PACKAGE_KRB5_LIBS + help + Use MIT kerberos libraries. + +config ADK_COMPILE_OPENSSH_WITH_HEIMDAL + prompt "Heimdal" + bool + select ADK_COMPILE_HEIMDAL + select ADK_PACKAGE_HEIMDAL_LIBS + help + Use heimdal kerberos libraries. + +endchoice diff --git a/package/openssh/Makefile b/package/openssh/Makefile index e5803b003..27bc8dab8 100644 --- a/package/openssh/Makefile +++ b/package/openssh/Makefile @@ -4,42 +4,42 @@ include ${TOPDIR}/rules.mk PKG_NAME:= openssh -PKG_VERSION:= 5.2p1 -PKG_RELEASE:= 2 -PKG_MD5SUM:= ada79c7328a8551bdf55c95e631e7dad +PKG_VERSION:= 5.4p1 +PKG_RELEASE:= 1 +PKG_MD5SUM:= da10af8a789fa2e83e3635f3a1b76f5e PKG_DESCR:= OpenSSH server PKG_SECTION:= net -PKG_DEPENDS:= zlib libopenssl +PKG_DEPENDS:= zlib libopenssl libpthread +PKG_BUILDDEP+= zlib openssl +ifeq (${ADK_COMPILE_OPENSSH_WITH_KRB5},y) +PKG_DEPENDS+= libkrb5 libcom-err +PKG_BUILDDEP+= krb5 +endif +ifeq (${ADK_COMPILE_OPENSSH_WITH_HEIMDAL},y) +PKG_DEPENDS+= libheimdal libcom-err +PKG_BUILDDEP+= heimdal +endif PKG_URL:= http://www.openssh.com -PKG_SITES:= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ - ftp://openbsd.wiretapped.net/pub/OpenBSD/OpenSSH/portable/ \ - ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ \ - ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/ +PKG_SITES:= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ -PKG_DESCR_1:= OpenSSH client -PKG_DESCR_2:= OpenSSH client utilities -PKG_DESCR_3:= OpenSSH sftp client -PKG_DESCR_4:= OpenSSH sftp server +PKG_DESCR_CLIENT:= OpenSSH client +PKG_DESCR_CLIENT_UTILS:=OpenSSH client utilities +PKG_DESCR_SFTP_CLIENT:= OpenSSH sftp client +PKG_DESCR_SFTP_SERVER:= OpenSSH sftp server include ${TOPDIR}/mk/package.mk -ifeq ($(ADK_COMPILE_OPENSSH_WITH_KERBEROS),y) -PKG_DEPENDS+= heimdal-libs -endif - $(eval $(call PKG_template,OPENSSH_SERVER,openssh-server,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) -$(eval $(call PKG_template,OPENSSH_CLIENT,openssh-client,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR_1},${PKG_SECTION})) -$(eval $(call PKG_template,OPENSSH_CLIENT_UTILS,openssh-client-utils,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR_2},${PKG_SECTION})) -$(eval $(call PKG_template,OPENSSH_SFTP_CLIENT,openssh-sftp-client,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR_3},${PKG_SECTION})) -$(eval $(call PKG_template,OPENSSH_SFTP_SERVER,openssh-sftp-server,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR_4},${PKG_SECTION})) - +$(eval $(call PKG_template,OPENSSH_CLIENT,openssh-client,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR_CLIENT},${PKG_SECTION})) +$(eval $(call PKG_template,OPENSSH_CLIENT_UTILS,openssh-client-utils,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR_CLIENT_UTILS},${PKG_SECTION})) +$(eval $(call PKG_template,OPENSSH_SFTP_CLIENT,openssh-sftp-client,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR_SFTP_CLIENT},${PKG_SECTION})) +$(eval $(call PKG_template,OPENSSH_SFTP_SERVER,openssh-sftp-server,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR_SFTP_SERVER},${PKG_SECTION})) ifeq ($(ADK_COMPILE_OPENSSH_WITH_KERBEROS),y) CONFIGURE_ARGS+= --with-kerberos5="${STAGING_DIR}/usr" else CONFIGURE_ARGS+= --without-kerberos5 endif -CONFIGURE_STYLE:= gnu CONFIGURE_ENV+= LD='${TARGET_CC}' \ ac_cv_func_setlogin=no \ ac_cv_lib_nsl_yp_match=no @@ -58,8 +58,6 @@ CONFIGURE_ARGS+= --disable-strip \ --with-privsep-user=sshd \ --with-privsep-path=/var/run/sshd \ --with-ssl-dir="${STAGING_DIR}/usr" -BUILD_STYLE:= auto -INSTALL_STYLE:= auto post-install: ${INSTALL_DIR} ${IDIR_OPENSSH_SERVER}/etc/ssh @@ -83,8 +81,9 @@ post-install: ${INSTALL_DIR} ${IDIR_OPENSSH_SFTP_SERVER}/usr/sbin ${INSTALL_BIN} ${WRKINST}/usr/bin/sftp \ ${IDIR_OPENSSH_SFTP_CLIENT}/usr/bin - ${INSTALL_BIN} ${WRKINST}/usr/sbin/sftp-server \ - ${IDIR_OPENSSH_SFTP_SERVER}/usr/sbin + ${INSTALL_DIR} ${IDIR_OPENSSH_SFTP_SERVER}/usr/libexec + ${INSTALL_BIN} ${WRKINST}/usr/libexec/sftp-server \ + ${IDIR_OPENSSH_SFTP_SERVER}/usr/libexec chmod 0700 {${IDIR_OPENSSH_CLIENT},${IDIR_OPENSSH_SERVER}}/etc/ssh include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/openssh/files/sshd.init b/package/openssh/files/sshd.init index 81f073b88..1a2db6ada 100644 --- a/package/openssh/files/sshd.init +++ b/package/openssh/files/sshd.init @@ -8,8 +8,8 @@ case $1 in autostop) ;; autostart) [[ $openssh = NO ]] && exit 0 - grep dropbear_flags /etc/rc.conf >/dev/null 2>&1 || dropbear_flags=NO - if [[ $openssh = AUTO && $dropbear_flags != NO ]]; then + grep "^dropbear" /etc/rc.conf >/dev/null 2>&1 || dropbear=NO + if [[ $openssh = AUTO && $dropbear != NO ]]; then echo openssh not starting: set to AUTO and dropbear is enabled exit 0 fi diff --git a/package/openssh/files/sshd_config b/package/openssh/files/sshd_config index 1ef114940..b8a2c1a70 100644 --- a/package/openssh/files/sshd_config +++ b/package/openssh/files/sshd_config @@ -104,7 +104,7 @@ UsePrivilegeSeparation yes #Banner none # override default of no subsystems -Subsystem sftp /usr/sbin/sftp-server +Subsystem sftp /usr/libexec/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs diff --git a/package/openssh/patches/patch-auth2-jpake_c b/package/openssh/patches/patch-auth2-jpake_c deleted file mode 100644 index 3ea529fce..000000000 --- a/package/openssh/patches/patch-auth2-jpake_c +++ /dev/null @@ -1,79 +0,0 @@ ---- openssh-5.2p1.orig/auth2-jpake.c 2008-11-11 06:33:03.000000000 +0100 -+++ openssh-5.2p1/auth2-jpake.c 2009-09-18 12:28:10.000000000 +0200 -@@ -172,7 +172,7 @@ derive_rawsalt(const char *username, u_c - fatal("%s: not enough bytes for rawsalt (want %u have %u)", - __func__, len, digest_len); - memcpy(rawsalt, digest, len); -- bzero(digest, digest_len); -+ memset(digest, 0, digest_len); - xfree(digest); - } - -@@ -197,10 +197,10 @@ makesalt(u_int want, const char *user) - fatal("%s: want %u", __func__, want); - - derive_rawsalt(user, rawsalt, sizeof(rawsalt)); -- bzero(ret, sizeof(ret)); -+ memset(ret, 0, sizeof(ret)); - for (i = 0; i < want; i++) - ret[i] = pw_encode64(rawsalt[i]); -- bzero(rawsalt, sizeof(rawsalt)); -+ memset(rawsalt, 0, sizeof(rawsalt)); - - return ret; - } -@@ -354,7 +354,7 @@ auth2_jpake_get_pwdata(Authctxt *authctx - debug3("%s: scheme = %s", __func__, *hash_scheme); - JPAKE_DEBUG_BN((*s, "%s: s = ", __func__)); - #endif -- bzero(secret, secret_len); -+ memset(secret, 0, secret_len); - xfree(secret); - } - -@@ -395,12 +395,12 @@ auth2_jpake_start(Authctxt *authctxt) - packet_send(); - packet_write_wait(); - -- bzero(hash_scheme, strlen(hash_scheme)); -- bzero(salt, strlen(salt)); -+ memset(hash_scheme, 0, strlen(hash_scheme)); -+ memset(salt, 0, strlen(salt)); - xfree(hash_scheme); - xfree(salt); -- bzero(x3_proof, x3_proof_len); -- bzero(x4_proof, x4_proof_len); -+ memset(x3_proof, 0, x3_proof_len); -+ memset(x4_proof, 0, x4_proof_len); - xfree(x3_proof); - xfree(x4_proof); - -@@ -447,8 +447,8 @@ input_userauth_jpake_client_step1(int ty - &pctx->b, - &x4_s_proof, &x4_s_proof_len)); - -- bzero(x1_proof, x1_proof_len); -- bzero(x2_proof, x2_proof_len); -+ memset(x1_proof, 0, x1_proof_len); -+ memset(x2_proof, 0, x2_proof_len); - xfree(x1_proof); - xfree(x2_proof); - -@@ -462,7 +462,7 @@ input_userauth_jpake_client_step1(int ty - packet_send(); - packet_write_wait(); - -- bzero(x4_s_proof, x4_s_proof_len); -+ memset(x4_s_proof, 0, x4_s_proof_len); - xfree(x4_s_proof); - - /* Expect step 2 packet from peer */ -@@ -503,7 +503,7 @@ input_userauth_jpake_client_step2(int ty - &pctx->k, - &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len)); - -- bzero(x2_s_proof, x2_s_proof_len); -+ memset(x2_s_proof, 0, x2_s_proof_len); - xfree(x2_s_proof); - - if (!use_privsep) diff --git a/package/openssh/patches/patch-channels_c b/package/openssh/patches/patch-channels_c deleted file mode 100644 index 3712809e4..000000000 --- a/package/openssh/patches/patch-channels_c +++ /dev/null @@ -1,29 +0,0 @@ ---- openssh-5.2p1.orig/channels.c 2009-02-14 06:28:21.000000000 +0100 -+++ openssh-5.2p1/channels.c 2009-09-18 12:29:28.000000000 +0200 -@@ -411,7 +411,7 @@ channel_free(Channel *c) - if (cc->abandon_cb != NULL) - cc->abandon_cb(c, cc->ctx); - TAILQ_REMOVE(&c->status_confirms, cc, entry); -- bzero(cc, sizeof(*cc)); -+ memset(cc, 0, sizeof(*cc)); - xfree(cc); - } - if (c->filter_cleanup != NULL && c->filter_ctx != NULL) -@@ -2447,7 +2447,7 @@ channel_input_status_confirm(int type, u - return; - cc->cb(type, c, cc->ctx); - TAILQ_REMOVE(&c->status_confirms, cc, entry); -- bzero(cc, sizeof(*cc)); -+ memset(cc, 0, sizeof(*cc)); - xfree(cc); - } - -@@ -2941,7 +2941,7 @@ channel_connect_ctx_free(struct channel_ - xfree(cctx->host); - if (cctx->aitop) - freeaddrinfo(cctx->aitop); -- bzero(cctx, sizeof(*cctx)); -+ memset(cctx, 0, sizeof(*cctx)); - cctx->host = NULL; - cctx->ai = cctx->aitop = NULL; - } diff --git a/package/openssh/patches/patch-cipher_c b/package/openssh/patches/patch-cipher_c index 9edbd4167..b0a91afea 100644 --- a/package/openssh/patches/patch-cipher_c +++ b/package/openssh/patches/patch-cipher_c @@ -1,6 +1,5 @@ -$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ ---- openssh-5.2p1.orig/cipher.c 2009-01-28 06:38:41.000000000 +0100 -+++ openssh-5.2p1/cipher.c 2009-05-01 13:39:23.000000000 +0200 +--- openssh-5.4p1.orig/cipher.c 2009-01-28 06:38:41.000000000 +0100 ++++ openssh-5.4p1/cipher.c 2010-03-17 16:24:25.000000000 +0100 @@ -69,21 +69,30 @@ struct Cipher { { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, EVP_enc_null }, { "des", SSH_CIPHER_DES, 8, 8, 0, 1, EVP_des_cbc }, diff --git a/package/openssh/patches/patch-clientloop_c b/package/openssh/patches/patch-clientloop_c deleted file mode 100644 index 1da1d31c9..000000000 --- a/package/openssh/patches/patch-clientloop_c +++ /dev/null @@ -1,20 +0,0 @@ ---- openssh-5.2p1.orig/clientloop.c 2009-02-14 06:28:21.000000000 +0100 -+++ openssh-5.2p1/clientloop.c 2009-09-18 12:28:59.000000000 +0200 -@@ -487,7 +487,7 @@ client_global_request_reply(int type, u_ - gc->cb(type, seq, gc->ctx); - if (--gc->ref_count <= 0) { - TAILQ_REMOVE(&global_confirms, gc, entry); -- bzero(gc, sizeof(*gc)); -+ memset(gc, 0, sizeof(*gc)); - xfree(gc); - } - -@@ -768,7 +768,7 @@ process_cmdline(void) - int cancel_port; - Forward fwd; - -- bzero(&fwd, sizeof(fwd)); -+ memset(&fwd, 0, sizeof(fwd)); - fwd.listen_host = fwd.connect_host = NULL; - - leave_raw_mode(); diff --git a/package/openssh/patches/patch-configure b/package/openssh/patches/patch-configure deleted file mode 100644 index aa0b7af45..000000000 --- a/package/openssh/patches/patch-configure +++ /dev/null @@ -1,12 +0,0 @@ -$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ ---- openssh-5.2p1.orig/configure 2009-02-23 01:18:14.000000000 +0100 -+++ openssh-5.2p1/configure 2009-05-01 12:34:00.000000000 +0200 -@@ -26712,7 +26712,7 @@ echo "${ECHO_T}yes" >&6; } - #define HEIMDAL 1 - _ACEOF - -- K5LIBS="-lkrb5 -ldes" -+ K5LIBS="-lkrb5" - K5LIBS="$K5LIBS -lcom_err -lasn1" - { echo "$as_me:$LINENO: checking for net_write in -lroken" >&5 - echo $ECHO_N "checking for net_write in -lroken... $ECHO_C" >&6; } diff --git a/package/openssh/patches/patch-jpake_c b/package/openssh/patches/patch-jpake_c deleted file mode 100644 index 37b69ee45..000000000 --- a/package/openssh/patches/patch-jpake_c +++ /dev/null @@ -1,38 +0,0 @@ ---- openssh-5.2p1.orig/jpake.c 2008-11-05 06:20:46.000000000 +0100 -+++ openssh-5.2p1/jpake.c 2009-09-18 12:26:24.000000000 +0200 -@@ -160,7 +160,7 @@ hash_buffer(const u_char *buf, u_int len - success = 0; - out: - EVP_MD_CTX_cleanup(&evp_md_ctx); -- bzero(digest, sizeof(digest)); -+ memset(digest, 0, sizeof(digest)); - digest_len = 0; - return success; - } -@@ -259,7 +259,7 @@ jpake_free(struct jpake_ctx *pctx) - #define JPAKE_BUF_CLEAR_FREE(v, l) \ - do { \ - if ((v) != NULL) { \ -- bzero((v), (l)); \ -+ memset((v), 0, (l)); \ - xfree(v); \ - (v) = NULL; \ - (l) = 0; \ -@@ -287,7 +287,7 @@ jpake_free(struct jpake_ctx *pctx) - #undef JPAKE_BN_CLEAR_FREE - #undef JPAKE_BUF_CLEAR_FREE - -- bzero(pctx, sizeof(pctx)); -+ memset(pctx, 0, sizeof(pctx)); - xfree(pctx); - } - -@@ -592,7 +592,7 @@ jpake_check_confirm(const BIGNUM *k, - else if (memcmp(peer_confirm_hash, expected_confirm_hash, - expected_confirm_hash_len) == 0) - success = 1; -- bzero(expected_confirm_hash, expected_confirm_hash_len); -+ memset(expected_confirm_hash, 0, expected_confirm_hash_len); - xfree(expected_confirm_hash); - debug3("%s: success = %d", __func__, success); - return success; diff --git a/package/openssh/patches/patch-mac_c b/package/openssh/patches/patch-mac_c index 28e27e186..1d4286e29 100644 --- a/package/openssh/patches/patch-mac_c +++ b/package/openssh/patches/patch-mac_c @@ -1,6 +1,5 @@ -$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ ---- openssh-5.2p1.orig/mac.c 2008-06-13 02:58:50.000000000 +0200 -+++ openssh-5.2p1/mac.c 2009-05-01 13:34:59.000000000 +0200 +--- openssh-5.4p1.orig/mac.c 2008-06-13 02:58:50.000000000 +0200 ++++ openssh-5.4p1/mac.c 2010-03-17 16:24:25.000000000 +0100 @@ -59,8 +59,10 @@ struct { { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 }, { "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 }, diff --git a/package/openssh/patches/patch-monitor_c b/package/openssh/patches/patch-monitor_c deleted file mode 100644 index 8992b3e6e..000000000 --- a/package/openssh/patches/patch-monitor_c +++ /dev/null @@ -1,62 +0,0 @@ ---- openssh-5.2p1.orig/monitor.c 2009-02-14 06:33:31.000000000 +0100 -+++ openssh-5.2p1/monitor.c 2009-09-18 12:31:53.000000000 +0200 -@@ -2029,8 +2029,8 @@ mm_answer_jpake_step1(int sock, Buffer * - debug3("%s: sending step1", __func__); - mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m); - -- bzero(x3_proof, x3_proof_len); -- bzero(x4_proof, x4_proof_len); -+ memset(x3_proof, 0, x3_proof_len); -+ memset(x4_proof, 0, x4_proof_len); - xfree(x3_proof); - xfree(x4_proof); - -@@ -2059,8 +2059,8 @@ mm_answer_jpake_get_pwdata(int sock, Buf - debug3("%s: sending pwdata", __func__); - mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m); - -- bzero(hash_scheme, strlen(hash_scheme)); -- bzero(salt, strlen(salt)); -+ memset(hash_scheme, 0, strlen(hash_scheme)); -+ memset(salt, 0, strlen(salt)); - xfree(hash_scheme); - xfree(salt); - -@@ -2099,8 +2099,8 @@ mm_answer_jpake_step2(int sock, Buffer * - - JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__)); - -- bzero(x1_proof, x1_proof_len); -- bzero(x2_proof, x2_proof_len); -+ memset(x1_proof, 0, x1_proof_len); -+ memset(x2_proof, 0, x2_proof_len); - xfree(x1_proof); - xfree(x2_proof); - -@@ -2112,7 +2112,7 @@ mm_answer_jpake_step2(int sock, Buffer * - debug3("%s: sending step2", __func__); - mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); - -- bzero(x4_s_proof, x4_s_proof_len); -+ memset(x4_s_proof, 0, x4_s_proof_len); - xfree(x4_s_proof); - - monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); -@@ -2146,7 +2146,7 @@ mm_answer_jpake_key_confirm(int sock, Bu - - JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__)); - -- bzero(x2_s_proof, x2_s_proof_len); -+ memset(x2_s_proof, 0, x2_s_proof_len); - buffer_clear(m); - - /* pctx->k is sensitive, not sent */ -@@ -2180,7 +2180,7 @@ mm_answer_jpake_check_confirm(int sock, - - JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); - -- bzero(peer_confirm_hash, peer_confirm_hash_len); -+ memset(peer_confirm_hash, 0, peer_confirm_hash_len); - xfree(peer_confirm_hash); - - buffer_clear(m); diff --git a/package/openssh/patches/patch-myproposal_h b/package/openssh/patches/patch-myproposal_h deleted file mode 100644 index 38345863e..000000000 --- a/package/openssh/patches/patch-myproposal_h +++ /dev/null @@ -1,45 +0,0 @@ -$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ ---- openssh-5.2p1.orig/myproposal.h 2009-01-28 06:33:31.000000000 +0100 -+++ openssh-5.2p1/myproposal.h 2009-05-01 14:00:47.000000000 +0200 -@@ -42,15 +42,35 @@ - - #define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" - -+ -+#ifndef OPENSSL_NO_AES192 -+#define KEX_ENCRYPT_AES192 ",aes192-ctr,aes192-cbc" -+#else -+#define KEX_ENCRYPT_AES192 -+#endif -+#ifndef OPENSSL_NO_BF -+#define KEX_ENCRYPT_BF ",blowfish-cbc" -+#else -+#define KEX_ENCRYPT_BF -+#endif -+#ifndef OPENSSL_NO_CAST -+#define KEX_ENCRYPT_CAST ",cast128-cbc" -+#define KEX_MAC_CAST ",hmac-ripemd160,hmac-ripemd160@openssh.com" -+#else -+#define KEX_ENCRYPT_CAST -+#define KEX_MAC_CAST -+#endif -+ - #define KEX_DEFAULT_ENCRYPT \ -- "aes128-ctr,aes192-ctr,aes256-ctr," \ -+ "aes128-ctr,aes256-ctr," \ - "arcfour256,arcfour128," \ -- "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ -- "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" -+ "aes128-cbc,3des-cbc," \ -+ "aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" \ -+ KEX_ENCRYPT_AES192 KEX_ENCRYPT_BF KEX_ENCRYPT_CAST - #define KEX_DEFAULT_MAC \ -- "hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160," \ -- "hmac-ripemd160@openssh.com," \ -- "hmac-sha1-96,hmac-md5-96" -+ "hmac-md5,hmac-sha1,umac-64@openssh.com," \ -+ "hmac-sha1-96,hmac-md5-96" \ -+ KEX_MAC_CAST - #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" - #define KEX_DEFAULT_LANG "" - diff --git a/package/openssh/patches/patch-openbsd-compat_port-tun_c b/package/openssh/patches/patch-openbsd-compat_port-tun_c deleted file mode 100644 index c4eb11c4c..000000000 --- a/package/openssh/patches/patch-openbsd-compat_port-tun_c +++ /dev/null @@ -1,21 +0,0 @@ -$Id: update-patches 24 2008-08-31 14:56:13Z wbx $ ---- openssh-5.2p1.orig/openbsd-compat/port-tun.c 2008-05-19 07:28:36.000000000 +0200 -+++ openssh-5.2p1/openbsd-compat/port-tun.c 2009-09-18 12:25:49.000000000 +0200 -@@ -67,7 +67,7 @@ sys_tun_open(int tun, int mode) - return (-1); - } - -- bzero(&ifr, sizeof(ifr)); -+ memset(&ifr, 0, sizeof(ifr)); - - if (mode == SSH_TUNMODE_ETHERNET) { - ifr.ifr_flags = IFF_TAP; -@@ -213,7 +213,7 @@ sys_tun_infilter(struct Channel *c, char - if (len <= 0 || len > (int)(sizeof(rbuf) - sizeof(*af))) - return (-1); - ptr = (char *)&rbuf[0]; -- bcopy(buf, ptr + sizeof(u_int32_t), len); -+ memcpy(ptr + sizeof(u_int32_t), buf, len); - len += sizeof(u_int32_t); - af = (u_int32_t *)ptr; - diff --git a/package/openssh/patches/patch-schnorr_c b/package/openssh/patches/patch-schnorr_c deleted file mode 100644 index aff2497ba..000000000 --- a/package/openssh/patches/patch-schnorr_c +++ /dev/null @@ -1,11 +0,0 @@ ---- openssh-5.2p1.orig/schnorr.c 2009-02-21 02:45:18.000000000 +0100 -+++ openssh-5.2p1/schnorr.c 2009-09-18 12:28:29.000000000 +0200 -@@ -105,7 +105,7 @@ schnorr_hash(const BIGNUM *p, const BIGN - out: - buffer_free(&b); - EVP_MD_CTX_cleanup(&evp_md_ctx); -- bzero(digest, digest_len); -+ memset(digest, 0, digest_len); - xfree(digest); - digest_len = 0; - if (success == 0) diff --git a/package/openssh/patches/patch-session_c b/package/openssh/patches/patch-session_c deleted file mode 100644 index ea9508cfd..000000000 --- a/package/openssh/patches/patch-session_c +++ /dev/null @@ -1,11 +0,0 @@ ---- openssh-5.2p1.orig/session.c 2009-01-28 06:29:49.000000000 +0100 -+++ openssh-5.2p1/session.c 2009-09-18 12:25:29.000000000 +0200 -@@ -1865,7 +1865,7 @@ session_unused(int id) - fatal("%s: insane session id %d (max %d nalloc %d)", - __func__, id, options.max_sessions, sessions_nalloc); - } -- bzero(&sessions[id], sizeof(*sessions)); -+ memset(&sessions[id], 0, sizeof(*sessions)); - sessions[id].self = id; - sessions[id].used = 0; - sessions[id].chanid = -1; diff --git a/package/openssh/patches/patch-sftp-client_c b/package/openssh/patches/patch-sftp-client_c deleted file mode 100644 index 21363fee7..000000000 --- a/package/openssh/patches/patch-sftp-client_c +++ /dev/null @@ -1,11 +0,0 @@ ---- openssh-5.2p1.orig/sftp-client.c 2008-07-04 15:10:49.000000000 +0200 -+++ openssh-5.2p1/sftp-client.c 2009-09-18 12:30:56.000000000 +0200 -@@ -273,7 +273,7 @@ get_decode_statvfs(int fd, struct sftp_s - SSH2_FXP_EXTENDED_REPLY, type); - } - -- bzero(st, sizeof(*st)); -+ memset(st, 0, sizeof(*st)); - st->f_bsize = buffer_get_int64(&msg); - st->f_frsize = buffer_get_int64(&msg); - st->f_blocks = buffer_get_int64(&msg); diff --git a/package/openssh/patches/patch-ssh_c b/package/openssh/patches/patch-ssh_c deleted file mode 100644 index 486429320..000000000 --- a/package/openssh/patches/patch-ssh_c +++ /dev/null @@ -1,13 +0,0 @@ ---- openssh-5.2p1.orig/ssh.c 2009-02-14 06:28:21.000000000 +0100 -+++ openssh-5.2p1/ssh.c 2009-09-18 12:26:46.000000000 +0200 -@@ -1277,8 +1277,8 @@ load_public_identity_files(void) - options.identity_files[i] = filename; - options.identity_keys[i] = public; - } -- bzero(pwname, strlen(pwname)); -+ memset(pwname, 0, strlen(pwname)); - xfree(pwname); -- bzero(pwdir, strlen(pwdir)); -+ memset(pwdir, 0, strlen(pwdir)); - xfree(pwdir); - } diff --git a/package/openssh/patches/patch-sshconnect2_c b/package/openssh/patches/patch-sshconnect2_c deleted file mode 100644 index 405989001..000000000 --- a/package/openssh/patches/patch-sshconnect2_c +++ /dev/null @@ -1,71 +0,0 @@ ---- openssh-5.2p1.orig/sshconnect2.c 2008-11-05 06:20:47.000000000 +0100 -+++ openssh-5.2p1/sshconnect2.c 2009-09-18 12:30:37.000000000 +0200 -@@ -921,14 +921,14 @@ jpake_password_to_secret(Authctxt *authc - &secret, &secret_len) != 0) - fatal("%s: hash_buffer", __func__); - -- bzero(password, strlen(password)); -- bzero(crypted, strlen(crypted)); -+ memset(password, 0, strlen(password)); -+ memset(crypted, 0, strlen(crypted)); - xfree(password); - xfree(crypted); - - if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL) - fatal("%s: BN_bin2bn (secret)", __func__); -- bzero(secret, secret_len); -+ memset(secret, 0, secret_len); - xfree(secret); - - return ret; -@@ -965,8 +965,8 @@ input_userauth_jpake_server_step1(int ty - - /* Obtain password and derive secret */ - pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt); -- bzero(crypt_scheme, strlen(crypt_scheme)); -- bzero(salt, strlen(salt)); -+ memset(crypt_scheme, 0, strlen(crypt_scheme)); -+ memset(salt, 0, strlen(salt)); - xfree(crypt_scheme); - xfree(salt); - JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__)); -@@ -981,8 +981,8 @@ input_userauth_jpake_server_step1(int ty - &pctx->a, - &x2_s_proof, &x2_s_proof_len); - -- bzero(x3_proof, x3_proof_len); -- bzero(x4_proof, x4_proof_len); -+ memset(x3_proof, 0, x3_proof_len); -+ memset(x4_proof, 0, x4_proof_len); - xfree(x3_proof); - xfree(x4_proof); - -@@ -994,7 +994,7 @@ input_userauth_jpake_server_step1(int ty - packet_put_string(x2_s_proof, x2_s_proof_len); - packet_send(); - -- bzero(x2_s_proof, x2_s_proof_len); -+ memset(x2_s_proof, 0, x2_s_proof_len); - xfree(x2_s_proof); - - /* Expect step 2 packet from peer */ -@@ -1034,7 +1034,7 @@ input_userauth_jpake_server_step2(int ty - &pctx->k, - &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len); - -- bzero(x4_s_proof, x4_s_proof_len); -+ memset(x4_s_proof, 0, x4_s_proof_len); - xfree(x4_s_proof); - - JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); -@@ -1700,8 +1700,8 @@ userauth_jpake(Authctxt *authctxt) - packet_put_string(x2_proof, x2_proof_len); - packet_send(); - -- bzero(x1_proof, x1_proof_len); -- bzero(x2_proof, x2_proof_len); -+ memset(x1_proof, 0, x1_proof_len); -+ memset(x2_proof, 0, x2_proof_len); - xfree(x1_proof); - xfree(x2_proof); - |