summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Ahlberg <aliz@gentoo.org>2004-09-14 08:02:18 +0000
committerDaniel Ahlberg <aliz@gentoo.org>2004-09-14 08:02:18 +0000
commit3c8da527cf03d19633713de6bb3061a1a3a4572e (patch)
treef500e4142914be963acba5c0a8009778da605117 /net-misc/openssh/files
parentStable amd64, x86. Removing old ebuilds. (Manifest recommit) (diff)
downloadgentoo-2-3c8da527cf03d19633713de6bb3061a1a3a4572e.tar.gz
gentoo-2-3c8da527cf03d19633713de6bb3061a1a3a4572e.tar.bz2
gentoo-2-3c8da527cf03d19633713de6bb3061a1a3a4572e.zip
Compressed patches
Diffstat (limited to 'net-misc/openssh/files')
-rw-r--r--net-misc/openssh/files/openssh-3.5_p1-gentoo-sshd-gcc3.patch10
-rw-r--r--net-misc/openssh/files/openssh-3.5_p1-gentoo-sshd-gcc3.patch.bz2bin0 -> 253 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff116
-rw-r--r--net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff.bz2bin0 -> 1353 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch74
-rw-r--r--net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch.bz2bin0 -> 1119 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.7.1_p2-kerberos.patch21
-rw-r--r--net-misc/openssh/files/openssh-3.7.1_p2-kerberos.patch.bz2bin0 -> 490 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.7.1_p2-skey.patch11
-rw-r--r--net-misc/openssh/files/openssh-3.7.1_p2-skey.patch.bz2bin0 -> 272 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch74
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch.bz2bin0 -> 1119 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch19
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch.bz2bin0 -> 465 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch128
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch.bz2bin0 -> 1304 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch131
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch.bz2bin0 -> 1381 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch12
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch.bz2bin0 -> 315 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-skey.patch11
-rw-r--r--net-misc/openssh/files/openssh-3.8.1_p1-skey.patch.bz2bin0 -> 270 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch755
-rw-r--r--net-misc/openssh/files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch.bz2bin0 -> 6164 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8_p1-chroot.patch74
-rw-r--r--net-misc/openssh/files/openssh-3.8_p1-chroot.patch.bz2bin0 -> 1119 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8_p1-kerberos.patch19
-rw-r--r--net-misc/openssh/files/openssh-3.8_p1-kerberos.patch.bz2bin0 -> 465 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch12
-rw-r--r--net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch.bz2bin0 -> 315 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.8_p1-skey.patch11
-rw-r--r--net-misc/openssh/files/openssh-3.8_p1-skey.patch.bz2bin0 -> 270 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-chroot.patch74
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-chroot.patch.bz2bin0 -> 1119 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-largekey.patch130
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-largekey.patch.bz2bin0 -> 1352 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-opensc.patch131
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-opensc.patch.bz2bin0 -> 1381 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-selinux.diff110
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-selinux.diff.bz2bin0 -> 1307 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch759
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2bin0 -> 6225 bytes
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-skey.patch11
-rw-r--r--net-misc/openssh/files/openssh-3.9_p1-skey.patch.bz2bin0 -> 270 bytes
-rw-r--r--net-misc/openssh/files/openssh-skeychallenge-args.diff24
-rw-r--r--net-misc/openssh/files/openssh-skeychallenge-args.diff.bz2bin0 -> 424 bytes
46 files changed, 0 insertions, 2717 deletions
diff --git a/net-misc/openssh/files/openssh-3.5_p1-gentoo-sshd-gcc3.patch b/net-misc/openssh/files/openssh-3.5_p1-gentoo-sshd-gcc3.patch
deleted file mode 100644
index 70787b4ca39a..000000000000
--- a/net-misc/openssh/files/openssh-3.5_p1-gentoo-sshd-gcc3.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- sshd.c.orig 2002-11-21 15:42:45.000000000 -0500
-+++ sshd.c 2002-11-21 15:43:42.000000000 -0500
-@@ -994,6 +994,7 @@
- sensitive_data.have_ssh1_key = 1;
- break;
- case KEY_RSA:
-+ i=i+0; /* gcc3.2 drops these 2 cases without this */
- case KEY_DSA:
- sensitive_data.have_ssh2_key = 1;
- break;
diff --git a/net-misc/openssh/files/openssh-3.5_p1-gentoo-sshd-gcc3.patch.bz2 b/net-misc/openssh/files/openssh-3.5_p1-gentoo-sshd-gcc3.patch.bz2
new file mode 100644
index 000000000000..944ab782ec76
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.5_p1-gentoo-sshd-gcc3.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff b/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff
deleted file mode 100644
index 7a97fe7f877a..000000000000
--- a/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff
+++ /dev/null
@@ -1,116 +0,0 @@
-diff -urN openssh-3.7.1p1.orig/Makefile.in openssh-3.7.1p1/Makefile.in
---- openssh-3.7.1p1.orig/Makefile.in 2003-09-13 20:40:36.000000000 -0500
-+++ openssh-3.7.1p1/Makefile.in 2003-09-19 19:08:04.000000000 -0500
-@@ -40,7 +40,7 @@
-
- CC=@CC@
- LD=@LD@
--CFLAGS=@CFLAGS@
-+CFLAGS=@CFLAGS@ -DWITH_SELINUX
- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
- LIBS=@LIBS@
- LIBPAM=@LIBPAM@
-@@ -53,7 +53,7 @@
- SED=@SED@
- ENT=@ENT@
- XAUTH_PATH=@XAUTH_PATH@
--LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
-+LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -lselinux
- EXEEXT=@EXEEXT@
-
- INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
-diff -urN openssh-3.7.1p1.orig/session.c openssh-3.7.1p1/session.c
---- openssh-3.7.1p1.orig/session.c 2003-09-15 20:52:19.000000000 -0500
-+++ openssh-3.7.1p1/session.c 2003-09-19 19:08:36.000000000 -0500
-@@ -62,6 +62,11 @@
- #include "ssh-gss.h"
- #endif
-
-+#ifdef WITH_SELINUX
-+#include <selinux/get_context_list.h>
-+#include <selinux/selinux.h>
-+#endif
-+
- /* func */
-
- Session *session_new(void);
-@@ -1291,6 +1296,19 @@
- #endif
- if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
- fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
-+#ifdef WITH_SELINUX
-+ if (is_selinux_enabled())
-+ {
-+ security_context_t scontext;
-+ if (get_default_context(pw->pw_name,NULL,&scontext))
-+ fatal("Failed to get default security context for %s.", pw->pw_name);
-+ if (setexeccon(scontext)) {
-+ freecon(scontext);
-+ fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
-+ }
-+ freecon(scontext);
-+ }
-+#endif
- }
-
- static void
-diff -urN openssh-3.7.1p1.orig/sshpty.c openssh-3.7.1p1/sshpty.c
---- openssh-3.7.1p1.orig/sshpty.c 2003-08-24 20:16:21.000000000 -0500
-+++ openssh-3.7.1p1/sshpty.c 2003-09-19 19:08:04.000000000 -0500
-@@ -30,6 +30,12 @@
- #define O_NOCTTY 0
- #endif
-
-+#ifdef WITH_SELINUX
-+#include <selinux/flask.h>
-+#include <selinux/get_context_list.h>
-+#include <selinux/selinux.h>
-+#endif
-+
- /*
- * Allocates and opens a pty. Returns 0 if no pty could be allocated, or
- * nonzero if a pty was successfully allocated. On success, open file
-@@ -386,6 +392,37 @@
- * Warn but continue if filesystem is read-only and the uids match/
- * tty is owned by root.
- */
-+#ifdef WITH_SELINUX
-+ if (is_selinux_enabled()) {
-+ security_context_t new_tty_context=NULL,
-+ user_context=NULL, old_tty_context=NULL;
-+
-+ if (get_default_context(pw->pw_name,NULL,&user_context))
-+ fatal("Failed to get default security context for %s.", pw->pw_name);
-+
-+ if (getfilecon(ttyname, &old_tty_context)<0) {
-+ error("getfilecon(%.100s) failed: %.100s", ttyname,
-+ strerror(errno));
-+ }
-+ else
-+ {
-+ if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) {
-+ error("security_compute_relabel(%.100s) failed: %.100s", ttyname,
-+ strerror(errno));
-+ }
-+ else
-+ {
-+ if (setfilecon (ttyname, new_tty_context) != 0) {
-+ error("setfilecon(%.100s, %s) failed: %.100s",
-+ ttyname, new_tty_context, strerror(errno));
-+ }
-+ freecon(new_tty_context);
-+ }
-+ freecon(old_tty_context);
-+ }
-+ freecon(user_context);
-+ }
-+#endif
- if (stat(ttyname, &st))
- fatal("stat(%.100s) failed: %.100s", ttyname,
- strerror(errno));
-@@ -415,4 +452,5 @@
- ttyname, (u_int)mode, strerror(errno));
- }
- }
-+
- }
diff --git a/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff.bz2 b/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff.bz2
new file mode 100644
index 000000000000..0d3075b14786
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.7.1_p1-selinux.diff.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch b/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch
deleted file mode 100644
index 13625995a88e..000000000000
--- a/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-################################################################################
-################################################################################
-# #
-# Original patch by Ricardo Cerqueira <rmcc@clix.pt> #
-# #
-# Updated by James Dennis <james@firstaidmusic.com> for openssh-3.7.1p2 #
-# #
-# A patch to cause sshd to chroot when it encounters the magic token #
-# '/./' in a users home directory. The directory portion before the #
-# token is the directory to chroot() to, the portion after the #
-# token is the user's home directory relative to the new root. #
-# #
-# Patch source using: patch -p0 < /path/to/patch #
-# #
-# Systems with a bad diff (doesn't understand -u or -N) should use gnu diff. #
-# Solaris may store this as gdiff under /opt/sfw/bin. I can't say much about #
-# other systems (unless you email me your experiences!). #
-# #
-################################################################################
-################################################################################
-
-diff -uNr openssh-3.7.1p2/session.c openssh-3.7.1p2-chroot/session.c
---- openssh-3.7.1p2/session.c Tue Sep 23 04:59:08 2003
-+++ openssh-3.7.1p2-chroot/session.c Fri Sep 26 13:42:52 2003
-@@ -58,6 +58,8 @@
- #include "session.h"
- #include "monitor_wrap.h"
-
-+#define CHROOT
-+
- #ifdef GSSAPI
- #include "ssh-gss.h"
- #endif
-@@ -1231,6 +1233,12 @@
- void
- do_setusercontext(struct passwd *pw)
- {
-+
-+#ifdef CHROOT
-+ char *user_dir;
-+ char *new_root;
-+#endif /* CHROOT */
-+
- #ifndef HAVE_CYGWIN
- if (getuid() == 0 || geteuid() == 0)
- #endif /* HAVE_CYGWIN */
-@@ -1268,6 +1276,27 @@
- exit(1);
- }
- endgrent();
-+
-+#ifdef CHROOT
-+ user_dir = xstrdup(pw->pw_dir);
-+ new_root = user_dir + 1;
-+
-+ while((new_root = strchr(new_root, '.')) != NULL) {
-+ new_root--;
-+ if(strncmp(new_root, "/./", 3) == 0) {
-+ *new_root = '\0';
-+ new_root += 2;
-+
-+ if(chroot(user_dir) != 0)
-+ fatal("Couldn't chroot to user directory % s", user_dir);
-+ pw->pw_dir = new_root;
-+ break;
-+ }
-+ new_root += 2;
-+ }
-+#endif /* CHROOT */
-+
-+
- # ifdef USE_PAM
- /*
- * PAM credentials may take the form of supplementary groups.
diff --git a/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch.bz2 b/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch.bz2
new file mode 100644
index 000000000000..f1a759d5c205
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.7.1_p2-kerberos.patch b/net-misc/openssh/files/openssh-3.7.1_p2-kerberos.patch
deleted file mode 100644
index 810ce1420b34..000000000000
--- a/net-misc/openssh/files/openssh-3.7.1_p2-kerberos.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -ur openssh-3.7.1p2.orig/configure.ac openssh-3.7.1p2/configure.ac
---- openssh-3.7.1p2.orig/configure.ac 2003-09-23 10:24:21.000000000 +0100
-+++ openssh-3.7.1p2/configure.ac 2003-10-04 12:51:15.000000000 +0100
-@@ -1992,7 +1992,7 @@
- else
- KRB5ROOT=${withval}
- fi
-- CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
-+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include -I/usr/include/heimdal -I/usr/include/gssapi"
- LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
- AC_DEFINE(KRB5)
- KRB5_MSG="yes"
-@@ -2001,7 +2001,7 @@
- [ char *tmp = heimdal_version; ],
- [ AC_MSG_RESULT(yes)
- AC_DEFINE(HEIMDAL)
-- K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
-+ K5LIBS="-lkrb5 -lcom_err -lasn1 -lroken -lresolv"
- ],
- [ AC_MSG_RESULT(no)
- K5LIBS="-lkrb5 -lk5crypto -lcom_err"
diff --git a/net-misc/openssh/files/openssh-3.7.1_p2-kerberos.patch.bz2 b/net-misc/openssh/files/openssh-3.7.1_p2-kerberos.patch.bz2
new file mode 100644
index 000000000000..f5dc945b44d8
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.7.1_p2-kerberos.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.7.1_p2-skey.patch b/net-misc/openssh/files/openssh-3.7.1_p2-skey.patch
deleted file mode 100644
index c396f5294ab4..000000000000
--- a/net-misc/openssh/files/openssh-3.7.1_p2-skey.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- configure.ac 2004-02-25 10:21:51.980605062 +0000
-+++ configure.ac 2004-02-25 10:22:23.742782648 +0000
-@@ -662,7 +662,7 @@
- [
- #include <stdio.h>
- #include <skey.h>
--int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
-+int main() { char *ff = "true"; ff=""; exit(0); }
- ],
- [AC_MSG_RESULT(yes)],
- [
diff --git a/net-misc/openssh/files/openssh-3.7.1_p2-skey.patch.bz2 b/net-misc/openssh/files/openssh-3.7.1_p2-skey.patch.bz2
new file mode 100644
index 000000000000..516c5a799fcd
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.7.1_p2-skey.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch b/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch
deleted file mode 100644
index 13625995a88e..000000000000
--- a/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-################################################################################
-################################################################################
-# #
-# Original patch by Ricardo Cerqueira <rmcc@clix.pt> #
-# #
-# Updated by James Dennis <james@firstaidmusic.com> for openssh-3.7.1p2 #
-# #
-# A patch to cause sshd to chroot when it encounters the magic token #
-# '/./' in a users home directory. The directory portion before the #
-# token is the directory to chroot() to, the portion after the #
-# token is the user's home directory relative to the new root. #
-# #
-# Patch source using: patch -p0 < /path/to/patch #
-# #
-# Systems with a bad diff (doesn't understand -u or -N) should use gnu diff. #
-# Solaris may store this as gdiff under /opt/sfw/bin. I can't say much about #
-# other systems (unless you email me your experiences!). #
-# #
-################################################################################
-################################################################################
-
-diff -uNr openssh-3.7.1p2/session.c openssh-3.7.1p2-chroot/session.c
---- openssh-3.7.1p2/session.c Tue Sep 23 04:59:08 2003
-+++ openssh-3.7.1p2-chroot/session.c Fri Sep 26 13:42:52 2003
-@@ -58,6 +58,8 @@
- #include "session.h"
- #include "monitor_wrap.h"
-
-+#define CHROOT
-+
- #ifdef GSSAPI
- #include "ssh-gss.h"
- #endif
-@@ -1231,6 +1233,12 @@
- void
- do_setusercontext(struct passwd *pw)
- {
-+
-+#ifdef CHROOT
-+ char *user_dir;
-+ char *new_root;
-+#endif /* CHROOT */
-+
- #ifndef HAVE_CYGWIN
- if (getuid() == 0 || geteuid() == 0)
- #endif /* HAVE_CYGWIN */
-@@ -1268,6 +1276,27 @@
- exit(1);
- }
- endgrent();
-+
-+#ifdef CHROOT
-+ user_dir = xstrdup(pw->pw_dir);
-+ new_root = user_dir + 1;
-+
-+ while((new_root = strchr(new_root, '.')) != NULL) {
-+ new_root--;
-+ if(strncmp(new_root, "/./", 3) == 0) {
-+ *new_root = '\0';
-+ new_root += 2;
-+
-+ if(chroot(user_dir) != 0)
-+ fatal("Couldn't chroot to user directory % s", user_dir);
-+ pw->pw_dir = new_root;
-+ break;
-+ }
-+ new_root += 2;
-+ }
-+#endif /* CHROOT */
-+
-+
- # ifdef USE_PAM
- /*
- * PAM credentials may take the form of supplementary groups.
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch.bz2
new file mode 100644
index 000000000000..f1a759d5c205
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8.1_p1-chroot.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch b/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch
deleted file mode 100644
index 2d0694f0cc7e..000000000000
--- a/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch
+++ /dev/null
@@ -1,19 +0,0 @@
---- configure.ac 2004-02-24 21:05:46.781403118 +0000
-+++ configure.ac 2004-02-24 21:03:30.717786642 +0000
-@@ -2102,14 +2102,14 @@
- )
- else
- AC_MSG_RESULT(no)
-- CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
-+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include -I/usr/include/heimdal -I/usr/include/gssapi"
- LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
- AC_MSG_CHECKING(whether we are using Heimdal)
- AC_TRY_COMPILE([ #include <krb5.h> ],
- [ char *tmp = heimdal_version; ],
- [ AC_MSG_RESULT(yes)
- AC_DEFINE(HEIMDAL)
-- K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
-+ K5LIBS="-lkrb5 -lcom_err -lasn1 -lroken -lresolv"
- ],
- [ AC_MSG_RESULT(no)
- K5LIBS="-lkrb5 -lk5crypto -lcom_err"
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch.bz2
new file mode 100644
index 000000000000..8f04e301049f
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8.1_p1-kerberos.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch b/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch
deleted file mode 100644
index 67841670145c..000000000000
--- a/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch
+++ /dev/null
@@ -1,128 +0,0 @@
-diff -uNr openssh-3.8.1p1/auth2-pubkey.c openssh-3.8.1p1-hugekeys/auth2-pubkey.c
---- openssh-3.8.1p1/auth2-pubkey.c 2004-01-21 01:02:50.000000000 +0100
-+++ openssh-3.8.1p1-hugekeys/auth2-pubkey.c 2004-06-24 13:53:28.493574960 +0200
-@@ -32,6 +32,7 @@
- #include "bufaux.h"
- #include "auth.h"
- #include "key.h"
-+#include "authfile.h"
- #include "pathnames.h"
- #include "uidswap.h"
- #include "auth-options.h"
-@@ -167,7 +168,8 @@
- static int
- user_key_allowed2(struct passwd *pw, Key *key, char *file)
- {
-- char line[8192];
-+ size_t size;
-+ char *line;
- int found_key = 0;
- FILE *f;
- u_long linenum = 0;
-@@ -204,7 +206,10 @@
- found_key = 0;
- found = key_new(key->type);
-
-- while (fgets(line, sizeof(line), f)) {
-+ size = 4096;
-+ line = xmalloc(size);
-+
-+ while (read_whole_line(&line, &size, f)) {
- char *cp, *options = NULL;
- linenum++;
- /* Skip leading whitespace, empty and comment lines. */
-@@ -245,6 +250,9 @@
- break;
- }
- }
-+
-+ xfree(line);
-+
- restore_uid();
- fclose(f);
- key_free(found);
-diff -uNr openssh-3.8.1p1/authfile.c openssh-3.8.1p1-hugekeys/authfile.c
---- openssh-3.8.1p1/authfile.c 2003-09-22 13:01:27.000000000 +0200
-+++ openssh-3.8.1p1-hugekeys/authfile.c 2004-06-24 13:49:28.425070920 +0200
-@@ -588,17 +588,50 @@
- return prv;
- }
-
-+char *
-+read_whole_line(char **line, size_t *size, FILE *f)
-+{
-+ char *ln = *line;
-+ size_t i, sz = *size;
-+
-+ if (!ln) {
-+ fatal("read_whole_line: NULL pointer given as line argument");
-+ }
-+
-+ for (i = 0; ln[sz - 2] = '\0', fgets(ln + i, sz - i, f); i = sz - 1, sz <<= 1) {
-+ if (ln[sz - 2]) {
-+ ln = xrealloc(ln, sz << 1);
-+ continue;
-+ }
-+
-+ *line = ln;
-+ *size = sz;
-+
-+ return ln;
-+ }
-+
-+ return NULL;
-+}
-+
- static int
- key_try_load_public(Key *k, const char *filename, char **commentp)
- {
- FILE *f;
-- char line[4096];
-+ size_t size;
-+ char *line;
- char *cp;
-
- f = fopen(filename, "r");
- if (f != NULL) {
-- while (fgets(line, sizeof(line), f)) {
-- line[sizeof(line)-1] = '\0';
-+ size = 4096;
-+ line = xmalloc(size);
-+
-+ while (read_whole_line(&line, &size, f)) {
-+ /* FIXME: is this useful? fgets already stores a '\0'
-+ * after the last character in the buffer...
-+ */
-+ line[size-1] = '\0';
-+
- cp = line;
- switch (*cp) {
- case '#':
-@@ -613,11 +646,15 @@
- if (key_read(k, &cp) == 1) {
- if (commentp)
- *commentp=xstrdup(filename);
-+
-+ xfree(line);
- fclose(f);
- return 1;
- }
- }
- }
-+
-+ xfree(line);
- fclose(f);
- }
- return 0;
-diff -uNr openssh-3.8.1p1/authfile.h openssh-3.8.1p1-hugekeys/authfile.h
---- openssh-3.8.1p1/authfile.h 2002-06-06 21:57:34.000000000 +0200
-+++ openssh-3.8.1p1-hugekeys/authfile.h 2004-06-24 13:42:59.556187976 +0200
-@@ -15,6 +15,8 @@
- #ifndef AUTHFILE_H
- #define AUTHFILE_H
-
-+char *read_whole_line(char **, size_t *, FILE *);
-+
- int key_save_private(Key *, const char *, const char *, const char *);
- Key *key_load_public(const char *, char **);
- Key *key_load_public_type(int, const char *, char **);
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch.bz2
new file mode 100644
index 000000000000..29a4bc57ea0b
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8.1_p1-largekey.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch b/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch
deleted file mode 100644
index 92f8d8d6232b..000000000000
--- a/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-Index: scard-opensc.c
-===================================================================
-RCS file: /cvs/openssh/scard-opensc.c,v
-retrieving revision 1.12
-diff -u -r1.12 scard-opensc.c
---- scard-opensc.c 25 Aug 2003 00:58:26 -0000 1.12
-+++ scard-opensc.c 27 Aug 2003 11:42:02 -0000
-@@ -38,6 +38,8 @@
- #include "readpass.h"
- #include "scard.h"
-
-+int ask_for_pin=0;
-+
- #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE)
- #define USE_ENGINE
- #define RSA_get_default_method RSA_get_default_openssl_method
-@@ -119,6 +121,7 @@
- struct sc_pkcs15_prkey_info *key;
- struct sc_pkcs15_object *pin_obj;
- struct sc_pkcs15_pin_info *pin;
-+ char *passphrase = NULL;
-
- priv = (struct sc_priv_data *) RSA_get_app_data(rsa);
- if (priv == NULL)
-@@ -156,24 +159,47 @@
- goto err;
- }
- pin = pin_obj->data;
-+
-+ if (sc_pin)
-+ passphrase = sc_pin;
-+ else if (ask_for_pin) {
-+ /* we need a pin but don't have one => ask for the pin */
-+ char prompt[64];
-+
-+ snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ",
-+ key_obj->label ? key_obj->label : "smartcard key");
-+ passphrase = read_passphrase(prompt, 0);
-+ if (!passphrase || !strcmp(passphrase, ""))
-+ goto err;
-+ } else
-+ /* no pin => error */
-+ goto err;
-+
- r = sc_lock(card);
- if (r) {
- error("Unable to lock smartcard: %s", sc_strerror(r));
- goto err;
- }
-- if (sc_pin != NULL) {
-- r = sc_pkcs15_verify_pin(p15card, pin, sc_pin,
-- strlen(sc_pin));
-- if (r) {
-- sc_unlock(card);
-- error("PIN code verification failed: %s",
-- sc_strerror(r));
-- goto err;
-- }
-+ r = sc_pkcs15_verify_pin(p15card, pin, passphrase,
-+ strlen(passphrase));
-+ if (r) {
-+ sc_unlock(card);
-+ error("PIN code verification failed: %s",
-+ sc_strerror(r));
-+ goto err;
- }
-+
- *key_obj_out = key_obj;
-+ if (!sc_pin) {
-+ memset(passphrase, 0, strlen(passphrase));
-+ xfree(passphrase);
-+ }
- return 0;
- err:
-+ if (!sc_pin && passphrase) {
-+ memset(passphrase, 0, strlen(passphrase));
-+ xfree(passphrase);
-+ }
- sc_close();
- return -1;
- }
-Index: scard.c
-===================================================================
-RCS file: /cvs/openssh/scard.c,v
-retrieving revision 1.27
-diff -u -r1.27 scard.c
---- scard.c 18 Jun 2003 10:28:40 -0000 1.27
-+++ scard.c 27 Aug 2003 11:42:02 -0000
-@@ -35,6 +35,9 @@
- #include "readpass.h"
- #include "scard.h"
-
-+/* currently unused */
-+int ask_for_pin = 0;
-+
- #if OPENSSL_VERSION_NUMBER < 0x00907000L
- #define USE_ENGINE
- #define RSA_get_default_method RSA_get_default_openssl_method
-Index: scard.h
-===================================================================
-RCS file: /cvs/openssh/scard.h,v
-retrieving revision 1.10
-diff -u -r1.10 scard.h
---- scard.h 18 Jun 2003 10:28:40 -0000 1.10
-+++ scard.h 27 Aug 2003 11:42:02 -0000
-@@ -33,6 +33,8 @@
- #define SCARD_ERROR_NOCARD -2
- #define SCARD_ERROR_APPLET -3
-
-+extern int ask_for_pin;
-+
- Key **sc_get_keys(const char *, const char *);
- void sc_close(void);
- int sc_put_key(Key *, const char *);
-Index: ssh.c
-===================================================================
-RCS file: /cvs/openssh/ssh.c,v
-retrieving revision 1.180
-diff -u -r1.180 ssh.c
---- ssh.c 21 Aug 2003 23:34:41 -0000 1.180
-+++ ssh.c 27 Aug 2003 11:42:02 -0000
-@@ -1155,6 +1155,9 @@
- #ifdef SMARTCARD
- Key **keys;
-
-+ if (!options.batch_mode)
-+ ask_for_pin = 1;
-+
- if (options.smartcard_device != NULL &&
- options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
- (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) {
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch.bz2
new file mode 100644
index 000000000000..7415c6ee1c30
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8.1_p1-opensc.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch b/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch
deleted file mode 100644
index 2de0cca0ed96..000000000000
--- a/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- configure.ac 2004-02-24 21:03:30.717786642 +0000
-+++ configure.ac 2004-02-24 21:33:37.936501897 +0000
-@@ -2055,7 +2055,9 @@
- [
- # Needed by our getrrsetbyname()
- AC_SEARCH_LIBS(res_query, resolv)
-+ AC_SEARCH_LIBS(__res_query, resolv)
- AC_SEARCH_LIBS(dn_expand, resolv)
-+ AC_SEARCH_LIBS(__dn_expand, resolv)
- AC_CHECK_FUNCS(_getshort _getlong)
- AC_CHECK_MEMBER(HEADER.ad,
- [AC_DEFINE(HAVE_HEADER_AD)],,
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch.bz2
new file mode 100644
index 000000000000..af4b3ac7537a
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8.1_p1-resolv_functions.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch b/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch
deleted file mode 100644
index 133635574c8d..000000000000
--- a/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- configure.ac 2004-02-24 21:07:25.510177659 +0000
-+++ configure.ac 2004-02-24 21:03:30.717786642 +0000
-@@ -721,7 +721,7 @@
- [
- #include <stdio.h>
- #include <skey.h>
--int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
-+int main() { char *ff = "true"; ff=""; exit(0); }
- ],
- [AC_MSG_RESULT(yes)],
- [
diff --git a/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch.bz2
new file mode 100644
index 000000000000..2c403f8dc079
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8.1_p1-skey.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch b/net-misc/openssh/files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch
deleted file mode 100644
index 3e9dd1f4e798..000000000000
--- a/net-misc/openssh/files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch
+++ /dev/null
@@ -1,755 +0,0 @@
-diff -ru openssh-3.8.1p1/servconf.c openssh-3.8.1p1_sftp/servconf.c
---- openssh-3.8.1p1/servconf.c 2004-01-23 11:03:10.000000000 +0000
-+++ openssh-3.8.1p1_sftp/servconf.c 2004-08-18 21:28:18.564861272 +0000
-@@ -102,6 +102,15 @@
- options->authorized_keys_file = NULL;
- options->authorized_keys_file2 = NULL;
-
-+ options->log_sftp = LOG_SFTP_NOT_SET;
-+ options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET;
-+ options->sftp_log_level = SYSLOG_LEVEL_NOT_SET;
-+
-+ memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH);
-+
-+ options->sftp_permit_chmod = SFTP_PERMIT_NOT_SET;
-+ options->sftp_permit_chown = SFTP_PERMIT_NOT_SET;
-+
- /* Needs to be accessable in many places */
- use_privsep = -1;
- }
-@@ -109,7 +118,7 @@
- void
- fill_default_server_options(ServerOptions *options)
- {
-- /* Portable-specific options */
-+/* Portable-specific options */
- if (options->use_pam == -1)
- options->use_pam = 0;
-
-@@ -228,6 +237,24 @@
- if (options->authorized_keys_file == NULL)
- options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
-
-+ /* Turn sftp-server logging off by default */
-+ if (options->log_sftp == LOG_SFTP_NOT_SET)
-+ options->log_sftp = LOG_SFTP_NO;
-+ if (options->sftp_log_facility == SYSLOG_FACILITY_NOT_SET)
-+ options->sftp_log_facility = SYSLOG_FACILITY_AUTH;
-+ if (options->sftp_log_level == SYSLOG_LEVEL_NOT_SET)
-+ options->sftp_log_level = SYSLOG_LEVEL_INFO;
-+
-+ /* Don't set sftp-server umask */
-+ if (!options->sftp_umask)
-+ memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH);
-+
-+ /* allow sftp client to issue chmod, chown / chgrp commands */
-+ if (options->sftp_permit_chmod == SFTP_PERMIT_NOT_SET)
-+ options->sftp_permit_chmod = SFTP_PERMIT_YES;
-+ if (options->sftp_permit_chown == SFTP_PERMIT_NOT_SET)
-+ options->sftp_permit_chown = SFTP_PERMIT_YES;
-+
- /* Turn privilege separation on by default */
- if (use_privsep == -1)
- use_privsep = 1;
-@@ -249,6 +276,9 @@
- /* Portable-specific options */
- sUsePAM,
- /* Standard Options */
-+ sLogSftp, sSftpLogFacility, sSftpLogLevel,
-+ sSftpUmask,
-+ sSftpPermitChown, sSftpPermitChmod,
- sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
- sPermitRootLogin, sLogFacility, sLogLevel,
- sRhostsRSAAuthentication, sRSAAuthentication,
-@@ -334,6 +364,12 @@
- { "printmotd", sPrintMotd },
- { "printlastlog", sPrintLastLog },
- { "ignorerhosts", sIgnoreRhosts },
-+ { "logsftp", sLogSftp},
-+ { "sftplogfacility", sSftpLogFacility},
-+ { "sftploglevel", sSftpLogLevel},
-+ { "sftpumask", sSftpUmask},
-+ { "sftppermitchmod", sSftpPermitChmod},
-+ { "sftppermitchown", sSftpPermitChown},
- { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
- { "x11forwarding", sX11Forwarding },
- { "x11displayoffset", sX11DisplayOffset },
-@@ -431,6 +467,8 @@
- char *cp, **charptr, *arg, *p;
- int *intptr, value, i, n;
- ServerOpCodes opcode;
-+ unsigned int umaskvalue = 0;
-+ char *umaskptr;
-
- cp = line;
- arg = strdelim(&cp);
-@@ -871,6 +909,58 @@
- case sBanner:
- charptr = &options->banner;
- goto parse_filename;
-+
-+ case sLogSftp:
-+ intptr = &options->log_sftp;
-+ goto parse_flag;
-+
-+ case sSftpLogFacility:
-+ intptr = (int *) &options->sftp_log_facility;
-+ arg = strdelim(&cp);
-+ value = log_facility_number(arg);
-+ if (value == SYSLOG_FACILITY_NOT_SET)
-+ fatal("%.200s line %d: unsupported log facility '%s'",
-+ filename, linenum, arg ? arg : "<NONE>");
-+ if (*intptr == -1)
-+ *intptr = (SyslogFacility) value;
-+ break;
-+
-+ case sSftpLogLevel:
-+ intptr = (int *) &options->sftp_log_level;
-+ arg = strdelim(&cp);
-+ value = log_level_number(arg);
-+ if (value == SYSLOG_LEVEL_NOT_SET)
-+ fatal("%.200s line %d: unsupported log level '%s'",
-+ filename, linenum, arg ? arg : "<NONE>");
-+ if (*intptr == -1)
-+ *intptr = (LogLevel) value;
-+ break;
-+
-+ case sSftpUmask:
-+ arg = strdelim(&cp);
-+ umaskptr = arg;
-+ while (*arg && *arg >= '0' && *arg <= '9')
-+ umaskvalue = umaskvalue * 8 + *arg++ - '0';
-+ if (*arg || umaskvalue > 0777)
-+ fatal("%s line %d: bad value for umask",
-+ filename, linenum);
-+ else {
-+ while (*umaskptr && *umaskptr == '0')
-+ *umaskptr++;
-+ strncpy(options->sftp_umask, umaskptr,
-+ SFTP_UMASK_LENGTH);
-+ }
-+
-+ break;
-+
-+ case sSftpPermitChmod:
-+ intptr = &options->sftp_permit_chmod;
-+ goto parse_flag;
-+
-+ case sSftpPermitChown:
-+ intptr = &options->sftp_permit_chown;
-+ goto parse_flag;
-+
- /*
- * These options can contain %X options expanded at
- * connect time, so that you can specify paths like:
-@@ -913,6 +1003,7 @@
- if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
- fatal("%s line %d: garbage at end of line; \"%.200s\".",
- filename, linenum, arg);
-+
- return 0;
- }
-
-Only in openssh-3.8.1p1_sftp/: servconf.c.orig
-diff -ru openssh-3.8.1p1/servconf.h openssh-3.8.1p1_sftp/servconf.h
---- openssh-3.8.1p1/servconf.h 2003-12-31 00:37:34.000000000 +0000
-+++ openssh-3.8.1p1_sftp/servconf.h 2004-08-18 21:30:53.354147322 +0000
-@@ -13,6 +13,19 @@
- * called by a name other than "ssh" or "Secure Shell".
- */
-
-+/* sftp-server logging */
-+#define LOG_SFTP_NOT_SET -1
-+#define LOG_SFTP_NO 0
-+#define LOG_SFTP_YES 1
-+
-+/* sftp-server umask control */
-+#define SFTP_UMASK_LENGTH 5
-+
-+/* sftp-server client priviledge */
-+#define SFTP_PERMIT_NOT_SET -1
-+#define SFTP_PERMIT_NO 0
-+#define SFTP_PERMIT_YES 1
-+
- #ifndef SERVCONF_H
- #define SERVCONF_H
-
-@@ -94,6 +107,12 @@
- int use_login; /* If true, login(1) is used */
- int compression; /* If true, compression is allowed */
- int allow_tcp_forwarding;
-+ int log_sftp; /* perform sftp-server logging */
-+ SyslogFacility sftp_log_facility; /* Facility for sftp subsystem logging. */
-+ LogLevel sftp_log_level; /* Level for sftp subsystem logging. */
-+ char sftp_umask[SFTP_UMASK_LENGTH]; /* Sftp Umask */
-+ int sftp_permit_chmod;
-+ int sftp_permit_chown;
- u_int num_allow_users;
- char *allow_users[MAX_ALLOW_USERS];
- u_int num_deny_users;
-Only in openssh-3.8.1p1_sftp/: servconf.h.orig
-diff -ru openssh-3.8.1p1/session.c openssh-3.8.1p1_sftp/session.c
---- openssh-3.8.1p1/session.c 2004-04-16 12:47:55.000000000 +0000
-+++ openssh-3.8.1p1_sftp/session.c 2004-08-18 21:06:14.440083846 +0000
-@@ -112,6 +112,15 @@
-
- static int is_child = 0;
-
-+/* so SFTP_LOG_FACILITY and SFTP_LOG_LEVEL can be passed through the
-+ environment to the sftp-server subsystem. */
-+static const char *sysfac_to_int[] = { "0", "1", "2", "3", "4", "5", "6",
-+ "7", "8", "9", "10", "11", "-1" };
-+static const char *syslevel_to_int[] = { "0", "1", "2", "3", "4", "5", "6",
-+ "7", "-1" };
-+
-+static char *sftpumask;
-+
- /* Name and directory of socket for authentication agent forwarding. */
- static char *auth_sock_name = NULL;
- static char *auth_sock_dir = NULL;
-@@ -979,6 +988,7 @@
- env = xmalloc(envsize * sizeof(char *));
- env[0] = NULL;
-
-+
- #ifdef HAVE_CYGWIN
- /*
- * The Windows environment contains some setting which are
-@@ -1119,6 +1129,67 @@
- child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
- auth_sock_name);
-
-+ /* LOG_SFTP */
-+ if (options.log_sftp == -1 )
-+ child_set_env(&env, &envsize, "LOG_SFTP", "-1");
-+ else if (options.log_sftp == 0)
-+ child_set_env(&env, &envsize, "LOG_SFTP", "0");
-+ else
-+ child_set_env(&env, &envsize, "LOG_SFTP", "1");
-+
-+ /* SFTP_LOG_FACILITY */
-+ if (options.sftp_log_facility < 0)
-+ child_set_env(&env, &envsize, "SFTP_LOG_FACILITY",
-+ "-1");
-+ else
-+ child_set_env(&env, &envsize, "SFTP_LOG_FACILITY",
-+ sysfac_to_int[options.sftp_log_facility]);
-+
-+ /* SFTP_LOG_LEVEL */
-+ if (options.sftp_log_level < 0)
-+ child_set_env(&env, &envsize, "SFTP_LOG_LEVEL",
-+ "-1");
-+ else
-+ child_set_env(&env, &envsize, "SFTP_LOG_LEVEL",
-+ syslevel_to_int[options.sftp_log_level]);
-+
-+ /* SFTP_UMASK */
-+
-+ if (options.sftp_umask[0] == '\0')
-+ child_set_env(&env, &envsize, "SFTP_UMASK",
-+ "" );
-+ else {
-+ if (!(sftpumask = calloc(SFTP_UMASK_LENGTH,1))) {
-+
-+logit("session.c: unabled to allocate memory for SftpUmask. SftpUmask control \
-+will be turned off.");
-+
-+ child_set_env(&env, &envsize, "SFTP_UMASK",
-+ "" );
-+ } else {
-+ strncpy(sftpumask, options.sftp_umask,
-+ SFTP_UMASK_LENGTH);
-+ child_set_env(&env, &envsize, "SFTP_UMASK",
-+ sftpumask );
-+ }
-+ }
-+
-+ /* SFTP_PERMIT_CHMOD */
-+ if (options.sftp_permit_chmod == -1 )
-+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "-1");
-+ else if (options.sftp_permit_chmod == 0)
-+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "0");
-+ else
-+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "1");
-+
-+ /* SFTP_PERMIT_CHOWN */
-+ if (options.sftp_permit_chown == -1 )
-+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "-1");
-+ else if (options.sftp_permit_chown == 0)
-+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "0");
-+ else
-+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "1");
-+
- /* read $HOME/.ssh/environment. */
- if (options.permit_user_env && !options.use_login) {
- snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
-Only in openssh-3.8.1p1_sftp/: session.c.orig
-diff -ru openssh-3.8.1p1/sftp-server.8 openssh-3.8.1p1_sftp/sftp-server.8
---- openssh-3.8.1p1/sftp-server.8 2003-10-15 05:50:43.000000000 +0000
-+++ openssh-3.8.1p1_sftp/sftp-server.8 2004-08-18 21:06:14.441083601 +0000
-@@ -42,12 +42,27 @@
- option.
- See
- .Xr sshd_config 5
-+for more information. Sftp-server transactions may be logged
-+using the
-+.Cm LogSftp ,
-+.Cm SftpLogFacility ,
-+and
-+.Cm SftpLogLevel
-+options. The administrator may exert control over the file and directory
-+permission and ownership, with
-+.Cm SftpUmask ,
-+.Cm SftpPermitChmod ,
-+and
-+.Cm SftpPermitChown
-+. See
-+.Xr sshd_config 5
- for more information.
- .Sh SEE ALSO
- .Xr sftp 1 ,
- .Xr ssh 1 ,
- .Xr sshd_config 5 ,
--.Xr sshd 8
-+.Xr sshd 8,
-+.Xr sshd_config 5
- .Rs
- .%A T. Ylonen
- .%A S. Lehtinen
-diff -ru openssh-3.8.1p1/sftp-server.c openssh-3.8.1p1_sftp/sftp-server.c
---- openssh-3.8.1p1/sftp-server.c 2004-02-23 22:19:15.000000000 +0000
-+++ openssh-3.8.1p1_sftp/sftp-server.c 2004-08-18 21:06:14.443083113 +0000
-@@ -31,6 +31,13 @@
- #define get_string(lenp) buffer_get_string(&iqueue, lenp);
- #define TRACE debug
-
-+/* SFTP_UMASK */
-+static mode_t setumask = 0;
-+
-+static int permit_chmod = 1;
-+static int permit_chown = 1;
-+static int permit_logging = 0;
-+
- #ifdef HAVE___PROGNAME
- extern char *__progname;
- #else
-@@ -385,6 +392,14 @@
- a = get_attrib();
- flags = flags_from_portable(pflags);
- mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
-+
-+ if (setumask != 0) {
-+ if ( permit_logging == 1 )
-+ logit("setting file creation mode to 0666 and umask to %o", setumask);
-+ mode = 0666;
-+ umask(setumask);
-+ }
-+
- TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
- fd = open(name, flags, mode);
- if (fd < 0) {
-@@ -398,6 +413,8 @@
- status = SSH2_FX_OK;
- }
- }
-+ if ( permit_logging == 1 )
-+ logit("open %s", name);
- if (status != SSH2_FX_OK)
- send_status(id, status);
- xfree(name);
-@@ -434,6 +451,7 @@
- (u_int64_t)off, len);
- if (len > sizeof buf) {
- len = sizeof buf;
-+ if ( permit_logging == 1 )
- logit("read change len %d", len);
- }
- fd = handle_to_fd(handle);
-@@ -453,6 +471,8 @@
- }
- }
- }
-+ if ( permit_logging == 1 )
-+ logit("reading file");
- if (status != SSH2_FX_OK)
- send_status(id, status);
- }
-@@ -487,10 +507,13 @@
- } else if (ret == len) {
- status = SSH2_FX_OK;
- } else {
-+ if ( permit_logging == 1 )
- logit("nothing at all written");
- }
- }
- }
-+ if ( permit_logging == 1 )
-+ logit("writing file");
- send_status(id, status);
- xfree(data);
- }
-@@ -583,24 +606,46 @@
- a = get_attrib();
- TRACE("setstat id %u name %s", id, name);
- if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
-+if ( permit_logging == 1 )
-+logit("process_setstat: truncate");
- ret = truncate(name, a->size);
- if (ret == -1)
- status = errno_to_portable(errno);
- }
- if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
-- ret = chmod(name, a->perm & 0777);
-- if (ret == -1)
-- status = errno_to_portable(errno);
-+ if (permit_chmod == 1) {
-+ ret = chmod(name, a->perm & 0777);
-+ if (ret == -1)
-+ status = errno_to_portable(errno);
-+ else
-+ if ( permit_logging == 1 )
-+ logit("chmod'ed %s", name);
-+ } else {
-+ status = SSH2_FX_PERMISSION_DENIED;
-+ if ( permit_logging == 1 )
-+ logit("chmod %s: operation prohibited by sftp-server configuration.", name);
-+ }
- }
- if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
-+if ( permit_logging == 1 )
-+logit("process_setstat: utimes");
- ret = utimes(name, attrib_to_tv(a));
- if (ret == -1)
- status = errno_to_portable(errno);
- }
- if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
-- ret = chown(name, a->uid, a->gid);
-- if (ret == -1)
-- status = errno_to_portable(errno);
-+ if (permit_chown == 1) {
-+ ret = chown(name, a->uid, a->gid);
-+ if (ret == -1)
-+ status = errno_to_portable(errno);
-+ else
-+ if ( permit_logging == 1 )
-+ logit("chown'ed %s.", name);
-+ } else {
-+ status = SSH2_FX_PERMISSION_DENIED;
-+ if ( permit_logging == 1 )
-+ logit("chown %s: operation prohibited by sftp-server configuration.", name);
-+ }
- }
- send_status(id, status);
- xfree(name);
-@@ -615,6 +660,9 @@
- int status = SSH2_FX_OK;
- char *name;
-
-+if ( permit_logging == 1 )
-+logit("process_fsetstat");
-+
- id = get_int();
- handle = get_handle();
- a = get_attrib();
-@@ -625,20 +673,33 @@
- status = SSH2_FX_FAILURE;
- } else {
- if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
-+if ( permit_logging == 1 )
-+logit("process_fsetstat: ftruncate");
- ret = ftruncate(fd, a->size);
- if (ret == -1)
- status = errno_to_portable(errno);
- }
- if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
-+ if (permit_chmod == 1) {
- #ifdef HAVE_FCHMOD
-- ret = fchmod(fd, a->perm & 0777);
-+ ret = fchmod(fd, a->perm & 0777);
- #else
-- ret = chmod(name, a->perm & 0777);
-+ ret = chmod(name, a->perm & 0777);
- #endif
-- if (ret == -1)
-- status = errno_to_portable(errno);
-+ if (ret == -1)
-+ status = errno_to_portable(errno);
-+ else
-+ if ( permit_logging == 1 )
-+ logit("chmod: succeeded.");
-+ } else {
-+ status = SSH2_FX_PERMISSION_DENIED;
-+ if ( permit_logging == 1 )
-+ logit("chmod: operation prohibited by sftp-server configuration.");
-+ }
- }
- if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
-+if ( permit_logging == 1 )
-+logit("process_fsetstat: utimes");
- #ifdef HAVE_FUTIMES
- ret = futimes(fd, attrib_to_tv(a));
- #else
-@@ -648,13 +709,22 @@
- status = errno_to_portable(errno);
- }
- if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
-+ if (permit_chown == 1) {
- #ifdef HAVE_FCHOWN
-- ret = fchown(fd, a->uid, a->gid);
-+ ret = fchown(fd, a->uid, a->gid);
- #else
-- ret = chown(name, a->uid, a->gid);
-+ ret = chown(name, a->uid, a->gid);
- #endif
-- if (ret == -1)
-- status = errno_to_portable(errno);
-+ if (ret == -1)
-+ status = errno_to_portable(errno);
-+ else
-+ if ( permit_logging == 1 )
-+ logit("chown: succeeded");
-+ } else {
-+ status = SSH2_FX_PERMISSION_DENIED;
-+ if ( permit_logging == 1 )
-+ logit("chown: operation prohibited by sftp-server configuration.");
-+ }
- }
- }
- send_status(id, status);
-@@ -684,6 +754,8 @@
- }
-
- }
-+ if ( permit_logging == 1 )
-+ logit("opendir %s", path);
- if (status != SSH2_FX_OK)
- send_status(id, status);
- xfree(path);
-@@ -757,6 +829,8 @@
- TRACE("remove id %u name %s", id, name);
- ret = unlink(name);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
-+ if ( permit_logging == 1 )
-+ logit("remove file %s", name);
- send_status(id, status);
- xfree(name);
- }
-@@ -774,9 +848,19 @@
- a = get_attrib();
- mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
- a->perm & 0777 : 0777;
-+
-+ if (setumask != 0) {
-+ if ( permit_logging == 1 )
-+ logit("setting directory creation mode to 0777 and umask to %o.", setumask);
-+ mode = 0777;
-+ umask(setumask);
-+ }
-+
- TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
- ret = mkdir(name, mode);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
-+ if ( permit_logging == 1 )
-+ logit("mkdir %s", name);
- send_status(id, status);
- xfree(name);
- }
-@@ -793,6 +877,8 @@
- TRACE("rmdir id %u name %s", id, name);
- ret = rmdir(name);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
-+ if ( permit_logging == 1 )
-+ logit("rmdir %s", name);
- send_status(id, status);
- xfree(name);
- }
-@@ -819,6 +905,8 @@
- s.name = s.long_name = resolvedname;
- send_names(id, 1, &s);
- }
-+ if ( permit_logging == 1 )
-+ logit("realpath %s", path);
- xfree(path);
- }
-
-@@ -854,6 +942,8 @@
- status = SSH2_FX_OK;
- }
- send_status(id, status);
-+ if ( permit_logging == 1 )
-+ logit("rename old %s new %s", oldpath, newpath);
- xfree(oldpath);
- xfree(newpath);
- }
-@@ -879,6 +969,8 @@
- s.name = s.long_name = link;
- send_names(id, 1, &s);
- }
-+ if ( permit_logging == 1 )
-+ logit("readlink %s", path);
- xfree(path);
- }
-
-@@ -897,6 +989,8 @@
- ret = symlink(oldpath, newpath);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- send_status(id, status);
-+ if ( permit_logging == 1 )
-+ logit("symlink old %s new %s", oldpath, newpath);
- xfree(oldpath);
- xfree(newpath);
- }
-@@ -1018,6 +1112,8 @@
- {
- fd_set *rset, *wset;
- int in, out, max;
-+ unsigned int val = 0;
-+ char *umask_env;
- ssize_t len, olen, set_size;
-
- /* XXX should use getopt */
-@@ -1025,10 +1121,53 @@
- __progname = ssh_get_progname(av[0]);
- handle_init();
-
-+ /* Transaction logging */
-+
-+ if (atoi(getenv("LOG_SFTP")) == 1)
-+ {
-+ permit_logging = 1;
-+ log_init("sftp-server", atoi(getenv("SFTP_LOG_LEVEL")),
-+ atoi(getenv("SFTP_LOG_FACILITY")), 0);
-+ };
-+
-+
- #ifdef DEBUG_SFTP_SERVER
- log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
- #endif
-
-+ if ( permit_logging == 1 )
-+ logit("Starting sftp-server logging for user %s.", getenv("USER"));
-+
-+ /* Umask control */
-+
-+ umask_env = getenv("SFTP_UMASK");
-+ while (*umask_env && *umask_env >= '0' && *umask_env <= '9')
-+ val = val * 8 + *umask_env++ - '0';
-+
-+ if (*umask_env || val > 0777 || val == 0) {
-+ if ( permit_logging == 1 )
-+ logit("bad value %o for SFTP_UMASK, turning umask control off.", val);
-+ setumask = 0;
-+ } else {
-+ if ( permit_logging == 1 )
-+ logit("umask control is on.");
-+ setumask = val;
-+ };
-+
-+
-+ /* Sensitive client commands */
-+
-+ if (atoi(getenv("SFTP_PERMIT_CHMOD")) != 1) {
-+ permit_chmod = 0;
-+ if ( permit_logging == 1 )
-+ logit("client is not permitted to chmod.");
-+ };
-+ if (atoi(getenv("SFTP_PERMIT_CHOWN")) != 1) {
-+ permit_chown = 0;
-+ if ( permit_logging == 1 )
-+ logit("client is not permitted to chown.");
-+ };
-+
- in = dup(STDIN_FILENO);
- out = dup(STDOUT_FILENO);
-
-@@ -1071,6 +1210,8 @@
- len = read(in, buf, sizeof buf);
- if (len == 0) {
- debug("read eof");
-+ if ( permit_logging == 1 )
-+ logit("sftp-server finished.");
- exit(0);
- } else if (len < 0) {
- error("read error");
-Only in openssh-3.8.1p1_sftp/: sftp-server.c.orig
-diff -ru openssh-3.8.1p1/sshd_config openssh-3.8.1p1_sftp/sshd_config
---- openssh-3.8.1p1/sshd_config 2003-12-31 00:38:32.000000000 +0000
-+++ openssh-3.8.1p1_sftp/sshd_config 2004-08-18 21:06:14.443083113 +0000
-@@ -95,3 +95,14 @@
-
- # override default of no subsystems
- Subsystem sftp /usr/libexec/sftp-server
-+
-+# sftp-server logging
-+#LogSftp no
-+#SftpLogFacility AUTH
-+#SftpLogLevel INFO
-+
-+# sftp-server umask control
-+#SftpUmask
-+
-+#SftpPermitChmod yes
-+#SftpPermitChown yes
-diff -ru openssh-3.8.1p1/sshd_config.5 openssh-3.8.1p1_sftp/sshd_config.5
---- openssh-3.8.1p1/sshd_config.5 2004-04-14 03:04:36.000000000 +0000
-+++ openssh-3.8.1p1_sftp/sshd_config.5 2004-08-18 21:06:14.444082869 +0000
-@@ -379,6 +379,10 @@
- DEBUG and DEBUG1 are equivalent.
- DEBUG2 and DEBUG3 each specify higher levels of debugging output.
- Logging with a DEBUG level violates the privacy of users and is not recommended.
-+.It Cm LogSftp
-+Specifies whether to perform logging of
-+.Nm sftp-server
-+subsystem transactions. Must be "yes" or "no." The default value is "no."
- .It Cm MACs
- Specifies the available MAC (message authentication code) algorithms.
- The MAC algorithm is used in protocol version 2
-@@ -533,6 +537,37 @@
- .It Cm ServerKeyBits
- Defines the number of bits in the ephemeral protocol version 1 server key.
- The minimum value is 512, and the default is 768.
-+.It Cm SftpLogFacility
-+Gives the facility code that is used when logging
-+.Nm sftp-server .
-+transactions. The possible values are: DAEMON, USER, AUTH, LOCAL0,
-+LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
-+The default is AUTH.
-+.It Cm SftpLogLevel
-+Gives the verbosity level that is used when logging messages from
-+.Nm sftp-server .
-+The possible values are:
-+QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
-+The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
-+and DEBUG3 each specify higher levels of debugging output.
-+Logging with a DEBUG level violates the privacy of users
-+and is not recommended.
-+.It Cm SftpPermitChmod
-+Specifies whether the sftp-server allows the sftp client to execute chmod
-+commands on the server. The default is yes.
-+.It Cm SftpPermitChown
-+Specifies whether the sftp-server allows the sftp client to execute chown
-+or chgrp commands on the server. Turning this value on means that the client
-+is allowed to execute both chown and chgrp commands. Turning it off means that
-+the client is prohibited from executing either chown or chgrp.
-+ The default is yes.
-+.It Cm SftpUmask
-+Specifies an optional umask for
-+.Nm sftp-server
-+subsystem transactions. If a umask is given, this umask will override all system,
-+environment or sftp client permission modes. If
-+no umask or an invalid umask is given, file creation mode defaults to the permission
-+mode specified by the sftp client. The default is for no umask.
- .It Cm StrictModes
- Specifies whether
- .Nm sshd
-Only in openssh-3.8.1p1_sftp/: sshd_config.5.orig
-Only in openssh-3.8.1p1_sftp/: sshd_config.orig
-diff -ru openssh-3.8.1p1/version.h openssh-3.8.1p1_sftp/version.h
---- openssh-3.8.1p1/version.h 2004-03-21 22:39:10.000000000 +0000
-+++ openssh-3.8.1p1_sftp/version.h 2004-08-18 21:06:14.436084823 +0000
-@@ -1,3 +1,3 @@
- /* $OpenBSD: version.h,v 1.41 2004/03/20 10:40:59 markus Exp $ */
-
--#define SSH_VERSION "OpenSSH_3.8.1p1"
-+#define SSH_VERSION "OpenSSH_3.8.1p1+sftplogging-v1.2"
-Only in openssh-3.8.1p1_sftp/: version.h.orig
diff --git a/net-misc/openssh/files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch.bz2 b/net-misc/openssh/files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch.bz2
new file mode 100644
index 000000000000..5b07d79a808e
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8.1p1-sftplogging-1.2-gentoo.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8_p1-chroot.patch b/net-misc/openssh/files/openssh-3.8_p1-chroot.patch
deleted file mode 100644
index 13625995a88e..000000000000
--- a/net-misc/openssh/files/openssh-3.8_p1-chroot.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-################################################################################
-################################################################################
-# #
-# Original patch by Ricardo Cerqueira <rmcc@clix.pt> #
-# #
-# Updated by James Dennis <james@firstaidmusic.com> for openssh-3.7.1p2 #
-# #
-# A patch to cause sshd to chroot when it encounters the magic token #
-# '/./' in a users home directory. The directory portion before the #
-# token is the directory to chroot() to, the portion after the #
-# token is the user's home directory relative to the new root. #
-# #
-# Patch source using: patch -p0 < /path/to/patch #
-# #
-# Systems with a bad diff (doesn't understand -u or -N) should use gnu diff. #
-# Solaris may store this as gdiff under /opt/sfw/bin. I can't say much about #
-# other systems (unless you email me your experiences!). #
-# #
-################################################################################
-################################################################################
-
-diff -uNr openssh-3.7.1p2/session.c openssh-3.7.1p2-chroot/session.c
---- openssh-3.7.1p2/session.c Tue Sep 23 04:59:08 2003
-+++ openssh-3.7.1p2-chroot/session.c Fri Sep 26 13:42:52 2003
-@@ -58,6 +58,8 @@
- #include "session.h"
- #include "monitor_wrap.h"
-
-+#define CHROOT
-+
- #ifdef GSSAPI
- #include "ssh-gss.h"
- #endif
-@@ -1231,6 +1233,12 @@
- void
- do_setusercontext(struct passwd *pw)
- {
-+
-+#ifdef CHROOT
-+ char *user_dir;
-+ char *new_root;
-+#endif /* CHROOT */
-+
- #ifndef HAVE_CYGWIN
- if (getuid() == 0 || geteuid() == 0)
- #endif /* HAVE_CYGWIN */
-@@ -1268,6 +1276,27 @@
- exit(1);
- }
- endgrent();
-+
-+#ifdef CHROOT
-+ user_dir = xstrdup(pw->pw_dir);
-+ new_root = user_dir + 1;
-+
-+ while((new_root = strchr(new_root, '.')) != NULL) {
-+ new_root--;
-+ if(strncmp(new_root, "/./", 3) == 0) {
-+ *new_root = '\0';
-+ new_root += 2;
-+
-+ if(chroot(user_dir) != 0)
-+ fatal("Couldn't chroot to user directory % s", user_dir);
-+ pw->pw_dir = new_root;
-+ break;
-+ }
-+ new_root += 2;
-+ }
-+#endif /* CHROOT */
-+
-+
- # ifdef USE_PAM
- /*
- * PAM credentials may take the form of supplementary groups.
diff --git a/net-misc/openssh/files/openssh-3.8_p1-chroot.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-chroot.patch.bz2
new file mode 100644
index 000000000000..f1a759d5c205
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8_p1-chroot.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch b/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch
deleted file mode 100644
index 2d0694f0cc7e..000000000000
--- a/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch
+++ /dev/null
@@ -1,19 +0,0 @@
---- configure.ac 2004-02-24 21:05:46.781403118 +0000
-+++ configure.ac 2004-02-24 21:03:30.717786642 +0000
-@@ -2102,14 +2102,14 @@
- )
- else
- AC_MSG_RESULT(no)
-- CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
-+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include -I/usr/include/heimdal -I/usr/include/gssapi"
- LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
- AC_MSG_CHECKING(whether we are using Heimdal)
- AC_TRY_COMPILE([ #include <krb5.h> ],
- [ char *tmp = heimdal_version; ],
- [ AC_MSG_RESULT(yes)
- AC_DEFINE(HEIMDAL)
-- K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
-+ K5LIBS="-lkrb5 -lcom_err -lasn1 -lroken -lresolv"
- ],
- [ AC_MSG_RESULT(no)
- K5LIBS="-lkrb5 -lk5crypto -lcom_err"
diff --git a/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch.bz2
new file mode 100644
index 000000000000..8f04e301049f
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8_p1-kerberos.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch b/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch
deleted file mode 100644
index 2de0cca0ed96..000000000000
--- a/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- configure.ac 2004-02-24 21:03:30.717786642 +0000
-+++ configure.ac 2004-02-24 21:33:37.936501897 +0000
-@@ -2055,7 +2055,9 @@
- [
- # Needed by our getrrsetbyname()
- AC_SEARCH_LIBS(res_query, resolv)
-+ AC_SEARCH_LIBS(__res_query, resolv)
- AC_SEARCH_LIBS(dn_expand, resolv)
-+ AC_SEARCH_LIBS(__dn_expand, resolv)
- AC_CHECK_FUNCS(_getshort _getlong)
- AC_CHECK_MEMBER(HEADER.ad,
- [AC_DEFINE(HAVE_HEADER_AD)],,
diff --git a/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch.bz2
new file mode 100644
index 000000000000..af4b3ac7537a
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8_p1-resolv_functions.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.8_p1-skey.patch b/net-misc/openssh/files/openssh-3.8_p1-skey.patch
deleted file mode 100644
index 133635574c8d..000000000000
--- a/net-misc/openssh/files/openssh-3.8_p1-skey.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- configure.ac 2004-02-24 21:07:25.510177659 +0000
-+++ configure.ac 2004-02-24 21:03:30.717786642 +0000
-@@ -721,7 +721,7 @@
- [
- #include <stdio.h>
- #include <skey.h>
--int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
-+int main() { char *ff = "true"; ff=""; exit(0); }
- ],
- [AC_MSG_RESULT(yes)],
- [
diff --git a/net-misc/openssh/files/openssh-3.8_p1-skey.patch.bz2 b/net-misc/openssh/files/openssh-3.8_p1-skey.patch.bz2
new file mode 100644
index 000000000000..2c403f8dc079
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.8_p1-skey.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.9_p1-chroot.patch b/net-misc/openssh/files/openssh-3.9_p1-chroot.patch
deleted file mode 100644
index 13625995a88e..000000000000
--- a/net-misc/openssh/files/openssh-3.9_p1-chroot.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-################################################################################
-################################################################################
-# #
-# Original patch by Ricardo Cerqueira <rmcc@clix.pt> #
-# #
-# Updated by James Dennis <james@firstaidmusic.com> for openssh-3.7.1p2 #
-# #
-# A patch to cause sshd to chroot when it encounters the magic token #
-# '/./' in a users home directory. The directory portion before the #
-# token is the directory to chroot() to, the portion after the #
-# token is the user's home directory relative to the new root. #
-# #
-# Patch source using: patch -p0 < /path/to/patch #
-# #
-# Systems with a bad diff (doesn't understand -u or -N) should use gnu diff. #
-# Solaris may store this as gdiff under /opt/sfw/bin. I can't say much about #
-# other systems (unless you email me your experiences!). #
-# #
-################################################################################
-################################################################################
-
-diff -uNr openssh-3.7.1p2/session.c openssh-3.7.1p2-chroot/session.c
---- openssh-3.7.1p2/session.c Tue Sep 23 04:59:08 2003
-+++ openssh-3.7.1p2-chroot/session.c Fri Sep 26 13:42:52 2003
-@@ -58,6 +58,8 @@
- #include "session.h"
- #include "monitor_wrap.h"
-
-+#define CHROOT
-+
- #ifdef GSSAPI
- #include "ssh-gss.h"
- #endif
-@@ -1231,6 +1233,12 @@
- void
- do_setusercontext(struct passwd *pw)
- {
-+
-+#ifdef CHROOT
-+ char *user_dir;
-+ char *new_root;
-+#endif /* CHROOT */
-+
- #ifndef HAVE_CYGWIN
- if (getuid() == 0 || geteuid() == 0)
- #endif /* HAVE_CYGWIN */
-@@ -1268,6 +1276,27 @@
- exit(1);
- }
- endgrent();
-+
-+#ifdef CHROOT
-+ user_dir = xstrdup(pw->pw_dir);
-+ new_root = user_dir + 1;
-+
-+ while((new_root = strchr(new_root, '.')) != NULL) {
-+ new_root--;
-+ if(strncmp(new_root, "/./", 3) == 0) {
-+ *new_root = '\0';
-+ new_root += 2;
-+
-+ if(chroot(user_dir) != 0)
-+ fatal("Couldn't chroot to user directory % s", user_dir);
-+ pw->pw_dir = new_root;
-+ break;
-+ }
-+ new_root += 2;
-+ }
-+#endif /* CHROOT */
-+
-+
- # ifdef USE_PAM
- /*
- * PAM credentials may take the form of supplementary groups.
diff --git a/net-misc/openssh/files/openssh-3.9_p1-chroot.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-chroot.patch.bz2
new file mode 100644
index 000000000000..f1a759d5c205
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.9_p1-chroot.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.9_p1-largekey.patch b/net-misc/openssh/files/openssh-3.9_p1-largekey.patch
deleted file mode 100644
index 2804782a458a..000000000000
--- a/net-misc/openssh/files/openssh-3.9_p1-largekey.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-diff -uNr openssh-3.8.1p1/auth2-pubkey.c openssh-3.8.1p1-hugekeys/auth2-pubkey.c
---- openssh-3.8.1p1/auth2-pubkey.c 2004-01-21 01:02:50.000000000 +0100
-+++ openssh-3.8.1p1-hugekeys/auth2-pubkey.c 2004-06-24 13:53:28.493574960 +0200
-@@ -32,6 +32,7 @@
- #include "bufaux.h"
- #include "auth.h"
- #include "key.h"
-+#include "authfile.h"
- #include "pathnames.h"
- #include "uidswap.h"
- #include "auth-options.h"
-@@ -167,7 +168,8 @@
- static int
- user_key_allowed2(struct passwd *pw, Key *key, char *file)
- {
-- char line[8192];
-+ size_t size;
-+ char *line;
- int found_key = 0;
- FILE *f;
- u_long linenum = 0;
-@@ -204,7 +204,10 @@
- found_key = 0;
- found = key_new(key->type);
-
-- while (fgets(line, sizeof(line), f)) {
-+ size = 4096;
-+ line = xmalloc(size);
-+
-+ while (read_whole_line(&line, &size, f)) {
- char *cp, *key_options = NULL;
- linenum++;
- /* Skip leading whitespace, empty and comment lines. */
-@@ -245,6 +250,9 @@
- break;
- }
- }
-+
-+ xfree(line);
-+
- restore_uid();
- fclose(f);
- key_free(found);
-diff -uNr openssh-3.8.1p1/authfile.c openssh-3.8.1p1-hugekeys/authfile.c
---- openssh-3.8.1p1/authfile.c 2003-09-22 13:01:27.000000000 +0200
-+++ openssh-3.8.1p1-hugekeys/authfile.c 2004-06-24 13:49:28.425070920 +0200
-@@ -588,17 +588,50 @@
- return prv;
- }
-
-+char *
-+read_whole_line(char **line, size_t *size, FILE *f)
-+{
-+ char *ln = *line;
-+ size_t i, sz = *size;
-+
-+ if (!ln) {
-+ fatal("read_whole_line: NULL pointer given as line argument");
-+ }
-+
-+ for (i = 0; ln[sz - 2] = '\0', fgets(ln + i, sz - i, f); i = sz - 1, sz <<= 1) {
-+ if (ln[sz - 2]) {
-+ ln = xrealloc(ln, sz << 1);
-+ continue;
-+ }
-+
-+ *line = ln;
-+ *size = sz;
-+
-+ return ln;
-+ }
-+
-+ return NULL;
-+}
-+
- static int
- key_try_load_public(Key *k, const char *filename, char **commentp)
- {
- FILE *f;
-- char line[4096];
-+ size_t size;
-+ char *line;
- char *cp;
-
- f = fopen(filename, "r");
- if (f != NULL) {
-- while (fgets(line, sizeof(line), f)) {
-- line[sizeof(line)-1] = '\0';
-+ size = 4096;
-+ line = xmalloc(size);
-+
-+ while (read_whole_line(&line, &size, f)) {
-+ /* FIXME: is this useful? fgets already stores a '\0'
-+ * after the last character in the buffer...
-+ */
-+ line[size-1] = '\0';
-+
- cp = line;
- switch (*cp) {
- case '#':
-@@ -613,11 +646,15 @@
- if (key_read(k, &cp) == 1) {
- if (commentp)
- *commentp=xstrdup(filename);
-+
-+ xfree(line);
- fclose(f);
- return 1;
- }
- }
- }
-+
-+ xfree(line);
- fclose(f);
- }
- return 0;
-diff -uNr openssh-3.8.1p1/authfile.h openssh-3.8.1p1-hugekeys/authfile.h
---- openssh-3.8.1p1/authfile.h 2002-06-06 21:57:34.000000000 +0200
-+++ openssh-3.8.1p1-hugekeys/authfile.h 2004-06-24 13:42:59.556187976 +0200
-@@ -15,6 +15,8 @@
- #ifndef AUTHFILE_H
- #define AUTHFILE_H
-
-+char *read_whole_line(char **, size_t *, FILE *);
-+
- int key_save_private(Key *, const char *, const char *, const char *);
- Key *key_load_public(const char *, char **);
- Key *key_load_public_type(int, const char *, char **);
---- /tmp/auth2-pubkey.c 2004-08-18 19:57:44.991708913 +0000
-+++ auth2-pubkey.c 2004-08-18 19:58:19.241405296 +0000
diff --git a/net-misc/openssh/files/openssh-3.9_p1-largekey.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-largekey.patch.bz2
new file mode 100644
index 000000000000..ae244ef30de6
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.9_p1-largekey.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.9_p1-opensc.patch b/net-misc/openssh/files/openssh-3.9_p1-opensc.patch
deleted file mode 100644
index 92f8d8d6232b..000000000000
--- a/net-misc/openssh/files/openssh-3.9_p1-opensc.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-Index: scard-opensc.c
-===================================================================
-RCS file: /cvs/openssh/scard-opensc.c,v
-retrieving revision 1.12
-diff -u -r1.12 scard-opensc.c
---- scard-opensc.c 25 Aug 2003 00:58:26 -0000 1.12
-+++ scard-opensc.c 27 Aug 2003 11:42:02 -0000
-@@ -38,6 +38,8 @@
- #include "readpass.h"
- #include "scard.h"
-
-+int ask_for_pin=0;
-+
- #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE)
- #define USE_ENGINE
- #define RSA_get_default_method RSA_get_default_openssl_method
-@@ -119,6 +121,7 @@
- struct sc_pkcs15_prkey_info *key;
- struct sc_pkcs15_object *pin_obj;
- struct sc_pkcs15_pin_info *pin;
-+ char *passphrase = NULL;
-
- priv = (struct sc_priv_data *) RSA_get_app_data(rsa);
- if (priv == NULL)
-@@ -156,24 +159,47 @@
- goto err;
- }
- pin = pin_obj->data;
-+
-+ if (sc_pin)
-+ passphrase = sc_pin;
-+ else if (ask_for_pin) {
-+ /* we need a pin but don't have one => ask for the pin */
-+ char prompt[64];
-+
-+ snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ",
-+ key_obj->label ? key_obj->label : "smartcard key");
-+ passphrase = read_passphrase(prompt, 0);
-+ if (!passphrase || !strcmp(passphrase, ""))
-+ goto err;
-+ } else
-+ /* no pin => error */
-+ goto err;
-+
- r = sc_lock(card);
- if (r) {
- error("Unable to lock smartcard: %s", sc_strerror(r));
- goto err;
- }
-- if (sc_pin != NULL) {
-- r = sc_pkcs15_verify_pin(p15card, pin, sc_pin,
-- strlen(sc_pin));
-- if (r) {
-- sc_unlock(card);
-- error("PIN code verification failed: %s",
-- sc_strerror(r));
-- goto err;
-- }
-+ r = sc_pkcs15_verify_pin(p15card, pin, passphrase,
-+ strlen(passphrase));
-+ if (r) {
-+ sc_unlock(card);
-+ error("PIN code verification failed: %s",
-+ sc_strerror(r));
-+ goto err;
- }
-+
- *key_obj_out = key_obj;
-+ if (!sc_pin) {
-+ memset(passphrase, 0, strlen(passphrase));
-+ xfree(passphrase);
-+ }
- return 0;
- err:
-+ if (!sc_pin && passphrase) {
-+ memset(passphrase, 0, strlen(passphrase));
-+ xfree(passphrase);
-+ }
- sc_close();
- return -1;
- }
-Index: scard.c
-===================================================================
-RCS file: /cvs/openssh/scard.c,v
-retrieving revision 1.27
-diff -u -r1.27 scard.c
---- scard.c 18 Jun 2003 10:28:40 -0000 1.27
-+++ scard.c 27 Aug 2003 11:42:02 -0000
-@@ -35,6 +35,9 @@
- #include "readpass.h"
- #include "scard.h"
-
-+/* currently unused */
-+int ask_for_pin = 0;
-+
- #if OPENSSL_VERSION_NUMBER < 0x00907000L
- #define USE_ENGINE
- #define RSA_get_default_method RSA_get_default_openssl_method
-Index: scard.h
-===================================================================
-RCS file: /cvs/openssh/scard.h,v
-retrieving revision 1.10
-diff -u -r1.10 scard.h
---- scard.h 18 Jun 2003 10:28:40 -0000 1.10
-+++ scard.h 27 Aug 2003 11:42:02 -0000
-@@ -33,6 +33,8 @@
- #define SCARD_ERROR_NOCARD -2
- #define SCARD_ERROR_APPLET -3
-
-+extern int ask_for_pin;
-+
- Key **sc_get_keys(const char *, const char *);
- void sc_close(void);
- int sc_put_key(Key *, const char *);
-Index: ssh.c
-===================================================================
-RCS file: /cvs/openssh/ssh.c,v
-retrieving revision 1.180
-diff -u -r1.180 ssh.c
---- ssh.c 21 Aug 2003 23:34:41 -0000 1.180
-+++ ssh.c 27 Aug 2003 11:42:02 -0000
-@@ -1155,6 +1155,9 @@
- #ifdef SMARTCARD
- Key **keys;
-
-+ if (!options.batch_mode)
-+ ask_for_pin = 1;
-+
- if (options.smartcard_device != NULL &&
- options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
- (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) {
diff --git a/net-misc/openssh/files/openssh-3.9_p1-opensc.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-opensc.patch.bz2
new file mode 100644
index 000000000000..7415c6ee1c30
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.9_p1-opensc.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.9_p1-selinux.diff b/net-misc/openssh/files/openssh-3.9_p1-selinux.diff
deleted file mode 100644
index e845c683d874..000000000000
--- a/net-misc/openssh/files/openssh-3.9_p1-selinux.diff
+++ /dev/null
@@ -1,110 +0,0 @@
-diff -urN openssh-3.7.1p1.orig/Makefile.in openssh-3.7.1p1/Makefile.in
---- openssh-3.7.1p1.orig/Makefile.in 2003-09-13 20:40:36.000000000 -0500
-+++ openssh-3.7.1p1/Makefile.in 2003-09-19 19:08:04.000000000 -0500
-@@ -40,7 +40,7 @@
-
- CC=@CC@
- LD=@LD@
--CFLAGS=@CFLAGS@
-+CFLAGS=@CFLAGS@ -DWITH_SELINUX
- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
- LIBS=@LIBS@
- LIBPAM=@LIBPAM@
-@@ -53,7 +53,7 @@
- SED=@SED@
- ENT=@ENT@
- XAUTH_PATH=@XAUTH_PATH@
--LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
-+LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -lselinux
- EXEEXT=@EXEEXT@
-
- INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
-diff -urN openssh-3.7.1p1.orig/session.c openssh-3.7.1p1/session.c
---- openssh-3.7.1p1.orig/session.c 2003-09-15 20:52:19.000000000 -0500
-+++ openssh-3.7.1p1/session.c 2003-09-19 19:08:36.000000000 -0500
-@@ -66,6 +66,11 @@
- #include "ssh-gss.h"
- #endif
-
-+#ifdef WITH_SELINUX
-+#include <selinux/get_context_list.h>
-+#include <selinux/selinux.h>
-+#endif
-+
- /* func */
-
- Session *session_new(void);
-@@ -1304,6 +1309,19 @@
- #endif
- if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
- fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
-+#ifdef WITH_SELINUX
-+ if (is_selinux_enabled())
-+ {
-+ security_context_t scontext;
-+ if (get_default_context(pw->pw_name,NULL,&scontext))
-+ fatal("Failed to get default security context for %s.", pw->pw_name);
-+ if (setexeccon(scontext)) {
-+ freecon(scontext);
-+ fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
-+ }
-+ freecon(scontext);
-+ }
-+#endif
- }
-
- static void
-diff -urN openssh-3.7.1p1.orig/sshpty.c openssh-3.7.1p1/sshpty.c
---- openssh-3.7.1p1.orig/sshpty.c 2003-08-24 20:16:21.000000000 -0500
-+++ openssh-3.7.1p1/sshpty.c 2003-09-19 19:08:04.000000000 -0500
-@@ -30,6 +30,12 @@
- #define O_NOCTTY 0
- #endif
-
-+#ifdef WITH_SELINUX
-+#include <selinux/flask.h>
-+#include <selinux/get_context_list.h>
-+#include <selinux/selinux.h>
-+#endif
-+
- /*
- * Allocates and opens a pty. Returns 0 if no pty could be allocated, or
- * nonzero if a pty was successfully allocated. On success, open file
-@@ -196,6 +202,37 @@
- * Warn but continue if filesystem is read-only and the uids match/
- * tty is owned by root.
- */
-+#ifdef WITH_SELINUX
-+ if (is_selinux_enabled()) {
-+ security_context_t new_tty_context=NULL,
-+ user_context=NULL, old_tty_context=NULL;
-+
-+ if (get_default_context(pw->pw_name,NULL,&user_context))
-+ fatal("Failed to get default security context for %s.", pw->pw_name);
-+
-+ if (getfilecon(tty, &old_tty_context)<0) {
-+ error("getfilecon(%.100s) failed: %.100s", tty,
-+ strerror(errno));
-+ }
-+ else
-+ {
-+ if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) {
-+ error("security_compute_relabel(%.100s) failed: %.100s", tty,
-+ strerror(errno));
-+ }
-+ else
-+ {
-+ if (setfilecon (tty, new_tty_context) != 0) {
-+ error("setfilecon(%.100s, %s) failed: %.100s",
-+ tty, new_tty_context, strerror(errno));
-+ }
-+ freecon(new_tty_context);
-+ }
-+ freecon(old_tty_context);
-+ }
-+ freecon(user_context);
-+ }
-+#endif
- if (stat(tty, &st))
- fatal("stat(%.100s) failed: %.100s", tty,
- strerror(errno));
diff --git a/net-misc/openssh/files/openssh-3.9_p1-selinux.diff.bz2 b/net-misc/openssh/files/openssh-3.9_p1-selinux.diff.bz2
new file mode 100644
index 000000000000..b51c746e4921
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.9_p1-selinux.diff.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch b/net-misc/openssh/files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch
deleted file mode 100644
index 4109e568b1b3..000000000000
--- a/net-misc/openssh/files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch
+++ /dev/null
@@ -1,759 +0,0 @@
-Common subdirectories: openssh-3.9p1/contrib and openssh-3.9p1_sftp/contrib
-Common subdirectories: openssh-3.9p1/openbsd-compat and openssh-3.9p1_sftp/openbsd-compat
-Common subdirectories: openssh-3.9p1/regress and openssh-3.9p1_sftp/regress
-Common subdirectories: openssh-3.9p1/scard and openssh-3.9p1_sftp/scard
-diff -u openssh-3.9p1/servconf.c openssh-3.9p1_sftp/servconf.c
---- openssh-3.9p1/servconf.c 2004-08-13 11:30:24.000000000 +0000
-+++ openssh-3.9p1_sftp/servconf.c 2004-08-19 10:18:56.795256718 +0000
-@@ -103,6 +103,15 @@
- options->authorized_keys_file2 = NULL;
- options->num_accept_env = 0;
-
-+ options->log_sftp = LOG_SFTP_NOT_SET;
-+ options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET;
-+ options->sftp_log_level = SYSLOG_LEVEL_NOT_SET;
-+
-+ memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH);
-+
-+ options->sftp_permit_chmod = SFTP_PERMIT_NOT_SET;
-+ options->sftp_permit_chown = SFTP_PERMIT_NOT_SET;
-+
- /* Needs to be accessable in many places */
- use_privsep = -1;
- }
-@@ -110,7 +119,7 @@
- void
- fill_default_server_options(ServerOptions *options)
- {
-- /* Portable-specific options */
-+/* Portable-specific options */
- if (options->use_pam == -1)
- options->use_pam = 0;
-
-@@ -231,6 +240,24 @@
- if (options->authorized_keys_file == NULL)
- options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
-
-+ /* Turn sftp-server logging off by default */
-+ if (options->log_sftp == LOG_SFTP_NOT_SET)
-+ options->log_sftp = LOG_SFTP_NO;
-+ if (options->sftp_log_facility == SYSLOG_FACILITY_NOT_SET)
-+ options->sftp_log_facility = SYSLOG_FACILITY_AUTH;
-+ if (options->sftp_log_level == SYSLOG_LEVEL_NOT_SET)
-+ options->sftp_log_level = SYSLOG_LEVEL_INFO;
-+
-+ /* Don't set sftp-server umask */
-+ if (!options->sftp_umask)
-+ memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH);
-+
-+ /* allow sftp client to issue chmod, chown / chgrp commands */
-+ if (options->sftp_permit_chmod == SFTP_PERMIT_NOT_SET)
-+ options->sftp_permit_chmod = SFTP_PERMIT_YES;
-+ if (options->sftp_permit_chown == SFTP_PERMIT_NOT_SET)
-+ options->sftp_permit_chown = SFTP_PERMIT_YES;
-+
- /* Turn privilege separation on by default */
- if (use_privsep == -1)
- use_privsep = 1;
-@@ -252,6 +279,9 @@
- /* Portable-specific options */
- sUsePAM,
- /* Standard Options */
-+ sLogSftp, sSftpLogFacility, sSftpLogLevel,
-+ sSftpUmask,
-+ sSftpPermitChown, sSftpPermitChmod,
- sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
- sPermitRootLogin, sLogFacility, sLogLevel,
- sRhostsRSAAuthentication, sRSAAuthentication,
-@@ -338,6 +368,12 @@
- { "printmotd", sPrintMotd },
- { "printlastlog", sPrintLastLog },
- { "ignorerhosts", sIgnoreRhosts },
-+ { "logsftp", sLogSftp},
-+ { "sftplogfacility", sSftpLogFacility},
-+ { "sftploglevel", sSftpLogLevel},
-+ { "sftpumask", sSftpUmask},
-+ { "sftppermitchmod", sSftpPermitChmod},
-+ { "sftppermitchown", sSftpPermitChown},
- { "ignoreuserknownhosts", sIgnoreUserKnownHosts },
- { "x11forwarding", sX11Forwarding },
- { "x11displayoffset", sX11DisplayOffset },
-@@ -437,6 +473,8 @@
- char *cp, **charptr, *arg, *p;
- int *intptr, value, i, n;
- ServerOpCodes opcode;
-+ unsigned int umaskvalue = 0;
-+ char *umaskptr;
-
- cp = line;
- arg = strdelim(&cp);
-@@ -881,6 +919,58 @@
- case sBanner:
- charptr = &options->banner;
- goto parse_filename;
-+
-+ case sLogSftp:
-+ intptr = &options->log_sftp;
-+ goto parse_flag;
-+
-+ case sSftpLogFacility:
-+ intptr = (int *) &options->sftp_log_facility;
-+ arg = strdelim(&cp);
-+ value = log_facility_number(arg);
-+ if (value == SYSLOG_FACILITY_NOT_SET)
-+ fatal("%.200s line %d: unsupported log facility '%s'",
-+ filename, linenum, arg ? arg : "<NONE>");
-+ if (*intptr == -1)
-+ *intptr = (SyslogFacility) value;
-+ break;
-+
-+ case sSftpLogLevel:
-+ intptr = (int *) &options->sftp_log_level;
-+ arg = strdelim(&cp);
-+ value = log_level_number(arg);
-+ if (value == SYSLOG_LEVEL_NOT_SET)
-+ fatal("%.200s line %d: unsupported log level '%s'",
-+ filename, linenum, arg ? arg : "<NONE>");
-+ if (*intptr == -1)
-+ *intptr = (LogLevel) value;
-+ break;
-+
-+ case sSftpUmask:
-+ arg = strdelim(&cp);
-+ umaskptr = arg;
-+ while (*arg && *arg >= '0' && *arg <= '9')
-+ umaskvalue = umaskvalue * 8 + *arg++ - '0';
-+ if (*arg || umaskvalue > 0777)
-+ fatal("%s line %d: bad value for umask",
-+ filename, linenum);
-+ else {
-+ while (*umaskptr && *umaskptr == '0')
-+ *umaskptr++;
-+ strncpy(options->sftp_umask, umaskptr,
-+ SFTP_UMASK_LENGTH);
-+ }
-+
-+ break;
-+
-+ case sSftpPermitChmod:
-+ intptr = &options->sftp_permit_chmod;
-+ goto parse_flag;
-+
-+ case sSftpPermitChown:
-+ intptr = &options->sftp_permit_chown;
-+ goto parse_flag;
-+
- /*
- * These options can contain %X options expanded at
- * connect time, so that you can specify paths like:
-@@ -936,6 +1026,7 @@
- if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
- fatal("%s line %d: garbage at end of line; \"%.200s\".",
- filename, linenum, arg);
-+
- return 0;
- }
-
-Only in openssh-3.9p1_sftp/: servconf.c.orig
-diff -u openssh-3.9p1/servconf.h openssh-3.9p1_sftp/servconf.h
---- openssh-3.9p1/servconf.h 2004-06-25 03:33:20.000000000 +0000
-+++ openssh-3.9p1_sftp/servconf.h 2004-08-19 10:20:25.728487142 +0000
-@@ -20,6 +20,19 @@
-
- #define MAX_PORTS 256 /* Max # ports. */
-
-+/* sftp-server logging */
-+#define LOG_SFTP_NOT_SET -1
-+#define LOG_SFTP_NO 0
-+#define LOG_SFTP_YES 1
-+
-+/* sftp-server umask control */
-+#define SFTP_UMASK_LENGTH 5
-+
-+/* sftp-server client priviledge */
-+#define SFTP_PERMIT_NOT_SET -1
-+#define SFTP_PERMIT_NO 0
-+#define SFTP_PERMIT_YES 1
-+
- #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */
- #define MAX_DENY_USERS 256 /* Max # users on deny list. */
- #define MAX_ALLOW_GROUPS 256 /* Max # groups on allow list. */
-@@ -98,6 +111,12 @@
- int use_login; /* If true, login(1) is used */
- int compression; /* If true, compression is allowed */
- int allow_tcp_forwarding;
-+ int log_sftp; /* perform sftp-server logging */
-+ SyslogFacility sftp_log_facility; /* Facility for sftp subsystem logging. */
-+ LogLevel sftp_log_level; /* Level for sftp subsystem logging. */
-+ char sftp_umask[SFTP_UMASK_LENGTH]; /* Sftp Umask */
-+ int sftp_permit_chmod;
-+ int sftp_permit_chown;
- u_int num_allow_users;
- char *allow_users[MAX_ALLOW_USERS];
- u_int num_deny_users;
-Only in openssh-3.9p1_sftp/: servconf.h.orig
-diff -u openssh-3.9p1/session.c openssh-3.9p1_sftp/session.c
---- openssh-3.9p1/session.c 2004-08-12 12:40:25.000000000 +0000
-+++ openssh-3.9p1_sftp/session.c 2004-08-19 10:18:56.796256473 +0000
-@@ -112,6 +112,15 @@
-
- static int is_child = 0;
-
-+/* so SFTP_LOG_FACILITY and SFTP_LOG_LEVEL can be passed through the
-+ environment to the sftp-server subsystem. */
-+static const char *sysfac_to_int[] = { "0", "1", "2", "3", "4", "5", "6",
-+ "7", "8", "9", "10", "11", "-1" };
-+static const char *syslevel_to_int[] = { "0", "1", "2", "3", "4", "5", "6",
-+ "7", "-1" };
-+
-+static char *sftpumask;
-+
- /* Name and directory of socket for authentication agent forwarding. */
- static char *auth_sock_name = NULL;
- static char *auth_sock_dir = NULL;
-@@ -974,6 +983,7 @@
- env = xmalloc(envsize * sizeof(char *));
- env[0] = NULL;
-
-+
- #ifdef HAVE_CYGWIN
- /*
- * The Windows environment contains some setting which are
-@@ -1118,6 +1128,67 @@
- child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
- auth_sock_name);
-
-+ /* LOG_SFTP */
-+ if (options.log_sftp == -1 )
-+ child_set_env(&env, &envsize, "LOG_SFTP", "-1");
-+ else if (options.log_sftp == 0)
-+ child_set_env(&env, &envsize, "LOG_SFTP", "0");
-+ else
-+ child_set_env(&env, &envsize, "LOG_SFTP", "1");
-+
-+ /* SFTP_LOG_FACILITY */
-+ if (options.sftp_log_facility < 0)
-+ child_set_env(&env, &envsize, "SFTP_LOG_FACILITY",
-+ "-1");
-+ else
-+ child_set_env(&env, &envsize, "SFTP_LOG_FACILITY",
-+ sysfac_to_int[options.sftp_log_facility]);
-+
-+ /* SFTP_LOG_LEVEL */
-+ if (options.sftp_log_level < 0)
-+ child_set_env(&env, &envsize, "SFTP_LOG_LEVEL",
-+ "-1");
-+ else
-+ child_set_env(&env, &envsize, "SFTP_LOG_LEVEL",
-+ syslevel_to_int[options.sftp_log_level]);
-+
-+ /* SFTP_UMASK */
-+
-+ if (options.sftp_umask[0] == '\0')
-+ child_set_env(&env, &envsize, "SFTP_UMASK",
-+ "" );
-+ else {
-+ if (!(sftpumask = calloc(SFTP_UMASK_LENGTH,1))) {
-+
-+logit("session.c: unabled to allocate memory for SftpUmask. SftpUmask control \
-+will be turned off.");
-+
-+ child_set_env(&env, &envsize, "SFTP_UMASK",
-+ "" );
-+ } else {
-+ strncpy(sftpumask, options.sftp_umask,
-+ SFTP_UMASK_LENGTH);
-+ child_set_env(&env, &envsize, "SFTP_UMASK",
-+ sftpumask );
-+ }
-+ }
-+
-+ /* SFTP_PERMIT_CHMOD */
-+ if (options.sftp_permit_chmod == -1 )
-+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "-1");
-+ else if (options.sftp_permit_chmod == 0)
-+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "0");
-+ else
-+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHMOD", "1");
-+
-+ /* SFTP_PERMIT_CHOWN */
-+ if (options.sftp_permit_chown == -1 )
-+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "-1");
-+ else if (options.sftp_permit_chown == 0)
-+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "0");
-+ else
-+ child_set_env(&env, &envsize, "SFTP_PERMIT_CHOWN", "1");
-+
- /* read $HOME/.ssh/environment. */
- if (options.permit_user_env && !options.use_login) {
- snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
-Only in openssh-3.9p1_sftp/: session.c.orig
-diff -u openssh-3.9p1/sftp-server.8 openssh-3.9p1_sftp/sftp-server.8
---- openssh-3.9p1/sftp-server.8 2003-10-15 05:50:43.000000000 +0000
-+++ openssh-3.9p1_sftp/sftp-server.8 2004-08-19 10:18:56.797256229 +0000
-@@ -42,12 +42,27 @@
- option.
- See
- .Xr sshd_config 5
-+for more information. Sftp-server transactions may be logged
-+using the
-+.Cm LogSftp ,
-+.Cm SftpLogFacility ,
-+and
-+.Cm SftpLogLevel
-+options. The administrator may exert control over the file and directory
-+permission and ownership, with
-+.Cm SftpUmask ,
-+.Cm SftpPermitChmod ,
-+and
-+.Cm SftpPermitChown
-+. See
-+.Xr sshd_config 5
- for more information.
- .Sh SEE ALSO
- .Xr sftp 1 ,
- .Xr ssh 1 ,
- .Xr sshd_config 5 ,
--.Xr sshd 8
-+.Xr sshd 8,
-+.Xr sshd_config 5
- .Rs
- .%A T. Ylonen
- .%A S. Lehtinen
-diff -u openssh-3.9p1/sftp-server.c openssh-3.9p1_sftp/sftp-server.c
---- openssh-3.9p1/sftp-server.c 2004-07-17 04:07:42.000000000 +0000
-+++ openssh-3.9p1_sftp/sftp-server.c 2004-08-19 10:18:56.798255984 +0000
-@@ -31,6 +31,13 @@
- #define get_string(lenp) buffer_get_string(&iqueue, lenp);
- #define TRACE debug
-
-+/* SFTP_UMASK */
-+static mode_t setumask = 0;
-+
-+static int permit_chmod = 1;
-+static int permit_chown = 1;
-+static int permit_logging = 0;
-+
- extern char *__progname;
-
- /* input and output queue */
-@@ -381,6 +388,14 @@
- a = get_attrib();
- flags = flags_from_portable(pflags);
- mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
-+
-+ if (setumask != 0) {
-+ if ( permit_logging == 1 )
-+ logit("setting file creation mode to 0666 and umask to %o", setumask);
-+ mode = 0666;
-+ umask(setumask);
-+ }
-+
- TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
- fd = open(name, flags, mode);
- if (fd < 0) {
-@@ -394,6 +409,8 @@
- status = SSH2_FX_OK;
- }
- }
-+ if ( permit_logging == 1 )
-+ logit("open %s", name);
- if (status != SSH2_FX_OK)
- send_status(id, status);
- xfree(name);
-@@ -430,6 +447,7 @@
- (u_int64_t)off, len);
- if (len > sizeof buf) {
- len = sizeof buf;
-+ if ( permit_logging == 1 )
- logit("read change len %d", len);
- }
- fd = handle_to_fd(handle);
-@@ -449,6 +467,8 @@
- }
- }
- }
-+ if ( permit_logging == 1 )
-+ logit("reading file");
- if (status != SSH2_FX_OK)
- send_status(id, status);
- }
-@@ -483,10 +503,13 @@
- } else if (ret == len) {
- status = SSH2_FX_OK;
- } else {
-+ if ( permit_logging == 1 )
- logit("nothing at all written");
- }
- }
- }
-+ if ( permit_logging == 1 )
-+ logit("writing file");
- send_status(id, status);
- xfree(data);
- }
-@@ -579,24 +602,46 @@
- a = get_attrib();
- TRACE("setstat id %u name %s", id, name);
- if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
-+if ( permit_logging == 1 )
-+logit("process_setstat: truncate");
- ret = truncate(name, a->size);
- if (ret == -1)
- status = errno_to_portable(errno);
- }
- if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
-- ret = chmod(name, a->perm & 0777);
-- if (ret == -1)
-- status = errno_to_portable(errno);
-+ if (permit_chmod == 1) {
-+ ret = chmod(name, a->perm & 0777);
-+ if (ret == -1)
-+ status = errno_to_portable(errno);
-+ else
-+ if ( permit_logging == 1 )
-+ logit("chmod'ed %s", name);
-+ } else {
-+ status = SSH2_FX_PERMISSION_DENIED;
-+ if ( permit_logging == 1 )
-+ logit("chmod %s: operation prohibited by sftp-server configuration.", name);
-+ }
- }
- if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
-+if ( permit_logging == 1 )
-+logit("process_setstat: utimes");
- ret = utimes(name, attrib_to_tv(a));
- if (ret == -1)
- status = errno_to_portable(errno);
- }
- if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
-- ret = chown(name, a->uid, a->gid);
-- if (ret == -1)
-- status = errno_to_portable(errno);
-+ if (permit_chown == 1) {
-+ ret = chown(name, a->uid, a->gid);
-+ if (ret == -1)
-+ status = errno_to_portable(errno);
-+ else
-+ if ( permit_logging == 1 )
-+ logit("chown'ed %s.", name);
-+ } else {
-+ status = SSH2_FX_PERMISSION_DENIED;
-+ if ( permit_logging == 1 )
-+ logit("chown %s: operation prohibited by sftp-server configuration.", name);
-+ }
- }
- send_status(id, status);
- xfree(name);
-@@ -611,6 +656,9 @@
- int status = SSH2_FX_OK;
- char *name;
-
-+if ( permit_logging == 1 )
-+logit("process_fsetstat");
-+
- id = get_int();
- handle = get_handle();
- a = get_attrib();
-@@ -621,20 +669,33 @@
- status = SSH2_FX_FAILURE;
- } else {
- if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
-+if ( permit_logging == 1 )
-+logit("process_fsetstat: ftruncate");
- ret = ftruncate(fd, a->size);
- if (ret == -1)
- status = errno_to_portable(errno);
- }
- if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
-+ if (permit_chmod == 1) {
- #ifdef HAVE_FCHMOD
-- ret = fchmod(fd, a->perm & 0777);
-+ ret = fchmod(fd, a->perm & 0777);
- #else
-- ret = chmod(name, a->perm & 0777);
-+ ret = chmod(name, a->perm & 0777);
- #endif
-- if (ret == -1)
-- status = errno_to_portable(errno);
-+ if (ret == -1)
-+ status = errno_to_portable(errno);
-+ else
-+ if ( permit_logging == 1 )
-+ logit("chmod: succeeded.");
-+ } else {
-+ status = SSH2_FX_PERMISSION_DENIED;
-+ if ( permit_logging == 1 )
-+ logit("chmod: operation prohibited by sftp-server configuration.");
-+ }
- }
- if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
-+if ( permit_logging == 1 )
-+logit("process_fsetstat: utimes");
- #ifdef HAVE_FUTIMES
- ret = futimes(fd, attrib_to_tv(a));
- #else
-@@ -644,13 +705,22 @@
- status = errno_to_portable(errno);
- }
- if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
-+ if (permit_chown == 1) {
- #ifdef HAVE_FCHOWN
-- ret = fchown(fd, a->uid, a->gid);
-+ ret = fchown(fd, a->uid, a->gid);
- #else
-- ret = chown(name, a->uid, a->gid);
-+ ret = chown(name, a->uid, a->gid);
- #endif
-- if (ret == -1)
-- status = errno_to_portable(errno);
-+ if (ret == -1)
-+ status = errno_to_portable(errno);
-+ else
-+ if ( permit_logging == 1 )
-+ logit("chown: succeeded");
-+ } else {
-+ status = SSH2_FX_PERMISSION_DENIED;
-+ if ( permit_logging == 1 )
-+ logit("chown: operation prohibited by sftp-server configuration.");
-+ }
- }
- }
- send_status(id, status);
-@@ -680,6 +750,8 @@
- }
-
- }
-+ if ( permit_logging == 1 )
-+ logit("opendir %s", path);
- if (status != SSH2_FX_OK)
- send_status(id, status);
- xfree(path);
-@@ -753,6 +825,8 @@
- TRACE("remove id %u name %s", id, name);
- ret = unlink(name);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
-+ if ( permit_logging == 1 )
-+ logit("remove file %s", name);
- send_status(id, status);
- xfree(name);
- }
-@@ -770,9 +844,19 @@
- a = get_attrib();
- mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
- a->perm & 0777 : 0777;
-+
-+ if (setumask != 0) {
-+ if ( permit_logging == 1 )
-+ logit("setting directory creation mode to 0777 and umask to %o.", setumask);
-+ mode = 0777;
-+ umask(setumask);
-+ }
-+
- TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
- ret = mkdir(name, mode);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
-+ if ( permit_logging == 1 )
-+ logit("mkdir %s", name);
- send_status(id, status);
- xfree(name);
- }
-@@ -789,6 +873,8 @@
- TRACE("rmdir id %u name %s", id, name);
- ret = rmdir(name);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
-+ if ( permit_logging == 1 )
-+ logit("rmdir %s", name);
- send_status(id, status);
- xfree(name);
- }
-@@ -815,6 +901,8 @@
- s.name = s.long_name = resolvedname;
- send_names(id, 1, &s);
- }
-+ if ( permit_logging == 1 )
-+ logit("realpath %s", path);
- xfree(path);
- }
-
-@@ -870,6 +958,8 @@
- status = SSH2_FX_OK;
- }
- send_status(id, status);
-+ if ( permit_logging == 1 )
-+ logit("rename old %s new %s", oldpath, newpath);
- xfree(oldpath);
- xfree(newpath);
- }
-@@ -895,6 +985,8 @@
- s.name = s.long_name = buf;
- send_names(id, 1, &s);
- }
-+ if ( permit_logging == 1 )
-+ logit("readlink %s", path);
- xfree(path);
- }
-
-@@ -913,6 +1005,8 @@
- ret = symlink(oldpath, newpath);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- send_status(id, status);
-+ if ( permit_logging == 1 )
-+ logit("symlink old %s new %s", oldpath, newpath);
- xfree(oldpath);
- xfree(newpath);
- }
-@@ -1034,6 +1128,8 @@
- {
- fd_set *rset, *wset;
- int in, out, max;
-+ unsigned int val = 0;
-+ char *umask_env;
- ssize_t len, olen, set_size;
-
- /* XXX should use getopt */
-@@ -1041,10 +1137,53 @@
- __progname = ssh_get_progname(av[0]);
- handle_init();
-
-+ /* Transaction logging */
-+
-+ if (atoi(getenv("LOG_SFTP")) == 1)
-+ {
-+ permit_logging = 1;
-+ log_init("sftp-server", atoi(getenv("SFTP_LOG_LEVEL")),
-+ atoi(getenv("SFTP_LOG_FACILITY")), 0);
-+ };
-+
-+
- #ifdef DEBUG_SFTP_SERVER
- log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
- #endif
-
-+ if ( permit_logging == 1 )
-+ logit("Starting sftp-server logging for user %s.", getenv("USER"));
-+
-+ /* Umask control */
-+
-+ umask_env = getenv("SFTP_UMASK");
-+ while (*umask_env && *umask_env >= '0' && *umask_env <= '9')
-+ val = val * 8 + *umask_env++ - '0';
-+
-+ if (*umask_env || val > 0777 || val == 0) {
-+ if ( permit_logging == 1 )
-+ logit("bad value %o for SFTP_UMASK, turning umask control off.", val);
-+ setumask = 0;
-+ } else {
-+ if ( permit_logging == 1 )
-+ logit("umask control is on.");
-+ setumask = val;
-+ };
-+
-+
-+ /* Sensitive client commands */
-+
-+ if (atoi(getenv("SFTP_PERMIT_CHMOD")) != 1) {
-+ permit_chmod = 0;
-+ if ( permit_logging == 1 )
-+ logit("client is not permitted to chmod.");
-+ };
-+ if (atoi(getenv("SFTP_PERMIT_CHOWN")) != 1) {
-+ permit_chown = 0;
-+ if ( permit_logging == 1 )
-+ logit("client is not permitted to chown.");
-+ };
-+
- in = dup(STDIN_FILENO);
- out = dup(STDOUT_FILENO);
-
-@@ -1087,6 +1226,8 @@
- len = read(in, buf, sizeof buf);
- if (len == 0) {
- debug("read eof");
-+ if ( permit_logging == 1 )
-+ logit("sftp-server finished.");
- exit(0);
- } else if (len < 0) {
- error("read error");
-Only in openssh-3.9p1_sftp/: sftp-server.c.orig
-diff -u openssh-3.9p1/sshd_config openssh-3.9p1_sftp/sshd_config
---- openssh-3.9p1/sshd_config 2004-05-24 00:36:24.000000000 +0000
-+++ openssh-3.9p1_sftp/sshd_config 2004-08-19 10:18:56.798255984 +0000
-@@ -101,3 +101,14 @@
-
- # override default of no subsystems
- Subsystem sftp /usr/libexec/sftp-server
-+
-+# sftp-server logging
-+#LogSftp no
-+#SftpLogFacility AUTH
-+#SftpLogLevel INFO
-+
-+# sftp-server umask control
-+#SftpUmask
-+
-+#SftpPermitChmod yes
-+#SftpPermitChown yes
-diff -u openssh-3.9p1/sshd_config.5 openssh-3.9p1_sftp/sshd_config.5
---- openssh-3.9p1/sshd_config.5 2004-06-30 12:39:34.000000000 +0000
-+++ openssh-3.9p1_sftp/sshd_config.5 2004-08-19 10:18:56.799255739 +0000
-@@ -407,6 +407,10 @@
- DEBUG and DEBUG1 are equivalent.
- DEBUG2 and DEBUG3 each specify higher levels of debugging output.
- Logging with a DEBUG level violates the privacy of users and is not recommended.
-+.It Cm LogSftp
-+Specifies whether to perform logging of
-+.Nm sftp-server
-+subsystem transactions. Must be "yes" or "no." The default value is "no."
- .It Cm MACs
- Specifies the available MAC (message authentication code) algorithms.
- The MAC algorithm is used in protocol version 2
-@@ -567,6 +571,37 @@
- .It Cm ServerKeyBits
- Defines the number of bits in the ephemeral protocol version 1 server key.
- The minimum value is 512, and the default is 768.
-+.It Cm SftpLogFacility
-+Gives the facility code that is used when logging
-+.Nm sftp-server .
-+transactions. The possible values are: DAEMON, USER, AUTH, LOCAL0,
-+LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
-+The default is AUTH.
-+.It Cm SftpLogLevel
-+Gives the verbosity level that is used when logging messages from
-+.Nm sftp-server .
-+The possible values are:
-+QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
-+The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
-+and DEBUG3 each specify higher levels of debugging output.
-+Logging with a DEBUG level violates the privacy of users
-+and is not recommended.
-+.It Cm SftpPermitChmod
-+Specifies whether the sftp-server allows the sftp client to execute chmod
-+commands on the server. The default is yes.
-+.It Cm SftpPermitChown
-+Specifies whether the sftp-server allows the sftp client to execute chown
-+or chgrp commands on the server. Turning this value on means that the client
-+is allowed to execute both chown and chgrp commands. Turning it off means that
-+the client is prohibited from executing either chown or chgrp.
-+ The default is yes.
-+.It Cm SftpUmask
-+Specifies an optional umask for
-+.Nm sftp-server
-+subsystem transactions. If a umask is given, this umask will override all system,
-+environment or sftp client permission modes. If
-+no umask or an invalid umask is given, file creation mode defaults to the permission
-+mode specified by the sftp client. The default is for no umask.
- .It Cm StrictModes
- Specifies whether
- .Nm sshd
-Only in openssh-3.9p1_sftp/: sshd_config.5.orig
-Only in openssh-3.9p1_sftp/: sshd_config.orig
-diff -u openssh-3.9p1/version.h openssh-3.9p1_sftp/version.h
---- openssh-3.9p1/version.h 2004-08-17 12:47:41.000000000 +0000
-+++ openssh-3.9p1_sftp/version.h 2004-08-19 10:18:56.799255739 +0000
-@@ -1,3 +1,3 @@
- /* $OpenBSD: version.h,v 1.42 2004/08/16 08:17:01 markus Exp $ */
-
--#define SSH_VERSION "OpenSSH_3.9p1"
-+#define SSH_VERSION "OpenSSH_3.9p1+sftplogging-v1.2"
-Only in openssh-3.9p1_sftp/: version.h.orig
diff --git a/net-misc/openssh/files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2
new file mode 100644
index 000000000000..6cc73c31bda5
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.9_p1-sftplogging-1.2-gentoo.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-3.9_p1-skey.patch b/net-misc/openssh/files/openssh-3.9_p1-skey.patch
deleted file mode 100644
index 133635574c8d..000000000000
--- a/net-misc/openssh/files/openssh-3.9_p1-skey.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- configure.ac 2004-02-24 21:07:25.510177659 +0000
-+++ configure.ac 2004-02-24 21:03:30.717786642 +0000
-@@ -721,7 +721,7 @@
- [
- #include <stdio.h>
- #include <skey.h>
--int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
-+int main() { char *ff = "true"; ff=""; exit(0); }
- ],
- [AC_MSG_RESULT(yes)],
- [
diff --git a/net-misc/openssh/files/openssh-3.9_p1-skey.patch.bz2 b/net-misc/openssh/files/openssh-3.9_p1-skey.patch.bz2
new file mode 100644
index 000000000000..2c403f8dc079
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.9_p1-skey.patch.bz2
Binary files differ
diff --git a/net-misc/openssh/files/openssh-skeychallenge-args.diff b/net-misc/openssh/files/openssh-skeychallenge-args.diff
deleted file mode 100644
index 86d6e5d91e0b..000000000000
--- a/net-misc/openssh/files/openssh-skeychallenge-args.diff
+++ /dev/null
@@ -1,24 +0,0 @@
-diff -ruN openssh-3.7.1p2.orig/auth-skey.c openssh-3.7.1p2/auth-skey.c
---- openssh-3.7.1p2.orig/auth-skey.c 2002-07-04 01:14:18.000000000 +0100
-+++ openssh-3.7.1p2/auth-skey.c 2003-11-05 12:35:23.000000000 +0000
-@@ -47,7 +47,7 @@
- int len;
- struct skey skey;
-
-- if (skeychallenge(&skey, authctxt->user, challenge) == -1)
-+ if (skeychallenge(&skey, authctxt->user, challenge, sizeof challenge) == -1)
- return -1;
-
- *name = xstrdup("");
-diff -ruN openssh-3.7.1p2.orig/monitor.c openssh-3.7.1p2/monitor.c
---- openssh-3.7.1p2.orig/monitor.c 2003-09-02 22:32:46.000000000 +0100
-+++ openssh-3.7.1p2/monitor.c 2003-11-05 12:36:03.000000000 +0000
-@@ -736,7 +736,7 @@
- char challenge[1024];
- u_int success;
-
-- success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1;
-+ success = skeychallenge(&skey, authctxt->user, challenge, sizeof challenge) < 0 ? 0 : 1;
-
- buffer_clear(m);
- buffer_put_int(m, success);
diff --git a/net-misc/openssh/files/openssh-skeychallenge-args.diff.bz2 b/net-misc/openssh/files/openssh-skeychallenge-args.diff.bz2
new file mode 100644
index 000000000000..21449c950471
--- /dev/null
+++ b/net-misc/openssh/files/openssh-skeychallenge-args.diff.bz2
Binary files differ