Skip to content

Commit 4a12005

Browse files
jperkinjperkin
committed
openssh75: Import into pkgsrc-extra.
Still get the occasional request for something that can support SSHv1.
1 parent d87ab2d commit 4a12005

37 files changed

Lines changed: 3042 additions & 0 deletions

openssh75/DESCR

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
OpenSSH is based on the last free version of Tatu Ylonen's SSH with
2+
all patent-encumbered algorithms removed (to external libraries), all
3+
known security bugs fixed, new features reintroduced and many other
4+
clean-ups. More information about SSH itself can be found in the file
5+
README.Ylonen. OpenSSH has been created by Aaron Campbell, Bob Beck,
6+
Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song.
7+
8+
This port consists of the re-introduction of autoconf support, PAM
9+
support (for Linux and Solaris), EGD[1] support, SOCKS support (using
10+
the Dante [6] libraries and replacements for OpenBSD library functions
11+
that are (regrettably) absent from other unices. This port has been
12+
best tested on Linux, Solaris, HPUX, NetBSD and Irix. Support for AIX,
13+
SCO, NeXT and other Unices is underway. This version actively tracks
14+
changes in the OpenBSD CVS repository.

openssh75/MESSAGE

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
===========================================================================
2+
$NetBSD$
3+
4+
This is a special build of OpenSSH 7.5 created solely to support legacy SSH
5+
protocol 1 servers, for those who are unable to upgrade to protocol 2 and
6+
have been left behind by upstream.
7+
8+
All of the commands have a "1" suffix, i.e. "ssh1". The configuration file
9+
is stored under:
10+
11+
${PKG_SYSCONFDIR}
12+
13+
with the usual "ssh_config" name, though its manual page is "ssh_config1.5" to
14+
avoid conflicts with the regular openssh package.
15+
16+
The sshd server and other server-related files are not included.
17+
18+
===========================================================================

openssh75/Makefile

Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
# $NetBSD: Makefile,v 1.252 2017/05/31 09:30:21 jperkin Exp $
2+
3+
DISTNAME= openssh-7.5p1
4+
PKGNAME= openssh1-7.5.1
5+
CATEGORIES= security
6+
MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenSSH/portable/}
7+
8+
MAINTAINER= pkgsrc-users@NetBSD.org
9+
HOMEPAGE= http://www.openssh.com/
10+
COMMENT= Legacy OpenSSH version for SSHv1 support
11+
12+
USE_GCC_RUNTIME= yes
13+
USE_TOOLS+= autoconf perl
14+
15+
OPENSSH_BINS= scp1 sftp1 ssh-add1 ssh-agent1 ssh1
16+
17+
BUILD_TARGET= ${OPENSSH_BINS}
18+
19+
MAKE_FLAGS+= EXEEXT=1
20+
MAKE_FLAGS+= SSH_PROGRAM=${PREFIX}/bin/ssh1
21+
MAKE_FLAGS+= ASKPASS_PROGRAM=${PREFIX}/bin/ssh-askpass
22+
23+
.include "options.mk"
24+
25+
PKG_SYSCONFSUBDIR= ssh1
26+
27+
GNU_CONFIGURE= yes
28+
CONFIGURE_ARGS+= --with-mantype=man
29+
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
30+
CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}
31+
CONFIGURE_ARGS+= --with-ssh1
32+
CONFIGURE_ARGS.Darwin+= --disable-strip # Symbol not found: _allow_severity
33+
34+
# pkgsrc already enforces a "secure" version of zlib via dependencies,
35+
# so skip this bogus version check.
36+
CONFIGURE_ARGS+= --without-zlib-version-check
37+
38+
# the openssh configure script finds and uses ${LD} if defined and
39+
# defaults to ${CC} if not. we override LD here, since running the
40+
# linker directly results in undefined symbols for obvious reasons.
41+
#
42+
CONFIGURE_ENV+= LD=${CC:Q}
43+
44+
# Enable S/Key support on NetBSD, Darwin, and Solaris.
45+
.if ${OPSYS} == "NetBSD" || ${OPSYS} == "Darwin" || ${OPSYS} == "SunOS"
46+
. include "../../security/skey/buildlink3.mk"
47+
CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey}
48+
.else
49+
CONFIGURE_ARGS+= --without-skey
50+
.endif
51+
52+
CONFIGURE_ARGS.Linux+= --enable-md5-password
53+
54+
.if exists(${X11BASE}/bin/xauth)
55+
CONFIGURE_ARGS+= --with-xauth=${X11BASE}/bin/xauth
56+
.else
57+
CONFIGURE_ARGS+= --with-xauth=${PREFIX}/bin/xauth
58+
.endif
59+
60+
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
61+
62+
CONF_FILES+= ${EGDIR}/ssh_config ${PKG_SYSCONFDIR}/ssh_config
63+
64+
INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 ${PKGMANDIR}/man5 ${EGDIR}
65+
66+
pre-configure:
67+
cd ${WRKSRC} && autoconf -i
68+
69+
do-install:
70+
.for f in ${OPENSSH_BINS}
71+
${INSTALL_PROGRAM} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/bin/${f}
72+
.endfor
73+
${INSTALL_DATA} ${WRKSRC}/ssh_config ${DESTDIR}${EGDIR}/ssh_config
74+
.for f in scp sftp ssh-add ssh-agent ssh
75+
${INSTALL_MAN} ${WRKSRC}/${f}.1 \
76+
${DESTDIR}${PREFIX}/${PKGMANDIR}/man1/${f}1.1
77+
.endfor
78+
${INSTALL_MAN} ${WRKSRC}/ssh_config.5 \
79+
${DESTDIR}${PREFIX}/${PKGMANDIR}/man5/ssh_config1.5
80+
81+
.include "../../devel/zlib/buildlink3.mk"
82+
.include "../../security/tcp_wrappers/buildlink3.mk"
83+
.include "../../mk/bsd.pkg.mk"

openssh75/PLIST

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
@comment $NetBSD$
2+
bin/scp1
3+
bin/sftp1
4+
bin/ssh-add1
5+
bin/ssh-agent1
6+
bin/ssh1
7+
man/man1/scp1.1
8+
man/man1/sftp1.1
9+
man/man1/ssh-add1.1
10+
man/man1/ssh-agent1.1
11+
man/man1/ssh1.1
12+
man/man5/ssh_config1.5
13+
share/examples/openssh1/ssh_config

openssh75/distinfo

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
$NetBSD: distinfo,v 1.104 2017/05/31 09:30:21 jperkin Exp $
2+
3+
BLAKE2s (openssh-7.5p1.tar.gz) = a98f259ddf2d8214d5b955584b7b01899e0d4ab17db10757c202e18356e9fcc7
4+
SHA512 (openssh-7.5p1.tar.gz) = 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81
5+
Size (openssh-7.5p1.tar.gz) = 1510857 bytes
6+
SHA1 (patch-auth-pam.c) = c966ec09b31098a84099af2a68cf029afa7958db
7+
SHA1 (patch-authfd.c) = 41b0b40cd43bb3a81109b82370ed095852625356
8+
SHA1 (patch-cipher-3des1.c) = b1b5c21944c4bfeaf2334d3c23aeca6c31573125
9+
SHA1 (patch-cipher-bf1.c) = 17aa8877f28d0173d7607665e5d300874e1ab77e
10+
SHA1 (patch-cipher.c) = 634a38eec38c9df8060593e9ec5384fdeff82bc9
11+
SHA1 (patch-dh.c) = 2d08e508d1714f1dfc1ad84a72bac2a678fb8cc1
12+
SHA1 (patch-dh.h) = 11102db4a9f6dd308682d2f8e15807d2ec66aca7
13+
SHA1 (patch-digest-openssl.c) = ee3bad82f241fcbca4cd37bba96f17319843c26d
14+
SHA1 (patch-kexdhc.c) = 8ba8af8e16f842be6cc8a6a6361cd490c32c629f
15+
SHA1 (patch-kexdhs.c) = 1a0aa0b891ffc5af48f09fae3151a189833820a0
16+
SHA1 (patch-kexgexc.c) = 85bbb05d604aaf3834b3b1e95ed057ede5efea14
17+
SHA1 (patch-kexgexs.c) = eaf5371e630551a625ca460193c70d3f0d669e84
18+
SHA1 (patch-monitor.c) = 330c0c824c4e311f652ab5d775448f32d19aa9dc
19+
SHA1 (patch-openbsd-compat_openssl-compat.c) = d620dd9c36c99aa0ee406ba38b4685041bdc367b
20+
SHA1 (patch-regress_unittests_sshkey_test__file.c) = 122fa65cac820ba988bbf75e90f9d2bb69f347fa
21+
SHA1 (patch-regress_unittests_sshkey_test__sshkey.c) = c297a4a7a6c875f036eb1015291ceb4d485c0736
22+
SHA1 (patch-rsa.c) = 1ee478f33f32d55394da52c15e3b51509b8f7c2d
23+
SHA1 (patch-rsa.h) = 07c369664b534b652722e1e0b5dce2e509882554
24+
SHA1 (patch-ssh-agent.c) = c8abc05a01e146167366a524c156ae970c5ec4e8
25+
SHA1 (patch-ssh-dss.c) = 2ceec193b46c1ebd9d4f7a69e43947d1e7d97aad
26+
SHA1 (patch-ssh-ecdsa.c) = 1c3b067ac73ac56efa95d9fcb01059f55b122cd1
27+
SHA1 (patch-ssh-keygen.c) = caed99f52a1ec402426e0ad201702b2a2dbc4f24
28+
SHA1 (patch-ssh-keyscan.c) = ff081dafeba227bfaf51543f7be250b1f97ae923
29+
SHA1 (patch-ssh-pkcs11-client.c) = b0f2005fae85a7742a295d4cb7c57b91e05a655e
30+
SHA1 (patch-ssh-pkcs11.c) = 3ec46bc31317f68e85042f3b1b043039917298d7
31+
SHA1 (patch-ssh-rsa.c) = e594b6a852237de4dffdd245733a5db8f6dec964
32+
SHA1 (patch-ssh.c) = caf6ec0ecca43cdd1fc691621c7592fc3c3f5f40
33+
SHA1 (patch-sshconnect.c) = 47d88befef427291f98e31d586c0595bbdd1c164
34+
SHA1 (patch-sshconnect1.c) = cdc090796acb585a5bbcd64e4f612f17292c76e0
35+
SHA1 (patch-sshconnect2.c) = f53c7ca812286e884380f6d9a86c40a728524bcd
36+
SHA1 (patch-sshkey.c) = 01445ed4eb493a7a8f2083d40c6d3c1fbe95f6d2

openssh75/options.mk

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
# $NetBSD: options.mk,v 1.34 2016/12/30 04:43:16 taca Exp $
2+
3+
.include "../../mk/bsd.prefs.mk"
4+
5+
PKG_OPTIONS_VAR= PKG_OPTIONS.openssh
6+
PKG_SUPPORTED_OPTIONS= kerberos openssl
7+
PKG_SUGGESTED_OPTIONS= openssl
8+
9+
.include "../../mk/bsd.options.mk"
10+
11+
.if !empty(PKG_OPTIONS:Mopenssl)
12+
.include "../../security/openssl/buildlink3.mk"
13+
CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE:Q}
14+
.else
15+
CONFIGURE_ARGS+= --without-openssl
16+
.endif
17+
18+
.if !empty(PKG_OPTIONS:Mkerberos)
19+
. include "../../mk/krb5.buildlink3.mk"
20+
CONFIGURE_ARGS+= --with-kerberos5=${KRB5BASE}
21+
. if ${KRB5_TYPE} == "mit-krb5"
22+
CONFIGURE_ENV+= ac_cv_search_k_hasafs=no
23+
. endif
24+
.endif

openssh75/patches/patch-auth-pam.c

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
$NetBSD$
2+
3+
Fedora openssh-7.3p1-openssl-1.1.0.patch
4+
5+
--- auth-pam.c.orig 2020-11-11 11:16:04.000000000 +0000
6+
+++ auth-pam.c
7+
@@ -129,6 +129,10 @@ extern u_int utmp_len;
8+
typedef pthread_t sp_pthread_t;
9+
#else
10+
typedef pid_t sp_pthread_t;
11+
+# define pthread_create(a, b, c, d) _ssh_compat_pthread_create(a, b, c, d)
12+
+# define pthread_exit(a) _ssh_compat_pthread_exit(a)
13+
+# define pthread_cancel(a) _ssh_compat_pthread_cancel(a)
14+
+# define pthread_join(a, b) _ssh_compat_pthread_join(a, b)
15+
#endif
16+
17+
struct pam_ctxt {

openssh75/patches/patch-authfd.c

Lines changed: 99 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,99 @@
1+
$NetBSD$
2+
3+
Fedora openssh-7.3p1-openssl-1.1.0.patch
4+
5+
--- authfd.c.orig 2020-11-11 11:16:04.000000000 +0000
6+
+++ authfd.c
7+
@@ -207,15 +207,22 @@ deserialise_identity1(struct sshbuf *ids
8+
int r, keybits;
9+
u_int32_t bits;
10+
char *comment = NULL;
11+
+ BIGNUM *e = NULL, *n = NULL;
12+
13+
if ((key = sshkey_new(KEY_RSA1)) == NULL)
14+
return SSH_ERR_ALLOC_FAIL;
15+
- if ((r = sshbuf_get_u32(ids, &bits)) != 0 ||
16+
- (r = sshbuf_get_bignum1(ids, key->rsa->e)) != 0 ||
17+
- (r = sshbuf_get_bignum1(ids, key->rsa->n)) != 0 ||
18+
- (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0)
19+
+ if ((e = BN_new()) == NULL ||
20+
+ (n = BN_new()) == NULL ||
21+
+ (r = sshbuf_get_u32(ids, &bits)) != 0 ||
22+
+ (r = sshbuf_get_bignum1(ids, e)) != 0 ||
23+
+ (r = sshbuf_get_bignum1(ids, n)) != 0 ||
24+
+ (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0 ||
25+
+ (RSA_set0_key(key->rsa, n, e, NULL) == 0)) {
26+
+ BN_free(n);
27+
+ BN_free(e);
28+
goto out;
29+
- keybits = BN_num_bits(key->rsa->n);
30+
+ }
31+
+ keybits = BN_num_bits(n);
32+
/* XXX previously we just warned here. I think we should be strict */
33+
if (keybits < 0 || bits != (u_int)keybits) {
34+
r = SSH_ERR_KEY_BITS_MISMATCH;
35+
@@ -393,15 +400,17 @@ ssh_decrypt_challenge(int sock, struct s
36+
struct sshbuf *msg;
37+
int r;
38+
u_char type;
39+
+ const BIGNUM *e, *n;
40+
41+
if (key->type != KEY_RSA1)
42+
return SSH_ERR_INVALID_ARGUMENT;
43+
if ((msg = sshbuf_new()) == NULL)
44+
return SSH_ERR_ALLOC_FAIL;
45+
+ RSA_get0_key(key->rsa, &n, &e, NULL);
46+
if ((r = sshbuf_put_u8(msg, SSH_AGENTC_RSA_CHALLENGE)) != 0 ||
47+
- (r = sshbuf_put_u32(msg, BN_num_bits(key->rsa->n))) != 0 ||
48+
- (r = sshbuf_put_bignum1(msg, key->rsa->e)) != 0 ||
49+
- (r = sshbuf_put_bignum1(msg, key->rsa->n)) != 0 ||
50+
+ (r = sshbuf_put_u32(msg, BN_num_bits(n))) != 0 ||
51+
+ (r = sshbuf_put_bignum1(msg, e)) != 0 ||
52+
+ (r = sshbuf_put_bignum1(msg, n)) != 0 ||
53+
(r = sshbuf_put_bignum1(msg, challenge)) != 0 ||
54+
(r = sshbuf_put(msg, session_id, 16)) != 0 ||
55+
(r = sshbuf_put_u32(msg, 1)) != 0) /* Response type for proto 1.1 */
56+
@@ -499,15 +508,19 @@ static int
57+
ssh_encode_identity_rsa1(struct sshbuf *b, RSA *key, const char *comment)
58+
{
59+
int r;
60+
+ const BIGNUM *n, *e, *d, *q, *p, *iqmp;
61+
62+
+ RSA_get0_key(key, &n, &e, &d);
63+
+ RSA_get0_factors(key, &p, &q);
64+
+ RSA_get0_crt_params(key, NULL, NULL, &iqmp);
65+
/* To keep within the protocol: p < q for ssh. in SSL p > q */
66+
- if ((r = sshbuf_put_u32(b, BN_num_bits(key->n))) != 0 ||
67+
- (r = sshbuf_put_bignum1(b, key->n)) != 0 ||
68+
- (r = sshbuf_put_bignum1(b, key->e)) != 0 ||
69+
- (r = sshbuf_put_bignum1(b, key->d)) != 0 ||
70+
- (r = sshbuf_put_bignum1(b, key->iqmp)) != 0 ||
71+
- (r = sshbuf_put_bignum1(b, key->q)) != 0 ||
72+
- (r = sshbuf_put_bignum1(b, key->p)) != 0 ||
73+
+ if ((r = sshbuf_put_u32(b, BN_num_bits(n))) != 0 ||
74+
+ (r = sshbuf_put_bignum1(b, n)) != 0 ||
75+
+ (r = sshbuf_put_bignum1(b, e)) != 0 ||
76+
+ (r = sshbuf_put_bignum1(b, d)) != 0 ||
77+
+ (r = sshbuf_put_bignum1(b, iqmp)) != 0 ||
78+
+ (r = sshbuf_put_bignum1(b, q)) != 0 ||
79+
+ (r = sshbuf_put_bignum1(b, p)) != 0 ||
80+
(r = sshbuf_put_cstring(b, comment)) != 0)
81+
return r;
82+
return 0;
83+
@@ -622,11 +635,13 @@ ssh_remove_identity(int sock, struct ssh
84+
85+
#ifdef WITH_SSH1
86+
if (key->type == KEY_RSA1) {
87+
+ const BIGNUM *e, *n;
88+
+ RSA_get0_key(key->rsa, &n, &e, NULL);
89+
if ((r = sshbuf_put_u8(msg,
90+
SSH_AGENTC_REMOVE_RSA_IDENTITY)) != 0 ||
91+
- (r = sshbuf_put_u32(msg, BN_num_bits(key->rsa->n))) != 0 ||
92+
- (r = sshbuf_put_bignum1(msg, key->rsa->e)) != 0 ||
93+
- (r = sshbuf_put_bignum1(msg, key->rsa->n)) != 0)
94+
+ (r = sshbuf_put_u32(msg, BN_num_bits(n))) != 0 ||
95+
+ (r = sshbuf_put_bignum1(msg, e)) != 0 ||
96+
+ (r = sshbuf_put_bignum1(msg, n)) != 0)
97+
goto out;
98+
} else
99+
#endif

0 commit comments

Comments
 (0)