openpkg-packages/openssh/openssh.patch

Index: version.h
--- version.h.orig	2003-09-23 11:26:51.000000000 +0200
+++ version.h	2003-09-27 12:30:35.000000000 +0200
@@ -1,3 +1,3 @@
 /* $OpenBSD: version.h,v 1.39 2003/09/16 21:02:40 markus Exp $ */
 
-#define SSH_VERSION	"OpenSSH_3.7.1p2"
+#define SSH_VERSION	"OpenSSH_3.7.1p2 @l_openpkg_release@"
Index: session.c
--- session.c.orig	2003-09-23 10:59:08.000000000 +0200
+++ session.c	2003-09-27 12:29:28.000000000 +0200
@@ -1268,6 +1268,26 @@
 			exit(1);
 		}
 		endgrent();
+# ifdef USE_CHROOT
+		{
+			char *user_dir;
+			char *new_root;
+			user_dir = xstrdup(pw->pw_dir);
+			new_root = user_dir + 1;
+			while ((new_root = strchr(new_root, '.')) != NULL) {
+			    new_root--;
+			    if (strncmp(new_root, "/./", 3) == 0) {
+			        *new_root = '\0';
+			        new_root += 2;
+			        if (chroot(user_dir) == -1)
+			            fatal("Couldn't chroot to user directory \"%s\"", user_dir);
+			        pw->pw_dir = new_root;
+			        break;
+			    }
+			    new_root += 2;
+			}
+		}
+# endif /* USE_CHROOT */
 # ifdef USE_PAM
 		/*
 		 * PAM credentials may take the form of supplementary groups. 
Index: sftp-server.c
--- sftp-server.c.orig	2003-08-22 01:34:41.000000000 +0200
+++ sftp-server.c	2003-12-23 22:02:33.000000000 +0100
@@ -1037,6 +1037,38 @@
 	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
 #endif
 
+#ifdef USE_CHROOT
+{
+	char *user_dir;
+	char *new_root;
+	user_dir = getenv("HOME");
+	if (user_dir == NULL)
+		fatal("HOME variable not found in environment");
+	new_root = user_dir + 1;
+	while ((new_root = strchr(new_root, '.')) != NULL) {
+		new_root--;
+		if (strncmp(new_root, "/./", 3) == 0) {
+			*new_root = '\0';
+			new_root += 2;
+			if (geteuid() == 0) {
+				/* chroot to subdir and adjust HOME for remaining path */
+				if (chroot(user_dir) == -1)
+					fatal("Couldn't chroot to user directory \"%s\": %s", user_dir, strerror(errno));
+				if (setuid(getuid()) == -1)
+					fatal("Couldn't drop privileges: %s", strerror(errno));
+				setenv("HOME", new_root, 1);
+			}
+			else {
+				/* ignore chroot request and adjust HOME for preceeding path */
+				setenv("HOME", user_dir, 1);
+			}
+			break;
+		}
+		new_root += 2;
+	}
+}
+#endif /* USE_CHROOT */
+
 	in = dup(STDIN_FILENO);
 	out = dup(STDOUT_FILENO);
 
Index: auth-pam.h
--- auth-pam.h.orig	2003-09-02 15:18:53.000000000 +0200
+++ auth-pam.h	2003-09-27 12:29:28.000000000 +0200
@@ -28,7 +28,7 @@
 #ifdef USE_PAM
 
 #if !defined(SSHD_PAM_SERVICE)
-# define SSHD_PAM_SERVICE		__progname
+# define SSHD_PAM_SERVICE		"openssh"
 #endif
 
 void start_pam(const char *);
Index: Makefile.in
--- Makefile.in.orig	2003-09-22 03:00:12.000000000 +0200
+++ Makefile.in	2003-09-27 12:29:28.000000000 +0200
@@ -224,7 +224,7 @@
 	$(AUTORECONF)
 	(cd scard && $(MAKE) -f Makefile.in distprep)
 
-install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files host-key check-config
+install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files host-key
 install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files
 
 check-config:
Index: configure
--- configure.orig	2003-12-03 18:30:30.000000000 +0100
+++ configure	2003-12-03 18:29:05.000000000 +0100
@@ -6452,92 +6452,6 @@
 
 fi;
 
-# Check whether user wants TCP wrappers support
-TCPW_MSG="no"
-
-# Check whether --with-tcp-wrappers or --without-tcp-wrappers was given.
-if test "${with_tcp_wrappers+set}" = set; then
-  withval="$with_tcp_wrappers"
-
-		if test "x$withval" != "xno" ; then
-			saved_LIBS="$LIBS"
-			saved_LDFLAGS="$LDFLAGS"
-			saved_CPPFLAGS="$CPPFLAGS"
-			if test -n "${withval}" -a "${withval}" != "yes"; then
-				if test -d "${withval}/lib"; then
-					if test -n "${need_dash_r}"; then
-						LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
-					else
-						LDFLAGS="-L${withval}/lib ${LDFLAGS}"
-					fi
-				else
-					if test -n "${need_dash_r}"; then
-						LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
-					else
-						LDFLAGS="-L${withval} ${LDFLAGS}"
-					fi
-				fi
-				if test -d "${withval}/include"; then
-					CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
-				else
-					CPPFLAGS="-I${withval} ${CPPFLAGS}"
-				fi
-			fi
-			LIBWRAP="-lwrap"
-			LIBS="$LIBWRAP $LIBS"
-			echo "$as_me:6488: checking for libwrap" >&5
-echo $ECHO_N "checking for libwrap... $ECHO_C" >&6
-			cat >conftest.$ac_ext <<_ACEOF
-#line 6491 "configure"
-#include "confdefs.h"
-
-#include <tcpd.h>
-					int deny_severity = 0, allow_severity = 0;
-
-int
-main ()
-{
-hosts_access(0);
-  ;
-  return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:6506: \"$ac_link\"") >&5
-  (eval $ac_link) 2>&5
-  ac_status=$?
-  echo "$as_me:6509: \$? = $ac_status" >&5
-  (exit $ac_status); } &&
-         { ac_try='test -s conftest$ac_exeext'
-  { (eval echo "$as_me:6512: \"$ac_try\"") >&5
-  (eval $ac_try) 2>&5
-  ac_status=$?
-  echo "$as_me:6515: \$? = $ac_status" >&5
-  (exit $ac_status); }; }; then
-
-					echo "$as_me:6518: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-					cat >>confdefs.h <<\EOF
-#define LIBWRAP 1
-EOF
-
-					TCPW_MSG="yes"
-
-else
-  echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-
-					{ { echo "$as_me:6530: error: *** libwrap missing" >&5
-echo "$as_me: error: *** libwrap missing" >&2;}
-   { (exit 1); exit 1; }; }
-
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-			LIBS="$saved_LIBS"
-		fi
-
-fi;
-
 for ac_func in \
 	arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename \
 	bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
@@ -15674,6 +15588,96 @@
 
 fi;
 
+#---------------------------------------------------
+
+# Check whether user wants TCP wrappers support
+TCPW_MSG="no"
+
+# Check whether --with-tcp-wrappers or --without-tcp-wrappers was given.
+if test "${with_tcp_wrappers+set}" = set; then
+  withval="$with_tcp_wrappers"
+
+		if test "x$withval" != "xno" ; then
+			saved_LIBS="$LIBS"
+			saved_LDFLAGS="$LDFLAGS"
+			saved_CPPFLAGS="$CPPFLAGS"
+			if test -n "${withval}" -a "${withval}" != "yes"; then
+				if test -d "${withval}/lib"; then
+					if test -n "${need_dash_r}"; then
+						LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+					else
+						LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+					fi
+				else
+					if test -n "${need_dash_r}"; then
+						LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+					else
+						LDFLAGS="-L${withval} ${LDFLAGS}"
+					fi
+				fi
+				if test -d "${withval}/include"; then
+					CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+				else
+					CPPFLAGS="-I${withval} ${CPPFLAGS}"
+				fi
+			fi
+			LIBWRAP="-lwrap"
+			LIBS="$LIBWRAP $LIBS"
+			echo "$as_me:6488: checking for libwrap" >&5
+echo $ECHO_N "checking for libwrap... $ECHO_C" >&6
+			cat >conftest.$ac_ext <<_ACEOF
+#line 6491 "configure"
+#include "confdefs.h"
+
+#include <tcpd.h>
+					int deny_severity = 0, allow_severity = 0;
+
+int
+main ()
+{
+hosts_access(0);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:6506: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:6509: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:6512: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:6515: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+
+					echo "$as_me:6518: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+					cat >>confdefs.h <<\EOF
+#define LIBWRAP 1
+EOF
+
+					TCPW_MSG="yes"
+
+else
+  echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+
+					{ { echo "$as_me:6530: error: *** libwrap missing" >&5
+echo "$as_me: error: *** libwrap missing" >&2;}
+   { (exit 1); exit 1; }; }
+
+fi
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
+			LIBS="$saved_LIBS"
+		fi
+
+fi;
+
+#---------------------------------------------------
+
 echo "$as_me:15677: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5
 echo $ECHO_N "checking if we need to convert IPv4 in IPv6-mapped addresses... $ECHO_C" >&6
 IPV4_IN6_HACK_MSG="no"