Update to openssh-3.0.1 and openssh-portable-3.0.1p1

- now in protocol2:
Background ssh at logout when waiting for forwarded connection / X11 sessions
to terminate

disabled -DSKEY

from Changelog (not complete):

20011115
 - (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian
   <djast@cs.toronto.edu> Fix from markus@
 - (djm) Release 3.0.1p1

20011113
 - (djm) Fix early (and double) free of remote user when using Kerberos.
   Patch from Simon Wilkinson <simon@sxw.org.uk>
 - (djm) AIX login{success,failed} changes. Move loginsuccess call to
   do_authenticated. Call loginfailed for protocol 2 failures > MAX like
   we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
   K.Wolkersdorfer@fz-juelich.de and others
 - (djm) OpenBSD CVS Sync
   - dugsong@cvs.openbsd.org 2001/11/11 18:47:10
     [auth-krb5.c]
     fix krb5 authorization check. found by <jhawk@MIT.EDU>. from
     art@, deraadt@ ok
   - markus@cvs.openbsd.org  2001/11/12 11:17:07
     [servconf.c]
     enable authorized_keys2 again. tested by fries@

20011112
 - OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2001/10/24 08:41:41
     [sshd.c]
     mention remote port in debug message
   - markus@cvs.openbsd.org 2001/10/24 08:51:35
     [clientloop.c ssh.c]
     ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
   - markus@cvs.openbsd.org 2001/10/24 19:57:40
     [clientloop.c]
     make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
   - markus@cvs.openbsd.org 2001/10/25 21:14:32
     [ssh-keygen.1 ssh-keygen.c]
     better docu for fingerprinting, ok deraadt@
   - markus@cvs.openbsd.org 2001/10/29 19:27:15
     [sshconnect2.c]
     hostbased: check for client hostkey before building chost
   - markus@cvs.openbsd.org 2001/11/07 16:03:17
     [packet.c packet.h sshconnect2.c]
     pad using the padding field from the ssh2 packet instead of sending
     extra ignore messages. tested against several other ssh servers.
   - markus@cvs.openbsd.org 2001/11/07 21:40:21
     [ssh-rsa.c]
     ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported
   - markus@cvs.openbsd.org 2001/11/07 22:10:28
     [ssh-dss.c ssh-rsa.c]
     missing free and sync dss/rsa code.
   - markus@cvs.openbsd.org 2001/11/07 22:53:21
     [channels.h]
     crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com
   - markus@cvs.openbsd.org 2001/11/08 10:51:08
     [readpass.c]
     don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.
   - markus@cvs.openbsd.org 2001/11/10 13:22:42
     [ssh-rsa.c]
     KNF (unexpand)
   - markus@cvs.openbsd.org 2001/11/11 13:02:31
     [servconf.c]
     make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if
     AuthorizedKeysFile is specified.

20011109
 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
   if permit_empty_passwd == 0 so null password check cannot be bypassed.
   jayaraj@amritapuri.com OpenBSD bug 2168

4 files changed, 20 insertions, 23 deletions

diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index 3fc5b56..4284769 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -6,12 +6,13 @@
 #
 
 PORTNAME=	openssh
-PORTVERSION=	3.0
+PORTVERSION=	3.0.1
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
 		ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
 		ftp://ftp1.se.openbsd.org/pub/OpenBSD/OpenSSH/
 DISTNAME=	openssh-${PORTVERSION}
+PATCHFILES=	openbsd2x_3.0.1.patch
 EXTRACT_SUFX=	.tgz
 
 MAINTAINER=	dinoex@FreeBSD.org
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index 9198f8f..6160b0b 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1 +1,2 @@
-MD5 (openssh-3.0.tgz) = b7b0bb52480d966c9578e46b2fe35143
+MD5 (openssh-3.0.1.tgz) = 7101eb5ad3546e1031e5358a6d40c009
+MD5 (openbsd2x_3.0.1.patch) = 8215a1278530ae84640dd866743f2002
diff --git a/security/openssh/files/patch-ad b/security/openssh/files/patch-ad
index 7dcdab1..f3bbcbb 100644
--- a/security/openssh/files/patch-ad
+++ b/security/openssh/files/patch-ad
@@ -1,22 +1,19 @@
---- lib/Makefile.orig	Mon Sep 24 22:34:07 2001
-+++ lib/Makefile	Wed Oct  3 13:45:40 2001
-@@ -9,10 +9,14 @@
+--- lib/Makefile.orig	Tue Jun 26 19:52:41 2001
++++ lib/Makefile	Thu Nov 15 06:10:43 2001
+@@ -9,7 +9,11 @@
  	rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
  	key.c dispatch.c kex.c mac.c uuencode.c misc.c \
  	rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \
 -	scard.c
 +	scard.c strlcpy.c strlcat.c
- 
- SRCS+=	readpassphrase.c
- 
++
 +.if defined(COMPAT_GETADDRINFO)
 +SRCS+=	getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c
 +.endif
-+
+ 
  NOPROFILE= yes
  NOPIC=	yes
- 
-@@ -20,6 +24,8 @@
+@@ -18,6 +22,8 @@
  	@echo -n
  
  .include <bsd.own.mk>
diff --git a/security/openssh/files/patch-am b/security/openssh/files/patch-am
index 8c88701..1cf6fe0 100644
--- a/security/openssh/files/patch-am
+++ b/security/openssh/files/patch-am
@@ -1,6 +1,6 @@
---- sshd/Makefile.orig	Sun Aug 20 14:42:41 2000
-+++ sshd/Makefile	Sat Nov  4 17:08:36 2000
-@@ -3,8 +3,8 @@
+--- sshd/Makefile.orig	Fri Nov 16 06:02:09 2001
++++ sshd/Makefile	Fri Nov 16 06:03:51 2001
+@@ -5,8 +5,8 @@
  PROG=	sshd
  BINOWN=	root
  BINMODE=555
@@ -9,17 +9,17 @@
 +BINDIR=	/sbin
 +MAN8=	sshd.8
  CFLAGS+=-DHAVE_LOGIN_CAP
+ #CFLAGS+=-DBSD_AUTH
  
- SRCS=	sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
-@@ -12,6 +12,7 @@
- 	auth.c auth1.c auth2.c auth-options.c session.c
+@@ -17,6 +17,7 @@
+ 	auth-skey.c auth-bsdauth.c
  
  .include <bsd.own.mk> # for KERBEROS and AFS
 +.include "../Makefile.inc"
  
- .if (${KERBEROS} == "yes")
- .if (${AFS} == "yes")
-@@ -19,9 +20,9 @@
+ .if (${KERBEROS5:L} == "yes")
+ CFLAGS+=-DKRB5 -I${DESTDIR}/usr/include/kerberosV
+@@ -31,15 +32,15 @@
  LDADD+=  -lkafs
  DPADD+=  ${LIBKRBAFS}
  .endif # AFS
@@ -31,12 +31,10 @@
  DPADD+=	 ${LIBKRB}
  .endif # KERBEROS
  
-@@ -31,7 +32,7 @@
- 
  .include <bsd.prog.mk>
  
 -LDADD+=	-lcrypto -lutil -lz
 +LDADD+=	${CRYPTOLIBS} -lcrypt -lutil -lz
  DPADD+=	${LIBCRYPTO} ${LIBUTIL} ${LIBZ}
  
- .if (${TCP_WRAPPERS} == "yes")
+ .if (${TCP_WRAPPERS:L} == "yes")