Have ssh use rresvport() to get a privileged socket instead of doing it

itself.  This means it obeys the portrange sysctl's.

2 files changed, 52 insertions, 0 deletions

diff --git a/security/ssh/files/patch-al b/security/ssh/files/patch-al
new file mode 100644
index 0000000..4add248
--- /dev/null
+++ b/security/ssh/files/patch-al
@@ -0,0 +1,26 @@
+*** sshconnect.c.dist	Thu Jun  6 21:47:06 1996
+--- sshconnect.c	Mon Aug 12 13:26:46 1996
+***************
+*** 235,240 ****
+--- 235,245 ----
+      {
+        struct sockaddr_in sin;
+        int p;
++ #if defined(__FreeBSD__)  && !defined(SOCKS)
++       sock = rresvport(&p);
++       if (sock < 0)
++ 	fatal("rresvport: %.100s", strerror(errno));
++ #else
+        for (p = 1023; p > 512; p--)
+  	{
+  	  sock = socket(AF_INET, SOCK_STREAM, 0);
+***************
+*** 262,267 ****
+--- 267,273 ----
+  	    }
+  	  fatal("bind: %.100s", strerror(errno));
+  	}
++ #endif
+        debug("Allocated local port %d.", p);
+      }
+    else
diff --git a/security/ssh2/files/patch-al b/security/ssh2/files/patch-al
new file mode 100644
index 0000000..4add248
--- /dev/null
+++ b/security/ssh2/files/patch-al
@@ -0,0 +1,26 @@
+*** sshconnect.c.dist	Thu Jun  6 21:47:06 1996
+--- sshconnect.c	Mon Aug 12 13:26:46 1996
+***************
+*** 235,240 ****
+--- 235,245 ----
+      {
+        struct sockaddr_in sin;
+        int p;
++ #if defined(__FreeBSD__)  && !defined(SOCKS)
++       sock = rresvport(&p);
++       if (sock < 0)
++ 	fatal("rresvport: %.100s", strerror(errno));
++ #else
+        for (p = 1023; p > 512; p--)
+  	{
+  	  sock = socket(AF_INET, SOCK_STREAM, 0);
+***************
+*** 262,267 ****
+--- 267,273 ----
+  	    }
+  	  fatal("bind: %.100s", strerror(errno));
+  	}
++ #endif
+        debug("Allocated local port %d.", p);
+      }
+    else