Index: head/security/openssh-portable/Makefile =================================================================== --- head/security/openssh-portable/Makefile (revision 484841) +++ head/security/openssh-portable/Makefile (revision 484842) @@ -1,225 +1,243 @@ # Created by: dwcjr@inethouston.net # $FreeBSD$ PORTNAME= openssh DISTVERSION= 7.9p1 PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= OPENBSD/OpenSSH/portable PKGNAMESUFFIX?= -portable MAINTAINER= bdrewery@FreeBSD.org COMMENT= The portable version of OpenBSD's OpenSSH #LICENSE= BSD2,BSD3,MIT,public domain,BSD-Style,BEER-WARE,"any purpose with notice intact",ISC-Style #LICENSE_FILE= ${WRKSRC}/LICENCE CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.* openssh-portable-devel-* USES= alias autoreconf ncurses ssl GNU_CONFIGURE= yes CONFIGURE_ENV= ac_cv_func_strnvis=no CONFIGURE_ARGS= --prefix=${PREFIX} --with-md5-passwords \ --without-zlib-version-check --with-ssl-engine \ --with-mantype=man ETCOLD= ${PREFIX}/etc -FLAVORS= default hpn -default_CONFLICTS_INSTALL= openssl-portable-hpn -hpn_CONFLICTS_INSTALL= openssh-portable +FLAVORS= default hpn gssapi x509 +default_CONFLICTS_INSTALL= openssh-portable-hpn openssh-portable-gssapi \ + openssh-portable-x509 +hpn_CONFLICTS_INSTALL= openssh-portable openssh-portable-gssapi \ + openssh-portable-x509 hpn_PKGNAMESUFFIX= -portable-hpn +gssapi_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \ + openssh-portable-x509 +gssapi_PKGNAMESUFFIX= -portable-gssapi +x509_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \ + openssh-portable-gssapi +x509_PKGNAMESUFFIX= -portable-x509 OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \ HPN X509 KERB_GSSAPI \ LDNS NONECIPHER XMSS OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS .if ${FLAVOR:U} == hpn OPTIONS_DEFAULT+= HPN NONECIPHER .endif +.if ${FLAVOR:U} == gssapi +OPTIONS_DEFAULT+= KERB_GSSAPI MIT +.endif +.if ${FLAVOR:U} == x509 +OPTIONS_DEFAULT+= X509 +.endif OPTIONS_RADIO= KERBEROS OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE TCP_WRAPPERS_DESC= tcp_wrappers support BSM_DESC= OpenBSM Auditing KERB_GSSAPI_DESC= Kerberos/GSSAPI patch (req: GSSAPI) HPN_DESC= HPN-SSH patch LDNS_DESC= SSHFP/LDNS support X509_DESC= x509 certificate patch HEIMDAL_DESC= Heimdal Kerberos (security/heimdal) HEIMDAL_BASE_DESC= Heimdal Kerberos (base) MIT_DESC= MIT Kerberos (security/krb5) NONECIPHER_DESC= NONE Cipher support XMSS_DESC= XMSS key support (experimental) OPTIONS_SUB= yes TCP_WRAPPERS_EXTRA_PATCHES=${FILESDIR}/extra-patch-tcpwrappers LDNS_CONFIGURE_WITH= ldns=${LOCALBASE} LDNS_LIB_DEPENDS= libldns.so:dns/ldns LDNS_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ldns LDNS_CFLAGS= -I${LOCALBASE}/include LDNS_CONFIGURE_ON= --with-ldflags='-L${LOCALBASE}/lib' HPN_CONFIGURE_WITH= hpn NONECIPHER_CONFIGURE_WITH= nonecipher # See http://www.roumenpetrov.info/openssh/ X509_VERSION= 11.5 X509_PATCH_SITES= http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509 X509_EXTRA_PATCHES+= ${FILESDIR}/extra-patch-x509-glue X509_PATCHFILES= ${PORTNAME}-7.9p1+x509-${X509_VERSION}.diff.gz:-p1:x509 MIT_LIB_DEPENDS= libkrb5.so.3:security/krb5 HEIMDAL_LIB_DEPENDS= libkrb5.so.26:security/heimdal PAM_CONFIGURE_WITH= pam TCP_WRAPPERS_CONFIGURE_WITH= tcp-wrappers LIBEDIT_CONFIGURE_WITH= libedit LIBEDIT_USES= libedit BSM_CONFIGURE_ON= --with-audit=bsm ETCDIR?= ${PREFIX}/etc/ssh .include PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex +# Upstream OpenSSL fix but does not apply for x509 patch. +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969 + # X509 patch includes TCP Wrapper support already .if ${PORT_OPTIONS:MX509} EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}} +EXTRA_PATCHES:= ${EXTRA_PATCHES:N${FILESDIR}/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969} .endif # Must add this patch before HPN due to conflicts .if ${PORT_OPTIONS:MKERB_GSSAPI} #BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. # Patch from: # https://sources.debian.org/data/main/o/openssh/1:7.7p1-2/debian/patches/gssapi.patch # which was originally based on 5.7 patch from # http://www.sxw.org.uk/computing/patches/ # It is mirrored simply to apply gzip -9. . if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} # Needed glue for applying HPN patch without conflict EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue . endif -PATCHFILES+= openssh-7.7p1-gsskex-all-20141021-debian-rh-20171004.patch.gz:-p1:gsskex +PATCHFILES+= openssh-7.9p1-gsskex-all-20141021-debian-rh-20181020.patch.gz:-p1:gsskex .endif # https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1 .if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} #BROKEN= HPN: Not yet updated for ${DISTVERSION} yet. PORTDOCS+= HPN-README HPN_VERSION= 14v15 HPN_DISTVERSION= 7.7p1 #PATCH_SITES+= SOURCEFORGE/hpnssh/HPN-SSH%20${HPN_VERSION}%20${HPN_DISTVERSION}/:hpn #PATCHFILES+= ${PORTNAME}-${HPN_DISTVERSION}-hpnssh${HPN_VERSION}.diff.gz:-p1:hpn EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn:-p2 .elif !${PORT_OPTIONS:MHPN} && !${PORT_OPTIONS:MNONECIPHER} # Apply compatibility patch EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-compat .endif CONFIGURE_LIBS+= -lutil CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog # Keep this last EXTRA_PATCHES+= ${FILESDIR}/extra-patch-version-addendum .if ${PORT_OPTIONS:MX509} . if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} BROKEN= X509 patch and HPN patch do not apply cleanly together . endif . if ${PORT_OPTIONS:MKERB_GSSAPI} BROKEN= X509 patch incompatible with KERB_GSSAPI patch . endif .endif .if ${PORT_OPTIONS:MHEIMDAL_BASE} && ${PORT_OPTIONS:MKERB_GSSAPI} BROKEN= KERB_GSSAPI Requires either MIT or HEMIDAL, does not build with base Heimdal currently .endif .if ${PORT_OPTIONS:MHEIMDAL_BASE} && !exists(/usr/lib/libkrb5.so) IGNORE= you have selected HEIMDAL_BASE but do not have heimdal installed in base .endif .if ${PORT_OPTIONS:MMIT} || ${PORT_OPTIONS:MHEIMDAL} || ${PORT_OPTIONS:MHEIMDAL_BASE} . if ${PORT_OPTIONS:MHEIMDAL_BASE} CONFIGURE_LIBS+= -lgssapi_krb5 CONFIGURE_ARGS+= --with-kerberos5=/usr . else CONFIGURE_ARGS+= --with-kerberos5=${LOCALBASE} . endif . if ${OPENSSLBASE} == "/usr" CONFIGURE_ARGS+= --without-rpath LDFLAGS= # empty . endif .else . if ${PORT_OPTIONS:MKERB_GSSAPI} IGNORE= KERB_GSSAPI requires one of MIT HEIMDAL or HEIMDAL_BASE . endif .endif .if ${OPENSSLBASE} != "/usr" CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE} .endif EMPTYDIR= /var/empty USE_RC_SUBR= openssh # After all CONFIGURE_ARGS+= --sysconfdir=${ETCDIR} --with-privsep-path=${EMPTYDIR} .if !empty(CONFIGURE_LIBS) CONFIGURE_ARGS+= --with-libs='${CONFIGURE_LIBS}' .endif CONFIGURE_ARGS+= --with-xauth=${LOCALBASE}/bin/xauth RC_SCRIPT_NAME= openssh VERSION_ADDENDUM_DEFAULT?= ${OPSYS}-${PKGNAME} post-patch: @${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure @${REINPLACE_CMD} \ -e 's|install: \(.*\) host-key check-config|install: \1|g' \ ${WRKSRC}/Makefile.in @${REINPLACE_CMD} -e 's|%%PREFIX%%|${LOCALBASE}|' \ -e 's|%%RC_SCRIPT_NAME%%|${RC_SCRIPT_NAME}|' ${WRKSRC}/sshd.8 @${REINPLACE_CMD} \ -e 's|\(VersionAddendum\) none|\1 ${VERSION_ADDENDUM_DEFAULT}|' \ ${WRKSRC}/sshd_config @${REINPLACE_CMD} \ -e 's|%%SSH_VERSION_FREEBSD_PORT%%|${VERSION_ADDENDUM_DEFAULT}|' \ ${WRKSRC}/sshd_config.5 @${ECHO_CMD} '#define SSH_VERSION_FREEBSD_PORT "${VERSION_ADDENDUM_DEFAULT}"' >> \ ${WRKSRC}/version.h post-configure-XMSS-on: @${ECHO_CMD} "#define WITH_XMSS 1" >> ${WRKSRC}/config.h post-install: ${MV} ${STAGEDIR}${ETCDIR}/ssh_config \ ${STAGEDIR}${ETCDIR}//ssh_config.sample ${MV} ${STAGEDIR}${ETCDIR}/sshd_config \ ${STAGEDIR}${ETCDIR}/sshd_config.sample .if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} ${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/HPN-README ${STAGEDIR}${DOCSDIR} .endif test: build cd ${WRKSRC} && ${SETENV} -i \ OBJ=${WRKDIR} ${MAKE_ENV} \ TEST_SHELL=${SH} \ SUDO="${SUDO}" \ LOGNAME="${LOGNAME}" \ TEST_SSH_TRACE=yes \ PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \ ${MAKE_CMD} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} tests .include Index: head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 =================================================================== --- head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 (revision 484841) +++ head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 (nonexistent) @@ -1,19 +0,0 @@ -commit c0a35265907533be10ca151ac797f34ae0d68969 -Author: Damien Miller -Date: Mon Oct 22 11:22:50 2018 +1100 - - fix compile for openssl 1.0.x w/ --with-ssl-engine - - bz#2921, patch from cotequeiroz - ---- openbsd-compat/openssl-compat.c.orig 2018-11-12 12:52:26 UTC -+++ openbsd-compat/openssl-compat.c -@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void) - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); - --#if OPENSSL_VERSION_NUMBER < 0x10001000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - OPENSSL_config(NULL); - #else - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | Property changes on: head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/openssh-portable/files/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969 =================================================================== --- head/security/openssh-portable/files/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969 (nonexistent) +++ head/security/openssh-portable/files/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969 (revision 484842) @@ -0,0 +1,19 @@ +commit c0a35265907533be10ca151ac797f34ae0d68969 +Author: Damien Miller +Date: Mon Oct 22 11:22:50 2018 +1100 + + fix compile for openssl 1.0.x w/ --with-ssl-engine + + bz#2921, patch from cotequeiroz + +--- openbsd-compat/openssl-compat.c.orig 2018-11-12 12:52:26 UTC ++++ openbsd-compat/openssl-compat.c +@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void) + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); + +-#if OPENSSL_VERSION_NUMBER < 0x10001000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + OPENSSL_config(NULL); + #else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | Property changes on: head/security/openssh-portable/files/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/security/openssh-portable/files/extra-patch-x509-glue =================================================================== --- head/security/openssh-portable/files/extra-patch-x509-glue (revision 484841) +++ head/security/openssh-portable/files/extra-patch-x509-glue (revision 484842) @@ -1,191 +1,152 @@ ---- session.c.orig 2017-10-12 11:52:52.953370000 -0700 -+++ session.c 2017-10-12 11:53:40.793055000 -0700 -@@ -1062,36 +1062,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char * - if (getenv("TZ")) - child_set_env(&env, &envsize, "TZ", getenv("TZ")); - --#ifdef __ANDROID__ --{ --#define COPY_ANDROID_ENV(name) { \ -- char *s = getenv(name); \ -- if (s) child_set_env(&env, &envsize, name, s); } -- -- /* from /init.rc */ -- COPY_ANDROID_ENV("ANDROID_BOOTLOGO"); -- COPY_ANDROID_ENV("ANDROID_ROOT"); -- COPY_ANDROID_ENV("ANDROID_ASSETS"); -- COPY_ANDROID_ENV("ANDROID_DATA"); -- COPY_ANDROID_ENV("ASEC_MOUNTPOINT"); -- COPY_ANDROID_ENV("LOOP_MOUNTPOINT"); -- COPY_ANDROID_ENV("BOOTCLASSPATH"); -- -- /* FIXME: keep android property workspace open -- * (see openbsd-compat/bsd-closefrom.c) -- */ -- COPY_ANDROID_ENV("ANDROID_PROPERTY_WORKSPACE"); -- -- COPY_ANDROID_ENV("EXTERNAL_STORAGE"); /* ??? */ -- COPY_ANDROID_ENV("SECONDARY_STORAGE"); /* ??? */ -- COPY_ANDROID_ENV("SD_EXT_DIRECTORY"); /* ??? */ -- -- /* may contain path to custom libraries */ -- COPY_ANDROID_ENV("LD_LIBRARY_PATH"); --#undef COPY_ANDROID_ENV --} --#endif -- - /* Set custom environment options from pubkey authentication. */ - if (options.permit_user_env) { - for (n = 0 ; n < auth_opts->nenv; n++) { --- sshd_config.5.orig 2017-10-12 11:51:06.638814000 -0700 +++ sshd_config.5 2017-10-12 11:51:33.780459000 -0700 @@ -1682,7 +1682,57 @@ is set to then the pre-authentication unprivileged process is subject to additional restrictions. The default is -.Cm sandbox . +.Cm no . +.It Cm VersionAddendum +Optionally specifies additional text to append to the SSH protocol banner +sent by the server upon connection. +The default is +.Cm none . +.It Cm X11DisplayOffset +Specifies the first display number available for +.Xr sshd 8 Ns 's +X11 forwarding. +This prevents sshd from interfering with real X11 servers. +The default is 10. +.It Cm X11Forwarding +Specifies whether X11 forwarding is permitted. +The argument must be +.Cm yes +or +.Cm no . +The default is +.Cm no . +.Pp +When X11 forwarding is enabled, there may be additional exposure to +the server and to client displays if the +.Xr sshd 8 +proxy display is configured to listen on the wildcard address (see +.Cm X11UseLocalhost ) , +though this is not the default. +Additionally, the authentication spoofing and authentication data +verification and substitution occur on the client side. +The security risk of using X11 forwarding is that the client's X11 +display server may be exposed to attack when the SSH client requests +forwarding (see the warnings for +.Cm ForwardX11 +in +.Xr ssh_config 5 ) . +A system administrator may have a stance in which they want to +protect clients that may expose themselves to attack by unwittingly +requesting X11 forwarding, which can warrant a +.Cm no +setting. +.Pp +Note that disabling X11 forwarding does not prevent users from +forwarding X11 traffic, as users can always install their own forwarders. +.It Cm X11UseLocalhost +Specifies whether +.Xr sshd 8 +should bind the X11 forwarding server to the loopback address or to +the wildcard address. +By default, +sshd binds the forwarding server to the loopback address and sets the +hostname part of the .It Cm VACertificateFile File with X.509 certificates in PEM format concatenated together. In use when @@ -1735,56 +1785,6 @@ URL of the OCSP provider. In use when .Cm VAType is set to .Cm ocspspec . -.It Cm VersionAddendum -Optionally specifies additional text to append to the SSH protocol banner -sent by the server upon connection. -The default is -.Cm none . -.It Cm X11DisplayOffset -Specifies the first display number available for -.Xr sshd 8 Ns 's -X11 forwarding. -This prevents sshd from interfering with real X11 servers. -The default is 10. -.It Cm X11Forwarding -Specifies whether X11 forwarding is permitted. -The argument must be -.Cm yes -or -.Cm no . -The default is -.Cm no . -.Pp -When X11 forwarding is enabled, there may be additional exposure to -the server and to client displays if the -.Xr sshd 8 -proxy display is configured to listen on the wildcard address (see -.Cm X11UseLocalhost ) , -though this is not the default. -Additionally, the authentication spoofing and authentication data -verification and substitution occur on the client side. -The security risk of using X11 forwarding is that the client's X11 -display server may be exposed to attack when the SSH client requests -forwarding (see the warnings for -.Cm ForwardX11 -in -.Xr ssh_config 5 ) . -A system administrator may have a stance in which they want to -protect clients that may expose themselves to attack by unwittingly -requesting X11 forwarding, which can warrant a -.Cm no -setting. -.Pp -Note that disabling X11 forwarding does not prevent users from -forwarding X11 traffic, as users can always install their own forwarders. -.It Cm X11UseLocalhost -Specifies whether -.Xr sshd 8 -should bind the X11 forwarding server to the loopback address or to -the wildcard address. -By default, -sshd binds the forwarding server to the loopback address and sets the -hostname part of the .Ev DISPLAY environment variable to .Cm localhost . --- openbsd-compat/port-net.c 2018-06-26 15:18:43.551904000 -0700 +++ openbsd-compat/port-net.c.orig 2018-04-01 22:38:28.000000000 -0700 @@ -186,8 +185,8 @@ sys_tun_open(int tun, int mode, char **ifname) else debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd); - if (ifname != NULL) - *ifname = xstrdup(ifr.ifr_name); + if (ifname != NULL && (*ifname = strdup(ifr.ifr_name))) + goto failed; return (fd); @@ -273,8 +272,8 @@ sys_tun_open(int tun, int mode, char **ifname) goto failed; } - if (ifname != NULL) - *ifname = xstrdup(ifr.ifr_name); + if (ifname != NULL && (*ifname = strdup(ifr.ifr_name))) + goto failed; close(sock); return (fd); --- ssh.c.orig 2018-04-01 22:38:28.000000000 -0700 +++ ssh.c 2018-06-26 15:22:02.947595000 -0700 @@ -1411,6 +1323,7 @@ main(int ac, char **av) (char *)NULL); free(cp); } + free(conn_hash_hex); if (config_test) { dump_client_config(&options, host); Index: head/security/openssh-portable/files/patch-session.c =================================================================== --- head/security/openssh-portable/files/patch-session.c (revision 484841) +++ head/security/openssh-portable/files/patch-session.c (revision 484842) @@ -1,84 +1,81 @@ ------------------------------------------------------------------------ r99055 | des | 2002-06-29 04:21:58 -0700 (Sat, 29 Jun 2002) | 6 lines Changed paths: M /head/crypto/openssh/session.c Make sure the environment variables set by setusercontext() are passed on to the child process. Reviewed by: ache Sponsored by: DARPA, NAI Labs --- session.c.orig 2018-10-16 17:01:20.000000000 -0700 +++ session.c 2018-11-10 11:45:14.645263000 -0800 @@ -1020,6 +1020,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char * struct passwd *pw = s->pw; #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) char *path = NULL; +#else + extern char **environ; + char **senv, **var; #endif /* Initialize the environment. */ @@ -1041,6 +1044,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char * } #endif + if (getenv("TZ")) + child_set_env(&env, &envsize, "TZ", getenv("TZ")); + #ifdef GSSAPI /* Allow any GSSAPI methods that we've used to alter * the childs environment as they see fit @@ -1058,11 +1064,21 @@ do_setup_env(struct ssh *ssh, Session *s, const char * child_set_env(&env, &envsize, "LOGIN", pw->pw_name); #endif child_set_env(&env, &envsize, "HOME", pw->pw_dir); + snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); + child_set_env(&env, &envsize, "MAIL", buf); #ifdef HAVE_LOGIN_CAP - if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) - child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); - else - child_set_env(&env, &envsize, "PATH", getenv("PATH")); + child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); + child_set_env(&env, &envsize, "TERM", "su"); + senv = environ; + environ = xmalloc(sizeof(char *)); + *environ = NULL; + (void) setusercontext(lc, pw, pw->pw_uid, + LOGIN_SETENV|LOGIN_SETPATH); -+ copy_environment(environ, &env, &envsize); ++ copy_environment_blacklist(environ, &env, &envsize, NULL); + for (var = environ; *var != NULL; ++var) + free(*var); + free(environ); + environ = senv; #else /* HAVE_LOGIN_CAP */ # ifndef HAVE_CYGWIN /* -@@ -1082,14 +1098,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char * +@@ -1082,11 +1098,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char * # endif /* HAVE_CYGWIN */ #endif /* HAVE_LOGIN_CAP */ - snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); - child_set_env(&env, &envsize, "MAIL", buf); - /* Normal systems set SHELL by default. */ child_set_env(&env, &envsize, "SHELL", shell); - if (getenv("TZ")) - child_set_env(&env, &envsize, "TZ", getenv("TZ")); - if (s->term) - child_set_env(&env, &envsize, "TERM", s->term); - if (s->display) @@ -1389,7 +1400,7 @@ do_setusercontext(struct passwd *pw) if (platform_privileged_uidswap()) { #ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid, - (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { + (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUSER))) < 0) { perror("unable to set user context"); exit(1); }