kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/security/ssh2/Makefile

109 lines
3 KiB
Makefile
Raw Normal View History

Secure shell client and server (remote login program). PR: ports/8204 Submitted by: Issei Suzuki <issei@jp.FreeBSD.ORG>
1998-11-23 06:15:17 +01:00
# New ports collection makefile for: ssh2
# Date created: 5 Oct 1998
FreeBSD.ORG -> FreeBSD.org Prompted by PR: 13476, 13477 Submitted by: KATO Tsuguru
1999-08-31 08:53:31 +02:00
# Whom: Issei Suzuki <issei@jp.FreeBSD.org>
Ssh is a secure rlogin/rsh/rcp replacement with strong authentication (.rhosts together with RSA based host authentication, and pure RSA authentication) and improved privacy (all communications are automatically and transparently encrypted).
1995-10-07 02:19:27 +01:00
#
$Id$ -> $FreeBSD$
1999-08-31 03:53:22 +02:00
# $FreeBSD$
Ssh is a secure rlogin/rsh/rcp replacement with strong authentication (.rhosts together with RSA based host authentication, and pure RSA authentication) and improved privacy (all communications are automatically and transparently encrypted).
1995-10-07 02:19:27 +01:00
#
Update with the new PORTNAME/PORTVERSION variables
2000-04-09 20:34:06 +02:00
PORTNAME= ssh2
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
PORTVERSION= 3.2.5
Install default config files as *.sample instead of overwriting existing ones. Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer
2002-05-17 11:20:47 +02:00
CATEGORIES= security ipv6
Upgrade to ssh-2.3.0. PR: ports/20869 Submitted by: Issei Suzuki <issei@issei.org> (Maintainer)
2000-09-02 05:56:57 +02:00
MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/ \
Secure shell client and server (remote login program). PR: ports/8204 Submitted by: Issei Suzuki <issei@jp.FreeBSD.ORG>
1998-11-23 06:15:17 +01:00
ftp://sunsite.unc.edu/pub/packages/security/ssh/ \
- Update to 3.1.0. PR: ports/34740 Submitted by: larse@ISI.EDU - Add %%PORTDOCS%% to pkg-plist. - Assign MAINTAINER to the submitter. Requested by: issei (previous MAINTAINER)
2002-02-22 03:52:25 +01:00
ftp://ftp.keystealth.org/pub/ssh/ \
ftp://metalab.unc.edu/pub/packages/security/ssh/ \
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
ftp://ftp.nsysu.edu.tw/Unix/Security/ssh/ \
ftp://ftp.cronyx.ru/mirror/ssh/ \
ftp://ftp.univie.ac.at/applications/ssh.com/
Upgrade to ssh-2.3.0. PR: ports/20869 Submitted by: Issei Suzuki <issei@issei.org> (Maintainer)
2000-09-02 05:56:57 +02:00
DISTNAME= ssh-${PORTVERSION}
Patches are now available from www.ssh.org/patches Submitted by: Issei Suzuki <issei@jp.freebsd.org>
1999-11-25 22:26:03 +01:00
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
MAINTAINER= marius@alchemy.franken.de
De-pkg-comment.
2003-02-21 14:28:59 +01:00
COMMENT= Secure shell client and server (remote login program)
Ssh is a secure rlogin/rsh/rcp replacement with strong authentication (.rhosts together with RSA based host authentication, and pure RSA authentication) and improved privacy (all communications are automatically and transparently encrypted).
1995-10-07 02:19:27 +01:00
GNU_CONFIGURE= YES
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
USE_REINPLACE= YES
Ssh is a secure rlogin/rsh/rcp replacement with strong authentication (.rhosts together with RSA based host authentication, and pure RSA authentication) and improved privacy (all communications are automatically and transparently encrypted).
1995-10-07 02:19:27 +01:00
Install default config files as *.sample instead of overwriting existing ones. Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer
2002-05-17 11:20:47 +02:00
CONFIGURE_ARGS= --with-etcdir=${SSH2_ETC} --disable-debug
Re-order definition of a couple of variables so the ssh1 dependency is picked up correctly. PR: 10577 Submitted by: maintainer
1999-03-15 02:18:49 +01:00
Install default config files as *.sample instead of overwriting existing ones. Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer
2002-05-17 11:20:47 +02:00
SSH2_ETC= ${PREFIX}/etc/ssh2
SSH2_RCD= ${PREFIX}/etc/rc.d
CONFIG_FILES= ssh2_config sshd2_config
Support OpenSSH in the base system as the ssh1 component.
2000-03-11 13:58:43 +01:00
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
.include <bsd.port.pre.mk>
# Define if all your users are in their own group and their homedir
Install default config files as *.sample instead of overwriting existing ones. Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer
2002-05-17 11:20:47 +02:00
# is writeable by that group. Beware the security implications!
#
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
.if defined(WITH_GROUP_WRITEABILITY)
CONFIGURE_ARGS+= --enable-group-writeability
.endif
Support OpenSSH in the base system as the ssh1 component.
2000-03-11 13:58:43 +01:00
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
# Kerberos5 support in ssh2 is EXPERIMENTAL and requires MIT Kerberos,
# Heimdal is unsupported.
Install default config files as *.sample instead of overwriting existing ones. Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer
2002-05-17 11:20:47 +02:00
#
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
.if defined(WITH_KERBEROS) && defined(KRB5_HOME) && \
exists(${KRB5_HOME}/lib/libkrb5.a)
CONFIGURE_ARGS+= --with-kerberos5=${KRB5_HOME} --disable-suid-ssh-signer
.endif
Install default config files as *.sample instead of overwriting existing ones. Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer
2002-05-17 11:20:47 +02:00
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP)
- Update to 3.1.0. PR: ports/34740 Submitted by: larse@ISI.EDU - Add %%PORTDOCS%% to pkg-plist. - Assign MAINTAINER to the submitter. Requested by: issei (previous MAINTAINER)
2002-02-22 03:52:25 +01:00
CONFIGURE_ARGS+= --with-libwrap
configure with "--without-x" if X11BASE/bin/xauth is missing. Requested by: Studded@gorean.org
1998-10-30 07:15:18 +01:00
.endif
ssh_askpass2 is built only when X11 is installed. Support {WITH,WITHOUT}_X11 and detect ${X11BASE}/lib/libX11.a. Reported by: bento Obtained from: security/ssh (partly)
2002-04-02 06:49:20 +02:00
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
# This is necessary for a working ssh-chrootmgr. Added by mic@nethack.at.
1.) If WITH_STATIC_SFTP is defined, ssh-chrootmgr works. 2.) If libX11.a exists and xauth not, the build of ssh2 fails. This patch fix this. 3.) ssh2/files/sshd.sh looks for the wrong pid file in /var/run. This patch fix this and adds 2> /dev/null to the sshd2 startup PR: 46012 Submitted by: maintainer
2003-01-02 20:35:26 +01:00
#
.if defined(WITH_STATIC_SFTP)
CONFIGURE_ARGS+= --enable-static
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
PLIST_SUB= STATIC=""
.else
PLIST_SUB= STATIC="@comment "
1.) If WITH_STATIC_SFTP is defined, ssh-chrootmgr works. 2.) If libX11.a exists and xauth not, the build of ssh2 fails. This patch fix this. 3.) ssh2/files/sshd.sh looks for the wrong pid file in /var/run. This patch fix this and adds 2> /dev/null to the sshd2 startup PR: 46012 Submitted by: maintainer
2003-01-02 20:35:26 +01:00
.endif
ssh_askpass2 is built only when X11 is installed. Support {WITH,WITHOUT}_X11 and detect ${X11BASE}/lib/libX11.a. Reported by: bento Obtained from: security/ssh (partly)
2002-04-02 06:49:20 +02:00
.if defined(WITH_X11) || (exists(${X11BASE}/lib/libX11.a) \
1.) If WITH_STATIC_SFTP is defined, ssh-chrootmgr works. 2.) If libX11.a exists and xauth not, the build of ssh2 fails. This patch fix this. 3.) ssh2/files/sshd.sh looks for the wrong pid file in /var/run. This patch fix this and adds 2> /dev/null to the sshd2 startup PR: 46012 Submitted by: maintainer
2003-01-02 20:35:26 +01:00
&& exists(${X11BASE}/bin/xauth) && !defined(WITHOUT_X11))
ssh_askpass2 is built only when X11 is installed. Support {WITH,WITHOUT}_X11 and detect ${X11BASE}/lib/libX11.a. Reported by: bento Obtained from: security/ssh (partly)
2002-04-02 06:49:20 +02:00
USE_XLIB= yes
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
PLIST_SUB+= WITH_X11:=""
ssh_askpass2 is built only when X11 is installed. Support {WITH,WITHOUT}_X11 and detect ${X11BASE}/lib/libX11.a. Reported by: bento Obtained from: security/ssh (partly)
2002-04-02 06:49:20 +02:00
.else
Install default config files as *.sample instead of overwriting existing ones. Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer
2002-05-17 11:20:47 +02:00
CONFIGURE_ARGS+= --without-x
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
PLIST_SUB+= WITH_X11:="@comment "
ssh_askpass2 is built only when X11 is installed. Support {WITH,WITHOUT}_X11 and detect ${X11BASE}/lib/libX11.a. Reported by: bento Obtained from: security/ssh (partly)
2002-04-02 06:49:20 +02:00
.endif
configure with "--without-x" if X11BASE/bin/xauth is missing. Requested by: Studded@gorean.org
1998-10-30 07:15:18 +01:00
- Update to 3.1.0. PR: ports/34740 Submitted by: larse@ISI.EDU - Add %%PORTDOCS%% to pkg-plist. - Assign MAINTAINER to the submitter. Requested by: issei (previous MAINTAINER)
2002-02-22 03:52:25 +01:00
MAN1= ssh2.1 ssh-keygen2.1 ssh-add2.1 ssh-agent2.1 scp2.1 sftp2.1 \
Update port: security/ssh2 3.2.2 -> 3.2.3 PR: ports/48542 Submitted by: Lars Eggert <larse@isi.edu>
2003-02-23 23:39:05 +01:00
sshregex.1 ssh-probe2.1 ssh-dummy-shell.1
MAN5= ssh2_config.5 sshd-check-conf.5 sshd2_config.5 \
sshd2_subconfig.5
- Update to 3.1.0. PR: ports/34740 Submitted by: larse@ISI.EDU - Add %%PORTDOCS%% to pkg-plist. - Assign MAINTAINER to the submitter. Requested by: issei (previous MAINTAINER)
2002-02-22 03:52:25 +01:00
MAN8= sshd2.8
MLINKS= ssh2.1 ssh.1 ssh-add2.1 ssh-add.1 ssh-agent2.1 ssh-agent.1 \
ssh-keygen2.1 ssh-keygen.1 scp2.1 scp.1 sftp2.1 sftp.1 \
ssh-probe2.1 ssh-probe.1 sshd2.8 sshd.8
MANCOMPRESSED= no
chmod -> ${CHMOD} chown -> ${CHOWN}
1999-08-22 21:01:07 +02:00
Update to 3.2.0 PR: 39491 Submitted by: maintainer
2002-06-19 01:45:19 +02:00
PORTDOCS= CHANGES FAQ INSTALL LICENSE MANIFEST NEWS README \
- Update to 3.1.0. PR: ports/34740 Submitted by: larse@ISI.EDU - Add %%PORTDOCS%% to pkg-plist. - Assign MAINTAINER to the submitter. Requested by: issei (previous MAINTAINER)
2002-02-22 03:52:25 +01:00
REGEX-SYNTAX SSH2.QUICKSTART
Support OpenSSH in the base system as the ssh1 component.
2000-03-11 13:58:43 +01:00
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
post-patch:
.for i in ${MAN1} ${MAN5} ${MAN8}
@${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g;' \
${WRKSRC}/apps/ssh/${i}
.endfor
@${REINPLACE_CMD} -E -e 's|\$$\(ETCDIR\)|${PREFIX}\/etc|g;' \
${WRKSRC}/apps/ssh/ssh_dummy_shell.out
Update port: security/ssh2 3.2.2 -> 3.2.3 PR: ports/48542 Submitted by: Lars Eggert <larse@isi.edu>
2003-02-23 23:39:05 +01:00
post-install:
Secure shell client and server (remote login program). PR: ports/8204 Submitted by: Issei Suzuki <issei@jp.FreeBSD.ORG>
1998-11-23 06:15:17 +01:00
.if !defined(NOPORTDOCS)
- Update to 3.1.0. PR: ports/34740 Submitted by: larse@ISI.EDU - Add %%PORTDOCS%% to pkg-plist. - Assign MAINTAINER to the submitter. Requested by: issei (previous MAINTAINER)
2002-02-22 03:52:25 +01:00
${MKDIR} ${DOCSDIR}
Secure shell client and server (remote login program). PR: ports/8204 Submitted by: Issei Suzuki <issei@jp.FreeBSD.ORG>
1998-11-23 06:15:17 +01:00
.for i in ${PORTDOCS}
- Update to 3.1.0. PR: ports/34740 Submitted by: larse@ISI.EDU - Add %%PORTDOCS%% to pkg-plist. - Assign MAINTAINER to the submitter. Requested by: issei (previous MAINTAINER)
2002-02-22 03:52:25 +01:00
${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR}
Secure shell client and server (remote login program). PR: ports/8204 Submitted by: Issei Suzuki <issei@jp.FreeBSD.ORG>
1998-11-23 06:15:17 +01:00
.endfor
Several fixes/improvements :- - protect the secret RSA etc/ssh_host_key. It is now generated on install (either by pkg_add or make install) if not already present and is not ever added to a package since it's your host's credentials. It should not be removed on pkg_delete, since you are in big trouble if you did this (for example) pkg_delete ssh-1.2.14; pkg_add ssh-1.2.15.tgz. - fix the broken manpage symlink when compressing man pages (slogin.1 has been causing /etc/weekly to generate cron messages) - zlib 1.0.4 is now "blessed" again, the ssh working sources now use this instead of v0.95. The decompression problem was fixed in either 1.0.3 or 1.0.4. Also, the current version of cvs uses zlib 1.0.4 as well.. - perl5.002 -> perl5.003 Reviewed by: torstenb
1996-08-08 15:57:02 +02:00
.endif
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
if [ "`${GREP} ssh /etc/inetd.conf | ${GREP} -v ^#ssh`" = "" ]; then \
Install default config files as *.sample instead of overwriting existing ones. Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer
2002-05-17 11:20:47 +02:00
if [ ! -f ${SSH2_RCD}/sshd.sh ]; then \
${ECHO} "Installing ${SSH2_RCD}/sshd.sh startup file."; \
Add better sshd startup scripts; specifically, allow restarting and stopping the server. Martti's submission did not include -h, which I added because if I had added the scripts the way he submitted them, the server wouldn't be started on startup. PR: 10196 Submitted by: Martti Kuparinen <martti.kuparinen@ericsson.com> Reviewed by: kris (partially) No response: maintainers (PR opened February 22, 1999)
2000-04-06 00:21:44 +02:00
${SED} -e 's+!!PREFIX!!+${PREFIX}+' < ${FILESDIR}/sshd.sh \
Install default config files as *.sample instead of overwriting existing ones. Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer
2002-05-17 11:20:47 +02:00
> ${SSH2_RCD}/sshd.sh; \
${CHMOD} 751 ${SSH2_RCD}/sshd.sh; \
Don't install etc/rc.d/sshd.sh if sshd is being started from inetd.conf. PR: 15691 Submitted by: Roger Marquis <marquis@roble.com> Reviewed by: maintainer
2000-10-30 13:57:16 +01:00
fi; \
Install an sshd.sh startup file.
1996-06-15 19:50:18 +02:00
fi
Ssh is a secure rlogin/rsh/rcp replacement with strong authentication (.rhosts together with RSA based host authentication, and pure RSA authentication) and improved privacy (all communications are automatically and transparently encrypted).
1995-10-07 02:19:27 +01:00
Support OpenSSH in the base system as the ssh1 component.
2000-03-11 13:58:43 +01:00
.include <bsd.port.post.mk>
Reference in a new issue Copy permalink