kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/security/ssh2/Makefile

173 lines
5.8 KiB
Makefile
Raw Normal View History

Secure shell client and server (remote login program). PR: ports/8204 Submitted by: Issei Suzuki <issei@jp.FreeBSD.ORG>
1998-11-23 06:15:17 +01:00
# New ports collection makefile for: ssh2
# Date created: 5 Oct 1998
FreeBSD.ORG -> FreeBSD.org Prompted by PR: 13476, 13477 Submitted by: KATO Tsuguru
1999-08-31 08:53:31 +02:00
# Whom: Issei Suzuki <issei@jp.FreeBSD.org>
Ssh is a secure rlogin/rsh/rcp replacement with strong authentication (.rhosts together with RSA based host authentication, and pure RSA authentication) and improved privacy (all communications are automatically and transparently encrypted).
1995-10-07 02:19:27 +01:00
#
$Id$ -> $FreeBSD$
1999-08-31 03:53:22 +02:00
# $FreeBSD$
Ssh is a secure rlogin/rsh/rcp replacement with strong authentication (.rhosts together with RSA based host authentication, and pure RSA authentication) and improved privacy (all communications are automatically and transparently encrypted).
1995-10-07 02:19:27 +01:00
#
Update with the new PORTNAME/PORTVERSION variables
2000-04-09 20:34:06 +02:00
PORTNAME= ssh2
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
PORTVERSION= 3.2.9.1
- Welcome X.org 7.2 \o/. - Set X11BASE to ${LOCALBASE} for recent ${OSVERSION}. - Bump PORTREVISION for ports intalling files in ${X11BASE}.
2007-05-19 22:36:56 +02:00
PORTREVISION= 7
Install default config files as *.sample instead of overwriting existing ones. Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer
2002-05-17 11:20:47 +02:00
CATEGORIES= security ipv6
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
# The list of official mirror sites is at:
# http://www.ssh.com/support/downloads/secureshellserver/non-commercial.html
Upgrade to ssh-2.3.0. PR: ports/20869 Submitted by: Issei Suzuki <issei@issei.org> (Maintainer)
2000-09-02 05:56:57 +02:00
MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/ \
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
ftp://ftp.wiretapped.net/pub/security/cryptography/apps/ssh/SSH/ \
http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/SSH/ \
ftp://gd.tuwien.ac.at/utils/shells/ssh/ \
ftp://ftp.ut.ee/pub/unix/security/ssh/ \
ftp://ftp.funet.fi/pub/mirrors/ftp.ssh.com/pub/ssh/ \
ftp://ftp.crihan.fr/mirrors/ftp.ssh.com/ \
http://ftp.crihan.fr/mirrors/ftp.ssh.com/ \
ftp://ftp.cert.dfn.de/pub/tools/net/ssh/ \
ftp://ftp.ntua.gr/pub/security/ssh/ \
ftp://ftp.unina.it/pub/Unix/ssh/ \
ftp://core.ring.gr.jp/pub/net/ssh/ \
http://core.ring.gr.jp/archives/net/ssh/ \
ftp://ftp.ring.gr.jp/pub/net/ssh/ \
http://www.ring.gr.jp/archives/net/ssh/ \
ftp://ftp.wsisiz.edu.pl/pub/Unix/ssh/ \
ftp://ftp.ulak.net.tr/ssh/ \
- Update to 3.1.0. PR: ports/34740 Submitted by: larse@ISI.EDU - Add %%PORTDOCS%% to pkg-plist. - Assign MAINTAINER to the submitter. Requested by: issei (previous MAINTAINER)
2002-02-22 03:52:25 +01:00
ftp://metalab.unc.edu/pub/packages/security/ssh/ \
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
ftp://ftp.keystealth.org/pub/ssh/ \
ftp://ftp.epix.net/pub/ssh/ \
ftp://mirror.pa.msu.edu/ssh/
Upgrade to ssh-2.3.0. PR: ports/20869 Submitted by: Issei Suzuki <issei@issei.org> (Maintainer)
2000-09-02 05:56:57 +02:00
DISTNAME= ssh-${PORTVERSION}
Patches are now available from www.ssh.org/patches Submitted by: Issei Suzuki <issei@jp.freebsd.org>
1999-11-25 22:26:03 +01:00
Use the @FreeBSD.org address of the maintainer. Approved by: marius
2004-04-20 15:49:29 +02:00
MAINTAINER= marius@FreeBSD.org
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
COMMENT= Secure shell client and server for V.2 SSH protocol
Ssh is a secure rlogin/rsh/rcp replacement with strong authentication (.rhosts together with RSA based host authentication, and pure RSA authentication) and improved privacy (all communications are automatically and transparently encrypted).
1995-10-07 02:19:27 +01:00
- Display the available build knobs via a pre-everything target. - Remove the autodetection for X11 support and the WITH_X11 knob, instead always build with X11 support and add a WITHOUT_X11 knob. Together with an additional ssh2-nox11 slave port this allows easier handling of these two variants and to have pre-compiled packages for both (ssh2 with X11 support depends on X11 libraries). Submitted by: maintainer (marius)
2004-04-20 14:53:42 +02:00
.if !defined(WITHOUT_X11)
CONFLICTS= openssh-* ssh-* ssh2-nox11-*
.else
PKGNAMESUFFIX= -nox11
CONFLICTS= openssh-* ssh-* ssh2-[0-9]*
.endif
Ssh is a secure rlogin/rsh/rcp replacement with strong authentication (.rhosts together with RSA based host authentication, and pure RSA authentication) and improved privacy (all communications are automatically and transparently encrypted).
1995-10-07 02:19:27 +01:00
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
GNU_CONFIGURE= yes
MANCOMPRESSED= no
- Switch to a rc.d startup script. - Move the generation of the host key (if not present) from the package/ port installation to the startup script in order to be in line with what the base OpenSSH and the OpenSSH-portable port do. - Flush stdout when updating the transfer progress bar of sftp2 and scp2 so the info displayed is up to date. [1] - Remove obsolete USE_REINPLACE, remove trailing white space in Makefile. PR: 91262 [1] Approved by: netchild
2006-02-19 23:56:35 +01:00
USE_RC_SUBR= sshd2.sh
Re-order definition of a couple of variables so the ssh1 dependency is picked up correctly. PR: 10577 Submitted by: maintainer
1999-03-15 02:18:49 +01:00
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
MAN1= ssh2.1 ssh-keygen2.1 ssh-add2.1 ssh-agent2.1 scp2.1 sftp2.1 \
sshregex.1 ssh-probe2.1 ssh-dummy-shell.1
MAN5= ssh2_config.5 sshd-check-conf.5 sshd2_config.5 \
sshd2_subconfig.5
MAN8= sshd2.8
MLINKS= ssh2.1 ssh.1 ssh-add2.1 ssh-add.1 ssh-agent2.1 ssh-agent.1 \
ssh-keygen2.1 ssh-keygen.1 scp2.1 scp.1 sftp2.1 sftp.1 \
ssh-probe2.1 ssh-probe.1 sshd2.8 sshd.8
DOCS= CHANGES FAQ HOWTO.anonymous.sftp LICENSE NEWS README \
REGEX-SYNTAX SSH2.QUICKSTART \
RFC.authorization_program_protocol RFC.kbdint_plugin_protocol
EXAMPLES= ext_authorization_example.sh kbdint_plugin_example.sh
Support OpenSSH in the base system as the ssh1 component.
2000-03-11 13:58:43 +01:00
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
.include <bsd.port.pre.mk>
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
CONFIGURE_ARGS+= --disable-debug --with-foreign-etcdir=${PREFIX}/etc \
--with-libwrap
PKGMESSAGE= ${WRKDIR}/pkg-message
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
# Define if all your users are in their own group and their homedir
Install default config files as *.sample instead of overwriting existing ones. Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer
2002-05-17 11:20:47 +02:00
# is writeable by that group. Beware the security implications!
#
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
.if defined(WITH_GROUP_WRITEABILITY)
CONFIGURE_ARGS+= --enable-group-writeability
.endif
Support OpenSSH in the base system as the ssh1 component.
2000-03-11 13:58:43 +01:00
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
# Kerberos5 support in ssh2 is EXPERIMENTAL and requires MIT Kerberos,
# Heimdal is unsupported.
Install default config files as *.sample instead of overwriting existing ones. Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer
2002-05-17 11:20:47 +02:00
#
---snip--- Improve Kerberos support in ssh2: - Change the WITH_KERBEROS knob into a WITHOUT_KERBEROS knob so kerberized ssh2 automatically is built when MIT Kerberos is installed, unless the WITHOUT_KERBEROS knob is defined. - Check for a library unique to MIT Kerberos to make sure it's not Heimdal that KRB5_HOME accidentally points to. - Add dependency on security/krb5 when built with Kerberos support. - When compiled with Kerberos support also turn it on by default in client and server config files and set "PermitRootLogin" to "nopwd" to only allow those with root tickets declared in ~root/.k5login" to login as root. [1] Ssh2 now should work out of the box in an environment using MIT Kerberos. Submitted by: Peter Losher <Peter_Losher@isc.org> [1] (kerberos-patch-*) Tested by: Peter Losher <Peter_Losher@isc.org> ---snip--- Submitted by: maintainer Strange commit log formatting to prevent ambiguous "Submitted by" lines by: committer
2004-01-25 10:58:39 +01:00
.if !defined(WITHOUT_KERBEROS) && defined(KRB5_HOME) && \
exists(${KRB5_HOME}/lib/libk5crypto.a)
LIB_DEPENDS+= krb5.3:${PORTSDIR}/security/krb5
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
CONFIGURE_ARGS+= --with-kerberos5=${KRB5_HOME} --disable-suid-ssh-signer
---snip--- Improve Kerberos support in ssh2: - Change the WITH_KERBEROS knob into a WITHOUT_KERBEROS knob so kerberized ssh2 automatically is built when MIT Kerberos is installed, unless the WITHOUT_KERBEROS knob is defined. - Check for a library unique to MIT Kerberos to make sure it's not Heimdal that KRB5_HOME accidentally points to. - Add dependency on security/krb5 when built with Kerberos support. - When compiled with Kerberos support also turn it on by default in client and server config files and set "PermitRootLogin" to "nopwd" to only allow those with root tickets declared in ~root/.k5login" to login as root. [1] Ssh2 now should work out of the box in an environment using MIT Kerberos. Submitted by: Peter Losher <Peter_Losher@isc.org> [1] (kerberos-patch-*) Tested by: Peter Losher <Peter_Losher@isc.org> ---snip--- Submitted by: maintainer Strange commit log formatting to prevent ambiguous "Submitted by" lines by: committer
2004-01-25 10:58:39 +01:00
EXTRA_PATCHES+= ${FILESDIR}/kerberos-patch-apps::ssh::ssh2_config \
${FILESDIR}/kerberos-patch-apps::ssh::sshd2_config
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
.endif
Install default config files as *.sample instead of overwriting existing ones. Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer
2002-05-17 11:20:47 +02:00
- Display the available build knobs via a pre-everything target. - Remove the autodetection for X11 support and the WITH_X11 knob, instead always build with X11 support and add a WITHOUT_X11 knob. Together with an additional ssh2-nox11 slave port this allows easier handling of these two variants and to have pre-compiled packages for both (ssh2 with X11 support depends on X11 libraries). Submitted by: maintainer (marius)
2004-04-20 14:53:42 +02:00
.if !defined(WITHOUT_X11)
- Add the X_WINDOW_SYSTEM={xorg,xfree86-4,xfree86-3} variable to bsd.port.mk, and make XFREE86_VERSION map to it. XFREE86_VERSION is now deprecated. - Make xorg the default X_WINDOW_SYSTEM on -current. - Add several new X_*_PORT variables which point to various pieces of X11 based on the setting of X_WINDOW_SYSTEM, and make ports use them. - Add information to CHANGES about how to handle the transition. PR: ports/68763 Approved by: portmgr (marcus) Approved by: re (scottl)
2004-07-23 21:10:32 +02:00
BUILD_DEPENDS+= ${X11BASE}/bin/xauth:${X_CLIENTS_PORT}
- Switch to a rc.d startup script. - Move the generation of the host key (if not present) from the package/ port installation to the startup script in order to be in line with what the base OpenSSH and the OpenSSH-portable port do. - Flush stdout when updating the transfer progress bar of sftp2 and scp2 so the info displayed is up to date. [1] - Remove obsolete USE_REINPLACE, remove trailing white space in Makefile. PR: 91262 [1] Approved by: netchild
2006-02-19 23:56:35 +01:00
RUN_DEPENDS+= ${X11BASE}/bin/xauth:${X_CLIENTS_PORT}
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
USE_XLIB= yes
PLIST_SUB+= WITH_X11:=""
ssh_askpass2 is built only when X11 is installed. Support {WITH,WITHOUT}_X11 and detect ${X11BASE}/lib/libX11.a. Reported by: bento Obtained from: security/ssh (partly)
2002-04-02 06:49:20 +02:00
.else
Install default config files as *.sample instead of overwriting existing ones. Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer
2002-05-17 11:20:47 +02:00
CONFIGURE_ARGS+= --without-x
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
PLIST_SUB+= WITH_X11:="@comment "
ssh_askpass2 is built only when X11 is installed. Support {WITH,WITHOUT}_X11 and detect ${X11BASE}/lib/libX11.a. Reported by: bento Obtained from: security/ssh (partly)
2002-04-02 06:49:20 +02:00
.endif
configure with "--without-x" if X11BASE/bin/xauth is missing. Requested by: Studded@gorean.org
1998-10-30 07:15:18 +01:00
- Display the available build knobs via a pre-everything target. - Remove the autodetection for X11 support and the WITH_X11 knob, instead always build with X11 support and add a WITHOUT_X11 knob. Together with an additional ssh2-nox11 slave port this allows easier handling of these two variants and to have pre-compiled packages for both (ssh2 with X11 support depends on X11 libraries). Submitted by: maintainer (marius)
2004-04-20 14:53:42 +02:00
pre-everything::
.if !defined(WITH_GROUP_WRITEABILITY) || (!defined(WITHOUT_KERBEROS) && \
defined(KRB5_HOME) && exists(${KRB5_HOME}/lib/libk5crypto.a)) || \
!defined(WITHOUT_X11)
@${ECHO_MSG} ""
@${ECHO_MSG} "You may use the following build option(s):"
@${ECHO_MSG} ""
.if !defined(WITH_GROUP_WRITEABILITY)
@${ECHO_MSG} "WITH_GROUP_WRITEABILITY=yes builds with widened permissions check of home"
@${ECHO_MSG} " directories in hostbased- and publickey-"
@${ECHO_MSG} " authentication. May be usefull if all users"
@${ECHO_MSG} " are in their own group."
@${ECHO_MSG} " Beware the security implications!"
.endif
.if !defined(WITHOUT_KERBEROS) && defined(KRB5_HOME) && \
exists(${KRB5_HOME}/lib/libk5crypto.a)
@${ECHO_MSG} "WITHOUT_KERBEROS=yes builds without MIT Kerberos support even when"
@${ECHO_MSG} " security/krb5 is installed."
.endif
.if !defined(WITHOUT_X11)
- Cast the arguments of ssh_conn_send_channel_data_type() and ssh_encode_{array_alloc,buffer}() calls as appropriate in order to fix argument size problems on 64-bit platforms and that manifest themselves on amd64 and ia64. [1] - Allow the tcsetattr(3) calls in ssh_rl_{restore,set}_tty_modes_for_fd() to be interrupted by signal. This fixes occasional problems when connecting to a host for the first time. - Use the base zlib instead of the one shipping with SSH; although the latter has an enhancement allowing a minor SSH-specific optimization, using the base one has the benefit of not needing to track security vulnerabilities of zlib in this port (SSH 3.2.9.1 ships with zlib 1.1.4 which is not know to be vulnerable though). - Try to make the description of the WITHOUT_X11 option of the port Makefile to be more sentence-like. PR: 98016 [1] Approved by: netchild Obtained from: NetBSD [1]
2006-08-28 02:03:21 +02:00
@${ECHO_MSG} "WITHOUT_X11=yes builds without X11 support. Setting this is"
@${ECHO_MSG} " the same as compiling security/ssh2-nox11."
- Display the available build knobs via a pre-everything target. - Remove the autodetection for X11 support and the WITH_X11 knob, instead always build with X11 support and add a WITHOUT_X11 knob. Together with an additional ssh2-nox11 slave port this allows easier handling of these two variants and to have pre-compiled packages for both (ssh2 with X11 support depends on X11 libraries). Submitted by: maintainer (marius)
2004-04-20 14:53:42 +02:00
.endif
@${ECHO_MSG} ""
.endif
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
post-patch:
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
.for i in ${MAN1} ${MAN5} ${MAN8} ssh2_config sshd2_config
@${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g; \
s|\/usr\/local|${LOCALBASE}|g' \
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
${WRKSRC}/apps/ssh/${i}
.endfor
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
.for i in anonymous.example host_ext.example host_int.example
@${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g' \
${WRKSRC}/apps/ssh/subconfig/${i}
.endfor
- Cast the arguments of ssh_conn_send_channel_data_type() and ssh_encode_{array_alloc,buffer}() calls as appropriate in order to fix argument size problems on 64-bit platforms and that manifest themselves on amd64 and ia64. [1] - Allow the tcsetattr(3) calls in ssh_rl_{restore,set}_tty_modes_for_fd() to be interrupted by signal. This fixes occasional problems when connecting to a host for the first time. - Use the base zlib instead of the one shipping with SSH; although the latter has an enhancement allowing a minor SSH-specific optimization, using the base one has the benefit of not needing to track security vulnerabilities of zlib in this port (SSH 3.2.9.1 ships with zlib 1.1.4 which is not know to be vulnerable though). - Try to make the description of the WITHOUT_X11 option of the port Makefile to be more sentence-like. PR: 98016 [1] Approved by: netchild Obtained from: NetBSD [1]
2006-08-28 02:03:21 +02:00
@${FIND} ${WRKSRC} -name Makefile.in -print0 -type f | \
${XARGS} -0 ${REINPLACE_CMD} -E -e \
's|-I\$$\(top_srcdir\)\/lib\/zlib||g; \
s|\$$\(top_builddir\)\/lib\/zlib\/libz.a||g'
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
@${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g' \
${WRKSRC}/HOWTO.anonymous.sftp
- Register dependency on x11/XFree86-4-clients for xauth(1). - Make configure explicitly look in X11BASE/bin for xauth(1) in order to also catch non-standard locations. Submitted by: maintainer (marius) Approved by: portmgr (marcus)
2004-04-22 22:56:26 +02:00
@${REINPLACE_CMD} -e \
's|$$PATH:\/usr\/X11R6\/bin:\/usr\/X11\/bin|${X11BASE}\/bin|' \
${WRKSRC}/configure
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
@${REINPLACE_CMD} -E -e 's|\$$\(ETCDIR\)|${PREFIX}\/etc|g' \
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
${WRKSRC}/apps/ssh/ssh_dummy_shell.out
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
@${REINPLACE_CMD} -E -e 's|(^TESTS.+)(t-filecopy)|\1|g' \
${WRKSRC}/apps/ssh/tests/Makefile.in
@${SED} 's|%%PREFIX%%|${PREFIX}|g' \
${PKGDIR}/pkg-message > ${WRKDIR}/pkg-message
Update to 3.2.5: * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer
2003-07-07 16:19:07 +02:00
- Switch to a rc.d startup script. - Move the generation of the host key (if not present) from the package/ port installation to the startup script in order to be in line with what the base OpenSSH and the OpenSSH-portable port do. - Flush stdout when updating the transfer progress bar of sftp2 and scp2 so the info displayed is up to date. [1] - Remove obsolete USE_REINPLACE, remove trailing white space in Makefile. PR: 91262 [1] Approved by: netchild
2006-02-19 23:56:35 +01:00
pre-install:
# Make sure there's no startup script left over from a previous installation.
@${RM} -f ${PREFIX}/etc/rc.d/sshd2.sh
Update port: security/ssh2 3.2.2 -> 3.2.3 PR: ports/48542 Submitted by: Lars Eggert <larse@isi.edu>
2003-02-23 23:39:05 +01:00
post-install:
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
@${MKDIR} ${EXAMPLESDIR}
.for i in ${EXAMPLES}
@${INSTALL_DATA} ${WRKSRC}/$i ${EXAMPLESDIR}
.endfor
Secure shell client and server (remote login program). PR: ports/8204 Submitted by: Issei Suzuki <issei@jp.FreeBSD.ORG>
1998-11-23 06:15:17 +01:00
.if !defined(NOPORTDOCS)
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
@${MKDIR} ${DOCSDIR}
.for i in ${DOCS}
@${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR}
Secure shell client and server (remote login program). PR: ports/8204 Submitted by: Issei Suzuki <issei@jp.FreeBSD.ORG>
1998-11-23 06:15:17 +01:00
.endfor
Several fixes/improvements :- - protect the secret RSA etc/ssh_host_key. It is now generated on install (either by pkg_add or make install) if not already present and is not ever added to a package since it's your host's credentials. It should not be removed on pkg_delete, since you are in big trouble if you did this (for example) pkg_delete ssh-1.2.14; pkg_add ssh-1.2.15.tgz. - fix the broken manpage symlink when compressing man pages (slogin.1 has been causing /etc/weekly to generate cron messages) - zlib 1.0.4 is now "blessed" again, the ssh working sources now use this instead of v0.95. The decompression problem was fixed in either 1.0.3 or 1.0.4. Also, the current version of cvs uses zlib 1.0.4 as well.. - perl5.002 -> perl5.003 Reviewed by: torstenb
1996-08-08 15:57:02 +02:00
.endif
HEADS-UP: Traditionally this port automatically installs a start-up script for sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer
2004-01-04 15:03:52 +01:00
@${CAT} ${WRKDIR}/pkg-message
test: build
@-cd ${WRKSRC}/lib/sshcrypto/tests && ${MAKE} check-TESTS
@-cd ${WRKSRC}/apps/ssh/lib/sshproto/tests && ${MAKE} check-TESTS
@-cd ${WRKSRC}/apps/ssh/tests && ${MAKE} check-TESTS
Ssh is a secure rlogin/rsh/rcp replacement with strong authentication (.rhosts together with RSA based host authentication, and pure RSA authentication) and improved privacy (all communications are automatically and transparently encrypted).
1995-10-07 02:19:27 +01:00
Support OpenSSH in the base system as the ssh1 component.
2000-03-11 13:58:43 +01:00
.include <bsd.port.post.mk>
Reference in a new issue Copy permalink