- Features:
Possible use of sftp/sftp-server with older FreeBSD releases.
Use a newer version independently from the Base system.
Easier to test and fix possible security bugs.
- Bugs:
build of pam_ssm.so isn't be supported any more
Any file named "cookie" can be deleted by this and any older "sshd"
with X11 Forwarding.
Put sshd.sh installation in the pre-install, ssh_host_key generation
back in the PLIST, and check for ssh_config, too. This port now
works much better as a package. The configuration files and sshd.sh
are also part of the package, and as such removed on deinstall.
The proper upgrade procedure from one OpenSSH version to a newer one is:
chflags schg /usr/local/etc/ssh* # preserve them from deletion
cd /usr/ports/security/openssh
make all deinstall reinstall clean
Partially submitted by: peter
Move sshd.sh to files and ${INSTALL_SCRIPT}/${PERL} -pi it.
Clean up the Makefile's style a bit (MNF anyone? :)
Add WWW: to pkg/DESCR.
Change MASTER_SITES back to CVS_SITES to avoid problems with
MASTER_SITE_OVERRIDE.
Parts submitted by: Christian Weisgerber <naddy@mips.rhein-neckar.de>, Robert Muir <rmuir@gibralter.net>
CVS_SITE is now MASTER_SITES, and each is tried if the previous fails
Include a :pserver: as one of the CVS repositories, so those inside firewalls
should be able to fetch SSH. If this doesn't work for everyone, I've still
got a trick up my sleeve.
Fix rlimit-related warnings people are seeing by moving the setclasscontext()
to before the switching of uids. Let me know if this does not work, as I
never got the warnings in the first place.
Don't clobber sshd_config, etc. Instead, if they're there, just warn of
their existance.
Take the config files and sshd.sh out of the pkg/PLIST, mainly so you don't
lose your configuration files by doing a "make deinstall reinstall clean"
update.
Parts submitted by: Robert Muir <rmuir@gibralter.net>, Travis Mikalson <bofh@terranova.net>
1. Makefile cleanups, pkg/DESCR original comment (obrien)
2. sshd.sh and automatic host key generation when installed
(Christian Weisgerber <naddy@unix-ag.uni-kl.de>)
3. Completely redone downloading procedure:
* CVS is used to download the source (${CVS_CMD} defaults to
cvs -z3)
* MD5 checksums and a specific ${CVS_DATE} are used to get
a specific source tree and verify it; ${CVS_DATE} and
checksums can easily be rolled forward once tested.
* Source is checked out to distfiles like other ports,
and is only updated when ${CVS_DATE} changes.
Rebuilding the port doesn't require another cvs co.
Enjoy!
Reviewed mostly by: obrien
