Commit graph

159 commits

Author SHA1 Message Date
Eric Anholt
4eb209da7d - Add the X_WINDOW_SYSTEM={xorg,xfree86-4,xfree86-3} variable to bsd.port.mk,
and make XFREE86_VERSION map to it.  XFREE86_VERSION is now deprecated.
- Make xorg the default X_WINDOW_SYSTEM on -current.
- Add several new X_*_PORT variables which point to various pieces of X11 based
  on the setting of X_WINDOW_SYSTEM, and make ports use them.
- Add information to CHANGES about how to handle the transition.

PR:		ports/68763
Approved by:	portmgr (marcus)
Approved by:	re (scottl)
2004-07-23 19:10:32 +00:00
Alexander Leidinger
8c3db55d90 - Register dependency on x11/XFree86-4-clients for xauth(1).
- Make configure explicitly look in X11BASE/bin for xauth(1) in order to
  also catch non-standard locations.

Submitted by:	maintainer (marius)
Approved by:	portmgr (marcus)
2004-04-22 20:56:26 +00:00
Alexander Leidinger
4171a9b485 Use the @FreeBSD.org address of the maintainer.
Approved by:	marius
2004-04-20 13:49:29 +00:00
Alexander Leidinger
3cee626158 - Display the available build knobs via a pre-everything target.
- Remove the autodetection for X11 support and the WITH_X11 knob, instead
  always build with X11 support and add a WITHOUT_X11 knob. Together with
  an additional ssh2-nox11 slave port this allows easier handling of these
  two variants and to have pre-compiled packages for both (ssh2 with X11
  support depends on X11 libraries).

Submitted by:	maintainer (marius)
2004-04-20 12:53:42 +00:00
Alexander Leidinger
e0d1602212 Add SIZE info.
Submitted by:	trevor via maintainer
2004-03-27 13:27:56 +00:00
Alexander Leidinger
4fe66eee0c ---snip---
Improve Kerberos support in ssh2:
- Change the WITH_KERBEROS knob into a WITHOUT_KERBEROS knob so kerberized
  ssh2 automatically is built when MIT Kerberos is installed, unless the
  WITHOUT_KERBEROS knob is defined.
- Check for a library unique to MIT Kerberos to make sure it's not Heimdal
  that KRB5_HOME accidentally points to.
- Add dependency on security/krb5 when built with Kerberos support.
- When compiled with Kerberos support also turn it on by default in client
  and server config files and set "PermitRootLogin" to "nopwd" to only allow
  those with root tickets declared in ~root/.k5login" to login as root. [1]

Ssh2 now should work out of the box in an environment using MIT Kerberos.

Submitted by:	Peter Losher <Peter_Losher@isc.org> [1] (kerberos-patch-*)
Tested by:	Peter Losher <Peter_Losher@isc.org>
---snip---

Submitted by:					maintainer
Strange commit log formatting to prevent
ambiguous "Submitted by" lines by:		committer
2004-01-25 09:58:39 +00:00
Alexander Leidinger
610d298652 HEADS-UP: Traditionally this port automatically installs a start-up script for
sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there
	  are three ways to automatically start sshd2 and /etc/rc.conf is the
	  simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is
	  fixed to not be tailored to the base sshd) this version of the port
	  is the last one to do so. Beginning with next version it will only
	  install a sample start-up script. To prevent foot shooting when
	  updating to the next version this port won't remove an existing
	  start-up scripting on deinstall. Please see also the pkg-message that
	  gets displayed on installation.

- Update to 3.2.9.1. This is _not_ a security update. For the non-commercial
  version the only change worth mentioning since 3.2.5 is the addition of the
  config option "DisableVersionFallback", see sshd2_config(5) for further
  details.
- Use sites from the official list of mirrors for MASTER_SITES.
- Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3.
- Revise list of installed documentation. No longer install MANIFEST (list of
  source files) and INSTALL, install RFCs referenced in sshd2_config(5) and
  HOWTO.anonymous.sftp (patched to better fit FreeBSD).
- Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the
  external (static) one is much simpler to set up and maintain (using the
  external one requires to install a copy of it in the home directory of the
  anonymous sftp user which has to be manually updated when installing a newer
  version of the port).
- Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2.
- Install examples scripts for the ExternalAuthorizationProgram and
  AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for
  further information.
- Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*.
- Add a pkg-message displaying the different methods to automatically start
  sshd2.
- Switch to the start-up script for Solaris which is part of the tarball, it
  handles the name of the pidfile better.
- Fix detection of X11 headers, this enables compilation with support for X11
  SECURITY extension. See TrustX11Applications in ssh2_config(5) for further
  information.
- Add a test target to the Makefile of the port, the tests seem a bit outdated
  and buggy but it's enough to e.g. do a bit of speed comparison when building
  with different compilers.
- Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to
  the library search path when compiling, etc.).

Revive some local modifications lost with the update to 3.1.0:
- Use login_cap(3)/login_class(3) facilities to set environment variables,
  prority and shell, get motd, copyright, hushlogin and nologin, respect
  ignorenologin and requirehome. This changes are roughly based on former
  patch-ah and patch-ai and patches of security/openssh.
- Don't print "No mail.", it's not FreeBSD login style.

Submitted by:	maintainer
2004-01-04 14:03:52 +00:00
Joe Marcus Clarke
7cf7b646b2 Rename PORTDOCS to MYPORTDOCS to avoid a conflict with the recently added
bsd.port.mk macro.

Submitted by:	Oliver Eikemeier <eikemeier@fillmore-labs.com>
2003-11-07 09:28:14 +00:00
Dirk Meyer
23a445abcc - add CONFLICTS
Submitted by:   eikemeier@fillmore-labs.com
Approved by:    kris
2003-10-14 15:47:28 +00:00
Alexander Leidinger
866ffd967e Fix plist.
No PORTREVISION update because of the short timeframe between the commits.

Submitted by:	maintainer
2003-07-07 15:24:36 +00:00
Alexander Leidinger
7b5c95f90d Update to 3.2.5:
* Fixed a critical security bug with RSA signature
          verification. Mitigating factors: DSA is used by default (not
          vulnerable). Also, the attack requires that attacker has the
          public key and the attacker needs to precompute the signature
          data so, that it looks like a valid PKCS#1 signature. This is a
          non-trivial task to perform without the private
          key. Nonetheless, all users should update their servers and
          clients as soon as convenient. Workarounds are to not use RSA
          keys as host keys (though connecting to existing hosts with RSA
          hostkeys poses a serious risk with a vulnerable client), and
          disabling publickey authentication. Update your clients and
          servers.

 Update MASTER_SITES, remove sites that are down or no langer carry ssh2
  and add some new.
- Turn Kerberos and group writeability support into knobs so one hasn't to
  edit the Makefile.
- Remove dependency on security/tcp_wrapper for tcp-wrapper support on
  systems < FreeBSD 4.0, that port is no longer persistent.
- Fix pkg-plist for WITH_STATIC_SFTP case.
- Replace referneces to /etc/ssh2/* in man pages with references to
  PREFIX/etc/ssh2/* in order to better fit for FreeBSD.
- Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc.
- Remove duplicated mechanism for generating the host key if an old one isn't
  found in the post-install target in the Makefile of the port, this is
  already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile.
- Fix differences between the install action done when installing the
  package versus installing the port. I.e. make the package create the host
  key with what ever bits ssh-keygen2 defaults to (currently 2048) instead
  of 1024 bits, copy over the configuration files for ssh2 and sshd2 from
  the examples if not already existent and create the directories for the
  global host keys and known hosts files.
- Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2,
  i.e. configuration files that don't differ from the corresponding examples
  and empty directories. Inform the user to remove what's left over if any.
- Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets
  set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of
  "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH
  and seems more usefull. One might want to patch ssh2 to also use login_cap(3)
  so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf.
- Change MAINTAINER.
- Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist.

Submitted by:	Marius Strobl <marius@alchemy.franken.de>
Approved by:	maintainer
2003-07-07 14:19:07 +00:00
Edwin Groothuis
3cb2e284cd Update port: security/ssh2 3.2.2 -> 3.2.3
PR:		ports/48542
Submitted by:	Lars Eggert <larse@isi.edu>
2003-02-23 22:39:05 +00:00
Akinori MUSHA
4c2e4f1862 De-pkg-comment. 2003-02-21 13:28:59 +00:00
Ying-Chieh Liao
cff16e3928 1.) If WITH_STATIC_SFTP is defined, ssh-chrootmgr works.
2.)	If libX11.a exists and xauth not, the build of ssh2 fails. This
	patch fix this.
3.)	ssh2/files/sshd.sh looks for the wrong pid file in /var/run.
	This patch fix this and adds 2> /dev/null to the sshd2 startup

PR:		46012
Submitted by:	maintainer
2003-01-02 19:35:26 +00:00
Ying-Chieh Liao
1a4cb56596 upgrade to 3.2.2
PR:		45876
Submitted by:	maintainer
2003-01-02 18:30:21 +00:00
Patrick Li
d9273a3189 Update to 3.2.0
PR:		39491
Submitted by:	maintainer
2002-06-18 23:45:19 +00:00
Pete Fritchman
dc86ece5f4 Update to 3.1.2 which fixes a recent security problem described at:
http://www.ssh.com/products/ssh/advisories/authentication.cfm

PR:		38592
Submitted by:	maintainer
2002-05-28 21:28:12 +00:00
SADA Kenji
c0167326bf Oops, ".include <bsd.port.pre.mk>" line must be placed here. 2002-05-17 09:33:13 +00:00
SADA Kenji
61824bf696 Install default config files as *.sample instead of overwriting existing ones.
Note:	The PR includes diffs to cope with WITHOUT_X11 env,
	but this was already committed by knu-san.
	So I just added CONFIGURE_ARGS line, please verify it.
PR:	ports/35385
Submitted by:	maintainer
2002-05-17 09:20:47 +00:00
Akinori MUSHA
5e7984ac3c ssh_askpass2 is built only when X11 is installed. Support
{WITH,WITHOUT}_X11 and detect ${X11BASE}/lib/libX11.a.

Reported by:	bento
Obtained from:	security/ssh (partly)
2002-04-02 04:49:20 +00:00
Akinori MUSHA
2658ba9c3c - Update to 3.1.0.
PR:		ports/34740
  Submitted by:	larse@ISI.EDU

- Add %%PORTDOCS%% to pkg-plist.

- Assign MAINTAINER to the submitter.

  Requested by:	issei (previous MAINTAINER)
2002-02-22 02:52:25 +00:00
Issei Suzuki
69d5c39546 Remove myself from MAINTAINER 2002-02-16 05:32:08 +00:00
David W. Chapman Jr.
898a085e68 Remove extra file from pkg-plist to fix package building 2001-09-14 13:51:27 +00:00
David E. O'Brien
827b7b9d6a Unrestrict to match the ssh port. 2001-02-17 01:40:35 +00:00
Steve Price
1360caf6fe Don't install etc/rc.d/sshd.sh if sshd is being started from inetd.conf.
PR:		15691
Submitted by:	Roger Marquis <marquis@roble.com>
Reviewed by:	maintainer
2000-10-30 12:57:16 +00:00
Kris Kennaway
ba8c80d186 Upgrade to ssh-2.3.0.
PR:	ports/20869
Submitted by:	Issei Suzuki <issei@issei.org> (Maintainer)
2000-09-02 03:56:57 +00:00
Will Andrews
1dbf0287c0 Remove redundant/inappropriate CATEGORIES. People need to start reading
the Porter's Handbook.  :-)
2000-06-02 03:18:54 +00:00
Steve Price
4116b82a40 Update to version 2.1.0pl2.
PR:		18620
Submitted by:	maintainer
2000-05-29 03:16:44 +00:00
Michael Haro
4cf4ab0a2f Correct whitespace introduced during PORTNAME conversion and portlint 2000-04-21 08:19:33 +00:00
Jeremy Lea
b4455771cc Standardize all user defined options to the booleans WITH_FOO and
WITHOUT_FOO.  Begin the process of reserving these prefixes for user defined
options.

No comment by:	ports
2000-04-17 00:19:02 +00:00
Will Andrews
b0aff2c200 Sorry to everyone, the commits previously broke installing for these ports.
Thanks to those who reported this.

PRs:		17927, 17937
Submitted by:	Keith Davey <redlance@primenet.com>
		maintainer (ssh2)
2000-04-14 15:04:29 +00:00
Chris Piazza
3df86a88a9 Update with the new PORTNAME/PORTVERSION variables 2000-04-09 18:34:06 +00:00
Will Andrews
810b23015a Add better sshd startup scripts; specifically, allow restarting and
stopping the server.

Martti's submission did not include -h, which I added because if I had
added the scripts the way he submitted them, the server wouldn't be
started on startup.

PR:		10196
Submitted by:	Martti Kuparinen <martti.kuparinen@ericsson.com>
Reviewed by:	kris (partially)
No response:	maintainers (PR opened February 22, 1999)
2000-04-05 22:21:44 +00:00
David E. O'Brien
57f06be82e Support OpenSSH in the base system as the ssh1 component. 2000-03-11 12:58:43 +00:00
David E. O'Brien
d980a16013 Make pkgname match the directory the port lives in, and to reduce collsion
with the ssh1 port.

Asked for by:	several on the ports list over time
[the maintainer has not responded to multiple emails asking about this change]
2000-01-28 19:39:20 +00:00
Michael Haro
332b0f4a83 remove --prefix=${PREFIX} when GNU_CONFIGURE=yes and other minor cleanups
PR:		14759
Submitted by:	Jeremy Lea <reg@shale.csir.co.za>
1999-12-24 18:39:48 +00:00
Chris Piazza
e8bddd06d0 Forgot a line 1999-11-25 21:26:38 +00:00
Chris Piazza
37014e3b5d Patches are now available from www.ssh.org/patches
Submitted by:	Issei Suzuki <issei@jp.freebsd.org>
1999-11-25 21:26:03 +00:00
SADA Kenji
03825be304 Removed an obsoleted patch.
PR:		15059
Submitted by:	Maintainer
1999-11-24 21:45:32 +00:00
Chris Piazza
a8438b23fe Path for problem with tty ownership with chflags and chown in BSD 4.4
variants.  Fixes a security bug in tty allocation.

PR:		13515
PR:		13536
Submitted by: 	Issei Suzuki <issei@jp.FreeBSD.org> (ssh2 maintainer)
1999-09-02 17:08:38 +00:00
Michael Haro
65ab34a667 FreeBSD.ORG -> FreeBSD.org
Prompted by PR:  13476, 13477
Submitted by:  KATO Tsuguru
1999-08-31 06:53:31 +00:00
Peter Wemm
a53421230c $Id$ -> $FreeBSD$ 1999-08-31 01:53:22 +00:00
Michael Haro
5281212be3 chmod -> ${CHMOD}
chown -> ${CHOWN}
1999-08-22 19:01:07 +00:00
Tim Vanderhoek
a84b5b5f94 #4/4 enforcing Caps, no period
[Has anyone figured-out what makes the number 393 so interesting to PW, now?]

I wonder what was going through Jordan's head during his infamous
$Id$-smashing commit.

Before I forget....

Thanks to naddy@mips.rhein-neckar.de (Christian Weisgerber) for prompting
this commit.  See msg-id: 7geokh$tje$1@mips.rhein-neckar.de
1999-06-26 19:22:14 +00:00
David E. O'Brien
92a61ca373 Add comment that USE_TCPWRAP ==> YES if /usr/include/tcpd.h exists. 1999-06-24 19:29:50 +00:00
Andrey A. Chernov
524739d401 upgrade to 2.0.13
XXXtgetent from original PR fixed

PR: 12279
Submitted by: Issei Suzuki <issei@issei.org>
1999-06-18 20:02:29 +00:00
Michael Haro
46162f4b9d Add WWW: to DESCR files 1999-05-03 04:04:46 +00:00
Andrey A. Chernov
f2a6cb495e detect/use -current libwrap 1999-04-03 03:42:01 +00:00
Steve Price
68566b65e1 Re-order definition of a couple of variables so the ssh1 dependency
is picked up correctly.

PR:		10577
Submitted by:	maintainer
1999-03-15 01:18:49 +00:00
Andrey A. Chernov
7a7ea0c942 Use setusercontext() now to set all sort of login things including env.
variables and priority!
Enable light debugging for compatibility with -v option
Don't print "No mail." - not in BSD login style.
1999-02-06 01:40:35 +00:00