Make this work more like the ssh package:

- don't install setuid unless SSH_SUID=YES
- use libwrap (--with-tcp-wrappers) on NetBSD

I also want to fix S/Key support and Kerberos IV,
so I've left some comments in Makefile for that.

security/openssh/Makefile

@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.53 2001/06/28 23:12:16 jlam Exp $
+# $NetBSD: Makefile,v 1.54 2001/08/17 19:49:08 kim Exp $
 
 DISTNAME=		openssh-2.9p2
 CATEGORIES=		security
@@ -21,7 +21,9 @@ CRYPTO=			yes
 
 # retain the following line, for IPv6-ready pkgsrc webpage 
 BUILD_DEFS+=		USE_INET6
+#BUILD_DEFS+=		KERBEROS
 BUILD_DEFS+=		SSH_CONF_DIR
+BUILD_DEFS+=		SSH_SUID
 
 DEINSTALL_FILE=		${WRKDIR}/DEINSTALL
 INSTALL_FILE=		${WRKDIR}/INSTALL
@@ -43,6 +45,23 @@ GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--sysconfdir=${SSH_CONF_DIR}
 CONFIGURE_ARGS+=	--with-ssl-dir=${BUILDLINK_DIR}
 
+.if ${OPSYS} == "NetBSD"
+CONFIGURE_ARGS+=	--with-tcp-wrappers
+# XXX: we have 4 args (4: sslen) to skeychallenge instead of 3
+#CONFIGURE_ARGS+=	--with-skey=/usr
+.endif
+
+# XXX: <krb.h>
+#.if defined(KERBEROS)
+#USE_KERBEROS=		yes
+#CONFIGURE_ARGS+=	--with-kerberos4=/usr
+#.endif
+
+# Don't install "ssh" setuid
+.if !defined(SSH_SUID) || ${SSH_SUID} != YES
+CONFIGURE_ARGS+=	--disable-suid-ssh
+.endif
+
 # The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
 # on if it's part of the X11 distribution, or if it's installed from pkgsrc
 # (security/ssh-askpass).  The configure process will lie about the compiled
@@ -63,6 +82,9 @@ PLIST_SRC=	${WRKDIR}/PLIST_DYNAMIC
 INSTALL_FILE=		${WRKDIR}/INSTALL.SunOS
 .endif
 
+#post-patch:
+#	cd ${WRKSRC} ; autoreconf --force
+
 post-build:
 	for FILE in \
 		${PKGDIR}/DEINSTALL	\

security/openssh/distinfo

@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.5 2001/06/28 23:12:16 jlam Exp $
+$NetBSD: distinfo,v 1.6 2001/08/17 19:49:08 kim Exp $
 
 SHA1 (openssh-2.9p2.tar.gz) = add432005b43f71ccf964bb77b37291273dd4ceb
 Size (openssh-2.9p2.tar.gz) = 662590 bytes
-SHA1 (patch-aa) = 78816aa12ddc091bd6d4d82235af0e59d25afac6
-SHA1 (patch-ab) = 236d325113b2808d1fd9c8087cc0149eb382bbbf
-SHA1 (patch-ah) = da09e163310c21b8f5b37d89d4f44bfec9707e67
+SHA1 (patch-aa) = 0a3322cbb38c666266a7d44fc8188546b7818926
+SHA1 (patch-ab) = 92eee280f610967ddd56c0f31cd2bf2960f898b4
+SHA1 (patch-ah) = 58a9bbc7c35e7d043c26288affe6fb1a88d9db2e

security/openssh/patches/patch-aa

@@ -1,7 +1,7 @@
-$NetBSD: patch-aa,v 1.15 2001/06/28 23:12:16 jlam Exp $
+$NetBSD: patch-aa,v 1.16 2001/08/17 19:49:09 kim Exp $
 
---- configure.orig	Sun Jun 17 00:09:50 2001
-+++ configure
+--- configure.orig	Sun Jun 17 07:09:50 2001
++++ configure	Fri Aug 17 22:06:47 2001
 @@ -1796,7 +1796,7 @@
  
  	;;
@@ -20,3 +20,44 @@ $NetBSD: patch-aa,v 1.15 2001/06/28 23:12:16 jlam Exp $
  	cat >> confdefs.h <<\EOF
  #define PAM_SUN_CODEBASE 1
  EOF
+@@ -3160,6 +3160,7 @@
+ 
+ # Check whether user wants TCP wrappers support
+ TCPW_MSG="no" 
++TCPW_LIB=""
+ # Check whether --with-tcp-wrappers or --without-tcp-wrappers was given.
+ if test "${with_tcp_wrappers+set}" = set; then
+   withval="$with_tcp_wrappers"
+@@ -3173,6 +3174,8 @@
+ #line 3174 "configure"
+ #include "confdefs.h"
+ 
++#include <sys/cdefs.h>
++#include <stdio.h>
+ #include <tcpd.h>
+ 					int deny_severity = 0, allow_severity = 0;
+ 				
+@@ -3189,6 +3192,7 @@
+ EOF
+ 
+ 					TCPW_MSG="yes" 
++					TCPW_LIB="-lwrap" 
+ 				
+ else
+   echo "configure: failed program was:" >&5
+@@ -3200,6 +3204,7 @@
+ 			
+ fi
+ rm -f conftest*
++			LIBS="$saved_LIBS"
+ 		fi
+ 	
+ 
+@@ -8881,6 +8886,7 @@
+ s%@TEST_MINUS_S_SH@%$TEST_MINUS_S_SH%g
+ s%@LOGIN_PROGRAM_FALLBACK@%$LOGIN_PROGRAM_FALLBACK%g
+ s%@LD@%$LD%g
++s%@TCPW_LIB@%$TCPW_LIB%g
+ s%@NO_SFTP@%$NO_SFTP%g
+ s%@rsh_path@%$rsh_path%g
+ s%@xauth_path@%$xauth_path%g

security/openssh/patches/patch-ab

@@ -1,7 +1,7 @@
-$NetBSD: patch-ab,v 1.3 2001/06/28 23:12:16 jlam Exp $
+$NetBSD: patch-ab,v 1.4 2001/08/17 19:49:10 kim Exp $
 
---- configure.in.orig	Mon May 28 13:21:44 2001
-+++ configure.in
+--- configure.in.orig	Mon May 28 20:21:44 2001
++++ configure.in	Fri Aug 17 22:06:34 2001
 @@ -131,7 +131,7 @@
          )
  	;;
@@ -20,3 +20,38 @@ $NetBSD: patch-ab,v 1.3 2001/06/28 23:12:16 jlam Exp $
  	AC_DEFINE(PAM_SUN_CODEBASE)
  	AC_DEFINE(LOGIN_NEEDS_UTMPX)
  	AC_DEFINE(LOGIN_NEEDS_TERM)
+@@ -432,6 +432,7 @@
+ 
+ # Check whether user wants TCP wrappers support
+ TCPW_MSG="no" 
++TCPW_LIB=""
+ AC_ARG_WITH(tcp-wrappers,
+ 	[  --with-tcp-wrappers     Enable tcpwrappers support],
+ 	[
+@@ -441,6 +442,8 @@
+ 			AC_MSG_CHECKING(for libwrap)
+ 			AC_TRY_LINK(
+ 				[
++#include <sys/cdefs.h>
++#include <stdio.h>
+ #include <tcpd.h>
+ 					int deny_severity = 0, allow_severity = 0;
+ 				],
+@@ -449,14 +452,17 @@
+ 					AC_MSG_RESULT(yes)
+ 					AC_DEFINE(LIBWRAP)
+ 					TCPW_MSG="yes" 
++					TCPW_LIB="-lwrap" 
+ 				],
+ 				[
+ 					AC_MSG_ERROR([*** libwrap missing])
+ 				]
+ 			)
++			LIBS="$saved_LIBS"
+ 		fi
+ 	]
+ )
++AC_SUBST(TCPW_LIB)
+ 
+ dnl    Checks for library functions.
+ AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_sa clock fchown fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent getusershell glob inet_aton inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv setegid seteuid setlogin setproctitle setresgid setreuid setrlimit setsid setvbuf sigaction sigvec snprintf strerror strlcat strlcpy strmode strsep strtok_r sysconf tcgetpgrp utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop)

security/openssh/patches/patch-ah

@@ -1,7 +1,7 @@
-$NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $
+$NetBSD: patch-ah,v 1.13 2001/08/17 19:49:10 kim Exp $
 
---- Makefile.in.orig	Fri Apr 27 09:31:08 2001
-+++ Makefile.in	Tue May 15 01:25:53 2001
+--- Makefile.in.orig	Fri Apr 27 03:31:08 2001
++++ Makefile.in	Fri Aug 17 21:43:33 2001
 @@ -8,6 +8,7 @@
  mandir=@mandir@
  mansubdir=@mansubdir@
@@ -19,7 +19,24 @@ $NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $
  SFTP_SERVER=$(libexecdir)/sftp-server
  
  PATHS= -DETCDIR=\"$(sysconfdir)\" \
-@@ -164,7 +165,7 @@
+@@ -29,6 +30,7 @@
+ CFLAGS=@CFLAGS@
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
++WRAP=@TCPW_LIB@
+ AR=@AR@
+ RANLIB=@RANLIB@
+ INSTALL=@INSTALL@
+@@ -96,7 +98,7 @@
+ 	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ 
+ sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
+-	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(WRAP) $(LIBS)
+ 
+ scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o scp-common.o
+ 	$(LD) -o $@ scp.o scp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+@@ -164,7 +166,7 @@
  distprep: catman-do
  	autoreconf
  
@@ -28,7 +45,7 @@ $NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $
  
  install-files:
  	$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
-@@ -173,6 +174,7 @@
+@@ -173,6 +175,7 @@
  	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
  	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
  	$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
@@ -36,7 +53,7 @@ $NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $
  	$(INSTALL) -m $(SSH_MODE) -s ssh $(DESTDIR)$(bindir)/ssh
  	$(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
  	$(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
-@@ -199,23 +201,11 @@
+@@ -199,23 +202,11 @@
  	if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
  		$(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \
  	fi
@@ -63,7 +80,7 @@ $NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $
  	fi
  	if [ ! -f $(DESTDIR)$(sysconfdir)/primes ]; then \
  		$(INSTALL) -m 644 primes.out $(DESTDIR)$(sysconfdir)/primes; \
-@@ -248,10 +238,10 @@
+@@ -248,10 +239,10 @@
  	./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N ""
  
  uninstallall:	uninstall