Commit graph

237 commits

Author SHA1 Message Date
reed
ad289c0072 Remove CONFIGURE_ARGS for --mandir as this is now done
for GNU_CONFIGURE.
2005-10-07 17:42:35 +00:00
reed
56f4fe8c2c Add back openssh-4.2p1-hpn11.diff entries that were removed
in revision 1.42.
2005-09-24 00:47:13 +00:00
rillig
6458b27275 The checksum of patch-aa has changed, too. 2005-09-23 20:52:53 +00:00
taca
faae9c8a9b Be quiet pkglint:
- Remove trailing white space from Makefile.
- Add NetBSD Id to patch-aa and patch-ah.
2005-09-23 15:45:14 +00:00
reed
b86c905ff1 Update openssh to 4.2p1. This is from PR #31331. Thank you, Jason.
Some changes different from patches provided in that PR are:

- patch-aj, patch-aq, and patch-as not changed (they appeared to
  be identical to previous patches)

- DragonFly support also added to configure script (patch-aa)
  because compilation failed due to missing crypt

- and install-sysconf target removed from the installation target
  in Makefile.in (patch-ah). Just let the pkgsrc framework install
  this since it now will allow it to be removed correctly on
  deinstall.

- use "pam" instead of "PAM" as option name in the post-install
  target.

This removes patch-ai.

This also now uses openssh-4.2p1-hpn11.diff patch.

I didn't test with kerberos and hpn-patch options. I did test with
PAM on Linux. (The PR reported that kerberos and hpn-patch options
were tested for compiling.) I tested on NetBSD 2.0.2, Linux,
and DragonFly.

This includes two security fixes and several bug fixes and many
improvemens.  The changes are listed at
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-May/000079.html

TODO: get some of these patches committed upstream.
2005-09-21 18:07:09 +00:00
rillig
7a95adad42 The real user name in PKG_USERS does not need to be escaped with double
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
2005-08-23 11:48:47 +00:00
jlam
bd2788d930 Merge CONF_FILES/SUPPORT_FILES and CONF_FILES_PERMS/SUPPORT_FILES_PERMS
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files.  Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.
2005-08-19 18:12:36 +00:00
reed
1b67d68ee6 MESSAGE file removed. As mentioned on tech-pkg in May, /etc/ssh.conf
and /etc/sshd.conf is old (and I assume some configurations from
there don't apply any more), user and group are not created
automatically (only if PKG_CREATE_USERGROUP is at default YES),
UsePrivilegeSeparation is the default, and seems to imply that
openssh is insecure without it.

Bump PKGREVISION.

Change comment regarding MESSAGE.Interix.

Removed unused MESSAGE_SUBST settings. Move one to the options.mk
as it is for "pam" only.
2005-07-28 17:54:57 +00:00
reed
b85199f137 My fix from eight days ago was broken. Add the "man" subdirectory
for the man entries.
2005-07-28 16:31:13 +00:00
reed
850e08a8ec Remove MANDIR variable and just use "man" instead. 2005-07-20 05:27:14 +00:00
jlam
3e474a90d8 Get rid of USE_PERL5. The new way to express needing the Perl executable
around at either build-time or at run-time is:

	USE_TOOLS+=	perl		# build-time
	USE_TOOLS+=	perl:run	# run-time

Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
2005-07-16 01:19:06 +00:00
dillo
d6bfbe8582 Rename option PAM to pam (so all options are lower case). Backwards
compatibility provided via PKG_OPTIONS_LEGACY_OPTS.
2005-05-31 11:24:32 +00:00
reed
f52deedaf1 Fix typo introduced on August 4 that stopped wtmp logging under Linux
and maybe other platforms.

Bump PKGREVISION.
2005-05-25 23:17:11 +00:00
reed
2e01995076 Noticed that the PAM +DISPLAY message was not displayed
and extra pam file was not included in +CONTENTS.

So moved the include of options.mk to after the PLIST_SRC and
MESSAGE_SRC are defined as empty.
(MESSAGE_SRC is redefined if Interix and if PAM PKG_OPTION was enabled
then this still needs to be fixed.)
2005-05-25 19:37:18 +00:00
reed
ee8be9d0c1 RCD_SCRIPTS_EXAMPLEDIR is no longer customizable.
And always is defined as share/examples/rc.d
which was the default before.

This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.

This was discussed on tech-pkg in late January and late April.

Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
2005-05-02 20:33:57 +00:00
wiz
3a4887c254 Add CONFLICTS with lsh (common man page). 2005-04-28 14:11:13 +00:00
tv
f816d81489 Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used. 2005-04-11 21:44:48 +00:00
tv
71e2654fa3 nb5: Rework Interix support, based on work done by Interop Systems
*before* a BSD-with-advertising license was added to their diffs, and other
work done personally by me.

sshd now works.  Most permissions checks work properly.  Privsep is off by
default, and the sshd user is not created, on Interix until some problems
with privsep are fixed (perhaps by abstracting the auth functionality out
to openpam).
2005-03-07 23:29:49 +00:00
agc
d81d19f8e0 Add RMD160 digests. 2005-02-24 12:51:41 +00:00
jlam
1b5734f517 Create a pam.buildlink3.mk file that is used by PAM-using packages.
It includes the correct buildlink3.mk file from either Linux-PAM
(security/PAM) or OpenPAM (security/openpam) and eventually will
support solaris-pam.  pam.buildlink3.mk will:

	* set PAMBASE to the base directory of the PAM files;
	* set PAM_TYPE to the PAM implementation used.

There are two variables that can be used to tweak the selection of
the PAM implementation:

PAM_DEFAULT is a user-settable variable whose value is the default
	PAM implementation to use.

PAM_ACCEPTED is a package-settable list of PAM implementations
	that may be used by the package.

Modify most packages that include PAM/buildlink3.mk to include
pam.buildlink3.mk instead.
2005-01-14 05:15:39 +00:00
reed
32d8f290c2 The default location of the pkgsrc-installed rc.d scripts is now
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.

This is from ideas from Greg Woods and others.

Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
2004-12-28 02:47:40 +00:00
jlam
650b62997d Remove support for some variables that are supposed to go away after
pkgsrc-2004Q4 is branched.
2004-12-22 21:46:24 +00:00
xtraeme
27d47d5401 Convert to use bsd.options.mk with the following options:
hpn-patch kerberos PAM (only Linux)

The hpn-patch option uses the patch available in:
http://www.psc.edu/networking/projects/hpn-ssh/ to enable high performance
connections.

Also use VARBASE intead of hardcoding /var.

Bump PKGREVISION.
2004-11-25 19:25:28 +00:00
markd
d7fe2cd381 Reorder inclusion of headers to fix build on Solaris when kerberos option
is enabled.
2004-11-04 12:46:33 +00:00
grant
faa2c46dbe tell configure where to find xauth(1) so that X forwarding over ssh
works when using pkgsrc X11.

bump PKGREVISION.
2004-10-24 02:52:15 +00:00
tv
c487cb967a Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
2004-10-03 00:12:51 +00:00
wiz
9ac74e840c Update to 3.9p1:
* Added new "IdentitiesOnly" option to ssh(1), which specifies that it should
   use keys specified in ssh_config, rather than any keys in ssh-agent(1)

 * Make sshd(8) re-execute itself on accepting a new connection. This security
   measure ensures that all execute-time randomisations are reapplied for each
   connection rather than once, for the master process' lifetime. This includes
   mmap and malloc mappings, shared library addressing, shared library mapping
   order, ProPolice and StackGhost cookies on systems that support such things

 * Add strict permission and ownership checks to programs reading ~/.ssh/config
   NB ssh(1) will now exit instead of trying to process a config with poor
   ownership or permissions

 * Implemented the ability to pass selected environment variables between the
   client and the server. See "AcceptEnv" in sshd_config(5) and "SendEnv" in
   ssh_config(5) for details

 * Added a "MaxAuthTries" option to sshd(8), allowing control over the maximum
   number of authentication attempts permitted per connection

 * Added support for cancellation of active remote port forwarding sessions.
   This may be performed using the ~C escape character, see "Escape Characters"
   in ssh(1) for details

 * Many sftp(1) interface improvements, including greatly enhanced "ls" support
   and the ability to cancel active transfers using SIGINT (^C)

 * Implement session multiplexing: a single ssh(1) connection can now carry
   multiple login/command/file transfer sessions. Refer to the "ControlMaster"
   and "ControlPath" options in ssh_config(5) for more information

 * The sftp-server has improved support for non-POSIX filesystems (e.g. FAT)

 * Portable OpenSSH: Re-introduce support for PAM password authentication, in
   addition to the keyboard-interactive driver. PAM password authentication
   is less flexible, and doesn't support pre-authentication password expiry but
   runs in-process so Kerberos tokens, etc are retained

 * Improved and more extensive regression tests

 * Many bugfixes and small improvements
2004-08-31 11:27:11 +00:00
minskim
6c1e49d7f6 Make openssh build on Interix. Currently only the client (ssh) was
tested.  The server (sshd) still needs more patches especially because of
non-zero Administrator uid/gid issues.
2004-08-04 06:43:52 +00:00
grant
1e99c0fee7 add CONFLICT with ssh2-nox11. 2004-07-25 12:36:03 +00:00
reed
a6877657cc Only use the NetBSD-specific MESSAGE.urandom for NetBSD.
It says to use "pseudo-device   rnd" kernel configuration.

TODO: if the above instructions are fine for other
operating systems with /dev/urandom then add.
2004-05-21 23:00:23 +00:00
reed
ec087dd4e3 The makefile had a comment saying PAM authentication causes memory
faults, and haven't tracked down why yet.

No allow PAM authentication if Linux (and USE_PAM is defined).

This will close my 20846 PR from March 2003.

Also, install the contrib/sshd.pam.generic file as the example
sshd.pam instead of the FreeBSD version, but this okay since
it was commented out in the first place.

TODO: test the PAM support on other platforms and allow
if USE_PAM is defined.
2004-05-21 22:54:43 +00:00
wiz
fe4b1f5fc6 Not needed after 3.8.1p1 update. 2004-05-10 18:12:43 +00:00
wiz
23810a3f2a Update to 3.8.1p1:
Minor bugfixes.
2004-05-10 18:12:23 +00:00
xtraeme
e4f66bcc3f Enable md5 passwords support in Linux. This closes PR pkg/25322 by
Piotr Meyer.
2004-05-02 17:30:37 +00:00
jlam
7766d0b725 The buildlink3.mk file for the Kerberos 5 implementation used will
automatically pass the correct -I flags to the compiler.
2004-04-28 05:26:39 +00:00
jlam
e3ee2f2be4 This version of OpenSSH actually no longer supports building with
Kerberos 4 support, so remove those Makefile checks.
2004-04-28 05:25:54 +00:00
jlam
6716a865f5 Fix up OpenSSH sources to allow building with S/Key support on NetBSD as
well.  Bump the PKGREVISION.

XXX The right fix is to create a autoconf check for the number of args
XXX that skeychallenge takes and do the right thing accordingly.
2004-04-28 04:00:17 +00:00
jlam
c1bc435448 Building with Kerberos 4 support doesn't work when using mit-krb5. Only
allow building with Kerberos 4 support when using Heimdal and if the
kerberosIV headers exist.
2004-04-28 03:54:08 +00:00
markd
68acd364ef Add the .endif I missed off last night. 2004-04-27 21:39:39 +00:00
jlam
94da92332c Don't support the updating the in-tree openssh via pkgsrc. pkgsrc really
has no business trying to update parts of the base system.
2004-04-27 19:08:36 +00:00
markd
6548ed08a7 Add handling of utmpx/wtmpx on NetBSD-current.
Bump PKGREVISION.
2004-04-27 12:30:23 +00:00
markd
85964ae390 Something in our framework interferes with configure disabling utmp/wtmp
handling on Solaris >= 8 so do it explicitly.
2004-04-27 12:26:31 +00:00
markd
ddc2279c9a Use krb5.buildlink3.mk to find krb5 locations. 2004-04-27 12:21:49 +00:00
markd
7e2c1fed6a Teach about recent NetBSD versions.
Finish buildlink3 changes.

Obscure LOCALBASE path so that base system compilers dont match the
prefix otherwise compiler.mk then wants to build the pkgsrc gcc
package. (ick)
2004-04-27 12:15:48 +00:00
wiz
9821b663fe Convert to bl3; update comments in Makefile.intree. 2004-04-25 23:36:52 +00:00
reed
9c790735db mk/bsd.pkg.install.mk now automatically registers
the RCD_SCRIPTS rc.d script(s) to the PLIST.

This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.

This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)

These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)

I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.

Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
  hard-coded etc/rc.d. These need to be fixed.
- maybe  remove from mk/${OPSYS}.pkg.dist mtree specifications too.
2004-04-23 22:07:52 +00:00
wiz
a661ce60c0 PKGREVISION bump after openssl-security-fix-update to 0.9.6m.
Buildlink files: RECOMMENDED version changed to current version.
2004-03-26 02:27:34 +00:00
wiz
f042140b18 Update to 3.8p1:
This version features many improvements and bugfixes.
2004-03-12 19:24:47 +00:00
xtraeme
974c5dc7ce Force manual pages installation, because some systems like IRIX will
install them like preformatted manual pages (cat).
Reported by Georg Schwarz in PR pkg/24428.
2004-02-21 06:26:41 +00:00
jlam
53f75c6830 Don't set LD=${CC} globally, but only pass it to CONFIGURE_ENV, which is
the only relevant place that wants it.
2004-02-07 23:58:49 +00:00