Based on pr 6684 by Martin J. Laubach with heavy refining/fixing by myself.
XXX This package needs still some tweaking to work with rsaref.
XXX Maybe some US citizen developer can take over?
XXX At least its usefull to non-US ppl.
Changes since 1.5.6:
- Various bug fixes (not security related).
- All compile-time options are now set via options to the configure script.
- visudo is now installed in /usr/local/sbin where it belongs.
[of course this is ${PREFIX}/sbin in our package for a long time - TF]
- two problems with tgetpass() have been fixed. In one case the user was
not always given a chance to enter a password. In the other a newline
was not always printed after the password was entered on Linux.
- Added support for Digital UNIX SIA (Security Integration Architecture).
- %groups now work as RunAs specifiers like the man page says.
- Sudo now sets the USER environment variable to the target user
(root unless -u is specified).
- Sudo will print "command not found" unless configure was run with
--disable-path-info. Also, tell user when we ignore '.' in their path and
it would have been used but for --with-ignore-dot. This means that sudo can
be used to gather information about the existence of executable in
directories not accessible by a normal user. If this bothers you, run
configure with --disable-path-info.
[in our package --disable-path-info is default - TF]
- A longstanding bug wrt "sudo -l" has been fixed that could cause "sudo -l"
to complain about non-existent syntax errors.
- When configured with --with-tty-tickets the filename is now "user:tty"
(was "user.tty") since a username could have a '.' in it.
match directory name and to differentiate from previous version)
- remove md5 symlink to ssleay (conflicts with /usr/bin/md5)
- move all include files to $PREFIX/include/ssleay (too much conflict
potential in $PREFIX/include, not the least of which is md5.h)
- link rsaref glue goop right into libcrypto, only as required
- turn asm off on alpha temporarily while trying to find source of math
errors on LP64
- set NOT_FOR_ARCHS=alpha *64 to prevent compiling on LP64 platforms
This is a package of binaries, as compiled by Michael Graff
(explorer@flame.org), and I have not even tried to run these binaries,
let alone seen the source, and so cannot vouch for them.
Binaries are provided for Alpha, i386 and arm32 architectures.
- make this work on all arches (use C where no equivalent asm is
available). Since the arch specifics are determined by `uname', set
ONLY_FOR_ARCHS to the full list of current architectures.
- don't use various methods of editing (patch, sed) where pulling values
from the environment and using CONFIGURE_ENV/MAKE_ENV will suffice.
- use %D to get the value of $PREFIX in the PLIST; the PLIST doesn't need
to be sed edited to get this as part of an @exec!
- use pmake's += construct to add rsaref-specific stuff, instead of adding
"extra" patches.
Now works on arm32, but probably not on alpha and sparc64 (tests fail on
alpha; likely type-sizing problems, and still looking at that).
Don't remove it on de-install. Put the example config file (ssleay.cnf.eg)
in lib right beside the real config.
Yes, this file really should be in etc, but the programs have several
different routines that look for the config files, at least one of which
has the use of lib hard-coded. This would be pretty messy to fix.
Don't immediately timeout sessions as idle just because an actual
idle check had not been done yet (so last_idle_time was zero, and
the difference to current time is way over your idle time limit).
Also added the first US mirror of ssh into MASTER_SITES.
- New, optional Makefile variable HOMEPAGE, specifies a URL for
the home page of the software if it has one.
- The value of HOMEPAGE is used to add a link from the
README.html files.
- pkglint updated to know about it. The "correct" location for
HOMEPAGE in the Makefile is after MAINTAINER, in that same
section.
explicitly in the commands before ${MAKEFILE}; modify package
Makefiles to conform to this rationalisation. This was used
inconsistently in many packages, some including it, some not.
Implement a new DEPENDS definition, which looks for an installed
package, building it if not present, and use it in preference to
LIB_DEPENDS. This should make the package collection more useful on
NetBSD ELF ports.
Add lines to include MAKECONF, if defined and exists, or /etc/mk.conf,
if it exists, before the first reference to USE_RSAREF2. This means
that the value for USE_RSAREF2 can be set in $MAKECONF or /etc/mk.conf
as well as the environment.
- on i386, somehow <machine/endian.h> never got included by
<machine/ansi.h>; include the former directly.
- on sparc (and all big endian machines), the endian check was in the
wrong place: it should have been in usuals.h. Also include usuals.h in
md5.c to get the define.
- ${USA_RESIDENT}->${USE_RSAREF2} as per mycroft; RSA implementations
other than RSAREF may be used freely at MIT, though not elsewhere in USA
- always enable libwrap; it is shipped with NetBSD
- use new rsaref pkg, and don't retrieve rsaref from outside USA
- fix make-ssh-known-hosts to use the famous hack to startup perl based
on perl's location in $PATH, rather than require user to set it at
configure time
- fix include directory for socks5 support (and rsaref)
from FreeBSD port:
- uses our rsaref pkg if USE_RSAREF2 is YES
- doesn't use USA_RESIDENT; instead uses USE_RSAREF2 since MIT students
and staff may legally use mpilib instead of rsaref
- builds 2.6.3a with rsaref as well as 2.6.3ia without (all based on the
same sources)
- uses asm routines on i386, sparc, and m68k
on FreeBSD's port, but almost completely reworked. Differences:
- leaves out MD5 and uses NetBSD's libc MD5 routines
- all the includes are installed in ${PREFIX}/include/rsaref
- fetches it legally from ftp.rsa.com instead of sites outside the USA
- uses <bsd.lib.mk> to build the library