kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/security/openssh/Makefile
taca 1caa448699 Update openssh package to 5.8.1 (5.8p1). 
For changes from 5.5 to 5.7, please refer http://openssh.com/txt/release-5.7
and http://openssh.com/txt/release-5.6 in detail.

Changes since OpenSSH 5.7
=========================

Security:

 * Fix vulnerability in legacy certificate signing introduced in
   OpenSSH-5.6 and found by Mateusz Kocielski.

   Legacy certificates signed by OpenSSH 5.6 or 5.7 included data from
   the stack in place of a random nonce field. The contents of the stack
   do not appear to contain private data at this point, but this cannot
   be stated with certainty for all platform, library and compiler
   combinations. In particular, there exists a risk that some bytes from
   the privileged CA key may be accidentally included.

   A full advisory for this issue is available at:
   http://www.openssh.com/txt/legacy-cert.adv

Portable OpenSSH Bugfixes:

 * Fix compilation failure when enableing SELinux support.

 * Do not attempt to call SELinux functions when SELinux is disabled.
   bz#1851
2011-02-16 17:45:08 +00:00

180 lines
5.4 KiB
Makefile
Raw Blame History

# $NetBSD: Makefile,v 1.199 2011/02/16 17:45:08 taca Exp $
DISTNAME= openssh-5.8p1
PKGNAME= openssh-5.8.1
SVR4_PKGNAME= ossh
CATEGORIES= security
MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \
ftp://ftp.freenet.de/pub/ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp.jaist.ac.jp/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/
# Don't delete the last entry -- it's there if the pkgsrc version is not
# up-to-date and the mirrors already removed the old distfile.
MAINTAINER= pkgsrc-users@NetBSD.org
HOMEPAGE= http://www.openssh.com/
COMMENT= Open Source Secure shell client and server (remote login program)
CONFLICTS= sftp-[0-9]*
CONFLICTS+= ssh-[0-9]* ssh6-[0-9]*
CONFLICTS+= ssh2-[0-9]* ssh2-nox11-[0-9]*
CONFLICTS+= openssh+gssapi-[0-9]*
CONFLICTS+= lsh>2.0
PKG_DESTDIR_SUPPORT= user-destdir
USE_TOOLS+= perl
CRYPTO= yes
# retain the following line, for IPv6-ready pkgsrc webpage
BUILD_DEFS+= IPV6_READY
PKG_GROUPS_VARS+= OPENSSH_GROUP
PKG_USERS_VARS+= OPENSSH_USER
BUILD_DEFS+= OPENSSH_CHROOT
BUILD_DEFS+= VARBASE
INSTALL_TARGET= install-nokeys
PLIST_SRC= # empty
.include "options.mk"
.if ${OPSYS} == "Interix"
# OpenSSH on Interix has some important caveats
MESSAGE_SRC= ${.CURDIR}/MESSAGE.Interix
BUILDLINK_PASSTHRU_DIRS+= /usr/local/lib/bind
CONFIGURE_ENV+= ac_cv_func_openpty=no
CONFIGURE_ENV+= ac_cv_type_struct_timespec=yes
CPPFLAGS+= -DIOV_MAX=16 # default is INT_MAX, way too large
.if exists(/usr/local/include/bind/resolv.h)
CPPFLAGS+= -I/usr/local/include/bind
BUILDLINK_PASSTHRU_DIRS+= /usr/local/include/bind
.elif exists(/usr/local/bind/include/resolv.h)
CPPFLAGS+= -I/usr/local/bind/include
BUILDLINK_PASSTHRU_DIRS+= /usr/local/bind/include
.endif
LDFLAGS+= -L/usr/local/lib/bind
LIBS+= -lbind -ldb -lcrypt
.else # not Interix
PKG_GROUPS= ${OPENSSH_GROUP}
PKG_USERS= ${OPENSSH_USER}:${OPENSSH_GROUP}
PKG_GECOS.${OPENSSH_USER}= sshd privsep pseudo-user
PKG_HOME.${OPENSSH_USER}= ${OPENSSH_CHROOT}
.endif
SSH_PID_DIR= ${VARBASE}/run # default directory for PID files
PKG_SYSCONFSUBDIR= ssh
GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --with-mantype=man
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q}
CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR:Q}
CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE:Q}
CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}
.if ${OPSYS} != "Interix"
CONFIGURE_ARGS+= --with-privsep-path=${OPENSSH_CHROOT:Q}
CONFIGURE_ARGS+= --with-privsep-user=${OPENSSH_USER:Q}
.endif
# pkgsrc already enforces a "secure" version of zlib via dependencies,
# so skip this bogus version check.
CONFIGURE_ARGS+= --without-zlib-version-check
# the openssh configure script finds and uses ${LD} if defined and
# defaults to ${CC} if not. we override LD here, since running the
# linker directly results in undefined symbols for obvious reasons.
#
CONFIGURE_ENV+= LD=${CC:Q}
# Enable S/Key support on NetBSD, Darwin, and Solaris.
.if (${OPSYS} == "NetBSD") || (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS")
. include "../../security/skey/buildlink3.mk"
CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey}
.else
CONFIGURE_ARGS+= --without-skey
.endif
.if (${OPSYS} == "NetBSD") && exists(/usr/include/utmpx.h)
# if we have utmpx et al do not try to use login()
CONFIGURE_ARGS+= --disable-libutil
.endif
.if (${OPSYS} == "SunOS") && (${OS_VERSION} == "5.8" || ${OS_VERSION} == "5.9")
CONFIGURE_ARGS+= --disable-utmp --disable-wtmp
.endif
.if ${OPSYS} == "Linux"
CONFIGURE_ARGS+= --enable-md5-password
.endif
# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
# on if it's part of the X11 distribution, or if it's installed from pkgsrc
# (security/ssh-askpass).
#
.if exists(${X11BASE}/bin/ssh-askpass)
ASKPASS_PROGRAM= ${X11BASE}/bin/ssh-askpass
.else
ASKPASS_PROGRAM= ${X11PREFIX}/bin/ssh-askpass
.endif
CONFIGURE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
MAKE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
# do the same for xauth
.if exists(${X11BASE}/bin/xauth)
CONFIGURE_ARGS+= --with-xauth=${X11BASE}/bin/xauth
.else
CONFIGURE_ARGS+= --with-xauth=${X11PREFIX}/bin/xauth
.endif
CONFS= ssh_config sshd_config moduli
.if exists(/dev/urandom)
. if ${OPSYS} == "NetBSD"
MESSAGE_SRC+= ${.CURDIR}/MESSAGE.urandom
. endif
.else
CONFIGURE_ARGS+= --without-random
CONFS+= ssh_prng_cmds
PLIST_SRC+= ${.CURDIR}/PLIST.prng
.endif
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
CONF_FILES= # empty
.for f in ${CONFS}
CONF_FILES+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f}
.endfor
OWN_DIRS= ${OPENSSH_CHROOT}
RCD_SCRIPTS= sshd
PLIST_SRC+= ${.CURDIR}/PLIST
FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR:Q}
SUBST_CLASSES+= patch
SUBST_STAGE.patch= pre-configure
SUBST_FILES.patch= session.c
SUBST_SED.patch= -e '/channel_input_port_forward_request/s/0/ROOTUID/'
SUBST_MESSAGE.patch= More patch a file.
.include "../../devel/zlib/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
.include "../../security/tcp_wrappers/buildlink3.mk"
post-install:
${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR}
cd ${WRKSRC}; for file in ${CONFS}; do \
${INSTALL_DATA} $${file}.out ${DESTDIR}${EGDIR}/$${file}; \
done
.if !empty(PKG_OPTIONS:Mpam) && ${OPSYS} == "Linux"
${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.generic \
${DESTDIR}${EGDIR}/sshd.pam
.endif
.include "../../mk/bsd.pkg.mk"
Reference in a new issue View git blame Copy permalink