pkgsrc/security/openssh/options.mk
taca 6c6083c7f1 Update openssh package to 5.8.1 (5.8p1).
For changes from 5.5 to 5.7, please refer http://openssh.com/txt/release-5.7
and http://openssh.com/txt/release-5.6 in detail.

Changes since OpenSSH 5.7
=========================

Security:

 * Fix vulnerability in legacy certificate signing introduced in
   OpenSSH-5.6 and found by Mateusz Kocielski.

   Legacy certificates signed by OpenSSH 5.6 or 5.7 included data from
   the stack in place of a random nonce field. The contents of the stack
   do not appear to contain private data at this point, but this cannot
   be stated with certainty for all platform, library and compiler
   combinations. In particular, there exists a risk that some bytes from
   the privileged CA key may be accidentally included.

   A full advisory for this issue is available at:
   http://www.openssh.com/txt/legacy-cert.adv

Portable OpenSSH Bugfixes:

 * Fix compilation failure when enableing SELinux support.

 * Do not attempt to call SELinux functions when SELinux is disabled.
   bz#1851
2011-02-16 17:45:08 +00:00

33 lines
928 B
Makefile

# $NetBSD: options.mk,v 1.20 2011/02/16 17:45:08 taca Exp $
.include "../../mk/bsd.prefs.mk"
PKG_OPTIONS_VAR= PKG_OPTIONS.openssh
PKG_SUPPORTED_OPTIONS= kerberos hpn-patch
.if !empty(OPSYS:MLinux)
PKG_SUPPORTED_OPTIONS+= pam
.endif
.include "../../mk/bsd.options.mk"
.if !empty(PKG_OPTIONS:Mkerberos)
. include "../../mk/krb5.buildlink3.mk"
CONFIGURE_ARGS+= --with-kerberos5=${KRB5BASE:Q}
.endif
.if !empty(PKG_OPTIONS:Mhpn-patch)
PATCHFILES= openssh-5.8p1-hpn13v11.diff.gz
PATCH_SITES= http://www.psc.edu/networking/projects/hpn-ssh/
PATCH_DIST_STRIP= -p1
.endif
.if !empty(PKG_OPTIONS:Mpam)
# XXX: PAM authentication causes memory faults, and haven't tracked down
# XXX: why yet. For the moment, disable PAM authentication for non-Linux.
.include "../../mk/pam.buildlink3.mk"
CONFIGURE_ARGS+= --with-pam
PLIST_SRC+= ${.CURDIR}/PLIST.pam
MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam
MESSAGE_SUBST+= EGDIR=${EGDIR}
.endif