diff options
| author | tron <tron> | 2011-05-20 07:53:58 +0000 |
|---|---|---|
| committer | tron <tron> | 2011-05-20 07:53:58 +0000 |
| commit | ccb82b169367b7662aa4413f9c25263d34a24cee (patch) | |
| tree | d8b8f11fdd5807b50a42009798610797666a24f4 | |
| parent | cb17f2f6315a69a3b47f0e015ddbc83b8b4ccfd3 (diff) | |
| download | pkgsrc-ccb82b169367b7662aa4413f9c25263d34a24cee.tar.gz | |
Pullup ticket #3431 - requested by taca
security/openssh: bug fix update
Revisions pulled up:
- security/openssh/Makefile 1.201-1.202
- security/openssh/files/sshd.sh 1.12-1.13
---
Module Name: pkgsrc
Committed By: taca
Date: Mon May 16 05:06:49 UTC 2011
Modified Files:
pkgsrc/security/openssh: Makefile
pkgsrc/security/openssh/files: sshd.sh
Log Message:
Maintenance of openssh pacakge:
1. Add support for check and create ECDSA host key for SSH protocol
version 2.
2. Disable use of strnvis(3) on NetBSD. NetBSD current after 2011/03/12
has strnvis(3), but it has different argument from OpenBSD (and other
system).
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Tue May 17 03:26:52 UTC 2011
Modified Files:
pkgsrc/security/openssh: Makefile
pkgsrc/security/openssh/files: sshd.sh
Log Message:
Don't always try to create ecdsa key which depends on OpenSSL's version.
Bump PKGREVISION.
| -rw-r--r-- | security/openssh/Makefile | 27 | ||||
| -rw-r--r-- | security/openssh/files/sshd.sh | 13 |
2 files changed, 36 insertions, 4 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 35d0fe8f566..86d265ac39e 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.199.2.1 2011/05/15 09:33:30 sbd Exp $ +# $NetBSD: Makefile,v 1.199.2.2 2011/05/20 07:53:58 tron Exp $ DISTNAME= openssh-5.8p2 PKGNAME= openssh-5.8.2 +PKGREVISION= 2 SVR4_PKGNAME= ossh CATEGORIES= security MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ @@ -104,10 +105,18 @@ CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey} CONFIGURE_ARGS+= --without-skey .endif -.if (${OPSYS} == "NetBSD") && exists(/usr/include/utmpx.h) +.if (${OPSYS} == "NetBSD") +. if exists(/usr/include/utmpx.h) # if we have utmpx et al do not try to use login() CONFIGURE_ARGS+= --disable-libutil +. endif +# +# NetBSD current after 2011/03/12 has incompatible strnvis(3) and +# prior version don't have it. So, disable use of strnvis(3) now. +# +CONFIGURE_ENV+= ac_cv_func_strnvis=no .endif + .if (${OPSYS} == "SunOS") && (${OS_VERSION} == "5.8" || ${OS_VERSION} == "5.9") CONFIGURE_ARGS+= --disable-utmp --disable-wtmp .endif @@ -153,6 +162,7 @@ CONF_FILES+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f} .endfor OWN_DIRS= ${OPENSSH_CHROOT} RCD_SCRIPTS= sshd +RCD_SCRIPT_SRC.sshd= ${WRKDIR}/sshd.sh PLIST_SRC+= ${.CURDIR}/PLIST FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR:Q} @@ -167,6 +177,19 @@ SUBST_MESSAGE.patch= More patch a file. .include "../../security/openssl/buildlink3.mk" .include "../../security/tcp_wrappers/buildlink3.mk" +# +# type of key "ecdsa" isn't always supported depends on OpenSSL. +# +post-configure: + if ${EGREP} -q '^\#define[ ]+OPENSSL_HAS_ECC' \ + ${WRKSRC}/config.h; then \ + ${SED} -e '/HAVE_ECDSA/s/.*//' \ + ${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \ + else \ + ${SED} -e '/HAVE_ECDSA_START/,/HAVE_ECDSA_STOP/d' \ + ${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \ + fi + post-install: ${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR} cd ${WRKSRC}; for file in ${CONFS}; do \ diff --git a/security/openssh/files/sshd.sh b/security/openssh/files/sshd.sh index f28b5f6473c..b18f17202b9 100644 --- a/security/openssh/files/sshd.sh +++ b/security/openssh/files/sshd.sh @@ -1,6 +1,6 @@ #!@RCD_SCRIPTS_SHELL@ # -# $NetBSD: sshd.sh,v 1.11 2003/05/22 09:05:38 wiz Exp $ +# $NetBSD: sshd.sh,v 1.11.64.1 2011/05/20 07:53:58 tron Exp $ # # PROVIDE: sshd # REQUIRE: DAEMON LOGIN @@ -42,6 +42,14 @@ sshd_keygen() else ${keygen_command} -t rsa -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -N '' fi +/* HAVE_ECDSA_START */ + if [ -f @PKG_SYSCONFDIR@/ssh_host_ecdsa_key ]; then + @ECHO@ "You already have a ECDSA host key in @PKG_SYSCONFDIR@/ssh_host_ecdsa_key" + @ECHO@ "Skipping protocol version 2 ECDSA Key Generation" + else + ${keygen_command} -t ecdsa -f @PKG_SYSCONFDIR@/ssh_host_ecdsa_key -N '' + fi +/* HAVE_ECDSA_STOP */ ) } @@ -49,7 +57,8 @@ sshd_precmd() { if [ ! -f @PKG_SYSCONFDIR@/ssh_host_key -o \ ! -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -o \ - ! -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then + ! -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -o \ + ! -f @PKG_SYSCONFDIR@/ssh_host_ecdsa_key ]; then if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ] then run_rc_command keygen |