New openssh package [needs some cleanup]

- it is not enabled by default (need to think what to do with the ssh conflict)
- only tested under 1.4.1 so far

14 files changed, 357 insertions, 0 deletions

diff --git a/security/openssh/Makefile b/security/openssh/Makefile
new file mode 100644
index 00000000000..06b5e580f9c
--- /dev/null
+++ b/security/openssh/Makefile
@@ -0,0 +1,36 @@
+# $NetBSD: Makefile,v 1.1 2000/01/17 05:34:32 christos Exp $
+#
+
+DISTNAME=		openssh-1.2.1pre26
+PKGNAME=		openssh-1.2.1-26
+CATEGORIES=		security
+MASTER_SITES=		ftp://thermo.stat.ncsu.edu/pub/openssh/files
+
+MAINTAINER=		packages@netbsd.org
+HOMEPAGE=		http://www.openssh.org/
+
+CONFLICTS=		ssh-*
+
+USE_PERL5=		yes
+
+RESTRICTED=		"Crypto; export-controlled"
+MIRROR_DISTFILE=	no
+
+# matches what's in `Configure' (except sparc64)
+ONLY_FOR_PLATFORM=	NetBSD-*-alpha NetBSD-*-arm32 NetBSD-*-i386 \
+			NetBSD-*-m68k NetBSD-*-mips NetBSD-*-mipseb \
+			NetBSD-*-mipsel NetBSD-*-ns32k NetBSD-*-powerpc \
+			NetBSD-*-sparc NetBSD-*-vax
+
+GNU_CONFIGURE=		yes
+
+.include "../../mk/bsd.prefs.mk"
+
+# from mk.conf
+SSH_CONF_DIR?=		/etc
+CONFIGURE_ARGS=		--prefix=${PREFIX} --sysconfdir=${SSH_CONF_DIR}
+
+DEPENDS=		openssl-0.9.4
+CONFIGURE_ARGS+=	openssl
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/openssh/files/md5 b/security/openssh/files/md5
new file mode 100644
index 00000000000..b6faaffddde
--- /dev/null
+++ b/security/openssh/files/md5
@@ -0,0 +1 @@
+MD5 (openssh-1.2.1pre26.tar.gz) = 75501f28adcca30aeb965596a5dc0326
diff --git a/security/openssh/files/patch-sum b/security/openssh/files/patch-sum
new file mode 100644
index 00000000000..9ca8a246602
--- /dev/null
+++ b/security/openssh/files/patch-sum
@@ -0,0 +1,10 @@
+$NetBSD: patch-sum,v 1.1 2000/01/17 05:34:33 christos Exp $
+
+MD5 (patch-aa) = 95183ca577840e5bb48b877e93ae25e4
+MD5 (patch-ab) = b1be98743ffb76d3e0401dda3a420f25
+MD5 (patch-ac) = 33cece26534692f25fca101e2a5f9340
+MD5 (patch-ad) = affe7f6d4df103015cb788cac15d2670
+MD5 (patch-ae) = 60bdd814e2305bd2f70d5728344ad85f
+MD5 (patch-af) = 5944fcd4ff8e95f38af74bca6cf6c97d
+MD5 (patch-ag) = 4f4487055339564aca2c495456645919
+MD5 (patch-ah) = 9923ffcb1636a92de6b94069bd5fb4bf
diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa
new file mode 100644
index 00000000000..6bf7373fa57
--- /dev/null
+++ b/security/openssh/patches/patch-aa
@@ -0,0 +1,13 @@
+$NetBSD: patch-aa,v 1.1 2000/01/17 05:34:34 christos Exp $
+
+--- configure.orig	Sat Jan 15 20:22:59 2000
++++ configure	Sun Jan 16 23:51:58 2000
+@@ -1321,7 +1321,7 @@
+ 
+ if test "$ssldir" != "/usr"; then
+ 	CFLAGS="$CFLAGS -I$ssldir/include"
+-	LDFLAGS="$LDFLAGS -L$ssldir/lib"
++	LDFLAGS="$LDFLAGS -L$ssldir/lib -R$ssldir/lib"
+ fi
+ echo "$ac_t""$ssldir" 1>&6
+ 
diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab
new file mode 100644
index 00000000000..12af0e999d6
--- /dev/null
+++ b/security/openssh/patches/patch-ab
@@ -0,0 +1,59 @@
+$NetBSD: patch-ab,v 1.1 2000/01/17 05:34:34 christos Exp $
+
+--- fake-getaddrinfo.c.orig	Sun Jan 16 23:45:39 2000
++++ fake-getaddrinfo.c	Sun Jan 16 23:47:45 2000
+@@ -41,7 +41,7 @@
+   do {
+     next = ai->ai_next;
+     free(ai);
+-  } while (ai = next);
++  } while ((ai = next) != NULL);
+ }
+ #endif /* !HAVE_FREEADDRINFO */
+ 
+@@ -53,8 +53,8 @@
+ {
+   struct addrinfo *ai;
+ 
+-  if (ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) +
+-				     sizeof(struct sockaddr_in))) {
++  if ((ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) +
++				     sizeof(struct sockaddr_in))) != NULL) {
+     memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in));
+     ai->ai_addr = (struct sockaddr *)(ai + 1);
+     /* XXX -- ssh doesn't use sa_len */
+@@ -83,25 +83,27 @@
+   else
+     port = 0;
+   if (hints && hints->ai_flags & AI_PASSIVE)
+-    if (*res = malloc_ai(port, htonl(0x00000000)))
++    if ((*res = malloc_ai(port, htonl(0x00000000))) != NULL)
+       return 0;
+     else
+       return EAI_MEMORY;
+-  if (!hostname)
+-    if (*res = malloc_ai(port, htonl(0x7f000001)))
++  if (!hostname) {
++    if ((*res = malloc_ai(port, htonl(0x7f000001))) != NULL)
+       return 0;
+     else
+       return EAI_MEMORY;
+-  if (inet_addr(hostname) != -1)
+-    if (*res = malloc_ai(port, inet_addr(hostname)))
++  }
++  if (inet_addr(hostname) != -1) {
++    if ((*res = malloc_ai(port, inet_addr(hostname))) != NULL)
+       return 0;
+     else
+       return EAI_MEMORY;
++  }
+   if ((hp = gethostbyname(hostname)) &&
+       hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) {
+     for (i = 0; hp->h_addr_list[i]; i++)
+-      if (cur = malloc_ai(port,
+-			  ((struct in_addr *)hp->h_addr_list[i])->s_addr)) {
++      if ((cur = malloc_ai(port,
++			  ((struct in_addr *)hp->h_addr_list[i])->s_addr)) != NULL) {
+ 	if (prev)
+ 	  prev->ai_next = cur;
+ 	else
diff --git a/security/openssh/patches/patch-ac b/security/openssh/patches/patch-ac
new file mode 100644
index 00000000000..a16ffaa78d9
--- /dev/null
+++ b/security/openssh/patches/patch-ac
@@ -0,0 +1,23 @@
+$NetBSD: patch-ac,v 1.1 2000/01/17 05:34:34 christos Exp $
+
+--- fake-getaddrinfo.h.orig	Thu Jan 13 23:45:49 2000
++++ fake-getaddrinfo.h	Sun Jan 16 23:49:53 2000
+@@ -5,6 +5,9 @@
+ 
+ #include "fake-gai-errnos.h"
+ 
++#ifndef AI_CANONNAME
++# define AI_CANONNAME      0
++#endif
+ #ifndef AI_PASSIVE
+ # define AI_PASSIVE        1
+ #endif
+@@ -25,7 +28,7 @@
+ 	char	*ai_canonname;	/* canonical name for hostname */
+ 	struct sockaddr *ai_addr;	/* binary address */
+ 	struct addrinfo *ai_next;	/* next structure in linked list */
+-}
++};
+ #endif /* !HAVE_STRUCT_ADDRINFO */
+ 
+ #ifndef HAVE_GETADDRINFO
diff --git a/security/openssh/patches/patch-ad b/security/openssh/patches/patch-ad
new file mode 100644
index 00000000000..96a2ebc7d93
--- /dev/null
+++ b/security/openssh/patches/patch-ad
@@ -0,0 +1,38 @@
+$NetBSD: patch-ad,v 1.1 2000/01/17 05:34:34 christos Exp $
+
+--- fake-getnameinfo.c.orig	Sun Jan 16 23:45:45 2000
++++ fake-getnameinfo.c	Sun Jan 16 23:48:01 2000
+@@ -37,25 +37,27 @@
+     else
+       strcpy(serv, tmpserv);
+   }
+-  if (host)
+-    if (flags & NI_NUMERICHOST)
++  if (host) {
++    if (flags & NI_NUMERICHOST) {
+       if (strlen(inet_ntoa(sin->sin_addr)) > hostlen)
+ 	return EAI_MEMORY;
+       else {
+ 	strcpy(host, inet_ntoa(sin->sin_addr));
+ 	return 0;
+       }
+-    else
+-      if (hp = gethostbyaddr((char *)&sin->sin_addr, sizeof(struct in_addr),
+-			     AF_INET))
++    } else {
++      if ((hp = gethostbyaddr((char *)&sin->sin_addr, sizeof(struct in_addr),
++			     AF_INET)) != NULL) {
+ 	if (strlen(hp->h_name) > hostlen)
+ 	  return EAI_MEMORY;
+ 	else {
+ 	  strcpy(host, hp->h_name);
+ 	  return 0;
+ 	}
+-      else
++      } else
+ 	return EAI_NODATA;
++    }
++  }
+   return 0;
+ }
+ #endif /* !HAVE_GETNAMEINFO */
diff --git a/security/openssh/patches/patch-ae b/security/openssh/patches/patch-ae
new file mode 100644
index 00000000000..aedfe6ccd06
--- /dev/null
+++ b/security/openssh/patches/patch-ae
@@ -0,0 +1,19 @@
+$NetBSD: patch-ae,v 1.1 2000/01/17 05:34:34 christos Exp $
+
+--- log-client.c.orig	Wed Nov 24 08:26:22 1999
++++ log-client.c	Sun Jan 16 23:50:22 2000
+@@ -45,12 +45,12 @@
+ 	}
+ }
+ 
+-#define MSGBUFSIZE 1024
++#define SSH_MSGBUFSIZE 1024
+ 
+ void
+ do_log(LogLevel level, const char *fmt, va_list args)
+ {
+-	char msgbuf[MSGBUFSIZE];
++	char msgbuf[SSH_MSGBUFSIZE];
+ 
+ 	if (level > log_level)
+ 		return;
diff --git a/security/openssh/patches/patch-af b/security/openssh/patches/patch-af
new file mode 100644
index 00000000000..121bf2b0952
--- /dev/null
+++ b/security/openssh/patches/patch-af
@@ -0,0 +1,21 @@
+$NetBSD: patch-af,v 1.1 2000/01/17 05:34:34 christos Exp $
+
+--- log-server.c.orig	Wed Nov 24 08:26:22 1999
++++ log-server.c	Sun Jan 16 23:50:54 2000
+@@ -97,13 +97,13 @@
+ 	log_on_stderr = on_stderr;
+ }
+ 
+-#define MSGBUFSIZE 1024
++#define SSH_MSGBUFSIZE 1024
+ 
+ void
+ do_log(LogLevel level, const char *fmt, va_list args)
+ {
+-	char msgbuf[MSGBUFSIZE];
+-	char fmtbuf[MSGBUFSIZE];
++	char msgbuf[SSH_MSGBUFSIZE];
++	char fmtbuf[SSH_MSGBUFSIZE];
+ 	char *txt = NULL;
+ 	int pri = LOG_INFO;
+ 
diff --git a/security/openssh/patches/patch-ag b/security/openssh/patches/patch-ag
new file mode 100644
index 00000000000..b1158792f4e
--- /dev/null
+++ b/security/openssh/patches/patch-ag
@@ -0,0 +1,15 @@
+$NetBSD: patch-ag,v 1.1 2000/01/17 05:34:35 christos Exp $
+
+--- uidswap.c.orig	Wed Nov 24 19:55:00 1999
++++ uidswap.c	Sun Jan 16 23:48:54 2000
+@@ -27,8 +27,10 @@
+ #define SAVED_IDS_WORK_WITH_SETEUID
+ #endif /* _POSIX_SAVED_IDS */
+ 
++#ifdef SAVED_IDS_WORK_WITH_SETEUID
+ /* Saved effective uid. */
+ static uid_t saved_euid = 0;
++#endif
+ 
+ /*
+  * Temporarily changes to the given uid.  If the effective user
diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah
new file mode 100644
index 00000000000..ba1be47a482
--- /dev/null
+++ b/security/openssh/patches/patch-ah
@@ -0,0 +1,36 @@
+$NetBSD: patch-ah,v 1.1 2000/01/17 05:34:35 christos Exp $
+
+--- Makefile.in.orig	Thu Jan 13 23:45:46 2000
++++ Makefile.in	Mon Jan 17 00:24:48 2000
+@@ -5,6 +5,7 @@
+ libexecdir=@libexecdir@
+ mandir=@mandir@
+ sysconfdir=@sysconfdir@
++examplesdir=@prefix@/share/examples/ssh
+ 
+ srcdir = @srcdir@
+ top_srcdir = @top_srcdir@
+@@ -137,16 +138,16 @@
+ 		$(INSTALL) -s @GNOME_ASKPASS@ ${ASKPASS_LOCATION} ; \
+ 	fi
+ 
+-	if [ ! -f $(sysconfdir)/ssh_config -a ! -f $(sysconfdir)/sshd_config ]; then \
+-		$(INSTALL) -d $(sysconfdir); \
+-		$(INSTALL) -m 644 ssh_config $(sysconfdir)/ssh_config; \
+-		$(INSTALL) -m 644 sshd_config $(sysconfdir)/sshd_config; \
++	if [ ! -f $(examplesdir)/ssh_config -a ! -f $(examplesdir)/sshd_config ]; then \
++		$(INSTALL) -d $(examplesdir); \
++		$(INSTALL) -m 644 ssh_config $(examplesdir)/ssh_config; \
++		$(INSTALL) -m 644 sshd_config $(examplesdir)/sshd_config; \
+ 	fi
+ 
+ uninstallall:	uninstall
+-	-rm -f $(sysconfdir)/ssh_config
+-	-rm -f $(sysconfdir)/sshd_config
+-	-rmdir $(sysconfdir)
++	-rm -f $(examplesdir)/ssh_config
++	-rm -f $(examplesdir)/sshd_config
++	-rmdir $(examplesdir)
+ 	-rmdir $(bindir)
+ 	-rmdir $(sbindir)
+ 	-rmdir $(mandir)/man1
diff --git a/security/openssh/pkg/COMMENT b/security/openssh/pkg/COMMENT
new file mode 100644
index 00000000000..1621ad7026a
--- /dev/null
+++ b/security/openssh/pkg/COMMENT
@@ -0,0 +1 @@
+Open Source Secure shell client and server (remote login program).
diff --git a/security/openssh/pkg/DESCR b/security/openssh/pkg/DESCR
new file mode 100644
index 00000000000..6827f64a327
--- /dev/null
+++ b/security/openssh/pkg/DESCR
@@ -0,0 +1,68 @@
+This is the port of OpenBSD's excellent OpenSSH to Linux and other
+Unices.
+
+OpenSSH is based on the last free version of Tatu Ylonen's SSH with
+all patent-encumbered algorithms removed (to external libraries), all
+known security bugs fixed, new features reintroduced and many other
+clean-ups. More information about SSH itself can be found in the file
+README.Ylonen. OpenSSH has been created by Aaron Campbell, Bob Beck,
+Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. It has a
+homepage at http://www.openssh.com/
+
+This port consists of the re-introduction of autoconf support, PAM
+support (for Linux and Solaris), EGD[1] support, SOCKS support (using
+the Dante [6] libraries and replacements for OpenBSD library functions
+that are (regrettably) absent from other unices. This port has been
+best tested on Linux, Solaris, HPUX, NetBSD and Irix. Support for AIX,
+SCO, NeXT and other Unices is underway. This version actively tracks
+changes in the OpenBSD CVS repository.
+
+The PAM support is now more functional than the popular packages of
+commercial ssh-1.2.x. It checks "account" and "session" modules for
+all logins, not just when using password authentication.
+
+All new code is released under a XFree style license, which is very
+liberal. Please refer to the source files for details. The code in
+bsd-*.[ch] is from the OpenBSD project and has its own license (again,
+see the source files for details).
+
+OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4] and
+Dante[6]. To build the GNOME[5] pass-phrase requester
+(--with-gnome-askpass), you will need the GNOME libraries installed.
+If you are building OpenSSH on a Unix which lacks a kernel random
+number pool (/dev/random), you will need to install EGD[1]. 
+
+There is now several mailing lists for this port of OpenSSH. Please
+refer to http://violet.ibs.com.au/openssh/list.html for details on how
+to join.
+
+Please send bug reports and patches to the mailing list
+openssh-unix-dev@mindrot.org. The list is currently open to posting by
+unsubscribed users.
+
+Please refer to the INSTALL document for information on how to install
+OpenSSH on your system. The UPGRADING document details differences 
+between this port of OpenSSH and F-Secure SSH 1.x.
+
+Damien Miller <djm@ibs.com.au>
+Internet Business Solutions
+
+Miscellania - 
+
+This version of SSH is based upon code retrieved from the OpenBSD CVS
+repository which in turn was based on the last free 
+version of SSH released by Tatu Ylonen.
+
+Code in bsd-misc.[ch] and gnome-ssh-askpass.c is Copyright 1999 Damien
+Miller & Internet Business Solutions and is released under a X11-style
+license (see source files for details).
+
+References -
+
+[1] http://www.lothar.com/tech/crypto/
+[2] http://www.cdrom.com/pub/infozip/zlib/
+[3] http://www.openssl.org/
+[4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
+[5] http://www.gnome.org/
+[6] http://www.inet.no/dante
+
diff --git a/security/openssh/pkg/PLIST b/security/openssh/pkg/PLIST
new file mode 100644
index 00000000000..c71d513d55e
--- /dev/null
+++ b/security/openssh/pkg/PLIST
@@ -0,0 +1,17 @@
+@comment $NetBSD: PLIST,v 1.1 2000/01/17 05:34:35 christos Exp $
+bin/ssh
+bin/scp
+bin/slogin
+bin/ssh-add
+bin/ssh-agent
+bin/ssh-keygen
+sbin/sshd
+man/man1/ssh.1
+man/man1/scp.1
+man/man1/slogin.1
+man/man1/ssh-add.1
+man/man1/ssh-agent.1
+man/man1/ssh-keygen.1
+man/man8/sshd.8
+share/examples/ssh/ssh_config
+share/examples/ssh/sshd_config