diff options
author | mrg <mrg@pkgsrc.org> | 1998-02-12 14:27:00 +0000 |
---|---|---|
committer | mrg <mrg@pkgsrc.org> | 1998-02-12 14:27:00 +0000 |
commit | 27305e22c1f32e86a146f131ca4b10cb096d8ca8 (patch) | |
tree | 9558c3783e4e30d9b511be2b7bd91c3a9a90bd3d /security | |
parent | 16e0bc77e56dfceeaa42832d95d2265a2720a938 (diff) | |
download | pkgsrc-27305e22c1f32e86a146f131ca4b10cb096d8ca8.tar.gz |
add features/fixes from <jbernard@tater.mines.edu> in pr#4928
Diffstat (limited to 'security')
-rw-r--r-- | security/ssh/Makefile | 99 | ||||
-rw-r--r-- | security/ssh/patches/patch-ab | 51 | ||||
-rw-r--r-- | security/ssh/patches/patch-ac | 380 | ||||
-rw-r--r-- | security/ssh/patches/patch-ae | 4 | ||||
-rw-r--r-- | security/ssh/patches/patch-aj | 43 | ||||
-rw-r--r-- | security/ssh/patches/patch-ao | 28 | ||||
-rw-r--r-- | security/ssh/pkg/DEINSTALL.pre | 15 | ||||
-rw-r--r-- | security/ssh/pkg/DESCR | 16 | ||||
-rw-r--r-- | security/ssh/pkg/MESSAGE.pre | 19 | ||||
-rw-r--r-- | security/ssh/pkg/PLIST | 25 | ||||
-rw-r--r-- | security/ssh/pkg/PLIST.pre | 28 |
11 files changed, 523 insertions, 185 deletions
diff --git a/security/ssh/Makefile b/security/ssh/Makefile index 905a6a9f444..9cbe11c3917 100644 --- a/security/ssh/Makefile +++ b/security/ssh/Makefile @@ -3,7 +3,7 @@ # Date created: 19971214 # Whom: hubertf@netbsd.org # -# $NetBSD: Makefile,v 1.10 1998/02/10 15:54:37 tv Exp $ +# $NetBSD: Makefile,v 1.11 1998/02/12 14:27:00 mrg Exp $ # FreeBSD Id: Makefile,v 1.47 1997/11/10 22:04:42 dima Exp # # Maximal ssh package requires a YES value for USE_PERL @@ -17,11 +17,29 @@ MASTER_SITES= ftp://ftp.cs.hut.fi/pub/ssh/ \ MAINTAINER= mrg@eterna.com.au -# You can set USA_RESIDENT appropriately in /etc/mk.conf if this bugs you.. -.if !defined(USA_RESIDENT) -USA_RESIDENT= NO +RESTRICTED= "Crypto; export-controlled" +MIRROR_DISTFILE= no +IS_INTERACTIVE= YES + +CFLAGS= -O2 +GNU_CONFIGURE= YES + +# Include local make config file here. It is essential to have this +# precede any override targets (those that override defaults in +# <bsd.port.mk> that test variables that may be set here. Note that +# this inclusion is otherwise redundant, since <bsd.port.mk> includes +# <bsd.own.mk>, which includes it. + +OPSYS!= uname -s +.if (${OPSYS} == "FreeBSD") +.include "/etc/make.conf" +.else +.include "/etc/mk.conf" .endif +# You can set USA_RESIDENT appropriately in /etc/mk.conf if this bugs you.. +USA_RESIDENT?= NO + .if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES DISTFILES= ${DISTNAME}.tar.gz rsaref2.tar.gz MASTER_SITES= \ @@ -33,13 +51,11 @@ MASTER_SITES= \ ftp://isdec.vc.cvut.cz/pub/security/unimi/crypt/applied-crypto/ .endif -RESTRICTED= "Crypto; export-controlled" -MIRROR_DISTFILE= no -IS_INTERACTIVE= YES - -GNU_CONFIGURE= YES +# Use SSH_CONF_DIR from /etc/mk.conf, if defined; otherwise default to /etc +SSH_CONF_DIR?=/etc -CONFIGURE_ARGS+= --prefix=${PREFIX} --with-etcdir=/etc --disable-suid-ssh +CONFIGURE_ARGS+= --prefix=${PREFIX} --with-etcdir=${SSH_CONF_DIR} \ + --disable-suid-ssh #Uncomment if all your users are in their own group and their homedir #is writeable by that group. Beware the security implications! @@ -67,6 +83,16 @@ CONFIGURE_ARGS+= --with-secureid CONFIGURE_ARGS+= --without-idea .endif +# Support for libwrap. +.if defined(USE_LIBWRAP) && ${USE_LIBWRAP} == YES +CONFIGURE_ARGS+= --with-libwrap +.endif + +# Include SOCKS firewall support +.if defined(USE_SOCKS) && ${USE_SOCKS} == YES +CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5" +.endif + MAN1= scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 \ make-ssh-known-hosts.1 MAN8= sshd.8 @@ -90,34 +116,59 @@ fetch-depends: post-extract: .if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES - @mv ${WRKDIR}/rsaref2 ${WRKSRC}/rsaref2 + @${MV} ${WRKDIR}/rsaref2 ${WRKSRC}/rsaref2 .endif +pre-install: + @${CAT} pkg/PLIST.pre | ${SED} \ + -e 's;\<\$$SSH_CONF_DIR\>;'${SSH_CONF_DIR}';g' \ + >pkg/PLIST + @${CAT} pkg/MESSAGE.pre | ${SED} \ + -e 's;\<\$$SSH_CONF_DIR\>;'${SSH_CONF_DIR}';g' \ + -e 's;\<\$$PREFIX\>;'${PREFIX}';g' \ + >pkg/MESSAGE + @${CAT} pkg/DEINSTALL.pre | ${SED} \ + -e 's;\<\$$SSH_CONF_DIR\>;'${SSH_CONF_DIR}';g' \ + >pkg/DEINSTALL + post-install: - @ln -sf /etc/ssh_host_key ${PREFIX}/etc - @ln -sf /etc/ssh_host_key.pub ${PREFIX}/etc - @if [ ! -f ${PREFIX}/etc/ssh_host_key ]; then \ + @${MKDIR} ${PREFIX}/share/examples/ssh + @${MKDIR} ${WRKDIR}${SSH_CONF_DIR} + (cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${MAKE_PROGRAM} ${MAKE_FLAGS} \ + ${MAKEFILE} install_prefix=${WRKDIR} install-configs) + ${INSTALL_DATA} ${WRKDIR}${SSH_CONF_DIR}/ssh_config \ + ${WRKDIR}${SSH_CONF_DIR}/sshd_config ${PREFIX}/share/examples/ssh + @if [ ! -f ${SSH_CONF_DIR}/ssh_host_key ]; then \ ${ECHO} "Generating a secret host key..."; \ - ${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \ + ${PREFIX}/bin/ssh-keygen \ + -f ${SSH_CONF_DIR}/ssh_host_key -N ""; \ fi .if defined(MANZ) ${RM} -f ${PREFIX}/man/man1/slogin.1.gz - ln -sf ssh.1.gz ${PREFIX}/man/man1/slogin.1.gz + ${LN} -sf ssh.1.gz ${PREFIX}/man/man1/slogin.1.gz .else ${RM} -f ${PREFIX}/man/man1/slogin.1 - ln -sf ssh.1 ${PREFIX}/man/man1/slogin.1 + ${LN} -sf ssh.1 ${PREFIX}/man/man1/slogin.1 .endif # @if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \ # ${ECHO} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \ # ${ECHO} "#!/bin/sh" > ${PREFIX}/etc/rc.d/sshd.sh; \ -# ${ECHO} "[ -f ${PREFIX}/etc/ssh_host_key ] || ${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ''" >> ${PREFIX}/etc/rc.d/sshd.sh; \ +# ${ECHO} "[ -f ${SSH_CONF_DIR}/ssh_host_key ] || ${PREFIX}/bin/ssh-keygen -f ${SSH_CONF_DIR}/ssh_host_key -N ''" >> ${PREFIX}/etc/rc.d/sshd.sh; \ # ${ECHO} "[ -x ${PREFIX}/sbin/sshd ] && ${PREFIX}/sbin/sshd && ${ECHO} -n ' sshd'" >> ${PREFIX}/etc/rc.d/sshd.sh; \ # chmod 755 ${PREFIX}/etc/rc.d/sshd.sh; \ # fi + @${CAT} pkg/MESSAGE + +pre-clean: + @${RM} -f pkg/PLIST pkg/MESSAGE pkg/DEINSTALL + +# Include <bsd.port.mk> here. It is essential to have all the override +# targets precede inclusion of this. .include <bsd.port.mk> -# Following stuff must be after <bsd.port.mk> to expand exists() properly +# Following stuff must be after <bsd.port.mk> to expand +# exists(${PREFIX}) properly .if defined(USE_PERL) && ${USE_PERL} == YES || \ exists(${PREFIX}/bin/perl5.00404) && \ @@ -127,13 +178,3 @@ CONFIGURE_ENV+= PERL=${PREFIX}/bin/perl5.00404 .else CONFIGURE_ENV+= PERL=/replace_it_with_PERL_path .endif - -# Support for libwrap. -.if defined(USE_LIBWRAP) && ${USE_LIBWRAP} == YES -CONFIGURE_ARGS+= --with-libwrap -.endif - -# Include SOCKS firewall support -.if defined(USE_SOCKS) && ${USE_SOCKS} == YES -CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5" -.endif diff --git a/security/ssh/patches/patch-ab b/security/ssh/patches/patch-ab index 5214a5f44af..3bfd4125c9d 100644 --- a/security/ssh/patches/patch-ab +++ b/security/ssh/patches/patch-ab @@ -1,8 +1,8 @@ Index: configure -*** configure.orig Fri Aug 22 10:28:43 1997 ---- configure Thu Dec 18 12:52:15 1997 +*** configure.orig Tue Jan 20 05:24:14 1998 +--- configure Sat Jan 24 19:04:05 1998 *************** -*** 1757,1768 **** +*** 1759,1770 **** export CFLAGS CC @@ -14,10 +14,43 @@ Index: configure - echo $ac_n "checking that the compiler works""... $ac_c" 1>&6 - echo "configure:1769: checking that the compiler works" >&5 ---- 1757,1762 ---- + echo "configure:1771: checking that the compiler works" >&5 +--- 1759,1764 ---- *************** -*** 6931,6937 **** +*** 6853,6867 **** + case "$enableval" in + no) + echo "$ac_t""no" 1>&6 +! SSHINSTALLMODE=0711 + ;; + *) echo "$ac_t""yes" 1>&6 +! SSHINSTALLMODE=04711 + ;; + esac + else + echo "$ac_t""yes" 1>&6 +! SSHINSTALLMODE=04711 + + fi + +--- 6847,6861 ---- + case "$enableval" in + no) + echo "$ac_t""no" 1>&6 +! SSHINSTALLMODE=0511 + ;; + *) echo "$ac_t""yes" 1>&6 +! SSHINSTALLMODE=04511 + ;; + esac + else + echo "$ac_t""yes" 1>&6 +! SSHINSTALLMODE=04511 + + fi + +*************** +*** 7013,7019 **** ac_given_srcdir=$srcdir ac_given_INSTALL="$INSTALL" @@ -25,7 +58,7 @@ Index: configure EOF cat >> $CONFIG_STATUS <<EOF ---- 6925,6931 ---- +--- 7007,7013 ---- ac_given_srcdir=$srcdir ac_given_INSTALL="$INSTALL" @@ -34,7 +67,7 @@ Index: configure cat >> $CONFIG_STATUS <<EOF *************** -*** 7036,7042 **** +*** 7118,7124 **** cat >> $CONFIG_STATUS <<EOF @@ -42,7 +75,7 @@ Index: configure EOF cat >> $CONFIG_STATUS <<\EOF for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then ---- 7030,7036 ---- +--- 7112,7118 ---- cat >> $CONFIG_STATUS <<EOF diff --git a/security/ssh/patches/patch-ac b/security/ssh/patches/patch-ac index 46a3ff28881..89fbc02cf49 100644 --- a/security/ssh/patches/patch-ac +++ b/security/ssh/patches/patch-ac @@ -1,93 +1,287 @@ -Index: Makefile.inc ---- Makefile.in.orig Fri Aug 22 01:28:42 1997 -+++ Makefile.in Mon Nov 24 15:14:18 1997 -@@ -263,8 +263,10 @@ - GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a - - ZLIBDIR = zlib-1.0.4 --ZLIBDEP = $(ZLIBDIR)/libz.a --ZLIBLIBS = -L$(ZLIBDIR) -lz -+ZLIBINCDIR = /usr/include -+ZLIBLIBDIR = /usr/lib -+ZLIBDEP = $(ZLIBINCDIR)/libz.a -+ZLIBLIBS = -L$(ZLIBLIBDIR) -lz - - RSAREFDIR = rsaref2 - RSAREFSRCDIR = $(RSAREFDIR)/source -@@ -368,7 +370,7 @@ - $(CC) -o rfc-pg rfc-pg.o - - .c.o: -- $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< -+ $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< - - sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) - -rm -f sshd -@@ -416,14 +418,14 @@ - $(GMPDIR)/libgmp.a: - cd $(GMPDIR); $(MAKE) - --$(ZLIBDEP): -- -if test '!' -d $(ZLIBDIR); then \ -- mkdir $(ZLIBDIR); \ -- cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ -- fi -- cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \ -- CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \ -- -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a -+#$(ZLIBDEP): -+# -if test '!' -d $(ZLIBDIR); then \ -+# mkdir $(ZLIBDIR); \ -+# cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ -+# fi -+# cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \ -+# CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \ -+# -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a - - $(RSAREFSRCDIR)/librsaref.a: - -if test '!' -d $(RSAREFDIR); then \ -@@ -480,7 +482,7 @@ - # (otherwise it can only log in as the user it runs as, and must be - # bound to a non-privileged port). Also, password authentication may - # not be available if non-root and using shadow passwords. --install: $(PROGRAMS) make-dirs generate-host-key install-configs -+install: $(PROGRAMS) make-dirs install-configs - -rm -f $(install_prefix)$(bindir)/ssh.old - -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old - -chmod 755 $(install_prefix)$(bindir)/ssh.old -@@ -591,13 +593,13 @@ - -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg - cd $(GMPDIR); $(MAKE) clean - # cd $(RSAREFSRCDIR); rm -f *.o *.a -- cd $(ZLIBDIR); $(MAKE) clean -+# cd $(ZLIBDIR); $(MAKE) clean - - distclean: clean - -rm -f Makefile config.status config.cache config.log config.h - -rm -f ssh.1 sshd.8 make-ssh-known-hosts.1 - cd $(GMPDIR); $(MAKE) distclean -- cd $(ZLIBDIR); $(MAKE) distclean -+# cd $(ZLIBDIR); $(MAKE) distclean - - dist: dist-free - -@@ -632,8 +634,8 @@ - gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - ) - # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -) - # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a -- (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) -- cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS -+# (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) -+# cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS - - dist-free-make-tar: - tar pcf $(DISTNAME).tar $(DISTNAME) -@@ -656,7 +658,7 @@ - (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null - - depend: -- $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS) -+ $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS) - - tags: - -rm -f TAGS +Index: Makefile.in +*** Makefile.in.orig Tue Jan 20 05:24:13 1998 +--- Makefile.in Mon Jan 26 19:49:03 1998 +*************** +*** 266,273 **** + GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a + + ZLIBDIR = zlib-1.0.4 +! ZLIBDEP = $(ZLIBDIR)/libz.a +! ZLIBLIBS = -L$(ZLIBDIR) -lz + + RSAREFDIR = rsaref2 + RSAREFSRCDIR = $(RSAREFDIR)/source +--- 266,275 ---- + GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a + + ZLIBDIR = zlib-1.0.4 +! ZLIBINCDIR = /usr/include +! ZLIBLIBDIR = /usr/lib +! ZLIBDEP = $(ZLIBINCDIR)/libz.a +! ZLIBLIBS = -L$(ZLIBLIBDIR) -lz + + RSAREFDIR = rsaref2 + RSAREFSRCDIR = $(RSAREFDIR)/source +*************** +*** 371,377 **** + $(CC) -o rfc-pg rfc-pg.o + + .c.o: +! $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< + + sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) + -rm -f sshd +--- 373,379 ---- + $(CC) -o rfc-pg rfc-pg.o + + .c.o: +! $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $< + + sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP) + -rm -f sshd +*************** +*** 419,432 **** + $(GMPDIR)/libgmp.a: + cd $(GMPDIR); $(MAKE) + +! $(ZLIBDEP): +! -if test '!' -d $(ZLIBDIR); then \ +! mkdir $(ZLIBDIR); \ +! cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ +! fi +! cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \ +! CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \ +! -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a + + $(RSAREFSRCDIR)/librsaref.a: + -if test '!' -d $(RSAREFDIR); then \ +--- 421,434 ---- + $(GMPDIR)/libgmp.a: + cd $(GMPDIR); $(MAKE) + +! #$(ZLIBDEP): +! # -if test '!' -d $(ZLIBDIR); then \ +! # mkdir $(ZLIBDIR); \ +! # cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \ +! # fi +! # cd $(ZLIBDIR); $(MAKE) VPATH=$(srcdir)/$(ZLIBDIR):../$(srcdir)/$(ZLIBDIR) \ +! # CC="$(CC)" CFLAGS="$(CFLAGS) -I. -I$(srcdir)/$(ZLIBDIR) \ +! # -I../$(srcdir)/$(GMPDIR)" RANLIB="$(RANLIB)" libz.a + + $(RSAREFSRCDIR)/librsaref.a: + -if test '!' -d $(RSAREFDIR); then \ +*************** +*** 483,492 **** + # (otherwise it can only log in as the user it runs as, and must be + # bound to a non-privileged port). Also, password authentication may + # not be available if non-root and using shadow passwords. +! install: $(PROGRAMS) make-dirs generate-host-key install-configs + -rm -f $(install_prefix)$(bindir)/ssh.old + -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old +! -chmod 755 $(install_prefix)$(bindir)/ssh.old + $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh + -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \ + rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \ +--- 485,494 ---- + # (otherwise it can only log in as the user it runs as, and must be + # bound to a non-privileged port). Also, password authentication may + # not be available if non-root and using shadow passwords. +! install: $(PROGRAMS) make-dirs install-configs + -rm -f $(install_prefix)$(bindir)/ssh.old + -mv $(install_prefix)$(bindir)/ssh $(install_prefix)$(bindir)/ssh.old +! -chmod 555 $(install_prefix)$(bindir)/ssh.old + $(INSTALL_PROGRAM) -o root -m $(SSH_INSTALL_MODE) ssh $(install_prefix)$(bindir)/ssh + -if test "`echo ssh | sed '$(transform)'`" '!=' ssh; then \ + rm -f $(install_prefix)$(bindir)/`echo ssh | sed '$(transform)'`; \ +*************** +*** 501,507 **** + -for p in $(NORMAL_PROGRAMS) $(X_PROGRAMS) $(OTHER_PROGRAMS); do \ + rm -f $(install_prefix)$(bindir)/$$p.old ; \ + mv $(install_prefix)$(bindir)/$$p $(install_prefix)$(bindir)/$$p.old; \ +! $(INSTALL_PROGRAM) -m 0755 $$p $(install_prefix)$(bindir)/$$p; \ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ + rm -f $(install_prefix)$(bindir)/`echo $$p | sed '$(transform)'`; \ + $(LN_S) $$p \ +--- 503,509 ---- + -for p in $(NORMAL_PROGRAMS) $(X_PROGRAMS) $(OTHER_PROGRAMS); do \ + rm -f $(install_prefix)$(bindir)/$$p.old ; \ + mv $(install_prefix)$(bindir)/$$p $(install_prefix)$(bindir)/$$p.old; \ +! $(INSTALL_PROGRAM) $$p $(install_prefix)$(bindir)/$$p; \ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ + rm -f $(install_prefix)$(bindir)/`echo $$p | sed '$(transform)'`; \ + $(LN_S) $$p \ +*************** +*** 511,517 **** + rm -f $(install_prefix)$(bindir)/$$p.old ; \ + mv $(install_prefix)$(bindir)/$$p $(install_prefix)$(bindir)/$$p.old; \ + $(INSTALL_DATA) $$p $(install_prefix)$(bindir)/$$p; \ +! chmod 755 $(install_prefix)$(bindir)/$$p; \ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ + rm -f $(install_prefix)$(bindir)/`echo $$p | sed '$(transform)'`; \ + $(LN_S) $$p \ +--- 513,519 ---- + rm -f $(install_prefix)$(bindir)/$$p.old ; \ + mv $(install_prefix)$(bindir)/$$p $(install_prefix)$(bindir)/$$p.old; \ + $(INSTALL_DATA) $$p $(install_prefix)$(bindir)/$$p; \ +! chmod 555 $(install_prefix)$(bindir)/$$p; \ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ + rm -f $(install_prefix)$(bindir)/`echo $$p | sed '$(transform)'`; \ + $(LN_S) $$p \ +*************** +*** 520,533 **** + -for p in $(SBIN_PROGRAMS); do \ + rm -f $(install_prefix)$(sbindir)/$$p.old ; \ + mv $(install_prefix)$(sbindir)/$$p $(install_prefix)$(sbindir)/$$p.old; \ +! $(INSTALL_PROGRAM) -m 0755 $$p $(install_prefix)$(sbindir)/$$p; \ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ + rm -f $(install_prefix)$(sbindir)/`echo $$p | sed '$(transform)'`;\ + $(LN_S) $$p \ + $(install_prefix)$(sbindir)/`echo $$p | sed '$(transform)'`; fi;\ + done + -for p in $(MAN1PAGES); do \ +! $(INSTALL_DATA) -m 0644 $(srcdir)/$$p $(install_prefix)$(man1dir)/$$p ; \ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ + rm -f $(install_prefix)$(man1dir)/`echo $$p | sed '$(transform)'`;\ + $(LN_S) $$p \ +--- 522,535 ---- + -for p in $(SBIN_PROGRAMS); do \ + rm -f $(install_prefix)$(sbindir)/$$p.old ; \ + mv $(install_prefix)$(sbindir)/$$p $(install_prefix)$(sbindir)/$$p.old; \ +! $(INSTALL_PROGRAM) $$p $(install_prefix)$(sbindir)/$$p; \ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ + rm -f $(install_prefix)$(sbindir)/`echo $$p | sed '$(transform)'`;\ + $(LN_S) $$p \ + $(install_prefix)$(sbindir)/`echo $$p | sed '$(transform)'`; fi;\ + done + -for p in $(MAN1PAGES); do \ +! $(INSTALL_DATA) $(srcdir)/$$p $(install_prefix)$(man1dir)/$$p ; \ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ + rm -f $(install_prefix)$(man1dir)/`echo $$p | sed '$(transform)'`;\ + $(LN_S) $$p \ +*************** +*** 542,548 **** + $(install_prefix)$(man1dir)/`echo slogin.1 | sed '$(transform)'`; \ + fi + -for p in $(MAN1GENERATED); do \ +! $(INSTALL_DATA) -m 0644 $$p $(install_prefix)$(man1dir)/$$p ; \ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ + rm -f $(install_prefix)$(man1dir)/`echo $$p | sed '$(transform)'`;\ + $(LN_S) $$p \ +--- 544,550 ---- + $(install_prefix)$(man1dir)/`echo slogin.1 | sed '$(transform)'`; \ + fi + -for p in $(MAN1GENERATED); do \ +! $(INSTALL_DATA) $$p $(install_prefix)$(man1dir)/$$p ; \ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ + rm -f $(install_prefix)$(man1dir)/`echo $$p | sed '$(transform)'`;\ + $(LN_S) $$p \ +*************** +*** 550,556 **** + fi; \ + done + -for p in $(MAN8GENERATED); do \ +! $(INSTALL_DATA) -m 0644 $$p $(install_prefix)$(man8dir)/$$p; \ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ + rm -f $(install_prefix)$(man8dir)/`echo $$p | sed '$(transform)'`;\ + $(LN_S) $$p \ +--- 552,558 ---- + fi; \ + done + -for p in $(MAN8GENERATED); do \ +! $(INSTALL_DATA) $$p $(install_prefix)$(man8dir)/$$p; \ + if test "`echo $$p | sed '$(transform)'`" '!=' $$p; then \ + rm -f $(install_prefix)$(man8dir)/`echo $$p | sed '$(transform)'`;\ + $(LN_S) $$p \ +*************** +*** 559,570 **** + + install-configs: + -if test '!' -f $(install_prefix)$(HOST_CONFIG_FILE); then \ +! $(INSTALL_DATA) -m 0644 $(srcdir)/host_config.sample \ + $(install_prefix)$(HOST_CONFIG_FILE); fi + -if test '!' -f $(install_prefix)$(SERVER_CONFIG_FILE); then \ + cat $(srcdir)/server_config.sample | \ + sed "s#_ETCDIR_#$(etcdir)#g" >/tmp/ssh_inst.$$$$; \ +! $(INSTALL_DATA) -m 0644 /tmp/ssh_inst.$$$$ \ + $(install_prefix)$(SERVER_CONFIG_FILE); \ + rm -f /tmp/ssh_inst.$$$$; fi + +--- 561,573 ---- + + install-configs: + -if test '!' -f $(install_prefix)$(HOST_CONFIG_FILE); then \ +! /usr/bin/install -c -o root -g wheel -m 0644 \ +! $(srcdir)/host_config.sample \ + $(install_prefix)$(HOST_CONFIG_FILE); fi + -if test '!' -f $(install_prefix)$(SERVER_CONFIG_FILE); then \ + cat $(srcdir)/server_config.sample | \ + sed "s#_ETCDIR_#$(etcdir)#g" >/tmp/ssh_inst.$$$$; \ +! /usr/bin/install -c -o root -g wheel -m 0644 /tmp/ssh_inst.$$$$ \ + $(install_prefix)$(SERVER_CONFIG_FILE); \ + rm -f /tmp/ssh_inst.$$$$; fi + +*************** +*** 594,606 **** + -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg + cd $(GMPDIR); $(MAKE) clean + # cd $(RSAREFSRCDIR); rm -f *.o *.a +! cd $(ZLIBDIR); $(MAKE) clean + + distclean: clean + -rm -f Makefile config.status config.cache config.log config.h + -rm -f ssh.1 sshd.8 make-ssh-known-hosts.1 + cd $(GMPDIR); $(MAKE) distclean +! cd $(ZLIBDIR); $(MAKE) distclean + + dist: dist-free + +--- 597,609 ---- + -rm -f *.o gmon.out *core $(PROGRAMS) rfc-pg + cd $(GMPDIR); $(MAKE) clean + # cd $(RSAREFSRCDIR); rm -f *.o *.a +! # cd $(ZLIBDIR); $(MAKE) clean + + distclean: clean + -rm -f Makefile config.status config.cache config.log config.h + -rm -f ssh.1 sshd.8 make-ssh-known-hosts.1 + cd $(GMPDIR); $(MAKE) distclean +! # cd $(ZLIBDIR); $(MAKE) distclean + + dist: dist-free + +*************** +*** 633,640 **** + gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - ) + # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -) + # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a +! (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) +! cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS + + #ifdef F_SECURE_COMMERCIAL + # +--- 636,643 ---- + gzip -cd $(GMPDIR)/$(GMPDIR).tar.gz | (cd $(DISTNAME); tar pxf - ) + # tar cf - $(RSAREFDIR) | (cd $(DISTNAME); tar xf -) + # cd $(DISTNAME)/$(RSAREFSRCDIR); rm -f *.o *.a +! # (cd $(srcdir); tar pcf - $(ZLIBDIR) )| (cd $(DISTNAME); tar pxf -) +! # cd $(DISTNAME)/$(ZLIBDIR); rm -f *.o *.a; rm -rf CVS + + #ifdef F_SECURE_COMMERCIAL + # +*************** +*** 662,668 **** + (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null + + depend: +! $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS) + + tags: + -rm -f TAGS +--- 665,671 ---- + (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null + + depend: +! $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS) + + tags: + -rm -f TAGS diff --git a/security/ssh/patches/patch-ae b/security/ssh/patches/patch-ae index 6f8a5e79039..430bbc232b5 100644 --- a/security/ssh/patches/patch-ae +++ b/security/ssh/patches/patch-ae @@ -1,6 +1,6 @@ Index: server_config.sample -*** server_config.sample.orig Thu Mar 27 09:04:06 1997 ---- server_config.sample Fri Mar 28 15:45:53 1997 +*** server_config.sample.orig Tue Jan 20 05:20:14 1998 +--- server_config.sample Tue Jan 20 20:40:35 1998 *************** *** 16,22 **** FascistLogging no diff --git a/security/ssh/patches/patch-aj b/security/ssh/patches/patch-aj index 02da3ad1639..6b2f50fbe73 100644 --- a/security/ssh/patches/patch-aj +++ b/security/ssh/patches/patch-aj @@ -1,8 +1,8 @@ Index: configure.in -*** configure.in.orig Fri Aug 22 10:28:43 1997 ---- configure.in Thu Dec 18 12:52:28 1997 +*** configure.in.orig Tue Jan 20 05:24:14 1998 +--- configure.in Sat Jan 24 19:05:51 1998 *************** -*** 623,631 **** +*** 635,643 **** export CFLAGS CC @@ -12,7 +12,7 @@ Index: configure.in AC_MSG_CHECKING([that the compiler works]) AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], ---- 623,631 ---- +--- 635,643 ---- export CFLAGS CC @@ -23,12 +23,43 @@ Index: configure.in AC_MSG_CHECKING([that the compiler works]) AC_TRY_RUN([ main(int ac, char **av) { return 0; } ], *************** -*** 1525,1528 **** +*** 1506,1519 **** + [ case "$enableval" in + no) + AC_MSG_RESULT(no) +! SSHINSTALLMODE=0711 + ;; + *) AC_MSG_RESULT(yes) +! SSHINSTALLMODE=04711 + ;; + esac ], + AC_MSG_RESULT(yes) +! SSHINSTALLMODE=04711 + ) + + # We include this here only to make it visible in --help; this is only used +--- 1506,1519 ---- + [ case "$enableval" in + no) + AC_MSG_RESULT(no) +! SSHINSTALLMODE=0511 + ;; + *) AC_MSG_RESULT(yes) +! SSHINSTALLMODE=04511 + ;; + esac ], + AC_MSG_RESULT(yes) +! SSHINSTALLMODE=04511 + ) + + # We include this here only to make it visible in --help; this is only used +*************** +*** 1539,1542 **** AC_SUBST(CONFOBJS) AC_SUBST(SSHINSTALLMODE) ! AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile) ---- 1525,1528 ---- +--- 1539,1542 ---- AC_SUBST(CONFOBJS) AC_SUBST(SSHINSTALLMODE) diff --git a/security/ssh/patches/patch-ao b/security/ssh/patches/patch-ao index 314d60a8c4b..a4a67e43f21 100644 --- a/security/ssh/patches/patch-ao +++ b/security/ssh/patches/patch-ao @@ -1,14 +1,16 @@ Index: newchannels.c ---- newchannels.c.orig Tue Apr 22 17:40:11 1997 -+++ newchannels.c Sat Jul 19 11:42:06 1997 -@@ -2139,6 +2139,10 @@ - ssh-agent connections on your system */ - old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - -+ /* Make sure the socket doesn't already exist, left over from a system -+ crash perhaps. */ -+ unlink(channel_forwarded_auth_socket_name); -+ - if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0) - packet_disconnect("Agent socket bind failed: %.100s", strerror(errno)); - +*** newchannels.c.orig Tue Jan 20 05:24:06 1998 +--- newchannels.c Tue Jan 20 20:42:58 1998 +*************** +*** 2324,2329 **** +--- 2324,2333 ---- + ssh-agent connections on your system */ + old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + ++ /* Make sure the socket doesn't already exist, left over from a system ++ crash perhaps. */ ++ unlink(channel_forwarded_auth_socket_name); ++ + if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0) + packet_disconnect("Agent socket bind failed: %.100s", strerror(errno)); + diff --git a/security/ssh/pkg/DEINSTALL.pre b/security/ssh/pkg/DEINSTALL.pre new file mode 100644 index 00000000000..c1e18ea0d4f --- /dev/null +++ b/security/ssh/pkg/DEINSTALL.pre @@ -0,0 +1,15 @@ +#! /bin/sh + +case "$2" in + DEINSTALL) cat <<EOF + +============================================================= +Note that ssh configuration, key, and random-seed files +(<$SSH_CONF_DIR>/ssh*) are not removed in the deinstallation +process. You should remove those by hand, if you no longer +need them. +============================================================= + +EOF + ;; +esac diff --git a/security/ssh/pkg/DESCR b/security/ssh/pkg/DESCR index 1398c52d792..5c76294d0b0 100644 --- a/security/ssh/pkg/DESCR +++ b/security/ssh/pkg/DESCR @@ -1,13 +1,11 @@ -Secure Shell is a program to log into another computer over a network, -to execute commands in a remote machine, and to move files from one -machine to another. It provides strong authentication and secure -communications over insecure channels. It is inteded as a replacement -for rlogin, rsh, and rcp. +SSH (Secure Shell) is a program to log into another computer over a +network, to execute commands in a remote machine, and to move files +from one machine to another. It provides strong authentication and +secure communications over insecure channels. It is intended as a +replacement for rlogin, rsh, rcp, and rdist. FEATURES - o Complete replacement for rlogin, rsh, and rcp. - o Strong authentication. Closes several security holes (e.g., IP, routing, and DNS spoofing). New authentication methods: .rhosts together with RSA based host authentication, and pure RSA @@ -15,7 +13,7 @@ FEATURES o Improved privacy. All communications are automatically and transparently encrypted. RSA is used for key exchange, and a - conventional cipher (normally IDEA, DES, or triple-DES) for + conventional cipher (normally IDEA, Blowfish, or triple-DES) for encrypting the session. Encryption is started before authentication, and no passwords or other information is transmitted in the clear. Encryption is also used to protect @@ -96,3 +94,5 @@ FEATURES o Optional compression of all data with gzip (including forwarded X11 and TCP/IP port data), which may result in significant speedups on slow connections. + + o Complete replacement for rlogin, rsh, and rcp. diff --git a/security/ssh/pkg/MESSAGE.pre b/security/ssh/pkg/MESSAGE.pre new file mode 100644 index 00000000000..af07699695d --- /dev/null +++ b/security/ssh/pkg/MESSAGE.pre @@ -0,0 +1,19 @@ +========================================================================== +If "starter" configuration files were installed (in <$SSH_CONF_DIR>) +when the package was installed, be sure to examine them (and the man pages +for ssh and sshd) to determine whether you want to make any changes. + +Copies of the example configuration files are installed in +<$PREFIX>/examples/ssh, so those can still be used for reference after +you have made changes to those installed in <$SSH_CONF_DIR>, or if +you had existing configuration files, which would not be overwritten in +the installation process. + +In general, you will want to set up /etc/rc.local to start sshd at boot +time. Something like the following should do the job: + +# Run sshd if installed and configured +if [ -f <$PREFIX>/sbin/sshd -a -f <$SSH_CONF_DIR>/sshd_config ]; then + echo -n ' sshd'; <$PREFIX>/sbin/sshd +fi +========================================================================== diff --git a/security/ssh/pkg/PLIST b/security/ssh/pkg/PLIST deleted file mode 100644 index 6690140a329..00000000000 --- a/security/ssh/pkg/PLIST +++ /dev/null @@ -1,25 +0,0 @@ -@comment $NetBSD: PLIST,v 1.2 1997/12/18 02:45:02 mrg Exp $ -@comment XXX etc/rc.d/sshd.sh - not yet - hubertf -bin/scp -bin/ssh -@exec ln -fs %f %B/slogin -@unexec rm -f %B/slogin -bin/ssh-add -bin/ssh-agent -bin/ssh-askpass -bin/ssh-keygen -bin/make-ssh-known-hosts -man/man1/make-ssh-known-hosts.1.gz -man/man1/scp.1.gz -man/man1/ssh-add.1.gz -man/man1/ssh-agent.1.gz -man/man1/ssh-keygen.1.gz -man/man1/ssh.1.gz -man/man1/slogin.1.gz -man/man8/sshd.8.gz -sbin/sshd -@exec ln -s /etc/ssh_host_key %B -@unexec rm -f %B/ssh_host_key -@exec ln -s /etc/ssh_host_key.pub %B -@unexec rm -f %B/ssh_host_key.pub -@exec if [ ! -f %D/etc/ssh_host_key ]; then echo "Generating a secret host key.." ; %D/bin/ssh-keygen -N "" -f %D/etc/ssh_host_key; fi diff --git a/security/ssh/pkg/PLIST.pre b/security/ssh/pkg/PLIST.pre new file mode 100644 index 00000000000..84c160353a2 --- /dev/null +++ b/security/ssh/pkg/PLIST.pre @@ -0,0 +1,28 @@ +@comment $NetBSD: PLIST.pre,v 1.1 1998/02/12 14:27:49 mrg Exp $ +@comment XXX etc/rc.d/sshd.sh - not yet - hubertf +bin/scp +bin/ssh +@exec ln -fs %f %B/slogin +@unexec rm %B/slogin +bin/ssh-add +bin/ssh-agent +bin/ssh-askpass +bin/ssh-keygen +bin/make-ssh-known-hosts +man/man1/make-ssh-known-hosts.1.gz +man/man1/scp.1.gz +man/man1/ssh-add.1.gz +man/man1/ssh-agent.1.gz +man/man1/ssh-keygen.1.gz +man/man1/ssh.1.gz +man/man1/slogin.1.gz +man/man8/sshd.8.gz +sbin/sshd +@exec if [ ! -d %D/share/examples/ssh ]; then mkdir -p %D/share/examples/ssh; fi +share/examples/ssh/ssh_config +share/examples/ssh/sshd_config +@exec if [ ! -d <$SSH_CONF_DIR> ]; then echo "Creating directory <$SSH_CONF_DIR> for ssh config files.." ; mkdir -p <$SSH_CONF_DIR>; fi +@exec if [ ! -f <$SSH_CONF_DIR>/ssh_config ]; then echo "Installing example ssh_config in <$SSH_CONF_DIR>.." ; /usr/bin/install -c -o root -g wheel -m 0644 %D/share/examples/ssh/ssh_config <$SSH_CONF_DIR>; fi +@exec if [ ! -f <$SSH_CONF_DIR>/sshd_config ]; then echo "Installing example sshd_config in <$SSH_CONF_DIR>.." ; /usr/bin/install -c -o root -g wheel -m 0644 %D/share/examples/ssh/sshd_config <$SSH_CONF_DIR>; fi +@exec if [ ! -f <$SSH_CONF_DIR>/ssh_host_key ]; then echo "Generating a secret host key in <$SSH_CONF_DIR>.." ; %D/bin/ssh-keygen -N "" -f <$SSH_CONF_DIR>/ssh_host_key; fi +@dirrm share/examples/ssh |