Clean this up, sync with the ssh package, and update to

1.2.2 (fixing PR 9304 by David Rankin <drankin@bohemians.lexington.ky.us>.

Changes:

20000125
 - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
   <andre.lucas@dial.pipex.com>
 - Reorder PAM initialisation so it does not mess up lastlog. Reported
   by Andre Lucas <andre.lucas@dial.pipex.com>
 - Use preformatted manpages on SCO, report from Gary E. Miller
   <gem@rellim.com>
 - New URL for x11-ssh-askpass.
 - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
   <jmknoble@pobox.com>
 - Added 'DESTDIR' option to Makefile to ease package building. Patch from
   Jim Knoble <jmknoble@pobox.com>
 - Updated RPM spec files to use DESTDIR

20000124
 - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
   increment)

20000123
 - OpenBSD CVS:
   - [packet.c]
     getsockname() requires initialized tolen; andy@guildsoftware.com
 - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
   <drankin@bohemians.lexington.ky.us>
 - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>

20000122
 - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
   <bent@clark.net>
 - Merge preformatted manpage patch from Andre Lucas
   <andre.lucas@dial.pipex.com>
 - Make IPv4 use the default in RPM packages
 - Irix uses preformatted manpages
 - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
   <Holger.Trapp@Informatik.TU-Chemnitz.DE>
 - OpenBSD CVS updates:
   - [packet.c]
     use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
     from Holger.Trapp@Informatik.TU-Chemnitz.DE
   - [sshd.c]
     log with level log() not fatal() if peer behaves badly.
   - [readpass.c]
     instead of blocking SIGINT, catch it ourselves, so that we can clean
     the tty modes up and kill ourselves -- instead of our process group
     leader (scp, cvs, ...) going away and leaving us in noecho mode.
     people with cbreak shells never even noticed..
   - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
     ie. -> i.e.,

20000120
 - Don't use getaddrinfo on AIX
 - Update to latest OpenBSD CVS:
   - [auth-rsa.c]
     - fix user/1056, sshd keeps restrictions; dbt@meat.net
   - [sshconnect.c]
     - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
     - destroy keys earlier
     - split key exchange (kex) and user authentication (user-auth),
       ok: provos@
   - [sshd.c]
     - no need for poll.h; from bright@wintelcom.net
     - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
     - split key exchange (kex) and user authentication (user-auth),
       ok: provos@
   - [sshd.c]
     - no need for poll.h; from bright@wintelcom.net
     - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
     - split key exchange (kex) and user authentication (user-auth),
       ok: provos@
 - Big manpage and config file cleanup from Andre Lucas
   <andre.lucas@dial.pipex.com>
   - Re-added latest (unmodified) OpenBSD manpages
 - Doc updates
 - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
   Christos Zoulas <christos@netbsd.org>

20000119
 - SCO compile fixes from Gary E. Miller <gem@rellim.com>
 - Compile fix from Darren_Hall@progressive.com
 - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
   addresses using getaddrinfo(). Added a configure switch to make the
   default lookup mode AF_INET

20000118
 - Fixed --with-pid-dir option
 - Makefile fix from Gary E. Miller <gem@rellim.com>
 - Compile fix for HPUX and Solaris from Andre Lucas
   <andre.lucas@dial.pipex.com>

14 files changed, 166 insertions, 207 deletions

diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index b0e80729eee..d4a339d817e 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,20 +1,28 @@
-# $NetBSD: Makefile,v 1.4 2000/01/27 13:52:35 hubertf Exp $
+# $NetBSD: Makefile,v 1.5 2000/01/27 17:12:02 hubertf Exp $
 #
 
-DISTNAME=		openssh-1.2.1pre26
-PKGNAME=		openssh-1.2.1.26
+DISTNAME=		openssh-1.2.2
 CATEGORIES=		security
-MASTER_SITES=		ftp://thermo.stat.ncsu.edu/pub/openssh/files/
+MASTER_SITES=		http://the.wiretapped.net/security/cryptography/ssh/OpenSSH/files/ \
+			http://www.firedrake.org/openssh/files/ \
+			ftp://thermo.stat.ncsu.edu/pub/openssh/files/ \
+			ftp://sunsite.cnlab-switch.ch/mirror/OpenSSH/files/
 
 MAINTAINER=		packages@netbsd.org
 HOMEPAGE=		http://www.openssh.org/
 
-CONFLICTS=		ssh-[0-9]*
+DEPENDS=		openssl-[0-9]*:../../security/openssl
+BUILD_DEPENDS+=		${LOCALBASE}/bin/perl:../../lang/perl5
 
-USE_PERL5=		yes
+CONFLICTS=		ssh-[0-9]*
 
+# USE_PERL5=		yes
 RESTRICTED=		"Crypto; export-controlled"
 MIRROR_DISTFILE=	no
+DEINSTALL_FILE=		${WRKDIR}/DEINSTALL
+MESSAGE_FILE=		${WRKDIR}/MESSAGE
+PLIST_SRC=		${WRKDIR}/PLIST
+BUILD_DEFS+=		SSH_CONF_DIR
 
 # matches what's in `Configure' (except sparc64)
 ONLY_FOR_PLATFORM=	NetBSD-*-alpha NetBSD-*-arm32 NetBSD-*-i386 \
@@ -23,15 +31,31 @@ ONLY_FOR_PLATFORM=	NetBSD-*-alpha NetBSD-*-arm32 NetBSD-*-i386 \
 			NetBSD-*-sparc NetBSD-*-vax
 
 GNU_CONFIGURE=		yes
+CONFIGURE_ARGS+=	openssl
 
 .include "../../mk/bsd.prefs.mk"
-
-# from mk.conf
 SSH_CONF_DIR?=		/etc
-CONFIGURE_ARGS=		--prefix=${PREFIX} --sysconfdir=${SSH_CONF_DIR}
-
-DEPENDS=		openssl-0.9.4:../../security/openssl
-
-CONFIGURE_ARGS+=	openssl
+CONFIGURE_ARGS=		--sysconfdir=${SSH_CONF_DIR}
+
+post-build:
+	cd ${PKGDIR}; \
+	for FILE in DEINSTALL MESSAGE PLIST ${FILESDIR}/sshd.sh; do \
+	  ${SED} -e 's#@SSH_CONF_DIR@#${SSH_CONF_DIR}#g' \
+	         -e 's#@PREFIX@#${PREFIX}#g' \
+		 <$${FILE} >${WRKDIR}/`basename $${FILE}`; \
+	done
+
+post-install:
+	for FILE in ssh_config sshd_config ; do \
+		if [ ! -f ${SSH_CONF_DIR}/$${FILE} ]; then \
+			${INSTALL_DATA} ${PREFIX}/share/examples/ssh/$${FILE} ${SSH_CONF_DIR}/$${FILE}  ; \
+		fi ; \
+	done
+	if [ ! -f ${SSH_CONF_DIR}/ssh_host_key ]; then \
+		${ECHO} "Generating a secret host key..."; \
+		${PREFIX}/bin/ssh-keygen \
+			-f ${SSH_CONF_DIR}/ssh_host_key -N ""; \
+	fi
+	${INSTALL_SCRIPT} ${WRKDIR}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh
 
 .include "../../mk/bsd.pkg.mk"
diff --git a/security/openssh/files/md5 b/security/openssh/files/md5
index b6faaffddde..c5bffc8d597 100644
--- a/security/openssh/files/md5
+++ b/security/openssh/files/md5
@@ -1 +1,3 @@
-MD5 (openssh-1.2.1pre26.tar.gz) = 75501f28adcca30aeb965596a5dc0326
+$NetBSD: md5,v 1.2 2000/01/27 17:12:03 hubertf Exp $
+
+MD5 (openssh-1.2.2.tar.gz) = 4eccb907bf7bd6368300dc23b20dc8c2
diff --git a/security/openssh/files/patch-sum b/security/openssh/files/patch-sum
index 38c05d1aaf7..c213f76cc29 100644
--- a/security/openssh/files/patch-sum
+++ b/security/openssh/files/patch-sum
@@ -1,10 +1,7 @@
-$NetBSD: patch-sum,v 1.2 2000/01/17 07:24:39 christos Exp $
+$NetBSD: patch-sum,v 1.3 2000/01/27 17:12:03 hubertf Exp $
 
-MD5 (patch-aa) = e6f1eb1a5fca7347b2f93ce7a5b2420a
+MD5 (patch-aa) = 0895daea0973a07833d5eadbfc902afd
 MD5 (patch-ab) = b1be98743ffb76d3e0401dda3a420f25
-MD5 (patch-ac) = 33cece26534692f25fca101e2a5f9340
 MD5 (patch-ad) = affe7f6d4df103015cb788cac15d2670
-MD5 (patch-ae) = 60bdd814e2305bd2f70d5728344ad85f
-MD5 (patch-af) = 5944fcd4ff8e95f38af74bca6cf6c97d
-MD5 (patch-ag) = 4f4487055339564aca2c495456645919
-MD5 (patch-ah) = 9923ffcb1636a92de6b94069bd5fb4bf
+MD5 (patch-ag) = 037888228d97283b54d1232daf3945a2
+MD5 (patch-ah) = b31a5dfc27312a091e76108f25e1bf6d
diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa
index bf231e633ca..334ea963ca8 100644
--- a/security/openssh/patches/patch-aa
+++ b/security/openssh/patches/patch-aa
@@ -1,17 +1,8 @@
-$NetBSD: patch-aa,v 1.2 2000/01/17 07:24:40 christos Exp $
+$NetBSD: patch-aa,v 1.3 2000/01/27 17:12:03 hubertf Exp $
 
---- configure.orig	Sat Jan 15 20:22:59 2000
-+++ configure	Mon Jan 17 02:21:54 2000
-@@ -1293,7 +1293,7 @@
- 
- echo $ac_n "checking for OpenSSL/SSLeay directory""... $ac_c" 1>&6
- echo "configure:1296: checking for OpenSSL/SSLeay directory" >&5
--for ssldir in /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local $prefix /usr/pkg ; do
-+for ssldir in $prefix /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg ; do
- 	if test -f "$ssldir/include/openssl/crypto.h"; then
- 		cat >> confdefs.h <<\EOF
- #define HAVE_OPENSSL 1
-@@ -1321,7 +1321,7 @@
+--- configure.orig	Thu Jan 27 04:17:06 2000
++++ configure	Thu Jan 27 17:02:44 2000
+@@ -1271,7 +1271,7 @@
  
  if test "$ssldir" != "/usr"; then
  	CFLAGS="$CFLAGS -I$ssldir/include"
@@ -20,35 +11,32 @@ $NetBSD: patch-aa,v 1.2 2000/01/17 07:24:40 christos Exp $
  fi
  echo "$ac_t""$ssldir" 1>&6
  
-@@ -2224,6 +2224,7 @@
+@@ -2321,7 +2321,9 @@
  cat > conftest.$ac_ext <<EOF
- #line 2226 "configure"
- #include "confdefs.h"
-+#include <sys/types.h>
- #include <sys/socket.h>
- int main() {
- struct sockaddr_storage s;
-@@ -2252,6 +2253,7 @@
- cat > conftest.$ac_ext <<EOF
- #line 2254 "configure"
+ #line 2323 "configure"
  #include "confdefs.h"
 +#include <sys/types.h>
  #include <netinet/in.h>
++#include <netinet/in6.h>
  int main() {
  struct sockaddr_in6 s; s.sin6_family = 0;
-@@ -2280,6 +2282,7 @@
+ ; return 0; }
+@@ -2349,7 +2351,9 @@
  cat > conftest.$ac_ext <<EOF
- #line 2282 "configure"
+ #line 2351 "configure"
  #include "confdefs.h"
 +#include <sys/types.h>
  #include <netinet/in.h>
++#include <netinet/in6.h>
  int main() {
  struct in6_addr s; s.s6_addr[0] = 0;
-@@ -2309,6 +2312,7 @@
- #line 2310 "configure"
- #include "confdefs.h"
- 
-+		#include <sys/types.h>
- 		#include <sys/socket.h>
- 		#include <netdb.h>
- 	
+ ; return 0; }
+@@ -2545,7 +2549,7 @@
+   if test "$cross_compiling" = yes; then
+     { echo "configure: error: Cannot check for file existence when cross compiling" 1>&2; exit 1; }
+ else
+-  if test -r "/dev/urandom"; then
++  if test -r "/dev/urandom" && dd if=/dev/urandom of=/dev/null bs=1 count=1; then
+     eval "ac_cv_file_$ac_safe=yes"
+   else
+     eval "ac_cv_file_$ac_safe=no"
diff --git a/security/openssh/patches/patch-ac b/security/openssh/patches/patch-ac
deleted file mode 100644
index a16ffaa78d9..00000000000
--- a/security/openssh/patches/patch-ac
+++ /dev/null
@@ -1,23 +0,0 @@
-$NetBSD: patch-ac,v 1.1 2000/01/17 05:34:34 christos Exp $
-
---- fake-getaddrinfo.h.orig	Thu Jan 13 23:45:49 2000
-+++ fake-getaddrinfo.h	Sun Jan 16 23:49:53 2000
-@@ -5,6 +5,9 @@
- 
- #include "fake-gai-errnos.h"
- 
-+#ifndef AI_CANONNAME
-+# define AI_CANONNAME      0
-+#endif
- #ifndef AI_PASSIVE
- # define AI_PASSIVE        1
- #endif
-@@ -25,7 +28,7 @@
- 	char	*ai_canonname;	/* canonical name for hostname */
- 	struct sockaddr *ai_addr;	/* binary address */
- 	struct addrinfo *ai_next;	/* next structure in linked list */
--}
-+};
- #endif /* !HAVE_STRUCT_ADDRINFO */
- 
- #ifndef HAVE_GETADDRINFO
diff --git a/security/openssh/patches/patch-ae b/security/openssh/patches/patch-ae
deleted file mode 100644
index aedfe6ccd06..00000000000
--- a/security/openssh/patches/patch-ae
+++ /dev/null
@@ -1,19 +0,0 @@
-$NetBSD: patch-ae,v 1.1 2000/01/17 05:34:34 christos Exp $
-
---- log-client.c.orig	Wed Nov 24 08:26:22 1999
-+++ log-client.c	Sun Jan 16 23:50:22 2000
-@@ -45,12 +45,12 @@
- 	}
- }
- 
--#define MSGBUFSIZE 1024
-+#define SSH_MSGBUFSIZE 1024
- 
- void
- do_log(LogLevel level, const char *fmt, va_list args)
- {
--	char msgbuf[MSGBUFSIZE];
-+	char msgbuf[SSH_MSGBUFSIZE];
- 
- 	if (level > log_level)
- 		return;
diff --git a/security/openssh/patches/patch-af b/security/openssh/patches/patch-af
deleted file mode 100644
index 121bf2b0952..00000000000
--- a/security/openssh/patches/patch-af
+++ /dev/null
@@ -1,21 +0,0 @@
-$NetBSD: patch-af,v 1.1 2000/01/17 05:34:34 christos Exp $
-
---- log-server.c.orig	Wed Nov 24 08:26:22 1999
-+++ log-server.c	Sun Jan 16 23:50:54 2000
-@@ -97,13 +97,13 @@
- 	log_on_stderr = on_stderr;
- }
- 
--#define MSGBUFSIZE 1024
-+#define SSH_MSGBUFSIZE 1024
- 
- void
- do_log(LogLevel level, const char *fmt, va_list args)
- {
--	char msgbuf[MSGBUFSIZE];
--	char fmtbuf[MSGBUFSIZE];
-+	char msgbuf[SSH_MSGBUFSIZE];
-+	char fmtbuf[SSH_MSGBUFSIZE];
- 	char *txt = NULL;
- 	int pri = LOG_INFO;
- 
diff --git a/security/openssh/patches/patch-ag b/security/openssh/patches/patch-ag
index b1158792f4e..13d45051b68 100644
--- a/security/openssh/patches/patch-ag
+++ b/security/openssh/patches/patch-ag
@@ -1,15 +1,15 @@
-$NetBSD: patch-ag,v 1.1 2000/01/17 05:34:35 christos Exp $
+$NetBSD: patch-ag,v 1.2 2000/01/27 17:12:05 hubertf Exp $
 
---- uidswap.c.orig	Wed Nov 24 19:55:00 1999
-+++ uidswap.c	Sun Jan 16 23:48:54 2000
-@@ -27,8 +27,10 @@
+--- uidswap.c.orig	Thu Jan 20 14:18:16 2000
++++ uidswap.c	Thu Jan 27 17:04:38 2000
+@@ -26,8 +26,10 @@
+    is not part of the posix specification. */
  #define SAVED_IDS_WORK_WITH_SETEUID
- #endif /* _POSIX_SAVED_IDS */
  
 +#ifdef SAVED_IDS_WORK_WITH_SETEUID
  /* Saved effective uid. */
  static uid_t saved_euid = 0;
 +#endif
  
- /*
-  * Temporarily changes to the given uid.  If the effective user
+ #endif /* _POSIX_SAVED_IDS */
+ 
diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah
index ba1be47a482..3e1eafc745d 100644
--- a/security/openssh/patches/patch-ah
+++ b/security/openssh/patches/patch-ah
@@ -1,36 +1,36 @@
-$NetBSD: patch-ah,v 1.1 2000/01/17 05:34:35 christos Exp $
+$NetBSD: patch-ah,v 1.2 2000/01/27 17:12:05 hubertf Exp $
 
---- Makefile.in.orig	Thu Jan 13 23:45:46 2000
-+++ Makefile.in	Mon Jan 17 00:24:48 2000
-@@ -5,6 +5,7 @@
- libexecdir=@libexecdir@
+--- Makefile.in.orig	Thu Jan 27 04:15:48 2000
++++ Makefile.in	Thu Jan 27 17:07:34 2000
+@@ -6,6 +6,7 @@
  mandir=@mandir@
+ mansubdir=@mansubdir@
  sysconfdir=@sysconfdir@
 +examplesdir=@prefix@/share/examples/ssh
- 
- srcdir = @srcdir@
- top_srcdir = @top_srcdir@
-@@ -137,16 +138,16 @@
- 		$(INSTALL) -s @GNOME_ASKPASS@ ${ASKPASS_LOCATION} ; \
+ piddir=@piddir@
+ srcdir=@srcdir@
+ top_srcdir=@top_srcdir@
+@@ -130,16 +131,16 @@
+ 		$(INSTALL) -s @GNOME_ASKPASS@ $(DESTDIR)${ASKPASS_LOCATION} ; \
  	fi
  
--	if [ ! -f $(sysconfdir)/ssh_config -a ! -f $(sysconfdir)/sshd_config ]; then \
--		$(INSTALL) -d $(sysconfdir); \
--		$(INSTALL) -m 644 ssh_config $(sysconfdir)/ssh_config; \
--		$(INSTALL) -m 644 sshd_config $(sysconfdir)/sshd_config; \
-+	if [ ! -f $(examplesdir)/ssh_config -a ! -f $(examplesdir)/sshd_config ]; then \
-+		$(INSTALL) -d $(examplesdir); \
-+		$(INSTALL) -m 644 ssh_config $(examplesdir)/ssh_config; \
-+		$(INSTALL) -m 644 sshd_config $(examplesdir)/sshd_config; \
+-	if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config -a ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \
+-		$(INSTALL) -d $(DESTDIR)$(sysconfdir); \
+-		$(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \
+-		$(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \
++	if [ ! -f $(DESTDIR)$(examplesdir)/ssh_config -a ! -f $(DESTDIR)$(examplesdir)/sshd_config ]; then \
++		$(INSTALL) -d $(DESTDIR)$(examplesdir); \
++		$(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(examplesdir)/ssh_config; \
++		$(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(examplesdir)/sshd_config; \
  	fi
  
  uninstallall:	uninstall
--	-rm -f $(sysconfdir)/ssh_config
--	-rm -f $(sysconfdir)/sshd_config
--	-rmdir $(sysconfdir)
-+	-rm -f $(examplesdir)/ssh_config
-+	-rm -f $(examplesdir)/sshd_config
-+	-rmdir $(examplesdir)
- 	-rmdir $(bindir)
- 	-rmdir $(sbindir)
- 	-rmdir $(mandir)/man1
+-	-rm -f $(DESTDIR)$(sysconfdir)/ssh_config
+-	-rm -f $(DESTDIR)$(sysconfdir)/sshd_config
+-	-rmdir $(DESTDIR)$(sysconfdir)
++	-rm -f $(DESTDIR)$(examplesdir)/ssh_config
++	-rm -f $(DESTDIR)$(examplesdir)/sshd_config
++	-rmdir $(DESTDIR)$(examplesdir)
+ 	-rmdir $(DESTDIR)$(bindir)
+ 	-rmdir $(DESTDIR)$(sbindir)
+ 	-rmdir $(DESTDIR)$(mandir)/$(mansubdir)1
diff --git a/security/openssh/pkg/DEINSTALL b/security/openssh/pkg/DEINSTALL
new file mode 100644
index 00000000000..ee1aa040cf6
--- /dev/null
+++ b/security/openssh/pkg/DEINSTALL
@@ -0,0 +1,18 @@
+#! /bin/sh
+#
+# $NetBSD: DEINSTALL,v 1.1 2000/01/27 17:13:02 hubertf Exp $
+#
+
+case "$2" in
+	DEINSTALL) cat <<EOF
+
+=============================================================
+Note that ssh configuration, key, and random-seed files
+(@SSH_CONF_DIR@/ssh*) are not removed in the deinstallation
+process.  You should remove those by hand, if you no longer
+need them.
+=============================================================
+
+EOF
+	;;
+esac
diff --git a/security/openssh/pkg/DESCR b/security/openssh/pkg/DESCR
index 6827f64a327..764ae7f0903 100644
--- a/security/openssh/pkg/DESCR
+++ b/security/openssh/pkg/DESCR
@@ -1,13 +1,9 @@
-This is the port of OpenBSD's excellent OpenSSH to Linux and other
-Unices.
-
 OpenSSH is based on the last free version of Tatu Ylonen's SSH with
 all patent-encumbered algorithms removed (to external libraries), all
 known security bugs fixed, new features reintroduced and many other
 clean-ups. More information about SSH itself can be found in the file
 README.Ylonen. OpenSSH has been created by Aaron Campbell, Bob Beck,
-Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. It has a
-homepage at http://www.openssh.com/
+Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song.
 
 This port consists of the re-introduction of autoconf support, PAM
 support (for Linux and Solaris), EGD[1] support, SOCKS support (using
@@ -16,53 +12,3 @@ that are (regrettably) absent from other unices. This port has been
 best tested on Linux, Solaris, HPUX, NetBSD and Irix. Support for AIX,
 SCO, NeXT and other Unices is underway. This version actively tracks
 changes in the OpenBSD CVS repository.
-
-The PAM support is now more functional than the popular packages of
-commercial ssh-1.2.x. It checks "account" and "session" modules for
-all logins, not just when using password authentication.
-
-All new code is released under a XFree style license, which is very
-liberal. Please refer to the source files for details. The code in
-bsd-*.[ch] is from the OpenBSD project and has its own license (again,
-see the source files for details).
-
-OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4] and
-Dante[6]. To build the GNOME[5] pass-phrase requester
-(--with-gnome-askpass), you will need the GNOME libraries installed.
-If you are building OpenSSH on a Unix which lacks a kernel random
-number pool (/dev/random), you will need to install EGD[1]. 
-
-There is now several mailing lists for this port of OpenSSH. Please
-refer to http://violet.ibs.com.au/openssh/list.html for details on how
-to join.
-
-Please send bug reports and patches to the mailing list
-openssh-unix-dev@mindrot.org. The list is currently open to posting by
-unsubscribed users.
-
-Please refer to the INSTALL document for information on how to install
-OpenSSH on your system. The UPGRADING document details differences 
-between this port of OpenSSH and F-Secure SSH 1.x.
-
-Damien Miller <djm@ibs.com.au>
-Internet Business Solutions
-
-Miscellania - 
-
-This version of SSH is based upon code retrieved from the OpenBSD CVS
-repository which in turn was based on the last free 
-version of SSH released by Tatu Ylonen.
-
-Code in bsd-misc.[ch] and gnome-ssh-askpass.c is Copyright 1999 Damien
-Miller & Internet Business Solutions and is released under a X11-style
-license (see source files for details).
-
-References -
-
-[1] http://www.lothar.com/tech/crypto/
-[2] http://www.cdrom.com/pub/infozip/zlib/
-[3] http://www.openssl.org/
-[4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
-[5] http://www.gnome.org/
-[6] http://www.inet.no/dante
-
diff --git a/security/openssh/pkg/MESSAGE b/security/openssh/pkg/MESSAGE
new file mode 100644
index 00000000000..415ddc595c4
--- /dev/null
+++ b/security/openssh/pkg/MESSAGE
@@ -0,0 +1,19 @@
+==========================================================================
+$NetBSD: MESSAGE,v 1.1 2000/01/27 17:13:02 hubertf Exp $
+
+If "starter" configuration files were installed (in @SSH_CONF_DIR@)
+when the package was installed, be sure to examine them (and the man pages
+for ssh and sshd) to determine whether you want to make any changes.
+
+Copies of the example configuration files are installed in
+@PREFIX@/share/examples/ssh, so those can still be used for reference
+after you have made changes to those installed in @SSH_CONF_DIR@, or if
+you had existing configuration files, which would not be overwritten in
+the installation process.
+
+In general, you will want to set up /etc/rc.local to start sshd at boot
+time.  Something like the following should do the job:
+
+# Run sshd if installed and configured
+@PREFIX@/etc/rc.d/sshd.sh
+==========================================================================
diff --git a/security/openssh/pkg/PLIST b/security/openssh/pkg/PLIST
index c71d513d55e..37b9e1dbc98 100644
--- a/security/openssh/pkg/PLIST
+++ b/security/openssh/pkg/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1 2000/01/17 05:34:35 christos Exp $
+@comment $NetBSD: PLIST,v 1.2 2000/01/27 17:12:06 hubertf Exp $
 bin/ssh
 bin/scp
 bin/slogin
@@ -6,6 +6,7 @@ bin/ssh-add
 bin/ssh-agent
 bin/ssh-keygen
 sbin/sshd
+etc/rc.d/sshd.sh
 man/man1/ssh.1
 man/man1/scp.1
 man/man1/slogin.1
@@ -15,3 +16,8 @@ man/man1/ssh-keygen.1
 man/man8/sshd.8
 share/examples/ssh/ssh_config
 share/examples/ssh/sshd_config
+@exec if [ ! -d @SSH_CONF_DIR@ ]; then echo "Creating directory @SSH_CONF_DIR@ for ssh config files.." ; mkdir -p @SSH_CONF_DIR@; fi
+@exec if [ ! -f @SSH_CONF_DIR@/ssh_config ]; then echo "Installing example ssh_config in @SSH_CONF_DIR@.." ; /usr/bin/install -c -o root -g wheel -m 0644 %D/share/examples/ssh/ssh_config @SSH_CONF_DIR@; fi
+@exec if [ ! -f @SSH_CONF_DIR@/sshd_config ]; then echo "Installing example sshd_config in @SSH_CONF_DIR@.." ; /usr/bin/install -c -o root -g wheel -m 0644 %D/share/examples/ssh/sshd_config @SSH_CONF_DIR@; fi
+@exec if [ ! -f @SSH_CONF_DIR@/ssh_host_key ]; then echo "Generating a secret host key in @SSH_CONF_DIR@.." ; %D/bin/ssh-keygen -N "" -f @SSH_CONF_DIR@/ssh_host_key; fi
+@dirrm share/examples/ssh
diff --git a/security/openssh/pkg/REQ b/security/openssh/pkg/REQ
new file mode 100644
index 00000000000..421069641cc
--- /dev/null
+++ b/security/openssh/pkg/REQ
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# $NetBSD: REQ,v 1.1 2000/01/27 17:13:02 hubertf Exp $
+#
+
+PKG=$1
+STAGE=$2
+
+if [ "$STAGE" != "INSTALL" ];
+then
+        exit 0
+fi
+
+if ! dd if=/dev/urandom of=/dev/null bs=1 count=1 2>/dev/null >/dev/null ; 
+then
+	echo ""
+	echo "Need working /dev/urandom for this package to work!"
+	echo ""
+	exit 1
+fi
+
+exit 0