summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorjlam <jlam>2002-08-28 04:55:18 +0000
committerjlam <jlam>2002-08-28 04:55:18 +0000
commit469bfaeef3cc5ea5fcfa111d70ca7bb53594b20b (patch)
treeb14948b2a538ff567817dabce89987633bd55568 /security
parentfee7e86e961cdb04040af3b67feb470cce090a98 (diff)
downloadpkgsrc-469bfaeef3cc5ea5fcfa111d70ca7bb53594b20b.tar.gz
Support building with S/Key support on Darwin, and move the check for
libcrypt-before-libcrypto into a section that is protected by something we can set in the configure script (check_for_libcrypt_before). This should fix the latter part of pkg/18091 by grant beattie.
Diffstat (limited to 'security')
-rw-r--r--security/openssh/Makefile34
-rw-r--r--security/openssh/distinfo6
-rw-r--r--security/openssh/patches/patch-aa110
-rw-r--r--security/openssh/patches/patch-ab46
4 files changed, 142 insertions, 54 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index fac6d3b4682..5ac6b1d300a 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.87 2002/08/23 07:27:54 grant Exp $
+# $NetBSD: Makefile,v 1.88 2002/08/28 04:55:18 jlam Exp $
DISTNAME= openssh-3.4p1
PKGNAME= openssh-3.4.0.1
@@ -43,33 +43,34 @@ RCD_SCRIPTS_EGDIR= etc/rc.d
PLIST_SUBST+= MANDIR=${MANDIR}
PLIST_SUBST+= RCD_SCRIPTS_EGDIR=${RCD_SCRIPTS_EGDIR}
-USE_BUILDLINK_ONLY= yes
+USE_BUILDLINK2= yes
GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
CONFIGURE_ARGS+= --mandir=${PREFIX}/${MANDIR}
CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR}
-CONFIGURE_ARGS+= --with-ssl-dir=${BUILDLINK_DIR}
-CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_DIR}
+CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE}
+CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}
CONFIGURE_ARGS+= --with-privsep-path=/var/chroot/sshd
# XXX: PAM authentication causes memory faults, and I haven't tracked down
# XXX: why yet. For the moment, disable PAM authentication.
#
#.if defined(USE_PAM)
-#.include "../../security/PAM/buildlink.mk"
+#.include "../../security/PAM/buildlink2.mk"
#CONFIGURE_ARGS+= --with-pam
#PLIST_SRC+= ${.CURDIR}/PLIST.pam
#MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam
#.endif
-# XXX: we have 4 args (4: sslen) to skeychallenge instead of 3
-#.if ${OPSYS} == "NetBSD"
+.if (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS")
+. include "../../security/skey/buildlink2.mk"
+CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey}
+.elif ${OPSYS} == "NetBSD"
+# XXX: NetBSD has 4 args (4: sslen) to skeychallenge instead of 3
#CONFIGURE_ARGS+= --with-skey=/usr
-#.endif
-
-.if ${OPSYS} == "SunOS"
-DEPENDS+= skey>=1.1.5:../../security/skey
-CONFIGURE_ARGS+= --with-skey=${LOCALBASE}
+CONFIGURE_ARGS+= --without-skey
+.else
+CONFIGURE_ARGS+= --without-skey
.endif
# XXX: <krb.h>
@@ -78,6 +79,8 @@ CONFIGURE_ARGS+= --with-skey=${LOCALBASE}
#CONFIGURE_ARGS+= --with-kerberos4=/usr
#.endif
+LD= ${CC}
+
# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
# on if it's part of the X11 distribution, or if it's installed from pkgsrc
# (security/ssh-askpass).
@@ -135,8 +138,9 @@ post-install:
#.endif
${INSTALL_SCRIPT} ${WRKDIR}/sshd ${PREFIX}/${RCD_SCRIPTS_EGDIR}/sshd
-.include "../../devel/zlib/buildlink.mk"
-.include "../../security/openssl/buildlink.mk"
-.include "../../security/tcp_wrappers/buildlink.mk"
+.include "../../devel/zlib/buildlink2.mk"
+.include "../../security/openssl/buildlink2.mk"
+.include "../../security/tcp_wrappers/buildlink2.mk"
+
.include "../../mk/bsd.pkg.install.mk"
.include "../../mk/bsd.pkg.mk"
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index bfaffd05e25..1f4a7ca3a3f 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.20 2002/06/26 14:33:30 itojun Exp $
+$NetBSD: distinfo,v 1.21 2002/08/28 04:55:18 jlam Exp $
SHA1 (openssh-3.4p1.tar.gz) = 8841326bf79b2c8a88d7a6e371739ec21cee73bc
Size (openssh-3.4p1.tar.gz) = 837668 bytes
-SHA1 (patch-aa) = 0287823fc0c5953996891576b4d3571e08618b3d
-SHA1 (patch-ab) = 8a7c9c0802a5089ef25ae91a520772a09a2b5000
+SHA1 (patch-aa) = 817aa0fc69ea933666c43a677695f3bf1f4dc3ec
+SHA1 (patch-ab) = 918ba2eed7dccd33c09b6caa1d379647ba97178f
SHA1 (patch-ah) = 9913c868bde5d318915b1dee2c05dcf454a0f506
diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa
index abd58346255..34e7a59605a 100644
--- a/security/openssh/patches/patch-aa
+++ b/security/openssh/patches/patch-aa
@@ -1,10 +1,16 @@
-$NetBSD: patch-aa,v 1.24 2002/06/25 02:13:12 itojun Exp $
+$NetBSD: patch-aa,v 1.25 2002/08/28 04:55:18 jlam Exp $
-use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES
-
---- configure.orig Sat Jun 22 00:56:52 2002
-+++ configure Tue Jun 25 10:54:48 2002
-@@ -3943,8 +3943,6 @@
+--- configure.orig Wed Jun 26 07:08:18 2002
++++ configure
+@@ -3920,6 +3920,7 @@ _ACEOF
+ SONY=1
+ ;;
+ *-*-netbsd*)
++ check_for_libcrypt_before=1
+ need_dash_r=1
+ ;;
+ *-*-freebsd*)
+@@ -3950,8 +3951,6 @@ _ACEOF
CFLAGS="$CFLAGS"
;;
*-*-solaris*)
@@ -13,7 +19,7 @@ use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES
need_dash_r=1
cat >>confdefs.h <<\_ACEOF
#define PAM_SUN_CODEBASE 1
-@@ -4393,6 +4391,9 @@
+@@ -4406,6 +4405,9 @@ _ACEOF
;;
esac
@@ -23,27 +29,95 @@ use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES
# Allow user to specify flags
# Check whether --with-cflags or --without-cflags was given.
-@@ -6306,6 +6307,10 @@
+@@ -6319,6 +6321,10 @@ echo $ECHO_N "checking for libwrap... $E
#line $LINENO "configure"
#include "confdefs.h"
+#ifdef HAVE_SYS_CDEFS_H
-+#include <sys/cdefs.h>
++#include <sys/cdefs.h>
+#endif
+#include <stdio.h>
#include <tcpd.h>
int deny_severity = 0, allow_severity = 0;
-@@ -8051,7 +8056,7 @@
+@@ -8090,6 +8096,76 @@ fi
+ rm -f conftest.$ac_objext conftest.$ac_ext
+ fi
-
- fi;
--LIBS="$LIBS -lcrypto"
-+LIBS="$LIBS -lcrypt -lcrypto"
- cat >conftest.$ac_ext <<_ACEOF
- #line $LINENO "configure"
- #include "confdefs.h"
-@@ -17485,7 +17490,7 @@
++# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
++# because the system crypt() is more featureful.
++if test "x$check_for_libcrypt_before" = "x1"; then
++
++echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5
++echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6
++if test "${ac_cv_lib_crypt_crypt+set}" = set; then
++ echo $ECHO_N "(cached) $ECHO_C" >&6
++else
++ ac_check_lib_save_LIBS=$LIBS
++LIBS="-lcrypt $LIBS"
++cat >conftest.$ac_ext <<_ACEOF
++#line $LINENO "configure"
++#include "confdefs.h"
++
++/* Override any gcc2 internal prototype to avoid an error. */
++#ifdef __cplusplus
++extern "C"
++#endif
++/* We use char because int might match the return type of a gcc2
++ builtin and then its argument prototype would still apply. */
++char crypt ();
++#ifdef F77_DUMMY_MAIN
++# ifdef __cplusplus
++ extern "C"
++# endif
++ int F77_DUMMY_MAIN() { return 1; }
++#endif
++int
++main ()
++{
++crypt ();
++ ;
++ return 0;
++}
++_ACEOF
++rm -f conftest.$ac_objext conftest$ac_exeext
++if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
++ (eval $ac_link) 2>&5
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); } &&
++ { ac_try='test -s conftest$ac_exeext'
++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
++ (eval $ac_try) 2>&5
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); }; }; then
++ ac_cv_lib_crypt_crypt=yes
++else
++ echo "$as_me: failed program was:" >&5
++cat conftest.$ac_ext >&5
++ac_cv_lib_crypt_crypt=no
++fi
++rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
++LIBS=$ac_check_lib_save_LIBS
++fi
++echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5
++echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6
++if test $ac_cv_lib_crypt_crypt = yes; then
++ cat >>confdefs.h <<_ACEOF
++#define HAVE_LIBCRYPT 1
++_ACEOF
++
++ LIBS="-lcrypt $LIBS"
++
++fi
++
++fi
++
+ # Search for OpenSSL
+ saved_CPPFLAGS="$CPPFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+@@ -17497,7 +17573,7 @@ echo "OpenSSH has been configured with t
echo " User binaries: $B"
echo " System binaries: $C"
echo " Configuration files: $D"
diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab
index 9e5e6427917..c2bdd0cb0c0 100644
--- a/security/openssh/patches/patch-ab
+++ b/security/openssh/patches/patch-ab
@@ -1,10 +1,16 @@
-$NetBSD: patch-ab,v 1.11 2002/06/25 02:13:13 itojun Exp $
+$NetBSD: patch-ab,v 1.12 2002/08/28 04:55:18 jlam Exp $
-use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES
-
---- configure.ac.orig Fri Jun 21 09:01:19 2002
-+++ configure.ac Tue Jun 25 10:54:10 2002
-@@ -183,8 +183,6 @@
+--- configure.ac.orig Tue Jun 25 15:35:16 2002
++++ configure.ac
+@@ -167,6 +167,7 @@ mips-sony-bsd|mips-sony-newsos4)
+ SONY=1
+ ;;
+ *-*-netbsd*)
++ check_for_libcrypt_before=1
+ need_dash_r=1
+ ;;
+ *-*-freebsd*)
+@@ -185,8 +186,6 @@ mips-sony-bsd|mips-sony-newsos4)
CFLAGS="$CFLAGS"
;;
*-*-solaris*)
@@ -13,7 +19,7 @@ use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES
need_dash_r=1
AC_DEFINE(PAM_SUN_CODEBASE)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
-@@ -310,6 +308,9 @@
+@@ -312,6 +311,9 @@ mips-sony-bsd|mips-sony-newsos4)
;;
esac
@@ -23,7 +29,7 @@ use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES
# Allow user to specify flags
AC_ARG_WITH(cflags,
[ --with-cflags Specify additional flags to pass to compiler],
-@@ -543,6 +544,10 @@
+@@ -545,6 +547,10 @@ AC_ARG_WITH(tcp-wrappers,
AC_MSG_CHECKING(for libwrap)
AC_TRY_LINK(
[
@@ -34,16 +40,20 @@ use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES
#include <tcpd.h>
int deny_severity = 0, allow_severity = 0;
],
-@@ -725,7 +730,7 @@
- fi
- ]
- )
--LIBS="$LIBS -lcrypto"
-+LIBS="$LIBS -lcrypt -lcrypto"
- AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
- [
- dnl Check default openssl install dir
-@@ -2372,7 +2377,7 @@
+@@ -723,6 +729,12 @@ if test "x$PAM_MSG" = "xyes" ; then
+ )
+ fi
+
++# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
++# because the system crypt() is more featureful.
++if test "x$check_for_libcrypt_before" = "x1"; then
++ AC_CHECK_LIB(crypt, crypt)
++fi
++
+ # Search for OpenSSL
+ saved_CPPFLAGS="$CPPFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+@@ -2385,7 +2397,7 @@ echo "OpenSSH has been configured with t
echo " User binaries: $B"
echo " System binaries: $C"
echo " Configuration files: $D"