summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorkim <kim@pkgsrc.org>2001-08-17 19:49:08 +0000
committerkim <kim@pkgsrc.org>2001-08-17 19:49:08 +0000
commit5618d7417c0a20c7b839d4dcae2fd6ed35e2f879 (patch)
tree8bdbf6bdeba15b073db1024d8a36ad1666859313 /security
parent4cde4066e76e7efe8f09e6695545a1561bc15344 (diff)
downloadpkgsrc-5618d7417c0a20c7b839d4dcae2fd6ed35e2f879.tar.gz
Make this work more like the ssh package:
- don't install setuid unless SSH_SUID=YES - use libwrap (--with-tcp-wrappers) on NetBSD I also want to fix S/Key support and Kerberos IV, so I've left some comments in Makefile for that.
Diffstat (limited to 'security')
-rw-r--r--security/openssh/Makefile24
-rw-r--r--security/openssh/distinfo8
-rw-r--r--security/openssh/patches/patch-aa47
-rw-r--r--security/openssh/patches/patch-ab41
-rw-r--r--security/openssh/patches/patch-ah31
5 files changed, 133 insertions, 18 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index f5f560088f8..d855868b767 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.53 2001/06/28 23:12:16 jlam Exp $
+# $NetBSD: Makefile,v 1.54 2001/08/17 19:49:08 kim Exp $
DISTNAME= openssh-2.9p2
CATEGORIES= security
@@ -21,7 +21,9 @@ CRYPTO= yes
# retain the following line, for IPv6-ready pkgsrc webpage
BUILD_DEFS+= USE_INET6
+#BUILD_DEFS+= KERBEROS
BUILD_DEFS+= SSH_CONF_DIR
+BUILD_DEFS+= SSH_SUID
DEINSTALL_FILE= ${WRKDIR}/DEINSTALL
INSTALL_FILE= ${WRKDIR}/INSTALL
@@ -43,6 +45,23 @@ GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --sysconfdir=${SSH_CONF_DIR}
CONFIGURE_ARGS+= --with-ssl-dir=${BUILDLINK_DIR}
+.if ${OPSYS} == "NetBSD"
+CONFIGURE_ARGS+= --with-tcp-wrappers
+# XXX: we have 4 args (4: sslen) to skeychallenge instead of 3
+#CONFIGURE_ARGS+= --with-skey=/usr
+.endif
+
+# XXX: <krb.h>
+#.if defined(KERBEROS)
+#USE_KERBEROS= yes
+#CONFIGURE_ARGS+= --with-kerberos4=/usr
+#.endif
+
+# Don't install "ssh" setuid
+.if !defined(SSH_SUID) || ${SSH_SUID} != YES
+CONFIGURE_ARGS+= --disable-suid-ssh
+.endif
+
# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
# on if it's part of the X11 distribution, or if it's installed from pkgsrc
# (security/ssh-askpass). The configure process will lie about the compiled
@@ -63,6 +82,9 @@ PLIST_SRC= ${WRKDIR}/PLIST_DYNAMIC
INSTALL_FILE= ${WRKDIR}/INSTALL.SunOS
.endif
+#post-patch:
+# cd ${WRKSRC} ; autoreconf --force
+
post-build:
for FILE in \
${PKGDIR}/DEINSTALL \
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index 8b73fd0f0c6..19b36989938 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.5 2001/06/28 23:12:16 jlam Exp $
+$NetBSD: distinfo,v 1.6 2001/08/17 19:49:08 kim Exp $
SHA1 (openssh-2.9p2.tar.gz) = add432005b43f71ccf964bb77b37291273dd4ceb
Size (openssh-2.9p2.tar.gz) = 662590 bytes
-SHA1 (patch-aa) = 78816aa12ddc091bd6d4d82235af0e59d25afac6
-SHA1 (patch-ab) = 236d325113b2808d1fd9c8087cc0149eb382bbbf
-SHA1 (patch-ah) = da09e163310c21b8f5b37d89d4f44bfec9707e67
+SHA1 (patch-aa) = 0a3322cbb38c666266a7d44fc8188546b7818926
+SHA1 (patch-ab) = 92eee280f610967ddd56c0f31cd2bf2960f898b4
+SHA1 (patch-ah) = 58a9bbc7c35e7d043c26288affe6fb1a88d9db2e
diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa
index 0a53585fe96..a07a3ab7b46 100644
--- a/security/openssh/patches/patch-aa
+++ b/security/openssh/patches/patch-aa
@@ -1,7 +1,7 @@
-$NetBSD: patch-aa,v 1.15 2001/06/28 23:12:16 jlam Exp $
+$NetBSD: patch-aa,v 1.16 2001/08/17 19:49:09 kim Exp $
---- configure.orig Sun Jun 17 00:09:50 2001
-+++ configure
+--- configure.orig Sun Jun 17 07:09:50 2001
++++ configure Fri Aug 17 22:06:47 2001
@@ -1796,7 +1796,7 @@
;;
@@ -20,3 +20,44 @@ $NetBSD: patch-aa,v 1.15 2001/06/28 23:12:16 jlam Exp $
cat >> confdefs.h <<\EOF
#define PAM_SUN_CODEBASE 1
EOF
+@@ -3160,6 +3160,7 @@
+
+ # Check whether user wants TCP wrappers support
+ TCPW_MSG="no"
++TCPW_LIB=""
+ # Check whether --with-tcp-wrappers or --without-tcp-wrappers was given.
+ if test "${with_tcp_wrappers+set}" = set; then
+ withval="$with_tcp_wrappers"
+@@ -3173,6 +3174,8 @@
+ #line 3174 "configure"
+ #include "confdefs.h"
+
++#include <sys/cdefs.h>
++#include <stdio.h>
+ #include <tcpd.h>
+ int deny_severity = 0, allow_severity = 0;
+
+@@ -3189,6 +3192,7 @@
+ EOF
+
+ TCPW_MSG="yes"
++ TCPW_LIB="-lwrap"
+
+ else
+ echo "configure: failed program was:" >&5
+@@ -3200,6 +3204,7 @@
+
+ fi
+ rm -f conftest*
++ LIBS="$saved_LIBS"
+ fi
+
+
+@@ -8881,6 +8886,7 @@
+ s%@TEST_MINUS_S_SH@%$TEST_MINUS_S_SH%g
+ s%@LOGIN_PROGRAM_FALLBACK@%$LOGIN_PROGRAM_FALLBACK%g
+ s%@LD@%$LD%g
++s%@TCPW_LIB@%$TCPW_LIB%g
+ s%@NO_SFTP@%$NO_SFTP%g
+ s%@rsh_path@%$rsh_path%g
+ s%@xauth_path@%$xauth_path%g
diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab
index 3a574c8bac5..bf16a6f0002 100644
--- a/security/openssh/patches/patch-ab
+++ b/security/openssh/patches/patch-ab
@@ -1,7 +1,7 @@
-$NetBSD: patch-ab,v 1.3 2001/06/28 23:12:16 jlam Exp $
+$NetBSD: patch-ab,v 1.4 2001/08/17 19:49:10 kim Exp $
---- configure.in.orig Mon May 28 13:21:44 2001
-+++ configure.in
+--- configure.in.orig Mon May 28 20:21:44 2001
++++ configure.in Fri Aug 17 22:06:34 2001
@@ -131,7 +131,7 @@
)
;;
@@ -20,3 +20,38 @@ $NetBSD: patch-ab,v 1.3 2001/06/28 23:12:16 jlam Exp $
AC_DEFINE(PAM_SUN_CODEBASE)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(LOGIN_NEEDS_TERM)
+@@ -432,6 +432,7 @@
+
+ # Check whether user wants TCP wrappers support
+ TCPW_MSG="no"
++TCPW_LIB=""
+ AC_ARG_WITH(tcp-wrappers,
+ [ --with-tcp-wrappers Enable tcpwrappers support],
+ [
+@@ -441,6 +442,8 @@
+ AC_MSG_CHECKING(for libwrap)
+ AC_TRY_LINK(
+ [
++#include <sys/cdefs.h>
++#include <stdio.h>
+ #include <tcpd.h>
+ int deny_severity = 0, allow_severity = 0;
+ ],
+@@ -449,14 +452,17 @@
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(LIBWRAP)
+ TCPW_MSG="yes"
++ TCPW_LIB="-lwrap"
+ ],
+ [
+ AC_MSG_ERROR([*** libwrap missing])
+ ]
+ )
++ LIBS="$saved_LIBS"
+ fi
+ ]
+ )
++AC_SUBST(TCPW_LIB)
+
+ dnl Checks for library functions.
+ AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_sa clock fchown fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent getusershell glob inet_aton inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv setegid seteuid setlogin setproctitle setresgid setreuid setrlimit setsid setvbuf sigaction sigvec snprintf strerror strlcat strlcpy strmode strsep strtok_r sysconf tcgetpgrp utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop)
diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah
index 4b4cb470510..eed283fb1b6 100644
--- a/security/openssh/patches/patch-ah
+++ b/security/openssh/patches/patch-ah
@@ -1,7 +1,7 @@
-$NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $
+$NetBSD: patch-ah,v 1.13 2001/08/17 19:49:10 kim Exp $
---- Makefile.in.orig Fri Apr 27 09:31:08 2001
-+++ Makefile.in Tue May 15 01:25:53 2001
+--- Makefile.in.orig Fri Apr 27 03:31:08 2001
++++ Makefile.in Fri Aug 17 21:43:33 2001
@@ -8,6 +8,7 @@
mandir=@mandir@
mansubdir=@mansubdir@
@@ -19,7 +19,24 @@ $NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $
SFTP_SERVER=$(libexecdir)/sftp-server
PATHS= -DETCDIR=\"$(sysconfdir)\" \
-@@ -164,7 +165,7 @@
+@@ -29,6 +30,7 @@
+ CFLAGS=@CFLAGS@
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+ LIBS=@LIBS@
++WRAP=@TCPW_LIB@
+ AR=@AR@
+ RANLIB=@RANLIB@
+ INSTALL=@INSTALL@
+@@ -96,7 +98,7 @@
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
+- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
++ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(WRAP) $(LIBS)
+
+ scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o scp-common.o
+ $(LD) -o $@ scp.o scp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+@@ -164,7 +166,7 @@
distprep: catman-do
autoreconf
@@ -28,7 +45,7 @@ $NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $
install-files:
$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
-@@ -173,6 +174,7 @@
+@@ -173,6 +175,7 @@
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
@@ -36,7 +53,7 @@ $NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $
$(INSTALL) -m $(SSH_MODE) -s ssh $(DESTDIR)$(bindir)/ssh
$(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
$(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
-@@ -199,23 +201,11 @@
+@@ -199,23 +202,11 @@
if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
$(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \
fi
@@ -63,7 +80,7 @@ $NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $
fi
if [ ! -f $(DESTDIR)$(sysconfdir)/primes ]; then \
$(INSTALL) -m 644 primes.out $(DESTDIR)$(sysconfdir)/primes; \
-@@ -248,10 +238,10 @@
+@@ -248,10 +239,10 @@
./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N ""
uninstallall: uninstall