diff options
-rw-r--r-- | security/openssh/Makefile | 34 | ||||
-rw-r--r-- | security/openssh/distinfo | 6 | ||||
-rw-r--r-- | security/openssh/patches/patch-aa | 110 | ||||
-rw-r--r-- | security/openssh/patches/patch-ab | 46 |
4 files changed, 142 insertions, 54 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index fac6d3b4682..5ac6b1d300a 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.87 2002/08/23 07:27:54 grant Exp $ +# $NetBSD: Makefile,v 1.88 2002/08/28 04:55:18 jlam Exp $ DISTNAME= openssh-3.4p1 PKGNAME= openssh-3.4.0.1 @@ -43,33 +43,34 @@ RCD_SCRIPTS_EGDIR= etc/rc.d PLIST_SUBST+= MANDIR=${MANDIR} PLIST_SUBST+= RCD_SCRIPTS_EGDIR=${RCD_SCRIPTS_EGDIR} -USE_BUILDLINK_ONLY= yes +USE_BUILDLINK2= yes GNU_CONFIGURE= yes CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} CONFIGURE_ARGS+= --mandir=${PREFIX}/${MANDIR} CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR} -CONFIGURE_ARGS+= --with-ssl-dir=${BUILDLINK_DIR} -CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_DIR} +CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE} +CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers} CONFIGURE_ARGS+= --with-privsep-path=/var/chroot/sshd # XXX: PAM authentication causes memory faults, and I haven't tracked down # XXX: why yet. For the moment, disable PAM authentication. # #.if defined(USE_PAM) -#.include "../../security/PAM/buildlink.mk" +#.include "../../security/PAM/buildlink2.mk" #CONFIGURE_ARGS+= --with-pam #PLIST_SRC+= ${.CURDIR}/PLIST.pam #MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam #.endif -# XXX: we have 4 args (4: sslen) to skeychallenge instead of 3 -#.if ${OPSYS} == "NetBSD" +.if (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS") +. include "../../security/skey/buildlink2.mk" +CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey} +.elif ${OPSYS} == "NetBSD" +# XXX: NetBSD has 4 args (4: sslen) to skeychallenge instead of 3 #CONFIGURE_ARGS+= --with-skey=/usr -#.endif - -.if ${OPSYS} == "SunOS" -DEPENDS+= skey>=1.1.5:../../security/skey -CONFIGURE_ARGS+= --with-skey=${LOCALBASE} +CONFIGURE_ARGS+= --without-skey +.else +CONFIGURE_ARGS+= --without-skey .endif # XXX: <krb.h> @@ -78,6 +79,8 @@ CONFIGURE_ARGS+= --with-skey=${LOCALBASE} #CONFIGURE_ARGS+= --with-kerberos4=/usr #.endif +LD= ${CC} + # The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending # on if it's part of the X11 distribution, or if it's installed from pkgsrc # (security/ssh-askpass). @@ -135,8 +138,9 @@ post-install: #.endif ${INSTALL_SCRIPT} ${WRKDIR}/sshd ${PREFIX}/${RCD_SCRIPTS_EGDIR}/sshd -.include "../../devel/zlib/buildlink.mk" -.include "../../security/openssl/buildlink.mk" -.include "../../security/tcp_wrappers/buildlink.mk" +.include "../../devel/zlib/buildlink2.mk" +.include "../../security/openssl/buildlink2.mk" +.include "../../security/tcp_wrappers/buildlink2.mk" + .include "../../mk/bsd.pkg.install.mk" .include "../../mk/bsd.pkg.mk" diff --git a/security/openssh/distinfo b/security/openssh/distinfo index bfaffd05e25..1f4a7ca3a3f 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.20 2002/06/26 14:33:30 itojun Exp $ +$NetBSD: distinfo,v 1.21 2002/08/28 04:55:18 jlam Exp $ SHA1 (openssh-3.4p1.tar.gz) = 8841326bf79b2c8a88d7a6e371739ec21cee73bc Size (openssh-3.4p1.tar.gz) = 837668 bytes -SHA1 (patch-aa) = 0287823fc0c5953996891576b4d3571e08618b3d -SHA1 (patch-ab) = 8a7c9c0802a5089ef25ae91a520772a09a2b5000 +SHA1 (patch-aa) = 817aa0fc69ea933666c43a677695f3bf1f4dc3ec +SHA1 (patch-ab) = 918ba2eed7dccd33c09b6caa1d379647ba97178f SHA1 (patch-ah) = 9913c868bde5d318915b1dee2c05dcf454a0f506 diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa index abd58346255..34e7a59605a 100644 --- a/security/openssh/patches/patch-aa +++ b/security/openssh/patches/patch-aa @@ -1,10 +1,16 @@ -$NetBSD: patch-aa,v 1.24 2002/06/25 02:13:12 itojun Exp $ +$NetBSD: patch-aa,v 1.25 2002/08/28 04:55:18 jlam Exp $ -use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES - ---- configure.orig Sat Jun 22 00:56:52 2002 -+++ configure Tue Jun 25 10:54:48 2002 -@@ -3943,8 +3943,6 @@ +--- configure.orig Wed Jun 26 07:08:18 2002 ++++ configure +@@ -3920,6 +3920,7 @@ _ACEOF + SONY=1 + ;; + *-*-netbsd*) ++ check_for_libcrypt_before=1 + need_dash_r=1 + ;; + *-*-freebsd*) +@@ -3950,8 +3951,6 @@ _ACEOF CFLAGS="$CFLAGS" ;; *-*-solaris*) @@ -13,7 +19,7 @@ use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES need_dash_r=1 cat >>confdefs.h <<\_ACEOF #define PAM_SUN_CODEBASE 1 -@@ -4393,6 +4391,9 @@ +@@ -4406,6 +4405,9 @@ _ACEOF ;; esac @@ -23,27 +29,95 @@ use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES # Allow user to specify flags # Check whether --with-cflags or --without-cflags was given. -@@ -6306,6 +6307,10 @@ +@@ -6319,6 +6321,10 @@ echo $ECHO_N "checking for libwrap... $E #line $LINENO "configure" #include "confdefs.h" +#ifdef HAVE_SYS_CDEFS_H -+#include <sys/cdefs.h> ++#include <sys/cdefs.h> +#endif +#include <stdio.h> #include <tcpd.h> int deny_severity = 0, allow_severity = 0; -@@ -8051,7 +8056,7 @@ +@@ -8090,6 +8096,76 @@ fi + rm -f conftest.$ac_objext conftest.$ac_ext + fi - - fi; --LIBS="$LIBS -lcrypto" -+LIBS="$LIBS -lcrypt -lcrypto" - cat >conftest.$ac_ext <<_ACEOF - #line $LINENO "configure" - #include "confdefs.h" -@@ -17485,7 +17490,7 @@ ++# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, ++# because the system crypt() is more featureful. ++if test "x$check_for_libcrypt_before" = "x1"; then ++ ++echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5 ++echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6 ++if test "${ac_cv_lib_crypt_crypt+set}" = set; then ++ echo $ECHO_N "(cached) $ECHO_C" >&6 ++else ++ ac_check_lib_save_LIBS=$LIBS ++LIBS="-lcrypt $LIBS" ++cat >conftest.$ac_ext <<_ACEOF ++#line $LINENO "configure" ++#include "confdefs.h" ++ ++/* Override any gcc2 internal prototype to avoid an error. */ ++#ifdef __cplusplus ++extern "C" ++#endif ++/* We use char because int might match the return type of a gcc2 ++ builtin and then its argument prototype would still apply. */ ++char crypt (); ++#ifdef F77_DUMMY_MAIN ++# ifdef __cplusplus ++ extern "C" ++# endif ++ int F77_DUMMY_MAIN() { return 1; } ++#endif ++int ++main () ++{ ++crypt (); ++ ; ++ return 0; ++} ++_ACEOF ++rm -f conftest.$ac_objext conftest$ac_exeext ++if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 ++ (eval $ac_link) 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); } && ++ { ac_try='test -s conftest$ac_exeext' ++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); }; }; then ++ ac_cv_lib_crypt_crypt=yes ++else ++ echo "$as_me: failed program was:" >&5 ++cat conftest.$ac_ext >&5 ++ac_cv_lib_crypt_crypt=no ++fi ++rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext ++LIBS=$ac_check_lib_save_LIBS ++fi ++echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5 ++echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6 ++if test $ac_cv_lib_crypt_crypt = yes; then ++ cat >>confdefs.h <<_ACEOF ++#define HAVE_LIBCRYPT 1 ++_ACEOF ++ ++ LIBS="-lcrypt $LIBS" ++ ++fi ++ ++fi ++ + # Search for OpenSSL + saved_CPPFLAGS="$CPPFLAGS" + saved_LDFLAGS="$LDFLAGS" +@@ -17497,7 +17573,7 @@ echo "OpenSSH has been configured with t echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab index 9e5e6427917..c2bdd0cb0c0 100644 --- a/security/openssh/patches/patch-ab +++ b/security/openssh/patches/patch-ab @@ -1,10 +1,16 @@ -$NetBSD: patch-ab,v 1.11 2002/06/25 02:13:13 itojun Exp $ +$NetBSD: patch-ab,v 1.12 2002/08/28 04:55:18 jlam Exp $ -use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES - ---- configure.ac.orig Fri Jun 21 09:01:19 2002 -+++ configure.ac Tue Jun 25 10:54:10 2002 -@@ -183,8 +183,6 @@ +--- configure.ac.orig Tue Jun 25 15:35:16 2002 ++++ configure.ac +@@ -167,6 +167,7 @@ mips-sony-bsd|mips-sony-newsos4) + SONY=1 + ;; + *-*-netbsd*) ++ check_for_libcrypt_before=1 + need_dash_r=1 + ;; + *-*-freebsd*) +@@ -185,8 +186,6 @@ mips-sony-bsd|mips-sony-newsos4) CFLAGS="$CFLAGS" ;; *-*-solaris*) @@ -13,7 +19,7 @@ use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES need_dash_r=1 AC_DEFINE(PAM_SUN_CODEBASE) AC_DEFINE(LOGIN_NEEDS_UTMPX) -@@ -310,6 +308,9 @@ +@@ -312,6 +311,9 @@ mips-sony-bsd|mips-sony-newsos4) ;; esac @@ -23,7 +29,7 @@ use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES # Allow user to specify flags AC_ARG_WITH(cflags, [ --with-cflags Specify additional flags to pass to compiler], -@@ -543,6 +544,10 @@ +@@ -545,6 +547,10 @@ AC_ARG_WITH(tcp-wrappers, AC_MSG_CHECKING(for libwrap) AC_TRY_LINK( [ @@ -34,16 +40,20 @@ use libcrypt before libcrypto, as crypt() in libcrypt is more than just for DES #include <tcpd.h> int deny_severity = 0, allow_severity = 0; ], -@@ -725,7 +730,7 @@ - fi - ] - ) --LIBS="$LIBS -lcrypto" -+LIBS="$LIBS -lcrypt -lcrypto" - AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), - [ - dnl Check default openssl install dir -@@ -2372,7 +2377,7 @@ +@@ -723,6 +729,12 @@ if test "x$PAM_MSG" = "xyes" ; then + ) + fi + ++# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, ++# because the system crypt() is more featureful. ++if test "x$check_for_libcrypt_before" = "x1"; then ++ AC_CHECK_LIB(crypt, crypt) ++fi ++ + # Search for OpenSSL + saved_CPPFLAGS="$CPPFLAGS" + saved_LDFLAGS="$LDFLAGS" +@@ -2385,7 +2397,7 @@ echo "OpenSSH has been configured with t echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" |