Age | Commit message (Collapse) | Author | Files | Lines |
|
and /etc/sshd.conf is old (and I assume some configurations from
there don't apply any more), user and group are not created
automatically (only if PKG_CREATE_USERGROUP is at default YES),
UsePrivilegeSeparation is the default, and seems to imply that
openssh is insecure without it.
Bump PKGREVISION.
Change comment regarding MESSAGE.Interix.
Removed unused MESSAGE_SUBST settings. Move one to the options.mk
as it is for "pam" only.
|
|
for the man entries.
|
|
|
|
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
|
|
compatibility provided via PKG_OPTIONS_LEGACY_OPTS.
|
|
and maybe other platforms.
Bump PKGREVISION.
|
|
and extra pam file was not included in +CONTENTS.
So moved the include of options.mk to after the PLIST_SRC and
MESSAGE_SRC are defined as empty.
(MESSAGE_SRC is redefined if Interix and if PAM PKG_OPTION was enabled
then this still needs to be fixed.)
|
|
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
|
|
|
|
|
|
*before* a BSD-with-advertising license was added to their diffs, and other
work done personally by me.
sshd now works. Most permissions checks work properly. Privsep is off by
default, and the sshd user is not created, on Interix until some problems
with privsep are fixed (perhaps by abstracting the auth functionality out
to openpam).
|
|
|
|
It includes the correct buildlink3.mk file from either Linux-PAM
(security/PAM) or OpenPAM (security/openpam) and eventually will
support solaris-pam. pam.buildlink3.mk will:
* set PAMBASE to the base directory of the PAM files;
* set PAM_TYPE to the PAM implementation used.
There are two variables that can be used to tweak the selection of
the PAM implementation:
PAM_DEFAULT is a user-settable variable whose value is the default
PAM implementation to use.
PAM_ACCEPTED is a package-settable list of PAM implementations
that may be used by the package.
Modify most packages that include PAM/buildlink3.mk to include
pam.buildlink3.mk instead.
|
|
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
|
|
pkgsrc-2004Q4 is branched.
|
|
hpn-patch kerberos PAM (only Linux)
The hpn-patch option uses the patch available in:
http://www.psc.edu/networking/projects/hpn-ssh/ to enable high performance
connections.
Also use VARBASE intead of hardcoding /var.
Bump PKGREVISION.
|
|
is enabled.
|
|
works when using pkgsrc X11.
bump PKGREVISION.
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
* Added new "IdentitiesOnly" option to ssh(1), which specifies that it should
use keys specified in ssh_config, rather than any keys in ssh-agent(1)
* Make sshd(8) re-execute itself on accepting a new connection. This security
measure ensures that all execute-time randomisations are reapplied for each
connection rather than once, for the master process' lifetime. This includes
mmap and malloc mappings, shared library addressing, shared library mapping
order, ProPolice and StackGhost cookies on systems that support such things
* Add strict permission and ownership checks to programs reading ~/.ssh/config
NB ssh(1) will now exit instead of trying to process a config with poor
ownership or permissions
* Implemented the ability to pass selected environment variables between the
client and the server. See "AcceptEnv" in sshd_config(5) and "SendEnv" in
ssh_config(5) for details
* Added a "MaxAuthTries" option to sshd(8), allowing control over the maximum
number of authentication attempts permitted per connection
* Added support for cancellation of active remote port forwarding sessions.
This may be performed using the ~C escape character, see "Escape Characters"
in ssh(1) for details
* Many sftp(1) interface improvements, including greatly enhanced "ls" support
and the ability to cancel active transfers using SIGINT (^C)
* Implement session multiplexing: a single ssh(1) connection can now carry
multiple login/command/file transfer sessions. Refer to the "ControlMaster"
and "ControlPath" options in ssh_config(5) for more information
* The sftp-server has improved support for non-POSIX filesystems (e.g. FAT)
* Portable OpenSSH: Re-introduce support for PAM password authentication, in
addition to the keyboard-interactive driver. PAM password authentication
is less flexible, and doesn't support pre-authentication password expiry but
runs in-process so Kerberos tokens, etc are retained
* Improved and more extensive regression tests
* Many bugfixes and small improvements
|
|
tested. The server (sshd) still needs more patches especially because of
non-zero Administrator uid/gid issues.
|
|
|
|
It says to use "pseudo-device rnd" kernel configuration.
TODO: if the above instructions are fine for other
operating systems with /dev/urandom then add.
|
|
faults, and haven't tracked down why yet.
No allow PAM authentication if Linux (and USE_PAM is defined).
This will close my 20846 PR from March 2003.
Also, install the contrib/sshd.pam.generic file as the example
sshd.pam instead of the FreeBSD version, but this okay since
it was commented out in the first place.
TODO: test the PAM support on other platforms and allow
if USE_PAM is defined.
|
|
|
|
Minor bugfixes.
|
|
Piotr Meyer.
|
|
automatically pass the correct -I flags to the compiler.
|
|
Kerberos 4 support, so remove those Makefile checks.
|
|
well. Bump the PKGREVISION.
XXX The right fix is to create a autoconf check for the number of args
XXX that skeychallenge takes and do the right thing accordingly.
|
|
allow building with Kerberos 4 support when using Heimdal and if the
kerberosIV headers exist.
|
|
|
|
has no business trying to update parts of the base system.
|
|
Bump PKGREVISION.
|
|
handling on Solaris >= 8 so do it explicitly.
|
|
|
|
Finish buildlink3 changes.
Obscure LOCALBASE path so that base system compilers dont match the
prefix otherwise compiler.mk then wants to build the pkgsrc gcc
package. (ick)
|
|
|
|
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
|
|
Buildlink files: RECOMMENDED version changed to current version.
|
|
This version features many improvements and bugfixes.
|
|
install them like preformatted manual pages (cat).
Reported by Georg Schwarz in PR pkg/24428.
|
|
the only relevant place that wants it.
|
|
|
|
|
|
don't know why this didn't originally work as it should, but I've
just tested it with gcc3 and Forte 8 on Solaris and I couldn't make
it fail.
fixes coredump problem on Solaris observed by some, and also
PR pkg/23120 from Alex Gerasimoff.
bump PKGREVISION to differentiate between broken and unbroken
package.
|
|
"--with-skey=... --without-skey" on Solaris :)
|
|
PAM directory too).
|
|
LD=${CC}
|
|
|