From 5618d7417c0a20c7b839d4dcae2fd6ed35e2f879 Mon Sep 17 00:00:00 2001 From: kim Date: Fri, 17 Aug 2001 19:49:08 +0000 Subject: Make this work more like the ssh package: - don't install setuid unless SSH_SUID=YES - use libwrap (--with-tcp-wrappers) on NetBSD I also want to fix S/Key support and Kerberos IV, so I've left some comments in Makefile for that. --- security/openssh/Makefile | 24 +++++++++++++++++++- security/openssh/distinfo | 8 +++---- security/openssh/patches/patch-aa | 47 ++++++++++++++++++++++++++++++++++++--- security/openssh/patches/patch-ab | 41 +++++++++++++++++++++++++++++++--- security/openssh/patches/patch-ah | 31 ++++++++++++++++++++------ 5 files changed, 133 insertions(+), 18 deletions(-) (limited to 'security') diff --git a/security/openssh/Makefile b/security/openssh/Makefile index f5f560088f8..d855868b767 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.53 2001/06/28 23:12:16 jlam Exp $ +# $NetBSD: Makefile,v 1.54 2001/08/17 19:49:08 kim Exp $ DISTNAME= openssh-2.9p2 CATEGORIES= security @@ -21,7 +21,9 @@ CRYPTO= yes # retain the following line, for IPv6-ready pkgsrc webpage BUILD_DEFS+= USE_INET6 +#BUILD_DEFS+= KERBEROS BUILD_DEFS+= SSH_CONF_DIR +BUILD_DEFS+= SSH_SUID DEINSTALL_FILE= ${WRKDIR}/DEINSTALL INSTALL_FILE= ${WRKDIR}/INSTALL @@ -43,6 +45,23 @@ GNU_CONFIGURE= yes CONFIGURE_ARGS+= --sysconfdir=${SSH_CONF_DIR} CONFIGURE_ARGS+= --with-ssl-dir=${BUILDLINK_DIR} +.if ${OPSYS} == "NetBSD" +CONFIGURE_ARGS+= --with-tcp-wrappers +# XXX: we have 4 args (4: sslen) to skeychallenge instead of 3 +#CONFIGURE_ARGS+= --with-skey=/usr +.endif + +# XXX: +#.if defined(KERBEROS) +#USE_KERBEROS= yes +#CONFIGURE_ARGS+= --with-kerberos4=/usr +#.endif + +# Don't install "ssh" setuid +.if !defined(SSH_SUID) || ${SSH_SUID} != YES +CONFIGURE_ARGS+= --disable-suid-ssh +.endif + # The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending # on if it's part of the X11 distribution, or if it's installed from pkgsrc # (security/ssh-askpass). The configure process will lie about the compiled @@ -63,6 +82,9 @@ PLIST_SRC= ${WRKDIR}/PLIST_DYNAMIC INSTALL_FILE= ${WRKDIR}/INSTALL.SunOS .endif +#post-patch: +# cd ${WRKSRC} ; autoreconf --force + post-build: for FILE in \ ${PKGDIR}/DEINSTALL \ diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 8b73fd0f0c6..19b36989938 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.5 2001/06/28 23:12:16 jlam Exp $ +$NetBSD: distinfo,v 1.6 2001/08/17 19:49:08 kim Exp $ SHA1 (openssh-2.9p2.tar.gz) = add432005b43f71ccf964bb77b37291273dd4ceb Size (openssh-2.9p2.tar.gz) = 662590 bytes -SHA1 (patch-aa) = 78816aa12ddc091bd6d4d82235af0e59d25afac6 -SHA1 (patch-ab) = 236d325113b2808d1fd9c8087cc0149eb382bbbf -SHA1 (patch-ah) = da09e163310c21b8f5b37d89d4f44bfec9707e67 +SHA1 (patch-aa) = 0a3322cbb38c666266a7d44fc8188546b7818926 +SHA1 (patch-ab) = 92eee280f610967ddd56c0f31cd2bf2960f898b4 +SHA1 (patch-ah) = 58a9bbc7c35e7d043c26288affe6fb1a88d9db2e diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa index 0a53585fe96..a07a3ab7b46 100644 --- a/security/openssh/patches/patch-aa +++ b/security/openssh/patches/patch-aa @@ -1,7 +1,7 @@ -$NetBSD: patch-aa,v 1.15 2001/06/28 23:12:16 jlam Exp $ +$NetBSD: patch-aa,v 1.16 2001/08/17 19:49:09 kim Exp $ ---- configure.orig Sun Jun 17 00:09:50 2001 -+++ configure +--- configure.orig Sun Jun 17 07:09:50 2001 ++++ configure Fri Aug 17 22:06:47 2001 @@ -1796,7 +1796,7 @@ ;; @@ -20,3 +20,44 @@ $NetBSD: patch-aa,v 1.15 2001/06/28 23:12:16 jlam Exp $ cat >> confdefs.h <<\EOF #define PAM_SUN_CODEBASE 1 EOF +@@ -3160,6 +3160,7 @@ + + # Check whether user wants TCP wrappers support + TCPW_MSG="no" ++TCPW_LIB="" + # Check whether --with-tcp-wrappers or --without-tcp-wrappers was given. + if test "${with_tcp_wrappers+set}" = set; then + withval="$with_tcp_wrappers" +@@ -3173,6 +3174,8 @@ + #line 3174 "configure" + #include "confdefs.h" + ++#include ++#include + #include + int deny_severity = 0, allow_severity = 0; + +@@ -3189,6 +3192,7 @@ + EOF + + TCPW_MSG="yes" ++ TCPW_LIB="-lwrap" + + else + echo "configure: failed program was:" >&5 +@@ -3200,6 +3204,7 @@ + + fi + rm -f conftest* ++ LIBS="$saved_LIBS" + fi + + +@@ -8881,6 +8886,7 @@ + s%@TEST_MINUS_S_SH@%$TEST_MINUS_S_SH%g + s%@LOGIN_PROGRAM_FALLBACK@%$LOGIN_PROGRAM_FALLBACK%g + s%@LD@%$LD%g ++s%@TCPW_LIB@%$TCPW_LIB%g + s%@NO_SFTP@%$NO_SFTP%g + s%@rsh_path@%$rsh_path%g + s%@xauth_path@%$xauth_path%g diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab index 3a574c8bac5..bf16a6f0002 100644 --- a/security/openssh/patches/patch-ab +++ b/security/openssh/patches/patch-ab @@ -1,7 +1,7 @@ -$NetBSD: patch-ab,v 1.3 2001/06/28 23:12:16 jlam Exp $ +$NetBSD: patch-ab,v 1.4 2001/08/17 19:49:10 kim Exp $ ---- configure.in.orig Mon May 28 13:21:44 2001 -+++ configure.in +--- configure.in.orig Mon May 28 20:21:44 2001 ++++ configure.in Fri Aug 17 22:06:34 2001 @@ -131,7 +131,7 @@ ) ;; @@ -20,3 +20,38 @@ $NetBSD: patch-ab,v 1.3 2001/06/28 23:12:16 jlam Exp $ AC_DEFINE(PAM_SUN_CODEBASE) AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(LOGIN_NEEDS_TERM) +@@ -432,6 +432,7 @@ + + # Check whether user wants TCP wrappers support + TCPW_MSG="no" ++TCPW_LIB="" + AC_ARG_WITH(tcp-wrappers, + [ --with-tcp-wrappers Enable tcpwrappers support], + [ +@@ -441,6 +442,8 @@ + AC_MSG_CHECKING(for libwrap) + AC_TRY_LINK( + [ ++#include ++#include + #include + int deny_severity = 0, allow_severity = 0; + ], +@@ -449,14 +452,17 @@ + AC_MSG_RESULT(yes) + AC_DEFINE(LIBWRAP) + TCPW_MSG="yes" ++ TCPW_LIB="-lwrap" + ], + [ + AC_MSG_ERROR([*** libwrap missing]) + ] + ) ++ LIBS="$saved_LIBS" + fi + ] + ) ++AC_SUBST(TCPW_LIB) + + dnl Checks for library functions. + AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_sa clock fchown fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent getusershell glob inet_aton inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv setegid seteuid setlogin setproctitle setresgid setreuid setrlimit setsid setvbuf sigaction sigvec snprintf strerror strlcat strlcpy strmode strsep strtok_r sysconf tcgetpgrp utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop) diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah index 4b4cb470510..eed283fb1b6 100644 --- a/security/openssh/patches/patch-ah +++ b/security/openssh/patches/patch-ah @@ -1,7 +1,7 @@ -$NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $ +$NetBSD: patch-ah,v 1.13 2001/08/17 19:49:10 kim Exp $ ---- Makefile.in.orig Fri Apr 27 09:31:08 2001 -+++ Makefile.in Tue May 15 01:25:53 2001 +--- Makefile.in.orig Fri Apr 27 03:31:08 2001 ++++ Makefile.in Fri Aug 17 21:43:33 2001 @@ -8,6 +8,7 @@ mandir=@mandir@ mansubdir=@mansubdir@ @@ -19,7 +19,24 @@ $NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $ SFTP_SERVER=$(libexecdir)/sftp-server PATHS= -DETCDIR=\"$(sysconfdir)\" \ -@@ -164,7 +165,7 @@ +@@ -29,6 +30,7 @@ + CFLAGS=@CFLAGS@ + CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ ++WRAP=@TCPW_LIB@ + AR=@AR@ + RANLIB=@RANLIB@ + INSTALL=@INSTALL@ +@@ -96,7 +98,7 @@ + $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + + sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) +- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ++ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(WRAP) $(LIBS) + + scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o scp-common.o + $(LD) -o $@ scp.o scp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) +@@ -164,7 +166,7 @@ distprep: catman-do autoreconf @@ -28,7 +45,7 @@ $NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $ install-files: $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) -@@ -173,6 +174,7 @@ +@@ -173,6 +175,7 @@ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) @@ -36,7 +53,7 @@ $NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $ $(INSTALL) -m $(SSH_MODE) -s ssh $(DESTDIR)$(bindir)/ssh $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add -@@ -199,23 +201,11 @@ +@@ -199,23 +202,11 @@ if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ fi @@ -63,7 +80,7 @@ $NetBSD: patch-ah,v 1.12 2001/06/28 23:12:16 jlam Exp $ fi if [ ! -f $(DESTDIR)$(sysconfdir)/primes ]; then \ $(INSTALL) -m 644 primes.out $(DESTDIR)$(sysconfdir)/primes; \ -@@ -248,10 +238,10 @@ +@@ -248,10 +239,10 @@ ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" uninstallall: uninstall -- cgit v1.2.3