From 65f80e9447f73233b8410039524fa81ca7eecb2d Mon Sep 17 00:00:00 2001 From: reed Date: Thu, 28 Jul 2005 17:54:57 +0000 Subject: MESSAGE file removed. As mentioned on tech-pkg in May, /etc/ssh.conf and /etc/sshd.conf is old (and I assume some configurations from there don't apply any more), user and group are not created automatically (only if PKG_CREATE_USERGROUP is at default YES), UsePrivilegeSeparation is the default, and seems to imply that openssh is insecure without it. Bump PKGREVISION. Change comment regarding MESSAGE.Interix. Removed unused MESSAGE_SUBST settings. Move one to the options.mk as it is for "pam" only. --- security/openssh/MESSAGE | 17 ----------------- security/openssh/Makefile | 10 +++------- security/openssh/options.mk | 3 ++- 3 files changed, 5 insertions(+), 25 deletions(-) delete mode 100644 security/openssh/MESSAGE (limited to 'security') diff --git a/security/openssh/MESSAGE b/security/openssh/MESSAGE deleted file mode 100644 index e5bfe283e89..00000000000 --- a/security/openssh/MESSAGE +++ /dev/null @@ -1,17 +0,0 @@ -=========================================================================== -$NetBSD: MESSAGE,v 1.11 2002/09/24 12:30:34 wiz Exp $ - - *===* NOTICE *===* - -If you have existing config files for OpenSSH located at /etc/ssh.conf -and /etc/sshd.conf, then you will have to copy them: - - /etc/ssh.conf --> ${PKG_SYSCONFDIR}/ssh_config - /etc/sshd.conf --> ${PKG_SYSCONFDIR}/sshd_config - -The `${OPENSSH_USER}' user and `${OPENSSH_GROUP}' group used for -privilege separation have been created if they did not already exist. -For security reasons, UsePrivilegeSeparation has to be yes -(the default value). - -=========================================================================== diff --git a/security/openssh/Makefile b/security/openssh/Makefile index b7b2c6f6398..ed724627608 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.153 2005/07/20 05:27:14 reed Exp $ +# $NetBSD: Makefile,v 1.154 2005/07/28 17:54:57 reed Exp $ DISTNAME= openssh-3.9p1 PKGNAME= openssh-3.9.1 -PKGREVISION= 7 +PKGREVISION= 8 SVR4_PKGNAME= ossh CATEGORIES= security MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ @@ -32,14 +32,13 @@ CRYPTO= yes BUILD_DEFS+= USE_INET6 INSTALL_TARGET= install-nokeys -MESSAGE_SRC= ${.CURDIR}/MESSAGE PLIST_SRC= # empty .include "options.mk" .if ${OPSYS} == "Interix" -# normal MESSAGE does not apply, as privsep is not in use +# OpenSSH on Interix has some important caveats MESSAGE_SRC= ${.CURDIR}/MESSAGE.Interix BUILDLINK_PASSTHRU_DIRS+= /usr/local/include/bind /usr/local/lib/bind CONFIGURE_ENV+= ac_cv_func_openpty=no @@ -144,9 +143,6 @@ RCD_SCRIPTS= sshd PLIST_SRC+= ${.CURDIR}/PLIST FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR} -MESSAGE_SUBST+= EGDIR=${EGDIR} -MESSAGE_SUBST+= OPENSSH_USER=${OPENSSH_USER} -MESSAGE_SUBST+= OPENSSH_GROUP=${OPENSSH_GROUP} INSTALL_EXTRA_TMPL+= ${.CURDIR}/INSTALL diff --git a/security/openssh/options.mk b/security/openssh/options.mk index 14625acacca..b395caf99c0 100644 --- a/security/openssh/options.mk +++ b/security/openssh/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.4 2005/05/31 11:24:33 dillo Exp $ +# $NetBSD: options.mk,v 1.5 2005/07/28 17:54:57 reed Exp $ .include "../../mk/bsd.prefs.mk" @@ -29,4 +29,5 @@ PATCH_DIST_STRIP= -p1 CONFIGURE_ARGS+= --with-pam PLIST_SRC+= ${.CURDIR}/PLIST.pam MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam +MESSAGE_SUBST+= EGDIR=${EGDIR} .endif -- cgit v1.2.3