Date: Wed, 27 Feb 2002 12:47:38 -0800 (PST) From: Lars Eggert <larse@isi.edu> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/35385: port update: security/ssh2 Message-ID: <200202272047.g1RKlbt73175@hbo.isi.edu>
next in thread | raw e-mail | index | archive | help
>Number: 35385 >Category: ports >Synopsis: port update: security/ssh2 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed Feb 27 12:50:02 PST 2002 >Closed-Date: >Last-Modified: >Originator: Lars Eggert >Release: FreeBSD 4.5-RELEASE i386 >Organization: USC/ISI >Environment: FreeBSD hbo.isi.edu 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Thu Feb 21 16:41:28 PST 2002 root@hbo.isi.edu:/usr/src/sys/compile/KERNEL-1.34 i386 System: FreeBSD hbo.isi.edu 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Thu Feb 21 16:41:28 PST 2002 root@hbo.isi.edu:/usr/src/sys/compile/KERNEL-1.34 i386 >Description: Update security/ssh2 port to 3.1.0_1. Some X11 stuff (forwarding, ssh-askpass2) was silently skipped during build when X11 wasn't installed at port built time. Also install default config files as *.sample instead of overwriting existing ones. >How-To-Repeat: >Fix: diff -uN /usr/ports/security/ssh2/Makefile ./Makefile --- /usr/ports/security/ssh2/Makefile Thu Feb 21 18:52:25 2002 +++ ./Makefile Wed Feb 27 12:42:27 2002 @@ -7,7 +7,8 @@ PORTNAME= ssh2 PORTVERSION= 3.1.0 -CATEGORIES= security +PORTREVISION= 1 +CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/ \ ftp://sunsite.unc.edu/pub/packages/security/ssh/ \ ftp://ftp.kyoto.wide.ad.jp/pub/security/ssh/ \ @@ -23,24 +24,48 @@ #RESTRICTED= "Crypto; export-controlled" GNU_CONFIGURE= YES +CONFIGURE_ARGS= --with-etcdir=${SSH2_ETC} --disable-debug -CONFIGURE_ARGS= --with-etcdir=${PREFIX}/etc/ssh2 -#Uncomment if all your users are in their own group and their homedir -#is writeable by that group. Beware the security implications! -#CONFIGURE_ARGS+= --enable-group-writeability +SSH2_ETC= ${PREFIX}/etc/ssh2 +SSH2_RCD= ${PREFIX}/etc/rc.d +CONFIG_FILES= ssh2_config sshd2_config -.include <bsd.port.pre.mk> +# Uncomment if all your users are in their own group and their homedir +# is writeable by that group. Beware the security implications! +# +#CONFIGURE_ARGS+= --enable-group-writeability -# Include tcp_wrappers support (automaticlly YES if /usr/include/tcpd.h exists) -#WITH_TCPWRAP= yes +# Kerberos support is untested. +# +#.if defined(KRB5_HOME) && exists(${KRB5_HOME}) +#CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --disable-suid-ssh-signer +#.endif -.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP) +# Auto-configure tcp_wrappers support. +# +.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP) && \ + !defined(WITHOUT_TCPWRAP) CONFIGURE_ARGS+= --with-libwrap .elif defined(WITH_TCPWRAP) CONFIGURE_ARGS+= --with-libwrap="-L${LOCALBASE}/lib -lwrap" -LIB_DEPENDS+= wrap.7:${PORTSDIR}/security/tcp_wrapper +LIB_DEPENDS+= wrap.7:${PORTSDIR}/security/tcp_wrapper +.endif + +# Include extra files if X11 is installed. +# +.if defined(WITH_X11) || (exists(${X11BASE}/lib/libX11.a) \ + && !defined(WITHOUT_X11)) +USE_XLIB= yes +PLIST:= ${WRKDIR}/PLIST + +pre-install: + @${CAT} ${PKGDIR}/pkg-plist.x11 ${PKGDIR}/pkg-plist > ${PLIST} +.else +CONFIGURE_ARGS+= --without-x .endif +.include <bsd.port.pre.mk> + MAN1= ssh2.1 ssh-keygen2.1 ssh-add2.1 ssh-agent2.1 scp2.1 sftp2.1 \ sshregex.1 ssh-probe2.1 ssh-dummy-shell.1 ssh-pubkeymgr.1 \ ssh-chrootmgr.1 @@ -54,21 +79,32 @@ PORTDOCS= BUG.REPORT CHANGES FAQ INSTALL LICENSE MANIFEST NEWS README \ REGEX-SYNTAX SSH2.QUICKSTART -post-install: +post-install: install-config-files .if !defined(NOPORTDOCS) ${MKDIR} ${DOCSDIR} .for i in ${PORTDOCS} ${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR} .endfor .endif -# - @if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \ - if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \ - ${ECHO} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \ + @if [ ! -f ${SSH2_ETC}/hostkey ]; then \ + ${ECHO} "Generating a secret host key..."; \ + ${PREFIX}/bin/ssh-keygen2 -P -b 1024 -t dsa ${SSH2_ETC}/hostkey; \ + fi; \ + if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \ + if [ ! -f ${SSH2_RCD}/sshd.sh ]; then \ + ${ECHO} "Installing ${SSH2_RCD}/sshd.sh startup file."; \ ${SED} -e 's+!!PREFIX!!+${PREFIX}+' < ${FILESDIR}/sshd.sh \ - > ${PREFIX}/etc/rc.d/sshd.sh; \ - ${CHMOD} 751 ${PREFIX}/etc/rc.d/sshd.sh; \ + > ${SSH2_RCD}/sshd.sh; \ + ${CHMOD} 751 ${SSH2_RCD}/sshd.sh; \ fi; \ fi + +install-config-files: +.for file in ${CONFIG_FILES} + ${INSTALL_DATA} ${WRKSRC}/apps/ssh/${file} ${SSH2_ETC}/${file}.sample +.if !exists(${SSH2_ETC}/${file}) + ${INSTALL_DATA} ${WRKSRC}/apps/ssh/${file} ${SSH2_ETC} +.endif +.endfor .include <bsd.port.post.mk> Common subdirectories: /usr/ports/security/ssh2/files and ./files diff -uN /usr/ports/security/ssh2/p ./p --- /usr/ports/security/ssh2/p Wed Dec 31 16:00:00 1969 +++ ./p Wed Feb 27 12:46:53 2002 @@ -0,0 +1,112 @@ +diff -uN /usr/ports/security/ssh2/Makefile ./Makefile +--- /usr/ports/security/ssh2/Makefile Thu Feb 21 18:52:25 2002 ++++ ./Makefile Wed Feb 27 12:42:27 2002 +@@ -7,7 +7,8 @@ + + PORTNAME= ssh2 + PORTVERSION= 3.1.0 +-CATEGORIES= security ++PORTREVISION= 1 ++CATEGORIES= security ipv6 + MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/ \ + ftp://sunsite.unc.edu/pub/packages/security/ssh/ \ + ftp://ftp.kyoto.wide.ad.jp/pub/security/ssh/ \ +@@ -23,24 +24,48 @@ + #RESTRICTED= "Crypto; export-controlled" + + GNU_CONFIGURE= YES ++CONFIGURE_ARGS= --with-etcdir=${SSH2_ETC} --disable-debug + +-CONFIGURE_ARGS= --with-etcdir=${PREFIX}/etc/ssh2 +-#Uncomment if all your users are in their own group and their homedir +-#is writeable by that group. Beware the security implications! +-#CONFIGURE_ARGS+= --enable-group-writeability ++SSH2_ETC= ${PREFIX}/etc/ssh2 ++SSH2_RCD= ${PREFIX}/etc/rc.d ++CONFIG_FILES= ssh2_config sshd2_config + +-.include <bsd.port.pre.mk> ++# Uncomment if all your users are in their own group and their homedir ++# is writeable by that group. Beware the security implications! ++# ++#CONFIGURE_ARGS+= --enable-group-writeability + +-# Include tcp_wrappers support (automaticlly YES if /usr/include/tcpd.h exists) +-#WITH_TCPWRAP= yes ++# Kerberos support is untested. ++# ++#.if defined(KRB5_HOME) && exists(${KRB5_HOME}) ++#CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --disable-suid-ssh-signer ++#.endif + +-.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP) ++# Auto-configure tcp_wrappers support. ++# ++.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP) && \ ++ !defined(WITHOUT_TCPWRAP) + CONFIGURE_ARGS+= --with-libwrap + .elif defined(WITH_TCPWRAP) + CONFIGURE_ARGS+= --with-libwrap="-L${LOCALBASE}/lib -lwrap" +-LIB_DEPENDS+= wrap.7:${PORTSDIR}/security/tcp_wrapper ++LIB_DEPENDS+= wrap.7:${PORTSDIR}/security/tcp_wrapper ++.endif ++ ++# Include extra files if X11 is installed. ++# ++.if defined(WITH_X11) || (exists(${X11BASE}/lib/libX11.a) \ ++ && !defined(WITHOUT_X11)) ++USE_XLIB= yes ++PLIST:= ${WRKDIR}/PLIST ++ ++pre-install: ++ @${CAT} ${PKGDIR}/pkg-plist.x11 ${PKGDIR}/pkg-plist > ${PLIST} ++.else ++CONFIGURE_ARGS+= --without-x + .endif + ++.include <bsd.port.pre.mk> ++ + MAN1= ssh2.1 ssh-keygen2.1 ssh-add2.1 ssh-agent2.1 scp2.1 sftp2.1 \ + sshregex.1 ssh-probe2.1 ssh-dummy-shell.1 ssh-pubkeymgr.1 \ + ssh-chrootmgr.1 +@@ -54,21 +79,32 @@ + PORTDOCS= BUG.REPORT CHANGES FAQ INSTALL LICENSE MANIFEST NEWS README \ + REGEX-SYNTAX SSH2.QUICKSTART + +-post-install: ++post-install: install-config-files + .if !defined(NOPORTDOCS) + ${MKDIR} ${DOCSDIR} + .for i in ${PORTDOCS} + ${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR} + .endfor + .endif +-# +- @if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \ +- if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \ +- ${ECHO} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \ ++ @if [ ! -f ${SSH2_ETC}/hostkey ]; then \ ++ ${ECHO} "Generating a secret host key..."; \ ++ ${PREFIX}/bin/ssh-keygen2 -P -b 1024 -t dsa ${SSH2_ETC}/hostkey; \ ++ fi; \ ++ if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \ ++ if [ ! -f ${SSH2_RCD}/sshd.sh ]; then \ ++ ${ECHO} "Installing ${SSH2_RCD}/sshd.sh startup file."; \ + ${SED} -e 's+!!PREFIX!!+${PREFIX}+' < ${FILESDIR}/sshd.sh \ +- > ${PREFIX}/etc/rc.d/sshd.sh; \ +- ${CHMOD} 751 ${PREFIX}/etc/rc.d/sshd.sh; \ ++ > ${SSH2_RCD}/sshd.sh; \ ++ ${CHMOD} 751 ${SSH2_RCD}/sshd.sh; \ + fi; \ + fi ++ ++install-config-files: ++.for file in ${CONFIG_FILES} ++ ${INSTALL_DATA} ${WRKSRC}/apps/ssh/${file} ${SSH2_ETC}/${file}.sample ++.if !exists(${SSH2_ETC}/${file}) ++ ${INSTALL_DATA} ${WRKSRC}/apps/ssh/${file} ${SSH2_ETC} ++.endif ++.endfor + + .include <bsd.port.post.mk> +Common subdirectories: /usr/ports/security/ssh2/files and ./files diff -uN /usr/ports/security/ssh2/pkg-plist ./pkg-plist --- /usr/ports/security/ssh2/pkg-plist Thu Feb 21 18:52:25 2002 +++ ./pkg-plist Wed Feb 27 10:16:32 2002 @@ -6,7 +6,6 @@ bin/ssh-add2 bin/ssh-signer2 bin/ssh-probe2 -bin/ssh-askpass2 bin/ssh-pam-client bin/sftp-server2 bin/ssh-dummy-shell @@ -23,18 +22,13 @@ bin/ssh-signer bin/ssh-probe etc/rc.d/sshd.sh -etc/ssh2/hostkey -etc/ssh2/hostkey.pub -etc/ssh2/sshd2_config -etc/ssh2/ssh2_config +etc/ssh2/sshd2_config.sample +etc/ssh2/ssh2_config.sample etc/ssh2/ssh_dummy_shell.out sbin/sshd2 sbin/sshd-check-conf sbin/sshd -@dirrm etc/ssh2/knownhosts -@dirrm etc/ssh2/hostkeys -@dirrm etc/ssh2 -@exec if [ ! -f %D/etc/ssh2/hostkey ]; then umask 022; echo "Generating 1024 bit host key."; %D/bin/ssh-keygen2 -P -b 1024 -t dsa -c "1024-bit dsa hostkey" -o %D/etc/ssh2/hostkey; fi +@exec if [ ! -f %D/etc/ssh2/hostkey ]; then umask 022; echo "Generating 1024 bit host key."; %D/bin/ssh-keygen2 -P -b 1024 -t dsa %D/etc/ssh2/hostkey; fi %%PORTDOCS%%share/doc/ssh2/BUG.REPORT %%PORTDOCS%%share/doc/ssh2/CHANGES %%PORTDOCS%%share/doc/ssh2/FAQ diff -uN /usr/ports/security/ssh2/pkg-plist.x11 ./pkg-plist.x11 --- /usr/ports/security/ssh2/pkg-plist.x11 Wed Dec 31 16:00:00 1969 +++ ./pkg-plist.x11 Wed Feb 27 09:14:53 2002 @@ -0,0 +1,2 @@ +bin/ssh-askpass2 + Common subdirectories: /usr/ports/security/ssh2/work and ./work >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202272047.g1RKlbt73175>