Date: Wed, 27 Feb 2002 13:50:01 -0800 (PST) From: Lars Eggert <larse@ISI.EDU> To: freebsd-ports@FreeBSD.org Subject: Re: ports/35385: port update: security/ssh2 Message-ID: <200202272150.g1RLo1w98619@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/35385; it has been noted by GNATS. From: Lars Eggert <larse@ISI.EDU> To: freebsd-gnats-submit@FreeBSD.org, larse@ISI.EDU Cc: Subject: Re: ports/35385: port update: security/ssh2 Date: Wed, 27 Feb 2002 13:48:58 -0800 This is a cryptographically signed message in MIME format. --------------ms060502070805080508010609 Content-Type: multipart/mixed; boundary="------------020708010805040504050803" This is a multi-part message in MIME format. --------------020708010805040504050803 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Previous patch was incorrect. Please commit the attached patch instead. -- Lars Eggert <larse@isi.edu> Information Sciences Institute http://www.isi.edu/larse/ University of Southern California --------------020708010805040504050803 Content-Type: text/plain; name="patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="patch" diff -uN /usr/ports/security/ssh2/Makefile ./Makefile --- /usr/ports/security/ssh2/Makefile Thu Feb 21 18:52:25 2002 +++ ./Makefile Wed Feb 27 12:42:27 2002 @@ -7,7 +7,8 @@ PORTNAME= ssh2 PORTVERSION= 3.1.0 -CATEGORIES= security +PORTREVISION= 1 +CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/ \ ftp://sunsite.unc.edu/pub/packages/security/ssh/ \ ftp://ftp.kyoto.wide.ad.jp/pub/security/ssh/ \ @@ -23,24 +24,48 @@ #RESTRICTED= "Crypto; export-controlled" GNU_CONFIGURE= YES +CONFIGURE_ARGS= --with-etcdir=${SSH2_ETC} --disable-debug -CONFIGURE_ARGS= --with-etcdir=${PREFIX}/etc/ssh2 -#Uncomment if all your users are in their own group and their homedir -#is writeable by that group. Beware the security implications! -#CONFIGURE_ARGS+= --enable-group-writeability +SSH2_ETC= ${PREFIX}/etc/ssh2 +SSH2_RCD= ${PREFIX}/etc/rc.d +CONFIG_FILES= ssh2_config sshd2_config -.include <bsd.port.pre.mk> +# Uncomment if all your users are in their own group and their homedir +# is writeable by that group. Beware the security implications! +# +#CONFIGURE_ARGS+= --enable-group-writeability -# Include tcp_wrappers support (automaticlly YES if /usr/include/tcpd.h exists) -#WITH_TCPWRAP= yes +# Kerberos support is untested. +# +#.if defined(KRB5_HOME) && exists(${KRB5_HOME}) +#CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --disable-suid-ssh-signer +#.endif -.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP) +# Auto-configure tcp_wrappers support. +# +.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP) && \ + !defined(WITHOUT_TCPWRAP) CONFIGURE_ARGS+= --with-libwrap .elif defined(WITH_TCPWRAP) CONFIGURE_ARGS+= --with-libwrap="-L${LOCALBASE}/lib -lwrap" -LIB_DEPENDS+= wrap.7:${PORTSDIR}/security/tcp_wrapper +LIB_DEPENDS+= wrap.7:${PORTSDIR}/security/tcp_wrapper +.endif + +# Include extra files if X11 is installed. +# +.if defined(WITH_X11) || (exists(${X11BASE}/lib/libX11.a) \ + && !defined(WITHOUT_X11)) +USE_XLIB= yes +PLIST:= ${WRKDIR}/PLIST + +pre-install: + @${CAT} ${PKGDIR}/pkg-plist.x11 ${PKGDIR}/pkg-plist > ${PLIST} +.else +CONFIGURE_ARGS+= --without-x .endif +.include <bsd.port.pre.mk> + MAN1= ssh2.1 ssh-keygen2.1 ssh-add2.1 ssh-agent2.1 scp2.1 sftp2.1 \ sshregex.1 ssh-probe2.1 ssh-dummy-shell.1 ssh-pubkeymgr.1 \ ssh-chrootmgr.1 @@ -54,21 +79,32 @@ PORTDOCS= BUG.REPORT CHANGES FAQ INSTALL LICENSE MANIFEST NEWS README \ REGEX-SYNTAX SSH2.QUICKSTART -post-install: +post-install: install-config-files .if !defined(NOPORTDOCS) ${MKDIR} ${DOCSDIR} .for i in ${PORTDOCS} ${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR} .endfor .endif -# - @if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \ - if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \ - ${ECHO} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \ + @if [ ! -f ${SSH2_ETC}/hostkey ]; then \ + ${ECHO} "Generating a secret host key..."; \ + ${PREFIX}/bin/ssh-keygen2 -P -b 1024 -t dsa ${SSH2_ETC}/hostkey; \ + fi; \ + if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \ + if [ ! -f ${SSH2_RCD}/sshd.sh ]; then \ + ${ECHO} "Installing ${SSH2_RCD}/sshd.sh startup file."; \ ${SED} -e 's+!!PREFIX!!+${PREFIX}+' < ${FILESDIR}/sshd.sh \ - > ${PREFIX}/etc/rc.d/sshd.sh; \ - ${CHMOD} 751 ${PREFIX}/etc/rc.d/sshd.sh; \ + > ${SSH2_RCD}/sshd.sh; \ + ${CHMOD} 751 ${SSH2_RCD}/sshd.sh; \ fi; \ fi + +install-config-files: +.for file in ${CONFIG_FILES} + ${INSTALL_DATA} ${WRKSRC}/apps/ssh/${file} ${SSH2_ETC}/${file}.sample +.if !exists(${SSH2_ETC}/${file}) + ${INSTALL_DATA} ${WRKSRC}/apps/ssh/${file} ${SSH2_ETC} +.endif +.endfor .include <bsd.port.post.mk> Common subdirectories: /usr/ports/security/ssh2/files and ./files diff -uN /usr/ports/security/ssh2/pkg-plist ./pkg-plist --- /usr/ports/security/ssh2/pkg-plist Thu Feb 21 18:52:25 2002 +++ ./pkg-plist Wed Feb 27 10:16:32 2002 @@ -6,7 +6,6 @@ bin/ssh-add2 bin/ssh-signer2 bin/ssh-probe2 -bin/ssh-askpass2 bin/ssh-pam-client bin/sftp-server2 bin/ssh-dummy-shell @@ -23,18 +22,13 @@ bin/ssh-signer bin/ssh-probe etc/rc.d/sshd.sh -etc/ssh2/hostkey -etc/ssh2/hostkey.pub -etc/ssh2/sshd2_config -etc/ssh2/ssh2_config +etc/ssh2/sshd2_config.sample +etc/ssh2/ssh2_config.sample etc/ssh2/ssh_dummy_shell.out sbin/sshd2 sbin/sshd-check-conf sbin/sshd -@dirrm etc/ssh2/knownhosts -@dirrm etc/ssh2/hostkeys -@dirrm etc/ssh2 -@exec if [ ! -f %D/etc/ssh2/hostkey ]; then umask 022; echo "Generating 1024 bit host key."; %D/bin/ssh-keygen2 -P -b 1024 -t dsa -c "1024-bit dsa hostkey" -o %D/etc/ssh2/hostkey; fi +@exec if [ ! -f %D/etc/ssh2/hostkey ]; then umask 022; echo "Generating 1024 bit host key."; %D/bin/ssh-keygen2 -P -b 1024 -t dsa %D/etc/ssh2/hostkey; fi %%PORTDOCS%%share/doc/ssh2/BUG.REPORT %%PORTDOCS%%share/doc/ssh2/CHANGES %%PORTDOCS%%share/doc/ssh2/FAQ diff -uN /usr/ports/security/ssh2/pkg-plist.x11 ./pkg-plist.x11 --- /usr/ports/security/ssh2/pkg-plist.x11 Wed Dec 31 16:00:00 1969 +++ ./pkg-plist.x11 Wed Feb 27 09:14:53 2002 @@ -0,0 +1,2 @@ +bin/ssh-askpass2 + --------------020708010805040504050803-- --------------ms060502070805080508010609 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIInzCC ArUwggIeoAMCAQICAwWBRzANBgkqhkiG9w0BAQIFADCBkjELMAkGA1UEBhMCWkExFTATBgNV BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUx HTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVl bWFpbCBSU0EgMjAwMC44LjMwMB4XDTAxMDgyNDE2NDAwMFoXDTAyMDgyNDE2NDAwMFowVDEP MA0GA1UEBBMGRWdnZXJ0MQ0wCwYDVQQqEwRMYXJzMRQwEgYDVQQDEwtMYXJzIEVnZ2VydDEc MBoGCSqGSIb3DQEJARYNbGFyc2VAaXNpLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEA0AvLBsD78nxcUHeHkaMgl3b4qYPnfgbf8Lh+HQP8RgGMRG/Yb+vTpkGezlwt9pkJxiD1 1uZDy4CNNJUu3gKxKSb+zRV70O+lkwwftuHoLHoH4xwo3LcQ2LGDpd+I95tUN4dfJ3TmeEcU SF50dC/SuUI4w8AlhXQ8IxrhgdayTpECAwEAAaNWMFQwKgYFK2UBBAEEITAfAgEAMBowGAIB BAQTTDJ1TXlmZkJOVWJOSkpjZFoyczAYBgNVHREEETAPgQ1sYXJzZUBpc2kuZWR1MAwGA1Ud EwEB/wQCMAAwDQYJKoZIhvcNAQECBQADgYEAheZhn0pQA8zI7U2K1ZIAl11j0a1DKxnp3GtT vOUrGRB3WvYxidvdZ1kizhEsWeXU81TkNDH0DaRqtOEeu6Q2OhB+jeKEqY7IDAJE4/fI0e+d 6PnG1hd+vEvYmsKHkmzBhPc94XUOKNWO+qVNP2NGyNI3QIDy5wX4fdcOo1S34r4wggK1MIIC HqADAgECAgMFgUcwDQYJKoZIhvcNAQECBQAwgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxX ZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYD VQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwg UlNBIDIwMDAuOC4zMDAeFw0wMTA4MjQxNjQwMDBaFw0wMjA4MjQxNjQwMDBaMFQxDzANBgNV BAQTBkVnZ2VydDENMAsGA1UEKhMETGFyczEUMBIGA1UEAxMLTGFycyBFZ2dlcnQxHDAaBgkq hkiG9w0BCQEWDWxhcnNlQGlzaS5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANAL ywbA+/J8XFB3h5GjIJd2+KmD534G3/C4fh0D/EYBjERv2G/r06ZBns5cLfaZCcYg9dbmQ8uA jTSVLt4CsSkm/s0Ve9DvpZMMH7bh6Cx6B+McKNy3ENixg6XfiPebVDeHXyd05nhHFEhedHQv 0rlCOMPAJYV0PCMa4YHWsk6RAgMBAAGjVjBUMCoGBStlAQQBBCEwHwIBADAaMBgCAQQEE0wy dU15ZmZCTlViTkpKY2RaMnMwGAYDVR0RBBEwD4ENbGFyc2VAaXNpLmVkdTAMBgNVHRMBAf8E AjAAMA0GCSqGSIb3DQEBAgUAA4GBAIXmYZ9KUAPMyO1NitWSAJddY9GtQysZ6dxrU7zlKxkQ d1r2MYnb3WdZIs4RLFnl1PNU5DQx9A2karThHrukNjoQfo3ihKmOyAwCROP3yNHvnej5xtYX frxL2JrCh5JswYT3PeF1DijVjvqlTT9jRsjSN0CA8ucF+H3XDqNUt+K+MIIDKTCCApKgAwIB AgIBDDANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g Q2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEo MCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhh d3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVl bWFpbEB0aGF3dGUuY29tMB4XDTAwMDgzMDAwMDAwMFoXDTAyMDgyOTIzNTk1OVowgZIxCzAJ BgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEP MA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UE AxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMDCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEA3jMypmPHCSVFPtJueCdngcXaiBmClw7jRCmKYzUqbXA8+tyu9+50bzC8M5B/ +TRxoKNtmPHDT6Jl2w36S/HW3WGl+YXNVZo1Gp2Sdagnrthy+boC9tewkd4c6avgGAOofENC UFGHgzzwObSbVIoTh/+zm51JZgAtCYnslGvpoWkCAwEAAaNOMEwwKQYDVR0RBCIwIKQeMBwx GjAYBgNVBAMTEVByaXZhdGVMYWJlbDEtMjk3MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0P BAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBAHMbbyZli/8VNEtZYortRL5Jx+gNu4+5DWomKmKE H7iHY3QcbbfPGlORS+HN5jjZ7VD0Omw0kqzmkpxuwSMBwgmn70uuct0GZ/VQby5YuLYLwVBX tewc1+8XttWIm7eiiBrtOVs5fTT8tpYYJU1q9J3Fw5EvqZa4BTxS/N3pYgNIMYICpjCCAqIC AQEwgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcT CUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2 aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAIDBYFHMAkG BSsOAwIaBQCgggFhMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X DTAyMDIyNzIxNDg1OFowIwYJKoZIhvcNAQkEMRYEFAarh/ofhyHnX8+r6NsQ9eeEWTtyMFIG CSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMC AgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGtBgsqhkiG9w0BCRACCzGBnaCBmjCBkjEL MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du MQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYD VQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0EgMjAwMC44LjMwAgMFgUcwDQYJKoZIhvcNAQEB BQAEgYCgXcRmAWmUmoqLLHEYxuPwuG81B3+asV4Yn1mGxgthqMFW7LipOcVNEl/nIFXfIvYS XmZLy2vth30ODj+7wahKl8Sw9lJ01OXMKiBsc9SJHUH/cQGiL82LZmO7+Z2BhJ7ZRyL6Ms1t 3LMFxsqhNtQqKoYvP4vxWz0Q0Oc/sfjlCAAAAAAAAA== --------------ms060502070805080508010609-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202272150.g1RLo1w98619>