head	1.167;
access;
symbols
	RELEASE_8_3_0:1.157
	RELEASE_9_0_0:1.155
	RELEASE_7_4_0:1.151
	RELEASE_8_2_0:1.151
	RELEASE_6_EOL:1.150
	RELEASE_8_1_0:1.147
	RELEASE_7_3_0:1.144
	RELEASE_8_0_0:1.141
	RELEASE_7_2_0:1.132
	RELEASE_7_1_0:1.127
	RELEASE_6_4_0:1.127
	RELEASE_5_EOL:1.125
	RELEASE_7_0_0:1.123
	RELEASE_6_3_0:1.123
	PRE_XORG_7:1.118
	RELEASE_4_EOL:1.116
	RELEASE_6_2_0:1.114
	RELEASE_6_1_0:1.105
	RELEASE_5_5_0:1.105
	RELEASE_6_0_0:1.97
	RELEASE_5_4_0:1.95
	RELEASE_4_11_0:1.94
	RELEASE_5_3_0:1.92
	RELEASE_4_10_0:1.89
	RELEASE_5_2_1:1.85
	RELEASE_5_2_0:1.85
	RELEASE_4_9_0:1.76
	RELEASE_5_1_0:1.70
	RELEASE_4_8_0:1.61
	RELEASE_5_0_0:1.59
	RELEASE_4_7_0:1.56
	RELEASE_4_6_2:1.33
	RELEASE_4_6_1:1.33
	RELEASE_4_6_0:1.33
	RELEASE_5_0_DP1:1.29
	RELEASE_4_5_0:1.18
	RELEASE_4_4_0:1.7;
locks; strict;
comment	@# @;


1.167
date	2013.02.08.07.49.56;	author svnexp;	state Exp;
branches;
next	1.166;

1.166
date	2012.12.05.22.36.31;	author svnexp;	state Exp;
branches;
next	1.165;

1.165
date	2012.11.17.06.01.09;	author svnexp;	state Exp;
branches;
next	1.164;

1.164
date	2012.10.29.15.08.30;	author bdrewery;	state Exp;
branches;
next	1.163;

1.163
date	2012.10.13.17.13.33;	author eadler;	state Exp;
branches;
next	1.162;

1.162
date	2012.08.05.23.05.24;	author dougb;	state Exp;
branches;
next	1.161;

1.161
date	2012.06.24.17.51.21;	author sunpoet;	state Exp;
branches;
next	1.160;

1.160
date	2012.06.13.03.02.04;	author eadler;	state Exp;
branches;
next	1.159;

1.159
date	2012.05.01.09.56.31;	author sunpoet;	state Exp;
branches;
next	1.158;

1.158
date	2012.03.28.18.04.42;	author scheidell;	state Exp;
branches;
next	1.157;

1.157
date	2011.12.23.12.52.28;	author scheidell;	state Exp;
branches;
next	1.156;

1.156
date	2011.12.23.12.24.23;	author scheidell;	state Exp;
branches;
next	1.155;

1.155
date	2011.10.21.16.18.56;	author flo;	state Exp;
branches;
next	1.154;

1.154
date	2011.07.19.02.05.33;	author stephen;	state Exp;
branches;
next	1.153;

1.153
date	2011.07.13.21.47.05;	author stephen;	state Exp;
branches;
next	1.152;

1.152
date	2011.03.11.17.11.08;	author skv;	state Exp;
branches;
next	1.151;

1.151
date	2010.12.27.09.58.51;	author ale;	state Exp;
branches;
next	1.150;

1.150
date	2010.11.21.23.48.49;	author rene;	state Exp;
branches;
next	1.149;

1.149
date	2010.08.31.02.46.43;	author pgollucci;	state Exp;
branches;
next	1.148;

1.148
date	2010.08.22.23.20.16;	author linimon;	state Exp;
branches;
next	1.147;

1.147
date	2010.05.04.09.14.22;	author pav;	state Exp;
branches;
next	1.146;

1.146
date	2010.04.18.21.40.14;	author erwin;	state Exp;
branches;
next	1.145;

1.145
date	2010.03.27.06.14.01;	author dougb;	state Exp;
branches;
next	1.144;

1.144
date	2009.12.16.16.43.21;	author amdmi3;	state Exp;
branches;
next	1.143;

1.143
date	2009.11.02.08.08.45;	author lioux;	state Exp;
branches;
next	1.142;

1.142
date	2009.09.30.21.09.06;	author pav;	state Exp;
branches;
next	1.141;

1.141
date	2009.09.23.18.44.47;	author pav;	state Exp;
branches;
next	1.140;

1.140
date	2009.09.18.14.05.52;	author pav;	state Exp;
branches;
next	1.139;

1.139
date	2009.08.08.07.13.49;	author pav;	state Exp;
branches;
next	1.138;

1.138
date	2009.06.27.14.52.57;	author nork;	state Exp;
branches;
next	1.137;

1.137
date	2009.06.23.17.15.33;	author pgollucci;	state Exp;
branches;
next	1.136;

1.136
date	2009.05.19.10.13.28;	author osa;	state Exp;
branches;
next	1.135;

1.135
date	2009.05.17.03.00.11;	author nork;	state Exp;
branches;
next	1.134;

1.134
date	2009.05.15.11.00.27;	author pav;	state Exp;
branches;
next	1.133;

1.133
date	2009.04.22.06.01.39;	author sumikawa;	state Exp;
branches;
next	1.132;

1.132
date	2009.03.24.17.41.44;	author pav;	state Exp;
branches;
next	1.131;

1.131
date	2009.03.24.17.41.06;	author pav;	state Exp;
branches;
next	1.130;

1.130
date	2009.03.24.17.33.41;	author pav;	state Exp;
branches;
next	1.129;

1.129
date	2009.03.24.17.26.17;	author pav;	state Exp;
branches;
next	1.128;

1.128
date	2008.11.11.13.03.40;	author skv;	state Exp;
branches;
next	1.127;

1.127
date	2008.08.21.06.18.19;	author rafan;	state Exp;
branches;
next	1.126;

1.126
date	2008.06.22.19.26.07;	author pav;	state Exp;
branches;
next	1.125;

1.125
date	2008.04.19.13.46.24;	author mnag;	state Exp;
branches;
next	1.124;

1.124
date	2008.01.16.13.09.00;	author mnag;	state Exp;
branches;
next	1.123;

1.123
date	2007.10.05.12.41.25;	author mnag;	state Exp;
branches;
next	1.122;

1.122
date	2007.10.04.06.00.22;	author edwin;	state Exp;
branches;
next	1.121;

1.121
date	2007.09.08.01.18.31;	author mnag;	state Exp;
branches;
next	1.120;

1.120
date	2007.08.30.15.40.39;	author mnag;	state Exp;
branches;
next	1.119;

1.119
date	2007.07.23.09.36.31;	author rafan;	state Exp;
branches;
next	1.118;

1.118
date	2007.03.12.22.13.18;	author mnag;	state Exp;
branches;
next	1.117;

1.117
date	2007.02.06.11.49.46;	author rafan;	state Exp;
branches;
next	1.116;

1.116
date	2006.11.17.18.58.43;	author ale;	state Exp;
branches;
next	1.115;

1.115
date	2006.11.10.13.11.49;	author mnag;	state Exp;
branches;
next	1.114;

1.114
date	2006.10.17.13.27.17;	author mnag;	state Exp;
branches;
next	1.113;

1.113
date	2006.10.07.21.06.55;	author mnag;	state Exp;
branches;
next	1.112;

1.112
date	2006.10.04.13.53.54;	author mnag;	state Exp;
branches;
next	1.111;

1.111
date	2006.10.01.19.37.54;	author mnag;	state Exp;
branches;
next	1.110;

1.110
date	2006.10.01.02.15.00;	author mnag;	state Exp;
branches;
next	1.109;

1.109
date	2006.08.29.19.47.07;	author ale;	state Exp;
branches;
next	1.108;

1.108
date	2006.08.09.12.49.15;	author simon;	state Exp;
branches;
next	1.107;

1.107
date	2006.07.04.20.10.24;	author mnag;	state Exp;
branches;
next	1.106;

1.106
date	2006.06.12.16.56.35;	author ale;	state Exp;
branches;
next	1.105;

1.105
date	2006.02.21.19.28.37;	author mnag;	state Exp;
branches;
next	1.104;

1.104
date	2006.02.11.23.59.28;	author mnag;	state Exp;
branches;
next	1.103;

1.103
date	2006.02.11.23.55.26;	author mnag;	state Exp;
branches;
next	1.102;

1.102
date	2006.02.07.20.07.53;	author mnag;	state Exp;
branches;
next	1.101;

1.101
date	2006.02.07.20.04.25;	author mnag;	state Exp;
branches;
next	1.100;

1.100
date	2005.09.16.17.58.31;	author mnag;	state Exp;
branches;
next	1.99;

1.99
date	2005.09.06.12.36.30;	author garga;	state Exp;
branches;
next	1.98;

1.98
date	2005.09.01.19.24.36;	author garga;	state Exp;
branches;
next	1.97;

1.97
date	2005.06.06.19.09.04;	author pav;	state Exp;
branches;
next	1.96;

1.96
date	2005.04.11.21.31.07;	author pav;	state Exp;
branches;
next	1.95;

1.95
date	2005.03.20.01.00.03;	author ahze;	state Exp;
branches;
next	1.94;

1.94
date	2004.10.14.05.26.27;	author dinoex;	state Exp;
branches;
next	1.93;

1.93
date	2004.10.12.04.43.52;	author dinoex;	state Exp;
branches;
next	1.92;

1.92
date	2004.08.18.11.35.53;	author dinoex;	state Exp;
branches;
next	1.91;

1.91
date	2004.04.29.03.48.57;	author dinoex;	state Exp;
branches;
next	1.90;

1.90
date	2004.04.29.03.04.27;	author dinoex;	state Exp;
branches;
next	1.89;

1.89
date	2004.04.03.05.18.28;	author dinoex;	state Exp;
branches;
next	1.88;

1.88
date	2004.03.26.19.56.41;	author dinoex;	state Exp;
branches;
next	1.87;

1.87
date	2004.02.26.05.47.06;	author dinoex;	state Exp;
branches;
next	1.86;

1.86
date	2004.02.25.12.32.57;	author dinoex;	state Exp;
branches;
next	1.85;

1.85
date	2003.10.18.10.45.34;	author dinoex;	state Exp;
branches;
next	1.84;

1.84
date	2003.10.13.14.16.40;	author dinoex;	state Exp;
branches;
next	1.83;

1.83
date	2003.10.13.04.05.54;	author dinoex;	state Exp;
branches;
next	1.82;

1.82
date	2003.10.12.11.53.30;	author dinoex;	state Exp;
branches;
next	1.81;

1.81
date	2003.10.10.03.52.03;	author dinoex;	state Exp;
branches;
next	1.80;

1.80
date	2003.09.28.18.41.51;	author dinoex;	state Exp;
branches;
next	1.79;

1.79
date	2003.09.26.18.13.52;	author dinoex;	state Exp;
branches;
next	1.78;

1.78
date	2003.09.26.02.42.39;	author dinoex;	state Exp;
branches;
next	1.77;

1.77
date	2003.09.25.17.08.02;	author dinoex;	state Exp;
branches;
next	1.76;

1.76
date	2003.09.23.19.16.49;	author dinoex;	state Exp;
branches;
next	1.75;

1.75
date	2003.09.17.16.07.48;	author nectar;	state Exp;
branches;
next	1.74;

1.74
date	2003.09.17.12.03.11;	author dinoex;	state Exp;
branches;
next	1.73;

1.73
date	2003.09.16.12.43.10;	author nectar;	state Exp;
branches;
next	1.72;

1.72
date	2003.08.30.08.02.38;	author dinoex;	state Exp;
branches;
next	1.71;

1.71
date	2003.08.28.15.38.18;	author dinoex;	state Exp;
branches;
next	1.70;

1.70
date	2003.05.07.20.04.49;	author dinoex;	state Exp;
branches;
next	1.69;

1.69
date	2003.04.30.05.44.38;	author dinoex;	state Exp;
branches;
next	1.68;

1.68
date	2003.04.15.18.50.02;	author dinoex;	state Exp;
branches;
next	1.67;

1.67
date	2003.04.13.11.47.23;	author dinoex;	state Exp;
branches;
next	1.66;

1.66
date	2003.04.03.19.35.36;	author dinoex;	state Exp;
branches;
next	1.65;

1.65
date	2003.04.02.04.26.55;	author dinoex;	state Exp;
branches;
next	1.64;

1.64
date	2003.04.01.04.10.29;	author dinoex;	state Exp;
branches;
next	1.63;

1.63
date	2003.04.01.03.02.56;	author dinoex;	state Exp;
branches;
next	1.62;

1.62
date	2003.03.23.04.48.27;	author dinoex;	state Exp;
branches;
next	1.61;

1.61
date	2003.02.20.18.26.41;	author dinoex;	state Exp;
branches;
next	1.60;

1.60
date	2003.01.02.04.21.59;	author dinoex;	state Exp;
branches;
next	1.59;

1.59
date	2002.11.21.22.00.45;	author dinoex;	state Exp;
branches;
next	1.58;

1.58
date	2002.10.20.16.02.10;	author dinoex;	state Exp;
branches;
next	1.57;

1.57
date	2002.10.17.04.40.18;	author dinoex;	state Exp;
branches;
next	1.56;

1.56
date	2002.08.06.19.31.24;	author dinoex;	state Exp;
branches;
next	1.55;

1.55
date	2002.07.27.06.20.28;	author dinoex;	state Exp;
branches;
next	1.54;

1.54
date	2002.07.24.20.47.21;	author dinoex;	state Exp;
branches;
next	1.53;

1.53
date	2002.07.22.05.28.52;	author dinoex;	state Exp;
branches;
next	1.52;

1.52
date	2002.07.15.20.08.01;	author dinoex;	state Exp;
branches;
next	1.51;

1.51
date	2002.07.07.18.55.26;	author dinoex;	state Exp;
branches;
next	1.50;

1.50
date	2002.07.04.18.29.18;	author dinoex;	state Exp;
branches;
next	1.49;

1.49
date	2002.06.30.19.31.10;	author dinoex;	state Exp;
branches;
next	1.48;

1.48
date	2002.06.28.06.18.24;	author dinoex;	state Exp;
branches;
next	1.47;

1.47
date	2002.06.28.05.28.07;	author dinoex;	state Exp;
branches;
next	1.46;

1.46
date	2002.06.26.17.32.02;	author dinoex;	state Exp;
branches;
next	1.45;

1.45
date	2002.06.26.15.21.27;	author dinoex;	state Exp;
branches;
next	1.44;

1.44
date	2002.06.26.12.22.24;	author dinoex;	state Exp;
branches;
next	1.43;

1.43
date	2002.06.26.07.06.14;	author dinoex;	state Exp;
branches;
next	1.42;

1.42
date	2002.06.26.04.05.57;	author dinoex;	state Exp;
branches;
next	1.41;

1.41
date	2002.06.25.04.59.10;	author dinoex;	state Exp;
branches;
next	1.40;

1.40
date	2002.06.24.23.04.37;	author dinoex;	state Exp;
branches;
next	1.39;

1.39
date	2002.06.22.16.24.04;	author dinoex;	state Exp;
branches;
next	1.38;

1.38
date	2002.06.16.15.03.10;	author dinoex;	state Exp;
branches;
next	1.37;

1.37
date	2002.06.08.05.22.20;	author dinoex;	state Exp;
branches;
next	1.36;

1.36
date	2002.06.04.06.54.36;	author dinoex;	state Exp;
branches;
next	1.35;

1.35
date	2002.05.31.20.51.48;	author dinoex;	state Exp;
branches;
next	1.34;

1.34
date	2002.05.31.07.28.46;	author dinoex;	state Exp;
branches;
next	1.33;

1.33
date	2002.05.09.10.28.18;	author dinoex;	state Exp;
branches;
next	1.32;

1.32
date	2002.05.07.09.18.40;	author sobomax;	state Exp;
branches;
next	1.31;

1.31
date	2002.05.04.04.38.11;	author dinoex;	state Exp;
branches;
next	1.30;

1.30
date	2002.05.03.03.02.30;	author dinoex;	state Exp;
branches;
next	1.29;

1.29
date	2002.03.25.05.39.16;	author dinoex;	state Exp;
branches;
next	1.28;

1.28
date	2002.03.23.04.08.33;	author dinoex;	state Exp;
branches;
next	1.27;

1.27
date	2002.03.17.20.24.24;	author dinoex;	state Exp;
branches;
next	1.26;

1.26
date	2002.03.15.19.39.21;	author dinoex;	state Exp;
branches;
next	1.25;

1.25
date	2002.03.09.12.51.44;	author dinoex;	state Exp;
branches;
next	1.24;

1.24
date	2002.03.08.17.45.47;	author wollman;	state Exp;
branches;
next	1.23;

1.23
date	2002.03.08.17.44.30;	author wollman;	state Exp;
branches;
next	1.22;

1.22
date	2002.03.08.05.54.04;	author dinoex;	state Exp;
branches;
next	1.21;

1.21
date	2002.03.06.13.53.38;	author nectar;	state Exp;
branches;
next	1.20;

1.20
date	2002.02.17.15.00.25;	author dinoex;	state Exp;
branches;
next	1.19;

1.19
date	2002.01.28.07.23.21;	author dinoex;	state Exp;
branches;
next	1.18;

1.18
date	2002.01.05.11.37.49;	author dinoex;	state Exp;
branches;
next	1.17;

1.17
date	2002.01.04.17.18.35;	author dinoex;	state Exp;
branches;
next	1.16;

1.16
date	2002.01.02.21.09.52;	author dinoex;	state Exp;
branches;
next	1.15;

1.15
date	2002.01.02.19.45.38;	author dinoex;	state Exp;
branches;
next	1.14;

1.14
date	2001.12.02.06.52.42;	author dinoex;	state Exp;
branches;
next	1.13;

1.13
date	2001.12.01.20.25.47;	author dinoex;	state Exp;
branches;
next	1.12;

1.12
date	2001.11.19.22.29.20;	author dwcjr;	state Exp;
branches;
next	1.11;

1.11
date	2001.11.18.08.43.00;	author dinoex;	state Exp;
branches;
next	1.10;

1.10
date	2001.11.07.13.47.51;	author dinoex;	state Exp;
branches;
next	1.9;

1.9
date	2001.10.24.07.16.46;	author dinoex;	state Exp;
branches;
next	1.8;

1.8
date	2001.10.03.15.19.23;	author dinoex;	state Exp;
branches;
next	1.7;

1.7
date	2001.08.19.17.22.37;	author dinoex;	state Exp;
branches;
next	1.6;

1.6
date	2001.08.19.15.46.02;	author dinoex;	state Exp;
branches;
next	1.5;

1.5
date	2001.08.01.10.56.24;	author dinoex;	state Exp;
branches;
next	1.4;

1.4
date	2001.06.10.20.08.31;	author dwcjr;	state Exp;
branches;
next	1.3;

1.3
date	2001.06.09.08.22.15;	author dinoex;	state Exp;
branches;
next	1.2;

1.2
date	2001.06.08.19.17.55;	author dwcjr;	state Exp;
branches;
next	1.1;

1.1
date	2001.06.01.14.49.32;	author dinoex;	state Exp;
branches;
next	;


desc
@@


1.167
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/311891
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@# Created by: dwcjr@@inethouston.net
# $FreeBSD: head/security/openssh-portable/Makefile 311891 2013-02-08 00:03:18Z bdrewery $

PORTNAME=	openssh
DISTVERSION=	5.8p2
PORTREVISION=	4
PORTEPOCH=	1
CATEGORIES=	security ipv6
MASTER_SITES=	${MASTER_SITE_OPENBSD}
MASTER_SITE_SUBDIR=	OpenSSH/portable
PKGNAMESUFFIX=	-portable

MAINTAINER=	bdrewery@@FreeBSD.org
COMMENT=	The portable version of OpenBSD's OpenSSH

WRKSRC=		${WRKDIR}/${PORTNAME}-${DISTVERSION}

MAN1=	sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1
MLINKS=	ssh.1 slogin.1
MAN5=	moduli.5 ssh_config.5 sshd_config.5
MAN8=	sftp-server.8 sshd.8 ssh-keysign.8 ssh-pkcs11-helper.8

CONFLICTS?=		openssh-3.* ssh-1.* ssh2-3.*

USE_PERL5_BUILD=	yes
USE_OPENSSL=		yes
GNU_CONFIGURE=		yes
CONFIGURE_ENV=		ac_cv_func_strnvis=no
CONFIGURE_ARGS=		--prefix=${PREFIX} --with-md5-passwords \
			--without-zlib-version-check --with-ssl-engine
PRECIOUS=		ssh_config sshd_config ssh_host_key ssh_host_key.pub \
			ssh_host_rsa_key ssh_host_rsa_key.pub ssh_host_dsa_key \
			ssh_host_dsa_key.pub
ETCOLD=			${PREFIX}/etc

SUDO?=		# empty
MAKE_ENV+=	SUDO="${SUDO}"

OPTIONS_DEFINE=		PAM TCP_WRAPPERS LIBEDIT SUID_SSH BSM KERBEROS \
			KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 FILECONTROL \
			OVERWRITE_BASE
OPTIONS_DEFAULT=	LIBEDIT PAM TCP_WRAPPERS
TCP_WRAPPERS_DESC=	Enable tcp_wrappers support
SUID_SSH_DESC=		Enable suid SSH (Recommended off)
BSM_DESC=		Enable OpenBSM Auditing
KERB_GSSAPI_DESC=	Enable Kerberos/GSSAPI patch (req: GSSAPI)
OPENSSH_CHROOT_DESC=	Enable CHROOT support
HPN_DESC=		Enable HPN-SSH patch
LPK_DESC=		Enable LDAP Public Key (LPK) patch
X509_DESC=		Enable x509 certificate patch
FILECONTROL_DESC=	Enable file control patch (broken)
OVERWRITE_BASE_DESC=	OpenSSH overwrite base

.include <bsd.port.pre.mk>

.if ${OSVERSION} >= 900000
EXTRA_PATCHES=	${FILESDIR}/extra-patch-configure
.endif

.if ${OSVERSION} >= 900007
CONFIGURE_ARGS+=	--disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog
.endif

.if ${PORT_OPTIONS:MX509} && ${PORT_OPTIONS:MHPN}
BROKEN=		X509 patches and HPN patches do not apply cleanly together
.endif

.if ${PORT_OPTIONS:MX509} && ${PORT_OPTIONS:MKERB_GSSAPI}
BROKEN=		X509 patch incompatible with KERB_GSSAPI patch
.endif

.if defined(OPENSSH_OVERWRITE_BASE)
PORT_OPTIONS+=		OVERWRITE_BASE
.endif

.if ${PORT_OPTIONS:MPAM} && exists(/usr/include/security/pam_modules.h)
CONFIGURE_ARGS+=	--with-pam
.endif

.if ${PORT_OPTIONS:MTCP_WRAPPERS} && exists(/usr/include/tcpd.h)
CONFIGURE_ARGS+=	--with-tcp-wrappers
.endif

.if ${PORT_OPTIONS:MLIBEDIT}
CONFIGURE_ARGS+=	--with-libedit
.endif

.if !${PORT_OPTIONS:MSUID_SSH}
CONFIGURE_ARGS+=	--disable-suid-ssh
.endif

.if ${PORT_OPTIONS:MBSM}
CONFIGURE_ARGS+=	--with-audit=bsm
.endif

.if ${PORT_OPTIONS:MKERBEROS}
CONFIGURE_ARGS+=	--with-kerberos5
LIB_DEPENDS+=		krb5.3:${PORTSDIR}/security/krb5
.if ${PORT_OPTIONS:MKERB_GSSAPI}
PATCH_SITES+=		http://www.sxw.org.uk/computing/patches/
PATCHFILES+=		openssh-5.7p1-gsskex-all-20110125.patch
PATCH_DIST_STRIP=
.endif
.if ${OPENSSLBASE} == "/usr"
CONFIGURE_ARGS+=	--without-rpath
LDFLAGS=		# empty
.endif
.endif

.if ${OPENSSLBASE} != "/usr"
CONFIGURE_ARGS+=	--with-ssl-dir=${OPENSSLBASE}
.endif

.if ${PORT_OPTIONS:MOPENSSH_CHROOT}
CFLAGS+=		-DCHROOT
.endif

.if ${PORT_OPTIONS:MHPN}
PATCH_SITES+=		http://mirror.shatow.net/freebsd/${PORTNAME}/
PATCHFILES+=		${PORTNAME}-5.8p1-hpn13v11.diff.gz
PATCH_DIST_STRIP=
.endif

# See http://code.google.com/p/openssh-lpk/wiki/Main
# and svn repo described here:
# http://code.google.com/p/openssh-lpk/source/checkout
.if ${PORT_OPTIONS:MLPK}
EXTRA_PATCHES+=		${FILESDIR}/openssh-lpk-5.8p2.patch
USE_OPENLDAP=		yes
CPPFLAGS+=		-I${LOCALBASE}/include
CONFIGURE_ARGS+=	--with-ldap=yes \
			--with-libs='-lldap' \
			--with-ldflags='-L${LOCALBASE}/lib' \
			--with-cppflags='${CPPFLAGS}'
.endif

# See http://www.roumenpetrov.info/openssh/
.if ${PORT_OPTIONS:MX509}
PATCH_SITES+=		http://www.roumenpetrov.info/openssh/x509-7.0/
PATCHFILES+=		${PORTNAME}-5.8p1+x509-7.0.diff.gz
PATCH_DIST_STRIP=	-p1
PLIST_SUB+=		X509=""
MAN5+=			ssh_engine.5
.else
PLIST_SUB+=		X509="@@comment "
.endif

# See http://sftpfilecontrol.sourceforge.net/
.if ${PORT_OPTIONS:MFILECONTROL}
# Latest sftpfilecontrol patch is against 5.4p1 which does not apply
# cleanly against 5.8p2, but it's close.
BROKEN=			latest upstream sftp file control public key patch is not up to date for OpenSSH 5.8p2
EXTRA_PATCHES+=		${FILESDIR}/openssh-${DISTVERSION}.sftpfilecontrol-v1.3.patch
.endif

.if ${PORT_OPTIONS:MOVERWRITE_BASE}
WITH_OPENSSL_BASE=	yes
CONFIGURE_ARGS+=	--localstatedir=/var
EMPTYDIR=		/var/empty
PREFIX=			/usr
ETCSSH=			/etc/ssh
USE_RCORDER=		openssh
PLIST_SUB+=		NOTBASE="@@comment "
PLIST_SUB+=		BASE=""
PLIST_SUB+=		BASEPREFIX="${PREFIX}"
PLIST_SUB+=		ERASEEMPTY="@@comment "
.else
.if exists(/var/empty)
EMPTYDIR=		/var/empty
PLIST_SUB+=		ERASEEMPTY="@@comment "
.else
EMPTYDIR=		${PREFIX}/empty
PLIST_SUB+=		ERASEEMPTY=""
.endif
ETCSSH=			${PREFIX}/etc/ssh
USE_RC_SUBR=		openssh
PLIST_SUB+=		NOTBASE=""
PLIST_SUB+=		BASE="@@comment "
.endif

# After all
SUB_LIST+=		ETCSSH="${ETCSSH}"
PLIST_SUB+=		EMPTYDIR="${EMPTYDIR}"
CONFIGURE_ARGS+=	--sysconfdir=${ETCSSH} --with-privsep-path=${EMPTYDIR}

RC_SCRIPT_NAME=		openssh

post-patch:
	@@${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure
	@@${REINPLACE_CMD} -e 's|%%PREFIX%%|${LOCALBASE}|' \
		-e 's|%%RC_SCRIPT_NAME%%|${RC_SCRIPT_NAME}|' ${WRKSRC}/sshd.8
	@@${REINPLACE_CMD} -E -e 's|SSH_VERSION|TMP_SSH_VERSION|' \
		-e 's|.*SSH_RELEASE.*||' ${WRKSRC}/version.h
	@@${ECHO_CMD} '#define FREEBSD_PORT_VERSION	" FreeBSD-${PKGNAME}"' >> \
		${WRKSRC}/version.h
	@@${ECHO_CMD} '#define SSH_VERSION	TMP_SSH_VERSION SSH_PORTABLE FREEBSD_PORT_VERSION' >> \
		${WRKSRC}/version.h
	@@${ECHO_CMD} '#define SSH_RELEASE	TMP_SSH_VERSION SSH_PORTABLE FREEBSD_PORT_VERSION' >> \
		${WRKSRC}/version.h
.if ${PORT_OPTIONS:MHPN}
	@@${REINPLACE_CMD} -e 's|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION SSH_PORTABLE SSH_HPN|' \
		${WRKSRC}/version.h
.endif

pre-su-install:
	@@${MKDIR} ${EMPTYDIR}
	if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi
	if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \
		-h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi
.if !exists(${ETCSSH})
	@@${MKDIR} ${ETCSSH}
.endif
.for i in ${PRECIOUS}
.if exists(${ETCOLD}/${i}) && !exists(${ETCSSH}/${i})
	@@${ECHO_MSG} "==>   Linking ${ETCSSH}/${i} from old layout."
	${LN} ${ETCOLD}/${i} ${ETCSSH}/${i}
.endif
.endfor

post-install:
	${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist
	${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist

	@@${CAT} ${PKGMESSAGE}

test:	build
	(cd ${WRKSRC}/regress && ${SETENV} ${MAKE_ENV} TEST_SHELL=/bin/sh \
		PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
		${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS})

.include <bsd.port.post.mk>
@


1.166
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/308352
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r308352 | bdrewery | 2012-12-05 22:32:29 +0000 (Wed, 05 Dec 2012) | 4 lines
## SVN ##
## SVN ## - Update mirror site for HPN patch
## SVN ##
## SVN ## Feature safe:	yes
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d2 1
a2 1
# $FreeBSD: head/security/openssh-portable/Makefile 308352 2012-12-05 22:32:29Z bdrewery $
d6 1
a6 1
PORTREVISION=	3
d28 1
@


1.165
log
@Switch exporter over
@
text
@d2 1
a2 1
# $FreeBSD: head/security/openssh-portable/Makefile 306620 2012-10-29 15:08:30Z bdrewery $
d118 1
a118 1
PATCH_SITES+=		http://www.shatow.net/freebsd/
@


1.164
log
@SVN rev 306620 on 2012-10-29 15:08:30Z by bdrewery

- Take maintainership

Feature safe:	yes
@
text
@d2 1
a2 1
# $FreeBSD$
@


1.163
log
@SVN rev 305839 on 2012-10-13 17:13:33Z by eadler

Convert to OptionsNG
Trim Headers

PR:	ports/172429
Submitted by:	Michael Gmelin <freebsd@@grem.de>
Feature safe:	yes
@
text
@d13 1
a13 1
MAINTAINER=	ports@@FreeBSD.org
@


1.162
log
@SVN rev 302140 on 2012-08-05 23:05:24Z by dougb

When installing in the base, USE_RCORDER does the right thing without
all the gymnastics
@
text
@d1 1
a1 4
# New ports collection makefile for: openssh
# Date created:  18 Mar 1999
# Whom:   dwcjr@@inethouston.net
#
a2 1
#
d38 14
a51 13
OPTIONS=	PAM		"Enable pam(3) support"				on \
		TCP_WRAPPERS	"Enable tcp_wrappers support"			on \
		LIBEDIT		"Enable readline support to sftp(1)"		on \
		SUID_SSH	"Enable suid SSH (Recommended off)"		off \
		BSM		"Enable OpenBSM Auditing"			off \
		KERBEROS	"Enable kerberos (autodetection)"		off \
		KERB_GSSAPI	"Enable Kerberos/GSSAPI patch (req: GSSAPI)"	off \
		OPENSSH_CHROOT	"Enable CHROOT support"				off \
		HPN		"Enable HPN-SSH patch"				off \
		LPK		"Enable LDAP Public Key (LPK) patch"		off \
		X509		"Enable x509 certificate patch"			off \
		FILECONTROL	"Enable file control patch (broken)"		off \
		OVERWRITE_BASE	"OpenSSH overwrite base"			off
d63 1
a63 1
.if defined(WITH_X509) && defined(WITH_HPN)
d67 1
a67 1
.if defined(WITH_X509) && defined(WITH_KERB_GSSAPI)
d72 1
a72 1
WITH_OVERWRITE_BASE=	yes
d75 1
a75 1
.if !defined(WITHOUT_PAM) && exists(/usr/include/security/pam_modules.h)
d79 1
a79 1
.if !defined(WITHOUT_TCP_WRAPPERS) && exists(/usr/include/tcpd.h)
d83 1
a83 1
.if !defined(WITHOUT_LIBEDIT)
d87 1
a87 1
.if !defined(WITH_SUID_SSH)
d91 1
a91 1
.if defined(WITH_BSM)
d95 1
a95 1
.if defined(WITH_KERBEROS)
d98 1
a98 1
.if defined(WITH_KERB_GSSAPI)
d113 1
a113 1
.if defined(WITH_OPENSSH_CHROOT)
d117 1
a117 1
.if defined(WITH_HPN)
d126 1
a126 1
.if defined(WITH_LPK)
d137 1
a137 1
.if defined(WITH_X509)
d148 1
a148 1
.if defined(WITH_FILECONTROL)
d155 1
a155 1
.if defined(WITH_OVERWRITE_BASE)
d199 1
a199 1
.if defined(WITH_HPN)
@


1.161
log
@- Fix ECDSA key generation in openssh rc.d script
- Bump PORTREVISION for package change

Submitted by:	J. Hellenthal <jhellenthal@@dataix.net>
@
text
@d164 1
a164 2
USE_RC_SUBR=		yes
SUB_FILES+=		openssh
d225 1
a225 8
.if defined(WITH_OVERWRITE_BASE)
	@@${ECHO_CMD} "===> Installing rc.d startup script(s)"
	@@${ECHO_CMD} "@@cwd ${LOCALBASE}" >> ${TMPPLIST}
	@@${MKDIR} ${LOCALBASE}/etc/rc.d
	@@${INSTALL_SCRIPT} ${WRKDIR}/openssh ${LOCALBASE}/etc/rc.d/${RC_SCRIPT_NAME}
	@@${ECHO_CMD} "etc/rc.d/${RC_SCRIPT_NAME}" >> ${TMPPLIST}
	@@${ECHO_CMD} "@@cwd ${PREFIX}" >> ${TMPPLIST}
.endif
@


1.160
log
@Change HPN patch mirror location to one that works

PR:		ports/168306
Submitted by:	"Bryan Drewery" <bryan@@shatow.net>
@
text
@d10 1
a10 1
PORTREVISION=	2
@


1.159
log
@- Reset maintainership

PR:		ports/167423
Submitted by:	Grzegorz Blach <magik@@roorback.net> (maintainer)
@
text
@d121 1
a121 1
PATCH_SITES+=		http://www.psc.edu/networking/projects/hpn-ssh/
@


1.158
log
@- Perl only needed to build, not needed to run. remove PERL5_RUN from Makefile
- Bump PORTREVISION

PR:		ports/166413
Submitted by:	Gleb Smirnoff <glebius@@cell.glebius.int.ru>
Approved by:	Grzegorz Blach <magik@@roorback.net> (maintainer)
Feature safe:	yes
@
text
@d17 1
a17 1
MAINTAINER=	magik@@roorback.net
@


1.157
log
@- Add USE_PERL5_BUILD

PR:		ports/163414
Submitted by:	portmgr (pav)
Approved by:	gabor (mentor)
@
text
@d10 1
a10 1
PORTREVISION=	1
a28 1
USE_PERL5=		yes
@


1.156
log
@- openssh-portable needs perl to build (reported by Gleb Smirnoff via mail)
- add ssh_engine.5 man page when openssh-portable WITH_X509 is turned on (reported by John Hein via mail)

PR:		ports/163414
Submitted by:	Grzegorz Blach <magik@@roorback.net>
Approved by:	gabor (mentor)
@
text
@d30 1
@


1.155
log
@- update to 5.8p2 [1]
- fix Kerberos knob [2]
- fix build on 9.0 [3]
- fix deinstall with various knobs [4]
- fix LPK knob [5]

PR:		ports/161818 [1], ports/144597 [2], ports/160389 [3]
		ports/150493, ports/156926 [4], ports/155456 [5]

Submitted by:	"Grzegorz Blach" <magik@@roorback.net> [1], [2], [4], [5]
		pluknet [3]
Reported by:	Jonathan <lordsith49@@hotmail.com> [2]
		Kevin Thompson <antiduh@@csh.rit.edu> [4]
		Alexey Remizov <alexey@@remizov.org> [5]
@
text
@d10 1
d29 1
d145 1
@


1.154
log
@- Maintainer to magik@@roorback.net

Approved by:	maho (mentor) and magik@@roorback.net
@
text
@d9 1
a9 2
DISTVERSION=	5.2p1
PORTREVISION=	4
a11 3
.if defined(OPENSSH_SNAPSHOT)
MASTER_SITES=	http://www.mindrot.org/openssh_snap/
.else
d14 1
a14 3
.endif
PKGNAMESUFFIX=	${PORTABLE_SUFFIX}${GSSAPI_SUFFIX}${BASE_SUFFIX}
DISTNAME=	# empty
d19 1
a19 9
.if defined(OPENSSH_SNAPSHOT)
PORTREVISION!=		date -v-1d +%Y%m%d
NO_CHECKSUM=		yes
DISTNAME+=		${PORTNAME}-SNAP-${PORTREVISION}
.else
DISTNAME+=		${PORTNAME}-${DISTVERSION}
.endif

WRKSRC=			${WRKDIR}/${PORTNAME}-${DISTVERSION}
d24 1
a24 1
MAN8=	sftp-server.8 sshd.8 ssh-keysign.8
a35 2
PORTABLE_SUFFIX=	-portable
SSH_VERSION=		${DISTVERSION}
a42 1
		KERBEROS	"Enable kerberos (autodetection)"		on \
d45 1
a45 1
		GSSAPI		"Enable GSSAPI support (req: KERBEROS)"		off \
d51 1
a51 1
		FILECONTROL	"Enable file control patch"			off \
d57 5
a61 1
BROKEN=		does not build
d64 2
a65 2
.if defined(WITH_X509) && ( defined(WITH_HPN) || defined(WITH_LPK))
BROKEN=		X509 patch incompatible with HPN and LPK patches
d96 3
a98 2
.if !defined(WITHOUT_KERBEROS)
.if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI)
a99 1
PATCH_DIST_STRIP=	-p0
d101 2
a102 10
PATCHFILES+=		openssh-5.2p1-gsskex-all-20090726.patch
.endif
PORTABLE_SUFFIX=	# empty
GSSAPI_SUFFIX=		-gssapi
CONFLICTS+=		openssh-portable-*-[0-9]*
CONFIGURE_ARGS+=	--with-kerberos5=${KRB5_HOME}
.if defined(HEIMDAL_HOME) && defined(KRB5_HOME) && ${HEIMDAL_HOME} == ${LOCALBASE}
LIB_DEPENDS+=		krb5.26:${PORTSDIR}/security/heimdal
.elif defined(KRB5_HOME) && defined(LOCALBASE) && ${KRB5_HOME} == ${LOCALBASE}
LIB_DEPENDS+=		krb5.3:${PORTSDIR}/security/krb5
a107 8
.else
CONFLICTS+=		openssh-gssapi-*-[0-9]*
CONFIGURE_ARGS+=	--with-rpath=${OPENSSLRPATH}
.if exists(/usr/include/krb5.h)
CONFIGURE_ARGS+=	--with-kerberos5
EXTRA_PATCHES+=		${FILESDIR}/gss-serv.c.patch
.endif
.endif
d119 3
a121 2
EXTRA_PATCHES+=	${FILESDIR}/openssh-5.2p1-hpn13v6.diff
SSH_VERSION:=	${SSH_VERSION}-hpn13v6
d124 3
a126 1
# See http://dev.inversepath.com/trac/openssh-lpk
d128 1
a128 1
EXTRA_PATCHES+=		${FILESDIR}/contrib-openssh-lpk-5.1p1-0.3.10.patch
d130 5
a134 17
CPPFLAGS+=		-I${LOCALBASE}/include -DWITH_LDAP_PUBKEY
CONFIGURE_ARGS+=	--with-libs='-lldap' --with-ldflags='-L${LOCALBASE}/lib' \
			--with-cppflags='-I${LOCALBASE}/include -DWITH_LDAP_PUBKEY'
.endif

# resolve some patches incompatibility between LPK and HPN patches

.if defined(WITH_HPN) && defined(WITH_LPK)
EXTRA_PATCHES+=		${FILESDIR}/lpk+hpn-servconf.c.patch
.elif defined(WITH_HPN) && !defined(WITH_LPK)
EXTRA_PATCHES+=		${FILESDIR}/openssh-5.2p1-hpn13v6-servconf.c.diff
.elif defined(WITH_LPK) && !defined(WITH_HPN)
EXTRA_PATCHES+=		${FILESDIR}/contrib-openssh-lpk-5.1p1-0.3.10-servconf.c.patch
.endif

.if defined(WITH_LPK) && ${ARCH} == "amd64"
EXTRA_PATCHES+=		${FILESDIR}/contrib-openssh-5.1_p1-lpk-64bit.patch
d139 2
a141 2
PATCH_SITES+=		http://www.roumenpetrov.info/openssh/x509-6.2/
PATCHFILES+=		openssh-5.2p1+x509-6.2.diff.gz
a143 3
EXTRA_PATCHES+=		${FILESDIR}/VersionAddendum-ssh.1.patch \
			${FILESDIR}/VersionAddendum-ssh_config.5.patch \
			${FILESDIR}/VersionAddendum-sshd_config.5.patch
d149 3
a156 1
BASE_SUFFIX=		-overwrite-base
d161 1
a161 1
USE_RC_SUBR=	yes
a187 6
post-extract:
.if defined(OPENSSH_SNAPSHOT)
	@@# rc.d script have same name of openssh snapshot dir
	@@${MV} ${WRKDIR}/${PORTNAME} ${WRKDIR}/${PORTNAME}-${DISTVERSION}
.endif

d192 12
a203 5
.for f in ssh_config ssh_config.5 sshd_config sshd_config.5
	@@${REINPLACE_CMD} -e 's|%%ADDENDUM%%|${PKGNAME}|' ${WRKSRC}/${f}
.endfor
	@@${REINPLACE_CMD} -e 's|%%SSH_VERSION%%|${SSH_VERSION}|' \
		-e 's|%%ADDENDUM%%|${PKGNAME}|' ${WRKSRC}/version.h
@


1.153
log
@- Add VersionAddendum support.
- Bump portrevision.

PR:		ports/142824
Submitted by:	Scot Hetzel <swhetzel@@gmail.com>
Approved by:	gabor (mentor)
@
text
@d22 1
a22 1
MAINTAINER=	ports@@FreeBSD.org
@


1.152
log
@Unbreak build with LPK option (broken after commit 1.674 in bsd.port.mk).
@
text
@d10 1
a10 1
PORTREVISION=	3
d51 1
d149 1
d182 3
d237 5
a241 12
	@@${REINPLACE_CMD} -E -e 's|SSH_VERSION|TMP_SSH_VERSION|' \
		-e 's|.*SSH_RELEASE.*||' ${WRKSRC}/version.h
	@@${ECHO_CMD} '#define FREEBSD_PORT_VERSION	" FreeBSD-${PKGNAME}"' >> \
		${WRKSRC}/version.h
	@@${ECHO_CMD} '#define SSH_VERSION	TMP_SSH_VERSION SSH_PORTABLE FREEBSD_PORT_VERSION' >> \
		${WRKSRC}/version.h
	@@${ECHO_CMD} '#define SSH_RELEASE	TMP_SSH_VERSION SSH_PORTABLE FREEBSD_PORT_VERSION' >> \
		${WRKSRC}/version.h
.if defined(WITH_HPN)
	@@${REINPLACE_CMD} -e 's|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION SSH_PORTABLE SSH_HPN|' \
		${WRKSRC}/version.h
.endif
@


1.151
log
@Remove OpenSC support. This port should be updated to support PKCS#11.
@
text
@d154 1
a154 1
CPPFLAGS+=		"-I${LOCALBASE}/include -DWITH_LDAP_PUBKEY"
@


1.150
log
@- Fix optional dependency on security/heimdal
- Bump PORTREVISION
PR:		ports/152029
Submitted by:	Joerg Pulz [Joerg.Pulz frm2.tum.de]
Approved by:	Ryan Steinmetz <rpsfa@@rit.edu> (maintainer of net/freeradius*)
		girgen (maintainer of databases/postgresql*-server,
		        14 day timeout)
@
text
@a63 2
		OPENSC		"Enable OpenSC smartcard support"		off \
		OPENSCPINPATCH	"Enable OpenSC PIN patch"			off \
a145 10
.if defined(WITH_OPENSC)
LIB_DEPENDS+=		opensc.2:${PORTSDIR}/security/opensc
CONFIGURE_ARGS+=	--with-opensc=${LOCALBASE}
.endif

# See http://bugzilla.mindrot.org/show_bug.cgi?id=608
.if defined(WITH_OPENSCPINPATCH)
EXTRA_PATCHES+=		${FILESDIR}/scardpin.patch
.endif

@


1.149
log
@Add the sftpfilecontrol patch as an OPTION (WITH_FILECONTROL)
See http://sftpfilecontrol.sourceforge.net/  for details.

PR:             ports/146338
Submitted by:   Steve Wills <steve@@mouf.net>
@
text
@d10 1
a10 1
PORTREVISION=	2
d122 1
a122 1
LIB_DEPENDS+=		krb5.23:${PORTSDIR}/security/heimdal
@


1.148
log
@Reset dindin@@dindin.ru due to maintainer-timeout and no response to email.

Hat:		portmgr
@
text
@d69 1
d195 5
@


1.147
log
@- Annotate the combination of X509 and KERB_GSSAPI patches as broken

PR:		ports/142819
Submitted by:	Scot Hetzel <swhetzel@@gmail.com>
Approved by:	maintainer timeout (1 month)
@
text
@d22 1
a22 1
MAINTAINER=	dindin@@dindin.ru
@


1.146
log
@Mark BROKEN on 9.x: does not build
@
text
@d81 4
@


1.145
log
@RC_SUBR_SUFFIX has not been needed for a long time now, all supported
versions of FreeBSD now use /etc/rc.subr and rc.d scripts without .sh
appended to the script name.
@
text
@d73 4
@


1.144
log
@- Remove BROKEN on 8.x WITH_KERBEROS case. Builds fine on 8.0 and 9.0, i386 and amd64
- While here, fix minor plist issue for WITH_X509 case

PR:		141679
Submitted by:	Denis Barov <dindin@@dindin.ru> (maintainer)
@
text
@d218 1
a218 1
RC_SCRIPT_NAME=		openssh${RC_SUBR_SUFFIX}
@


1.143
log
@- Under OSVERSION >= 800000, only mark BROKEN if WITH_KERBEROS.
- The port links fine otherwise.
@
text
@a128 6

.if ${OSVERSION} >= 800000
.if !defined(WITHOUT_KERBEROS)
BROKEN=		does not link
.endif
.endif
d181 3
@


1.142
log
@- Mark BROKEN on 8.X with Kerberos - does not link

Reported by:	pointyhat
@
text
@d131 1
d135 1
@


1.141
log
@- Revert USE_RC_SUBR change from last commit, it breaks OVERWRITE_BASE
- Add a hint to pkg-message about running this together with base sshd

PR:		ports/138943
Submitted by:	Denis Barov <dindin@@yandex-team.ru> (maintainer)
Feature safe:	yes
@
text
@d129 4
@


1.140
log
@- Unbreak KERBEROS option
- Add option for OpenBSD support
- Fix crash in sftp listing

PR:		ports/138409 (cumulative patch)
Submitted by:	Denis Barov <dindin@@dindin.ru> (maintainer)
Feature safe:	yes
@
text
@d190 2
a191 1
USE_RC_SUBR=		openssh
@


1.139
log
@- Mark BROKEN on 8.X: does not link

Reported by:	pointyhat
@
text
@d10 1
a10 1
PORTREVISION=	1
d60 1
a72 4
.if ${OSVERSION} >= 800037
BROKEN=		does not compile
.endif

d97 4
a103 1
BROKEN=			KERB_GSSAPI patch incompatible with ${PORTNAME}-5.2p1
d106 1
a106 1
PATCHFILES+=		openssh-5.0p1-gsskex-20080404.patch
d112 5
d165 1
a165 1
EXTRA_PATCHES+=		${FILESDIR}/openssh-lpk+hpn-servconf.patch
d190 1
a190 2
USE_RC_SUBR=		yes
SUB_FILES+=		openssh
@


1.138
log
@Fix build error WITH_HPN.

PR:			ports/135407
Submitted by:		maintainer implicit (already submitted)
Pointy hat to:		pgollucci
@
text
@d73 1
a73 1
#BROKEN=		does not compile
@


1.137
log
@- Fix the previous commit
  The patch file names for LPK were not updated completely in the Makefile

PR:             ports/135968
Submitted by:   Konstantin Kukushkin <dark@@rambler-co.ru>
Approved by:    maintainer (implicit, shouyld have been in previous patch)
@
text
@d145 1
a145 1
EXTRA_PATCHES+=	${FILESDIR}/openssh-5.2p1-hpn.patch
d162 1
a162 1
EXTRA_PATCHES+=		${FILESDIR}/openssh-5.2p1-hpn-servconf.patch
@


1.136
log
@Fix build with WITH_LPK support for amd64 by change extra patches order.
Do not bump PORTREVISION.

Submitted by:	Fedor Dikarev aka fe at rambler dash co dot ru
Spotted by:	maxim
Approved by:	maintainer unavailable, i.e.
		$ whois dindin.ru | grep ^state
		state:      REGISTERED, NOT DELEGATED
PR:		amd64/134706
@
text
@d73 1
a73 1
BROKEN=		does not compile
d150 1
a150 1
EXTRA_PATCHES+=		${FILESDIR}/openssh-lpk-5.0p1-0.3.9.patch
d164 1
a164 1
EXTRA_PATCHES+=		${FILESDIR}/openssh-lpk-5.0p1-0.3.9-servconv.patch
d168 1
a168 1
EXTRA_PATCHES+=		${FILESDIR}/openssh-lpk-5.0p1-64bit.patch
@


1.135
log
@Fix HPN crash issue by using aes128-ctr, aes192-ctr and aes256-ctr.

Approved by:	pav
@
text
@a150 3
.if ${ARCH} == "amd64"
EXTRA_PATCHES+=		${FILESDIR}/openssh-lpk-5.0p1-64bit.patch
.endif
d167 4
@


1.134
log
@- Update to 5.2p1
- Assign maintainership to the submitter

PR:		ports/134160
Submitted by:	Denis Barov <dindin@@dindin.ru>
@
text
@d10 1
@


1.133
log
@Fix several problems with OPENSSH_OVERWRITE_BASE=1.
- Empty dir handling
- rc.d installation
- prefix modification in manuals

From:		Tsurutani Naoki <turutani@@scphys.kyoto-u.ac.jp>
PR:		ports/133412
@
text
@d9 1
a9 1
DISTVERSION=	5.1p1
d21 1
a21 1
MAINTAINER=	ports@@FreeBSD.org
d75 4
a78 1
# Preserve deprecated OPENSSH_OVERWRITE_BASE settings
d102 1
a142 4
.if defined(WITH_HPN) && defined(WITH_LPK)
BROKEN=			HPN and LPK patches are incompatible
.endif

d144 1
a144 3
PATCH_DIST_STRIP=	-p1
PATCH_SITES+=		http://www.psc.edu/networking/projects/hpn-ssh/
PATCHFILES+=		openssh-5.1p1-hpn13v5.diff.gz
d149 1
a149 1
EXTRA_PATCHES=		${FILESDIR}/openssh-lpk-5.0p1-0.3.9.patch
d159 10
d172 2
a173 2
PATCH_SITES+=		http://www.roumenpetrov.info/openssh/x509-6.1.1/
PATCHFILES+=		openssh-5.1p1+x509-6.1.1.diff.gz
@


1.132
log
@- Reset long-term inactive maintainer
@
text
@d180 1
d184 1
d187 1
a209 1
.if defined(WITH_OVERWRITE_BASE)
a211 4
.else
	@@${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|' \
		-e 's|%%RC_SCRIPT_NAME%%|${RC_SCRIPT_NAME}|' ${WRKSRC}/sshd.8
.endif
a225 1
.if defined(WITH_OVERWRITE_BASE)
a226 3
.else
	@@${MKDIR} ${PREFIX}/empty
.endif
d246 1
@


1.131
log
@- Integrate x509 certificate patch (optional, default off) from http://www.roumenpetrov.info/openssh/

PR:		ports/121438
Submitted by:	Dirk-Willem van Gulik <dirkx@@webweaving.org>
Approved by:	maintainer timeout (mnag; 1 year)
@
text
@d21 1
a21 1
MAINTAINER=	mnag@@FreeBSD.org
@


1.130
log
@- Add vendor patch for lpk patch that fixes runtime on amd64

PR:		ports/129092
Submitted by:	Jui-Nan Lin <jnlin@@csie.nctu.edu.tw>
Approved by:	maintainer timeout (mnag; 4 months)
@
text
@d66 1
d161 7
@


1.129
log
@- Update to 5.1p1

PR:		ports/128679
Submitted by:	Sunpoet Po-Chuan Hsieh <sunpoet@@sunpoet.net>
Approved by:	maintainer timeout (mnag; 4 months)
@
text
@d151 3
@


1.128
log
@Fix rootless build.

PR:		ports/126164
Submitted by:	skv
Approved by:	maintainer timeout (> 3 months)
@
text
@d9 1
a9 1
DISTVERSION=	5.0p1
d36 1
a36 1
MAN5=	ssh_config.5 sshd_config.5
d145 1
a145 1
PATCHFILES+=		openssh-5.0p1-hpn13v3.diff.gz
@


1.127
log
@Update CONFIGURE_ARGS for how we pass CONFIGURE_TARGET to configure script.
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.

To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.

To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.

Changes to Mk/*:
 - Add runtime detection magic in bsd.port.mk
 - Remove CONFIGURE_TARGET hack in various bsd.*.mk
 - USE_GNOME=gnometarget is now an no-op

Changes to individual ports, other than removing the CONFIGURE_TARGET hack:

= pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables)
  - comms/gnuradio
  - science/abinit
  - science/elmer-fem
  - science/elmer-matc
  - science/elmer-meshgen2d
  - science/elmerfront
  - science/elmerpost

= use x86_64 as ARCH
  - devel/g-wrap

= other changes
  - print/magicfilter
    GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf

Total # of ports modified:  1,027
Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes)

PR:		126524 (obsoletes 52917)
Submitted by:	rafan
Tested on:	two pointyhat 7-amd64 exp runs (by pav)
Approved by:	portmgr (pav)
@
text
@d216 1
a216 1
pre-install:
@


1.126
log
@- Mark BROKEN after recent kerberos update
@
text
@a42 1
CONFIGURE_TARGET=	--build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
@


1.125
log
@- Update to 5.0p1
- Port LPK patch to 5.0p1 and add to files dir
- Remove USE_PERL_BUILD since doesn't need [1]
- Update KERB_GSSAPI to 5.0p1
- Update HPN patch to 5.0p1 13v3
- Respect LOCALBASE on configure_args of LPK [2]
- Change MASTER_SITE of snapshot
- portlint(1)

PR:		121826 [2]
Submitted by:	Andrew Kolchoogin <andrew___rinet.ru> [2]
Reported by:	Björn König <bkoenig___alpha-tierchen.d [1]
@
text
@d71 4
@


1.124
log
@- Update HPN patch to hpn12v20
- Bump PORTREVISION

Submitted by:	Ollivier Robert <roberto__keltia.freenix.fr>
@
text
@d9 1
a9 2
DISTVERSION=	4.7p1
PORTREVISION=	1
d12 6
a17 4
MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%SUBDIR%/ \
		ftp://carroll.cac.psu.edu/pub/OpenBSD/OpenSSH/portable/%SUBDIR%/ \
		http://mirror.mcs.anl.gov/openssh/portable/%SUBDIR%/
MASTER_SITE_SUBDIR=	# empty
a26 1
MASTER_SITE_SUBDIR+=	snapshot
a41 1
USE_PERL5_BUILD=	yes
d97 1
a97 1
PATCHFILES+=		openssh-4.7p1-gsskex-20070927.patch
d142 1
a142 1
PATCHFILES+=		openssh-4.7p1-hpn12v20.diff.gz
d147 1
a147 3
PATCH_DIST_STRIP=	-p2
PATCH_SITES+=		http://dev.inversepath.com/openssh-lpk/
PATCHFILES+=		openssh-lpk-4.6p1-0.3.9.patch
d150 2
a151 2
CONFIGURE_ARGS+=	--with-libs='-lldap' --with-ldflags='-L/usr/local/lib' \
			--with-cppflags='-I/usr/local/include -DWITH_LDAP_PUBKEY'
@


1.123
log
@- Update gsskex patch to 20070927
- Update HPN patch to hpn12v19 [1]

Notified by:	ale [1]
@
text
@d10 1
d143 1
a143 1
PATCHFILES+=		openssh-4.7p1-hpn12v19.diff.gz
@


1.122
log
@Remove always-false/true conditions based on OSVERSION 500000
@
text
@a94 1
BROKEN=			Waiting new upstream patch
d97 1
a97 1
PATCHFILES+=		openssh-4.6p1-gsskex-20070312.patch
d142 1
a142 1
PATCHFILES+=		openssh-4.7p1-hpn12v18.diff.gz
@


1.121
log
@- Update to 4.7p1
- Update HPN patch to 4.7p1-hpn12v18
- Mark as BROKEN WITH_KERB_GSSAPI while developer release a new patch
@
text
@a84 1
.if ${OSVERSION} > 500000
a85 6
.else
.if !defined(WITH_OVERWRITE_BASE)
LIB_DEPENDS+=		edit.6:${PORTSDIR}/devel/libedit
CONFIGURE_ARGS+=	--with-libedit=${LOCALBASE}
.endif
.endif
@


1.120
log
@- Enable ssl-engine
- Update gsskex patch to 4.6p1-gsskex-20070312
- Update lpk patch to 4.6p1-0.3.9
- Update hpn patch to 4.6p1-hpn12v17
- Fix challenge-response issue
- Bump PORTREVISION

Reported by:	Stefan Lambrev [1], ale@@ [1]
@
text
@d9 1
a9 2
DISTVERSION=	4.6p1
PORTREVISION=	1
d102 1
d150 1
a150 1
PATCHFILES+=		openssh-4.6p1-hpn12v17.diff.gz
@


1.119
log
@- Set --mandir and --infodir in CONFIGURE_ARGS if the configure script
  supports them.  This is determined by running ``configure --help'' in
  do-configure target and set the shell variable _LATE_CONFIGURE_ARGS
  which is then passed to CONFIGURE_ARGS.
- Remove --mandir and --infodir in ports' Makefile where applicable
  Few ports use REINPLACE_CMD to achieve the same effect, remove them too.
- Correct some manual pages location from PREFIX/man to MANPREFIX/man
- Define INFO_PATH where necessary
- Document that .info files are installed in a subdirectory relative to
  PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and
  subdirectory detection.

PR:		ports/111470
Approved by:	portmgr
Discussed with:	stas (Mk/*), gerald (info related stuffs)
Tested by:	pointyhat exp run
@
text
@d10 1
d45 2
a46 2
CONFIGURE_ARGS=		--prefix=${PREFIX} \
			--with-md5-passwords --without-zlib-version-check
d104 2
a105 1
EXTRA_PATCHES+=		${FILESDIR}/openssh-4.5p1-gsskex-20061220.patch
d150 1
a150 1
PATCHFILES+=		openssh-4.6p1-hpn12v16.diff.gz
d155 1
a155 1
PATCH_DIST_STRIP=	-p1
d157 1
a157 1
PATCHFILES+=		openssh-lpk-4.5p1-0.3.8.patch
@


1.118
log
@- Update OpenSSH to 4.6p1
- Update GSSKEX patch to 20061220
- Update HPN patch to hpn12v16
- Update LPK patch to 0.3.8
@
text
@d44 1
a44 1
CONFIGURE_ARGS=		--prefix=${PREFIX} --mandir=${MANPREFIX}/man \
@


1.117
log
@- Use RC_SUBR_SUFFIX

Approved by:	mnag (maintainer)
@
text
@d9 1
a9 1
DISTVERSION=	4.5p1
d103 1
a103 2
PATCH_SITES+=		http://www.sxw.org.uk/computing/patches/
PATCHFILES+=		openssh-4.4p1-gsskex-20061002.patch
d148 1
a148 1
PATCHFILES+=		openssh-4.5p1-hpn12v14.diff.gz
d151 1
d153 3
a155 2
PATCH_DIST_STRIP=	-p0
EXTRA_PATCHES+=		${FILESDIR}/openssh-lpk.patch
@


1.116
log
@Update HPN patch to v14 for openssh 4.5p1.

Approved by:	mnag
@
text
@d190 1
a190 6
# Sync this with bsd.port.mk
.if (${OSVERSION} >= 700007 || ( ${OSVERSION} < 700000 && ${OSVERSION} >= 600101 ))
RC_SCRIPT_NAME=		openssh
.else
RC_SCRIPT_NAME=		openssh.sh
.endif
@


1.115
log
@- Update to 4.5p1
- patch-sshd.c unconditionally includes <gssapi.h>. Include "ssh-gss.h" instead. [1]

PR:		104481 [1]
Submitted by:	Mark Andrews <Mark_Andrews___isc.org> [1]
@
text
@d149 1
a149 1
PATCHFILES+=		openssh-4.4p1-hpn12v11.diff.gz
@


1.114
log
@- Update HPN patch. Patch are renamed, the only content differences are two rows now enclosed in an "else" block.

Submitted by:	ale
Approved by:	portmgr (erwin)
@
text
@d9 1
a9 2
DISTVERSION=	4.4p1
PORTREVISION=	1
@


1.113
log
@- Add OPTION to enable Kerberos/GSSAPI patch [1]
- Add OPTION to enable LPK patch (ldap stored public key) [2]

PR:		86384 [1], 103399 [2]
Submitted by:	Garrett Wollman <wollman___khavrinen.csail.mit.edu> [1], Dmitriy Kirhlarov <dkirhlarov___oilspace.com> [2]
@
text
@d150 1
a150 1
PATCHFILES+=		openssh-4.4p1-hpn.diff.gz
d221 4
@


1.112
log
@- Fix package creation. [1]
- Update HPN patch and remove IGNORE. [2]
- Bump PORTREVISION

PR:		103961
Submitted by:	Phil Oleson <oz___nixil.net> [1], ale [2]
@
text
@d56 13
a68 11
OPTIONS=	PAM		"Enable pam(3) support"			on \
		TCP_WRAPPERS	"Enable tcp_wrappers support"		on \
		LIBEDIT		"Enable readline support to sftp(1)"	on \
		KERBEROS	"Enable kerberos (autodetection)"	on \
		SUID_SSH	"Enable suid SSH (Recommended off)"	off \
		GSSAPI		"Enable GSSAPI support"			off \
		OPENSSH_CHROOT	"Enable CHROOT support"			off \
		OPENSC		"Enable OpenSC smartcard support"	off \
		OPENSCPINPATCH	"Enable OpenSC PIN patch"		off \
		HPN		"Enable HPN-SSH patch"			off \
		OVERWRITE_BASE	"OpenSSH overwrite base"		off
d102 5
d143 4
d153 9
@


1.111
log
@- Install ssh_config-dist and sshd_config-dist in OVERWRITE_BASE too.
@
text
@d10 1
a136 1
IGNORE=			option HPN is temporary disabled, waiting patch for new openssh release
d139 1
a139 1
PATCHFILES+=		openssh-4.3p2-hpn12.diff.gz
a150 1
SUB_LIST+=		ETCSSH="${ETCSSH}"
d153 1
a161 1
SUB_LIST+=		ETCSSH="${ETCSSH}"
d167 1
@


1.110
log
@- Update to 4.4p1.
- Disable temporary HPN patch until HPN release new version.
- Fix rc.d script path in sshd.8
- Add FreeBSD-${PKGNAME} in SSH_VERSION and SSH_RELEASE like src does.
- Sync patches with src.

Security:	CVE-2006-4924, CVE-2006-5051
@
text
@a221 1
.if !defined(WITH_OVERWRITE_BASE)
a223 1
.endif
@


1.109
log
@Update HPN-12 patch to version 8 (no functional changes,
only documentation changes and a small bug fix on option parsing).

Approved by:	mnag
@
text
@d9 1
a9 2
DISTVERSION=	4.3p2
PORTREVISION=	1
d44 2
a45 2
CONFIGURE_ARGS=		--prefix=${PREFIX} --with-md5-passwords \
			--without-zlib-version-check
d136 1
d145 1
a145 1
CONFIGURE_ARGS+=	--mandir=${PREFIX}/share/man --localstatedir=/var
d171 7
d186 15
d229 2
a230 7
.if ${OSVERSION} >= 700007
	@@${INSTALL_SCRIPT} ${WRKDIR}/openssh ${LOCALBASE}/etc/rc.d/openssh
	@@${ECHO_CMD} "etc/rc.d/openssh" >> ${TMPPLIST}
.else
	@@${INSTALL_SCRIPT} ${WRKDIR}/openssh ${LOCALBASE}/etc/rc.d/openssh.sh
	@@${ECHO_CMD} "etc/rc.d/openssh.sh" >> ${TMPPLIST}
.endif
@


1.108
log
@Add optional OpenSC PIN patch which make it possible for OpenSSH to ask
for a PIN when using an OpenSC smartcard.

Approved by:		mnag (maintainer)
Patch obtained from:	http://bugzilla.mindrot.org/show_bug.cgi?id=608
@
text
@d65 1
a65 1
		HPN		"Enable HPN-11 SSH/SCP patch"		off \
@


1.107
log
@- Remove unecessary ?= in PKGNAMESUFFIX [1]
- Update HPN patch to hpn12. Now none cipher are configured in run time. [2]

Notified by:	Peter Losher <plosher___plosh.net> [1], Scott Larson <stl___iowainteractive.com> [2]
@
text
@d64 1
d131 5
@


1.106
log
@Add support for smart cards.

Approved by:	maintainer
@
text
@d17 1
a17 1
PKGNAMESUFFIX?=	${PORTABLE_SUFFIX}${GSSAPI_SUFFIX}${BASE_SUFFIX}
a64 1
		HPN_NONECIPHER	"Enable HPN-11 with None Cipher patch"	off \
a130 12
.if defined(WITH_HPN_NONECIPHER)
IGNORE=			please, select only one HPN patch. Rerun 'make config'
.endif
PATCH_DIST_STRIP=	-p1
PATCH_SITES+=		http://www.psc.edu/networking/projects/hpn-ssh/
PATCHFILES+=		openssh-4.3p1-hpn11.diff
.endif

.if defined(WITH_HPN_NONECIPHER)
.if defined(WITH_HPN)
IGNORE=			please, select only one HPN patch. Rerun 'make config'
.endif
d133 1
a133 1
PATCHFILES+=		openssh-4.3p1-hpn11-none.diff
@


1.105
log
@- Fix order in rc.d script. Because of pidfile are empty, reload [2] and restart [1]
  commands kill all connections.
- Separate keygen part and create keygen command.
- Bump PORTREVISION

PR:		93228 [1]
Reported by:	DanGer on #bsdports [2]
@
text
@d63 1
d126 5
@


1.104
log
@Forget to add HPN patches.
@
text
@d10 1
@


1.103
log
@- Update to 4.3p2
@
text
@d130 1
a130 1
PATCHFILES+=		openssh-${DISTVERSION}-hpn11.diff
d139 1
a139 1
PATCHFILES+=		openssh-${DISTVERSION}-hpn11-none.diff
@


1.102
log
@- Update to 4.3p1
- Use DISTVERSION
- Add most configuration in OPTIONS
- Enable support to libedit in sftp [1]
- Add OPTIONS to HPN patches [2]
- Add new rc.d script [3]
- New rc.d script are responsible to check configuration and create host keys
- Using USE_RC_SUBR
- Modify pkg-message to reflect new rc.d script
- Fix pkg-plist

Reviewd by:	dougb [3]
Submitted by:	vs [1], brooks [2]
Tested by:	me, John E Hein
@
text
@d9 1
a9 1
DISTVERSION=	4.3p1
@


1.101
log
@- Reorganize Makefile in preparation to update to 4.3p1
- Add one http in MASTER_SITES
- Update WWW
@
text
@d9 1
a9 1
PORTVERSION=	4.2.0.0
a21 2
OPENSSHVERSION=	4.2p1

a26 1
WRKSRC=			${WRKDIR}/${PORTNAME}
d28 1
a28 2
DISTNAME+=		${PORTNAME}-${OPENSSHVERSION}
WRKSRC=			${WRKDIR}/${PORTNAME}-${OPENSSHVERSION}
d31 2
d55 5
a59 1
OPTIONS=	SUID_SSH	"Enable suid SSH (Recommended off)"	off \
d61 4
a64 1
		OPENSSH_CHROOT	"Enable CHROOT support"			off
d68 6
a73 1
.if exists(/usr/include/security/pam_modules.h)
d77 1
a77 1
.if exists(/usr/include/tcpd.h)
d81 11
d96 1
d109 1
a109 1
.if !defined(WITHOUT_KERBEROS) && exists(/usr/include/krb5.h)
d114 1
d120 11
a130 2
.if defined(BATCH)
EXTRA_PATCHES+=		${FILESDIR}/batch.patch
d133 7
a139 2
.if defined(WITH_OPENSSH_CHROOT)
CFLAGS+=		-DCHROOT
d142 1
a142 1
.if defined(OPENSSH_OVERWRITE_BASE)
d149 3
a153 1
PKGMESSAGE=		pkg-message.empty
d161 2
d171 6
a179 4
post-configure:
	${SED} -e 's:__PREFIX__:${PREFIX}:g' \
		${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh

d181 1
a181 1
.if defined(OPENSSH_OVERWRITE_BASE)
d200 1
a200 3
.if !defined(OPENSSH_OVERWRITE_BASE)
	${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample
.endif
d203 13
a215 1
.if !defined(OPENSSH_OVERWRITE_BASE)
a216 1
.endif
@


1.100
log
@Update my email

Approved by: pav (mentor)
@
text
@a9 3
.if defined(OPENSSH_SNAPSHOT)
PORTREVISION!=	date -v-1d +%Y%m%d
.endif
d13 5
a17 4
		ftp://carroll.cac.psu.edu/pub/OpenBSD/OpenSSH/portable/%SUBDIR%/
MASTER_SITE_SUBDIR=	${MASTER_SITE_SUBDIR2}
PKGNAMESUFFIX?=	${PORTABLE_SUFFIX}${GSSAPI_SUFFIX}${BASE_SUFFIX}${PKGNAMESUFFIX2}
DISTNAME=	${DISTNAME2}
d25 5
a29 4
MASTER_SITE_SUBDIR2=	snapshot/
DISTNAME2=	${PORTNAME}-SNAP-${PORTREVISION}
NO_CHECKSUM=	yes
WRKSRC=		${WRKDIR}/${PORTNAME}
d31 2
a32 3
MASTER_SITE_SUBDIR2=
DISTNAME2=	${PORTNAME}-${OPENSSHVERSION}
WRKSRC=		${WRKDIR}/${PORTNAME}-${OPENSSHVERSION}
d40 3
a42 5
CONFLICTS?=	openssh-3.* ssh-1.* ssh2-3.*
USE_OPENSSL=	yes
CRYPTOLIBS=	-L${OPENSSLLIB} -lcrypto
GNU_CONFIGURE=	yes
USE_REINPLACE=	yes
d44 8
a51 6
CONFIGURE_ARGS+=	--prefix=${PREFIX} --with-md5-passwords --without-zlib-version-check
PRECIOUS=	ssh_config sshd_config \
		ssh_host_key ssh_host_key.pub \
		ssh_host_rsa_key ssh_host_rsa_key.pub \
		ssh_host_dsa_key ssh_host_dsa_key.pub
ETCOLD=		${PREFIX}/etc
d54 1
a54 1
SUDO?=
d61 2
a70 2
.include <bsd.port.pre.mk>

d76 3
a78 3
PORTABLE_SUFFIX=
GSSAPI_SUFFIX=	-gssapi
CONFLICTS+=	openssh-portable-*
d82 1
a82 1
LDFLAGS=
d85 1
a85 1
CONFLICTS+=	openssh-gssapi-*
d92 1
d107 8
a114 9
BASE_SUFFIX=	-overwrite-base
PREFIX=		/usr
MANPREFIX=	${PREFIX}/share
CONFIGURE_ARGS+=	--mandir=${MANPREFIX}/man --localstatedir=/var
EMPTYDIR=	/var/empty
ETCSSH=		/etc/ssh
PLIST_SUB+=	NOTBASE="@@comment "
PLIST_SUB+=	BASE=""
PKGMESSAGE=	pkg-message.empty
d117 1
a117 1
EMPTYDIR=	/var/empty
d119 5
a123 1
EMPTYDIR=	${PREFIX}/empty
d125 4
a128 7
ETCSSH=		${PREFIX}/etc/ssh
PLIST_SUB+=	NOTBASE=""
PLIST_SUB+=	BASE="@@comment "
.endif
PLIST_SUB+=	EMPTYDIR=${EMPTYDIR}
CONFIGURE_ARGS+=	--sysconfdir=${ETCSSH}
CONFIGURE_ARGS+=	--with-privsep-path=${EMPTYDIR}
d138 5
a142 5
.	if defined(OPENSSH_OVERWRITE_BASE)
		-${MKDIR} ${EMPTYDIR}
.	else
		-${MKDIR} ${PREFIX}/empty
.	endif
d146 9
a154 6
	-@@[ ! -d ${ETCSSH} ] && ${MKDIR} ${ETCSSH}
.	for i in ${PRECIOUS}
		-@@[ -f ${ETCOLD}/${i} ] && [ ! -f ${ETCSSH}/${i} ] && \
			${ECHO_MSG} ">> Linking ${ETCSSH}/${i} from old layout." && \
			${LN} ${ETCOLD}/${i} ${ETCSSH}/${i}
.	endfor
d157 3
a159 3
.	if !defined(OPENSSH_OVERWRITE_BASE)
		${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample
.	endif
d162 8
a169 9
.	if !defined(OPENSSH_OVERWRITE_BASE)
		@@${CAT} ${PKGMESSAGE}
.	endif

test:
	(cd ${WRKSRC}/regress && ${SETENV} ${MAKE_ENV} \
	TEST_SHELL=/bin/sh \
	PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
	${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} )
@


1.99
log
@- Pass maintainership to submitter, since he sent the last patch.

PR:		ports/85775
Submitted by:	Marcus Alves Grando <marcus@@corp.grupos.com.br>
@
text
@d21 1
a21 1
MAINTAINER=	marcus@@corp.grupos.com.br
@


1.98
log
@- Update to 4.2p1

PR:		ports/85578
Submitted by:	Marcus Grando <marcus@@corp.grupos.com.br>
@
text
@d21 1
a21 1
MAINTAINER=	ports@@FreeBSD.org
@


1.97
log
@- Update to 4.1p1

PR:		ports/81948
Submitted by:	Daniel Gerzo <danger@@rulez.sk>
@
text
@d9 1
a9 1
PORTVERSION=	4.1.0.1
d24 2
a25 1
OPENSSHVERSION=	4.1p1
d56 7
d71 3
a73 1
.if !defined(ENABLE_SUID_SSH)
d82 4
d88 1
d94 3
d139 5
a143 5
.if defined(OPENSSH_OVERWRITE_BASE)
	-${MKDIR} ${EMPTYDIR}
.else
	-${MKDIR} ${PREFIX}/empty
.endif
d148 5
a152 5
.for i in ${PRECIOUS}
	-@@[ -f ${ETCOLD}/${i} ] && [ ! -f ${ETCSSH}/${i} ] && \
		${ECHO_MSG} ">> Linking ${ETCSSH}/${i} from old layout." && \
		${LN} ${ETCOLD}/${i} ${ETCSSH}/${i}
.endfor
d155 3
a157 3
.if !defined(OPENSSH_OVERWRITE_BASE)
	${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample
.endif
d160 3
a162 3
.if !defined(OPENSSH_OVERWRITE_BASE)
	@@${CAT} ${PKGMESSAGE}
.endif
a169 17
.include <bsd.port.pre.mk>

SUDO?=
MAKE_ENV+=	SUDO="${SUDO}"

.if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI)
.if ${OPENSSLBASE} == "/usr"
CONFIGURE_ARGS+=	--without-rpath
LDFLAGS=
.endif
.else
CONFIGURE_ARGS+=	--with-rpath=${OPENSSLRPATH}
.endif
.if ${OPENSSLBASE} != "/usr"
CONFIGURE_ARGS+=	--with-ssl-dir=${OPENSSLBASE}
.endif

@


1.96
log
@- Don't specify --with-ssl-dir when using the system's OpenSSL

PR:		ports/79355
Submitted by:	Mark Andrews <Mark_Andrews@@isc.org>
@
text
@d9 1
a9 1
PORTVERSION=	4.0.0.1
d24 1
a24 1
OPENSSHVERSION=	4.0p1
d47 1
a47 1
CONFIGURE_ARGS+=	--prefix=${PREFIX} --with-md5-passwords
@


1.95
log
@- Update to 4.0p1

PR:		ports/79029
Submitted by:	Dimitry Andric <dimitry@@andric.com>
@
text
@d165 1
d167 1
@


1.94
log
@- drop maintainership
@
text
@d9 1
a9 1
PORTVERSION=	3.9.0.1
d17 1
a18 1
MASTER_SITE_SUBDIR=	${MASTER_SITE_SUBDIR2}
d24 1
a24 1
OPENSSHVERSION=	3.9p1
d31 1
a31 1
MASTER_SITE_SUBDIR2=	
@


1.93
log
@- new option WITH_OPENSSH_CHROOT
Submitted by:	KANAI Makoto
@
text
@d21 1
a21 1
MAINTAINER=	dinoex@@FreeBSD.org
@


1.92
log
@- update to 3.9p1

set PORTVERSION 3.9.0.1 to avoid another
bump of PORTEPOCH if 3.9.1p1 come out.

- new option OPENSSH_SNAPSHOT
@
text
@d84 4
@


1.91
log
@- bump PORTEPOCH
Reported by kriS
@
text
@d9 4
a12 1
PORTVERSION=	3.8.1p1
d15 2
a16 2
MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
		ftp://carroll.cac.psu.edu/pub/OpenBSD/OpenSSH/portable/
d18 2
d24 12
d149 3
@


1.90
log
@- update to 3.8.1p1
@
text
@d10 1
@


1.89
log
@- force kerberos by option WITH_GSSAPI
@
text
@d9 1
a9 1
PORTVERSION=	3.8p1
@


1.88
log
@- make PKGNAMESUFFIX more flexible
@
text
@d49 1
a49 1
.if defined(KRB5_HOME) && exists(${KRB5_HOME})
d132 1
a132 1
.if defined(KRB5_HOME) && exists(${KRB5_HOME})
@


1.87
log
@- add SIZE
@
text
@d13 1
a13 1
PKGNAMESUFFIX?=	-portable
d35 1
d50 2
a51 1
PKGNAMESUFFIX=	-gssapi
d68 1
a68 1
PKGNAMESUFFIX=	-overwrite-base
d92 1
a92 1
	@@${REINPLACE_CMD} -e 's|-ldes||g' ${WRKSRC}/configure
@


1.86
log
@- update to 3.8p1
@
text
@d48 16
a87 16

.if defined(BATCH)
EXTRA_PATCHES+=		${FILESDIR}/batch.patch
.endif

.if defined(KRB5_HOME) && exists(${KRB5_HOME})
PKGNAMESUFFIX=	-gssapi
CONFLICTS+=	openssh-portable-*
CONFIGURE_ARGS+=	--with-kerberos5=${KRB5_HOME}
.else
CONFLICTS+=	openssh-gssapi-*
.if !defined(WITHOUT_KERBEROS) && exists(/usr/include/krb5.h)
CONFIGURE_ARGS+=	--with-kerberos5
EXTRA_PATCHES+=		${FILESDIR}/gss-serv.c.patch
.endif
.endif
@


1.85
log
@- new option WITHOUT_KERBEROS

PR:		58156
Submitted by:	matt@@peterson.org
@
text
@d9 1
a9 1
PORTVERSION=	3.7.1p2
d124 1
@


1.84
log
@- fix build with kerberos5 from base and missing libdes
- get rid of autoconf dependency
@
text
@d83 1
a83 1
.if exists(/usr/include/krb5.h)
@


1.83
log
@- fix spelling of gssapi
@
text
@d27 1
a79 2
BUILD_DEPENDS+=		autoreconf:${PORTSDIR}/devel/autoconf
# USE_AUTOCONF_VER=	252 # broken
a80 11
AUTORECONF=	autoreconf

post-patch:
	@@${ECHO_MSG} Applying extra patch for GSS-API key-exchange...
	@@${PATCH} ${PATCH_DIST_ARGS:S/-p0/-p1/} \
		< ${DISTDIR}/${GSSAPI_PATCH}

pre-configure:
	@@${ECHO_MSG} !!!! Warning this option uses autoreconf !!!
	(cd ${CONFIGURE_WRKSRC} && ${SETENV} ${AUTOCONF_ENV} ${AUTORECONF} \
		${AUTOCONF_ARGS})
d82 1
d85 1
a85 1
EXTRA_PATCHES+=	${FILESDIR}/gss-serv.c.patch
a86 2
.else
CONFLICTS+=	openssh-gssapi-*
d88 3
@


1.82
log
@- add CONFLICTS
Submitted by:	eikemeier@@fillmore-labs.com
@
text
@d78 1
a78 1
CONFILCTS+=	openssh-portable-*
d99 1
a99 1
CONFILCTS+=	openssh-gssapi-*
@


1.81
log
@- GSSAPI patch improved for kerbers5 and hemidal

Submitted by:	bg@@sics.se
@
text
@d23 1
d78 1
d95 2
a96 2
CONFIGURE_ARGS+=        --with-kerberos5
EXTRA_PATCHES+=         ${FILESDIR}/gss-serv.c.patch
d98 2
@


1.80
log
@- cleanup GSSAPI option
@
text
@d91 5
@


1.79
log
@- update to 3.7.1p2
more regressions tests successfull
@
text
@a76 6
GSSAPI_PATCH=	${PORTNAME}-3.6.1p2-gssapi-20030430.diff
GSSAPI_SITE=	http://www.sxw.org.uk/computing/patches/
MASTER_SITES+=	${GSSAPI_SITE}
DISTFILES=	${EXTRACT_ONLY} ${GSSAPI_PATCH}
EXTRACT_ONLY=	${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX}
EXTRA_PATCHES+=		${FILESDIR}/servconf.c.patch
@


1.78
log
@- Security Fix in PAM handling
Obtained from:	des
@
text
@d9 1
a9 2
PORTVERSION=	3.6.1p2
PORTREVISION=	5
a32 1
ADDME+=		auth2-pam-freebsd.c
a73 5

post-extract:
.for i in ${ADDME}
	@@${CP} ${FILESDIR}/${i} ${WRKSRC}/
.endfor
@


1.77
log
@- mark FORBIDDEN until fixed.
@
text
@d10 1
a10 1
PORTREVISION=	4
a17 2

FORBIDDEN=	Security Problem with PAM
@


1.76
log
@- Security Fix obtained from OpenBSD
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/buffer.c.diff?r1=1.18&r2=1.19

Submitted by:	ash@@lab.poc.net
@
text
@d19 2
@


1.75
log
@Add Solar Designer's additional fixes to buffer management.
@
text
@d10 1
a10 1
PORTREVISION=	3
@


1.74
log
@- Securitry Fix revision 2
http://www.openssh.com/txt/buffer.adv
Approved by:	lioux (portmgr)
@
text
@d10 1
a10 1
PORTREVISION=	2
@


1.73
log
@Do not record expanded size before attempting to reallocate associated
memory.

Obtained from:	OpenBSD
@
text
@d10 1
a10 1
PORTREVISION=	1
@


1.72
log
@- use OPENSSLRPATH from bsd.openssl.mk
- strip CONFIGURE_ENV, LDFLAGS is set in bsd.openssl.mk
@
text
@d10 1
@


1.71
log
@- use hook for bsd.openssl.mk
@
text
@a25 1
CONFIGURE_ENV+=		LDFLAGS=${LDFLAGS}
d147 2
@


1.70
log
@- Update to gssapi-20030430
Submitted by:	wollman@@lcs.mit.edu
@
text
@d23 1
a142 1
.include "${PORTSDIR}/security/openssl/bsd.openssl.mk"
@


1.69
log
@- Update to 3.6.1p2
@
text
@a81 1
BROKEN=		patch conflicts with 3.5p1
d83 1
a83 1
GSSAPI_PATCH=	${PORTNAME}-3.4p1-gssapi-20020627.diff
d89 1
a89 1
BUILD_DEPENDS=		autoconf:${PORTSDIR}/devel/autoconf
d92 1
a92 2
AUTOCONF=	autoconf
AUTOHEADER=	autoheader
d100 2
a101 2
	@@${ECHO_MSG} !!!! Warning this option uses autoconf/autoheader !!!
	(cd ${CONFIGURE_WRKSRC} && ${SETENV} ${AUTOCONF_ENV} ${AUTOCONF} \
a102 1
	(cd ${CONFIGURE_WRKSRC} && ${SETENV} ${AUTOCONF_ENV} ${AUTOHEADER})
d143 6
@


1.68
log
@- honor any given LDFLAGS
@
text
@d9 1
a9 1
PORTVERSION=	3.6.1p1
@


1.67
log
@- Change all USE_OPENSSL_* to WITH_OPENSSL_*
@
text
@d25 1
@


1.66
log
@- use bsd.openssl.mk
@
text
@d47 1
a47 1
USE_OPENSSL_BASE=	yes
@


1.65
log
@- Update to 3.6.1p1
@
text
@d144 1
a144 1
.include "${PORTSDIR}/security/openssl/Makefile.ssl"
@


1.64
log
@- extend regression tests
@
text
@d9 1
a9 1
PORTVERSION=	3.6p1
@


1.63
log
@- Update to 3.6p1
@
text
@d139 1
a139 1
	PATH=${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
@


1.62
log
@- add USE_PERL5_BUILD
@
text
@d9 1
a9 2
PORTVERSION=	3.5p1
PORTREVISION=	1
@


1.61
log
@- add COMMENT
@
text
@d26 1
@


1.60
log
@- openssh-3.5p1 doesn't log utmp for IPv6 connection correctly
Submitted by:	ume
@
text
@d17 1
@


1.59
log
@openssh-gssapi-3.5p1 is marked as broken
@
text
@d10 1
@


1.58
log
@remove an disfuntional MASTER_SITE
@
text
@d79 1
d81 1
a81 1
GSSAPI_PATCH=	${PORTNAME}-${PORTVERSION}-gssapi-20020627.diff
@


1.57
log
@Update to 3.5p1
@
text
@a11 1
		ftp://ftp.op.net/pub/OpenBSD/OpenSSH/portable/ \
@


1.56
log
@add bugfix from CURRENT
@
text
@d9 1
a9 2
PORTVERSION=	3.4p1
PORTREVISION=	8
@


1.55
log
@Fix resolver problem with privilege-separation.
PR:		39953
@
text
@d10 1
a10 1
PORTREVISION=	7
@


1.54
log
@- add pam_cleanup from CURRENT
- Fix build problems < 4.0
PR:		40576
@
text
@d10 1
a10 1
PORTREVISION=	6
@


1.53
log
@Add bits for regression tests
Fix build for /var/empty is schg and have open permissions.
@
text
@d10 1
a10 1
PORTREVISION=	5
@


1.52
log
@- Fix Problem with HAVE_HOST_IN_UTMP
- update monitor.c

PR:		40576
Submitted by:	lxv@@a-send-pr.sink.omut.org
@
text
@d136 5
@


1.51
log
@merge PAM buffer management from current.
@
text
@d10 1
a10 1
PORTREVISION=	4
@


1.50
log
@'PermitRootLogin no' is the new default for the OpenSSH port.
This now matches the PermitRootLogin configuration of OpenSSH in
the base system.  Please be aware of this when upgrading your
OpenSSH port, and if truly necessary, re-enable remote root login
by readjusting this option in your sshd_config.

Users are encouraged to create single-purpose users with ssh keys
and very narrowly defined sudo privileges instead of using root
for automated tasks.

- PKGNAMESUFFIX for GSSAPI set.
- Merged some patches from current to improve PAM.
- Fix BATCH=yes for bento.
@
text
@d10 1
a10 1
PORTREVISION=	3
@


1.49
log
@give Enviroment from login.conf priority over all others,
problem found by drs@@rucus.ru.ac.za.
@
text
@d10 1
a10 1
PORTREVISION=	2
d15 1
a15 1
PKGNAMESUFFIX=	-portable
d32 1
d75 5
d81 1
@


1.48
log
@Update gssapi patch
@
text
@d10 1
a10 1
PORTREVISION=	1
@


1.47
log
@Defaults changed: (Gregory Sutter)
 ChallengeResponseAuthentication no
 UseLogin no

patch for configure, to detect MAP_ANON submitted by:
Christophe Labouisse,Michael Handler,Gert Doering,Phil Oleson,Dave Baker

fix missing includes for "canohost.h"
@
text
@d75 1
a75 1
GSSAPI_PATCH=	${PORTNAME}-${PORTVERSION}-gssapi-20020527.diff
@


1.46
log
@Update to openssh-3.4
Update to openssh-3.4p1
@
text
@d10 1
@


1.45
log
@Security FIX, Please update to this Version.

Options for both:
USE_OPENSSL_BASE=yes
	uses an older opensssl in the base system.

Options for portable:
OPENSSH_OVERWRITE_BASE=yes
	includes USE_OPENSSL_BASE=yes
	installls in the paths of the base system
@
text
@d9 1
a9 2
PORTVERSION=	3.3p1
PORTREVISION=	5
@


1.44
log
@Thanks to max@@wide.ad.jp, maxim, obraun@@informatik.unibw-muenchen.de, fjoe
Patch from current, noted by drs@@rucus.ru.ac.za:
environment variables in the 'setenv' field of login.conf are set now.
@
text
@d10 1
a10 1
PORTREVISION=	3
d54 2
d64 1
d125 1
d127 1
@


1.43
log
@Streamline OPENSSH_OVERWRITE_BASE=yes
@
text
@d10 1
a10 1
PORTREVISION=	2
d101 3
d105 1
d117 1
a117 1
.if defined(OPENSSH_OVERWRITE_BASE)
@


1.42
log
@Migrate configuration files to $PREFIX/etc/ssh/
Add ${PREFIX}/etc/rc.d/sshd.sh.sample
@
text
@d53 1
d61 1
d113 1
d115 1
@


1.41
log
@change --with-privsep-path if OPENSSH_OVERWRITE_BASE is in effect.
Submitted by:	brad@@brad-x.com
@
text
@d10 1
a10 1
PORTREVISION=	1
d27 5
a31 4
CLEAN=		etc/ssh_config etc/sshd_config etc/moduli \
		etc/ssh_host_key etc/ssh_host_key.pub \
		etc/ssh_host_dsa_key etc/ssh_host_dsa_key.pub \
		etc/ssh_host_rsa_key etc/ssh_host_rsa_key.pub
d50 3
a52 3
CONFIGURE_ARGS+=	--mandir=${MANPREFIX}/man \
		--sysconfdir=/etc/ssh --localstatedir=/var
EMPTYDIR=	${PREFIX}/empty
d54 1
d56 4
d61 2
d90 1
a90 1
                ${AUTOCONF_ARGS})
d94 4
d99 1
a99 1
	-${MKDIR} ${EMPTYDIR}
d103 6
d111 3
@


1.40
log
@Create user for privsep
@
text
@a26 1
CONFIGURE_ARGS+=	--with-privsep-path=${PREFIX}/empty
d51 3
d55 1
d87 1
d90 1
a90 2
		-h - -d ${PREFIX}/empty -s /nonexistent -c "sshd privilege separation"; fi
	${MKDIR} ${PREFIX}/empty
@


1.39
log
@Update: openssh-3.2.3p1
New manpages: ssh-keysign.8 sftp-server.8 sshd.8
New program ssh-keysign
@
text
@d10 1
d27 1
d82 6
@


1.38
log
@- Get rid of PERL and use SED
@
text
@d9 1
a9 2
PORTREVISION=	2
PORTVERSION=	3.2.3p1
d20 2
a21 1
MAN8=	sftp-server.8 sshd.8
@


1.37
log
@Fix typing error in OPTION

Submitted by:	joseph@@randomnetworks.com
@
text
@d86 1
a86 1
.include <${PORTSDIR}/security/openssl/Makefile.ssl>
@


1.36
log
@Honor Option ENABLE_SUID_SSH
Build defaults witouth SUID
@
text
@d44 1
a44 1
USE_OPELSSL_BASE=	yes
@


1.35
log
@- get rid of duplicate code in Makefiles.
- Fix USE_OPENSSL_PORT and USE_OPENSSL_BASE
- drop obsolete/broken USE_OPENSSL
@
text
@d9 1
a9 1
PORTREVISION=	1
d37 4
@


1.34
log
@Update to OpenSSH 3.2.3

- patch openssh-3.1-adv.token.patch is now obsolete.
- remerged PAM changes form previous port
- declare CMSG_* macros.
- fixed bad type in function input_userauth_passwd_changereq

Update to OpenSSH-portable-3.2.3p1

- patch openssh-3.1p1-adv.token.patch is now obsolete
- keep previously declared CONFIGURE_ARGS
- remove openssh-mit-krb5-20020326.diff (should be in the distribution now)
- patch patch-readpassphrase.c is now in teh distribution
- merged previous patches.
- extend CONFIGURE_ARGS so it find OPENSSL again.
- new patches for GSSAPI, not fully tested.

If you have the patch applied:
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/36080

Builds with openssl-0.9.6d under:
2.2.8-RELEASE
3.2-RELEASE
4.2-RELEASE
4.6-RC
@
text
@d9 1
a23 1
USE_OPENSSL=	yes
d40 1
d82 2
a83 11
.if ${OSVERSION} < 430000 || exists(${LOCALBASE}/lib/libcrypto.so.3)
OPENSSLBASE=	${LOCALBASE}
OPENSSLDIR=	${OPENSSLBASE}/openssl
LIB_DEPENDS+=	crypto.3:${PORTSDIR}/security/openssl
OPENSSLLIB=	${OPENSSLBASE}/lib
OPENSSLINC=	${OPENSSLBASE}/include
MAKE_ENV+=	OPENSSLLIB=${OPENSSLLIB} OPENSSLINC=${OPENSSLINC} \
		OPENSSLBASE=${OPENSSLBASE} OPENSSLDIR=${OPENSSLDIR}
CONFIGURE_ARGS+=	--with-ssl=${OPENSSLBASE}
.endif

@


1.33
log
@Use crypto.3 as dependeny.
To keep consistent with USE_SSL in bsd.port.mk
@
text
@d9 1
a9 2
PORTVERSION=	3.1p1
PORTREVISION=	4
a15 3
PATCH_SITES=	${MASTER_SITES}
PATCHFILES=	openssh-3.1p1-adv.token.patch

d25 1
a25 1
CONFIGURE_ARGS?=	--prefix=${PREFIX} --with-md5-passwords
d52 1
d55 1
a55 1
DISTFILES=	${EXTRACT_ONLY} ${PORTNAME}-${PORTVERSION}-gssapi-20020321.diff
a56 2
PATCH_SITES+=	${GSSAPI_SITE}
PATCHFILES+=	${PORTNAME}-mit-krb5-20020319.diff
d67 1
a67 1
		< ${DISTDIR}/${PORTNAME}-${PORTVERSION}-gssapi-20020321.diff
d89 1
d91 1
@


1.32
log
@Chase openssl shlib version increase.

Pointy hat to:	dinoex
@
text
@d89 1
a89 1
LIB_DEPENDS+=	ssl.3:${PORTSDIR}/security/openssl
@


1.31
log
@openssl:
- some configure scripts check the version of the lib
  so we need to update SHLIBVER
- bump PORTREVISION

openssh:
- build ports with local openssl, if it exists
@
text
@d89 1
a89 1
LIB_DEPENDS+=	crypto.3:${PORTSDIR}/security/openssl
@


1.30
log
@Security fix for token passing, see bugtraq for details.
- fetch and use openssh-3.1-adv.token.patch to build.
- bump PORTREVISION
@
text
@d86 2
a87 2
.if ${OSVERSION} < 430000
OPENSSLBASE=	/usr/local
d89 1
a89 1
LIB_DEPENDS+=	crypto.2:${PORTSDIR}/security/openssl
@


1.29
log
@- Fix problem with auth_ttyok and ttyname
- Make KERBEROS patch build with heimdal port
@
text
@d10 1
a10 1
PORTREVISION=	3
d17 3
d56 2
a57 1
MASTER_SITES+=	${PATCH_SITES}
d60 2
a61 2
PATCH_SITES=	http://www.sxw.org.uk/computing/patches/
PATCHFILES=	${PORTNAME}-mit-krb5-20020319.diff
@


1.28
log
@- Update patches for Option KRB5_HOME
	openssh-3.1p1-gssapi-20020321.diff
	openssh-mit-krb5-20020319.diff
@
text
@d10 1
a10 1
PORTREVISION=	2
d58 1
@


1.27
log
@Merged patches for HAVE_LOGIN_CAP from stable

PR:		35904
@
text
@a52 1
BROKEN=		Need updated patches from Simon Wilkinson
d54 1
a54 1
DISTFILES=	${EXTRACT_ONLY} ${PORTNAME}-${PORTVERSION}-gssapi.patch
d57 1
a57 1
PATCHFILES=	${PORTNAME}-${PORTVERSION}-krb5.patch
d67 1
a67 1
		< ${DISTDIR}/${PORTNAME}-${PORTVERSION}-gssapi.patch
@


1.26
log
@Fixed Build in 4.2
Add correct Version of OPENSSL in dependencies if older than 4.3
(bsd.ports.mk) is still not sufficent.
@
text
@d10 1
a10 1
PORTREVISION=	1
@


1.25
log
@Allow IPv6 connection if detected by configure.

Submitted by:	ume
@
text
@d80 13
a92 1
.include <bsd.port.mk>
@


1.24
log
@Fix thinko and make it possible to disable Kerberos support on the
make command line even if KRB5_HOME is set in make.conf.
@
text
@d10 1
@


1.23
log
@Mark BROKEN in Kerberos case: Simon Wilkinson has not released
updated patches yet.  (I hope dinoex doesn't mind my committing this.)
@
text
@d51 1
a51 1
.if defined(KRB5_HOME) && exists(KRB5_HOME)
@


1.22
log
@Update to OpenSSH 3.1 OpennSSH-portable 3.1p1

- update patch-au,patch-session.c for password changes.
- patch-channel.c is now integrated

Excerpt from Changelog:

20020304
 - OpenBSD CVS Sync
   - deraadt@@cvs.openbsd.org 2002/02/26 18:52:32
     [sftp.1]
     Ic cannot have that many arguments; spotted by mouring@@etoh.eviladmin.org
   - mouring@@cvs.openbsd.org 2002/02/26 19:04:37
     [sftp.1]
     > Ic cannot have that many arguments; spotted by mouring@@etoh.eviladmin.org
     Last Ic on the first line should not have a space between it and the final
     comma.
   - deraadt@@cvs.openbsd.org 2002/02/26 19:06:43
     [sftp.1]
     no, look closely.  the comma was highlighted. split .Ic even more
   - stevesk@@cvs.openbsd.org 2002/02/26 20:03:51
     [misc.c]
     use socklen_t
   - stevesk@@cvs.openbsd.org 2002/02/27 21:23:13
     [canohost.c channels.c packet.c sshd.c]
     remove unneeded casts in [gs]etsockopt(); ok markus@@
   - markus@@cvs.openbsd.org 2002/02/28 15:46:33
     [authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c]
     add some const EVP_MD for openssl-0.9.7
   - stevesk@@cvs.openbsd.org 2002/02/28 19:36:28
     [auth.c match.c match.h]
     delay hostname lookup until we see a ``@@'' in DenyUsers and AllowUsers
     for sshd -u0; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/02/28 20:36:42
     [sshd.8]
     DenyUsers allows user@@host pattern also
   - stevesk@@cvs.openbsd.org 2002/02/28 20:46:10
     [sshd.8]
     -u0 DNS for user@@host
   - stevesk@@cvs.openbsd.org 2002/02/28 20:56:00
     [auth.c]
     log user not allowed details, from dwd@@bell-labs.com; ok markus@@
   - markus@@cvs.openbsd.org 2002/03/01 13:12:10
     [auth.c match.c match.h]
     undo the 'delay hostname lookup' change
     match.c must not use compress.c (via canonhost.c/packet.c)
     thanks to wilfried@@
   - markus@@cvs.openbsd.org 2002/03/04 12:43:06
     [auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
   - markus@@cvs.openbsd.org 2002/03/04 13:10:46
     [misc.c]
     error-> debug, because O_NONBLOCK for /dev/null causes too many different
     errnos; ok stevesk@@, deraadt@@
     unused include
   - stevesk@@cvs.openbsd.org 2002/03/04 17:27:39
     [auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
      channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
      groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
      servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
      uuencode.c xmalloc.h]
     $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
     missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
     files.  ok markus@@
   - stevesk@@cvs.openbsd.org 2002/03/04 18:30:23
     [ssh-keyscan.c]
     handle connection close during read of protocol version string.
     fixes erroneous "bad greeting".  ok markus@@
   - markus@@cvs.openbsd.org 2002/03/04 19:37:58
     [channels.c]
     off by one; thanks to joost@@pine.nl
20020226
 - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests
   based on patch by mooney@@dogbert.cc.ndsu.nodak.edu (Tim Mooney)
   Bug 45 [configure.ac] modify skey test to work around conflict with autoconf
   reported by nolan@@naic.edu (Michael Nolan)
   patch by  Pekka Savola <pekkas@@netcore.fi>
   Bug 74 [configure.ac defines.h] add sig_atomic_t test
   reported by dwd@@bell-labs.com (Dave Dykstra)
   Bug 102 [defines.h] UNICOS fixes. patch by wendyp@@cray.com
   [configure.ac Makefile.in] link libwrap only with sshd
   based on patch by Maciej W. Rozycki <macro@@ds2.pg.gda.pl>
   Bug 123 link libpam only with sshd
   reported by peak@@argo.troja.mff.cuni.cz (Pavel Kankovsky)
   [configure.ac defines.h] modify previous SCO3 fix to not break Solaris 7
   [acconfig.h] remove unused HAVE_REGCOMP
   [configure.ac] put back in search for prngd-socket
 - (stevesk) openbsd-compat/base64.h: typo in comment
 - (bal) OpenBSD CVS Sync
   - markus@@cvs.openbsd.org 2002/02/15 23:54:10
     [auth-krb5.c]
     krb5_get_err_text() does not like context==NULL; he@@nordu.net via google;
     ok provos@@
   - markus@@cvs.openbsd.org 2002/02/22 12:20:34
     [log.c log.h ssh-keyscan.c]
     overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@@
   - markus@@cvs.openbsd.org 2002/02/23 17:59:02
     [kex.c kexdh.c kexgex.c]
     don't allow garbage after payload.
   - stevesk@@cvs.openbsd.org 2002/02/24 16:09:52
     [sshd.c]
     use u_char* here; ok markus@@
   - markus@@cvs.openbsd.org 2002/02/24 16:57:19
     [sftp-client.c]
     early close(), missing free; ok stevesk@@
   - markus@@cvs.openbsd.org 2002/02/24 16:58:32
     [packet.c]
     make 'cp' unsigned and merge with 'ucp'; ok stevesk@@
   - markus@@cvs.openbsd.org 2002/02/24 18:31:09
     [uuencode.c]
     typo in comment
   - markus@@cvs.openbsd.org 2002/02/24 19:14:59
     [auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
      ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
     signed vs. unsigned: make size arguments u_int, ok stevesk@@
   - stevesk@@cvs.openbsd.org 2002/02/24 19:59:42
     [channels.c misc.c]
     disable Nagle in connect_to() and channel_post_port_listener() (port
     forwarding endpoints).  the intention is to preserve the on-the-wire
     appearance to applications at either end; the applications can then
     enable TCP_NODELAY according to their requirements. ok markus@@
   - markus@@cvs.openbsd.org 2002/02/25 16:33:27
     [ssh-keygen.c sshconnect2.c uuencode.c uuencode.h]
     more u_* fixes
 - (bal) Imported missing fatal.c and fixed up Makefile.in
 - (tim) [configure.ac] correction to Bug 123 fix
     [configure.ac] correction to sig_atomic_t test

20020224
 - (tim) [loginrec.c session.c sshlogin.c sshlogin.h] Bug 84
   patch by wknox@@mitre.org (William Knox).
   [sshlogin.h] declare record_utmp_only for session.c

20020219
 - (djm) OpenBSD CVS Sync
   - mpech@@cvs.openbsd.org 2002/02/13 08:33:47
     [ssh-keyscan.1]
     When you give command examples and etc., in a manual page prefix them with:     $ command
     or
     # command
   - markus@@cvs.openbsd.org 2002/02/14 23:27:59
     [channels.c]
     increase the SSH v2 window size to 4 packets. comsumes a little
     bit more memory for slow receivers but increases througput.
   - markus@@cvs.openbsd.org 2002/02/14 23:28:00
     [channels.h session.c ssh.c]
     increase the SSH v2 window size to 4 packets. comsumes a little
     bit more memory for slow receivers but increases througput.
   - markus@@cvs.openbsd.org 2002/02/14 23:41:01
     [authfile.c cipher.c cipher.h kex.c kex.h packet.c]
     hide some more implementation details of cipher.[ch] and prepares for move
     to EVP, ok deraadt@@
   - stevesk@@cvs.openbsd.org 2002/02/16 14:53:37
     [ssh-keygen.1]
     -t required now for key generation
   - stevesk@@cvs.openbsd.org 2002/02/16 20:40:08
     [ssh-keygen.c]
     default to rsa keyfile path for non key generation operations where
     keyfile not specified.  fixes core dump in those cases.  ok markus@@
   - millert@@cvs.openbsd.org 2002/02/16 21:27:53
     [auth.h]
     Part one of userland __P removal.  Done with a simple regexp with
     some minor hand editing to make comments line up correctly.  Another
     pass is forthcoming that handles the cases that could not be done
     automatically.
   - millert@@cvs.openbsd.org 2002/02/17 19:42:32
     [auth.h]
     Manual cleanup of remaining userland __P use (excluding packages
     maintained outside the tree)
   - markus@@cvs.openbsd.org 2002/02/18 13:05:32
     [cipher.c cipher.h]
     switch to EVP, ok djm@@ deraadt@@
   - markus@@cvs.openbsd.org 2002/02/18 17:55:20
     [ssh.1]
     -q: Fatal errors are _not_ displayed.
   - deraadt@@cvs.openbsd.org 2002/02/19 02:50:59
     [sshd_config]
     stategy is not an english word
 - (bal) OpenBSD CVS Sync
   - markus@@cvs.openbsd.org 2002/02/15 23:11:26
     [session.c]
     split do_child(), ok mouring@@
   - markus@@cvs.openbsd.org 2002/02/16 00:51:44
     [session.c]
     typo

20020218
 - (tim) newer config.guess from ftp://ftp.gnu.org/gnu/config/config.guess

20020213
 - (djm) Bug #114 - not starting PAM for SSH protocol 1 invalid users

20020213
 - (djm) OpenBSD CVS Sync
   - markus@@cvs.openbsd.org 2002/02/11 16:10:15
     [kex.c]
     restore kexinit handler if we reset the dispatcher, this unbreaks
     rekeying s/kex_clear_dispatch/kex_reset_dispatch/
   - markus@@cvs.openbsd.org 2002/02/11 16:15:46
     [sshconnect1.c]
     include md5.h, not evp.h
   - markus@@cvs.openbsd.org 2002/02/11 16:17:55
     [sshd.c]
     do not complain about port > 1024 if rhosts-auth is disabled
   - markus@@cvs.openbsd.org 2002/02/11 16:19:39
     [sshd.c]
     include md5.h not hmac.h
   - markus@@cvs.openbsd.org 2002/02/11 16:21:42
     [match.c]
     support up to 40 algorithms per proposal
   - djm@@cvs.openbsd.org 2002/02/12 12:32:27
     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
     Perform multiple overlapping read/write requests in file transfer. Mostly
     done by Tobias Ringstrom <tori@@ringstrom.mine.nu>; ok markus@@
   - djm@@cvs.openbsd.org 2002/02/12 12:44:46
     [sftp-client.c]
     Let overlapped upload path handle servers which reorder ACKs. This may be
     permitted by the protocol spec; ok markus@@
   - markus@@cvs.openbsd.org 2002/02/13 00:28:13
     [sftp-server.c]
     handle SSH2_FILEXFER_ATTR_SIZE in SSH2_FXP_(F)SETSTAT; ok djm@@
   - markus@@cvs.openbsd.org 2002/02/13 00:39:15
     [readpass.c]
     readpass.c is not longer from UCB, since we now use readpassphrase(3)
   - djm@@cvs.openbsd.org 2002/02/13 00:59:23
     [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp.h]
     [sftp-int.c sftp-int.h]
     API cleanup and backwards compat for filexfer v.0 servers; ok markus@@
 - (djm) Sync openbsd-compat with OpenBSD CVS too
 - (djm) Bug #106: Add --without-rpath configure option. Patch from
   Nicolas.Williams@@ubsw.com

20020210
 - (djm) OpenBSD CVS Sync
   - deraadt@@cvs.openbsd.org 2002/02/09 17:37:34
     [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
     move ssh config files to /etc/ssh
 - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
   - deraadt@@cvs.openbsd.org 2002/02/10 01:07:05
     [readconf.h sshd.8]
     more /etc/ssh; openbsd@@davidkrause.com

20020208
 - (djm) OpenBSD CVS Sync
   - markus@@cvs.openbsd.org 2002/02/04 12:15:25
     [sshd.c]
     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
     fixes arm/netbsd; based on patch from bjh21@@netbsd.org; ok djm@@
   - stevesk@@cvs.openbsd.org 2002/02/04 20:41:16
     [ssh-agent.1]
     more sync for default ssh-add identities; ok markus@@
   - djm@@cvs.openbsd.org 2002/02/05 00:00:46
     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
     Add "-B" option to specify copy buffer length (default 32k); ok markus@@
   - markus@@cvs.openbsd.org 2002/02/05 14:32:55
     [channels.c channels.h ssh.c]
     merge channel_request() into channel_request_start()
   - markus@@cvs.openbsd.org 2002/02/06 14:22:42
     [sftp.1]
     sort options; ok mpech@@, stevesk@@
   - mpech@@cvs.openbsd.org 2002/02/06 14:27:23
     [sftp.c]
     sync usage() with manual.
   - markus@@cvs.openbsd.org 2002/02/06 14:37:22
     [session.c]
     minor KNF
   - markus@@cvs.openbsd.org 2002/02/06 14:55:16
     [channels.c clientloop.c serverloop.c ssh.c]
     channel_new never returns NULL, mouring@@; ok djm@@
   - markus@@cvs.openbsd.org 2002/02/07 09:35:39
     [ssh.c]
     remove bogus comments

20020205
 - (djm) Cleanup after sync:
   - :%s/reverse_mapping_check/verify_reverse_mapping/g
 - (djm) OpenBSD CVS Sync
   - stevesk@@cvs.openbsd.org 2002/01/24 21:09:25
     [channels.c misc.c misc.h packet.c]
     add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning).
     no nagle changes just yet; ok djm@@ markus@@
   - stevesk@@cvs.openbsd.org 2002/01/24 21:13:23
     [packet.c]
     need misc.h for set_nodelay()
   - markus@@cvs.openbsd.org 2002/01/25 21:00:24
     [sshconnect2.c]
     unused include
   - markus@@cvs.openbsd.org 2002/01/25 21:42:11
     [ssh-dss.c ssh-rsa.c]
     use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@@
     don't use evp_md->md_size, it's not public.
   - markus@@cvs.openbsd.org 2002/01/25 22:07:40
     [kex.c kexdh.c kexgex.c key.c mac.c]
     use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@@
   - stevesk@@cvs.openbsd.org 2002/01/26 16:44:22
     [includes.h session.c]
     revert code to add x11 localhost display authorization entry for
     hostname/unix:d and uts.nodename/unix:d if nodename was different than
     hostname.  just add entry for unix:d instead.  ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/27 14:57:46
     [channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
     add X11UseLocalhost; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/27 18:08:17
     [ssh.c]
     handle simple case to identify FamilyLocal display; ok markus@@
   - markus@@cvs.openbsd.org 2002/01/29 14:27:57
     [ssh-add.c]
     exit 2 if no agent, exit 1 if list fails; debian#61078; ok djm@@
   - markus@@cvs.openbsd.org 2002/01/29 14:32:03
     [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c]
     [servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion;
     ok stevesk@@
   - stevesk@@cvs.openbsd.org 2002/01/29 16:29:02
     [session.c]
     limit subsystem length in log; ok markus@@
   - markus@@cvs.openbsd.org 2002/01/29 16:41:19
     [ssh-add.1]
     add DIAGNOSTICS; ok stevesk@@
   - markus@@cvs.openbsd.org 2002/01/29 22:46:41
     [session.c]
     don't depend on servconf.c; ok djm@@
   - markus@@cvs.openbsd.org 2002/01/29 23:50:37
     [scp.1 ssh.1]
     mention exit status; ok stevesk@@
   - markus@@cvs.openbsd.org 2002/01/31 13:35:11
     [kexdh.c kexgex.c]
     cross check announced key type and type from key blob
   - markus@@cvs.openbsd.org 2002/01/31 15:00:05
     [serverloop.c]
     no need for WNOHANG; ok stevesk@@
   - markus@@cvs.openbsd.org 2002/02/03 17:53:25
     [auth1.c serverloop.c session.c session.h]
     don't use channel_input_channel_request and callback
     use new server_input_channel_req() instead:
     	server_input_channel_req does generic request parsing on server side
     	session_input_channel_req handles just session specific things now
     ok djm@@
   - markus@@cvs.openbsd.org 2002/02/03 17:55:55
     [channels.c channels.h]
     remove unused channel_input_channel_request
   - markus@@cvs.openbsd.org 2002/02/03 17:58:21
     [channels.c channels.h ssh.c]
     generic callbacks are not really used, remove and
     add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
     ok djm@@
   - markus@@cvs.openbsd.org 2002/02/03 17:59:23
     [sshconnect2.c]
     more cross checking if announced vs. used key type; ok stevesk@@
   - stevesk@@cvs.openbsd.org 2002/02/03 22:35:57
     [ssh.1 sshd.8]
     some KeepAlive cleanup/clarify; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/02/03 23:22:59
     [ssh-agent.1]
     ssh-add also adds $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa now.
   - stevesk@@cvs.openbsd.org 2002/02/04 00:53:39
     [ssh-agent.c]
     unneeded includes
   - markus@@cvs.openbsd.org 2002/02/04 11:58:10
     [auth2.c]
     cross checking of announced vs actual pktype in pubkey/hostbaed auth;
     ok stevesk@@
   - markus@@cvs.openbsd.org 2002/02/04 12:15:25
     [log.c log.h readconf.c servconf.c]
     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
     fixes arm/netbsd; based on patch from bjh21@@netbsd.org; ok djm@@
   - stevesk@@cvs.openbsd.org 2002/02/04 20:41:16
     [ssh-add.1]
     more sync for default ssh-add identities; ok markus@@
   - djm@@cvs.openbsd.org 2002/02/04 21:53:12
     [sftp.1 sftp.c]
     Add "-P" option to directly connect to a local sftp-server. Should be
     useful for regression testing; ok markus@@
   - djm@@cvs.openbsd.org 2002/02/05 00:00:46
     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
     Add "-B" option to specify copy buffer length (default 32k); ok markus@@

20020130
 - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@@
 - (tim) [configure.ac] fix logic on when ssh-rand-helper is installed.
   [sshd_config] put back in line that tells what PATH was compiled into sshd.

20020125
 - (djm) Don't grab Xserver or pointer by default. x11-ssh-askpass doesn't
   and grabbing can cause deadlocks with kinput2.

20020124
 - (stevesk) Makefile.in: bug #61; delete commented line for now.

20020123
 - (djm) Fix non-standard shell syntax in autoconf. Patch from
   Dave Dykstra <dwd@@bell-labs.com>
 - (stevesk) fix --with-zlib=
 - (djm) Use case statements in autoconf to clean up some tests

20020122
 - (djm) autoconf hacking:
   - We don't support --without-zlib currently, so don't allow it.
   - Rework cryptographic random number support detection. We now detect
     whether OpenSSL seeds itself. If it does, then we don't bother with
     the ssh-rand-helper program. You can force the use of ssh-rand-helper
     using the --with-rand-helper configure argument
   - Simplify and clean up ssh-rand-helper configuration
   - Add OpenSSL sanity check: verify that header version matches version
     reported by library
 - (djm) Fix some bugs I introduced into ssh-rand-helper yesterday
 - OpenBSD CVS Sync
   - djm@@cvs.openbsd.org 2001/12/21 08:52:22
     [ssh-keygen.1 ssh-keygen.c]
     Remove default (rsa1) key type; ok markus@@
   - djm@@cvs.openbsd.org 2001/12/21 08:53:45
     [readpass.c]
     Avoid interruptable passphrase read; ok markus@@
   - djm@@cvs.openbsd.org 2001/12/21 10:06:43
     [ssh-add.1 ssh-add.c]
     Try all standard key files (id_rsa, id_dsa, identity) when invoked with
     no arguments; ok markus@@
   - markus@@cvs.openbsd.org 2001/12/21 12:17:33
     [serverloop.c]
     remove ifdef for USE_PIPES since fdin != fdout; ok djm@@
   - deraadt@@cvs.openbsd.org 2001/12/24 07:29:43
     [ssh-add.c]
     try all listed keys.. how did this get broken?
   - markus@@cvs.openbsd.org 2001/12/25 18:49:56
     [key.c]
     be more careful on allocation
   - markus@@cvs.openbsd.org 2001/12/25 18:53:00
     [auth1.c]
     be more carefull on allocation
   - markus@@cvs.openbsd.org 2001/12/27 18:10:29
     [ssh-keygen.c]
     -t is only needed for key generation (unbreaks -i, -e, etc).
   - markus@@cvs.openbsd.org 2001/12/27 18:22:16
     [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c]
     [scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
     call fatal() for openssl allocation failures
   - stevesk@@cvs.openbsd.org 2001/12/27 18:22:53
     [sshd.8]
     clarify -p; ok markus@@
   - markus@@cvs.openbsd.org 2001/12/27 18:26:13
     [authfile.c]
     missing include
   - markus@@cvs.openbsd.org 2001/12/27 19:37:23
     [dh.c kexdh.c kexgex.c]
     always use BN_clear_free instead of BN_free
   - markus@@cvs.openbsd.org 2001/12/27 19:54:53
     [auth1.c auth.h auth-rh-rsa.c]
     auth_rhosts_rsa now accept generic keys.
   - markus@@cvs.openbsd.org 2001/12/27 20:39:58
     [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h]
     [serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
   - markus@@cvs.openbsd.org 2001/12/28 12:14:27
     [auth1.c auth2.c auth2-chall.c auth-rsa.c channels.c clientloop.c]
     [kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c]
     [ssh.c sshconnect1.c sshconnect2.c sshd.c]
     s/packet_done/packet_check_eom/ (end-of-message); ok djm@@
   - markus@@cvs.openbsd.org 2001/12/28 13:57:33
     [auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
     packet_get_bignum* no longer returns a size
   - markus@@cvs.openbsd.org 2001/12/28 14:13:13
     [bufaux.c bufaux.h packet.c]
     buffer_get_bignum: int -> void
   - markus@@cvs.openbsd.org 2001/12/28 14:50:54
     [auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c]
     [packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c]
     [sshconnect2.c sshd.c]
     packet_read* no longer return the packet length, since it's not used.
   - markus@@cvs.openbsd.org 2001/12/28 15:06:00
     [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
     [dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
     remove plen from the dispatch fn. it's no longer used.
   - stevesk@@cvs.openbsd.org 2001/12/28 22:37:48
     [ssh.1 sshd.8]
     document LogLevel DEBUG[123]; ok markus@@
   - stevesk@@cvs.openbsd.org 2001/12/29 21:56:01
     [authfile.c channels.c compress.c packet.c sftp-server.c]
     [ssh-agent.c ssh-keygen.c]
     remove unneeded casts and some char->u_char cleanup; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/03 04:11:08
     [ssh_config]
     grammar in comment
   - stevesk@@cvs.openbsd.org 2002/01/04 17:59:17
     [readconf.c servconf.c]
     remove #ifdef _PATH_XAUTH/#endif; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/04 18:14:16
     [servconf.c sshd.8]
     protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
     /etc/ssh_host_dsa_key like we have in sshd_config.  ok markus@@
   - markus@@cvs.openbsd.org 2002/01/05 10:43:40
     [channels.c]
     fix hanging x11 channels for rejected cookies (e.g.
     XAUTHORITY=/dev/null xbiff) bug #36, based on patch from
     djast@@cs.toronto.edu
   - stevesk@@cvs.openbsd.org 2002/01/05 21:51:56
     [ssh.1 sshd.8]
     some missing and misplaced periods
   - markus@@cvs.openbsd.org 2002/01/09 13:49:27
     [ssh-keygen.c]
     append \n only for public keys
   - markus@@cvs.openbsd.org 2002/01/09 17:16:00
     [channels.c]
     merge channel_pre_open_15/channel_pre_open_20; ok provos@@
   - markus@@cvs.openbsd.org 2002/01/09 17:26:35
     [channels.c nchan.c]
     replace buffer_consume(b, buffer_len(b)) with buffer_clear(b);
     ok provos@@
   - markus@@cvs.openbsd.org 2002/01/10 11:13:29
     [serverloop.c]
     skip client_alive_check until there are channels; ok beck@@
   - markus@@cvs.openbsd.org 2002/01/10 11:24:04
     [clientloop.c]
     handle SSH2_MSG_GLOBAL_REQUEST (just reply with failure); ok djm@@
   - markus@@cvs.openbsd.org 2002/01/10 12:38:26
     [nchan.c]
     remove dead code (skip drain)
   - markus@@cvs.openbsd.org 2002/01/10 12:47:59
     [nchan.c]
     more unused code (with channels.c:1.156)
   - markus@@cvs.openbsd.org 2002/01/11 10:31:05
     [packet.c]
     handle received SSH2_MSG_UNIMPLEMENTED messages; ok djm@@
   - markus@@cvs.openbsd.org 2002/01/11 13:36:43
     [ssh2.h]
     add defines for msg type ranges
   - markus@@cvs.openbsd.org 2002/01/11 13:39:36
     [auth2.c dispatch.c dispatch.h kex.c]
     a single dispatch_protocol_error() that sends a message of
     type 'UNIMPLEMENTED'
     dispatch_range(): set handler for a ranges message types
     use dispatch_protocol_ignore() for authentication requests after
     successful authentication (the drafts requirement).
     serverloop/clientloop now send a 'UNIMPLEMENTED' message instead
     of exiting.
   - markus@@cvs.openbsd.org 2002/01/11 20:14:11
     [auth2-chall.c auth-skey.c]
     use strlcpy not strlcat; mouring@@
   - markus@@cvs.openbsd.org 2002/01/11 23:02:18
     [readpass.c]
     use _PATH_TTY
   - markus@@cvs.openbsd.org 2002/01/11 23:02:51
     [auth2-chall.c]
     use snprintf; mouring@@
   - markus@@cvs.openbsd.org 2002/01/11 23:26:30
     [auth-skey.c]
     use snprintf; mouring@@
   - markus@@cvs.openbsd.org 2002/01/12 13:10:29
     [auth-skey.c]
     undo local change
   - provos@@cvs.openbsd.org 2002/01/13 17:27:07
     [ssh-agent.c]
     change to use queue.h macros; okay markus@@
   - markus@@cvs.openbsd.org 2002/01/13 17:57:37
     [auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
     use buffer API and avoid static strings of fixed size;
     ok provos@@/mouring@@
   - markus@@cvs.openbsd.org 2002/01/13 21:31:20
     [channels.h nchan.c]
     add chan_set_[io]state(), order states, state is now an u_int,
     simplifies debugging messages; ok provos@@
   - markus@@cvs.openbsd.org 2002/01/14 13:22:35
     [nchan.c]
     chan_send_oclose1() no longer calls chan_shutdown_write(); ok provos@@
   - markus@@cvs.openbsd.org 2002/01/14 13:34:07
     [nchan.c]
     merge chan_[io]buf_empty[12]; ok provos@@
   - markus@@cvs.openbsd.org 2002/01/14 13:40:10
     [nchan.c]
     correct fn names for ssh2, do not switch from closed to closed;
     ok provos@@
   - markus@@cvs.openbsd.org 2002/01/14 13:41:13
     [nchan.c]
     remove duplicated code; ok provos@@
   - markus@@cvs.openbsd.org 2002/01/14 13:55:55
     [channels.c channels.h nchan.c]
     remove function pointers for events, remove chan_init*; ok provos@@
   - markus@@cvs.openbsd.org 2002/01/14 13:57:03
     [channels.h nchan.c]
     (c) 2002
   - markus@@cvs.openbsd.org 2002/01/16 13:17:51
     [channels.c channels.h serverloop.c ssh.c]
     wrapper for channel_setup_fwd_listener
   - stevesk@@cvs.openbsd.org 2002/01/16 17:40:23
     [sshd_config]
     The stategy now used for options in the default sshd_config shipped
     with OpenSSH is to specify options with their default value where
     possible, but leave them commented.  Uncommented options change a
     default value.  Subsystem is currently the only default option
     changed.  ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/16 17:42:33
     [ssh.1]
     correct defaults for -i/IdentityFile; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/16 17:55:33
     [ssh_config]
     correct some commented defaults.  add Ciphers default.  ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/17 04:27:37
     [log.c]
     casts to silence enum type warnings for bugzilla bug 37; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/18 17:14:16
     [sshd.8]
     correct Ciphers default; paola.mannaro@@ubs.com
   - stevesk@@cvs.openbsd.org 2002/01/18 18:14:17
     [authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c]
     unneeded cast cleanup; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/18 20:46:34
     [sshd.8]
     clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from
     allard@@oceanpark.com; ok markus@@
   - markus@@cvs.openbsd.org 2002/01/21 15:13:51
     [sshconnect.c]
     use read_passphrase+ECHO in confirm(), allows use of ssh-askpass
     for hostkey confirm.
   - markus@@cvs.openbsd.org 2002/01/21 22:30:12
     [cipher.c compat.c myproposal.h]
     remove "rijndael-*", just use "aes-" since this how rijndael is called
     in the drafts; ok stevesk@@
   - markus@@cvs.openbsd.org 2002/01/21 23:27:10
     [channels.c nchan.c]
     cleanup channels faster if the are empty and we are in drain-state;
     ok deraadt@@
   - stevesk@@cvs.openbsd.org 2002/01/22 02:52:41
     [servconf.c]
     typo in error message; from djast@@cs.toronto.edu
 - (djm) Make auth2-pam.c compile again after dispatch.h and packet.h
   changes
 - (djm) Recent Glibc includes an incompatible sys/queue.h. Treat it as
   bogus in configure
 - (djm) Use local sys/queue.h if necessary in ssh-agent.c

20020121
 - (djm) Rework ssh-rand-helper:
   - Reduce quantity of ifdef code, in preparation for ssh_rand_conf
   - Always seed from system calls, even when doing PRNGd seeding
   - Tidy and comment #define knobs
   - Remove unused facility for multiple runs through command list
   - KNF, cleanup, update copyright

20020114
 - (djm) Bug #50 - make autoconf entropy path checks more robust

20020108
 - (djm) Merge Cygwin copy_environment with do_pam_environment, removing
   fixed env var size limit in the process. Report from Corinna Vinschen
   <vinschen@@redhat.com>
 - (stevesk) defines.h: use "/var/spool/sockets/X11/%u" for HP-UX.  does
   not depend on transition links.  from Lutz Jaenicke.

20020106
 - (stevesk) defines.h: determine _PATH_UNIX_X; currently "/tmp/.X11-unix/X%u"
   for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u".

20020103
 - (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from
   Roger Cornelius <rac@@tenzing.org>
@
text
@d51 2
a52 1
.if defined(KRB5_HOME)
@


1.21
log
@Fix off-by-one error.

Obtained from:	OpenBSD

Bump PORTREVISION.
@
text
@d9 1
a9 2
PORTVERSION=	3.0.2p1
PORTREVISION=	1
@


1.20
log
@Add option to support patches:

        OpenSSH supports Kerberos v5 authentication, but this is not
        enabled in the portable version.  A patch is available to
        correct this deficiency for those wishing to use this port
        with Kerberos.  In addition, a patch is also available from
        Simon Wilkinson to implement the GSS-API key-exchange
        mechanism for SSHv2, which is currently being standardized.
        Use of this mechanism with Kerberos v5 obviates the need for
        manual management of host keys, a considerable improvement for
        large Kerberos sites.

PR:		34363
Submitted by:	wollman@@hergotha.lcs.mit.edu
@
text
@d10 1
@


1.19
log
@Add patch for: readpassphrase.h
	Someone in the OpenSSH world doesn't understand the difference
between application and implementation namespaces.  This causes
conflicts with <readpassphrase.h>.

PR:		34362
Submitted by:	wollman@@hergotha.lcs.mit.edu
@
text
@d51 24
@


1.18
log
@PKGNAMESUFFIX set for Option OPENSSH_OVERWRITE_BASE
@
text
@d23 1
a23 1
USE_OPENSSL=	YES
@


1.17
log
@Fix MANPREFIX, so manpages are compressed
@
text
@d40 1
@


1.16
log
@strip trailing \
@
text
@d41 2
a42 1
CONFIGURE_ARGS+=	--mandir=${PREFIX}/share/man \
@


1.15
log
@adding a knob to the OpenSSH port to allow people
to overwrite the ssh in the base system.
	make OPENSSH_OVERWRITE_BASE=yes

Submitted by:	n@@nectar.cc (Jacques A. Vidrine)
@
text
@d42 1
a42 1
		--sysconfdir=/etc/ssh --localstatedir=/var \
@


1.14
log
@- Udate to OpenSSH-3.0.2
- make batch-processing cleaner

20011202
 - (djm) Syn with OpenBSD OpenSSH-3.0.2
   - markus@@cvs.openbsd.org
     [session.c sshd.8 version.h]
     Don't allow authorized_keys specified environment variables when
     UseLogin in active
@
text
@d39 6
@


1.13
log
@In BATCH mode - clean generated host keys.
@
text
@d9 1
a9 1
PORTVERSION=	3.0.1p1
d39 4
a44 3
.if defined(BATCH)
	@@(cd ${PREFIX} && ${RM} -f ${CLEAN})
.endif
@


1.12
log
@Give dinoex@@ maintainership since he's really been maintaining it and
is better suited for maintaining this port.
@
text
@d16 1
a16 1
MAINTAINER= dinoex@@FreeBSD.org
d26 4
d41 3
@


1.11
log
@Update to openssh-3.0.1 and openssh-portable-3.0.1p1

- now in protocol2:
Background ssh at logout when waiting for forwarded connection / X11 sessions
to terminate

disabled -DSKEY

from Changelog (not complete):

20011115
 - (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian
   <djast@@cs.toronto.edu> Fix from markus@@
 - (djm) Release 3.0.1p1

20011113
 - (djm) Fix early (and double) free of remote user when using Kerberos.
   Patch from Simon Wilkinson <simon@@sxw.org.uk>
 - (djm) AIX login{success,failed} changes. Move loginsuccess call to
   do_authenticated. Call loginfailed for protocol 2 failures > MAX like
   we do for protocol 1. Reports from Ralf Wenk <wera0003@@fh-karlsruhe.de>,
   K.Wolkersdorfer@@fz-juelich.de and others
 - (djm) OpenBSD CVS Sync
   - dugsong@@cvs.openbsd.org 2001/11/11 18:47:10
     [auth-krb5.c]
     fix krb5 authorization check. found by <jhawk@@MIT.EDU>. from
     art@@, deraadt@@ ok
   - markus@@cvs.openbsd.org  2001/11/12 11:17:07
     [servconf.c]
     enable authorized_keys2 again. tested by fries@@

20011112
 - OpenBSD CVS Sync
   - markus@@cvs.openbsd.org 2001/10/24 08:41:41
     [sshd.c]
     mention remote port in debug message
   - markus@@cvs.openbsd.org 2001/10/24 08:51:35
     [clientloop.c ssh.c]
     ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@@
   - markus@@cvs.openbsd.org 2001/10/24 19:57:40
     [clientloop.c]
     make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
   - markus@@cvs.openbsd.org 2001/10/25 21:14:32
     [ssh-keygen.1 ssh-keygen.c]
     better docu for fingerprinting, ok deraadt@@
   - markus@@cvs.openbsd.org 2001/10/29 19:27:15
     [sshconnect2.c]
     hostbased: check for client hostkey before building chost
   - markus@@cvs.openbsd.org 2001/11/07 16:03:17
     [packet.c packet.h sshconnect2.c]
     pad using the padding field from the ssh2 packet instead of sending
     extra ignore messages. tested against several other ssh servers.
   - markus@@cvs.openbsd.org 2001/11/07 21:40:21
     [ssh-rsa.c]
     ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported
   - markus@@cvs.openbsd.org 2001/11/07 22:10:28
     [ssh-dss.c ssh-rsa.c]
     missing free and sync dss/rsa code.
   - markus@@cvs.openbsd.org 2001/11/07 22:53:21
     [channels.h]
     crank c->path to 256 so they can hold a full hostname; dwd@@bell-labs.com
   - markus@@cvs.openbsd.org 2001/11/08 10:51:08
     [readpass.c]
     don't strdup too much data; from gotoh@@taiyo.co.jp; ok millert.
   - markus@@cvs.openbsd.org 2001/11/10 13:22:42
     [ssh-rsa.c]
     KNF (unexpand)
   - markus@@cvs.openbsd.org 2001/11/11 13:02:31
     [servconf.c]
     make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if
     AuthorizedKeysFile is specified.

20011109
 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
   if permit_empty_passwd == 0 so null password check cannot be bypassed.
   jayaraj@@amritapuri.com OpenBSD bug 2168
@
text
@d16 1
a16 1
MAINTAINER= dwcjr@@FreeBSD.org
@


1.10
log
@Update to OpenSSH 3.0 and OpenSSH-portable 3.0p1
Extracted from Changelog (not complete):

20011012
   - markus@@cvs.openbsd.org 2001/10/10 22:18:47
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c session.h]
     try to keep channels open until an exit-status message is sent.
     don't kill the login shells if the shells stdin/out/err is closed.
     this should now work:
     ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
   - markus@@cvs.openbsd.org 2001/10/11 13:45:21
     [session.c]
     delay detach of session if a channel gets closed but the child is
     still alive.  however, release pty, since the fd's to the child are
     already closed.
   - markus@@cvs.openbsd.org 2001/10/11 15:24:00
     [clientloop.c]
     clear select masks if we return before calling select().

20011010
   - markus@@cvs.openbsd.org 2001/10/04 14:34:16
     [key.c]
     call OPENSSL_free() for memory allocated by openssl; from chombier@@mac.com
   - markus@@cvs.openbsd.org 2001/10/04 15:05:40
     [channels.c serverloop.c]
     comment out bogus conditions for selecting on connection_in
   - markus@@cvs.openbsd.org 2001/10/04 15:12:37
     [serverloop.c]
     client_alive_check cleanup
   - markus@@cvs.openbsd.org 2001/10/06 00:14:50
     [sshconnect.c]
     remove unused argument
   - markus@@cvs.openbsd.org 2001/10/06 00:36:42
     [session.c]
     fix typo in error message, sync with do_exec_nopty
   - markus@@cvs.openbsd.org 2001/10/06 11:18:19
     [sshconnect1.c sshconnect2.c sshconnect.c]
     unify hostkey check error messages, simplify prompt.
   - markus@@cvs.openbsd.org 2001/10/07 10:29:52
     [authfile.c]
     grammer; Matthew_Clarke@@mindlink.bc.ca
   - markus@@cvs.openbsd.org 2001/10/07 17:49:40
     [channels.c channels.h]
     avoid possible FD_ISSET overflow for channels established
     during channnel_after_select() (used for dynamic channels).
   - markus@@cvs.openbsd.org 2001/10/08 11:48:57
     [channels.c]
     better debug
   - markus@@cvs.openbsd.org 2001/10/08 16:15:47
     [sshconnect.c]
     use correct family for -b option
   - markus@@cvs.openbsd.org 2001/10/08 19:05:05
     [ssh.c sshconnect.c sshconnect.h ssh-keyscan.c]
     some more IPv4or6 cleanup
   - markus@@cvs.openbsd.org 2001/10/09 10:12:08
     [session.c]
     chdir $HOME after krb_afslog(); from bbense@@networking.stanford.edu
   - markus@@cvs.openbsd.org 2001/10/09 19:32:49
     [session.c]
     stat subsystem command before calling do_exec, and return error to client.
   - markus@@cvs.openbsd.org 2001/10/09 19:51:18
     [serverloop.c]
     close all channels if the connection to the remote host has been closed,
     should fix sshd's hanging with WCHAN==wait
   - markus@@cvs.openbsd.org 2001/10/09 21:59:41
     [channels.c channels.h serverloop.c session.c session.h]
     simplify session close: no more delayed session_close, no more
     blocking wait() calls.
 - (bal) seed_init() and seed_rng() required in ssh-keyscan.c

20011003
   - markus@@cvs.openbsd.org 2001/09/27 11:58:16
     [compress.c]
     mem leak; chombier@@mac.com
   - markus@@cvs.openbsd.org 2001/09/27 11:59:37
     [packet.c]
     missing called=1; chombier@@mac.com
   - markus@@cvs.openbsd.org 2001/09/27 15:31:17
     [auth2.c auth2-chall.c sshconnect1.c]
     typos; from solar
   - camield@@cvs.openbsd.org 2001/09/27 17:53:24
     [sshd.8]
     don't talk about compile-time options
     ok markus@@
   - djm@@cvs.openbsd.org 2001/09/28 12:07:09
     [ssh-keygen.c]
     bzero private key after loading to smartcard; ok markus@@
   - markus@@cvs.openbsd.org 2001/09/28 15:46:29
     [ssh.c]
     bug: read user config first; report kaukasoi@@elektroni.ee.tut.fi
   - markus@@cvs.openbsd.org 2001/10/01 08:06:28
     [scp.c]
     skip filenames containing \n; report jdamery@@chiark.greenend.org.uk
     and matthew@@debian.org
   - markus@@cvs.openbsd.org 2001/10/01 21:38:53
     [channels.c channels.h ssh.c sshd.c]
     remove ugliness; vp@@drexel.edu via angelos
   - markus@@cvs.openbsd.org 2001/10/01 21:51:16
     [readconf.c readconf.h ssh.1 sshconnect.c]
     add NoHostAuthenticationForLocalhost; note that the hostkey is
     now check for localhost, too.
   - djm@@cvs.openbsd.org 2001/10/02 08:38:50
     [ssh-add.c]
     return non-zero exit code on error; ok markus@@
   - stevesk@@cvs.openbsd.org 2001/10/02 22:56:09
     [sshd.c]
     #include "channels.h" for channel_set_af()
   - markus@@cvs.openbsd.org 2001/10/03 10:01:20
     [auth.c]
     use realpath() for homedir, too. from jinmei@@isl.rdc.toshiba.co.jp

20011001
 - (stevesk) loginrec.c: fix type conversion problems exposed when using
   64-bit off_t.

20010928
   - djm@@cvs.openbsd.org 2001/09/28 09:49:31
     [scard.c]
     Fix segv when smartcard communication error occurs during key load.
     ok markus@@
 - (djm) Update spec files for new x11-askpass

20010927
 - (stevesk) session.c: declare do_pre_login() before use
   wayned@@users.sourceforge.net

20010925
 - (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used.
 - (djm) Sync $sysconfdir/moduli
 - (djm) Avoid bad and unportable sprintf usage in compat code
@
text
@d9 1
a9 1
PORTVERSION=	3.0p1
@


1.9
log
@- included an patch that solves a coredump in sshd
- Bumped PORTREVISION

Submitted by:	ryanb@@goddamnbastard.org
@
text
@d9 1
a9 2
PORTVERSION=	2.9.9p2
PORTREVISION=	1
@


1.8
log
@- Update to OpenSSH 2.9.9p2
- security-patch for cookie files obsolete
- MD5 password support activated

Approved by:	dwcjr@@FreeBSD.org
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh-portable/Makefile,v 1.7 2001/08/19 17:22:37 dinoex Exp $
d10 1
@


1.7
log
@- Update to p2:
- stripped down some patches

20010617
 - (djm) Pull in small fix from -CURRENT for session.c:
    typo, use pid not s->pid, mstone@@cs.loyola.edu

20010615
 - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
   around grantpt().

20010614
 - (bal) Applied X11 Cookie Patch.  X11 Cookie behavior has changed to
   no longer use /tmp/ssh-XXXXX/

20010528
 - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
   Patch by Corinna Vinschen <vinschen@@redhat.com>

Approved by:	dwcjr@@freebsd.org
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh-portable/Makefile,v 1.6 2001/08/19 15:46:02 dinoex Exp $
d9 1
a9 1
PORTVERSION=	2.9p2
d25 1
a25 1
CONFIGURE_ARGS?=	--prefix=${PREFIX}
@


1.6
log
@Fix package building, slogin and its manpage is an link
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh-portable/Makefile,v 1.5 2001/08/01 10:56:24 dinoex Exp $
d9 1
a9 2
PORTVERSION=	2.9p1
PORTREVISION=	3
@


1.5
log
@- slogin and manpage added to package, bumped PORTREVISION
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh-portable/Makefile,v 1.4 2001/06/10 20:08:31 dwcjr Exp $
d19 2
a20 1
MAN1=	sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1 slogin.1
@


1.4
log
@Fix FreeBSD specific patch, exit now if change of password fails.

Submitted by:	Udo.Schweigert@@cert.siemens.de
Reviewed by:	dinoex,will
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh-portable/Makefile,v 1.3 2001/06/09 08:22:15 dinoex Exp $
d10 1
a10 1
PORTREVISION=	2
d19 1
a19 1
MAN1=	sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1
@


1.3
log
@- Switch to the user's uid before attempting to unlink the auth forwarding
  file, nullifying the effects of a race.
- Bump PORTREVISION

Submitted by:	green@@FreeBSD.org
Approved by:	dwcjr@@inethouston.net
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh-portable/Makefile,v 1.2 2001/06/08 19:17:55 dwcjr Exp $
d10 1
a10 1
PORTREVISION=	1
@


1.2
log
@Update maintainer email

Reviewed by:	will
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh-portable/Makefile,v 1.1 2001/06/01 14:49:32 dinoex Exp $
d10 1
@


1.1
log
@New port:
OpenSSH portable, which has GNU-configure and more.
Diffs to OpenSSH-OPenBSD are huge.
So this is here a complete diffrent branch, no repro-copy
- Did a bit cleanup in the Makefile

Submitted by:	dwcjr@@inethouston.net
@
text
@d5 1
a5 1
# $FreeBSD: $
d16 1
a16 1
MAINTAINER= dwcjr@@inethouston.net
@

