head	1.136;
access;
symbols
	RELEASE_7_0_0:1.134
	RELEASE_6_3_0:1.134
	PRE_XORG_7:1.134
	RELEASE_4_EOL:1.133
	RELEASE_6_2_0:1.132
	RELEASE_6_1_0:1.130
	RELEASE_5_5_0:1.130
	RELEASE_6_0_0:1.130
	RELEASE_5_4_0:1.130
	RELEASE_4_11_0:1.130
	RELEASE_5_3_0:1.129
	RELEASE_4_10_0:1.129
	RELEASE_5_2_1:1.128
	RELEASE_5_2_0:1.128
	RELEASE_4_9_0:1.123
	RELEASE_5_1_0:1.117
	RELEASE_4_8_0:1.111
	RELEASE_5_0_0:1.110
	RELEASE_4_7_0:1.109
	RELEASE_4_6_2:1.93
	RELEASE_4_6_1:1.93
	RELEASE_4_6_0:1.93
	RELEASE_5_0_DP1:1.89
	RELEASE_4_5_0:1.79
	RELEASE_4_4_0:1.70
	RELEASE_4_3_0:1.62
	RELEASE_4_2_0:1.56
	RELEASE_4_1_1:1.54
	RELEASE_4_1_0:1.53
	RELEASE_3_5_0:1.52
	RELEASE_4_0_0:1.47
	RELEASE_3_4_0:1.30
	openssh_1_2:1.1.1.1
	OPENBSD:1.1.1;
locks; strict;
comment	@# @;


1.136
date	2008.03.05.04.25.41;	author tmclaugh;	state dead;
branches;
next	1.135;

1.135
date	2008.01.12.04.55.52;	author tmclaugh;	state Exp;
branches;
next	1.134;

1.134
date	2007.04.20.15.12.27;	author gabor;	state Exp;
branches;
next	1.133;

1.133
date	2006.12.22.08.03.27;	author miwi;	state Exp;
branches;
next	1.132;

1.132
date	2006.08.05.10.10.34;	author erwin;	state Exp;
branches;
next	1.131;

1.131
date	2006.06.09.21.54.02;	author pav;	state Exp;
branches;
next	1.130;

1.130
date	2004.10.14.05.25.50;	author dinoex;	state Exp;
branches;
next	1.129;

1.129
date	2004.03.26.19.56.41;	author dinoex;	state Exp;
branches;
next	1.128;

1.128
date	2003.10.13.04.05.54;	author dinoex;	state Exp;
branches;
next	1.127;

1.127
date	2003.10.12.11.53.31;	author dinoex;	state Exp;
branches;
next	1.126;

1.126
date	2003.10.03.20.55.14;	author nectar;	state Exp;
branches;
next	1.125;

1.125
date	2003.09.26.03.17.29;	author dinoex;	state Exp;
branches;
next	1.124;

1.124
date	2003.09.25.17.06.09;	author dinoex;	state Exp;
branches;
next	1.123;

1.123
date	2003.09.23.19.16.49;	author dinoex;	state Exp;
branches;
next	1.122;

1.122
date	2003.09.17.16.07.48;	author nectar;	state Exp;
branches;
next	1.121;

1.121
date	2003.09.17.12.03.12;	author dinoex;	state Exp;
branches;
next	1.120;

1.120
date	2003.09.16.12.43.09;	author nectar;	state Exp;
branches;
next	1.119;

1.119
date	2003.08.30.08.02.31;	author dinoex;	state Exp;
branches;
next	1.118;

1.118
date	2003.08.28.15.38.18;	author dinoex;	state Exp;
branches;
next	1.117;

1.117
date	2003.04.15.18.46.00;	author dinoex;	state Exp;
branches;
next	1.116;

1.116
date	2003.04.03.19.34.50;	author dinoex;	state Exp;
branches;
next	1.115;

1.115
date	2003.04.02.04.25.48;	author dinoex;	state Exp;
branches;
next	1.114;

1.114
date	2003.03.31.19.48.59;	author dinoex;	state Exp;
branches;
next	1.113;

1.113
date	2003.03.24.04.09.05;	author dinoex;	state Exp;
branches;
next	1.112;

1.112
date	2003.03.23.04.47.22;	author dinoex;	state Exp;
branches;
next	1.111;

1.111
date	2003.02.20.18.26.40;	author dinoex;	state Exp;
branches;
next	1.110;

1.110
date	2002.10.17.04.15.12;	author dinoex;	state Exp;
branches;
next	1.109;

1.109
date	2002.09.10.08.57.37;	author dinoex;	state Exp;
branches;
next	1.108;

1.108
date	2002.07.10.21.56.29;	author dinoex;	state Exp;
branches;
next	1.107;

1.107
date	2002.07.07.18.53.06;	author dinoex;	state Exp;
branches;
next	1.106;

1.106
date	2002.07.04.18.27.58;	author dinoex;	state Exp;
branches;
next	1.105;

1.105
date	2002.06.30.19.31.10;	author dinoex;	state Exp;
branches;
next	1.104;

1.104
date	2002.06.28.04.50.28;	author dinoex;	state Exp;
branches;
next	1.103;

1.103
date	2002.06.26.17.32.02;	author dinoex;	state Exp;
branches;
next	1.102;

1.102
date	2002.06.26.15.21.26;	author dinoex;	state Exp;
branches;
next	1.101;

1.101
date	2002.06.26.12.25.28;	author dinoex;	state Exp;
branches;
next	1.100;

1.100
date	2002.06.26.04.01.02;	author dinoex;	state Exp;
branches;
next	1.99;

1.99
date	2002.06.24.22.57.12;	author dinoex;	state Exp;
branches;
next	1.98;

1.98
date	2002.06.24.21.13.06;	author dinoex;	state Exp;
branches;
next	1.97;

1.97
date	2002.06.22.12.31.18;	author dinoex;	state Exp;
branches;
next	1.96;

1.96
date	2002.06.16.15.03.09;	author dinoex;	state Exp;
branches;
next	1.95;

1.95
date	2002.05.31.20.51.48;	author dinoex;	state Exp;
branches;
next	1.94;

1.94
date	2002.05.31.07.28.45;	author dinoex;	state Exp;
branches;
next	1.93;

1.93
date	2002.05.09.10.28.18;	author dinoex;	state Exp;
branches;
next	1.92;

1.92
date	2002.05.07.09.18.40;	author sobomax;	state Exp;
branches;
next	1.91;

1.91
date	2002.05.04.04.38.11;	author dinoex;	state Exp;
branches;
next	1.90;

1.90
date	2002.05.03.03.02.30;	author dinoex;	state Exp;
branches;
next	1.89;

1.89
date	2002.03.27.20.02.41;	author dinoex;	state Exp;
branches;
next	1.88;

1.88
date	2002.03.25.05.40.50;	author dinoex;	state Exp;
branches;
next	1.87;

1.87
date	2002.03.17.19.36.40;	author dinoex;	state Exp;
branches;
next	1.86;

1.86
date	2002.03.12.17.50.42;	author dinoex;	state Exp;
branches;
next	1.85;

1.85
date	2002.03.11.15.16.48;	author dinoex;	state Exp;
branches;
next	1.84;

1.84
date	2002.03.09.06.38.33;	author dinoex;	state Exp;
branches;
next	1.83;

1.83
date	2002.03.08.17.00.16;	author dinoex;	state Exp;
branches;
next	1.82;

1.82
date	2002.03.08.05.54.03;	author dinoex;	state Exp;
branches;
next	1.81;

1.81
date	2002.03.06.13.53.32;	author nectar;	state Exp;
branches;
next	1.80;

1.80
date	2002.01.28.07.31.04;	author dinoex;	state Exp;
branches;
next	1.79;

1.79
date	2001.12.02.06.52.40;	author dinoex;	state Exp;
branches;
next	1.78;

1.78
date	2001.12.01.20.20.28;	author dinoex;	state Exp;
branches;
next	1.77;

1.77
date	2001.12.01.20.12.14;	author dinoex;	state Exp;
branches;
next	1.76;

1.76
date	2001.11.18.15.28.27;	author dinoex;	state Exp;
branches;
next	1.75;

1.75
date	2001.11.18.15.25.29;	author dinoex;	state Exp;
branches;
next	1.74;

1.74
date	2001.11.18.08.42.55;	author dinoex;	state Exp;
branches;
next	1.73;

1.73
date	2001.11.07.13.47.48;	author dinoex;	state Exp;
branches;
next	1.72;

1.72
date	2001.10.24.07.16.42;	author dinoex;	state Exp;
branches;
next	1.71;

1.71
date	2001.10.03.13.15.12;	author dinoex;	state Exp;
branches;
next	1.70;

1.70
date	2001.06.25.06.28.44;	author dinoex;	state Exp;
branches;
next	1.69;

1.69
date	2001.06.24.04.28.48;	author dinoex;	state Exp;
branches;
next	1.68;

1.68
date	2001.06.12.07.49.52;	author dinoex;	state Exp;
branches;
next	1.67;

1.67
date	2001.06.11.20.14.15;	author dinoex;	state Exp;
branches;
next	1.66;

1.66
date	2001.06.10.20.01.49;	author dinoex;	state Exp;
branches;
next	1.65;

1.65
date	2001.06.10.11.15.04;	author dinoex;	state Exp;
branches;
next	1.64;

1.64
date	2001.06.09.04.59.00;	author dinoex;	state Exp;
branches;
next	1.63;

1.63
date	2001.06.08.08.03.22;	author dinoex;	state Exp;
branches;
next	1.62;

1.62
date	2001.04.02.10.28.59;	author mharo;	state Exp;
branches;
next	1.61;

1.61
date	2001.02.21.04.45.25;	author green;	state Exp;
branches;
next	1.60;

1.60
date	2001.02.12.08.06.55;	author kris;	state Exp;
branches;
next	1.59;

1.59
date	2001.02.09.22.45.16;	author kris;	state Exp;
branches;
next	1.58;

1.58
date	2001.02.09.22.37.49;	author kris;	state Exp;
branches;
next	1.57;

1.57
date	2001.02.09.04.58.24;	author kris;	state Exp;
branches;
next	1.56;

1.56
date	2000.11.04.23.04.20;	author green;	state Exp;
branches;
next	1.55;

1.55
date	2000.10.08.10.22.52;	author asami;	state Exp;
branches;
next	1.54;

1.54
date	2000.09.22.01.59.00;	author kris;	state Exp;
branches;
next	1.53;

1.53
date	2000.06.27.21.30.34;	author green;	state Exp;
branches;
next	1.52;

1.52
date	2000.06.02.03.18.41;	author will;	state Exp;
branches;
next	1.51;

1.51
date	2000.05.13.19.50.57;	author green;	state Exp;
branches;
next	1.50;

1.50
date	2000.05.13.17.10.55;	author green;	state Exp;
branches;
next	1.49;

1.49
date	2000.04.20.22.24.08;	author green;	state Exp;
branches;
next	1.48;

1.48
date	2000.04.09.18.30.06;	author cpiazza;	state Exp;
branches;
next	1.47;

1.47
date	2000.03.03.06.10.02;	author green;	state Exp;
branches;
next	1.46;

1.46
date	2000.03.02.06.42.59;	author brian;	state Exp;
branches;
next	1.45;

1.45
date	2000.02.16.04.52.59;	author green;	state Exp;
branches;
next	1.44;

1.44
date	2000.02.12.23.55.33;	author green;	state Exp;
branches;
next	1.43;

1.43
date	2000.02.10.12.23.49;	author green;	state Exp;
branches;
next	1.42;

1.42
date	2000.02.09.03.28.47;	author sumikawa;	state Exp;
branches;
next	1.41;

1.41
date	2000.02.01.17.04.02;	author sumikawa;	state Exp;
branches;
next	1.40;

1.40
date	2000.02.01.08.11.56;	author green;	state Exp;
branches;
next	1.39;

1.39
date	2000.01.27.21.19.20;	author green;	state Exp;
branches;
next	1.38;

1.38
date	2000.01.26.11.34.21;	author asami;	state Exp;
branches;
next	1.37;

1.37
date	2000.01.25.22.12.09;	author sumikawa;	state Exp;
branches;
next	1.36;

1.36
date	2000.01.19.02.53.21;	author green;	state Exp;
branches;
next	1.35;

1.35
date	2000.01.18.11.18.22;	author sumikawa;	state Exp;
branches;
next	1.34;

1.34
date	2000.01.15.23.17.13;	author green;	state Exp;
branches;
next	1.33;

1.33
date	2000.01.13.23.21.58;	author green;	state Exp;
branches;
next	1.32;

1.32
date	2000.01.07.16.40.13;	author asami;	state Exp;
branches;
next	1.31;

1.31
date	99.12.23.06.37.20;	author green;	state Exp;
branches;
next	1.30;

1.30
date	99.12.08.04.06.31;	author green;	state Exp;
branches;
next	1.29;

1.29
date	99.12.06.06.32.11;	author green;	state Exp;
branches;
next	1.28;

1.28
date	99.12.06.06.26.17;	author green;	state Exp;
branches;
next	1.27;

1.27
date	99.12.06.04.49.22;	author green;	state Exp;
branches;
next	1.26;

1.26
date	99.11.29.07.09.39;	author green;	state Exp;
branches;
next	1.25;

1.25
date	99.11.28.22.40.16;	author green;	state Exp;
branches;
next	1.24;

1.24
date	99.11.28.21.39.57;	author green;	state Exp;
branches;
next	1.23;

1.23
date	99.11.24.03.36.14;	author green;	state Exp;
branches;
next	1.22;

1.22
date	99.11.23.03.04.05;	author green;	state Exp;
branches;
next	1.21;

1.21
date	99.11.22.22.45.47;	author green;	state Exp;
branches;
next	1.20;

1.20
date	99.11.21.23.10.48;	author green;	state Exp;
branches;
next	1.19;

1.19
date	99.11.21.16.42.39;	author green;	state Exp;
branches;
next	1.18;

1.18
date	99.11.20.22.54.06;	author green;	state Exp;
branches;
next	1.17;

1.17
date	99.11.20.03.55.19;	author green;	state Exp;
branches;
next	1.16;

1.16
date	99.11.20.03.41.59;	author green;	state Exp;
branches;
next	1.15;

1.15
date	99.11.20.03.05.26;	author green;	state Exp;
branches;
next	1.14;

1.14
date	99.11.20.01.52.14;	author green;	state Exp;
branches;
next	1.13;

1.13
date	99.11.18.01.46.34;	author green;	state Exp;
branches;
next	1.12;

1.12
date	99.11.17.20.12.17;	author green;	state Exp;
branches;
next	1.11;

1.11
date	99.11.17.17.15.24;	author green;	state Exp;
branches;
next	1.10;

1.10
date	99.11.17.00.55.54;	author green;	state Exp;
branches;
next	1.9;

1.9
date	99.11.15.06.47.56;	author green;	state Exp;
branches;
next	1.8;

1.8
date	99.11.15.06.18.39;	author green;	state Exp;
branches;
next	1.7;

1.7
date	99.11.13.05.55.32;	author green;	state Exp;
branches;
next	1.6;

1.6
date	99.11.11.20.49.44;	author green;	state Exp;
branches;
next	1.5;

1.5
date	99.11.11.16.50.43;	author green;	state Exp;
branches;
next	1.4;

1.4
date	99.11.11.14.33.11;	author green;	state Exp;
branches;
next	1.3;

1.3
date	99.11.09.12.43.38;	author green;	state Exp;
branches;
next	1.2;

1.2
date	99.11.09.11.43.11;	author dirk;	state Exp;
branches;
next	1.1;

1.1
date	99.11.08.06.20.52;	author green;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	99.11.08.06.20.52;	author green;	state Exp;
branches;
next	;


desc
@@


1.136
log
@- expire port: Long out of date with multiple security issues.
  (Don't worry, openssh-portable is still there.)
@
text
@# New ports collection makefile for:	OpenSSH
# Date created:		7 October 1999
# Whom:			green
#
# $FreeBSD: ports/security/openssh/Makefile,v 1.135 2008/01/12 04:55:52 tmclaugh Exp $
#

PORTNAME=	openssh
PORTVERSION=	3.6.1
PORTREVISION=	6
CATEGORIES=	security ipv6
MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
		ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
		ftp://ftp1.se.openbsd.org/pub/OpenBSD/OpenSSH/
PKGNAMESUFFIX?=	${SKEY_SUFFIX}${PKGNAMESUFFIX2}
DISTNAME=	openssh-${PORTVERSION}
EXTRACT_SUFX=	.tgz

PATCH_SITES=	${MASTER_SITES}
PATCHFILES=	openbsd28_${PORTVERSION}.patch

MAINTAINER=	ports@@FreeBSD.org
COMMENT=	OpenBSD's secure shell client and server (remote login program)

DEPRECATED=	Long out of date with multiple security issues.
EXPIRATION_DATE=	2008-02-11

CONFLICTS?=	openssh-portable-* openssh-gssapi-* ssh-1.* ssh2-3.*
USE_OPENSSL=	yes
WRKSRC=		${WRKDIR}/ssh

USE_RC_SUBR=	sshd

OPTIONS=	AFS "With AFC Support" off \
		KERBEROS "With Kerberos Support" off \
		SKEY "With SKEY Support" off

MAN1=		scp.1 slogin.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 \
		ssh-keyscan.1 sftp.1
MAN5=		ssh_config.5 sshd_config.5
MAN8=		sshd.8 sftp-server.8 ssh-keysign.8
MANCOMPRESSED=	yes

MODIFY=		ssh.h sshd_config pathnames.h
FIXME=		lib/Makefile scp/Makefile sftp/Makefile sftp-server/Makefile \
		ssh/Makefile ssh-add/Makefile ssh-agent/Makefile \
		ssh-keygen/Makefile ssh-keyscan/Makefile sshd/Makefile
ADDME+=		auth-pam.c auth-pam.h auth2-pam.c
ADDLIB+=	strlcat.c strlcpy.c \
		getaddrinfo.c name6.c bindresvport.c rcmd.c getnameinfo.c
PRECIOUS=	ssh_config sshd_config \
		ssh_host_key ssh_host_key.pub \
		ssh_host_rsa_key ssh_host_rsa_key.pub \
		ssh_host_dsa_key ssh_host_dsa_key.pub
# PAM ist broken, use openssh-portable instead.
PAM=no

.include <bsd.port.pre.mk>

CRYPTOLIBS=	-L${OPENSSLLIB} -lcrypto
# Here, MANDIR is concetenated to DESTDIR which all forms the man install dir...
MAKE_ENV+=	LIBDATADIR=${PREFIX}/libdata MANDIR=${MANPREFIX}/man/man CRYPTOLIBS="${CRYPTOLIBS}"

.if !exists(/usr/include/tcpd.h)
MAKE_ENV+=	TCP_WRAPPERS=no
.endif

.ifdef(WITH_AFS)
MAKE_ENV+=	AFS=yes
.endif

.ifdef(WITH_KERBEROS)
MAKE_ENV+=	KERBEROS=yes
.endif

.if exists(/usr/include/security/pam_modules.h)
PAM?=		yes
.else
PAM=		no
.endif
MAKE_ENV+=	PAM=${PAM}

.ifdef(WITH_SKEY)
SKEY_SUFFIX=	-skey
MAKE_ENV+=	SKEY=yes
.endif

EMPTYDIR=	${PREFIX}/empty
ETCOLD=		${PREFIX}/etc
ETCSSH=		${PREFIX}/etc/ssh
PLIST_SUB+=	EMPTYDIR=${EMPTYDIR}

post-extract:
.for i in ${ADDLIB}
	@@${CP} ${FILESDIR}/${i} ${WRKSRC}/lib/
.endfor
.for i in ${ADDME}
	@@${CP} ${FILESDIR}/${i} ${WRKSRC}/
.endfor

post-patch:
.for i in scp sftp ssh ssh-add ssh-agent ssh-keygen ssh-keyscan
	@@${REINPLACE_CMD} "s|BINDIR=	/bin|BINDIR=	${PREFIX}/bin|" ${WRKSRC}/${i}/Makefile
.endfor
.for i in sftp-server ssh-keysign
	@@${REINPLACE_CMD} "s|BINDIR=	/libexec|BINDIR=	${PREFIX}/libexec|" ${WRKSRC}/${i}/Makefile
.endfor
	@@${REINPLACE_CMD} "s|BINDIR=	/sbin|BINDIR=	${PREFIX}/sbin|" ${WRKSRC}/sshd/Makefile
	@@${REINPLACE_CMD} "s|DATADIR=	/libdata/ssh|DATADIR=	${PREFIX}/libdata/ssh|" ${WRKSRC}/scard/Makefile

pre-configure:
.for i in ${MODIFY:S/pathnames.h//} ${MAN1:S/slogin.1//} ${MAN5} ${MAN8}
	@@${MV} ${WRKSRC}/${i} ${WRKSRC}/${i}.sed
	${SED} -e "s=/etc/ssh=${ETCSSH}/ssh=" \
		-e "s=/usr/libex=${PREFIX}/libex=" \
		-e 's:__PREFIX__:${PREFIX}:g' \
		${WRKSRC}/${i}.sed >${WRKSRC}/${i}
.endfor
.for i in pathnames.h
	@@${MV} ${WRKSRC}/${i} ${WRKSRC}/${i}.sed
	${SED} -e 's:__PREFIX__:${PREFIX}:g' \
		${WRKSRC}/${i}.sed >${WRKSRC}/${i}
.endfor

pre-install:
	-${MKDIR} ${EMPTYDIR}
	if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi
	if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \
		-h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi
	${MKDIR} ${PREFIX}/libdata/ssh
	-@@[ ! -d ${ETCSSH} ] && ${MKDIR} ${ETCSSH}
.for i in ${PRECIOUS}
	-@@[ -f ${ETCOLD}/${i} ] && [ ! -f ${ETCSSH}/${i} ] && \
		${ECHO_MSG} ">> Linking ${ETCSSH}/${i} from old layout." && \
		${LN} ${ETCOLD}/${i} ${ETCSSH}/${i}
.endfor

post-install:
.if !defined(BATCH)
.if !exists(${ETCSSH}/ssh_host_key) && !exists(${ETCOLD}/ssh_host_key)
	@@${ECHO_MSG} ">> Generating an RSA1 secret host key."
	${PREFIX}/bin/ssh-keygen -t rsa1 -N "" -f ${ETCSSH}/ssh_host_key
.endif
.if !exists(${ETCSSH}/ssh_host_rsa_key) && !exists(${ETCOLD}/ssh_host_rsa_key)
	@@${ECHO_MSG} ">> Generating a RSA secret host key."
	${PREFIX}/bin/ssh-keygen -t rsa -N "" -f ${ETCSSH}/ssh_host_rsa_key
.endif
.if !exists(${ETCSSH}/ssh_host_dsa_key) && !exists(${ETCOLD}/ssh_host_dsa_key)
	@@${ECHO_MSG} ">> Generating a DSA secret host key."
	${PREFIX}/bin/ssh-keygen -t dsa -N "" -f ${ETCSSH}/ssh_host_dsa_key
.endif
.endif
.if !exists(${ETCSSH}/moduli)
	@@${ECHO_MSG} ">> Installing moduli."
	${INSTALL_DATA} -c ${FILESDIR}/moduli ${ETCSSH}/moduli
.endif
	${INSTALL_DATA} -c ${WRKSRC}/ssh_config ${ETCSSH}/ssh_config-dist
	${INSTALL_DATA} -c ${WRKSRC}/sshd_config ${ETCSSH}/sshd_config-dist
.if !exists(${ETCSSH}/ssh_config) && !exists(${ETCSSH}/sshd_config) \
	&& !exists(${ETCOLD}/ssh_config) && !exists(${ETCOLD}/sshd_config)
	${INSTALL_DATA} -c ${WRKSRC}/ssh_config ${ETCSSH}/ssh_config
	${INSTALL_DATA} -c ${WRKSRC}/sshd_config ${ETCSSH}/sshd_config
.else
	@@${ECHO_MSG} ">> ${ETCSSH}/ssh{,d}_config exists, not being replaced!"
	@@${ECHO_MSG} ">> If this is left over from another version of SSH, you will"
	@@${ECHO_MSG} ">> need to update it to work with OpenSSH."
.endif
	@@${CAT} ${PKGMESSAGE}

.include <bsd.port.post.mk>
@


1.135
log
@- Mark DEPRECATED and set expirtation date for one month.
  Long out of date with multiple security issues.
@
text
@d5 1
a5 1
# $FreeBSD$
@


1.134
log
@- Remove FreeBSD 4.X support from unmaintained ports in categories starting
  with letter r-s
@
text
@d25 3
@


1.133
log
@- Add ipv6 category

PR:		ports/107052
Submitted by:	Janos Mohacsi <janos.mohacsi@@bsd.hu>
@
text
@a60 7
.if ${OSVERSION} < 400014
MAKE_ENV+=	COMPAT_GETADDRINFO=yes
ADDME+=		netdb.h
.else
MAKE_ENV+=	INET6FLAGS=-DINET6
.endif

a121 14
.if ${OSVERSION} < 430000
post-configure:
.for i in ${FIXME}
	@@${MV} ${WRKSRC}/${i} ${WRKSRC}/${i}.sed
	${SED} -e "s=KERBEROS[:]L=KERBEROS=" \
		-e "s=KERBEROS5[:]L=KERBEROS5=" \
		-e "s=AFS[:]L=AFS=" \
		-e "s=TCP_WRAPPERS[:]L=TCP_WRAPPERS=" \
		-e "s=SKEY[:]L=SKEY=" \
		-e "s=PAM[:]L=PAM=" \
		${WRKSRC}/${i}.sed >${WRKSRC}/${i}
.endfor
.endif

@


1.132
log
@Fix build after DESTDIR update.

Submitted by:	gabor
@
text
@d11 1
a11 1
CATEGORIES=	security
@


1.131
log
@- Convert to OPTIONS
- Switch to rc_subr script

PR:		ports/96625
Submitted by:	Peter Thoenen <peter.thoenen@@yahoo.com> <eol1@@yahoo.com>
@
text
@d59 1
a59 1
MAKE_ENV+=	DESTDIR=${PREFIX} MANDIR=/man/man CRYPTOLIBS="${CRYPTOLIBS}"
d105 10
@


1.130
log
@- add a line why this port exist
- drop maintainership
@
text
@d10 1
a10 1
PORTREVISION=	5
d29 6
d41 1
a41 1
MODIFY=		ssh.h sshd_config sshd.sh pathnames.h
d72 1
a72 1
.if defined(AFS) && ${AFS} == YES
d76 1
a76 1
.if defined(KERBEROS) && ${KERBEROS} == YES
d87 1
a87 1
.if defined(SKEY) && ${SKEY} == YES
a97 1
	@@${CP} ${FILESDIR}/sshd.sh ${WRKSRC}/
a164 1
	${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample
@


1.129
log
@- make PKGNAMESUFFIX more flexible
@
text
@d22 1
a22 1
MAINTAINER=	dinoex@@FreeBSD.org
@


1.128
log
@- fix spelling of gssapi
@
text
@d15 1
d82 1
@


1.127
log
@- add CONFLICTS
Submitted by:	eikemeier@@fillmore-labs.com
@
text
@d24 1
a24 1
CONFLICTS?=	openssh-portable-* openssh--gssapi-* ssh-1.* ssh2-3.*
@


1.126
log
@Bump PORTREVISION for PAM security fix committed on Sep 26.
@
text
@d24 1
@


1.125
log
@- Security Fix in PAM handling
Obtained from:  des
@
text
@d10 1
a10 1
PORTREVISION=	4
@


1.124
log
@- mark FORBIDDEN until fixes.
@
text
@a23 2
FORBIDDEN=	Security Problem with PAM

@


1.123
log
@- Security Fix obtained from OpenBSD
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/buffer.c.diff?r1=1.18&r2=1.19

Submitted by:	ash@@lab.poc.net
@
text
@d24 2
@


1.122
log
@Add Solar Designer's additional fixes to buffer management.
@
text
@d10 1
a10 1
PORTREVISION=	3
@


1.121
log
@- Securitry Fix revision 2
http://www.openssh.com/txt/buffer.adv
Approved by:	lioux (portmgr)
@
text
@d10 1
a10 1
PORTREVISION=	2
@


1.120
log
@Do not record expanded size before attempting to reallocate associated
memory.

Obtained from:	OpenBSD
@
text
@d10 1
a10 1
PORTREVISION=	1
@


1.119
log
@- strip MAKE_ENV, LDFLAGS is set in bsd.openssl.mk
@
text
@d10 1
@


1.118
log
@- use hook for bsd.openssl.mk
@
text
@a50 1
MAKE_ENV+=	LDFLAGS=${LDFLAGS}
@


1.117
log
@- honor any given LDFLAGS
@
text
@d23 3
d31 1
a47 2
.include "${PORTSDIR}/security/openssl/bsd.openssl.mk"

d52 1
d59 1
d63 1
d67 1
d71 1
d78 1
d82 1
a86 1
WRKSRC=		${WRKDIR}/ssh
@


1.116
log
@- use bsd.openssl.mk
@
text
@d49 1
@


1.115
log
@- Update to 3.6.1
@
text
@d44 1
a44 1
.include "${PORTSDIR}/security/openssl/Makefile.ssl"
@


1.114
log
@- Update to 3.6
This version does no longer compile on FreeBSD 2.2.8
@
text
@d9 1
a9 1
PORTVERSION=	3.6
@


1.113
log
@- merge patch from openssh-portable
  to initialize resolver libary before
  chroot to /var/empty if UsePrivilegeSeparation=yes
@
text
@d9 1
a9 2
PORTVERSION=	3.5
PORTREVISION=	1
@


1.112
log
@- use include more consistent
@
text
@d10 1
@


1.111
log
@- add COMMENT
@
text
@d44 1
a44 1
.include <${PORTSDIR}/security/openssl/Makefile.ssl>
@


1.110
log
@Update to 3.5
@
text
@d21 1
@


1.109
log
@Fix BATCH problem in CURRENT
@
text
@d9 1
a9 2
PORTVERSION=	3.4
PORTREVISION=	4
@


1.108
log
@display PKGMESSAGE on manual build too.
@
text
@d144 1
a144 1
.if !exists(${ETCSSH}/moduli)  && !exists(${ETCOLD}/moduli)
@


1.107
log
@FreeBSD specifc security fix for:
ChallengeResponseAuthentication yes
@
text
@d160 1
@


1.106
log
@'PermitRootLogin no' is the new default for the OpenSSH port.
This now matches the PermitRootLogin configuration of OpenSSH in
the base system.  Please be aware of this when upgrading your
OpenSSH port, and if truly necessary, re-enable remote root login
by readjusting this option in your sshd_config.

Users are encouraged to create single-purpose users with ssh keys
and very narrowly defined sudo privileges instead of using root
for automated tasks.
@
text
@d10 1
a10 1
PORTREVISION=	3
d88 1
a88 1
post-patch:
@


1.105
log
@give Enviroment from login.conf priority over all others,
problem found by drs@@rucus.ru.ac.za.
@
text
@d10 1
a10 1
PORTREVISION=	2
d39 1
@


1.104
log
@Defaults changed: (Gregory Sutter)
 ChallengeResponseAuthentication no
 UseLogin no

SSH_PRIVSEP_USER=sshd, distributioin patch set it to nobodyh. (Jan Srzednicki)

#undef USE_PIPES, problems with ppp over ssh. (Kugimoto Takeshi)

fix missing includes for "canohost.h"
@
text
@d10 1
a10 1
PORTREVISION=	1
@


1.103
log
@Update to openssh-3.4
Update to openssh-3.4p1
@
text
@d10 1
d32 1
a32 1
ADDME+=		netdb.h auth-pam.c auth-pam.h auth2-pam.c
d50 1
@


1.102
log
@Security FIX, Please update to this Version.

Options for both:
USE_OPENSSL_BASE=yes
	uses an older opensssl in the base system.

Options for portable:
OPENSSH_OVERWRITE_BASE=yes
	includes USE_OPENSSL_BASE=yes
	installls in the paths of the base system
@
text
@d9 1
a9 2
PORTVERSION=	3.3
PORTREVISION=	5
@


1.101
log
@Patch from current, noted by drs@@rucus.ru.ac.za:
environment variables in the 'setenv' field of login.conf are set now.
@
text
@d10 1
a10 1
PORTREVISION=	4
@


1.100
log
@Small cleanups for smoothlees migration to $PREFIX/etc/shh
@
text
@d10 1
a10 1
PORTREVISION=	3
@


1.99
log
@Enable privilege separation as default,
create user and home if it not exists.
@
text
@d10 1
a10 1
PORTREVISION=	2
d71 1
d74 1
d115 1
d118 1
a118 1
		-h - -d ${PREFIX}/empty -s /nonexistent -c "sshd privilege separation"; fi
d120 1
a120 2
	${MKDIR} ${PREFIX}/empty
	${MKDIR} ${ETCSSH}
d122 3
a124 4
.if exists(${PREFIX}/etc/${i})
	@@${ECHO_MSG} ">> Linking ${ETCSSH}/${i} from old layout."
	@@${LN} ${ETCOLD}/${i} ${ETCSSH}/${i}
.endif
@


1.98
log
@Merge PAM-changes from openssh currrent
Fix build with SKEY=yes, pr# 36119
Cleanup pw_expire handling.
Add missing includes
Changes defaults to: PermitRootLogin=no, UsePrivilegeSeparation=no
Use $PREFIX/etc/ssh for config, updating manpages too.
@
text
@d10 1
a10 1
PORTREVISION=	1
d32 3
d39 1
a75 1
	@@${CP} ${FILESDIR}/strlcat.c ${FILESDIR}/strlcpy.c ${WRKSRC}/lib/
d77 6
a82 6
.if ${OSVERSION} < 400014
	@@${CP} ${FILESDIR}/getaddrinfo.c  ${FILESDIR}/name6.c ${WRKSRC}/lib/
	@@${CP} ${FILESDIR}/bindresvport.c ${FILESDIR}/rcmd.c ${WRKSRC}/lib/
	@@${CP} ${FILESDIR}/getnameinfo.c ${WRKSRC}/lib/
	@@${CP} ${FILESDIR}/netdb.h ${WRKSRC}/
.endif
d107 1
d113 3
@


1.97
log
@Update to openssh-3.3
- New program ssh-keysign
- New manpages for ssh_config and sshd_config
- Merge Pathes to new files
- Fix GCC problem with unsupported __func__ in older Releases
@
text
@d10 1
d32 4
d67 2
d82 3
a84 2
	@@${MV} ${WRKSRC}/sshd_config ${WRKSRC}/sshd_config.sed
	${SED} -e "s=/etc/ssh=${PREFIX}/etc/ssh=" \
d86 4
a89 2
		${WRKSRC}/sshd_config.sed > ${WRKSRC}/sshd_config
.for i in ${MODIFY}
d91 2
a92 1
	${SED} -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/${i}.sed >${WRKSRC}/${i}
a93 3
	@@${PERL5} -pi -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h	\
		${WRKSRC}/sshd_config ${WRKSRC}/sshd.sh \
		${WRKSRC}/pathnames.h
d110 8
d121 1
a121 1
.if !exists(${PREFIX}/etc/ssh_host_key)
d123 1
a123 1
	${PREFIX}/bin/ssh-keygen -t rsa1 -N "" -f ${PREFIX}/etc/ssh_host_key
d125 1
a125 1
.if !exists(${PREFIX}/etc/ssh_host_rsa_key)
d127 1
a127 1
	${PREFIX}/bin/ssh-keygen -t rsa -N "" -f ${PREFIX}/etc/ssh_host_rsa_key
d129 1
a129 1
.if !exists(${PREFIX}/etc/ssh_host_dsa_key)
d131 1
a131 1
	${PREFIX}/bin/ssh-keygen -t dsa -N "" -f ${PREFIX}/etc/ssh_host_dsa_key
d134 1
a134 1
.if !exists(${PREFIX}/etc/moduli)
d136 1
a136 1
	${INSTALL_DATA} -c ${FILESDIR}/moduli ${PREFIX}/etc/moduli
d139 6
a144 5
	${INSTALL_DATA} -c ${WRKSRC}/ssh_config ${PREFIX}/etc/ssh_config-dist
	${INSTALL_DATA} -c ${WRKSRC}/sshd_config ${PREFIX}/etc/sshd_config-dist
.if !exists(${PREFIX}/etc/ssh_config) && !exists(${PREFIX}/etc/sshd_config)
	${INSTALL_DATA} -c ${WRKSRC}/ssh_config ${PREFIX}/etc/ssh_config
	${INSTALL_DATA} -c ${WRKSRC}/sshd_config ${PREFIX}/etc/sshd_config
d146 1
a146 1
	@@${ECHO_MSG} ">> ${PREFIX}/etc/ssh{,d}_config exists, not being replaced!"
@


1.96
log
@- Get rid of PERL and use SED
@
text
@d9 1
a9 2
PORTVERSION=	3.2.3
PORTREVISION=	1
d24 2
a25 1
MAN8=		sshd.8 sftp-server.8
@


1.95
log
@- get rid of duplicate code in Makefiles.
- Fix USE_OPENSSL_PORT and USE_OPENSSL_BASE
- drop obsolete/broken USE_OPENSSL
@
text
@d27 1
d75 8
a82 2
	@@${PERL5} -pi -e "s=/etc/ssh=${PREFIX}/etc/ssh=" ${WRKSRC}/sshd_config
	@@${PERL5} -pi -e "s=/usr/libex=${PREFIX}/libex=" ${WRKSRC}/sshd_config
d90 7
a96 5
	@@${PERL5} -pi -e "s=KERBEROS[:]L=KERBEROS=" ${WRKSRC}/${i}
	@@${PERL5} -pi -e "s=KERBEROS5[:]L=KERBEROS5=" ${WRKSRC}/${i}
	@@${PERL5} -pi -e "s=AFS[:]L=AFS=" ${WRKSRC}/${i}
	@@${PERL5} -pi -e "s=TCP_WRAPPERS[:]L=TCP_WRAPPERS=" ${WRKSRC}/${i}
	@@${PERL5} -pi -e "s=SKEY[:]L=SKEY=" ${WRKSRC}/${i}
@


1.94
log
@Update to OpenSSH 3.2.3

- patch openssh-3.1-adv.token.patch is now obsolete.
- remerged PAM changes form previous port
- declare CMSG_* macros.
- fixed bad type in function input_userauth_passwd_changereq

Update to OpenSSH-portable-3.2.3p1

- patch openssh-3.1p1-adv.token.patch is now obsolete
- keep previously declared CONFIGURE_ARGS
- remove openssh-mit-krb5-20020326.diff (should be in the distribution now)
- patch patch-readpassphrase.c is now in teh distribution
- merged previous patches.
- extend CONFIGURE_ARGS so it find OPENSSL again.
- new patches for GSSAPI, not fully tested.

If you have the patch applied:
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/36080

Builds with openssl-0.9.6d under:
2.2.8-RELEASE
3.2-RELEASE
4.2-RELEASE
4.6-RC
@
text
@d10 1
a22 2
USE_OPENSSL=	yes

d33 2
a34 9
.if ${OSVERSION} < 430000 || exists(${LOCALBASE}/lib/libcrypto.so.3)
OPENSSLBASE=	${LOCALBASE}
OPENSSLDIR=	${OPENSSLBASE}/openssl
LIB_DEPENDS+=	crypto.3:${PORTSDIR}/security/openssl
OPENSSLLIB=	${OPENSSLBASE}/lib
OPENSSLINC=	${OPENSSLBASE}/include
MAKE_ENV+=	OPENSSLLIB=${OPENSSLLIB} OPENSSLINC=${OPENSSLINC} \
		OPENSSLBASE=${OPENSSLBASE} OPENSSLDIR=${OPENSSLDIR}
.endif
@


1.93
log
@Use crypto.3 as dependeny.
To keep consistent with USE_SSL in bsd.port.mk
@
text
@d9 1
a9 2
PORTVERSION=	3.1
PORTREVISION=	7
d18 1
a18 1
PATCHFILES=	openbsd28_3.1.patch openssh-3.1-adv.token.patch
@


1.92
log
@Chase openssl shlib version increase.

Pointy hat to:	dinoex
@
text
@d38 1
a38 1
LIB_DEPENDS+=	ssl.3:${PORTSDIR}/security/openssl
@


1.91
log
@openssl:
- some configure scripts check the version of the lib
  so we need to update SHLIBVER
- bump PORTREVISION

openssh:
- build ports with local openssl, if it exists
@
text
@d38 1
a38 1
LIB_DEPENDS+=	crypto.3:${PORTSDIR}/security/openssl
@


1.90
log
@Security fix for token passing, see bugtraq for details.
- fetch and use openssh-3.1-adv.token.patch to build.
- bump PORTREVISION
@
text
@d35 2
a36 2
.if ${OSVERSION} < 430000
OPENSSLBASE=	/usr/local
d38 1
a38 1
LIB_DEPENDS+=   crypto.2:${PORTSDIR}/security/openssl
@


1.89
log
@Updated Patch on openBSD website,
patch openssh/files/patch-cipher.c is now obsolete.
@
text
@d10 1
a10 1
PORTREVISION=	6
d19 1
a19 1
PATCHFILES=	openbsd28_3.1.patch
@


1.88
log
@Fix problem with auth_ttyok and ttyname
@
text
@d10 1
a10 1
PORTREVISION=	5
@


1.87
log
@Merge patches from -stable with USE_PAM and HAVE_LOGIN_CAP
Bump PORTREVISION

PR:		35904
@
text
@d10 1
a10 1
PORTREVISION=	4
@


1.86
log
@create ssh_config-dist and sshd_config-dist
make sure that package install and deinstall
don't temper existing configuration files.
install sshd.sh now as sample.

Package changed, but no need to update
if you have PORTREVISION=2
@
text
@d10 1
a10 1
PORTREVISION=	3
@


1.85
log
@Add etc/moduli if it does not exist already.
sshd complainied about it.
@
text
@d10 1
a10 1
PORTREVISION=	2
d122 3
a124 3
.if !exists(${PREFIX}/etc/rc.d/sshd.sh)
	@@${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/
.endif
d126 2
a127 2
	@@cd ${WRKSRC}; \
	${MAKE} DESTDIR=${PREFIX} distribution
@


1.84
log
@- Fix Problem with 3des chiper
- Patch from openssh-portable, which works fine.
- bump PORTREVISION
@
text
@d10 1
a10 1
PORTREVISION=	1
d117 4
@


1.83
log
@Pass option to generate rsa1 keys, which is now required.

PR:		35676
Submitted by:	sysadmin@@alexdupre.com
@
text
@d10 1
@


1.82
log
@Update to OpenSSH 3.1 OpennSSH-portable 3.1p1

- update patch-au,patch-session.c for password changes.
- patch-channel.c is now integrated

Excerpt from Changelog:

20020304
 - OpenBSD CVS Sync
   - deraadt@@cvs.openbsd.org 2002/02/26 18:52:32
     [sftp.1]
     Ic cannot have that many arguments; spotted by mouring@@etoh.eviladmin.org
   - mouring@@cvs.openbsd.org 2002/02/26 19:04:37
     [sftp.1]
     > Ic cannot have that many arguments; spotted by mouring@@etoh.eviladmin.org
     Last Ic on the first line should not have a space between it and the final
     comma.
   - deraadt@@cvs.openbsd.org 2002/02/26 19:06:43
     [sftp.1]
     no, look closely.  the comma was highlighted. split .Ic even more
   - stevesk@@cvs.openbsd.org 2002/02/26 20:03:51
     [misc.c]
     use socklen_t
   - stevesk@@cvs.openbsd.org 2002/02/27 21:23:13
     [canohost.c channels.c packet.c sshd.c]
     remove unneeded casts in [gs]etsockopt(); ok markus@@
   - markus@@cvs.openbsd.org 2002/02/28 15:46:33
     [authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c]
     add some const EVP_MD for openssl-0.9.7
   - stevesk@@cvs.openbsd.org 2002/02/28 19:36:28
     [auth.c match.c match.h]
     delay hostname lookup until we see a ``@@'' in DenyUsers and AllowUsers
     for sshd -u0; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/02/28 20:36:42
     [sshd.8]
     DenyUsers allows user@@host pattern also
   - stevesk@@cvs.openbsd.org 2002/02/28 20:46:10
     [sshd.8]
     -u0 DNS for user@@host
   - stevesk@@cvs.openbsd.org 2002/02/28 20:56:00
     [auth.c]
     log user not allowed details, from dwd@@bell-labs.com; ok markus@@
   - markus@@cvs.openbsd.org 2002/03/01 13:12:10
     [auth.c match.c match.h]
     undo the 'delay hostname lookup' change
     match.c must not use compress.c (via canonhost.c/packet.c)
     thanks to wilfried@@
   - markus@@cvs.openbsd.org 2002/03/04 12:43:06
     [auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
   - markus@@cvs.openbsd.org 2002/03/04 13:10:46
     [misc.c]
     error-> debug, because O_NONBLOCK for /dev/null causes too many different
     errnos; ok stevesk@@, deraadt@@
     unused include
   - stevesk@@cvs.openbsd.org 2002/03/04 17:27:39
     [auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
      channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
      groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
      servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
      uuencode.c xmalloc.h]
     $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
     missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
     files.  ok markus@@
   - stevesk@@cvs.openbsd.org 2002/03/04 18:30:23
     [ssh-keyscan.c]
     handle connection close during read of protocol version string.
     fixes erroneous "bad greeting".  ok markus@@
   - markus@@cvs.openbsd.org 2002/03/04 19:37:58
     [channels.c]
     off by one; thanks to joost@@pine.nl
20020226
 - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests
   based on patch by mooney@@dogbert.cc.ndsu.nodak.edu (Tim Mooney)
   Bug 45 [configure.ac] modify skey test to work around conflict with autoconf
   reported by nolan@@naic.edu (Michael Nolan)
   patch by  Pekka Savola <pekkas@@netcore.fi>
   Bug 74 [configure.ac defines.h] add sig_atomic_t test
   reported by dwd@@bell-labs.com (Dave Dykstra)
   Bug 102 [defines.h] UNICOS fixes. patch by wendyp@@cray.com
   [configure.ac Makefile.in] link libwrap only with sshd
   based on patch by Maciej W. Rozycki <macro@@ds2.pg.gda.pl>
   Bug 123 link libpam only with sshd
   reported by peak@@argo.troja.mff.cuni.cz (Pavel Kankovsky)
   [configure.ac defines.h] modify previous SCO3 fix to not break Solaris 7
   [acconfig.h] remove unused HAVE_REGCOMP
   [configure.ac] put back in search for prngd-socket
 - (stevesk) openbsd-compat/base64.h: typo in comment
 - (bal) OpenBSD CVS Sync
   - markus@@cvs.openbsd.org 2002/02/15 23:54:10
     [auth-krb5.c]
     krb5_get_err_text() does not like context==NULL; he@@nordu.net via google;
     ok provos@@
   - markus@@cvs.openbsd.org 2002/02/22 12:20:34
     [log.c log.h ssh-keyscan.c]
     overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@@
   - markus@@cvs.openbsd.org 2002/02/23 17:59:02
     [kex.c kexdh.c kexgex.c]
     don't allow garbage after payload.
   - stevesk@@cvs.openbsd.org 2002/02/24 16:09:52
     [sshd.c]
     use u_char* here; ok markus@@
   - markus@@cvs.openbsd.org 2002/02/24 16:57:19
     [sftp-client.c]
     early close(), missing free; ok stevesk@@
   - markus@@cvs.openbsd.org 2002/02/24 16:58:32
     [packet.c]
     make 'cp' unsigned and merge with 'ucp'; ok stevesk@@
   - markus@@cvs.openbsd.org 2002/02/24 18:31:09
     [uuencode.c]
     typo in comment
   - markus@@cvs.openbsd.org 2002/02/24 19:14:59
     [auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
      ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
     signed vs. unsigned: make size arguments u_int, ok stevesk@@
   - stevesk@@cvs.openbsd.org 2002/02/24 19:59:42
     [channels.c misc.c]
     disable Nagle in connect_to() and channel_post_port_listener() (port
     forwarding endpoints).  the intention is to preserve the on-the-wire
     appearance to applications at either end; the applications can then
     enable TCP_NODELAY according to their requirements. ok markus@@
   - markus@@cvs.openbsd.org 2002/02/25 16:33:27
     [ssh-keygen.c sshconnect2.c uuencode.c uuencode.h]
     more u_* fixes
 - (bal) Imported missing fatal.c and fixed up Makefile.in
 - (tim) [configure.ac] correction to Bug 123 fix
     [configure.ac] correction to sig_atomic_t test

20020224
 - (tim) [loginrec.c session.c sshlogin.c sshlogin.h] Bug 84
   patch by wknox@@mitre.org (William Knox).
   [sshlogin.h] declare record_utmp_only for session.c

20020219
 - (djm) OpenBSD CVS Sync
   - mpech@@cvs.openbsd.org 2002/02/13 08:33:47
     [ssh-keyscan.1]
     When you give command examples and etc., in a manual page prefix them with:     $ command
     or
     # command
   - markus@@cvs.openbsd.org 2002/02/14 23:27:59
     [channels.c]
     increase the SSH v2 window size to 4 packets. comsumes a little
     bit more memory for slow receivers but increases througput.
   - markus@@cvs.openbsd.org 2002/02/14 23:28:00
     [channels.h session.c ssh.c]
     increase the SSH v2 window size to 4 packets. comsumes a little
     bit more memory for slow receivers but increases througput.
   - markus@@cvs.openbsd.org 2002/02/14 23:41:01
     [authfile.c cipher.c cipher.h kex.c kex.h packet.c]
     hide some more implementation details of cipher.[ch] and prepares for move
     to EVP, ok deraadt@@
   - stevesk@@cvs.openbsd.org 2002/02/16 14:53:37
     [ssh-keygen.1]
     -t required now for key generation
   - stevesk@@cvs.openbsd.org 2002/02/16 20:40:08
     [ssh-keygen.c]
     default to rsa keyfile path for non key generation operations where
     keyfile not specified.  fixes core dump in those cases.  ok markus@@
   - millert@@cvs.openbsd.org 2002/02/16 21:27:53
     [auth.h]
     Part one of userland __P removal.  Done with a simple regexp with
     some minor hand editing to make comments line up correctly.  Another
     pass is forthcoming that handles the cases that could not be done
     automatically.
   - millert@@cvs.openbsd.org 2002/02/17 19:42:32
     [auth.h]
     Manual cleanup of remaining userland __P use (excluding packages
     maintained outside the tree)
   - markus@@cvs.openbsd.org 2002/02/18 13:05:32
     [cipher.c cipher.h]
     switch to EVP, ok djm@@ deraadt@@
   - markus@@cvs.openbsd.org 2002/02/18 17:55:20
     [ssh.1]
     -q: Fatal errors are _not_ displayed.
   - deraadt@@cvs.openbsd.org 2002/02/19 02:50:59
     [sshd_config]
     stategy is not an english word
 - (bal) OpenBSD CVS Sync
   - markus@@cvs.openbsd.org 2002/02/15 23:11:26
     [session.c]
     split do_child(), ok mouring@@
   - markus@@cvs.openbsd.org 2002/02/16 00:51:44
     [session.c]
     typo

20020218
 - (tim) newer config.guess from ftp://ftp.gnu.org/gnu/config/config.guess

20020213
 - (djm) Bug #114 - not starting PAM for SSH protocol 1 invalid users

20020213
 - (djm) OpenBSD CVS Sync
   - markus@@cvs.openbsd.org 2002/02/11 16:10:15
     [kex.c]
     restore kexinit handler if we reset the dispatcher, this unbreaks
     rekeying s/kex_clear_dispatch/kex_reset_dispatch/
   - markus@@cvs.openbsd.org 2002/02/11 16:15:46
     [sshconnect1.c]
     include md5.h, not evp.h
   - markus@@cvs.openbsd.org 2002/02/11 16:17:55
     [sshd.c]
     do not complain about port > 1024 if rhosts-auth is disabled
   - markus@@cvs.openbsd.org 2002/02/11 16:19:39
     [sshd.c]
     include md5.h not hmac.h
   - markus@@cvs.openbsd.org 2002/02/11 16:21:42
     [match.c]
     support up to 40 algorithms per proposal
   - djm@@cvs.openbsd.org 2002/02/12 12:32:27
     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
     Perform multiple overlapping read/write requests in file transfer. Mostly
     done by Tobias Ringstrom <tori@@ringstrom.mine.nu>; ok markus@@
   - djm@@cvs.openbsd.org 2002/02/12 12:44:46
     [sftp-client.c]
     Let overlapped upload path handle servers which reorder ACKs. This may be
     permitted by the protocol spec; ok markus@@
   - markus@@cvs.openbsd.org 2002/02/13 00:28:13
     [sftp-server.c]
     handle SSH2_FILEXFER_ATTR_SIZE in SSH2_FXP_(F)SETSTAT; ok djm@@
   - markus@@cvs.openbsd.org 2002/02/13 00:39:15
     [readpass.c]
     readpass.c is not longer from UCB, since we now use readpassphrase(3)
   - djm@@cvs.openbsd.org 2002/02/13 00:59:23
     [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp.h]
     [sftp-int.c sftp-int.h]
     API cleanup and backwards compat for filexfer v.0 servers; ok markus@@
 - (djm) Sync openbsd-compat with OpenBSD CVS too
 - (djm) Bug #106: Add --without-rpath configure option. Patch from
   Nicolas.Williams@@ubsw.com

20020210
 - (djm) OpenBSD CVS Sync
   - deraadt@@cvs.openbsd.org 2002/02/09 17:37:34
     [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
     move ssh config files to /etc/ssh
 - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
   - deraadt@@cvs.openbsd.org 2002/02/10 01:07:05
     [readconf.h sshd.8]
     more /etc/ssh; openbsd@@davidkrause.com

20020208
 - (djm) OpenBSD CVS Sync
   - markus@@cvs.openbsd.org 2002/02/04 12:15:25
     [sshd.c]
     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
     fixes arm/netbsd; based on patch from bjh21@@netbsd.org; ok djm@@
   - stevesk@@cvs.openbsd.org 2002/02/04 20:41:16
     [ssh-agent.1]
     more sync for default ssh-add identities; ok markus@@
   - djm@@cvs.openbsd.org 2002/02/05 00:00:46
     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
     Add "-B" option to specify copy buffer length (default 32k); ok markus@@
   - markus@@cvs.openbsd.org 2002/02/05 14:32:55
     [channels.c channels.h ssh.c]
     merge channel_request() into channel_request_start()
   - markus@@cvs.openbsd.org 2002/02/06 14:22:42
     [sftp.1]
     sort options; ok mpech@@, stevesk@@
   - mpech@@cvs.openbsd.org 2002/02/06 14:27:23
     [sftp.c]
     sync usage() with manual.
   - markus@@cvs.openbsd.org 2002/02/06 14:37:22
     [session.c]
     minor KNF
   - markus@@cvs.openbsd.org 2002/02/06 14:55:16
     [channels.c clientloop.c serverloop.c ssh.c]
     channel_new never returns NULL, mouring@@; ok djm@@
   - markus@@cvs.openbsd.org 2002/02/07 09:35:39
     [ssh.c]
     remove bogus comments

20020205
 - (djm) Cleanup after sync:
   - :%s/reverse_mapping_check/verify_reverse_mapping/g
 - (djm) OpenBSD CVS Sync
   - stevesk@@cvs.openbsd.org 2002/01/24 21:09:25
     [channels.c misc.c misc.h packet.c]
     add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning).
     no nagle changes just yet; ok djm@@ markus@@
   - stevesk@@cvs.openbsd.org 2002/01/24 21:13:23
     [packet.c]
     need misc.h for set_nodelay()
   - markus@@cvs.openbsd.org 2002/01/25 21:00:24
     [sshconnect2.c]
     unused include
   - markus@@cvs.openbsd.org 2002/01/25 21:42:11
     [ssh-dss.c ssh-rsa.c]
     use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@@
     don't use evp_md->md_size, it's not public.
   - markus@@cvs.openbsd.org 2002/01/25 22:07:40
     [kex.c kexdh.c kexgex.c key.c mac.c]
     use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@@
   - stevesk@@cvs.openbsd.org 2002/01/26 16:44:22
     [includes.h session.c]
     revert code to add x11 localhost display authorization entry for
     hostname/unix:d and uts.nodename/unix:d if nodename was different than
     hostname.  just add entry for unix:d instead.  ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/27 14:57:46
     [channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
     add X11UseLocalhost; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/27 18:08:17
     [ssh.c]
     handle simple case to identify FamilyLocal display; ok markus@@
   - markus@@cvs.openbsd.org 2002/01/29 14:27:57
     [ssh-add.c]
     exit 2 if no agent, exit 1 if list fails; debian#61078; ok djm@@
   - markus@@cvs.openbsd.org 2002/01/29 14:32:03
     [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c]
     [servconf.c servconf.h session.c sshd.8 sshd_config]
     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion;
     ok stevesk@@
   - stevesk@@cvs.openbsd.org 2002/01/29 16:29:02
     [session.c]
     limit subsystem length in log; ok markus@@
   - markus@@cvs.openbsd.org 2002/01/29 16:41:19
     [ssh-add.1]
     add DIAGNOSTICS; ok stevesk@@
   - markus@@cvs.openbsd.org 2002/01/29 22:46:41
     [session.c]
     don't depend on servconf.c; ok djm@@
   - markus@@cvs.openbsd.org 2002/01/29 23:50:37
     [scp.1 ssh.1]
     mention exit status; ok stevesk@@
   - markus@@cvs.openbsd.org 2002/01/31 13:35:11
     [kexdh.c kexgex.c]
     cross check announced key type and type from key blob
   - markus@@cvs.openbsd.org 2002/01/31 15:00:05
     [serverloop.c]
     no need for WNOHANG; ok stevesk@@
   - markus@@cvs.openbsd.org 2002/02/03 17:53:25
     [auth1.c serverloop.c session.c session.h]
     don't use channel_input_channel_request and callback
     use new server_input_channel_req() instead:
     	server_input_channel_req does generic request parsing on server side
     	session_input_channel_req handles just session specific things now
     ok djm@@
   - markus@@cvs.openbsd.org 2002/02/03 17:55:55
     [channels.c channels.h]
     remove unused channel_input_channel_request
   - markus@@cvs.openbsd.org 2002/02/03 17:58:21
     [channels.c channels.h ssh.c]
     generic callbacks are not really used, remove and
     add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
     ok djm@@
   - markus@@cvs.openbsd.org 2002/02/03 17:59:23
     [sshconnect2.c]
     more cross checking if announced vs. used key type; ok stevesk@@
   - stevesk@@cvs.openbsd.org 2002/02/03 22:35:57
     [ssh.1 sshd.8]
     some KeepAlive cleanup/clarify; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/02/03 23:22:59
     [ssh-agent.1]
     ssh-add also adds $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa now.
   - stevesk@@cvs.openbsd.org 2002/02/04 00:53:39
     [ssh-agent.c]
     unneeded includes
   - markus@@cvs.openbsd.org 2002/02/04 11:58:10
     [auth2.c]
     cross checking of announced vs actual pktype in pubkey/hostbaed auth;
     ok stevesk@@
   - markus@@cvs.openbsd.org 2002/02/04 12:15:25
     [log.c log.h readconf.c servconf.c]
     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
     fixes arm/netbsd; based on patch from bjh21@@netbsd.org; ok djm@@
   - stevesk@@cvs.openbsd.org 2002/02/04 20:41:16
     [ssh-add.1]
     more sync for default ssh-add identities; ok markus@@
   - djm@@cvs.openbsd.org 2002/02/04 21:53:12
     [sftp.1 sftp.c]
     Add "-P" option to directly connect to a local sftp-server. Should be
     useful for regression testing; ok markus@@
   - djm@@cvs.openbsd.org 2002/02/05 00:00:46
     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
     Add "-B" option to specify copy buffer length (default 32k); ok markus@@

20020130
 - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@@
 - (tim) [configure.ac] fix logic on when ssh-rand-helper is installed.
   [sshd_config] put back in line that tells what PATH was compiled into sshd.

20020125
 - (djm) Don't grab Xserver or pointer by default. x11-ssh-askpass doesn't
   and grabbing can cause deadlocks with kinput2.

20020124
 - (stevesk) Makefile.in: bug #61; delete commented line for now.

20020123
 - (djm) Fix non-standard shell syntax in autoconf. Patch from
   Dave Dykstra <dwd@@bell-labs.com>
 - (stevesk) fix --with-zlib=
 - (djm) Use case statements in autoconf to clean up some tests

20020122
 - (djm) autoconf hacking:
   - We don't support --without-zlib currently, so don't allow it.
   - Rework cryptographic random number support detection. We now detect
     whether OpenSSL seeds itself. If it does, then we don't bother with
     the ssh-rand-helper program. You can force the use of ssh-rand-helper
     using the --with-rand-helper configure argument
   - Simplify and clean up ssh-rand-helper configuration
   - Add OpenSSL sanity check: verify that header version matches version
     reported by library
 - (djm) Fix some bugs I introduced into ssh-rand-helper yesterday
 - OpenBSD CVS Sync
   - djm@@cvs.openbsd.org 2001/12/21 08:52:22
     [ssh-keygen.1 ssh-keygen.c]
     Remove default (rsa1) key type; ok markus@@
   - djm@@cvs.openbsd.org 2001/12/21 08:53:45
     [readpass.c]
     Avoid interruptable passphrase read; ok markus@@
   - djm@@cvs.openbsd.org 2001/12/21 10:06:43
     [ssh-add.1 ssh-add.c]
     Try all standard key files (id_rsa, id_dsa, identity) when invoked with
     no arguments; ok markus@@
   - markus@@cvs.openbsd.org 2001/12/21 12:17:33
     [serverloop.c]
     remove ifdef for USE_PIPES since fdin != fdout; ok djm@@
   - deraadt@@cvs.openbsd.org 2001/12/24 07:29:43
     [ssh-add.c]
     try all listed keys.. how did this get broken?
   - markus@@cvs.openbsd.org 2001/12/25 18:49:56
     [key.c]
     be more careful on allocation
   - markus@@cvs.openbsd.org 2001/12/25 18:53:00
     [auth1.c]
     be more carefull on allocation
   - markus@@cvs.openbsd.org 2001/12/27 18:10:29
     [ssh-keygen.c]
     -t is only needed for key generation (unbreaks -i, -e, etc).
   - markus@@cvs.openbsd.org 2001/12/27 18:22:16
     [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c]
     [scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
     call fatal() for openssl allocation failures
   - stevesk@@cvs.openbsd.org 2001/12/27 18:22:53
     [sshd.8]
     clarify -p; ok markus@@
   - markus@@cvs.openbsd.org 2001/12/27 18:26:13
     [authfile.c]
     missing include
   - markus@@cvs.openbsd.org 2001/12/27 19:37:23
     [dh.c kexdh.c kexgex.c]
     always use BN_clear_free instead of BN_free
   - markus@@cvs.openbsd.org 2001/12/27 19:54:53
     [auth1.c auth.h auth-rh-rsa.c]
     auth_rhosts_rsa now accept generic keys.
   - markus@@cvs.openbsd.org 2001/12/27 20:39:58
     [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h]
     [serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
     get rid of packet_integrity_check, use packet_done() instead.
   - markus@@cvs.openbsd.org 2001/12/28 12:14:27
     [auth1.c auth2.c auth2-chall.c auth-rsa.c channels.c clientloop.c]
     [kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c]
     [ssh.c sshconnect1.c sshconnect2.c sshd.c]
     s/packet_done/packet_check_eom/ (end-of-message); ok djm@@
   - markus@@cvs.openbsd.org 2001/12/28 13:57:33
     [auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
     packet_get_bignum* no longer returns a size
   - markus@@cvs.openbsd.org 2001/12/28 14:13:13
     [bufaux.c bufaux.h packet.c]
     buffer_get_bignum: int -> void
   - markus@@cvs.openbsd.org 2001/12/28 14:50:54
     [auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c]
     [packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c]
     [sshconnect2.c sshd.c]
     packet_read* no longer return the packet length, since it's not used.
   - markus@@cvs.openbsd.org 2001/12/28 15:06:00
     [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
     [dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
     remove plen from the dispatch fn. it's no longer used.
   - stevesk@@cvs.openbsd.org 2001/12/28 22:37:48
     [ssh.1 sshd.8]
     document LogLevel DEBUG[123]; ok markus@@
   - stevesk@@cvs.openbsd.org 2001/12/29 21:56:01
     [authfile.c channels.c compress.c packet.c sftp-server.c]
     [ssh-agent.c ssh-keygen.c]
     remove unneeded casts and some char->u_char cleanup; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/03 04:11:08
     [ssh_config]
     grammar in comment
   - stevesk@@cvs.openbsd.org 2002/01/04 17:59:17
     [readconf.c servconf.c]
     remove #ifdef _PATH_XAUTH/#endif; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/04 18:14:16
     [servconf.c sshd.8]
     protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
     /etc/ssh_host_dsa_key like we have in sshd_config.  ok markus@@
   - markus@@cvs.openbsd.org 2002/01/05 10:43:40
     [channels.c]
     fix hanging x11 channels for rejected cookies (e.g.
     XAUTHORITY=/dev/null xbiff) bug #36, based on patch from
     djast@@cs.toronto.edu
   - stevesk@@cvs.openbsd.org 2002/01/05 21:51:56
     [ssh.1 sshd.8]
     some missing and misplaced periods
   - markus@@cvs.openbsd.org 2002/01/09 13:49:27
     [ssh-keygen.c]
     append \n only for public keys
   - markus@@cvs.openbsd.org 2002/01/09 17:16:00
     [channels.c]
     merge channel_pre_open_15/channel_pre_open_20; ok provos@@
   - markus@@cvs.openbsd.org 2002/01/09 17:26:35
     [channels.c nchan.c]
     replace buffer_consume(b, buffer_len(b)) with buffer_clear(b);
     ok provos@@
   - markus@@cvs.openbsd.org 2002/01/10 11:13:29
     [serverloop.c]
     skip client_alive_check until there are channels; ok beck@@
   - markus@@cvs.openbsd.org 2002/01/10 11:24:04
     [clientloop.c]
     handle SSH2_MSG_GLOBAL_REQUEST (just reply with failure); ok djm@@
   - markus@@cvs.openbsd.org 2002/01/10 12:38:26
     [nchan.c]
     remove dead code (skip drain)
   - markus@@cvs.openbsd.org 2002/01/10 12:47:59
     [nchan.c]
     more unused code (with channels.c:1.156)
   - markus@@cvs.openbsd.org 2002/01/11 10:31:05
     [packet.c]
     handle received SSH2_MSG_UNIMPLEMENTED messages; ok djm@@
   - markus@@cvs.openbsd.org 2002/01/11 13:36:43
     [ssh2.h]
     add defines for msg type ranges
   - markus@@cvs.openbsd.org 2002/01/11 13:39:36
     [auth2.c dispatch.c dispatch.h kex.c]
     a single dispatch_protocol_error() that sends a message of
     type 'UNIMPLEMENTED'
     dispatch_range(): set handler for a ranges message types
     use dispatch_protocol_ignore() for authentication requests after
     successful authentication (the drafts requirement).
     serverloop/clientloop now send a 'UNIMPLEMENTED' message instead
     of exiting.
   - markus@@cvs.openbsd.org 2002/01/11 20:14:11
     [auth2-chall.c auth-skey.c]
     use strlcpy not strlcat; mouring@@
   - markus@@cvs.openbsd.org 2002/01/11 23:02:18
     [readpass.c]
     use _PATH_TTY
   - markus@@cvs.openbsd.org 2002/01/11 23:02:51
     [auth2-chall.c]
     use snprintf; mouring@@
   - markus@@cvs.openbsd.org 2002/01/11 23:26:30
     [auth-skey.c]
     use snprintf; mouring@@
   - markus@@cvs.openbsd.org 2002/01/12 13:10:29
     [auth-skey.c]
     undo local change
   - provos@@cvs.openbsd.org 2002/01/13 17:27:07
     [ssh-agent.c]
     change to use queue.h macros; okay markus@@
   - markus@@cvs.openbsd.org 2002/01/13 17:57:37
     [auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
     use buffer API and avoid static strings of fixed size;
     ok provos@@/mouring@@
   - markus@@cvs.openbsd.org 2002/01/13 21:31:20
     [channels.h nchan.c]
     add chan_set_[io]state(), order states, state is now an u_int,
     simplifies debugging messages; ok provos@@
   - markus@@cvs.openbsd.org 2002/01/14 13:22:35
     [nchan.c]
     chan_send_oclose1() no longer calls chan_shutdown_write(); ok provos@@
   - markus@@cvs.openbsd.org 2002/01/14 13:34:07
     [nchan.c]
     merge chan_[io]buf_empty[12]; ok provos@@
   - markus@@cvs.openbsd.org 2002/01/14 13:40:10
     [nchan.c]
     correct fn names for ssh2, do not switch from closed to closed;
     ok provos@@
   - markus@@cvs.openbsd.org 2002/01/14 13:41:13
     [nchan.c]
     remove duplicated code; ok provos@@
   - markus@@cvs.openbsd.org 2002/01/14 13:55:55
     [channels.c channels.h nchan.c]
     remove function pointers for events, remove chan_init*; ok provos@@
   - markus@@cvs.openbsd.org 2002/01/14 13:57:03
     [channels.h nchan.c]
     (c) 2002
   - markus@@cvs.openbsd.org 2002/01/16 13:17:51
     [channels.c channels.h serverloop.c ssh.c]
     wrapper for channel_setup_fwd_listener
   - stevesk@@cvs.openbsd.org 2002/01/16 17:40:23
     [sshd_config]
     The stategy now used for options in the default sshd_config shipped
     with OpenSSH is to specify options with their default value where
     possible, but leave them commented.  Uncommented options change a
     default value.  Subsystem is currently the only default option
     changed.  ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/16 17:42:33
     [ssh.1]
     correct defaults for -i/IdentityFile; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/16 17:55:33
     [ssh_config]
     correct some commented defaults.  add Ciphers default.  ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/17 04:27:37
     [log.c]
     casts to silence enum type warnings for bugzilla bug 37; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/18 17:14:16
     [sshd.8]
     correct Ciphers default; paola.mannaro@@ubs.com
   - stevesk@@cvs.openbsd.org 2002/01/18 18:14:17
     [authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c]
     unneeded cast cleanup; ok markus@@
   - stevesk@@cvs.openbsd.org 2002/01/18 20:46:34
     [sshd.8]
     clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from
     allard@@oceanpark.com; ok markus@@
   - markus@@cvs.openbsd.org 2002/01/21 15:13:51
     [sshconnect.c]
     use read_passphrase+ECHO in confirm(), allows use of ssh-askpass
     for hostkey confirm.
   - markus@@cvs.openbsd.org 2002/01/21 22:30:12
     [cipher.c compat.c myproposal.h]
     remove "rijndael-*", just use "aes-" since this how rijndael is called
     in the drafts; ok stevesk@@
   - markus@@cvs.openbsd.org 2002/01/21 23:27:10
     [channels.c nchan.c]
     cleanup channels faster if the are empty and we are in drain-state;
     ok deraadt@@
   - stevesk@@cvs.openbsd.org 2002/01/22 02:52:41
     [servconf.c]
     typo in error message; from djast@@cs.toronto.edu
 - (djm) Make auth2-pam.c compile again after dispatch.h and packet.h
   changes
 - (djm) Recent Glibc includes an incompatible sys/queue.h. Treat it as
   bogus in configure
 - (djm) Use local sys/queue.h if necessary in ssh-agent.c

20020121
 - (djm) Rework ssh-rand-helper:
   - Reduce quantity of ifdef code, in preparation for ssh_rand_conf
   - Always seed from system calls, even when doing PRNGd seeding
   - Tidy and comment #define knobs
   - Remove unused facility for multiple runs through command list
   - KNF, cleanup, update copyright

20020114
 - (djm) Bug #50 - make autoconf entropy path checks more robust

20020108
 - (djm) Merge Cygwin copy_environment with do_pam_environment, removing
   fixed env var size limit in the process. Report from Corinna Vinschen
   <vinschen@@redhat.com>
 - (stevesk) defines.h: use "/var/spool/sockets/X11/%u" for HP-UX.  does
   not depend on transition links.  from Lutz Jaenicke.

20020106
 - (stevesk) defines.h: determine _PATH_UNIX_X; currently "/tmp/.X11-unix/X%u"
   for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u".

20020103
 - (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from
   Roger Cornelius <rac@@tenzing.org>
@
text
@d106 1
a106 1
	${PREFIX}/bin/ssh-keygen -N "" -f ${PREFIX}/etc/ssh_host_key
@


1.81
log
@Fix off-by-one error.

Obtained from:	OpenBSD

Bump PORTREVISION.
@
text
@d9 1
a9 2
PORTVERSION=	3.0.2
PORTREVISION=	1
d18 1
a18 1
PATCHFILES=	openbsd28_3.0.2.patch
a71 2
	@@${PERL5} -pi -e "s=/etc/ssh=${PREFIX}/etc/ssh=" ${WRKSRC}/sshd_config
	@@${PERL5} -pi -e "s=/usr/libex=${PREFIX}/libex=" ${WRKSRC}/sshd_config
d82 3
a84 1
	@@${PERL} -pi -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h	\
@


1.80
log
@Change some defines from "YES" to "yes"
See samples in the porters-handbook.
@
text
@d10 1
@


1.79
log
@- Udate to OpenSSH-3.0.2
- make batch-processing cleaner

20011202
 - (djm) Syn with OpenBSD OpenSSH-3.0.2
   - markus@@cvs.openbsd.org
     [session.c sshd.8 version.h]
     Don't allow authorized_keys specified environment variables when
     UseLogin in active
@
text
@d22 1
a22 1
USE_OPENSSL=	YES
@


1.78
log
@Use newer patch from OpenBSD ftp site, no relevant changes
(SKey is not set in this port)
@
text
@d9 1
a9 1
PORTVERSION=	3.0.1
d18 1
a18 1
PATCHFILES=	openbsd28_3.0.1.patch
@


1.77
log
@- generate now all 3 host keyes if they don't exists before
- save patchfile from openbsd, it has been removed.
@
text
@d17 2
a18 3
PATCH_SITES=	${MASTER_SITE_LOCAL}
PATCH_SITE_SUBDIR=dinoex
PATCHFILES=	openbsd2x_3.0.1.patch
@


1.76
log
@make portlint a bit happier
@
text
@d17 2
a18 1
PATCH_SITES=	${MASTER_SITES}
d106 1
a106 1
	@@${ECHO_MSG} ">> Generating an RSA secret host key."
d109 4
d115 1
a115 1
	${PREFIX}/bin/ssh-keygen -d -N "" -f ${PREFIX}/etc/ssh_host_dsa_key
@


1.75
log
@Supply DEAFULT for PATCH_SITES
@
text
@d15 2
a18 1
EXTRACT_SUFX=	.tgz
@


1.74
log
@Update to openssh-3.0.1 and openssh-portable-3.0.1p1

- now in protocol2:
Background ssh at logout when waiting for forwarded connection / X11 sessions
to terminate

disabled -DSKEY

from Changelog (not complete):

20011115
 - (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian
   <djast@@cs.toronto.edu> Fix from markus@@
 - (djm) Release 3.0.1p1

20011113
 - (djm) Fix early (and double) free of remote user when using Kerberos.
   Patch from Simon Wilkinson <simon@@sxw.org.uk>
 - (djm) AIX login{success,failed} changes. Move loginsuccess call to
   do_authenticated. Call loginfailed for protocol 2 failures > MAX like
   we do for protocol 1. Reports from Ralf Wenk <wera0003@@fh-karlsruhe.de>,
   K.Wolkersdorfer@@fz-juelich.de and others
 - (djm) OpenBSD CVS Sync
   - dugsong@@cvs.openbsd.org 2001/11/11 18:47:10
     [auth-krb5.c]
     fix krb5 authorization check. found by <jhawk@@MIT.EDU>. from
     art@@, deraadt@@ ok
   - markus@@cvs.openbsd.org  2001/11/12 11:17:07
     [servconf.c]
     enable authorized_keys2 again. tested by fries@@

20011112
 - OpenBSD CVS Sync
   - markus@@cvs.openbsd.org 2001/10/24 08:41:41
     [sshd.c]
     mention remote port in debug message
   - markus@@cvs.openbsd.org 2001/10/24 08:51:35
     [clientloop.c ssh.c]
     ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@@
   - markus@@cvs.openbsd.org 2001/10/24 19:57:40
     [clientloop.c]
     make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
   - markus@@cvs.openbsd.org 2001/10/25 21:14:32
     [ssh-keygen.1 ssh-keygen.c]
     better docu for fingerprinting, ok deraadt@@
   - markus@@cvs.openbsd.org 2001/10/29 19:27:15
     [sshconnect2.c]
     hostbased: check for client hostkey before building chost
   - markus@@cvs.openbsd.org 2001/11/07 16:03:17
     [packet.c packet.h sshconnect2.c]
     pad using the padding field from the ssh2 packet instead of sending
     extra ignore messages. tested against several other ssh servers.
   - markus@@cvs.openbsd.org 2001/11/07 21:40:21
     [ssh-rsa.c]
     ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported
   - markus@@cvs.openbsd.org 2001/11/07 22:10:28
     [ssh-dss.c ssh-rsa.c]
     missing free and sync dss/rsa code.
   - markus@@cvs.openbsd.org 2001/11/07 22:53:21
     [channels.h]
     crank c->path to 256 so they can hold a full hostname; dwd@@bell-labs.com
   - markus@@cvs.openbsd.org 2001/11/08 10:51:08
     [readpass.c]
     don't strdup too much data; from gotoh@@taiyo.co.jp; ok millert.
   - markus@@cvs.openbsd.org 2001/11/10 13:22:42
     [ssh-rsa.c]
     KNF (unexpand)
   - markus@@cvs.openbsd.org 2001/11/11 13:02:31
     [servconf.c]
     make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if
     AuthorizedKeysFile is specified.

20011109
 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
   if permit_empty_passwd == 0 so null password check cannot be bypassed.
   jayaraj@@amritapuri.com OpenBSD bug 2168
@
text
@d15 1
@


1.73
log
@Update to OpenSSH 3.0 and OpenSSH-portable 3.0p1
Extracted from Changelog (not complete):

20011012
   - markus@@cvs.openbsd.org 2001/10/10 22:18:47
     [channels.c channels.h clientloop.c nchan.c serverloop.c]
     [session.c session.h]
     try to keep channels open until an exit-status message is sent.
     don't kill the login shells if the shells stdin/out/err is closed.
     this should now work:
     ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
   - markus@@cvs.openbsd.org 2001/10/11 13:45:21
     [session.c]
     delay detach of session if a channel gets closed but the child is
     still alive.  however, release pty, since the fd's to the child are
     already closed.
   - markus@@cvs.openbsd.org 2001/10/11 15:24:00
     [clientloop.c]
     clear select masks if we return before calling select().

20011010
   - markus@@cvs.openbsd.org 2001/10/04 14:34:16
     [key.c]
     call OPENSSL_free() for memory allocated by openssl; from chombier@@mac.com
   - markus@@cvs.openbsd.org 2001/10/04 15:05:40
     [channels.c serverloop.c]
     comment out bogus conditions for selecting on connection_in
   - markus@@cvs.openbsd.org 2001/10/04 15:12:37
     [serverloop.c]
     client_alive_check cleanup
   - markus@@cvs.openbsd.org 2001/10/06 00:14:50
     [sshconnect.c]
     remove unused argument
   - markus@@cvs.openbsd.org 2001/10/06 00:36:42
     [session.c]
     fix typo in error message, sync with do_exec_nopty
   - markus@@cvs.openbsd.org 2001/10/06 11:18:19
     [sshconnect1.c sshconnect2.c sshconnect.c]
     unify hostkey check error messages, simplify prompt.
   - markus@@cvs.openbsd.org 2001/10/07 10:29:52
     [authfile.c]
     grammer; Matthew_Clarke@@mindlink.bc.ca
   - markus@@cvs.openbsd.org 2001/10/07 17:49:40
     [channels.c channels.h]
     avoid possible FD_ISSET overflow for channels established
     during channnel_after_select() (used for dynamic channels).
   - markus@@cvs.openbsd.org 2001/10/08 11:48:57
     [channels.c]
     better debug
   - markus@@cvs.openbsd.org 2001/10/08 16:15:47
     [sshconnect.c]
     use correct family for -b option
   - markus@@cvs.openbsd.org 2001/10/08 19:05:05
     [ssh.c sshconnect.c sshconnect.h ssh-keyscan.c]
     some more IPv4or6 cleanup
   - markus@@cvs.openbsd.org 2001/10/09 10:12:08
     [session.c]
     chdir $HOME after krb_afslog(); from bbense@@networking.stanford.edu
   - markus@@cvs.openbsd.org 2001/10/09 19:32:49
     [session.c]
     stat subsystem command before calling do_exec, and return error to client.
   - markus@@cvs.openbsd.org 2001/10/09 19:51:18
     [serverloop.c]
     close all channels if the connection to the remote host has been closed,
     should fix sshd's hanging with WCHAN==wait
   - markus@@cvs.openbsd.org 2001/10/09 21:59:41
     [channels.c channels.h serverloop.c session.c session.h]
     simplify session close: no more delayed session_close, no more
     blocking wait() calls.
 - (bal) seed_init() and seed_rng() required in ssh-keyscan.c

20011003
   - markus@@cvs.openbsd.org 2001/09/27 11:58:16
     [compress.c]
     mem leak; chombier@@mac.com
   - markus@@cvs.openbsd.org 2001/09/27 11:59:37
     [packet.c]
     missing called=1; chombier@@mac.com
   - markus@@cvs.openbsd.org 2001/09/27 15:31:17
     [auth2.c auth2-chall.c sshconnect1.c]
     typos; from solar
   - camield@@cvs.openbsd.org 2001/09/27 17:53:24
     [sshd.8]
     don't talk about compile-time options
     ok markus@@
   - djm@@cvs.openbsd.org 2001/09/28 12:07:09
     [ssh-keygen.c]
     bzero private key after loading to smartcard; ok markus@@
   - markus@@cvs.openbsd.org 2001/09/28 15:46:29
     [ssh.c]
     bug: read user config first; report kaukasoi@@elektroni.ee.tut.fi
   - markus@@cvs.openbsd.org 2001/10/01 08:06:28
     [scp.c]
     skip filenames containing \n; report jdamery@@chiark.greenend.org.uk
     and matthew@@debian.org
   - markus@@cvs.openbsd.org 2001/10/01 21:38:53
     [channels.c channels.h ssh.c sshd.c]
     remove ugliness; vp@@drexel.edu via angelos
   - markus@@cvs.openbsd.org 2001/10/01 21:51:16
     [readconf.c readconf.h ssh.1 sshconnect.c]
     add NoHostAuthenticationForLocalhost; note that the hostkey is
     now check for localhost, too.
   - djm@@cvs.openbsd.org 2001/10/02 08:38:50
     [ssh-add.c]
     return non-zero exit code on error; ok markus@@
   - stevesk@@cvs.openbsd.org 2001/10/02 22:56:09
     [sshd.c]
     #include "channels.h" for channel_set_af()
   - markus@@cvs.openbsd.org 2001/10/03 10:01:20
     [auth.c]
     use realpath() for homedir, too. from jinmei@@isl.rdc.toshiba.co.jp

20011001
 - (stevesk) loginrec.c: fix type conversion problems exposed when using
   64-bit off_t.

20010928
   - djm@@cvs.openbsd.org 2001/09/28 09:49:31
     [scard.c]
     Fix segv when smartcard communication error occurs during key load.
     ok markus@@
 - (djm) Update spec files for new x11-askpass

20010927
 - (stevesk) session.c: declare do_pre_login() before use
   wayned@@users.sourceforge.net

20010925
 - (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used.
 - (djm) Sync $sysconfdir/moduli
 - (djm) Avoid bad and unportable sprintf usage in compat code
@
text
@d9 1
a9 1
PORTVERSION=	3.0
d15 1
@


1.72
log
@- included an patch that solves a coredump in sshd
- Bumped PORTREVISION

Submitted by:	ryanb@@goddamnbastard.org
@
text
@d9 1
a9 2
PORTVERSION=	2.9.9
PORTREVISION=	1
@


1.71
log
@- Update to OpenSSH 2.9.9
- convert portname into lowercase
- PREFIX support for default sshd_config
- security-patch for cookie files obsolete
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.70 2001/06/25 06:28:44 dinoex Exp $
d10 1
@


1.70
log
@This adds two environment variables into environment of user: LANG & MM_CHARSET,
 when used standard login via telnet or console

However when used openssh, then sshd does not setup LANG & MM_CHARSET into envir
onment for user in russian class

Code for this operation did not exists in openssh port !

PR:		21146
Submitted by:	odip@@bionet.nsc.ru
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.69 2001/06/24 04:28:48 dinoex Exp $
d8 2
a9 3
PORTNAME=	OpenSSH
PORTVERSION=	2.9
PORTREVISION=	3
d69 2
d89 1
d95 3
@


1.69
log
@change MAINTAINER to FreeBSD.org address
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.68 2001/06/12 07:49:52 dinoex Exp $
d10 1
a10 1
PORTREVISION=	2
@


1.68
log
@- Drop modifier L in makefile, all options have to be set
  in lowercase "yes"
- Tested build with FreeBSD 4.1
  openssl-0.9.6a needs to be installed form ports.
	"FORBIDDEN" must be removed by hand.
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.67 2001/06/11 20:14:15 dinoex Exp $
d18 1
a18 1
MAINTAINER=	dirk.meyer@@dinoex.sub.org
@


1.67
log
@- Don't generate keys if BATCH is defined,
  they will be generated when the package is installed.
- Update MAN1, MAN8
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.66 2001/06/10 20:01:49 dinoex Exp $
d26 3
d32 9
d83 10
@


1.66
log
@- Fix FreeBSD specific patch, exit now if change of password fails.
	Forwarded by dwcjr

Submitted by:	Udo.Schweigert@@cert.siemens.de
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.65 2001/06/10 11:15:04 dinoex Exp $
d22 3
a24 2
MAN1=		scp.1 slogin.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1
MAN8=		sshd.8
d73 1
d81 1
@


1.65
log
@Fix spelling and make portline happy (training spaces)
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.64 2001/06/09 04:59:00 dinoex Exp $
d10 1
a10 1
PORTREVISION=	1
@


1.64
log
@- Switch to the user's uid before attempting to unlink the auth forwarding
  file, nullifying the effects of a race.
- Bump PORTREVISION

Submitted by:	green@@FreeBSD.org
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.63 2001/06/08 08:03:22 dinoex Exp $
d10 1
a10 1
RTREVISION=	1
d25 1
a25 1
 
@


1.63
log
@- Update from OpenSSH 2.2.0 to OpenSSH 2.9
- Features:
  Possible use of sftp/sftp-server with older FreeBSD releases.
  Use a newer version independently from the Base system.
  Easier to test and fix possible security bugs.
- Bugs:
  build of pam_ssm.so isn't be supported any more
  Any file named "cookie" can be deleted by this and any older "sshd"
  with X11 Forwarding.
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.62 2001/04/02 10:28:59 mharo Exp $
d10 1
@


1.62
log
@make openssh comply with section 4.4.9 (MAN vars in Makefile, not plist)

PR:		18711
Submitted by:	    Trevor Johnson <trevor@@jpj.net>
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.61 2001/02/21 04:45:25 green Exp $
d9 1
a9 2
PORTVERSION=	2.2.0
PORTREVISION=	2
d17 1
a17 1
MAINTAINER=	ports@@FreeBSD.org
a63 3
	@@${MKDIR} ${WRKSRC}/pam_ssh
	@@${CP} ${FILESDIR}/pam_ssh_Makefile ${WRKSRC}/pam_ssh/Makefile
	@@${CP} ${FILESDIR}/pam_ssh.c ${WRKSRC}/pam_ssh/
d67 2
a68 11
		${WRKSRC}/sshd_config ${WRKSRC}/pam_ssh/pam_ssh.c	\
		${WRKSRC}/sshd.sh

.if ${PAM} == yes
PLIST=		${WRKDIR}/PLIST

do-configure:
	@@${CP} ${PKGDIR}/pkg-plist ${PLIST}
	@@${ECHO} "@@cwd /usr" >> ${PLIST}
	@@${ECHO} "lib/pam_ssh.so" >> ${PLIST}
.endif
@


1.61
log
@Move the maintainer to ports.  I don't have the capacity to continue
to support very old systems myself.
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.60 2001/02/12 08:06:55 kris Exp $
d22 4
@


1.60
log
@Add patch to prevent Bleichenbacher attack on SSH1 server. Bump
PORTREVISION.
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.59 2001/02/09 22:45:16 kris Exp $
d18 1
a18 1
MAINTAINER=	green@@FreeBSD.org
@


1.59
log
@Bump PORTREVISION due to security fix.
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.58 2001/02/09 22:37:49 kris Exp $
d10 1
a10 1
PORTREVISION=	1
@


1.58
log
@Add patch to deal with possible remote root exploit found by
Michal Zalewski of the Bindview RAZOR Team, and some patches to hopefully
deal with compilation on older versions of FreeBSD.

Submitted by:	alfred
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.57 2001/02/09 04:58:24 kris Exp $
d10 1
@


1.57
log
@Mark FORBIDDEN: several problems including possible remote root
compromise. OpenSSH 2.3.0 included in 4.2-STABLE is not vulnerable.
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.56 2000/11/04 23:04:20 green Exp $
a21 2

FORBIDDEN=	"Remote vulnerabilities"
@


1.56
log
@Update to OpenSSH 2.2.0.  This is an end-of-life update for the
ports-based OpenSSH.  OpenSSH has been in the base system for more
than long enough to justify not having to maintain two separate
FreeBSD versions of OpenSSH.
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.55 2000/10/08 10:22:52 asami Exp $
d22 2
@


1.55
log
@Change PKGDIR from pkg/ to .  Also fix places where ${PKGDIR} is
spelled out (many of which are ${PKGDIR}/MESSAGE -> ${PKGMESSAGE} type
fixes that shouldn't have been necessary) and the string "/pkg/"
appear.
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.54 2000/09/22 01:59:00 kris Exp $
d9 1
a9 1
PORTVERSION=	2.1.1
@


1.54
log
@Update all ports using OpenSSL and RSA to work without rsaref since
it is no longer required. Apologies to the various maintainers whom I
did not yet hear back from, but the ports freeze is coming up in a few
hours and I will be verifying all of these ports on a 4.1 machine
myself to catch any problems.
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.53 2000/06/27 21:30:34 green Exp $
d73 1
a73 1
	@@${CP} ${PKGDIR}/PLIST ${PLIST}
@


1.53
log
@Update to OpenSSH 2.1.1 and fix SSHv2 serving (passwd botch).
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.52 2000/06/02 03:18:41 will Exp $
d19 1
a19 1
USE_OPENSSL=	RSA
a23 3
.if defined(OPENSSL_RSAREF)
CRYPTOLIBS+=	-lRSAglue -L${LOCALBASE}/lib -lrsaref
.endif
@


1.52
log
@Remove redundant/inappropriate CATEGORIES.  People need to start reading
the Porter's Handbook.  :-)
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.51 2000/05/13 19:50:57 green Exp $
d9 1
a9 1
PORTVERSION=	2.1.0
d14 1
a14 1
DISTNAME=	openssh-2.1.0
@


1.51
log
@Oops, put the I back in INSTALL_SCRIPT.
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.50 2000/05/13 17:10:55 green Exp $
d10 1
a10 1
CATEGORIES=	security net
@


1.50
log
@Update to OpenSSH 2.1.0.  They _FINALLY_ have distfiles, so now the CVS is
not needed for the port.

Big thanks to Issei-san for doing the majority of the work necessary for
this upgrade!

Submitted by:	Issei Suzuki <issei@@jp.FreeBSD.org>
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.49 2000/04/20 22:24:08 green Exp $
d91 1
a91 1
	@@${NSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/
@


1.49
log
@Upgrade to version 1.2.3 with a CVS of a few hours ago.  New stuff in
this release is mostly the support for lots of ssh2.  Note that SSH2 is
not fully supported here yet, but it's mostly there; see README.openssh2.
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.48 2000/04/09 18:30:06 cpiazza Exp $
d9 7
a15 5
PORTVERSION=	1.2.3
CATEGORIES=	security net ipv6
# ${MASTER_SITES} is only for if CVS won't work, period.
MASTER_SITES=	ftp://internat.FreeBSD.org/pub/Crypto/OpenSSH/
DISTNAME=	src/usr.bin/ssh
d22 1
a22 12
CAT?=		/bin/cat
SED?=		/usr/bin/sed
DISTFILES!=	${SED} 's:^\(.*\)$$:${PKGNAME}/\1:g' ${FILESDIR}/distfiles
IGNOREFILES!=	${SED} 's:^\(.*\)$$:${PKGNAME}/\1:g' ${FILESDIR}/ignorefiles
DISTFILES+=	${IGNOREFILES}

CVS_CMD?=	cvs -z3
CVS_DATE=	Thu Apr 20 17:00:39 EDT 2000
SED?=		/usr/bin/sed
CVS_DATE_!=	${ECHO} -n "${CVS_DATE}" | ${SED} 's/[ \t:]/_/g'
CVS_SITES?=	anoncvs@@anoncvs1.ca.openbsd.org:/cvs \
		:pserver:anoncvs@@anoncvs1.usa.openbsd.org:/cvs
a51 1
STAMPFILE=	${DISTDIR}/${PKGNAME}/.stamp
d54 1
a54 60
do-fetch:
	@@if [ ! -e ${STAMPFILE} ] || \
	    [ "X${CVS_DATE}" != "X$$(${CAT} ${STAMPFILE})" ]; then \
		if [ -e ${DISTDIR}/${PKGNAME}.${CVS_DATE_}.tar.gz ]; then \
			cd ${DISTDIR}; \
			${TAR} xfz ${PKGNAME}.${CVS_DATE_}.tar.gz \
			    ${DISTFILES}; \
			${ECHO} -n "${CVS_DATE}" > ${STAMPFILE}; \
			exit; \
		fi; \
		unset CVS_RSH CVS_SERVER || ${TRUE}; \
		if [ -n "${PORTS_CVS_RSH}" ]; then \
			export CVS_RSH="${PORTS_CVS_RSH}"; \
		fi; \
		if [ -n "${PORTS_CVS_SERVER}" ]; then \
			export CVS_SERVER="${PORTS_CVS_SERVER}"; \
		fi; \
		${MKDIR} ${DISTDIR}/${PKGNAME} && \
		cd ${DISTDIR}/${PKGNAME}; \
		for CVS_SITE in ${CVS_SITES}; do \
			${ECHO_MSG} ">> Attempting to CVS checkout from $${CVS_SITE}."; \
			if ${CVS_CMD} -d $${CVS_SITE} co -D "${CVS_DATE}" \
			    ${DISTNAME}; then \
				${ECHO} -n "${CVS_DATE}" > ${STAMPFILE}; \
				exit; \
			fi \
		done; \
		${ECHO_MSG} ">> Couldn't CVS checkout ${PKGNAME}.  Please try to retrieve"; \
		${ECHO_MSG} ">> a snapshot with \"make fetchsrctarball\" and try again."; \
		exit 1; \
	fi

makesrctarball: fetch
	@@cd ${DISTDIR}; \
	${ECHO_MSG} ">> Creating source tarball in ${DISTDIR}"; \
	${ECHO_MSG} ">> \"${PKGNAME}.${CVS_DATE_}.tar.gz\"."; \
	${TAR} cfz ${PKGNAME}.${CVS_DATE_}.tar.gz ${PKGNAME}

fetchsrctarball:
	@@cd ${DISTDIR}; \
	file=${PKGNAME}.${CVS_DATE_}.tar.gz; \
	if [ -e $$file ]; then \
		exit; \
	fi; \
	${ECHO_MSG} ">> $$file doesn't seem to exist on this system."; \
	for site in ${MASTER_SITES}; do \
		${ECHO_MSG} ">> Attempting to fetch from $${site}."; \
		if ${SETENV} ${FETCH_ENV} ${FETCH_CMD} ${FETCH_BEFORE_ARGS} \
		    $${site}$${file}; then \
			exit; \
		fi; \
	done; \
	${ECHO_MSG} ">> Couldn't fetch $$file."; \
	${ECHO_MSG} ">> Please try to retrieve this file manually into"; \
	${ECHO_MSG} ">> ${_DISTDIR} and try again."; \
	exit 1

do-extract:
	@@${MKDIR} ${WRKDIR}
	@@${CP} -r ${DISTDIR}/${PKGNAME}/${DISTNAME} ${WRKDIR}
d56 1
d68 3
a70 5
	@@${PERL} -pi -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h \
		${WRKSRC}/sshd_config ${WRKSRC}/pam_ssh/pam_ssh.c
	@@${PERL} -pi -e \
	    's:^(\s*#\s*include\s+<)ssl(/\w+\.h>\s*)$$:$$1openssl$$2:g' \
	    ${WRKSRC}/*.[ch]
d83 1
a83 1
	@@${ECHO_MSG} ">> Generating a secret host key."
d86 4
d91 1
a91 3
	@@${ECHO} "#!/bin/sh" > ${PREFIX}/etc/rc.d/sshd.sh
	@@${ECHO} "[ -x ${PREFIX}/sbin/sshd ] && ${PREFIX}/sbin/sshd && echo -n ' sshd'" >> ${PREFIX}/etc/rc.d/sshd.sh
	@@${CHMOD} 0555 ${PREFIX}/etc/rc.d/sshd.sh
@


1.48
log
@Update with the new PORTNAME/PORTVERSION variables
@
text
@d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.47 2000/03/03 06:10:02 green Exp $
d9 1
a9 1
PORTVERSION=	1.2.2
d27 1
a27 1
CVS_DATE=	Fri Mar  3 00:37:20 EST 2000
@


1.47
log
@Update this to a CVS_DATE of a few minutes ago.
@
text
@a1 1
# Version required:	1.2
d5 1
a5 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.46 2000/03/02 06:42:59 brian Exp $
d8 2
a9 2
DISTNAME=	src/usr.bin/ssh
PKGNAME=	OpenSSH-1.2.2
d13 1
@


1.46
log
@Allow manual PORTS_CVS_SERVER and CVS_SITES settings.

Approved by:	maintainer
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.45 2000/02/16 04:52:59 green Exp $
d27 1
a27 1
CVS_DATE=	Tue Feb  1 02:19:07 EST 2000
@


1.45
log
@Change a MAKE_ENV= to MAKE_ENV+=.  This may fix problems people on
-STABLE are reporting.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.44 2000/02/12 23:55:33 green Exp $
d30 1
a30 1
CVS_SITES=	anoncvs@@anoncvs1.ca.openbsd.org:/cvs \
d77 3
@


1.44
log
@Clean things up by using the new knob for OpenSSL usage.

Submitted by:	kris
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.43 2000/02/10 12:23:49 green Exp $
d37 1
a37 1
MAKE_ENV=	DESTDIR=${PREFIX} MANDIR=/man/man CRYPTOLIBS="${CRYPTOLIBS}"
@


1.43
log
@Tell the user that they're doing something wrong when USA_RESIDENT is
not set.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.42 2000/02/09 03:28:47 sumikawa Exp $
d17 1
a17 1
LIB_DEPENDS=	crypto.1:${PORTSDIR}/security/openssl
d32 3
a34 7
CRYPTOLIBS=	-L${PREFIX}/lib -lcrypto
.ifdef USA_RESIDENT
.if ${USA_RESIDENT} == YES
CRYPTOLIBS+=	-lRSAglue -lrsaref
.endif
.else
.error "USA_RESIDENT must be set to 'YES' or 'NO' correctly!"
@


1.42
log
@Simplify IPv6 checking.

Suggested by:	green
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.41 2000/02/01 17:04:02 sumikawa Exp $
d33 2
a34 1
.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
d36 3
@


1.41
log
@the condition for USE_INET6 setting was opposite.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.40 2000/02/01 08:11:56 green Exp $
d41 1
a41 1
MAKE_ENV+=	USE_INET6=yes
@


1.40
log
@Fix a "USET" -> "USE" again.  IPv6 should work for this port.  Again.

Go to a much more convenient scheme for distfiles/ignorefiles.  There
will be a lot less change from now on... the release name not being
embedded in them helps a lot.

Fix an unquoted "${CVS_DATE}" so cvs update isn't always run when
we're in one of the first 9 days of a month in CVS_DATE.

Update to OpenSSH-1.2.2, which doesn't really mean anything since there
are no source releases anyway...

The port has been verified to work with pdksh 5.2.14 as /bin/sh, and
about 7 times faster.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.39 2000/01/27 21:19:20 green Exp $
d39 2
a41 1
MAKE_ENV+=	COMPAT_GETADDRINFO=yes
@


1.39
log
@Take off RESTRICTED, since this has been a proper package for some
time now, and is not a legal problem (see Bruce Schneier's latest
Crypto-Gram).  Basically, since it's unencumbered, it is alright.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.38 2000/01/26 11:34:21 asami Exp $
d10 1
a10 1
PKGNAME=	OpenSSH-1.2.1
d21 3
a23 2
DISTFILES!=	${CAT} ${FILESDIR}/distfiles
IGNOREFILES!=	${CAT} ${FILESDIR}/ignorefiles
d27 1
a27 1
CVS_DATE=	Fri Jan  7 01:25:49 JST 2000
d39 1
a39 1
MAKE_ENV+=	USET_INET6=yes
d83 1
a83 1
				${ECHO} -n ${CVS_DATE} > ${STAMPFILE}; \
@


1.38
log
@List CVS files in IGNOREFILES so they will be properly deleted by "distclean".

Approved by:	green (well, I thought he was going to *do* it, but anyway....)
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.37 2000/01/25 22:12:09 sumikawa Exp $
a15 2

RESTRICTED=	"One file calls external cryptographic routines."
@


1.37
log
@Use ${OSVERSION} instead of ${USE_INET6}.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.36 2000/01/19 02:53:21 green Exp $
d24 2
@


1.36
log
@Fix IPv6 support: change a typo "USET_IPV6" to "USE_IPV6".
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.35 2000/01/18 11:18:22 sumikawa Exp $
a36 3
.if defined(USE_INET6)
MAKE_ENV+=	USE_INET6=yes
.endif
d38 1
@


1.35
log
@- remove me from another MAINTAINER
- add 'ipv6' on CATEGORIES
- use ${OSVERSION} instead of ${USE_INET6} for checking getaddrinfo()
  existence.
- fix broken ${ECHO_MSG}
- avoid duplicate copying rcmd.c
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.34 2000/01/15 23:17:13 green Exp $
d38 1
a38 1
MAKE_ENV+=	USET_INET6=yes
@


1.34
log
@Add sumikawa@@FreeBSD.org as another MAINTAINER.  Hopefully, this will
reduce my workload, and maybe there'll now be someone who remembers
to notify markm when updating CVS_DATE ;)
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.33 2000/01/13 23:21:58 green Exp $
d11 1
a11 1
CATEGORIES=	security net
a15 1
MAINTAINER+=	sumikawa@@FreeBSD.org
d40 3
d115 1
a115 1
	${ECHO_MSG" ">> ${_DISTDIR} and try again."; \
d122 1
a122 1
.if !defined(USE_INET6)
d125 1
a125 1
	@@${CP} ${FILESDIR}/getnameinfo.c ${FILESDIR}/rcmd.c ${WRKSRC}/lib/
@


1.33
log
@Update to a more current OpenSSH, including...

	IPv6 support!!

Thank you very much, Sumikawa san.

Submitted by:	Munechika SUMIKAWA <sumikawa@@ebina.hitachi.co.jp>
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.32 2000/01/07 16:40:13 asami Exp $
d16 1
@


1.32
log
@Don't include bsd.port.pre.mk twice.  This usually is caused by first
including bsd.port.pre.mk and then later including bsd.port.mk (the
latter of which of course should be bsd.port.post.mk).
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.31 1999/12/23 06:37:20 green Exp $
d26 1
a26 1
CVS_DATE=	Thu Dec 23 01:07:56 EST 1999
d37 3
d119 6
@


1.31
log
@Update to today's OpenSSH.

The version is now 1.2.1, from 1.2.  You can mv your old distfiles/OpenSSH-1.2
dir to distfiles/OpenSSH-1.2.1, if you want to not waste time/space.

Some minor nits have been fixed, and a couple bugs.  One sizeof(len)
should have just been len, and, in markus's words,
"fix get_remote_port() and friends for sshd -i".
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.30 1999/12/08 04:06:31 green Exp $
d155 1
a155 1
.include <bsd.port.mk>
@


1.30
log
@I've cleaned up ${CVS_DATE} usage a bit (keep spaces correctly), and
updated to today's snapshot of OpenSSH.

Various updates from the latest ${CVS_DATE}, and requisite patch
changes, are the "big new thing".  Nothing major has changed;  the
biggest ones would be using atomicio() in a lot of places and a
fix for a SIGHUP not updating sshd(8)'s configuration until the
next connection.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.29 1999/12/06 06:32:11 green Exp $
d10 1
a10 1
PKGNAME=	OpenSSH-1.2
d26 1
a26 1
CVS_DATE=	Tue Dec  7 22:46:23 EST 1999
@


1.29
log
@In the meantime (while things are being worked and decided on on the
OpenBSD OpenSSH front), add ConnectionsPerPeriod to prevent DoS via
running the system out of resources.  In reality, this wouldn't
be a full DoS, but would make a system slower, but this is a better
thing to do than let the system get loaded down.
   So here we are, rate-limiting.  The default settings are now:
Five connections are allowed to authenticate (and not be rejected) in
a period of ten seconds.
One minute is given for login grace time.
   More work in this area is being done by alfred@@FreeBSD.org and
markus@@OpenBSD.org, at the very least.  This is, essentially, a
stopgap solution;  however, it is a properly implemented and documented
one, and has an easily modifiable framework.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.28 1999/12/06 06:26:17 green Exp $
d26 1
a26 1
CVS_DATE=	Sun Nov 28 16:31:22 EST 1999
d28 1
a28 1
CVS_DATE_!=	${ECHO} -n ${CVS_DATE} | ${SED} 's/[ \t:]/_/g'
d65 1
a65 1
			${ECHO} -n ${CVS_DATE} > ${STAMPFILE}; \
@


1.28
log
@Under advisories, put RESTRICTED back.  It more accurately reflects
reality, though.  One file, cipher.c, calls cryptographic routines
from external libraries.  This really cannot encumber OpenSSH in
any case, but I put RESTRICTED back since it would give people a
false hope of being able to install the OpenSSH package but
not the requisite, RESTRICTED (so nonexistant) openssl package.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.27 1999/12/06 04:49:22 green Exp $
d121 1
a121 1
	@@${PERL} -pi.orig -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h \
d123 1
a123 1
	@@${PERL} -pi.openssl -e \
@


1.27
log
@Good-bye, RESTRICTED.

Reasons:
1. It's not crypto.
2. It links with crypto.
	a. That crypto is in the public domain.
	b. Linking with crypto does not constitute cryptography.
3. Even if it were crypto, the description of the entire protocol, etc.,
   is in the public domain.  The RFC is PD in the USA, and the white paper
   in Europe.
4. Precedence?  Even if it were crypto, the Bernstein case has set
   precedence for allowing export of that.  But it's not even crypto.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.26 1999/11/29 07:09:39 green Exp $
d16 2
@


1.26
log
@Add the PAM SSH RSA key authentication module.  For example, you can add,
"login  auth    sufficient      pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)

PR:		15158
Submitted by:	Andrew J. Korty <ajk@@waterspout.com>
Reviewed by:	obrien
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.25 1999/11/28 22:40:16 green Exp $
a17 2

RESTRICTED=	"Links with cryptographic code."
@


1.25
log
@Update to a current CVS_DATE.  The only real change I see is the (big)
change of KNFization being finalized :)

Patches had to be modified, but should look "better" according to
style(9), now.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.24 1999/11/28 21:39:57 green Exp $
d46 6
d116 3
d121 2
a122 2
	@@${PERL} -pi.orig -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h
	@@${PERL} -pi.orig -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/sshd_config
d126 9
@


1.24
log
@Change CFLAGS to get modified in Makefile.inc, fixing the
problem several people have reported with make.conf setting ${CFLAGS}.

Partially submitted by:	Jos Backus <Jos.Backus@@nl.origin-it.com>
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.23 1999/11/24 03:36:14 green Exp $
d26 1
a26 1
CVS_DATE=	Tue Nov 23 18:52:21 EST 1999
@


1.23
log
@Update the CVS_DATE.  This brings in support for TIS authentication,
obsoleting a couple patches (it's the same code, though, except for
additions).

This also brings in KNFization of everything (please hold the cheering
down :) and made me reroll all my patches.

My patches have been almost entirely rewritten.  The places are the
same, but the code's rewritten.  It fits with the style (KNF) now,
and looks better.

I've also added strlcat.c to the build, which, just like strlcpy.c, is
necessary for compatibility with older libcs.  After strlcat() snuck
into the OpenSSH code recently, this would prevent OpenSSH from
building on (e.g.) FreeBSD 3.2.  Adding it to ssh/lib/ makes it work
yet again :)
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.22 1999/11/23 03:04:05 green Exp $
a24 1
CFLAGS+=	-DHAVE_OPENPTY -I${PREFIX}/include
@


1.22
log
@Correct ssh-keygen usage.

Submitted by:	Larry Baird <lab@@gta.com>
@
text
@d2 1
a2 1
# Version required:	19991107
d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.21 1999/11/22 22:45:47 green Exp $
d25 1
a25 1
CFLAGS+=	-DHAVE_OPENPTY
d27 1
a27 1
CVS_DATE=	Sun Nov 21 11:22:08 EST 1999
d110 1
a110 1
	@@${CP} ${FILESDIR}/strlcpy.c ${WRKSRC}/lib/
@


1.21
log
@Clean up some shell scripting and replace it with proper Makefile
syntax.  Run ssh-keygen for ssh_host_key on port install, not just
package install.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.20 1999/11/21 23:10:48 green Exp $
d122 1
a122 1
	${PREFIX}/bin/ssh-keygen -N "" ${PREFIX}/etc/ssh_host_key
@


1.20
log
@And away we go!  Here comes the source mirror, thanks Mark!

Submitted by:	markm
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.19 1999/11/21 16:42:39 green Exp $
d120 4
a123 8
	@@if [ ! -f ${PREFIX}/etc/ssh_config -a \
	      ! -f ${PREFIX}/etc/sshd_config ]; then \
		cd ${WRKSRC} && ${MAKE} DESTDIR=${PREFIX} distribution; \
	else \
		${ECHO_MSG} ">> ${PREFIX}/etc/ssh{,d}_config exists, not being replaced!"; \
		${ECHO_MSG} ">> If this is left over from another version of SSH, you will"; \
		${ECHO_MSG} ">> need to update it to work with OpenSSH."; \
	fi
d128 8
@


1.19
log
@Update to the latest CVS_DATE, obsoleting patches patch-a[yz].

Add "ignorelogin" login.conf functionality to sshd.

The biggest change: new port functionality.  Making "fetchsrctarball"
will soon work for those of you who cannot use CVS to get OpenSSH.
Mark Murray, the savior he is :), will use "make makesrctarball" and
put the snapshots of OpenSSH source in the proper place.

The current ${MASTER_SITES} is just a guess at where the snapshot
files could be hosted; something definite should be worked out very
soon.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.18 1999/11/20 22:54:06 green Exp $
d13 1
a13 1
MASTER_SITES=	ftp://internat.FreeBSD.org/pub/Crypto/misc/
@


1.18
log
@Set all the default PATHs correctly, removing a "hack"-ish ${PERL}
transform.

Prompted by:	deraadt
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.17 1999/11/20 03:55:19 green Exp $
d12 2
a13 1
MASTER_SITES=	# See ${CVS_SITES}
d27 3
a29 1
CVS_DATE=	Fri Nov 19 20:25:38 EST 1999
d56 7
d78 1
a78 1
		${ECHO_MSG} ">> this port manually into ${_DISTDIR} and try again."; \
d81 25
@


1.17
log
@ARGH! Remember the echo -n ' sshd'.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.16 1999/11/20 03:41:59 green Exp $
a77 2
	@@${PERL} -pi.orig -e 's:(_PATH_STDPATH):$$1 "${PREFIX}/bin":g' \
	    ${WRKSRC}/sshd.c
@


1.16
log
@Change around sshd.sh for the last time.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.15 1999/11/20 03:05:26 green Exp $
d97 1
a97 1
	@@${ECHO} "[ -x ${PREFIX}/sbin/sshd ] && exec ${PREFIX}/sbin/sshd" >> ${PREFIX}/etc/rc.d/sshd.sh
@


1.15
log
@Turn on HAVE_OPENPTY so more than 16 terminals work with sshd.

Put sshd.sh installation in the pre-install, ssh_host_key generation
back in the PLIST, and check for ssh_config, too.  This port now
works much better as a package.  The configuration files and sshd.sh
are also part of the package, and as such removed on deinstall.

The proper upgrade procedure from one OpenSSH version to a newer one is:
chflags schg /usr/local/etc/ssh*	# preserve them from deletion
cd /usr/ports/security/openssh
make all deinstall reinstall clean

Partially submitted by:	peter
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.14 1999/11/20 01:52:14 green Exp $
d86 1
a86 1
pre-install:
d95 5
a99 8
	@@if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \
		${ECHO_MSG} ">> Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
		${MKDIR} ${PREFIX}/etc/rc.d; \
		${INSTALL_SCRIPT} ${FILESDIR}/sshd.sh \
		    ${PREFIX}/etc/rc.d; \
		${PERL} -pi -e 's:__PREFIX__:${PREFIX}:g' \
		    ${PREFIX}/etc/rc.d/sshd.sh; \
	fi
@


1.14
log
@Update to the latest CVS_DATE (now =)  The biggest change to the OpenBSD
code tree is the addition of the SSH_CMSG_MAX_PACKET_SIZE command.

Really big tiny change:	PermitRootLogin is now DISABLED by default.  This
change has been specifically okayed.

Reviewed by:	imp
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.13 1999/11/18 01:46:34 green Exp $
d24 1
d87 2
a88 1
	@@if [ ! -f ${PREFIX}/etc/sshd_config ]; then \
d91 1
a91 1
		${ECHO_MSG} ">> ${PREFIX}/etc/sshd_config exists, not being replaced!"; \
a94 2

post-install:
a102 5
	@@if [ ! -f ${PREFIX}/etc/ssh_host_key ]; then \
		${ECHO_MSG} "Generating a secret host key..."; \
		${PREFIX}/bin/ssh-keygen -N "" -f ${PREFIX}/etc/ssh_host_key; \
	fi

@


1.13
log
@Make the second CVS site work for real.

Move sshd.sh to files and ${INSTALL_SCRIPT}/${PERL} -pi it.

Clean up the Makefile's style a bit (MNF anyone? :)

Add WWW: to pkg/DESCR.

Change MASTER_SITES back to CVS_SITES to avoid problems with
MASTER_SITE_OVERRIDE.

Parts submitted by:	Christian Weisgerber <naddy@@mips.rhein-neckar.de>, Robert Muir <rmuir@@gibralter.net>
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.12 1999/11/17 20:12:17 green Exp $
d25 1
a25 1
CVS_DATE=	Wed Nov 17 14:09:01 EST 1999
d57 1
a57 1
		cd ${DISTDIR}/${PKGNAME} || exit; \
@


1.12
log
@Update OpenSSH to the latest CVS_DATE.

CVS_SITE is now MASTER_SITES, and each is tried if the previous fails

Include a :pserver: as one of the CVS repositories, so those inside firewalls
should be able to fetch SSH.  If this doesn't work for everyone, I've still
got a trick up my sleeve.

Fix rlimit-related warnings people are seeing by moving the setclasscontext()
to before the switching of uids.  Let me know if this does not work, as I
never got the warnings in the first place.

Don't clobber sshd_config, etc.  Instead, if they're there, just warn of
their existance.

Take the config files and sshd.sh out of the pkg/PLIST, mainly so you don't
lose your configuration files by doing a "make deinstall reinstall clean"
update.

Parts submitted by:	Robert Muir <rmuir@@gibralter.net>, Travis Mikalson <bofh@@terranova.net>
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.11 1999/11/17 17:15:24 green Exp $
d12 1
a12 2
MASTER_SITES=	anoncvs@@anoncvs1.ca.openbsd.org:/cvs \
		:pserver:anoncvs@@anoncvs1.usa.openbsd.org:/cvs
d26 2
d58 7
a64 6
		for CVS_SITE in ${MASTER_SITES}; do \
			${ECHO_MSG} ">> Attempting to CVS checkout from\
			$${CVS_SITE}."; \
			${CVS_CMD} -d $${CVS_SITE} co -D "${CVS_DATE}" \
				${DISTNAME} && { ${ECHO} -n ${CVS_DATE} > \
				${STAMPFILE} && exit; }; \
d66 2
a67 4
		${ECHO_MSG} ">> Couldn't CVS checkout ${PKGNAME}.  Please try\
			to retrieve"; \
		${ECHO_MSG} ">> this port manually into ${_DISTDIR} and try\
			again."; \
d78 1
a78 1
		${WRKSRC}/sshd.c
d82 2
a83 2
		's:^(\s*#\s*include\s+<)ssl(/\w+\.h>\s*)$$:$$1openssl$$2:g' \
		${WRKSRC}/*.[ch]
d89 3
a91 3
		${ECHO} ">> ${PREFIX}/etc/sshd_config exists, not being replaced!"; \
		${ECHO} ">> If this is left over from another version of SSH, you will"; \
		${ECHO} ">> need to update it to work with OpenSSH."; \
d96 6
a101 5
		${ECHO} ">> Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
		${ECHO} "#!/bin/sh" > ${PREFIX}/etc/rc.d/sshd.sh; \
		${ECHO} "[ -x ${PREFIX}/sbin/sshd ] && ${PREFIX}/sbin/sshd &&" \
			"${ECHO} -n ' sshd'" >> ${PREFIX}/etc/rc.d/sshd.sh; \
		${CHMOD} 755 ${PREFIX}/etc/rc.d/sshd.sh; \
d103 5
@


1.11
log
@Thanks to those who replied!  The include (ssl versus openssl) transform
is now done in post-patch.

Submitted by:	Anton Berezin <tobez@@plab.ku.dk>, Christian Weisgerber <naddy@@unix-ag.uni-kl.de>
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.10 1999/11/17 00:55:54 green Exp $
d12 2
d26 1
a26 2
CVS_DATE=	Tue Nov 16 16:45:45 PST 1999
CVS_SITE?=	anoncvs@@anoncvs1.ca.openbsd.org:/cvs
d56 13
a68 3
		cd ${DISTDIR}/${PKGNAME} && \
		${CVS_CMD} -d ${CVS_SITE} co -D "${CVS_DATE}" ${DISTNAME} && \
		${ECHO} -n ${CVS_DATE} > ${STAMPFILE}; \
d86 7
a92 1
	@@cd ${WRKSRC} && ${MAKE} DESTDIR=${PREFIX} distribution
d96 1
a96 1
		${ECHO} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
@


1.10
log
@Prompted by Kris Kennaway <kris@@FreeBSD.org>

Update to to the current time for OpenSSH.  The notable commit given to me
for this new date is:

(provos@@cvs.openbsd.org)

        usr.bin/ssh    : hostfile.c

in known_hosts key lookup the entry for the bits does not need to match, all
the information is contained in n and e.  This solves the problem with buggy
servers announcing the wrong modulus length.  markus and me.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.9 1999/11/15 06:47:56 green Exp $
d66 1
a66 1
	@@${PERL} -pi.orig -e 's:_PATH_STDPATH:_PATH_STDPATH "${PREFIX}/bin":' \
d70 3
@


1.9
log
@Bump CVS_DATE to a few minutes ago, and update MD5 checksums for updated
files.  Also, CVS_RSH can now be specified (to override the ignored
environmental CVS_RSH) as PORTS_CVS_RSH.  For instance, you can use ssh
to check out ssh ( :] ) with "PORTS_CVS_RSH=ssh make fetch".
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.8 1999/11/15 06:18:39 green Exp $
d24 1
a24 1
CVS_DATE=	Mon Nov 15 01:30:17 EST 1999
@


1.8
log
@Enable TCP wrapper support (conditionalized to turn off if tcpd.h is
nonexistant).  Also, add the Makefile hooks for AFS, Kerberos, and S/Key.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.7 1999/11/13 05:55:32 green Exp $
d24 1
a24 1
CVS_DATE=	Fri Nov 12 20:27:53 EST 1999
d51 3
@


1.7
log
@Lots of OpenSSH changes, let's see if I remember them all.
	1. Makefile cleanups, pkg/DESCR original comment (obrien)
	2. sshd.sh and automatic host key generation when installed
	   (Christian Weisgerber <naddy@@unix-ag.uni-kl.de>)
	3. Completely redone downloading procedure:
		* CVS is used to download the source (${CVS_CMD} defaults to
		  cvs -z3)
		* MD5 checksums and a specific ${CVS_DATE} are used to get
		  a specific source tree and verify it;  ${CVS_DATE} and
		  checksums can easily be rolled forward once tested.
		* Source is checked out to distfiles like other ports,
		  and is only updated when ${CVS_DATE} changes.
		  Rebuilding the port doesn't require another cvs co.

Enjoy!

Reviewed mostly by:	obrien
@
text
@d6 1
a6 1
# $FreeBSD$
d33 10
a42 1
MAKE_ENV+=	TCP_WRAPPERS=NO
@


1.6
log
@Correct the do-fetch target and improve error detection in fetchit.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.5 1999/11/11 16:50:43 green Exp $
d9 3
a11 3
DISTNAME=	OpenSSH-1.2
CATEGORIES=	security
MASTER_SITES=	# see ${SCRIPTDIR}/fetchit
d19 8
a26 2
# Here, MANDIR is concetenated to DESTDIR which all forms the man install dir...
MAKE_ENV=	DESTDIR=${PREFIX} MANDIR=/man/man
d28 1
a28 3
MAKE_ENV+=	CRYPTOLIBS="-L${PREFIX}/lib -lcrypto -lRSAglue -lrsaref"
.else
MAKE_ENV+=	CRYPTOLIBS="-L${PREFIX}/lib -lcrypto"
d30 2
d35 1
a35 1
NO_CHECKSUM=	YES
d39 7
a45 3
	@@if [ ! -e ${WRKDIR}/.fetch_done ]; then \
		${SETENV} WRKDIR=${WRKDIR} ${SCRIPTDIR}/fetchit || exit 1; \
		${TOUCH} ${WRKDIR}/.fetch_done; \
d49 2
d53 6
d61 9
@


1.5
log
@Whoops, extra parenthesis broke do-fetch.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.4 1999/11/11 14:33:11 green Exp $
d33 4
a36 4
.if !exists(${WRKDIR}/.fetch_done)
	@@${SETENV} WRKDIR=${WRKDIR} ${SCRIPTDIR}/fetchit
.endif
	@@${TOUCH} ${WRKDIR}/.fetch_done
@


1.4
log
@Quite a bit of change to OpenSSH made:

Add "/usr/local/bin" to _PATH_STDPATH (makes scp work inbound, for instance.)
Fetch OpenSSH from OpenBSD's src tree.  This uses a script and ftp(1).
Add strlcpy.c to ssh/lib, so this port should build on 3.X now.
Make TCP_WRAPPERS conditional on /usr/include/tcpd.h like the PR, so it
 should build on older RELEASEs without TCP Wrappers.

The PR is still open because I am taking more from it.

PR:		ports/14653
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.3 1999/11/09 12:43:38 green Exp $
d34 1
a34 1
	@@${SETENV} WRKDIR=${WRKDIR} ${SCRIPTDIR}/fetchit)
@


1.3
log
@Make some various cleanups.  Note that I did not add RESTRICTED since this is
in no way cryptographically encumbered code.  The fact that it's
redistributed by me from freefall is completely coincidental.

Submitted by:	obrien, Christian Weisgerber <naddy@@unix-ag.uni-kl.de>
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.2 1999/11/09 11:43:11 dirk Exp $
d11 1
a11 1
MASTER_SITES=	http://www.FreeBSD.org/~green/
d17 2
d26 4
d31 9
@


1.2
log
@Add library dependency to crypto.1.
@
text
@d6 1
a6 1
# $FreeBSD: ports/security/openssh/Makefile,v 1.1.1.1 1999/11/08 06:20:52 green Exp $
a14 1
BUILD_DEPENDS=	openssl:${PORTSDIR}/security/openssl
a16 1
CFLAGS+=	-I${PREFIX}/include
d27 1
a27 1
	@@cd ${WRKSRC} && make DESTDIR=${PREFIX} distribution
@


1.1
log
@Initial revision
@
text
@d6 1
a6 1
# $FreeBSD$
d16 1
@


1.1.1.1
log
@Say hello to OpenSSH!  It's more secure, has a better license, and
is actively maintained by members of the OpenBSD project.
@
text
@@
