From owner-freebsd-ports  Wed Feb 27 12:50:49 2002
Delivered-To: freebsd-ports@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id DE33837B421
	for <freebsd-ports@hub.freebsd.org>; Wed, 27 Feb 2002 12:50:04 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g1RKo2u87157;
	Wed, 27 Feb 2002 12:50:02 -0800 (PST)
	(envelope-from gnats)
Received: from hbo.isi.edu (hbo.isi.edu [128.9.160.75])
	by hub.freebsd.org (Postfix) with ESMTP id 7952437B420
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 27 Feb 2002 12:48:08 -0800 (PST)
Received: (from larse@localhost)
	by hbo.isi.edu (8.11.6/8.11.6) id g1RKlbt73175;
	Wed, 27 Feb 2002 12:47:38 -0800 (PST)
	(envelope-from larse)
Message-Id: <200202272047.g1RKlbt73175@hbo.isi.edu>
Date: Wed, 27 Feb 2002 12:47:38 -0800 (PST)
From: Lars Eggert <larse@isi.edu>
Reply-To: Lars Eggert <larse@isi.edu>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: ports/35385: port update: security/ssh2
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org


>Number:         35385
>Category:       ports
>Synopsis:       port update: security/ssh2
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 27 12:50:02 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Lars Eggert
>Release:        FreeBSD 4.5-RELEASE i386
>Organization:
USC/ISI
>Environment:
FreeBSD hbo.isi.edu 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Thu Feb 21 16:41:28 PST 2002     root@hbo.isi.edu:/usr/src/sys/compile/KERNEL-1.34  i386
System: FreeBSD hbo.isi.edu 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Thu Feb 21 16:41:28 PST 2002 root@hbo.isi.edu:/usr/src/sys/compile/KERNEL-1.34 i386

	
>Description:
	Update security/ssh2 port to 3.1.0_1. Some X11 stuff
	(forwarding, ssh-askpass2) was silently skipped during build
	when X11 wasn't installed at port built time. Also install
	default config files as *.sample instead of overwriting
	existing ones.

>How-To-Repeat:
	
>Fix:
diff -uN /usr/ports/security/ssh2/Makefile ./Makefile
--- /usr/ports/security/ssh2/Makefile	Thu Feb 21 18:52:25 2002
+++ ./Makefile	Wed Feb 27 12:42:27 2002
@@ -7,7 +7,8 @@
 
 PORTNAME=	ssh2
 PORTVERSION=	3.1.0
-CATEGORIES=	security
+PORTREVISION=	1
+CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.ssh.com/pub/ssh/ \
 		ftp://sunsite.unc.edu/pub/packages/security/ssh/ \
 		ftp://ftp.kyoto.wide.ad.jp/pub/security/ssh/ \
@@ -23,24 +24,48 @@
 #RESTRICTED=	"Crypto; export-controlled"
 
 GNU_CONFIGURE=	YES
+CONFIGURE_ARGS=	--with-etcdir=${SSH2_ETC} --disable-debug
 
-CONFIGURE_ARGS=	--with-etcdir=${PREFIX}/etc/ssh2
-#Uncomment if all your users are in their own group and their homedir
-#is writeable by that group.  Beware the security implications!
-#CONFIGURE_ARGS+=	--enable-group-writeability
+SSH2_ETC=	${PREFIX}/etc/ssh2
+SSH2_RCD=	${PREFIX}/etc/rc.d
+CONFIG_FILES=	ssh2_config sshd2_config
 
-.include <bsd.port.pre.mk>
+# Uncomment if all your users are in their own group and their homedir
+# is writeable by that group.  Beware the security implications!
+#
+#CONFIGURE_ARGS+= --enable-group-writeability
 
-# Include tcp_wrappers support (automaticlly YES if /usr/include/tcpd.h exists)
-#WITH_TCPWRAP=	yes
+# Kerberos support is untested.
+#
+#.if defined(KRB5_HOME) && exists(${KRB5_HOME})
+#CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --disable-suid-ssh-signer
+#.endif
 
-.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP)
+# Auto-configure tcp_wrappers support.
+#
+.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP) && \
+	!defined(WITHOUT_TCPWRAP)
 CONFIGURE_ARGS+=	--with-libwrap
 .elif defined(WITH_TCPWRAP)
 CONFIGURE_ARGS+=	--with-libwrap="-L${LOCALBASE}/lib -lwrap"
-LIB_DEPENDS+=	wrap.7:${PORTSDIR}/security/tcp_wrapper
+LIB_DEPENDS+=		wrap.7:${PORTSDIR}/security/tcp_wrapper
+.endif
+
+# Include extra files if X11 is installed.
+#
+.if defined(WITH_X11) || (exists(${X11BASE}/lib/libX11.a) \
+	&& !defined(WITHOUT_X11))
+USE_XLIB=	yes
+PLIST:=		${WRKDIR}/PLIST
+
+pre-install:
+	@${CAT} ${PKGDIR}/pkg-plist.x11 ${PKGDIR}/pkg-plist > ${PLIST}
+.else
+CONFIGURE_ARGS+= --without-x
 .endif
 
+.include <bsd.port.pre.mk>
+
 MAN1=		ssh2.1 ssh-keygen2.1 ssh-add2.1 ssh-agent2.1 scp2.1 sftp2.1 \
 		sshregex.1 ssh-probe2.1 ssh-dummy-shell.1 ssh-pubkeymgr.1 \
 		ssh-chrootmgr.1
@@ -54,21 +79,32 @@
 PORTDOCS=	BUG.REPORT CHANGES FAQ INSTALL LICENSE MANIFEST NEWS README \
 		REGEX-SYNTAX SSH2.QUICKSTART
 
-post-install:
+post-install: install-config-files
 .if !defined(NOPORTDOCS)
 	${MKDIR} ${DOCSDIR}
 .for i in ${PORTDOCS}
 	${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR}
 .endfor
 .endif
-#
-	@if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \
-	    if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \
-		${ECHO} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
+	@if [ ! -f ${SSH2_ETC}/hostkey ]; then \
+	    ${ECHO} "Generating a secret host key..."; \
+	    ${PREFIX}/bin/ssh-keygen2 -P -b 1024 -t dsa ${SSH2_ETC}/hostkey; \
+	fi; \
+	if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \
+	    if [ ! -f ${SSH2_RCD}/sshd.sh ]; then \
+		${ECHO} "Installing ${SSH2_RCD}/sshd.sh startup file."; \
 		${SED} -e 's+!!PREFIX!!+${PREFIX}+' < ${FILESDIR}/sshd.sh \
-			> ${PREFIX}/etc/rc.d/sshd.sh; \
-		${CHMOD} 751 ${PREFIX}/etc/rc.d/sshd.sh; \
+			> ${SSH2_RCD}/sshd.sh; \
+		${CHMOD} 751 ${SSH2_RCD}/sshd.sh; \
 	    fi; \
 	fi
+
+install-config-files:
+.for file in ${CONFIG_FILES}
+	${INSTALL_DATA} ${WRKSRC}/apps/ssh/${file} ${SSH2_ETC}/${file}.sample
+.if !exists(${SSH2_ETC}/${file})
+	${INSTALL_DATA} ${WRKSRC}/apps/ssh/${file} ${SSH2_ETC}
+.endif
+.endfor
 
 .include <bsd.port.post.mk>
Common subdirectories: /usr/ports/security/ssh2/files and ./files
diff -uN /usr/ports/security/ssh2/p ./p
--- /usr/ports/security/ssh2/p	Wed Dec 31 16:00:00 1969
+++ ./p	Wed Feb 27 12:46:53 2002
@@ -0,0 +1,112 @@
+diff -uN /usr/ports/security/ssh2/Makefile ./Makefile
+--- /usr/ports/security/ssh2/Makefile	Thu Feb 21 18:52:25 2002
++++ ./Makefile	Wed Feb 27 12:42:27 2002
+@@ -7,7 +7,8 @@
+ 
+ PORTNAME=	ssh2
+ PORTVERSION=	3.1.0
+-CATEGORIES=	security
++PORTREVISION=	1
++CATEGORIES=	security ipv6
+ MASTER_SITES=	ftp://ftp.ssh.com/pub/ssh/ \
+ 		ftp://sunsite.unc.edu/pub/packages/security/ssh/ \
+ 		ftp://ftp.kyoto.wide.ad.jp/pub/security/ssh/ \
+@@ -23,24 +24,48 @@
+ #RESTRICTED=	"Crypto; export-controlled"
+ 
+ GNU_CONFIGURE=	YES
++CONFIGURE_ARGS=	--with-etcdir=${SSH2_ETC} --disable-debug
+ 
+-CONFIGURE_ARGS=	--with-etcdir=${PREFIX}/etc/ssh2
+-#Uncomment if all your users are in their own group and their homedir
+-#is writeable by that group.  Beware the security implications!
+-#CONFIGURE_ARGS+=	--enable-group-writeability
++SSH2_ETC=	${PREFIX}/etc/ssh2
++SSH2_RCD=	${PREFIX}/etc/rc.d
++CONFIG_FILES=	ssh2_config sshd2_config
+ 
+-.include <bsd.port.pre.mk>
++# Uncomment if all your users are in their own group and their homedir
++# is writeable by that group.  Beware the security implications!
++#
++#CONFIGURE_ARGS+= --enable-group-writeability
+ 
+-# Include tcp_wrappers support (automaticlly YES if /usr/include/tcpd.h exists)
+-#WITH_TCPWRAP=	yes
++# Kerberos support is untested.
++#
++#.if defined(KRB5_HOME) && exists(${KRB5_HOME})
++#CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --disable-suid-ssh-signer
++#.endif
+ 
+-.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP)
++# Auto-configure tcp_wrappers support.
++#
++.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP) && \
++	!defined(WITHOUT_TCPWRAP)
+ CONFIGURE_ARGS+=	--with-libwrap
+ .elif defined(WITH_TCPWRAP)
+ CONFIGURE_ARGS+=	--with-libwrap="-L${LOCALBASE}/lib -lwrap"
+-LIB_DEPENDS+=	wrap.7:${PORTSDIR}/security/tcp_wrapper
++LIB_DEPENDS+=		wrap.7:${PORTSDIR}/security/tcp_wrapper
++.endif
++
++# Include extra files if X11 is installed.
++#
++.if defined(WITH_X11) || (exists(${X11BASE}/lib/libX11.a) \
++	&& !defined(WITHOUT_X11))
++USE_XLIB=	yes
++PLIST:=		${WRKDIR}/PLIST
++
++pre-install:
++	@${CAT} ${PKGDIR}/pkg-plist.x11 ${PKGDIR}/pkg-plist > ${PLIST}
++.else
++CONFIGURE_ARGS+= --without-x
+ .endif
+ 
++.include <bsd.port.pre.mk>
++
+ MAN1=		ssh2.1 ssh-keygen2.1 ssh-add2.1 ssh-agent2.1 scp2.1 sftp2.1 \
+ 		sshregex.1 ssh-probe2.1 ssh-dummy-shell.1 ssh-pubkeymgr.1 \
+ 		ssh-chrootmgr.1
+@@ -54,21 +79,32 @@
+ PORTDOCS=	BUG.REPORT CHANGES FAQ INSTALL LICENSE MANIFEST NEWS README \
+ 		REGEX-SYNTAX SSH2.QUICKSTART
+ 
+-post-install:
++post-install: install-config-files
+ .if !defined(NOPORTDOCS)
+ 	${MKDIR} ${DOCSDIR}
+ .for i in ${PORTDOCS}
+ 	${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR}
+ .endfor
+ .endif
+-#
+-	@if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \
+-	    if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \
+-		${ECHO} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
++	@if [ ! -f ${SSH2_ETC}/hostkey ]; then \
++	    ${ECHO} "Generating a secret host key..."; \
++	    ${PREFIX}/bin/ssh-keygen2 -P -b 1024 -t dsa ${SSH2_ETC}/hostkey; \
++	fi; \
++	if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \
++	    if [ ! -f ${SSH2_RCD}/sshd.sh ]; then \
++		${ECHO} "Installing ${SSH2_RCD}/sshd.sh startup file."; \
+ 		${SED} -e 's+!!PREFIX!!+${PREFIX}+' < ${FILESDIR}/sshd.sh \
+-			> ${PREFIX}/etc/rc.d/sshd.sh; \
+-		${CHMOD} 751 ${PREFIX}/etc/rc.d/sshd.sh; \
++			> ${SSH2_RCD}/sshd.sh; \
++		${CHMOD} 751 ${SSH2_RCD}/sshd.sh; \
+ 	    fi; \
+ 	fi
++
++install-config-files:
++.for file in ${CONFIG_FILES}
++	${INSTALL_DATA} ${WRKSRC}/apps/ssh/${file} ${SSH2_ETC}/${file}.sample
++.if !exists(${SSH2_ETC}/${file})
++	${INSTALL_DATA} ${WRKSRC}/apps/ssh/${file} ${SSH2_ETC}
++.endif
++.endfor
+ 
+ .include <bsd.port.post.mk>
+Common subdirectories: /usr/ports/security/ssh2/files and ./files
diff -uN /usr/ports/security/ssh2/pkg-plist ./pkg-plist
--- /usr/ports/security/ssh2/pkg-plist	Thu Feb 21 18:52:25 2002
+++ ./pkg-plist	Wed Feb 27 10:16:32 2002
@@ -6,7 +6,6 @@
 bin/ssh-add2
 bin/ssh-signer2
 bin/ssh-probe2
-bin/ssh-askpass2
 bin/ssh-pam-client
 bin/sftp-server2
 bin/ssh-dummy-shell
@@ -23,18 +22,13 @@
 bin/ssh-signer
 bin/ssh-probe
 etc/rc.d/sshd.sh
-etc/ssh2/hostkey
-etc/ssh2/hostkey.pub
-etc/ssh2/sshd2_config
-etc/ssh2/ssh2_config
+etc/ssh2/sshd2_config.sample
+etc/ssh2/ssh2_config.sample
 etc/ssh2/ssh_dummy_shell.out
 sbin/sshd2
 sbin/sshd-check-conf
 sbin/sshd
-@dirrm etc/ssh2/knownhosts
-@dirrm etc/ssh2/hostkeys
-@dirrm etc/ssh2
-@exec if [ ! -f %D/etc/ssh2/hostkey ]; then umask 022; echo "Generating 1024 bit host key."; %D/bin/ssh-keygen2 -P -b 1024 -t dsa -c "1024-bit dsa hostkey" -o %D/etc/ssh2/hostkey;  fi
+@exec if [ ! -f %D/etc/ssh2/hostkey ]; then umask 022; echo "Generating 1024 bit host key."; %D/bin/ssh-keygen2 -P -b 1024 -t dsa %D/etc/ssh2/hostkey;  fi
 %%PORTDOCS%%share/doc/ssh2/BUG.REPORT
 %%PORTDOCS%%share/doc/ssh2/CHANGES
 %%PORTDOCS%%share/doc/ssh2/FAQ
diff -uN /usr/ports/security/ssh2/pkg-plist.x11 ./pkg-plist.x11
--- /usr/ports/security/ssh2/pkg-plist.x11	Wed Dec 31 16:00:00 1969
+++ ./pkg-plist.x11	Wed Feb 27 09:14:53 2002
@@ -0,0 +1,2 @@
+bin/ssh-askpass2
+
Common subdirectories: /usr/ports/security/ssh2/work and ./work
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message