From owner-svn-ports-all@FreeBSD.ORG Thu Apr 9 20:57:26 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0BE0C1A0; Thu, 9 Apr 2015 20:57:26 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EA51F9ED; Thu, 9 Apr 2015 20:57:25 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t39KvPWJ024901; Thu, 9 Apr 2015 20:57:25 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t39KvOaI024898; Thu, 9 Apr 2015 20:57:24 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201504092057.t39KvOaI024898@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Thu, 9 Apr 2015 20:57:24 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r383678 - in head/security/openssh-portable: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Apr 2015 20:57:26 -0000 Author: bdrewery Date: Thu Apr 9 20:57:23 2015 New Revision: 383678 URL: https://svnweb.freebsd.org/changeset/ports/383678 Log: Cleanup some unneeded patches. 1. There's no need to patch the xauth(1) location as the OpenSSH build already does so based on the --with-xauth path provided. It also updates manpages. 2. Don't modify manpage for shosts location as it was wrong. The proper LOCALBASE path is now used due to OpenSSH's build already handling it properly. 3. Remove confusing UsePrivilegeSeparation change in sshd_config. The default upstream is to have it disabled by default. The sshd_config line is in upstream to enable it by default in new installations. We always enable it though. So remove the sshd_config change which makes it look like we don't use it; it was not a needed difference with upstream. From discussion with: TJ Modified: head/security/openssh-portable/Makefile head/security/openssh-portable/files/patch-sshd_config head/security/openssh-portable/files/patch-sshd_config.5 Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Thu Apr 9 20:34:09 2015 (r383677) +++ head/security/openssh-portable/Makefile Thu Apr 9 20:57:23 2015 (r383678) @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 6.8p1 -PORTREVISION= 3 +PORTREVISION= 4 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= ${MASTER_SITE_OPENBSD} @@ -187,6 +187,8 @@ CONFIGURE_ARGS+= --sysconfdir=${ETCDIR} CONFIGURE_ARGS+= --with-libs='${CONFIGURE_LIBS}' .endif +CONFIGURE_ARGS+= --with-xauth=${LOCALBASE}/bin/xauth + RC_SCRIPT_NAME= openssh VERSION_ADDENDUM_DEFAULT?= ${OPSYS}-${PKGNAME} @@ -195,9 +197,6 @@ post-patch: @${REINPLACE_CMD} \ -e 's|install: \(.*\) host-key check-config|install: \1|g' \ ${WRKSRC}/Makefile.in - @${REINPLACE_CMD} -e 's|/usr/X11R6|${LOCALBASE}|' \ - ${WRKSRC}/pathnames.h ${WRKSRC}/sshd_config.5 \ - ${WRKSRC}/ssh_config.5 @${REINPLACE_CMD} -e 's|%%PREFIX%%|${LOCALBASE}|' \ -e 's|%%RC_SCRIPT_NAME%%|${RC_SCRIPT_NAME}|' ${WRKSRC}/sshd.8 @${REINPLACE_CMD} \ Modified: head/security/openssh-portable/files/patch-sshd_config ============================================================================== --- head/security/openssh-portable/files/patch-sshd_config Thu Apr 9 20:34:09 2015 (r383677) +++ head/security/openssh-portable/files/patch-sshd_config Thu Apr 9 20:57:23 2015 (r383678) @@ -68,12 +68,3 @@ #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes -@@ -107,7 +109,7 @@ - #PrintLastLog yes - #TCPKeepAlive yes - #UseLogin no --UsePrivilegeSeparation sandbox # Default for new installations. -+#UsePrivilegeSeparation sandbox - #PermitUserEnvironment no - #Compression delayed - #ClientAliveInterval 0 Modified: head/security/openssh-portable/files/patch-sshd_config.5 ============================================================================== --- head/security/openssh-portable/files/patch-sshd_config.5 Thu Apr 9 20:34:09 2015 (r383677) +++ head/security/openssh-portable/files/patch-sshd_config.5 Thu Apr 9 20:57:23 2015 (r383678) @@ -11,15 +11,6 @@ The default is .Dq yes . .It Cm ChrootDirectory -@@ -615,7 +617,7 @@ or - .Pp - .Pa /etc/hosts.equiv - and --.Pa /etc/shosts.equiv -+.Pa /etc/ssh/shosts.equiv - are still used. - The default is - .Dq yes . @@ -977,7 +979,22 @@ are refused if the number of unauthentic .It Cm PasswordAuthentication Specifies whether password authentication is allowed.