Fri May 20 07:53:58 2011 UTC ()
Pullup ticket #3431 - requested by taca
security/openssh: bug fix update

Revisions pulled up:
- security/openssh/Makefile                                     1.201-1.202
- security/openssh/files/sshd.sh                                1.12-1.13

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon May 16 05:06:49 UTC 2011

   Modified Files:
   	pkgsrc/security/openssh: Makefile
   	pkgsrc/security/openssh/files: sshd.sh

   Log Message:
   Maintenance of openssh pacakge:

   1. Add support for check and create ECDSA host key for SSH protocol
      version 2.

   2. Disable use of strnvis(3) on NetBSD.  NetBSD current after 2011/03/12
      has strnvis(3), but it has different argument from OpenBSD (and other
      system).

   Bump PKGREVISION.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue May 17 03:26:52 UTC 2011

   Modified Files:
   	pkgsrc/security/openssh: Makefile
   	pkgsrc/security/openssh/files: sshd.sh

   Log Message:
   Don't always try to create ecdsa key which depends on OpenSSL's version.

   Bump PKGREVISION.


(tron)
diff -r1.199.2.1 -r1.199.2.2 pkgsrc/security/openssh/Makefile
diff -r1.11 -r1.11.64.1 pkgsrc/security/openssh/files/sshd.sh
cvs diff -r1.199.2.1 -r1.199.2.2 pkgsrc/security/openssh/Makefile (expand / switch to unified diff)

--- pkgsrc/security/openssh/Makefile 2011/05/15 09:33:30 1.199.2.1
+++ pkgsrc/security/openssh/Makefile 2011/05/20 07:53:58 1.199.2.2
@@ -1,17 +1,18 @@ @@ -1,17 +1,18 @@
1# $NetBSD: Makefile,v 1.199.2.1 2011/05/15 09:33:30 sbd Exp $ 1# $NetBSD: Makefile,v 1.199.2.2 2011/05/20 07:53:58 tron Exp $
2 2
3DISTNAME= openssh-5.8p2 3DISTNAME= openssh-5.8p2
4PKGNAME= openssh-5.8.2 4PKGNAME= openssh-5.8.2
 5PKGREVISION= 2
5SVR4_PKGNAME= ossh 6SVR4_PKGNAME= ossh
6CATEGORIES= security 7CATEGORIES= security
7MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \ 8MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
8 ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ 9 ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
9 ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \ 10 ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \
10 ftp://ftp.freenet.de/pub/ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ 11 ftp://ftp.freenet.de/pub/ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
11 ftp://ftp.jaist.ac.jp/pub/OpenBSD/OpenSSH/portable/ \ 12 ftp://ftp.jaist.ac.jp/pub/OpenBSD/OpenSSH/portable/ \
12 ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ 13 ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/
13# Don't delete the last entry -- it's there if the pkgsrc version is not 14# Don't delete the last entry -- it's there if the pkgsrc version is not
14# up-to-date and the mirrors already removed the old distfile. 15# up-to-date and the mirrors already removed the old distfile.
15 16
16MAINTAINER= pkgsrc-users@NetBSD.org 17MAINTAINER= pkgsrc-users@NetBSD.org
17HOMEPAGE= http://www.openssh.com/ 18HOMEPAGE= http://www.openssh.com/
@@ -94,30 +95,38 @@ CONFIGURE_ARGS+= --without-zlib-version- @@ -94,30 +95,38 @@ CONFIGURE_ARGS+= --without-zlib-version-
94# defaults to ${CC} if not. we override LD here, since running the 95# defaults to ${CC} if not. we override LD here, since running the
95# linker directly results in undefined symbols for obvious reasons. 96# linker directly results in undefined symbols for obvious reasons.
96# 97#
97CONFIGURE_ENV+= LD=${CC:Q} 98CONFIGURE_ENV+= LD=${CC:Q}
98 99
99# Enable S/Key support on NetBSD, Darwin, and Solaris. 100# Enable S/Key support on NetBSD, Darwin, and Solaris.
100.if (${OPSYS} == "NetBSD") || (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS") 101.if (${OPSYS} == "NetBSD") || (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS")
101. include "../../security/skey/buildlink3.mk" 102. include "../../security/skey/buildlink3.mk"
102CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey} 103CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey}
103.else 104.else
104CONFIGURE_ARGS+= --without-skey 105CONFIGURE_ARGS+= --without-skey
105.endif 106.endif
106 107
107.if (${OPSYS} == "NetBSD") && exists(/usr/include/utmpx.h) 108.if (${OPSYS} == "NetBSD")
 109. if exists(/usr/include/utmpx.h)
108# if we have utmpx et al do not try to use login() 110# if we have utmpx et al do not try to use login()
109CONFIGURE_ARGS+= --disable-libutil 111CONFIGURE_ARGS+= --disable-libutil
 112. endif
 113#
 114# NetBSD current after 2011/03/12 has incompatible strnvis(3) and
 115# prior version don't have it. So, disable use of strnvis(3) now.
 116#
 117CONFIGURE_ENV+= ac_cv_func_strnvis=no
110.endif 118.endif
 119
111.if (${OPSYS} == "SunOS") && (${OS_VERSION} == "5.8" || ${OS_VERSION} == "5.9") 120.if (${OPSYS} == "SunOS") && (${OS_VERSION} == "5.8" || ${OS_VERSION} == "5.9")
112CONFIGURE_ARGS+= --disable-utmp --disable-wtmp 121CONFIGURE_ARGS+= --disable-utmp --disable-wtmp
113.endif 122.endif
114.if ${OPSYS} == "Linux" 123.if ${OPSYS} == "Linux"
115CONFIGURE_ARGS+= --enable-md5-password 124CONFIGURE_ARGS+= --enable-md5-password
116.endif 125.endif
117 126
118# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending 127# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
119# on if it's part of the X11 distribution, or if it's installed from pkgsrc 128# on if it's part of the X11 distribution, or if it's installed from pkgsrc
120# (security/ssh-askpass). 129# (security/ssh-askpass).
121# 130#
122.if exists(${X11BASE}/bin/ssh-askpass) 131.if exists(${X11BASE}/bin/ssh-askpass)
123ASKPASS_PROGRAM= ${X11BASE}/bin/ssh-askpass 132ASKPASS_PROGRAM= ${X11BASE}/bin/ssh-askpass
@@ -143,38 +152,52 @@ MESSAGE_SRC+= ${.CURDIR}/MESSAGE.urando @@ -143,38 +152,52 @@ MESSAGE_SRC+= ${.CURDIR}/MESSAGE.urando
143.else 152.else
144CONFIGURE_ARGS+= --without-random 153CONFIGURE_ARGS+= --without-random
145CONFS+= ssh_prng_cmds 154CONFS+= ssh_prng_cmds
146PLIST_SRC+= ${.CURDIR}/PLIST.prng 155PLIST_SRC+= ${.CURDIR}/PLIST.prng
147.endif 156.endif
148 157
149EGDIR= ${PREFIX}/share/examples/${PKGBASE} 158EGDIR= ${PREFIX}/share/examples/${PKGBASE}
150CONF_FILES= # empty 159CONF_FILES= # empty
151.for f in ${CONFS} 160.for f in ${CONFS}
152CONF_FILES+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f} 161CONF_FILES+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f}
153.endfor 162.endfor
154OWN_DIRS= ${OPENSSH_CHROOT} 163OWN_DIRS= ${OPENSSH_CHROOT}
155RCD_SCRIPTS= sshd 164RCD_SCRIPTS= sshd
 165RCD_SCRIPT_SRC.sshd= ${WRKDIR}/sshd.sh
156 166
157PLIST_SRC+= ${.CURDIR}/PLIST 167PLIST_SRC+= ${.CURDIR}/PLIST
158FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR:Q} 168FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR:Q}
159 169
160SUBST_CLASSES+= patch 170SUBST_CLASSES+= patch
161SUBST_STAGE.patch= pre-configure 171SUBST_STAGE.patch= pre-configure
162SUBST_FILES.patch= session.c 172SUBST_FILES.patch= session.c
163SUBST_SED.patch= -e '/channel_input_port_forward_request/s/0/ROOTUID/' 173SUBST_SED.patch= -e '/channel_input_port_forward_request/s/0/ROOTUID/'
164SUBST_MESSAGE.patch= More patch a file. 174SUBST_MESSAGE.patch= More patch a file.
165 175
166.include "../../devel/zlib/buildlink3.mk" 176.include "../../devel/zlib/buildlink3.mk"
167.include "../../security/openssl/buildlink3.mk" 177.include "../../security/openssl/buildlink3.mk"
168.include "../../security/tcp_wrappers/buildlink3.mk" 178.include "../../security/tcp_wrappers/buildlink3.mk"
169 179
 180#
 181# type of key "ecdsa" isn't always supported depends on OpenSSL.
 182#
 183post-configure:
 184 if ${EGREP} -q '^\#define[ ]+OPENSSL_HAS_ECC' \
 185 ${WRKSRC}/config.h; then \
 186 ${SED} -e '/HAVE_ECDSA/s/.*//' \
 187 ${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \
 188 else \
 189 ${SED} -e '/HAVE_ECDSA_START/,/HAVE_ECDSA_STOP/d' \
 190 ${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \
 191 fi
 192
170post-install: 193post-install:
171 ${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR} 194 ${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR}
172 cd ${WRKSRC}; for file in ${CONFS}; do \ 195 cd ${WRKSRC}; for file in ${CONFS}; do \
173 ${INSTALL_DATA} $${file}.out ${DESTDIR}${EGDIR}/$${file}; \ 196 ${INSTALL_DATA} $${file}.out ${DESTDIR}${EGDIR}/$${file}; \
174 done 197 done
175.if !empty(PKG_OPTIONS:Mpam) && ${OPSYS} == "Linux" 198.if !empty(PKG_OPTIONS:Mpam) && ${OPSYS} == "Linux"
176 ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.generic \ 199 ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.generic \
177 ${DESTDIR}${EGDIR}/sshd.pam 200 ${DESTDIR}${EGDIR}/sshd.pam
178.endif 201.endif
179 202
180.include "../../mk/bsd.pkg.mk" 203.include "../../mk/bsd.pkg.mk"
cvs diff -r1.11 -r1.11.64.1 pkgsrc/security/openssh/files/sshd.sh (expand / switch to unified diff)

--- pkgsrc/security/openssh/files/sshd.sh 2003/05/22 09:05:38 1.11
+++ pkgsrc/security/openssh/files/sshd.sh 2011/05/20 07:53:58 1.11.64.1
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1#!@RCD_SCRIPTS_SHELL@ 1#!@RCD_SCRIPTS_SHELL@
2# 2#
3# $NetBSD: sshd.sh,v 1.11 2003/05/22 09:05:38 wiz Exp $ 3# $NetBSD: sshd.sh,v 1.11.64.1 2011/05/20 07:53:58 tron Exp $
4# 4#
5# PROVIDE: sshd 5# PROVIDE: sshd
6# REQUIRE: DAEMON LOGIN 6# REQUIRE: DAEMON LOGIN
7 7
8if [ -f /etc/rc.subr ] 8if [ -f /etc/rc.subr ]
9then 9then
10 . /etc/rc.subr 10 . /etc/rc.subr
11fi 11fi
12 12
13name="sshd" 13name="sshd"
14rcvar=$name 14rcvar=$name
15command="@PREFIX@/sbin/${name}" 15command="@PREFIX@/sbin/${name}"
16keygen_command="@PREFIX@/bin/ssh-keygen" 16keygen_command="@PREFIX@/bin/ssh-keygen"
@@ -32,34 +32,43 @@ sshd_keygen() @@ -32,34 +32,43 @@ sshd_keygen()
32 if [ -f @PKG_SYSCONFDIR@/ssh_host_dsa_key ]; then 32 if [ -f @PKG_SYSCONFDIR@/ssh_host_dsa_key ]; then
33 @ECHO@ "You already have a DSA host key in @PKG_SYSCONFDIR@/ssh_host_dsa_key" 33 @ECHO@ "You already have a DSA host key in @PKG_SYSCONFDIR@/ssh_host_dsa_key"
34 @ECHO@ "Skipping protocol version 2 DSA Key Generation" 34 @ECHO@ "Skipping protocol version 2 DSA Key Generation"
35 else 35 else
36 ${keygen_command} -t dsa -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -N '' 36 ${keygen_command} -t dsa -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -N ''
37 fi 37 fi
38 38
39 if [ -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then 39 if [ -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then
40 @ECHO@ "You already have a RSA host key in @PKG_SYSCONFDIR@/ssh_host_rsa_key" 40 @ECHO@ "You already have a RSA host key in @PKG_SYSCONFDIR@/ssh_host_rsa_key"
41 @ECHO@ "Skipping protocol version 2 RSA Key Generation" 41 @ECHO@ "Skipping protocol version 2 RSA Key Generation"
42 else 42 else
43 ${keygen_command} -t rsa -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -N '' 43 ${keygen_command} -t rsa -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -N ''
44 fi 44 fi
 45/* HAVE_ECDSA_START */
 46 if [ -f @PKG_SYSCONFDIR@/ssh_host_ecdsa_key ]; then
 47 @ECHO@ "You already have a ECDSA host key in @PKG_SYSCONFDIR@/ssh_host_ecdsa_key"
 48 @ECHO@ "Skipping protocol version 2 ECDSA Key Generation"
 49 else
 50 ${keygen_command} -t ecdsa -f @PKG_SYSCONFDIR@/ssh_host_ecdsa_key -N ''
 51 fi
 52/* HAVE_ECDSA_STOP */
45 ) 53 )
46} 54}
47 55
48sshd_precmd() 56sshd_precmd()
49{ 57{
50 if [ ! -f @PKG_SYSCONFDIR@/ssh_host_key -o \ 58 if [ ! -f @PKG_SYSCONFDIR@/ssh_host_key -o \
51 ! -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -o \ 59 ! -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -o \
52 ! -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then 60 ! -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -o \
 61 ! -f @PKG_SYSCONFDIR@/ssh_host_ecdsa_key ]; then
53 if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ] 62 if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ]
54 then 63 then
55 run_rc_command keygen 64 run_rc_command keygen
56 else 65 else
57 eval ${keygen_cmd} 66 eval ${keygen_cmd}
58 fi 67 fi
59 fi 68 fi
60} 69}
61 70
62keygen_cmd=sshd_keygen 71keygen_cmd=sshd_keygen
63start_precmd=sshd_precmd 72start_precmd=sshd_precmd
64 73
65if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ] 74if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ]