ports/54071: security/ssh2: security update to 3.2.5 and cleanup
Marius Strobl
marius at alchemy.franken.de
Mon Jul 7 08:20:17 UTC 2003
The following reply was made to PR ports/54071; it has been noted by GNATS.
From: Marius Strobl <marius at alchemy.franken.de>
To: Lars Eggert <larse at ISI.EDU>
Cc: FreeBSD-gnats-submit at freebsd.org, netchild at freebsd.org
Subject: Re: ports/54071: security/ssh2: security update to 3.2.5 and cleanup
Date: Mon, 7 Jul 2003 10:12:29 +0200
On Sun, Jul 06, 2003 at 04:14:06PM -0700, Lars Eggert wrote:
> Marius Strobl wrote:
> > On Sun, Jul 06, 2003 at 12:54:22AM -0700, Lars Eggert wrote:
> >>
> >>Marius, let me know if you'd be interested in taking over maintainership
> >>of this port. I'm no longer using it personally, and someone who does
> >>would be a better maintainer obviously.
> >
> > I'm ok with taking over maintainership. I prefer the ssh from ssh.com
> > over OpenSSH and I think I use the former on enough boxes to be a good
> > maintainer of its port.
>
> Great!
>
> Would you submit an updated patch that also changes the "maintainer"
> lines in the Makefile accordingly and then find a committer? (If you
> can't hunt one down within a few days, I can talk to nork@, who has been
> committing patches to some of my ports recently.)
>
Below is an updated patch, additional changes are:
- Change MAINTAINER.
- Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist.
I was hoping for Alexander Leidinger (netchild at freebsd.org, CCed
since send-pr) to commit the patch but he may be busy at the moment.
Marius
Index: Makefile
===================================================================
RCS file: /usr/data/bsd/cvs/fbsd/ports/security/ssh2/Makefile,v
retrieving revision 1.113
diff -u -r1.113 Makefile
--- Makefile 23 Feb 2003 22:39:05 -0000 1.113
+++ Makefile 7 Jul 2003 07:44:35 -0000
@@ -6,22 +6,22 @@
#
PORTNAME= ssh2
-PORTVERSION= 3.2.3
+PORTVERSION= 3.2.5
CATEGORIES= security ipv6
MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/ \
ftp://sunsite.unc.edu/pub/packages/security/ssh/ \
- ftp://ftp.kyoto.wide.ad.jp/pub/security/ssh/ \
- ftp://ftp.cis.fed.gov/pub/ssh/ \
ftp://ftp.keystealth.org/pub/ssh/ \
- ftp://mirror.chpc.utah.edu/pub/ssh/ \
ftp://metalab.unc.edu/pub/packages/security/ssh/ \
- ftp://herbie.ucs.indiana.edu/pub/security/ssh/
+ ftp://ftp.nsysu.edu.tw/Unix/Security/ssh/ \
+ ftp://ftp.cronyx.ru/mirror/ssh/ \
+ ftp://ftp.univie.ac.at/applications/ssh.com/
DISTNAME= ssh-${PORTVERSION}
-MAINTAINER= larse at ISI.EDU
+MAINTAINER= marius at alchemy.franken.de
COMMENT= Secure shell client and server (remote login program)
GNU_CONFIGURE= YES
+USE_REINPLACE= YES
CONFIGURE_ARGS= --with-etcdir=${SSH2_ETC} --disable-debug
@@ -29,43 +29,43 @@
SSH2_RCD= ${PREFIX}/etc/rc.d
CONFIG_FILES= ssh2_config sshd2_config
-# Uncomment if all your users are in their own group and their homedir
+.include <bsd.port.pre.mk>
+
+# Define if all your users are in their own group and their homedir
# is writeable by that group. Beware the security implications!
#
-#CONFIGURE_ARGS+= --enable-group-writeability
+.if defined(WITH_GROUP_WRITEABILITY)
+CONFIGURE_ARGS+= --enable-group-writeability
+.endif
-# Kerberos support is untested.
+# Kerberos5 support in ssh2 is EXPERIMENTAL and requires MIT Kerberos,
+# Heimdal is unsupported.
#
-#.if defined(KRB5_HOME) && exists(${KRB5_HOME})
-#CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --disable-suid-ssh-signer
-#.endif
+.if defined(WITH_KERBEROS) && defined(KRB5_HOME) && \
+ exists(${KRB5_HOME}/lib/libkrb5.a)
+CONFIGURE_ARGS+= --with-kerberos5=${KRB5_HOME} --disable-suid-ssh-signer
+.endif
-# Auto-configure tcp_wrappers support.
-#
-.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP) && \
- !defined(WITHOUT_TCPWRAP)
+.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP)
CONFIGURE_ARGS+= --with-libwrap
-.elif defined(WITH_TCPWRAP)
-CONFIGURE_ARGS+= --with-libwrap="-L${LOCALBASE}/lib -lwrap"
-
-LIB_DEPENDS+= wrap.7:${PORTSDIR}/security/tcp_wrapper
.endif
-.include <bsd.port.pre.mk>
-
-# This is necessary for a working ssh-chrootmgr. Added by mic at nethack.at
+# This is necessary for a working ssh-chrootmgr. Added by mic at nethack.at.
#
.if defined(WITH_STATIC_SFTP)
CONFIGURE_ARGS+= --enable-static
+PLIST_SUB= STATIC=""
+.else
+PLIST_SUB= STATIC="@comment "
.endif
.if defined(WITH_X11) || (exists(${X11BASE}/lib/libX11.a) \
&& exists(${X11BASE}/bin/xauth) && !defined(WITHOUT_X11))
USE_XLIB= yes
-PLIST_SUB= WITH_X11:=""
+PLIST_SUB+= WITH_X11:=""
.else
CONFIGURE_ARGS+= --without-x
-PLIST_SUB= WITH_X11:="@comment "
+PLIST_SUB+= WITH_X11:="@comment "
.endif
MAN1= ssh2.1 ssh-keygen2.1 ssh-add2.1 ssh-agent2.1 scp2.1 sftp2.1 \
@@ -81,6 +81,14 @@
PORTDOCS= CHANGES FAQ INSTALL LICENSE MANIFEST NEWS README \
REGEX-SYNTAX SSH2.QUICKSTART
+post-patch:
+.for i in ${MAN1} ${MAN5} ${MAN8}
+ @${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g;' \
+ ${WRKSRC}/apps/ssh/${i}
+.endfor
+ @${REINPLACE_CMD} -E -e 's|\$$\(ETCDIR\)|${PREFIX}\/etc|g;' \
+ ${WRKSRC}/apps/ssh/ssh_dummy_shell.out
+
post-install:
.if !defined(NOPORTDOCS)
${MKDIR} ${DOCSDIR}
@@ -88,11 +96,7 @@
${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR}
.endfor
.endif
- @if [ ! -f ${SSH2_ETC}/hostkey ]; then \
- ${ECHO} "Generating a secret host key..."; \
- ${PREFIX}/bin/ssh-keygen2 -P -b 1024 -t dsa ${SSH2_ETC}/hostkey; \
- fi; \
- if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \
+ if [ "`${GREP} ssh /etc/inetd.conf | ${GREP} -v ^#ssh`" = "" ]; then \
if [ ! -f ${SSH2_RCD}/sshd.sh ]; then \
${ECHO} "Installing ${SSH2_RCD}/sshd.sh startup file."; \
${SED} -e 's+!!PREFIX!!+${PREFIX}+' < ${FILESDIR}/sshd.sh \
Index: distinfo
===================================================================
RCS file: /usr/data/bsd/cvs/fbsd/ports/security/ssh2/distinfo,v
retrieving revision 1.33
diff -u -r1.33 distinfo
--- distinfo 23 Feb 2003 22:39:05 -0000 1.33
+++ distinfo 2 Jul 2003 21:29:49 -0000
@@ -1 +1 @@
-MD5 (ssh-3.2.3.tar.gz) = d74afd27a5df00ae8fbbe066ec82c88a
+MD5 (ssh-3.2.5.tar.gz) = 0d9da1d79e4ce9cff44daf93e5b66a11
Index: pkg-plist
===================================================================
RCS file: /usr/data/bsd/cvs/fbsd/ports/security/ssh2/pkg-plist,v
retrieving revision 1.24
diff -u -r1.24 pkg-plist
--- pkg-plist 23 Feb 2003 22:39:05 -0000 1.24
+++ pkg-plist 7 Jul 2003 07:47:28 -0000
@@ -8,7 +8,9 @@
bin/ssh-signer2
bin/ssh-probe2
bin/sftp-server2
+%%STATIC%%bin/sftp-server2.static
bin/ssh-dummy-shell
+%%STATIC%%bin/ssh-dummy-shell.static
bin/ssh
bin/ssh-agent
bin/ssh-add
@@ -20,24 +22,34 @@
bin/ssh-signer
bin/ssh-probe
etc/rc.d/sshd.sh
+ at unexec if cmp -s %D/etc/ssh2/sshd2_config %D/etc/ssh2/sshd2_config.example; then rm -f %D/etc/ssh2/sshd2_config; fi
etc/ssh2/sshd2_config.example
+ at exec [ -f %B/sshd2_config ] || cp %B/%f %B/sshd2_config
+ at unexec if cmp -s %D/etc/ssh2/ssh2_config %D/etc/ssh2/ssh2_config.example; then rm -f %D/etc/ssh2/ssh2_config; fi
etc/ssh2/ssh2_config.example
+ at exec [ -f %B/ssh2_config ] || cp %B/%f %B/ssh2_config
etc/ssh2/ssh_dummy_shell.out
etc/ssh2/subconfig/anonymous.example
etc/ssh2/subconfig/host_ext.example
etc/ssh2/subconfig/host_int.example
etc/ssh2/subconfig/user.example
+ at exec [ -d %D/etc/ssh2/hostkeys ] || mkdir %D/etc/ssh2/hostkeys
+ at exec [ -d %D/etc/ssh2/knownhosts ] || mkdir %D/etc/ssh2/knownhosts
sbin/sshd2
sbin/sshd-check-conf
sbin/sshd
- at exec if [ ! -f %D/etc/ssh2/hostkey ]; then umask 022; echo "Generating 1024 bit host key."; %D/bin/ssh-keygen2 -P -b 1024 -t dsa %D/etc/ssh2/hostkey; fi
-%%PORTDOCS%%share/doc/ssh2/CHANGES
-%%PORTDOCS%%share/doc/ssh2/FAQ
-%%PORTDOCS%%share/doc/ssh2/INSTALL
-%%PORTDOCS%%share/doc/ssh2/LICENSE
-%%PORTDOCS%%share/doc/ssh2/MANIFEST
-%%PORTDOCS%%share/doc/ssh2/NEWS
-%%PORTDOCS%%share/doc/ssh2/README
-%%PORTDOCS%%share/doc/ssh2/REGEX-SYNTAX
-%%PORTDOCS%%share/doc/ssh2/SSH2.QUICKSTART
-%%PORTDOCS%%@dirrm share/doc/ssh2
+ at exec if [ ! -f %D/etc/ssh2/hostkey ]; then umask 022; echo "Generating host key."; %D/bin/ssh-keygen2 -P -t dsa "DSA hostkey" %D/etc/ssh2/hostkey; fi
+%%PORTDOCS%%%%DATADIR%%/CHANGES
+%%PORTDOCS%%%%DATADIR%%/FAQ
+%%PORTDOCS%%%%DATADIR%%/INSTALL
+%%PORTDOCS%%%%DATADIR%%/LICENSE
+%%PORTDOCS%%%%DATADIR%%/MANIFEST
+%%PORTDOCS%%%%DATADIR%%/NEWS
+%%PORTDOCS%%%%DATADIR%%/README
+%%PORTDOCS%%%%DATADIR%%/REGEX-SYNTAX
+%%PORTDOCS%%%%DATADIR%%/SSH2.QUICKSTART
+%%PORTDOCS%%@dirrm %%DATADIR%%
+ at unexec rmdir %D/etc/ssh2/hostkeys 2> /dev/null || true
+ at unexec rmdir %D/etc/ssh2/knownhosts 2> /dev/null || true
+ at unexec rmdir %D/etc/ssh2/subconfig 2> /dev/null || true
+ at unexec rmdir %D/etc/ssh2 2> /dev/null || echo "If permanently deleting this package, %D/etc/ssh2 and its contents must be removed manually."
Index: files/patch-apps::ssh::sshchsession.c
===================================================================
RCS file: files/patch-apps::ssh::sshchsession.c
diff -N files/patch-apps::ssh::sshchsession.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/patch-apps::ssh::sshchsession.c 2 Jul 2003 22:22:04 -0000
@@ -0,0 +1,22 @@
+--- apps/ssh/sshchsession.c.orig Thu Jul 3 00:19:57 2003
++++ apps/ssh/sshchsession.c Thu Jul 3 00:21:12 2003
+@@ -218,8 +218,8 @@
+ #ifdef _PATH_USERPATH
+ #define DEFAULT_PATH _PATH_USERPATH
+ #else
+-#ifdef _PATH_DEFPATH
+-#define DEFAULT_PATH _PATH_DEFPATH
++#ifdef _PATH_STDPATH
++#define DEFAULT_PATH _PATH_STDPATH
+ #else
+ #define DEFAULT_PATH "/bin:/usr/bin:/usr/ucb:/usr/bin/X11:/usr/local/bin"
+ #endif
+@@ -502,7 +502,7 @@
+ ssh_child_set_env(envp, envsizep, "HOME", user_dir);
+ ssh_child_set_env(envp, envsizep, "USER", user_name);
+ ssh_child_set_env(envp, envsizep, "LOGNAME", user_name);
+- ssh_child_set_env(envp, envsizep, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
++ ssh_child_set_env(envp, envsizep, "PATH", DEFAULT_PATH SSH_BINDIR);
+
+ #ifdef MAIL_SPOOL_DIRECTORY
+ ssh_snprintf(buf, sizeof(buf), "%s/%s", MAIL_SPOOL_DIRECTORY, user_name);
More information about the freebsd-ports-bugs
mailing list