Commit Graph

72 Commits

Author SHA1 Message Date
Will Andrews
1dbf0287c0 Remove redundant/inappropriate CATEGORIES. People need to start reading
the Porter's Handbook.  :-)
2000-06-02 03:18:54 +00:00
Brian Feldman
fb5ef7a539 Also generate the DSA key from a package install.
Submitted by:	Dmitry Grigorovich <odip@bionet.nsc.ru>
2000-05-30 20:43:29 +00:00
Brian Feldman
c58d074b48 Fix this for OpenSSL versions <= 0.9.4. It seems that the OpenSSH people
think that it's good to immediately switch to the newest API, despite
the old API call being left deliberately compatible so that that wouldn't
have to happen.   OpenSSL_add_all_algorithms() is now, again,
SSLeay_add_all_algorithms.
2000-05-20 05:09:04 +00:00
Brian Feldman
108d8c4e59 Using login and executing a specific "command" are mutually exclusive,
so turn off use_login if there's a command.

Submitted by:	Vadim Vygonets <vadik@cs.huji.ac.il>
2000-05-13 19:52:35 +00:00
Brian Feldman
d14f2efe51 Oops, put the I back in INSTALL_SCRIPT. 2000-05-13 19:50:57 +00:00
Brian Feldman
1078626db3 Fix a mistake with pwcopy-related patches. 2000-05-13 19:25:57 +00:00
Brian Feldman
361c7337a3 Update to OpenSSH 2.1.0. They _FINALLY_ have distfiles, so now the CVS is
not needed for the port.

Big thanks to Issei-san for doing the majority of the work necessary for
this upgrade!

Submitted by:	Issei Suzuki <issei@jp.FreeBSD.org>
2000-05-13 17:11:01 +00:00
Brian Feldman
1083bcdc4f Upgrade to version 1.2.3 with a CVS of a few hours ago. New stuff in
this release is mostly the support for lots of ssh2.  Note that SSH2 is
not fully supported here yet, but it's mostly there; see README.openssh2.
2000-04-20 22:24:19 +00:00
Munechika SUMIKAWA
7fbdf514d9 update compatible libraries to -current. 2000-04-17 22:20:24 +00:00
Chris Piazza
3df86a88a9 Update with the new PORTNAME/PORTVERSION variables 2000-04-09 18:34:06 +00:00
Bill Fenner
b144d742c6 Fix socklen_t for FreeBSD 3.
PR:		ports/17491
2000-03-20 04:51:02 +00:00
Brian Feldman
672ba2f225 Update this to a CVS_DATE of a few minutes ago. 2000-03-03 06:10:10 +00:00
Brian Somers
b29a09511f Allow manual PORTS_CVS_SERVER and CVS_SITES settings.
Approved by:	maintainer
2000-03-02 06:43:18 +00:00
Yoshinobu Inoue
f24b58ff79 Woops fix my previous incorrect patch.
For green's honor, the patch I sent him for review was correct.
But because it is one line fix, I hand merged it into my
cvs committing environment, and then mistake happend.

This time, I applied correct fix which should have been aplied
at last commit.
2000-02-27 20:07:10 +00:00
Brian Feldman
50cae6391f Fix a coredump-y bug that crept in recently. 2000-02-25 05:35:33 +00:00
Brian Feldman
81d4a6cdbd Change install -C usage to install -c usage, fixing the install for older
install(1)s.

Submitted by:	Jim Archuleta <JimArchuleta@usa.net>
2000-02-23 11:30:04 +00:00
Yoshinobu Inoue
5b8db68630 Use 'IPv4or6' instead of AF_UNSPEC for 1st getaddrinfo() ai_family.
Without this fix, still query to AAAA recored happens even if
  -4 options is specified.

Reviewed by: green
2000-02-19 16:50:55 +00:00
Brian Feldman
ca2a43f884 Change a MAKE_ENV= to MAKE_ENV+=. This may fix problems people on
-STABLE are reporting.
2000-02-16 04:52:59 +00:00
Munechika SUMIKAWA
abcd350dae When IPv4-only client connected to a server which have IPv4 and IPv6
addresses, the client couldn't connect to the server via IPv4 because
the client gave up on first rresevport_af().
2000-02-15 13:09:45 +00:00
Brian Feldman
df4e9a1d72 Clean things up by using the new knob for OpenSSL usage.
Submitted by:	kris
2000-02-12 23:55:48 +00:00
Brian Feldman
145cf70f67 Tell the user that they're doing something wrong when USA_RESIDENT is
not set.
2000-02-10 12:23:49 +00:00
Munechika SUMIKAWA
442343e099 Simplify IPv6 checking.
Suggested by:	green
2000-02-09 03:28:48 +00:00
Munechika SUMIKAWA
ff51f86e8c the condition for USE_INET6 setting was opposite. 2000-02-01 17:04:02 +00:00
Brian Feldman
168595c023 Fix a "USET" -> "USE" again. IPv6 should work for this port. Again.
Go to a much more convenient scheme for distfiles/ignorefiles.  There
will be a lot less change from now on... the release name not being
embedded in them helps a lot.

Fix an unquoted "${CVS_DATE}" so cvs update isn't always run when
we're in one of the first 9 days of a month in CVS_DATE.

Update to OpenSSH-1.2.2, which doesn't really mean anything since there
are no source releases anyway...

The port has been verified to work with pdksh 5.2.14 as /bin/sh, and
about 7 times faster.
2000-02-01 08:12:06 +00:00
Brian Feldman
d9da1a8a4c Take off RESTRICTED, since this has been a proper package for some
time now, and is not a legal problem (see Bruce Schneier's latest
Crypto-Gram).  Basically, since it's unencumbered, it is alright.
2000-01-27 21:19:20 +00:00
Satoshi Asami
c34477283d List CVS files in IGNOREFILES so they will be properly deleted by "distclean".
Approved by:	green (well, I thought he was going to *do* it, but anyway....)
2000-01-26 11:34:28 +00:00
Munechika SUMIKAWA
857a522865 Use ${OSVERSION} instead of ${USE_INET6}. 2000-01-25 22:12:09 +00:00
Brian Feldman
47be594a53 Fix IPv6 support: change a typo "USET_IPV6" to "USE_IPV6". 2000-01-19 02:53:21 +00:00
Munechika SUMIKAWA
9df24a1938 - remove me from another MAINTAINER
- add 'ipv6' on CATEGORIES
- use ${OSVERSION} instead of ${USE_INET6} for checking getaddrinfo()
  existence.
- fix broken ${ECHO_MSG}
- avoid duplicate copying rcmd.c
2000-01-18 11:18:25 +00:00
Brian Feldman
28632e4637 Add sumikawa@FreeBSD.org as another MAINTAINER. Hopefully, this will
reduce my workload, and maybe there'll now be someone who remembers
to notify markm when updating CVS_DATE ;)
2000-01-15 23:17:13 +00:00
Brian Feldman
dcd2c0fc89 Add the actual change of names in sockaddr_storage. This broke things
for people after what time my system was previously made.  Sorry.

Submitted by:	sumikawa
2000-01-14 07:07:18 +00:00
Brian Feldman
8d55d19095 Update to a more current OpenSSH, including...
IPv6 support!!

Thank you very much, Sumikawa san.

Submitted by:	Munechika SUMIKAWA <sumikawa@ebina.hitachi.co.jp>
2000-01-13 23:22:17 +00:00
Satoshi Asami
2ca1fe047a Don't include bsd.port.pre.mk twice. This usually is caused by first
including bsd.port.pre.mk and then later including bsd.port.mk (the
latter of which of course should be bsd.port.post.mk).
2000-01-07 16:40:17 +00:00
Brian Feldman
f2bfcd0cca Upgrade to the pam_ssh module, version 1.1..
(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used.  XDM and its variants
should now work without modification.  Note that the new code uses
the macros in <sys/queue.h>.

Submitted by:	Andrew J. Korty <ajk@iu.edu>
1999-12-28 05:32:54 +00:00
Brian Feldman
ccf991de8f Update to today's OpenSSH.
The version is now 1.2.1, from 1.2.  You can mv your old distfiles/OpenSSH-1.2
dir to distfiles/OpenSSH-1.2.1, if you want to not waste time/space.

Some minor nits have been fixed, and a couple bugs.  One sizeof(len)
should have just been len, and, in markus's words,
"fix get_remote_port() and friends for sshd -i".
1999-12-23 06:37:30 +00:00
Brian Feldman
d64b6e2fd2 I've cleaned up ${CVS_DATE} usage a bit (keep spaces correctly), and
updated to today's snapshot of OpenSSH.

Various updates from the latest ${CVS_DATE}, and requisite patch
changes, are the "big new thing".  Nothing major has changed;  the
biggest ones would be using atomicio() in a lot of places and a
fix for a SIGHUP not updating sshd(8)'s configuration until the
next connection.
1999-12-08 04:06:38 +00:00
Brian Feldman
7db4f457f6 In the meantime (while things are being worked and decided on on the
OpenBSD OpenSSH front), add ConnectionsPerPeriod to prevent DoS via
running the system out of resources.  In reality, this wouldn't
be a full DoS, but would make a system slower, but this is a better
thing to do than let the system get loaded down.
   So here we are, rate-limiting.  The default settings are now:
Five connections are allowed to authenticate (and not be rejected) in
a period of ten seconds.
One minute is given for login grace time.
   More work in this area is being done by alfred@FreeBSD.org and
markus@OpenBSD.org, at the very least.  This is, essentially, a
stopgap solution;  however, it is a properly implemented and documented
one, and has an easily modifiable framework.
1999-12-06 06:32:22 +00:00
Brian Feldman
c249079362 Under advisories, put RESTRICTED back. It more accurately reflects
reality, though.  One file, cipher.c, calls cryptographic routines
from external libraries.  This really cannot encumber OpenSSH in
any case, but I put RESTRICTED back since it would give people a
false hope of being able to install the OpenSSH package but
not the requisite, RESTRICTED (so nonexistant) openssl package.
1999-12-06 06:26:17 +00:00
Brian Feldman
1394b1ef56 Good-bye, RESTRICTED.
Reasons:
1. It's not crypto.
2. It links with crypto.
	a. That crypto is in the public domain.
	b. Linking with crypto does not constitute cryptography.
3. Even if it were crypto, the description of the entire protocol, etc.,
   is in the public domain.  The RFC is PD in the USA, and the white paper
   in Europe.
4. Precedence?  Even if it were crypto, the Bernstein case has set
   precedence for allowing export of that.  But it's not even crypto.
1999-12-06 04:49:22 +00:00
Brian Feldman
99f8fb2572 Reduce LoginGraceTime from 10 minutes (!!!) to 30 seconds. More to
come, soon.
1999-12-04 12:40:39 +00:00
Brian Feldman
c52ee5193f Add the PAM SSH RSA key authentication module. For example, you can add,
"login  auth    sufficient      pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)

PR:		15158
Submitted by:	Andrew J. Korty <ajk@waterspout.com>
Reviewed by:	obrien
1999-11-29 07:09:45 +00:00
Brian Feldman
8e53bbefee Update to a current CVS_DATE. The only real change I see is the (big)
change of KNFization being finalized :)

Patches had to be modified, but should look "better" according to
style(9), now.
1999-11-28 22:40:28 +00:00
Brian Feldman
cc029c1647 Change CFLAGS to get modified in Makefile.inc, fixing the
problem several people have reported with make.conf setting ${CFLAGS}.

Partially submitted by:	Jos Backus <Jos.Backus@nl.origin-it.com>
1999-11-28 21:40:58 +00:00
Brian Feldman
56a0d0c739 Also, set SSH_PROGRAM correctly. 1999-11-24 03:39:54 +00:00
Brian Feldman
f0ca59b2b5 Update the CVS_DATE. This brings in support for TIS authentication,
obsoleting a couple patches (it's the same code, though, except for
additions).

This also brings in KNFization of everything (please hold the cheering
down :) and made me reroll all my patches.

My patches have been almost entirely rewritten.  The places are the
same, but the code's rewritten.  It fits with the style (KNF) now,
and looks better.

I've also added strlcat.c to the build, which, just like strlcpy.c, is
necessary for compatibility with older libcs.  After strlcat() snuck
into the OpenSSH code recently, this would prevent OpenSSH from
building on (e.g.) FreeBSD 3.2.  Adding it to ssh/lib/ makes it work
yet again :)
1999-11-24 03:36:23 +00:00
Brian Feldman
f9d23e53cc Correct ssh-keygen usage.
Submitted by:	Larry Baird <lab@gta.com>
1999-11-23 03:04:05 +00:00
Brian Feldman
64c59a88a8 Clean up some shell scripting and replace it with proper Makefile
syntax.  Run ssh-keygen for ssh_host_key on port install, not just
package install.
1999-11-22 22:45:47 +00:00
Brian Feldman
64484c75cf I wish CVS would report new files. This broke the carefully designed
mirroring system.  The tarball was fine, but the extraction was not
1999-11-22 22:44:47 +00:00
Brian Feldman
41408c5a51 And away we go! Here comes the source mirror, thanks Mark!
Submitted by:	markm
1999-11-21 23:10:48 +00:00
Brian Feldman
7b3d367711 Update to the latest CVS_DATE, obsoleting patches patch-a[yz].
Add "ignorelogin" login.conf functionality to sshd.

The biggest change: new port functionality.  Making "fetchsrctarball"
will soon work for those of you who cannot use CVS to get OpenSSH.
Mark Murray, the savior he is :), will use "make makesrctarball" and
put the snapshots of OpenSSH source in the proper place.

The current ${MASTER_SITES} is just a guess at where the snapshot
files could be hosted; something definite should be worked out very
soon.
1999-11-21 16:42:44 +00:00