pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security Remove openssh+gssapi.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/12b90aa542c1
branches:  trunk
changeset: 540066:12b90aa542c1
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Tue Mar 25 13:44:00 2008 +0000

description:
Remove openssh+gssapi.
It has security problems for a long time now.

Removal was announced on pkgsrc-users on March 13.

diffstat:

 security/Makefile                        |    3 +-
 security/openssh+gssapi/DESCR            |    8 -
 security/openssh+gssapi/INSTALL          |   36 ------
 security/openssh+gssapi/MESSAGE          |   17 ---
 security/openssh+gssapi/MESSAGE.pam      |    9 -
 security/openssh+gssapi/MESSAGE.urandom  |    8 -
 security/openssh+gssapi/Makefile         |  160 -------------------------------
 security/openssh+gssapi/PLIST            |   30 -----
 security/openssh+gssapi/PLIST.pam        |    2 -
 security/openssh+gssapi/PLIST.prng       |    3 -
 security/openssh+gssapi/distinfo         |   13 --
 security/openssh+gssapi/files/sshd.sh    |  105 --------------------
 security/openssh+gssapi/patches/patch-aa |   34 ------
 security/openssh+gssapi/patches/patch-ab |   34 ------
 security/openssh+gssapi/patches/patch-ah |   60 -----------
 security/openssh+gssapi/patches/patch-ai |   62 ------------
 security/openssh+gssapi/patches/patch-aj |   26 -----
 17 files changed, 1 insertions(+), 609 deletions(-)

diffs (truncated from 688 to 300 lines):

diff -r 35cf40c4a348 -r 12b90aa542c1 security/Makefile
--- a/security/Makefile Tue Mar 25 13:43:14 2008 +0000
+++ b/security/Makefile Tue Mar 25 13:44:00 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.314 2008/03/16 00:15:11 wiz Exp $
+# $NetBSD: Makefile,v 1.315 2008/03/25 13:44:00 wiz Exp $
 #
 
 COMMENT=       Security tools
@@ -134,7 +134,6 @@
 SUBDIR+=       opencdk
 SUBDIR+=       openpam
 SUBDIR+=       openssh
-SUBDIR+=       openssh+gssapi
 SUBDIR+=       openssl
 SUBDIR+=       otpCalc
 SUBDIR+=       p0f
diff -r 35cf40c4a348 -r 12b90aa542c1 security/openssh+gssapi/DESCR
--- a/security/openssh+gssapi/DESCR     Tue Mar 25 13:43:14 2008 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,8 +0,0 @@
-OpenSSH is based on the last free version of Tatu Ylonen's SSH with
-all patent-encumbered algorithms removed (to external libraries), all
-known security bugs fixed, new features reintroduced and many other
-clean-ups. More information about SSH itself can be found in the file
-README.Ylonen. OpenSSH has been created by Aaron Campbell, Bob Beck,
-Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song.
-
-This package adds enhanced support for GSSAPI, provided by sxw.org.uk.
diff -r 35cf40c4a348 -r 12b90aa542c1 security/openssh+gssapi/INSTALL
--- a/security/openssh+gssapi/INSTALL   Tue Mar 25 13:43:14 2008 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,36 +0,0 @@
-# $NetBSD: INSTALL,v 1.4 2004/06/15 18:44:57 kristerw Exp $
-
-DIRS="/etc /etc/ssh ${PKG_PREFIX}/etc ${PKG_PREFIX}/etc/ssh"
-FILES="sshd.conf sshd_config"
-
-case ${STAGE} in
-POST-INSTALL)
-       for dir in $DIRS; do
-               if [ "@PKG_SYSCONFDIR@" != "$dir" ]; then
-                       for file in $FILES; do
-                               path=$dir/$file
-                               if [ -f $path ]; then
-                                       ${CAT} <<EOF
-===========================================================================
-
-                           *===* NOTICE *===*
-
-WARNING: previous configuration file $path found.
-
-The config files for ${PKGNAME} must be located in:
-
-       @PKG_SYSCONFDIR@
-
-You will need to ensure your configuration files and/or keys are
-placed in the correct directory before using ${PKGNAME}.
-
-===========================================================================
-EOF
-
-                                       exit
-                               fi
-                       done
-               fi
-       done
-       ;;
-esac
diff -r 35cf40c4a348 -r 12b90aa542c1 security/openssh+gssapi/MESSAGE
--- a/security/openssh+gssapi/MESSAGE   Tue Mar 25 13:43:14 2008 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-===========================================================================
-$NetBSD: MESSAGE,v 1.3 2004/06/15 18:44:57 kristerw Exp $
-
-                           *===* NOTICE *===*
-
-If you have existing config files for OpenSSH located at /etc/ssh.conf
-and /etc/sshd.conf, then you will have to copy them:
-
-       /etc/ssh.conf  --> ${PKG_SYSCONFDIR}/ssh_config
-       /etc/sshd.conf --> ${PKG_SYSCONFDIR}/sshd_config
-
-The `${OPENSSH_USER}' user and `${OPENSSH_GROUP}' group used for
-privilege separation have been created if they did not already exist.
-For security reasons, UsePrivilegeSeparation has to be yes
-(the default value).
-
-===========================================================================
diff -r 35cf40c4a348 -r 12b90aa542c1 security/openssh+gssapi/MESSAGE.pam
--- a/security/openssh+gssapi/MESSAGE.pam       Tue Mar 25 13:43:14 2008 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,9 +0,0 @@
-===========================================================================
-$NetBSD: MESSAGE.pam,v 1.3 2004/06/15 18:44:57 kristerw Exp $
-
-To authenticate for SSH using PAM, add the contents of the file:
-
-       ${EGDIR}/sshd.pam
-
-to your PAM configuration file.
-===========================================================================
diff -r 35cf40c4a348 -r 12b90aa542c1 security/openssh+gssapi/MESSAGE.urandom
--- a/security/openssh+gssapi/MESSAGE.urandom   Tue Mar 25 13:43:14 2008 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,8 +0,0 @@
-===========================================================================
-$NetBSD: MESSAGE.urandom,v 1.3 2004/06/15 18:44:57 kristerw Exp $
-
-You will need a working /dev/urandom.  Please make sure you have a kernel
-compiled from a config file containing the line:
-
-       pseudo-device   rnd
-===========================================================================
diff -r 35cf40c4a348 -r 12b90aa542c1 security/openssh+gssapi/Makefile
--- a/security/openssh+gssapi/Makefile  Tue Mar 25 13:43:14 2008 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,160 +0,0 @@
-# $NetBSD: Makefile,v 1.42 2008/01/18 05:09:39 tnn Exp $
-
-# NOTE:  This package is modeled on ../openssh, but does not share
-# files with it as that package may update faster than the gssapi
-# patches do.
-
-DISTNAME=              openssh-3.6.1p2
-PKGNAME=               openssh+gssapi-3.6.1.2.20030430
-PKGREVISION=           8
-SVR4_PKGNAME=          osshgss
-CATEGORIES=            security
-MASTER_SITES=          ftp://ftp.stealth.net/pub/mirrors/ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
-                       http://public.planetmirror.com.au/pub/OpenBSD/OpenSSH/portable/ \
-                       ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
-                       ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \
-                       ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/old/
-PATCH_SITES=   http://www.sxw.org.uk/computing/patches/
-PATCHFILES=    openssh-3.6.1p2-gssapi-20030430.diff
-PATCH_DIST_STRIP=      -p1
-
-# Don't delete the last entry -- it's there if the pkgsrc version is not
-# up-to-date and the mirrors already removed the old distfile.
-
-MAINTAINER=            jwise%NetBSD.org@localhost
-HOMEPAGE=              http://www.openssh.com/
-COMMENT=               Open Source Secure shell client and server with enhanced GSSAPI support
-
-CONFLICTS=             sftp-[0-9]*
-CONFLICTS+=            ssh-[0-9]* ssh6-[0-9]* ssh2-[0-9]*
-CONFLICTS+=            openssh-[0-9]*
-CONFLICTS+=            lsh>2.0
-
-CRYPTO=                        yes
-KERBEROS=              yes
-
-# retain the following line, for IPv6-ready pkgsrc webpage
-BUILD_DEFS+=           IPV6_READY
-#BUILD_DEFS+=          KERBEROS
-
-.include "../../mk/bsd.prefs.mk"
-
-INSTALL_TARGET=                install-nokeys
-PLIST_SRC=             # empty
-MESSAGE_SRC=           ${.CURDIR}/MESSAGE
-
-PKG_GROUPS_VARS+=      OPENSSH_GROUP
-PKG_USERS_VARS+=       OPENSSH_USER
-
-PKG_GROUPS=            ${OPENSSH_GROUP}
-PKG_USERS=             ${OPENSSH_USER}:${OPENSSH_GROUP}
-
-PKG_GECOS.${OPENSSH_USER}=     sshd privsep pseudo-user
-PKG_HOME.${OPENSSH_USER}=      ${OPENSSH_CHROOT}
-
-SSH_PID_DIR=           /var/run        # default directory for PID files
-
-PKG_SYSCONFSUBDIR=     ssh
-
-USE_TOOLS+=            autoconf perl
-GNU_CONFIGURE=         yes
-CONFIGURE_ARGS+=       --sysconfdir=${PKG_SYSCONFDIR:Q}
-CONFIGURE_ARGS+=       --with-pid-dir=${SSH_PID_DIR:Q}
-CONFIGURE_ARGS+=       --with-ssl-dir=${SSLBASE:Q}
-CONFIGURE_ARGS+=       --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}
-CONFIGURE_ARGS+=       --with-privsep-path=${OPENSSH_CHROOT:Q}
-CONFIGURE_ARGS+=       --with-privsep-user=${OPENSSH_USER:Q}
-CONFIGURE_ARGS+=       --with-kerberos5=/usr
-
-CPPFLAGS+=             -I/usr/include/krb5
-
-# XXX: PAM authentication causes memory faults, and I haven't tracked down
-# XXX: why yet.  For the moment, disable PAM authentication.
-#
-#PKG_OPTIONS_VAR=      PKG_OPTIONS.openssh+gssapi
-#PKG_SUPPORTED_OPTIONS=        pam
-#.include "../../mk/bsd.options.mk"
-#
-#.if !empty(PKG_OPTIONS:Mpam)
-#.  include "../../mk/pam.buildlink3.mk"
-#CONFIGURE_ARGS+=      --with-pam
-#PLIST_SRC+=           ${.CURDIR}/PLIST.pam
-#MESSAGE_SRC+=         ${.CURDIR}/MESSAGE.pam
-#.endif
-
-.if (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS")
-.  include "../../security/skey/buildlink3.mk"
-CONFIGURE_ARGS+=       --with-skey=${BUILDLINK_PREFIX.skey}
-.elif ${OPSYS} == "NetBSD"
-# XXX: NetBSD has 4 args (4: sslen) to skeychallenge instead of 3
-#CONFIGURE_ARGS+=      --with-skey=/usr
-CONFIGURE_ARGS+=       --without-skey
-.else
-CONFIGURE_ARGS+=       --without-skey
-.endif
-
-.if defined(KERBEROS)
-.include "../../security/kth-krb4/buildlink3.mk"
-PKG_USE_KERBEROS=              yes
-CONFIGURE_ARGS+=       --with-kerberos4=${BUILDLINK_PREFIX.kth-krb4}
-CPPFLAGS+=             -I${BUILDLINK_PREFIX.kth-krb4}/include/kerberosIV
-LDFLAGS+=              -L${BUILDLINK_PREFIX.kth-krb4}/lib
-LDFLAGS+=              -Wl,-R${BUILDLINK_PREFIX.kth-krb4}/lib
-LDFLAGS+=              -lkrb -lcom_err -lroken -ldes -lcrypto
-.endif
-
-CONFIGURE_ENV+=                LD=${CC:Q}
-
-# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
-# on if it's part of the X11 distribution, or if it's installed from pkgsrc
-# (security/ssh-askpass).
-#
-.if exists(${X11BASE}/bin/ssh-askpass)
-ASKPASS_PROGRAM=       ${X11BASE}/bin/ssh-askpass
-.else
-ASKPASS_PROGRAM=       ${X11PREFIX}/bin/ssh-askpass
-.endif
-CONFIGURE_ENV+=                ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
-MAKE_ENV+=             ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
-
-CONFS=                 ssh_config sshd_config moduli
-
-.if exists(/dev/urandom)
-MESSAGE_SRC+=          ${.CURDIR}/MESSAGE.urandom
-.else
-CONFIGURE_ARGS+=       --without-random
-CONFS+=                        ssh_prng_cmds
-PLIST_SRC+=            ${.CURDIR}/PLIST.prng
-.endif
-
-EGDIR=                 ${PREFIX}/share/examples/openssh
-CONF_FILES=            # empty
-.for FILE in ${CONFS}
-CONF_FILES+=           ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE}
-.endfor
-OWN_DIRS=              ${OPENSSH_CHROOT}
-RCD_SCRIPTS=           sshd
-
-PLIST_SRC+=            ${.CURDIR}/PLIST
-FILES_SUBST+=          SSH_PID_DIR=${SSH_PID_DIR:Q}
-MESSAGE_SUBST+=                EGDIR=${EGDIR}
-MESSAGE_SUBST+=                OPENSSH_USER=${OPENSSH_USER}
-MESSAGE_SUBST+=                OPENSSH_GROUP=${OPENSSH_GROUP}
-
-pre-configure:
-       cd ${WRKSRC} && autoreconf
-
-post-install:
-       ${INSTALL_DATA_DIR} ${EGDIR}
-       cd ${WRKSRC}; for file in ${CONFS}; do                          \
-               ${INSTALL_DATA} $${file}.out ${EGDIR}/$${file};         \
-       done
-#.if !empty(PKT_OPTIONS:Mpam)
-#      ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.freebsd ${EGDIR}/sshd.pam
-#.endif
-
-.include "../../devel/zlib/buildlink3.mk"
-.include "../../security/openssl/buildlink3.mk"
-.include "../../security/tcp_wrappers/buildlink3.mk"
-
-.include "../../mk/bsd.pkg.mk"
diff -r 35cf40c4a348 -r 12b90aa542c1 security/openssh+gssapi/PLIST
--- a/security/openssh+gssapi/PLIST     Tue Mar 25 13:43:14 2008 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,30 +0,0 @@
-@comment $NetBSD: PLIST,v 1.6 2005/10/07 17:43:30 reed Exp $
-bin/scp
-bin/sftp
-bin/slogin
-bin/ssh
-bin/ssh-add
-bin/ssh-agent
-bin/ssh-keygen
-bin/ssh-keyscan
-libexec/sftp-server
-libexec/ssh-keysign
-man/man1/scp.1
-man/man1/sftp.1
-man/man1/slogin.1
-man/man1/ssh-add.1
-man/man1/ssh-agent.1
-man/man1/ssh-keygen.1



Home | Main Index | Thread Index | Old Index