head	1.19;
access;
symbols
	pkgsrc-2013Q2:1.19.0.54
	pkgsrc-2013Q2-base:1.19
	pkgsrc-2012Q4:1.19.0.52
	pkgsrc-2012Q4-base:1.19
	pkgsrc-2011Q4:1.19.0.50
	pkgsrc-2011Q4-base:1.19
	pkgsrc-2011Q2:1.19.0.48
	pkgsrc-2011Q2-base:1.19
	pkgsrc-2009Q4:1.19.0.46
	pkgsrc-2009Q4-base:1.19
	pkgsrc-2008Q4:1.19.0.44
	pkgsrc-2008Q4-base:1.19
	pkgsrc-2008Q3:1.19.0.42
	pkgsrc-2008Q3-base:1.19
	cube-native-xorg:1.19.0.40
	cube-native-xorg-base:1.19
	pkgsrc-2008Q2:1.19.0.38
	pkgsrc-2008Q2-base:1.19
	pkgsrc-2008Q1:1.19.0.36
	pkgsrc-2008Q1-base:1.19
	pkgsrc-2007Q4:1.19.0.34
	pkgsrc-2007Q4-base:1.19
	pkgsrc-2007Q3:1.19.0.32
	pkgsrc-2007Q3-base:1.19
	pkgsrc-2007Q2:1.19.0.30
	pkgsrc-2007Q2-base:1.19
	pkgsrc-2007Q1:1.19.0.28
	pkgsrc-2007Q1-base:1.19
	pkgsrc-2006Q4:1.19.0.26
	pkgsrc-2006Q4-base:1.19
	pkgsrc-2006Q3:1.19.0.24
	pkgsrc-2006Q3-base:1.19
	pkgsrc-2006Q2:1.19.0.22
	pkgsrc-2006Q2-base:1.19
	pkgsrc-2006Q1:1.19.0.20
	pkgsrc-2006Q1-base:1.19
	pkgsrc-2005Q4:1.19.0.18
	pkgsrc-2005Q4-base:1.19
	pkgsrc-2005Q3:1.19.0.16
	pkgsrc-2005Q3-base:1.19
	pkgsrc-2005Q2:1.19.0.14
	pkgsrc-2005Q2-base:1.19
	pkgsrc-2005Q1:1.19.0.12
	pkgsrc-2005Q1-base:1.19
	pkgsrc-2004Q4:1.19.0.10
	pkgsrc-2004Q4-base:1.19
	pkgsrc-2004Q3:1.19.0.8
	pkgsrc-2004Q3-base:1.19
	pkgsrc-2004Q2:1.19.0.6
	pkgsrc-2004Q2-base:1.19
	pkgsrc-2004Q1:1.19.0.4
	pkgsrc-2004Q1-base:1.19
	pkgsrc-2003Q4:1.19.0.2
	pkgsrc-2003Q4-base:1.19
	buildlink2-base:1.19
	netbsd-1-5-PATCH001:1.16
	netbsd-1-5-RELEASE:1.9
	netbsd-1-4-PATCH003:1.9;
locks; strict;
comment	@# @;


1.19
date	2001.08.02.12.55.21;	author itojun;	state dead;
branches;
next	1.18;

1.18
date	2001.08.02.12.32.33;	author itojun;	state Exp;
branches;
next	1.17;

1.17
date	2001.05.19.03.56.39;	author jlam;	state Exp;
branches;
next	1.16;

1.16
date	2001.03.20.19.21.56;	author wiz;	state Exp;
branches;
next	1.15;

1.15
date	2001.03.20.18.01.27;	author wiz;	state Exp;
branches;
next	1.14;

1.14
date	2001.03.04.03.26.52;	author assar;	state Exp;
branches;
next	1.13;

1.13
date	2001.02.25.04.18.14;	author hubertf;	state Exp;
branches;
next	1.12;

1.12
date	2001.02.17.17.50.10;	author wiz;	state Exp;
branches;
next	1.11;

1.11
date	2001.02.13.12.49.08;	author is;	state Exp;
branches;
next	1.10;

1.10
date	2001.01.29.11.34.42;	author wiz;	state Exp;
branches;
next	1.9;

1.9
date	2000.10.10.09.52.00;	author itojun;	state Exp;
branches;
next	1.8;

1.8
date	2000.09.26.19.59.54;	author fredb;	state Exp;
branches;
next	1.7;

1.7
date	2000.09.20.04.49.20;	author jlam;	state Exp;
branches;
next	1.6;

1.6
date	2000.09.09.19.40.24;	author fredb;	state Exp;
branches;
next	1.5;

1.5
date	2000.08.18.22.46.50;	author hubertf;	state Exp;
branches;
next	1.4;

1.4
date	2000.08.11.03.12.51;	author itojun;	state Exp;
branches;
next	1.3;

1.3
date	2000.08.10.17.02.25;	author thorpej;	state Exp;
branches;
next	1.2;

1.2
date	2000.03.26.14.28.13;	author itojun;	state Exp;
branches;
next	1.1;

1.1
date	2000.03.20.02.25.30;	author itojun;	state Exp;
branches;
next	;


desc
@@


1.19
log
@say goodbye to security/ssh6.  per comments on packages@@netbsd.
@
text
@# $NetBSD: Makefile,v 1.18 2001/08/02 12:32:33 itojun Exp $
# FreeBSD Id: Makefile,v 1.47 1997/11/10 22:04:42 dima Exp
#

# We do not upgrade to 1.2.28 and beyond, intentionally.  There was license
# change between 1.2.27 and 1.2.28, and the new license prohibits us from
# modifying/redistributing it.
#
DISTNAME=		ssh-1.2.27
PKGNAME=		ssh6-1.2.27nb1
CATEGORIES=		security net
MASTER_SITES=		ftp://ftp.ssh.com/pub/ssh/old/ \
			ftp://ftp.funet.fi/pub/unix/security/login/ssh/ \
			ftp://ftp.cert.dfn.de/pub/tools/net/ssh/
DISTFILES=		${DISTNAME}${EXTRACT_SUFX}

MAINTAINER=		packages@@netbsd.org
HOMEPAGE=		http://www.cs.hut.fi/ssh/
COMMENT=		IPv6 version of secure shell client and server (remote login program)

CONFLICTS=		openssh-[0-9]* ssh-[0-9]*

IGNORE=			has security holes, not maintained any more.  use openssh

CRYPTO=			YES
LICENSE=		no-commercial-use
USE_RSAREF2=		NO

EXTRACT_ONLY=		${DISTNAME}${EXTRACT_SUFX}
# the next line is needed if you have the gmp package installed
LDFLAGS+=		-Lgmp-2.0.2-ssh-2
GNU_CONFIGURE=		YES

.include "../../mk/bsd.prefs.mk"

# Use SSH_CONF_DIR from /etc/mk.conf, if defined; otherwise default to /etc
SSH_CONF_DIR?=		/etc

CONFIGURE_ARGS+=	--with-etcdir=${SSH_CONF_DIR} --with-libwrap

#Uncomment if all your users are in their own group and their homedir
#is writeable by that group.  Beware the security implications!
#CONFIGURE_ARGS+=	--enable-group-writeability

#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection
#over a secure medium.  This is normally dangerous since it can lead to the
#disclosure keys and passwords.
#CONFIGURE_ARGS+=	--with-none

.if defined(USE_RSAREF2) && ${USE_RSAREF2} == YES
DEPENDS+=		rsaref-2.0p3:../../security/rsaref
CONFIGURE_ARGS+=	--with-rsaref="${LOCALBASE}/lib"
CONFIGURE_ENV+=		LDFLAGS="-Wl,-R${LOCALBASE}/lib"
CFLAGS+=		-I${LOCALBASE}/include
.endif

# Include support for the SecureID card
# Warning: untested !
.if defined(USE_SECUREID) && ${USE_SECUREID} == YES
CONFIGURE_ARGS+=	--with-secureid
.endif

# If rsh is elsewhere to /usr/bin/rsh
.if defined(SSH_RSHPATH)
CONFIGURE_ARGS+=       --with-rsh=${SSH_RSHPATH}
.endif

# By default, use IDEA.  IDEA can be freely used for non-commercial use.
# However, commercial use may require a license in a number of countries.
#
USE_IDEA?=		YES

# Handle deprecated option SSH_DONT_USE_IDEA.
#
.if defined(SSH_DONT_USE_IDEA) && ${SSH_DONT_USE_IDEA} == YES
USE_IDEA=		NO
.endif

.if ${USE_IDEA} != "YES"
CONFIGURE_ARGS+=	--without-idea
.endif

# Include SOCKS firewall support
.if defined(USE_SOCKS) && (${USE_SOCKS} == 4 || ${USE_SOCKS} == 5)
BROKEN=			SOCKS support currently unavailable
CONFIGURE_ARGS+= 	--with-socks${USE_SOCKS}="-L${LOCALBASE}/lib -lsocks${USE_SOCKS}"
CFLAGS+=	 	-I${LOCALBASE}/include
.if ${USE_SOCKS} == 4
DEPENDS+=		socks4-2.2:../../net/socks4
.else
DEPENDS+=		socks5-1.0.2:../../net/socks5
.endif
.endif

# The original Kerberos v4 patches were fetched from
# http://www.monkey.org/~dugsong/ssh-afs/
# PATCH_SITES+=		ftp://ftp.monkey.org/pub/users/dugsong/
# PATCHFILES+=		ssh-1.2.27-afs-kerberos.patch-1
# MD5 (ssh-1.2.27-afs-kerberos.patch-1) = d440f74958d9c3805b76dbc13e97e87d

.if defined(KERBEROS)
USE_KERBEROS=		yes
CONFIGURE_ARGS+=	--with-krb4=/usr
.endif

# XXX KERBEROS 5 SUPPORT BROKEN WITH HEIMDAL
#.if defined(KERBEROS) && ${KERBEROS} == 5
#USE_KERBEROS=	yes
#CONFIGURE_ARGS+=--with-krb5=/usr
#.else
#CONFIGURE_ARGS+=--without-krb5
#.endif

# Find X11 libraries with xpkgwedge
.if defined(USE_LOCALBASE_FOR_X11)
CONFIGURE_ARGS+=	--x-libraries=${X11BASE}/lib --x-includes=${X11BASE}/include
.endif

# Enable support for TIS authentication server
.if defined(USE_TIS) && ${USE_TIS} == YES
CONFIGURE_ARGS+=	--with-tis=${LOCALBASE}
.endif

# Don't install "ssh" setuid
.if !defined(SSH_SUID) || ${SSH_SUID} != YES
CONFIGURE_ARGS+=	--disable-suid-ssh
.endif

# Make libwrap also compare against forwards (off by default)
.if defined(LIBWRAP_FWD) && ${LIBWRAP_FWD} == YES
CFLAGS+=		-DLIBWRAP_FWD
.endif

# The original IPv6 patches were fetched from
# PATCH_SITES+=		ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/
# PATCHFILES+=		ssh-1.2.27-IPv6-1.5-patch.gz
# MD5 (ssh-1.2.27-IPv6-1.5-patch.gz) = b854131fe8aa025abeef32cecfe1b037

.if defined(USE_INET6) && ${USE_INET6} == YES
CONFIGURE_ARGS+=	--enable-ipv6
.else
CONFIGURE_ARGS+=	--disable-ipv6
.endif

# be more effective on M68060 machines
.if defined(M68060)
CONFIGURE_ARGS+=	--disable-asm
CFLAGS+=		-m68060
.endif

DEINSTALL_FILE=	${WRKDIR}/DEINSTALL
PLIST_SRC=	${WRKDIR}/PLIST
MESSAGE_SUBST+=	SSH_CONF_DIR=${SSH_CONF_DIR}

pre-patch:
	@@${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \
	    ${WRKSRC}/make-ssh-known-hosts.pl.in
	@@# SSH DES and AFS/Kerberos DES conflict.
	@@${MV} -f ${WRKSRC}/des.h ${WRKSRC}/ssh-des.h

fetch-depends:
.if !defined(USE_RSAREF2) || ${USE_RSAREF2} != YES && ${USE_RSAREF2} != NO
	@@${ECHO}
	@@${ECHO} The variable USE_RSAREF2 must be set to either YES or NO
	@@${ECHO} in order to build this package.  USA residents that are
	@@${ECHO} not licensees of the RSA algorithm MUST set this variable
	@@${ECHO} to YES.  Users outside the USA MUST set this variable to
	@@${ECHO} NO.  Licensees may choose -- NO is faster.
	@@${ECHO}
	@@${ECHO} You may also want to set USE_IDEA to NO if this program
	@@${ECHO} will be used for a commercial purpose.  There are other
	@@${ECHO} configure options\; look at the pkg Makefile for more info.
	@@${FALSE}
.endif

post-patch:
	@@# Make sure that "automake" is never run.
	@@${FIND} ${WRKSRC} -name Makefile.in -print | ${XARGS} ${TOUCH} ${TOUCH_FLAGS}

post-build:
	@@cd ${PKGDIR}; \
	for FILE in DEINSTALL PLIST ${FILESDIR}/sshd.sh; do \
	  ${SED} -e 's#@@SSH_CONF_DIR@@#${SSH_CONF_DIR}#g' \
	    -e 's#@@PREFIX@@#${PREFIX}#g' \
	    <$${FILE} >${WRKDIR}/`basename $${FILE}`; \
	done
	@@if [ -x ${WRKSRC}/ssh-askpass ]; then \
	  ${ECHO} bin/ssh-askpass >>${PLIST_SRC}; \
	  ${ECHO} bin/ssh-askpass1 >>${PLIST_SRC}; \
	fi

post-install:
	@@${INSTALL_DATA_DIR} ${PREFIX}/share/examples/ssh
	@@${MKDIR} ${WRKDIR}${SSH_CONF_DIR}
	(cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${MAKE_PROGRAM} ${MAKE_FLAGS} \
		-f ${MAKEFILE} install_prefix=${WRKDIR} install-configs)
	${INSTALL_DATA} ${WRKDIR}${SSH_CONF_DIR}/ssh_config \
		${WRKDIR}${SSH_CONF_DIR}/sshd_config ${PREFIX}/share/examples/ssh
	@@${RM} -rf ${WRKDIR}${SSH_CONF_DIR}
	@@if [ ! -f ${SSH_CONF_DIR}/ssh_host_key ]; then \
		${ECHO} "Generating a secret host key..."; \
		${PREFIX}/bin/ssh-keygen \
			-f ${SSH_CONF_DIR}/ssh_host_key -N ""; \
	fi
	${INSTALL_SCRIPT} ${WRKDIR}/sshd.sh ${PREFIX}/etc/rc.d/sshd

BUILD_DEFS+=		USE_IDEA SSH_CONF_DIR SSH_SUID USE_RSAREF2
BUILD_DEFS+=		LIBWRAP_FWD M68060 USE_SOCKS USE_INET6

.include "../../mk/bsd.pkg.mk"
@


1.18
log
@GNORE, as it has security holes left behind, and the patch
is not maintained any more.  use openssh.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.17 2001/05/19 03:56:39 jlam Exp $
@


1.17
log
@Use ${XARGS} instead of invoking xargs directly.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.16 2001/03/20 19:21:56 wiz Exp $
d22 2
@


1.16
log
@Replace ftp.cs.hut.fi (which has been closed) by ftp.ssh.com.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.15 2001/03/20 18:01:27 wiz Exp $
d176 1
a176 1
	@@${FIND} ${WRKSRC} -name Makefile.in -print | xargs ${TOUCH} ${TOUCH_FLAGS}
@


1.15
log
@Mirror 1.90 of ssh/Makefile:
Add fitting LDFLAGS, so that an installed version of gmp doesn't
influence the build (see pkg/12235).
Also remove CFLAGS=-O2.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.14 2001/03/04 03:26:52 assar Exp $
d12 1
a12 1
MASTER_SITES=		ftp://ftp.cs.hut.fi/pub/ssh/ \
@


1.14
log
@turn KERBEROS into a binary switch
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.13 2001/02/25 04:18:14 hubertf Exp $
d28 2
a29 1
CFLAGS=			-O2
@


1.13
log
@Cleanup MKDIR usage => INSTALL_*_DIR
XXX need to teach pkglint to be more picky about this
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.12 2001/02/17 17:50:10 wiz Exp $
d98 1
a98 1
.if defined(KERBEROS) && ${KERBEROS} == 4
@


1.12
log
@Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.11 2001/02/13 12:49:08 is Exp $
d190 1
a190 1
	@@${MKDIR} ${PREFIX}/share/examples/ssh
@


1.11
log
@Change the names of the ssh and ssh6 packages to ssh{,6}-1.2.27nb1 so
that installation of the right version can be verified.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.10 2001/01/29 11:34:42 wiz Exp $
d19 1
@


1.10
log
@Add automatic ${VARIABLE} handling for MESSAGE files.
Convert most MESSAGE files to new syntax (${VARIABLE} gets replaced,
not @@VARIABLE@@, nor @@@@VARIABLE@@@@).
By default, substitutions are done for LOCALBASE, PKGNAME, PREFIX,
X11BASE, X11PREFIX; additional patterns can be added via MESSAGE_SUBST.
Clean up some packages while I'm there; add RCS tags to most MESSAGEs.
Remove some uninteresting MESSAGEs.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.9 2000/10/10 09:52:00 itojun Exp $
d10 1
a10 1
PKGNAME=		ssh6-1.2.27
@


1.9
log
@dd LICENSE (as per discussions on packages@@netbsd.org
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.8 2000/09/26 19:59:54 fredb Exp $
a147 1
MESSAGE_FILE=	${WRKDIR}/MESSAGE
d149 1
d178 1
a178 1
	for FILE in DEINSTALL MESSAGE PLIST ${FILESDIR}/sshd.sh; do \
@


1.8
log
@Set USE_RSAREF2=NO by default. Hopefully, this will discourage people from
actually using rsaref, while we ponder the case for removing it completely.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.7 2000/09/20 04:49:20 jlam Exp $
d23 1
@


1.7
log
@Install rc.d control script as "sshd" instead of "sshd.sh" to comply with
how NetBSD's rc.d interprets script names.  Also add REQUIRE and PROVIDE
sections to control scripts so they can be used directly in NetBSD's rc.d
system.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.6 2000/09/09 19:40:24 fredb Exp $
d23 1
@


1.6
log
@Reorganize crypto handling, as discussed on tech-pkg. Remove all
RESTRICTED= variables that were predicated on former U.S. export
regulations. Add CRYPTO=, as necessary, so it's still possible to
exclude all crypto packages from a build by setting MKCRYPTO=no
(but "lintpkgsrc -R" will no longer catch them).

Specifically,

- - All packages which set USE_SSL just lose their RESTRICTED
    variable, since MKCRYPTO responds to USE_SSL directly.
- - realplayer7 and ns-flash keep their RESTRICTED, which is based
    on license terms, but also gain the CRYPTO variable.
- - srp-client is now marked broken, since the distfile is evidently
    no longer available. On this, we're no worse off than before.
    [We haven't been mirroring the distfile, or testing the build!]
- - isakmpd gets CRYPTO for RESTRICTED, but remains broken.
- - crack loses all restrictions, as it does not evidently empower
    a user to utilize strong encryption (working definition: ability
    to encode a message that requires a secret key plus big number
    arithmetic to decode).
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.5 2000/08/18 22:46:50 hubertf Exp $
d199 1
a199 1
	${INSTALL_SCRIPT} ${WRKDIR}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh
@


1.5
log
@Replace MIRROR_DISTFILES and NO_CDROM with the more descriptive and
more fine-grained NO_{BIN,SRC}_ON_{FTP,CDROM} definitions.

MIRROR_DISTFILES and NO_CDROM are now dead.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.4 2000/08/11 03:12:51 itojun Exp $
d22 1
a22 3
RESTRICTED=		"Crypto; export-controlled"
NO_SRC_ON_FTP=	${RESTRICTED}
LICENSE=		no-commercial-use
@


1.4
log
@add some comment on license change.
we need stick to 1.2.27 (use openssh).
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.3 2000/08/10 17:02:25 thorpej Exp $
a21 1
EXTRACT_ONLY=		${DISTNAME}${EXTRACT_SUFX}
d23 1
a23 1
MIRROR_DISTFILE=	no
d26 1
@


1.3
log
@Comment out Kerberos 5 support, for now.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.2 2000/03/26 14:28:13 itojun Exp $
d5 4
@


1.2
log
@revise CONFLICTS line.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.1 2000/03/20 02:25:30 itojun Exp $
d98 7
a104 6
.if defined(KERBEROS) && ${KERBEROS} == 5
USE_KERBEROS=	yes
CONFIGURE_ARGS+=--with-krb5=/usr
.else
CONFIGURE_ARGS+=--without-krb5
.endif
@


1.1
log
@split security/ssh and security/ssh6.
security/ssh6: IPv4/v6 ready, socks unavailable, kerberos available (not tested)
security/ssh: IPv4 onlyready, socks available, kerberos available (not tested)

should be integrated into one whenever socks support becomes aware of
getaddrinfo/getnameinfo.  two directories with tons of patches/patch-* is
a maintenance headache.
@
text
@d1 1
a1 1
# $NetBSD: Makefile,v 1.75 2000/03/18 18:32:16 jlam Exp $
d16 1
a16 1
CONFLICTS=		openssh-[0-9]* ssh-*
@