Well,  I posted the question after the pkgsrc make failed.  This is why I
assumed
that I needed to create the users.  Here are the errors I am getting:

 `cat socket.lib`
( ( ./compile tryulong32.c && ./load tryulong32 &&  ./tryulong32 ) >/dev/null

2>&1  && cat uint32.h2 || cat uint32.h1 ) > uint32.h
rm -f tryulong32.o tryulong32
./compile qmail-lspawn.c
( ./compile trysysel.c >/dev/null 2>&1  && cat select.h2 || cat select.h1 ) >

select.h
rm -f trysysel.o trysysel
./compile chkspawn.c
./compile auto-int.c
./load auto-int substdio.a error.a str.a fs.a
./auto-int auto_spawn `head -1 conf-spawn` > auto_spawn.c
./compile auto_spawn.c
./load chkspawn substdio.a error.a str.a fs.a auto_spawn.o
./chkspawn
./compile spawn.c
./compile chkshsgr.c
./load chkshsgr
./chkshsgr || ( cat warn-shsgr; exit 1 )
( ( ./compile tryshsgr.c  && ./load tryshsgr && ./tryshsgr ) >/dev/null 2>&1
&&
echo \#define HASSHORTSETGROUPS 1 || exit 0 ) >  hasshsgr.h
rm -f tryshsgr.o tryshsgr
./compile prot.c
./compile coe.c
./compile cdb_hash.c
./compile cdb_unpack.c
./compile cdb_seek.c
./makelib cdb.a cdb_hash.o cdb_unpack.o cdb_seek.o
./compile auto-uid.c
./load auto-uid substdio.a error.a str.a fs.a
./compile auto-gid.c
./load auto-gid substdio.a error.a str.a fs.a
( ./auto-uid auto_uida `head -1 conf-users`  &&./auto-uid auto_uidd `head -2
conf-users | tail -1`  &&./auto-uid auto_uidl `head -3 conf-users | tail -1`
&&./auto-uid auto_uido `head -4 conf-users | tail -1`  &&./auto-uid auto_uidp

`head -5 conf-users | tail -1`  &&./auto-uid auto_uidq `head -6 conf-users |
tail
-1`  &&./auto-uid auto_uidr `head -7 conf-users | tail -1`  &&./auto-uid
auto_uids
`head -8 conf-users | tail -1`  &&./auto-gid auto_gidq `head -1 conf-groups`
&&./auto-gid auto_gidn `head -2 conf-groups | tail -1`  ) > auto_uids.c.tmp
&& mv
auto_uids.c.tmp auto_uids.c
fatal: unable to find user qmaild
*** Error code 111

Stop.
*** Error code 1

Stop.
*** Error code 1

Stop.

rottz@securityflaw.com wrote:

> Sam Carleton wrote:
> >
> > Folks,
> >
> > I have a basic install of NetBSD 1.5.  And I use ssh as my main form of
> > access to the box so this is an important update for me.  The
> > instructions talk about using the program cvs.  I do NOT have cvs on my
> > machine.  Is this part of the whole package setup, which I also don't
> > have install?  Or is it something else?
> http://www.netbsd.org/Documentation/software/packages.html
> You can find the cvs package in /usr/pkgsrc/devel/cvs
> But you can also update your source with the "sup" program.
> Which is what most people use to update their src.
>
> >I am under the impressiont that
> > this security advisory is informing us that there is a new version of
> > ssh, is that true?  If there is a new version of ssh, would it not be
> > easier for me to simply download the new version, compile it and
> > install?
> Its NOT a new version, just a bug fix for the current version.
> Version:        NetBSD-current: /usr/sbin/sshd from source before June
> 14, 2001
>                 NetBSD 1.5:     affected
>                 pkgsrc:         openssh packages prior to 2.9p2 (2.9p2
> is safe)
> >
> > Sam
>
> Rottz
> --
> rottz at securityflaw dot com
> Founder of Securityflaw