pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Remove openssh and openssh8
Module Name: pkgsrc-wip
Committed By: coypu <coypu%sdf.org@localhost>
Pushed By: coypu
Date: Wed May 1 20:59:49 2019 +0300
Changeset: 7ebf80d9d245fdf7b2731edd8dee2a466878960a
Removed Files:
openssh/DESCR
openssh/INSTALL
openssh/MESSAGE.pam
openssh/Makefile
openssh/PLIST
openssh/distinfo
openssh/files/org.openssh.sshd.sb.in
openssh/files/smf/manifest.xml
openssh/files/smf/sshd.sh
openssh/files/sshd.sh
openssh/options.mk
openssh/patches/patch-Makefile.in
openssh/patches/patch-auth.c
openssh/patches/patch-clientloop.c
openssh/patches/patch-config.h.in
openssh/patches/patch-configure.ac
openssh/patches/patch-defines.h
openssh/patches/patch-loginrec.c
openssh/patches/patch-openbsd-compat_openbsd-compat.h
openssh/patches/patch-openbsd-compat_port-tun.c
openssh/patches/patch-sandbox-darwin.c
openssh/patches/patch-sshd.8
openssh/patches/patch-sshd.c
openssh/t
openssh8/DESCR
openssh8/INSTALL
openssh8/MESSAGE.Interix
openssh8/MESSAGE.pam
openssh8/Makefile
openssh8/PLIST
openssh8/distinfo
openssh8/files/org.openssh.sshd.sb.in
openssh8/files/smf/manifest.xml
openssh8/files/smf/sshd.sh
openssh8/files/sshd.sh
openssh8/options.mk
openssh8/patches/patch-Makefile.in
openssh8/patches/patch-auth-passwd.c
openssh8/patches/patch-auth-rhosts.c
openssh8/patches/patch-auth.c
openssh8/patches/patch-auth2.c
openssh8/patches/patch-clientloop.c
openssh8/patches/patch-config.h.in
openssh8/patches/patch-configure.ac
openssh8/patches/patch-defines.h
openssh8/patches/patch-includes.h
openssh8/patches/patch-loginrec.c
openssh8/patches/patch-openbsd-compat_bsd-openpty.c
openssh8/patches/patch-openbsd-compat_openbsd-compat.h
openssh8/patches/patch-openbsd-compat_port-tun.c
openssh8/patches/patch-platform.c
openssh8/patches/patch-sandbox-darwin.c
openssh8/patches/patch-scp.c
openssh8/patches/patch-session.c
openssh8/patches/patch-sftp-common.c
openssh8/patches/patch-sshd.8
openssh8/patches/patch-sshd.c
openssh8/patches/patch-sshpty.c
openssh8/patches/patch-uidswap.c
Log Message:
Remove openssh and openssh8
The version within pkgsrc proper is the latest, and having
two variants is confusing :-)
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=7ebf80d9d245fdf7b2731edd8dee2a466878960a
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
openssh/DESCR | 14 --
openssh/INSTALL | 36 ----
openssh/MESSAGE.pam | 9 -
openssh/Makefile | 186 ------------------
openssh/PLIST | 31 ---
openssh/distinfo | 18 --
openssh/files/org.openssh.sshd.sb.in | 23 ---
openssh/files/smf/manifest.xml | 46 -----
openssh/files/smf/sshd.sh | 68 -------
openssh/files/sshd.sh | 115 ------------
openssh/options.mk | 51 -----
openssh/patches/patch-Makefile.in | 31 ---
openssh/patches/patch-auth.c | 17 --
openssh/patches/patch-clientloop.c | 63 -------
openssh/patches/patch-config.h.in | 27 ---
openssh/patches/patch-configure.ac | 122 ------------
openssh/patches/patch-defines.h | 47 -----
openssh/patches/patch-loginrec.c | 60 ------
.../patches/patch-openbsd-compat_openbsd-compat.h | 17 --
openssh/patches/patch-openbsd-compat_port-tun.c | 45 -----
openssh/patches/patch-sandbox-darwin.c | 23 ---
openssh/patches/patch-sshd.8 | 27 ---
openssh/patches/patch-sshd.c | 62 ------
openssh/t | 136 --------------
openssh8/DESCR | 14 --
openssh8/INSTALL | 36 ----
openssh8/MESSAGE.Interix | 20 --
openssh8/MESSAGE.pam | 9 -
openssh8/Makefile | 209 ---------------------
openssh8/PLIST | 31 ---
openssh8/distinfo | 29 ---
openssh8/files/org.openssh.sshd.sb.in | 23 ---
openssh8/files/smf/manifest.xml | 46 -----
openssh8/files/smf/sshd.sh | 68 -------
openssh8/files/sshd.sh | 115 ------------
openssh8/options.mk | 51 -----
openssh8/patches/patch-Makefile.in | 31 ---
openssh8/patches/patch-auth-passwd.c | 27 ---
openssh8/patches/patch-auth-rhosts.c | 33 ----
openssh8/patches/patch-auth.c | 27 ---
openssh8/patches/patch-auth2.c | 15 --
openssh8/patches/patch-clientloop.c | 63 -------
openssh8/patches/patch-config.h.in | 37 ----
openssh8/patches/patch-configure.ac | 138 --------------
openssh8/patches/patch-defines.h | 47 -----
openssh8/patches/patch-includes.h | 17 --
openssh8/patches/patch-loginrec.c | 68 -------
.../patches/patch-openbsd-compat_bsd-openpty.c | 22 ---
.../patches/patch-openbsd-compat_openbsd-compat.h | 17 --
openssh8/patches/patch-openbsd-compat_port-tun.c | 45 -----
openssh8/patches/patch-platform.c | 16 --
openssh8/patches/patch-sandbox-darwin.c | 23 ---
openssh8/patches/patch-scp.c | 39 ----
openssh8/patches/patch-session.c | 65 -------
openssh8/patches/patch-sftp-common.c | 14 --
openssh8/patches/patch-sshd.8 | 27 ---
openssh8/patches/patch-sshd.c | 137 --------------
openssh8/patches/patch-sshpty.c | 24 ---
openssh8/patches/patch-uidswap.c | 77 --------
59 files changed, 2934 deletions(-)
diffs:
diff --git a/openssh/DESCR b/openssh/DESCR
deleted file mode 100644
index 764ae7f090..0000000000
--- a/openssh/DESCR
+++ /dev/null
@@ -1,14 +0,0 @@
-OpenSSH is based on the last free version of Tatu Ylonen's SSH with
-all patent-encumbered algorithms removed (to external libraries), all
-known security bugs fixed, new features reintroduced and many other
-clean-ups. More information about SSH itself can be found in the file
-README.Ylonen. OpenSSH has been created by Aaron Campbell, Bob Beck,
-Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song.
-
-This port consists of the re-introduction of autoconf support, PAM
-support (for Linux and Solaris), EGD[1] support, SOCKS support (using
-the Dante [6] libraries and replacements for OpenBSD library functions
-that are (regrettably) absent from other unices. This port has been
-best tested on Linux, Solaris, HPUX, NetBSD and Irix. Support for AIX,
-SCO, NeXT and other Unices is underway. This version actively tracks
-changes in the OpenBSD CVS repository.
diff --git a/openssh/INSTALL b/openssh/INSTALL
deleted file mode 100644
index 8b8d1d310e..0000000000
--- a/openssh/INSTALL
+++ /dev/null
@@ -1,36 +0,0 @@
-# $NetBSD: INSTALL,v 1.10 2003/08/30 20:23:06 jlam Exp $
-
-DIRS="/etc /etc/ssh ${PKG_PREFIX}/etc ${PKG_PREFIX}/etc/ssh"
-FILES="sshd.conf sshd_config"
-
-case ${STAGE} in
-POST-INSTALL)
- for dir in $DIRS; do
- if [ "@PKG_SYSCONFDIR@" != "$dir" ]; then
- for file in $FILES; do
- path=$dir/$file
- if [ -f $path ]; then
- ${CAT} <<EOF
-===========================================================================
-
- *===* NOTICE *===*
-
-WARNING: previous configuration file $path found.
-
-The config files for ${PKGNAME} must be located in:
-
- @PKG_SYSCONFDIR@
-
-You will need to ensure your configuration files and/or keys are
-placed in the correct directory before using ${PKGNAME}.
-
-===========================================================================
-EOF
-
- exit
- fi
- done
- fi
- done
- ;;
-esac
diff --git a/openssh/MESSAGE.pam b/openssh/MESSAGE.pam
deleted file mode 100644
index e111287144..0000000000
--- a/openssh/MESSAGE.pam
+++ /dev/null
@@ -1,9 +0,0 @@
-===========================================================================
-$NetBSD: MESSAGE.pam,v 1.3 2003/10/08 18:54:42 reed Exp $
-
-To authenticate for SSH using PAM, add the contents of the file:
-
- ${EGDIR}/sshd.pam
-
-to your PAM configuration file (or PAM configuration directory).
-===========================================================================
diff --git a/openssh/Makefile b/openssh/Makefile
deleted file mode 100644
index c24fd657ca..0000000000
--- a/openssh/Makefile
+++ /dev/null
@@ -1,186 +0,0 @@
-# $NetBSD: Makefile,v 1.258 2019/04/25 14:55:04 tron Exp $
-
-DISTNAME= openssh-8.0p1
-PKGNAME= ${DISTNAME:S/p1/.1/}
-PKGREVISION= 1
-CATEGORIES= security
-MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenSSH/portable/}
-
-MAINTAINER= pkgsrc-users%NetBSD.org@localhost
-HOMEPAGE= http://www.openssh.com/
-COMMENT= Open Source Secure shell client and server (remote login program)
-LICENSE= modified-bsd
-
-CONFLICTS= sftp-[0-9]*
-CONFLICTS+= ssh-[0-9]* ssh6-[0-9]*
-CONFLICTS+= ssh2-[0-9]* ssh2-nox11-[0-9]*
-CONFLICTS+= openssh+gssapi-[0-9]*
-CONFLICTS+= lsh>2.0
-BROKEN_ON_PLATFORM+= OpenBSD-*-*
-
-USE_GCC_RUNTIME= yes
-USE_TOOLS+= autoconf perl
-
-# retain the following line, for IPv6-ready pkgsrc webpage
-BUILD_DEFS+= IPV6_READY
-
-PKG_GROUPS_VARS+= OPENSSH_GROUP
-PKG_USERS_VARS+= OPENSSH_USER
-BUILD_DEFS+= OPENSSH_CHROOT
-BUILD_DEFS+= VARBASE
-
-INSTALL_TARGET= install-nokeys
-
-.include "options.mk"
-
-# fixes: dyld: Symbol not found: _allow_severity
-CONFIGURE_ARGS.Darwin+= --disable-strip
-
-PKG_GROUPS= ${OPENSSH_GROUP}
-PKG_USERS= ${OPENSSH_USER}:${OPENSSH_GROUP}
-
-PKG_GECOS.${OPENSSH_USER}= sshd privsep pseudo-user
-PKG_HOME.${OPENSSH_USER}= ${OPENSSH_CHROOT}
-
-SSH_PID_DIR= ${VARBASE}/run # default directory for PID files
-
-PKG_SYSCONFSUBDIR= ssh
-
-GNU_CONFIGURE= yes
-CONFIGURE_ARGS+= --with-mantype=man
-CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
-CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR}
-CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}
-
-CONFIGURE_ARGS+= --with-privsep-path=${OPENSSH_CHROOT:Q}
-CONFIGURE_ARGS+= --with-privsep-user=${OPENSSH_USER}
-
-# pkgsrc already enforces a "secure" version of zlib via dependencies,
-# so skip this bogus version check.
-CONFIGURE_ARGS+= --without-zlib-version-check
-
-.if ${_PKGSRC_MKPIE} != "no"
-CONFIGURE_ARGS+= --with-pie
-.endif
-
-# the openssh configure script finds and uses ${LD} if defined and
-# defaults to ${CC} if not. we override LD here, since running the
-# linker directly results in undefined symbols for obvious reasons.
-#
-CONFIGURE_ENV+= LD=${CC:Q}
-
-# Enable S/Key support on NetBSD, Darwin, and Solaris.
-.if (${OPSYS} == "NetBSD") || (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS")
-. include "../../security/skey/buildlink3.mk"
-CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey}
-.else
-CONFIGURE_ARGS+= --without-skey
-.endif
-
-.if (${OPSYS} == "NetBSD")
-. if exists(/usr/include/utmpx.h)
-# if we have utmpx et al do not try to use login()
-CONFIGURE_ARGS+= --disable-libutil
-. endif
-#
-# NetBSD current after 2011/03/12 has incompatible strnvis(3) and
-# prior version don't have it. So, disable use of strnvis(3) now.
-#
-CONFIGURE_ENV+= ac_cv_func_strnvis=no
-#
-# workaround for ./configure problem, pkg/50936
-#
-CONFIGURE_ENV+= ac_cv_func_reallocarray=no
-.endif
-
-.if (${OPSYS} == "SunOS") && (${OS_VERSION} == "5.8" || ${OS_VERSION} == "5.9")
-CONFIGURE_ARGS+= --disable-utmp --disable-wtmp
-.endif
-
-CONFIGURE_ARGS.Linux+= --enable-md5-password
-
-# The ssh-askpass program is in ${X11BASE}/bin or ${PREFIX}/bin depending
-# on if it's part of the X11 distribution, or if it's installed from pkgsrc
-# (security/ssh-askpass).
-#
-.if exists(${X11BASE}/bin/ssh-askpass)
-ASKPASS_PROGRAM= ${X11BASE}/bin/ssh-askpass
-.else
-ASKPASS_PROGRAM= ${PREFIX}/bin/ssh-askpass
-.endif
-CONFIGURE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
-MAKE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
-
-# do the same for xauth
-.if exists(${X11BASE}/bin/xauth)
-CONFIGURE_ARGS+= --with-xauth=${X11BASE}/bin/xauth
-.else
-CONFIGURE_ARGS+= --with-xauth=${PREFIX}/bin/xauth
-.endif
-
-CONFS= ssh_config sshd_config moduli
-
-PLIST_VARS+= darwin
-
-EGDIR= ${PREFIX}/share/examples/${PKGBASE}
-
-# enable privsep patches
-.if ${OPSYS} == "Darwin"
-CONF_FILES+= ${EGDIR}/org.openssh.sshd.sb ${PKG_SYSCONFDIR}/org.openssh.sshd.sb
-CPPFLAGS+= -D__APPLE_SANDBOX_NAMED_EXTERNAL__
-PLIST.darwin= yes
-.endif
-
-.for f in ${CONFS}
-CONF_FILES+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f}
-.endfor
-OWN_DIRS= ${OPENSSH_CHROOT}
-RCD_SCRIPTS= sshd
-RCD_SCRIPT_SRC.sshd= ${WRKDIR}/sshd.sh
-SMF_METHODS= sshd
-
-FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR}
-
-SUBST_CLASSES+= patch
-SUBST_STAGE.patch= pre-configure
-SUBST_FILES.patch= session.c sandbox-darwin.c
-SUBST_SED.patch= -e '/channel_input_port_forward_request/s/0/ROOTUID/'
-SUBST_VARS.patch= PKG_SYSCONFDIR
-
-.include "../../devel/zlib/buildlink3.mk"
-.include "../../security/tcp_wrappers/buildlink3.mk"
-
-#
-# type of key "ecdsa" isn't always supported depends on OpenSSL.
-#
-pre-configure:
- cd ${WRKSRC} && autoconf -i
-
-post-configure:
- if ${EGREP} -q '^\#define[ ]+OPENSSL_HAS_ECC' \
- ${WRKSRC}/config.h; then \
- ${SED} -e '/HAVE_ECDSA/s/.*//' \
- ${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \
- else \
- ${SED} -e '/HAVE_ECDSA_START/,/HAVE_ECDSA_STOP/d' \
- ${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \
- fi
- ${SED} -e 's,@VARBASE@,${VARBASE},g' \
- < ${FILESDIR}/org.openssh.sshd.sb.in \
- > ${WRKDIR}/org.openssh.sshd.sb
-
-post-install:
- ${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR}
- cd ${WRKSRC}; for file in ${CONFS}; do \
- ${INSTALL_DATA} $${file}.out ${DESTDIR}${EGDIR}/$${file}; \
- done
-.if !empty(PKG_OPTIONS:Mpam) && ${OPSYS} == "Linux"
- ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.generic \
- ${DESTDIR}${EGDIR}/sshd.pam
-.endif
-.if ${OPSYS} == "Darwin"
- ${INSTALL_DATA} ${WRKDIR}/org.openssh.sshd.sb \
- ${DESTDIR}${EGDIR}/org.openssh.sshd.sb
-.endif
-
-.include "../../mk/bsd.pkg.mk"
diff --git a/openssh/PLIST b/openssh/PLIST
deleted file mode 100644
index 1c18b8b3e9..0000000000
--- a/openssh/PLIST
+++ /dev/null
@@ -1,31 +0,0 @@
-@comment $NetBSD: PLIST,v 1.19 2017/01/19 03:50:53 maya Exp $
-bin/scp
-bin/sftp
-bin/ssh
-bin/ssh-add
-bin/ssh-agent
-bin/ssh-keygen
-bin/ssh-keyscan
-libexec/sftp-server
-libexec/ssh-keysign
-libexec/ssh-pkcs11-helper
-man/man1/scp.1
-man/man1/sftp.1
-man/man1/ssh-add.1
-man/man1/ssh-agent.1
-man/man1/ssh-keygen.1
-man/man1/ssh-keyscan.1
-man/man1/ssh.1
-man/man5/moduli.5
-man/man5/ssh_config.5
-man/man5/sshd_config.5
-man/man8/sftp-server.8
-man/man8/ssh-keysign.8
-man/man8/ssh-pkcs11-helper.8
-man/man8/sshd.8
-sbin/sshd
-share/examples/openssh/moduli
-${PLIST.darwin}share/examples/openssh/org.openssh.sshd.sb
-share/examples/openssh/ssh_config
-${PLIST.pam}share/examples/openssh/sshd.pam
-share/examples/openssh/sshd_config
diff --git a/openssh/distinfo b/openssh/distinfo
deleted file mode 100644
index 4662b0524f..0000000000
--- a/openssh/distinfo
+++ /dev/null
@@ -1,18 +0,0 @@
-$NetBSD: distinfo,v 1.106 2019/01/18 20:13:36 tnn Exp $
-
-SHA1 (openssh-8.0p1.tar.gz) = 756dbb99193f9541c9206a667eaa27b0fa184a4f
-RMD160 (openssh-8.0p1.tar.gz) = 9c0d0d97a5f9f97329bf334725dfbad53576d612
-SHA512 (openssh-8.0p1.tar.gz) = e280fa2d56f550efd37c5d2477670326261aa8b94d991f9eb17aad90e0c6c9c939efa90fe87d33260d0f709485cb05c379f0fd1bd44fc0d5190298b6398c9982
-Size (openssh-8.0p1.tar.gz) = 1597697 bytes
-SHA1 (patch-Makefile.in) = 13502b825c13c98b2ba3b84ff4bae9aa664b76b1
-SHA1 (patch-auth.c) = 194e3293fdc18b93014041d379d57df172716e1c
-SHA1 (patch-clientloop.c) = 4e88fbd14db33f003eb93c30c682a017e102196e
-SHA1 (patch-config.h.in) = 7d1050743da7264763254b57938775c546c3baa5
-SHA1 (patch-configure.ac) = 321ef5ed83abe7e07d38026e096a10700b010ac8
-SHA1 (patch-defines.h) = bd8687a9a2857f3b8d15ae94095f27f9344003c4
-SHA1 (patch-loginrec.c) = 76f1e03182cbd18dd9ac0bdfcb6502eec7eb56a9
-SHA1 (patch-openbsd-compat_openbsd-compat.h) = bedbede16ab2fe918419c994ba15a20167b411b4
-SHA1 (patch-openbsd-compat_port-tun.c) = 4b1b55b7fdc319e011d249ee336301b17a589228
-SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75
-SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1
-SHA1 (patch-sshd.c) = 825eeec13608859852f4cfdeaceedce21bd2f164
diff --git a/openssh/files/org.openssh.sshd.sb.in b/openssh/files/org.openssh.sshd.sb.in
deleted file mode 100644
index e060377c92..0000000000
--- a/openssh/files/org.openssh.sshd.sb.in
+++ /dev/null
@@ -1,23 +0,0 @@
-;; $NetBSD: org.openssh.sshd.sb.in,v 1.1 2015/08/14 08:57:00 jperkin Exp $
-;;
-;; Copyright (c) 2008 Apple Inc. All Rights reserved.
-;;
-;; sshd - profile for privilege separated children
-;;
-;; WARNING: The sandbox rules in this file currently constitute
-;; Apple System Private Interface and are subject to change at any time and
-;; without notice.
-;;
-
-(version 1)
-
-(deny default)
-
-(allow file-chroot)
-(allow file-read-metadata (literal "@VARBASE@"))
-
-(allow sysctl-read)
-(allow mach-per-user-lookup)
-(allow mach-lookup
- (global-name "com.apple.system.notification_center")
- (global-name "com.apple.system.logger"))
diff --git a/openssh/files/smf/manifest.xml b/openssh/files/smf/manifest.xml
deleted file mode 100644
index 71e9800b9b..0000000000
--- a/openssh/files/smf/manifest.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version='1.0'?>
-<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
-<service_bundle type='manifest' name='export'>
- <service name='@SMF_PREFIX@/@SMF_NAME@' type='service' version='1'>
- <create_default_instance enabled='false'/>
- <single_instance/>
- <dependency name='fs-local' grouping='require_all' restart_on='none' type='service'>
- <service_fmri value='svc:/system/filesystem/local'/>
- </dependency>
- <dependency name='net-loopback' grouping='require_all' restart_on='none' type='service'>
- <service_fmri value='svc:/network/loopback'/>
- </dependency>
- <dependency name='net-physical' grouping='require_all' restart_on='none' type='service'>
- <service_fmri value='svc:/network/physical'/>
- </dependency>
- <dependency name='cryptosvc' grouping='require_all' restart_on='none' type='service'>
- <service_fmri value='svc:/system/cryptosvc'/>
- </dependency>
- <dependency name='utmp' grouping='require_all' restart_on='none' type='service'>
- <service_fmri value='svc:/system/utmp'/>
- </dependency>
- <dependency name='config_data' grouping='require_all' restart_on='restart' type='path'>
- <service_fmri value='file://localhost@PKG_SYSCONFDIR@/sshd_config'/>
- </dependency>
- <dependent name='openssh_multi-user-server' restart_on='none' grouping='optional_all'>
- <service_fmri value='svc:/milestone/multi-user-server'/>
- </dependent>
- <exec_method name='start' type='method' exec='@PREFIX@/@SMF_METHOD_FILE.sshd@ start' timeout_seconds='60'/>
- <exec_method name='stop' type='method' exec=':kill' timeout_seconds='60'/>
- <exec_method name='refresh' type='method' exec='@PREFIX@/@SMF_METHOD_FILE.sshd@ restart' timeout_seconds='60'/>
- <property_group name='general' type='framework'>
- <property name='action_authorization' type='astring'/>
- </property_group>
- <property_group name='startd' type='framework'>
- <propval name='ignore_error' type='astring' value='core,signal'/>
- </property_group>
- <template>
- <common_name>
- <loctext xml:lang='C'>OpenSSH server</loctext>
- </common_name>
- <documentation>
- <manpage title='sshd' section='1M' manpath='@PREFIX@/@PKGMANDIR@'/>
- </documentation>
- </template>
- </service>
-</service_bundle>
diff --git a/openssh/files/smf/sshd.sh b/openssh/files/smf/sshd.sh
deleted file mode 100644
index 0ab48193b1..0000000000
--- a/openssh/files/smf/sshd.sh
+++ /dev/null
@@ -1,68 +0,0 @@
-#!@SMF_METHOD_SHELL@
-#
-# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
-#
-# ident "@(#)sshd 1.4 04/11/17 SMI"
-
-SSHDIR=@PKG_SYSCONFDIR@
-KEYGEN="@PREFIX@/bin/ssh-keygen -q"
-PIDFILE=@VARBASE@/run/sshd.pid
-
-# Checks to see if RSA, and DSA host keys are available
-# if any of these keys are not present, the respective keys are created.
-create_key()
-{
- keypath=$1
- keytype=$2
-
- if [ ! -f $keypath ]; then
- grep "^HostKey $keypath" $SSHDIR/sshd_config > /dev/null 2>&1
- if [ $? -eq 0 ]; then
- echo Creating new $keytype public/private host key pair
- $KEYGEN -f $keypath -t $keytype -N ''
- return $?
- fi
- fi
-
- return 0
-}
-
-# This script is being used for two purposes: as part of an SMF
-# start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M)
-# application.
-#
-# Both, the SMF methods and sysidconfig/sys-unconfig use different
-# arguments..
-
-case $1 in
- # sysidconfig/sys-unconfig arguments (-c and -u)
-'-c')
- create_key $SSHDIR/ssh_host_rsa_key rsa
- create_key $SSHDIR/ssh_host_dsa_key dsa
- ;;
-
-'-u')
- # sys-unconfig(1M) knows how to remove ssh host keys, so there's
- # nothing to do here.
- :
- ;;
-
- # SMF arguments (start and restart [really "refresh"])
-'start')
- @PREFIX@/sbin/sshd
- ;;
-
-'restart')
- if [ -f "$PIDFILE" ]; then
- /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
- fi
- ;;
-
-*)
- echo "Usage: $0 { start | restart }"
- exit 1
- ;;
-esac
-
-exit $?
diff --git a/openssh/files/sshd.sh b/openssh/files/sshd.sh
deleted file mode 100644
index 8493e047e4..0000000000
--- a/openssh/files/sshd.sh
+++ /dev/null
@@ -1,115 +0,0 @@
-#!@RCD_SCRIPTS_SHELL@
-#
-# $NetBSD: sshd.sh,v 1.16 2015/11/11 11:40:06 sevan Exp $
-#
-# PROVIDE: sshd
-# REQUIRE: DAEMON LOGIN
-
-if [ -f /etc/rc.subr ]
-then
- . /etc/rc.subr
-fi
-
-name="sshd"
-rcvar=$name
-command="@PREFIX@/sbin/${name}"
-keygen_command="@PREFIX@/bin/ssh-keygen"
-pidfile="@SSH_PID_DIR@/${name}.pid"
-required_files="@PKG_SYSCONFDIR@/sshd_config"
-extra_commands="keygen reload"
-
-sshd_keygen()
-{
- (
- umask 022
- if [ -f @PKG_SYSCONFDIR@/ssh_host_dsa_key ]; then
- @ECHO@ "You already have a DSA host key in @PKG_SYSCONFDIR@/ssh_host_dsa_key"
- @ECHO@ "Skipping protocol version 2 DSA Key Generation"
- else
- ${keygen_command} -t dsa -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -N ''
- fi
-
- if [ -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then
- @ECHO@ "You already have a RSA host key in @PKG_SYSCONFDIR@/ssh_host_rsa_key"
- @ECHO@ "Skipping protocol version 2 RSA Key Generation"
- else
- ${keygen_command} -t rsa -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -N ''
- fi
-# HAVE_ECDSA_START
- if [ -f @PKG_SYSCONFDIR@/ssh_host_ecdsa_key ]; then
- @ECHO@ "You already have a ECDSA host key in @PKG_SYSCONFDIR@/ssh_host_ecdsa_key"
- @ECHO@ "Skipping protocol version 2 ECDSA Key Generation"
- else
- ${keygen_command} -t ecdsa -f @PKG_SYSCONFDIR@/ssh_host_ecdsa_key -N ''
- fi
-# HAVE_ECDSA_STOP
-# HAVE_ED25519_START
- if [ -f @PKG_SYSCONFDIR@/ssh_host_ed25519_key ]; then
- @ECHO@ "You already have a ED25519 host key in @PKG_SYSCONFDIR@/ssh_host_ed25519_key"
- @ECHO@ "Skipping protocol version 2 ED25519 Key Generation"
- else
- ${keygen_command} -t ed25519 -f @PKG_SYSCONFDIR@/ssh_host_ed25519_key -N ''
- fi
-# HAVE_ED25519_STOP
- )
-}
-
-sshd_precmd()
-{
- if [ ! -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -o \
- ! -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -o \
- ! -f @PKG_SYSCONFDIR@/ssh_host_ecdsa_key -o \
- ! -f @PKG_SYSCONFDIR@/ssh_host_ed25519_key ]; then
- if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ]
- then
- run_rc_command keygen
- else
- eval ${keygen_cmd}
- fi
- fi
-}
-
-keygen_cmd=sshd_keygen
-start_precmd=sshd_precmd
-
-if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ]
-then
- load_rc_config $name
- run_rc_command "$1"
-else
- case ${1:-start} in
- start)
- if [ -x ${command} -a -f ${required_files} ]
- then
- @ECHO@ "Starting ${name}."
- eval ${start_precmd}
- eval ${command} ${sshd_flags} ${command_args}
- fi
- ;;
- stop)
- if [ -f ${pidfile} ]; then
- pid=`@HEAD@ -1 ${pidfile}`
- @ECHO@ "Stopping ${name}."
- kill -TERM ${pid}
- else
- @ECHO@ "${name} not running?"
- fi
- ;;
- restart)
- ( $0 stop )
- sleep 1
- $0 start
- ;;
- status)
- if [ -f ${pidfile} ]; then
- pid=`@HEAD@ -1 ${pidfile}`
- @ECHO@ "${name} is running as pid ${pid}."
- else
- @ECHO@ "${name} is not running."
- fi
- ;;
- keygen)
- eval ${keygen_cmd}
- ;;
- esac
-fi
diff --git a/openssh/options.mk b/openssh/options.mk
deleted file mode 100644
index 6e941d6b5b..0000000000
--- a/openssh/options.mk
+++ /dev/null
@@ -1,51 +0,0 @@
-# $NetBSD: options.mk,v 1.36 2019/04/25 14:55:04 tron Exp $
-
-PKG_OPTIONS_VAR= PKG_OPTIONS.openssh
-PKG_SUPPORTED_OPTIONS= editline kerberos openssl pam
-PKG_SUGGESTED_OPTIONS= editline openssl
-
-.include "../../mk/bsd.prefs.mk"
-
-.if ${OPSYS} == "NetBSD"
-PKG_SUGGESTED_OPTIONS+= pam
-.endif
-
-.include "../../mk/bsd.options.mk"
-
-.if !empty(PKG_OPTIONS:Mopenssl)
-.include "../../security/openssl/buildlink3.mk"
-CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE:Q}
-.else
-CONFIGURE_ARGS+= --without-openssl
-.endif
-
-.if !empty(PKG_OPTIONS:Mkerberos)
-. include "../../mk/krb5.buildlink3.mk"
-CONFIGURE_ARGS+= --with-kerberos5=${KRB5BASE}
-. if ${KRB5_TYPE} == "mit-krb5"
-CONFIGURE_ENV+= ac_cv_search_k_hasafs=no
-. endif
-.endif
-
-#.if !empty(PKG_OPTIONS:Mhpn-patch)
-#PATCHFILES= openssh-7.1p1-hpn-20150822.diff.bz2
-#PATCH_SITES= ftp://ftp.NetBSD.org/pub/NetBSD/misc/openssh/
-#PATCH_DIST_STRIP= -p1
-#.endif
-
-PLIST_VARS+= pam
-
-.if !empty(PKG_OPTIONS:Mpam)
-.include "../../mk/pam.buildlink3.mk"
-CONFIGURE_ARGS+= --with-pam
-MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam
-MESSAGE_SUBST+= EGDIR=${EGDIR}
-. if ${OPSYS} == "Linux"
-PLIST.pam= yes
-. endif
-.endif
-
-.if !empty(PKG_OPTIONS:Meditline)
-.include "../../devel/editline/buildlink3.mk"
-CONFIGURE_ARGS+= --with-libedit=${BUILDLINK_PREFIX.editline}
-.endif
diff --git a/openssh/patches/patch-Makefile.in b/openssh/patches/patch-Makefile.in
deleted file mode 100644
index 969eab46e7..0000000000
--- a/openssh/patches/patch-Makefile.in
+++ /dev/null
@@ -1,31 +0,0 @@
-$NetBSD: patch-Makefile.in,v 1.6 2019/01/18 20:13:37 tnn Exp $
-
-Removed install-sysconf as we handle that phase through post-install
-
---- Makefile.in.orig 2018-10-17 00:01:20.000000000 +0000
-+++ Makefile.in
-@@ -1,5 +1,5 @@
- # uncomment if you run a non bourne compatible shell. Ie. csh
--#SHELL = @SH@
-+SHELL = @SH@
-
- AUTORECONF=autoreconf
-
-@@ -20,7 +20,7 @@ top_srcdir=@top_srcdir@
- DESTDIR=
- VPATH=@srcdir@
- SSH_PROGRAM=@bindir@/ssh
--ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
-+#ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
- SFTP_SERVER=$(libexecdir)/sftp-server
- SSH_KEYSIGN=$(libexecdir)/ssh-keysign
- SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
-@@ -320,7 +320,7 @@ distprep: catman-do depend-check
- -rm -rf autom4te.cache .depend.bak
-
- install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
--install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
-+install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
- install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
-
- check-config:
diff --git a/openssh/patches/patch-auth.c b/openssh/patches/patch-auth.c
deleted file mode 100644
index 5a677de3cd..0000000000
--- a/openssh/patches/patch-auth.c
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-auth.c,v 1.4 2016/01/18 12:53:26 jperkin Exp $
-
-* Use login_getpwclass() instead of login_getclass() so that the root
- vs. default login class distinction is made correctly, from FrrrBSD's
- ports.
-
---- auth.c.orig 2019-05-01 11:28:52.028281617 +0000
-+++ auth.c
-@@ -599,7 +599,7 @@ getpwnamallow(struct ssh *ssh, const cha
- if (!allowed_user(ssh, pw))
- return (NULL);
- #ifdef HAVE_LOGIN_CAP
-- if ((lc = login_getclass(pw->pw_class)) == NULL) {
-+ if ((lc = login_getpwclass(pw->pw_class)) == NULL) {
- debug("unable to get login class: %s", user);
- return (NULL);
- }
diff --git a/openssh/patches/patch-clientloop.c b/openssh/patches/patch-clientloop.c
deleted file mode 100644
index 1089e0330c..0000000000
--- a/openssh/patches/patch-clientloop.c
+++ /dev/null
@@ -1,63 +0,0 @@
-$NetBSD: patch-clientloop.c,v 1.5 2016/12/30 04:43:16 taca Exp $
-
-Fix X11 forwarding under Mac OS X Yosemite. Patch taken from MacPorts.
-
-https://trac.macports.org/browser/trunk/dports/net/openssh/files/launchd.patch?rev=121205
-
---- clientloop.c.orig 2016-12-19 04:59:41.000000000 +0000
-+++ clientloop.c
-@@ -315,6 +315,10 @@ client_x11_get_proto(const char *display
- struct stat st;
- u_int now, x11_timeout_real;
-
-+#if __APPLE__
-+ int is_path_to_socket = 0;
-+#endif /* __APPLE__ */
-+
- *_proto = proto;
- *_data = data;
- proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
-@@ -331,6 +335,33 @@ client_x11_get_proto(const char *display
- }
-
- if (xauth_path != NULL) {
-+#if __APPLE__
-+ {
-+ /*
-+ * If using launchd socket, remove the screen number from the end
-+ * of $DISPLAY. is_path_to_socket is used later in this function
-+ * to determine if an error should be displayed.
-+ */
-+ char path[PATH_MAX];
-+ struct stat sbuf;
-+
-+ strlcpy(path, display, sizeof(path));
-+ if (0 == stat(path, &sbuf)) {
-+ is_path_to_socket = 1;
-+ } else {
-+ char *dot = strrchr(path, '.');
-+ if (dot) {
-+ *dot = '\0';
-+ /* screen = atoi(dot + 1); */
-+ if (0 == stat(path, &sbuf)) {
-+ is_path_to_socket = 1;
-+ debug("x11_get_proto: $DISPLAY is launchd, removing screennum");
-+ setenv("DISPLAY", path, 1);
-+ }
-+ }
-+ }
-+ }
-+#endif /* __APPLE__ */
- /*
- * Handle FamilyLocal case where $DISPLAY does
- * not match an authorization entry. For this we
-@@ -441,6 +472,9 @@ client_x11_get_proto(const char *display
- u_int8_t rnd[16];
- u_int i;
-
-+#if __APPLE__
-+ if (!is_path_to_socket)
-+#endif /* __APPLE__ */
- logit("Warning: No xauth data; "
- "using fake authentication data for X11 forwarding.");
- strlcpy(proto, SSH_X11_PROTO, sizeof proto);
diff --git a/openssh/patches/patch-config.h.in b/openssh/patches/patch-config.h.in
deleted file mode 100644
index 5bfcff67d7..0000000000
--- a/openssh/patches/patch-config.h.in
+++ /dev/null
@@ -1,27 +0,0 @@
-$NetBSD: patch-config.h.in,v 1.6 2019/01/18 20:13:37 tnn Exp $
-
-* define new path to if_tun.h.
-* Revive tcp_wrappers support.
-
---- config.h.in.orig 2018-10-19 01:06:33.000000000 +0000
-+++ config.h.in
-@@ -910,6 +913,9 @@
- /* Define to 1 if you have the <net/route.h> header file. */
- #undef HAVE_NET_ROUTE_H
-
-+/* Define to 1 if you have the <net/tun/if_tun.h> header file. */
-+#undef HAVE_NET_TUN_IF_TUN_H
-+
- /* Define if you are on NeXT */
- #undef HAVE_NEXT
-
-@@ -1617,6 +1623,9 @@
- /* Define if pututxline updates lastlog too */
- #undef LASTLOG_WRITE_PUTUTXLINE
-
-+/* Define if you want TCP Wrappers support */
-+#undef LIBWRAP
-+
- /* Define to whatever link() returns for "not supported" if it doesn't return
- EOPNOTSUPP. */
- #undef LINK_OPNOTSUPP_ERRNO
diff --git a/openssh/patches/patch-configure.ac b/openssh/patches/patch-configure.ac
deleted file mode 100644
index 08c0ba4d6e..0000000000
--- a/openssh/patches/patch-configure.ac
+++ /dev/null
@@ -1,122 +0,0 @@
-$NetBSD$
-
---- configure.ac.orig 2019-04-17 22:52:57.000000000 +0000
-+++ configure.ac
-@@ -294,6 +294,9 @@ AC_ARG_WITH([rpath],
- ]
- )
-
-+# pkgsrc handles any rpath settings this package needs
-+need_dash_r=
-+
- # Allow user to specify flags
- AC_ARG_WITH([cflags],
- [ --with-cflags Specify additional flags to pass to compiler],
-@@ -387,6 +390,7 @@ AC_CHECK_HEADERS([ \
- maillock.h \
- ndir.h \
- net/if_tun.h \
-+ net/tun/if_tun.h \
- netdb.h \
- netgroup.h \
- pam/pam_appl.h \
-@@ -1494,6 +1507,62 @@ else
- AC_MSG_RESULT([no])
- fi
-
-+# Check whether user wants TCP wrappers support
-+TCPW_MSG="no"
-+AC_ARG_WITH([tcp-wrappers],
-+ [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ saved_LIBS="$LIBS"
-+ saved_LDFLAGS="$LDFLAGS"
-+ saved_CPPFLAGS="$CPPFLAGS"
-+ if test -n "${withval}" && \
-+ test "x${withval}" != "xyes"; then
-+ if test -d "${withval}/lib"; then
-+ if test -n "${need_dash_r}"; then
-+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
-+ else
-+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
-+ fi
-+ else
-+ if test -n "${need_dash_r}"; then
-+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
-+ else
-+ LDFLAGS="-L${withval} ${LDFLAGS}"
-+ fi
-+ fi
-+ if test -d "${withval}/include"; then
-+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
-+ else
-+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
-+ fi
-+ fi
-+ LIBS="-lwrap $LIBS"
-+ AC_MSG_CHECKING([for libwrap])
-+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <netinet/in.h>
-+#include <tcpd.h>
-+int deny_severity = 0, allow_severity = 0;
-+ ]], [[
-+ hosts_access(0);
-+ ]])], [
-+ AC_MSG_RESULT([yes])
-+ AC_DEFINE([LIBWRAP], [1],
-+ [Define if you want
-+ TCP Wrappers support])
-+ SSHDLIBS="$SSHDLIBS -lwrap"
-+ TCPW_MSG="yes"
-+ ], [
-+ AC_MSG_ERROR([*** libwrap missing])
-+
-+ ])
-+ LIBS="$saved_LIBS"
-+ fi
-+ ]
-+)
-+
- # Check whether user wants to use ldns
- LDNS_MSG="no"
- AC_ARG_WITH(ldns,
-@@ -5129,9 +5198,17 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
- ])
- if test -z "$conf_wtmpx_location"; then
- if test x"$system_wtmpx_path" = x"no" ; then
-- AC_DEFINE([DISABLE_WTMPX])
-+ for f in /var/log/wtmpx; do
-+ if test -f $f ; then
-+ conf_wtmpx_location=$f
-+ fi
-+ done
-+ if test -z "$conf_wtmpx_location"; then
-+ AC_DEFINE(DISABLE_WTMPX)
-+ fi
- fi
--else
-+fi
-+if test -n "$conf_wtmpx_location"; then
- AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
- [Define if you want to specify the path to your wtmpx file])
- fi
-@@ -5223,7 +5300,7 @@ echo "OpenSSH has been configured with t
- echo " User binaries: $B"
- echo " System binaries: $C"
- echo " Configuration files: $D"
--echo " Askpass program: $E"
-+echo " Askpass program: ${ASKPASS_PROGRAM}"
- echo " Manual pages: $F"
- echo " PID file: $G"
- echo " Privilege separation chroot path: $H"
-@@ -5245,6 +5322,7 @@ echo " PAM support
- echo " OSF SIA support: $SIA_MSG"
- echo " KerberosV support: $KRB5_MSG"
- echo " SELinux support: $SELINUX_MSG"
-+echo " TCP Wrappers support: $TCPW_MSG"
- echo " MD5 password support: $MD5_MSG"
- echo " libedit support: $LIBEDIT_MSG"
- echo " libldns support: $LDNS_MSG"
diff --git a/openssh/patches/patch-defines.h b/openssh/patches/patch-defines.h
deleted file mode 100644
index 63788b31ba..0000000000
--- a/openssh/patches/patch-defines.h
+++ /dev/null
@@ -1,47 +0,0 @@
-$NetBSD: patch-defines.h,v 1.4 2016/01/18 12:53:26 jperkin Exp $
-
-Define ROOTUID, UTMPX_FILE and WTMPX_FILE
-
---- defines.h.orig 2015-08-21 04:49:03.000000000 +0000
-+++ defines.h
-@@ -30,6 +30,15 @@
-
- /* Constants */
-
-+#ifdef HAVE_INTERIX
-+/* Interix has a special concept of "administrator". */
-+# define ROOTUID 197108
-+# define ROOTGID 131616
-+#else
-+# define ROOTUID 0
-+# define ROOTGID 0
-+#endif
-+
- #if defined(HAVE_DECL_SHUT_RD) && HAVE_DECL_SHUT_RD == 0
- enum
- {
-@@ -721,6 +730,24 @@ struct winsize {
- # endif
- # endif
- #endif
-+#ifndef UTMPX_FILE
-+# ifdef _PATH_UTMPX
-+# define UTMPX_FILE _PATH_UTMPX
-+# else
-+# ifdef CONF_UTMPX_FILE
-+# define UTMPX_FILE CONF_UTMPX_FILE
-+# endif
-+# endif
-+#endif
-+#ifndef WTMPX_FILE
-+# ifdef _PATH_WTMPX
-+# define WTMPX_FILE _PATH_WTMPX
-+# else
-+# ifdef CONF_WTMPX_FILE
-+# define WTMPX_FILE CONF_WTMPX_FILE
-+# endif
-+# endif
-+#endif
- /* pick up the user's location for lastlog if given */
- #ifndef LASTLOG_FILE
- # ifdef _PATH_LASTLOG
diff --git a/openssh/patches/patch-loginrec.c b/openssh/patches/patch-loginrec.c
deleted file mode 100644
index c12f9b0963..0000000000
--- a/openssh/patches/patch-loginrec.c
+++ /dev/null
@@ -1,60 +0,0 @@
-$NetBSD: patch-loginrec.c,v 1.5 2016/01/18 12:53:26 jperkin Exp $
-
-Interix support and related fixes.
-Fix build on FreeBSD.
-
-XXX remove interix once we figure out which one's which
-
---- loginrec.c.orig 2015-08-21 04:49:03.000000000 +0000
-+++ loginrec.c
-@@ -441,7 +441,7 @@ login_write(struct logininfo *li)
-
- /* set the timestamp */
- login_set_current_time(li);
--#ifdef USE_LOGIN
-+#if defined(USE_LOGIN) && (HAVE_UTMP_H)
- syslogin_write_entry(li);
- #endif
- #ifdef USE_LASTLOG
-@@ -625,7 +625,7 @@ line_abbrevname(char *dst, const char *s
- ** into account.
- **/
-
--#if defined(USE_UTMP) || defined (USE_WTMP) || defined (USE_LOGIN)
-+#if defined(USE_UTMP) || defined (USE_WTMP) || (defined (USE_LOGIN) && defined (HAVE_UTMP_H))
-
- /* build the utmp structure */
- void
-@@ -762,10 +762,6 @@ construct_utmpx(struct logininfo *li, st
- set_utmpx_time(li, utx);
- utx->ut_pid = li->pid;
-
-- /* strncpy(): Don't necessarily want null termination */
-- strncpy(utx->ut_user, li->username,
-- MIN_SIZEOF(utx->ut_user, li->username));
--
- if (li->type == LTYPE_LOGOUT)
- return;
-
-@@ -774,6 +770,12 @@ construct_utmpx(struct logininfo *li, st
- * for logouts.
- */
-
-+ /* strncpy(): Don't necessarily want null termination */
-+#if defined(__FreeBSD__)
-+ strncpy(utx->ut_user, li->username, MIN_SIZEOF(utx->ut_user, li->username));
-+#else
-+ strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name, li->username));
-+#endif
- # ifdef HAVE_HOST_IN_UTMPX
- strncpy(utx->ut_host, li->hostname,
- MIN_SIZEOF(utx->ut_host, li->hostname));
-@@ -1409,7 +1411,7 @@ wtmpx_get_entry(struct logininfo *li)
- ** Low-level libutil login() functions
- **/
-
--#ifdef USE_LOGIN
-+#if defined(USE_LOGIN) && defined(HAVE_UTMP_H)
- static int
- syslogin_perform_login(struct logininfo *li)
- {
diff --git a/openssh/patches/patch-openbsd-compat_openbsd-compat.h b/openssh/patches/patch-openbsd-compat_openbsd-compat.h
deleted file mode 100644
index 771757f15f..0000000000
--- a/openssh/patches/patch-openbsd-compat_openbsd-compat.h
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-openbsd-compat_openbsd-compat.h,v 1.4 2016/01/18 12:53:26 jperkin Exp $
-
-strtoll() declaration
-
---- openbsd-compat/openbsd-compat.h.orig 2015-08-21 04:49:03.000000000 +0000
-+++ openbsd-compat/openbsd-compat.h
-@@ -99,6 +99,10 @@ size_t strlcat(char *dst, const char *sr
- int setenv(register const char *name, register const char *value, int rewrite);
- #endif
-
-+#ifndef HAVE_STRTOLL
-+long long strtoll(const char *, char **, int);
-+#endif
-+
- #ifndef HAVE_STRMODE
- void strmode(int mode, char *p);
- #endif
diff --git a/openssh/patches/patch-openbsd-compat_port-tun.c b/openssh/patches/patch-openbsd-compat_port-tun.c
deleted file mode 100644
index e538617426..0000000000
--- a/openssh/patches/patch-openbsd-compat_port-tun.c
+++ /dev/null
@@ -1,45 +0,0 @@
-$NetBSD: patch-openbsd-compat_port-tun.c,v 1.4 2019/01/18 20:13:37 tnn Exp $
-
-if_tun.h can be found in net/tun
-
---- openbsd-compat/port-net.c.orig 2018-10-17 00:01:20.000000000 +0000
-+++ openbsd-compat/port-net.c
-@@ -1,3 +1,4 @@
-+
- /*
- * Copyright (c) 2005 Reyk Floeter <reyk%openbsd.org@localhost>
- *
-@@ -200,6 +201,10 @@ sys_tun_open(int tun, int mode, char **i
- #include <sys/socket.h>
- #include <net/if.h>
-
-+#ifdef HAVE_NET_TUN_IF_TUN_H
-+#include <net/tun/if_tun.h>
-+#endif
-+
- #ifdef HAVE_NET_IF_TUN_H
- #include <net/if_tun.h>
- #endif
-@@ -209,7 +214,10 @@ sys_tun_open(int tun, int mode, char **i
- {
- struct ifreq ifr;
- char name[100];
-- int fd = -1, sock, flag;
-+ int fd = -1, sock;
-+#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF)
-+ int flag;
-+#endif
- const char *tunbase = "tun";
-
- if (ifname != NULL)
-@@ -246,9 +254,9 @@ sys_tun_open(int tun, int mode, char **i
- return (-1);
- }
-
-+#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF)
- /* Turn on tunnel headers */
- flag = 1;
--#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF)
- if (mode != SSH_TUNMODE_ETHERNET &&
- ioctl(fd, TUNSIFHEAD, &flag) == -1) {
- debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd,
diff --git a/openssh/patches/patch-sandbox-darwin.c b/openssh/patches/patch-sandbox-darwin.c
deleted file mode 100644
index b6624a068e..0000000000
--- a/openssh/patches/patch-sandbox-darwin.c
+++ /dev/null
@@ -1,23 +0,0 @@
-$NetBSD: patch-sandbox-darwin.c,v 1.2 2016/01/18 12:53:26 jperkin Exp $
-
-Support sandbox on newer OSX, from MacPorts.
-
---- sandbox-darwin.c.orig 2015-08-21 04:49:03.000000000 +0000
-+++ sandbox-darwin.c
-@@ -62,8 +62,16 @@ ssh_sandbox_child(struct ssh_sandbox *bo
- struct rlimit rl_zero;
-
- debug3("%s: starting Darwin sandbox", __func__);
-+#ifdef __APPLE_SANDBOX_NAMED_EXTERNAL__
-+#ifndef SANDBOX_NAMED_EXTERNAL
-+#define SANDBOX_NAMED_EXTERNAL (0x3)
-+#endif
-+ if (sandbox_init("@PKG_SYSCONFDIR@/org.openssh.sshd.sb",
-+ SANDBOX_NAMED_EXTERNAL, &errmsg) == -1)
-+#else
- if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED,
- &errmsg) == -1)
-+#endif
- fatal("%s: sandbox_init: %s", __func__, errmsg);
-
- /*
diff --git a/openssh/patches/patch-sshd.8 b/openssh/patches/patch-sshd.8
deleted file mode 100644
index 085accf98c..0000000000
--- a/openssh/patches/patch-sshd.8
+++ /dev/null
@@ -1,27 +0,0 @@
-$NetBSD: patch-sshd.8,v 1.2 2016/01/18 12:53:26 jperkin Exp $
-
-* Revive tcp_wrappers support.
-
---- sshd.8.orig 2015-08-21 04:49:03.000000000 +0000
-+++ sshd.8
-@@ -850,6 +850,12 @@ the user's home directory becomes access
- This file should be writable only by the user, and need not be
- readable by anyone else.
- .Pp
-+.It Pa /etc/hosts.allow
-+.It Pa /etc/hosts.deny
-+Access controls that should be enforced by tcp-wrappers are defined here.
-+Further details are described in
-+.Xr hosts_access 5 .
-+.Pp
- .It Pa /etc/hosts.equiv
- This file is for host-based authentication (see
- .Xr ssh 1 ) .
-@@ -953,6 +959,7 @@ The content of this file is not sensitiv
- .Xr ssh-keygen 1 ,
- .Xr ssh-keyscan 1 ,
- .Xr chroot 2 ,
-+.Xr hosts_access 5 ,
- .Xr login.conf 5 ,
- .Xr moduli 5 ,
- .Xr sshd_config 5 ,
diff --git a/openssh/patches/patch-sshd.c b/openssh/patches/patch-sshd.c
deleted file mode 100644
index 6fb88d0669..0000000000
--- a/openssh/patches/patch-sshd.c
+++ /dev/null
@@ -1,62 +0,0 @@
-$NetBSD$
-
---- sshd.c.orig 2019-04-17 22:52:57.000000000 +0000
-+++ sshd.c
-@@ -123,6 +123,13 @@
- #include "version.h"
- #include "ssherr.h"
-
-+#ifdef LIBWRAP
-+#include <tcpd.h>
-+#include <syslog.h>
-+int allow_severity;
-+int deny_severity;
-+#endif /* LIBWRAP */
-+
- /* Re-exec fds */
- #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
- #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
-@@ -534,10 +541,17 @@ privsep_preauth(struct ssh *ssh)
- /* Arrange for logging to be sent to the monitor */
- set_log_handler(mm_log_handler, pmonitor);
-
-+#ifdef __APPLE_SANDBOX_NAMED_EXTERNAL__
-+ /* We need to do this before we chroot() so we can read sshd.sb */
-+ if (box != NULL)
-+ ssh_sandbox_child(box);
-+#endif
- privsep_preauth_child();
- setproctitle("%s", "[net]");
-+#ifndef __APPLE_SANDBOX_NAMED_EXTERNAL__
- if (box != NULL)
- ssh_sandbox_child(box);
-+#endif
-
- return 0;
- }
-@@ -2053,6 +2067,25 @@ main(int ac, char **av)
- audit_connection_from(remote_ip, remote_port);
- #endif
-
-+#ifdef LIBWRAP
-+ allow_severity = options.log_facility|LOG_INFO;
-+ deny_severity = options.log_facility|LOG_WARNING;
-+ /* Check whether logins are denied from this host. */
-+ if (ssh_packet_connection_is_on_socket(ssh)) {
-+ struct request_info req;
-+
-+ request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
-+ fromhost(&req);
-+
-+ if (!hosts_access(&req)) {
-+ debug("Connection refused by tcp wrapper");
-+ refuse(&req);
-+ /* NOTREACHED */
-+ fatal("libwrap refuse returns");
-+ }
-+ }
-+#endif /* LIBWRAP */
-+
- rdomain = ssh_packet_rdomain_in(ssh);
-
- /* Log the connection. */
diff --git a/openssh/t b/openssh/t
deleted file mode 100644
index 1b533975cb..0000000000
--- a/openssh/t
+++ /dev/null
@@ -1,136 +0,0 @@
---- /var/tmp/pkgsrc-obj/security/openssh/work/openssh-8.0p1/configure.ac.orig 2019-04-17 22:52:57.000000000 +0000
-+++ /var/tmp/pkgsrc-obj/security/openssh/work/openssh-8.0p1/configure.ac 2019-05-01 12:11:27.813134298 +0000
-@@ -294,6 +294,9 @@
- ]
- )
-
-+# pkgsrc handles any rpath settings this package needs
-+need_dash_r=
-+
- # Allow user to specify flags
- AC_ARG_WITH([cflags],
- [ --with-cflags Specify additional flags to pass to compiler],
-@@ -387,6 +390,7 @@
- maillock.h \
- ndir.h \
- net/if_tun.h \
-+ net/tun/if_tun.h \
- netdb.h \
- netgroup.h \
- pam/pam_appl.h \
-@@ -737,6 +741,15 @@
- ;;
- esac
- ;;
-+*-*-interix*)
-+ AC_DEFINE(HAVE_INTERIX)
-+ AC_DEFINE(DISABLE_FD_PASSING)
-+ AC_DEFINE(DISABLE_SHADOW)
-+ AC_DEFINE(IP_TOS_IS_BROKEN)
-+ AC_DEFINE(MISSING_HOWMANY)
-+ AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
-+ AC_DEFINE(USE_PIPES)
-+ ;;
- *-*-irix5*)
- PATH="$PATH:/usr/etc"
- AC_DEFINE([BROKEN_INET_NTOA], [1],
-@@ -1494,6 +1507,62 @@
- AC_MSG_RESULT([no])
- fi
-
-+# Check whether user wants TCP wrappers support
-+TCPW_MSG="no"
-+AC_ARG_WITH([tcp-wrappers],
-+ [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ saved_LIBS="$LIBS"
-+ saved_LDFLAGS="$LDFLAGS"
-+ saved_CPPFLAGS="$CPPFLAGS"
-+ if test -n "${withval}" && \
-+ test "x${withval}" != "xyes"; then
-+ if test -d "${withval}/lib"; then
-+ if test -n "${need_dash_r}"; then
-+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
-+ else
-+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
-+ fi
-+ else
-+ if test -n "${need_dash_r}"; then
-+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
-+ else
-+ LDFLAGS="-L${withval} ${LDFLAGS}"
-+ fi
-+ fi
-+ if test -d "${withval}/include"; then
-+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
-+ else
-+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
-+ fi
-+ fi
-+ LIBS="-lwrap $LIBS"
-+ AC_MSG_CHECKING([for libwrap])
-+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <netinet/in.h>
-+#include <tcpd.h>
-+int deny_severity = 0, allow_severity = 0;
-+ ]], [[
-+ hosts_access(0);
-+ ]])], [
-+ AC_MSG_RESULT([yes])
-+ AC_DEFINE([LIBWRAP], [1],
-+ [Define if you want
-+ TCP Wrappers support])
-+ SSHDLIBS="$SSHDLIBS -lwrap"
-+ TCPW_MSG="yes"
-+ ], [
-+ AC_MSG_ERROR([*** libwrap missing])
-+
-+ ])
-+ LIBS="$saved_LIBS"
-+ fi
-+ ]
-+)
-+
- # Check whether user wants to use ldns
- LDNS_MSG="no"
- AC_ARG_WITH(ldns,
-@@ -5129,9 +5198,17 @@
- ])
- if test -z "$conf_wtmpx_location"; then
- if test x"$system_wtmpx_path" = x"no" ; then
-- AC_DEFINE([DISABLE_WTMPX])
-+ for f in /var/log/wtmpx; do
-+ if test -f $f ; then
-+ conf_wtmpx_location=$f
-+ fi
-+ done
-+ if test -z "$conf_wtmpx_location"; then
-+ AC_DEFINE(DISABLE_WTMPX)
-+ fi
- fi
--else
-+fi
-+if test -n "$conf_wtmpx_location"; then
- AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
- [Define if you want to specify the path to your wtmpx file])
- fi
-@@ -5223,7 +5300,7 @@
- echo " User binaries: $B"
- echo " System binaries: $C"
- echo " Configuration files: $D"
--echo " Askpass program: $E"
-+echo " Askpass program: ${ASKPASS_PROGRAM}"
- echo " Manual pages: $F"
- echo " PID file: $G"
- echo " Privilege separation chroot path: $H"
-@@ -5245,6 +5322,7 @@
- echo " OSF SIA support: $SIA_MSG"
- echo " KerberosV support: $KRB5_MSG"
- echo " SELinux support: $SELINUX_MSG"
-+echo " TCP Wrappers support: $TCPW_MSG"
- echo " MD5 password support: $MD5_MSG"
- echo " libedit support: $LIBEDIT_MSG"
- echo " libldns support: $LDNS_MSG"
diff --git a/openssh8/DESCR b/openssh8/DESCR
deleted file mode 100644
index 764ae7f090..0000000000
--- a/openssh8/DESCR
+++ /dev/null
@@ -1,14 +0,0 @@
-OpenSSH is based on the last free version of Tatu Ylonen's SSH with
-all patent-encumbered algorithms removed (to external libraries), all
-known security bugs fixed, new features reintroduced and many other
-clean-ups. More information about SSH itself can be found in the file
-README.Ylonen. OpenSSH has been created by Aaron Campbell, Bob Beck,
-Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song.
-
-This port consists of the re-introduction of autoconf support, PAM
-support (for Linux and Solaris), EGD[1] support, SOCKS support (using
-the Dante [6] libraries and replacements for OpenBSD library functions
-that are (regrettably) absent from other unices. This port has been
-best tested on Linux, Solaris, HPUX, NetBSD and Irix. Support for AIX,
-SCO, NeXT and other Unices is underway. This version actively tracks
-changes in the OpenBSD CVS repository.
diff --git a/openssh8/INSTALL b/openssh8/INSTALL
deleted file mode 100644
index 8b8d1d310e..0000000000
--- a/openssh8/INSTALL
+++ /dev/null
@@ -1,36 +0,0 @@
-# $NetBSD: INSTALL,v 1.10 2003/08/30 20:23:06 jlam Exp $
-
-DIRS="/etc /etc/ssh ${PKG_PREFIX}/etc ${PKG_PREFIX}/etc/ssh"
-FILES="sshd.conf sshd_config"
-
-case ${STAGE} in
-POST-INSTALL)
- for dir in $DIRS; do
- if [ "@PKG_SYSCONFDIR@" != "$dir" ]; then
- for file in $FILES; do
- path=$dir/$file
- if [ -f $path ]; then
- ${CAT} <<EOF
-===========================================================================
-
- *===* NOTICE *===*
-
-WARNING: previous configuration file $path found.
-
-The config files for ${PKGNAME} must be located in:
-
- @PKG_SYSCONFDIR@
-
-You will need to ensure your configuration files and/or keys are
-placed in the correct directory before using ${PKGNAME}.
-
-===========================================================================
-EOF
-
- exit
- fi
- done
- fi
- done
- ;;
-esac
diff --git a/openssh8/MESSAGE.Interix b/openssh8/MESSAGE.Interix
deleted file mode 100644
index ee57d65d24..0000000000
--- a/openssh8/MESSAGE.Interix
+++ /dev/null
@@ -1,20 +0,0 @@
-===========================================================================
-$NetBSD: MESSAGE.Interix,v 1.1 2005/03/07 23:29:49 tv Exp $
-
-OpenSSH on Interix has some important caveats:
-
-* Hostname resolution uses the BIND resolver library rather than Windows
- native lookup services. This requires that /etc/resolv.conf be set up
- properly with a "nameserver" line; see resolv.conf(5). In most
- installations, this was generated automatically when Services for UNIX
- was installed (based on the name server in use at that time).
-
-* Currently, UsePrivilegeSeparation does not work properly, so it defaults
- to "no" on Interix.
-
-* Network drives and encrypted local files may not be accessible after
- logging in through sshd thanks to the way the Windows security API works.
- A workaround is to "exec su USERNAME" after logging in, which will use
- the password to create a proper Windows access credential key.
-
-===========================================================================
diff --git a/openssh8/MESSAGE.pam b/openssh8/MESSAGE.pam
deleted file mode 100644
index e111287144..0000000000
--- a/openssh8/MESSAGE.pam
+++ /dev/null
@@ -1,9 +0,0 @@
-===========================================================================
-$NetBSD: MESSAGE.pam,v 1.3 2003/10/08 18:54:42 reed Exp $
-
-To authenticate for SSH using PAM, add the contents of the file:
-
- ${EGDIR}/sshd.pam
-
-to your PAM configuration file (or PAM configuration directory).
-===========================================================================
diff --git a/openssh8/Makefile b/openssh8/Makefile
deleted file mode 100644
index 0f497cfb75..0000000000
--- a/openssh8/Makefile
+++ /dev/null
@@ -1,209 +0,0 @@
-# $NetBSD: Makefile,v 1.258 2019/04/25 14:55:04 tron Exp $
-
-DISTNAME= openssh-8.0p1
-PKGNAME= ${DISTNAME:S/p1/.1/}
-PKGREVISION= 1
-CATEGORIES= security
-MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenSSH/portable/}
-
-MAINTAINER= pkgsrc-users%NetBSD.org@localhost
-HOMEPAGE= http://www.openssh.com/
-COMMENT= Open Source Secure shell client and server (remote login program)
-LICENSE= modified-bsd
-
-CONFLICTS= sftp-[0-9]*
-CONFLICTS+= ssh-[0-9]* ssh6-[0-9]*
-CONFLICTS+= ssh2-[0-9]* ssh2-nox11-[0-9]*
-CONFLICTS+= openssh+gssapi-[0-9]*
-CONFLICTS+= lsh>2.0
-BROKEN_ON_PLATFORM+= OpenBSD-*-*
-
-USE_GCC_RUNTIME= yes
-USE_TOOLS+= autoconf perl
-
-# retain the following line, for IPv6-ready pkgsrc webpage
-BUILD_DEFS+= IPV6_READY
-
-PKG_GROUPS_VARS+= OPENSSH_GROUP
-PKG_USERS_VARS+= OPENSSH_USER
-BUILD_DEFS+= OPENSSH_CHROOT
-BUILD_DEFS+= VARBASE
-
-INSTALL_TARGET= install-nokeys
-
-.include "options.mk"
-
-# fixes: dyld: Symbol not found: _allow_severity
-CONFIGURE_ARGS.Darwin+= --disable-strip
-
-# OpenSSH on Interix has some important caveats
-.if ${OPSYS} == "Interix"
-MESSAGE_SRC= ${.CURDIR}/MESSAGE.Interix
-BUILDLINK_PASSTHRU_DIRS+= /usr/local/lib/bind
-CONFIGURE_ENV+= ac_cv_func_openpty=no
-CONFIGURE_ENV+= ac_cv_type_struct_timespec=yes
-CPPFLAGS+= -DIOV_MAX=16 # default is INT_MAX, way too large
-. if exists(/usr/local/include/bind/resolv.h)
-CPPFLAGS+= -I/usr/local/include/bind
-BUILDLINK_PASSTHRU_DIRS+= /usr/local/include/bind
-. elif exists(/usr/local/bind/include/resolv.h)
-CPPFLAGS+= -I/usr/local/bind/include
-BUILDLINK_PASSTHRU_DIRS+= /usr/local/bind/include
-. endif
-LDFLAGS+= -L/usr/local/lib/bind
-LIBS+= -lbind -ldb -lcrypt
-
-.else # not Interix
-
-PKG_GROUPS= ${OPENSSH_GROUP}
-PKG_USERS= ${OPENSSH_USER}:${OPENSSH_GROUP}
-
-PKG_GECOS.${OPENSSH_USER}= sshd privsep pseudo-user
-PKG_HOME.${OPENSSH_USER}= ${OPENSSH_CHROOT}
-
-.endif
-
-SSH_PID_DIR= ${VARBASE}/run # default directory for PID files
-
-PKG_SYSCONFSUBDIR= ssh
-
-GNU_CONFIGURE= yes
-CONFIGURE_ARGS+= --with-mantype=man
-CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
-CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR}
-CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}
-
-.if ${OPSYS} != "Interix"
-CONFIGURE_ARGS+= --with-privsep-path=${OPENSSH_CHROOT:Q}
-CONFIGURE_ARGS+= --with-privsep-user=${OPENSSH_USER}
-.endif
-
-# pkgsrc already enforces a "secure" version of zlib via dependencies,
-# so skip this bogus version check.
-CONFIGURE_ARGS+= --without-zlib-version-check
-
-.if ${_PKGSRC_MKPIE} != "no"
-CONFIGURE_ARGS+= --with-pie
-.endif
-
-# the openssh configure script finds and uses ${LD} if defined and
-# defaults to ${CC} if not. we override LD here, since running the
-# linker directly results in undefined symbols for obvious reasons.
-#
-CONFIGURE_ENV+= LD=${CC:Q}
-
-# Enable S/Key support on NetBSD, Darwin, and Solaris.
-.if (${OPSYS} == "NetBSD") || (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS")
-. include "../../security/skey/buildlink3.mk"
-CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey}
-.else
-CONFIGURE_ARGS+= --without-skey
-.endif
-
-.if (${OPSYS} == "NetBSD")
-. if exists(/usr/include/utmpx.h)
-# if we have utmpx et al do not try to use login()
-CONFIGURE_ARGS+= --disable-libutil
-. endif
-#
-# NetBSD current after 2011/03/12 has incompatible strnvis(3) and
-# prior version don't have it. So, disable use of strnvis(3) now.
-#
-CONFIGURE_ENV+= ac_cv_func_strnvis=no
-#
-# workaround for ./configure problem, pkg/50936
-#
-CONFIGURE_ENV+= ac_cv_func_reallocarray=no
-.endif
-
-.if (${OPSYS} == "SunOS") && (${OS_VERSION} == "5.8" || ${OS_VERSION} == "5.9")
-CONFIGURE_ARGS+= --disable-utmp --disable-wtmp
-.endif
-
-CONFIGURE_ARGS.Linux+= --enable-md5-password
-
-# The ssh-askpass program is in ${X11BASE}/bin or ${PREFIX}/bin depending
-# on if it's part of the X11 distribution, or if it's installed from pkgsrc
-# (security/ssh-askpass).
-#
-.if exists(${X11BASE}/bin/ssh-askpass)
-ASKPASS_PROGRAM= ${X11BASE}/bin/ssh-askpass
-.else
-ASKPASS_PROGRAM= ${PREFIX}/bin/ssh-askpass
-.endif
-CONFIGURE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
-MAKE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
-
-# do the same for xauth
-.if exists(${X11BASE}/bin/xauth)
-CONFIGURE_ARGS+= --with-xauth=${X11BASE}/bin/xauth
-.else
-CONFIGURE_ARGS+= --with-xauth=${PREFIX}/bin/xauth
-.endif
-
-CONFS= ssh_config sshd_config moduli
-
-PLIST_VARS+= darwin
-
-EGDIR= ${PREFIX}/share/examples/${PKGBASE}
-
-# enable privsep patches
-.if ${OPSYS} == "Darwin"
-CONF_FILES+= ${EGDIR}/org.openssh.sshd.sb ${PKG_SYSCONFDIR}/org.openssh.sshd.sb
-CPPFLAGS+= -D__APPLE_SANDBOX_NAMED_EXTERNAL__
-PLIST.darwin= yes
-.endif
-
-.for f in ${CONFS}
-CONF_FILES+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f}
-.endfor
-OWN_DIRS= ${OPENSSH_CHROOT}
-RCD_SCRIPTS= sshd
-RCD_SCRIPT_SRC.sshd= ${WRKDIR}/sshd.sh
-SMF_METHODS= sshd
-
-FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR}
-
-SUBST_CLASSES+= patch
-SUBST_STAGE.patch= pre-configure
-SUBST_FILES.patch= session.c sandbox-darwin.c
-SUBST_SED.patch= -e '/channel_input_port_forward_request/s/0/ROOTUID/'
-SUBST_VARS.patch= PKG_SYSCONFDIR
-
-.include "../../devel/zlib/buildlink3.mk"
-.include "../../security/tcp_wrappers/buildlink3.mk"
-
-#
-# type of key "ecdsa" isn't always supported depends on OpenSSL.
-#
-pre-configure:
- cd ${WRKSRC} && autoconf -i
-
-post-configure:
- if ${EGREP} -q '^\#define[ ]+OPENSSL_HAS_ECC' \
- ${WRKSRC}/config.h; then \
- ${SED} -e '/HAVE_ECDSA/s/.*//' \
- ${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \
- else \
- ${SED} -e '/HAVE_ECDSA_START/,/HAVE_ECDSA_STOP/d' \
- ${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \
- fi
- ${SED} -e 's,@VARBASE@,${VARBASE},g' \
- < ${FILESDIR}/org.openssh.sshd.sb.in \
- > ${WRKDIR}/org.openssh.sshd.sb
-
-post-install:
- ${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR}
- cd ${WRKSRC}; for file in ${CONFS}; do \
- ${INSTALL_DATA} $${file}.out ${DESTDIR}${EGDIR}/$${file}; \
- done
-.if !empty(PKG_OPTIONS:Mpam) && ${OPSYS} == "Linux"
- ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.generic \
- ${DESTDIR}${EGDIR}/sshd.pam
-.endif
-.if ${OPSYS} == "Darwin"
- ${INSTALL_DATA} ${WRKDIR}/org.openssh.sshd.sb \
- ${DESTDIR}${EGDIR}/org.openssh.sshd.sb
-.endif
-
-.include "../../mk/bsd.pkg.mk"
diff --git a/openssh8/PLIST b/openssh8/PLIST
deleted file mode 100644
index 1c18b8b3e9..0000000000
--- a/openssh8/PLIST
+++ /dev/null
@@ -1,31 +0,0 @@
-@comment $NetBSD: PLIST,v 1.19 2017/01/19 03:50:53 maya Exp $
-bin/scp
-bin/sftp
-bin/ssh
-bin/ssh-add
-bin/ssh-agent
-bin/ssh-keygen
-bin/ssh-keyscan
-libexec/sftp-server
-libexec/ssh-keysign
-libexec/ssh-pkcs11-helper
-man/man1/scp.1
-man/man1/sftp.1
-man/man1/ssh-add.1
-man/man1/ssh-agent.1
-man/man1/ssh-keygen.1
-man/man1/ssh-keyscan.1
-man/man1/ssh.1
-man/man5/moduli.5
-man/man5/ssh_config.5
-man/man5/sshd_config.5
-man/man8/sftp-server.8
-man/man8/ssh-keysign.8
-man/man8/ssh-pkcs11-helper.8
-man/man8/sshd.8
-sbin/sshd
-share/examples/openssh/moduli
-${PLIST.darwin}share/examples/openssh/org.openssh.sshd.sb
-share/examples/openssh/ssh_config
-${PLIST.pam}share/examples/openssh/sshd.pam
-share/examples/openssh/sshd_config
diff --git a/openssh8/distinfo b/openssh8/distinfo
deleted file mode 100644
index 58f19de962..0000000000
--- a/openssh8/distinfo
+++ /dev/null
@@ -1,29 +0,0 @@
-$NetBSD: distinfo,v 1.106 2019/01/18 20:13:36 tnn Exp $
-
-SHA1 (openssh-8.0p1.tar.gz) = 756dbb99193f9541c9206a667eaa27b0fa184a4f
-RMD160 (openssh-8.0p1.tar.gz) = 9c0d0d97a5f9f97329bf334725dfbad53576d612
-SHA512 (openssh-8.0p1.tar.gz) = e280fa2d56f550efd37c5d2477670326261aa8b94d991f9eb17aad90e0c6c9c939efa90fe87d33260d0f709485cb05c379f0fd1bd44fc0d5190298b6398c9982
-Size (openssh-8.0p1.tar.gz) = 1597697 bytes
-SHA1 (patch-Makefile.in) = 13502b825c13c98b2ba3b84ff4bae9aa664b76b1
-SHA1 (patch-auth-passwd.c) = f2906091185c84d0dbb26e6b8fa0de30934816bd
-SHA1 (patch-auth-rhosts.c) = a5e6131e63b83a7e8a06cd80f22def449d6bc2c4
-SHA1 (patch-auth.c) = ec68a8a66b9838ba136f8181b93eb38f5b3d3249
-SHA1 (patch-auth2.c) = c57e5fe3d6fed73e6b26a8e4e4c63f36d8e20535
-SHA1 (patch-clientloop.c) = 4e88fbd14db33f003eb93c30c682a017e102196e
-SHA1 (patch-config.h.in) = 926507ea281568e06385e16cbd3c8b907f2baa3f
-SHA1 (patch-configure.ac) = 4500549c9b85eb5502101f1043ccb85154df04b7
-SHA1 (patch-defines.h) = bd8687a9a2857f3b8d15ae94095f27f9344003c4
-SHA1 (patch-includes.h) = c4a7622af6fbcd098d18d257724dca6aaeea4fda
-SHA1 (patch-loginrec.c) = 28082deb14258fe63cbecad8ac96afc016de439c
-SHA1 (patch-openbsd-compat_bsd-openpty.c) = 80e076a18a0f9ba211ecd4bc5853ce01899568ae
-SHA1 (patch-openbsd-compat_openbsd-compat.h) = bedbede16ab2fe918419c994ba15a20167b411b4
-SHA1 (patch-openbsd-compat_port-tun.c) = 4b1b55b7fdc319e011d249ee336301b17a589228
-SHA1 (patch-platform.c) = f8f211dbc5e596c0f82eb86324d18a84c6151ec5
-SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75
-SHA1 (patch-scp.c) = 9c2317b0f796641903a826db355ba06595a26ea1
-SHA1 (patch-session.c) = 2538d6f825bff1be325207285cdfac89f73ff264
-SHA1 (patch-sftp-common.c) = bd3c726c056116da7673fb4649e5e7afa9db9ec3
-SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1
-SHA1 (patch-sshd.c) = 4dfe5ff525617d5d3743672f14811213eb5b6635
-SHA1 (patch-sshpty.c) = cb691d4fbde808927f2fbcc12b87ad983cf21938
-SHA1 (patch-uidswap.c) = 6c68624cfd6ff3c2386008ff336c4d7da78195f4
diff --git a/openssh8/files/org.openssh.sshd.sb.in b/openssh8/files/org.openssh.sshd.sb.in
deleted file mode 100644
index e060377c92..0000000000
--- a/openssh8/files/org.openssh.sshd.sb.in
+++ /dev/null
@@ -1,23 +0,0 @@
-;; $NetBSD: org.openssh.sshd.sb.in,v 1.1 2015/08/14 08:57:00 jperkin Exp $
-;;
-;; Copyright (c) 2008 Apple Inc. All Rights reserved.
-;;
-;; sshd - profile for privilege separated children
-;;
-;; WARNING: The sandbox rules in this file currently constitute
-;; Apple System Private Interface and are subject to change at any time and
-;; without notice.
-;;
-
-(version 1)
-
-(deny default)
-
-(allow file-chroot)
-(allow file-read-metadata (literal "@VARBASE@"))
-
-(allow sysctl-read)
-(allow mach-per-user-lookup)
-(allow mach-lookup
- (global-name "com.apple.system.notification_center")
- (global-name "com.apple.system.logger"))
diff --git a/openssh8/files/smf/manifest.xml b/openssh8/files/smf/manifest.xml
deleted file mode 100644
index 71e9800b9b..0000000000
--- a/openssh8/files/smf/manifest.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version='1.0'?>
-<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
-<service_bundle type='manifest' name='export'>
- <service name='@SMF_PREFIX@/@SMF_NAME@' type='service' version='1'>
- <create_default_instance enabled='false'/>
- <single_instance/>
- <dependency name='fs-local' grouping='require_all' restart_on='none' type='service'>
- <service_fmri value='svc:/system/filesystem/local'/>
- </dependency>
- <dependency name='net-loopback' grouping='require_all' restart_on='none' type='service'>
- <service_fmri value='svc:/network/loopback'/>
- </dependency>
- <dependency name='net-physical' grouping='require_all' restart_on='none' type='service'>
- <service_fmri value='svc:/network/physical'/>
- </dependency>
- <dependency name='cryptosvc' grouping='require_all' restart_on='none' type='service'>
- <service_fmri value='svc:/system/cryptosvc'/>
- </dependency>
- <dependency name='utmp' grouping='require_all' restart_on='none' type='service'>
- <service_fmri value='svc:/system/utmp'/>
- </dependency>
- <dependency name='config_data' grouping='require_all' restart_on='restart' type='path'>
- <service_fmri value='file://localhost@PKG_SYSCONFDIR@/sshd_config'/>
- </dependency>
- <dependent name='openssh_multi-user-server' restart_on='none' grouping='optional_all'>
- <service_fmri value='svc:/milestone/multi-user-server'/>
- </dependent>
- <exec_method name='start' type='method' exec='@PREFIX@/@SMF_METHOD_FILE.sshd@ start' timeout_seconds='60'/>
- <exec_method name='stop' type='method' exec=':kill' timeout_seconds='60'/>
- <exec_method name='refresh' type='method' exec='@PREFIX@/@SMF_METHOD_FILE.sshd@ restart' timeout_seconds='60'/>
- <property_group name='general' type='framework'>
- <property name='action_authorization' type='astring'/>
- </property_group>
- <property_group name='startd' type='framework'>
- <propval name='ignore_error' type='astring' value='core,signal'/>
- </property_group>
- <template>
- <common_name>
- <loctext xml:lang='C'>OpenSSH server</loctext>
- </common_name>
- <documentation>
- <manpage title='sshd' section='1M' manpath='@PREFIX@/@PKGMANDIR@'/>
- </documentation>
- </template>
- </service>
-</service_bundle>
diff --git a/openssh8/files/smf/sshd.sh b/openssh8/files/smf/sshd.sh
deleted file mode 100644
index 0ab48193b1..0000000000
--- a/openssh8/files/smf/sshd.sh
+++ /dev/null
@@ -1,68 +0,0 @@
-#!@SMF_METHOD_SHELL@
-#
-# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
-#
-# ident "@(#)sshd 1.4 04/11/17 SMI"
-
-SSHDIR=@PKG_SYSCONFDIR@
-KEYGEN="@PREFIX@/bin/ssh-keygen -q"
-PIDFILE=@VARBASE@/run/sshd.pid
-
-# Checks to see if RSA, and DSA host keys are available
-# if any of these keys are not present, the respective keys are created.
-create_key()
-{
- keypath=$1
- keytype=$2
-
- if [ ! -f $keypath ]; then
- grep "^HostKey $keypath" $SSHDIR/sshd_config > /dev/null 2>&1
- if [ $? -eq 0 ]; then
- echo Creating new $keytype public/private host key pair
- $KEYGEN -f $keypath -t $keytype -N ''
- return $?
- fi
- fi
-
- return 0
-}
-
-# This script is being used for two purposes: as part of an SMF
-# start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M)
-# application.
-#
-# Both, the SMF methods and sysidconfig/sys-unconfig use different
-# arguments..
-
-case $1 in
- # sysidconfig/sys-unconfig arguments (-c and -u)
-'-c')
- create_key $SSHDIR/ssh_host_rsa_key rsa
- create_key $SSHDIR/ssh_host_dsa_key dsa
- ;;
-
-'-u')
- # sys-unconfig(1M) knows how to remove ssh host keys, so there's
- # nothing to do here.
- :
- ;;
-
- # SMF arguments (start and restart [really "refresh"])
-'start')
- @PREFIX@/sbin/sshd
- ;;
-
-'restart')
- if [ -f "$PIDFILE" ]; then
- /usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
- fi
- ;;
-
-*)
- echo "Usage: $0 { start | restart }"
- exit 1
- ;;
-esac
-
-exit $?
diff --git a/openssh8/files/sshd.sh b/openssh8/files/sshd.sh
deleted file mode 100644
index 8493e047e4..0000000000
--- a/openssh8/files/sshd.sh
+++ /dev/null
@@ -1,115 +0,0 @@
-#!@RCD_SCRIPTS_SHELL@
-#
-# $NetBSD: sshd.sh,v 1.16 2015/11/11 11:40:06 sevan Exp $
-#
-# PROVIDE: sshd
-# REQUIRE: DAEMON LOGIN
-
-if [ -f /etc/rc.subr ]
-then
- . /etc/rc.subr
-fi
-
-name="sshd"
-rcvar=$name
-command="@PREFIX@/sbin/${name}"
-keygen_command="@PREFIX@/bin/ssh-keygen"
-pidfile="@SSH_PID_DIR@/${name}.pid"
-required_files="@PKG_SYSCONFDIR@/sshd_config"
-extra_commands="keygen reload"
-
-sshd_keygen()
-{
- (
- umask 022
- if [ -f @PKG_SYSCONFDIR@/ssh_host_dsa_key ]; then
- @ECHO@ "You already have a DSA host key in @PKG_SYSCONFDIR@/ssh_host_dsa_key"
- @ECHO@ "Skipping protocol version 2 DSA Key Generation"
- else
- ${keygen_command} -t dsa -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -N ''
- fi
-
- if [ -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then
- @ECHO@ "You already have a RSA host key in @PKG_SYSCONFDIR@/ssh_host_rsa_key"
- @ECHO@ "Skipping protocol version 2 RSA Key Generation"
- else
- ${keygen_command} -t rsa -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -N ''
- fi
-# HAVE_ECDSA_START
- if [ -f @PKG_SYSCONFDIR@/ssh_host_ecdsa_key ]; then
- @ECHO@ "You already have a ECDSA host key in @PKG_SYSCONFDIR@/ssh_host_ecdsa_key"
- @ECHO@ "Skipping protocol version 2 ECDSA Key Generation"
- else
- ${keygen_command} -t ecdsa -f @PKG_SYSCONFDIR@/ssh_host_ecdsa_key -N ''
- fi
-# HAVE_ECDSA_STOP
-# HAVE_ED25519_START
- if [ -f @PKG_SYSCONFDIR@/ssh_host_ed25519_key ]; then
- @ECHO@ "You already have a ED25519 host key in @PKG_SYSCONFDIR@/ssh_host_ed25519_key"
- @ECHO@ "Skipping protocol version 2 ED25519 Key Generation"
- else
- ${keygen_command} -t ed25519 -f @PKG_SYSCONFDIR@/ssh_host_ed25519_key -N ''
- fi
-# HAVE_ED25519_STOP
- )
-}
-
-sshd_precmd()
-{
- if [ ! -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -o \
- ! -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -o \
- ! -f @PKG_SYSCONFDIR@/ssh_host_ecdsa_key -o \
- ! -f @PKG_SYSCONFDIR@/ssh_host_ed25519_key ]; then
- if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ]
- then
- run_rc_command keygen
- else
- eval ${keygen_cmd}
- fi
- fi
-}
-
-keygen_cmd=sshd_keygen
-start_precmd=sshd_precmd
-
-if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ]
-then
- load_rc_config $name
- run_rc_command "$1"
-else
- case ${1:-start} in
- start)
- if [ -x ${command} -a -f ${required_files} ]
- then
- @ECHO@ "Starting ${name}."
- eval ${start_precmd}
- eval ${command} ${sshd_flags} ${command_args}
- fi
- ;;
- stop)
- if [ -f ${pidfile} ]; then
- pid=`@HEAD@ -1 ${pidfile}`
- @ECHO@ "Stopping ${name}."
- kill -TERM ${pid}
- else
- @ECHO@ "${name} not running?"
- fi
- ;;
- restart)
- ( $0 stop )
- sleep 1
- $0 start
- ;;
- status)
- if [ -f ${pidfile} ]; then
- pid=`@HEAD@ -1 ${pidfile}`
- @ECHO@ "${name} is running as pid ${pid}."
- else
- @ECHO@ "${name} is not running."
- fi
- ;;
- keygen)
- eval ${keygen_cmd}
- ;;
- esac
-fi
diff --git a/openssh8/options.mk b/openssh8/options.mk
deleted file mode 100644
index 6e941d6b5b..0000000000
--- a/openssh8/options.mk
+++ /dev/null
@@ -1,51 +0,0 @@
-# $NetBSD: options.mk,v 1.36 2019/04/25 14:55:04 tron Exp $
-
-PKG_OPTIONS_VAR= PKG_OPTIONS.openssh
-PKG_SUPPORTED_OPTIONS= editline kerberos openssl pam
-PKG_SUGGESTED_OPTIONS= editline openssl
-
-.include "../../mk/bsd.prefs.mk"
-
-.if ${OPSYS} == "NetBSD"
-PKG_SUGGESTED_OPTIONS+= pam
-.endif
-
-.include "../../mk/bsd.options.mk"
-
-.if !empty(PKG_OPTIONS:Mopenssl)
-.include "../../security/openssl/buildlink3.mk"
-CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE:Q}
-.else
-CONFIGURE_ARGS+= --without-openssl
-.endif
-
-.if !empty(PKG_OPTIONS:Mkerberos)
-. include "../../mk/krb5.buildlink3.mk"
-CONFIGURE_ARGS+= --with-kerberos5=${KRB5BASE}
-. if ${KRB5_TYPE} == "mit-krb5"
-CONFIGURE_ENV+= ac_cv_search_k_hasafs=no
-. endif
-.endif
-
-#.if !empty(PKG_OPTIONS:Mhpn-patch)
-#PATCHFILES= openssh-7.1p1-hpn-20150822.diff.bz2
-#PATCH_SITES= ftp://ftp.NetBSD.org/pub/NetBSD/misc/openssh/
-#PATCH_DIST_STRIP= -p1
-#.endif
-
-PLIST_VARS+= pam
-
-.if !empty(PKG_OPTIONS:Mpam)
-.include "../../mk/pam.buildlink3.mk"
-CONFIGURE_ARGS+= --with-pam
-MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam
-MESSAGE_SUBST+= EGDIR=${EGDIR}
-. if ${OPSYS} == "Linux"
-PLIST.pam= yes
-. endif
-.endif
-
-.if !empty(PKG_OPTIONS:Meditline)
-.include "../../devel/editline/buildlink3.mk"
-CONFIGURE_ARGS+= --with-libedit=${BUILDLINK_PREFIX.editline}
-.endif
diff --git a/openssh8/patches/patch-Makefile.in b/openssh8/patches/patch-Makefile.in
deleted file mode 100644
index 969eab46e7..0000000000
--- a/openssh8/patches/patch-Makefile.in
+++ /dev/null
@@ -1,31 +0,0 @@
-$NetBSD: patch-Makefile.in,v 1.6 2019/01/18 20:13:37 tnn Exp $
-
-Removed install-sysconf as we handle that phase through post-install
-
---- Makefile.in.orig 2018-10-17 00:01:20.000000000 +0000
-+++ Makefile.in
-@@ -1,5 +1,5 @@
- # uncomment if you run a non bourne compatible shell. Ie. csh
--#SHELL = @SH@
-+SHELL = @SH@
-
- AUTORECONF=autoreconf
-
-@@ -20,7 +20,7 @@ top_srcdir=@top_srcdir@
- DESTDIR=
- VPATH=@srcdir@
- SSH_PROGRAM=@bindir@/ssh
--ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
-+#ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
- SFTP_SERVER=$(libexecdir)/sftp-server
- SSH_KEYSIGN=$(libexecdir)/ssh-keysign
- SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
-@@ -320,7 +320,7 @@ distprep: catman-do depend-check
- -rm -rf autom4te.cache .depend.bak
-
- install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
--install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
-+install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
- install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
-
- check-config:
diff --git a/openssh8/patches/patch-auth-passwd.c b/openssh8/patches/patch-auth-passwd.c
deleted file mode 100644
index 68ed2fc1ec..0000000000
--- a/openssh8/patches/patch-auth-passwd.c
+++ /dev/null
@@ -1,27 +0,0 @@
-$NetBSD: patch-auth-passwd.c,v 1.5 2019/01/18 20:13:37 tnn Exp $
-
-Replace uid 0 with ROOTUID macro
-
---- auth-passwd.c.orig 2018-10-17 00:01:20.000000000 +0000
-+++ auth-passwd.c
-@@ -87,7 +87,7 @@ auth_password(struct ssh *ssh, const cha
- return 0;
-
- #ifndef HAVE_CYGWIN
-- if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
-+ if (pw->pw_uid == ROOTUID && options.permit_root_login != PERMIT_YES)
- ok = 0;
- #endif
- if (*password == '\0' && options.permit_empty_passwd == 0)
-@@ -122,7 +122,11 @@ auth_password(struct ssh *ssh, const cha
- authctxt->force_pwchange = 1;
- }
- #endif
-+#ifdef HAVE_INTERIX
-+ result = (!setuser(pw->pw_name, password, SU_CHECK));
-+#else
- result = sys_auth_passwd(ssh, password);
-+#endif
- if (authctxt->force_pwchange)
- auth_restrict_session(ssh);
- return (result && ok);
diff --git a/openssh8/patches/patch-auth-rhosts.c b/openssh8/patches/patch-auth-rhosts.c
deleted file mode 100644
index fef060635c..0000000000
--- a/openssh8/patches/patch-auth-rhosts.c
+++ /dev/null
@@ -1,33 +0,0 @@
-$NetBSD: patch-auth-rhosts.c,v 1.3 2016/01/18 12:53:26 jperkin Exp $
-
-Replace uid 0 with ROOTUID macro
-
---- auth-rhosts.c.orig 2015-08-21 04:49:03.000000000 +0000
-+++ auth-rhosts.c
-@@ -242,7 +242,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
- * If not logging in as superuser, try /etc/hosts.equiv and
- * shosts.equiv.
- */
-- if (pw->pw_uid == 0)
-+ if (pw->pw_uid == ROOTUID)
- debug3("%s: root user, ignoring system hosts files", __func__);
- else {
- if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
-@@ -271,7 +271,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
- return 0;
- }
- if (options.strict_modes &&
-- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-+ ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
- (st.st_mode & 022) != 0)) {
- logit("Rhosts authentication refused for %.100s: "
- "bad ownership or modes for home directory.", pw->pw_name);
-@@ -298,7 +298,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
- * allowing access to their account by anyone.
- */
- if (options.strict_modes &&
-- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-+ ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
- (st.st_mode & 022) != 0)) {
- logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
- pw->pw_name, buf);
diff --git a/openssh8/patches/patch-auth.c b/openssh8/patches/patch-auth.c
deleted file mode 100644
index 719484c161..0000000000
--- a/openssh8/patches/patch-auth.c
+++ /dev/null
@@ -1,27 +0,0 @@
-$NetBSD: patch-auth.c,v 1.4 2016/01/18 12:53:26 jperkin Exp $
-
-* Replace uid 0 with ROOTUID macro.
-* Use login_getpwclass() instead of login_getclass() so that the root
- vs. default login class distinction is made correctly, from FrrrBSD's
- ports.
-
---- auth.c.orig 2019-05-01 11:28:52.028281617 +0000
-+++ auth.c
-@@ -472,7 +472,7 @@ check_key_in_hostfiles(struct passwd *pw
- user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
- if (options.strict_modes &&
- (stat(user_hostfile, &st) == 0) &&
-- ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-+ ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
- (st.st_mode & 022) != 0)) {
- logit("Authentication refused for %.100s: "
- "bad owner or modes for %.200s",
-@@ -599,7 +599,7 @@ getpwnamallow(struct ssh *ssh, const cha
- if (!allowed_user(ssh, pw))
- return (NULL);
- #ifdef HAVE_LOGIN_CAP
-- if ((lc = login_getclass(pw->pw_class)) == NULL) {
-+ if ((lc = login_getpwclass(pw->pw_class)) == NULL) {
- debug("unable to get login class: %s", user);
- return (NULL);
- }
diff --git a/openssh8/patches/patch-auth2.c b/openssh8/patches/patch-auth2.c
deleted file mode 100644
index 2182d4afc7..0000000000
--- a/openssh8/patches/patch-auth2.c
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-auth2.c,v 1.7 2019/01/18 20:13:37 tnn Exp $
-
-Replace uid 0 with ROOTUID macro
-
---- auth2.c.orig 2018-10-17 00:01:20.000000000 +0000
-+++ auth2.c
-@@ -352,7 +352,7 @@ userauth_finish(struct ssh *ssh, int aut
- fatal("INTERNAL ERROR: authenticated and postponed");
-
- /* Special handling for root */
-- if (authenticated && authctxt->pw->pw_uid == 0 &&
-+ if (authenticated && authctxt->pw->pw_uid == ROOTUID &&
- !auth_root_allowed(ssh, method)) {
- authenticated = 0;
- #ifdef SSH_AUDIT_EVENTS
diff --git a/openssh8/patches/patch-clientloop.c b/openssh8/patches/patch-clientloop.c
deleted file mode 100644
index 1089e0330c..0000000000
--- a/openssh8/patches/patch-clientloop.c
+++ /dev/null
@@ -1,63 +0,0 @@
-$NetBSD: patch-clientloop.c,v 1.5 2016/12/30 04:43:16 taca Exp $
-
-Fix X11 forwarding under Mac OS X Yosemite. Patch taken from MacPorts.
-
-https://trac.macports.org/browser/trunk/dports/net/openssh/files/launchd.patch?rev=121205
-
---- clientloop.c.orig 2016-12-19 04:59:41.000000000 +0000
-+++ clientloop.c
-@@ -315,6 +315,10 @@ client_x11_get_proto(const char *display
- struct stat st;
- u_int now, x11_timeout_real;
-
-+#if __APPLE__
-+ int is_path_to_socket = 0;
-+#endif /* __APPLE__ */
-+
- *_proto = proto;
- *_data = data;
- proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
-@@ -331,6 +335,33 @@ client_x11_get_proto(const char *display
- }
-
- if (xauth_path != NULL) {
-+#if __APPLE__
-+ {
-+ /*
-+ * If using launchd socket, remove the screen number from the end
-+ * of $DISPLAY. is_path_to_socket is used later in this function
-+ * to determine if an error should be displayed.
-+ */
-+ char path[PATH_MAX];
-+ struct stat sbuf;
-+
-+ strlcpy(path, display, sizeof(path));
-+ if (0 == stat(path, &sbuf)) {
-+ is_path_to_socket = 1;
-+ } else {
-+ char *dot = strrchr(path, '.');
-+ if (dot) {
-+ *dot = '\0';
-+ /* screen = atoi(dot + 1); */
-+ if (0 == stat(path, &sbuf)) {
-+ is_path_to_socket = 1;
-+ debug("x11_get_proto: $DISPLAY is launchd, removing screennum");
-+ setenv("DISPLAY", path, 1);
-+ }
-+ }
-+ }
-+ }
-+#endif /* __APPLE__ */
- /*
- * Handle FamilyLocal case where $DISPLAY does
- * not match an authorization entry. For this we
-@@ -441,6 +472,9 @@ client_x11_get_proto(const char *display
- u_int8_t rnd[16];
- u_int i;
-
-+#if __APPLE__
-+ if (!is_path_to_socket)
-+#endif /* __APPLE__ */
- logit("Warning: No xauth data; "
- "using fake authentication data for X11 forwarding.");
- strlcpy(proto, SSH_X11_PROTO, sizeof proto);
diff --git a/openssh8/patches/patch-config.h.in b/openssh8/patches/patch-config.h.in
deleted file mode 100644
index c1bb668067..0000000000
--- a/openssh8/patches/patch-config.h.in
+++ /dev/null
@@ -1,37 +0,0 @@
-$NetBSD: patch-config.h.in,v 1.6 2019/01/18 20:13:37 tnn Exp $
-
-* Added Interix and define new path to if_tun.h.
-* Revive tcp_wrappers support.
-
---- config.h.in.orig 2018-10-19 01:06:33.000000000 +0000
-+++ config.h.in
-@@ -741,6 +741,9 @@
- /* define if you have int64_t data type */
- #undef HAVE_INT64_T
-
-+/* Define if you are on Interix */
-+#undef HAVE_INTERIX
-+
- /* Define to 1 if the system has the type `intmax_t'. */
- #undef HAVE_INTMAX_T
-
-@@ -910,6 +913,9 @@
- /* Define to 1 if you have the <net/route.h> header file. */
- #undef HAVE_NET_ROUTE_H
-
-+/* Define to 1 if you have the <net/tun/if_tun.h> header file. */
-+#undef HAVE_NET_TUN_IF_TUN_H
-+
- /* Define if you are on NeXT */
- #undef HAVE_NEXT
-
-@@ -1617,6 +1623,9 @@
- /* Define if pututxline updates lastlog too */
- #undef LASTLOG_WRITE_PUTUTXLINE
-
-+/* Define if you want TCP Wrappers support */
-+#undef LIBWRAP
-+
- /* Define to whatever link() returns for "not supported" if it doesn't return
- EOPNOTSUPP. */
- #undef LINK_OPNOTSUPP_ERRNO
diff --git a/openssh8/patches/patch-configure.ac b/openssh8/patches/patch-configure.ac
deleted file mode 100644
index ec50365d8e..0000000000
--- a/openssh8/patches/patch-configure.ac
+++ /dev/null
@@ -1,138 +0,0 @@
-$NetBSD$
-
---- configure.ac.orig 2019-04-17 22:52:57.000000000 +0000
-+++ configure.ac
-@@ -294,6 +294,9 @@ AC_ARG_WITH([rpath],
- ]
- )
-
-+# pkgsrc handles any rpath settings this package needs
-+need_dash_r=
-+
- # Allow user to specify flags
- AC_ARG_WITH([cflags],
- [ --with-cflags Specify additional flags to pass to compiler],
-@@ -387,6 +390,7 @@ AC_CHECK_HEADERS([ \
- maillock.h \
- ndir.h \
- net/if_tun.h \
-+ net/tun/if_tun.h \
- netdb.h \
- netgroup.h \
- pam/pam_appl.h \
-@@ -737,6 +741,15 @@ main() { if (NSVersionOfRunTimeLibrary("
- ;;
- esac
- ;;
-+*-*-interix*)
-+ AC_DEFINE(HAVE_INTERIX)
-+ AC_DEFINE(DISABLE_FD_PASSING)
-+ AC_DEFINE(DISABLE_SHADOW)
-+ AC_DEFINE(IP_TOS_IS_BROKEN)
-+ AC_DEFINE(MISSING_HOWMANY)
-+ AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
-+ AC_DEFINE(USE_PIPES)
-+ ;;
- *-*-irix5*)
- PATH="$PATH:/usr/etc"
- AC_DEFINE([BROKEN_INET_NTOA], [1],
-@@ -1494,6 +1507,62 @@ else
- AC_MSG_RESULT([no])
- fi
-
-+# Check whether user wants TCP wrappers support
-+TCPW_MSG="no"
-+AC_ARG_WITH([tcp-wrappers],
-+ [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ saved_LIBS="$LIBS"
-+ saved_LDFLAGS="$LDFLAGS"
-+ saved_CPPFLAGS="$CPPFLAGS"
-+ if test -n "${withval}" && \
-+ test "x${withval}" != "xyes"; then
-+ if test -d "${withval}/lib"; then
-+ if test -n "${need_dash_r}"; then
-+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
-+ else
-+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
-+ fi
-+ else
-+ if test -n "${need_dash_r}"; then
-+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
-+ else
-+ LDFLAGS="-L${withval} ${LDFLAGS}"
-+ fi
-+ fi
-+ if test -d "${withval}/include"; then
-+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
-+ else
-+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
-+ fi
-+ fi
-+ LIBS="-lwrap $LIBS"
-+ AC_MSG_CHECKING([for libwrap])
-+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <netinet/in.h>
-+#include <tcpd.h>
-+int deny_severity = 0, allow_severity = 0;
-+ ]], [[
-+ hosts_access(0);
-+ ]])], [
-+ AC_MSG_RESULT([yes])
-+ AC_DEFINE([LIBWRAP], [1],
-+ [Define if you want
-+ TCP Wrappers support])
-+ SSHDLIBS="$SSHDLIBS -lwrap"
-+ TCPW_MSG="yes"
-+ ], [
-+ AC_MSG_ERROR([*** libwrap missing])
-+
-+ ])
-+ LIBS="$saved_LIBS"
-+ fi
-+ ]
-+)
-+
- # Check whether user wants to use ldns
- LDNS_MSG="no"
- AC_ARG_WITH(ldns,
-@@ -5129,9 +5198,17 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
- ])
- if test -z "$conf_wtmpx_location"; then
- if test x"$system_wtmpx_path" = x"no" ; then
-- AC_DEFINE([DISABLE_WTMPX])
-+ for f in /var/log/wtmpx; do
-+ if test -f $f ; then
-+ conf_wtmpx_location=$f
-+ fi
-+ done
-+ if test -z "$conf_wtmpx_location"; then
-+ AC_DEFINE(DISABLE_WTMPX)
-+ fi
- fi
--else
-+fi
-+if test -n "$conf_wtmpx_location"; then
- AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
- [Define if you want to specify the path to your wtmpx file])
- fi
-@@ -5223,7 +5300,7 @@ echo "OpenSSH has been configured with t
- echo " User binaries: $B"
- echo " System binaries: $C"
- echo " Configuration files: $D"
--echo " Askpass program: $E"
-+echo " Askpass program: ${ASKPASS_PROGRAM}"
- echo " Manual pages: $F"
- echo " PID file: $G"
- echo " Privilege separation chroot path: $H"
-@@ -5245,6 +5322,7 @@ echo " PAM support
- echo " OSF SIA support: $SIA_MSG"
- echo " KerberosV support: $KRB5_MSG"
- echo " SELinux support: $SELINUX_MSG"
-+echo " TCP Wrappers support: $TCPW_MSG"
- echo " MD5 password support: $MD5_MSG"
- echo " libedit support: $LIBEDIT_MSG"
- echo " libldns support: $LDNS_MSG"
diff --git a/openssh8/patches/patch-defines.h b/openssh8/patches/patch-defines.h
deleted file mode 100644
index 63788b31ba..0000000000
--- a/openssh8/patches/patch-defines.h
+++ /dev/null
@@ -1,47 +0,0 @@
-$NetBSD: patch-defines.h,v 1.4 2016/01/18 12:53:26 jperkin Exp $
-
-Define ROOTUID, UTMPX_FILE and WTMPX_FILE
-
---- defines.h.orig 2015-08-21 04:49:03.000000000 +0000
-+++ defines.h
-@@ -30,6 +30,15 @@
-
- /* Constants */
-
-+#ifdef HAVE_INTERIX
-+/* Interix has a special concept of "administrator". */
-+# define ROOTUID 197108
-+# define ROOTGID 131616
-+#else
-+# define ROOTUID 0
-+# define ROOTGID 0
-+#endif
-+
- #if defined(HAVE_DECL_SHUT_RD) && HAVE_DECL_SHUT_RD == 0
- enum
- {
-@@ -721,6 +730,24 @@ struct winsize {
- # endif
- # endif
- #endif
-+#ifndef UTMPX_FILE
-+# ifdef _PATH_UTMPX
-+# define UTMPX_FILE _PATH_UTMPX
-+# else
-+# ifdef CONF_UTMPX_FILE
-+# define UTMPX_FILE CONF_UTMPX_FILE
-+# endif
-+# endif
-+#endif
-+#ifndef WTMPX_FILE
-+# ifdef _PATH_WTMPX
-+# define WTMPX_FILE _PATH_WTMPX
-+# else
-+# ifdef CONF_WTMPX_FILE
-+# define WTMPX_FILE CONF_WTMPX_FILE
-+# endif
-+# endif
-+#endif
- /* pick up the user's location for lastlog if given */
- #ifndef LASTLOG_FILE
- # ifdef _PATH_LASTLOG
diff --git a/openssh8/patches/patch-includes.h b/openssh8/patches/patch-includes.h
deleted file mode 100644
index 5e54a9dcd8..0000000000
--- a/openssh8/patches/patch-includes.h
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-includes.h,v 1.4 2016/01/18 12:53:26 jperkin Exp $
-
-Interix support
-
---- includes.h.orig 2015-08-21 04:49:03.000000000 +0000
-+++ includes.h
-@@ -127,6 +127,10 @@
- #ifdef HAVE_READPASSPHRASE_H
- # include <readpassphrase.h>
- #endif
-+#ifdef HAVE_INTERIX
-+# include <interix/env.h>
-+# include <interix/security.h>
-+#endif
-
- #ifdef HAVE_IA_H
- # include <ia.h>
diff --git a/openssh8/patches/patch-loginrec.c b/openssh8/patches/patch-loginrec.c
deleted file mode 100644
index fa56d5a158..0000000000
--- a/openssh8/patches/patch-loginrec.c
+++ /dev/null
@@ -1,68 +0,0 @@
-$NetBSD: patch-loginrec.c,v 1.5 2016/01/18 12:53:26 jperkin Exp $
-
-Interix support and related fixes. Fix build on FreeBSD.
-
---- loginrec.c.orig 2015-08-21 04:49:03.000000000 +0000
-+++ loginrec.c
-@@ -432,8 +432,8 @@ login_set_addr(struct logininfo *li, con
- int
- login_write(struct logininfo *li)
- {
--#ifndef HAVE_CYGWIN
-- if (geteuid() != 0) {
-+#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
-+ if (geteuid() != ROOTUID) {
- logit("Attempt to write login records by non-root user (aborting)");
- return (1);
- }
-@@ -441,7 +441,7 @@ login_write(struct logininfo *li)
-
- /* set the timestamp */
- login_set_current_time(li);
--#ifdef USE_LOGIN
-+#if defined(USE_LOGIN) && (HAVE_UTMP_H)
- syslogin_write_entry(li);
- #endif
- #ifdef USE_LASTLOG
-@@ -625,7 +625,7 @@ line_abbrevname(char *dst, const char *s
- ** into account.
- **/
-
--#if defined(USE_UTMP) || defined (USE_WTMP) || defined (USE_LOGIN)
-+#if defined(USE_UTMP) || defined (USE_WTMP) || (defined (USE_LOGIN) && defined (HAVE_UTMP_H))
-
- /* build the utmp structure */
- void
-@@ -762,10 +762,6 @@ construct_utmpx(struct logininfo *li, st
- set_utmpx_time(li, utx);
- utx->ut_pid = li->pid;
-
-- /* strncpy(): Don't necessarily want null termination */
-- strncpy(utx->ut_user, li->username,
-- MIN_SIZEOF(utx->ut_user, li->username));
--
- if (li->type == LTYPE_LOGOUT)
- return;
-
-@@ -774,6 +770,12 @@ construct_utmpx(struct logininfo *li, st
- * for logouts.
- */
-
-+ /* strncpy(): Don't necessarily want null termination */
-+#if defined(__FreeBSD__)
-+ strncpy(utx->ut_user, li->username, MIN_SIZEOF(utx->ut_user, li->username));
-+#else
-+ strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name, li->username));
-+#endif
- # ifdef HAVE_HOST_IN_UTMPX
- strncpy(utx->ut_host, li->hostname,
- MIN_SIZEOF(utx->ut_host, li->hostname));
-@@ -1409,7 +1411,7 @@ wtmpx_get_entry(struct logininfo *li)
- ** Low-level libutil login() functions
- **/
-
--#ifdef USE_LOGIN
-+#if defined(USE_LOGIN) && defined(HAVE_UTMP_H)
- static int
- syslogin_perform_login(struct logininfo *li)
- {
diff --git a/openssh8/patches/patch-openbsd-compat_bsd-openpty.c b/openssh8/patches/patch-openbsd-compat_bsd-openpty.c
deleted file mode 100644
index adbacbee3a..0000000000
--- a/openssh8/patches/patch-openbsd-compat_bsd-openpty.c
+++ /dev/null
@@ -1,22 +0,0 @@
-$NetBSD: patch-openbsd-compat_bsd-openpty.c,v 1.4 2016/12/30 04:43:16 taca Exp $
-
-Interix support
-
---- openbsd-compat/bsd-openpty.c.orig 2016-12-19 04:59:41.000000000 +0000
-+++ openbsd-compat/bsd-openpty.c
-@@ -121,6 +121,7 @@ openpty(int *amaster, int *aslave, char
- return (-1);
- }
-
-+#if !defined(HAVE_INTERIX)
- /*
- * Try to push the appropriate streams modules, as described
- * in Solaris pts(7).
-@@ -130,6 +131,7 @@ openpty(int *amaster, int *aslave, char
- # ifndef __hpux
- ioctl(*aslave, I_PUSH, "ttcompat");
- # endif /* __hpux */
-+#endif /* !HAVE_INTERIX */
-
- return (0);
-
diff --git a/openssh8/patches/patch-openbsd-compat_openbsd-compat.h b/openssh8/patches/patch-openbsd-compat_openbsd-compat.h
deleted file mode 100644
index 771757f15f..0000000000
--- a/openssh8/patches/patch-openbsd-compat_openbsd-compat.h
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-openbsd-compat_openbsd-compat.h,v 1.4 2016/01/18 12:53:26 jperkin Exp $
-
-strtoll() declaration
-
---- openbsd-compat/openbsd-compat.h.orig 2015-08-21 04:49:03.000000000 +0000
-+++ openbsd-compat/openbsd-compat.h
-@@ -99,6 +99,10 @@ size_t strlcat(char *dst, const char *sr
- int setenv(register const char *name, register const char *value, int rewrite);
- #endif
-
-+#ifndef HAVE_STRTOLL
-+long long strtoll(const char *, char **, int);
-+#endif
-+
- #ifndef HAVE_STRMODE
- void strmode(int mode, char *p);
- #endif
diff --git a/openssh8/patches/patch-openbsd-compat_port-tun.c b/openssh8/patches/patch-openbsd-compat_port-tun.c
deleted file mode 100644
index e538617426..0000000000
--- a/openssh8/patches/patch-openbsd-compat_port-tun.c
+++ /dev/null
@@ -1,45 +0,0 @@
-$NetBSD: patch-openbsd-compat_port-tun.c,v 1.4 2019/01/18 20:13:37 tnn Exp $
-
-if_tun.h can be found in net/tun
-
---- openbsd-compat/port-net.c.orig 2018-10-17 00:01:20.000000000 +0000
-+++ openbsd-compat/port-net.c
-@@ -1,3 +1,4 @@
-+
- /*
- * Copyright (c) 2005 Reyk Floeter <reyk%openbsd.org@localhost>
- *
-@@ -200,6 +201,10 @@ sys_tun_open(int tun, int mode, char **i
- #include <sys/socket.h>
- #include <net/if.h>
-
-+#ifdef HAVE_NET_TUN_IF_TUN_H
-+#include <net/tun/if_tun.h>
-+#endif
-+
- #ifdef HAVE_NET_IF_TUN_H
- #include <net/if_tun.h>
- #endif
-@@ -209,7 +214,10 @@ sys_tun_open(int tun, int mode, char **i
- {
- struct ifreq ifr;
- char name[100];
-- int fd = -1, sock, flag;
-+ int fd = -1, sock;
-+#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF)
-+ int flag;
-+#endif
- const char *tunbase = "tun";
-
- if (ifname != NULL)
-@@ -246,9 +254,9 @@ sys_tun_open(int tun, int mode, char **i
- return (-1);
- }
-
-+#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF)
- /* Turn on tunnel headers */
- flag = 1;
--#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF)
- if (mode != SSH_TUNMODE_ETHERNET &&
- ioctl(fd, TUNSIFHEAD, &flag) == -1) {
- debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd,
diff --git a/openssh8/patches/patch-platform.c b/openssh8/patches/patch-platform.c
deleted file mode 100644
index fe837c1b5a..0000000000
--- a/openssh8/patches/patch-platform.c
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-platform.c,v 1.5 2016/01/18 12:53:26 jperkin Exp $
-
-Interix support
-
---- platform.c.orig 2015-08-21 04:49:03.000000000 +0000
-+++ platform.c
-@@ -90,7 +90,9 @@ platform_privileged_uidswap(void)
- /* uid 0 is not special on Cygwin so always try */
- return 1;
- #else
-+#if !defined(HAVE_INTERIX)
- return (getuid() == 0 || geteuid() == 0);
-+#endif /* !HAVE_INTERIX */
- #endif
- }
-
diff --git a/openssh8/patches/patch-sandbox-darwin.c b/openssh8/patches/patch-sandbox-darwin.c
deleted file mode 100644
index b6624a068e..0000000000
--- a/openssh8/patches/patch-sandbox-darwin.c
+++ /dev/null
@@ -1,23 +0,0 @@
-$NetBSD: patch-sandbox-darwin.c,v 1.2 2016/01/18 12:53:26 jperkin Exp $
-
-Support sandbox on newer OSX, from MacPorts.
-
---- sandbox-darwin.c.orig 2015-08-21 04:49:03.000000000 +0000
-+++ sandbox-darwin.c
-@@ -62,8 +62,16 @@ ssh_sandbox_child(struct ssh_sandbox *bo
- struct rlimit rl_zero;
-
- debug3("%s: starting Darwin sandbox", __func__);
-+#ifdef __APPLE_SANDBOX_NAMED_EXTERNAL__
-+#ifndef SANDBOX_NAMED_EXTERNAL
-+#define SANDBOX_NAMED_EXTERNAL (0x3)
-+#endif
-+ if (sandbox_init("@PKG_SYSCONFDIR@/org.openssh.sshd.sb",
-+ SANDBOX_NAMED_EXTERNAL, &errmsg) == -1)
-+#else
- if (sandbox_init(kSBXProfilePureComputation, SANDBOX_NAMED,
- &errmsg) == -1)
-+#endif
- fatal("%s: sandbox_init: %s", __func__, errmsg);
-
- /*
diff --git a/openssh8/patches/patch-scp.c b/openssh8/patches/patch-scp.c
deleted file mode 100644
index 415ddfbc2b..0000000000
--- a/openssh8/patches/patch-scp.c
+++ /dev/null
@@ -1,39 +0,0 @@
-$NetBSD: patch-scp.c,v 1.4 2016/01/18 12:53:26 jperkin Exp $
-
-Interix support
-
---- scp.c.orig 2015-08-21 04:49:03.000000000 +0000
-+++ scp.c
-@@ -478,7 +478,11 @@ main(int argc, char **argv)
- argc -= optind;
- argv += optind;
-
-+#ifdef HAVE_INTERIX
-+ if ((pwd = getpwuid_ex(userid = getuid(), PW_FULLNAME)) == NULL)
-+#else
- if ((pwd = getpwuid(userid = getuid())) == NULL)
-+#endif
- fatal("unknown user %u", (u_int) userid);
-
- if (!isatty(STDOUT_FILENO))
-@@ -886,8 +890,10 @@ rsource(char *name, struct stat *statp)
- return;
- }
- while ((dp = readdir(dirp)) != NULL) {
-+#ifndef HAVE_INTERIX
- if (dp->d_ino == 0)
- continue;
-+#endif
- if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
- continue;
- if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) {
-@@ -1297,7 +1303,9 @@ okname(char *cp0)
- case '\'':
- case '"':
- case '`':
-+#ifndef HAVE_INTERIX
- case ' ':
-+#endif
- case '#':
- goto bad;
- default:
diff --git a/openssh8/patches/patch-session.c b/openssh8/patches/patch-session.c
deleted file mode 100644
index d0b9df8d7d..0000000000
--- a/openssh8/patches/patch-session.c
+++ /dev/null
@@ -1,65 +0,0 @@
-$NetBSD: patch-session.c,v 1.9 2019/01/18 20:13:37 tnn Exp $
-
-* Interix support.
-
---- session.c.orig 2018-10-17 00:01:20.000000000 +0000
-+++ session.c
-@@ -959,7 +959,7 @@ read_etc_default_login(char ***env, u_in
- if (tmpenv == NULL)
- return;
-
-- if (uid == 0)
-+ if (uid == ROOTUID)
- var = child_get_env(tmpenv, "SUPATH");
- else
- var = child_get_env(tmpenv, "PATH");
-@@ -1077,7 +1077,7 @@ do_setup_env(struct ssh *ssh, Session *s
- # endif /* HAVE_ETC_DEFAULT_LOGIN */
- if (path == NULL || *path == '\0') {
- child_set_env(&env, &envsize, "PATH",
-- s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH);
-+ s->pw->pw_uid == ROOTUID ? SUPERUSER_PATH : _PATH_STDPATH);
- }
- # endif /* HAVE_CYGWIN */
- #endif /* HAVE_LOGIN_CAP */
-@@ -1209,6 +1209,17 @@ do_setup_env(struct ssh *ssh, Session *s
- child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
- original_command);
-
-+#ifdef HAVE_INTERIX
-+ {
-+ /* copy standard Windows environment, then apply changes */
-+ env_t *winenv = env_login(pw);
-+ env_putarray(winenv, env, ENV_OVERRIDE);
-+
-+ /* swap over to altered environment as a traditional array */
-+ env = env_array(winenv);
-+ }
-+#endif
-+
- if (debug_flag) {
- /* dump the environment */
- fprintf(stderr, "Environment:\n");
-@@ -1400,11 +1411,13 @@ do_setusercontext(struct passwd *pw)
- perror("setgid");
- exit(1);
- }
-+# if !defined(HAVE_INTERIX)
- /* Initialize the group list. */
- if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
- perror("initgroups");
- exit(1);
- }
-+# endif /* !HAVE_INTERIX */
- endgrent();
- #endif
-
-@@ -2275,7 +2288,7 @@ session_pty_cleanup2(Session *s)
- record_logout(s->pid, s->tty, s->pw->pw_name);
-
- /* Release the pseudo-tty. */
-- if (getuid() == 0)
-+ if (getuid() == ROOTUID)
- pty_release(s->tty);
-
- /*
diff --git a/openssh8/patches/patch-sftp-common.c b/openssh8/patches/patch-sftp-common.c
deleted file mode 100644
index b17738bd7f..0000000000
--- a/openssh8/patches/patch-sftp-common.c
+++ /dev/null
@@ -1,14 +0,0 @@
-$NetBSD$
-
---- sftp-common.c.orig 2019-04-17 22:52:57.000000000 +0000
-+++ sftp-common.c
-@@ -36,7 +36,9 @@
- #include <string.h>
- #include <time.h>
- #include <stdarg.h>
-+#ifdef HAVE_UNISTD_H
- #include <unistd.h>
-+#endif
- #ifdef HAVE_UTIL_H
- #include <util.h>
- #endif
diff --git a/openssh8/patches/patch-sshd.8 b/openssh8/patches/patch-sshd.8
deleted file mode 100644
index 085accf98c..0000000000
--- a/openssh8/patches/patch-sshd.8
+++ /dev/null
@@ -1,27 +0,0 @@
-$NetBSD: patch-sshd.8,v 1.2 2016/01/18 12:53:26 jperkin Exp $
-
-* Revive tcp_wrappers support.
-
---- sshd.8.orig 2015-08-21 04:49:03.000000000 +0000
-+++ sshd.8
-@@ -850,6 +850,12 @@ the user's home directory becomes access
- This file should be writable only by the user, and need not be
- readable by anyone else.
- .Pp
-+.It Pa /etc/hosts.allow
-+.It Pa /etc/hosts.deny
-+Access controls that should be enforced by tcp-wrappers are defined here.
-+Further details are described in
-+.Xr hosts_access 5 .
-+.Pp
- .It Pa /etc/hosts.equiv
- This file is for host-based authentication (see
- .Xr ssh 1 ) .
-@@ -953,6 +959,7 @@ The content of this file is not sensitiv
- .Xr ssh-keygen 1 ,
- .Xr ssh-keyscan 1 ,
- .Xr chroot 2 ,
-+.Xr hosts_access 5 ,
- .Xr login.conf 5 ,
- .Xr moduli 5 ,
- .Xr sshd_config 5 ,
diff --git a/openssh8/patches/patch-sshd.c b/openssh8/patches/patch-sshd.c
deleted file mode 100644
index ccab150f1b..0000000000
--- a/openssh8/patches/patch-sshd.c
+++ /dev/null
@@ -1,137 +0,0 @@
-$NetBSD$
-
---- sshd.c.orig 2019-04-17 22:52:57.000000000 +0000
-+++ sshd.c
-@@ -123,6 +123,13 @@
- #include "version.h"
- #include "ssherr.h"
-
-+#ifdef LIBWRAP
-+#include <tcpd.h>
-+#include <syslog.h>
-+int allow_severity;
-+int deny_severity;
-+#endif /* LIBWRAP */
-+
- /* Re-exec fds */
- #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
- #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
-@@ -235,7 +242,11 @@ static int *startup_flags = NULL; /* Ind
- static int startup_pipe = -1; /* in child */
-
- /* variables used for privilege separation */
-+#ifdef HAVE_INTERIX
-+int use_privsep = 0;
-+#else
- int use_privsep = -1;
-+#endif
- struct monitor *pmonitor = NULL;
- int privsep_is_preauth = 1;
- static int privsep_chroot = 1;
-@@ -467,10 +478,15 @@ privsep_preauth_child(void)
- /* Drop our privileges */
- debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
- (u_int)privsep_pw->pw_gid);
-+#ifdef HAVE_INTERIX
-+ if (setuser(privsep_pw->pw_name, NULL, SU_COMPLETE))
-+ fatal("setuser: %.100s", strerror(errno));
-+#else
- gidset[0] = privsep_pw->pw_gid;
- if (setgroups(1, gidset) < 0)
- fatal("setgroups: %.100s", strerror(errno));
- permanently_set_uid(privsep_pw);
-+#endif /* HAVE_INTERIX */
- }
- }
-
-@@ -534,10 +550,17 @@ privsep_preauth(struct ssh *ssh)
- /* Arrange for logging to be sent to the monitor */
- set_log_handler(mm_log_handler, pmonitor);
-
-+#ifdef __APPLE_SANDBOX_NAMED_EXTERNAL__
-+ /* We need to do this before we chroot() so we can read sshd.sb */
-+ if (box != NULL)
-+ ssh_sandbox_child(box);
-+#endif
- privsep_preauth_child();
- setproctitle("%s", "[net]");
-+#ifndef __APPLE_SANDBOX_NAMED_EXTERNAL__
- if (box != NULL)
- ssh_sandbox_child(box);
-+#endif
-
- return 0;
- }
-@@ -549,7 +572,7 @@ privsep_postauth(struct ssh *ssh, Authct
- #ifdef DISABLE_FD_PASSING
- if (1) {
- #else
-- if (authctxt->pw->pw_uid == 0) {
-+ if (authctxt->pw->pw_uid == ROOTUID) {
- #endif
- /* File descriptor passing is broken or root login */
- use_privsep = 0;
-@@ -1454,7 +1477,7 @@ main(int ac, char **av)
- av = saved_argv;
- #endif
-
-- if (geteuid() == 0 && setgroups(0, NULL) == -1)
-+ if (geteuid() == ROOTUID && setgroups(0, NULL) == -1)
- debug("setgroups(): %.200s", strerror(errno));
-
- /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
-@@ -1686,7 +1709,7 @@ main(int ac, char **av)
- );
-
- /* Store privilege separation user for later use if required. */
-- privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);
-+ privsep_chroot = use_privsep && (getuid() == ROOTUID || geteuid() == ROOTUID);
- if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
- if (privsep_chroot || options.kerberos_authentication)
- fatal("Privilege separation user %s does not exist",
-@@ -1830,7 +1853,7 @@ main(int ac, char **av)
- (st.st_uid != getuid () ||
- (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
- #else
-- if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
-+ if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
- #endif
- fatal("%s must be owned by root and not group or "
- "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
-@@ -1858,8 +1881,10 @@ main(int ac, char **av)
- * to create a file, and we can't control the code in every
- * module which might be used).
- */
-+#ifndef HAVE_INTERIX
- if (setgroups(0, NULL) < 0)
- debug("setgroups() failed: %.200s", strerror(errno));
-+#endif
-
- if (rexec_flag) {
- if (rexec_argc < 0)
-@@ -2053,6 +2078,25 @@ main(int ac, char **av)
- audit_connection_from(remote_ip, remote_port);
- #endif
-
-+#ifdef LIBWRAP
-+ allow_severity = options.log_facility|LOG_INFO;
-+ deny_severity = options.log_facility|LOG_WARNING;
-+ /* Check whether logins are denied from this host. */
-+ if (ssh_packet_connection_is_on_socket(ssh)) {
-+ struct request_info req;
-+
-+ request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
-+ fromhost(&req);
-+
-+ if (!hosts_access(&req)) {
-+ debug("Connection refused by tcp wrapper");
-+ refuse(&req);
-+ /* NOTREACHED */
-+ fatal("libwrap refuse returns");
-+ }
-+ }
-+#endif /* LIBWRAP */
-+
- rdomain = ssh_packet_rdomain_in(ssh);
-
- /* Log the connection. */
diff --git a/openssh8/patches/patch-sshpty.c b/openssh8/patches/patch-sshpty.c
deleted file mode 100644
index c96ba181fe..0000000000
--- a/openssh8/patches/patch-sshpty.c
+++ /dev/null
@@ -1,24 +0,0 @@
-$NetBSD: patch-sshpty.c,v 1.3 2016/01/18 12:53:26 jperkin Exp $
-
-Replace uid 0 with ROOTUID macro
-
---- sshpty.c.orig 2015-08-21 04:49:03.000000000 +0000
-+++ sshpty.c
-@@ -86,7 +86,7 @@ void
- pty_release(const char *tty)
- {
- #if !defined(__APPLE_PRIVPTY__) && !defined(HAVE_OPENPTY)
-- if (chown(tty, (uid_t) 0, (gid_t) 0) < 0)
-+ if (chown(tty, (uid_t) ROOTUID, (gid_t) ROOTGID) < 0)
- error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno));
- if (chmod(tty, (mode_t) 0666) < 0)
- error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno));
-@@ -215,7 +215,7 @@ pty_setowner(struct passwd *pw, const ch
- if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
- if (chown(tty, pw->pw_uid, gid) < 0) {
- if (errno == EROFS &&
-- (st.st_uid == pw->pw_uid || st.st_uid == 0))
-+ (st.st_uid == pw->pw_uid || st.st_uid == ROOTUID))
- debug("chown(%.100s, %u, %u) failed: %.100s",
- tty, (u_int)pw->pw_uid, (u_int)gid,
- strerror(errno));
diff --git a/openssh8/patches/patch-uidswap.c b/openssh8/patches/patch-uidswap.c
deleted file mode 100644
index 32a76c6922..0000000000
--- a/openssh8/patches/patch-uidswap.c
+++ /dev/null
@@ -1,77 +0,0 @@
-$NetBSD: patch-uidswap.c,v 1.6 2019/01/18 20:13:37 tnn Exp $
-
-Interix support
-
---- uidswap.c.orig 2018-10-17 00:01:20.000000000 +0000
-+++ uidswap.c
-@@ -68,13 +68,13 @@ temporarily_use_uid(struct passwd *pw)
- (u_int)pw->pw_uid, (u_int)pw->pw_gid,
- (u_int)saved_euid, (u_int)saved_egid);
- #ifndef HAVE_CYGWIN
-- if (saved_euid != 0) {
-+ if (saved_euid != ROOTUID) {
- privileged = 0;
- return;
- }
- #endif
- #else
-- if (geteuid() != 0) {
-+ if (geteuid() != ROOTUID) {
- privileged = 0;
- return;
- }
-@@ -98,10 +98,11 @@ temporarily_use_uid(struct passwd *pw)
-
- /* set and save the user's groups */
- if (user_groupslen == -1 || user_groups_uid != pw->pw_uid) {
-+#ifndef HAVE_INTERIX
- if (initgroups(pw->pw_name, pw->pw_gid) < 0)
- fatal("initgroups: %s: %.100s", pw->pw_name,
- strerror(errno));
--
-+#endif
- user_groupslen = getgroups(0, NULL);
- if (user_groupslen < 0)
- fatal("getgroups: %.100s", strerror(errno));
-@@ -116,9 +117,11 @@ temporarily_use_uid(struct passwd *pw)
- }
- user_groups_uid = pw->pw_uid;
- }
-+#ifndef HAVE_INTERIX
- /* Set the effective uid to the given (unprivileged) uid. */
- if (setgroups(user_groupslen, user_groups) < 0)
- fatal("setgroups: %.100s", strerror(errno));
-+#endif
- #ifndef SAVED_IDS_WORK_WITH_SETEUID
- /* Propagate the privileged gid to all of our gids. */
- if (setgid(getegid()) < 0)
-@@ -166,8 +169,10 @@ restore_uid(void)
- setgid(getgid());
- #endif /* SAVED_IDS_WORK_WITH_SETEUID */
-
-+#ifndef HAVE_INTERIX
- if (setgroups(saved_egroupslen, saved_egroups) < 0)
- fatal("setgroups: %.100s", strerror(errno));
-+#endif
- temporarily_use_uid_effective = 0;
- }
-
-@@ -190,6 +195,10 @@ permanently_set_uid(struct passwd *pw)
- debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
- (u_int)pw->pw_gid);
-
-+#if defined(HAVE_INTERIX)
-+ if (setuser(pw->pw_name, NULL, SU_COMPLETE))
-+ fatal("setuser %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-+#else
- if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
- fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-
-@@ -226,6 +235,7 @@ permanently_set_uid(struct passwd *pw)
- (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
- fatal("%s: was able to restore old [e]uid", __func__);
- #endif
-+#endif /* HAVE_INTERIX */
-
- /* Verify UID drop was successful */
- if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) {
Home |
Main Index |
Thread Index |
Old Index