mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-28 05:29:48 +00:00
Code Issues Releases Activity

Remove expired ports:

Browse Source 
2015-01-31 audio/py-eyed3-06: In audio/abcde dependency has been changed to audio/py-eyed3
2015-01-31 mail/postfix210: Use mail/postfix instead.
2015-01-31 net-im/venom: No more support from the project
2015-02-01 security/openssh-portable66: security/openssh-portable now has all patches working. This port is obsolete.
2015-01-31 www/p5-WWW-Scraper-ISBN-Driver: Merged to www/p5-WWW-Scraper-ISBN by upstream
2015-01-31 www/p5-WWW-Scraper-ISBN-Record: Merged to www/p5-WWW-Scraper-ISBN by upstream
This commit is contained in:
Rene Ladan 2015-02-02 22:22:23 +00:00
parent eff5b121fc
commit 1869512c53
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=378332
56 changed files with 6 additions and 2828 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
MOVED
View File

@ -7412,3 +7412,9 @@ net-im/pidgin-audacious-remote||2015-01-28|Has expired: Broken for more than 6 m
www/lifetype||2015-01-28|Has expired: Broken for more than 6 months
www/ump||2015-01-28|Has expired: Broken for more than 6 months
net/owncloud-csync||2015-02-01|Merged into deskutils/mirall
audio/py-eyed3-06|audio/py-eyed3|2015-02-02|Has expired: In audio/abcde dependency has been changed to audio/py-eyed3
mail/postfix210|mail/postfix|2015-02-02|Has expired: Use mail/postfix instead.
net-im/venom||2015-02-02|Has expired: No more support from the project
security/openssh-portable66|security/openssh-portable|2015-02-02|Has expired: security/openssh-portable now has all patches working. This port is obsolete.
www/p5-WWW-Scraper-ISBN-Driver|www/p5-WWW-Scraper-ISBN|2015-02-02|Has expired: Merged to www/p5-WWW-Scraper-ISBN by upstream
www/p5-WWW-Scraper-ISBN-Record|www/p5-WWW-Scraper-ISBN|2015-02-02|Has expired: Merged to www/p5-WWW-Scraper-ISBN by upstream

1
audio/Makefile
View File

@ -599,7 +599,6 @@
SUBDIR += py-cddb
SUBDIR += py-discogs-client
SUBDIR += py-eyed3
SUBDIR += py-eyed3-06
SUBDIR += py-fastaudio
SUBDIR += py-gmusicapi
SUBDIR += py-id3

39
audio/py-eyed3-06/Makefile
View File

@ -1,39 +0,0 @@
# Created by: Hye-Shik Chang <perky@FreeBSD.org>
# $FreeBSD$
PORTNAME= eyed3
PORTVERSION= 0.6.18
PORTREVISION= 1
CATEGORIES= audio python
MASTER_SITES= http://eyed3.nicfit.net/releases/
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
PKGNAMESUFFIX= -06
DISTNAME= eyeD3-${PORTVERSION}
MAINTAINER= ports@FreeBSD.org
COMMENT= Python module for processing ID3 tags
LICENSE= GPLv2
USES= gmake python:2
USE_PYTHON= distutils autoplist
GNU_CONFIGURE= yes
CONFLICTS= py*-eyed3-0.7.[0-9]*
DOCSDIR= ${PREFIX}/share/doc/${PKGNAMEPREFIX}${PORTNAME}
PORTDOCS= AUTHORS ChangeLog README
PLIST_FILES+= bin/eyeD3 man/man1/eyeD3.1.gz
OPTIONS_DEFINE= DOCS EXAMPLES
DEPRECATED= In audio/abcde dependency has been changed to audio/py-eyed3
EXPIRATION_DATE=2015-01-31
post-install:
@${MKDIR} ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}
${INSTALL_MAN} ${WRKSRC}/doc/eyeD3.1 ${STAGEDIR}${MANPREFIX}/man/man1
${INSTALL_SCRIPT} ${WRKSRC}/bin/eyeD3 ${STAGEDIR}${PREFIX}/bin
.include <bsd.port.mk>

2
audio/py-eyed3-06/distinfo
View File

@ -1,2 +0,0 @@
SHA256 (eyeD3-0.6.18.tar.gz) = ad871e252473f1db81b2574ae3a7d3e14128e28de0b54998b4ce1d62dc207406
SIZE (eyeD3-0.6.18.tar.gz) = 117002

6
audio/py-eyed3-06/pkg-descr
View File

@ -1,6 +0,0 @@
eyeD3 is a Python program/module for processing (reading and
writing) ID3 tags. Information about mp3 files (i.e bit rate,
sample frequency, play time, etc.) is also available. The formats
supported are ID3 v1.0/v1.1 and v2.3/v2.4.
WWW: http://eyed3.nicfit.net/

1
mail/Makefile
View File

@ -487,7 +487,6 @@
SUBDIR += postfix-policyd-weight
SUBDIR += postfix-postfwd
SUBDIR += postfix-tls
SUBDIR += postfix210
SUBDIR += postfixadmin
SUBDIR += postgrey
SUBDIR += postsrsd

357
mail/postfix210/Makefile
View File

@ -1,357 +0,0 @@
# Created by: Torsten Blum <torstenb@FreeBSD.org>
# $FreeBSD$
PORTNAME= postfix
PORTVERSION= 2.10.5
PORTEPOCH= 1
CATEGORIES= mail ipv6
MASTER_SITES= ftp://ftp.porcupine.org/mirrors/postfix-release/official/ \
http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/ \
ftp://ftp.tux.org/pub/net/postfix/official/ \
#${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/mail/postfix/official/&,}
MASTER_SITE_SUBDIR= . old related/postfix
PKGNAMESUFFIX= 210
DIST_SUBDIR= ${PORTNAME}
MAINTAINER= mandree@FreeBSD.org
COMMENT= Secure alternative to widely-used Sendmail
DEPRECATED= Use mail/postfix instead.
EXPIRATION_DATE=2015-01-31
LICENSE= IPL10
LICENSE_NAME= IBM PUBLIC LICENSE VERSION 1.0
LICENSE_FILE= ${WRKSRC}/LICENSE
LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept
PORTSCOUT= limit:^2\.10\.
VDAVERSION= 2.10.0
CONFLICTS= courier-0.* postfix-1.* postfix2[789]-* \
postfix-2.11.* postfix-base-2.11.* postfix-current-2.* \
postfix-current-base-2.* sendmail-8.* sendmail+*-8.* \
smail-3.* zmailer-2.* opensmtpd-[0-9]* postfix-tls-*
USERS= postfix
GROUPS= mail maildrop postfix
USES= perl5 shebangfix
USE_SUBMAKE= yes
USE_PERL5= build
SCRIPTS_ENV+= POSTFIX_DEFAULT_MTA="${POSTFIX_DEFAULT_MTA}"
SHEBANG_FILES= auxiliary/qshape/qshape.pl
OPTIONS_DEFINE= PCRE SASL2 TLS BDB MYSQL PGSQL SQLITE OPENLDAP LDAP_SASL \
CDB NIS VDA TEST SPF INST_BASE
PCRE_DESC= Perl Compatible Regular Expressions
SASL2_DESC= Cyrus SASLv2 (Simple Auth. and Sec. Layer)
DOVECOT_DESC= Dovecot 1.x SASL authentication method
DOVECOT2_DESC= Dovecot 2.x SASL authentication method
SASLKRB5_DESC= If your SASL req. Kerberos5, select this
SASLKMIT_DESC= If your SASL req. MIT Kerberos5, select this
TLS_DESC= SSL and TLS support
BDB_DESC= Berkeley DB (uses WITH_BDB_VER)
MYSQL_DESC= MySQL maps (uses WITH_MYSQL_VER)
PGSQL_DESC= PostgreSQL maps (uses DEFAULT_PGSQL_VER)
SQLITE_DESC= SQLite maps
OPENLDAP_DESC= OpenLDAP maps (uses WITH_OPENLDAP_VER)
LDAP_SASL_DESC= OpenLDAP client-to-server SASL auth
CDB_DESC= CDB maps lookups
NIS_DESC= NIS maps lookups
VDA_DESC= VDA (Virtual Delivery Agent 32Bit)
TEST_DESC= SMTP/LMTP test server and generator
SPF_DESC= SPF support (via libspf2 1.2.x)
INST_BASE_DESC= Install into /usr and /etc/postfix
OPTIONS_RADIO= RG1 RG2
OPTIONS_RADIO_RG1= DOVECOT DOVECOT2
OPTIONS_RADIO_RG2= SASLKRB5 SASLKMIT
RG1_DESC= Dovecot SASL authentication methods
RG2_DESC= Kerberos network authentication protocol type
OPTIONS_DEFAULT= PCRE
.include <bsd.port.options.mk>
HTML1= body_checks.5.html bounce.5.html postfix-power.png \
scache.8.html tlsmgr.8.html
.if !defined(BATCH) && !defined(PACKAGE_BUILDING) && exists(/etc/mail/mailer.conf)
OLD_MAILER!= ${GREP} -m 1 '^purgestat' /etc/mail/mailer.conf || ${ECHO_CMD}
.if !empty(OLD_MAILER)
IS_INTERACTIVE= yes
.endif
.endif
.if ${OSVERSION} >= 800037
KRB5_EXTR= -lhx509
.endif
.if !defined(DEBUG)
MAKEFILEFLAGS+= DEBUG=
.endif
MAKEFILEFLAGS+= CC="${CC}" OPT="${CFLAGS}"
POSTFIX_CCARGS+= \$$(WARN) \
-DDEF_CONFIG_DIR=\\\"${ETCDIR}\\\" \
-DDEF_DAEMON_DIR=\\\"${DAEMONDIR}\\\" \
-DDEF_COMMAND_DIR=\\\"${PREFIX}/sbin\\\" \
-DDEF_SENDMAIL_PATH=\\\"${PREFIX}/sbin/sendmail\\\" \
-DDEF_NEWALIAS_PATH=\\\"${PREFIX}/bin/newaliases\\\" \
-DDEF_MAILQ_PATH=\\\"${PREFIX}/bin/mailq\\\" \
-DDEF_MANPAGE_DIR=\\\"${MANPREFIX}/man\\\" \
-DDEF_README_DIR=\\\"${READMEDIR}\\\" \
-DDEF_HTML_DIR=\\\"${READMEDIR}\\\" \
-DDEF_QUEUE_DIR=\\\"/var/spool/postfix\\\" \
-DDEF_DATA_DIR=\\\"/var/db/postfix\\\" \
-DDEF_MAIL_OWNER=\\\"postfix\\\" \
-DDEF_SGID_GROUP=\\\"maildrop\\\" \
# Default requirement for postfix rc script
_REQUIRE= LOGIN cleanvar
.if ${PORT_OPTIONS:MPCRE}
LIB_DEPENDS+= libpcre.so:${PORTSDIR}/devel/pcre
POSTFIX_CCARGS+= -DHAS_PCRE -I${LOCALBASE}/include
POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lpcre
.else
POSTFIX_CCARGS+= -DNO_PCRE
.endif
.if ${PORT_OPTIONS:MSASL2}
LIB_DEPENDS+= libsasl2.so:${PORTSDIR}/security/cyrus-sasl2
POSTFIX_CCARGS+= -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${LOCALBASE}/include -I${LOCALBASE}/include/sasl
POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lsasl2 -lpam -lcrypt
.endif
.if ${PORT_OPTIONS:MDOVECOT} || ${PORT_OPTIONS:MDOVECOT2}
.if ${PORT_OPTIONS:MDOVECOT}
RUN_DEPENDS+= dovecot:${PORTSDIR}/mail/dovecot
.else
RUN_DEPENDS+= dovecot:${PORTSDIR}/mail/dovecot2
.endif
POSTFIX_CCARGS+= -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\\\"dovecot\\\"
_REQUIRE+= dovecot
.endif
.if ${PORT_OPTIONS:MSASLKRB5}
POSTFIX_AUXLIBS+= -lkrb5 ${KRB5_EXTR} -lcrypto -lcrypt -lcom_err -lasn1 -lroken
.endif
.if ${PORT_OPTIONS:MSASLKMIT}
LIB_DEPENDS+= libkrb5.so:${PORTSDIR}/security/krb5
POSTFIX_AUXLIBS+= -Wl,--rpath,$${KRB5_HOME:-${LOCALBASE}}/lib -lkrb5 -lcrypto -lcrypt -lcom_err
.endif
.if ${PORT_OPTIONS:MTLS}
.include "${PORTSDIR}/Mk/bsd.openssl.mk"
POSTFIX_CCARGS+= -DUSE_TLS -I${OPENSSLINC}
POSTFIX_AUXLIBS+= -L${OPENSSLLIB} ${LDFLAGS} -lssl -lcrypto
.endif
.if ${PORT_OPTIONS:MSPF}
LIB_DEPENDS+= libspf2.so:${PORTSDIR}/mail/libspf2
PATCH_SITES+= ${MASTER_SITE_LOCAL}
PATCH_SITE_SUBDIR= mm
PATCHFILES+= postfix-2.8.0-libspf2-1.2.x-0.patch.gz
PATCH_DIST_STRIP= -p1
POSTFIX_CCARGS+= -DHAVE_NS_TYPE -DHAS_SPF -I${LOCALBASE}/include
POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lspf2
PLIST_SUB+= SPF=""
.else
PLIST_SUB+= SPF="@comment "
.endif
.if ${PORT_OPTIONS:MBDB}
USE_BDB= yes
INVALID_BDB_VER= 6
POSTFIX_CCARGS+= -I${BDB_INCLUDE_DIR}
POSTFIX_AUXLIBS+= -L${BDB_LIB_DIR} -l${BDB_LIB_NAME}
.endif
.if ${PORT_OPTIONS:MMYSQL}
USE_MYSQL= yes
POSTFIX_CCARGS+= -DHAS_MYSQL -I${LOCALBASE}/include/mysql
POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib/mysql -lmysqlclient -lz -lcrypt -lm
_REQUIRE+= mysql
.endif
.if ${PORT_OPTIONS:MPGSQL}
USES+= pgsql
POSTFIX_CCARGS+= -DHAS_PGSQL -I${LOCALBASE}/include -I${LOCALBASE}/pgsql/include
POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -L${LOCALBASE}/pgsql/lib -lpq -lcrypt
_REQUIRE+= postgresql
.endif
.if ${PORT_OPTIONS:MSQLITE}
USE_SQLITE= yes
POSTFIX_CCARGS+= -DHAS_SQLITE -I${LOCALBASE}/include
POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lsqlite3
.endif
.if ${PORT_OPTIONS:MOPENLDAP}
USE_OPENLDAP= yes
.if defined(WITH_OPENLDAP_VER)
WANT_OPENLDAP_VER= ${WITH_OPENLDAP_VER}
.endif
POSTFIX_CCARGS+= -DHAS_LDAP -I${LOCALBASE}/include
POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lldap -llber
_REQUIRE+= slapd
.if ${PORT_OPTIONS:MLDAP_SASL}
.if ! ${PORT_OPTIONS:MSASL2}
LIB_DEPENDS+= libsasl2.so:${PORTSDIR}/security/cyrus-sasl2
.endif
POSTFIX_CCARGS+= -I${LOCALBASE}/include/sasl -DUSE_LDAP_SASL
.endif
.endif
.if ${PORT_OPTIONS:MCDB}
LIB_DEPENDS+= libcdb.so:${PORTSDIR}/databases/tinycdb
POSTFIX_CCARGS+= -DHAS_CDB -I${LOCALBASE}/include
POSTFIX_AUXLIBS+= -L${LOCALBASE}/lib -lcdb
.endif
.if ${PORT_OPTIONS:MNIS}
POSTFIX_CCARGS+= -DHAS_NIS
_REQUIRE+= ypserv
.endif
.if ${PORT_OPTIONS:MVDA}
PATCH_SITES+= http://vda.sourceforge.net/VDA/:vda
PATCHFILES+= postfix-vda-v13-${VDAVERSION}.patch:vda
PATCH_DIST_STRIP= -p1
PLIST_SUB+= VDA=""
.else
PLIST_SUB+= VDA="@comment "
.endif
.if ${PORT_OPTIONS:MTEST}
BINTEST= qmqp-sink qmqp-source smtp-sink smtp-source
MANTEST= qmqp-sink.1 qmqp-source.1 smtp-sink.1 smtp-source.1
PLIST_SUB+= TEST=""
.else
PLIST_SUB+= TEST="@comment "
.endif
.if ${PORT_OPTIONS:MINST_BASE}
PKGNAMESUFFIX= 210base
PREFIX= /usr
ETCDIR= /etc/postfix
USE_RCORDER= postfix
PLIST_SUB+= BASE="" BMAN="share/"
.else
USE_RC_SUBR= postfix
PLIST_SUB+= BASE="@comment " BMAN=""
.endif
PLIST_SUB+= PFETC=${ETCDIR}
.if ${PORT_OPTIONS:MDOCS}
READMEDIR= ${DOCSDIR}
.else
READMEDIR= no
.endif
DAEMONDIR= ${PREFIX}/libexec/postfix
SUB_LIST+= REQUIRE="${_REQUIRE}" READMEDIR="${READMEDIR}" DAEMONDIR="${DAEMONDIR}"
SUB_FILES+= pkg-install pkg-message
# sed script for files in ${WRKSRC}/README_FILES ${WRKSRC}/conf ${WRKSRC}/man
REINPLACE= s!^PATH=.*!PATH=/bin:/sbin:/usr/bin:/usr/sbin:${PREFIX}/bin:${PREFIX}/sbin!;\
s!(_directory = )/usr/!\1${PREFIX}/!g;\
s!^(data_directory = /var/)lib/!\1db/!g;\
s!^\#(mynetworks_style = host)!\1!g;\
s!^(sendmail_path =)!\1 ${PREFIX}/sbin/sendmail!g;\
s!^(newaliases_path =)!\1 ${PREFIX}/bin/newaliases!g;\
s!^(mailq_path =)!\1 ${PREFIX}/bin/mailq!g;\
s!^(setgid_group =)!\1 maildrop!g;\
s!^(manpage_directory =)!\1 ${MANPREFIX}/man!g;\
s!^((html|readme)_directory =)!\1 ${READMEDIR}!g;\
\!^\#alias_database = dbm:/etc/mail/aliases$$!d;\
s!(:|= )/etc/postfix!\1$$config_directory!g;\
s!/etc/postfix!${ETCDIR}!g;\
s!^(sample_directory =)!\1 ${ETCDIR}!g;\
s!($config_directory/(access|aliases|canonical|generic|header_checks|relocated|transport|virtual):f:root:-:644:)p1!\1o!;
pre-patch:
.if ${PORT_OPTIONS:MSASL2} && ! ${PORT_OPTIONS:MMYSQL} && exists(${LOCALBASE}/lib/libsasl2.a)
@if /usr/bin/nm ${LOCALBASE}/lib/libsasl2.a | ${GREP} -wq "mysql_init"; then \
${ECHO_MSG}; \
${ECHO_MSG} "Your SASL2 library it's compiled with MYSQL"; \
${ECHO_MSG} "If you use MYSQL in ${PORTNAME} consider CTRL+C and"; \
${ECHO_MSG} "select MYSQL OPTION in config menu."; \
${ECHO_MSG} "# make clean config"; \
${ECHO_MSG}; \
sleep 5; \
fi
.endif
@${ECHO} '<HTML><BODY>See <A HREF="header_checks.5.html">header_checks.5.html</A></BODY></HTML>' \
> ${WRKSRC}/html/body_checks.5.html
@${REINPLACE_CMD} -E -e 's![[:<:]]perl[[:>:]]!${PERL}!' \
${WRKSRC}/src/bounce/Makefile.in
@${REINPLACE_CMD} -E -e 's!^(#define DEF_SGID_GROUP[^"]+)"postdrop"$$!\1"maildrop"!' \
${WRKSRC}/src/global/mail_params.h
@${FIND} -X ${WRKSRC}/README_FILES ${WRKSRC}/conf ${WRKSRC}/man \
-type f -a ! \( -name INSTALL -o -name aliases \) | ${XARGS} \
${REINPLACE_CMD} -E -e '${REINPLACE}'
post-patch:
.for f in ${HTML1}
@${ECHO} '$$html_directory/$f:f:root:-:644' \
>> ${WRKSRC}/conf/postfix-files
.endfor
.if ${PORT_OPTIONS:MSPF}
@${ECHO} '$$readme_directory/SPF_README:f:root:-:644' \
>> ${WRKSRC}/conf/postfix-files
@${REINPLACE_CMD} -E -e '${REINPLACE}' \
${WRKSRC}/README_FILES/SPF_README
.endif
.if ${PORT_OPTIONS:MVDA}
@${ECHO} '$$readme_directory/VDA_README:f:root:-:644' \
>> ${WRKSRC}/conf/postfix-files
@${REINPLACE_CMD} -E -e '${REINPLACE}' \
${WRKSRC}/README_FILES/VDA_README
.endif
do-configure:
(cd ${WRKSRC} && ${MAKE} -f Makefile.init makefiles ${MAKEFILEFLAGS} \
CCARGS="${POSTFIX_CCARGS}" AUXLIBS="${POSTFIX_AUXLIBS}" && \
${ECHO} "all: default" >> Makefile)
pre-install:
.if ${PORT_OPTIONS:MINST_BASE}
${MKDIR} ${STAGEDIR}/etc/rc.d
.endif
do-install:
@cd ${WRKSRC} && ${SH} postfix-install -non-interactive install_root=${STAGEDIR} tempdir=/tmp \
config_directory=${ETCDIR} \
command_directory=${PREFIX}/sbin \
daemon_directory=${DAEMONDIR} \
html_directory=${READMEDIR} \
mailq_path=${PREFIX}/bin/mailq \
manpage_directory=${MANPREFIX}/man \
newaliases_path=${PREFIX}/bin/newaliases \
readme_directory=${READMEDIR} \
sendmail_path=${PREFIX}/sbin/sendmail
${RM} ${STAGEDIR}${ETCDIR}/main.cf ${STAGEDIR}${ETCDIR}/master.cf
${INSTALL_SCRIPT} ${WRKSRC}/auxiliary/rmail/rmail ${STAGEDIR}${PREFIX}/bin/rmail
${INSTALL_SCRIPT} ${WRKSRC}/auxiliary/qshape/qshape.pl ${STAGEDIR}${PREFIX}/bin/qshape
${INSTALL_MAN} ${WRKSRC}/man/man1/qshape.1 ${STAGEDIR}${MAN1PREFIX}/man/man1
.for f in ${BINTEST}
${INSTALL_PROGRAM} ${WRKSRC}/bin/${f} ${STAGEDIR}${PREFIX}/bin
.endfor
.for f in ${MANTEST}
${INSTALL_MAN} ${WRKSRC}/man/man1/${f} ${STAGEDIR}${MAN1PREFIX}/man/man1
.endfor
.if ${STRIP_CMD:M*/strip}
${FILE} ${STAGEDIR}${PREFIX}/bin/* ${STAGEDIR}${PREFIX}/sbin/* \
${STAGEDIR}${DAEMONDIR}/* \
| LC_ALL=C ${GREP} 'not stripped' \
| ${CUT} -f1 -d\: \
| ${XARGS} ${STRIP_CMD}
.endif
.include <bsd.port.mk>

6
mail/postfix210/distinfo
View File

@ -1,6 +0,0 @@
SHA256 (postfix/postfix-2.10.5.tar.gz) = 3a172c1e892b951dfe3d4e703f49359a66b281b3ab7b4e987b6746d2992f623b
SIZE (postfix/postfix-2.10.5.tar.gz) = 3830067
SHA256 (postfix/postfix-2.8.0-libspf2-1.2.x-0.patch.gz) = e5c38e5bc226cab109c02a4e530ab1aefd3bb06f2169f3e052bdf83d2727aacc
SIZE (postfix/postfix-2.8.0-libspf2-1.2.x-0.patch.gz) = 8191
SHA256 (postfix/postfix-vda-v13-2.10.0.patch) = 6208021eb0b37ac6482e334e538ed5700cc22c4d4dd66ed9e975ae5f20bf935f
SIZE (postfix/postfix-vda-v13-2.10.0.patch) = 55701

13
mail/postfix210/files/patch-makedefs
View File

@ -1,13 +0,0 @@
--- makedefs.orig 2013-10-27 02:32:39.000000000 +0000
+++ makedefs 2013-10-27 02:33:48.000000000 +0000
@@ -155,6 +155,10 @@
;;
FreeBSD.9*) SYSTYPE=FREEBSD9
;;
+ FreeBSD.10*) SYSTYPE=FREEBSD10
+ ;;
+ FreeBSD.11*) SYSTYPE=FREEBSD11
+ ;;
OpenBSD.2*) SYSTYPE=OPENBSD2
;;
OpenBSD.3*) SYSTYPE=OPENBSD3

12
mail/postfix210/files/patch-src__util__sys_defs.h
View File

@ -1,12 +0,0 @@
--- src/util/sys_defs.h.orig 2012-09-24 23:53:56.000000000 +0000
+++ src/util/sys_defs.h 2013-10-27 01:17:14.000000000 +0000
@@ -25,7 +25,8 @@
*/
#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
|| defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \
- || defined(FREEBSD8) || defined(FREEBSD9) \
+ || defined(FREEBSD8) || defined(FREEBSD9) || defined(FREEBSD10) \
+ || defined(FREEBSD11) \
|| defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
|| defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \
|| defined(OPENBSD5) \

100
mail/postfix210/files/pkg-install.in
View File

@ -1,100 +0,0 @@
#!/bin/sh
#
# $FreeBSD: /tmp/pcvs/ports/mail/postfix/files/pkg-install.in,v 1.6 2012-02-11 05:14:34 sahil Exp $
#
# If the POSTFIX_DEFAULT_MTA environment variable is set to YES, it
# will make the port/package use defaults which make postfix replace
# sendmail as much as possible.
PREFIX=${PKG_PREFIX:=%%PREFIX%%}
ETCDIR=${ETCDIR:=%%ETCDIR%%}
DAEMONDIR=${DAEMONDIR:=%%DAEMONDIR%%}
READMEDIR=${READMEDIR:=%%READMEDIR%%}
BATCH=${BATCH:=no}
POSTFIX_DEFAULT_MTA=${POSTFIX_DEFAULT_MTA:=no}
MC=/etc/mail/mailer.conf
if [ "${POSTFIX_DEFAULT_MTA}" = "no" ]; then
DEFAULT_REPLACE_MAILERCONF=n
else
DEFAULT_REPLACE_MAILERCONF=y
fi
if [ -x /usr/sbin/nologin ]; then
NOLOGIN=/usr/sbin/nologin
else
NOLOGIN=/sbin/nologin
fi
ask() {
local question default answer
question=$1
default=$2
if [ -z "${PACKAGE_BUILDING}" -a "${BATCH}" = "no" ]; then
read -p "${question} [${default}]? " answer
fi
if [ -z "${answer}" ]; then
answer=${default}
fi
echo ${answer}
}
yesno() {
local question default answer
question=$1
default=$2
while :; do
answer=$(ask "${question}" "${default}")
case "${answer}" in
[Yy]*) return 0;;
[Nn]*) return 1;;
esac
echo "Please answer yes or no."
done
}
if [ "$2" = "POST-INSTALL" ]; then
SAMPLES="main.cf master.cf"
for file in $SAMPLES
do
if [ ! -f ${ETCDIR}/$file ]; then
cp ${DAEMONDIR}/$file ${ETCDIR}/
fi
done
cmp ${DAEMONDIR}/main.cf ${ETCDIR}/main.cf >/dev/null 2>&1 \
&& POSTARG="set-permissions" \
|| POSTARG="upgrade-package"
/bin/sh ${DAEMONDIR}/post-install tempdir=/tmp \
daemon_directory=${DAEMONDIR} \
html_directory=${READMEDIR} \
readme_directory=${READMEDIR} \
${POSTARG}
fi
if [ "$2" = "POST-INSTALL" -a -z "${PACKAGE_BUILDING}" -a -f "${MC}" ]; then
egrep -q "^sendmail.*${PREFIX}/sbin/sendmail" ${MC} && \
egrep -q "^send-mail.*${PREFIX}/sbin/sendmail" ${MC} && \
egrep -q "^mailq.*${PREFIX}/sbin/sendmail" ${MC} && \
egrep -q "^newaliases.*${PREFIX}/sbin/sendmail" ${MC}
ret=$?
if [ ${ret} -ne 0 ]; then
if yesno "Would you like to activate Postfix in ${MC}" ${DEFAULT_REPLACE_MAILERCONF}; then
/bin/mv -f ${MC} ${MC}.old
echo "#" > ${MC}
echo -n "# Execute the Postfix sendmail program" >> ${MC}
echo ", named ${PREFIX}/sbin/sendmail" >> ${MC}
echo "#" >> ${MC}
echo "sendmail ${PREFIX}/sbin/sendmail" >> ${MC}
echo "send-mail ${PREFIX}/sbin/sendmail" >> ${MC}
echo "mailq ${PREFIX}/sbin/sendmail" >> ${MC}
echo "newaliases ${PREFIX}/sbin/sendmail" >> ${MC}
fi
else
echo "Postfix already activated in ${MC}"
fi
fi

27
mail/postfix210/files/pkg-message.in
View File

@ -1,27 +0,0 @@
To enable postfix startup script please add postfix_enable="YES" in
your rc.conf
If you not need sendmail anymore, please add in your rc.conf:
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
And you can disable some sendmail specific daily maintenance routines in your
/etc/periodic.conf file:
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
If /etc/periodic.conf does not exist please create it and add those values.
If you are using SASL, you need to make sure that postfix has access to read
the sasldb file. This is accomplished by adding postfix to group mail and
making the %%PREFIX%%/etc/sasldb* file(s) readable by group mail (this should
be the default for new installs).
If you are upgrading from Postfix 2.6 or earlier, review the RELEASE_NOTES to
familiarize yourself with new features and incompatabilities.

47
mail/postfix210/files/postfix.in
View File

@ -1,47 +0,0 @@
#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: postfix mail
# REQUIRE: %%REQUIRE%%
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable postfix:
# postfix_enable (bool): Set it to "YES" to enable postfix.
# Default is "NO".
# postfix_pidfile (path): Set full path to master.pid.
# Default is "/var/spool/postfix/pid/master.pid".
# postfix_procname (command): Set command that start master. Used to verify if
# postfix is running.
# Default is "%%PREFIX%%/libexec/postfix/master".
# postfix_flags (str): Flags passed to postfix-script on startup.
# Default is "".
#
. /etc/rc.subr
name="postfix"
rcvar=postfix_enable
load_rc_config $name
: ${postfix_enable:="NO"}
: ${postfix_pidfile:="/var/spool/postfix/pid/master.pid"}
: ${postfix_procname:="%%PREFIX%%/libexec/postfix/master"}
start_cmd=${name}_start
stop_cmd=${name}_stop
extra_commands="reload"
pidfile=${postfix_pidfile}
procname=${postfix_procname}
postfix_start() {
%%PREFIX%%/sbin/postfix ${postfix_flags} start
}
postfix_stop() {
%%PREFIX%%/sbin/postfix ${postfix_flags} stop
}
run_rc_command "$1"

15
mail/postfix210/pkg-descr
View File

@ -1,15 +0,0 @@
Postfix attempts to be fast, easy to administer, and secure, while at the same
time being sendmail compatible enough to not upset existing users. Thus, the
outside has a sendmail-ish flavor, but the inside is completely different.
Some feautures:
Connection cache for SMTP, DSN status notifications, IP version 6, Plug-in
support for multiple SASL implementations (Cyrus, Dovecot), TLS encryption and
authentication, Configurable status notification message text, Access control
per client/sender/recipient/etc, Content filter (built-in, external before
queue, external after queue), Berkeley DB database, LDAP database, MySQL
database, PostgreSQL database, Maildir and mailbox format, Virtual domains,
VERP envelope return addresses and others.
WWW: http://www.postfix.org/

332
mail/postfix210/pkg-plist
View File

@ -1,332 +0,0 @@
@unexec if cmp -s %D/libexec/postfix/main.cf %%PFETC%%/main.cf; then rm -f %%PFETC%%/main.cf; fi
@unexec if cmp -s %D/libexec/postfix/master.cf %%PFETC%%/master.cf; then rm -f %%PFETC%%/master.cf; fi
libexec/postfix/anvil
libexec/postfix/bounce
libexec/postfix/cleanup
libexec/postfix/discard
libexec/postfix/dnsblog
libexec/postfix/error
libexec/postfix/flush
libexec/postfix/lmtp
libexec/postfix/local
libexec/postfix/main.cf
libexec/postfix/master
libexec/postfix/master.cf
libexec/postfix/nqmgr
libexec/postfix/oqmgr
libexec/postfix/pickup
libexec/postfix/pipe
libexec/postfix/post-install
libexec/postfix/postfix-files
libexec/postfix/postfix-script
libexec/postfix/postfix-wrapper
libexec/postfix/postmulti-script
libexec/postfix/postscreen
libexec/postfix/proxymap
libexec/postfix/qmgr
libexec/postfix/qmqpd
libexec/postfix/scache
libexec/postfix/showq
libexec/postfix/smtp
libexec/postfix/smtpd
libexec/postfix/spawn
libexec/postfix/tlsproxy
libexec/postfix/trivial-rewrite
libexec/postfix/verify
libexec/postfix/virtual
libexec/postfix/tlsmgr
bin/mailq
bin/newaliases
bin/qshape
bin/rmail
%%BMAN%%man/man1/mailq.1.gz
%%BMAN%%man/man1/newaliases.1.gz
%%BMAN%%man/man1/postalias.1.gz
%%BMAN%%man/man1/postcat.1.gz
%%BMAN%%man/man1/postconf.1.gz
%%BMAN%%man/man1/postdrop.1.gz
%%BMAN%%man/man1/postfix.1.gz
%%BMAN%%man/man1/postkick.1.gz
%%BMAN%%man/man1/postlock.1.gz
%%BMAN%%man/man1/postlog.1.gz
%%BMAN%%man/man1/postmap.1.gz
%%BMAN%%man/man1/postmulti.1.gz
%%BMAN%%man/man1/postqueue.1.gz
%%BMAN%%man/man1/postsuper.1.gz
%%BMAN%%man/man1/qshape.1.gz
%%BMAN%%man/man1/sendmail.1.gz
%%BMAN%%man/man5/access.5.gz
%%BMAN%%man/man5/aliases.5.gz
%%BMAN%%man/man5/body_checks.5.gz
%%BMAN%%man/man5/bounce.5.gz
%%BMAN%%man/man5/canonical.5.gz
%%BMAN%%man/man5/cidr_table.5.gz
%%BMAN%%man/man5/generic.5.gz
%%BMAN%%man/man5/header_checks.5.gz
%%BMAN%%man/man5/ldap_table.5.gz
%%BMAN%%man/man5/master.5.gz
%%BMAN%%man/man5/memcache_table.5.gz
%%BMAN%%man/man5/mysql_table.5.gz
%%BMAN%%man/man5/nisplus_table.5.gz
%%BMAN%%man/man5/pcre_table.5.gz
%%BMAN%%man/man5/pgsql_table.5.gz
%%BMAN%%man/man5/postconf.5.gz
%%BMAN%%man/man5/postfix-wrapper.5.gz
%%BMAN%%man/man5/regexp_table.5.gz
%%BMAN%%man/man5/relocated.5.gz
%%BMAN%%man/man5/sqlite_table.5.gz
%%BMAN%%man/man5/tcp_table.5.gz
%%BMAN%%man/man5/transport.5.gz
%%BMAN%%man/man5/virtual.5.gz
%%BMAN%%man/man8/anvil.8.gz
%%BMAN%%man/man8/bounce.8.gz
%%BMAN%%man/man8/cleanup.8.gz
%%BMAN%%man/man8/defer.8.gz
%%BMAN%%man/man8/discard.8.gz
%%BMAN%%man/man8/dnsblog.8.gz
%%BMAN%%man/man8/error.8.gz
%%BMAN%%man/man8/flush.8.gz
%%BMAN%%man/man8/lmtp.8.gz
%%BMAN%%man/man8/local.8.gz
%%BMAN%%man/man8/master.8.gz
%%BMAN%%man/man8/oqmgr.8.gz
%%BMAN%%man/man8/pickup.8.gz
%%BMAN%%man/man8/pipe.8.gz
%%BMAN%%man/man8/postscreen.8.gz
%%BMAN%%man/man8/proxymap.8.gz
%%BMAN%%man/man8/qmgr.8.gz
%%BMAN%%man/man8/qmqpd.8.gz
%%BMAN%%man/man8/scache.8.gz
%%BMAN%%man/man8/showq.8.gz
%%BMAN%%man/man8/smtp.8.gz
%%BMAN%%man/man8/smtpd.8.gz
%%BMAN%%man/man8/spawn.8.gz
%%BMAN%%man/man8/tlsmgr.8.gz
%%BMAN%%man/man8/tlsproxy.8.gz
%%BMAN%%man/man8/trace.8.gz
%%BMAN%%man/man8/trivial-rewrite.8.gz
%%BMAN%%man/man8/verify.8.gz
%%BMAN%%man/man8/virtual.8.gz
%%TEST%%%%BMAN%%man/man1/qmqp-sink.1.gz
%%TEST%%%%BMAN%%man/man1/qmqp-source.1.gz
%%TEST%%%%BMAN%%man/man1/smtp-sink.1.gz
%%TEST%%%%BMAN%%man/man1/smtp-source.1.gz
%%TEST%%bin/qmqp-sink
%%TEST%%bin/qmqp-source
%%TEST%%bin/smtp-sink
%%TEST%%bin/smtp-source
sbin/postalias
sbin/postcat
sbin/postconf
sbin/postdrop
sbin/postfix
sbin/postkick
sbin/postlock
sbin/postlog
sbin/postmap
sbin/postmulti
sbin/postqueue
sbin/postsuper
sbin/sendmail
%%PORTDOCS%%%%DOCSDIR%%/AAAREADME
%%PORTDOCS%%%%DOCSDIR%%/ADDRESS_CLASS_README
%%PORTDOCS%%%%DOCSDIR%%/ADDRESS_CLASS_README.html
%%PORTDOCS%%%%DOCSDIR%%/ADDRESS_REWRITING_README
%%PORTDOCS%%%%DOCSDIR%%/ADDRESS_REWRITING_README.html
%%PORTDOCS%%%%DOCSDIR%%/ADDRESS_VERIFICATION_README
%%PORTDOCS%%%%DOCSDIR%%/ADDRESS_VERIFICATION_README.html
%%PORTDOCS%%%%DOCSDIR%%/BACKSCATTER_README
%%PORTDOCS%%%%DOCSDIR%%/BACKSCATTER_README.html
%%PORTDOCS%%%%DOCSDIR%%/BASIC_CONFIGURATION_README
%%PORTDOCS%%%%DOCSDIR%%/BASIC_CONFIGURATION_README.html
%%PORTDOCS%%%%DOCSDIR%%/BUILTIN_FILTER_README
%%PORTDOCS%%%%DOCSDIR%%/BUILTIN_FILTER_README.html
%%PORTDOCS%%%%DOCSDIR%%/CDB_README
%%PORTDOCS%%%%DOCSDIR%%/CDB_README.html
%%PORTDOCS%%%%DOCSDIR%%/CONNECTION_CACHE_README
%%PORTDOCS%%%%DOCSDIR%%/CONNECTION_CACHE_README.html
%%PORTDOCS%%%%DOCSDIR%%/CONTENT_INSPECTION_README
%%PORTDOCS%%%%DOCSDIR%%/CONTENT_INSPECTION_README.html
%%PORTDOCS%%%%DOCSDIR%%/DATABASE_README
%%PORTDOCS%%%%DOCSDIR%%/DATABASE_README.html
%%PORTDOCS%%%%DOCSDIR%%/DB_README
%%PORTDOCS%%%%DOCSDIR%%/DB_README.html
%%PORTDOCS%%%%DOCSDIR%%/DEBUG_README
%%PORTDOCS%%%%DOCSDIR%%/DEBUG_README.html
%%PORTDOCS%%%%DOCSDIR%%/DSN_README
%%PORTDOCS%%%%DOCSDIR%%/DSN_README.html
%%PORTDOCS%%%%DOCSDIR%%/ETRN_README
%%PORTDOCS%%%%DOCSDIR%%/ETRN_README.html
%%PORTDOCS%%%%DOCSDIR%%/FILTER_README
%%PORTDOCS%%%%DOCSDIR%%/FILTER_README.html
%%PORTDOCS%%%%DOCSDIR%%/INSTALL
%%PORTDOCS%%%%DOCSDIR%%/INSTALL.html
%%PORTDOCS%%%%DOCSDIR%%/IPV6_README
%%PORTDOCS%%%%DOCSDIR%%/IPV6_README.html
%%PORTDOCS%%%%DOCSDIR%%/TLS_README
%%PORTDOCS%%%%DOCSDIR%%/TLS_README.html
%%PORTDOCS%%%%DOCSDIR%%/LDAP_README
%%PORTDOCS%%%%DOCSDIR%%/LDAP_README.html
%%PORTDOCS%%%%DOCSDIR%%/LINUX_README
%%PORTDOCS%%%%DOCSDIR%%/LINUX_README.html
%%PORTDOCS%%%%DOCSDIR%%/LOCAL_RECIPIENT_README
%%PORTDOCS%%%%DOCSDIR%%/LOCAL_RECIPIENT_README.html
%%PORTDOCS%%%%DOCSDIR%%/MAILDROP_README
%%PORTDOCS%%%%DOCSDIR%%/MAILDROP_README.html
%%PORTDOCS%%%%DOCSDIR%%/MEMCACHE_README
%%PORTDOCS%%%%DOCSDIR%%/MILTER_README
%%PORTDOCS%%%%DOCSDIR%%/MILTER_README.html
%%PORTDOCS%%%%DOCSDIR%%/MULTI_INSTANCE_README
%%PORTDOCS%%%%DOCSDIR%%/MULTI_INSTANCE_README.html
%%PORTDOCS%%%%DOCSDIR%%/MYSQL_README
%%PORTDOCS%%%%DOCSDIR%%/MYSQL_README.html
%%PORTDOCS%%%%DOCSDIR%%/NFS_README
%%PORTDOCS%%%%DOCSDIR%%/NFS_README.html
%%PORTDOCS%%%%DOCSDIR%%/OVERVIEW
%%PORTDOCS%%%%DOCSDIR%%/OVERVIEW.html
%%PORTDOCS%%%%DOCSDIR%%/PACKAGE_README
%%PORTDOCS%%%%DOCSDIR%%/PACKAGE_README.html
%%PORTDOCS%%%%DOCSDIR%%/PCRE_README
%%PORTDOCS%%%%DOCSDIR%%/PCRE_README.html
%%PORTDOCS%%%%DOCSDIR%%/PGSQL_README
%%PORTDOCS%%%%DOCSDIR%%/PGSQL_README.html
%%PORTDOCS%%%%DOCSDIR%%/POSTSCREEN_README
%%PORTDOCS%%%%DOCSDIR%%/POSTSCREEN_README.html
%%PORTDOCS%%%%DOCSDIR%%/QSHAPE_README
%%PORTDOCS%%%%DOCSDIR%%/QSHAPE_README.html
%%PORTDOCS%%%%DOCSDIR%%/RELEASE_NOTES
%%PORTDOCS%%%%DOCSDIR%%/RESTRICTION_CLASS_README
%%PORTDOCS%%%%DOCSDIR%%/RESTRICTION_CLASS_README.html
%%PORTDOCS%%%%DOCSDIR%%/SASL_README
%%PORTDOCS%%%%DOCSDIR%%/SASL_README.html
%%PORTDOCS%%%%DOCSDIR%%/SCHEDULER_README
%%PORTDOCS%%%%DOCSDIR%%/SCHEDULER_README.html
%%PORTDOCS%%%%DOCSDIR%%/SMTPD_ACCESS_README
%%PORTDOCS%%%%DOCSDIR%%/SMTPD_ACCESS_README.html
%%PORTDOCS%%%%DOCSDIR%%/SMTPD_POLICY_README
%%PORTDOCS%%%%DOCSDIR%%/SMTPD_POLICY_README.html
%%PORTDOCS%%%%DOCSDIR%%/SMTPD_PROXY_README
%%PORTDOCS%%%%DOCSDIR%%/SMTPD_PROXY_README.html
%%PORTDOCS%%%%DOCSDIR%%/SOHO_README
%%PORTDOCS%%%%DOCSDIR%%/SOHO_README.html
%%SPF%%%%PORTDOCS%%%%DOCSDIR%%/SPF_README
%%PORTDOCS%%%%DOCSDIR%%/SQLITE_README
%%PORTDOCS%%%%DOCSDIR%%/SQLITE_README.html
%%PORTDOCS%%%%DOCSDIR%%/STANDARD_CONFIGURATION_README
%%PORTDOCS%%%%DOCSDIR%%/STANDARD_CONFIGURATION_README.html
%%PORTDOCS%%%%DOCSDIR%%/STRESS_README
%%PORTDOCS%%%%DOCSDIR%%/STRESS_README.html
%%PORTDOCS%%%%DOCSDIR%%/TLS_LEGACY_README
%%PORTDOCS%%%%DOCSDIR%%/TLS_LEGACY_README.html
%%PORTDOCS%%%%DOCSDIR%%/TUNING_README
%%PORTDOCS%%%%DOCSDIR%%/TUNING_README.html
%%PORTDOCS%%%%DOCSDIR%%/ULTRIX_README
%%PORTDOCS%%%%DOCSDIR%%/UUCP_README
%%PORTDOCS%%%%DOCSDIR%%/UUCP_README.html
%%VDA%%%%PORTDOCS%%%%DOCSDIR%%/VDA_README
%%PORTDOCS%%%%DOCSDIR%%/VERP_README
%%PORTDOCS%%%%DOCSDIR%%/VERP_README.html
%%PORTDOCS%%%%DOCSDIR%%/VIRTUAL_README
%%PORTDOCS%%%%DOCSDIR%%/VIRTUAL_README.html
%%PORTDOCS%%%%DOCSDIR%%/XCLIENT_README
%%PORTDOCS%%%%DOCSDIR%%/XCLIENT_README.html
%%PORTDOCS%%%%DOCSDIR%%/XFORWARD_README
%%PORTDOCS%%%%DOCSDIR%%/XFORWARD_README.html
%%PORTDOCS%%%%DOCSDIR%%/access.5.html
%%PORTDOCS%%%%DOCSDIR%%/aliases.5.html
%%PORTDOCS%%%%DOCSDIR%%/anvil.8.html
%%PORTDOCS%%%%DOCSDIR%%/body_checks.5.html
%%PORTDOCS%%%%DOCSDIR%%/bounce.5.html
%%PORTDOCS%%%%DOCSDIR%%/bounce.8.html
%%PORTDOCS%%%%DOCSDIR%%/canonical.5.html
%%PORTDOCS%%%%DOCSDIR%%/cidr_table.5.html
%%PORTDOCS%%%%DOCSDIR%%/cleanup.8.html
%%PORTDOCS%%%%DOCSDIR%%/defer.8.html
%%PORTDOCS%%%%DOCSDIR%%/discard.8.html
%%PORTDOCS%%%%DOCSDIR%%/dnsblog.8.html
%%PORTDOCS%%%%DOCSDIR%%/error.8.html
%%PORTDOCS%%%%DOCSDIR%%/flush.8.html
%%PORTDOCS%%%%DOCSDIR%%/header_checks.5.html
%%PORTDOCS%%%%DOCSDIR%%/index.html
%%PORTDOCS%%%%DOCSDIR%%/ldap_table.5.html
%%PORTDOCS%%%%DOCSDIR%%/lmtp.8.html
%%PORTDOCS%%%%DOCSDIR%%/local.8.html
%%PORTDOCS%%%%DOCSDIR%%/mailq.1.html
%%PORTDOCS%%%%DOCSDIR%%/master.5.html
%%PORTDOCS%%%%DOCSDIR%%/master.8.html
%%PORTDOCS%%%%DOCSDIR%%/memcache_table.5.html
%%PORTDOCS%%%%DOCSDIR%%/mysql_table.5.html
%%PORTDOCS%%%%DOCSDIR%%/nisplus_table.5.html
%%PORTDOCS%%%%DOCSDIR%%/newaliases.1.html
%%PORTDOCS%%%%DOCSDIR%%/oqmgr.8.html
%%PORTDOCS%%%%DOCSDIR%%/pcre_table.5.html
%%PORTDOCS%%%%DOCSDIR%%/pgsql_table.5.html
%%PORTDOCS%%%%DOCSDIR%%/pickup.8.html
%%PORTDOCS%%%%DOCSDIR%%/pipe.8.html
%%PORTDOCS%%%%DOCSDIR%%/postalias.1.html
%%PORTDOCS%%%%DOCSDIR%%/postcat.1.html
%%PORTDOCS%%%%DOCSDIR%%/postconf.1.html
%%PORTDOCS%%%%DOCSDIR%%/postconf.5.html
%%PORTDOCS%%%%DOCSDIR%%/postdrop.1.html
%%PORTDOCS%%%%DOCSDIR%%/postfix-logo.jpg
%%PORTDOCS%%%%DOCSDIR%%/postfix-manuals.html
%%PORTDOCS%%%%DOCSDIR%%/postfix-power.png
%%PORTDOCS%%%%DOCSDIR%%/postfix-wrapper.5.html
%%PORTDOCS%%%%DOCSDIR%%/postfix.1.html
%%PORTDOCS%%%%DOCSDIR%%/postkick.1.html
%%PORTDOCS%%%%DOCSDIR%%/postlock.1.html
%%PORTDOCS%%%%DOCSDIR%%/postlog.1.html
%%PORTDOCS%%%%DOCSDIR%%/postmap.1.html
%%PORTDOCS%%%%DOCSDIR%%/postmulti.1.html
%%PORTDOCS%%%%DOCSDIR%%/postqueue.1.html
%%PORTDOCS%%%%DOCSDIR%%/postscreen.8.html
%%PORTDOCS%%%%DOCSDIR%%/postsuper.1.html
%%PORTDOCS%%%%DOCSDIR%%/proxymap.8.html
%%PORTDOCS%%%%DOCSDIR%%/qmgr.8.html
%%PORTDOCS%%%%DOCSDIR%%/qmqp-sink.1.html
%%PORTDOCS%%%%DOCSDIR%%/qmqp-source.1.html
%%PORTDOCS%%%%DOCSDIR%%/qmqpd.8.html
%%PORTDOCS%%%%DOCSDIR%%/qshape.1.html
%%PORTDOCS%%%%DOCSDIR%%/regexp_table.5.html
%%PORTDOCS%%%%DOCSDIR%%/relocated.5.html
%%PORTDOCS%%%%DOCSDIR%%/sendmail.1.html
%%PORTDOCS%%%%DOCSDIR%%/scache.8.html
%%PORTDOCS%%%%DOCSDIR%%/showq.8.html
%%PORTDOCS%%%%DOCSDIR%%/smtp-sink.1.html
%%PORTDOCS%%%%DOCSDIR%%/smtp-source.1.html
%%PORTDOCS%%%%DOCSDIR%%/smtp.8.html
%%PORTDOCS%%%%DOCSDIR%%/smtpd.8.html
%%PORTDOCS%%%%DOCSDIR%%/spawn.8.html
%%PORTDOCS%%%%DOCSDIR%%/sqlite_table.5.html
%%PORTDOCS%%%%DOCSDIR%%/tcp_table.5.html
%%PORTDOCS%%%%DOCSDIR%%/tlsproxy.8.html
%%PORTDOCS%%%%DOCSDIR%%/trace.8.html
%%PORTDOCS%%%%DOCSDIR%%/transport.5.html
%%PORTDOCS%%%%DOCSDIR%%/trivial-rewrite.8.html
%%PORTDOCS%%%%DOCSDIR%%/verify.8.html
%%PORTDOCS%%%%DOCSDIR%%/virtual.5.html
%%PORTDOCS%%%%DOCSDIR%%/virtual.8.html
%%PORTDOCS%%%%DOCSDIR%%/tlsmgr.8.html
%%PORTDOCS%%%%DOCSDIR%%/generic.5.html
@dir /var/db/postfix
@dir /var/spool/postfix/active
@dir /var/spool/postfix/bounce
@dir /var/spool/postfix/corrupt
@dir /var/spool/postfix/defer
@dir /var/spool/postfix/deferred
@dir /var/spool/postfix/flush
@dir /var/spool/postfix/hold
@dir /var/spool/postfix/incoming
@dir /var/spool/postfix/maildrop
@dir /var/spool/postfix/pid
@dir /var/spool/postfix/private
@dir /var/spool/postfix/public
@dir /var/spool/postfix/saved
@dir /var/spool/postfix/trace
@dir /var/spool/postfix
%%BASE%%@cwd /
etc/postfix/LICENSE
etc/postfix/TLS_LICENSE
etc/postfix/bounce.cf.default
etc/postfix/main.cf.default
etc/postfix/makedefs.out

1
net-im/Makefile
View File

@ -173,7 +173,6 @@
SUBDIR += twitmail
SUBDIR += uTox
SUBDIR += vacuum-im
SUBDIR += venom
SUBDIR += vqcc-gtk
SUBDIR += yoono
SUBDIR += zephyr

41
net-im/venom/Makefile
View File

@ -1,41 +0,0 @@
# Created by: Thierry Thomas <thierry@pompo.net>
# $FreeBSD$
PORTNAME= Venom
PORTVERSION= 0.2.0.141012
CATEGORIES= net-im
MAINTAINER= thierry@FreeBSD.org
COMMENT= Cross-platform GUI for Tox written in Vala using GTK+
LICENSE= GPLv3
BUILD_DEPENDS= valac:${PORTSDIR}/lang/vala \
${LOCALBASE}/lib/libtoxcore.a:${PORTSDIR}/net-im/tox
LIB_DEPENDS= libgee-0.8.so:${PORTSDIR}/devel/libgee \
libjson-glib-1.0.so:${PORTSDIR}/devel/json-glib
RUN_DEPENDS= ${LOCALBASE}/lib/libtoxcore.a:${PORTSDIR}/net-im/tox
BROKEN= Does not compile with the recent Tox
DEPRECATED= No more support from the project
EXPIRATION_DATE= 2015-01-31
USE_GITHUB= yes
GH_ACCOUNT= naxuroqa
GH_TAGNAME= ${GH_COMMIT}
GH_COMMIT= a9bff73
USES= cmake desktop-file-utils gettext pkgconfig
USE_GNOME= cairo glib20 gtk30
USE_SQLITE= yes
INSTALLS_ICONS= yes
OPTIONS_DEFINE= QRCODE NOTIFY
OPTIONS_DEFAULT= QRCODE NOTIFY
QRCODE_DESC= Show QR codes
QRCODE_CMAKE_ON= -DENABLE_QR_ENCODE:BOOL="ON"
QRCODE_LIB_DEPENDS= libqrencode.so:${PORTSDIR}/graphics/libqrencode
NOTIFY_CMAKE_ON= -DENABLE_LIBNOTIFY:BOOL="ON"
NOTIFY_LIB_DEPENDS= libnotify.so:${PORTSDIR}/devel/libnotify
.include <bsd.port.mk>

2
net-im/venom/distinfo
View File

@ -1,2 +0,0 @@
SHA256 (Venom-0.2.0.141012.tar.gz) = 5d661404306504ea28fe8472f11fe74edce6c5d9855d8e6ef3349ff276d9184b
SIZE (Venom-0.2.0.141012.tar.gz) = 250443

6
net-im/venom/pkg-descr
View File

@ -1,6 +0,0 @@
Venom is a cross-platform graphical user interface for Tox written in Vala
using GTK+.
Note: audiochat and videochat are not yet implemented.
WWW: http://tox.im/

16
net-im/venom/pkg-plist
View File

@ -1,16 +0,0 @@
bin/venom
share/applications/venom.desktop
share/icons/hicolor/128x128/apps/venom.png
share/icons/hicolor/16x16/apps/venom.png
share/icons/hicolor/256x256/apps/venom.png
share/icons/hicolor/32x32/apps/venom.png
share/icons/hicolor/48x48/apps/venom.png
share/icons/hicolor/64x64/apps/venom.png
share/icons/hicolor/scalable/apps/venom.svg
share/locale/de/LC_MESSAGES/Venom.mo
share/locale/es/LC_MESSAGES/Venom.mo
share/locale/it/LC_MESSAGES/Venom.mo
share/locale/ru/LC_MESSAGES/Venom.mo
share/locale/zh_CN/LC_MESSAGES/Venom.mo
share/pixmaps/venom.png
share/venom/theme/default.css

1
security/Makefile
View File

@ -378,7 +378,6 @@
SUBDIR += openscep
SUBDIR += openssh-askpass
SUBDIR += openssh-portable
SUBDIR += openssh-portable66
SUBDIR += openssl
SUBDIR += openssl_tpm_engine
SUBDIR += openvas-client

278
security/openssh-portable66/Makefile
View File

@ -1,278 +0,0 @@
# Created by: dwcjr@inethouston.net
# $FreeBSD$
PORTNAME= openssh
DISTVERSION= 6.6p1
PORTREVISION= 4
PORTEPOCH= 1
CATEGORIES= security ipv6
MASTER_SITES= ${MASTER_SITE_OPENBSD}
MASTER_SITE_SUBDIR= OpenSSH/portable
PKGNAMESUFFIX?= -portable66
MAINTAINER= bdrewery@FreeBSD.org
COMMENT= The portable version of OpenBSD's OpenSSH
#LICENSE= BSD2,BSD3,MIT,public domain,BSD-Style,BEER-WARE,"any purpose with notice intact",ISC-Style
#LICENSE_FILE= ${WRKSRC}/LICENCE
CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.*
USES= alias
USE_AUTOTOOLS= autoconf autoheader
USE_OPENSSL= yes
GNU_CONFIGURE= yes
CONFIGURE_ENV= ac_cv_func_strnvis=no
CONFIGURE_ARGS= --prefix=${PREFIX} --with-md5-passwords \
--without-zlib-version-check --with-ssl-engine
PRECIOUS= ssh_config sshd_config ssh_host_key ssh_host_key.pub \
ssh_host_rsa_key ssh_host_rsa_key.pub ssh_host_dsa_key \
ssh_host_dsa_key.pub
ETCOLD= ${PREFIX}/etc
SUDO?= # empty
MAKE_ENV+= SUDO="${SUDO}"
# https://github.com/openssh/openssh-portable/commit/5618210618256bbf5f4f71b2887ff186fd451736.patch
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-openssh661
OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT BSM \
HPN LPK X509 KERB_GSSAPI \
OVERWRITE_BASE SCTP AES_THREADED LDNS NONECIPHER
OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS HPN LDNS NONECIPHER
OPTIONS_RADIO= KERBEROS
OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE
TCP_WRAPPERS_DESC= tcp_wrappers support
BSM_DESC= OpenBSM Auditing
KERB_GSSAPI_DESC= Kerberos/GSSAPI patch (req: GSSAPI)
HPN_DESC= HPN-SSH patch
LPK_DESC= LDAP Public Key (LPK) [OBSOLETE]
LDNS_DESC= SSHFP/LDNS support
X509_DESC= x509 certificate patch
SCTP_DESC= SCTP support
OVERWRITE_BASE_DESC= OpenSSH overwrite base
HEIMDAL_DESC= Heimdal Kerberos (security/heimdal)
HEIMDAL_BASE_DESC= Heimdal Kerberos (base)
MIT_DESC= MIT Kerberos (security/krb5)
AES_THREADED_DESC= Threaded AES-CTR
NONECIPHER_DESC= NONE Cipher support
OPTIONS_SUB= yes
PLIST_SUB+= MANPREFIX=${MANPREFIX}
LDNS_CONFIGURE_WITH= ldns
LDNS_LIB_DEPENDS= libldns.so:${PORTSDIR}/dns/ldns
LDNS_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ldns
LDNS_CFLAGS= -I${LOCALBASE}/include
LDNS_CONFIGURE_ON= --with-ldflags='-L${LOCALBASE}/lib'
# http://www.psc.edu/index.php/hpn-ssh
HPN_EXTRA_PATCHES= ${FILESDIR}/extra-patch-hpn-window-size
HPN_CONFIGURE_WITH= hpn
NONECIPHER_CONFIGURE_WITH= nonecipher
AES_THREADED_CONFIGURE_WITH= aes-threaded
# See http://code.google.com/p/openssh-lpk/wiki/Main
# and svn repo described here:
# http://code.google.com/p/openssh-lpk/source/checkout
# LPK is now OBSOLETE with 6.2: https://code.google.com/p/openssh-lpk/issues/detail?id=15#c1
LPK_PATCHFILES= ${PORTNAME}-lpk-6.3p1.patch.gz
LPK_CPPFLAGS= -I${LOCALBASE}/include
LPK_CONFIGURE_ON= --with-ldap=yes \
--with-ldflags='-L${LOCALBASE}/lib' \
--with-cppflags='${CPPFLAGS}'
LPK_USE= OPENLDAP=yes
# See http://www.roumenpetrov.info/openssh/
X509_VERSION= 7.9
X509_PATCH_SITES= http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509
X509_PATCHFILES= ${PORTNAME}-6.6p1+x509-${X509_VERSION}.diff.gz:-p1:x509
# See https://bugzilla.mindrot.org/show_bug.cgi?id=2016
SCTP_PATCHFILES= ${PORTNAME}-6.6p1-sctp-2329.patch.gz
SCTP_CONFIGURE_WITH= sctp
# 6.6 patch taken from http://www.stacken.kth.se/~haba/ which was originally
# based on 5.7 patch at http://www.sxw.org.uk/computing/patches/
KERB_GSSAPI_PATCHFILES= openssh-6.6p1-gsskex-all-20140318.patch.gz:-p1:gsskex
#KERB_GSSAPI_PATCH_SITES=http://www.stacken.kth.se/~haba/:gsskex
MIT_LIB_DEPENDS= libkrb5.so.3:${PORTSDIR}/security/krb5
HEIMDAL_LIB_DEPENDS= libkrb5.so.26:${PORTSDIR}/security/heimdal
PAM_CONFIGURE_WITH= pam
TCP_WRAPPERS_CONFIGURE_WITH= tcp-wrappers
LIBEDIT_CONFIGURE_WITH= libedit
BSM_CONFIGURE_ON= --with-audit=bsm
.include <bsd.port.pre.mk>
PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex
# http://www.psc.edu/index.php/hpn-ssh
.if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MAES_THREADED} || ${PORT_OPTIONS:MNONECIPHER}
PORTDOCS+= HPN-README
HPN_VERSION= 14v2
HPN_DISTVERSION= 6.6.1p1
PATCH_SITES+= ${MASTER_SITE_SOURCEFORGE:S/$/:hpn/}
PATCH_SITE_SUBDIR+= hpnssh/HPN-SSH%20${HPN_VERSION}%20${HPN_DISTVERSION}/:hpn
PATCHFILES+= ${PORTNAME}-${HPN_DISTVERSION}-hpnssh${HPN_VERSION}.diff.gz:-p1:hpn
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-build-options
# Remove HPN if only AES requested
. if !${PORT_OPTIONS:MHPN}
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-no-hpn
. endif
.endif
.if ${OSVERSION} >= 900000
CONFIGURE_LIBS+= -lutil
.endif
# 900007 is when utmp(5) was removed and utmpx(3) added
.if ${OSVERSION} >= 900007
CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog
.else
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-sshd-utmp-size
.endif
.if ${PORT_OPTIONS:MX509}
. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MAES_THREADED} || ${PORT_OPTIONS:MNONECIPHER}
BROKEN= X509 patch and HPN patch do not apply cleanly together
. endif
. if ${PORT_OPTIONS:MSCTP}
BROKEN= X509 patch and SCTP patch do not apply cleanly together
. endif
. if ${PORT_OPTIONS:MLPK}
BROKEN= X509 patch and LPK patch do not apply cleanly together
. endif
. if ${PORT_OPTIONS:MKERB_GSSAPI}
BROKEN= X509 patch incompatible with KERB_GSSAPI patch
. endif
.endif
.if ${PORT_OPTIONS:MHEIMDAL_BASE} && ${PORT_OPTIONS:MKERB_GSSAPI}
BROKEN= KERB_GSSAPI Requires either MIT or HEMIDAL, does not build with base Heimdal currently
.endif
.if ${PORT_OPTIONS:MHEIMDAL_BASE} && !exists(/usr/lib/libkrb5.so)
IGNORE= you have selected HEIMDAL_BASE but do not have heimdal installed in base
.endif
.if ${PORT_OPTIONS:MPAM} && !exists(/usr/include/security/pam_modules.h)
IGNORE= PAM must be installed in base
.endif
.if ${PORT_OPTIONS:MTCP_WRAPPERS} && !exists(/usr/include/tcpd.h)
IGNORE= required /usr/include/tcpd.h missing
.endif
.if defined(OPENSSH_OVERWRITE_BASE)
PORT_OPTIONS+= OVERWRITE_BASE
.endif
.if ${PORT_OPTIONS:MMIT} || ${PORT_OPTIONS:MHEIMDAL} || ${PORT_OPTIONS:MHEIMDAL_BASE}
. if ${PORT_OPTIONS:MHEIMDAL_BASE}
CONFIGURE_LIBS+= -lgssapi_krb5
CONFIGURE_ARGS+= --with-kerberos5=/usr
. else
CONFIGURE_ARGS+= --with-kerberos5=${LOCALBASE}
. endif
. if ${OPENSSLBASE} == "/usr"
CONFIGURE_ARGS+= --without-rpath
LDFLAGS= # empty
. endif
.else
. if ${PORT_OPTIONS:MKERB_GSSAPI}
IGNORE= KERB_GSSAPI requires one of MIT HEIMDAL or HEIMDAL_BASE
. endif
.endif
.if ${OPENSSLBASE} != "/usr"
CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE}
.endif
.if ${PORT_OPTIONS:MLPK}
CONFIGURE_LIBS+= -lldap
.endif
EMPTYDIR= /var/empty
DEPRECATED= security/openssh-portable now has all patches working. This port is obsolete.
EXPIRATION_DATE= 2015-02-01
.if ${PORT_OPTIONS:MOVERWRITE_BASE}
WITH_OPENSSL_BASE= yes
CONFIGURE_ARGS+= --localstatedir=/var
PREFIX= /usr
NO_MTREE= yes
ETCSSH= /etc/ssh
USE_RCORDER= openssh
PLIST_SUB+= NOTBASE="@comment "
.else
ETCSSH= ${PREFIX}/etc/ssh
USE_RC_SUBR= openssh
PLIST_SUB+= NOTBASE=""
.endif
PLIST_SUB+= BASEPREFIX="${PREFIX}"
# After all
SUB_LIST+= ETCSSH="${ETCSSH}"
CONFIGURE_ARGS+= --sysconfdir=${ETCSSH} --with-privsep-path=${EMPTYDIR}
.if !empty(CONFIGURE_LIBS)
CONFIGURE_ARGS+= --with-libs='${CONFIGURE_LIBS}'
.endif
RC_SCRIPT_NAME= openssh
post-patch:
@${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure
@${REINPLACE_CMD} \
-e 's|install: \(.*\) host-key check-config|install: \1|g' \
-e 's|-lpthread|${PTHREAD_LIBS}|' \
${WRKSRC}/Makefile.in
@${REINPLACE_CMD} -e 's|/usr/X11R6|${LOCALBASE}|' \
${WRKSRC}/pathnames.h ${WRKSRC}/sshd_config.5 \
${WRKSRC}/ssh_config.5
.if !${PORT_OPTIONS:MOVERWRITE_BASE}
@${REINPLACE_CMD} -e 's|%%PREFIX%%|${LOCALBASE}|' \
-e 's|%%RC_SCRIPT_NAME%%|${RC_SCRIPT_NAME}|' ${WRKSRC}/sshd.8
.endif
@${REINPLACE_CMD} -E -e 's|SSH_VERSION|TMP_SSH_VERSION|' \
-e 's|.*SSH_RELEASE.*||' ${WRKSRC}/version.h
@${ECHO_CMD} '#define FREEBSD_PORT_VERSION " FreeBSD-${PKGNAME}"' >> \
${WRKSRC}/version.h
@${ECHO_CMD} '#define SSH_VERSION TMP_SSH_VERSION SSH_PORTABLE FREEBSD_PORT_VERSION' >> \
${WRKSRC}/version.h
@${ECHO_CMD} '#define SSH_RELEASE TMP_SSH_VERSION SSH_PORTABLE FREEBSD_PORT_VERSION' >> \
${WRKSRC}/version.h
.if ${PORT_OPTIONS:MHPN}
@${REINPLACE_CMD} -e 's|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION SSH_PORTABLE SSH_HPN|' \
${WRKSRC}/version.h
.endif
pre-install:
# Workaround not running mtree BSD.root.dist on / since PREFIX=/usr
.if ${PORT_OPTIONS:MOVERWRITE_BASE}
${MKDIR} ${STAGEDIR}/etc/rc.d
.endif
post-install:
${MV} ${STAGEDIR}${ETCSSH}/ssh_config ${STAGEDIR}${ETCSSH}/ssh_config.sample
${MV} ${STAGEDIR}${ETCSSH}/sshd_config ${STAGEDIR}${ETCSSH}/sshd_config.sample
.if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MAES_THREADED} || ${PORT_OPTIONS:MNONECIPHER}
${MKDIR} ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/HPN-README ${STAGEDIR}${DOCSDIR}
.endif
test: build
(cd ${WRKSRC}/regress && ${SETENV} OBJ=${WRKDIR} ${MAKE_ENV} TEST_SHELL=/bin/sh \
PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS})
.include <bsd.port.post.mk>

12
security/openssh-portable66/distinfo
View File

@ -1,12 +0,0 @@
SHA256 (openssh-6.6p1.tar.gz) = 48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb
SIZE (openssh-6.6p1.tar.gz) = 1282502
SHA256 (openssh-6.6.1p1-hpnssh14v2.diff.gz) = b7f5bd22f1c0bacd41fc4884aeb19bba460d548af875eeb6c857cb77bab53376
SIZE (openssh-6.6.1p1-hpnssh14v2.diff.gz) = 24473
SHA256 (openssh-6.6p1+x509-7.9.diff.gz) = 463473f75c1dc250ea4eda21f2c79df6f0b479ea499d044cb51d73073881ca34
SIZE (openssh-6.6p1+x509-7.9.diff.gz) = 224691
SHA256 (openssh-6.6p1-gsskex-all-20140318.patch.gz) = 9436c03ba46cdda8753f8957816a9832fd04e1244992ba8e729968c93682a236
SIZE (openssh-6.6p1-gsskex-all-20140318.patch.gz) = 24299
SHA256 (openssh-lpk-6.3p1.patch.gz) = d2a8b7da7acebac2afc4d0a3dffe8fca2e49900cf733af2e7012f2449b3668e1
SIZE (openssh-lpk-6.3p1.patch.gz) = 17815
SHA256 (openssh-6.6p1-sctp-2329.patch.gz) = e054529810815d63f7de5d1c6cc76fccb7766e1b2d1b62438ca83770afac9bfa
SIZE (openssh-6.6p1-sctp-2329.patch.gz) = 8695

142
security/openssh-portable66/files/extra-patch-hpn-build-options
View File

@ -1,142 +0,0 @@
--- sshconnect2.c.orig 2013-10-11 08:52:17.836129741 -0500
+++ sshconnect2.c 2013-10-11 08:53:05.776132295 -0500
@@ -451,6 +451,7 @@ ssh_userauth2(const char *local_user, co
}
}
+#ifdef AES_THREADED
/* if we are using aes-ctr there can be issues in either a fork or sandbox
* so the initial aes-ctr is defined to point to the original single process
* evp. After authentication we'll be past the fork and the sandboxed privsep
@@ -466,6 +467,7 @@ ssh_userauth2(const char *local_user, co
cipher_reset_multithreaded();
packet_request_rekeying();
}
+#endif
debug("Authentication succeeded (%s).", authctxt.method->name);
}
--- sshd.c.orig 2013-10-11 08:52:17.848126748 -0500
+++ sshd.c 2013-10-11 08:53:25.929132033 -0500
@@ -2186,6 +2186,7 @@ main(int ac, char **av)
/* Start session. */
+#ifdef AES_THREADED
/* if we are using aes-ctr there can be issues in either a fork or sandbox
* so the initial aes-ctr is defined to point ot the original single process
* evp. After authentication we'll be past the fork and the sandboxed privsep
@@ -2201,6 +2202,7 @@ main(int ac, char **av)
cipher_reset_multithreaded();
packet_request_rekeying();
}
+#endif
do_authenticated(authctxt);
--- readconf.c.orig 2013-10-11 09:24:10.812126846 -0500
+++ readconf.c 2013-10-11 09:19:12.295135966 -0500
@@ -268,12 +268,16 @@ static struct {
{ "canonicalizehostname", oCanonicalizeHostname },
{ "canonicalizemaxdots", oCanonicalizeMaxDots },
{ "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
+#ifdef NONECIPHER
{ "noneenabled", oNoneEnabled },
{ "noneswitch", oNoneSwitch },
+#endif
+#ifdef HPN
{ "tcprcvbufpoll", oTcpRcvBufPoll },
{ "tcprcvbuf", oTcpRcvBuf },
{ "hpndisabled", oHPNDisabled },
{ "hpnbuffersize", oHPNBufferSize },
+#endif
{ "ignoreunknown", oIgnoreUnknown },
{ NULL, oBadOption }
@@ -1739,12 +1743,20 @@ fill_default_options(Options * options)
options->server_alive_interval = 0;
if (options->server_alive_count_max == -1)
options->server_alive_count_max = 3;
+#ifdef NONECIPHER
if (options->none_switch == -1)
+#endif
options->none_switch = 0;
+#ifdef NONECIPHER
if (options->none_enabled == -1)
+#endif
options->none_enabled = 0;
+#ifdef HPN
if (options->hpn_disabled == -1)
options->hpn_disabled = 0;
+#else
+ options->hpn_disabled = 1;
+#endif
if (options->hpn_buffer_size > -1)
{
/* if a user tries to set the size to 0 set it to 1KB */
--- servconf.c.orig 2013-10-11 09:24:44.734138483 -0500
+++ servconf.c 2013-10-11 09:25:50.777137928 -0500
@@ -303,10 +303,16 @@
}
if (options->permit_tun == -1)
options->permit_tun = SSH_TUNMODE_NO;
+#ifdef NONECIPHER
if (options->none_enabled == -1)
+#endif
options->none_enabled = 0;
+#ifdef HPN
if (options->hpn_disabled == -1)
options->hpn_disabled = 0;
+#else
+ options->hpn_disabled = 1;
+#endif
if (options->hpn_buffer_size == -1) {
/* option not explicitly set. Now we have to figure out */
--- configure.ac.orig 2013-10-12 17:17:41.525139481 -0500
+++ configure.ac 2013-10-12 17:18:35.610130039 -0500
@@ -3968,6 +3968,34 @@
]
) # maildir
+#check whether user wants HPN support
+HPN_MSG="no"
+AC_ARG_WITH(hpn,
+ [ --with-hpn Enable HPN support],
+ [ if test "x$withval" != "xno" ; then
+ AC_DEFINE(HPN,1,[Define if you want HPN support.])
+ HPN_MSG="yes"
+ fi ]
+)
+#check whether user wants NONECIPHER support
+NONECIPHER_MSG="no"
+AC_ARG_WITH(nonecipher,
+ [ --with-nonecipher Enable NONECIPHER support],
+ [ if test "x$withval" != "xno" ; then
+ AC_DEFINE(NONECIPHER,1,[Define if you want NONECIPHER support.])
+ NONECIPHER_MSG="yes"
+ fi ]
+)
+#check whether user wants AES_THREADED support
+AES_THREADED_MSG="no"
+AC_ARG_WITH(aes-threaded,
+ [ --with-aes-threaded Enable AES_THREADED support],
+ [ if test "x$withval" != "xno" ; then
+ AC_DEFINE(AES_THREADED,1,[Define if you want AES_THREADED support.])
+ AES_THREADED_MSG="yes"
+ fi ]
+)
+
if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test])
disable_ptmx_check=yes
@@ -4636,6 +4664,9 @@
echo " BSD Auth support: $BSD_AUTH_MSG"
echo " Random number source: $RAND_MSG"
echo " Privsep sandbox style: $SANDBOX_STYLE"
+echo " HPN support: $HPN_MSG"
+echo " NONECIPHER support: $NONECIPHER_MSG"
+echo " AES_THREADED support: $AES_THREADED_MSG"
echo ""

32
security/openssh-portable66/files/extra-patch-hpn-no-hpn
View File

@ -1,32 +0,0 @@
--- sshd_config.orig 2013-10-12 06:40:05.766128740 -0500
+++ sshd_config 2013-10-12 06:40:06.646129924 -0500
@@ -125,20 +125,6 @@
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
-# the following are HPN related configuration options
-# tcp receive buffer polling. disable in non autotuning kernels
-#TcpRcvBufPoll yes
-
-# disable hpn performance boosts
-#HPNDisabled no
-
-# buffer size for hpn to non-hpn connections
-#HPNBufferSize 2048
-
-
-# allow the use of the none cipher
-#NoneEnabled no
-
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
--- version.h.orig 2013-10-12 06:42:19.578133368 -0500
+++ version.h 2013-10-12 06:42:28.581136160 -0500
@@ -3,5 +3,4 @@
#define SSH_VERSION "OpenSSH_6.3"
#define SSH_PORTABLE "p1"
-#define SSH_HPN "-hpn14v2"
-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE

24
security/openssh-portable66/files/extra-patch-hpn-window-size
View File

@ -1,24 +0,0 @@
r223213 | brooks | 2011-06-17 17:01:10 -0500 (Fri, 17 Jun 2011) | 3 lines
Changed paths:
M /user/brooks/openssh-hpn/channels.h
It looks like the HPN patch didn't track the window size bump in OpenBSD
rev 1.89 back in 2007. Chase the updates to reduce diffs to head
Index: channels.h
===================================================================
--- channels.h (revision 223212)
+++ channels.h (revision 223213)
@@ -163,10 +163,10 @@
/* default window/packet sizes for tcp/x11-fwd-channel */
#define CHAN_SES_PACKET_DEFAULT (32*1024)
-#define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT)
+#define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT)
#define CHAN_TCP_PACKET_DEFAULT (32*1024)
-#define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT)
+#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
#define CHAN_X11_PACKET_DEFAULT (16*1024)
#define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)

51
security/openssh-portable66/files/extra-patch-ldns
View File

@ -1,51 +0,0 @@
r255461 | des | 2013-09-10 17:30:22 -0500 (Tue, 10 Sep 2013) | 7 lines
Changed paths:
M /head/crypto/openssh/readconf.c
M /head/crypto/openssh/ssh_config
M /head/crypto/openssh/ssh_config.5
Change the default value of VerifyHostKeyDNS to "yes" if compiled with
LDNS. With that setting, OpenSSH will silently accept host keys that
match verified SSHFP records. If an SSHFP record exists but could not
be verified, OpenSSH will print a message and prompt the user as usual.
--- readconf.c 2013-10-03 08:15:03.496131082 -0500
+++ readconf.c 2013-10-03 08:15:22.716134315 -0500
@@ -1414,8 +1414,14 @@ fill_default_options(Options * options)
options->rekey_limit = 0;
if (options->rekey_interval == -1)
options->rekey_interval = 0;
+#if HAVE_LDNS
+ if (options->verify_host_key_dns == -1)
+ /* automatically trust a verified SSHFP record */
+ options->verify_host_key_dns = 1;
+#else
if (options->verify_host_key_dns == -1)
options->verify_host_key_dns = 0;
+#endif
if (options->server_alive_interval == -1)
options->server_alive_interval = 0;
if (options->server_alive_count_max == -1)
--- ssh_config 2013-10-03 08:15:03.537131330 -0500
+++ ssh_config 2013-10-03 08:15:22.755131175 -0500
@@ -44,5 +44,6 @@
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
+# VerifyHostKeyDNS yes
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
--- ssh_config.5 2013-10-03 08:15:03.621130815 -0500
+++ ssh_config.5 2013-10-03 08:15:22.851132133 -0500
@@ -1246,7 +1246,10 @@ The argument must be
or
.Dq ask .
The default is
-.Dq no .
+.Dq yes
+if compiled with LDNS and
+.Dq no
+otherwise.
Note that this option applies to protocol version 2 only.
.Pp
See also VERIFYING HOST KEYS in

162
security/openssh-portable66/files/extra-patch-openssh661
View File

@ -1,162 +0,0 @@
From 5618210618256bbf5f4f71b2887ff186fd451736 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 20 Apr 2014 13:44:47 +1000
Subject: [PATCH] - (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c
version.h] OpenSSH 6.5 and 6.6 sometimes encode a value used in the
curve25519 key exchange incorrectly, causing connection failures about
0.2% of the time when this method is used against a peer that implements
the method properly.
Fix the problem and disable the curve25519 KEX when speaking to
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
to enable the compatability code.
---
ChangeLog | 11 +++++++++++
bufaux.c | 5 ++++-
compat.c | 17 ++++++++++++++++-
compat.h | 2 ++
sshconnect2.c | 2 ++
sshd.c | 3 +++
version.h | 2 +-
7 files changed, 39 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 9c59cc4..60f181a 100644
--- ChangeLog
+++ ChangeLog
@@ -1,3 +1,14 @@
+20140420
+ - (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c version.h]
+ OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519
+ key exchange incorrectly, causing connection failures about 0.2% of
+ the time when this method is used against a peer that implements
+ the method properly.
+
+ Fix the problem and disable the curve25519 KEX when speaking to
+ OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
+ to enable the compatability code.
+
20140313
- (djm) Release OpenSSH 6.6
diff --git a/bufaux.c b/bufaux.c
index e24b5fc..f6a6f2a 100644
--- bufaux.c
+++ bufaux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
if (l > 8 * 1024)
fatal("%s: length %u too long", __func__, l);
+ /* Skip leading zero bytes */
+ for (; l > 0 && *s == 0; l--, s++)
+ ;
p = buf = xmalloc(l + 1);
/*
* If most significant bit is set then prepend a zero byte to
diff --git a/compat.c b/compat.c
index 9d9fabe..2709dc5 100644
--- compat.c
+++ compat.c
@@ -95,6 +95,9 @@ compat_datafellows(const char *version)
{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
{ "OpenSSH_4*", 0 },
{ "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
+ { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH},
+ { "OpenSSH_6.5*,"
+ "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
{ "OpenSSH*", SSH_NEW_OPENSSH },
{ "*MindTerm*", 0 },
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop)
return cipher_prop;
}
-
char *
compat_pkalg_proposal(char *pkalg_prop)
{
@@ -265,3 +267,16 @@ compat_pkalg_proposal(char *pkalg_prop)
return pkalg_prop;
}
+char *
+compat_kex_proposal(char *kex_prop)
+{
+ if (!(datafellows & SSH_BUG_CURVE25519PAD))
+ return kex_prop;
+ debug2("%s: original KEX proposal: %s", __func__, kex_prop);
+ kex_prop = filter_proposal(kex_prop, "curve25519-sha256@libssh.org");
+ debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
+ if (*kex_prop == '\0')
+ fatal("No supported key exchange algorithms found");
+ return kex_prop;
+}
+
diff --git a/compat.h b/compat.h
index b174fa1..a6c3f3d 100644
--- compat.h
+++ compat.h
@@ -59,6 +59,7 @@
#define SSH_BUG_RFWD_ADDR 0x02000000
#define SSH_NEW_OPENSSH 0x04000000
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
+#define SSH_BUG_CURVE25519PAD 0x10000000
void enable_compat13(void);
void enable_compat20(void);
@@ -66,6 +67,7 @@ void compat_datafellows(const char *);
int proto_spec(const char *);
char *compat_cipher_proposal(char *);
char *compat_pkalg_proposal(char *);
+char *compat_kex_proposal(char *);
extern int compat13;
extern int compat20;
diff --git a/sshconnect2.c b/sshconnect2.c
index 7f4ff41..ec3ad6a 100644
--- sshconnect2.c
+++ sshconnect2.c
@@ -195,6 +195,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
}
if (options.kex_algorithms != NULL)
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+ myproposal[PROPOSAL_KEX_ALGS]);
if (options.rekey_limit || options.rekey_interval)
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
diff --git a/sshd.c b/sshd.c
index 7523de9..e9084b7 100644
--- sshd.c
+++ sshd.c
@@ -2462,6 +2462,9 @@ do_ssh2_kex(void)
if (options.kex_algorithms != NULL)
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+ myproposal[PROPOSAL_KEX_ALGS]);
+
if (options.rekey_limit || options.rekey_interval)
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
(time_t)options.rekey_interval);
diff --git a/version.h b/version.h
index a1579ac..a33e77c 100644
--- version.h
+++ version.h
@@ -1,6 +1,6 @@
/* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
-#define SSH_VERSION "OpenSSH_6.6"
+#define SSH_VERSION "OpenSSH_6.6.1"
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--
1.9.1

36
security/openssh-portable66/files/extra-patch-sshd-utmp-size
View File

@ -1,36 +0,0 @@
r184122 | des | 2008-10-21 06:58:26 -0500 (Tue, 21 Oct 2008) | 11 lines
Changed paths:
M /head/crypto/openssh/loginrec.c
M /head/crypto/openssh/sshd.c
At some point, construct_utmp() was changed to use realhostname() to fill
in the struct utmp due to concerns about the length of the hostname buffer.
However, this breaks the UseDNS option. There is a simpler and better
solution: initialize utmp_len to the correct value (UT_HOSTSIZE instead of
MAXHOSTNAMELEN) and let get_remote_name_or_ip() worry about the size of the
buffer.
PR: bin/97499
Submitted by: Bruce Cran <bruce@cran.org.uk>
Index: sshd.c
===================================================================
--- sshd.c (revision 184121)
+++ sshd.c (revision 184122)
@@ -72,6 +72,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <utmp.h>
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -238,7 +239,7 @@
u_int session_id2_len = 0;
/* record remote hostname or ip */
-u_int utmp_len = MAXHOSTNAMELEN;
+u_int utmp_len = UT_HOSTSIZE;
/* options.max_startup sized array of fd ints */
int *startup_pipes = NULL;

175
security/openssh-portable66/files/openssh.in
View File

@ -1,175 +0,0 @@
#!/bin/sh
# $FreeBSD$
#
# PROVIDE: openssh
# REQUIRE: DAEMON
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable openssh:
#
# openssh_enable (bool): Set it to "YES" to enable openssh.
# Default is "NO".
# openssh_flags (flags): Set extra flags to openssh.
# Default is "". see sshd(1).
# openssh_pidfile (file): Set full path to pid file.
. /etc/rc.subr
name="openssh"
rcvar=openssh_enable
load_rc_config ${name}
: ${openssh_enable:="NO"}
: ${openssh_skipportscheck="NO"}
command=%%PREFIX%%/sbin/sshd
extra_commands="configtest reload keygen"
start_precmd="${name}_checks"
reload_precmd="${name}_checks"
restart_precmd="${name}_checks"
configtest_cmd="${name}_configtest"
keygen_cmd="${name}_keygen"
pidfile=${openssh_pidfile:="/var/run/sshd.pid"}
openssh_keygen()
{
if [ -f %%ETCSSH%%/ssh_host_key -a \
-f %%ETCSSH%%/ssh_host_dsa_key -a \
-f %%ETCSSH%%/ssh_host_rsa_key -a \
-f %%ETCSSH%%/ssh_host_ecdsa_key -a \
-f %%ETCSSH%%/ssh_host_ed25519_key ]; then
return 0
fi
umask 022
# Can't do anything if ssh is not installed
[ -x %%PREFIX%%/bin/ssh-keygen ] ||
err 1 "%%PREFIX%%/bin/ssh-keygen does not exist."
if [ -f %%ETCSSH%%/ssh_host_key ]; then
echo "You already have an RSA host key" \
"in %%ETCSSH%%/ssh_host_key"
echo "Skipping protocol version 1 RSA Key Generation"
else
%%PREFIX%%/bin/ssh-keygen -t rsa1 -b 1024 \
-f %%ETCSSH%%/ssh_host_key -N ''
fi
if [ -f %%ETCSSH%%/ssh_host_dsa_key ]; then
echo "You already have a DSA host key" \
"in %%ETCSSH%%/ssh_host_dsa_key"
echo "Skipping protocol version 2 DSA Key Generation"
else
%%PREFIX%%/bin/ssh-keygen -t dsa \
-f %%ETCSSH%%/ssh_host_dsa_key -N ''
fi
if [ -f %%ETCSSH%%/ssh_host_rsa_key ]; then
echo "You already have a RSA host key" \
"in %%ETCSSH%%/ssh_host_rsa_key"
echo "Skipping protocol version 2 RSA Key Generation"
else
%%PREFIX%%/bin/ssh-keygen -t rsa \
-f %%ETCSSH%%/ssh_host_rsa_key -N ''
fi
if [ -f %%ETCSSH%%/ssh_host_ecdsa_key ]; then
echo "You already have a Elliptic Curve DSA host key" \
"in %%ETCSSH%%/ssh_host_ecdsa_key"
echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation"
else
%%PREFIX%%/bin/ssh-keygen -t ecdsa \
-f %%ETCSSH%%/ssh_host_ecdsa_key -N ''
fi
if [ -f %%ETCSSH%%/ssh_host_ed25519_key ]; then
echo "You already have a Elliptic Curve ED25519 host key" \
"in %%ETCSSH%%/ssh_host_ed25519_key"
echo "Skipping protocol version 2 Elliptic Curve ED25519 Key Generation"
else
%%PREFIX%%/bin/ssh-keygen -t ed25519 \
-f %%ETCSSH%%/ssh_host_ed25519_key -N ''
fi
}
openssh_check_same_ports(){
# check if opensshd don't use base system sshd's port
#
# openssh binds ports in priority (lowest first):
# Port from sshd_config
# -p option from command line
# ListenAddress addr:port from sshd_config
#check if opensshd-portable installed in replacement of base sshd
if [ "%%ETCSSH%%" = "/etc/ssh" ]; then
return 1
fi
self_port=$(awk '$1~/^ListenAddress/ \
{mlen=match($0,":[0-9]*$"); print \
substr($0,mlen+1,length($0)-mlen)}' %%ETCSSH%%/sshd_config)
if [ -z "$self_port" ]; then
self_port=$(echo $openssh_flags | awk \
'{for (i = 1; i <= NF; i++) if ($i == "-p") \
{i++; printf "%s", $i; break; }; }')
if [ -z "$self_port" ]; then
self_port=$(awk '$1~/^Port/ {print $2}' \
%%ETCSSH%%/sshd_config)
fi
fi
# assume default 22 port
if [ -z "$self_port" ]; then
self_port=22
fi
load_rc_config "sshd"
base_sshd_port=$(awk '$1~/^ListenAddress/ \
{mlen=match($0,":[0-9]*$"); print \
substr($0,mlen+1,length($0)-mlen)}' /etc/ssh/sshd_config)
if [ -z "$base_sshd_port" ]; then
base_sshd_port=$(echo $sshd_flags | awk \
'{for (i = 1; i <= NF; i++) if ($i == "-p") \
{i++; printf "%s", $i; break; }; }')
if [ -z "$base_sshd_port" ]; then
base_sshd_port=$(awk '$1~/^Port/ {print $2}' \
/etc/ssh/sshd_config)
fi
fi
if [ -z "$base_sshd_port" ]; then
base_sshd_port=22
fi
# self_port and base_sshd_port may have multiple values. Compare them all
for sport in ${self_port}; do
for bport in ${base_sshd_port}; do
[ ${sport} -eq ${bport} ] && return 0
done
done
return 1
}
openssh_configtest()
{
echo "Performing sanity check on ${name} configuration."
eval ${command} ${openssh_flags} -t
}
openssh_checks()
{
if checkyesno sshd_enable ; then
if openssh_check_same_ports && ! checkyesno openssh_skipportscheck; then
err 1 "sshd_enable is set, but $name and /usr/sbin/sshd use the same port"
fi
fi
run_rc_command keygen
openssh_configtest
}
run_rc_command "$1"

20
security/openssh-portable66/files/patch-auth.c
View File

@ -1,20 +0,0 @@
r100838 | fanf | 2002-07-28 19:36:24 -0500 (Sun, 28 Jul 2002) | 7 lines
Changed paths:
M /head/crypto/openssh/auth.c
Use login_getpwclass() instead of login_getclass() so that the root
vs. default login class distinction is made correctly.
PR: 37416
--- auth.c.orig 2010-08-12 11:33:01.000000000 -0600
+++ auth.c 2010-09-14 16:14:12.000000000 -0600
@@ -594,7 +594,7 @@
if (!allowed_user(pw))
return (NULL);
#ifdef HAVE_LOGIN_CAP
- if ((lc = login_getclass(pw->pw_class)) == NULL) {
+ if ((lc = login_getpwclass(pw)) == NULL) {
debug("unable to get login class: %s", user);
return (NULL);
}

58
security/openssh-portable66/files/patch-auth2.c
View File

@ -1,58 +0,0 @@
r99053 | des | 2002-06-29 05:57:13 -0500 (Sat, 29 Jun 2002) | 4 lines
Changed paths:
M /head/crypto/openssh/auth2.c
Apply class-imposed login restrictions.
--- auth2.c.orig 2012-12-02 16:53:20.000000000 -0600
+++ auth2.c 2013-05-22 17:21:37.979631466 -0500
@@ -46,6 +46,7 @@
#include "key.h"
#include "hostfile.h"
#include "auth.h"
+#include "canohost.h"
#include "dispatch.h"
#include "pathnames.h"
#include "buffer.h"
@@ -219,6 +220,13 @@
Authmethod *m = NULL;
char *user, *service, *method, *style = NULL;
int authenticated = 0;
+#ifdef HAVE_LOGIN_CAP
+ login_cap_t *lc;
+ const char *from_host, *from_ip;
+
+ from_host = get_canonical_hostname(options.use_dns);
+ from_ip = get_remote_ipaddr();
+#endif
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
@@ -265,6 +273,27 @@
"(%s,%s) -> (%s,%s)",
authctxt->user, authctxt->service, user, service);
}
+
+#ifdef HAVE_LOGIN_CAP
+ if (authctxt->pw != NULL) {
+ lc = login_getpwclass(authctxt->pw);
+ if (lc == NULL)
+ lc = login_getclassbyname(NULL, authctxt->pw);
+ if (!auth_hostok(lc, from_host, from_ip)) {
+ logit("Denied connection for %.200s from %.200s [%.200s].",
+ authctxt->pw->pw_name, from_host, from_ip);
+ packet_disconnect("Sorry, you are not allowed to connect.");
+ }
+ if (!auth_timeok(lc, time(NULL))) {
+ logit("LOGIN %.200s REFUSED (TIME) FROM %.200s",
+ authctxt->pw->pw_name, from_host);
+ packet_disconnect("Logins not available right now.");
+ }
+ login_close(lc);
+ lc = NULL;
+ }
+#endif /* HAVE_LOGIN_CAP */
+
/* reset state */
auth2_challenge_stop(authctxt);
#ifdef JPAKE

61
security/openssh-portable66/files/patch-readconf.c
View File

@ -1,61 +0,0 @@
base defaults
r99048 | des | 2002-06-29 05:51:56 -0500 (Sat, 29 Jun 2002) | 4 lines
Changed paths:
M /head/crypto/openssh/myproposal.h
M /head/crypto/openssh/readconf.c
M /head/crypto/openssh/servconf.c
Apply FreeBSD's configuration defaults.
------------------------------------------------------------------------
r181918 | des | 2008-08-20 05:40:07 -0500 (Wed, 20 Aug 2008) | 6 lines
Changed paths:
M /head/crypto/openssh/readconf.c
Use net.inet.ip.portrange.reservedhigh instead of IPPORT_RESERVED.
Submitted upstream, no reaction.
Submitted by: delphij@
--- readconf.c.orig 2013-10-03 06:56:21.649139613 -0500
+++ readconf.c 2013-10-03 06:56:50.961467272 -0500
@@ -17,6 +17,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
+#include <sys/sysctl.h>
#include <sys/wait.h>
#include <netinet/in.h>
@@ -282,7 +283,19 @@
Forward *fwd;
#ifndef NO_IPPORT_RESERVED_CONCEPT
extern uid_t original_real_uid;
- if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0)
+ int ipport_reserved;
+#ifdef __FreeBSD__
+ size_t len_ipport_reserved = sizeof(ipport_reserved);
+
+ if (sysctlbyname("net.inet.ip.portrange.reservedhigh",
+ &ipport_reserved, &len_ipport_reserved, NULL, 0) != 0)
+ ipport_reserved = IPPORT_RESERVED;
+ else
+ ipport_reserved++;
+#else
+ ipport_reserved = IPPORT_RESERVED;
+#endif
+ if (newfwd->listen_port < ipport_reserved && original_real_uid != 0)
fatal("Privileged ports can only be forwarded by root.");
#endif
options->local_forwards = xrealloc(options->local_forwards,
@@ -1607,7 +1620,7 @@
if (options->batch_mode == -1)
options->batch_mode = 0;
if (options->check_host_ip == -1)
- options->check_host_ip = 1;
+ options->check_host_ip = 0;
if (options->strict_host_key_checking == -1)
options->strict_host_key_checking = 2; /* 2 is default */
if (options->compression == -1)

50
security/openssh-portable66/files/patch-servconf.c
View File

@ -1,50 +0,0 @@
--- servconf.c.orig 2013-05-12 21:26:30.642630751 -0500
+++ servconf.c 2013-05-12 21:52:43.069625377 -0500
@@ -162,7 +162,7 @@
/* Portable-specific options */
if (options->use_pam == -1)
- options->use_pam = 0;
+ options->use_pam = 1;
/* Standard Options */
if (options->protocol == SSH_PROTO_UNKNOWN)
@@ -197,7 +197,7 @@
if (options->key_regeneration_time == -1)
options->key_regeneration_time = 3600;
if (options->permit_root_login == PERMIT_NOT_SET)
- options->permit_root_login = PERMIT_YES;
+ options->permit_root_login = PERMIT_NO;
if (options->ignore_rhosts == -1)
options->ignore_rhosts = 1;
if (options->ignore_user_known_hosts == -1)
@@ -207,7 +207,7 @@
if (options->print_lastlog == -1)
options->print_lastlog = 1;
if (options->x11_forwarding == -1)
- options->x11_forwarding = 0;
+ options->x11_forwarding = 1;
if (options->x11_display_offset == -1)
options->x11_display_offset = 10;
if (options->x11_use_localhost == -1)
@@ -245,7 +245,11 @@
if (options->gss_cleanup_creds == -1)
options->gss_cleanup_creds = 1;
if (options->password_authentication == -1)
+#ifdef USE_PAM
+ options->password_authentication = 0;
+#else
options->password_authentication = 1;
+#endif
if (options->kbd_interactive_authentication == -1)
options->kbd_interactive_authentication = 0;
if (options->challenge_response_authentication == -1)
@@ -335,7 +339,7 @@
options->version_addendum = xstrdup("");
/* Turn privilege separation on by default */
if (use_privsep == -1)
- use_privsep = PRIVSEP_NOSANDBOX;
+ use_privsep = PRIVSEP_ON;
#ifndef HAVE_MMAP
if (use_privsep && options->compression == 1) {

74
security/openssh-portable66/files/patch-session.c
View File

@ -1,74 +0,0 @@
--- session.c 2013-03-14 19:22:37.000000000 -0500
+++ session.c 2013-04-12 21:10:44.510757912 -0500
@@ -1131,6 +1136,9 @@
struct passwd *pw = s->pw;
#if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
char *path = NULL;
+#else
+ extern char **environ;
+ char **senv, **var;
#endif
/* Initialize the environment. */
@@ -1152,6 +1160,9 @@
}
#endif
+ if (getenv("TZ"))
+ child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+
#ifdef GSSAPI
/* Allow any GSSAPI methods that we've used to alter
* the childs environment as they see fit
@@ -1171,11 +1182,22 @@
child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
#endif
child_set_env(&env, &envsize, "HOME", pw->pw_dir);
+ snprintf(buf, sizeof buf, "%.200s/%.50s",
+ _PATH_MAILDIR, pw->pw_name);
+ child_set_env(&env, &envsize, "MAIL", buf);
#ifdef HAVE_LOGIN_CAP
- if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
- child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
- else
- child_set_env(&env, &envsize, "PATH", getenv("PATH"));
+ child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
+ child_set_env(&env, &envsize, "TERM", "su");
+ senv = environ;
+ environ = xmalloc(sizeof(char *));
+ *environ = NULL;
+ (void) setusercontext(lc, pw, pw->pw_uid,
+ LOGIN_SETENV|LOGIN_SETPATH);
+ copy_environment(environ, &env, &envsize);
+ for (var = environ; *var != NULL; ++var)
+ free(*var);
+ free(environ);
+ environ = senv;
#else /* HAVE_LOGIN_CAP */
# ifndef HAVE_CYGWIN
/*
@@ -1196,15 +1218,9 @@
# endif /* HAVE_CYGWIN */
#endif /* HAVE_LOGIN_CAP */
- snprintf(buf, sizeof buf, "%.200s/%.50s",
- _PATH_MAILDIR, pw->pw_name);
- child_set_env(&env, &envsize, "MAIL", buf);
-
/* Normal systems set SHELL by default. */
child_set_env(&env, &envsize, "SHELL", shell);
}
- if (getenv("TZ"))
- child_set_env(&env, &envsize, "TZ", getenv("TZ"));
/* Set custom environment options from RSA authentication. */
if (!options.use_login) {
@@ -1483,7 +1499,7 @@
if (platform_privileged_uidswap()) {
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid,
- (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
+ (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
perror("unable to set user context");
exit(1);
}

27
security/openssh-portable66/files/patch-ssh-agent.1
View File

@ -1,27 +0,0 @@
r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines
Add a -x option that causes ssh-agent(1) to exit when all clients have
disconnected.
Index: ssh-agent.1
===================================================================
--- ssh-agent.1 (revision 226102)
+++ ssh-agent.1 (revision 226103)
@@ -44,7 +44,7 @@
.Sh SYNOPSIS
.Nm ssh-agent
.Op Fl c | s
-.Op Fl d
+.Op Fl dx
.Op Fl a Ar bind_address
.Op Fl t Ar life
.Op Ar command Op Ar arg ...
@@ -103,6 +103,8 @@
.Xr ssh-add 1
overrides this value.
Without this option the default maximum lifetime is forever.
+.It Fl x
+Exit after the last client has disconnected.
.El
.Pp
If a commandline is given, this is executed as a subprocess of the agent.

92
security/openssh-portable66/files/patch-ssh-agent.c
View File

@ -1,92 +0,0 @@
r110506 | des | 2003-02-07 09:48:27 -0600 (Fri, 07 Feb 2003) | 4 lines
Set the ruid to the euid at startup as a workaround for a bug in pam_ssh.
r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines
Add a -x option that causes ssh-agent(1) to exit when all clients have
disconnected.
--- ssh-agent.c.orig 2011-06-02 23:14:16.000000000 -0500
+++ ssh-agent.c 2013-05-09 15:59:14.044627857 -0500
@@ -137,15 +137,34 @@
/* Default lifetime (0 == forever) */
static int lifetime = 0;
+/*
+ * Client connection count; incremented in new_socket() and decremented in
+ * close_socket(). When it reaches 0, ssh-agent will exit. Since it is
+ * normally initialized to 1, it will never reach 0. However, if the -x
+ * option is specified, it is initialized to 0 in main(); in that case,
+ * ssh-agent will exit as soon as it has had at least one client but no
+ * longer has any.
+ */
+static int xcount = 1;
+
static void
close_socket(SocketEntry *e)
{
+ int last = 0;
+
+ if (e->type == AUTH_CONNECTION) {
+ debug("xcount %d -> %d", xcount, xcount - 1);
+ if (--xcount == 0)
+ last = 1;
+ }
close(e->fd);
e->fd = -1;
e->type = AUTH_UNUSED;
buffer_free(&e->input);
buffer_free(&e->output);
buffer_free(&e->request);
+ if (last)
+ cleanup_exit(0);
}
static void
@@ -900,6 +919,10 @@
{
u_int i, old_alloc, new_alloc;
+ if (type == AUTH_CONNECTION) {
+ debug("xcount %d -> %d", xcount, xcount + 1);
+ ++xcount;
+ }
set_nonblock(fd);
if (fd > max_fd)
@@ -1120,6 +1143,7 @@
fprintf(stderr, " -d Debug mode.\n");
fprintf(stderr, " -a socket Bind agent socket to given name.\n");
fprintf(stderr, " -t life Default identity lifetime (seconds).\n");
+ fprintf(stderr, " -x Exit when the last client disconnects.\n");
exit(1);
}
@@ -1149,6 +1173,7 @@
/* drop */
setegid(getgid());
setgid(getgid());
+ setuid(geteuid());
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
/* Disable ptrace on Linux without sgid bit */
@@ -1160,7 +1185,7 @@
__progname = ssh_get_progname(av[0]);
seed_rng();
- while ((ch = getopt(ac, av, "cdksa:t:")) != -1) {
+ while ((ch = getopt(ac, av, "cdksa:t:x")) != -1) {
switch (ch) {
case 'c':
if (s_flag)
@@ -1189,6 +1214,9 @@
usage();
}
break;
+ case 'x':
+ xcount = 0;
+ break;
default:
usage();
}

34
security/openssh-portable66/files/patch-ssh.c
View File

@ -1,34 +0,0 @@
$FreeBSD$
r99054 | des | 2002-06-29 05:57:53 -0500 (Sat, 29 Jun 2002) | 4 lines
Changed paths:
M /head/crypto/openssh/ssh.c
Canonicize the host name before looking it up in the host file.
--- ssh.c.orig 2010-08-16 09:59:31.000000000 -0600
+++ ssh.c 2010-08-25 17:55:01.000000000 -0600
@@ -699,6 +699,23 @@
"h", host, (char *)NULL);
}
+ /* Find canonic host name. */
+ if (strchr(host, '.') == 0) {
+ struct addrinfo hints;
+ struct addrinfo *ai = NULL;
+ int errgai;
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = options.address_family;
+ hints.ai_flags = AI_CANONNAME;
+ hints.ai_socktype = SOCK_STREAM;
+ errgai = getaddrinfo(host, NULL, &hints, &ai);
+ if (errgai == 0) {
+ if (ai->ai_canonname != NULL)
+ host = xstrdup(ai->ai_canonname);
+ freeaddrinfo(ai);
+ }
+ }
+
if (options.local_command != NULL) {
char thishost[NI_MAXHOST];

16
security/openssh-portable66/files/patch-ssh_config
View File

@ -1,16 +0,0 @@
r100678 | fanf | 2002-07-25 10:59:40 -0500 (Thu, 25 Jul 2002) | 5 lines
Document the FreeBSD default for CheckHostIP, which was changed in
rev 1.2 of readconf.c.
--- ssh_config.orig 2010-01-12 01:40:27.000000000 -0700
+++ ssh_config 2010-09-14 16:14:13.000000000 -0600
@@ -27,7 +27,7 @@
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
-# CheckHostIP yes
+# CheckHostIP no
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask

16
security/openssh-portable66/files/patch-ssh_config.5
View File

@ -1,16 +0,0 @@
r100678 | fanf | 2002-07-25 10:59:40 -0500 (Thu, 25 Jul 2002) | 5 lines
Document the FreeBSD default for CheckHostIP, which was changed in
rev 1.2 of readconf.c.
--- ssh_config.5.orig 2010-08-04 21:03:13.000000000 -0600
+++ ssh_config.5 2010-09-14 16:14:13.000000000 -0600
@@ -164,7 +164,7 @@
.Dq no ,
the check will not be executed.
The default is
-.Dq yes .
+.Dq no .
.It Cm Cipher
Specifies the cipher to use for encrypting the session
in protocol version 1.

35
security/openssh-portable66/files/patch-sshd.8
View File

@ -1,35 +0,0 @@
Document FreeBSD/port-specific paths
--- sshd.8.orig 2010-08-04 21:03:13.000000000 -0600
+++ sshd.8 2010-09-14 16:14:14.000000000 -0600
@@ -70,7 +70,7 @@
.Nm
listens for connections from clients.
It is normally started at boot from
-.Pa /etc/rc .
+.Pa /usr/local/etc/rc.d/openssh .
It forks a new
daemon for each incoming connection.
The forked daemons handle
@@ -384,8 +384,9 @@
If the login is on a tty, records login time.
.It
Checks
-.Pa /etc/nologin ;
-if it exists, prints contents and quits
+.Pa /etc/nologin and
+.Pa /var/run/nologin ;
+if one exists, it prints the contents and quits
(unless root).
.It
Changes to run with normal user privileges.
@@ -407,7 +408,8 @@
exists, runs it; else if
.Pa /etc/ssh/sshrc
exists, runs
-it; otherwise runs xauth.
+it; otherwise runs
+.Xr xauth 1 .
The
.Dq rc
files are given the X11

99
security/openssh-portable66/files/patch-sshd.c
View File

@ -1,99 +0,0 @@
r109683 | des | 2003-01-22 08:12:59 -0600 (Wed, 22 Jan 2003) | 7 lines
Changed paths:
M /head/crypto/openssh/sshd.c
Force early initialization of the resolver library, since the resolver
configuration files will no longer be available once sshd is chrooted.
PR: 39953, 40894
Submitted by: dinoex
r199804 | attilio | 2009-11-25 09:12:24 -0600 (Wed, 25 Nov 2009) | 13 lines
Changed paths:
M /head/crypto/openssh/sshd.c
M /head/usr.sbin/cron/cron/cron.c
M /head/usr.sbin/inetd/inetd.c
M /head/usr.sbin/syslogd/syslogd.c
Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swap
environments.
Please note that this can't be done while such processes run in jails.
Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.
r206397 | kib | 2010-04-08 07:07:40 -0500 (Thu, 08 Apr 2010) | 8 lines
Changed paths:
M /head/crypto/openssh/sshd.c
Enhance r199804 by marking the daemonised child as immune to OOM instead
of short-living parent. Only mark the master process that accepts
connections, do not protect connection handlers spawned from inetd.
--- sshd.c.orig 2010-04-15 23:56:22.000000000 -0600
+++ sshd.c 2010-09-14 16:14:13.000000000 -0600
@@ -46,6 +46,7 @@
#include <sys/types.h>
#include <sys/ioctl.h>
+#include <sys/mman.h>
#include <sys/socket.h>
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
@@ -83,6 +84,13 @@
#include <prot.h>
#endif
+#ifdef __FreeBSD__
+#include <resolv.h>
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#endif
+
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
@@ -1877,6 +1885,10 @@
/* Reinitialize the log (because of the fork above). */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ /* Avoid killing the process in high-pressure swapping environments. */
+ if (!inetd_flag && madvise(NULL, 0, MADV_PROTECT) != 0)
+ debug("madvise(): %.200s", strerror(errno));
+
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
if (chdir("/") == -1)
@@ -1995,6 +2007,29 @@
signal(SIGCHLD, SIG_DFL);
signal(SIGINT, SIG_DFL);
+#ifdef __FreeBSD__
+ /*
+ * Initialize the resolver. This may not happen automatically
+ * before privsep chroot().
+ */
+ if ((_res.options & RES_INIT) == 0) {
+ debug("res_init()");
+ res_init();
+ }
+#ifdef GSSAPI
+ /*
+ * Force GSS-API to parse its configuration and load any
+ * mechanism plugins.
+ */
+ {
+ gss_OID_set mechs;
+ OM_uint32 minor_status;
+ gss_indicate_mechs(&minor_status, &mechs);
+ gss_release_oid_set(&minor_status, &mechs);
+ }
+#endif
+#endif
+
/*
* Register our connection. This turns encryption off because we do
* not have a key.

79
security/openssh-portable66/files/patch-sshd_config
View File

@ -1,79 +0,0 @@
--- sshd_config.orig 2013-02-11 18:02:09.000000000 -0600
+++ sshd_config 2013-05-13 06:46:45.153627197 -0500
@@ -10,6 +10,9 @@
# possible, but leave them commented. Uncommented options override the
# default value.
+# Note that some of FreeBSD's defaults differ from OpenBSD's, and
+# FreeBSD has a few additional options.
+
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
@@ -41,7 +44,7 @@
# Authentication:
#LoginGraceTime 2m
-#PermitRootLogin yes
+#PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
@@ -50,8 +53,7 @@
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
-# but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile .ssh/authorized_keys
+#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
@@ -68,11 +70,11 @@
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
-# To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
+# Change to yes to enable built-in password authentication.
+#PasswordAuthentication no
#PermitEmptyPasswords no
-# Change to no to disable s/key passwords
+# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes
# Kerberos options
@@ -85,7 +87,7 @@
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
-# Set this to 'yes' to enable PAM authentication, account processing,
+# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
@@ -94,12 +96,12 @@
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
-#UsePAM no
+#UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
-#X11Forwarding no
+#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
@@ -107,7 +109,7 @@
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
-UsePrivilegeSeparation sandbox # Default for new installations.
+#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0

90
security/openssh-portable66/files/patch-sshd_config.5
View File

@ -1,90 +0,0 @@
--- sshd_config.5.orig 2013-02-11 18:02:09.000000000 -0600
+++ sshd_config.5 2013-05-13 06:49:28.164628328 -0500
@@ -277,7 +277,9 @@
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
PAM or though authentication styles supported in
-.Xr login.conf 5 )
+.Xr login.conf 5 ) .
+See also
+.Cm UsePAM .
The default is
.Dq yes .
.It Cm ChrootDirectory
@@ -555,7 +557,7 @@
.Pp
.Pa /etc/hosts.equiv
and
-.Pa /etc/shosts.equiv
+.Pa /etc/ssh/shosts.equiv
are still used.
The default is
.Dq yes .
@@ -841,7 +843,22 @@
.It Cm PasswordAuthentication
Specifies whether password authentication is allowed.
The default is
+.Dq no ,
+unless
+.Nm sshd
+was built without PAM support, in which case the default is
.Dq yes .
+Note that if
+.Cm ChallengeResponseAuthentication
+is
+.Dq yes ,
+and the PAM authentication policy for
+.Nm sshd
+includes
+.Xr pam_unix 8 ,
+password authentication will be allowed through the challenge-response
+mechanism regardless of the value of
+.Cm PasswordAuthentication .
.It Cm PermitEmptyPasswords
When password authentication is allowed, it specifies whether the
server allows login to accounts with empty password strings.
@@ -887,7 +904,14 @@
or
.Dq no .
The default is
-.Dq yes .
+.Dq no .
+Note that if
+.Cm ChallengeResponseAuthentication
+is
+.Dq yes ,
+the root user may be allowed in with its password even if
+.Cm PermitRootLogin is set to
+.Dq without-password .
.Pp
If this option is set to
.Dq without-password ,
@@ -1006,7 +1030,9 @@
section in
.Xr ssh-keygen 1 .
.It Cm RhostsRSAAuthentication
-Specifies whether rhosts or /etc/hosts.equiv authentication together
+Specifies whether rhosts or
+.Pa /etc/hosts.equiv
+authentication together
with successful RSA host authentication is allowed.
The default is
.Dq no .
@@ -1146,7 +1172,7 @@
.Xr sshd 8
as a non-root user.
The default is
-.Dq no .
+.Dq yes .
.It Cm UsePrivilegeSeparation
Specifies whether
.Xr sshd 8
@@ -1182,7 +1208,7 @@
or
.Dq no .
The default is
-.Dq no .
+.Dq yes .
.Pp
When X11 forwarding is enabled, there may be additional exposure to
the server and to client displays if the

15
security/openssh-portable66/pkg-descr
View File

@ -1,15 +0,0 @@
OpenBSD's OpenSSH portable version
Normal OpenSSH development produces a very small, secure, and easy to maintain
version for the OpenBSD project. The OpenSSH Portability Team takes that pure
version and adds portability code so that OpenSSH can run on many other
operating systems (Unfortunately, in particular since OpenSSH does
authentication, it runs into a *lot* of differences between Unix operating
systems).
The portable OpenSSH follows development of the official version, but releases
are not synchronized. Portable releases are marked with a 'p' (e.g. 3.1p1).
The official OpenBSD source will never use the 'p' suffix, but will instead
increment the version number when they hit 'stable spots' in their development.
WWW: http://www.openssh.org/portable.html

15
security/openssh-portable66/pkg-message
View File

@ -1,15 +0,0 @@
To enable this port, add openssh_enable="YES" in your rc.conf. To
prevent conflict with openssh in the base system add sshd_enable="NO"
in your rc.conf. Also you can configure openssh at another TCP port (via
sshd_config 'Port' and 'Listen' options or via 'openssh_flags'
variable in rc.conf) and run it in same time with base sshd.
'PermitRootLogin no' is the default for the OpenSSH port.
This now matches the PermitRootLogin configuration of OpenSSH in
the base system. Please be aware of this when upgrading your
OpenSSH port, and if truly necessary, re-enable remote root login
by readjusting this option in your sshd_config.
Users are encouraged to create single-purpose users with ssh keys, disable
Password auth with 'PasswordAuthentication no' and define very narrow sudo
privileges instead of using root for automated tasks.

40
security/openssh-portable66/pkg-plist
View File

@ -1,40 +0,0 @@
@comment slogin must be deleted first
bin/slogin
bin/scp
bin/sftp
bin/ssh
bin/ssh-add
bin/ssh-agent
bin/ssh-keygen
bin/ssh-keyscan
%%NOTBASE%%@exec if [ -f %D/etc/ssh_config -a ! -f %D/etc/ssh/ssh_config ]; then ln %D/etc/ssh_config %D/etc/ssh/ssh_config ; fi
%%NOTBASE%%@exec if [ -f %D/etc/sshd_config -a ! -f %D/etc/ssh/sshd_config ]; then ln %D/etc/sshd_config %D/etc/ssh/sshd_config ; fi
%%OVERWRITE_BASE%%@cwd /
%%NOTBASE%%etc/ssh/moduli
@sample etc/ssh/ssh_config.sample
@sample etc/ssh/sshd_config.sample
%%OVERWRITE_BASE%%@cwd %%BASEPREFIX%%
%%NOTBASE%%%%X509%%@dirrmtry etc/ssh/ca
%%NOTBASE%%@dirrmtry etc/ssh
@exec if [ -f %D/etc/ssh_host_ecdsa_key ] && grep -q DSA %D/etc/ssh_host_ecdsa_key; then echo; echo "\!/ Warning \!/"; echo; echo "Your %D/etc/ssh_host_ecdsa_key is not a valid ECDSA key. It is incorrectly"; echo "a DSA key due to a bug fixed in 2012 in the security/openssh-portable port."; echo; echo "Regenerate a proper one with: rm -f %D/etc/ssh_host_ecdsa_key*; service openssh restart"; echo; echo "Clients should not see any key change warning since the ECDSA was not valid and was not actually"; echo "used by the server."; echo; echo "\!/ Warning \!/"; fi
sbin/sshd
libexec/sftp-server
libexec/ssh-keysign
libexec/ssh-pkcs11-helper
@cwd %%MANPREFIX%%
man/man1/sftp.1.gz
man/man1/ssh-add.1.gz
man/man1/ssh-agent.1.gz
man/man1/ssh-keygen.1.gz
man/man1/ssh-keyscan.1.gz
man/man1/scp.1.gz
man/man1/ssh.1.gz
man/man1/slogin.1.gz
man/man5/moduli.5.gz
man/man5/ssh_config.5.gz
man/man5/sshd_config.5.gz
%%X509%%man/man5/ssh_engine.5.gz
man/man8/sftp-server.8.gz
man/man8/sshd.8.gz
man/man8/ssh-keysign.8.gz
man/man8/ssh-pkcs11-helper.8.gz

2
www/Makefile
View File

@ -1265,9 +1265,7 @@
SUBDIR += p5-WWW-RobotRules-Parser
SUBDIR += p5-WWW-Scraper-ISBN
SUBDIR += p5-WWW-Scraper-ISBN-Amazon_Driver
SUBDIR += p5-WWW-Scraper-ISBN-Driver
SUBDIR += p5-WWW-Scraper-ISBN-ORA_Driver
SUBDIR += p5-WWW-Scraper-ISBN-Record
SUBDIR += p5-WWW-Scripter
SUBDIR += p5-WWW-Scripter-Plugin-Ajax
SUBDIR += p5-WWW-Scripter-Plugin-JavaScript

21
www/p5-WWW-Scraper-ISBN-Driver/Makefile
View File

@ -1,21 +0,0 @@
# Created by: Ying-Chieh Liao <ijliao@csie.nctu.edu.tw>
# $FreeBSD$
PORTNAME= WWW-Scraper-ISBN-Driver
PORTVERSION= 0.22
PORTREVISION= 1
CATEGORIES= www perl5
MASTER_SITES= CPAN
PKGNAMEPREFIX= p5-
MAINTAINER= perl@FreeBSD.org
COMMENT= Driver class for WWW::Scraper::ISBN module
CONFLICTS_INSTALL= p5-WWW-Scraper-ISBN-1.[0-9]*
DEPRECATED= Merged to www/p5-WWW-Scraper-ISBN by upstream
EXPIRATION_DATE=2015-01-31
USES= perl5
USE_PERL5= configure
.include <bsd.port.mk>

2
www/p5-WWW-Scraper-ISBN-Driver/distinfo
View File

@ -1,2 +0,0 @@
SHA256 (WWW-Scraper-ISBN-Driver-0.22.tar.gz) = 18a5080c1dd53cf4fe1e0c96292fb97f82877cdae89ed16efbd34966b9f80afc
SIZE (WWW-Scraper-ISBN-Driver-0.22.tar.gz) = 6905

9
www/p5-WWW-Scraper-ISBN-Driver/pkg-descr
View File

@ -1,9 +0,0 @@
This is a base class, all site-specific drivers should inherit its members
and methods. Driver subclasses named '$name' should be packaged as
WWW::Scraper::ISBN::$name_Driver, e.g. WWW::Scraper::ISBN::LOC_Driver for
LOC (Library of Congress) driver. Each driver need only implement the
search() method, though they may have as many other methods as they need to
get their job done. Only search() will be called by
WWW::Scraper::ISBN->search().
WWW: http://search.cpan.org/dist/WWW-Scraper-ISBN-Driver/

2
www/p5-WWW-Scraper-ISBN-Driver/pkg-plist
View File

@ -1,2 +0,0 @@
%%SITE_PERL%%/WWW/Scraper/ISBN/Driver.pm
%%PERL5_MAN3%%/WWW::Scraper::ISBN::Driver.3.gz

21
www/p5-WWW-Scraper-ISBN-Record/Makefile
View File

@ -1,21 +0,0 @@
# Created by: Ying-Chieh Liao <ijliao@csie.nctu.edu.tw>
# $FreeBSD$
PORTNAME= WWW-Scraper-ISBN-Record
PORTVERSION= 0.21
PORTREVISION= 1
CATEGORIES= www perl5
MASTER_SITES= CPAN
PKGNAMEPREFIX= p5-
MAINTAINER= perl@FreeBSD.org
COMMENT= Book Record class for WWW::Scraper::ISBN module
CONFLICTS_INSTALL= p5-WWW-Scraper-ISBN-1.[0-9]*
DEPRECATED= Merged to www/p5-WWW-Scraper-ISBN by upstream
EXPIRATION_DATE=2015-01-31
USES= perl5
USE_PERL5= configure
.include <bsd.port.mk>

2
www/p5-WWW-Scraper-ISBN-Record/distinfo
View File

@ -1,2 +0,0 @@
SHA256 (WWW-Scraper-ISBN-Record-0.21.tar.gz) = 06829e70ddd7431c70eff20a445544587558c015a14b52f2a157f8fd3a39f732
SIZE (WWW-Scraper-ISBN-Record-0.21.tar.gz) = 5092

9
www/p5-WWW-Scraper-ISBN-Record/pkg-descr
View File

@ -1,9 +0,0 @@
The WWW::Scraper::ISBN::Record module defines a class that can be used to deal
with book information. It was primarily created as a return type for the
WWW::Scraper::ISBN module, though it could be used for other purposes. It
knows minimal information about itself, whether the book was found, where it
was found, its ISBN number, and whether any errors occurred. It is usually up
to the WWW::Scraper::ISBN::Driver and its subclasses to make sure that the
fields get set correctly.
WWW: http://search.cpan.org/dist/WWW-Scraper-ISBN-Record/

2
www/p5-WWW-Scraper-ISBN-Record/pkg-plist
View File

@ -1,2 +0,0 @@
%%PERL5_MAN3%%/WWW::Scraper::ISBN::Record.3.gz
%%SITE_PERL%%/WWW/Scraper/ISBN/Record.pm