4 files changed, 80 insertions, 42 deletions

diff --git a/security/ssh2/Makefile b/security/ssh2/Makefile
index ea13d0b706c9..90dd7ec4a9fb 100644
--- a/security/ssh2/Makefile
+++ b/security/ssh2/Makefile
@@ -6,22 +6,22 @@
 #
 
 PORTNAME=	ssh2
-PORTVERSION=	3.2.3
+PORTVERSION=	3.2.5
 CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.ssh.com/pub/ssh/ \
 		ftp://sunsite.unc.edu/pub/packages/security/ssh/ \
-		ftp://ftp.kyoto.wide.ad.jp/pub/security/ssh/ \
-		ftp://ftp.cis.fed.gov/pub/ssh/ \
 		ftp://ftp.keystealth.org/pub/ssh/ \
-		ftp://mirror.chpc.utah.edu/pub/ssh/ \
 		ftp://metalab.unc.edu/pub/packages/security/ssh/ \
-		ftp://herbie.ucs.indiana.edu/pub/security/ssh/
+		ftp://ftp.nsysu.edu.tw/Unix/Security/ssh/ \
+		ftp://ftp.cronyx.ru/mirror/ssh/ \
+		ftp://ftp.univie.ac.at/applications/ssh.com/
 DISTNAME=	ssh-${PORTVERSION}
 
-MAINTAINER=	larse@ISI.EDU
+MAINTAINER=	marius@alchemy.franken.de
 COMMENT=	Secure shell client and server (remote login program)
 
 GNU_CONFIGURE=	YES
+USE_REINPLACE=	YES
 
 CONFIGURE_ARGS=	--with-etcdir=${SSH2_ETC} --disable-debug
 
@@ -29,43 +29,43 @@ SSH2_ETC=	${PREFIX}/etc/ssh2
 SSH2_RCD=	${PREFIX}/etc/rc.d
 CONFIG_FILES=	ssh2_config sshd2_config
 
-# Uncomment if all your users are in their own group and their homedir
+.include <bsd.port.pre.mk>
+
+# Define if all your users are in their own group and their homedir
 # is writeable by that group.  Beware the security implications!
 #
-#CONFIGURE_ARGS+=	--enable-group-writeability
+.if defined(WITH_GROUP_WRITEABILITY)
+CONFIGURE_ARGS+=	--enable-group-writeability
+.endif
 
-# Kerberos support is untested.
+# Kerberos5 support in ssh2 is EXPERIMENTAL and requires MIT Kerberos,
+# Heimdal is unsupported.
 #
-#.if defined(KRB5_HOME) && exists(${KRB5_HOME})
-#CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --disable-suid-ssh-signer
-#.endif
+.if defined(WITH_KERBEROS) && defined(KRB5_HOME) && \
+	exists(${KRB5_HOME}/lib/libkrb5.a)
+CONFIGURE_ARGS+=	--with-kerberos5=${KRB5_HOME} --disable-suid-ssh-signer
+.endif
 
-# Auto-configure tcp_wrappers support.
-#
-.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP) && \
-	!defined(WITHOUT_TCPWRAP)
+.if exists(/usr/include/tcpd.h) && !defined(WITHOUT_TCPWRAP)
 CONFIGURE_ARGS+=	--with-libwrap
-.elif defined(WITH_TCPWRAP)
-CONFIGURE_ARGS+=	--with-libwrap="-L${LOCALBASE}/lib -lwrap"
-
-LIB_DEPENDS+=	wrap.7:${PORTSDIR}/security/tcp_wrapper
 .endif
 
-.include <bsd.port.pre.mk>
-
-# This is necessary for a working ssh-chrootmgr. Added by mic@nethack.at
+# This is necessary for a working ssh-chrootmgr. Added by mic@nethack.at.
 #
 .if defined(WITH_STATIC_SFTP)
 CONFIGURE_ARGS+=	--enable-static
+PLIST_SUB=		STATIC=""
+.else
+PLIST_SUB=		STATIC="@comment "
 .endif
 
 .if defined(WITH_X11) || (exists(${X11BASE}/lib/libX11.a) \
 	&& exists(${X11BASE}/bin/xauth) && !defined(WITHOUT_X11))
 USE_XLIB=	yes
-PLIST_SUB=	WITH_X11:=""
+PLIST_SUB+=	WITH_X11:=""
 .else
 CONFIGURE_ARGS+=	--without-x
-PLIST_SUB=	WITH_X11:="@comment "
+PLIST_SUB+=	WITH_X11:="@comment "
 .endif
 
 MAN1=		ssh2.1 ssh-keygen2.1 ssh-add2.1 ssh-agent2.1 scp2.1 sftp2.1 \
@@ -81,6 +81,14 @@ MANCOMPRESSED=	no
 PORTDOCS=	CHANGES FAQ INSTALL LICENSE MANIFEST NEWS README \
 		REGEX-SYNTAX SSH2.QUICKSTART
 
+post-patch:
+.for i in ${MAN1} ${MAN5} ${MAN8}
+	@${REINPLACE_CMD} -e 's|\/etc\/ssh2|${PREFIX}&|g;' \
+		${WRKSRC}/apps/ssh/${i}
+.endfor
+	@${REINPLACE_CMD} -E -e 's|\$$\(ETCDIR\)|${PREFIX}\/etc|g;' \
+		${WRKSRC}/apps/ssh/ssh_dummy_shell.out
+
 post-install:
 .if !defined(NOPORTDOCS)
 	${MKDIR} ${DOCSDIR}
@@ -88,11 +96,7 @@ post-install:
 	${INSTALL_DATA} ${WRKSRC}/$i ${DOCSDIR}
 .endfor
 .endif
-	@if [ ! -f ${SSH2_ETC}/hostkey ]; then \
-	    ${ECHO} "Generating a secret host key..."; \
-	    ${PREFIX}/bin/ssh-keygen2 -P -b 1024 -t dsa ${SSH2_ETC}/hostkey; \
-	fi; \
-	if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \
+	if [ "`${GREP} ssh /etc/inetd.conf | ${GREP} -v ^#ssh`" = "" ]; then \
 	    if [ ! -f ${SSH2_RCD}/sshd.sh ]; then \
 		${ECHO} "Installing ${SSH2_RCD}/sshd.sh startup file."; \
 		${SED} -e 's+!!PREFIX!!+${PREFIX}+' < ${FILESDIR}/sshd.sh \
diff --git a/security/ssh2/distinfo b/security/ssh2/distinfo
index c383355ab278..60f0dd3cf395 100644
--- a/security/ssh2/distinfo
+++ b/security/ssh2/distinfo
@@ -1 +1 @@
-MD5 (ssh-3.2.3.tar.gz) = d74afd27a5df00ae8fbbe066ec82c88a
+MD5 (ssh-3.2.5.tar.gz) = 0d9da1d79e4ce9cff44daf93e5b66a11
diff --git a/security/ssh2/files/patch-apps::ssh::sshchsession.c b/security/ssh2/files/patch-apps::ssh::sshchsession.c
new file mode 100644
index 000000000000..36f18b967cbe
--- /dev/null
+++ b/security/ssh2/files/patch-apps::ssh::sshchsession.c
@@ -0,0 +1,22 @@
+--- apps/ssh/sshchsession.c.orig	Thu Jul  3 00:19:57 2003
++++ apps/ssh/sshchsession.c	Thu Jul  3 00:21:12 2003
+@@ -218,8 +218,8 @@
+ #ifdef _PATH_USERPATH
+ #define DEFAULT_PATH            _PATH_USERPATH
+ #else
+-#ifdef _PATH_DEFPATH
+-#define DEFAULT_PATH            _PATH_DEFPATH
++#ifdef _PATH_STDPATH
++#define DEFAULT_PATH            _PATH_STDPATH
+ #else
+ #define DEFAULT_PATH    "/bin:/usr/bin:/usr/ucb:/usr/bin/X11:/usr/local/bin"
+ #endif
+@@ -502,7 +502,7 @@
+   ssh_child_set_env(envp, envsizep, "HOME", user_dir);
+   ssh_child_set_env(envp, envsizep, "USER", user_name);
+   ssh_child_set_env(envp, envsizep, "LOGNAME", user_name);
+-  ssh_child_set_env(envp, envsizep, "PATH", DEFAULT_PATH ":" SSH_BINDIR);
++  ssh_child_set_env(envp, envsizep, "PATH", DEFAULT_PATH SSH_BINDIR);
+ 
+ #ifdef MAIL_SPOOL_DIRECTORY
+   ssh_snprintf(buf, sizeof(buf), "%s/%s", MAIL_SPOOL_DIRECTORY, user_name);
diff --git a/security/ssh2/pkg-plist b/security/ssh2/pkg-plist
index 93342b159841..99f686a4c729 100644
--- a/security/ssh2/pkg-plist
+++ b/security/ssh2/pkg-plist
@@ -8,7 +8,9 @@ bin/ssh-add2
 bin/ssh-signer2
 bin/ssh-probe2
 bin/sftp-server2
+%%STATIC%%bin/sftp-server2.static
 bin/ssh-dummy-shell
+%%STATIC%%bin/ssh-dummy-shell.static
 bin/ssh
 bin/ssh-agent
 bin/ssh-add
@@ -20,24 +22,34 @@ bin/sftp-server
 bin/ssh-signer
 bin/ssh-probe
 etc/rc.d/sshd.sh
+@unexec if cmp -s %D/etc/ssh2/sshd2_config %D/etc/ssh2/sshd2_config.example; then rm -f %D/etc/ssh2/sshd2_config; fi
 etc/ssh2/sshd2_config.example
+@exec [ -f %B/sshd2_config ] || cp %B/%f %B/sshd2_config
+@unexec if cmp -s %D/etc/ssh2/ssh2_config %D/etc/ssh2/ssh2_config.example; then rm -f %D/etc/ssh2/ssh2_config; fi
 etc/ssh2/ssh2_config.example
+@exec [ -f %B/ssh2_config ] || cp %B/%f %B/ssh2_config
 etc/ssh2/ssh_dummy_shell.out
 etc/ssh2/subconfig/anonymous.example
 etc/ssh2/subconfig/host_ext.example
 etc/ssh2/subconfig/host_int.example
 etc/ssh2/subconfig/user.example
+@exec [ -d %D/etc/ssh2/hostkeys ] || mkdir %D/etc/ssh2/hostkeys
+@exec [ -d %D/etc/ssh2/knownhosts ] || mkdir %D/etc/ssh2/knownhosts
 sbin/sshd2
 sbin/sshd-check-conf
 sbin/sshd
-@exec if [ ! -f %D/etc/ssh2/hostkey ]; then umask 022; echo "Generating 1024 bit host key."; %D/bin/ssh-keygen2 -P -b 1024 -t dsa %D/etc/ssh2/hostkey;  fi
-%%PORTDOCS%%share/doc/ssh2/CHANGES
-%%PORTDOCS%%share/doc/ssh2/FAQ
-%%PORTDOCS%%share/doc/ssh2/INSTALL
-%%PORTDOCS%%share/doc/ssh2/LICENSE
-%%PORTDOCS%%share/doc/ssh2/MANIFEST
-%%PORTDOCS%%share/doc/ssh2/NEWS
-%%PORTDOCS%%share/doc/ssh2/README
-%%PORTDOCS%%share/doc/ssh2/REGEX-SYNTAX
-%%PORTDOCS%%share/doc/ssh2/SSH2.QUICKSTART
-%%PORTDOCS%%@dirrm share/doc/ssh2
+@exec if [ ! -f %D/etc/ssh2/hostkey ]; then umask 022; echo "Generating host key."; %D/bin/ssh-keygen2 -P -t dsa "DSA hostkey" %D/etc/ssh2/hostkey;  fi
+%%PORTDOCS%%%%DATADIR%%/CHANGES
+%%PORTDOCS%%%%DATADIR%%/FAQ
+%%PORTDOCS%%%%DATADIR%%/INSTALL
+%%PORTDOCS%%%%DATADIR%%/LICENSE
+%%PORTDOCS%%%%DATADIR%%/MANIFEST
+%%PORTDOCS%%%%DATADIR%%/NEWS
+%%PORTDOCS%%%%DATADIR%%/README
+%%PORTDOCS%%%%DATADIR%%/REGEX-SYNTAX
+%%PORTDOCS%%%%DATADIR%%/SSH2.QUICKSTART
+%%PORTDOCS%%@dirrm %%DATADIR%%
+@unexec rmdir %D/etc/ssh2/hostkeys 2> /dev/null || true
+@unexec rmdir %D/etc/ssh2/knownhosts 2> /dev/null || true
+@unexec rmdir %D/etc/ssh2/subconfig 2> /dev/null || true
+@unexec rmdir %D/etc/ssh2 2> /dev/null || echo "If permanently deleting this package, %D/etc/ssh2 and its contents must be removed manually."