Remove expired ports

2010-10-15 security/ssh2: abandoned upstream
2010-10-15 security/ssh2-nox11: abandoned upstream

Mark DEPRECATED: abandoned upstream.

Approved by:    netchild

Begin the process of deprecating sysutils/rc_subr by
s#. %%RC_SUBR%%#. /etc/rc.subr#

- Remove unneeded dependency from gtk12/gtk20 [1]
- Remove USE_XLIB/USE_X_PREFIX/USE_XPM in favor of USE_XORG
- Remove X11BASE support in favor of LOCALBASE or PREFIX
- Use USE_LDCONFIG instead of INSTALLS_SHLIB
- Remove unneeded USE_GCC 3.4+

Thanks to all Helpers:
        Dmitry Marakasov, Chess Griffin, beech@, dinoex, rafan, gahr,
        ehaupt, nox, itetcu, flz, pav

PR:             116263
Tested on:      pointyhat
Approved by:    portmgr (pav)

- Welcome X.org 7.2 \o/.
- Set X11BASE to ${LOCALBASE} for recent ${OSVERSION}.
- Bump PORTREVISION for ports intalling files in ${X11BASE}.

- Cast the arguments of ssh_conn_send_channel_data_type() and
  ssh_encode_{array_alloc,buffer}() calls as appropriate in order to
  fix argument size problems on 64-bit platforms and that manifest
  themselves on amd64 and ia64. [1]
- Allow the tcsetattr(3) calls in ssh_rl_{restore,set}_tty_modes_for_fd()
  to be interrupted by signal. This fixes occasional problems when
  connecting to a host for the first time.
- Use the base zlib instead of the one shipping with SSH; although the
  latter has an enhancement allowing a minor SSH-specific optimization,
  using the base one has the benefit of not needing to track security
  vulnerabilities of zlib in this port (SSH 3.2.9.1 ships with zlib
  1.1.4 which is not know to be vulnerable though).
- Try to make the description of the WITHOUT_X11 option of the port
  Makefile to be more sentence-like.

PR:             98016 [1]
Approved by:    netchild
Obtained from:  NetBSD [1]

Add a patch which fixes a format string vulnerability in the SFTP server.

Submitted by:   Jarkko Santala <jake@iki.fi>
Approved by:    portmgr (erwin)
Security:      
http://vuxml.freebsd.org/594ad3c5-a39b-11da-926c-0800209adf0e.html

- Switch to a rc.d startup script.
- Move the generation of the host key (if not present) from the package/
  port installation to the startup script in order to be in line with
  what the base OpenSSH and the OpenSSH-portable port do.
- Flush stdout when updating the transfer progress bar of sftp2 and scp2
  so the info displayed is up to date. [1]
- Remove obsolete USE_REINPLACE, remove trailing white space in Makefile.

PR:             91262 [1]
Approved by:    netchild

SHA256ify

Approved by: krion@

Replace ugly "@unexec rmdir %D... 2>/dev/null || true" with @dirrmtry

Approved by:    krion@
PR:             ports/88711 (related)

Remove obsolete mastersites.

Source:         distfile survey
Approved by:    maintainer

- Add the X_WINDOW_SYSTEM={xorg,xfree86-4,xfree86-3} variable to bsd.port.mk,
  and make XFREE86_VERSION map to it.  XFREE86_VERSION is now deprecated.
- Make xorg the default X_WINDOW_SYSTEM on -current.
- Add several new X_*_PORT variables which point to various pieces of X11 based
  on the setting of X_WINDOW_SYSTEM, and make ports use them.
- Add information to CHANGES about how to handle the transition.

PR:             ports/68763
Approved by:    portmgr (marcus)
Approved by:    re (scottl)

- Register dependency on x11/XFree86-4-clients for xauth(1).
- Make configure explicitly look in X11BASE/bin for xauth(1) in order to
  also catch non-standard locations.

Submitted by:   maintainer (marius)
Approved by:    portmgr (marcus)

Use the @FreeBSD.org address of the maintainer.

Approved by:    marius

- Display the available build knobs via a pre-everything target.
- Remove the autodetection for X11 support and the WITH_X11 knob, instead
  always build with X11 support and add a WITHOUT_X11 knob. Together with
  an additional ssh2-nox11 slave port this allows easier handling of these
  two variants and to have pre-compiled packages for both (ssh2 with X11
  support depends on X11 libraries).

Submitted by:   maintainer (marius)

Add SIZE info.

Submitted by:   trevor via maintainer

---snip---
Improve Kerberos support in ssh2:
- Change the WITH_KERBEROS knob into a WITHOUT_KERBEROS knob so kerberized
  ssh2 automatically is built when MIT Kerberos is installed, unless the
  WITHOUT_KERBEROS knob is defined.
- Check for a library unique to MIT Kerberos to make sure it's not Heimdal
  that KRB5_HOME accidentally points to.
- Add dependency on security/krb5 when built with Kerberos support.
- When compiled with Kerberos support also turn it on by default in client
  and server config files and set "PermitRootLogin" to "nopwd" to only allow
  those with root tickets declared in ~root/.k5login" to login as root. [1]

Ssh2 now should work out of the box in an environment using MIT Kerberos.

Submitted by:   Peter Losher <Peter_Losher@isc.org> [1] (kerberos-patch-*)
Tested by:      Peter Losher <Peter_Losher@isc.org>
---snip---

Submitted by:                                   maintainer
Strange commit log formatting to prevent
ambiguous "Submitted by" lines by:              committer

HEADS-UP: Traditionally this port automatically installs a start-up script for
          sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there
          are three ways to automatically start sshd2 and /etc/rc.conf is the
          simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is
          fixed to not be tailored to the base sshd) this version of the port
          is the last one to do so. Beginning with next version it will only
          install a sample start-up script. To prevent foot shooting when
          updating to the next version this port won't remove an existing
          start-up scripting on deinstall. Please see also the pkg-message that
          gets displayed on installation.

- Update to 3.2.9.1. This is _not_ a security update. For the non-commercial
  version the only change worth mentioning since 3.2.5 is the addition of the
  config option "DisableVersionFallback", see sshd2_config(5) for further
  details.

Rename PORTDOCS to MYPORTDOCS to avoid a conflict with the recently added
bsd.port.mk macro.

Submitted by:   Oliver Eikemeier <eikemeier@fillmore-labs.com>

- add CONFLICTS
Submitted by:   eikemeier@fillmore-labs.com
Approved by:    kris

Fix plist.

No PORTREVISION update because of the short timeframe between the commits.

Submitted by:   maintainer

Update to 3.2.5:

        * Fixed a critical security bug with RSA signature
          verification. Mitigating factors: DSA is used by default (not
          vulnerable). Also, the attack requires that attacker has the
          public key and the attacker needs to precompute the signature
          data so, that it looks like a valid PKCS#1 signature. This is a
          non-trivial task to perform without the private
          key. Nonetheless, all users should update their servers and
          clients as soon as convenient. Workarounds are to not use RSA
          keys as host keys (though connecting to existing hosts with RSA
          hostkeys poses a serious risk with a vulnerable client), and
          disabling publickey authentication. Update your clients and
          servers.

Update port: security/ssh2 3.2.2 -> 3.2.3

PR:             ports/48542
Submitted by:   Lars Eggert <larse@isi.edu>

De-pkg-comment.

1.)     If WITH_STATIC_SFTP is defined, ssh-chrootmgr works.
2.)     If libX11.a exists and xauth not, the build of ssh2 fails. This
        patch fix this.
3.)     ssh2/files/sshd.sh looks for the wrong pid file in /var/run.
        This patch fix this and adds 2> /dev/null to the sshd2 startup

PR:             46012
Submitted by:   maintainer

upgrade to 3.2.2

PR:             45876
Submitted by:   maintainer

Update to 3.2.0

PR:             39491
Submitted by:   maintainer

Update to 3.1.2 which fixes a recent security problem described at:
http://www.ssh.com/products/ssh/advisories/authentication.cfm

PR:             38592
Submitted by:   maintainer

Oops, ".include <bsd.port.pre.mk>" line must be placed here.

Install default config files as *.sample instead of overwriting existing ones.
Note:   The PR includes diffs to cope with WITHOUT_X11 env,
        but this was already committed by knu-san.
        So I just added CONFIGURE_ARGS line, please verify it.
PR:     ports/35385
Submitted by:   maintainer

ssh_askpass2 is built only when X11 is installed.  Support
{WITH,WITHOUT}_X11 and detect ${X11BASE}/lib/libX11.a.

Reported by:    bento
Obtained from:  security/ssh (partly)

- Update to 3.1.0.    

Remove myself from MAINTAINER    

Remove extra file from pkg-plist to fix package building    

Unrestrict to match the ssh port.    

Don't install etc/rc.d/sshd.sh if sshd is being started from inetd.conf.    

Convert category security to new layout.  

Remove two empty files  

Upgrade to ssh-2.3.0.    

Remove redundant/inappropriate CATEGORIES.  People need to start reading   the
Porter's Handbook.  :-)    

Update to version 2.1.0pl2.