- In rc script, be consistent in reload and check for and generate keys
  if needed, as well as checking for port collision with base sshd.

Reported by:	delphij

- Update and re-add KERB_GSSAPI gsskex patch.
  I did very minor porting of the upstream patch to make
  it apply.
  Note that this currently does not build with base heimdal, but
  does build with port MIT or port HEIMDAL.
- Bump PORTREVISION in case someone built the update, expecting
  this option to work and now have a broken ssh.

PR:		ports/178885
Reported by:	Garrett Wollman <wollman@csail.mit.edu>

- Fix sshd crash when not using HPN
  This was due to not including the canohost.h header for our
  base customization to respect class login restrictions. I had
  missed this as I was only tested with the default (HPN enabled)
  which already was including this header.

Reported by:	runelind in ##freenode
Tested by:	runelind, myself
Reported by:	Krzysztof Stryjek

Mark BROKEN as I have received 2 separate reports
of crashing.

- Update to 6.2p2

- The LPK patch has been updated but is obsolete, deprecated and
  untested. It has been replaced by AuthorizedKeysCommand
- The upstream HPN's last update was for 6.1 and is mostly
  abandoned. The patch has had bugs since 5.9. I have reworked
  it and split into into HPN and AES_THREADED options. The
  debugging/logging part of the patch is incomplete. I may
  change the patch to more closely match our base version
  eventually.
- The KERB_GSSAPI option has been removed as the patch has not
  been updated by upstream since 5.7
- sshd VersionAddendum is currently not working as intended;
  it will be fixed later to allow removing the port/pkg version.
- Update our patchset to match latest base version

- Bring in r199804 and r206397 from base to avoid killing sshd in
  high-pressure swapping environments

- Remove copyright as it was a base customization that was removed in
  base r213250

- Remove CHROOT option and patch. ChrootDirectory was added in 5.0
  to achieve the same thing.

Fix xauth and ssh-askpass still being expected in /usr/X11R6

This was fixed in base in 2007 in r169966

- Add support for base and port Heimdal for Kerberos

PR:		ports/167554
Requested by:	Volodymyr Kostyrko <c.kworr@gmail.com>

- Remove compatibiliy for FreeBSD <4.x
  * /var/empty has been in hier(7) since 4.x
  * User sshd has been in base since 4.x
  * Simplify a patch for realhostname_sa(3) usage
- Remove SUID_SSH - It was removed from ssh in 2002
- Fix 'make test'
- Add some hints into the patches on where they came from
- Mirror all patches
- Move LPK patch out of files/
- Remove the need for 2 patches
  * Removal of 'host-key check-config' in install phase
  * Adding -lutil
- Add SCTP support [1]
- Remove FILECONTROL as it has not been supported since the 5.8
  update
- Replace tab with space pkg-descr
- Remove default WRKSRC
- Add 'configtest' command to rc script
- Mark X509 broken with other patches due to PATCH_DIST_STRIP=-p1

PR:		ports/174570 [1]
Submitted by:	oleg <proler@gmail.com> [1]
Obtained from:	https://bugzilla.mindrot.org/show_bug.cgi?id=2016 (upstream) [1]
Feature safe:	yes

- Fix runtime crash on CURRENT due to import of NetBSD strnvis() [1]
  which differs in prototype from OpenBSD strnvis() [2]

[1] http://lists.freebsd.org/pipermail/freebsd-stable/2013-January/071703.html
[2] http://gnats.netbsd.org/44977

Submitted by:	dim

- Fix all cases of 'No newline at end of file' in ports tree

Approved by: portmgr (bapt)

- Update mirror site for HPN patch

Feature safe:	yes

- Take maintainership

Feature safe:	yes

Convert to OptionsNG
Trim Headers

PR:	ports/172429
Submitted by:	Michael Gmelin <freebsd@grem.de>
Feature safe:	yes

When installing in the base, USE_RCORDER does the right thing without
all the gymnastics

Add KEYWORD: shutdown
Simplify some code
Fix an error message

- Fix ECDSA key generation in openssh rc.d script
- Bump PORTREVISION for package change

Submitted by:   J. Hellenthal <jhellenthal@dataix.net>

Change HPN patch mirror location to one that works

PR:             ports/168306
Submitted by:   "Bryan Drewery" <bryan@shatow.net>

- Reset maintainership

PR:             ports/167423
Submitted by:   Grzegorz Blach <magik@roorback.net> (maintainer)

- Perl only needed to build, not needed to run. remove PERL5_RUN from Makefile
- Bump PORTREVISION

PR:             ports/166413
Submitted by:   Gleb Smirnoff <glebius@cell.glebius.int.ru>
Approved by:    Grzegorz Blach <magik@roorback.net> (maintainer)
Feature safe:   yes

In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.

- Add USE_PERL5_BUILD

PR:             ports/163414
Submitted by:   portmgr (pav)
Approved by:    gabor (mentor)

- openssh-portable needs perl to build (reported by Gleb Smirnoff via mail)
- add ssh_engine.5 man page when openssh-portable WITH_X509 is turned on
(reported by John Hein via mail)

PR:             ports/163414
Submitted by:   Grzegorz Blach <magik@roorback.net>
Approved by:    gabor (mentor)

- update to 5.8p2 [1]
- fix Kerberos knob [2]
- fix build on 9.0 [3]
- fix deinstall with various knobs [4]
- fix LPK knob [5]

PR:             ports/161818 [1], ports/144597 [2], ports/160389 [3]
                ports/150493, ports/156926 [4], ports/155456 [5]

Submitted by:   "Grzegorz Blach" <magik@roorback.net> [1], [2], [4], [5]
                pluknet [3]
Reported by:    Jonathan <lordsith49@hotmail.com> [2]
                Kevin Thompson <antiduh@csh.rit.edu> [4]
                Alexey Remizov <alexey@remizov.org> [5]

- Maintainer to magik@roorback.net

Approved by:    maho (mentor) and magik@roorback.net

- Add VersionAddendum support.
- Bump portrevision.

PR:             ports/142824
Submitted by:   Scot Hetzel <swhetzel@gmail.com>
Approved by:    gabor (mentor)

-remove MD5

Unbreak build with LPK option (broken after commit 1.674 in bsd.port.mk).

Remove OpenSC support. This port should be updated to support PKCS#11.

- Fix optional dependency on security/heimdal
- Bump PORTREVISION
PR:             ports/152029
Submitted by:   Joerg Pulz [Joerg.Pulz frm2.tum.de]
Approved by:    Ryan Steinmetz <rpsfa@rit.edu> (maintainer of net/freeradius*)
                girgen (maintainer of databases/postgresql*-server,
                        14 day timeout)

Add the sftpfilecontrol patch as an OPTION (WITH_FILECONTROL)
See http://sftpfilecontrol.sourceforge.net/  for details.

PR:             ports/146338
Submitted by:   Steve Wills <steve@mouf.net>

Reset dindin@dindin.ru due to maintainer-timeout and no response to email.

Hat:            portmgr

- Annotate the combination of X509 and KERB_GSSAPI patches as broken

PR:             ports/142819
Submitted by:   Scot Hetzel <swhetzel@gmail.com>
Approved by:    maintainer timeout (1 month)

Mark BROKEN on 9.x: does not build

RC_SUBR_SUFFIX has not been needed for a long time now, all supported
versions of FreeBSD now use /etc/rc.subr and rc.d scripts without .sh
appended to the script name.

Begin the process of deprecating sysutils/rc_subr by
s#. %%RC_SUBR%%#. /etc/rc.subr#

- Remove BROKEN on 8.x WITH_KERBEROS case. Builds fine on 8.0 and 9.0, i386 and
amd64
- While here, fix minor plist issue for WITH_X509 case

PR:             141679
Submitted by:   Denis Barov <dindin@dindin.ru> (maintainer)

- Under OSVERSION >= 800000, only mark BROKEN if WITH_KERBEROS.
- The port links fine otherwise.

- Mark BROKEN on 8.X with Kerberos - does not link

Reported by:    pointyhat

- Revert USE_RC_SUBR change from last commit, it breaks OVERWRITE_BASE
- Add a hint to pkg-message about running this together with base sshd

PR:             ports/138943
Submitted by:   Denis Barov <dindin@yandex-team.ru> (maintainer)
Feature safe:   yes

- Unbreak KERBEROS option
- Add option for OpenBSD support
- Fix crash in sftp listing

PR:             ports/138409 (cumulative patch)
Submitted by:   Denis Barov <dindin@dindin.ru> (maintainer)
Feature safe:   yes

- Mark BROKEN on 8.X: does not link

Reported by:    pointyhat

Fix build error WITH_HPN.

PR:                     ports/135407
Submitted by:           maintainer implicit (already submitted)
Pointy hat to:          pgollucci

- Fix the previous commit
  The patch file names for LPK were not updated completely in the Makefile

PR:             ports/135968
Submitted by:   Konstantin Kukushkin <dark@rambler-co.ru>
Approved by:    maintainer (implicit, shouyld have been in previous patch)

- security/openssh-portable: update HPN and LPK patches to newer versions
- still broken on -CURRENT

PR:             ports/135407
Submitted by:   Denis Barov <dindin@dindin.ru> (maintainer)

Fix build with WITH_LPK support for amd64 by change extra patches order.
Do not bump PORTREVISION.

Submitted by:   Fedor Dikarev aka fe at rambler dash co dot ru
Spotted by:     maxim
Approved by:    maintainer unavailable, i.e.
                $ whois dindin.ru | grep ^state
                state:      REGISTERED, NOT DELEGATED
PR:             amd64/134706

Fix HPN crash issue by using aes128-ctr, aes192-ctr and aes256-ctr.

Approved by:    pav

- Update to 5.2p1
- Assign maintainership to the submitter

PR:             ports/134160
Submitted by:   Denis Barov <dindin@dindin.ru>

Fix several problems with OPENSSH_OVERWRITE_BASE=1.
- Empty dir handling
- rc.d installation
- prefix modification in manuals

From:           Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
PR:             ports/133412

- Reset long-term inactive maintainer

- Integrate x509 certificate patch (optional, default off) from
http://www.roumenpetrov.info/openssh/

PR:             ports/121438
Submitted by:   Dirk-Willem van Gulik <dirkx@webweaving.org>
Approved by:    maintainer timeout (mnag; 1 year)

- Add vendor patch for lpk patch that fixes runtime on amd64

PR:             ports/129092
Submitted by:   Jui-Nan Lin <jnlin@csie.nctu.edu.tw>
Approved by:    maintainer timeout (mnag; 4 months)

- Update to 5.1p1

PR:             ports/128679
Submitted by:   Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net>
Approved by:    maintainer timeout (mnag; 4 months)

Fix rootless build.

PR:             ports/126164
Submitted by:   skv
Approved by:    maintainer timeout (> 3 months)

Update CONFIGURE_ARGS for how we pass CONFIGURE_TARGET to configure script.
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.

To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.

To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.

Changes to Mk/*:
 - Add runtime detection magic in bsd.port.mk

- Mark BROKEN after recent kerberos update

- Update to 5.0p1
- Port LPK patch to 5.0p1 and add to files dir
- Remove USE_PERL_BUILD since doesn't need [1]
- Update KERB_GSSAPI to 5.0p1
- Update HPN patch to 5.0p1 13v3
- Respect LOCALBASE on configure_args of LPK [2]
- Change MASTER_SITE of snapshot
- portlint(1)

PR:             121826 [2]
Submitted by:   Andrew Kolchoogin <andrew___rinet.ru> [2]
Reported by:    Björn König <bkoenig___alpha-tierchen.d [1]

- Update HPN patch to hpn12v20
- Bump PORTREVISION

Submitted by:   Ollivier Robert <roberto__keltia.freenix.fr>

- Update gsskex patch to 20070927
- Update HPN patch to hpn12v19 [1]

Notified by:    ale [1]

Remove always-false/true conditions based on OSVERSION 500000

- Update MD5/SHA256 of openssh hpn patch. This patch are rerolled to update
version:

--- openssh-4.7p1-hpn12v18.diff 2007-09-13 17:11:05.000000000 -0300
+++ /usr/ports/distfiles/openssh-4.7p1-hpn12v18.diff    2007-09-05
18:13:03.000000000 -0300
@@ -1580,5 +1580,5 @@

  #define SSH_PORTABLE  "p1"
 -#define SSH_RELEASE   SSH_VERSION SSH_PORTABLE
-+#define SSH_HPN         "-hpn12v18"
++#define SSH_HPN         "-hpn12v17"
 +#define SSH_RELEASE   SSH_VERSION SSH_PORTABLE SSH_HPN

Reported by:    Tsurutani Naoki <turutani___scphys.kyoto-u.ac.jp>

- Update to 4.7p1
- Update HPN patch to 4.7p1-hpn12v18
- Mark as BROKEN WITH_KERB_GSSAPI while developer release a new patch

- Enable ssl-engine
- Update gsskex patch to 4.6p1-gsskex-20070312
- Update lpk patch to 4.6p1-0.3.9
- Update hpn patch to 4.6p1-hpn12v17
- Fix challenge-response issue
- Bump PORTREVISION

Reported by:    Stefan Lambrev [1], ale@ [1]

- Set --mandir and --infodir in CONFIGURE_ARGS if the configure script
  supports them.  This is determined by running ``configure --help'' in
  do-configure target and set the shell variable _LATE_CONFIGURE_ARGS
  which is then passed to CONFIGURE_ARGS.
- Remove --mandir and --infodir in ports' Makefile where applicable
  Few ports use REINPLACE_CMD to achieve the same effect, remove them too.
- Correct some manual pages location from PREFIX/man to MANPREFIX/man
- Define INFO_PATH where necessary
- Document that .info files are installed in a subdirectory relative to
  PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and
  subdirectory detection.

PR:             ports/111470
Approved by:    portmgr
Discussed with: stas (Mk/*), gerald (info related stuffs)
Tested by:      pointyhat exp run

- Update OpenSSH to 4.6p1
- Update GSSKEX patch to 20061220
- Update HPN patch to hpn12v16
- Update LPK patch to 0.3.8

- Use RC_SUBR_SUFFIX

Approved by:    mnag (maintainer)

Update HPN patch to v14 for openssh 4.5p1.

Approved by:    mnag

- Fix CHROOT patch using chroot() before setusercontext() and add strerror() in
message if chroot() fail.

Notified by:    Chris Gardner <chris_g_g___hotmail.com>

- Update to 4.5p1
- patch-sshd.c unconditionally includes <gssapi.h>. Include "ssh-gss.h" instead.
[1]

PR:             104481 [1]
Submitted by:   Mark Andrews <Mark_Andrews___isc.org> [1]

- Update HPN patch. Patch are renamed, the only content differences are two rows
now enclosed in an "else" block.

Submitted by:   ale
Approved by:    portmgr (erwin)

- Add OPTION to enable Kerberos/GSSAPI patch [1]
- Add OPTION to enable LPK patch (ldap stored public key) [2]

PR:             86384 [1], 103399 [2]
Submitted by:   Garrett Wollman <wollman___khavrinen.csail.mit.edu> [1], Dmitriy
Kirhlarov <dkirhlarov___oilspace.com> [2]

- Fix package creation. [1]
- Update HPN patch and remove IGNORE. [2]
- Bump PORTREVISION

PR:             103961
Submitted by:   Phil Oleson <oz___nixil.net> [1], ale [2]

- Install ssh_config-dist and sshd_config-dist in OVERWRITE_BASE too.

- Update to 4.4p1.
- Disable temporary HPN patch until HPN release new version.
- Fix rc.d script path in sshd.8
- Add FreeBSD-${PKGNAME} in SSH_VERSION and SSH_RELEASE like src does.
- Sync patches with src.

Security:       CVE-2006-4924, CVE-2006-5051

Update HPN-12 patch to version 8 (no functional changes,
only documentation changes and a small bug fix on option parsing).

Approved by:    mnag

Add optional OpenSC PIN patch which make it possible for OpenSSH to ask
for a PIN when using an OpenSC smartcard.

Approved by:            mnag (maintainer)
Patch obtained from:    http://bugzilla.mindrot.org/show_bug.cgi?id=608

- Remove unecessary ?= in PKGNAMESUFFIX [1]
- Update HPN patch to hpn12. Now none cipher are configured in run time. [2]

Notified by:    Peter Losher <plosher___plosh.net> [1], Scott Larson
<stl___iowainteractive.com> [2]

Add support for smart cards.

Approved by:    maintainer

- Fix order in rc.d script. Because of pidfile are empty, reload [2] and restart
[1]
  commands kill all connections.
- Separate keygen part and create keygen command.
- Bump PORTREVISION

PR:             93228 [1]
Reported by:    DanGer on #bsdports [2]

Forget to add HPN patches.

- Update to 4.3p2

- Update to 4.3p1
- Use DISTVERSION
- Add most configuration in OPTIONS
- Enable support to libedit in sftp [1]
- Add OPTIONS to HPN patches [2]
- Add new rc.d script [3]
- New rc.d script are responsible to check configuration and create host keys
- Using USE_RC_SUBR
- Modify pkg-message to reflect new rc.d script
- Fix pkg-plist

Reviewd by:     dougb [3]
Submitted by:   vs [1], brooks [2]
Tested by:      me, John E Hein

- Reorganize Makefile in preparation to update to 4.3p1
- Add one http in MASTER_SITES
- Update WWW

Add SHA256

Update my email

Approved by: pav (mentor)

- Pass maintainership to submitter, since he sent the last patch.

PR:             ports/85775
Submitted by:   Marcus Alves Grando <marcus@corp.grupos.com.br>

- Update to 4.2p1

PR:             ports/85578
Submitted by:   Marcus Grando <marcus@corp.grupos.com.br>

- Update to 4.1p1

PR:             ports/81948
Submitted by:   Daniel Gerzo <danger@rulez.sk>

- Don't specify --with-ssl-dir when using the system's OpenSSL

PR:             ports/79355
Submitted by:   Mark Andrews <Mark_Andrews@isc.org>

- Update to 4.0p1

PR:             ports/79029
Submitted by:   Dimitry Andric <dimitry@andric.com>

- sshd child process crashes when user with expired password logs in.
  Fix unitialized pointer in our local patch.

PR:             ports/75204
Submitted by:   Andriy Gapon <avg@icyb.net.ua>

- drop maintainership

- new option WITH_OPENSSH_CHROOT
Submitted by:   KANAI Makoto

- cleanup patches
(only context changed)

- update to 3.9p1

set PORTVERSION 3.9.0.1 to avoid another
bump of PORTEPOCH if 3.9.1p1 come out.

- new option OPENSSH_SNAPSHOT

- bump PORTEPOCH
Reported by kriS

- update to 3.8.1p1

- force kerberos by option WITH_GSSAPI