aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--LEGAL1
-rw-r--r--MOVED21
-rw-r--r--security/Makefile21
-rw-r--r--security/aafid2/Makefile30
-rw-r--r--security/aafid2/distinfo3
-rw-r--r--security/aafid2/files/post-install13
-rw-r--r--security/aafid2/pkg-descr10
-rw-r--r--security/aafid2/pkg-plist190
-rw-r--r--security/bjorb/Makefile60
-rw-r--r--security/bjorb/distinfo3
-rw-r--r--security/bjorb/files/patch-Config-staff.cc11
-rw-r--r--security/bjorb/files/patch-aa53
-rw-r--r--security/bjorb/files/patch-ab13
-rw-r--r--security/bjorb/files/patch-ac45
-rw-r--r--security/bjorb/files/patch-ad29
-rw-r--r--security/bjorb/files/patch-ae14
-rw-r--r--security/bjorb/files/patch-af14
-rw-r--r--security/bjorb/files/patch-ag12
-rw-r--r--security/bjorb/files/patch-ah14
-rw-r--r--security/bjorb/files/patch-log.cc20
-rw-r--r--security/bjorb/pkg-descr10
-rw-r--r--security/bjorb/pkg-plist17
-rw-r--r--security/borzoi/Makefile29
-rw-r--r--security/borzoi/distinfo3
-rw-r--r--security/borzoi/pkg-descr3
-rw-r--r--security/borzoi/pkg-plist12
-rw-r--r--security/cmd5checkpw/Makefile41
-rw-r--r--security/cmd5checkpw/distinfo3
-rw-r--r--security/cmd5checkpw/pkg-descr6
-rw-r--r--security/cmd5checkpw/pkg-plist9
-rw-r--r--security/cops/Makefile50
-rw-r--r--security/cops/distinfo3
-rw-r--r--security/cops/files/patch-aa32
-rw-r--r--security/cops/files/patch-ab11
-rw-r--r--security/cops/pkg-descr9
-rw-r--r--security/cops/pkg-plist237
-rw-r--r--security/find_ddos/Makefile37
-rw-r--r--security/find_ddos/distinfo3
-rw-r--r--security/find_ddos/pkg-descr11
-rw-r--r--security/find_ddos/pkg-plist4
-rw-r--r--security/ftpmap/Makefile29
-rw-r--r--security/ftpmap/distinfo3
-rw-r--r--security/ftpmap/pkg-descr6
-rw-r--r--security/ftpmap/pkg-plist6
-rw-r--r--security/hafiye/Makefile32
-rw-r--r--security/hafiye/distinfo3
-rw-r--r--security/hafiye/pkg-descr18
-rw-r--r--security/hafiye/pkg-plist10
-rw-r--r--security/ident2/Makefile29
-rw-r--r--security/ident2/distinfo3
-rw-r--r--security/ident2/pkg-descr9
-rw-r--r--security/liedentd/Makefile20
-rw-r--r--security/liedentd/distinfo2
-rw-r--r--security/liedentd/pkg-descr7
-rw-r--r--security/liedentd/pkg-plist2
-rw-r--r--security/pam_pop3/Makefile33
-rw-r--r--security/pam_pop3/distinfo3
-rw-r--r--security/pam_pop3/files/patch-pam_pop3.c37
-rw-r--r--security/pam_pop3/pkg-descr6
-rw-r--r--security/pam_pop3/pkg-plist3
-rw-r--r--security/poc/Makefile34
-rw-r--r--security/poc/distinfo3
-rw-r--r--security/poc/files/patch-src_missing__libs.h14
-rw-r--r--security/poc/pkg-descr15
-rw-r--r--security/portscanner/Makefile30
-rw-r--r--security/portscanner/distinfo3
-rw-r--r--security/portscanner/files/patch-ab12
-rw-r--r--security/portscanner/pkg-descr5
-rw-r--r--security/ppgen/Makefile29
-rw-r--r--security/ppgen/distinfo6
-rw-r--r--security/ppgen/files/patch-ppg_random_c11
-rw-r--r--security/ppgen/files/patch-ppgen_c10
-rw-r--r--security/ppgen/pkg-descr14
-rw-r--r--security/ppgen/pkg-plist3
-rw-r--r--security/qident/Makefile45
-rw-r--r--security/qident/distinfo3
-rw-r--r--security/qident/pkg-descr4
-rw-r--r--security/quintuple-agent/Makefile46
-rw-r--r--security/quintuple-agent/distinfo3
-rw-r--r--security/quintuple-agent/files/patch-agpg.c21
-rw-r--r--security/quintuple-agent/files/patch-configure11
-rw-r--r--security/quintuple-agent/pkg-descr7
-rw-r--r--security/quintuple-agent/pkg-message5
-rw-r--r--security/quintuple-agent/pkg-plist13
-rw-r--r--security/rc5pipe/Makefile26
-rw-r--r--security/rc5pipe/distinfo3
-rw-r--r--security/rc5pipe/files/patch-Makefile11
-rw-r--r--security/rc5pipe/pkg-descr3
-rw-r--r--security/rid/Makefile38
-rw-r--r--security/rid/distinfo3
-rw-r--r--security/rid/files/patch-Makefile11
-rw-r--r--security/rid/files/patch-parser.l8
-rw-r--r--security/rid/pkg-descr12
-rw-r--r--security/rid/pkg-plist5
-rw-r--r--security/ssh/Makefile136
-rw-r--r--security/ssh/distinfo3
-rw-r--r--security/ssh/files/patch-aa19
-rw-r--r--security/ssh/files/patch-ac88
-rw-r--r--security/ssh/files/patch-ad13
-rw-r--r--security/ssh/files/patch-ae58
-rw-r--r--security/ssh/files/patch-af564
-rw-r--r--security/ssh/files/patch-ag54
-rw-r--r--security/ssh/files/patch-al408
-rw-r--r--security/ssh/files/patch-ao583
-rw-r--r--security/ssh/files/patch-aw73
-rw-r--r--security/ssh/files/patch-ba176
-rw-r--r--security/ssh/files/patch-bb29
-rw-r--r--security/ssh/files/patch-bc401
-rw-r--r--security/ssh/files/patch-bd60
-rw-r--r--security/ssh/files/patch-be370
-rw-r--r--security/ssh/files/patch-bf17
-rw-r--r--security/ssh/files/patch-bg120
-rw-r--r--security/ssh/files/patch-bh66
-rw-r--r--security/ssh/files/patch-bi54
-rw-r--r--security/ssh/files/patch-bj16
-rw-r--r--security/ssh/files/patch-bl66
-rw-r--r--security/ssh/files/patch-bm12
-rw-r--r--security/ssh/files/patch-bn191
-rw-r--r--security/ssh/files/patch-bo158
-rw-r--r--security/ssh/files/patch-bp32
-rw-r--r--security/ssh/files/patch-br97
-rw-r--r--security/ssh/files/patch-bs94
-rw-r--r--security/ssh/files/sshd.sh27
-rw-r--r--security/ssh/pkg-descr5
-rw-r--r--security/ssh/pkg-plist19
-rw-r--r--security/ssh/pkg-plist.x112
-rw-r--r--security/tea-total/Makefile26
-rw-r--r--security/tea-total/distinfo3
-rw-r--r--security/tea-total/files/patch-Makefile44
-rw-r--r--security/tea-total/files/patch-arch.h18
-rw-r--r--security/tea-total/files/patch-config.inc10
-rw-r--r--security/tea-total/files/patch-getarg.c28
-rw-r--r--security/tea-total/files/patch-heap.c6
-rw-r--r--security/tea-total/files/patch-huffman.c6
-rw-r--r--security/tea-total/pkg-descr10
-rw-r--r--security/tea-total/pkg-plist5
-rw-r--r--security/uberkey/Makefile30
-rw-r--r--security/uberkey/distinfo3
-rw-r--r--security/uberkey/pkg-descr5
139 files changed, 21 insertions, 6019 deletions
diff --git a/LEGAL b/LEGAL
index be3be8d2f445..a67ef88075b2 100644
--- a/LEGAL
+++ b/LEGAL
@@ -485,7 +485,6 @@ speedmgmt* net/pppoa Not for redistribution -- see
/dsl/disclaimer_lx.htm
srd-fpw* japanese/srd-fpw The original dictionary is not
free
-ssh-* security/ssh* Crypto; export-controlled
*mod_ssl* www/apache13-modssl Crypto; export-controlled
stat.tar.Z math/unixstat License does not allow
redistribution of binaries
diff --git a/MOVED b/MOVED
index 84d3010609f1..e057e7080dcd 100644
--- a/MOVED
+++ b/MOVED
@@ -1871,3 +1871,24 @@ sysutils/wmmount||2011-05-01|Has expired: Upstream disapear and distfile is no m
sysutils/wmpccard||2011-05-01|Has expired: Upstream disapear and distfile is no more available
sysutils/wmshutdown||2011-05-01|Has expired: Upstream disapear and distfile is no more available
sysutils/wmzazof||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/aafid2||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/bjorb||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/borzoi||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/cmd5checkpw||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/cops||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/find_ddos||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/ftpmap||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/hafiye||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/ident2||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/liedentd||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/pam_pop3||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/poc||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/portscanner||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/ppgen||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/qident||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/quintuple-agent||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/rc5pipe||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/rid||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/ssh||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/tea-total||2011-05-01|Has expired: Upstream disapear and distfile is no more available
+security/uberkey||2011-05-01|Has expired: Upstream disapear and distfile is no more available
diff --git a/security/Makefile b/security/Makefile
index d7e897a7c9d1..df237f0b1f79 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -6,7 +6,6 @@
SUBDIR += ADMsmb
SUBDIR += ADMsnmp
SUBDIR += IMHear
- SUBDIR += aafid2
SUBDIR += aescrypt
SUBDIR += aespipe
SUBDIR += afterglow
@@ -37,10 +36,8 @@
SUBDIR += beecrypt
SUBDIR += bfbtester
SUBDIR += bioapi
- SUBDIR += bjorb
SUBDIR += blindelephant
SUBDIR += blocksshd
- SUBDIR += borzoi
SUBDIR += botan
SUBDIR += bro
SUBDIR += bruteblock
@@ -78,8 +75,6 @@
SUBDIR += clamsmtp
SUBDIR += clamtk
SUBDIR += clusterssh
- SUBDIR += cmd5checkpw
- SUBDIR += cops
SUBDIR += courier-authlib
SUBDIR += courier-authlib-base
SUBDIR += courierpassd
@@ -133,7 +128,6 @@
SUBDIR += fcrackzip
SUBDIR += fiked
SUBDIR += find-zlib
- SUBDIR += find_ddos
SUBDIR += firewalk
SUBDIR += fl0p
SUBDIR += flawfinder
@@ -148,7 +142,6 @@
SUBDIR += fsh
SUBDIR += fswatch
SUBDIR += ftimes
- SUBDIR += ftpmap
SUBDIR += fuzz
SUBDIR += fuzzdb
SUBDIR += fwanalog
@@ -186,7 +179,6 @@
SUBDIR += gtkportscan
SUBDIR += gwee
SUBDIR += hackbot
- SUBDIR += hafiye
SUBDIR += hamachi
SUBDIR += heimdal
SUBDIR += hlfl
@@ -201,7 +193,6 @@
SUBDIR += hydra
SUBDIR += iaikpkcs11wrapper
SUBDIR += idea
- SUBDIR += ident2
SUBDIR += identify
SUBDIR += ifd-devkit
SUBDIR += ifd-gempc410
@@ -271,7 +262,6 @@
SUBDIR += libtasn1
SUBDIR += libtomcrypt
SUBDIR += libwhisker
- SUBDIR += liedentd
SUBDIR += linux-f10-cyrus-sasl2
SUBDIR += linux-f10-libssh2
SUBDIR += linux-f10-nss
@@ -580,7 +570,6 @@
SUBDIR += pam_p11
SUBDIR += pam_per_user
SUBDIR += pam_pgina
- SUBDIR += pam_pop3
SUBDIR += pam_pseudo
SUBDIR += pam_pwdfile
SUBDIR += pam_require
@@ -661,13 +650,10 @@
SUBDIR += pkcs11-helper
SUBDIR += pks
SUBDIR += pktsuckers
- SUBDIR += poc
SUBDIR += polarssl
SUBDIR += poly1305aes
- SUBDIR += portscanner
SUBDIR += portsentry
SUBDIR += ppars
- SUBDIR += ppgen
SUBDIR += prelude-lml
SUBDIR += prelude-manager
SUBDIR += prelude-pflogger
@@ -720,11 +706,9 @@
SUBDIR += qca-gnupg
SUBDIR += qca-ossl
SUBDIR += qca-tls
- SUBDIR += qident
SUBDIR += qtfw
SUBDIR += quantis
SUBDIR += quantis-kmod
- SUBDIR += quintuple-agent
SUBDIR += racoon2
SUBDIR += radiusniff
SUBDIR += rain
@@ -733,11 +717,9 @@
SUBDIR += rarcrack
SUBDIR += ratproxy
SUBDIR += rats
- SUBDIR += rc5pipe
SUBDIR += rdigest
SUBDIR += retranslator
SUBDIR += revelation
- SUBDIR += rid
SUBDIR += rkhunter
SUBDIR += ruby-acl
SUBDIR += ruby-aes
@@ -818,7 +800,6 @@
SUBDIR += srp
SUBDIR += sscep
SUBDIR += ssdeep
- SUBDIR += ssh
SUBDIR += ssh-copy-id
SUBDIR += ssh-gui
SUBDIR += ssh-multiadd
@@ -854,7 +835,6 @@
SUBDIR += switzerland
SUBDIR += symbion-sslproxy
SUBDIR += tclsasl
- SUBDIR += tea-total
SUBDIR += termlog
SUBDIR += tinc
SUBDIR += tinyca
@@ -871,7 +851,6 @@
SUBDIR += trousers
SUBDIR += tthsum
SUBDIR += tuntun
- SUBDIR += uberkey
SUBDIR += umit
SUBDIR += unhide
SUBDIR += unicornscan
diff --git a/security/aafid2/Makefile b/security/aafid2/Makefile
deleted file mode 100644
index 553eac12a650..000000000000
--- a/security/aafid2/Makefile
+++ /dev/null
@@ -1,30 +0,0 @@
-# New ports collection makefile for: aafid2
-# Date created: 2000/06/14 16:55
-# Whom: se
-#
-# $FreeBSD$
-#
-
-PORTNAME= aafid2
-PORTVERSION= 0.10
-PORTREVISION= 3
-CATEGORIES= security
-MASTER_SITES= ftp://ftp.cerias.purdue.edu/pub/tools/unix/ids/AAFID/
-EXTRACT_ONLY=
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= A distributed monitoring and intrusion detection system
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-RUN_DEPENDS= ptksh:${PORTSDIR}/x11-toolkits/p5-Tk
-
-NO_WRKSUBDIR= yes
-NO_BUILD= yes
-
-do-install:
- tar -C ${PREFIX}/lib -xzf ${DISTDIR}/${DISTNAME}${EXTRACT_SUFX}
- ${SH} ${FILESDIR}/post-install ${PREFIX}
-
-.include <bsd.port.mk>
diff --git a/security/aafid2/distinfo b/security/aafid2/distinfo
deleted file mode 100644
index 9c7b200c588b..000000000000
--- a/security/aafid2/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (aafid2-0.10.tar.gz) = ac5bfe89ee4e9b1485c41b91af072d46
-SHA256 (aafid2-0.10.tar.gz) = 0790ec3c2a9d54d716ac14f299330ea2472623d7f4b2419781dfacc1d8ef40bd
-SIZE (aafid2-0.10.tar.gz) = 1476810
diff --git a/security/aafid2/files/post-install b/security/aafid2/files/post-install
deleted file mode 100644
index a257901f979f..000000000000
--- a/security/aafid2/files/post-install
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-PREFIX=$1
-AAFID_DIR=${PREFIX}/lib/aafid2
-
-set -e
-
-cat >> ${AAFID_DIR}/config/AAFID <<*__END__*
-
-## ------------------------------
-## FreeBSD Port specific defaults
-BaseDir=${AAFID_DIR}
-*__END__*
diff --git a/security/aafid2/pkg-descr b/security/aafid2/pkg-descr
deleted file mode 100644
index fecbb3fe4a3d..000000000000
--- a/security/aafid2/pkg-descr
+++ /dev/null
@@ -1,10 +0,0 @@
-Autonomous Agents For Intrusion Detection
-
-AAFID(tm) is a distributed monitoring and intrusion detection system
-that employs small stand-alone programs (Agents) to perform monitoring
-functions in the hosts of a network. AAFID uses a hierarchical
-structure to collect the information produced by each agent, by each
-host, and by each set of hosts, to be able to detect suspicious
-activity.
-
-WWW: http://www.cerias.purdue.edu/research/aafid/
diff --git a/security/aafid2/pkg-plist b/security/aafid2/pkg-plist
deleted file mode 100644
index 354daffb39b6..000000000000
--- a/security/aafid2/pkg-plist
+++ /dev/null
@@ -1,190 +0,0 @@
-lib/aafid2/aas/00README
-lib/aafid2/aas/ARPWatcher.aas
-lib/aafid2/aas/CPUload.aas
-lib/aafid2/aas/CheckFilePermissions.aas
-lib/aafid2/aas/CheckInet.aas
-lib/aafid2/aas/CheckInetPeriodic.aas
-lib/aafid2/aas/CheckRhosts.aas
-lib/aafid2/aas/CmdSequence.aas
-lib/aafid2/aas/ConnSameHost.aas
-lib/aafid2/aas/DiskSpace.aas
-lib/aafid2/aas/FTP.aas
-lib/aafid2/aas/GroupFilesChecker.aas
-lib/aafid2/aas/LFS.aas
-lib/aafid2/aas/Makefile
-lib/aafid2/aas/PasswdFilesChecker.aas
-lib/aafid2/aas/RootShells.aas
-lib/aafid2/aas/SU.aas
-lib/aafid2/aas/SYNflood.aas
-lib/aafid2/aas/SpaceTmp.aas
-lib/aafid2/aas/WeirdConn.aas
-lib/aafid2/aas/test.aas
-lib/aafid2/00README
-lib/aafid2/ANNOUNCE
-lib/aafid2/COPYRIGHT
-lib/aafid2/CREDITS
-lib/aafid2/FEEDBACK
-lib/aafid2/HISTORY
-lib/aafid2/INSTALL
-lib/aafid2/MAILLIST
-lib/aafid2/PROBLEMS
-lib/aafid2/SIGNATURE
-lib/aafid2/classes/Log/Topics.pm
-lib/aafid2/classes/Makefile
-lib/aafid2/classes/Resources.pm
-lib/aafid2/classes/AAFID/GUI/NeXTterm.xpm
-lib/aafid2/classes/AAFID/GUI/aafid2.conf
-lib/aafid2/classes/AAFID/GUI/aafid2.pm
-lib/aafid2/classes/AAFID/GUI/aafid2gui
-lib/aafid2/classes/AAFID/GUI/agents1.conf
-lib/aafid2/classes/AAFID/GUI/agents2.conf
-lib/aafid2/classes/AAFID/GUI/agents3.conf
-lib/aafid2/classes/AAFID/GUI/agents4.conf
-lib/aafid2/classes/AAFID/GUI/hosts1.conf
-lib/aafid2/classes/AAFID/GUI/hosts2.conf
-lib/aafid2/classes/AAFID/GUI/killstarter
-lib/aafid2/classes/AAFID/GUI/morehosts.conf
-lib/aafid2/classes/AAFID/GUI/sequence.txt
-lib/aafid2/classes/AAFID/Agent.pm
-lib/aafid2/classes/AAFID/Comm.pm
-lib/aafid2/classes/AAFID/Common.pm
-lib/aafid2/classes/AAFID/Config.pm
-lib/aafid2/classes/AAFID/Constants.pm
-lib/aafid2/classes/AAFID/ControllerEntity.pm
-lib/aafid2/classes/AAFID/Entity.pm
-lib/aafid2/classes/AAFID/Filter.pm
-lib/aafid2/classes/AAFID/Log.pm
-lib/aafid2/classes/AAFID/Makefile
-lib/aafid2/classes/AAFID/Message.pm
-lib/aafid2/classes/AAFID/Monitor.pm
-lib/aafid2/classes/AAFID/PlainTransceiver.pm
-lib/aafid2/classes/AAFID/Starter.pm
-lib/aafid2/classes/AAFID/System.pm
-lib/aafid2/classes/AAFID/makeagent.man
-lib/aafid2/classes/AAFID/makeagent.nw
-lib/aafid2/classes/AAFID/makeagent.pl
-lib/aafid2/classes/AAFID/template_version.pl
-lib/aafid2/classes/Agents/00IDEAS
-lib/aafid2/classes/Agents/00README
-lib/aafid2/classes/Agents/ARPWatcher.pm
-lib/aafid2/classes/Agents/CPUload.pm
-lib/aafid2/classes/Agents/CheckFilePermissions.pm
-lib/aafid2/classes/Agents/CheckInet.pm
-lib/aafid2/classes/Agents/CheckInetPeriodic.pm
-lib/aafid2/classes/Agents/CheckNFSserver.pm
-lib/aafid2/classes/Agents/CheckRhosts.pm
-lib/aafid2/classes/Agents/CmdSequence.pm
-lib/aafid2/classes/Agents/ConnSameHost.pm
-lib/aafid2/classes/Agents/DiskSpace.pm
-lib/aafid2/classes/Agents/FTP.pm
-lib/aafid2/classes/Agents/GroupFilesChecker.pm
-lib/aafid2/classes/Agents/IllegalIPPackets.pm
-lib/aafid2/classes/Agents/LFS.pm
-lib/aafid2/classes/Agents/Land.pm
-lib/aafid2/classes/Agents/LoginFailures.pm
-lib/aafid2/classes/Agents/PasswdFilesChecker.pm
-lib/aafid2/classes/Agents/SU.pm
-lib/aafid2/classes/Agents/SYNFloodAsync.pm
-lib/aafid2/classes/Agents/SYNflood.pm
-lib/aafid2/classes/Agents/SpaceTmp.pm
-lib/aafid2/classes/Agents/WeirdConn.pm
-lib/aafid2/classes/Agents/test.pm
-lib/aafid2/classes/Comm/Conn.pm
-lib/aafid2/classes/Comm/Reactor.pm
-lib/aafid2/classes/Comm/Tags.pm
-lib/aafid2/classes/Comm/Timer.pm
-lib/aafid2/classes/Filter/00README
-lib/aafid2/classes/Filter/ActiveSockets.pm
-lib/aafid2/classes/Filter/CPUload.pm
-lib/aafid2/classes/Filter/FileSystems.pm
-lib/aafid2/classes/Filter/Fproc.pm
-lib/aafid2/classes/Filter/Ftcpw.pm
-lib/aafid2/classes/Filter/LibpcapFilter.pm
-lib/aafid2/classes/Util/FiniteQueue.pm
-lib/aafid2/classes/Util/NumQueue.pm
-lib/aafid2/config/00README
-lib/aafid2/config/AAFID
-lib/aafid2/config/Agents
-lib/aafid2/config/CheckInet
-lib/aafid2/config/Filter
-lib/aafid2/config/Monitor
-lib/aafid2/config/basm/Ftcpw
-lib/aafid2/config/fiji/00README
-lib/aafid2/config/fiji/AAFID
-lib/aafid2/config/fiji/CheckInet
-lib/aafid2/doc/00README
-lib/aafid2/doc/code/00README
-lib/aafid2/doc/code/Agent.ps
-lib/aafid2/doc/code/Comm.ps
-lib/aafid2/doc/code/Common.ps
-lib/aafid2/doc/code/Config.ps
-lib/aafid2/doc/code/Conn.ps
-lib/aafid2/doc/code/Constants.ps
-lib/aafid2/doc/code/ControllerEntity.ps
-lib/aafid2/doc/code/Entity.ps
-lib/aafid2/doc/code/Filter.ps
-lib/aafid2/doc/code/FiniteQueue.ps
-lib/aafid2/doc/code/Log.ps
-lib/aafid2/doc/code/Message.ps
-lib/aafid2/doc/code/Monitor.ps
-lib/aafid2/doc/code/NumQueue.ps
-lib/aafid2/doc/code/PlainTransceiver.ps
-lib/aafid2/doc/code/RMod.ps
-lib/aafid2/doc/code/Reactor.ps
-lib/aafid2/doc/code/Starter.ps
-lib/aafid2/doc/code/System.ps
-lib/aafid2/doc/code/Tags.ps
-lib/aafid2/doc/code/Timer.ps
-lib/aafid2/doc/notes/Attack_and_agent_ideas.txt
-lib/aafid2/doc/notes/Config.txt
-lib/aafid2/doc/notes/Directory_hierarchy.txt
-lib/aafid2/doc/notes/Filters.txt
-lib/aafid2/doc/notes/How_to_run.txt
-lib/aafid2/doc/notes/How_to_use_GUI.txt
-lib/aafid2/doc/notes/How_to_use_filters.txt
-lib/aafid2/doc/notes/How_to_write_filters.txt
-lib/aafid2/doc/notes/Introspection.txt
-lib/aafid2/doc/notes/Reduction_Modules.txt
-lib/aafid2/doc/papers/00README
-lib/aafid2/doc/papers/architecture_report.ps
-lib/aafid2/doc/papers/implementation_report_draft.ps
-lib/aafid2/doc/papers/users_guide_draft.ps
-lib/aafid2/lib/pixmaps/NeXTterm.xpm
-lib/aafid2/misc/Resources.patch
-lib/aafid2/misc/Topics.patch
-lib/aafid2/utils/00README
-lib/aafid2/utils/aafid.vim
-@exec mkdir -p %D/lib/aafid2/bin
-@exec mkdir -p %D/lib/aafid2/man/man1
-@exec ln -s ../classes/AAFID/makeagent.pl %D/lib/aafid2/bin/makeagent.pl
-@exec ln -s makeagent.pl %D/lib/aafid2/bin/makeagent
-@exec ln -s ../classes/AAFID/GUI/aafid2gui %D/lib/aafid2/bin/aafid2gui
-@exec ln -s ../../classes/AAFID/makeagent.man %D/lib/aafid2/man/man1/makeagent.1
-@unexec rm -f %D/lib/aafid2/bin/makeagent.pl
-@unexec rm -f %D/lib/aafid2/bin/makeagent
-@unexec rm -f %D/lib/aafid2/bin/aafid2gui
-@unexec rm -f %D/lib/aafid2/man/man1/makeagent.1
-@dirrm lib/aafid2/utils
-@dirrm lib/aafid2/misc
-@dirrm lib/aafid2/man/man1
-@dirrm lib/aafid2/man
-@dirrm lib/aafid2/lib/pixmaps
-@dirrm lib/aafid2/lib
-@dirrm lib/aafid2/doc/papers
-@dirrm lib/aafid2/doc/notes
-@dirrm lib/aafid2/doc/code
-@dirrm lib/aafid2/doc
-@dirrm lib/aafid2/config/fiji
-@dirrm lib/aafid2/config/basm
-@dirrm lib/aafid2/config
-@dirrm lib/aafid2/classes/Util
-@dirrm lib/aafid2/classes/Log
-@dirrm lib/aafid2/classes/Filter
-@dirrm lib/aafid2/classes/Comm
-@dirrm lib/aafid2/classes/Agents
-@dirrm lib/aafid2/classes/AAFID/GUI
-@dirrm lib/aafid2/classes/AAFID
-@dirrm lib/aafid2/classes
-@dirrm lib/aafid2/bin
-@dirrm lib/aafid2/aas
-@dirrm lib/aafid2
diff --git a/security/bjorb/Makefile b/security/bjorb/Makefile
deleted file mode 100644
index 508d265224d5..000000000000
--- a/security/bjorb/Makefile
+++ /dev/null
@@ -1,60 +0,0 @@
-# New ports collection makefile for: bjorb
-# Date created: May 16, 1998
-# Whom: issei@jp.FreeBSD.org
-#
-# $FreeBSD$
-#
-
-PORTNAME= bjorb
-PORTVERSION= 0.5.5p1
-PORTREVISION= 1
-CATEGORIES= security
-MASTER_SITES= http://people.FreeBSD.org/~foxfair/distfiles/
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= Secure TCP relay software with SSL
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-USE_OPENSSL= YES
-USE_PERL5= yes
-
-.if !defined(BATCH)
-INSTALL_TARGET= install certificate
-.endif
-
-USE_AUTOTOOLS= autoconf213
-CFLAGS+= -I${OPENSSLINC}/openssl
-CONFIGURE_ARGS= --with-ssltop=${OPENSSLBASE} --with-ssllib=${OPENSSLLIB}
-CONFIGURE_ENV+= LOCALBASE=${LOCALBASE}
-WRKSRC= ${WRKDIR}/${DISTNAME}/src
-DOCSRC= ${WRKDIR}/${DISTNAME}
-DOCS= ChangeLog \
- COPYRIGHT \
- INSTALL \
- README \
- ChangeLog.jp \
- COPYRIGHT.jp \
- INSTALL.jp \
- README.jp \
- doc/bjorb.conf.5.jp.txt \
- doc/features.jp
-EXAMPLES= doc/sample/bjorb.conf.doc
-
-post-install:
- @${INSTALL_SCRIPT} ${DOCSRC}/doc/sample/bjorb.sh ${PREFIX}/etc/rc.d/bjorb.sh.sample
-.if !defined(NOPORTDOCS)
- @${MKDIR} ${DOCSDIR}
-.for i in ${DOCS}
- @${INSTALL_DATA} ${DOCSRC}/$i ${DOCSDIR}
-.endfor
-.endif
-.if !defined(NOPORTEXAMPLES)
- @${MKDIR} ${PREFIX}/share/examples/bjorb
-.for i in ${EXAMPLES}
- @${INSTALL_DATA} ${DOCSRC}/$i ${PREFIX}/share/examples/bjorb
-.endfor
-.endif
-
-.include <bsd.port.mk>
diff --git a/security/bjorb/distinfo b/security/bjorb/distinfo
deleted file mode 100644
index 7cf186cae605..000000000000
--- a/security/bjorb/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (bjorb-0.5.5p1.tar.gz) = abea77967a1a0fd2dcd1b407d652b3bf
-SHA256 (bjorb-0.5.5p1.tar.gz) = b1674580625d7fc9832a49fb175b690db4f8fbaf7af11d0adddceb4ca7dfe7ac
-SIZE (bjorb-0.5.5p1.tar.gz) = 70151
diff --git a/security/bjorb/files/patch-Config-staff.cc b/security/bjorb/files/patch-Config-staff.cc
deleted file mode 100644
index c048f2edd648..000000000000
--- a/security/bjorb/files/patch-Config-staff.cc
+++ /dev/null
@@ -1,11 +0,0 @@
---- Config-staff.cc.orig Fri Feb 21 10:27:31 2003
-+++ Config-staff.cc Fri Feb 21 10:27:47 2003
-@@ -342,7 +342,7 @@
- PUTERR(1, ("Generating a %d bit RSA private key\n", bits));
-
- EVP_PKEY *pkey = 0;
-- EVP_MD *digest = EVP_md5();
-+ const EVP_MD *digest = EVP_md5();
- X509 *x509 = 0;
- X509_NAME *n = 0;
- X509_NAME_ENTRY *ne = 0;
diff --git a/security/bjorb/files/patch-aa b/security/bjorb/files/patch-aa
deleted file mode 100644
index 0f8c5eb490f9..000000000000
--- a/security/bjorb/files/patch-aa
+++ /dev/null
@@ -1,53 +0,0 @@
---- Makefile.in.orig Mon Feb 22 05:01:20 1999
-+++ Makefile.in Sun Jan 12 14:46:10 2003
-@@ -29,7 +29,7 @@
- LDFLAGS =
- LIBS = @LIBS@
-
--PREFIX = @prefix@
-+PREFIX ?= @prefix@
- exec_prefix = $(PREFIX)
- sbindir = $(exec_prefix)/sbin
- etcdir = $(exec_prefix)/etc
-@@ -81,7 +81,7 @@
- $(INSTALL_DATA) ../doc/sample/bjorb.conf.sample $(etcdir)/bjorb.conf.sample
-
- $(TARGET): $(OBJS)
-- $(CC) -o $(TARGET) $(ALL_LDFLAGS) $(OBJS) $(ALL_LIBS)
-+ $(CXX) -o $(TARGET) $(ALL_LDFLAGS) $(OBJS) $(ALL_LIBS)
-
- debug::
- $(MAKE) CFLAGS="-g -DDEBUG"
-@@ -116,13 +116,13 @@
- $(CC) -c $(ALL_CFLAGS) $<
-
- .cc.o: Makefile
-- $(CC) -c $(ALL_CFLAGS) $<
-+ $(CXX) -c $(ALL_CFLAGS) $<
-
- Makefile: Makefile.in
- CONFIG_FILES=./$@ CONFIG_HEADERS= $(SHELL) ./config.status
-
- cmd.o: cmd.cc cmd-def.h
-- $(CC) -c $(ALL_CFLAGS) $<
-+ $(CXX) -c $(ALL_CFLAGS) $<
- cmd.cc: cmd.list
- gperf -aptCT -N in_word_set_cmdlist $? > $@
- bool.cc:bool.list
-@@ -135,9 +135,13 @@
- autoconf
-
- certificate::
-- $(SSLTOP)/bin/req -new -x509 -out new.pem -nodes -days 365
-- cat new.pem privkey.pem > $(etcdir)/bjorb.pem
-- @rm new.pem privkey.pem
-+ (\
-+ [ -f $(PREFIX)/certs/bjorb.pem ] && exit 0; \
-+ cd $(PREFIX)/certs; \
-+ openssl req -new -x509 -nodes -days 365 -out bjorb.pem -keyout bjorb.pem; \
-+ ln -s bjorb.pem `openssl x509 -noout -hash < bjorb.pem`.0 ;\
-+ chmod 644 $(PREFIX)/certs/bjorb.pem; \
-+ )
-
- install-bsd::
- @if test -f /etc/rc.bjorb ; then chmod +w /etc/rc.bjorb; fi
diff --git a/security/bjorb/files/patch-ab b/security/bjorb/files/patch-ab
deleted file mode 100644
index 24000248cb5e..000000000000
--- a/security/bjorb/files/patch-ab
+++ /dev/null
@@ -1,13 +0,0 @@
---- ../doc/sample/bjorb.conf.sample.orig Tue Jul 7 22:39:16 1998
-+++ ../doc/sample/bjorb.conf.sample Tue Aug 25 14:17:58 1998
-@@ -5,8 +5,8 @@
- error_log /var/log/bjorb-err.log
- do_fork true
- deny_wait 0
--CA_cert_file /usr/local/etc/bjorb.pem
--CA_cert_path /usr/local/etc/CA
-+CA_cert_file /usr/local/certs/bjorb.pem
-+CA_cert_path /usr/local/certs/CA
- max_connection 100
- spare_servers 1
-
diff --git a/security/bjorb/files/patch-ac b/security/bjorb/files/patch-ac
deleted file mode 100644
index 3d51b891b711..000000000000
--- a/security/bjorb/files/patch-ac
+++ /dev/null
@@ -1,45 +0,0 @@
---- configure.in.orig Sun Feb 21 20:40:47 1999
-+++ configure.in Sun Dec 26 12:02:27 1999
-@@ -16,6 +16,7 @@
- prefix=$ac_default_prefix
- fi
- ssltop=$prefix/ssl
-+ssllib=$prefix/ssl
-
- dnl Checks for programs.
- AC_PROG_AWK
-@@ -86,6 +87,13 @@
-
- AC_SUBST(ssltop)
-
-+# with SSL lib
-+AC_ARG_WITH(ssllib,
-+[ --with-ssllib=DIR specifies directory to put SSL libbary.],
-+ssllib=$with_ssllib)
-+
-+AC_SUBST(ssllib)
-+
- dnl Checks for libraries.
-
- # shared option
-@@ -100,12 +108,16 @@
-
- # for USA_RESIDENT on FreeBSD
- if test X$disable_ssl = X; then
-- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$ssltop/lib"
-+ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$ssllib"
- export LD_LIBRARY_PATH
-
-- AC_CHECK_LIB(RSAglue, ERR_load_RSAREF_strings,,,-lcrypto -lssl)
-- AC_CHECK_LIB(rsaref, DES3_CBCInit)
-- ssllibs="-lssl -lcrypto"
-+ AC_MSG_CHECKING([for RSAref library])
-+ saved_LIBS="-L$ssllib -lcrypto -lssl"
-+ LIBS="$saved_LIBS -L${LOCALBASE}/lib -lRSAglue -lrsaref"
-+ AC_TRY_LINK([], [],
-+ [AC_MSG_RESULT(yes); ],
-+ [AC_MSG_RESULT(no)]; LIBS="$saved_LIBS")
-+ ssllibs="$LIBS"
- fi
-
- deflib()
diff --git a/security/bjorb/files/patch-ad b/security/bjorb/files/patch-ad
deleted file mode 100644
index 0b2209425b9f..000000000000
--- a/security/bjorb/files/patch-ad
+++ /dev/null
@@ -1,29 +0,0 @@
---- Config.cc.orig Mon Feb 22 04:07:51 1999
-+++ Config.cc Sun Jan 12 14:34:28 2003
-@@ -334,7 +334,7 @@
- int retval = 1;
-
- SOCKADDR_IN sa_client;
-- int addr_len = sizeof(SOCKADDR_IN);
-+ unsigned int addr_len = sizeof(SOCKADDR_IN);
-
- #ifndef NO_DEBUG
- PUTERR(2, ("::accept() begin\n"));
-@@ -574,7 +574,7 @@
- if (accept_port.getPortinfo()->isVerify()) {
- _SSL_set_verify(ssl,
- SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-- (int (*)(...))BjorbSSLVerifyCallback);
-+ BjorbSSLVerifyCallback);
- } else {
- _SSL_set_verify(ssl, SSL_VERIFY_NONE, 0);
- }
-@@ -620,7 +620,7 @@
- } else {
- _SSL_CTX_set_verify(ctx_connect,
- SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-- (int (*)(...))BjorbSSLVerifyCallback);
-+ BjorbSSLVerifyCallback);
- }
-
- ssl = _SSL_new(ctx_connect);
diff --git a/security/bjorb/files/patch-ae b/security/bjorb/files/patch-ae
deleted file mode 100644
index 15ea1c500bc1..000000000000
--- a/security/bjorb/files/patch-ae
+++ /dev/null
@@ -1,14 +0,0 @@
---- bool.cc.orig Mon Feb 22 03:40:47 1999
-+++ bool.cc Sun Jan 12 14:42:05 2003
-@@ -1,6 +1,11 @@
- /* C code produced by gperf version 2.1 (K&R C version) */
- /* Command-line: gperf -aptCT -N in_word_set_boollist bool.list */
-
-+#include "config.h"
-+
-+#ifdef HAVE_STRING_H
-+#include <string.h>
-+#endif /* HAVE_STRING_H */
-
- #include "common.h"
- #include "bool.h"
diff --git a/security/bjorb/files/patch-af b/security/bjorb/files/patch-af
deleted file mode 100644
index 68ea9f4477a1..000000000000
--- a/security/bjorb/files/patch-af
+++ /dev/null
@@ -1,14 +0,0 @@
---- cmd.cc.orig Mon Feb 22 03:40:47 1999
-+++ cmd.cc Sun Jan 12 14:40:41 2003
-@@ -3,6 +3,11 @@
-
-
- #include "config.h"
-+
-+#ifdef HAVE_STRING_H
-+#include <string.h>
-+#endif /* HAVE_STRING_H */
-+
- #include "cmd.h"
- #include "Config.h"
- #include "cmd-def.h"
diff --git a/security/bjorb/files/patch-ag b/security/bjorb/files/patch-ag
deleted file mode 100644
index a1b08e8cf073..000000000000
--- a/security/bjorb/files/patch-ag
+++ /dev/null
@@ -1,12 +0,0 @@
---- portinfo.cc.orig Mon Feb 22 03:40:47 1999
-+++ portinfo.cc Sun Jan 12 14:40:05 2003
-@@ -1,3 +1,9 @@
-+#include "config.h"
-+
-+#ifdef HAVE_STRING_H
-+#include <string.h>
-+#endif /* HAVE_STRING_H */
-+
- #include "common.h"
- #include "portinfo.h"
- #include "token.h"
diff --git a/security/bjorb/files/patch-ah b/security/bjorb/files/patch-ah
deleted file mode 100644
index 5fb500abdc0c..000000000000
--- a/security/bjorb/files/patch-ah
+++ /dev/null
@@ -1,14 +0,0 @@
---- portoption.cc.orig Mon Feb 22 03:40:47 1999
-+++ portoption.cc Sun Jan 12 14:41:00 2003
-@@ -3,6 +3,11 @@
-
-
- #include "config.h"
-+
-+#ifdef HAVE_STRING_H
-+#include <string.h>
-+#endif /* HAVE_STRING_H */
-+
- #include "Config.h"
-
- #define MIN_WORD_LENGTH 3
diff --git a/security/bjorb/files/patch-log.cc b/security/bjorb/files/patch-log.cc
deleted file mode 100644
index 4ac571db5d01..000000000000
--- a/security/bjorb/files/patch-log.cc
+++ /dev/null
@@ -1,20 +0,0 @@
---- log.cc.orig 2008-09-15 18:41:31.000000000 +0000
-+++ log.cc 2008-09-15 18:43:17.000000000 +0000
-@@ -183,7 +183,7 @@
- va_start(ap, fmt);
-
- #ifndef NO_SYSLOG
-- if ((int)fp == -1) {
-+ if (fp == (FILE *)-1) {
- char buf[512];
- int level;
- vsprintf(buf, fmt, ap);
-@@ -241,7 +241,7 @@
- {
- if (fp && fp != stderr
- #ifndef NO_SYSLOG
-- && (int)fp != -1
-+ && fp != (FILE *)-1
- #endif
- ) {
- put("Close log file\n");
diff --git a/security/bjorb/pkg-descr b/security/bjorb/pkg-descr
deleted file mode 100644
index e2cc2a854425..000000000000
--- a/security/bjorb/pkg-descr
+++ /dev/null
@@ -1,10 +0,0 @@
-Bjorb is secure TCP relay software. Bjorb provides you, secure end-to-end
-connection over insecure network such as Internet.
-
-Features:
- 1. Encrypt/decrypt any "static port" TCP connection with SSL.
- 2. Restrcit access by IP address.
- 3. Server side certification.
- 4. Client side certification.
-
-WWW: http://www.hitachi-ms.co.jp/bjorb/
diff --git a/security/bjorb/pkg-plist b/security/bjorb/pkg-plist
deleted file mode 100644
index 8e8e1df0a9a9..000000000000
--- a/security/bjorb/pkg-plist
+++ /dev/null
@@ -1,17 +0,0 @@
-etc/bjorb.conf.sample
-etc/rc.d/bjorb.sh.sample
-sbin/bjorb
-%%PORTDOCS%%%%DOCSDIR%%/ChangeLog
-%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT
-%%PORTDOCS%%%%DOCSDIR%%/INSTALL
-%%PORTDOCS%%%%DOCSDIR%%/README
-%%PORTDOCS%%%%DOCSDIR%%/ChangeLog.jp
-%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.jp
-%%PORTDOCS%%%%DOCSDIR%%/INSTALL.jp
-%%PORTDOCS%%%%DOCSDIR%%/README.jp
-%%PORTDOCS%%%%DOCSDIR%%/bjorb.conf.5.jp.txt
-%%PORTDOCS%%%%DOCSDIR%%/features.jp
-%%PORTDOCS%%@dirrm %%DOCSDIR%%
-%%PORTEXAMPLES%%%%EXAMPLESDIR%%/bjorb.conf.doc
-%%PORTEXAMPLES%%@dirrm %%EXAMPLESDIR%%
-@exec ( [ -f %D/certs/bjorb.pem ] && exit ; echo "Making certificate files" ; cd %D/certs ; openssl req -new -x509 -nodes -days 365 -out bjorb.pem -keyout bjorb.pem; ln -s bjorb.pem `openssl x509 -noout -hash < bjorb.pem`.0 ; chmod 644 %D/certs/bjorb.pem )
diff --git a/security/borzoi/Makefile b/security/borzoi/Makefile
deleted file mode 100644
index 1e6192042f73..000000000000
--- a/security/borzoi/Makefile
+++ /dev/null
@@ -1,29 +0,0 @@
-# ex:ts=8
-# New ports collection makefile for: borZoi
-# Date created: Aug 23, 2001
-# Whom: ijliao
-#
-# $FreeBSD$
-#
-
-PORTNAME= borzoi
-PORTVERSION= 1.0.2
-PORTREVISION= 1
-CATEGORIES= security
-MASTER_SITES= http://dragongate-technologies.com/borzoi/
-DISTNAME= borZoi-${PORTVERSION}
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= An Elliptic Curve Cryptography Library
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-BUILD_DEPENDS= ${LOCALBASE}/lib/libntl.a:${PORTSDIR}/math/ntl
-RUN_DEPENDS= ${LOCALBASE}/lib/libntl.a:${PORTSDIR}/math/ntl
-
-USE_AUTOTOOLS= libtool
-GNU_CONFIGURE= yes
-USE_LDCONFIG= yes
-
-.include <bsd.port.mk>
diff --git a/security/borzoi/distinfo b/security/borzoi/distinfo
deleted file mode 100644
index 0df01d2f4521..000000000000
--- a/security/borzoi/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (borZoi-1.0.2.tar.gz) = 31e7b8d243d14c20cc4a0d09f3ae4111
-SHA256 (borZoi-1.0.2.tar.gz) = 69723ad61057c1f6c67a092db856ac0751c2f95d97edb44fd8a1dc0860af2ab7
-SIZE (borZoi-1.0.2.tar.gz) = 605532
diff --git a/security/borzoi/pkg-descr b/security/borzoi/pkg-descr
deleted file mode 100644
index 20ef0c68fd5a..000000000000
--- a/security/borzoi/pkg-descr
+++ /dev/null
@@ -1,3 +0,0 @@
-borZoi - An Elliptic Curve Cryptography Library
-
-WWW: http://dragongate-technologies.com/products.html#borZoi
diff --git a/security/borzoi/pkg-plist b/security/borzoi/pkg-plist
deleted file mode 100644
index f26b1f13a701..000000000000
--- a/security/borzoi/pkg-plist
+++ /dev/null
@@ -1,12 +0,0 @@
-bin/borzoi
-include/borzoi.h
-include/borzoi_math.h
-include/borzoi_util.h
-include/mpi.h
-include/nist_curves.h
-include/rijndael-alg-fst.h
-include/rng.h
-lib/libborzoi.a
-lib/libborzoi.la
-lib/libborzoi.so
-lib/libborzoi.so.0
diff --git a/security/cmd5checkpw/Makefile b/security/cmd5checkpw/Makefile
deleted file mode 100644
index 3e9cea6c7154..000000000000
--- a/security/cmd5checkpw/Makefile
+++ /dev/null
@@ -1,41 +0,0 @@
-# New ports collection makefile for: cmd5checkpw
-# Date created: 8 Sep 2003
-# Whom: Clement Laforet <sheepkiller@cultdeadsheep.org>
-#
-# $FreeBSD$
-#
-
-PORTNAME= cmd5checkpw
-PORTVERSION= 0.22
-CATEGORIES= security
-MASTER_SITES= http://members.elysium.pl/brush/cmd5checkpw/dist/
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= Checkpassword compatible authentication program that uses CRAM-MD5
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-MAN8= cmd5checkpw.8
-
-DOCS_FILES= CHANGES CREDITS INSTALL README rfc1321.txt rfc2104.txt
-
-post-patch:
- @${REINPLACE_CMD} -e 's|/etc/poppasswd|${LOCALBASE}/etc/poppasswd|' \
- ${WRKSRC}/main.c
- @${REINPLACE_CMD} -e 's|^\(CC\)|#\1|; s|^\(CFLAGS\)|#\1|; \
- s|LD=gcc|LD=$${CC}|; s|LDFLAGS=-g|LDFLAGS=$${CFLAGS} ${LDFLAGS}|;' \
- ${WRKSRC}/Makefile
-
-do-install:
- @${INSTALL_PROGRAM} ${WRKSRC}/cmd5checkpw ${LOCALBASE}/bin
- @${INSTALL_DATA} ${WRKSRC}/poppasswd ${LOCALBASE}/etc/poppasswd.dist
- @${INSTALL_MAN} ${WRKSRC}/cmd5checkpw.8 ${MANPREFIX}/man/man8
-.if !defined(NOPORTDOCS)
- @${MKDIR} ${DOCSDIR}
-. for f in ${DOCS_FILES}
- @${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR}
-. endfor
-.endif
-
-.include <bsd.port.mk>
diff --git a/security/cmd5checkpw/distinfo b/security/cmd5checkpw/distinfo
deleted file mode 100644
index 8aa87bb07c94..000000000000
--- a/security/cmd5checkpw/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (cmd5checkpw-0.22.tar.gz) = 40092caf3608cbc8bd23220b2b28cb52
-SHA256 (cmd5checkpw-0.22.tar.gz) = 26d375a909520aaf980b59f01d994a796c87dfcf317b9dc31284f14ed92032d9
-SIZE (cmd5checkpw-0.22.tar.gz) = 24323
diff --git a/security/cmd5checkpw/pkg-descr b/security/cmd5checkpw/pkg-descr
deleted file mode 100644
index 3c3409443f51..000000000000
--- a/security/cmd5checkpw/pkg-descr
+++ /dev/null
@@ -1,6 +0,0 @@
-cmd5checkpw is a checkpassword compatible authentication program that uses
-CRAM-MD5 authentication mode. It was designed primary to work with qmail
-but it can be used by any other program that knows how to use checkpassword
-compatible authentication.
-
-WWW: http://members.elysium.pl/brush/cmd5checkpw/
diff --git a/security/cmd5checkpw/pkg-plist b/security/cmd5checkpw/pkg-plist
deleted file mode 100644
index 75b84ff2372b..000000000000
--- a/security/cmd5checkpw/pkg-plist
+++ /dev/null
@@ -1,9 +0,0 @@
-bin/cmd5checkpw
-etc/poppasswd.dist
-%%PORTDOCS%%%%DOCSDIR%%/CHANGES
-%%PORTDOCS%%%%DOCSDIR%%/CREDITS
-%%PORTDOCS%%%%DOCSDIR%%/INSTALL
-%%PORTDOCS%%%%DOCSDIR%%/README
-%%PORTDOCS%%%%DOCSDIR%%/rfc1321.txt
-%%PORTDOCS%%%%DOCSDIR%%/rfc2104.txt
-%%PORTDOCS%%@dirrm %%DOCSDIR%%
diff --git a/security/cops/Makefile b/security/cops/Makefile
deleted file mode 100644
index 29005f5bb1d3..000000000000
--- a/security/cops/Makefile
+++ /dev/null
@@ -1,50 +0,0 @@
-# New ports collection makefile for: cops
-# Date created: 29 August 1996
-# Whom: oly
-#
-# $FreeBSD$
-#
-
-PORTNAME= cops
-PORTVERSION= 1.04
-CATEGORIES= security
-MASTER_SITES= http://www.fish2.com/cops/ \
- http://mirror2.unixfreunde.de/ \
- http://freebsd.unixfreunde.de/sources/
-DISTNAME= ${PORTNAME}${PORTVERSION:S/.//g}+
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= A system secureness checker
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-WRKSRC= ${WRKDIR}/${PORTNAME}_${PORTVERSION:S/.//g}+
-HAS_CONFIGURE= yes
-CONFIGURE_SCRIPT= reconfig
-MAKEFILE= makefile
-MAKE_ARGS= EXECUTABLE="${EXECUTABLE}" C_SRC="${C_SRC}"
-
-EXECUTABLE= home.chk user.chk is_writable crc crc_check \
- addto clearfiles filewriters members tilde is_able
-C_SRC= home.chk.c user.chk.c is_able.c is_something.c \
- addto.c clearfiles.c filewriters.c members.c tilde.c \
- crc.c crc_check.c
-
-pre-build:
- ${SED} \
- -e 's,^SECURE=/usr/foo/bar,SECURE=${PREFIX}/cops,g' \
- -e '/^$$SECURE\/passwd\.chk.*/d' \
- -e 's,SECURE_USERS="foo@bar\.edu",SECURE_USERS="root@localhost",g' \
- -e 's/passwd\.chk pass.chk //g' \
- ${WRKSRC}/cops > ${WRKSRC}/cops.out
- ${MV} ${WRKSRC}/cops.out ${WRKSRC}/cops
-
-do-install:
- ${MKDIR} ${PREFIX}/cops
- ${TAR} -C ${WRKSRC} --exclude "*.old" -cf - . | \
- ${TAR} -C ${PREFIX}/cops --unlink -xf -
- ${CHOWN} -R ${BINOWN}:${BINGRP} ${PREFIX}/cops
- ${CHMOD} -R go-rwx ${PREFIX}/cops
-
-.include <bsd.port.mk>
diff --git a/security/cops/distinfo b/security/cops/distinfo
deleted file mode 100644
index 3175aa8a6622..000000000000
--- a/security/cops/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (cops104+.tar.gz) = d994194c3ee14e4a71b1312e98643606
-SHA256 (cops104+.tar.gz) = 5c673c4868fda0e0c0ac7f7b7aab7f31a2dff8266382b1c24dca94eedfa712b5
-SIZE (cops104+.tar.gz) = 288663
diff --git a/security/cops/files/patch-aa b/security/cops/files/patch-aa
deleted file mode 100644
index 53a8e007bd75..000000000000
--- a/security/cops/files/patch-aa
+++ /dev/null
@@ -1,32 +0,0 @@
---- perl/cops.orig Sat Feb 21 19:20:10 1998
-+++ perl/cops Sat Feb 21 19:21:06 1998
-@@ -1,8 +1,4 @@
--#!/bin/sh -- need to mention perl here to avoid recursion
--'true' || eval 'exec perl -S $0 $argv:q';
--eval '(exit $?0)' && eval 'exec perl -S $0 ${1+"$@"}'
--& eval 'exec /usr/local/bin/perl -S $0 $argv:q'
-- if 0;
-+#!/usr/bin/perl
-
- #
- # Usage: cops [-vx] [-c config file] [-s secure_dir] [architecture]
-@@ -83,7 +79,7 @@
-
- # Read stuff to do from the config file
- die "$0: Can't trust $CONFIG to reconfig!\n" if &'is_writable($CONFIG);
--open CONFIG || die "can't open $CONFIG: $!";
-+open (CONFIG) || die "can't open $CONFIG: $!";
-
- &argh unless -s $CONFIG;
-
-@@ -219,8 +215,8 @@
- }
- return 1 if (($FILE2 eq "") || (-s $FILE1 != -s $report));
-
-- open FILE1 || die "can't open $FILE1: $!\n";
-- open FILE2 || die "can't open $FILE2: $!\n";
-+ open (FILE1) || die "can't open $FILE1: $!\n";
-+ open (FILE2) || die "can't open $FILE2: $!\n";
-
- for (1..5) {
- $_ = <FILE1>;
diff --git a/security/cops/files/patch-ab b/security/cops/files/patch-ab
deleted file mode 100644
index 7e02909ab1e8..000000000000
--- a/security/cops/files/patch-ab
+++ /dev/null
@@ -1,11 +0,0 @@
---- makefile.orig Tue Mar 9 02:19:18 1993
-+++ makefile Tue Jul 11 21:44:29 2000
-@@ -23,7 +23,7 @@
- # C2 = -DC2
-
- #
--CFLAGS = -O $(C2)
-+CFLAGS+ = $(C2)
- # sequents need "-lseq" as well... uncomment this if you're running on one:
- # SEQFLAGS = -lseq
-
diff --git a/security/cops/pkg-descr b/security/cops/pkg-descr
deleted file mode 100644
index 6e78a75205b2..000000000000
--- a/security/cops/pkg-descr
+++ /dev/null
@@ -1,9 +0,0 @@
-Cops is a set of programs to check how secure your system is. It
-checks file and directory privileges, SUID programs, etc. It has
-support for checking passwords, but this port doesn't include it
-as it is DES based. This port installs cops in a single directory
-area. The directory has no non-user privileges and cops is meant
-to be run locally to that directory. The perl version of cops is
-also included in a subdirectory.
-
-WWW: http://www.fish2.com/cops/
diff --git a/security/cops/pkg-plist b/security/cops/pkg-plist
deleted file mode 100644
index 92eb7cdaa301..000000000000
--- a/security/cops/pkg-plist
+++ /dev/null
@@ -1,237 +0,0 @@
-cops/MANIFEST
-cops/README.1
-cops/README.2.pl
-cops/README.2.sh
-cops/README.3
-cops/README.FIRST
-cops/XTRA_CREDIT
-cops/addto
-cops/bug.chk
-cops/bug.chk.aix
-cops/bug.chk.apollo
-cops/bug.chk.dec
-cops/bug.chk.next
-cops/bug.chk.sgi
-cops/bug.chk.sun
-cops/bug.chk.svr4
-cops/bug_cmp
-cops/carp/How2Change
-cops/carp/README
-cops/carp/carp
-cops/carp/carp.1
-cops/carp/carp.anlz
-cops/carp/carp.anlz.1
-cops/carp/carp.awk
-cops/carp/carp.table
-cops/carp/carp2ps
-cops/carp/carp2ps.1
-cops/checkacct/Article
-cops/checkacct/Intro
-cops/checkacct/Makefile
-cops/checkacct/README.FIRST
-cops/checkacct/bsd.m4
-cops/checkacct/ca.src
-cops/checkacct/chkacct.1l
-cops/checkacct/dotwrite
-cops/checkacct/effect.dotwrit
-cops/checkacct/effect.owners
-cops/checkacct/effect.read
-cops/checkacct/effect.rhosts
-cops/checkacct/effect.setuid
-cops/checkacct/effect.write
-cops/checkacct/owners
-cops/checkacct/prm.mm
-cops/checkacct/prompt.help
-cops/checkacct/readable
-cops/checkacct/rhosts
-cops/checkacct/rhosts.pl
-cops/checkacct/setuid
-cops/checkacct/sysV.m4
-cops/checkacct/write
-cops/chk_strings
-cops/clearfiles
-cops/cops
-cops/cops_filter
-cops/cover_letter
-cops/crc
-cops/crc.chk
-cops/crc_check
-cops/crc_list
-cops/cron.chk
-cops/dev.chk
-cops/disclaimer
-cops/docs/COPS.report
-cops/docs/COPS.report.ms
-cops/docs/COPS.tex
-cops/docs/CRC.README
-cops/docs/KUANG.README
-cops/docs/SUID.README
-cops/docs/bug.chk
-cops/docs/bug.chk.1
-cops/docs/cops
-cops/docs/cops.1
-cops/docs/cron.chk
-cops/docs/cron.chk.1
-cops/docs/dev.chk
-cops/docs/dev.chk.1
-cops/docs/ftp.chk
-cops/docs/group.chk
-cops/docs/group.chk.1
-cops/docs/home.chk
-cops/docs/home.chk.1
-cops/docs/is_able
-cops/docs/is_able.1
-cops/docs/is_able.chk
-cops/docs/is_able.chk.1
-cops/docs/is_writable
-cops/docs/is_writable.1
-cops/docs/kuang.1
-cops/docs/kuang.man
-cops/docs/kuang.man.ms
-cops/docs/makefile
-cops/docs/misc.chk
-cops/docs/misc.chk.1
-cops/docs/obligatory.album
-cops/docs/obligatory.joke
-cops/docs/pass.chk
-cops/docs/pass.chk.1
-cops/docs/pass_diff.chk
-cops/docs/pass_diff.chk.1
-cops/docs/passwd.chk
-cops/docs/passwd.chk.1
-cops/docs/rc.chk
-cops/docs/rc.chk.1
-cops/docs/readme.C2
-cops/docs/readme.apollo
-cops/docs/readme.cfilter
-cops/docs/readme.filters
-cops/docs/readme.ibm
-cops/docs/readme.sequent
-cops/docs/readme.shadow
-cops/docs/readme.svr4
-cops/docs/readme.xenix
-cops/docs/readme.yp
-cops/docs/release.notes
-cops/docs/root.chk
-cops/docs/root.chk.1
-cops/docs/suid.man
-cops/docs/suid.man.ms
-cops/docs/tilde
-cops/docs/user.chk
-cops/docs/user.chk.1
-cops/docs/warnings
-cops/extensions/THINGS_2_DO
-cops/extensions/YAR
-cops/extensions/crypto-stuff
-cops/extensions/netstuff
-cops/extensions/passwords
-cops/extensions/questions
-cops/extensions/uucp.hardening
-cops/extensions/writing.suid
-cops/extra_src/README
-cops/extra_src/bad_dir.pl
-cops/extra_src/diff_last.sh
-cops/extra_src/mail.chk
-cops/extra_src/pass.mail
-cops/extra_src/rhosts_sweeper
-cops/extra_src/stop.make
-cops/extra_src/trust.pl
-cops/extra_src/uucp_1.shar
-cops/extra_src/uucp_2.shar
-cops/extra_src/uucp_quick.chk
-cops/file.paths
-cops/filewriters
-cops/ftp.chk
-cops/gen_fix
-cops/group.chk
-cops/home.chk
-cops/init_kuang
-cops/is_able
-cops/is_able.chk
-cops/is_able.lst
-cops/is_writable
-cops/kuang
-cops/kuang.pl.shar
-cops/makefile
-cops/makefile.orig
-cops/members
-cops/misc.chk
-cops/pass.words
-cops/pass_diff.chk
-cops/passwd.chk
-cops/patchlevel.h
-cops/perl/README.kuang
-cops/perl/README.sgi
-cops/perl/chk_strings
-cops/perl/chk_strings.pl
-cops/perl/cops
-cops/perl/cops.cf
-cops/perl/cops.orig
-cops/perl/cron.chk
-cops/perl/dev.chk
-cops/perl/fgrep.pl
-cops/perl/file_mode.pl
-cops/perl/file_owner.pl
-cops/perl/ftp.chk
-cops/perl/get-cf
-cops/perl/getopts.pl
-cops/perl/glob.pl
-cops/perl/group.chk
-cops/perl/hostname.pl
-cops/perl/is_able.chk
-cops/perl/is_able.lst
-cops/perl/is_able.pl
-cops/perl/kuang
-cops/perl/kuang.1
-cops/perl/misc.chk
-cops/perl/pass.cache.pl
-cops/perl/pass.chk
-cops/perl/passwd.chk
-cops/perl/pathconf.pl
-cops/perl/pathconf.sh
-cops/perl/rc.chk
-cops/perl/reconfig.pl
-cops/perl/root.chk
-cops/perl/rules.pl
-cops/perl/shadow.sh
-cops/perl/stat.pl
-cops/perl/suckline.pl
-cops/perl/suid.chk
-cops/perl/suid.stop
-cops/perl/user.chk
-cops/perl/yagrip.pl
-cops/platform
-cops/quick_start
-cops/rc.chk
-cops/reconfig
-cops/res_diff
-cops/root.chk
-cops/src/addto.c
-cops/src/clearfiles.c
-cops/src/conf.h
-cops/src/crack-fcrypt.c
-cops/src/crack-lib.c
-cops/src/crack.h
-cops/src/crc.c
-cops/src/crc_check.c
-cops/src/filewriters.c
-cops/src/home.chk.c
-cops/src/is_able.c
-cops/src/is_something.c
-cops/src/members.c
-cops/src/pass.c
-cops/src/tilde.c
-cops/src/user.chk.c
-cops/suid.chk
-cops/suid.stop
-cops/tilde
-cops/user.chk
-cops/yp_pass.chk
-@dirrm cops/src
-@dirrm cops/perl
-@dirrm cops/extra_src
-@dirrm cops/extensions
-@dirrm cops/docs
-@dirrm cops/checkacct
-@dirrm cops/carp
-@dirrm cops
diff --git a/security/find_ddos/Makefile b/security/find_ddos/Makefile
deleted file mode 100644
index cb1f2550f31c..000000000000
--- a/security/find_ddos/Makefile
+++ /dev/null
@@ -1,37 +0,0 @@
-# ex:ts=8
-# Ports collection makefile for: find_ddos
-# Date created: Sun Feb 12, 2000
-# Whom: David O'Brien (obrien@NUXI.com)
-#
-# $FreeBSD$
-#
-
-PORTNAME= find_ddos
-PORTVERSION= 4.2
-PORTREVISION= 1
-CATEGORIES= security
-MASTER_SITES= http://www.nipc.gov/warnings/alerts/1999/ \
- http://www.ucl.ac.uk/cert/tools/
-DISTNAME= find_ddos_v42_linux
-EXTRACT_SUFX= .tar.Z
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= Scans a host filesystem for distributed denial of service programs
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-ONLY_FOR_ARCHS= i386
-WRKSRC= ${WRKDIR}/${PORTNAME}
-
-do-build:
- @brandelf -t Linux ${WRKSRC}/find_ddos
-
-do-install:
- @${INSTALL_SCRIPT} ${WRKSRC}/find_ddos ${PREFIX}/sbin
-.if !defined(NOPORTDOCS)
- @${MKDIR} ${DOCSDIR}
- @${INSTALL_MAN} ${WRKSRC}/README ${DOCSDIR}
-.endif
-
-.include <bsd.port.mk>
diff --git a/security/find_ddos/distinfo b/security/find_ddos/distinfo
deleted file mode 100644
index e4086c9e973b..000000000000
--- a/security/find_ddos/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (find_ddos_v42_linux.tar.Z) = 5af645362aa80a3fb6c1f1c3fab6e7a3
-SHA256 (find_ddos_v42_linux.tar.Z) = 63805d1dc1a201e9c5c99849a4f4092d618ba023fbae47f723f306c23a32ca93
-SIZE (find_ddos_v42_linux.tar.Z) = 367999
diff --git a/security/find_ddos/pkg-descr b/security/find_ddos/pkg-descr
deleted file mode 100644
index e9160933227e..000000000000
--- a/security/find_ddos/pkg-descr
+++ /dev/null
@@ -1,11 +0,0 @@
-In response to a number of distributed denial-of-service (DDOS) attacks that
-have been reported, the National Infrastructure Proctection Center (NIPC)
-Special Technology Applications Unit (STAU) has developed a tool to assist in
-combating this threat. ``find_ddos'' is intended to scan a local system that
-is either known or suspected to contain a DDOS program.
-
-``find_ddos'' will detect tfn2k client, tfn2k daemon, trinoo daemon, trinoo
-master, tfn daemon, tfn client, stacheldraht master, stacheldraht client,
-stachelddraht demon and tfn-rush client.
-
-WWW: http://www.nipc.gov/warnings/alerts/1999/trinoo.htm
diff --git a/security/find_ddos/pkg-plist b/security/find_ddos/pkg-plist
deleted file mode 100644
index 066b73aadb59..000000000000
--- a/security/find_ddos/pkg-plist
+++ /dev/null
@@ -1,4 +0,0 @@
-@comment $FreeBSD$
-sbin/find_ddos
-%%PORTDOCS%%share/doc/find_ddos/README
-%%PORTDOCS%%@dirrm share/doc/find_ddos
diff --git a/security/ftpmap/Makefile b/security/ftpmap/Makefile
deleted file mode 100644
index 19b057dc9f1a..000000000000
--- a/security/ftpmap/Makefile
+++ /dev/null
@@ -1,29 +0,0 @@
-# New ports collection makefile for: ftpmap
-# Date created: 01 Nov 2002
-# Whom: Sergei Kolobov <sergei@kolobov.com>
-#
-# $FreeBSD$
-#
-
-PORTNAME= ftpmap
-PORTVERSION= 0.4
-CATEGORIES= security ftp
-MASTER_SITES= ftp://ftp.pureftpd.org/pub/pure-ftpd/ftpmap/
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= Identify remote FTP server software by fingerprinting
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-GNU_CONFIGURE= yes
-
-DOCS= AUTHORS NEWS README THANKS
-
-.if !defined(NOPORTDOCS)
-post-install:
- @${MKDIR} ${DOCSDIR}
- cd ${WRKSRC} && ${INSTALL_DATA} ${DOCS} ${DOCSDIR}
-.endif
-
-.include <bsd.port.mk>
diff --git a/security/ftpmap/distinfo b/security/ftpmap/distinfo
deleted file mode 100644
index ad299215c84b..000000000000
--- a/security/ftpmap/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (ftpmap-0.4.tar.gz) = 5095c0712e4a906dae75f082acbabffb
-SHA256 (ftpmap-0.4.tar.gz) = f16a705c6aa82aacb83e3b9ff09d2a4007cdaa54d40e62d13bde26d952c87550
-SIZE (ftpmap-0.4.tar.gz) = 95371
diff --git a/security/ftpmap/pkg-descr b/security/ftpmap/pkg-descr
deleted file mode 100644
index d53e3498fad7..000000000000
--- a/security/ftpmap/pkg-descr
+++ /dev/null
@@ -1,6 +0,0 @@
-Ftpmap scans remote FTP servers to indentify what software and what versions
-they are running. It uses program-specific fingerprints to discover the name
-of the software even when banners have been changed or removed, or when some
-features have been disabled. IPv6 is fully supported.
-
-WWW: http://www.jedi.claranet.fr/
diff --git a/security/ftpmap/pkg-plist b/security/ftpmap/pkg-plist
deleted file mode 100644
index 06946609221f..000000000000
--- a/security/ftpmap/pkg-plist
+++ /dev/null
@@ -1,6 +0,0 @@
-bin/ftpmap
-%%PORTDOCS%%%%DOCSDIR%%/AUTHORS
-%%PORTDOCS%%%%DOCSDIR%%/NEWS
-%%PORTDOCS%%%%DOCSDIR%%/README
-%%PORTDOCS%%%%DOCSDIR%%/THANKS
-%%PORTDOCS%%@dirrm %%DOCSDIR%%
diff --git a/security/hafiye/Makefile b/security/hafiye/Makefile
deleted file mode 100644
index 4b7782328855..000000000000
--- a/security/hafiye/Makefile
+++ /dev/null
@@ -1,32 +0,0 @@
-# ex:ts=8
-# Ports collection makefile for: hafiye
-# Date Created: Aug 14, 2002
-# Whom: ijliao
-#
-# $FreeBSD$
-#
-
-PORTNAME= hafiye
-PORTVERSION= 1.0
-PORTREVISION= 1
-CATEGORIES= security
-MASTER_SITES= http://www.enderunix.org/hafiye/
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= Multi Platform Customizable TCP/IP Packet Sniffer
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-MAKE_ENV= LDFLAGS="-lpcap"
-
-post-patch:
- @${REINPLACE_CMD} -e "s|^CC|#CC|g ; s|^CFLAGS|#CFLAGS|g ; \
- s|^LDFLAGS|#LDFLAGS|g" ${WRKSRC}/Makefile
-
-do-install:
- ${INSTALL_PROGRAM} ${WRKSRC}/hafiye ${PREFIX}/bin
- @${MKDIR} ${DATADIR}
- ${CP} -R ${WRKSRC}/KB/* ${DATADIR}
-
-.include <bsd.port.mk>
diff --git a/security/hafiye/distinfo b/security/hafiye/distinfo
deleted file mode 100644
index f44bc689bf5e..000000000000
--- a/security/hafiye/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (hafiye-1.0.tar.gz) = 120ea0ed933ffbd6b6831aad638f2f7a
-SHA256 (hafiye-1.0.tar.gz) = 18d52fd0fba9ba12a43a7e3c7eb39a657e19994f701e32fcd9f81406bc2e3830
-SIZE (hafiye-1.0.tar.gz) = 9139
diff --git a/security/hafiye/pkg-descr b/security/hafiye/pkg-descr
deleted file mode 100644
index 514f5e3c1d79..000000000000
--- a/security/hafiye/pkg-descr
+++ /dev/null
@@ -1,18 +0,0 @@
-When I looked at the source code for various famous sniffers, I've noticed
-that they all had all separate .C files for interpreting various protocols.
-Why not have a sniffer that can understand user-supplied protocol details?
-Here it is.
-
-When fired, Hafiye first visits each sub-directory under its knowledge-base
-directory and opens to see whether it is a protocol knowledge-base file. If
-so, It loads the necessary information from that file and places it into its
-memory space. After constructing the supplied knowledge-base, Hafiye starts
-looping for receiving packets. When a packet arrives, it demultiplexes the
-layers according to its knowledge-base and prints protocol-based information.
-
-Features
- - Multi Platform Support (Posix Compliant)
- - Customizable Protocol Definitions (Layer II, III and IV)
- - Customizable Packet Interpretation (Layer II, III and IV)
-
-WWW: http://www.enderunix.org/hafiye/
diff --git a/security/hafiye/pkg-plist b/security/hafiye/pkg-plist
deleted file mode 100644
index c5e0fa92e1c2..000000000000
--- a/security/hafiye/pkg-plist
+++ /dev/null
@@ -1,10 +0,0 @@
-bin/hafiye
-share/hafiye/LII/IP
-share/hafiye/LIII/ICMP
-share/hafiye/LIII/TCP
-share/hafiye/LIII/UDP
-share/hafiye/LIV/DNS
-@dirrm share/hafiye/LII
-@dirrm share/hafiye/LIII
-@dirrm share/hafiye/LIV
-@dirrm share/hafiye
diff --git a/security/ident2/Makefile b/security/ident2/Makefile
deleted file mode 100644
index a23f8eb1279d..000000000000
--- a/security/ident2/Makefile
+++ /dev/null
@@ -1,29 +0,0 @@
-# New ports collection makefile for: ident2
-# Date created: 30 Nov 1999
-# Whom: rod@zort.on.ca
-#
-# $FreeBSD$
-#
-
-PORTNAME= ident2
-PORTVERSION= 1.07
-CATEGORIES= security net
-MASTER_SITES= http://michael.bacarella.com/projects/ident2/
-DISTNAME= ident2-v${PORTVERSION}_FINAL
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= An RFC1413 identification server which also supports random replies
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-USE_BZIP2= yes
-GNU_CONFIGURE= yes
-MAN8= ident2.8
-PLIST_FILES= sbin/ident2
-
-do-install:
- ${INSTALL_PROGRAM} ${WRKSRC}/ident2 ${PREFIX}/sbin
- ${INSTALL_MAN} ${WRKSRC}/${MAN8} ${MANPREFIX}/man/man8/
-
-.include <bsd.port.mk>
diff --git a/security/ident2/distinfo b/security/ident2/distinfo
deleted file mode 100644
index bc7ebb7c74d1..000000000000
--- a/security/ident2/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (ident2-v1.07_FINAL.tar.bz2) = be8e2d37a2a9338aeea9933ddda413e9
-SHA256 (ident2-v1.07_FINAL.tar.bz2) = 42d819862da94f7eeefb072e6cbdb0c5a0c38f3ba52e6eeb73641e72826e9a11
-SIZE (ident2-v1.07_FINAL.tar.bz2) = 49411
diff --git a/security/ident2/pkg-descr b/security/ident2/pkg-descr
deleted file mode 100644
index 277a7110f307..000000000000
--- a/security/ident2/pkg-descr
+++ /dev/null
@@ -1,9 +0,0 @@
-This ident daemon runs as either a standalong daemon or as a child of inetd.
-Replies of your choice can be generated through a .ident file in the users
-home directory. A .noident will make it do an ident will not be conducted
-if the file is found in the users home directory.
-
-The server can also send random replies to all requests. This simplifies
-the problem of using IRC through a NATD network.
-
-WWW: http://michael.bacarella.com/?p=projects#ident2
diff --git a/security/liedentd/Makefile b/security/liedentd/Makefile
deleted file mode 100644
index 4797db29f46c..000000000000
--- a/security/liedentd/Makefile
+++ /dev/null
@@ -1,20 +0,0 @@
-# New ports collection makefile for: liedentd
-# Date created: 20 Mar 2001
-# Whom: wes@freebsd.org
-#
-# $FreeBSD$
-#
-
-PORTNAME= liedentd
-PORTVERSION= 1.1
-CATEGORIES= security net
-MASTER_SITES= ${MASTER_SITE_LOCAL}
-MASTER_SITE_SUBDIR= wes
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= An ident server which refuses to divulge security information
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-.include <bsd.port.mk>
diff --git a/security/liedentd/distinfo b/security/liedentd/distinfo
deleted file mode 100644
index 21d170d9f49b..000000000000
--- a/security/liedentd/distinfo
+++ /dev/null
@@ -1,2 +0,0 @@
-SHA256 (liedentd-1.1.tar.gz) = 751557eb82472c36629786540f99b3c3e4bb51d207211de59d0df4fcddb63594
-SIZE (liedentd-1.1.tar.gz) = 4262
diff --git a/security/liedentd/pkg-descr b/security/liedentd/pkg-descr
deleted file mode 100644
index fb2e35252e54..000000000000
--- a/security/liedentd/pkg-descr
+++ /dev/null
@@ -1,7 +0,0 @@
-This ident daemon runs as a standalone daemon and lies about users. By
-default, a random string is returned for each ident request, in order to
-preserve the security of your system. The name returned and the OS name
-may be specified on the command line.
-
-When run on a NAT router, this server simplifies the problem of using IRC
-through a NAT network.
diff --git a/security/liedentd/pkg-plist b/security/liedentd/pkg-plist
deleted file mode 100644
index b0be88e0f527..000000000000
--- a/security/liedentd/pkg-plist
+++ /dev/null
@@ -1,2 +0,0 @@
-sbin/liedentd
-etc/rc.d/liedentd.sh
diff --git a/security/pam_pop3/Makefile b/security/pam_pop3/Makefile
deleted file mode 100644
index 6c06477818fb..000000000000
--- a/security/pam_pop3/Makefile
+++ /dev/null
@@ -1,33 +0,0 @@
-# New ports collection makefile for: pam_pop3
-# Date created: 16 July 2002
-# Whom: Gea-Suan Lin <gslin@ccca.nctu.edu.tw>
-#
-# $FreeBSD$
-#
-
-PORTNAME= pam_pop3
-PORTVERSION= 1.0
-PORTREVISION= 1
-CATEGORIES= security
-MASTER_SITES= http://shum.huji.ac.il/~schapiro/linux/pam_pop3/
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= This module authenticates a user against a POP3 server
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-WRKSRC= ${WRKDIR}/${PORTNAME}
-
-do-build:
- ${CC} ${CFLAGS} -fpic -DPIC -Wall -c ${WRKSRC}/pam_pop3.c -o ${WRKSRC}/pam_pop3.o
- ${LD} -x --shared -o ${WRKSRC}/pam_pop3.so ${WRKSRC}/pam_pop3.o -lpam -lcrypt
-
-do-install:
- @${INSTALL_DATA} ${WRKSRC}/${PORTNAME}.so ${PREFIX}/lib
-.if !defined(NOPORTDOCS)
- @${MKDIR} ${DOCSDIR}
- ${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}
-.endif
-
-.include <bsd.port.mk>
diff --git a/security/pam_pop3/distinfo b/security/pam_pop3/distinfo
deleted file mode 100644
index 685e8eae2d75..000000000000
--- a/security/pam_pop3/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (pam_pop3-1.0.tar.gz) = e9bfebe349f79e308ff8d329e5b25f91
-SHA256 (pam_pop3-1.0.tar.gz) = 82b5f56cd29903051a1deea654cbf35ed5a3ac60271da440ff5de2338d415828
-SIZE (pam_pop3-1.0.tar.gz) = 5271
diff --git a/security/pam_pop3/files/patch-pam_pop3.c b/security/pam_pop3/files/patch-pam_pop3.c
deleted file mode 100644
index 6eff9e2bf73c..000000000000
--- a/security/pam_pop3/files/patch-pam_pop3.c
+++ /dev/null
@@ -1,37 +0,0 @@
---- pam_pop3.c.orig Tue Jul 16 00:14:29 2002
-+++ pam_pop3.c Tue Jul 16 00:16:38 2002
-@@ -21,6 +21,7 @@
- #include <errno.h>
- #include <netdb.h>
- #include <sys/types.h>
-+#include <sys/time.h>
- #include <netinet/in.h>
- #include <sys/socket.h>
-
-@@ -85,7 +86,7 @@
- close(sockfd);
- return -1;
- }
-- if ((numbytes=recv(sockfd,buf,BUFLEN-1,MSG_NOSIGNAL))<=0)
-+ if ((numbytes=recv(sockfd,buf,BUFLEN-1,0))<=0)
- {
- if (numbytes==0)
- /* other side closed connection */
-@@ -138,7 +139,7 @@
- close(sockfd);
- return -1;
- }
-- if ((numbytes=send(sockfd,buf,strlen(buf),MSG_NOSIGNAL))<strlen(buf))
-+ if ((numbytes=send(sockfd,buf,strlen(buf),0))<strlen(buf))
- {
- /* it did not send everything, try once more and then fail */
- if (numbytes>0)
-@@ -153,7 +154,7 @@
- return -1;
- }
- /* send remaining bytes */
-- numbytes+=send(sockfd,buf+numbytes,strlen(buf)-numbytes,MSG_NOSIGNAL);
-+ numbytes+=send(sockfd,buf+numbytes,strlen(buf)-numbytes,0);
- }
- if (numbytes!=strlen(buf))
- {
diff --git a/security/pam_pop3/pkg-descr b/security/pam_pop3/pkg-descr
deleted file mode 100644
index 9ffa70f21d9a..000000000000
--- a/security/pam_pop3/pkg-descr
+++ /dev/null
@@ -1,6 +0,0 @@
-pam_pop3 by Schlomo Schapiro (schapiro@huji.ac.il)
-
-This module authenticates a user against a POP3 server.
-It supplies only the AUTH functions.
-
-WWW: http://shum.huji.ac.il/~schapiro/linux/
diff --git a/security/pam_pop3/pkg-plist b/security/pam_pop3/pkg-plist
deleted file mode 100644
index f84e6e016a45..000000000000
--- a/security/pam_pop3/pkg-plist
+++ /dev/null
@@ -1,3 +0,0 @@
-lib/pam_pop3.so
-%%PORTDOCS%%share/doc/pam_pop3/README
-%%PORTDOCS%%@dirrm share/doc/pam_pop3
diff --git a/security/poc/Makefile b/security/poc/Makefile
deleted file mode 100644
index e80c5739b126..000000000000
--- a/security/poc/Makefile
+++ /dev/null
@@ -1,34 +0,0 @@
-# New ports collection makefile for: poc
-# Date created: Tue Jun 11 22:43:06 CEST 2002
-# Whom: king@v2project.com
-#
-# $FreeBSD$
-#
-
-PORTNAME= poc
-PORTVERSION= 1.2
-PORTREVISION= 3
-CATEGORIES= security
-MASTER_SITES= ${MASTER_SITE_GNU}
-MASTER_SITE_SUBDIR=poc
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= Program for managing passwords on smartcards
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-LIB_DEPENDS= towitoko.2:${PORTSDIR}/devel/towitoko
-
-PLIST_FILES= bin/poc
-USE_GMAKE= yes
-GNU_CONFIGURE= yes
-CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
- LDFLAGS="-L${LOCALBASE}/lib"
-
-post-patch:
- ${REINPLACE_CMD} -e "s,^CFLAGS,#CFLAGS,; \
- s,^CPPFLAGS =,CPPFLAGS = ${CPPFLAGS} -I${LOCALBASE}/include," \
- ${WRKSRC}/src/Makefile.in
-
-.include <bsd.port.mk>
diff --git a/security/poc/distinfo b/security/poc/distinfo
deleted file mode 100644
index a16370fe6743..000000000000
--- a/security/poc/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (poc-1.2.tar.gz) = 06cdaa49f3ca5703b170b229e83a0375
-SHA256 (poc-1.2.tar.gz) = e22260de0a6ea8e001ce9e13dee0e88db3bebcfa2d629f662ee2b7c244444727
-SIZE (poc-1.2.tar.gz) = 133376
diff --git a/security/poc/files/patch-src_missing__libs.h b/security/poc/files/patch-src_missing__libs.h
deleted file mode 100644
index 0dcf40832e8d..000000000000
--- a/security/poc/files/patch-src_missing__libs.h
+++ /dev/null
@@ -1,14 +0,0 @@
-
-$FreeBSD$
-
---- src/missing_libs.h.orig Thu Jul 25 17:11:57 2002
-+++ src/missing_libs.h Thu Jul 25 17:12:25 2002
-@@ -46,7 +46,7 @@
- #define __bswap_constant_16(x) \
- ((((x) >> 8) & 0xff) | (((x) & 0xff) << 8))
-
--#if defined __GNUC__ && __GNUC__ >= 2
-+#if defined __i386__ && defined __GNUC__ && __GNUC__ >= 2
- # define __bswap_16(x) \
- (__extension__ \
- ({ register unsigned short int __v; \
diff --git a/security/poc/pkg-descr b/security/poc/pkg-descr
deleted file mode 100644
index 3e2e540e2c76..000000000000
--- a/security/poc/pkg-descr
+++ /dev/null
@@ -1,15 +0,0 @@
-GNU POC is a program for managing passwords on smartcards
-
-Each password is stored together with a description on the card.
-All data on the card is stored encrypted so others won't be able to
-get your passwords by reading the card.
-
-POC encrypts using Blowfish or Rijndael (AES) with a 192 or 256 bit key
-(depending on the security level selected by the user).
-Other algorithms can be added easily
-
-POC needs a CT-API library. I use the one by Carlos Prados
-(http://www.geocities.com/cprados/) for TOWITOKO readers.
-for TOWITOKO readers
-
-WWW: http://www.gnu.org/software/poc/poc.html
diff --git a/security/portscanner/Makefile b/security/portscanner/Makefile
deleted file mode 100644
index 8f33afd22741..000000000000
--- a/security/portscanner/Makefile
+++ /dev/null
@@ -1,30 +0,0 @@
-# New ports collection makefile for: portscanner
-# Date created: 11 August 1998
-# Whom: Bill Fumerola <billf@chc-chimes.com>
-#
-# $FreeBSD$
-#
-
-PORTNAME= portscanner
-PORTVERSION= 1.2
-PORTREVISION= 1
-CATEGORIES= security
-MASTER_SITES= ${MASTER_SITE_PACKETSTORM}
-MASTER_SITE_SUBDIR= UNIX/scanners
-DISTNAME= PortScanner-${PORTVERSION}
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= A simple and easy to use TCP port scanner
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-PLIST_FILES= bin/portscanner
-
-do-build:
- @ ${CC} -o ${WRKSRC}/portscanner ${CFLAGS} ${WRKSRC}/portscanner.c
-
-do-install:
- @ ${INSTALL_PROGRAM} ${WRKSRC}/portscanner ${PREFIX}/bin
-
-.include <bsd.port.mk>
diff --git a/security/portscanner/distinfo b/security/portscanner/distinfo
deleted file mode 100644
index 1602673a3e0a..000000000000
--- a/security/portscanner/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (PortScanner-1.2.tar.gz) = e03b613ad7bc102d041d1e4b4442b99a
-SHA256 (PortScanner-1.2.tar.gz) = 6a73284482200a882d86ebb03397b6d3c4e02dbff78b57e311d409ef479894e9
-SIZE (PortScanner-1.2.tar.gz) = 6825
diff --git a/security/portscanner/files/patch-ab b/security/portscanner/files/patch-ab
deleted file mode 100644
index d1656f1d1a75..000000000000
--- a/security/portscanner/files/patch-ab
+++ /dev/null
@@ -1,12 +0,0 @@
---- portscanner.c.orig Wed Aug 19 10:37:44 1998
-+++ portscanner.c Sun Jul 7 13:16:39 2002
-@@ -25,8 +25,8 @@
- /***********************************************************/
-
- #include <stdio.h>
--#include <sys/socket.h>
- #include <sys/types.h>
-+#include <sys/socket.h>
- #include <netinet/in.h>
- #include <unistd.h>
- #include <netdb.h>
diff --git a/security/portscanner/pkg-descr b/security/portscanner/pkg-descr
deleted file mode 100644
index 6cc5603187f8..000000000000
--- a/security/portscanner/pkg-descr
+++ /dev/null
@@ -1,5 +0,0 @@
-PortScanner is a simple and easy to use TCP port scanner. It is usually used to
-log the running servers on a remote machine for security purposes and to help
-people find services.
-
-WWW: http://www.ameth.org/~veilleux/
diff --git a/security/ppgen/Makefile b/security/ppgen/Makefile
deleted file mode 100644
index a540f15d6393..000000000000
--- a/security/ppgen/Makefile
+++ /dev/null
@@ -1,29 +0,0 @@
-# Ports collection makefile for: ppgen
-# Date created: 22 Aug 2001
-# Whom: Kris Kennaway <kris@FreeBSD.org>
-#
-# $FreeBSD$
-#
-
-PORTNAME= ppgen
-PORTVERSION= 1.0
-CATEGORIES= security
-MASTER_SITES= ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/ppgen/
-DISTFILES= ${DISTNAME}.tar.gz en.gz
-EXTRACT_ONLY= ${DISTNAME}.tar.gz
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= Secure passphrase generator
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-GNU_CONFIGURE= yes
-
-MAN1= ppgen.1
-
-post-install:
- ${MKDIR} ${PREFIX}/share/ppgen
- ${GZIP_CMD} -dc ${DISTDIR}/en.gz > ${PREFIX}/share/ppgen/en
-
-.include <bsd.port.mk>
diff --git a/security/ppgen/distinfo b/security/ppgen/distinfo
deleted file mode 100644
index 783de997d158..000000000000
--- a/security/ppgen/distinfo
+++ /dev/null
@@ -1,6 +0,0 @@
-MD5 (ppgen-1.0.tar.gz) = 7544cda944428cfc2d17432adda25dc3
-SHA256 (ppgen-1.0.tar.gz) = ac3977cd2312d6006c04284ec2c2ec6a0317102a27944825a94af2e39f192b4c
-SIZE (ppgen-1.0.tar.gz) = 18123
-MD5 (en.gz) = 2a84c2d569c334dee1770e49de14455b
-SHA256 (en.gz) = 20b88b5abbb2666510a0fd6ce05199adc70b1320403c841cf21a6b55b6810166
-SIZE (en.gz) = 123541
diff --git a/security/ppgen/files/patch-ppg_random_c b/security/ppgen/files/patch-ppg_random_c
deleted file mode 100644
index 517f94d07b96..000000000000
--- a/security/ppgen/files/patch-ppg_random_c
+++ /dev/null
@@ -1,11 +0,0 @@
---- ppg_random.c.orig Tue Aug 29 04:19:01 1995
-+++ ppg_random.c Sat Aug 12 20:14:39 2000
-@@ -109,7 +109,7 @@ pgp_rand_really_init()
-
- int i;
-
-- SRAND(time(NULL)^getpid());
-+ srandomdev();
-
- for (i = 0; i < cachesize; i++) {
- /* Conservatively, take what RAND() returns and fold it down
diff --git a/security/ppgen/files/patch-ppgen_c b/security/ppgen/files/patch-ppgen_c
deleted file mode 100644
index e282f1fc7c35..000000000000
--- a/security/ppgen/files/patch-ppgen_c
+++ /dev/null
@@ -1,10 +0,0 @@
---- ppgen.c.orig Tue Aug 29 05:10:45 1995
-+++ ppgen.c Sat Aug 12 19:55:51 2000
-@@ -29,6 +29,7 @@
- #else
- char *optarg;
- #endif
-+#include <errno.h>
-
- #include "ppg_random.h"
-
diff --git a/security/ppgen/pkg-descr b/security/ppgen/pkg-descr
deleted file mode 100644
index 0285d4c9879b..000000000000
--- a/security/ppgen/pkg-descr
+++ /dev/null
@@ -1,14 +0,0 @@
-From the author (Michael Shields <shields@tembel.org>):
-
-ppgen generates passphrases using strings of words, long enough to have
-an arbitrary level of entropy. It can use any dictionary and the best
-available source of randomness, including PGP's cryptographic RNG if you
-have version 2.6.2. It is written in portable C, and it is fairly fast.
-
-You can use ppgen to generate passphrases whenever you have a program that
-accepts long passwords. I use it for Kerberos and for local passwords
-(I use the FreeBSD MD5-based crypt(3), not the standard limited Unix one),
-and for my PGP keyring.
-
-Because ppgen is so simple, it can also easily be used by passwd(1)
-or adduser(1) programs to choose passwords for users.
diff --git a/security/ppgen/pkg-plist b/security/ppgen/pkg-plist
deleted file mode 100644
index cbbd7627cda0..000000000000
--- a/security/ppgen/pkg-plist
+++ /dev/null
@@ -1,3 +0,0 @@
-bin/ppgen
-share/ppgen/en
-@dirrm share/ppgen
diff --git a/security/qident/Makefile b/security/qident/Makefile
deleted file mode 100644
index 89b65b7e4cd5..000000000000
--- a/security/qident/Makefile
+++ /dev/null
@@ -1,45 +0,0 @@
-# New ports collection makefile for: qident
-# Date created: 30 August 2001
-# Whom: dd
-#
-# $FreeBSD$
-#
-
-PORTNAME= qident
-PORTVERSION= 1.2
-CATEGORIES= security
-MASTER_SITES= http://www.hairylemon.org/~ad/software/qident/
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= Query a remote IDENT (RFC 1413) server
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-LIB_DEPENDS= ident.0:${PORTSDIR}/security/libident
-
-MANSECTS= 1
-MAN1= qident.1
-MANCOMPRESSED= maybe
-
-# MAN page COMPression SUFFIX
-.if !defined(NO_MANCOMPRESS)
-MANCOMPSUFFIX= .gz
-.else
-MANCOMPSUFFIX=
-.endif
-
-PLIST_FILES= bin/qident
-
-post-patch:
- @${REINPLACE_CMD} -e 's/getopt[.]h/unistd.h/g' ${WRKSRC}/*
-
-do-install:
- @${INSTALL_PROGRAM} ${WRKSRC}/qident ${PREFIX}/bin/qident
-.for __s in ${MANSECTS}
-.for __m in ${MAN${__s}:S/$/${MANCOMPSUFFIX}/}
- @${INSTALL_MAN} ${WRKSRC}/${__m} ${PREFIX}/man/man${__s}/${__m}
-.endfor
-.endfor
-
-.include <bsd.port.mk>
diff --git a/security/qident/distinfo b/security/qident/distinfo
deleted file mode 100644
index a1e14297e15b..000000000000
--- a/security/qident/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (qident-1.2.tar.gz) = 0969539b3855f9b67361bde0f7de7448
-SHA256 (qident-1.2.tar.gz) = 413556b060a2096c016053a60622039fc47a3e517b1443d460b599ea1a4e1479
-SIZE (qident-1.2.tar.gz) = 2760
diff --git a/security/qident/pkg-descr b/security/qident/pkg-descr
deleted file mode 100644
index 1da5d3ab5ca0..000000000000
--- a/security/qident/pkg-descr
+++ /dev/null
@@ -1,4 +0,0 @@
-A small program to query an ident protocol server (rfc1413). Uses the
-`libident' library.
-
-WWW: http://www.hairylemon.org/~ad/software/qident/
diff --git a/security/quintuple-agent/Makefile b/security/quintuple-agent/Makefile
deleted file mode 100644
index 23c553f37244..000000000000
--- a/security/quintuple-agent/Makefile
+++ /dev/null
@@ -1,46 +0,0 @@
-# New ports collection makefile for: quintuple-agent
-# Date created: 2003-02-06
-# Whom: Volker Stolz <stolz@i2.informatik.rwth-aachen.de>
-#
-# $FreeBSD$
-#
-
-PORTNAME= quintuple-agent
-PORTVERSION= 1.0.4
-PORTREVISION= 4
-CATEGORIES= security
-MASTER_SITES= ${MASTER_SITE_DEBIAN_POOL}
-DISTNAME= ${PORTNAME}_${PORTVERSION}.orig
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= Quintuple Agent is a program that stores secrets for you
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-USE_GETTEXT= yes
-USE_GNOME= glib12
-.ifndef(WITHOUT_X11)
-USE_GNOME+= gtk12
-PLIST_SUB+= X11=""
-.else
-PLIST_SUB+= X11="@comment "
-.endif
-
-WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}.orig
-GNU_CONFIGURE= yes
-CONFIGURE_ENV+= CPPFLAGS="${CPPFLAGS} -I${LOCALBASE}/include"
-#catgets disabled because it can't find all messages:
-#CONFIGURE_ARGS+=--with-catgets
-.ifdef(WITHOUT_X11)
-CONFIGURE_ARGS+=--disable-gtktest
-.endif
-USE_GMAKE= yes
-MAKE_ARGS= SUBDIRS="doc intl lib m4 po . test"
-
-MAN1= agpg.1 apgp.1 q-agent.1 secret-ask.1 q-client.1 secret-query.1
-
-post-install:
- @${CAT} ${PKGMESSAGE}
-
-.include <bsd.port.mk>
diff --git a/security/quintuple-agent/distinfo b/security/quintuple-agent/distinfo
deleted file mode 100644
index e2861d7c2cce..000000000000
--- a/security/quintuple-agent/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (quintuple-agent_1.0.4.orig.tar.gz) = c66079ad6fbb3962aa151b79e414e233
-SHA256 (quintuple-agent_1.0.4.orig.tar.gz) = bd17fd1be36e67ced211f3902d0f77d417963af35214605500d549377ffb17a2
-SIZE (quintuple-agent_1.0.4.orig.tar.gz) = 341223
diff --git a/security/quintuple-agent/files/patch-agpg.c b/security/quintuple-agent/files/patch-agpg.c
deleted file mode 100644
index 61cd90a5e093..000000000000
--- a/security/quintuple-agent/files/patch-agpg.c
+++ /dev/null
@@ -1,21 +0,0 @@
---- agpg.c 2002-09-28 07:16:01.000000000 +0000
-+++ agpg.c 2005-02-21 21:49:21.466050839 +0000
-@@ -100,11 +100,13 @@
- if (id)
- free(buf);
- while ((len = getline(&line, &size, gpg)) > 0) {
-- if (len > 10 && !strncmp(line, "sec ", 4) && line[10] == '/') {
-- char *x;
-- if ((x = strchr(line + 11, ' ')) != NULL) {
-- *x = 0;
-- id = strdup(line + 11);
-+#define GPG_SECKEYS_DELIM " \t/"
-+ if (strncmp(line, "sec ", 4) == 0 &&
-+ strtok(line, GPG_SECKEYS_DELIM) &&
-+ strtok(NULL, GPG_SECKEYS_DELIM)) {
-+ char *x;
-+ if ((x = strtok(NULL, GPG_SECKEYS_DELIM)) != NULL) {
-+ id = strdup(x);
- free(line);
- pclose(gpg);
- return id;
diff --git a/security/quintuple-agent/files/patch-configure b/security/quintuple-agent/files/patch-configure
deleted file mode 100644
index b67b8754609f..000000000000
--- a/security/quintuple-agent/files/patch-configure
+++ /dev/null
@@ -1,11 +0,0 @@
---- configure.orig Tue Mar 15 14:22:33 2005
-+++ configure Tue Mar 15 14:22:43 2005
-@@ -9388,7 +9388,7 @@
- _ACEOF
-
-
-- ac_config_files="$ac_config_files Makefile debian/Makefile doc/Makefile intl/Makefile lib/Makefile m4/Makefile po/Makefile.in test/Makefile"
-+ ac_config_files="$ac_config_files Makefile doc/Makefile intl/Makefile lib/Makefile m4/Makefile po/Makefile.in test/Makefile"
- cat >confcache <<\_ACEOF
- # This file is a shell script that caches the results of configure
- # tests run on this system so they can be shared between configure
diff --git a/security/quintuple-agent/pkg-descr b/security/quintuple-agent/pkg-descr
deleted file mode 100644
index a06c47229fd2..000000000000
--- a/security/quintuple-agent/pkg-descr
+++ /dev/null
@@ -1,7 +0,0 @@
-Quintuple Agent is a program that stores secrets for you.
-
- An example usage of Quintuple Agent would be for the storage of a
-passphrase. This way you will have to enter the passphrase only once
-in a while, not everytime it is needed.
-
-WWW: http://www.vibe.at/tools/q-agent/
diff --git a/security/quintuple-agent/pkg-message b/security/quintuple-agent/pkg-message
deleted file mode 100644
index 861ea46f953a..000000000000
--- a/security/quintuple-agent/pkg-message
+++ /dev/null
@@ -1,5 +0,0 @@
-
-You might want to consider making at least q-agent setuid root
-so that it can successfully use mlock() to protect your secrets
-in memory.
-
diff --git a/security/quintuple-agent/pkg-plist b/security/quintuple-agent/pkg-plist
deleted file mode 100644
index 9ac7557b472a..000000000000
--- a/security/quintuple-agent/pkg-plist
+++ /dev/null
@@ -1,13 +0,0 @@
-bin/agpg
-bin/apgp
-bin/q-agent
-bin/q-client
-%%X11%%bin/secret-query
-%%X11%%bin/secret-ask
-share/locale/de/LC_MESSAGES/quintuple-agent.mo
-share/locale/es_ES/LC_MESSAGES/quintuple-agent.mo
-share/locale/fr/LC_MESSAGES/quintuple-agent.mo
-share/locale/it/LC_MESSAGES/quintuple-agent.mo
-share/locale/pl/LC_MESSAGES/quintuple-agent.mo
-share/locale/pt_BR/LC_MESSAGES/quintuple-agent.mo
-share/locale/ru/LC_MESSAGES/quintuple-agent.mo
diff --git a/security/rc5pipe/Makefile b/security/rc5pipe/Makefile
deleted file mode 100644
index 6cb7bfd4e29e..000000000000
--- a/security/rc5pipe/Makefile
+++ /dev/null
@@ -1,26 +0,0 @@
-# New ports collection makefile for: rc5pipe
-# Date created: 25 June 2002
-# Whom: Frerich Raabe <frerich.raabe@gmx.de>
-#
-# $FreeBSD$
-#
-
-PORTNAME= rc5pipe
-PORTVERSION= 1.1
-CATEGORIES= security
-MASTER_SITES= http://people.fruitsalad.org/bdavis/FreeBSD/ports/distfiles/
-EXTRACT_SUFX= .tgz
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= RC5 en-/decryption via UNIX pipes
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-PLIST_FILES= bin/rc5pipe
-WRKSRC= ${WRKDIR}/rc5pipe
-
-do-install:
- ${INSTALL_PROGRAM} ${WRKSRC}/rc5pipe ${PREFIX}/bin/rc5pipe
-
-.include <bsd.port.mk>
diff --git a/security/rc5pipe/distinfo b/security/rc5pipe/distinfo
deleted file mode 100644
index 30bac64f8a94..000000000000
--- a/security/rc5pipe/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (rc5pipe-1.1.tgz) = df7d4b5f1f74ed04060fce577acf637b
-SHA256 (rc5pipe-1.1.tgz) = b0422e405227631f664a8d9e76f67f1815532da4dbb2f117bde379fbf135668f
-SIZE (rc5pipe-1.1.tgz) = 10637
diff --git a/security/rc5pipe/files/patch-Makefile b/security/rc5pipe/files/patch-Makefile
deleted file mode 100644
index 647cf93e542f..000000000000
--- a/security/rc5pipe/files/patch-Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
---- Makefile.orig Wed Jun 26 12:18:06 2002
-+++ Makefile Wed Jun 26 12:18:32 2002
-@@ -1,6 +1,5 @@
--CC=gcc
--CFLAGS= -I/usr/local/include -s -O2
--LIBS= -L/usr/local/lib
-+CFLAGS+= -I${LOCALBASE}/include -s
-+LIBS= -L${LOCALBASE}/lib
-
- all:
- $(CC) $(CFLAGS) -o rc5pipe rc5pipe.c $(LIBS)
diff --git a/security/rc5pipe/pkg-descr b/security/rc5pipe/pkg-descr
deleted file mode 100644
index 84f827117a42..000000000000
--- a/security/rc5pipe/pkg-descr
+++ /dev/null
@@ -1,3 +0,0 @@
-rc5pipe is a security program for encrypting and decrypting text via UNIX
-pipes. It uses the 128-bit RC5 encryption algorithm and takes advantage of
-padding, and is especially useful if combined with netcat.
diff --git a/security/rid/Makefile b/security/rid/Makefile
deleted file mode 100644
index 3d9e90dd7607..000000000000
--- a/security/rid/Makefile
+++ /dev/null
@@ -1,38 +0,0 @@
-# ex:ts=8
-# Ports collection makefile for: ddos_scan
-# Date created: Sun Feb 12, 2000
-# Whom: David O'Brien (obrien@NUXI.com)
-#
-# $FreeBSD$
-#
-
-PORTNAME= rid
-PORTVERSION= 1.0
-CATEGORIES= security
-MASTER_SITES= http://www.phreak.org/archives/exploits/denial/ \
- ftp://ftp.ntua.gr/pub/security/technotronic/denial/
-DISTFILES= ${PORTNAME}-${PORTVERSION:S/./_/}.tgz
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= Configurable remote distributed denial of service tool detector
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-ALL_TARGET= rid
-
-DOCS= README
-
-pre-configure:
- @${REINPLACE_CMD} -e 's:config.txt:${PREFIX}/etc/rid.conf.sample:g' \
- ${WRKSRC}/config.h
-
-do-install:
- @${INSTALL_PROGRAM} ${WRKSRC}/rid ${PREFIX}/sbin
- @${INSTALL_DATA} ${WRKSRC}/config.txt ${PREFIX}/etc/rid.conf.sample
-.if !defined(NOPORTDOCS)
- ${MKDIR} ${DOCSDIR}
- @${INSTALL_DATA} ${DOCS:S,^,${WRKSRC}/,} ${DOCSDIR}/
-.endif
-
-.include <bsd.port.mk>
diff --git a/security/rid/distinfo b/security/rid/distinfo
deleted file mode 100644
index 71deb22318fa..000000000000
--- a/security/rid/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (rid-1_0.tgz) = e954c79898465597d0da783738460554
-SHA256 (rid-1_0.tgz) = 16f99c15f1cd344690a188e10699603f0d8f2c15ca046da9943310393778589c
-SIZE (rid-1_0.tgz) = 22964
diff --git a/security/rid/files/patch-Makefile b/security/rid/files/patch-Makefile
deleted file mode 100644
index 3403d9a62d28..000000000000
--- a/security/rid/files/patch-Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
---- Makefile.orig Tue Feb 8 18:23:08 2000
-+++ Makefile Sun Feb 13 18:32:40 2000
-@@ -1,6 +1,6 @@
-
--CC=gcc
--LIBS=-lsocket -lnsl -lpcap -ll -ly
-+#CC=gcc
-+LIBS=-lpcap
- SRCS = sender.c main.c pinger.c y.tab.c lex.yy.c listen.c
- OBJS = sender.o main.o pinger.o y.tab.o lex.yy.o listen.o
- CFLAGS=-g
diff --git a/security/rid/files/patch-parser.l b/security/rid/files/patch-parser.l
deleted file mode 100644
index 4b89a6c774b5..000000000000
--- a/security/rid/files/patch-parser.l
+++ /dev/null
@@ -1,8 +0,0 @@
---- parser.l.orig Fri Jan 28 11:37:32 2000
-+++ parser.l Sun Feb 13 18:32:00 2000
-@@ -1,4 +1,5 @@
- %{
-+#include <sys/types.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <strings.h>
diff --git a/security/rid/pkg-descr b/security/rid/pkg-descr
deleted file mode 100644
index 7621341b0587..000000000000
--- a/security/rid/pkg-descr
+++ /dev/null
@@ -1,12 +0,0 @@
-RID - Remote Intrusion Detection
---------------------------------
-RID is a configurable tool which uses intrusion fingerprints to track down
-compromised hosts. RID can remotely detect Stacheldraht, TFN, Trinoo and TFN2k
-if the attacker did not change the default ports.
-
-After a compromise, this information can often be turned into a "fingerprint"
-of the intrusion. RID is designed to be capable of accurately specifying this
-"fingerprint" with little knowledge of network programming.
-
-RID is based off an extension of ngrep (network grep). It is different because
-it extends ngrep into a probing tool.
diff --git a/security/rid/pkg-plist b/security/rid/pkg-plist
deleted file mode 100644
index 5da7a3f59df0..000000000000
--- a/security/rid/pkg-plist
+++ /dev/null
@@ -1,5 +0,0 @@
-@comment $FreeBSD$
-sbin/rid
-etc/rid.conf.sample
-%%PORTDOCS%%%%DOCSDIR%%/README
-%%PORTDOCS%%@dirrm %%DOCSDIR%%
diff --git a/security/ssh/Makefile b/security/ssh/Makefile
deleted file mode 100644
index 9802b2de06d8..000000000000
--- a/security/ssh/Makefile
+++ /dev/null
@@ -1,136 +0,0 @@
-# New ports collection makefile for: ssh
-# Date created: 30 Jul 1995
-# Whom: torstenb@FreeBSD.org
-#
-# $FreeBSD$
-#
-
-PORTNAME= ssh
-PORTVERSION= 1.2.33
-PORTREVISION= 6
-CATEGORIES= security ipv6
-MASTER_SITES= ftp://ftp.ssh.com/pub/ssh/ \
- ftp://ftp.nsysu.edu.tw/Unix/Security/ssh/ \
- ftp://ftp.cronyx.ru/mirror/ssh/ \
- ftp://ftp.univie.ac.at/applications/ssh.com/
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= Secure shell client and server (remote login program)
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-CONFLICTS= openssh-* openssh-portable-* openssh-gssapi-* ssh2-3.*
-NO_LATEST_LINK= YES
-USE_AUTOTOOLS= autoconf213
-GNU_CONFIGURE= YES
-USE_PERL5= YES
-CONFIGURE_ENV+= PERL=${PERL5}
-
-CONFIGURE_ARGS+=--with-etcdir=${PREFIX}/etc
-
-# Uncomment if all your users are in their own group and their homedir
-# is writeable by that group. Beware the security implications!
-#
-#CONFIGURE_ARGS+= --enable-group-writeability
-
-# Uncomment if you want to allow ssh to emulate an unencrypted rsh connection
-# over a secure medium (i.e. allow SSH connections without encryption).
-# This is normally dangerous since it can lead to the disclosure of keys
-# and passwords.
-#
-#CONFIGURE_ARGS+= --with-none
-
-.if defined(KRB5_HOME) && exists(${KRB5_HOME})
-CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --enable-kerberos-tgt-passing \
- --disable-suid-ssh
-.endif
-
-# Include support for the SecureID card
-# Warning: untested !
-#
-.if defined(WITH_SECUREID)
-CONFIGURE_ARGS+= --with-secureid
-.endif
-
-# Don't use IDEA. IDEA can be freely used for non-commercial use. However,
-# commercial use may require a licence in a number of countries. Since SSH
-# itself may not be used for commercial purposes without a license, we
-# enable IDEA by default since the user would already be getting himself
-# into trouble.
-#
-.if defined(WITHOUT_IDEA)
-CONFIGURE_ARGS+= --without-idea
-.endif
-
-LIB_DEPENDS+= gmp.10:${PORTSDIR}/math/gmp
-MAKE_ENV+= GMPINCDIR="${LOCALBASE}/include" \
- GMPLIBDIR="${LOCALBASE}/lib"
-
-.include <bsd.port.pre.mk>
-
-.if !defined(REALLY_WANT_SSH)
-IGNORE= is now deprecated: OpenSSH is a superior version of SSH which has been included in the FreeBSD base system since 4.0-RELEASE. To override this warning set the REALLY_WANT_SSH environment variable and rebuild
-.endif
-
-MAN1= scp1.1 ssh-add1.1 ssh-agent1.1 ssh-keygen1.1 ssh1.1 \
- make-ssh-known-hosts1.1
-MAN8= sshd1.8
-MLINKS= make-ssh-known-hosts1.1 make-ssh-known-hosts.1 \
- scp1.1 scp.1 \
- ssh-add1.1 ssh-add.1 \
- ssh-agent1.1 ssh-agent.1 \
- ssh-keygen1.1 ssh-keygen.1 \
- ssh1.1 ssh.1 \
- ssh.1 slogin.1 \
- ssh1.1 slogin1.1 \
- sshd1.8 sshd.8
-
-pre-patch:
- @${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \
- ${WRKSRC}/make-ssh-known-hosts.pl.in
-
-post-install:
- @if [ ! -f ${PREFIX}/etc/ssh_host_key ]; then \
- ${ECHO_MSG} "Generating a secret host key..."; \
- ${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \
- fi; \
- if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \
- if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \
- ${ECHO_MSG} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
- ${SED} -e 's+!!PREFIX!!+${PREFIX}+g' ${FILESDIR}/sshd.sh \
- > ${PREFIX}/etc/rc.d/sshd.sh; \
- ${CHMOD} 751 ${PREFIX}/etc/rc.d/sshd.sh; \
- fi; \
- fi
-
-# Include tcp-wrapper support (call remote identd)
-CONFIGURE_ARGS+= --with-libwrap
-
-# Original IPv6 patches were obtained from ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/
-# ssh-1.2.27-IPv6-1.5-patch.gz
-# We still use WITH_INET6 here and try to support pre 4.0 machines with kame
-# IPv6 stack
-.if defined(WITH_INET6)
-CONFIGURE_ARGS+= --enable-ipv6
-.else
-CONFIGURE_ARGS+= --disable-ipv6
-.endif
-
-# Include SOCKS firewall support
-.if defined(WITH_SOCKS)
-CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5" --with-socks5
-.endif
-
-# Include extra files if X11 is installed
-.if defined(WITH_X11) || (exists(${LOCALBASE}/lib/libX11.a) \
- && !defined(WITHOUT_X11))
-USE_XORG= x11
-PLIST:= ${WRKDIR}/PLIST
-pre-install:
- @${CAT} ${PKGDIR}/pkg-plist.x11 ${PKGDIR}/pkg-plist > ${PLIST}
-.else
-CONFIGURE_ARGS+= --without-x
-.endif
-
-.include <bsd.port.post.mk>
diff --git a/security/ssh/distinfo b/security/ssh/distinfo
deleted file mode 100644
index c2bc8a8f4c08..000000000000
--- a/security/ssh/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (ssh-1.2.33.tar.gz) = 1a0ec35dfa1d8d9c0b650fa99ab21d56
-SHA256 (ssh-1.2.33.tar.gz) = d8ff41a026e77facee349becb79c04099e71012ae6bc386ced5ba58c926c2675
-SIZE (ssh-1.2.33.tar.gz) = 1030252
diff --git a/security/ssh/files/patch-aa b/security/ssh/files/patch-aa
deleted file mode 100644
index 3386fc8d68a3..000000000000
--- a/security/ssh/files/patch-aa
+++ /dev/null
@@ -1,19 +0,0 @@
-*** make-ssh-known-hosts.pl.in.orig Wed May 12 20:18:51 1999
---- make-ssh-known-hosts.pl.in Sun Jun 6 02:30:08 1999
-***************
-*** 98,104 ****
- $debug = 5;
- $defserver = '';
- $bell='\a';
-! $public_key = '/etc/ssh_host_key.pub';
- $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$";
- $timeout = 60;
- $ping_timeout = 3;
---- 98,104 ----
- $debug = 5;
- $defserver = '';
- $bell='\a';
-! $public_key = '@ETCDIR@/ssh_host_key.pub';
- $private_ssh_known_hosts = "/tmp/ssh_known_hosts$$";
- $timeout = 60;
- $ping_timeout = 3;
diff --git a/security/ssh/files/patch-ac b/security/ssh/files/patch-ac
deleted file mode 100644
index 2e1d77d2aefb..000000000000
--- a/security/ssh/files/patch-ac
+++ /dev/null
@@ -1,88 +0,0 @@
---- Makefile.in.orig Thu Jan 17 08:35:34 2002
-+++ Makefile.in Wed Jan 8 18:13:41 2003
-@@ -307,11 +307,13 @@
-
- SHELL = /bin/sh
-
--GMPDIR = gmp-2.0.2-ssh-2
--GMPLIBS = @ssh_gmp_ldadd_options@
--GMPDEP = $(GMPDIR)/gmp.h $(GMPDIR)/libgmp.a
-+GMPDIR =
-+GMPINCDIR ?= /usr/include
-+GMPLIBDIR ?= /usr/lib
-+GMPLIBS = -L$(GMPLIBDIR) -lgmp
-+GMPDEP = $(GMPINCDIR)/gmp.h $(GMPLIBDIR)/libgmp.a
-
--ZLIBDIR = zlib-1.0.4
-+ZLIBDIR = /usr/lib
- ZLIBDEP = $(ZLIBDIR)/libz.a
- ZLIBLIBS = @ssh_zlib_ldadd_options@
-
-@@ -418,17 +420,19 @@
- $(CC) -o rfc-pg rfc-pg.o
-
- .c.o:
-- $(CC) -c -I. $(KERBEROS_INCS) -I$(srcdir)/$(GMPDIR) -I$(srcdir)/$(ZLIBDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $<
-+ $(CC) -c -I. $(KERBEROS_INCS) -I$(GMPINCDIR) $(DEFS) -DHOST_KEY_FILE=\"$(HOST_KEY_FILE)\" -DHOST_CONFIG_FILE=\"$(HOST_CONFIG_FILE)\" -DSERVER_CONFIG_FILE=\"$(SERVER_CONFIG_FILE)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DETCDIR=\"$(etcdir)\" -DPIDDIR=\"$(piddir)\" -DSSH_BINDIR=\"$(bindir)\" -DTIS_MAP_FILE=\"$(TIS_MAP_FILE)\" $(CFLAGS) $(X_CFLAGS) $<
-
- sshd: $(SSHD_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
- -rm -f sshd
- $(CC) $(LDFLAGS) -o sshd $(SSHD_OBJS) \
-- $(GMPLIBS) $(ZLIBLIBS) $(WRAPLIBS) $(LIBS) $(KERBEROS_LIBS)
-+ $(KERBEROS_LIBS) \
-+ $(GMPLIBS) $(ZLIBLIBS) $(WRAPLIBS) $(LIBS)
-
- ssh: $(SSH_OBJS) $(GMPDEP) $(RSAREFDEP) $(ZLIBDEP)
- -rm -f ssh
- $(CC) $(LDFLAGS) -o ssh $(SSH_OBJS) \
-- $(GMPLIBS) $(ZLIBLIBS) $(WRAPLIBS) $(LIBS) $(KERBEROS_LIBS)
-+ $(KERBEROS_LIBS) \
-+ $(GMPLIBS) $(ZLIBLIBS) $(WRAPLIBS) $(LIBS)
-
- ssh-keygen: $(KEYGEN_OBJS) $(GMPDEP) $(RSAREFDEP)
- -rm -f ssh-keygen
-@@ -436,7 +440,9 @@
-
- ssh-agent: $(AGENT_OBJS) $(GMPDEP) $(RSAREFDEP)
- -rm -f ssh-agent
-- $(CC) $(LDFLAGS) -o ssh-agent $(AGENT_OBJS) $(GMPLIBS) $(LIBS) $(KERBEROS_LIBS)
-+ $(CC) $(LDFLAGS) -o ssh-agent $(AGENT_OBJS) \
-+ $(KERBEROS_LIBS) \
-+ $(GMPLIBS) $(LIBS)
-
- ssh-add: $(ADD_OBJS) $(GMPDEP) $(RSAREFDEP)
- -rm -f ssh-add
-@@ -461,12 +467,12 @@
- sed "s#&PERL&#$(PERL)#" <$(srcdir)/make-ssh-known-hosts.pl >make-ssh-known-hosts
- chmod +x make-ssh-known-hosts
-
--GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \
-+XXX_DONT_GMP_COPY_SOURCES = mpz_gcd.c mpz_powm.c mpz_pow_ui.c mpz_add.c mpz_sub.c \
- mpz_mul.c mpz_cmp.c mpz_sqrtrem.c
--$(GMPDIR)/libgmp.a:
-+XXX_DONT_$(GMPDIR)/libgmp.a:
- cd $(GMPDIR); $(MAKE)
-
--$(ZLIBDEP):
-+XXX_DONT_$(ZLIBDEP):
- -if test '!' -d $(ZLIBDIR); then \
- mkdir $(ZLIBDIR); \
- cp $(srcdir)/$(ZLIBDIR)/Makefile $(ZLIBDIR); \
-@@ -530,7 +536,7 @@
- # (otherwise it can only log in as the user it runs as, and must be
- # bound to a non-privileged port). Also, password authentication may
- # not be available if non-root and using shadow passwords.
--install: $(PROGRAMS) make-dirs generate-host-key install-configs
-+install: $(PROGRAMS) make-dirs install-configs
- -rm -f $(install_prefix)$(bindir)/ssh1.old
- -chmod 755 $(install_prefix)$(bindir)/ssh1
- -chmod 755 $(install_prefix)$(bindir)/ssh
-@@ -756,7 +762,7 @@
- (echo "s/\.$$old_version\"/.$$new_version\"/g"; echo w; echo q) | ed $(srcdir)/version.h >/dev/null
-
- depend:
-- $(MAKEDEP) -I$(srcdir) -I. -I$(GMPDIR) -I$(ZLIBDIR) $(DEFS) $(SRCS)
-+ $(MAKEDEP) -I$(srcdir) -I. $(DEFS) $(SRCS)
-
- tags:
- -rm -f TAGS
diff --git a/security/ssh/files/patch-ad b/security/ssh/files/patch-ad
deleted file mode 100644
index bab4169bca64..000000000000
--- a/security/ssh/files/patch-ad
+++ /dev/null
@@ -1,13 +0,0 @@
-*** auth-passwd.c.orig Wed May 12 20:19:23 1999
---- auth-passwd.c Sun Jun 6 02:36:00 1999
-***************
-*** 911,916 ****
---- 911,918 ----
- encrypted_password = crypt(password,
- (correct_passwd[0] && correct_passwd[1]) ?
- correct_passwd : "xx");
-+ if (!password[0] && correct_passwd[0])
-+ encrypted_password = ":";
- #endif /* HAVE_SCO_ETC_SHADOW */
-
- /* Authentication is accepted if the encrypted passwords are identical. */
diff --git a/security/ssh/files/patch-ae b/security/ssh/files/patch-ae
deleted file mode 100644
index 0ef0a89ae6c2..000000000000
--- a/security/ssh/files/patch-ae
+++ /dev/null
@@ -1,58 +0,0 @@
-*** server_config.sample.old Thu Apr 20 23:24:57 2000
---- server_config.sample Thu Apr 20 23:26:24 2000
-***************
-*** 1,13 ****
- # This is ssh server systemwide configuration file.
-
- Port 22
-! ListenAddress 0.0.0.0
- HostKey _ETCDIR_/ssh_host_key
- RandomSeed _ETCDIR_/ssh_random_seed
- ServerKeyBits 768
- LoginGraceTime 600
- KeyRegenerationInterval 3600
-! PermitRootLogin yes
- IgnoreRhosts no
- StrictModes yes
- QuietMode no
---- 1,13 ----
- # This is ssh server systemwide configuration file.
-
- Port 22
-! #Port 722 # Secondary port to listen on
- HostKey _ETCDIR_/ssh_host_key
- RandomSeed _ETCDIR_/ssh_random_seed
- ServerKeyBits 768
- LoginGraceTime 600
- KeyRegenerationInterval 3600
-! PermitRootLogin no
- IgnoreRhosts no
- StrictModes yes
- QuietMode no
-***************
-*** 16,27 ****
- FascistLogging no
- PrintMotd yes
- KeepAlive yes
-! SyslogFacility DAEMON
- RhostsAuthentication no
- RhostsRSAAuthentication yes
- RSAAuthentication yes
- PasswordAuthentication yes
-! PermitEmptyPasswords yes
- UseLogin no
- # CheckMail no
- # PidFile /u/zappa/.ssh/pid
---- 16,27 ----
- FascistLogging no
- PrintMotd yes
- KeepAlive yes
-! SyslogFacility AUTH
- RhostsAuthentication no
- RhostsRSAAuthentication yes
- RSAAuthentication yes
- PasswordAuthentication yes
-! PermitEmptyPasswords no
- UseLogin no
- # CheckMail no
- # PidFile /u/zappa/.ssh/pid
diff --git a/security/ssh/files/patch-af b/security/ssh/files/patch-af
deleted file mode 100644
index e9f2a66f0dbd..000000000000
--- a/security/ssh/files/patch-af
+++ /dev/null
@@ -1,564 +0,0 @@
---- sshd.c.orig Mon Jul 3 19:07:35 2000
-+++ sshd.c Sat Jun 29 22:25:41 2002
-@@ -567,6 +567,19 @@
- /* Name of the server configuration file. */
- char *config_file_name = SERVER_CONFIG_FILE;
-
-+/* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
-+ Default value is AF_UNSPEC means both IPv4 and IPv6. */
-+#ifdef ENABLE_IPV6
-+int IPv4or6 = AF_UNSPEC;
-+#else
-+int IPv4or6 = AF_INET;
-+#endif
-+
-+#ifdef ENABLE_LOG_AUTH
-+char *unauthenticated_user = NULL;
-+int log_auth_flag = 0;
-+#endif /* ENABLE_LOG_AUTH */
-+
- /* Debug mode flag. This can be set on the command line. If debug
- mode is enabled, extra debugging output will be sent to the system
- log, the daemon will not go to background, and will exit after processing
-@@ -590,7 +603,17 @@
-
- /* This is set to the socket that the server is listening; this is used in
- the SIGHUP signal handler. */
--int listen_sock;
-+#define MAX_LISTEN_SOCKS 16
-+int listen_socks[MAX_LISTEN_SOCKS];
-+int num_listen_socks = 0;
-+void close_listen_socks()
-+{
-+ int i;
-+
-+ for (i = 0; i < num_listen_socks; i++)
-+ close(listen_socks[i]);
-+ num_listen_socks = -1;
-+}
-
- /* This is not really needed, and could be eliminated if server-specific
- and client-specific code were removed from newchannels.c */
-@@ -680,7 +703,7 @@
- void sighup_restart(void)
- {
- log_msg("Received SIGHUP; restarting.");
-- close(listen_sock);
-+ close_listen_socks();
- execvp(saved_argv[0], saved_argv);
- log_msg("RESTART FAILED: av[0]='%.100s', error: %.100s.",
- saved_argv[0], strerror(errno));
-@@ -694,7 +717,7 @@
- RETSIGTYPE sigterm_handler(int sig)
- {
- log_msg("Received signal %d; terminating.", sig);
-- close(listen_sock);
-+ close_listen_socks();
- exit(255);
- }
-
-@@ -773,7 +796,7 @@
- int perm_denied = 0;
- int ret;
- fd_set fdset;
-- struct sockaddr_in sin;
-+ struct sockaddr_storage from;
- char buf[100]; /* Must not be larger than remote_version. */
- char remote_version[100]; /* Must be at least as big as buf. */
- char *comment;
-@@ -783,6 +806,9 @@
- struct linger linger;
- #endif /* SO_LINGER */
- int done;
-+ struct addrinfo *ai;
-+ char ntop[ADDRSTRLEN], strport[PORTSTRLEN];
-+ int listen_sock, maxfd;
-
- /* Save argv[0]. */
- saved_argv = av;
-@@ -801,10 +827,26 @@
- initialize_server_options(&options);
-
- /* Parse command-line arguments. */
-- while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqV:")) != EOF)
-+ while ((opt = getopt(ac, av, "f:p:b:k:h:g:diqV:4"
-+#ifdef ENABLE_IPV6
-+ "6"
-+#endif
-+ )) != EOF)
- {
- switch (opt)
- {
-+ case '4':
-+#ifdef ENABLE_IPV6
-+ IPv4or6 = (IPv4or6 == AF_INET6) ? AF_UNSPEC : AF_INET;
-+#else
-+ IPv4or6 = AF_INET;
-+#endif
-+ break;
-+#ifdef ENABLE_IPV6
-+ case '6':
-+ IPv4or6 = (IPv4or6 == AF_INET) ? AF_UNSPEC : AF_INET6;
-+ break;
-+#endif
- case 'f':
- config_file_name = optarg;
- break;
-@@ -821,7 +863,7 @@
- options.server_key_bits = atoi(optarg);
- break;
- case 'p':
-- options.port = atoi(optarg);
-+ options.ports[options.num_ports++] = atoi(optarg);
- break;
- case 'g':
- options.login_grace_time = atoi(optarg);
-@@ -843,6 +885,10 @@
- fprintf(stderr, "sshd version %s [%s]\n", SSH_VERSION, HOSTTYPE);
- fprintf(stderr, "Usage: %s [options]\n", av0);
- fprintf(stderr, "Options:\n");
-+ fprintf(stderr, " -4 Use IPv4 only\n");
-+#ifdef ENABLE_IPV6
-+ fprintf(stderr, " -6 Use IPv6 only\n");
-+#endif
- fprintf(stderr, " -f file Configuration file (default %s/sshd_config)\n", ETCDIR);
- fprintf(stderr, " -d Debugging mode\n");
- fprintf(stderr, " -i Started from inetd\n");
-@@ -871,16 +917,15 @@
- fprintf(stderr, "fatal: Bad server key size.\n");
- exit(1);
- }
-- if (options.port < 1 || options.port > 65535)
-- {
-- fprintf(stderr, "fatal: Bad port number.\n");
-- exit(1);
-- }
- if (options.umask != -1)
- {
- umask(options.umask);
- }
-
-+#ifdef ENABLE_LOG_AUTH
-+ log_auth_flag = options.log_auth;
-+#endif /* ENABLE_LOG_AUTH */
-+
- /* Check that there are no remaining arguments. */
- if (optind < ac)
- {
-@@ -1048,10 +1093,13 @@
- }
- else
- {
-+ for (ai = options.listen_addrs; ai; ai = ai->ai_next)
-+ {
- /* Create socket for listening. */
-- listen_sock = socket(AF_INET, SOCK_STREAM, 0);
-+ listen_sock = socket(ai->ai_family, SOCK_STREAM, 0);
- if (listen_sock < 0)
- fatal("socket: %.100s", strerror(errno));
-+ listen_socks[num_listen_socks] = listen_sock;
-
- /* Set socket options. We try to make the port reusable and have it
- close as fast as possible without waiting in unnecessary wait states
-@@ -1065,21 +1113,30 @@
- sizeof(linger));
- #endif /* SO_LINGER */
-
-- /* Initialize the socket address. */
-- memset(&sin, 0, sizeof(sin));
-- sin.sin_family = AF_INET;
-- sin.sin_addr = options.listen_addr;
-- sin.sin_port = htons(options.port);
-+ getnameinfo(ai->ai_addr, ai->ai_addrlen,
-+ ntop, sizeof(ntop), strport, sizeof(strport),
-+ NI_NUMERICHOST|NI_NUMERICSERV);
-
- /* Bind the socket to the desired port. */
-- if (bind(listen_sock, (struct sockaddr *)&sin, sizeof(sin)) < 0)
-+ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0)
- {
-- error("bind: %.100s", strerror(errno));
-- shutdown(listen_sock, 2);
-+ error("Bind to port %s on %s failed: %.200s.",
-+ strport, ntop, strerror(errno));
- close(listen_sock);
-- fatal("Bind to port %d failed: %.200s.", options.port,
-- strerror(errno));
-+ continue;
- }
-+ num_listen_socks++;
-+
-+ /* Start listening on the port. */
-+ log_msg("Server listening on %s port %s.", ntop, strport);
-+ if (listen(listen_sock, 5) < 0)
-+ fatal("listen: %.100s", strerror(errno));
-+
-+ } /* for (ai = options.listen_addrs; ai; ai = ai->ai_next) */
-+ freeaddrinfo(options.listen_addrs);
-+
-+ if (!num_listen_socks)
-+ fatal("Cannot bind all addresses.");
-
- if (!debug_flag)
- {
-@@ -1095,11 +1152,6 @@
- }
- }
-
-- /* Start listening on the port. */
-- log_msg("Server listening on port %d.", options.port);
-- if (listen(listen_sock, 5) < 0)
-- fatal("listen: %.100s", strerror(errno));
--
- /* Generate an rsa key. */
- log_msg("Generating %d bit RSA key.", options.server_key_bits);
- rsa_generate_key(&sensitive_data.private_key, &public_key,
-@@ -1153,18 +1205,28 @@
-
- /* Wait in select until there is a connection. */
- FD_ZERO(&fdset);
-- FD_SET(listen_sock, &fdset);
-- ret = select(listen_sock + 1, &fdset, NULL, NULL, NULL);
-- if (ret < 0 || !FD_ISSET(listen_sock, &fdset))
-+ maxfd = 0;
-+ for (i = 0; i < num_listen_socks; i++)
-+ {
-+ FD_SET(listen_socks[i], &fdset);
-+ if (listen_socks[i] > maxfd)
-+ maxfd = listen_socks[i];
-+ }
-+ ret = select(maxfd + 1, &fdset, NULL, NULL, NULL);
-+ if (ret < 0)
- {
- if (errno == EINTR)
- continue;
- error("select: %.100s", strerror(errno));
- continue;
- }
--
-- aux = sizeof(sin);
-- newsock = accept(listen_sock, (struct sockaddr *)&sin, &aux);
-+
-+ for (i = 0; i < num_listen_socks; i++)
-+ {
-+ if (!FD_ISSET(listen_socks[i], &fdset))
-+ continue;
-+ aux = sizeof(from);
-+ newsock = accept(listen_socks[i], (struct sockaddr *)&from, &aux);
- if (newsock < 0)
- {
- if (errno == EINTR)
-@@ -1180,7 +1242,7 @@
- /* In debugging mode. Close the listening socket, and start
- processing the connection without forking. */
- debug("Server will not fork when running in debugging mode.");
-- close(listen_sock);
-+ close_listen_socks();
- sock_in = newsock;
- sock_out = newsock;
- pid = getpid();
-@@ -1209,7 +1271,7 @@
- the accepted socket. Reinitialize logging (since our
- pid has changed). We break out of the loop to handle
- the connection. */
-- close(listen_sock);
-+ close_listen_socks();
- sock_in = newsock;
- sock_out = newsock;
- #ifdef LIBWRAP
-@@ -1247,6 +1309,10 @@
-
- /* Close the new socket (the child is now taking care of it). */
- close(newsock);
-+ } /* for (i = 0; i < num_host_socks; i++) */
-+ /* child process check (or debug mode) */
-+ if (num_listen_socks < 0)
-+ break;
- }
- }
-
-@@ -2219,6 +2285,9 @@
- krb5_parse_name(ssh_context, user, &client);
- #endif /* defined(KERBEROS) && defined(KRB5) */
-
-+#ifdef ENABLE_LOG_AUTH
-+ unauthenticated_user = user;
-+#endif /* ENABLE_LOG_AUTH */
- /* Verify that the user is a valid user. We disallow usernames starting
- with any characters that are commonly used to start NIS entries. */
- pw = getpwnam(user);
-@@ -2236,7 +2305,7 @@
- pwcopy.pw_class = xstrdup(pw->pw_class);
- pwcopy.pw_change = pw->pw_change;
- pwcopy.pw_expire = pw->pw_expire;
--#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
-+#endif /* (__bsdi__ && _BSDI_VERSION >= 199510) || (__FreeBSD__ && HAVE_LOGIN_CAP_H) */
- pwcopy.pw_dir = xstrdup(pw->pw_dir);
- pwcopy.pw_shell = xstrdup(pw->pw_shell);
- pw = &pwcopy;
-@@ -2274,6 +2343,11 @@
- {
- /* Authentication with empty password succeeded. */
- debug("Login for user %.100s accepted without authentication.", user);
-+#ifdef ENABLE_LOG_AUTH
-+ log_auth("%.100s from %.700s (%s)",
-+ user, get_canonical_hostname(),
-+ "empty password accepted");
-+#endif /* ENABLE_LOG_AUTH */
- authentication_type = SSH_AUTH_PASSWORD;
- authenticated = 1;
- /* Success packet will be sent after loop below. */
-@@ -2348,6 +2422,11 @@
- /* Client has successfully authenticated to us. */
- log_msg("Kerberos authentication accepted %.100s for login to account %.100s from %.200s",
- tkt_user, user, get_canonical_hostname());
-+#ifdef ENABLE_LOG_AUTH
-+ log_auth("%.100s from %.700s (%s)",
-+ user, get_canonical_hostname(),
-+ "kerberos authentication accepted");
-+#endif /* ENABLE_LOG_AUTH */
- authentication_type = SSH_AUTH_KERBEROS;
- authenticated = 1;
- break;
-@@ -2396,6 +2475,11 @@
- /* Authentication accepted. */
- log_msg("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.",
- user, client_user, get_canonical_hostname());
-+#ifdef ENABLE_LOG_AUTH
-+ log_auth("%.100s from %.100s@%.700s (%s)",
-+ user, client_user, get_canonical_hostname(),
-+ "rhosts authentication accepted");
-+#endif /* ENABLE_LOG_AUTH */
- authentication_type = SSH_AUTH_RHOSTS;
- authenticated = 1;
- remote_user_name = client_user;
-@@ -2455,6 +2539,11 @@
- options.strict_modes))
- {
- /* Authentication accepted. */
-+#ifdef ENABLE_LOG_AUTH
-+ log_auth("%.100s from %.100s@%.700s (%s)",
-+ user, client_user, get_canonical_hostname(),
-+ "rhosts with RSA host authentication accepted");
-+#endif /* ENABLE_LOG_AUTH */
- authentication_type = SSH_AUTH_RHOSTS_RSA;
- authenticated = 1;
- remote_user_name = client_user;
-@@ -2488,6 +2577,11 @@
- /* Successful authentication. */
- mpz_clear(&n);
- log_msg("RSA authentication for %.100s accepted.", user);
-+#ifdef ENABLE_LOG_AUTH
-+ log_auth("%.100s from %.700s (%s)",
-+ user, get_canonical_hostname(),
-+ "RSA user authentication accepted");
-+#endif /* ENABLE_LOG_AUTH */
- authentication_type = SSH_AUTH_RSA;
- authenticated = 1;
- break;
-@@ -2622,6 +2716,11 @@
- auth_close();
- memset(password, 0, strlen(password));
- xfree(password);
-+#ifdef ENABLE_LOG_AUTH
-+ log_auth("%.100s from @%.700s (%s)",
-+ user, get_canonical_hostname(),
-+ "TIS authentication accepted");
-+#endif /* ENABLE_LOG_AUTH */
- authentication_type = SSH_AUTH_TIS;
- authenticated = 1;
- break;
-@@ -2682,6 +2781,11 @@
- memset(password, 0, strlen(password));
- xfree(password);
- log_msg("Password authentication for %.100s accepted.", user);
-+#ifdef ENABLE_LOG_AUTH
-+ log_auth("%.100s from %.700s (%s)",
-+ user, get_canonical_hostname(),
-+ "password authentication accepted");
-+#endif /* ENABLE_LOG_AUTH */
- authentication_type = SSH_AUTH_PASSWORD;
- authenticated = 1;
- break;
-@@ -2722,6 +2826,11 @@
- }
-
- /* Check if the user is logging in as root and root logins are disallowed. */
-+#ifdef ENABLE_LOG_AUTH
-+ if ((pw->pw_uid == UID_ROOT && options.permit_root_login == 1) ||
-+ (pw->pw_uid == UID_ROOT && options.permit_root_login == 0 && !forced_command))
-+ log_auth("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname());
-+#endif /* ENABLE_LOG_AUTH */
- if (pw->pw_uid == UID_ROOT && options.permit_root_login == 1)
- {
- if (authentication_type == SSH_AUTH_PASSWORD)
-@@ -2789,6 +2898,9 @@
- packet_start(SSH_SMSG_SUCCESS);
- packet_send();
- packet_write_wait();
-+#ifdef ENABLE_LOG_AUTH
-+ unauthenticated_user = NULL;
-+#endif /* ENABLE_LOG_AUTH */
-
- /* Perform session preparation. */
- do_authenticated(pw);
-@@ -3383,15 +3495,16 @@
- char line[256];
- struct stat st;
- int quiet_login;
-- struct sockaddr_in from;
-+ struct sockaddr_storage from;
- int fromlen;
- struct pty_cleanup_context cleanup_context;
- #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
- login_cap_t *lc;
-+ time_t warnpassword, warnexpire;
- #endif
--#if defined (__bsdi__) && _BSDI_VERSION >= 199510
-+#if defined(__FreeBSD__) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
- struct timeval tp;
--#endif /* __bsdi__ && _BSDI_VERSION >= 199510 */
-+#endif /* __FreeBSD__ || (__bsdi__ && _BSDI_VERSION >= 199510) */
-
- /* We no longer need the child running on user's privileges. */
- userfile_uninit();
-@@ -3490,7 +3603,7 @@
-
- /* Record that there was a login on that terminal. */
- record_login(pid, ttyname, pw->pw_name, pw->pw_uid, hostname,
-- &from);
-+ (struct sockaddr *)&from);
-
- #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
- lc = login_getclass(pw->pw_class);
-@@ -3549,6 +3662,14 @@
- "The Regents of the University of California. ",
- "All rights reserved.");
- }
-+#ifdef HAVE_LOGIN_CAP_H
-+#define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */
-+
-+ warnpassword = login_getcaptime(lc, "warnpassword",
-+ DEFAULT_WARN, DEFAULT_WARN);
-+ warnexpire = login_getcaptime(lc, "warnexpire",
-+ DEFAULT_WARN, DEFAULT_WARN);
-+#endif
- #endif
-
- /* Print /etc/motd unless a command was specified or printing it was
-@@ -3572,7 +3693,7 @@
- fputs(line, stdout);
- fclose(f);
- }
--#if defined (__bsdi__) && _BSDI_VERSION >= 199510
-+#if defined(__FreeBSD__) || (defined(__bsdi__) && _BSDI_VERSION >= 199510)
- if (pw->pw_change || pw->pw_expire)
- (void)gettimeofday(&tp, (struct timezone *)NULL);
- if (pw->pw_change)
-@@ -3979,6 +4100,7 @@
- char *user_shell;
- char *remote_ip;
- int remote_port;
-+ int local_port;
- #if defined (__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)
- login_cap_t *lc;
- char *real_shell;
-@@ -4025,7 +4147,7 @@
- while (fgets(buf, sizeof(buf), f))
- fputs(buf, stderr);
- fclose(f);
--#if defined (__bsdi__) && _BSDI_VERSION >= 199510
-+#if (defined(__FreeBSD__) && defined(HAVE_LOGIN_CAP_H)) || (defined (__bsdi__) && _BSDI_VERSION >= 199510)
- if (pw->pw_uid != UID_ROOT &&
- !login_getcapbool(lc, "ignorenologin", 0))
- exit(254);
-@@ -4084,6 +4206,7 @@
- user_shell = xstrdup(pw->pw_shell);
- remote_ip = xstrdup(get_remote_ipaddr());
- remote_port = get_remote_port();
-+ local_port = get_local_port();
-
- /* Close the connection descriptors; note that this is the child, and the
- server will still have the socket open, and it is important that we
-@@ -4103,7 +4226,6 @@
- /* Close any extra file descriptors. Note that there may still be
- descriptors left by system functions. They will be closed later. */
- endpwent();
-- endhostent();
-
- /* Set dummy encryption key to clear information about the key from
- memory. This key will never be used. */
-@@ -4360,7 +4482,7 @@
-
- /* Set SSH_CLIENT. */
- snprintf(buf, sizeof(buf),
-- "%.50s %d %d", remote_ip, remote_port, options.port);
-+ "%.50s %d %d", remote_ip, remote_port, local_port);
- child_set_env(&env, &envsize, "SSH_CLIENT", buf);
-
- /* Set SSH_TTY if we have a pty. */
-@@ -4533,7 +4655,8 @@
- int i;
- char name[255], *p;
- char line[256];
-- struct hostent *hp;
-+ struct addrinfo hints, *ai, *aitop;
-+ char ntop[ADDRSTRLEN];
-
- strncpy(name, display, sizeof(name));
- name[sizeof(name) - 1] = '\0';
-@@ -4550,7 +4673,10 @@
- /* Moved this call here to avoid a nasty buf in SunOS
- 4.1.4 libc where gethostbyname closes an unrelated
- file descriptor. */
-- hp = gethostbyname(name);
-+ memset(&hints, 0, sizeof(hints));
-+ hints.ai_family = IPv4or6;
-+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0)
-+ aitop = 0;
-
- snprintf(line, sizeof(line),
- "%.200s -q -", options.xauth_path);
-@@ -4568,21 +4694,24 @@
- cp - display, display, cp, auth_proto,
- auth_data);
- #endif
-- if (hp)
-+ if (aitop)
- {
-- for(i = 0; hp->h_addr_list[i]; i++)
-+ for (ai = aitop; ai; ai = ai->ai_next)
- {
-+ getnameinfo(ai->ai_addr, ai->ai_addrlen,
-+ ntop, sizeof(ntop), NULL, 0,
-+ NI_NUMERICHOST);
-+ if (strchr(ntop, ':'))
-+ continue; /* XXX - xauth doesn't accept it */
- if (debug_flag)
- {
- fprintf(stderr, "Running %s add %s%s %s %s\n",
- options.xauth_path,
-- inet_ntoa(*((struct in_addr *)
-- hp->h_addr_list[i])),
-+ ntop,
- cp, auth_proto, auth_data);
- }
- fprintf(f, "add %s%s %s %s\n",
-- inet_ntoa(*((struct in_addr *)
-- hp->h_addr_list[i])),
-+ ntop,
- cp, auth_proto, auth_data);
- }
- }
-@@ -4632,7 +4761,11 @@
- struct stat mailbuf;
-
- if (stat(mailbox, &mailbuf) == -1 || mailbuf.st_size == 0)
-+#ifdef __FreeBSD__
-+ ;
-+#else
- printf("No mail.\n");
-+#endif
- else if (mailbuf.st_atime > mailbuf.st_mtime)
- printf("You have mail.\n");
- else
diff --git a/security/ssh/files/patch-ag b/security/ssh/files/patch-ag
deleted file mode 100644
index 71f3b7e168f8..000000000000
--- a/security/ssh/files/patch-ag
+++ /dev/null
@@ -1,54 +0,0 @@
-*** auth-kerberos.c.orig Tue Jan 11 20:33:46 2000
---- auth-kerberos.c Tue Jan 11 20:33:38 2000
-***************
-*** 120,129 ****
---- 120,137 ----
-
- debug("Kerberos invalid service name (%.100s).", server);
- packet_send_debug("Kerberos invalid service name (%.100s).", server);
-+ #ifdef krb5_xfree
- krb5_xfree(server);
-+ #else
-+ free(server);
-+ #endif
- return 0;
- }
-+ #ifdef krb5_xfree
- krb5_xfree(server);
-+ #else
-+ free(server);
-+ #endif
-
- /* Extract the users name from the ticket client principal */
- problem = krb5_copy_principal(ssh_context, ticket->enc_part2->client,
-***************
-*** 159,165 ****
---- 167,177 ----
- packet_put_string((char *) reply.data, reply.length);
- packet_send();
- packet_write_wait();
-+ #ifdef krb5_xfree
- krb5_xfree(reply.data);
-+ #else
-+ krb5_free_data_contents(ssh_context, &reply);
-+ #endif
- return 1;
- }
- #endif /* KRB5 */
-***************
-*** 177,183 ****
- extern char *ticket;
- static krb5_principal rcache_server = 0;
- static krb5_rcache rcache;
-! struct sockaddr_in local, foreign;
- krb5_address *local_addr, *remote_addr;
- int s;
-
---- 189,195 ----
- extern char *ticket;
- static krb5_principal rcache_server = 0;
- static krb5_rcache rcache;
-! struct sockaddr_storage local, foreign;
- krb5_address *local_addr, *remote_addr;
- int s;
-
diff --git a/security/ssh/files/patch-al b/security/ssh/files/patch-al
deleted file mode 100644
index 35a191b5561a..000000000000
--- a/security/ssh/files/patch-al
+++ /dev/null
@@ -1,408 +0,0 @@
-*** sshconnect.c.orig Wed May 12 20:19:29 1999
---- sshconnect.c Thu Feb 24 22:34:47 2000
-***************
-*** 337,343 ****
-
- /* Creates a (possibly privileged) socket for use as the ssh connection. */
-
-! int ssh_create_socket(uid_t original_real_uid, int privileged)
- {
- int sock;
-
---- 337,343 ----
-
- /* Creates a (possibly privileged) socket for use as the ssh connection. */
-
-! int ssh_create_socket(uid_t original_real_uid, int privileged, int family)
- {
- int sock;
-
-***************
-*** 345,379 ****
- bind our own socket to a privileged port. */
- if (privileged)
- {
-! struct sockaddr_in sin;
- int p;
- for (p = 1023; p > 512; p--)
- {
-! sock = socket(AF_INET, SOCK_STREAM, 0);
- if (sock < 0)
-! fatal("socket: %.100s", strerror(errno));
-
-! /* Initialize the desired sockaddr_in structure. */
-! memset(&sin, 0, sizeof(sin));
-! sin.sin_family = AF_INET;
-! sin.sin_addr.s_addr = INADDR_ANY;
-! sin.sin_port = htons(p);
-
- /* Try to bind the socket to the privileged port. */
- #if defined(SOCKS)
-! if (Rbind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
- break; /* Success. */
- #else /* SOCKS */
-! if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
- break; /* Success. */
- #endif /* SOCKS */
- if (errno == EADDRINUSE)
- {
- close(sock);
- continue;
- }
-! fatal("bind: %.100s", strerror(errno));
- }
- debug("Allocated local port %d.", p);
- }
- else
---- 345,404 ----
- bind our own socket to a privileged port. */
- if (privileged)
- {
-! struct addrinfo hints, *ai = NULL;
-! int errgai;
-! char strport[PORTSTRLEN];
- int p;
-+ #if (defined(__OpenBSD__) || defined(__FreeBSD__)) && !defined(SOCKS)
-+ p = 1023; /* Compat with old FreeBSD */
-+ #if __FreeBSD__ >= 400014
-+ sock = rresvport_af(&p, family);
-+ if (sock < 0)
-+ error("rresvport_af: %.100s", strerror(errno));
-+ #else
-+ sock = rresvport(&p);
-+ if (sock < 0)
-+ error("rresvport: %.100s", strerror(errno));
-+ #endif
-+ #else
- for (p = 1023; p > 512; p--)
- {
-! sock = socket(family, SOCK_STREAM, 0);
- if (sock < 0)
-! error("socket: %.100s", strerror(errno));
-
-! /* Initialize the desired addrinfo structure. */
-! memset(&hints, 0, sizeof(hints));
-! hints.ai_family = family;
-! hints.ai_flags = AI_PASSIVE;
-! hints.ai_socktype = SOCK_STREAM;
-! sprintf(strport, "%d", p);
-! #if defined(SOCKS)
-! if ((errgai = Rgetaddrinfo(NULL, strport, &hints, &ai)) != 0)
-! fatal("getaddrinfo: %.100s", gai_strerror(errgai));
-! #else /* SOCKS */
-! if ((errgai = getaddrinfo(NULL, strport, &hints, &ai)) != 0)
-! fatal("getaddrinfo: %.100s", gai_strerror(errgai));
-! #endif /* SOCKS */
-
- /* Try to bind the socket to the privileged port. */
- #if defined(SOCKS)
-! if (Rbind(sock, ai->ai_addr, ai->ai_addrlen) >= 0)
- break; /* Success. */
- #else /* SOCKS */
-! if (bind(sock, ai->ai_addr, ai->ai_addrlen) >= 0)
- break; /* Success. */
- #endif /* SOCKS */
- if (errno == EADDRINUSE)
- {
- close(sock);
-+ freeaddrinfo(ai);
- continue;
- }
-! error("bind: %.100s", strerror(errno));
- }
-+ freeaddrinfo(ai);
-+ #endif
- debug("Allocated local port %d.", p);
- }
- else
-***************
-*** 396,409 ****
- the daemon. */
-
- int ssh_connect(const char *host, int port, int connection_attempts,
- int anonymous, uid_t original_real_uid,
- const char *proxy_command, RandomState *random_state)
- {
- int sock = -1, attempt, i;
- int on = 1;
- struct servent *sp;
-! struct hostent *hp;
-! struct sockaddr_in hostaddr;
- #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER)
- struct linger linger;
- #endif /* SO_LINGER */
---- 421,439 ----
- the daemon. */
-
- int ssh_connect(const char *host, int port, int connection_attempts,
-+ #ifdef ENABLE_ANOTHER_PORT_TRY
-+ int another_port,
-+ #endif /* ENABLE_ANOTHER_PORT_TRY */
- int anonymous, uid_t original_real_uid,
- const char *proxy_command, RandomState *random_state)
- {
- int sock = -1, attempt, i;
- int on = 1;
- struct servent *sp;
-! struct addrinfo hints, *ai, *aitop, *aitmp;
-! struct sockaddr_storage hostaddr;
-! char ntop[ADDRSTRLEN], strport[PORTSTRLEN];
-! int gaierr;
- #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER)
- struct linger linger;
- #endif /* SO_LINGER */
-***************
-*** 421,430 ****
- port = SSH_DEFAULT_PORT;
- }
-
-- /* Map localhost to ip-address locally */
-- if (strcmp(host, "localhost") == 0)
-- host = "127.0.0.1";
--
- /* If a proxy command is given, connect using it. */
- if (proxy_command != NULL && *proxy_command)
- return ssh_proxy_connect(host, port, original_real_uid, proxy_command,
---- 451,456 ----
-***************
-*** 432,440 ****
-
- /* No proxy command. */
-
-! /* No host lookup made yet. */
-! hp = NULL;
-!
- /* Try to connect several times. On some machines, the first time will
- sometimes fail. In general socket code appears to behave quite
- magically on many machines. */
---- 458,495 ----
-
- /* No proxy command. */
-
-! memset(&hints, 0, sizeof(hints));
-! hints.ai_family = IPv4or6;
-! hints.ai_socktype = SOCK_STREAM;
-! sprintf(strport, "%d", port);
-! #if defined(SOCKS)
-! if ((gaierr = Rgetaddrinfo(host, strport, &hints, &aitop)) != 0)
-! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr));
-! #else /* SOCKS */
-! if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
-! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr));
-! #endif /* SOCKS */
-!
-! #ifdef ENABLE_ANOTHER_PORT_TRY
-! if (another_port)
-! {
-! aitmp = aitop;
-! memset(&hints, 0, sizeof(hints));
-! hints.ai_family = IPv4or6;
-! hints.ai_socktype = SOCK_STREAM;
-! sprintf(strport, "%d", another_port);
-! #if defined(SOCKS)
-! if ((gaierr = Rgetaddrinfo(host, strport, &hints, &aitop)) != 0)
-! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr));
-! #else /* SOCKS */
-! if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
-! fatal("Bad host name: %.100s (%s)", host, gai_strerror(gaierr));
-! #endif /* SOCKS */
-! for (ai = aitop; ai->ai_next; ai = ai->ai_next);
-! ai->ai_next = aitmp;
-! }
-! #endif /* ENABLE_ANOTHER_PORT_TRY */
-!
- /* Try to connect several times. On some machines, the first time will
- sometimes fail. In general socket code appears to behave quite
- magically on many machines. */
-***************
-*** 443,545 ****
- if (attempt > 0)
- debug("Trying again...");
-
-- /* Try to parse the host name as a numeric inet address. */
-- memset(&hostaddr, 0, sizeof(hostaddr));
-- hostaddr.sin_family = AF_INET;
-- hostaddr.sin_port = htons(port);
-- #ifdef BROKEN_INET_ADDR
-- hostaddr.sin_addr.s_addr = inet_network(host);
-- #else /* BROKEN_INET_ADDR */
-- hostaddr.sin_addr.s_addr = inet_addr(host);
-- #endif /* BROKEN_INET_ADDR */
-- if ((hostaddr.sin_addr.s_addr & 0xffffffff) != 0xffffffff)
-- {
-- /* Create a socket. */
-- sock = ssh_create_socket(original_real_uid,
-- !anonymous && geteuid() == UID_ROOT);
--
-- /* Valid numeric IP address */
-- debug("Connecting to %.100s port %d.",
-- inet_ntoa(hostaddr.sin_addr), port);
--
-- /* Connect to the host. */
-- #if defined(SOCKS)
-- if (Rconnect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr))
-- #else /* SOCKS */
-- if (connect(sock, (struct sockaddr *)&hostaddr, sizeof(hostaddr))
-- #endif /* SOCKS */
-- >= 0)
-- {
-- /* Successful connect. */
-- break;
-- }
-- debug("connect: %.100s", strerror(errno));
--
-- /* Destroy the failed socket. */
-- shutdown(sock, 2);
-- close(sock);
-- }
-- else
-- {
-- /* Not a valid numeric inet address. */
-- /* Map host name to an address. */
-- if (!hp)
-- {
-- struct hostent *hp_static;
--
-- #if defined(SOCKS5)
-- hp_static = Rgethostbyname(host);
-- #else
-- hp_static = gethostbyname(host);
-- #endif
-- if (hp_static)
-- {
-- hp = xmalloc(sizeof(struct hostent));
-- memcpy(hp, hp_static, sizeof(struct hostent));
--
-- /* Copy list of addresses, not just pointers.
-- We don't use h_name & h_aliases so leave them as is */
-- for (i = 0; hp_static->h_addr_list[i]; i++)
-- ; /* count them */
-- hp->h_addr_list = xmalloc((i + 1) *
-- sizeof(hp_static->h_addr_list[0]));
-- for (i = 0; hp_static->h_addr_list[i]; i++)
-- {
-- hp->h_addr_list[i] = xmalloc(hp->h_length);
-- memcpy(hp->h_addr_list[i], hp_static->h_addr_list[i],
-- hp->h_length);
-- }
-- hp->h_addr_list[i] = NULL; /* last one */
-- }
-- }
-- if (!hp)
-- fatal("Bad host name: %.100s", host);
-- if (!hp->h_addr_list[0])
-- fatal("Host does not have an IP address: %.100s", host);
--
- /* Loop through addresses for this host, and try each one in
- sequence until the connection succeeds. */
-! for (i = 0; hp->h_addr_list[i]; i++)
- {
-! /* Set the address to connect to. */
-! hostaddr.sin_family = hp->h_addrtype;
-! memcpy(&hostaddr.sin_addr, hp->h_addr_list[i],
-! sizeof(hostaddr.sin_addr));
-
-! debug("Connecting to %.200s [%.100s] port %d.",
-! host, inet_ntoa(hostaddr.sin_addr), port);
-
- /* Create a socket for connecting. */
- sock = ssh_create_socket(original_real_uid,
-! !anonymous && geteuid() == UID_ROOT);
-
- /* Connect to the host. */
- #if defined(SOCKS)
-! if (Rconnect(sock, (struct sockaddr *)&hostaddr,
-! sizeof(hostaddr)) >= 0)
- #else /* SOCKS */
-! if (connect(sock, (struct sockaddr *)&hostaddr,
-! sizeof(hostaddr)) >= 0)
- #endif /* SOCKS */
- {
- /* Successful connection. */
---- 498,526 ----
- if (attempt > 0)
- debug("Trying again...");
-
- /* Loop through addresses for this host, and try each one in
- sequence until the connection succeeds. */
-! for (ai = aitop; ai; ai = ai->ai_next)
- {
-! getnameinfo(ai->ai_addr, ai->ai_addrlen,
-! ntop, sizeof(ntop), strport, sizeof(strport),
-! NI_NUMERICHOST|NI_NUMERICSERV);
-
-! debug("Connecting to %.200s [%.100s] port %s.",
-! host, ntop, strport);
-
- /* Create a socket for connecting. */
- sock = ssh_create_socket(original_real_uid,
-! !anonymous && geteuid() == UID_ROOT,
-! ai->ai_family);
-! if (sock < 0)
-! continue;
-
- /* Connect to the host. */
- #if defined(SOCKS)
-! if (Rconnect(sock, ai->ai_addr, ai->ai_addrlen) >= 0)
- #else /* SOCKS */
-! if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0)
- #endif /* SOCKS */
- {
- /* Successful connection. */
-***************
-*** 552,573 ****
- returned an error. */
- shutdown(sock, 2);
- close(sock);
-! }
-! if (hp->h_addr_list[i])
- break; /* Successful connection. */
-- }
-
- /* Sleep a moment before retrying. */
- sleep(1);
- }
-
-! if (hp)
-! {
-! for (i = 0; hp->h_addr_list[i]; i++)
-! xfree(hp->h_addr_list[i]);
-! xfree(hp->h_addr_list);
-! xfree(hp);
-! }
-
- /* Return failure if we didn't get a successful connection. */
- if (attempt >= connection_attempts)
---- 533,547 ----
- returned an error. */
- shutdown(sock, 2);
- close(sock);
-! } /* for (ai = aitop; ai; ai = ai->ai_next) */
-! if (ai)
- break; /* Successful connection. */
-
- /* Sleep a moment before retrying. */
- sleep(1);
- }
-
-! freeaddrinfo(aitop);
-
- /* Return failure if we didn't get a successful connection. */
- if (attempt >= connection_attempts)
-***************
-*** 946,952 ****
- int ap_opts, ret_stat = 0;
- krb5_keyblock *session_key = 0;
- krb5_ap_rep_enc_part *repl = 0;
-! struct sockaddr_in local, foreign;
-
- memset(&auth, 0 , sizeof(auth));
- remotehost = (char *) get_canonical_hostname();
---- 920,926 ----
- int ap_opts, ret_stat = 0;
- krb5_keyblock *session_key = 0;
- krb5_ap_rep_enc_part *repl = 0;
-! struct sockaddr_storage local, foreign;
-
- memset(&auth, 0 , sizeof(auth));
- remotehost = (char *) get_canonical_hostname();
diff --git a/security/ssh/files/patch-ao b/security/ssh/files/patch-ao
deleted file mode 100644
index 0c5f76b3ed1b..000000000000
--- a/security/ssh/files/patch-ao
+++ /dev/null
@@ -1,583 +0,0 @@
-*** newchannels.c.orig Tue Jan 11 20:38:09 2000
---- newchannels.c Tue Jan 11 20:38:02 2000
-***************
-*** 282,287 ****
---- 282,292 ----
- #endif /* NEED_SYS_SYSLOG_H */
- #endif /* LIBWRAP */
-
-+ #ifdef __FreeBSD__
-+ #include <utmp.h>
-+ #include <osreldate.h>
-+ #endif
-+
- /* Directory in which the fake unix-domain X11 displays reside. */
- #ifndef X11_DIR
- #define X11_DIR "/tmp/.X11-unix"
-***************
-*** 1405,1417 ****
- int host_port, int gatewayports)
- {
- int ch, sock;
-! struct sockaddr_in sin;
-
- if (strlen(host) > sizeof(channels[0].path) - 1)
- packet_disconnect("Forward host name too long.");
-
- /* Create a port to listen for the host. */
-! sock = socket(AF_INET, SOCK_STREAM, 0);
- if (sock < 0)
- packet_disconnect("socket: %.100s", strerror(errno));
-
---- 1410,1438 ----
- int host_port, int gatewayports)
- {
- int ch, sock;
-! struct addrinfo hints, *ai, *aitop;
-! char ntop[ADDRSTRLEN], strport[PORTSTRLEN];
-
- if (strlen(host) > sizeof(channels[0].path) - 1)
- packet_disconnect("Forward host name too long.");
-
-+ memset(&hints, 0, sizeof(hints));
-+ hints.ai_family = IPv4or6;
-+ hints.ai_flags = gatewayports ? AI_PASSIVE : 0;
-+ hints.ai_socktype = SOCK_STREAM;
-+ sprintf(strport, "%d", port);
-+ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0)
-+ packet_disconnect("getaddrinfo: fatal error");
-+
-+ for (ai = aitop; ai; ai = ai->ai_next)
-+ {
-+
-+ getnameinfo(ai->ai_addr, ai->ai_addrlen,
-+ ntop, sizeof(ntop), strport, sizeof(strport),
-+ NI_NUMERICHOST|NI_NUMERICSERV);
-+
- /* Create a port to listen for the host. */
-! sock = socket(ai->ai_family, SOCK_STREAM, 0);
- if (sock < 0)
- packet_disconnect("socket: %.100s", strerror(errno));
-
-***************
-*** 1421,1441 ****
- (void)fcntl(sock, F_SETFL, O_NDELAY);
- #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */
-
-! /* Initialize socket address. */
-! memset(&sin, 0, sizeof(sin));
-! sin.sin_family = AF_INET;
-! if (gatewayports)
-! sin.sin_addr.s_addr = INADDR_ANY;
-! else
-! #ifdef BROKEN_INET_ADDR
-! sin.sin_addr.s_addr = inet_network("127.0.0.1");
-! #else /* BROKEN_INET_ADDR */
-! sin.sin_addr.s_addr = inet_addr("127.0.0.1");
-! #endif /* BROKEN_INET_ADDR */
-! sin.sin_port = htons(port);
-!
- /* Bind the socket to the address. */
-! if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0)
- packet_disconnect("bind: %.100s", strerror(errno));
-
- /* Start listening for connections on the socket. */
---- 1442,1451 ----
- (void)fcntl(sock, F_SETFL, O_NDELAY);
- #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */
-
-! debug("Listening on %s port %s.", ntop, strport);
-!
- /* Bind the socket to the address. */
-! if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0)
- packet_disconnect("bind: %.100s", strerror(errno));
-
- /* Start listening for connections on the socket. */
-***************
-*** 1448,1453 ****
---- 1458,1466 ----
- strcpy(channels[ch].path, host); /* note: host name stored here */
- channels[ch].host_port = host_port; /* port on host to connect to */
- channels[ch].listening_port = port; /* port being listened */
-+
-+ } /* for (ai = aitop; ai; ai = ai->ai_next) */
-+ freeaddrinfo(aitop);
- }
-
- /* Initiate forwarding of connections to port "port" on remote host through
-***************
-*** 1636,1644 ****
- void channel_input_port_open(void)
- {
- int remote_channel, sock, newch, host_port, i;
-- struct sockaddr_in sin;
- char *host, *originator_string;
-! struct hostent *hp;
-
- /* Get remote channel number. */
- remote_channel = packet_get_int();
---- 1649,1658 ----
- void channel_input_port_open(void)
- {
- int remote_channel, sock, newch, host_port, i;
- char *host, *originator_string;
-! struct addrinfo hints, *ai, *aitop;
-! char ntop[ADDRSTRLEN], strport[PORTSTRLEN];
-! int gaierr;
-
- /* Get remote channel number. */
- remote_channel = packet_get_int();
-***************
-*** 1678,1713 ****
- }
- }
-
-! memset(&sin, 0, sizeof(sin));
-! #ifdef BROKEN_INET_ADDR
-! sin.sin_addr.s_addr = inet_network(host);
-! #else /* BROKEN_INET_ADDR */
-! sin.sin_addr.s_addr = inet_addr(host);
-! #endif /* BROKEN_INET_ADDR */
-! if ((sin.sin_addr.s_addr & 0xffffffff) != 0xffffffff)
-! {
-! /* It was a valid numeric host address. */
-! sin.sin_family = AF_INET;
-! }
-! else
- {
-! /* Look up the host address from the name servers. */
-! hp = gethostbyname(host);
-! if (!hp)
-! {
-! error("%.100s: unknown host.", host);
-! goto fail;
-! }
-! if (!hp->h_addr_list[0])
-! {
-! error("%.100s: host has no IP address.", host);
-! goto fail;
-! }
-! sin.sin_family = hp->h_addrtype;
-! memcpy(&sin.sin_addr, hp->h_addr_list[0],
-! sizeof(sin.sin_addr));
- }
-- sin.sin_port = htons(host_port);
-
- #ifdef F_SECURE_COMMERCIAL
-
---- 1692,1706 ----
- }
- }
-
-! memset(&hints, 0, sizeof(hints));
-! hints.ai_family = IPv4or6;
-! hints.ai_socktype = SOCK_STREAM;
-! sprintf(strport, "%d", host_port);
-! if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
- {
-! error("%.100s: unknown host (%s)", host, gai_strerror(gaierr));
-! goto fail;
- }
-
- #ifdef F_SECURE_COMMERCIAL
-
-***************
-*** 1744,1751 ****
-
- #endif /* F_SECURE_COMMERCIAL */
-
- /* Create the socket. */
-! sock = socket(sin.sin_family, SOCK_STREAM, 0);
- if (sock < 0)
- {
- error("socket: %.100s", strerror(errno));
---- 1737,1751 ----
-
- #endif /* F_SECURE_COMMERCIAL */
-
-+ for (ai = aitop; ai; ai = ai->ai_next)
-+ {
-+
-+ getnameinfo(ai->ai_addr, ai->ai_addrlen,
-+ ntop, sizeof(ntop), strport, sizeof(strport),
-+ NI_NUMERICHOST|NI_NUMERICSERV);
-+
- /* Create the socket. */
-! sock = socket(ai->ai_family, SOCK_STREAM, 0);
- if (sock < 0)
- {
- error("socket: %.100s", strerror(errno));
-***************
-*** 1753,1767 ****
- }
-
- /* Connect to the host/port. */
-! if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0)
- {
-! error("connect %.100s:%d: %.100s", host, host_port,
-! strerror(errno));
- close(sock);
- goto fail;
- }
-
- /* Successful connection. */
-
- #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN)
- (void)fcntl(sock, F_SETFL, O_NONBLOCK);
---- 1753,1777 ----
- }
-
- /* Connect to the host/port. */
-! if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0)
- {
-! debug("connect %.100s port %s: %.100s", ntop, strport, strerror(errno));
- close(sock);
-+ continue; /* fail -- try next */
-+ }
-+ break; /* success */
-+
-+ } /* for (ai = aitop; ai; ai = ai->ai_next) */
-+ freeaddrinfo(aitop);
-+
-+ if (!ai)
-+ {
-+ error("connect %.100s:%d: failed.", host, host_port);
- goto fail;
- }
-
- /* Successful connection. */
-+ debug("Connecting to %.200s [%.100s] port %s.", host, ntop, strport);
-
- #if defined(O_NONBLOCK) && !defined(O_NONBLOCK_BROKEN)
- (void)fcntl(sock, F_SETFL, O_NONBLOCK);
-***************
-*** 1803,1809 ****
- {
- extern ServerOptions options;
- int display_number, port, sock;
-! struct sockaddr_in sin;
- char buf[512];
- #ifdef HAVE_GETHOSTNAME
- char hostname[257];
---- 1813,1822 ----
- {
- extern ServerOptions options;
- int display_number, port, sock;
-! struct addrinfo hints, *ai, *aitop;
-! char strport[PORTSTRLEN];
-! #define NUM_SOCKS 10
-! int gaierr, n, nn, num_socks = 0, socks[NUM_SOCKS];
- char buf[512];
- #ifdef HAVE_GETHOSTNAME
- char hostname[257];
-***************
-*** 1817,1828 ****
- for (display_number = options.x11_display_offset; display_number < MAX_DISPLAYS; display_number++)
- {
- port = 6000 + display_number;
-! memset(&sin, 0, sizeof(sin));
-! sin.sin_family = AF_INET;
-! sin.sin_addr.s_addr = INADDR_ANY;
-! sin.sin_port = htons(port);
-
-! sock = socket(AF_INET, SOCK_STREAM, 0);
- if (sock < 0)
- {
- error("socket: %.100s", strerror(errno));
---- 1830,1850 ----
- for (display_number = options.x11_display_offset; display_number < MAX_DISPLAYS; display_number++)
- {
- port = 6000 + display_number;
-! memset(&hints, 0, sizeof(hints));
-! hints.ai_family = IPv4or6;
-! hints.ai_flags = AI_PASSIVE;
-! hints.ai_socktype = SOCK_STREAM;
-! sprintf(strport, "%d", port);
-! if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0)
-! {
-! error("getaddrinfo: %.100s", gai_strerror(gaierr));
-! return NULL;
-! }
-!
-! for (ai = aitop; ai; ai = ai->ai_next)
-! {
-
-! sock = socket(ai->ai_family, SOCK_STREAM, 0);
- if (sock < 0)
- {
- error("socket: %.100s", strerror(errno));
-***************
-*** 1835,1847 ****
- (void)fcntl(sock, F_SETFL, O_NDELAY);
- #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */
-
-! if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0)
- {
- debug("bind port %d: %.100s", port, strerror(errno));
- shutdown(sock, 2);
- close(sock);
-! continue;
- }
- break;
- }
- if (display_number >= MAX_DISPLAYS)
---- 1857,1882 ----
- (void)fcntl(sock, F_SETFL, O_NDELAY);
- #endif /* O_NONBLOCK && !O_NONBLOCK_BROKEN */
-
-! if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0)
- {
- debug("bind port %d: %.100s", port, strerror(errno));
- shutdown(sock, 2);
- close(sock);
-! for (n = 0; n < num_socks; n++)
-! {
-! shutdown(socks[n], 2);
-! close(socks[n]);
-! }
-! num_socks = 0;
-! break;
- }
-+
-+ socks[num_socks++] = sock;
-+ if (num_socks == NUM_SOCKS)
-+ break;
-+ } /* for (ai = aitop; ai; ai = ai->ai_next) */
-+
-+ if (num_socks > 0)
- break;
- }
- if (display_number >= MAX_DISPLAYS)
-***************
-*** 1851,1863 ****
---- 1886,1907 ----
- }
-
- /* Start listening for connections on the socket. */
-+ for (n = 0; n < num_socks; n++)
-+ {
-+ sock = socks[n];
- if (listen(sock, 5) < 0)
- {
- error("listen: %.100s", strerror(errno));
- shutdown(sock, 2);
- close(sock);
-+ for (nn = 0; nn < n; nn++)
-+ {
-+ shutdown(socks[nn], 2);
-+ close(socks[nn]);
-+ }
- return NULL;
- }
-+ } /* for (n = 0; n < num_socks; n++) */
-
- /* Set up a suitable value for the DISPLAY variable. */
- #ifdef NONSTANDARD_IP_ADDRESS_X11_KLUDGE
-***************
-*** 1868,1877 ****
- if (gethostname(hostname, sizeof(hostname)) < 0)
- fatal("gethostname: %.100s", strerror(errno));
- {
-! struct hostent *hp;
-! struct in_addr addr;
-! hp = gethostbyname(hostname);
-! if (hp == NULL || !hp->h_addr_list[0])
- {
- error("Could not get server IP address for %.200s.", hostname);
- packet_send_debug("Could not get server IP address for %.200s.",
---- 1912,1922 ----
- if (gethostname(hostname, sizeof(hostname)) < 0)
- fatal("gethostname: %.100s", strerror(errno));
- {
-! struct addrinfo hints, *ai;
-! char ntop[ADDRSTRLEN];
-! memset(&hints, 0, sizeof(hints));
-! hints.ai_family = IPv4or6;
-! if (getaddrinfo(hostname, NULL, &hints, &ai) != 0 || !ai)
- {
- error("Could not get server IP address for %.200s.", hostname);
- packet_send_debug("Could not get server IP address for %.200s.",
-***************
-*** 1880,1888 ****
- close(sock);
- return NULL;
- }
-! memcpy(&addr, hp->h_addr_list[0], sizeof(addr));
- snprintf(buf, sizeof(buf),
-! "%.100s:%d.%d", inet_ntoa(addr), display_number,
- screen_number);
- }
- #else /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */
---- 1925,1934 ----
- close(sock);
- return NULL;
- }
-! getnameinfo(ai->ai_addr, ai->ai_addrlen,
-! ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST);
- snprintf(buf, sizeof(buf),
-! "%.100s:%d.%d", ntop, display_number,
- screen_number);
- }
- #else /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */
-***************
-*** 1891,1896 ****
---- 1937,1945 ----
- fatal("gethostname: %.100s", strerror(errno));
- snprintf(buf, sizeof(buf),
- "%.400s:%d.%d", hostname, display_number, screen_number);
-+ #if __FreeBSD_version >= 320000
-+ trimdomain(buf, UT_HOSTSIZE);
-+ #endif
- #else /* HAVE_GETHOSTNAME */
- if (uname(&uts) < 0)
- fatal("uname: %.100s", strerror(errno));
-***************
-*** 1900,1907 ****
---- 1949,1960 ----
- #endif /* NONSTANDARD_IP_ADDRESS_X11_KLUDGE */
-
- /* Allocate a channel for the socket. */
-+ for (n = 0; n < num_socks; n++)
-+ {
-+ sock = socks[n];
- (void)channel_allocate(SSH_CHANNEL_X11_LISTENER, sock,
- xstrdup("X11 inet listener"));
-+ } /* for (n = 0; n < num_socks; n++) */
-
- /* Return a suitable value for the DISPLAY environment variable. */
- return xstrdup(buf);
-***************
-*** 1916,1924 ****
- int remote_channel, display_number, sock, newch;
- const char *display;
- struct sockaddr_un ssun;
-- struct sockaddr_in sin;
- char buf[255], *cp, *remote_host;
-! struct hostent *hp;
-
- /* Get remote channel number. */
- remote_channel = packet_get_int();
---- 1969,1978 ----
- int remote_channel, display_number, sock, newch;
- const char *display;
- struct sockaddr_un ssun;
- char buf[255], *cp, *remote_host;
-! struct addrinfo hints, *ai, *aitop;
-! char strport[PORTSTRLEN];
-! int gaierr;
-
- /* Get remote channel number. */
- remote_channel = packet_get_int();
-***************
-*** 2058,2110 ****
- goto fail;
- }
-
-! /* Try to parse the host name as a numeric IP address. */
-! memset(&sin, 0, sizeof(sin));
-! #ifdef BROKEN_INET_ADDR
-! sin.sin_addr.s_addr = inet_network(buf);
-! #else /* BROKEN_INET_ADDR */
-! sin.sin_addr.s_addr = inet_addr(buf);
-! #endif /* BROKEN_INET_ADDR */
-! if ((sin.sin_addr.s_addr & 0xffffffff) != 0xffffffff)
- {
-! /* It was a valid numeric host address. */
-! sin.sin_family = AF_INET;
- }
-! else
- {
-- /* Not a numeric IP address. */
-- /* Look up the host address from the name servers. */
-- hp = gethostbyname(buf);
-- if (!hp)
-- {
-- error("%.100s: unknown host.", buf);
-- goto fail;
-- }
-- if (!hp->h_addr_list[0])
-- {
-- error("%.100s: host has no IP address.", buf);
-- goto fail;
-- }
-- sin.sin_family = hp->h_addrtype;
-- memcpy(&sin.sin_addr, hp->h_addr_list[0],
-- sizeof(sin.sin_addr));
-- }
-- /* Set port number. */
-- sin.sin_port = htons(6000 + display_number);
-
- /* Create a socket. */
-! sock = socket(sin.sin_family, SOCK_STREAM, 0);
- if (sock < 0)
- {
-! error("socket: %.100s", strerror(errno));
-! goto fail;
- }
- /* Connect it to the display. */
-! if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0)
- {
-! error("connect %.100s:%d: %.100s", buf, 6000 + display_number,
- strerror(errno));
- close(sock);
- goto fail;
- }
-
---- 2112,2155 ----
- goto fail;
- }
-
-! /* Look up the host address */
-! memset(&hints, 0, sizeof(hints));
-! hints.ai_family = IPv4or6;
-! hints.ai_socktype = SOCK_STREAM;
-! sprintf(strport, "%d", 6000 + display_number);
-! if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0)
- {
-! error("%.100s: unknown host. (%s)", buf, gai_strerror(gaierr));
-! goto fail;
- }
-!
-! for (ai = aitop; ai; ai = ai->ai_next)
- {
-
- /* Create a socket. */
-! sock = socket(ai->ai_family, SOCK_STREAM, 0);
- if (sock < 0)
- {
-! debug("socket: %.100s", strerror(errno));
-! continue;
- }
- /* Connect it to the display. */
-! if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0)
- {
-! debug("connect %.100s:%d: %.100s", buf, 6000 + display_number,
- strerror(errno));
- close(sock);
-+ continue;
-+ }
-+ /* Success */
-+ break;
-+
-+ } /* (ai = aitop, ai; ai = ai->ai_next) */
-+ freeaddrinfo(aitop);
-+ if (!ai)
-+ {
-+ error("connect %.100s:%d: %.100s", buf, 6000 + display_number,
-+ strerror(errno));
- goto fail;
- }
-
-***************
-*** 2412,2417 ****
---- 2457,2466 ----
- ssh-agent connections on your system */
- old_umask = umask(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
-
-+ /* Make sure the socket doesn't already exist, left over from a system
-+ crash perhaps. */
-+ unlink(channel_forwarded_auth_socket_name);
-+
- if (bind(sock, (struct sockaddr *)&sunaddr, AF_UNIX_SIZE(sunaddr)) < 0)
- packet_disconnect("Agent socket bind failed: %.100s", strerror(errno));
-
diff --git a/security/ssh/files/patch-aw b/security/ssh/files/patch-aw
deleted file mode 100644
index 697f32393bf6..000000000000
--- a/security/ssh/files/patch-aw
+++ /dev/null
@@ -1,73 +0,0 @@
-*** login.c.orig Tue Jan 11 20:36:37 2000
---- login.c Tue Jan 11 20:36:34 2000
-***************
-*** 117,122 ****
---- 117,125 ----
- #include <hpsecurity.h>
- #include <prot.h>
- #endif /* HAVE_HPUX_TCB_AUTH */
-+ #ifdef __FreeBSD__
-+ #include <osreldate.h>
-+ #endif
- #include "ssh.h"
-
- /* Returns the time when the user last logged in. Returns 0 if the
-***************
-*** 255,261 ****
- were more standardized. */
-
- void record_login(int pid, const char *ttyname, const char *user, uid_t uid,
-! const char *host, struct sockaddr_in *addr)
- {
- int fd;
-
---- 258,264 ----
- were more standardized. */
-
- void record_login(int pid, const char *ttyname, const char *user, uid_t uid,
-! const char *host, struct sockaddr *addr)
- {
- int fd;
-
-***************
-*** 301,317 ****
- strncpy(u.ut_user, user, sizeof(u.ut_user));
- #endif /* HAVE_NAME_IN_UTMP */
- #ifdef HAVE_HOST_IN_UTMP
-- strncpy(u.ut_host, host, sizeof(u.ut_host));
- #ifdef __FreeBSD__
- if (strlen(host) > sizeof(u.ut_host)) {
- strncpy(u.ut_host, get_remote_ipaddr(), sizeof(u.ut_host));
-! }
- #endif /* __FreeBSD__ */
- #endif /* HAVE_HOST_IN_UTMP */
- #ifdef HAVE_ADDR_IN_UTMP
- if (addr)
- memcpy(&u.ut_addr, &addr->sin_addr, sizeof(u.ut_addr));
- else
- memset(&u.ut_addr, 0, sizeof(u.ut_addr));
- #endif
-
---- 304,325 ----
- strncpy(u.ut_user, user, sizeof(u.ut_user));
- #endif /* HAVE_NAME_IN_UTMP */
- #ifdef HAVE_HOST_IN_UTMP
- #ifdef __FreeBSD__
-+ #if __FreeBSD_version >= 320000
-+ trimdomain(host, sizeof u.ut_host);
-+ #endif
- if (strlen(host) > sizeof(u.ut_host)) {
- strncpy(u.ut_host, get_remote_ipaddr(), sizeof(u.ut_host));
-! } else
- #endif /* __FreeBSD__ */
-+ strncpy(u.ut_host, host, sizeof(u.ut_host));
- #endif /* HAVE_HOST_IN_UTMP */
- #ifdef HAVE_ADDR_IN_UTMP
-+ #if 0 /* XXX */
- if (addr)
- memcpy(&u.ut_addr, &addr->sin_addr, sizeof(u.ut_addr));
- else
-+ #endif /* XXX */
- memset(&u.ut_addr, 0, sizeof(u.ut_addr));
- #endif
-
diff --git a/security/ssh/files/patch-ba b/security/ssh/files/patch-ba
deleted file mode 100644
index 69ad90067e8c..000000000000
--- a/security/ssh/files/patch-ba
+++ /dev/null
@@ -1,176 +0,0 @@
-*** README-IPv6.orig Mon Jan 10 22:56:13 2000
---- README-IPv6 Mon Jan 10 22:56:13 2000
-***************
-*** 0 ****
---- 1,171 ----
-+ ssh-1.2.27-IPv6 version 1.5 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
-+
-+ * ssh-1.2.27-IPv6 can handle both IPv4 and IPv6.
-+
-+ To enable sshd/ssh to handle both IPv4 and IPv6,
-+
-+ ./configure --enable-ipv6
-+
-+ Otherwise sshd/ssh handle IPv4 only as same as original ssh.
-+
-+ * You can have multiple ListenAddress lines in /etc/sshd_config.
-+ It means that sshd can listen multiple addresses.
-+
-+ Example1: sshd will bind on these four adresses.
-+
-+ ListenAddress 202.249.17.50
-+ ListenAddress 202.249.17.137
-+ ListenAddress 3ffe:501:c0b::1
-+ ListenAddress 3ffe:501:c0b:20:2a0:c9ff:fe3e:f5fc
-+
-+ Example2: as same as example1.
-+ (Because bertemu.rcac.tdi.co.jp has these four addresses.)
-+
-+ ListenAddress bertemu.rcac.tdi.co.jp
-+
-+ Example3: sshd will bind on any address both IPv4 and IPv6.
-+
-+ ListenAddress ::
-+ ListenAddress 0.0.0.0
-+
-+ Example4: as same as example3.
-+
-+ No ListenAddress line in /etc/sshd_config.
-+
-+ * You don't mind whether the host has IPv4 or IPv6 address.
-+ You can also specify using only IPv4 (or only IPv6).
-+
-+ Example1: ssh will try all IPv4 and IPv6 addresses that the host has.
-+
-+ ssh host
-+
-+ Example2: ssh will try all IPv4 addresses that the host has.
-+
-+ ssh -4 host
-+
-+ Example3: ssh will try all IPv6 addresses that the host has.
-+
-+ ssh -6 host
-+
-+ * You can have multiple Port lines in /etc/sshd_config and -p options.
-+ It means that sshd can listen multiple ports, not only port 22.
-+
-+ For example, you run sshd that listens port 22 and port 722,
-+ and you can use port 22 for slogin and port 722 for scp.
-+ It's useful if you have preference for interactive traffic in the router.
-+
-+ You can have "AnotherPort 722" line in /etc/ssh_config or your
-+ config file (maybe ~/.ssh/config). In this case, ssh with -A option
-+ try to connect to port 722 at first, and try to connect to original
-+ port (maybe port 22) if port 722 fails. scp executes ssh with -A option.
-+
-+ * IPv6 supported platform
-+
-+ IPv6 feature is available on follwing platforms now.
-+
-+ kame -- http://www.kame.net/ (used to be called Hydrangea)
-+ v6d -- http://onoe2.sm.sony.co.jp/ipv6/ (IPv6 daemon)
-+
-+ On the other environments you can compile and run ssh-1.2.27-IPv6 if
-+ you have a good getaddrinfo() in your library.
-+
-+ * How to get ssh-1.2.27-IPv6
-+
-+ You can get tar.gz or patch to ssh-1.2.27.tar.gz:
-+
-+ ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ssh-1.2.27-IPv6-1.5.tar.gz
-+ ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ssh-1.2.27-IPv6-1.5-patch.gz
-+
-+ * How to install ssh-1.2.27-IPv6
-+
-+ Apply ssh-1.2.27-IPv6-1.5-patch to ssh-1.2.27.tar.gz (or use
-+ ssh-1.2.27-IPv6-1.5.tar.gz) and then see INSTALL file of ssh-1.2.27.
-+
-+ If you want to enable ssh to handle IPv6, for example,
-+
-+ % ./configure --enable-ipv6
-+ % make
-+ % make install
-+
-+ and you will be able to enjoy ssh handling both IPv6 and IPv4.
-+
-+ * Change Log
-+
-+ v1.5 1999-05-15 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
-+
-+ * for ssh-1.2.27
-+ * supported scp with bracketed ipv6 ip address
-+ * used struct sockaddr_storage instead of union sockunion
-+
-+ v1.4 1998-08-21 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
-+
-+ * fixed ipv6 address checking bug at match_host() in match.c
-+ * cleanup comparing ip address at get_remote_hostname() in canohost.c
-+
-+ v1.3 1998-08-14 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
-+
-+ * fixed ipv6 address checking bug at match_host() in match.c
-+ pointed out by Kenji Rikitake <kenji@k2r.org>
-+
-+ v1.2.2 1998-08-07 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
-+
-+ * fixed IPv6 enable checking bug in configure.in
-+
-+ v1.2.1 1998-08-05 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
-+
-+ * fixed AuthLog enable handling bug
-+
-+ v1.2 1998-08-01 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
-+
-+ * for ssh-1.2.26
-+
-+ v1.1.5 1998-06-13 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
-+
-+ * supported AuthLog (logging authenticated info) in /etc/sshd_config
-+
-+ v1.1.4 1998-06-11 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
-+
-+ * supported multiple Port lines in /etc/sshd_config
-+ * supported AnotherPort line in /etc/ssh_config
-+ * supported -A option of ssh for another port try
-+
-+ v1.1.3 1998-06-01 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
-+
-+ * X11 connection forwarding IPv6 support
-+ * removeed all hostent and sockaddr_in from *.c
-+
-+ v1.1.2 1998-05-31 Jun-ichiro itojun Itoh <itojun@itojun.org>
-+
-+ * configuration support for v6d.
-+
-+ v1.1.1 1998-05-31 Jun-ichiro itojun Itoh <itojun@itojun.org>
-+
-+ * add getaddinfo.c, getnameinfo.c and gai.h (delete fakelibinet6.c)
-+ * configure checks whether getaddrinfo exists or not.
-+
-+ v1.1 1998-05-31 KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
-+
-+ * add fakelibinet6.c (including getaddrinfo and getnameinfo)
-+ * compilation support on non-IPv6 environment.
-+ * fixed port forwarding bug
-+
-+ v1.0.1 1998-05-30 Jun-ichiro itojun Itoh <itojun@itojun.org>
-+
-+ * add ENABLE_IPV6 flag.
-+ * configuration support --enable-ipv6 for IPv6 platforms.
-+
-+ v1.0 1998-05-30 created by KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
-+
-+ * first release
-+ * IPv6 support except X11 connection forwarding
-+
-+ * Guideline for making this patch
-+
-+ * protocol family independent (using AF_UNSPEC)
-+ * use getaddrinfo and getnameinfo (see RFC2133)
-+ * don't use sockaddr_in and AF_INET (but option -4 uses AF_INET)
-+ * don't use sockaddr_in6 and AF_INET6 (but option -6 uses AF_INET6)
-+ * don't use gethostbyname, gethostbyaddr and hostent
-+ * listen to all addresses for all available protocol family
-+ * try to connect to all addresses for all available protocol family
-+
diff --git a/security/ssh/files/patch-bb b/security/ssh/files/patch-bb
deleted file mode 100644
index 945e1fd83b2e..000000000000
--- a/security/ssh/files/patch-bb
+++ /dev/null
@@ -1,29 +0,0 @@
-*** acconfig.h.orig Wed May 12 13:19:23 1999
---- acconfig.h Mon Jan 10 22:56:13 2000
-***************
-*** 274,279 ****
---- 274,297 ----
- /etc/nologin.allow. */
- #undef NOLOGIN_ALLOW
-
-+ /* Define this if you have struct sockaddr_storage. */
-+ #undef HAVE_SOCKADDR_STORAGE
-+
-+ /* Define this if you have __sa_family in struct sockaddr_storage. */
-+ #undef HAVE_NEW_SS_FAMILY
-+
-+ /* Define this if you have ss_len in struct sockaddr. */
-+ #undef HAVE_SOCKADDR_LEN
-+
-+ /* Define this if you want to enable IPv6 support. */
-+ #undef ENABLE_IPV6
-+
-+ /* Define this if you want to enable another port try support. */
-+ #undef ENABLE_ANOTHER_PORT_TRY
-+
-+ /* Define this if you want to enable logging auth info support. */
-+ #undef ENABLE_LOG_AUTH
-+
- /* Where to find the X11 socket */
- #undef X11_DIR
-
diff --git a/security/ssh/files/patch-bc b/security/ssh/files/patch-bc
deleted file mode 100644
index 63b079f2e35c..000000000000
--- a/security/ssh/files/patch-bc
+++ /dev/null
@@ -1,401 +0,0 @@
-*** canohost.c.orig Wed May 12 13:19:24 1999
---- canohost.c Mon Jan 10 22:56:13 2000
-***************
-*** 59,68 ****
-
- char *get_remote_hostname(int socket)
- {
-! struct sockaddr_in from;
- int fromlen, i;
-! struct hostent *hp;
- char name[255];
-
- /* Get IP address of client. */
- fromlen = sizeof(from);
---- 59,69 ----
-
- char *get_remote_hostname(int socket)
- {
-! struct sockaddr_storage from;
- int fromlen, i;
-! struct addrinfo hints, *ai, *aitop;
- char name[255];
-+ char ntop[ADDRSTRLEN], ntop2[ADDRSTRLEN];
-
- /* Get IP address of client. */
- fromlen = sizeof(from);
-***************
-*** 73,86 ****
- strcpy(name, "UNKNOWN");
- goto check_ip_options;
- }
-
- /* Map the IP address to a host name. */
-! hp = gethostbyaddr((char *)&from.sin_addr, sizeof(struct in_addr),
-! from.sin_family);
-! if (hp)
- {
- /* Got host name. */
-- strncpy(name, hp->h_name, sizeof(name));
- name[sizeof(name) - 1] = '\0';
-
- /* Convert it to all lowercase (which is expected by the rest of this
---- 74,89 ----
- strcpy(name, "UNKNOWN");
- goto check_ip_options;
- }
-+
-+ getnameinfo((struct sockaddr *)&from, fromlen,
-+ ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST);
-
- /* Map the IP address to a host name. */
-! if (getnameinfo((struct sockaddr *)&from, fromlen,
-! name, sizeof(name),
-! NULL, 0, NI_NAMEREQD) == 0)
- {
- /* Got host name. */
- name[sizeof(name) - 1] = '\0';
-
- /* Convert it to all lowercase (which is expected by the rest of this
-***************
-*** 95,119 ****
- Mapping from name to IP address can be trusted better (but can still
- be fooled if the intruder has access to the name server of the
- domain). */
-! hp = gethostbyname(name);
-! if (!hp)
- {
- log_msg("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name);
-! strcpy(name, inet_ntoa(from.sin_addr));
- goto check_ip_options;
- }
- /* Look for the address from the list of addresses. */
-! for (i = 0; hp->h_addr_list[i]; i++)
-! if (memcmp(hp->h_addr_list[i], &from.sin_addr, sizeof(from.sin_addr))
-! == 0)
-! break;
- /* If we reached the end of the list, the address was not there. */
-! if (!hp->h_addr_list[i])
- {
- /* Address not found for the host name. */
- log_msg("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!",
-! inet_ntoa(from.sin_addr), name);
-! strcpy(name, inet_ntoa(from.sin_addr));
- goto check_ip_options;
- }
- /* Address was found for the host name. We accept the host name. */
---- 98,127 ----
- Mapping from name to IP address can be trusted better (but can still
- be fooled if the intruder has access to the name server of the
- domain). */
-! memset(&hints, 0, sizeof(hints));
-! hints.ai_family = from.__ss_family;
-! if (getaddrinfo(name, NULL, &hints, &aitop) != 0)
- {
- log_msg("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name);
-! strcpy(name, ntop);
- goto check_ip_options;
- }
- /* Look for the address from the list of addresses. */
-! for (ai = aitop; ai; ai = ai->ai_next)
-! {
-! getnameinfo(ai->ai_addr, ai->ai_addrlen,
-! ntop2, sizeof(ntop2), NULL, 0, NI_NUMERICHOST);
-! if (strcmp(ntop, ntop2) == 0)
-! break;
-! }
-! freeaddrinfo(aitop);
- /* If we reached the end of the list, the address was not there. */
-! if (!ai)
- {
- /* Address not found for the host name. */
- log_msg("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!",
-! ntop, name);
-! strcpy(name, ntop);
- goto check_ip_options;
- }
- /* Address was found for the host name. We accept the host name. */
-***************
-*** 121,127 ****
- else
- {
- /* Host name not found. Use ascii representation of the address. */
-! strcpy(name, inet_ntoa(from.sin_addr));
- log_msg("Could not reverse map address %.100s.", name);
- }
-
---- 129,135 ----
- else
- {
- /* Host name not found. Use ascii representation of the address. */
-! strcpy(name, ntop);
- log_msg("Could not reverse map address %.100s.", name);
- }
-
-***************
-*** 136,141 ****
---- 144,150 ----
- Notice also that if we just dropped source routing here, the other
- side could use IP spoofing to do rest of the interaction and could still
- bypass security. So we exit here if we detect any IP options. */
-+ if (from.__ss_family == AF_INET) /* IP options -- IPv4 only */
- {
- unsigned char options[200], *ucp;
- char text[1024], *cp;
-***************
-*** 157,165 ****
- for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3)
- sprintf(cp, " %2.2x", *ucp);
- log_msg("Connection from %.100s with IP options:%.800s",
-! inet_ntoa(from.sin_addr), text);
- packet_disconnect("Connection from %.100s with IP options:%.800s",
-! inet_ntoa(from.sin_addr), text);
- }
- }
- #endif
---- 166,174 ----
- for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3)
- sprintf(cp, " %2.2x", *ucp);
- log_msg("Connection from %.100s with IP options:%.800s",
-! ntop, text);
- packet_disconnect("Connection from %.100s with IP options:%.800s",
-! ntop, text);
- }
- }
- #endif
-***************
-*** 177,183 ****
- const char *get_canonical_hostname(void)
- {
- int fromlen, tolen;
-! struct sockaddr_in from, to;
-
- /* Check if we have previously retrieved this same name. */
- if (canonical_host_name != NULL)
---- 186,192 ----
- const char *get_canonical_hostname(void)
- {
- int fromlen, tolen;
-! struct sockaddr_storage from, to;
-
- /* Check if we have previously retrieved this same name. */
- if (canonical_host_name != NULL)
-***************
-*** 200,207 ****
- &tolen) < 0)
- goto no_ip_addr;
-
-! if (from.sin_family == AF_INET && to.sin_family == AF_INET &&
-! memcmp(&from, &to, sizeof(from)) == 0)
- goto return_ip_addr;
-
- no_ip_addr:
---- 209,215 ----
- &tolen) < 0)
- goto no_ip_addr;
-
-! if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0)
- goto return_ip_addr;
-
- no_ip_addr:
-***************
-*** 221,228 ****
-
- const char *get_remote_ipaddr(void)
- {
-! struct sockaddr_in from, to;
- int fromlen, tolen, socket;
-
- /* Check if we have previously retrieved this same name. */
- if (canonical_host_ip != NULL)
---- 229,237 ----
-
- const char *get_remote_ipaddr(void)
- {
-! struct sockaddr_storage from, to;
- int fromlen, tolen, socket;
-+ char ntop[ADDRSTRLEN];
-
- /* Check if we have previously retrieved this same name. */
- if (canonical_host_ip != NULL)
-***************
-*** 245,252 ****
- &tolen) < 0)
- goto no_ip_addr;
-
-! if (from.sin_family == AF_INET && to.sin_family == AF_INET &&
-! memcmp(&from, &to, sizeof(from)) == 0)
- goto return_ip_addr;
-
- no_ip_addr:
---- 254,260 ----
- &tolen) < 0)
- goto no_ip_addr;
-
-! if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0)
- goto return_ip_addr;
-
- no_ip_addr:
-***************
-*** 269,275 ****
- }
-
- /* Get the IP address in ascii. */
-! canonical_host_ip = xstrdup(inet_ntoa(from.sin_addr));
-
- /* Return ip address string. */
- return canonical_host_ip;
---- 277,285 ----
- }
-
- /* Get the IP address in ascii. */
-! getnameinfo((struct sockaddr *)&from, fromlen,
-! ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST);
-! canonical_host_ip = xstrdup(ntop);
-
- /* Return ip address string. */
- return canonical_host_ip;
-***************
-*** 279,286 ****
-
- int get_peer_port(int sock)
- {
-! struct sockaddr_in from;
- int fromlen;
-
- /* Get IP address of client. */
- fromlen = sizeof(from);
---- 289,297 ----
-
- int get_peer_port(int sock)
- {
-! struct sockaddr_storage from;
- int fromlen;
-+ char strport[PORTSTRLEN];
-
- /* Get IP address of client. */
- fromlen = sizeof(from);
-***************
-*** 292,298 ****
- }
-
- /* Return port number. */
-! return ntohs(from.sin_port);
- }
-
- /* Returns the port number of the remote host. */
---- 303,311 ----
- }
-
- /* Return port number. */
-! getnameinfo((struct sockaddr *)&from, fromlen,
-! NULL, 0, strport, sizeof(strport), NI_NUMERICSERV);
-! return atoi(strport);
- }
-
- /* Returns the port number of the remote host. */
-***************
-*** 301,307 ****
- {
- int socket;
- int fromlen, tolen;
-! struct sockaddr_in from, to;
-
- /* If two different descriptors, check if they are internet-domain, and
- have the same address. */
---- 314,320 ----
- {
- int socket;
- int fromlen, tolen;
-! struct sockaddr_storage from, to;
-
- /* If two different descriptors, check if they are internet-domain, and
- have the same address. */
-***************
-*** 319,326 ****
- &tolen) < 0)
- goto no_ip_addr;
-
-! if (from.sin_family == AF_INET && to.sin_family == AF_INET &&
-! memcmp(&from, &to, sizeof(from)) == 0)
- goto return_port;
-
- no_ip_addr:
---- 332,338 ----
- &tolen) < 0)
- goto no_ip_addr;
-
-! if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0)
- goto return_port;
-
- no_ip_addr:
-***************
-*** 335,337 ****
---- 347,413 ----
- /* Get and return the peer port number. */
- return get_peer_port(socket);
- }
-+
-+ /* Returns the port of the local of the socket. */
-+
-+ int get_sock_port(int sock)
-+ {
-+ struct sockaddr_storage from;
-+ int fromlen;
-+ char strport[PORTSTRLEN];
-+
-+ /* Get IP address of client. */
-+ fromlen = sizeof(from);
-+ memset(&from, 0, sizeof(from));
-+ if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0)
-+ {
-+ error("getsockname failed: %.100s", strerror(errno));
-+ return 0;
-+ }
-+
-+ /* Return port number. */
-+ getnameinfo((struct sockaddr *)&from, fromlen,
-+ NULL, 0, strport, sizeof(strport), NI_NUMERICSERV);
-+ return atoi(strport);
-+ }
-+
-+ /* Returns the port number of the local host. */
-+
-+ int get_local_port()
-+ {
-+ int socket;
-+ int fromlen, tolen;
-+ struct sockaddr_storage from, to;
-+
-+ /* If two different descriptors, check if they are internet-domain, and
-+ have the same address. */
-+ if (packet_get_connection_in() != packet_get_connection_out())
-+ {
-+ fromlen = sizeof(from);
-+ memset(&from, 0, sizeof(from));
-+ if (getsockname(packet_get_connection_in(), (struct sockaddr *)&from,
-+ &fromlen) < 0)
-+ goto no_ip_addr;
-+
-+ tolen = sizeof(to);
-+ memset(&to, 0, sizeof(to));
-+ if (getsockname(packet_get_connection_out(), (struct sockaddr *)&to,
-+ &tolen) < 0)
-+ goto no_ip_addr;
-+
-+ if (fromlen == tolen && memcmp(&from, &to, fromlen) == 0)
-+ goto return_port;
-+
-+ no_ip_addr:
-+ return 65535;
-+ }
-+
-+ return_port:
-+
-+ /* Get client socket. */
-+ socket = packet_get_connection_in();
-+
-+ /* Get and return the local port number. */
-+ return get_sock_port(socket);
-+ }
-+
diff --git a/security/ssh/files/patch-bd b/security/ssh/files/patch-bd
deleted file mode 100644
index 7cb3c119c216..000000000000
--- a/security/ssh/files/patch-bd
+++ /dev/null
@@ -1,60 +0,0 @@
-*** config.h.in.orig Wed May 12 13:20:04 1999
---- config.h.in Thu Feb 24 17:12:10 2000
-***************
-*** 285,290 ****
---- 285,292 ----
- #undef Rdup2
- #undef Rfclose
- #undef Rgethostbyname
-+ #undef Rgetaddrinfo
-+
-
- /* Set this to allow group writeability of $HOME, .ssh and authorized_keys */
- #undef ALLOW_GROUP_WRITEABILITY
-***************
-*** 323,328 ****
---- 325,348 ----
- /etc/nologin.allow. */
- #undef NOLOGIN_ALLOW
-
-+ /* Define this if you have struct sockaddr_storage. */
-+ #undef HAVE_SOCKADDR_STORAGE
-+
-+ /* Define this if you have __sa_family in struct sockaddr_storage. */
-+ #undef HAVE_NEW_SS_FAMILY
-+
-+ /* Define this if you have ss_len in struct sockaddr. */
-+ #undef HAVE_SOCKADDR_LEN
-+
-+ /* Define this if you want to enable IPv6 support. */
-+ #undef ENABLE_IPV6
-+
-+ /* Define this if you want to enable another port try support. */
-+ #undef ENABLE_ANOTHER_PORT_TRY
-+
-+ /* Define this if you want to enable logging auth info support. */
-+ #undef ENABLE_LOG_AUTH
-+
- /* Where to find the X11 socket */
- #undef X11_DIR
-
-***************
-*** 375,385 ****
---- 395,411 ----
- /* Define if you have the ftruncate function. */
- #undef HAVE_FTRUNCATE
-
-+ /* Define if you have the getaddrinfo function. */
-+ #undef HAVE_GETADDRINFO
-+
- /* Define if you have the getdtablesize function. */
- #undef HAVE_GETDTABLESIZE
-
- /* Define if you have the gethostname function. */
- #undef HAVE_GETHOSTNAME
-+
-+ /* Define if you have the getnameinfo function. */
-+ #undef HAVE_GETNAMEINFO
-
- /* Define if you have the getpseudotty function. */
- #undef HAVE_GETPSEUDOTTY
diff --git a/security/ssh/files/patch-be b/security/ssh/files/patch-be
deleted file mode 100644
index 553d8e6447f2..000000000000
--- a/security/ssh/files/patch-be
+++ /dev/null
@@ -1,370 +0,0 @@
---- configure.in.orig Thu Jan 17 08:36:05 2002
-+++ configure.in Wed Jan 8 18:24:51 2003
-@@ -30,8 +30,140 @@
- fi
-
- AC_PROG_CC
-+AC_PROG_CPP
- AC_ISC_POSIX
-
-+AC_MSG_CHECKING([whether to enable ipv6])
-+AC_ARG_ENABLE(ipv6,
-+[ --enable-ipv6 Enable ipv6 (with ipv4) support
-+ --disable-ipv6 Disable ipv6 support],
-+[ case "$enableval" in
-+ no)
-+ AC_MSG_RESULT(no)
-+ ipv6=no
-+ ;;
-+ *) AC_MSG_RESULT(yes)
-+ AC_DEFINE(ENABLE_IPV6)
-+ ipv6=yes
-+ ;;
-+ esac ],
-+
-+ AC_TRY_RUN([ /* AF_INET6 avalable check */
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+main()
-+{
-+ if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
-+ exit(1);
-+ else
-+ exit(0);
-+}
-+],
-+ AC_MSG_RESULT(yes)
-+ AC_DEFINE(ENABLE_IPV6)
-+ ipv6=yes,
-+ AC_MSG_RESULT(no)
-+ ipv6=no,
-+ AC_MSG_RESULT(no)
-+ ipv6=no
-+))
-+
-+ipv6type=unknown
-+ipv6lib=none
-+
-+if test "$ipv6" = "yes"; then
-+ AC_MSG_CHECKING([ipv6 stack type])
-+ for i in inria kame linux toshiba v6d zeta; do
-+ case $i in
-+ inria)
-+ dnl http://www.kame.net/
-+ AC_EGREP_CPP(yes, [dnl
-+#include <netinet/in.h>
-+#ifdef IPV6_INRIA_VERSION
-+yes
-+#endif],
-+ [ipv6type=$i;
-+ CPPFLAGS="-DINET6 $CPPFLAGS"])
-+ ;;
-+ kame)
-+ dnl http://www.kame.net/
-+ AC_EGREP_CPP(yes, [dnl
-+#include <netinet/in.h>
-+#ifdef __KAME__
-+yes
-+#endif],
-+ [ipv6type=$i;
-+ CPPFLAGS="-DINET6 $CPPFLAGS"])
-+ ;;
-+ linux)
-+ dnl http://www.v6.linux.or.jp/
-+ if test -d /usr/inet6; then
-+ ipv6type=$i
-+ ipv6lib=inet6
-+ ipv6libdir=/usr/inet6/lib
-+ CPPFLAGS="-DINET6 -I/usr/inet6/include $CPPFLAGS"
-+ fi
-+ ;;
-+ toshiba)
-+ AC_EGREP_CPP(yes, [dnl
-+#include <sys/param.h>
-+#ifdef _TOSHIBA_INET6
-+yes
-+#endif],
-+ [ipv6type=$i;
-+ ipv6lib=inet6;
-+ ipv6libdir=/usr/local/v6/lib;
-+ CPPFLAGS="-DINET6 $CPPFLAGS"])
-+ ;;
-+ v6d)
-+ AC_EGREP_CPP(yes, [dnl
-+#include </usr/local/v6/include/sys/v6config.h>
-+#ifdef __V6D__
-+yes
-+#endif],
-+ [ipv6type=$i;
-+ ipv6lib=v6;
-+ ipv6libdir=/usr/local/v6/lib;
-+ CPPFLAGS="-I/usr/local/v6/include $CPPFLAGS"])
-+ ;;
-+ zeta)
-+ AC_EGREP_CPP(yes, [dnl
-+#include <sys/param.h>
-+#ifdef _ZETA_MINAMI_INET6
-+yes
-+#endif],
-+ [ipv6type=$i;
-+ ipv6lib=inet6;
-+ ipv6libdir=/usr/local/v6/lib;
-+ CPPFLAGS="-DINET6 $CPPFLAGS"])
-+ ;;
-+ esac
-+ if test "$ipv6type" != "unknown"; then
-+ break
-+ fi
-+ done
-+ AC_MSG_RESULT($ipv6type)
-+fi
-+
-+if test "$ipv6" = "yes" -a -f /usr/local/v6/lib/libinet6.a; then
-+ ac_inet6_LDFLAGS="inet6"
-+ ipv6libdir=/usr/local/v6/lib
-+ LDFLAGS="$LDFLAGS -L/usr/local/v6/lib"
-+ AC_CHECK_LIB(inet6, getaddrinfo, , ipv6lib="$ac_inet6_LDFLAGS")
-+fi
-+
-+
-+if test "$ipv6" = "yes" -a "$ipv6lib" != "none"; then
-+ if test -d $ipv6libdir -a -f $ipv6libdir/lib$ipv6lib.a; then
-+ LIBS="-L$ipv6libdir -l$ipv6lib $LIBS"
-+ else
-+ echo 'Fatal: no $ipv6lib library found. cannot continue.'
-+ echo "You need to fetch lib$ipv6lib.a from appropriate"
-+ echo 'ipv6 kit and compile beforehand.'
-+ exit 1
-+ fi
-+fi
-+
- AC_DEFINE_UNQUOTED(HOSTTYPE, "$host")
-
- case "$host" in
-@@ -313,7 +445,7 @@
-
- # Socket pairs appear to be broken on several systems. I don't know exactly
- # where, so I'll use pipes everywhere for now.
--AC_DEFINE(USE_PIPES)
-+# AC_DEFINE(USE_PIPES)
-
- AC_MSG_CHECKING([that the compiler works])
- AC_TRY_RUN([ main(int ac, char **av) { return 0; } ],
-@@ -369,7 +501,7 @@
-
- AC_HEADER_STDC
- AC_HEADER_SYS_WAIT
--AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h utmp.h shadow.h)
-+AC_CHECK_HEADERS(unistd.h rusage.h sys/time.h lastlog.h login_cap.h utmp.h shadow.h)
- AC_CHECK_HEADERS(sgtty.h sys/select.h sys/ioctl.h machine/endian.h)
- AC_CHECK_HEADERS(paths.h usersec.h utime.h netinet/in_systm.h)
- AC_CHECK_HEADERS(netinet/in_system.h netinet/ip.h netinet/tcp.h ulimit.h)
-@@ -399,6 +531,16 @@
- [ AC_DEFINE(HAVE_INCOMPATIBLE_SIGINFO)
- AC_MSG_RESULT(yes)] , AC_MSG_RESULT(no))
-
-+AC_MSG_CHECKING([whether sys/socket.h have struct sockaddr_storage])
-+AC_EGREP_HEADER(sockaddr_storage, sys/socket.h,
-+ [ AC_DEFINE(HAVE_SOCKADDR_STORAGE) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no))
-+AC_MSG_CHECKING([whether sys/socket.h have __ss_family])
-+AC_EGREP_HEADER(__ss_family, sys/socket.h,
-+ [ AC_DEFINE(HAVE_NEW_SS_FAMILY) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no))
-+AC_MSG_CHECKING([whether sys/socket.h have sa_len])
-+AC_EGREP_HEADER(sa_len, sys/socket.h,
-+ [ AC_DEFINE(HAVE_SOCKADDR_LEN) AC_MSG_RESULT(yes)], AC_MSG_RESULT(no))
-+
- AC_CHECK_LIB(c, crypt, [true], AC_CHECK_LIB(crypt, crypt))
- AC_CHECK_LIB(sec, getspnam)
- AC_CHECK_LIB(seq, get_process_stats)
-@@ -438,6 +580,107 @@
-
- AC_REPLACE_FUNCS(strerror memmove remove random putenv crypt socketpair snprintf)
-
-+AC_MSG_CHECKING(getaddrinfo bug)
-+AC_TRY_RUN([
-+#include <sys/types.h>
-+#include <netdb.h>
-+#include <string.h>
-+#include <sys/socket.h>
-+#include <netinet/in.h>
-+
-+main()
-+{
-+ int passive, gaierr, inet4 = 0, inet6 = 0;
-+ struct addrinfo hints, *ai, *aitop;
-+ char straddr[INET6_ADDRSTRLEN], strport[16];
-+
-+ for (passive = 0; passive <= 1; passive++) {
-+ memset(&hints, 0, sizeof(hints));
-+ hints.ai_family = AF_UNSPEC;
-+ hints.ai_flags = passive ? AI_PASSIVE : 0;
-+ hints.ai_socktype = SOCK_STREAM;
-+ if ((gaierr = getaddrinfo(NULL, "54321", &hints, &aitop)) != 0) {
-+ (void)gai_strerror(gaierr);
-+ goto bad;
-+ }
-+ for (ai = aitop; ai; ai = ai->ai_next) {
-+ if (ai->ai_addr == NULL ||
-+ ai->ai_addrlen == 0 ||
-+ getnameinfo(ai->ai_addr, ai->ai_addrlen,
-+ straddr, sizeof(straddr), strport, sizeof(strport),
-+ NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
-+ goto bad;
-+ }
-+ if (strcmp(strport, "54321") != 0) {
-+ goto bad;
-+ }
-+ switch (ai->ai_family) {
-+ case AF_INET:
-+ if (passive) {
-+ if (strcmp(straddr, "0.0.0.0") != 0) {
-+ goto bad;
-+ }
-+ } else {
-+ if (strcmp(straddr, "127.0.0.1") != 0) {
-+ goto bad;
-+ }
-+ }
-+ inet4++;
-+ break;
-+ case AF_INET6:
-+ if (passive) {
-+ if (strcmp(straddr, "::") != 0) {
-+ goto bad;
-+ }
-+ } else {
-+ if (strcmp(straddr, "::1") != 0) {
-+ goto bad;
-+ }
-+ }
-+ inet6++;
-+ break;
-+ case AF_UNSPEC:
-+ goto bad;
-+ break;
-+ default:
-+ /* another family support? */
-+ break;
-+ }
-+ }
-+ }
-+
-+ if (!(inet4 == 0 || inet4 == 2))
-+ goto bad;
-+ if (!(inet6 == 0 || inet6 == 2))
-+ goto bad;
-+
-+ if (aitop)
-+ freeaddrinfo(aitop);
-+ exit(0);
-+
-+ bad:
-+ if (aitop)
-+ freeaddrinfo(aitop);
-+ exit(1);
-+}
-+],
-+AC_MSG_RESULT(good)
-+buggygetaddrinfo=no,
-+AC_MSG_RESULT(buggy)
-+buggygetaddrinfo=yes,
-+AC_MSG_RESULT(buggy)
-+buggygetaddrinfo=yes)
-+
-+if test "$buggygetaddrinfo" = "yes"; then
-+ if test "$ipv6" = "yes"; then
-+ echo 'Fatal: You must get working getaddrinfo() function.'
-+ echo ' or you can specify "--disable-ipv6"'.
-+ exit 1
-+ else
-+ AC_REPLACE_FUNCS(getaddrinfo getnameinfo)
-+ fi
-+fi
-+
- AC_PROG_LN_S
- AC_PROG_INSTALL
- AC_CHECK_PROG(AR, ar, ar, echo)
-@@ -934,7 +1177,11 @@
- AC_DEFINE(KRB5)
- KERBEROS_ROOT="$with_kerberos5"
- KERBEROS_INCS="-I${KERBEROS_ROOT}/include"
-- KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err"
-+ if test -f ${KERBEROS_ROOT}/lib/libk5crypto.a ; then
-+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -R${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err"
-+ else
-+ KERBEROS_LIBS="-L${KERBEROS_ROOT}/lib -R${KERBEROS_ROOT}/lib -lgssapi_krb5 -lkrb5 -lcrypto -lcom_err"
-+ fi
- AC_CHECK_LIB(ndbm, dbm_open, KERBEROS_LIBS="$KERBEROS_LIBS -lndbm")
- KERBEROS_OBJS="auth-kerberos.o"
- ;;
-@@ -1125,6 +1372,7 @@
- AC_DEFINE(Rdup2,SOCKSdup2)
- AC_DEFINE(Rfclose,SOCKSfclose)
- AC_DEFINE(Rgethostbyname,SOCKSgethostbyname)
-+ AC_DEFINE(Rgetaddrinfo,SOCKSgetaddrinfo)
- fi
-
- AC_MSG_CHECKING(whether to use rsaref)
-@@ -1254,6 +1502,38 @@
- AC_DEFINE(ENABLE_TCP_NODELAY)
- )
-
-+AC_MSG_CHECKING(whether to enable another port try support)
-+AC_ARG_ENABLE(another-port-try,
-+[ --enable-another-port-try Enable another port try support (default)
-+ --disable-another-port-try Disable another port try support],
-+[ case "$enableval" in
-+ no)
-+ AC_MSG_RESULT(no)
-+ ;;
-+ *) AC_MSG_RESULT(yes)
-+ AC_DEFINE(ENABLE_ANOTHER_PORT_TRY)
-+ ;;
-+ esac ],
-+ AC_MSG_RESULT(yes)
-+ AC_DEFINE(ENABLE_ANOTHER_PORT_TRY)
-+)
-+
-+AC_MSG_CHECKING(whether to enable logging auth info support)
-+AC_ARG_ENABLE(log-auth,
-+[ --enable-log-auth Enable logging auth info support (default)
-+ --disable-log-auth Disable logging auth info support],
-+[ case "$enableval" in
-+ no)
-+ AC_MSG_RESULT(no)
-+ ;;
-+ *) AC_MSG_RESULT(yes)
-+ AC_DEFINE(ENABLE_LOG_AUTH)
-+ ;;
-+ esac ],
-+ AC_MSG_RESULT(yes)
-+ AC_DEFINE(ENABLE_LOG_AUTH)
-+)
-+
- AC_MSG_CHECKING(whether to enable SO_LINGER)
- AC_ARG_ENABLE(so-linger,
- [ --enable-so-linger Enable setting SO_LINGER socket option],
-@@ -1313,6 +1593,8 @@
- AC_DEFINE(SCP_ALL_STATISTICS_ENABLED)
- )
-
-+CFLAGS="$CPPFLAGS $CFLAGS"
-+
- # We include this here only to make it visible in --help; this is only used
- # in the gmp subdirectory.
- AC_ARG_ENABLE(asm,
-@@ -1326,7 +1608,7 @@
- fi
- AC_MSG_RESULT($PIDDIR)
-
--AC_CONFIG_SUBDIRS(gmp-2.0.2-ssh-2)
-+#AC_CONFIG_SUBDIRS(gmp-2.0.2-ssh-2)
-
- AC_ARG_PROGRAM
-
-@@ -1357,4 +1639,4 @@
- AC_SUBST(SSHDCONFOBJS)
- AC_SUBST(SSHINSTALLMODE)
-
--AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 zlib-1.0.4/Makefile)
-+AC_OUTPUT(Makefile sshd.8 ssh.1 make-ssh-known-hosts.1 make-ssh-known-hosts.pl)
diff --git a/security/ssh/files/patch-bf b/security/ssh/files/patch-bf
deleted file mode 100644
index d8d53bc45530..000000000000
--- a/security/ssh/files/patch-bf
+++ /dev/null
@@ -1,17 +0,0 @@
-*** gai.h.orig Mon Jan 10 22:56:13 2000
---- gai.h Mon Jan 10 22:56:13 2000
-***************
-*** 0 ****
---- 1,12 ----
-+ /*
-+ * fake library for ssh
-+ *
-+ * This file is included in getaddrinfo.c and getnameinfo.c.
-+ * See getaddrinfo.c and getnameinfo.c.
-+ */
-+
-+ /* for old netdb.h */
-+ #ifndef EAI_NODATA
-+ #define EAI_NODATA 1
-+ #define EAI_MEMORY 2
-+ #endif
diff --git a/security/ssh/files/patch-bg b/security/ssh/files/patch-bg
deleted file mode 100644
index 689982094b9a..000000000000
--- a/security/ssh/files/patch-bg
+++ /dev/null
@@ -1,120 +0,0 @@
-*** getaddrinfo.c.orig Mon Jan 10 22:56:13 2000
---- getaddrinfo.c Mon Jan 10 22:56:13 2000
-***************
-*** 0 ****
---- 1,115 ----
-+ /*
-+ * fake library for ssh
-+ *
-+ * This file includes getaddrinfo(), freeaddrinfo() and gai_strerror().
-+ * These funtions are defined in rfc2133.
-+ *
-+ * But these functions are not implemented correctly. The minimum subset
-+ * is implemented for ssh use only. For exapmle, this routine assumes
-+ * that ai_family is AF_INET. Don't use it for another purpose.
-+ *
-+ * In the case not using 'configure --enable-ipv6', this getaddrinfo.c
-+ * will be used if you have broken getaddrinfo or no getaddrinfo.
-+ */
-+
-+ #include "includes.h"
-+ #include "ssh.h"
-+
-+ #include "gai.h"
-+
-+ static struct addrinfo *
-+ malloc_ai(port, addr)
-+ int port;
-+ u_long addr;
-+ {
-+ struct addrinfo *ai;
-+
-+ if (ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) +
-+ sizeof(struct sockaddr_in))) {
-+ memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in));
-+ ai->ai_addr = (struct sockaddr *)(ai + 1);
-+ /* XXX -- ssh doesn't use sa_len */
-+ ai->ai_addrlen = sizeof(struct sockaddr_in);
-+ ai->ai_addr->sa_family = ai->ai_family = AF_INET;
-+ ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port;
-+ ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr;
-+ return ai;
-+ } else {
-+ return NULL;
-+ }
-+ }
-+
-+ char *
-+ gai_strerror(ecode)
-+ int ecode;
-+ {
-+ switch (ecode) {
-+ case EAI_NODATA:
-+ return "no address associated with hostname.";
-+ case EAI_MEMORY:
-+ return "memory allocation failure.";
-+ default:
-+ return "unknown error.";
-+ }
-+ }
-+
-+ void
-+ freeaddrinfo(ai)
-+ struct addrinfo *ai;
-+ {
-+ struct addrinfo *next;
-+
-+ do {
-+ next = ai->ai_next;
-+ free(ai);
-+ } while (ai = next);
-+ }
-+
-+ int
-+ getaddrinfo(hostname, servname, hints, res)
-+ const char *hostname, *servname;
-+ const struct addrinfo *hints;
-+ struct addrinfo **res;
-+ {
-+ struct addrinfo *cur, *prev = NULL;
-+ struct hostent *hp;
-+ int i, port;
-+
-+ if (servname)
-+ port = htons(atoi(servname));
-+ else
-+ port = 0;
-+ if (hints && hints->ai_flags & AI_PASSIVE)
-+ if (*res = malloc_ai(port, htonl(0x00000000)))
-+ return 0;
-+ else
-+ return EAI_MEMORY;
-+ if (!hostname)
-+ if (*res = malloc_ai(port, htonl(0x7f000001)))
-+ return 0;
-+ else
-+ return EAI_MEMORY;
-+ if (inet_addr(hostname) != -1)
-+ if (*res = malloc_ai(port, inet_addr(hostname)))
-+ return 0;
-+ else
-+ return EAI_MEMORY;
-+ if ((hp = gethostbyname(hostname)) &&
-+ hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) {
-+ for (i = 0; hp->h_addr_list[i]; i++)
-+ if (cur = malloc_ai(port,
-+ ((struct in_addr *)hp->h_addr_list[i])->s_addr)) {
-+ if (prev)
-+ prev->ai_next = cur;
-+ else
-+ *res = cur;
-+ prev = cur;
-+ } else {
-+ if (*res)
-+ freeaddrinfo(*res);
-+ return EAI_MEMORY;
-+ }
-+ return 0;
-+ }
-+ return EAI_NODATA;
-+ }
diff --git a/security/ssh/files/patch-bh b/security/ssh/files/patch-bh
deleted file mode 100644
index 3e50aaeda092..000000000000
--- a/security/ssh/files/patch-bh
+++ /dev/null
@@ -1,66 +0,0 @@
-*** getnameinfo.c.orig Mon Jan 10 22:56:13 2000
---- getnameinfo.c Mon Jan 10 22:56:13 2000
-***************
-*** 0 ****
---- 1,61 ----
-+ /*
-+ * fake library for ssh
-+ *
-+ * This file includes getnameinfo().
-+ * These funtions are defined in rfc2133.
-+ *
-+ * But these functions are not implemented correctly. The minimum subset
-+ * is implemented for ssh use only. For exapmle, this routine assumes
-+ * that ai_family is AF_INET. Don't use it for another purpose.
-+ *
-+ * In the case not using 'configure --enable-ipv6', this getnameinfo.c
-+ * will be used if you have broken getnameinfo or no getnameinfo.
-+ */
-+
-+ #include "includes.h"
-+ #include "ssh.h"
-+
-+ #include "gai.h"
-+
-+ int
-+ getnameinfo(sa, salen, host, hostlen, serv, servlen, flags)
-+ const struct sockaddr *sa;
-+ size_t salen;
-+ char *host;
-+ size_t hostlen;
-+ char *serv;
-+ size_t servlen;
-+ int flags;
-+ {
-+ struct sockaddr_in *sin = (struct sockaddr_in *)sa;
-+ struct hostent *hp;
-+ char tmpserv[16];
-+
-+ if (serv) {
-+ sprintf(tmpserv, "%d", ntohs(sin->sin_port));
-+ if (strlen(tmpserv) > servlen)
-+ return EAI_MEMORY;
-+ else
-+ strcpy(serv, tmpserv);
-+ }
-+ if (host)
-+ if (flags & NI_NUMERICHOST)
-+ if (strlen(inet_ntoa(sin->sin_addr)) > hostlen)
-+ return EAI_MEMORY;
-+ else {
-+ strcpy(host, inet_ntoa(sin->sin_addr));
-+ return 0;
-+ }
-+ else
-+ if (hp = gethostbyaddr((char *)&sin->sin_addr, sizeof(struct in_addr),
-+ AF_INET))
-+ if (strlen(hp->h_name) > hostlen)
-+ return EAI_MEMORY;
-+ else {
-+ strcpy(host, hp->h_name);
-+ return 0;
-+ }
-+ else
-+ return EAI_NODATA;
-+ return 0;
-+ }
diff --git a/security/ssh/files/patch-bi b/security/ssh/files/patch-bi
deleted file mode 100644
index b4108fd81d49..000000000000
--- a/security/ssh/files/patch-bi
+++ /dev/null
@@ -1,54 +0,0 @@
---- log-server.c.orig Thu Jan 17 05:35:33 2002
-+++ log-server.c Sat Jun 29 14:50:00 2002
-@@ -163,6 +163,27 @@
- closelog();
- }
-
-+#ifdef ENABLE_LOG_AUTH
-+void log_auth(const char *fmt, ...)
-+{
-+ char buf[1024];
-+ va_list args;
-+ extern int log_auth_flag;
-+ if (!log_auth_flag)
-+ return;
-+ if (log_quiet)
-+ return;
-+ va_start(args, fmt);
-+ vsprintf(buf, fmt, args);
-+ va_end(args);
-+ if (log_on_stderr)
-+ fprintf(stderr, "log: %s\n", buf);
-+ syslog(LOG_INFO|LOG_AUTH, "%.500s", buf);
-+}
-+
-+extern char *unauthenticated_user;
-+#endif /* ENABLE_LOG_AUTH */
-+
- /* Converts portable syslog severity to machine-specific syslog severity. */
-
- static int syslog_severity(int severity)
-@@ -336,6 +357,11 @@
- fprintf(stderr, "fatal: %s\n", buf);
- openlog(prg_name, LOG_PID, log_facility);
- syslog(LOG_ERR, "fatal: %.500s", buf);
-+#ifdef ENABLE_LOG_AUTH
-+ if (unauthenticated_user)
-+ log_auth("LOGIN FAILED %.100s from %.200s",
-+ unauthenticated_user, get_canonical_hostname());
-+#endif /* ENABLE_LOG_AUTH */
- closelog();
-
- do_fatal_cleanups();
-@@ -357,6 +383,11 @@
- fprintf(stderr, "fatal: %s\n", buf);
- openlog(prg_name, LOG_PID, log_facility);
- syslog(syslog_severity(severity), "fatal: %.500s", buf);
-+#ifdef ENABLE_LOG_AUTH
-+ if (unauthenticated_user)
-+ log_auth("LOGIN FAILED %.100s from %.200s",
-+ unauthenticated_user, get_canonical_hostname());
-+#endif /* ENABLE_LOG_AUTH */
- closelog();
-
- do_fatal_cleanups();
diff --git a/security/ssh/files/patch-bj b/security/ssh/files/patch-bj
deleted file mode 100644
index fb897af4865c..000000000000
--- a/security/ssh/files/patch-bj
+++ /dev/null
@@ -1,16 +0,0 @@
-*** match.c.orig Wed May 12 13:19:27 1999
---- match.c Mon Jan 10 22:56:13 2000
-***************
-*** 129,134 ****
---- 129,139 ----
- is_ip_pattern = 0;
- break;
- }
-+ for(p = pattern; *p; p++)
-+ if (!(isxdigit(*p) || *p == ':' || *p == '?' || *p == '*'))
-+ break;
-+ if (ip && !*p)
-+ is_ip_pattern = 1;
- if (is_ip_pattern)
- {
- return match_pattern(ip, pattern);
diff --git a/security/ssh/files/patch-bl b/security/ssh/files/patch-bl
deleted file mode 100644
index 60296a9735bb..000000000000
--- a/security/ssh/files/patch-bl
+++ /dev/null
@@ -1,66 +0,0 @@
-*** readconf.c.orig Wed May 12 13:19:27 1999
---- readconf.c Mon Jan 10 22:56:13 2000
-***************
-*** 171,176 ****
---- 171,179 ----
- oBatchMode, oStrictHostKeyChecking, oCompression, oCompressionLevel,
- oKeepAlives, oUsePrivilegedPort, oKerberosAuthentication,
- oKerberosTgtPassing, oClearAllForwardings, oNumberOfPasswordPrompts,
-+ #ifdef ENABLE_ANOTHER_PORT_TRY
-+ oAnotherPort,
-+ #endif /* ENABLE_ANOTHER_PORT_TRY */
- oXauthPath, oGatewayPorts, oPasswordPromptLogin, oPasswordPromptHost
- } OpCodes;
-
-***************
-*** 194,199 ****
---- 197,205 ----
- { "hostname", oHostName },
- { "proxycommand", oProxyCommand },
- { "port", oPort },
-+ #ifdef ENABLE_ANOTHER_PORT_TRY
-+ { "anotherport", oAnotherPort },
-+ #endif /* ENABLE_ANOTHER_PORT_TRY */
- { "cipher", oCipher },
- { "remoteforward", oRemoteForward },
- { "localforward", oLocalForward },
-***************
-*** 497,502 ****
---- 503,514 ----
- *intptr = value;
- break;
-
-+ #ifdef ENABLE_ANOTHER_PORT_TRY
-+ case oAnotherPort:
-+ intptr = &options->another_port;
-+ goto parse_int;
-+ #endif /* ENABLE_ANOTHER_PORT_TRY */
-+
- case oConnectionAttempts:
- intptr = &options->connection_attempts;
- goto parse_int;
-***************
-*** 689,694 ****
---- 701,709 ----
- options->keepalives = -1;
- options->compression_level = -1;
- options->port = -1;
-+ #ifdef ENABLE_ANOTHER_PORT_TRY
-+ options->another_port = -1;
-+ #endif /* ENABLE_ANOTHER_PORT_TRY */
- options->connection_attempts = -1;
- options->number_of_password_prompts = -1;
- options->password_prompt_login = -1;
-***************
-*** 759,764 ****
---- 774,783 ----
- options->compression_level = 6;
- if (options->port == -1)
- options->port = 0; /* Filled in ssh_connect. */
-+ #ifdef ENABLE_ANOTHER_PORT_TRY
-+ if (options->another_port == -1)
-+ options->another_port = 0;
-+ #endif /* ENABLE_ANOTHER_PORT_TRY */
- if (options->connection_attempts == -1)
- options->connection_attempts = 4;
- if (options->number_of_password_prompts == -1)
diff --git a/security/ssh/files/patch-bm b/security/ssh/files/patch-bm
deleted file mode 100644
index 78c9833bb6bf..000000000000
--- a/security/ssh/files/patch-bm
+++ /dev/null
@@ -1,12 +0,0 @@
---- readconf.h.orig Thu Jan 17 05:35:34 2002
-+++ readconf.h Fri Jun 21 16:36:20 2002
-@@ -102,6 +102,9 @@
- int use_privileged_port; /* Use privileged port */
-
- int port; /* Port to connect. */
-+#ifdef ENABLE_ANOTHER_PORT_TRY
-+ int another_port; /* Port to connect for -A option. */
-+#endif /* ENABLE_ANOTHER_PORT_TRY */
- int connection_attempts; /* Max attempts (seconds) before giving up */
- int number_of_password_prompts; /* Max number of password prompts */
- int password_prompt_login; /* Show remote login at password prompt */
diff --git a/security/ssh/files/patch-bn b/security/ssh/files/patch-bn
deleted file mode 100644
index 7f625fcea26d..000000000000
--- a/security/ssh/files/patch-bn
+++ /dev/null
@@ -1,191 +0,0 @@
-*** scp.c.orig Wed May 12 13:19:28 1999
---- scp.c Mon Jan 10 22:56:13 2000
-***************
-*** 180,185 ****
---- 180,193 ----
- #define STDERR_FILENO 2
- #endif
-
-+ /* This is set to non-zero if IPv4 is desired. */
-+ int IPv4 = 0;
-+
-+ #ifdef ENABLE_IPV6
-+ /* This is set to non-zero if IPv6 is desired. */
-+ int IPv6 = 0;
-+ #endif
-+
- /* This is set to non-zero to enable verbose mode. */
- int verbose = 0;
-
-***************
-*** 295,302 ****
---- 303,319 ----
- }
- args[i++] = "-x";
- args[i++] = "-a";
-+ #ifdef ENABLE_ANOTHER_PORT_TRY
-+ args[i++] = "-A";
-+ #endif /* ENABLE_ANOTHER_PORT_TRY */
- args[i++] = "-oFallBackToRsh no";
- args[i++] = "-oClearAllForwardings yes";
-+ if (IPv4)
-+ args[i++] = "-4";
-+ #ifdef ENABLE_IPV6
-+ if (IPv6)
-+ args[i++] = "-6";
-+ #endif
- if (verbose)
- args[i++] = "-v";
- if (compress)
-***************
-*** 441,448 ****
- statistics = 0;
-
- fflag = tflag = 0;
-! while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:")) != EOF)
- switch(ch) { /* User-visible flags. */
- case 'S':
- ssh_program = optarg;
- break;
---- 458,477 ----
- statistics = 0;
-
- fflag = tflag = 0;
-! while ((ch = getopt(argc, argv, "aAqQdfprtvBCL1c:i:P:o:S:4"
-! #ifdef ENABLE_IPV6
-! "6"
-! #endif
-! )) != EOF)
- switch(ch) { /* User-visible flags. */
-+ case '4':
-+ IPv4 = 1;
-+ break;
-+ #ifdef ENABLE_IPV6
-+ case '6':
-+ IPv6 = 1;
-+ break;
-+ #endif
- case 'S':
- ssh_program = optarg;
- break;
-***************
-*** 589,594 ****
---- 618,634 ----
- exit(errs != 0);
- }
-
-+ char *
-+ cleanhostname(host)
-+ char *host;
-+ {
-+ if (*host == '[' && host[strlen(host) - 1] == ']') {
-+ host[strlen(host) - 1] = '\0';
-+ return (host + 1);
-+ } else
-+ return host;
-+ }
-+
- void
- toremote(targ, argc, argv)
- char *targ, *argv[];
-***************
-*** 644,649 ****
---- 684,690 ----
- bp = xmalloc(len);
- if (host) {
- *host++ = 0;
-+ host = cleanhostname(host);
- suser = argv[i];
- if (*suser == '\0')
- suser = pwd->pw_name;
-***************
-*** 655,667 ****
- suser, host, cmd, src,
- tuser ? tuser : "", tuser ? "@" : "",
- thost, targ);
-! } else
- (void)snprintf(bp, len,
- "exec %s%s %s -x -o'FallBackToRsh no' -o'ClearAllForwardings yes' -n %s %s %s '%s%s%s:%s'",
- ssh_program, verbose ? " -v" : "", options,
-! argv[i], cmd, src,
- tuser ? tuser : "", tuser ? "@" : "",
- thost, targ);
- if (verbose)
- fprintf(stderr, "Executing: %s\n", bp);
- if (system(bp)) errs++;
---- 696,710 ----
- suser, host, cmd, src,
- tuser ? tuser : "", tuser ? "@" : "",
- thost, targ);
-! } else {
-! host = cleanhostname(argv[i]);
- (void)snprintf(bp, len,
- "exec %s%s %s -x -o'FallBackToRsh no' -o'ClearAllForwardings yes' -n %s %s %s '%s%s%s:%s'",
- ssh_program, verbose ? " -v" : "", options,
-! host, cmd, src,
- tuser ? tuser : "", tuser ? "@" : "",
- thost, targ);
-+ }
- if (verbose)
- fprintf(stderr, "Executing: %s\n", bp);
- if (system(bp)) errs++;
-***************
-*** 671,677 ****
- len = strlen(targ) + CMDNEEDS + 20;
- bp = xmalloc(len);
- (void)snprintf(bp, len, "%s -t %s", cmd, targ);
-! host = thost;
- if (do_cmd(host, tuser,
- bp, &remin, &remout) < 0)
- exit(1);
---- 714,720 ----
- len = strlen(targ) + CMDNEEDS + 20;
- bp = xmalloc(len);
- (void)snprintf(bp, len, "%s -t %s", cmd, targ);
-! host = cleanhostname(thost);
- if (do_cmd(host, tuser,
- bp, &remin, &remout) < 0)
- exit(1);
-***************
-*** 721,726 ****
---- 764,770 ----
- else if (!okname(suser))
- continue;
- }
-+ host = cleanhostname(host);
- len = strlen(src) + CMDNEEDS + 20;
- bp = xmalloc(len);
- (void)snprintf(bp, len, "%s -f %s", cmd, src);
-***************
-*** 1365,1375 ****
- colon(cp)
- char *cp;
- {
- if (*cp == ':') /* Leading colon is part of file name. */
- return (0);
-
- for (; *cp; ++cp) {
-! if (*cp == ':')
- return (cp);
- if (*cp == '/')
- return (0);
---- 1409,1427 ----
- colon(cp)
- char *cp;
- {
-+ int flag = 0;
-+
- if (*cp == ':') /* Leading colon is part of file name. */
- return (0);
-+ if (*cp == '[')
-+ flag = 1;
-
- for (; *cp; ++cp) {
-! if (*cp == '@' && *(cp+1) == '[')
-! flag = 1;
-! if (*cp == ']' && *(cp+1) == ':' && flag)
-! return (cp+1);
-! if (*cp == ':' && !flag)
- return (cp);
- if (*cp == '/')
- return (0);
diff --git a/security/ssh/files/patch-bo b/security/ssh/files/patch-bo
deleted file mode 100644
index 941fef6346e7..000000000000
--- a/security/ssh/files/patch-bo
+++ /dev/null
@@ -1,158 +0,0 @@
---- servconf.c.orig Thu Jan 17 05:35:34 2002
-+++ servconf.c Fri Jun 21 16:22:56 2002
-@@ -88,8 +88,8 @@
- void initialize_server_options(ServerOptions *options)
- {
- memset(options, 0, sizeof(*options));
-- options->port = -1;
-- options->listen_addr.s_addr = INADDR_ANY;
-+ options->num_ports = 0;
-+ options->listen_addrs = NULL;
- options->host_key_file = NULL;
- options->random_seed_file = NULL;
- options->pid_file = NULL;
-@@ -99,6 +99,9 @@
- options->permit_root_login = -1;
- options->ignore_rhosts = -1;
- options->ignore_root_rhosts = -1;
-+#ifdef ENABLE_LOG_AUTH
-+ options->log_auth = -1;
-+#endif /* ENABLE_LOG_AUTH */
- options->quiet_mode = -1;
- options->fascist_logging = -1;
- options->print_motd = -1;
-@@ -145,17 +148,33 @@
-
- void fill_default_server_options(ServerOptions *options)
- {
-- if (options->port == -1)
-+ struct addrinfo hints, *ai, *aitop;
-+ char strport[PORTSTRLEN];
-+ int i;
-+
-+ if (options->num_ports == 0)
-+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
-+ if (options->listen_addrs == NULL)
- {
-- struct servent *sp;
-+ for (i = 0; i < options->num_ports; i++)
-+ {
-+ memset(&hints, 0, sizeof(hints));
-+ hints.ai_flags = AI_PASSIVE;
-+ hints.ai_family = IPv4or6;
-+ hints.ai_socktype = SOCK_STREAM;
-+ sprintf(strport, "%d", options->ports[i]);
-+ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0)
-+ {
-+ fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n");
-+ exit(1);
-+ }
-+ for (ai = aitop; ai->ai_next; ai = ai->ai_next);
-+ ai->ai_next = options->listen_addrs;
-+ options->listen_addrs = aitop;
-+ }
-+ /* freeaddrinfo(options->listen_addrs) in sshd.c */
-+ }
-
-- sp = getservbyname(SSH_SERVICE_NAME, "tcp");
-- if (sp)
-- options->port = ntohs(sp->s_port);
-- else
-- options->port = SSH_DEFAULT_PORT;
-- endservent();
-- }
- if (options->host_key_file == NULL)
- options->host_key_file = HOST_KEY_FILE;
- if (options->random_seed_file == NULL)
-@@ -250,6 +269,9 @@
- {
- sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
- sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
-+#ifdef ENABLE_LOG_AUTH
-+ sLogAuth,
-+#endif /* ENABLE_LOG_AUTH */
- sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
- sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts,
- sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
-@@ -282,6 +304,9 @@
- { "quietmode", sQuietMode },
- { "fascistlogging", sFascistLogging },
- { "syslogfacility", sLogFacility },
-+#ifdef ENABLE_LOG_AUTH
-+ { "logauth", sLogAuth },
-+#endif /* ENABLE_LOG_AUTH */
- { "rhostsauthentication", sRhostsAuthentication },
- { "rhostsrsaauthentication", sRhostsRSAAuthentication },
- { "rsaauthentication", sRSAAuthentication },
-@@ -375,6 +400,9 @@
- char *cp, **charptr;
- int linenum, *intptr, i, value;
- ServerOpCodes opcode;
-+ struct addrinfo hints, *ai, *aitop;
-+ char strport[PORTSTRLEN];
-+ int gaierr;
-
- f = fopen(filename, "r");
- if (!f)
-@@ -397,7 +425,14 @@
- switch (opcode)
- {
- case sPort:
-- intptr = &options->port;
-+ if (options->num_ports >= MAX_PORTS)
-+ {
-+ fprintf(stderr, "%s line %d: too many ports.\n",
-+ filename, linenum);
-+ exit(1);
-+ }
-+ options->ports[options->num_ports] = -1;
-+ intptr = &options->ports[options->num_ports++];
- parse_int:
- cp = strtok(NULL, WHITESPACE);
- if (!cp)
-@@ -460,12 +495,26 @@
- filename, linenum);
- exit(1);
- }
--#ifdef BROKEN_INET_ADDR
-- options->listen_addr.s_addr = inet_network(cp);
--#else /* BROKEN_INET_ADDR */
-- options->listen_addr.s_addr = inet_addr(cp);
--#endif /* BROKEN_INET_ADDR */
-- break;
-+ if (options->num_ports == 0)
-+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
-+ for (i = 0; i < options->num_ports; i++)
-+ {
-+ memset(&hints, 0, sizeof(hints));
-+ hints.ai_family = IPv4or6;
-+ hints.ai_socktype = SOCK_STREAM;
-+ sprintf(strport, "%d", options->ports[i]);
-+ if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0)
-+ {
-+ fprintf(stderr, "%s line %d: bad addr or host. (%s)\n",
-+ filename, linenum, gai_strerror(gaierr));
-+ exit(1);
-+ }
-+ for (ai = aitop; ai->ai_next; ai = ai->ai_next);
-+ ai->ai_next = options->listen_addrs;
-+ options->listen_addrs = aitop;
-+ }
-+ strtok(cp, WHITESPACE); /* getaddrinfo() may use strtok() */
-+ break;
-
- case sHostKeyFile:
- charptr = &options->host_key_file;
-@@ -539,6 +588,12 @@
- if (*intptr == -1)
- *intptr = value;
- break;
-+
-+#ifdef ENABLE_LOG_AUTH
-+ case sLogAuth:
-+ intptr = &options->log_auth;
-+ goto parse_flag;
-+#endif /* ENABLE_LOG_AUTH */
-
- case sIgnoreRhosts:
- intptr = &options->ignore_rhosts;
diff --git a/security/ssh/files/patch-bp b/security/ssh/files/patch-bp
deleted file mode 100644
index a9cd9987ef37..000000000000
--- a/security/ssh/files/patch-bp
+++ /dev/null
@@ -1,32 +0,0 @@
---- servconf.h.orig Thu Jan 17 05:35:34 2002
-+++ servconf.h Fri Jun 21 16:24:35 2002
-@@ -68,6 +68,7 @@
- #ifndef SERVCONF_H
- #define SERVCONF_H
-
-+#define MAX_PORTS 256 /* Max # hosts on allow list. */
- #define MAX_ALLOW_SHOSTS 256 /* Max # hosts on allow shosts list. */
- #define MAX_DENY_SHOSTS 256 /* Max # hosts on deny shosts list. */
- #define MAX_ALLOW_HOSTS 256 /* Max # hosts on allow list. */
-@@ -86,8 +87,9 @@
-
- typedef struct
- {
-- int port; /* Port number to listen on. */
-- struct in_addr listen_addr; /* Address on which the server listens. */
-+ unsigned int num_ports;
-+ int ports[MAX_PORTS]; /* Port number to listen on. */
-+ struct addrinfo *listen_addrs;/* Addresses on which the server listens. */
- char *host_key_file; /* File containing host key. */
- char *random_seed_file; /* File containing random seed. */
- char *pid_file; /* File containing process ID number. */
-@@ -95,6 +97,9 @@
- int login_grace_time; /* Disconnect if no auth in this time (sec). */
- int key_regeneration_time; /* Server key lifetime (seconds). */
- int permit_root_login; /* 0 = forced cmd only, 1 = no pwd, 2 = yes. */
-+#ifdef ENABLE_LOG_AUTH
-+ int log_auth; /* If true, log authentication info. */
-+#endif /* ENABLE_LOG_AUTH */
- int ignore_rhosts; /* Ignore .rhosts and .shosts. */
- int ignore_root_rhosts; /* Ignore .rhosts and .shosts for root,
- defaults to ignore_rhosts if not given. */
diff --git a/security/ssh/files/patch-br b/security/ssh/files/patch-br
deleted file mode 100644
index 28dd08a5be56..000000000000
--- a/security/ssh/files/patch-br
+++ /dev/null
@@ -1,97 +0,0 @@
-*** ssh.c.orig Wed May 12 13:19:28 1999
---- ssh.c Mon Jan 10 22:56:13 2000
-***************
-*** 218,223 ****
---- 218,231 ----
- other functions. */
- RandomState random_state;
-
-+ /* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
-+ Default value is AF_UNSPEC means both IPv4 and IPv6. */
-+ #ifdef ENABLE_IPV6
-+ int IPv4or6 = AF_UNSPEC;
-+ #else
-+ int IPv4or6 = AF_INET;
-+ #endif
-+
- /* Flag indicating whether debug mode is on. This can be set on the
- command line. */
- int debug_flag = 0;
-***************
-*** 277,282 ****
---- 285,297 ----
- {
- fprintf(stderr, "Usage: %s [options] host [command]\n", av0);
- fprintf(stderr, "Options:\n");
-+ fprintf(stderr, " -4 Use IPv4 only.\n");
-+ #ifdef ENABLE_IPV6
-+ fprintf(stderr, " -6 Use IPv6 only.\n");
-+ #endif
-+ #ifdef ENABLE_ANOTHER_PORT_TRY
-+ fprintf(stderr, " -A Try to connect to another port before original port.\n");
-+ #endif /* ENABLE_ANOTHER_PORT_TRY */
- fprintf(stderr, " -l user Log in using this user name.\n");
- fprintf(stderr, " -n Redirect input from /dev/null.\n");
- fprintf(stderr, " -a Disable authentication agent forwarding.\n");
-***************
-*** 413,418 ****
---- 428,436 ----
- #ifdef SIGWINCH
- struct winsize ws;
- #endif /* SIGWINCH */
-+ #ifdef ENABLE_ANOTHER_PORT_TRY
-+ int another_port_flag = 0;
-+ #endif /* ENABLE_ANOTHER_PORT_TRY */
-
- /* Save the original real uid. It will be needed later (uid-swapping may
- clobber the real uid). */
-***************
-*** 522,527 ****
---- 540,565 ----
- }
- switch (opt)
- {
-+ case '4':
-+ #ifdef ENABLE_IPV6
-+ IPv4or6 = (IPv4or6 == AF_INET6) ? AF_UNSPEC : AF_INET;
-+ #else
-+ IPv4or6 = AF_INET;
-+ #endif
-+ break;
-+
-+ #ifdef ENABLE_IPV6
-+ case '6':
-+ IPv4or6 = (IPv4or6 == AF_INET) ? AF_UNSPEC : AF_INET6;
-+ break;
-+ #endif
-+
-+ #ifdef ENABLE_ANOTHER_PORT_TRY
-+ case 'A':
-+ another_port_flag = 1;
-+ break;
-+ #endif /* ENABLE_ANOTHER_PORT_TRY */
-+
- case 'n':
- stdin_null_flag = 1;
- break;
-***************
-*** 789,799 ****
---- 827,844 ----
- {
- use_privileged_port = 0;
- }
-+ #ifdef ENABLE_ANOTHER_PORT_TRY
-+ if (!another_port_flag)
-+ options.another_port = 0;
-+ #endif /* ENABLE_ANOTHER_PORT_TRY */
- /* Open a connection to the remote host. This needs root privileges if
- rhosts_authentication is true. Note that the random_state is not
- yet used by this call, although a pointer to it is stored, and thus it
- need not be initialized. */
- ok = ssh_connect(host, options.port, options.connection_attempts,
-+ #ifdef ENABLE_ANOTHER_PORT_TRY
-+ options.another_port,
-+ #endif /* ENABLE_ANOTHER_PORT_TRY */
- !use_privileged_port,
- original_real_uid, options.proxy_command, &random_state);
-
diff --git a/security/ssh/files/patch-bs b/security/ssh/files/patch-bs
deleted file mode 100644
index ec0e1a86ef92..000000000000
--- a/security/ssh/files/patch-bs
+++ /dev/null
@@ -1,94 +0,0 @@
-*** ssh.h.orig Wed May 12 13:19:28 1999
---- ssh.h Mon Jan 10 22:56:13 2000
-***************
-*** 430,436 ****
- /* Records that the user has logged in. This does many things normally
- done by login(1). */
- void record_login(int pid, const char *ttyname, const char *user, uid_t uid,
-! const char *host, struct sockaddr_in *addr);
-
- /* Records that the user has logged out. This does many thigs normally
- done by login(1) or init. */
---- 430,436 ----
- /* Records that the user has logged in. This does many things normally
- done by login(1). */
- void record_login(int pid, const char *ttyname, const char *user, uid_t uid,
-! const char *host, struct sockaddr *addr);
-
- /* Records that the user has logged out. This does many thigs normally
- done by login(1) or init. */
-***************
-*** 447,452 ****
---- 447,455 ----
- connection is successful, this calls packet_set_connection for the
- connection. */
- int ssh_connect(const char *host, int port, int connection_attempts,
-+ #ifdef ENABLE_ANOTHER_PORT_TRY
-+ int another_port,
-+ #endif /* ENABLE_ANOTHER_PORT_TRY */
- int anonymous, uid_t original_real_uid,
- const char *proxy_command, RandomState *random_state);
-
-***************
-*** 872,876 ****
---- 875,934 ----
- #else
- #define UID_ROOT 0
- #endif
-+
-+ #ifdef HAVE_SOCKADDR_STORAGE
-+ #ifndef HAVE_NEW_SS_FAMILY
-+ #define __ss_len ss_len
-+ #define __ss_family ss_family
-+ #endif
-+ #else
-+ #define _SS_MAXSIZE 128 /* Implementation specific max size */
-+ #define _SS_ALIGNSIZE (sizeof(int))
-+ #define _SS_PAD1SIZE (_SS_ALIGNSIZE - sizeof(u_short))
-+ #define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof(u_short) + \
-+ _SS_PAD1SIZE + _SS_ALIGNSIZE))
-+ struct sockaddr_storage {
-+ #ifdef HAVE_SOCKADDR_LEN
-+ u_char __ss_len;
-+ u_char __ss_family;
-+ #else
-+ u_short __ss_family;
-+ #endif
-+ char __ss_pad1[_SS_PAD1SIZE];
-+ int __ss_align;
-+ char __ss_pad2[_SS_PAD2SIZE];
-+ };
-+ #endif
-+
-+ #ifdef INET6_ADDRSTRLEN
-+ #define ADDRSTRLEN INET6_ADDRSTRLEN
-+ #else
-+ #define ADDRSTRLEN 46
-+ #endif
-+
-+ #define PORTSTRLEN 16
-+
-+ /* AF_UNSPEC or AF_INET or AF_INET6 */
-+ extern int IPv4or6;
-+
-+ #ifndef ENABLE_IPV6
-+ /* dummy value for old netdb.h */
-+ #ifndef AI_PASSIVE
-+ #define AI_PASSIVE 1
-+ #define NI_NUMERICHOST 2
-+ #define NI_NAMEREQD 4
-+ #define NI_NUMERICSERV 8
-+ struct addrinfo {
-+ int ai_flags; /* AI_PASSIVE, AI_CANONNAME */
-+ int ai_family; /* PF_xxx */
-+ int ai_socktype; /* SOCK_xxx */
-+ int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */
-+ size_t ai_addrlen; /* length of ai_addr */
-+ char *ai_canonname; /* canonical name for hostname */
-+ struct sockaddr *ai_addr; /* binary address */
-+ struct addrinfo *ai_next; /* next structure in linked list */
-+ };
-+ #endif
-+ #endif /* not ENABLE_IPV6 */
-
- #endif /* SSH_H */
diff --git a/security/ssh/files/sshd.sh b/security/ssh/files/sshd.sh
deleted file mode 100644
index dd882003037c..000000000000
--- a/security/ssh/files/sshd.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/sh
-case "$1" in
- start)
- !!PREFIX!!/sbin/sshd
- echo -n ' sshd'
- ;;
- stop)
- if [ -f /var/run/sshd.pid ]; then
- kill -TERM `cat /var/run/sshd.pid`
- rm -f /var/run/sshd.pid
- echo -n ' sshd'
- fi
- ;;
- restart)
- if [ -f /var/run/sshd.pid ]; then
- kill -HUP `cat /var/run/sshd.pid`
- echo 'sshd restarted'
- fi
- ;;
- -h)
- echo "Usage: `basename $0` { start | stop | restart }"
- ;;
- *)
- !!PREFIX!!/sbin/sshd
- echo -n ' sshd'
- ;;
-esac
diff --git a/security/ssh/pkg-descr b/security/ssh/pkg-descr
deleted file mode 100644
index e08cd3baca01..000000000000
--- a/security/ssh/pkg-descr
+++ /dev/null
@@ -1,5 +0,0 @@
-Secure Shell is a program to log into another computer over a network,
-to execute commands in a remote machine, and to move files from one
-machine to another. It provides strong authentication and secure
-communications over insecure channels. It is intended as a replacement
-for rlogin, rsh, and rcp.
diff --git a/security/ssh/pkg-plist b/security/ssh/pkg-plist
deleted file mode 100644
index 28e0ce057044..000000000000
--- a/security/ssh/pkg-plist
+++ /dev/null
@@ -1,19 +0,0 @@
-bin/make-ssh-known-hosts
-bin/make-ssh-known-hosts1
-bin/scp
-bin/scp1
-bin/slogin
-bin/ssh
-bin/ssh-add
-bin/ssh-add1
-bin/ssh-agent
-bin/ssh-agent1
-bin/ssh-keygen
-bin/ssh-keygen1
-bin/ssh1
-etc/rc.d/sshd.sh
-etc/ssh_config
-etc/sshd_config
-sbin/sshd
-sbin/sshd1
-@exec if [ ! -f %D/etc/ssh_host_key ]; then echo "Generating a secret host key.." ; %D/bin/ssh-keygen1 -N "" -f %D/etc/ssh_host_key; fi
diff --git a/security/ssh/pkg-plist.x11 b/security/ssh/pkg-plist.x11
deleted file mode 100644
index 3d4ac02a7dba..000000000000
--- a/security/ssh/pkg-plist.x11
+++ /dev/null
@@ -1,2 +0,0 @@
-bin/ssh-askpass
-bin/ssh-askpass1
diff --git a/security/tea-total/Makefile b/security/tea-total/Makefile
deleted file mode 100644
index 405b6b2d8456..000000000000
--- a/security/tea-total/Makefile
+++ /dev/null
@@ -1,26 +0,0 @@
-# Ports collection makefile for: tea-total
-# Date created: Tue Dec 19, 2000
-# Whom: David O'Brien (obrien@NUXI.com)
-#
-# $FreeBSD$
-#
-
-PORTNAME= tea-total
-PORTVERSION= 0.4
-PORTREVISION= 3
-CATEGORIES= security
-MASTER_SITES= http://www.alexholden.net/pub/${PORTNAME}/
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= Extremely small 128 bit private key based encryption/decryption system
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-# code is not 64-bit clean...
-ONLY_FOR_ARCHS= i386
-
-USE_GMAKE= yes
-MAN1= teatotal.1 tea.1 untea.1 tea-kgen.1
-
-.include <bsd.port.mk>
diff --git a/security/tea-total/distinfo b/security/tea-total/distinfo
deleted file mode 100644
index 07d5490184eb..000000000000
--- a/security/tea-total/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (tea-total-0.4.tar.gz) = 702a83ad861e74f64bf0fa7a353c85a2
-SHA256 (tea-total-0.4.tar.gz) = d1cf5f744759f45aa6cfb683ed08697dec302cc18ce480e664b93d0ace7ee0ee
-SIZE (tea-total-0.4.tar.gz) = 77975
diff --git a/security/tea-total/files/patch-Makefile b/security/tea-total/files/patch-Makefile
deleted file mode 100644
index 123b351cd29c..000000000000
--- a/security/tea-total/files/patch-Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
---- Makefile.orig Tue Jan 2 22:04:34 2001
-+++ Makefile Fri Oct 25 03:32:00 2002
-@@ -1,6 +1,6 @@
- include config.inc
-
--CC = $(CROSS_PREFIX)gcc
-+#CC = $(CROSS_PREFIX)gcc
- CP = cp -f
- RM = rm -f
- LN = ln -sf
-@@ -8,7 +8,7 @@
- CD = cd
- MKDIR = mkdir -p
- CMP = cmp
--CFLAGS = -O2 -Wall -DARCH_$(ARCH)
-+CFLAGS += -DARCH_FREEBSD
- LDFLAGS =
- BINDIR = $(PREFIX)/bin
- TEATOTAL = teatotal
-@@ -26,6 +26,9 @@
- ifeq ($(ARCH), OPENBSD)
- MANDIR = $(PREFIX)/share/man/man1
- RANDOM_DEVICE = \"/dev/srandom\"
-+else
-+MANDIR = $(PREFIX)/man/man1
-+RANDOM_DEVICE = \"/dev/random\"
- endif
- endif
-
-@@ -115,12 +120,12 @@
-
- install: all
- $(MKDIR) $(BINDIR)
-- $(CP) $(TEATOTAL) $(BINDIR)
-+ ${BSD_INSTALL_PROGRAM} $(TEATOTAL) $(BINDIR)
- $(LN) $(TEATOTAL) $(BINDIR)/$(TEA)
- $(LN) $(TEATOTAL) $(BINDIR)/$(UNTEA)
- $(LN) $(TEATOTAL) $(BINDIR)/$(TEA-KGEN)
- $(MKDIR) $(MANDIR)
-- $(CP) $(MANPAGES) $(MANDIR)
-+ ${BSD_INSTALL_MAN} $(MANPAGES) $(MANDIR)
-
- clean:
- $(RM) core *.o $(PROGRAMS) testout.tea test.out test2.key test3.key \
diff --git a/security/tea-total/files/patch-arch.h b/security/tea-total/files/patch-arch.h
deleted file mode 100644
index 8266529f0a99..000000000000
--- a/security/tea-total/files/patch-arch.h
+++ /dev/null
@@ -1,18 +0,0 @@
---- arch.h.orig Sun Dec 31 09:16:53 2000
-+++ arch.h Sun Oct 20 19:01:52 2002
-@@ -9,10 +9,14 @@
- * warranties of merchantability and fitness for a particular purpose.
- */
-
-+#if defined(ARCH_OPENBSD) || defined(ARCH_FREEBSD)
- #if defined(ARCH_OPENBSD)
--
- #include <machine/types.h>
- #include <machine/endian.h>
-+#endif
-+#if defined(ARCH_FREEBSD)
-+#include <sys/types.h>
-+#endif
- typedef uint32_t u32;
- typedef int32_t s32;
- typedef uint16_t u16;
diff --git a/security/tea-total/files/patch-config.inc b/security/tea-total/files/patch-config.inc
deleted file mode 100644
index 9a4bc1c3cf4f..000000000000
--- a/security/tea-total/files/patch-config.inc
+++ /dev/null
@@ -1,10 +0,0 @@
---- config.inc.orig Tue Jan 2 05:09:08 2001
-+++ config.inc Fri Jan 12 02:19:15 2001
-@@ -2,5 +2,6 @@
- # LINUX should hopefully work for all recent versions of Linux (but not ELKS).
--ARCH = LINUX
-+# ARCH = LINUX
- # OPENBSD may work for other BSDs. Please let me know if it does.
- # ARCH = OPENBSD
-+ARCH = FREEBSD
- # ARCH = DJGPP
diff --git a/security/tea-total/files/patch-getarg.c b/security/tea-total/files/patch-getarg.c
deleted file mode 100644
index 47c7f64b3533..000000000000
--- a/security/tea-total/files/patch-getarg.c
+++ /dev/null
@@ -1,28 +0,0 @@
---- getarg.c.orig Sun Nov 24 04:04:44 2002
-+++ getarg.c Thu May 9 04:30:09 2002
-@@ -110,7 +110,7 @@
-
- /* Copy the arguments, ignoring the first argument (the program name) */
- for(i = 1; i < argc; i++) {
-- len = strlen(argv[i]);
-+ len = strlen(argv[i]) + 1;
- if(!(state->argv[i - 1] = malloc(len))) {
- /* It failed, so free the list and return */
- while(i-- > 1) free(state->argv[i]);
-@@ -199,7 +199,6 @@
- return(state->realargv[i + 2]);
- } else continue;
- }
--
-
- /* For each character until the terminating zero */
- for(p = &state->argv[i][1]; *p; p++) {
-@@ -235,7 +234,7 @@
- if((!*++p)&&(p = next_arg(state, i))) {
- *p = GETARG_USEDFLAG;
- return(state->realargv[i + 2]);
-- } else continue;
-+ } else return NULL;
- }
- }
-
diff --git a/security/tea-total/files/patch-heap.c b/security/tea-total/files/patch-heap.c
deleted file mode 100644
index c258786d3b93..000000000000
--- a/security/tea-total/files/patch-heap.c
+++ /dev/null
@@ -1,6 +0,0 @@
---- heap.c.orig Fri Dec 29 16:16:55 2000
-+++ heap.c Fri Jan 12 02:26:58 2001
-@@ -45,2 +45,3 @@
-
-+#include <sys/types.h>
- #include <stdlib.h>
diff --git a/security/tea-total/files/patch-huffman.c b/security/tea-total/files/patch-huffman.c
deleted file mode 100644
index 8304d17d8901..000000000000
--- a/security/tea-total/files/patch-huffman.c
+++ /dev/null
@@ -1,6 +0,0 @@
---- huffman.c.orig Fri Dec 29 16:17:17 2000
-+++ huffman.c Fri Jan 12 02:26:23 2001
-@@ -11,2 +11,3 @@
-
-+#include <sys/types.h>
- #include <stdlib.h>
diff --git a/security/tea-total/pkg-descr b/security/tea-total/pkg-descr
deleted file mode 100644
index f9aa0c78a16d..000000000000
--- a/security/tea-total/pkg-descr
+++ /dev/null
@@ -1,10 +0,0 @@
-TEA Total is an extremely small 128 bit private key based
-encryption/decryption system which uses the new variant of TEA (Tiny
-Encryption Algorithm) by David Wheeler and Roger Needham of the Cambridge
-Computer Laboratory.
-
-TEA is said to be several times faster than DES, as well as being much
-smaller and more secure. It also isn't encumbered by any patents and the
-reference implementation is in the public domain.
-
-WWW: http://www.linuxhacker.org/tea-total/
diff --git a/security/tea-total/pkg-plist b/security/tea-total/pkg-plist
deleted file mode 100644
index d9a4312059a2..000000000000
--- a/security/tea-total/pkg-plist
+++ /dev/null
@@ -1,5 +0,0 @@
-@comment $FreeBSD$
-bin/teatotal
-bin/tea
-bin/tea-kgen
-bin/untea
diff --git a/security/uberkey/Makefile b/security/uberkey/Makefile
deleted file mode 100644
index a744f45def97..000000000000
--- a/security/uberkey/Makefile
+++ /dev/null
@@ -1,30 +0,0 @@
-# New ports collection makefile for: uberkey
-# Date created: 2007-10-29
-# Whom: chinsan
-#
-# $FreeBSD$
-#
-
-PORTNAME= uberkey
-PORTVERSION= 1.2
-CATEGORIES= security
-MASTER_SITES= http://www.linuks.mine.nu/uberkey/ LOCAL/chinsan
-
-MAINTAINER= ports@FreeBSD.org
-COMMENT= A keylogger for x86 systems
-
-DEPRECATED= Upstream disapear and distfile is no more available
-EXPIRATION_DATE= 2011-05-01
-
-ONLY_FOR_ARCHS= i386
-MAN8= uberkey.8
-PLIST_FILES= bin/uberkey
-
-do-build:
- @cd ${WRKSRC} && ${CC} ${CFLAGS} *.c -o ${PORTNAME}
-
-do-install:
- @${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${PREFIX}/bin
- @${INSTALL_MAN} ${WRKSRC}/${MAN8} ${MAN1PREFIX}/man/man8
-
-.include <bsd.port.mk>
diff --git a/security/uberkey/distinfo b/security/uberkey/distinfo
deleted file mode 100644
index 17fc4d55c57a..000000000000
--- a/security/uberkey/distinfo
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 (uberkey-1.2.tar.gz) = 5724b911650ffe9cb32f16d01a96fe9a
-SHA256 (uberkey-1.2.tar.gz) = 0892ce89bf4e6cb27848c876b350f39a72a5bc6002c16b6821f33f440ffb97c7
-SIZE (uberkey-1.2.tar.gz) = 1624
diff --git a/security/uberkey/pkg-descr b/security/uberkey/pkg-descr
deleted file mode 100644
index 312b689baea5..000000000000
--- a/security/uberkey/pkg-descr
+++ /dev/null
@@ -1,5 +0,0 @@
-uberkey is a keylogger for x86 systems.
-It directly reads keyboard input from the keyboard controller and
-does a basic translation.
-
-WWW: http://www.linuks.mine.nu/uberkey/