ports/138284: OpenSSH GSSAPI Key Exchange patch updated

Fri Aug 28 19:40:05 UTC 2009

>Number:         138284
>Category:       ports
>Synopsis:       OpenSSH GSSAPI Key Exchange patch updated
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 28 19:40:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Garrett Wollman
>Release:        FreeBSD 7.2-RELEASE-p2 amd64
>Organization:
MIT Computer Science & Artificial Intelligence Laboratory
>Environment:
System: FreeBSD khavrinen.csail.mit.edu 7.2-RELEASE-p2 FreeBSD 7.2-RELEASE-p2 #7 r195442M: Wed Jul 8 17:38:11 EDT 2009 wollman at khavrinen.csail.mit.edu:/usr/obj/usr/src/sys/KHAVRINEN amd64


>Description:

Upgrading security/openssh-portable currently fails if you are using
GSSAPI key exchange.  Simon Wilkinson has now released a patch for
OpenSSH 5.2p1.  Tested and works with krb5-1.6.3_6, including the new
"cascading credentials" function.

>How-To-Repeat:

cd /usr/ports/security/openssh-portable
make

>Fix:

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/openssh-portable/Makefile,v
retrieving revision 1.139
diff -u -r1.139 Makefile

--- Makefile	8 Aug 2009 07:13:49 -0000	1.139
+++ Makefile	28 Aug 2009 19:07:17 -0000
@@ -100,15 +100,17 @@
 .if !defined(WITHOUT_KERBEROS)
 .if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI)
 .if defined(WITH_KERB_GSSAPI)
-BROKEN=			KERB_GSSAPI patch incompatible with ${PORTNAME}-5.2p1
 PATCH_DIST_STRIP=	-p0
 PATCH_SITES+=		http://www.sxw.org.uk/computing/patches/
-PATCHFILES+=		openssh-5.0p1-gsskex-20080404.patch
+PATCHFILES+=		openssh-5.2p1-gsskex-all-20090726.patch
 .endif
 PORTABLE_SUFFIX=	# empty
 GSSAPI_SUFFIX=		-gssapi
 CONFLICTS+=		openssh-portable-*-[0-9]*
 CONFIGURE_ARGS+=	--with-kerberos5=${KRB5_HOME}
+.if ${KRB5_HOME} == ${LOCALBASE}
+LIB_DEPENDS+=		krb5.3:${PORTSDIR}/security/krb5
+.endif
 .if ${OPENSSLBASE} == "/usr"
 CONFIGURE_ARGS+=	--without-rpath
 LDFLAGS=		# empty
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/security/openssh-portable/distinfo,v
retrieving revision 1.50
diff -u -r1.50 distinfo
--- distinfo	15 May 2009 11:00:27 -0000	1.50
+++ distinfo	28 Aug 2009 19:07:26 -0000
@@ -1,6 +1,6 @@
 MD5 (openssh-5.2p1.tar.gz) = ada79c7328a8551bdf55c95e631e7dad
 SHA256 (openssh-5.2p1.tar.gz) = 4023710c37d0b3d79e6299cb79b6de2a31db7d581fe59e775a5351784034ecae
 SIZE (openssh-5.2p1.tar.gz) = 1016612
-MD5 (openssh-5.2p1+x509-6.2.diff.gz) = 8dbbfb743226864f6bb49b56e77776d9
-SHA256 (openssh-5.2p1+x509-6.2.diff.gz) = 72cfb1e232b6ae0a9df6e8539a9f6b53db7c0a2141cf2e4dd65b407748fa9f34
-SIZE (openssh-5.2p1+x509-6.2.diff.gz) = 153010
+MD5 (openssh-5.2p1-gsskex-all-20090726.patch) = e5c116b4bc3f4b816206e8403dd08af7
+SHA256 (openssh-5.2p1-gsskex-all-20090726.patch) = 6eb297d6fa74be3323c5e4f53df5b6e1f4edf6bf394e3e707c075846886e18e7
+SIZE (openssh-5.2p1-gsskex-all-20090726.patch) = 90959

>Release-Note:
>Audit-Trail:
>Unformatted:

