svn commit: r388363 - in head/security: . openssh-portable openssh-portable-devel openssh-portable-devel/files
Bryan Drewery
bdrewery at FreeBSD.org
Tue Jun 2 15:00:47 UTC 2015
Author: bdrewery
Date: Tue Jun 2 15:00:43 2015
New Revision: 388363
URL: https://svnweb.freebsd.org/changeset/ports/388363
Log:
Add openssh-portable-devel which is based on the upstream snapshots for staging and testing.
Its initial version is 20150602 which is nearly the upcoming 6.9 version.
Added:
head/security/openssh-portable-devel/
- copied from r388360, head/security/openssh-portable/
Deleted:
head/security/openssh-portable-devel/files/extra-patch-ttssh
head/security/openssh-portable-devel/files/patch-compat.c
head/security/openssh-portable-devel/files/patch-monitor_wrap.c
Modified:
head/security/Makefile
head/security/openssh-portable-devel/Makefile
head/security/openssh-portable-devel/distinfo
head/security/openssh-portable-devel/files/extra-patch-hpn
head/security/openssh-portable-devel/files/patch-servconf.c
head/security/openssh-portable-devel/files/patch-ssh-agent.1
head/security/openssh-portable-devel/files/patch-ssh-agent.c
head/security/openssh-portable-devel/files/patch-sshd_config
head/security/openssh-portable-devel/files/patch-sshd_config.5
head/security/openssh-portable/Makefile
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Tue Jun 2 14:58:24 2015 (r388362)
+++ head/security/Makefile Tue Jun 2 15:00:43 2015 (r388363)
@@ -383,6 +383,7 @@
SUBDIR += openscep
SUBDIR += openssh-askpass
SUBDIR += openssh-portable
+ SUBDIR += openssh-portable-devel
SUBDIR += openssl
SUBDIR += openssl_tpm_engine
SUBDIR += openvas-client
Modified: head/security/openssh-portable-devel/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile Tue Jun 2 13:50:16 2015 (r388360)
+++ head/security/openssh-portable-devel/Makefile Tue Jun 2 15:00:43 2015 (r388363)
@@ -2,20 +2,23 @@
# $FreeBSD$
PORTNAME= openssh
-DISTVERSION= 6.8p1
-PORTREVISION= 7
-PORTEPOCH= 1
+DISTVERSION= 20150602
+PORTREVISION= 0
CATEGORIES= security ipv6
-MASTER_SITES= OPENBSD/OpenSSH/portable
-PKGNAMESUFFIX?= -portable
+MASTER_SITES= http://www.mindrot.org/openssh_snap/ \
+ OPENBSD/OpenSSH/portable
+PKGNAMESUFFIX?= -portable-devel
MAINTAINER= bdrewery at FreeBSD.org
-COMMENT= The portable version of OpenBSD's OpenSSH
+COMMENT= The portable version of OpenBSD's OpenSSH (snapshot)
#LICENSE= BSD2,BSD3,MIT,public domain,BSD-Style,BEER-WARE,"any purpose with notice intact",ISC-Style
#LICENSE_FILE= ${WRKSRC}/LICENCE
-CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.*
+DISTNAME= ${PORTNAME}-SNAP-${DISTVERSION}
+WRKSRC= ${WRKDIR}/${PORTNAME}-SNAP
+
+CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.* openssh-portable-*
USES= alias
USE_AUTOTOOLS= autoconf autoheader
@@ -47,7 +50,6 @@ NONECIPHER_DESC= NONE Cipher support
OPTIONS_SUB= yes
-EXTRA_PATCHES+= ${FILESDIR}/extra-patch-ttssh
TCP_WRAPPERS_EXTRA_PATCHES=${FILESDIR}/extra-patch-tcpwrappers
LDNS_CONFIGURE_WITH= ldns
@@ -190,6 +192,9 @@ CONFIGURE_ARGS+= --with-xauth=${LOCALBAS
RC_SCRIPT_NAME= openssh
VERSION_ADDENDUM_DEFAULT?= ${OPSYS}-${PKGNAME}
+post-extract:
+ @mv ${WRKDIR}/${PORTNAME} ${WRKSRC}
+
post-patch:
@${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure
@${REINPLACE_CMD} \
Modified: head/security/openssh-portable-devel/distinfo
==============================================================================
--- head/security/openssh-portable/distinfo Tue Jun 2 13:50:16 2015 (r388360)
+++ head/security/openssh-portable-devel/distinfo Tue Jun 2 15:00:43 2015 (r388363)
@@ -1,8 +1,6 @@
-SHA256 (openssh-6.8p1.tar.gz) = 3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e
-SIZE (openssh-6.8p1.tar.gz) = 1475953
-SHA256 (openssh-6.8p1+x509-8.3.diff.gz) = 34dbefcce8509d3c876be3e7d8966455c7c3589a6872bdfb1f8ce3d133f4d304
-SIZE (openssh-6.8p1+x509-8.3.diff.gz) = 347942
-SHA256 (openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz) = 9a361408269a542d28dae77320f30e94a44098acdbbbc552efb0bdeac6270dc8
-SIZE (openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz) = 25825
+SHA256 (openssh-SNAP-20150602.tar.gz) = 4893c2d7f1d2ecffe120ce3d5dcee02e89e7cd3a39b1f5a85c3302818263461b
+SIZE (openssh-SNAP-20150602.tar.gz) = 1469236
SHA256 (openssh-6.8p1-sctp-2573.patch.gz) = 0348713ad4cb4463e90cf5202ed41c8f726d7d604f3f93922a9aa55b86abf04a
SIZE (openssh-6.8p1-sctp-2573.patch.gz) = 8531
+SHA256 (openssh-6.8p1+x509-8.3.diff.gz) = 34dbefcce8509d3c876be3e7d8966455c7c3589a6872bdfb1f8ce3d133f4d304
+SIZE (openssh-6.8p1+x509-8.3.diff.gz) = 347942
Modified: head/security/openssh-portable-devel/files/extra-patch-hpn
==============================================================================
--- head/security/openssh-portable/files/extra-patch-hpn Tue Jun 2 13:50:16 2015 (r388360)
+++ head/security/openssh-portable-devel/files/extra-patch-hpn Tue Jun 2 15:00:43 2015 (r388363)
@@ -398,15 +398,14 @@ diff -urN -x configure -x config.guess -
return check[i].bugs;
}
}
---- work.clean/openssh-6.8p1/compat.h 2015-03-17 00:49:20.000000000 -0500
-+++ work/openssh-6.8p1/compat.h 2015-04-03 16:39:34.780416000 -0500
-@@ -60,7 +60,10 @@
- #define SSH_NEW_OPENSSH 0x04000000
- #define SSH_BUG_DYNAMIC_RPORT 0x08000000
+--- work/openssh/compat.h.orig 2015-05-29 03:27:21.000000000 -0500
++++ work/openssh/compat.h 2015-06-02 09:55:04.208681000 -0500
+@@ -62,6 +62,9 @@
#define SSH_BUG_CURVE25519PAD 0x10000000
#define SSH_BUG_HOSTKEYS 0x20000000
+ #define SSH_BUG_DHGEX_LARGE 0x40000000
+#ifdef HPN_ENABLED
-+#define SSH_BUG_LARGEWINDOW 0x40000000
++#define SSH_BUG_LARGEWINDOW 0x80000000
+#endif
void enable_compat13(void);
@@ -718,12 +717,12 @@ diff -urN -x configure -x config.guess -
struct timeval tv[2];
#define atime tv[0]
---- work.clean/openssh-6.8p1/servconf.c 2015-04-01 22:07:18.142441000 -0500
-+++ work/openssh-6.8p1/servconf.c 2015-04-03 16:32:16.114236000 -0500
-@@ -160,6 +160,14 @@
- options->revoked_keys_file = NULL;
- options->trusted_user_ca_keys = NULL;
+--- work/openssh/servconf.c.orig 2015-05-29 03:27:21.000000000 -0500
++++ work/openssh/servconf.c 2015-06-02 09:56:36.041601000 -0500
+@@ -163,6 +163,14 @@ initialize_server_options(ServerOptions
options->authorized_principals_file = NULL;
+ options->authorized_principals_command = NULL;
+ options->authorized_principals_command_user = NULL;
+#ifdef NONE_CIPHER_ENABLED
+ options->none_enabled = -1;
+#endif
@@ -735,7 +734,7 @@ diff -urN -x configure -x config.guess -
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->version_addendum = NULL;
-@@ -326,6 +334,57 @@
+@@ -329,6 +337,57 @@ fill_default_server_options(ServerOption
}
if (options->permit_tun == -1)
options->permit_tun = SSH_TUNMODE_NO;
@@ -793,7 +792,7 @@ diff -urN -x configure -x config.guess -
if (options->ip_qos_interactive == -1)
options->ip_qos_interactive = IPTOS_LOWDELAY;
if (options->ip_qos_bulk == -1)
-@@ -401,6 +460,12 @@
+@@ -406,6 +465,12 @@ typedef enum {
sUsePrivilegeSeparation, sAllowAgentForwarding,
sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
@@ -803,10 +802,10 @@ diff -urN -x configure -x config.guess -
+#ifdef HPN_ENABLED
+ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
+#endif
+ sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
- sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
-@@ -529,6 +594,14 @@
+@@ -537,6 +602,14 @@ static struct {
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
@@ -821,7 +820,7 @@ diff -urN -x configure -x config.guess -
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
{ "ipqos", sIPQoS, SSHCFG_ALL },
{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
-@@ -1113,6 +1186,25 @@
+@@ -1156,6 +1229,25 @@ process_server_config_line(ServerOptions
intptr = &options->ignore_user_known_hosts;
goto parse_flag;
Modified: head/security/openssh-portable-devel/files/patch-servconf.c
==============================================================================
--- head/security/openssh-portable/files/patch-servconf.c Tue Jun 2 13:50:16 2015 (r388360)
+++ head/security/openssh-portable-devel/files/patch-servconf.c Tue Jun 2 15:00:43 2015 (r388363)
@@ -17,15 +17,6 @@
/* X.509 Standard Options */
#ifdef OPENSSL_FIPS
-@@ -277,7 +278,7 @@ fill_default_server_options(ServerOption
- if (options->key_regeneration_time == -1)
- options->key_regeneration_time = 3600;
- if (options->permit_root_login == PERMIT_NOT_SET)
-- options->permit_root_login = PERMIT_YES;
-+ options->permit_root_login = PERMIT_NO;
- if (options->ignore_rhosts == -1)
- options->ignore_rhosts = 1;
- if (options->ignore_user_known_hosts == -1)
@@ -287,7 +288,7 @@ fill_default_server_options(ServerOption
if (options->print_lastlog == -1)
options->print_lastlog = 1;
Modified: head/security/openssh-portable-devel/files/patch-ssh-agent.1
==============================================================================
--- head/security/openssh-portable/files/patch-ssh-agent.1 Tue Jun 2 13:50:16 2015 (r388360)
+++ head/security/openssh-portable-devel/files/patch-ssh-agent.1 Tue Jun 2 15:00:43 2015 (r388363)
@@ -3,20 +3,18 @@ r226103 | des | 2011-10-07 08:10:16 -050
Add a -x option that causes ssh-agent(1) to exit when all clients have
disconnected.
-Index: ssh-agent.1
-===================================================================
---- ssh-agent.1 (revision 226102)
-+++ ssh-agent.1 (revision 226103)
-@@ -44,7 +44,7 @@
+--- ssh-agent.1.orig 2015-05-29 03:27:21.000000000 -0500
++++ ssh-agent.1 2015-06-02 09:45:37.025390000 -0500
+@@ -43,7 +43,7 @@
.Sh SYNOPSIS
.Nm ssh-agent
.Op Fl c | s
--.Op Fl d
-+.Op Fl dx
+-.Op Fl Dd
++.Op Fl Ddx
.Op Fl a Ar bind_address
+ .Op Fl E Ar fingerprint_hash
.Op Fl t Ar life
- .Op Ar command Op Ar arg ...
-@@ -103,6 +103,8 @@
+@@ -128,6 +128,8 @@
.Xr ssh-add 1
overrides this value.
Without this option the default maximum lifetime is forever.
Modified: head/security/openssh-portable-devel/files/patch-ssh-agent.c
==============================================================================
--- head/security/openssh-portable/files/patch-ssh-agent.c Tue Jun 2 13:50:16 2015 (r388360)
+++ head/security/openssh-portable-devel/files/patch-ssh-agent.c Tue Jun 2 15:00:43 2015 (r388363)
@@ -7,9 +7,9 @@ r226103 | des | 2011-10-07 08:10:16 -050
Add a -x option that causes ssh-agent(1) to exit when all clients have
disconnected.
---- ssh-agent.c.orig 2015-03-17 00:49:20.000000000 -0500
-+++ ssh-agent.c 2015-03-20 00:00:48.800352000 -0500
-@@ -150,15 +150,34 @@ static long lifetime = 0;
+--- ssh-agent.c.orig 2015-05-29 03:27:21.000000000 -0500
++++ ssh-agent.c 2015-06-02 09:46:54.719580000 -0500
+@@ -157,15 +157,34 @@ static long lifetime = 0;
static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
@@ -44,7 +44,7 @@ disconnected.
}
static void
-@@ -910,6 +929,10 @@ new_socket(sock_type type, int fd)
+@@ -939,6 +958,10 @@ new_socket(sock_type type, int fd)
{
u_int i, old_alloc, new_alloc;
@@ -55,16 +55,16 @@ disconnected.
set_nonblock(fd);
if (fd > max_fd)
-@@ -1138,7 +1161,7 @@ usage(void)
+@@ -1166,7 +1189,7 @@ static void
+ usage(void)
{
fprintf(stderr,
- "usage: ssh-agent [-c | -s] [-d] [-a bind_address] [-E fingerprint_hash]\n"
-- " [-t life] [command [arg ...]]\n"
-+ " [-t life] [-x] [command [arg ...]]\n"
+- "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n"
++ "usage: ssh-agent [-c | -s] [-Ddx] [-a bind_address] [-E fingerprint_hash]\n"
+ " [-t life] [command [arg ...]]\n"
" ssh-agent [-c | -s] -k\n");
exit(1);
- }
-@@ -1168,6 +1191,7 @@ main(int ac, char **av)
+@@ -1197,6 +1220,7 @@ main(int ac, char **av)
/* drop */
setegid(getgid());
setgid(getgid());
@@ -72,16 +72,16 @@ disconnected.
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
/* Disable ptrace on Linux without sgid bit */
-@@ -1181,7 +1205,7 @@ main(int ac, char **av)
+@@ -1210,7 +1234,7 @@ main(int ac, char **av)
__progname = ssh_get_progname(av[0]);
seed_rng();
-- while ((ch = getopt(ac, av, "cdksE:a:t:")) != -1) {
-+ while ((ch = getopt(ac, av, "cdksE:a:t:x")) != -1) {
+- while ((ch = getopt(ac, av, "cDdksE:a:t:")) != -1) {
++ while ((ch = getopt(ac, av, "cDdksE:a:t:x")) != -1) {
switch (ch) {
case 'E':
fingerprint_hash = ssh_digest_alg_by_name(optarg);
-@@ -1215,6 +1239,9 @@ main(int ac, char **av)
+@@ -1249,6 +1273,9 @@ main(int ac, char **av)
usage();
}
break;
Modified: head/security/openssh-portable-devel/files/patch-sshd_config
==============================================================================
--- head/security/openssh-portable/files/patch-sshd_config Tue Jun 2 13:50:16 2015 (r388360)
+++ head/security/openssh-portable-devel/files/patch-sshd_config Tue Jun 2 15:00:43 2015 (r388363)
@@ -10,15 +10,6 @@
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
-@@ -41,7 +44,7 @@
- # Authentication:
-
- #LoginGraceTime 2m
--#PermitRootLogin yes
-+#PermitRootLogin no
- #StrictModes yes
- #MaxAuthTries 6
- #MaxSessions 10
@@ -50,8 +53,7 @@
#PubkeyAuthentication yes
Modified: head/security/openssh-portable-devel/files/patch-sshd_config.5
==============================================================================
--- head/security/openssh-portable/files/patch-sshd_config.5 Tue Jun 2 13:50:16 2015 (r388360)
+++ head/security/openssh-portable-devel/files/patch-sshd_config.5 Tue Jun 2 15:00:43 2015 (r388363)
@@ -1,6 +1,6 @@
---- sshd_config.5.orig 2014-10-02 18:24:57.000000000 -0500
-+++ sshd_config.5 2015-03-22 21:57:45.538655000 -0500
-@@ -304,7 +304,9 @@ By default, no banner is displayed.
+--- sshd_config.5.orig 2015-05-29 03:27:21.000000000 -0500
++++ sshd_config.5 2015-06-02 09:49:08.463186000 -0500
+@@ -375,7 +375,9 @@ By default, no banner is displayed.
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
PAM or through authentication styles supported in
@@ -11,7 +11,7 @@
The default is
.Dq yes .
.It Cm ChrootDirectory
-@@ -977,7 +979,22 @@ are refused if the number of unauthentic
+@@ -1111,7 +1113,22 @@ are refused if the number of unauthentic
.It Cm PasswordAuthentication
Specifies whether password authentication is allowed.
The default is
@@ -34,12 +34,10 @@
.It Cm PermitEmptyPasswords
When password authentication is allowed, it specifies whether the
server allows login to accounts with empty password strings.
-@@ -1023,7 +1040,14 @@ The argument must be
- or
+@@ -1158,6 +1175,13 @@ or
.Dq no .
The default is
--.Dq yes .
-+.Dq no .
+ .Dq no .
+Note that if
+.Cm ChallengeResponseAuthentication
+is
@@ -50,7 +48,7 @@
.Pp
If this option is set to
.Dq without-password ,
-@@ -1178,7 +1202,9 @@ an OpenSSH Key Revocation List (KRL) as
+@@ -1331,7 +1355,9 @@ an OpenSSH Key Revocation List (KRL) as
For more information on KRLs, see the KEY REVOCATION LISTS section in
.Xr ssh-keygen 1 .
.It Cm RhostsRSAAuthentication
@@ -61,7 +59,7 @@
with successful RSA host authentication is allowed.
The default is
.Dq no .
-@@ -1343,7 +1369,7 @@ is enabled, you will not be able to run
+@@ -1498,7 +1524,7 @@ is enabled, you will not be able to run
.Xr sshd 8
as a non-root user.
The default is
@@ -70,7 +68,7 @@
.It Cm UsePrivilegeSeparation
Specifies whether
.Xr sshd 8
-@@ -1365,7 +1391,10 @@ restrictions.
+@@ -1520,7 +1546,10 @@ restrictions.
Optionally specifies additional text to append to the SSH protocol banner
sent by the server upon connection.
The default is
@@ -82,7 +80,7 @@
.It Cm X11DisplayOffset
Specifies the first display number available for
.Xr sshd 8 Ns 's
-@@ -1379,7 +1408,7 @@ The argument must be
+@@ -1534,7 +1563,7 @@ The argument must be
or
.Dq no .
The default is
Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile Tue Jun 2 14:58:24 2015 (r388362)
+++ head/security/openssh-portable/Makefile Tue Jun 2 15:00:43 2015 (r388363)
@@ -15,7 +15,7 @@ COMMENT= The portable version of OpenBSD
#LICENSE= BSD2,BSD3,MIT,public domain,BSD-Style,BEER-WARE,"any purpose with notice intact",ISC-Style
#LICENSE_FILE= ${WRKSRC}/LICENCE
-CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.*
+CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.* openssh-portable-devel-*
USES= alias
USE_AUTOTOOLS= autoconf autoheader
More information about the svn-ports-all
mailing list