svn commit: r419892 - in head/security/openssh-portable: . files
Bryan Drewery
bdrewery at FreeBSD.org
Mon Aug 8 19:22:39 UTC 2016
Author: bdrewery
Date: Mon Aug 8 19:22:37 2016
New Revision: 419892
URL: https://svnweb.freebsd.org/changeset/ports/419892
Log:
- Update to 7.3p1
- X509: Unbreak and update to 9.0
- SCTP: Mark BROKEN
- KERB_GSSAPI: Unbreak and update from Debian's patch
Release notes: http://www.openssh.com/txt/release-7.3
Modified:
head/security/openssh-portable/Makefile
head/security/openssh-portable/distinfo
head/security/openssh-portable/files/extra-patch-hpn
head/security/openssh-portable/files/patch-auth2.c
head/security/openssh-portable/files/patch-readconf.c
Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile Mon Aug 8 19:13:17 2016 (r419891)
+++ head/security/openssh-portable/Makefile Mon Aug 8 19:22:37 2016 (r419892)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= openssh
-DISTVERSION= 7.2p2
+DISTVERSION= 7.3p1
PORTREVISION= 0
PORTEPOCH= 1
CATEGORIES= security ipv6
@@ -60,14 +60,15 @@ HPN_CONFIGURE_WITH= hpn
NONECIPHER_CONFIGURE_WITH= nonecipher
# See http://www.roumenpetrov.info/openssh/
-X509_VERSION= 8.5
+X509_VERSION= 9.0
X509_PATCH_SITES= http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509
-X509_PATCHFILES= ${PORTNAME}-7.0p1+x509-${X509_VERSION}.diff.gz:-p1:x509
+X509_PATCHFILES= ${PORTNAME}-7.3p1+x509-${X509_VERSION}.diff.gz:-p1:x509
# See https://bugzilla.mindrot.org/show_bug.cgi?id=2016
# and https://bugzilla.mindrot.org/show_bug.cgi?id=1604
SCTP_PATCHFILES= ${PORTNAME}-7.2_p1-sctp.patch.gz:-p1
SCTP_CONFIGURE_WITH= sctp
+SCTP_BROKEN= does not apply to 7.3+
MIT_LIB_DEPENDS= libkrb5.so.3:security/krb5
HEIMDAL_LIB_DEPENDS= libkrb5.so.26:security/heimdal
@@ -92,16 +93,16 @@ EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_
# Must add this patch before HPN due to conflicts
.if ${PORT_OPTIONS:MKERB_GSSAPI}
-BROKEN= KERN_GSSAPI does not yet apply with 7.2+
-# 7.1 patch taken from
+# 7.3 patch taken from
# http://sources.debian.net/data/main/o/openssh/1:7.1p2-2/debian/patches/gssapi.patch
# which was originally based on 5.7 patch from
# http://www.sxw.org.uk/computing/patches/
+# It is mirrored simply to apply gzip -9.
. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
# Needed glue for applying HPN patch without conflict
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
. endif
-PATCHFILES+= openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz:-p1:gsskex
+PATCHFILES+= openssh-7.3p1-gsskex-all-20141021-debian-rh-20160808.patch.gz:-p1:gsskex
.endif
# http://www.psc.edu/index.php/hpn-ssh https://github.com/rapier1/hpn-ssh https://github.com/rapier1/openssh-portable
@@ -122,7 +123,6 @@ CONFIGURE_ARGS+= --disable-utmp --disabl
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-version-addendum
.if ${PORT_OPTIONS:MX509}
-BROKEN= X509 does not apply with 7.1+
. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
BROKEN= X509 patch and HPN patch do not apply cleanly together
. endif
Modified: head/security/openssh-portable/distinfo
==============================================================================
--- head/security/openssh-portable/distinfo Mon Aug 8 19:13:17 2016 (r419891)
+++ head/security/openssh-portable/distinfo Mon Aug 8 19:22:37 2016 (r419892)
@@ -1,8 +1,9 @@
-SHA256 (openssh-7.2p2.tar.gz) = a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c
-SIZE (openssh-7.2p2.tar.gz) = 1499808
+TIMESTAMP = 1470675521
+SHA256 (openssh-7.3p1.tar.gz) = 3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc
+SIZE (openssh-7.3p1.tar.gz) = 1522617
SHA256 (openssh-7.2_p1-sctp.patch.gz) = fb67e3e23f39fabf44ef198e3e19527417c75c9352747547448512032365dbfc
SIZE (openssh-7.2_p1-sctp.patch.gz) = 8501
-SHA256 (openssh-7.0p1+x509-8.5.diff.gz) = 6000557f1ddae06aff8837d440d93342a923fada571fec59fc5dedf388fb5f9e
-SIZE (openssh-7.0p1+x509-8.5.diff.gz) = 411960
-SHA256 (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 420f3ee70705de57bb9a9ad66e72c1d40c318d8a882815d108816687fcc79b62
-SIZE (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 25798
+SHA256 (openssh-7.3p1+x509-9.0.diff.gz) = ed468fe2e6220065b2bf3e2ed9eb0c7c8183f32f50fa50d64505d5feaef2d900
+SIZE (openssh-7.3p1+x509-9.0.diff.gz) = 571918
+SHA256 (openssh-7.3p1-gsskex-all-20141021-debian-rh-20160808.patch.gz) = 83698da23a7d4dd24be9bc15ea7e801890dfc9303815135552c8ddfd158f1a95
+SIZE (openssh-7.3p1-gsskex-all-20141021-debian-rh-20160808.patch.gz) = 26818
Modified: head/security/openssh-portable/files/extra-patch-hpn
==============================================================================
--- head/security/openssh-portable/files/extra-patch-hpn Mon Aug 8 19:13:17 2016 (r419891)
+++ head/security/openssh-portable/files/extra-patch-hpn Mon Aug 8 19:22:37 2016 (r419892)
@@ -675,7 +675,7 @@ diff -urN -x configure -x config.guess -
int no_host_authentication_for_localhost;
--- work.clean/openssh-6.8p1/scp.c 2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/scp.c 2015-04-02 16:51:25.108407000 -0500
-@@ -750,7 +750,7 @@
+@@ -764,7 +764,7 @@ source(int argc, char **argv)
off_t i, statbytes;
size_t amt, nr;
int fd = -1, haderr, indx;
@@ -684,12 +684,12 @@ diff -urN -x configure -x config.guess -
int len;
for (indx = 0; indx < argc; ++indx) {
-@@ -919,7 +919,7 @@
+@@ -932,7 +932,7 @@ sink(int argc, char **argv)
off_t size, statbytes;
unsigned long long ull;
int setimes, targisdir, wrerrno = 0;
-- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
-+ char ch, *cp, *np, *targ, *why, *vect[1], buf[16384];
+- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
++ char ch, *cp, *np, *targ, *why, *vect[1], buf[16384], visbuf[16384];
struct timeval tv[2];
#define atime tv[0]
Modified: head/security/openssh-portable/files/patch-auth2.c
==============================================================================
--- head/security/openssh-portable/files/patch-auth2.c Mon Aug 8 19:13:17 2016 (r419891)
+++ head/security/openssh-portable/files/patch-auth2.c Mon Aug 8 19:22:37 2016 (r419892)
@@ -15,21 +15,22 @@ Apply class-imposed login restrictions.
#include "dispatch.h"
#include "pathnames.h"
#include "buffer.h"
-@@ -219,6 +220,13 @@
+@@ -216,6 +217,14 @@ input_userauth_request(int type, u_int32
Authmethod *m = NULL;
char *user, *service, *method, *style = NULL;
int authenticated = 0;
+#ifdef HAVE_LOGIN_CAP
++ struct ssh *ssh = active_state; /* XXX */
+ login_cap_t *lc;
+ const char *from_host, *from_ip;
+
-+ from_host = get_canonical_hostname(options.use_dns);
-+ from_ip = get_remote_ipaddr();
++ from_host = auth_get_canonical_hostname(ssh, options.use_dns);
++ from_ip = ssh_remote_ipaddr(ssh);
+#endif
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
-@@ -265,6 +273,27 @@
+@@ -262,6 +271,27 @@ input_userauth_request(int type, u_int32
"(%s,%s) -> (%s,%s)",
authctxt->user, authctxt->service, user, service);
}
@@ -56,4 +57,4 @@ Apply class-imposed login restrictions.
+
/* reset state */
auth2_challenge_stop(authctxt);
- #ifdef JPAKE
+
Modified: head/security/openssh-portable/files/patch-readconf.c
==============================================================================
--- head/security/openssh-portable/files/patch-readconf.c Mon Aug 8 19:13:17 2016 (r419891)
+++ head/security/openssh-portable/files/patch-readconf.c Mon Aug 8 19:22:37 2016 (r419892)
@@ -29,10 +29,11 @@ Submitted by: delphij@
#include <sys/wait.h>
#include <sys/un.h>
-@@ -281,7 +282,19 @@ add_local_forward(Options *options, cons
+@@ -311,8 +312,19 @@ add_local_forward(Options *options, cons
struct Forward *fwd;
- #ifndef NO_IPPORT_RESERVED_CONCEPT
extern uid_t original_real_uid;
+ int i;
+-
- if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 &&
+ int ipport_reserved;
+#ifdef __FreeBSD__
@@ -49,8 +50,8 @@ Submitted by: delphij@
+ if (newfwd->listen_port < ipport_reserved && original_real_uid != 0 &&
newfwd->listen_path == NULL)
fatal("Privileged ports can only be forwarded by root.");
- #endif
-@@ -1674,7 +1687,7 @@ fill_default_options(Options * options)
+ /* Don't add duplicates */
+@@ -1934,7 +1946,7 @@ fill_default_options(Options * options)
if (options->batch_mode == -1)
options->batch_mode = 0;
if (options->check_host_ip == -1)
More information about the svn-ports-all
mailing list