svn commit: r406725 - in head/security/openssh-portable: . files
Bryan Drewery
bdrewery at FreeBSD.org
Wed Jan 20 02:18:44 UTC 2016
Author: bdrewery
Date: Wed Jan 20 02:18:42 2016
New Revision: 406725
URL: https://svnweb.freebsd.org/changeset/ports/406725
Log:
Fix the KERB_GSSAPI option using the latest patch from Debian.
This slightly refactors some of the HPN patch to avoid a conflict.
PR: 206346
Submitted by: Garret Wollman
Added:
head/security/openssh-portable/files/extra-patch-hpn-gss-glue (contents, props changed)
Modified:
head/security/openssh-portable/Makefile
head/security/openssh-portable/distinfo
head/security/openssh-portable/files/extra-patch-hpn
Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile Wed Jan 20 00:59:56 2016 (r406724)
+++ head/security/openssh-portable/Makefile Wed Jan 20 02:18:42 2016 (r406725)
@@ -90,6 +90,19 @@ PATCH_SITES+= http://mirror.shatow.net/
EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}}
.endif
+# Must add this patch before HPN due to conflicts
+.if ${PORT_OPTIONS:MKERB_GSSAPI}
+# 7.1 patch taken from
+# http://sources.debian.net/data/main/o/openssh/1:7.1p2-2/debian/patches/gssapi.patch
+# which was originally based on 5.7 patch from
+# http://www.sxw.org.uk/computing/patches/
+. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
+# Needed glue for applying HPN patch without conflict
+EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
+. endif
+PATCHFILES+= openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz:-p1:gsskex
+.endif
+
# http://www.psc.edu/index.php/hpn-ssh https://github.com/rapier1/hpn-ssh https://github.com/rapier1/openssh-portable
.if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
PORTDOCS+= HPN-README
@@ -100,15 +113,6 @@ HPN_DISTVERSION= 6.7p1
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn:-p2
.endif
-# Must add this patch after HPN due to conflicts
-.if ${PORT_OPTIONS:MKERB_GSSAPI}
-# 6.7 patch taken from
-# http://sources.debian.net/data/main/o/openssh/1:6.7p1-3/debian/patches/gssapi.patch
-# which was originally based on 5.7 patch from
-# http://www.sxw.org.uk/computing/patches/
-PATCHFILES+= openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz:-p1:gsskex
-.endif
-
CONFIGURE_LIBS+= -lutil
CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog
@@ -134,10 +138,6 @@ BROKEN= X509 patch incompatible with KE
.endif
-. if ${PORT_OPTIONS:MKERB_GSSAPI}
-BROKEN= Does not apply to 6.8
-. endif
-
.if ${PORT_OPTIONS:MHEIMDAL_BASE} && ${PORT_OPTIONS:MKERB_GSSAPI}
BROKEN= KERB_GSSAPI Requires either MIT or HEMIDAL, does not build with base Heimdal currently
.endif
Modified: head/security/openssh-portable/distinfo
==============================================================================
--- head/security/openssh-portable/distinfo Wed Jan 20 00:59:56 2016 (r406724)
+++ head/security/openssh-portable/distinfo Wed Jan 20 02:18:42 2016 (r406725)
@@ -4,5 +4,5 @@ SHA256 (openssh-6.8p1-sctp-2573.patch.gz
SIZE (openssh-6.8p1-sctp-2573.patch.gz) = 8531
SHA256 (openssh-7.0p1+x509-8.5.diff.gz) = 6000557f1ddae06aff8837d440d93342a923fada571fec59fc5dedf388fb5f9e
SIZE (openssh-7.0p1+x509-8.5.diff.gz) = 411960
-SHA256 (openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz) = 9a361408269a542d28dae77320f30e94a44098acdbbbc552efb0bdeac6270dc8
-SIZE (openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz) = 25825
+SHA256 (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 420f3ee70705de57bb9a9ad66e72c1d40c318d8a882815d108816687fcc79b62
+SIZE (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 25798
Modified: head/security/openssh-portable/files/extra-patch-hpn
==============================================================================
--- head/security/openssh-portable/files/extra-patch-hpn Wed Jan 20 00:59:56 2016 (r406724)
+++ head/security/openssh-portable/files/extra-patch-hpn Wed Jan 20 02:18:42 2016 (r406725)
@@ -1110,8 +1110,8 @@ diff -urN -x configure -x config.guess -
}
if (roaming_atomicio(vwrite, connection_out, client_version_string,
strlen(client_version_string)) != strlen(client_version_string))
---- work.clean/openssh-6.8p1/sshconnect2.c 2015-03-17 00:49:20.000000000 -0500
-+++ work/openssh-6.8p1/sshconnect2.c 2015-04-03 16:54:23.936298000 -0500
+--- work.clean/openssh-7.1p2/sshconnect2.c.orig 2016-01-13 17:10:45.000000000 -0800
++++ work.clean/openssh-7.1p2/sshconnect2.c 2016-01-19 17:49:17.929000000 -0800
@@ -80,6 +80,14 @@
extern char *client_version_string;
extern char *server_version_string;
@@ -1127,7 +1127,7 @@ diff -urN -x configure -x config.guess -
/*
* SSH2 key exchange
-@@ -153,13 +161,16 @@
+@@ -153,13 +161,16 @@ order_hostkeyalgs(char *host, struct soc
return ret;
}
@@ -1145,18 +1145,17 @@ diff -urN -x configure -x config.guess -
xxx_host = host;
xxx_hostaddr = hostaddr;
-@@ -222,6 +233,10 @@
- kex->server_version_string=server_version_string;
- kex->verify_host_key=&verify_host_key_callback;
-
+@@ -232,6 +243,9 @@ ssh_kex2(char *host, struct sockaddr *ho
+ packet_send();
+ packet_write_wait();
+ #endif
+#ifdef NONE_CIPHER_ENABLED
+ xxx_kex = kex;
+#endif
-+
- dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
+ }
- if (options.use_roaming && !kex->roaming) {
-@@ -423,6 +438,29 @@
+ /*
+@@ -416,6 +430,29 @@ ssh_userauth2(const char *local_user, co
pubkey_cleanup(&authctxt);
dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
Added: head/security/openssh-portable/files/extra-patch-hpn-gss-glue
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/openssh-portable/files/extra-patch-hpn-gss-glue Wed Jan 20 02:18:42 2016 (r406725)
@@ -0,0 +1,24 @@
+--- sshconnect2.c.orig 2016-01-19 18:10:12.550854000 -0800
++++ sshconnect2.c 2016-01-19 18:10:27.290409000 -0800
+@@ -160,11 +160,6 @@ ssh_kex2(char *host, struct sockaddr *ho
+ struct kex *kex;
+ int r;
+
+-#ifdef GSSAPI
+- char *orig = NULL, *gss = NULL;
+- char *gss_host = NULL;
+-#endif
+-
+ xxx_host = host;
+ xxx_hostaddr = hostaddr;
+
+@@ -199,6 +194,9 @@ ssh_kex2(char *host, struct sockaddr *ho
+ }
+
+ #ifdef GSSAPI
++ char *orig = NULL, *gss = NULL;
++ char *gss_host = NULL;
++
+ if (options.gss_keyex) {
+ /* Add the GSSAPI mechanisms currently supported on this
+ * client to the key exchange algorithm proposal */
More information about the svn-ports-all
mailing list