ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1

Thu Sep 23 18:30:06 UTC 2010

The following reply was made to PR ports/150493; it has been noted by GNATS.

From: Grzegorz Blach <magik at roorback.net>
To: John Hein <jhein at symmetricom.com>
Cc: <bug-followup at FreeBSD.org>
Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from
 5.2p1 to 5.6p1
Date: Thu, 23 Sep 2010 20:00:03 +0200

 On Thu, 23 Sep 2010 10:35:30 -0600, John Hein <jhein at symmetricom.com>
 wrote:
 > I have come up with a patchset independently.
 > 
 > If Grzegorz Blach wants to maintain this port, that's okay
 > with me.  But this new patchset here addresses a few missing
 > details in Grzegorz's original submission.  Or I'm willing
 > to maintain, too (I'll defer to Grzegorz if he would like to
 > do it).  Either way, we should get this port updated since
 > it is quite out of date.
 > 
 > This patch set included here:
 >  - removes more old opensc related patches.
 > 
 >  - does not remove patches pulled from des@ changes in
 >    src/crypto/openssh that are still valid.
 > 
 >  - points to upstream hpn patch instead of including a local copy
 > 
 >  - does not remove GSSAPI, LPK or FILECONTROL options, but does
 >    mark them BROKEN for now - upstream for each seems still active,
 >    so the port here can just be updated when upstream catches up.
 > 
 >    We can also patch the patches ourselves for 5.6 (or maintained a
 >    tweaked local copy), but I prefer to update the port to 5.6p1 first
 >    and then separately commit those updates.  It makes following the
 >    history of changes in CVS much easier.
 > 
 >  - remove PATCH_DIST_STRIP - it's unecessary and portlint hates it
 > 
 >  - I think the post-patch version.h changes in the original patchset
 >    in this PR are wrong. The upstream patches (for hpn and filecontrol)
 >    have changes for version.h that seem to work fine unchanged,
 >    even applied together.  Also the HAVE_LPK part that
 >    adds SSH_HPN seems wrong.
 > 
 > 
 > I have two patchsets.  The second just refreshes old files/patch-*
 > even though they apply cleanly against 5.6p1 - it could be considered
 > optional.  I'll send the second set separately.
 > 
 > Here is the 'Description' that I was going to submit as a PR
 > until I found this PR...
 > 
 > =======================
 > security/openssh-portable has not been update in a long time
 > (currently 5.2p1 which is 1.5+ years old).  There are significant
 > nice feature updates and fixes in 5.6p1.
 > 
 > Attached are two patchsets.  Then main one is enough to get
 > the port updated and working.  But see comments at the top
 > of the patchset.
 > 
 > The second patchset just refreshes the remaining patches that still
 > apply cleaning to 5.6p1 files.  It's probably a good idea to apply
 > it when committing to the port, but it's not strictly necessary.
 > And I would commit them separately just for the sake of clarity
 > in the commit logs.
 > 
 > Actually, I'll send the second patchset in a separate submission
 > to avoid confusing PR patch detection tools.
 > =======================
 > 
 > Attached is the first patchset including a decent description of
 > the changes at the top of the patch...

 Thanks for your patches, I'll review its at the weekend,
 but now I thing, that GSSAPI option should be explicit removed,
 not marked as broken. On
 http://www.sxw.org.uk/computing/patches/openssh.html
 is noticed: "OpenSSH now contains support out of the box for
 GSSAPI user authentication using the 'gssapi-with-mic' mechanism".