security/openssh-portable

Mel Flynn rflynn at acsalaska.net
Wed Mar 14 19:19:58 UTC 2012


Hello Cy,

On 3/14/2012 08:57, Cy Schubert wrote:

[snip]

> What I propose to do is remove the GSSAPI
> patch from security/openssh-portable and for those who need the GSSAPI 
> server key exchange, create a new port (through a repocopy of course) which 
> includes the illinois.edu GSI patch with reworked FreeBSD patches resolving 
> patch conflicts, calling it security/openssh-portable-gsi. Does this make 
> any sense to anyone?
> 
> Or, instead of the above, just include the GSI patch by default in a 
> one-size-fits-all openssh-portable port? (Meaning that the GSI patch is 
> applied regardless.) Does this make more sense to people?

Personally, I use HPN and LPK. If KRB5 becomes a requirement for HPN, I
don't find that an issue, but others may.

I'm also keeping a local fix you might want to properly integrate into
the LPK patch: it fixes a bug that TLS cannot be turned off if
LPKLdapConf is used.
-- 
Mel
-------------- next part --------------
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/openssh-portable/Makefile,v
retrieving revision 1.157
diff -u -r1.157 Makefile
--- Makefile	23 Dec 2011 12:52:28 -0000	1.157
+++ Makefile	14 Mar 2012 19:09:36 -0000
@@ -205,6 +205,9 @@
 	@${REINPLACE_CMD} -e 's|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION SSH_PORTABLE SSH_HPN|' \
 		${WRKSRC}/version.h
 .endif
+.if defined(WITH_LPK)
+	@${PATCH} ${PATCH_DIST_ARGS} < ${FILESDIR}/fix-lpk-tls.patch
+.endif
 
 pre-su-install:
 	@${MKDIR} ${EMPTYDIR}
Index: files/fix-lpk-tls.patch
===================================================================
RCS file: files/fix-lpk-tls.patch
diff -N files/fix-lpk-tls.patch
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ files/fix-lpk-tls.patch	2 Jan 2012 17:26:37 -0000
@@ -0,0 +1,11 @@
+--- ldapauth.c.prev	2012-01-02 07:15:19.000000000 -0900
++++ ldapauth.c	2012-01-02 08:21:23.000000000 -0900
+@@ -565,6 +565,8 @@
+         else if (!strcasecmp (k, "ssl")) {
+             if (!strcasecmp (v, "start_tls"))
+                 l->tls = 1;
++	    else if (!strcasecmp(v, "off"))
++		l->tls = 0;
+         }
+     }
+ 


More information about the freebsd-ports mailing list