svn commit: r484842 - in head/security/openssh-portable: . files
Bryan Drewery
bdrewery at FreeBSD.org
Mon Nov 12 21:55:37 UTC 2018
Author: bdrewery
Date: Mon Nov 12 21:55:35 2018
New Revision: 484842
URL: https://svnweb.freebsd.org/changeset/ports/484842
Log:
- Fix X509 build after r484765 openssl fix
- Fix patch URL for KERB_GSSAPI
- Add FLAVORs for x509 and gssapi since they are distinct types of
OpenSSH rather than feature flags.
Approved by: portmgr (implicit)
Added:
head/security/openssh-portable/files/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969
- copied unchanged from r484841, head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969
Deleted:
head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969
Modified:
head/security/openssh-portable/Makefile
head/security/openssh-portable/files/extra-patch-x509-glue
head/security/openssh-portable/files/patch-session.c
Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile Mon Nov 12 21:48:58 2018 (r484841)
+++ head/security/openssh-portable/Makefile Mon Nov 12 21:55:35 2018 (r484842)
@@ -26,10 +26,18 @@ CONFIGURE_ARGS= --prefix=${PREFIX} --with-md5-passwor
ETCOLD= ${PREFIX}/etc
-FLAVORS= default hpn
-default_CONFLICTS_INSTALL= openssl-portable-hpn
-hpn_CONFLICTS_INSTALL= openssh-portable
+FLAVORS= default hpn gssapi x509
+default_CONFLICTS_INSTALL= openssh-portable-hpn openssh-portable-gssapi \
+ openssh-portable-x509
+hpn_CONFLICTS_INSTALL= openssh-portable openssh-portable-gssapi \
+ openssh-portable-x509
hpn_PKGNAMESUFFIX= -portable-hpn
+gssapi_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \
+ openssh-portable-x509
+gssapi_PKGNAMESUFFIX= -portable-gssapi
+x509_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \
+ openssh-portable-gssapi
+x509_PKGNAMESUFFIX= -portable-x509
OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \
HPN X509 KERB_GSSAPI \
@@ -38,6 +46,12 @@ OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS
.if ${FLAVOR:U} == hpn
OPTIONS_DEFAULT+= HPN NONECIPHER
.endif
+.if ${FLAVOR:U} == gssapi
+OPTIONS_DEFAULT+= KERB_GSSAPI MIT
+.endif
+.if ${FLAVOR:U} == x509
+OPTIONS_DEFAULT+= X509
+.endif
OPTIONS_RADIO= KERBEROS
OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE
TCP_WRAPPERS_DESC= tcp_wrappers support
@@ -87,9 +101,13 @@ ETCDIR?= ${PREFIX}/etc/ssh
PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex
+# Upstream OpenSSL fix but does not apply for x509 patch.
+EXTRA_PATCHES+= ${FILESDIR}/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969
+
# X509 patch includes TCP Wrapper support already
.if ${PORT_OPTIONS:MX509}
EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}}
+EXTRA_PATCHES:= ${EXTRA_PATCHES:N${FILESDIR}/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969}
.endif
# Must add this patch before HPN due to conflicts
@@ -104,7 +122,7 @@ EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA
# Needed glue for applying HPN patch without conflict
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
. endif
-PATCHFILES+= openssh-7.7p1-gsskex-all-20141021-debian-rh-20171004.patch.gz:-p1:gsskex
+PATCHFILES+= openssh-7.9p1-gsskex-all-20141021-debian-rh-20181020.patch.gz:-p1:gsskex
.endif
# https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1
Copied: head/security/openssh-portable/files/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969 (from r484841, head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/openssh-portable/files/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969 Mon Nov 12 21:55:35 2018 (r484842, copy of r484841, head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969)
@@ -0,0 +1,19 @@
+commit c0a35265907533be10ca151ac797f34ae0d68969
+Author: Damien Miller <djm at mindrot.org>
+Date: Mon Oct 22 11:22:50 2018 +1100
+
+ fix compile for openssl 1.0.x w/ --with-ssl-engine
+
+ bz#2921, patch from cotequeiroz
+
+--- openbsd-compat/openssl-compat.c.orig 2018-11-12 12:52:26 UTC
++++ openbsd-compat/openssl-compat.c
+@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void)
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+
+-#if OPENSSL_VERSION_NUMBER < 0x10001000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ OPENSSL_config(NULL);
+ #else
+ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
Modified: head/security/openssh-portable/files/extra-patch-x509-glue
==============================================================================
--- head/security/openssh-portable/files/extra-patch-x509-glue Mon Nov 12 21:48:58 2018 (r484841)
+++ head/security/openssh-portable/files/extra-patch-x509-glue Mon Nov 12 21:55:35 2018 (r484842)
@@ -1,42 +1,3 @@
---- session.c.orig 2017-10-12 11:52:52.953370000 -0700
-+++ session.c 2017-10-12 11:53:40.793055000 -0700
-@@ -1062,36 +1062,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
- if (getenv("TZ"))
- child_set_env(&env, &envsize, "TZ", getenv("TZ"));
-
--#ifdef __ANDROID__
--{
--#define COPY_ANDROID_ENV(name) { \
-- char *s = getenv(name); \
-- if (s) child_set_env(&env, &envsize, name, s); }
--
-- /* from /init.rc */
-- COPY_ANDROID_ENV("ANDROID_BOOTLOGO");
-- COPY_ANDROID_ENV("ANDROID_ROOT");
-- COPY_ANDROID_ENV("ANDROID_ASSETS");
-- COPY_ANDROID_ENV("ANDROID_DATA");
-- COPY_ANDROID_ENV("ASEC_MOUNTPOINT");
-- COPY_ANDROID_ENV("LOOP_MOUNTPOINT");
-- COPY_ANDROID_ENV("BOOTCLASSPATH");
--
-- /* FIXME: keep android property workspace open
-- * (see openbsd-compat/bsd-closefrom.c)
-- */
-- COPY_ANDROID_ENV("ANDROID_PROPERTY_WORKSPACE");
--
-- COPY_ANDROID_ENV("EXTERNAL_STORAGE"); /* ??? */
-- COPY_ANDROID_ENV("SECONDARY_STORAGE"); /* ??? */
-- COPY_ANDROID_ENV("SD_EXT_DIRECTORY"); /* ??? */
--
-- /* may contain path to custom libraries */
-- COPY_ANDROID_ENV("LD_LIBRARY_PATH");
--#undef COPY_ANDROID_ENV
--}
--#endif
--
- /* Set custom environment options from pubkey authentication. */
- if (options.permit_user_env) {
- for (n = 0 ; n < auth_opts->nenv; n++) {
--- sshd_config.5.orig 2017-10-12 11:51:06.638814000 -0700
+++ sshd_config.5 2017-10-12 11:51:33.780459000 -0700
@@ -1682,7 +1682,57 @@ is set to
Modified: head/security/openssh-portable/files/patch-session.c
==============================================================================
--- head/security/openssh-portable/files/patch-session.c Mon Nov 12 21:48:58 2018 (r484841)
+++ head/security/openssh-portable/files/patch-session.c Mon Nov 12 21:55:35 2018 (r484842)
@@ -50,7 +50,7 @@ Sponsored by: DARPA, NAI Labs
+ *environ = NULL;
+ (void) setusercontext(lc, pw, pw->pw_uid,
+ LOGIN_SETENV|LOGIN_SETPATH);
-+ copy_environment(environ, &env, &envsize);
++ copy_environment_blacklist(environ, &env, &envsize, NULL);
+ for (var = environ; *var != NULL; ++var)
+ free(*var);
+ free(environ);
@@ -58,7 +58,7 @@ Sponsored by: DARPA, NAI Labs
#else /* HAVE_LOGIN_CAP */
# ifndef HAVE_CYGWIN
/*
-@@ -1082,14 +1098,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+@@ -1082,11 +1098,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
# endif /* HAVE_CYGWIN */
#endif /* HAVE_LOGIN_CAP */
@@ -70,9 +70,6 @@ Sponsored by: DARPA, NAI Labs
- if (getenv("TZ"))
- child_set_env(&env, &envsize, "TZ", getenv("TZ"));
- if (s->term)
- child_set_env(&env, &envsize, "TERM", s->term);
- if (s->display)
@@ -1389,7 +1400,7 @@ do_setusercontext(struct passwd *pw)
if (platform_privileged_uidswap()) {
#ifdef HAVE_LOGIN_CAP
More information about the svn-ports-all
mailing list