diff options
author | bdrewery <bdrewery@FreeBSD.org> | 2016-01-20 10:18:42 +0800 |
---|---|---|
committer | bdrewery <bdrewery@FreeBSD.org> | 2016-01-20 10:18:42 +0800 |
commit | f11fb46da9ab282df9555bdc1f6ca756c2a98231 (patch) | |
tree | 027b3d81bda87406adec16c9dadafc8025329c3f | |
parent | 7782e787da75709eec1c1f0203099174d04beff3 (diff) | |
download | freebsd-ports-gnome-f11fb46da9ab282df9555bdc1f6ca756c2a98231.tar.gz freebsd-ports-gnome-f11fb46da9ab282df9555bdc1f6ca756c2a98231.tar.zst freebsd-ports-gnome-f11fb46da9ab282df9555bdc1f6ca756c2a98231.zip |
Fix the KERB_GSSAPI option using the latest patch from Debian.
This slightly refactors some of the HPN patch to avoid a conflict.
PR: 206346
Submitted by: Garret Wollman
-rw-r--r-- | security/openssh-portable/Makefile | 26 | ||||
-rw-r--r-- | security/openssh-portable/distinfo | 4 | ||||
-rw-r--r-- | security/openssh-portable/files/extra-patch-hpn | 21 | ||||
-rw-r--r-- | security/openssh-portable/files/extra-patch-hpn-gss-glue | 24 |
4 files changed, 49 insertions, 26 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index e4c0a6d3b846..da3605fc8aa9 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -90,6 +90,19 @@ PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gs EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}} .endif +# Must add this patch before HPN due to conflicts +.if ${PORT_OPTIONS:MKERB_GSSAPI} +# 7.1 patch taken from +# http://sources.debian.net/data/main/o/openssh/1:7.1p2-2/debian/patches/gssapi.patch +# which was originally based on 5.7 patch from +# http://www.sxw.org.uk/computing/patches/ +. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} +# Needed glue for applying HPN patch without conflict +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue +. endif +PATCHFILES+= openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz:-p1:gsskex +.endif + # http://www.psc.edu/index.php/hpn-ssh https://github.com/rapier1/hpn-ssh https://github.com/rapier1/openssh-portable .if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} PORTDOCS+= HPN-README @@ -100,15 +113,6 @@ HPN_DISTVERSION= 6.7p1 EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn:-p2 .endif -# Must add this patch after HPN due to conflicts -.if ${PORT_OPTIONS:MKERB_GSSAPI} -# 6.7 patch taken from -# http://sources.debian.net/data/main/o/openssh/1:6.7p1-3/debian/patches/gssapi.patch -# which was originally based on 5.7 patch from -# http://www.sxw.org.uk/computing/patches/ -PATCHFILES+= openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz:-p1:gsskex -.endif - CONFIGURE_LIBS+= -lutil CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog @@ -134,10 +138,6 @@ BROKEN= X509 patch incompatible with KERB_GSSAPI patch .endif -. if ${PORT_OPTIONS:MKERB_GSSAPI} -BROKEN= Does not apply to 6.8 -. endif - .if ${PORT_OPTIONS:MHEIMDAL_BASE} && ${PORT_OPTIONS:MKERB_GSSAPI} BROKEN= KERB_GSSAPI Requires either MIT or HEMIDAL, does not build with base Heimdal currently .endif diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index f32eae1f45e1..9e0fe401e6e8 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -4,5 +4,5 @@ SHA256 (openssh-6.8p1-sctp-2573.patch.gz) = 0348713ad4cb4463e90cf5202ed41c8f726d SIZE (openssh-6.8p1-sctp-2573.patch.gz) = 8531 SHA256 (openssh-7.0p1+x509-8.5.diff.gz) = 6000557f1ddae06aff8837d440d93342a923fada571fec59fc5dedf388fb5f9e SIZE (openssh-7.0p1+x509-8.5.diff.gz) = 411960 -SHA256 (openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz) = 9a361408269a542d28dae77320f30e94a44098acdbbbc552efb0bdeac6270dc8 -SIZE (openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz) = 25825 +SHA256 (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 420f3ee70705de57bb9a9ad66e72c1d40c318d8a882815d108816687fcc79b62 +SIZE (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 25798 diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn index 179a96653bde..9629e9b8c26b 100644 --- a/security/openssh-portable/files/extra-patch-hpn +++ b/security/openssh-portable/files/extra-patch-hpn @@ -1110,8 +1110,8 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o } if (roaming_atomicio(vwrite, connection_out, client_version_string, strlen(client_version_string)) != strlen(client_version_string)) ---- work.clean/openssh-6.8p1/sshconnect2.c 2015-03-17 00:49:20.000000000 -0500 -+++ work/openssh-6.8p1/sshconnect2.c 2015-04-03 16:54:23.936298000 -0500 +--- work.clean/openssh-7.1p2/sshconnect2.c.orig 2016-01-13 17:10:45.000000000 -0800 ++++ work.clean/openssh-7.1p2/sshconnect2.c 2016-01-19 17:49:17.929000000 -0800 @@ -80,6 +80,14 @@ extern char *client_version_string; extern char *server_version_string; @@ -1127,7 +1127,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o /* * SSH2 key exchange -@@ -153,13 +161,16 @@ +@@ -153,13 +161,16 @@ order_hostkeyalgs(char *host, struct soc return ret; } @@ -1145,18 +1145,17 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o xxx_host = host; xxx_hostaddr = hostaddr; -@@ -222,6 +233,10 @@ - kex->server_version_string=server_version_string; - kex->verify_host_key=&verify_host_key_callback; - +@@ -232,6 +243,9 @@ ssh_kex2(char *host, struct sockaddr *ho + packet_send(); + packet_write_wait(); + #endif +#ifdef NONE_CIPHER_ENABLED + xxx_kex = kex; +#endif -+ - dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); + } - if (options.use_roaming && !kex->roaming) { -@@ -423,6 +438,29 @@ + /* +@@ -416,6 +430,29 @@ ssh_userauth2(const char *local_user, co pubkey_cleanup(&authctxt); dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); diff --git a/security/openssh-portable/files/extra-patch-hpn-gss-glue b/security/openssh-portable/files/extra-patch-hpn-gss-glue new file mode 100644 index 000000000000..630b7a1bbbd2 --- /dev/null +++ b/security/openssh-portable/files/extra-patch-hpn-gss-glue @@ -0,0 +1,24 @@ +--- sshconnect2.c.orig 2016-01-19 18:10:12.550854000 -0800 ++++ sshconnect2.c 2016-01-19 18:10:27.290409000 -0800 +@@ -160,11 +160,6 @@ ssh_kex2(char *host, struct sockaddr *ho + struct kex *kex; + int r; + +-#ifdef GSSAPI +- char *orig = NULL, *gss = NULL; +- char *gss_host = NULL; +-#endif +- + xxx_host = host; + xxx_hostaddr = hostaddr; + +@@ -199,6 +194,9 @@ ssh_kex2(char *host, struct sockaddr *ho + } + + #ifdef GSSAPI ++ char *orig = NULL, *gss = NULL; ++ char *gss_host = NULL; ++ + if (options.gss_keyex) { + /* Add the GSSAPI mechanisms currently supported on this + * client to the key exchange algorithm proposal */ |