Fix the KERB_GSSAPI option using the latest patch from Debian.

This slightly refactors some of the HPN patch to avoid a conflict.

PR:		206346
Submitted by:	Garret Wollman

4 files changed, 49 insertions, 26 deletions

diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index e4c0a6d3b846..da3605fc8aa9 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -90,6 +90,19 @@ PATCH_SITES+=		http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gs
 EXTRA_PATCHES:=		${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}}
 .endif
 
+# Must add this patch before HPN due to conflicts
+.if ${PORT_OPTIONS:MKERB_GSSAPI}
+# 7.1 patch taken from
+# http://sources.debian.net/data/main/o/openssh/1:7.1p2-2/debian/patches/gssapi.patch
+# which was originally based on 5.7 patch from
+# http://www.sxw.org.uk/computing/patches/
+.  if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
+# Needed glue for applying HPN patch without conflict
+EXTRA_PATCHES+=	${FILESDIR}/extra-patch-hpn-gss-glue
+.  endif
+PATCHFILES+=	openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz:-p1:gsskex
+.endif
+
 # http://www.psc.edu/index.php/hpn-ssh https://github.com/rapier1/hpn-ssh https://github.com/rapier1/openssh-portable
 .if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
 PORTDOCS+=		HPN-README
@@ -100,15 +113,6 @@ HPN_DISTVERSION=	6.7p1
 EXTRA_PATCHES+=		${FILESDIR}/extra-patch-hpn:-p2
 .endif
 
-# Must add this patch after HPN due to conflicts
-.if ${PORT_OPTIONS:MKERB_GSSAPI}
-# 6.7 patch taken from
-# http://sources.debian.net/data/main/o/openssh/1:6.7p1-3/debian/patches/gssapi.patch
-# which was originally based on 5.7 patch from
-# http://www.sxw.org.uk/computing/patches/
-PATCHFILES+=	openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz:-p1:gsskex
-.endif
-
 CONFIGURE_LIBS+=	-lutil
 
 CONFIGURE_ARGS+=	--disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog
@@ -134,10 +138,6 @@ BROKEN=		X509 patch incompatible with KERB_GSSAPI patch
 
 .endif
 
-.  if ${PORT_OPTIONS:MKERB_GSSAPI}
-BROKEN=		Does not apply to 6.8
-.  endif
-
 .if ${PORT_OPTIONS:MHEIMDAL_BASE} && ${PORT_OPTIONS:MKERB_GSSAPI}
 BROKEN=		KERB_GSSAPI Requires either MIT or HEMIDAL, does not build with base Heimdal currently
 .endif
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index f32eae1f45e1..9e0fe401e6e8 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -4,5 +4,5 @@ SHA256 (openssh-6.8p1-sctp-2573.patch.gz) = 0348713ad4cb4463e90cf5202ed41c8f726d
 SIZE (openssh-6.8p1-sctp-2573.patch.gz) = 8531
 SHA256 (openssh-7.0p1+x509-8.5.diff.gz) = 6000557f1ddae06aff8837d440d93342a923fada571fec59fc5dedf388fb5f9e
 SIZE (openssh-7.0p1+x509-8.5.diff.gz) = 411960
-SHA256 (openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz) = 9a361408269a542d28dae77320f30e94a44098acdbbbc552efb0bdeac6270dc8
-SIZE (openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz) = 25825
+SHA256 (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 420f3ee70705de57bb9a9ad66e72c1d40c318d8a882815d108816687fcc79b62
+SIZE (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 25798
diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn
index 179a96653bde..9629e9b8c26b 100644
--- a/security/openssh-portable/files/extra-patch-hpn
+++ b/security/openssh-portable/files/extra-patch-hpn
@@ -1110,8 +1110,8 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  	}
  	if (roaming_atomicio(vwrite, connection_out, client_version_string,
  	    strlen(client_version_string)) != strlen(client_version_string))
---- work.clean/openssh-6.8p1/sshconnect2.c	2015-03-17 00:49:20.000000000 -0500
-+++ work/openssh-6.8p1/sshconnect2.c	2015-04-03 16:54:23.936298000 -0500
+--- work.clean/openssh-7.1p2/sshconnect2.c.orig	2016-01-13 17:10:45.000000000 -0800
++++ work.clean/openssh-7.1p2/sshconnect2.c	2016-01-19 17:49:17.929000000 -0800
 @@ -80,6 +80,14 @@
  extern char *client_version_string;
  extern char *server_version_string;
@@ -1127,7 +1127,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  
  /*
   * SSH2 key exchange
-@@ -153,13 +161,16 @@
+@@ -153,13 +161,16 @@ order_hostkeyalgs(char *host, struct soc
  	return ret;
  }
  
@@ -1145,18 +1145,17 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  	xxx_host = host;
  	xxx_hostaddr = hostaddr;
  
-@@ -222,6 +233,10 @@
- 	kex->server_version_string=server_version_string;
- 	kex->verify_host_key=&verify_host_key_callback;
- 
+@@ -232,6 +243,9 @@ ssh_kex2(char *host, struct sockaddr *ho
+ 	packet_send();
+ 	packet_write_wait();
+ #endif
 +#ifdef NONE_CIPHER_ENABLED
 +	xxx_kex = kex;
 +#endif
-+
- 	dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
+ }
  
- 	if (options.use_roaming && !kex->roaming) {
-@@ -423,6 +438,29 @@
+ /*
+@@ -416,6 +430,29 @@ ssh_userauth2(const char *local_user, co
  	pubkey_cleanup(&authctxt);
  	dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
  
diff --git a/security/openssh-portable/files/extra-patch-hpn-gss-glue b/security/openssh-portable/files/extra-patch-hpn-gss-glue
new file mode 100644
index 000000000000..630b7a1bbbd2
--- /dev/null
+++ b/security/openssh-portable/files/extra-patch-hpn-gss-glue
@@ -0,0 +1,24 @@
+--- sshconnect2.c.orig	2016-01-19 18:10:12.550854000 -0800
++++ sshconnect2.c	2016-01-19 18:10:27.290409000 -0800
+@@ -160,11 +160,6 @@ ssh_kex2(char *host, struct sockaddr *ho
+ 	struct kex *kex;
+ 	int r;
+ 
+-#ifdef GSSAPI
+-	char *orig = NULL, *gss = NULL;
+-	char *gss_host = NULL;
+-#endif
+-
+ 	xxx_host = host;
+ 	xxx_hostaddr = hostaddr;
+ 
+@@ -199,6 +194,9 @@ ssh_kex2(char *host, struct sockaddr *ho
+ 	}
+ 
+ #ifdef GSSAPI
++	char *orig = NULL, *gss = NULL;
++	char *gss_host = NULL;
++
+ 	if (options.gss_keyex) {
+ 		/* Add the GSSAPI mechanisms currently supported on this
+ 		 * client to the key exchange algorithm proposal */