Update to snapshot 20150817

author: bdrewery <bdrewery@FreeBSD.org> 2015-08-18 11:21:24 +0800
committer: bdrewery <bdrewery@FreeBSD.org> 2015-08-18 11:21:24 +0800
commit: cae8ff66930c33482c322c4e8ddfbee44f847ce2 (patch)
tree: 9f89bb9a79a1112c1be3c5f18ac666f53c1e1f4a /security
parent: 3a9a09f07138aa5cf98469e0ae24f960f28d5c77 (diff)
download: freebsd-ports-gnome-cae8ff66930c33482c322c4e8ddfbee44f847ce2.tar.gz
freebsd-ports-gnome-cae8ff66930c33482c322c4e8ddfbee44f847ce2.tar.zst
freebsd-ports-gnome-cae8ff66930c33482c322c4e8ddfbee44f847ce2.zip
3 files changed, 33 insertions, 31 deletions
diff --git a/security/openssh-portable-devel/Makefile b/security/openssh-portable-devel/Makefile
index 6d0637d577ec..71ce2839732b 100644
--- a/security/openssh-portable-devel/Makefile
+++ b/security/openssh-portable-devel/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	openssh
-DISTVERSION=	20150727
+DISTVERSION=	20150817
 PORTREVISION=	0
 CATEGORIES=	security ipv6
 MASTER_SITES=	http://www.mindrot.org/openssh_snap/ \
@@ -63,9 +63,9 @@ HPN_CONFIGURE_WITH=		hpn
 NONECIPHER_CONFIGURE_WITH=	nonecipher
 
 # See http://www.roumenpetrov.info/openssh/
-X509_VERSION=		8.4
+X509_VERSION=		8.5
 X509_PATCH_SITES=	http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509
-X509_PATCHFILES=	${PORTNAME}-6.9p1+x509-${X509_VERSION}.diff.gz:-p1:x509
+X509_PATCHFILES=	${PORTNAME}-7.0p1+x509-${X509_VERSION}.diff.gz:-p1:x509
 
 # See https://bugzilla.mindrot.org/show_bug.cgi?id=2016
 # and https://bugzilla.mindrot.org/show_bug.cgi?id=1604
diff --git a/security/openssh-portable-devel/distinfo b/security/openssh-portable-devel/distinfo
index df01fd0b0f5e..7b5a4d1c2d4d 100644
--- a/security/openssh-portable-devel/distinfo
+++ b/security/openssh-portable-devel/distinfo
@@ -1,6 +1,6 @@
-SHA256 (openssh-SNAP-20150727.tar.gz) = 56b9494352c2b0dcd81935c02bcca9a0d65399fe3cf894e07cce3fa05cdd3742
-SIZE (openssh-SNAP-20150727.tar.gz) = 1470849
+SHA256 (openssh-SNAP-20150817.tar.gz) = 0f4f39387ced6ea56be8cf95f0a27a7905a75456d268ba17d8cead08cbd7befc
+SIZE (openssh-SNAP-20150817.tar.gz) = 1473182
 SHA256 (openssh-6.8p1-sctp-2573.patch.gz) = 0348713ad4cb4463e90cf5202ed41c8f726d7d604f3f93922a9aa55b86abf04a
 SIZE (openssh-6.8p1-sctp-2573.patch.gz) = 8531
-SHA256 (openssh-6.9p1+x509-8.4.diff.gz) = 0ed8bfff0d2ecd9f3791ae1f168ca3270bb66d7ab7bc0a8ff2d61d2ab829c3fb
-SIZE (openssh-6.9p1+x509-8.4.diff.gz) = 425687
+SHA256 (openssh-7.0p1+x509-8.5.diff.gz) = 6000557f1ddae06aff8837d440d93342a923fada571fec59fc5dedf388fb5f9e
+SIZE (openssh-7.0p1+x509-8.5.diff.gz) = 411960
diff --git a/security/openssh-portable-devel/files/extra-patch-hpn b/security/openssh-portable-devel/files/extra-patch-hpn
index 429f387335bc..2155fd45ab29 100644
--- a/security/openssh-portable-devel/files/extra-patch-hpn
+++ b/security/openssh-portable-devel/files/extra-patch-hpn
@@ -447,9 +447,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  
  echo ""
  
---- work.clean/openssh-6.8p1/kex.c	2015-03-17 00:49:20.000000000 -0500
-+++ work/openssh-6.8p1/kex.c	2015-04-03 17:06:44.032682000 -0500
-@@ -587,6 +587,13 @@
+--- work.clean/openssh-6.8p1/kex.c.orig	2015-08-11 01:57:29.000000000 -0700
++++ work.clean/openssh-6.8p1/kex.c	2015-08-17 17:02:06.770901000 -0700
+@@ -652,6 +652,13 @@ kex_choose_conf(struct ssh *ssh)
  	int nenc, nmac, ncomp;
  	u_int mode, ctos, need, dh_need, authlen;
  	int r, first_kex_follows;
@@ -463,10 +463,10 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  
  	if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0 ||
  	    (r = kex_buf2prop(kex->peer, &first_kex_follows, &peer)) != 0)
-@@ -635,6 +642,17 @@
- 		if ((r = choose_comp(&newkeys->comp, cprop[ncomp],
- 		    sprop[ncomp])) != 0)
+@@ -709,6 +716,17 @@ kex_choose_conf(struct ssh *ssh)
+ 			peer[ncomp] = NULL;
  			goto out;
+ 		}
 +#ifdef NONE_CIPHER_ENABLED
 +		debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
 +		if (strcmp(newkeys->enc.name, "none") == 0) {
@@ -1199,9 +1199,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  	debug("Authentication succeeded (%s).", authctxt.method->name);
  }
  
---- work.clean/openssh-6.8p1/sshd.c.orig	2015-03-17 00:49:20.000000000 -0500
-+++ work/openssh-6.8p1/sshd.c	2015-05-06 13:29:02.129507000 -0500
-@@ -430,8 +430,13 @@ sshd_exchange_identification(int sock_in
+--- work.clean/openssh-6.8p1/sshd.c.orig	2015-08-17 17:01:06.925269000 -0700
++++ work.clean/openssh-6.8p1/sshd.c	2015-08-17 17:05:40.008253000 -0700
+@@ -438,8 +438,13 @@ sshd_exchange_identification(int sock_in
  		minor = PROTOCOL_MINOR_1;
  	}
  
@@ -1216,7 +1216,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  	    *options.version_addendum == '\0' ? "" : " ",
  	    options.version_addendum, newline);
  
-@@ -1149,6 +1154,10 @@ server_listen(void)
+@@ -1162,6 +1167,10 @@ server_listen(void)
  	int ret, listen_sock, on = 1;
  	struct addrinfo *ai;
  	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
@@ -1227,7 +1227,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  
  	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
  		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
-@@ -1189,6 +1198,13 @@ server_listen(void)
+@@ -1202,6 +1211,13 @@ server_listen(void)
  
  		debug("Bind to port %s on %s.", strport, ntop);
  
@@ -1241,9 +1241,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  		/* Bind the socket to the desired port. */
  		if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
  			error("Bind to port %s on %s failed: %.200s.",
-@@ -2132,6 +2148,11 @@ main(int ac, char **av)
- 	    remote_ip, remote_port,
- 	    get_local_ipaddr(sock_in), get_local_port());
+@@ -2130,6 +2146,11 @@ main(int ac, char **av)
+ 		cleanup_exit(255);
+ 	}
  
 +#ifdef HPN_ENABLED
 +	/* set the HPN options for the child */
@@ -1251,21 +1251,23 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
 +#endif
 +
  	/*
- 	 * We don't want to listen forever unless the other side
- 	 * successfully authenticates itself.  So we set up an alarm which is
-@@ -2531,6 +2552,12 @@ do_ssh2_kex(void)
- 	if (options.ciphers != NULL) {
- 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
- 		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
+ 	 * We use get_canonical_hostname with usedns = 0 instead of
+ 	 * get_remote_ipaddr here so IP options will be checked.
+@@ -2564,6 +2585,14 @@ do_ssh2_kex(void)
+ 	struct kex *kex;
+ 	int r;
+ 
 +#ifdef NONE_CIPHER_ENABLED
-+        } else if (options.none_enabled == 1) {
++        if (options.none_enabled == 1) {
 +                debug ("WARNING: None cipher enabled");
 +                myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 +                myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_ENCRYPT_INCLUDE_NONE;
++	}
 +#endif
- 	}
- 	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
- 	    compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
++
+ 	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+ 	    options.kex_algorithms);
+ 	myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
 --- work.clean/openssh-6.8p1/sshd_config	2015-04-01 22:07:18.248858000 -0500
 +++ work/openssh-6.8p1/sshd_config	2015-04-01 22:16:49.932279000 -0500
 @@ -127,6 +127,20 @@
author	bdrewery <bdrewery@FreeBSD.org>	2015-08-18 11:21:24 +0800
committer	bdrewery <bdrewery@FreeBSD.org>	2015-08-18 11:21:24 +0800
commit	cae8ff66930c33482c322c4e8ddfbee44f847ce2 (patch)
tree	9f89bb9a79a1112c1be3c5f18ac666f53c1e1f4a /security
parent	3a9a09f07138aa5cf98469e0ae24f960f28d5c77 (diff)
download	freebsd-ports-gnome-cae8ff66930c33482c322c4e8ddfbee44f847ce2.tar.gz freebsd-ports-gnome-cae8ff66930c33482c322c4e8ddfbee44f847ce2.tar.zst freebsd-ports-gnome-cae8ff66930c33482c322c4e8ddfbee44f847ce2.zip