aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorbdrewery <bdrewery@FreeBSD.org>2015-08-25 02:51:07 +0800
committerbdrewery <bdrewery@FreeBSD.org>2015-08-25 02:51:07 +0800
commitd10c58fbefd163d35efdbed180369aafaa6d4a59 (patch)
tree77f501c23381019f57759be775b90f1511796059 /security
parente3b719c60463f3756ebdd469b3bad90eaf1613ac (diff)
downloadfreebsd-ports-gnome-d10c58fbefd163d35efdbed180369aafaa6d4a59.tar.gz
freebsd-ports-gnome-d10c58fbefd163d35efdbed180369aafaa6d4a59.tar.zst
freebsd-ports-gnome-d10c58fbefd163d35efdbed180369aafaa6d4a59.zip
Apply upstream fix for 'HostkeyAlgorithms +' support.
Diffstat (limited to 'security')
-rw-r--r--security/openssh-portable/Makefile4
-rw-r--r--security/openssh-portable/files/extra-patch-hostkeyalg_plus51
2 files changed, 54 insertions, 1 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 3169d7fc655c..78d8b64a0373 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -3,7 +3,7 @@
PORTNAME= openssh
DISTVERSION= 7.1p1
-PORTREVISION= 0
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= security ipv6
MASTER_SITES= OPENBSD/OpenSSH/portable
@@ -121,6 +121,8 @@ CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-sshd-utmp-size
.endif
+EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hostkeyalg_plus
+
# Keep this last
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-version-addendum
diff --git a/security/openssh-portable/files/extra-patch-hostkeyalg_plus b/security/openssh-portable/files/extra-patch-hostkeyalg_plus
new file mode 100644
index 000000000000..d97b2e17d49f
--- /dev/null
+++ b/security/openssh-portable/files/extra-patch-hostkeyalg_plus
@@ -0,0 +1,51 @@
+Author: djm@mindrot.org
+
+Fix HostKeyAlgorithms `+' support.
+
+diff --git a/readconf.c b/readconf.c
+index 374e741..23d74fb 100644
+--- a/readconf.c
++++ b/readconf.c
+@@ -2229,6 +2229,10 @@ dump_client_config(Options *o, const char *host)
+ int i;
+ char vbuf[5];
+
++ /* This is normally prepared in ssh_kex2 */
++ if (kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->hostkeyalgorithms) != 0)
++ fatal("%s: kex_assemble_names failed", __func__);
++
+ /* Most interesting options first: user, host, port */
+ dump_cfg_string(oUser, o->user);
+ dump_cfg_string(oHostName, host);
+@@ -2289,7 +2293,7 @@ dump_client_config(Options *o, const char *host)
+ dump_cfg_string(oBindAddress, o->bind_address);
+ dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT);
+ dump_cfg_string(oControlPath, o->control_path);
+- dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms ? o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG);
++ dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms);
+ dump_cfg_string(oHostKeyAlias, o->host_key_alias);
+ dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types);
+ dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
+diff --git a/servconf.c b/servconf.c
+index 04404a4..08c8139 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -242,8 +242,6 @@ fill_default_server_options(ServerOptions *options)
+ options->hostbased_authentication = 0;
+ if (options->hostbased_uses_name_from_packet_only == -1)
+ options->hostbased_uses_name_from_packet_only = 0;
+- if (options->hostkeyalgorithms == NULL)
+- options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG);
+ if (options->rsa_authentication == -1)
+ options->rsa_authentication = 1;
+ if (options->pubkey_authentication == -1)
+@@ -329,6 +327,8 @@ fill_default_server_options(ServerOptions *options)
+ kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 ||
+ kex_assemble_names(KEX_SERVER_KEX, &options->kex_algorithms) != 0 ||
+ kex_assemble_names(KEX_DEFAULT_PK_ALG,
++ &options->hostkeyalgorithms) != 0 ||
++ kex_assemble_names(KEX_DEFAULT_PK_ALG,
+ &options->hostbased_key_types) != 0 ||
+ kex_assemble_names(KEX_DEFAULT_PK_ALG,
+ &options->pubkey_key_types) != 0)
+