diff options
author | bdrewery <bdrewery@FreeBSD.org> | 2015-08-25 02:51:07 +0800 |
---|---|---|
committer | bdrewery <bdrewery@FreeBSD.org> | 2015-08-25 02:51:07 +0800 |
commit | d10c58fbefd163d35efdbed180369aafaa6d4a59 (patch) | |
tree | 77f501c23381019f57759be775b90f1511796059 /security | |
parent | e3b719c60463f3756ebdd469b3bad90eaf1613ac (diff) | |
download | freebsd-ports-gnome-d10c58fbefd163d35efdbed180369aafaa6d4a59.tar.gz freebsd-ports-gnome-d10c58fbefd163d35efdbed180369aafaa6d4a59.tar.zst freebsd-ports-gnome-d10c58fbefd163d35efdbed180369aafaa6d4a59.zip |
Apply upstream fix for 'HostkeyAlgorithms +' support.
Diffstat (limited to 'security')
-rw-r--r-- | security/openssh-portable/Makefile | 4 | ||||
-rw-r--r-- | security/openssh-portable/files/extra-patch-hostkeyalg_plus | 51 |
2 files changed, 54 insertions, 1 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 3169d7fc655c..78d8b64a0373 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 7.1p1 -PORTREVISION= 0 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= OPENBSD/OpenSSH/portable @@ -121,6 +121,8 @@ CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog EXTRA_PATCHES+= ${FILESDIR}/extra-patch-sshd-utmp-size .endif +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hostkeyalg_plus + # Keep this last EXTRA_PATCHES+= ${FILESDIR}/extra-patch-version-addendum diff --git a/security/openssh-portable/files/extra-patch-hostkeyalg_plus b/security/openssh-portable/files/extra-patch-hostkeyalg_plus new file mode 100644 index 000000000000..d97b2e17d49f --- /dev/null +++ b/security/openssh-portable/files/extra-patch-hostkeyalg_plus @@ -0,0 +1,51 @@ +Author: djm@mindrot.org + +Fix HostKeyAlgorithms `+' support. + +diff --git a/readconf.c b/readconf.c +index 374e741..23d74fb 100644 +--- a/readconf.c ++++ b/readconf.c +@@ -2229,6 +2229,10 @@ dump_client_config(Options *o, const char *host) + int i; + char vbuf[5]; + ++ /* This is normally prepared in ssh_kex2 */ ++ if (kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->hostkeyalgorithms) != 0) ++ fatal("%s: kex_assemble_names failed", __func__); ++ + /* Most interesting options first: user, host, port */ + dump_cfg_string(oUser, o->user); + dump_cfg_string(oHostName, host); +@@ -2289,7 +2293,7 @@ dump_client_config(Options *o, const char *host) + dump_cfg_string(oBindAddress, o->bind_address); + dump_cfg_string(oCiphers, o->ciphers ? o->ciphers : KEX_CLIENT_ENCRYPT); + dump_cfg_string(oControlPath, o->control_path); +- dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms ? o->hostkeyalgorithms : KEX_DEFAULT_PK_ALG); ++ dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms); + dump_cfg_string(oHostKeyAlias, o->host_key_alias); + dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types); + dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices); +diff --git a/servconf.c b/servconf.c +index 04404a4..08c8139 100644 +--- a/servconf.c ++++ b/servconf.c +@@ -242,8 +242,6 @@ fill_default_server_options(ServerOptions *options) + options->hostbased_authentication = 0; + if (options->hostbased_uses_name_from_packet_only == -1) + options->hostbased_uses_name_from_packet_only = 0; +- if (options->hostkeyalgorithms == NULL) +- options->hostkeyalgorithms = xstrdup(KEX_DEFAULT_PK_ALG); + if (options->rsa_authentication == -1) + options->rsa_authentication = 1; + if (options->pubkey_authentication == -1) +@@ -329,6 +327,8 @@ fill_default_server_options(ServerOptions *options) + kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 || + kex_assemble_names(KEX_SERVER_KEX, &options->kex_algorithms) != 0 || + kex_assemble_names(KEX_DEFAULT_PK_ALG, ++ &options->hostkeyalgorithms) != 0 || ++ kex_assemble_names(KEX_DEFAULT_PK_ALG, + &options->hostbased_key_types) != 0 || + kex_assemble_names(KEX_DEFAULT_PK_ALG, + &options->pubkey_key_types) != 0) + |