diff options
| author | leres <leres@FreeBSD.org> | 2018-04-13 05:54:01 +0800 |
|---|---|---|
| committer | leres <leres@FreeBSD.org> | 2018-04-13 05:54:01 +0800 |
| commit | d63776c55ca2ac66690535cc83285a89d51a8b88 (patch) | |
| tree | f433f4e71a157fdad3778ad521144788143774c5 /security | |
| parent | 47cf703b7c20bc77d7183a4e3e8648c2c17a7330 (diff) | |
| download | freebsd-ports-gnome-d63776c55ca2ac66690535cc83285a89d51a8b88.tar.gz freebsd-ports-gnome-d63776c55ca2ac66690535cc83285a89d51a8b88.tar.zst freebsd-ports-gnome-d63776c55ca2ac66690535cc83285a89d51a8b88.zip | |
The block of code that canonicallizes the hostname supplied on
the command line added by patch-ssh.c misapplies to 7.7p1 and
moves from main() to to ssh_session2(). This breaks ssh SSHFP
support for non-canonical hostnames. For example, "ssh zinc"
correctly discovers the FQDN (zinc.ee.lbl.gov) and uses it to
look up A and AAAA records but the non-canonical version (zinc)
is used in the SSHFP record lookup which or course fails.
Regenerate the patch.
Reviewed by: bdrewery, ler (mentor)
Approved by: bdrewery, ler (mentor)
Differential Revision: https://reviews.freebsd.org/D15053
Diffstat (limited to 'security')
| -rw-r--r-- | security/openssh-portable/Makefile | 2 | ||||
| -rw-r--r-- | security/openssh-portable/files/patch-ssh.c | 16 |
2 files changed, 9 insertions, 9 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 17b12fb12050..887bf93af3d8 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 7.7p1 -PORTREVISION= 0 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= OPENBSD/OpenSSH/portable diff --git a/security/openssh-portable/files/patch-ssh.c b/security/openssh-portable/files/patch-ssh.c index 9b679c297df2..c49535dcf868 100644 --- a/security/openssh-portable/files/patch-ssh.c +++ b/security/openssh-portable/files/patch-ssh.c @@ -5,11 +5,11 @@ Changed paths: Canonicize the host name before looking it up in the host file. ---- ssh.c.orig 2010-08-16 09:59:31.000000000 -0600 -+++ ssh.c 2010-08-25 17:55:01.000000000 -0600 -@@ -699,6 +699,23 @@ - "h", host, (char *)NULL); - } +--- ssh.c.orig 2018-04-02 05:38:28 UTC ++++ ssh.c +@@ -1281,6 +1281,23 @@ main(int ac, char **av) + ssh_digest_free(md); + conn_hash_hex = tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); + /* Find canonic host name. */ + if (strchr(host, '.') == 0) { @@ -28,6 +28,6 @@ Canonicize the host name before looking it up in the host file. + } + } + - if (options.local_command != NULL) { - char thishost[NI_MAXHOST]; - + /* + * Expand tokens in arguments. NB. LocalCommand is expanded later, + * after port-forwarding is set up, so it may pick up any local |