From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Sep 26 19:50:28 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 086071065674 for ; Sun, 26 Sep 2010 19:50:28 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D7D458FC18 for ; Sun, 26 Sep 2010 19:50:07 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o8QJo7bb023196 for ; Sun, 26 Sep 2010 19:50:07 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o8QJo7dS023195; Sun, 26 Sep 2010 19:50:07 GMT (envelope-from gnats) Date: Sun, 26 Sep 2010 19:50:07 GMT Message-Id: <201009261950.o8QJo7dS023195@freefall.freebsd.org> To: freebsd-ports-bugs@FreeBSD.org From: John Hein Cc: Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: John Hein List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Sep 2010 19:50:28 -0000 The following reply was made to PR ports/150493; it has been noted by GNATS. From: John Hein To: Grzegorz Blach , Cc: Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1 Date: Sun, 26 Sep 2010 13:43:12 -0600 --xx55/XzeMR Content-Type: text/plain; charset=us-ascii Content-Description: message body text Content-Transfer-Encoding: 7bit Here's an update to the Makefile patch that moves PATCH_DIST_STRIP rather than removing it. I mis-read the portlint whine and overriding the default -p0 is needed for the dist patches. As it turns out just using no -p arg at all works for all the openssh dist patches. Updated Makefile patch attached... --xx55/XzeMR Content-Type: text/plain; name="p2" Content-Description: latest Makefile with dist patch fixes Content-Disposition: inline; filename="p2" Content-Transfer-Encoding: 7bit Index: Makefile =================================================================== RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/Makefile,v retrieving revision 1.149 diff -u -p -r1.149 Makefile --- Makefile 31 Aug 2010 02:46:43 -0000 1.149 +++ Makefile 26 Sep 2010 19:38:46 -0000 @@ -6,8 +6,8 @@ # PORTNAME= openssh -DISTVERSION= 5.2p1 -PORTREVISION= 2 +DISTVERSION= 5.6p1 +PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security ipv6 .if defined(OPENSSH_SNAPSHOT) @@ -18,6 +18,7 @@ MASTER_SITE_SUBDIR= OpenSSH/portable .endif PKGNAMESUFFIX= ${PORTABLE_SUFFIX}${GSSAPI_SUFFIX}${BASE_SUFFIX} DISTNAME= # empty +PATCH_DIST_STRIP= MAINTAINER= ports@FreeBSD.org COMMENT= The portable version of OpenBSD's OpenSSH @@ -61,8 +62,6 @@ OPTIONS= PAM "Enable pam(3) support" GSSAPI "Enable GSSAPI support (req: KERBEROS)" off \ KERB_GSSAPI "Enable Kerberos/GSSAPI patch (req: GSSAPI)" off \ OPENSSH_CHROOT "Enable CHROOT support" off \ - OPENSC "Enable OpenSC smartcard support" off \ - OPENSCPINPATCH "Enable OpenSC PIN patch" off \ HPN "Enable HPN-SSH patch" off \ LPK "Enable LDAP Public Key (LPK) patch" off \ X509 "Enable x509 certificate patch" off \ @@ -75,8 +74,8 @@ OPTIONS= PAM "Enable pam(3) support" BROKEN= does not build .endif -.if defined(WITH_X509) && ( defined(WITH_HPN) || defined(WITH_LPK)) -BROKEN= X509 patch incompatible with HPN and LPK patches +.if defined(WITH_X509) && defined(WITH_HPN) +BROKEN= X509 patches and HPN patches do not apply cleanly together .endif .if defined(WITH_X509) && defined(WITH_KERB_GSSAPI) @@ -110,7 +109,9 @@ CONFIGURE_ARGS+= --with-audit=bsm .if !defined(WITHOUT_KERBEROS) .if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI) .if defined(WITH_KERB_GSSAPI) -PATCH_DIST_STRIP= -p0 +# Latest GSSAPI patch is against 5.3 and does not apply +# cleanly against 5.6p1, but it's close. +BROKEN= upstream GSSAPI key exchange patch is not up to date for OpenSSH 5.6p1 PATCH_SITES+= http://www.sxw.org.uk/computing/patches/ PATCHFILES+= openssh-5.2p1-gsskex-all-20090726.patch .endif @@ -145,48 +146,29 @@ CONFIGURE_ARGS+= --with-ssl-dir=${OPENSS CFLAGS+= -DCHROOT .endif -.if defined(WITH_OPENSC) -LIB_DEPENDS+= opensc.2:${PORTSDIR}/security/opensc -CONFIGURE_ARGS+= --with-opensc=${LOCALBASE} -.endif - -# See http://bugzilla.mindrot.org/show_bug.cgi?id=608 -.if defined(WITH_OPENSCPINPATCH) -EXTRA_PATCHES+= ${FILESDIR}/scardpin.patch -.endif - .if defined(WITH_HPN) -EXTRA_PATCHES+= ${FILESDIR}/openssh-5.2p1-hpn13v6.diff +PATCH_SITES+= http://www.psc.edu/networking/projects/hpn-ssh/ +PATCHFILES+= openssh-5.6p1-hpn13v10.diff.gz .endif -# See http://dev.inversepath.com/trac/openssh-lpk +# See http://code.google.com/p/openssh-lpk/wiki/Main +# and svn repo described here: +# http://code.google.com/p/openssh-lpk/source/checkout .if defined(WITH_LPK) -EXTRA_PATCHES+= ${FILESDIR}/contrib-openssh-lpk-5.1p1-0.3.10.patch +# Latest LPK patch is against 5.4p1 and does not apply +# cleanly against 5.6p1, but it's close. +BROKEN= latest upstream LDAP public key patch is not up to date for OpenSSH 5.6p1 +EXTRA_PATCHES+= ${FILESDIR}/contrib-openssh-lpk-5.4p1-0.3.13.patch USE_OPENLDAP= yes -CPPFLAGS+= "-I${LOCALBASE}/include -DWITH_LDAP_PUBKEY" +CPPFLAGS+= -I${LOCALBASE}/include CONFIGURE_ARGS+= --with-libs='-lldap' --with-ldflags='-L${LOCALBASE}/lib' \ - --with-cppflags='-I${LOCALBASE}/include -DWITH_LDAP_PUBKEY' -.endif - -# resolve some patches incompatibility between LPK and HPN patches - -.if defined(WITH_HPN) && defined(WITH_LPK) -EXTRA_PATCHES+= ${FILESDIR}/lpk+hpn-servconf.c.patch -.elif defined(WITH_HPN) && !defined(WITH_LPK) -EXTRA_PATCHES+= ${FILESDIR}/openssh-5.2p1-hpn13v6-servconf.c.diff -.elif defined(WITH_LPK) && !defined(WITH_HPN) -EXTRA_PATCHES+= ${FILESDIR}/contrib-openssh-lpk-5.1p1-0.3.10-servconf.c.patch -.endif - -.if defined(WITH_LPK) && ${ARCH} == "amd64" -EXTRA_PATCHES+= ${FILESDIR}/contrib-openssh-5.1_p1-lpk-64bit.patch + --with-cppflags='${CPPFLAGS}' --with_ldap=yes .endif # See http://www.roumenpetrov.info/openssh/ .if defined(WITH_X509) -PATCH_DIST_STRIP= -p1 -PATCH_SITES+= http://www.roumenpetrov.info/openssh/x509-6.2/ -PATCHFILES+= openssh-5.2p1+x509-6.2.diff.gz +PATCH_SITES+= http://www.roumenpetrov.info/openssh/x509-6.2.3/ +PATCHFILES+= openssh-5.6p1+x509-6.2.3.diff.gz PLIST_SUB+= X509="" .else PLIST_SUB+= X509="@comment " @@ -194,6 +176,9 @@ PLIST_SUB+= X509="@comment " # See http://sftpfilecontrol.sourceforge.net/ .if defined(WITH_FILECONTROL) +# Latest sftpfilecontrol patch is against 5.4p1 which does not apply +# cleanly against 5.6p1, but it's close. +BROKEN= latest upstream sftp file control public key patch is not up to date for OpenSSH 5.6p1 EXTRA_PATCHES+= ${FILESDIR}/openssh-${DISTVERSION}.sftpfilecontrol-v1.3.patch .endif --xx55/XzeMR--