From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Sep 23 18:30:06 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AA7361065674 for ; Thu, 23 Sep 2010 18:30:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 7DEDC8FC08 for ; Thu, 23 Sep 2010 18:30:06 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o8NIU6cE072879 for ; Thu, 23 Sep 2010 18:30:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o8NIU6CE072876; Thu, 23 Sep 2010 18:30:06 GMT (envelope-from gnats) Date: Thu, 23 Sep 2010 18:30:06 GMT Message-Id: <201009231830.o8NIU6CE072876@freefall.freebsd.org> To: freebsd-ports-bugs@FreeBSD.org From: Grzegorz Blach Cc: Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Grzegorz Blach List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2010 18:30:06 -0000 The following reply was made to PR ports/150493; it has been noted by GNATS. From: Grzegorz Blach To: John Hein Cc: Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1 Date: Thu, 23 Sep 2010 20:00:03 +0200 On Thu, 23 Sep 2010 10:35:30 -0600, John Hein wrote: > I have come up with a patchset independently. > > If Grzegorz Blach wants to maintain this port, that's okay > with me. But this new patchset here addresses a few missing > details in Grzegorz's original submission. Or I'm willing > to maintain, too (I'll defer to Grzegorz if he would like to > do it). Either way, we should get this port updated since > it is quite out of date. > > This patch set included here: > - removes more old opensc related patches. > > - does not remove patches pulled from des@ changes in > src/crypto/openssh that are still valid. > > - points to upstream hpn patch instead of including a local copy > > - does not remove GSSAPI, LPK or FILECONTROL options, but does > mark them BROKEN for now - upstream for each seems still active, > so the port here can just be updated when upstream catches up. > > We can also patch the patches ourselves for 5.6 (or maintained a > tweaked local copy), but I prefer to update the port to 5.6p1 first > and then separately commit those updates. It makes following the > history of changes in CVS much easier. > > - remove PATCH_DIST_STRIP - it's unecessary and portlint hates it > > - I think the post-patch version.h changes in the original patchset > in this PR are wrong. The upstream patches (for hpn and filecontrol) > have changes for version.h that seem to work fine unchanged, > even applied together. Also the HAVE_LPK part that > adds SSH_HPN seems wrong. > > > I have two patchsets. The second just refreshes old files/patch-* > even though they apply cleanly against 5.6p1 - it could be considered > optional. I'll send the second set separately. > > Here is the 'Description' that I was going to submit as a PR > until I found this PR... > > ======================= > security/openssh-portable has not been update in a long time > (currently 5.2p1 which is 1.5+ years old). There are significant > nice feature updates and fixes in 5.6p1. > > Attached are two patchsets. Then main one is enough to get > the port updated and working. But see comments at the top > of the patchset. > > The second patchset just refreshes the remaining patches that still > apply cleaning to 5.6p1 files. It's probably a good idea to apply > it when committing to the port, but it's not strictly necessary. > And I would commit them separately just for the sake of clarity > in the commit logs. > > Actually, I'll send the second patchset in a separate submission > to avoid confusing PR patch detection tools. > ======================= > > Attached is the first patchset including a decent description of > the changes at the top of the patch... Thanks for your patches, I'll review its at the weekend, but now I thing, that GSSAPI option should be explicit removed, not marked as broken. On http://www.sxw.org.uk/computing/patches/openssh.html is noticed: "OpenSSH now contains support out of the box for GSSAPI user authentication using the 'gssapi-with-mic' mechanism".