Date: Thu, 23 Sep 2010 18:30:06 GMT From: Grzegorz Blach <magik@roorback.net> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1 Message-ID: <201009231830.o8NIU6CE072876@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/150493; it has been noted by GNATS. From: Grzegorz Blach <magik@roorback.net> To: John Hein <jhein@symmetricom.com> Cc: <bug-followup@FreeBSD.org> Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1 Date: Thu, 23 Sep 2010 20:00:03 +0200 On Thu, 23 Sep 2010 10:35:30 -0600, John Hein <jhein@symmetricom.com> wrote: > I have come up with a patchset independently. > > If Grzegorz Blach wants to maintain this port, that's okay > with me. But this new patchset here addresses a few missing > details in Grzegorz's original submission. Or I'm willing > to maintain, too (I'll defer to Grzegorz if he would like to > do it). Either way, we should get this port updated since > it is quite out of date. > > This patch set included here: > - removes more old opensc related patches. > > - does not remove patches pulled from des@ changes in > src/crypto/openssh that are still valid. > > - points to upstream hpn patch instead of including a local copy > > - does not remove GSSAPI, LPK or FILECONTROL options, but does > mark them BROKEN for now - upstream for each seems still active, > so the port here can just be updated when upstream catches up. > > We can also patch the patches ourselves for 5.6 (or maintained a > tweaked local copy), but I prefer to update the port to 5.6p1 first > and then separately commit those updates. It makes following the > history of changes in CVS much easier. > > - remove PATCH_DIST_STRIP - it's unecessary and portlint hates it > > - I think the post-patch version.h changes in the original patchset > in this PR are wrong. The upstream patches (for hpn and filecontrol) > have changes for version.h that seem to work fine unchanged, > even applied together. Also the HAVE_LPK part that > adds SSH_HPN seems wrong. > > > I have two patchsets. The second just refreshes old files/patch-* > even though they apply cleanly against 5.6p1 - it could be considered > optional. I'll send the second set separately. > > Here is the 'Description' that I was going to submit as a PR > until I found this PR... > > ======================= > security/openssh-portable has not been update in a long time > (currently 5.2p1 which is 1.5+ years old). There are significant > nice feature updates and fixes in 5.6p1. > > Attached are two patchsets. Then main one is enough to get > the port updated and working. But see comments at the top > of the patchset. > > The second patchset just refreshes the remaining patches that still > apply cleaning to 5.6p1 files. It's probably a good idea to apply > it when committing to the port, but it's not strictly necessary. > And I would commit them separately just for the sake of clarity > in the commit logs. > > Actually, I'll send the second patchset in a separate submission > to avoid confusing PR patch detection tools. > ======================= > > Attached is the first patchset including a decent description of > the changes at the top of the patch... Thanks for your patches, I'll review its at the weekend, but now I thing, that GSSAPI option should be explicit removed, not marked as broken. On http://www.sxw.org.uk/computing/patches/openssh.html is noticed: "OpenSSH now contains support out of the box for GSSAPI user authentication using the 'gssapi-with-mic' mechanism".
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201009231830.o8NIU6CE072876>