Date: Mon, 12 Nov 2018 20:56:11 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r484823 - in head/security/openssh-portable: . files Message-ID: <201811122056.wACKuBi7061585@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Mon Nov 12 20:56:11 2018 New Revision: 484823 URL: https://svnweb.freebsd.org/changeset/ports/484823 Log: - Fix HPN for 7.9p1 - DOCS is required for HPN but it's not exclusively a flavor so needs to be in the default list. - Fix a build-time OpenSSL version comparison [1] PR: 233157 [1] Reported by: Robert Schulze <rs@bytecamp.net> [1] Obtained from: upstream c0a35265907533be10ca151ac797f34ae0d68969 [1] Added: head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 (contents, props changed) Modified: head/security/openssh-portable/Makefile head/security/openssh-portable/files/extra-patch-hpn Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Mon Nov 12 20:47:18 2018 (r484822) +++ head/security/openssh-portable/Makefile Mon Nov 12 20:56:11 2018 (r484823) @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 7.9p1 -PORTREVISION= 0 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= OPENBSD/OpenSSH/portable @@ -31,12 +31,11 @@ default_CONFLICTS_INSTALL= openssl-portable-hpn hpn_CONFLICTS_INSTALL= openssh-portable hpn_PKGNAMESUFFIX= -portable-hpn -OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT BSM \ +OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \ HPN X509 KERB_GSSAPI \ LDNS NONECIPHER XMSS OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS .if ${FLAVOR:U} == hpn -OPTIONS_DEFINE+= DOCS OPTIONS_DEFAULT+= HPN NONECIPHER .endif OPTIONS_RADIO= KERBEROS @@ -110,7 +109,7 @@ PATCHFILES+= openssh-7.7p1-gsskex-all-20141021-debian- # https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1 .if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} -BROKEN= HPN: Not yet updated for ${DISTVERSION} yet. +#BROKEN= HPN: Not yet updated for ${DISTVERSION} yet. PORTDOCS+= HPN-README HPN_VERSION= 14v15 HPN_DISTVERSION= 7.7p1 Modified: head/security/openssh-portable/files/extra-patch-hpn ============================================================================== --- head/security/openssh-portable/files/extra-patch-hpn Mon Nov 12 20:47:18 2018 (r484822) +++ head/security/openssh-portable/files/extra-patch-hpn Mon Nov 12 20:56:11 2018 (r484823) @@ -1064,9 +1064,9 @@ diff -urN -x configure -x config.guess -x config.h.in #define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */ #define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ #define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */ ---- work/openssh-7.7p1/sshconnect.c.orig 2018-04-01 22:38:28.000000000 -0700 -+++ work/openssh-7.7p1/sshconnect.c 2018-06-26 15:55:19.103812000 -0700 -@@ -337,7 +337,32 @@ check_ifaddrs(const char *ifname, int af, const struct +--- work/openssh/sshconnect.c.orig 2018-10-16 17:01:20.000000000 -0700 ++++ work/openssh/sshconnect.c 2018-11-12 09:04:24.340706000 -0800 +@@ -327,7 +327,32 @@ check_ifaddrs(const char *ifname, int af, const struct } #endif @@ -1096,10 +1096,10 @@ diff -urN -x configure -x config.guess -x config.h.in +#endif + +/* - * Creates a (possibly privileged) socket for use as the ssh connection. + * Creates a socket for use as the ssh connection. */ static int -@@ -359,6 +384,11 @@ ssh_create_socket(int privileged, struct addrinfo *ai) +@@ -349,6 +374,11 @@ ssh_create_socket(struct addrinfo *ai) } fcntl(sock, F_SETFD, FD_CLOEXEC); @@ -1109,9 +1109,9 @@ diff -urN -x configure -x config.guess -x config.h.in +#endif + /* Bind the socket to an alternative local IP address */ - if (options.bind_address == NULL && options.bind_interface == NULL && - !privileged) -@@ -637,8 +667,14 @@ static void + if (options.bind_address == NULL && options.bind_interface == NULL) + return sock; +@@ -608,8 +638,14 @@ static void send_client_banner(int connection_out, int minor1) { /* Send our own protocol version identification. */ @@ -1128,8 +1128,8 @@ diff -urN -x configure -x config.guess -x config.h.in if (atomicio(vwrite, connection_out, client_version_string, strlen(client_version_string)) != strlen(client_version_string)) fatal("write: %.100s", strerror(errno)); ---- work/openssh-7.7p1/sshconnect2.c.orig 2018-04-01 22:38:28.000000000 -0700 -+++ work/openssh-7.7p1/sshconnect2.c 2018-06-27 17:11:17.543893000 -0700 +--- work/openssh/sshconnect2.c.orig 2018-10-16 17:01:20.000000000 -0700 ++++ work/openssh/sshconnect2.c 2018-11-12 09:06:06.338515000 -0800 @@ -81,7 +81,13 @@ extern char *client_version_string; extern char *server_version_string; @@ -1144,7 +1144,7 @@ diff -urN -x configure -x config.guess -x config.h.in /* * SSH2 key exchange */ -@@ -154,14 +160,17 @@ order_hostkeyalgs(char *host, struct sockaddr *hostadd +@@ -154,10 +160,11 @@ order_hostkeyalgs(char *host, struct sockaddr *hostadd return ret; } @@ -1154,16 +1154,18 @@ diff -urN -x configure -x config.guess -x config.h.in ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) { - char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; - char *s; + char *s, *all_key; struct kex *kex; int r; - -+ memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); -+ +@@ -165,6 +172,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_shor xxx_host = host; xxx_hostaddr = hostaddr; -@@ -409,6 +418,30 @@ ssh_userauth2(const char *local_user, const char *serv ++ memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); + if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) + fatal("%s: kex_names_cat", __func__); + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); +@@ -412,6 +420,30 @@ ssh_userauth2(const char *local_user, const char *serv if (!authctxt.success) fatal("Authentication failed."); Added: head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 Mon Nov 12 20:56:11 2018 (r484823) @@ -0,0 +1,19 @@ +commit c0a35265907533be10ca151ac797f34ae0d68969 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Oct 22 11:22:50 2018 +1100 + + fix compile for openssl 1.0.x w/ --with-ssl-engine + + bz#2921, patch from cotequeiroz + +--- openbsd-compat/openssl-compat.c.orig 2018-11-12 12:52:26 UTC ++++ openbsd-compat/openssl-compat.c +@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void) + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); + +-#if OPENSSL_VERSION_NUMBER < 0x10001000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + OPENSSL_config(NULL); + #else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811122056.wACKuBi7061585>