Date: Mon, 12 Nov 2018 21:55:35 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r484842 - in head/security/openssh-portable: . files Message-ID: <201811122155.wACLtZd7094475@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Mon Nov 12 21:55:35 2018 New Revision: 484842 URL: https://svnweb.freebsd.org/changeset/ports/484842 Log: - Fix X509 build after r484765 openssl fix - Fix patch URL for KERB_GSSAPI - Add FLAVORs for x509 and gssapi since they are distinct types of OpenSSH rather than feature flags. Approved by: portmgr (implicit) Added: head/security/openssh-portable/files/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969 - copied unchanged from r484841, head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 Deleted: head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 Modified: head/security/openssh-portable/Makefile head/security/openssh-portable/files/extra-patch-x509-glue head/security/openssh-portable/files/patch-session.c Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Mon Nov 12 21:48:58 2018 (r484841) +++ head/security/openssh-portable/Makefile Mon Nov 12 21:55:35 2018 (r484842) @@ -26,10 +26,18 @@ CONFIGURE_ARGS= --prefix=${PREFIX} --with-md5-passwor ETCOLD= ${PREFIX}/etc -FLAVORS= default hpn -default_CONFLICTS_INSTALL= openssl-portable-hpn -hpn_CONFLICTS_INSTALL= openssh-portable +FLAVORS= default hpn gssapi x509 +default_CONFLICTS_INSTALL= openssh-portable-hpn openssh-portable-gssapi \ + openssh-portable-x509 +hpn_CONFLICTS_INSTALL= openssh-portable openssh-portable-gssapi \ + openssh-portable-x509 hpn_PKGNAMESUFFIX= -portable-hpn +gssapi_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \ + openssh-portable-x509 +gssapi_PKGNAMESUFFIX= -portable-gssapi +x509_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \ + openssh-portable-gssapi +x509_PKGNAMESUFFIX= -portable-x509 OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \ HPN X509 KERB_GSSAPI \ @@ -38,6 +46,12 @@ OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS .if ${FLAVOR:U} == hpn OPTIONS_DEFAULT+= HPN NONECIPHER .endif +.if ${FLAVOR:U} == gssapi +OPTIONS_DEFAULT+= KERB_GSSAPI MIT +.endif +.if ${FLAVOR:U} == x509 +OPTIONS_DEFAULT+= X509 +.endif OPTIONS_RADIO= KERBEROS OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE TCP_WRAPPERS_DESC= tcp_wrappers support @@ -87,9 +101,13 @@ ETCDIR?= ${PREFIX}/etc/ssh PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex +# Upstream OpenSSL fix but does not apply for x509 patch. +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969 + # X509 patch includes TCP Wrapper support already .if ${PORT_OPTIONS:MX509} EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}} +EXTRA_PATCHES:= ${EXTRA_PATCHES:N${FILESDIR}/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969} .endif # Must add this patch before HPN due to conflicts @@ -104,7 +122,7 @@ EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA # Needed glue for applying HPN patch without conflict EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue . endif -PATCHFILES+= openssh-7.7p1-gsskex-all-20141021-debian-rh-20171004.patch.gz:-p1:gsskex +PATCHFILES+= openssh-7.9p1-gsskex-all-20141021-debian-rh-20181020.patch.gz:-p1:gsskex .endif # https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1 Copied: head/security/openssh-portable/files/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969 (from r484841, head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openssh-portable/files/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969 Mon Nov 12 21:55:35 2018 (r484842, copy of r484841, head/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969) @@ -0,0 +1,19 @@ +commit c0a35265907533be10ca151ac797f34ae0d68969 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Oct 22 11:22:50 2018 +1100 + + fix compile for openssl 1.0.x w/ --with-ssl-engine + + bz#2921, patch from cotequeiroz + +--- openbsd-compat/openssl-compat.c.orig 2018-11-12 12:52:26 UTC ++++ openbsd-compat/openssl-compat.c +@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void) + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); + +-#if OPENSSL_VERSION_NUMBER < 0x10001000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + OPENSSL_config(NULL); + #else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | Modified: head/security/openssh-portable/files/extra-patch-x509-glue ============================================================================== --- head/security/openssh-portable/files/extra-patch-x509-glue Mon Nov 12 21:48:58 2018 (r484841) +++ head/security/openssh-portable/files/extra-patch-x509-glue Mon Nov 12 21:55:35 2018 (r484842) @@ -1,42 +1,3 @@ ---- session.c.orig 2017-10-12 11:52:52.953370000 -0700 -+++ session.c 2017-10-12 11:53:40.793055000 -0700 -@@ -1062,36 +1062,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char * - if (getenv("TZ")) - child_set_env(&env, &envsize, "TZ", getenv("TZ")); - --#ifdef __ANDROID__ --{ --#define COPY_ANDROID_ENV(name) { \ -- char *s = getenv(name); \ -- if (s) child_set_env(&env, &envsize, name, s); } -- -- /* from /init.rc */ -- COPY_ANDROID_ENV("ANDROID_BOOTLOGO"); -- COPY_ANDROID_ENV("ANDROID_ROOT"); -- COPY_ANDROID_ENV("ANDROID_ASSETS"); -- COPY_ANDROID_ENV("ANDROID_DATA"); -- COPY_ANDROID_ENV("ASEC_MOUNTPOINT"); -- COPY_ANDROID_ENV("LOOP_MOUNTPOINT"); -- COPY_ANDROID_ENV("BOOTCLASSPATH"); -- -- /* FIXME: keep android property workspace open -- * (see openbsd-compat/bsd-closefrom.c) -- */ -- COPY_ANDROID_ENV("ANDROID_PROPERTY_WORKSPACE"); -- -- COPY_ANDROID_ENV("EXTERNAL_STORAGE"); /* ??? */ -- COPY_ANDROID_ENV("SECONDARY_STORAGE"); /* ??? */ -- COPY_ANDROID_ENV("SD_EXT_DIRECTORY"); /* ??? */ -- -- /* may contain path to custom libraries */ -- COPY_ANDROID_ENV("LD_LIBRARY_PATH"); --#undef COPY_ANDROID_ENV --} --#endif -- - /* Set custom environment options from pubkey authentication. */ - if (options.permit_user_env) { - for (n = 0 ; n < auth_opts->nenv; n++) { --- sshd_config.5.orig 2017-10-12 11:51:06.638814000 -0700 +++ sshd_config.5 2017-10-12 11:51:33.780459000 -0700 @@ -1682,7 +1682,57 @@ is set to Modified: head/security/openssh-portable/files/patch-session.c ============================================================================== --- head/security/openssh-portable/files/patch-session.c Mon Nov 12 21:48:58 2018 (r484841) +++ head/security/openssh-portable/files/patch-session.c Mon Nov 12 21:55:35 2018 (r484842) @@ -50,7 +50,7 @@ Sponsored by: DARPA, NAI Labs + *environ = NULL; + (void) setusercontext(lc, pw, pw->pw_uid, + LOGIN_SETENV|LOGIN_SETPATH); -+ copy_environment(environ, &env, &envsize); ++ copy_environment_blacklist(environ, &env, &envsize, NULL); + for (var = environ; *var != NULL; ++var) + free(*var); + free(environ); @@ -58,7 +58,7 @@ Sponsored by: DARPA, NAI Labs #else /* HAVE_LOGIN_CAP */ # ifndef HAVE_CYGWIN /* -@@ -1082,14 +1098,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char * +@@ -1082,11 +1098,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char * # endif /* HAVE_CYGWIN */ #endif /* HAVE_LOGIN_CAP */ @@ -70,9 +70,6 @@ Sponsored by: DARPA, NAI Labs - if (getenv("TZ")) - child_set_env(&env, &envsize, "TZ", getenv("TZ")); - if (s->term) - child_set_env(&env, &envsize, "TERM", s->term); - if (s->display) @@ -1389,7 +1400,7 @@ do_setusercontext(struct passwd *pw) if (platform_privileged_uidswap()) { #ifdef HAVE_LOGIN_CAP
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811122155.wACLtZd7094475>