Date: Tue, 26 Mar 2019 23:58:57 +0000 (UTC) From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r496930 - in head/security/putty: . files Message-ID: <201903262358.x2QNwv2N058138@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mandree Date: Tue Mar 26 23:58:56 2019 New Revision: 496930 URL: https://svnweb.freebsd.org/changeset/ports/496930 Log: Reinstate GSSAPI_NONE option. Not bumping PORTREVISION as the default build is unaffected. Obtained from: Jacob Nevins, upstream Git commit 7ad08649 Added: head/security/putty/files/patch-config.c (contents, props changed) head/security/putty/files/patch-ssh.c (contents, props changed) head/security/putty/files/patch-ssh2transport.c (contents, props changed) head/security/putty/files/patch-ssh2userauth.c (contents, props changed) head/security/putty/files/patch-sshserver.c (contents, props changed) Modified: head/security/putty/Makefile head/security/putty/files/patch-settings.c Modified: head/security/putty/Makefile ============================================================================== --- head/security/putty/Makefile Tue Mar 26 23:39:27 2019 (r496929) +++ head/security/putty/Makefile Tue Mar 26 23:58:56 2019 (r496930) @@ -28,10 +28,7 @@ OPTIONS_RADIO= TOOLKIT OPTIONS_RADIO_TOOLKIT= GTK2 GTK3 OPTIONS_DEFAULT=GSSAPI_BASE GTK3 OPTIONS_SINGLE= GSSAPI_SELECT -#OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT -# XXX FIXME TODO: GSSAPI_NONE is broken as of PuTTY 0.71 (did work in 0.70). -# Report has been sent to putty.AT.projects.tartarus.org on 2019-03-17 -OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT CONFLICTS_INSTALL?= pssh-[0-9]* putty-gtk2-[0-9]* putty-nogtk-[0-9]* Added: head/security/putty/files/patch-config.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/putty/files/patch-config.c Tue Mar 26 23:58:56 2019 (r496930) @@ -0,0 +1,29 @@ +--- config.c.orig 2019-03-16 12:26:32 UTC ++++ config.c +@@ -2442,10 +2442,12 @@ void setup_config_box(struct controlbox *b, bool midse + HELPCTX(ssh_kexlist), + kexlist_handler, P(NULL)); + c->listbox.height = KEX_MAX; ++#ifndef NO_GSSAPI + ctrl_checkbox(s, "Attempt GSSAPI key exchange", + 'k', HELPCTX(ssh_gssapi), + conf_checkbox_handler, + I(CONF_try_gssapi_kex)); ++#endif + + s = ctrl_getset(b, "Connection/SSH/Kex", "repeat", + "Options controlling key re-exchange"); +@@ -2455,11 +2457,13 @@ void setup_config_box(struct controlbox *b, bool midse + conf_editbox_handler, + I(CONF_ssh_rekey_time), + I(-1)); ++#ifndef NO_GSSAPI + ctrl_editbox(s, "Minutes between GSS checks (0 for never)", NO_SHORTCUT, 20, + HELPCTX(ssh_kex_repeat), + conf_editbox_handler, + I(CONF_gssapirekey), + I(-1)); ++#endif + ctrl_editbox(s, "Max data before rekey (0 for no limit)", 'x', 20, + HELPCTX(ssh_kex_repeat), + conf_editbox_handler, Modified: head/security/putty/files/patch-settings.c ============================================================================== --- head/security/putty/files/patch-settings.c Tue Mar 26 23:39:27 2019 (r496929) +++ head/security/putty/files/patch-settings.c Tue Mar 26 23:58:56 2019 (r496930) @@ -1,6 +1,43 @@ --- settings.c.orig 2019-03-16 12:26:35 UTC +++ settings.c -@@ -990,7 +990,9 @@ void load_open_settings(settings_r *sesskey, Conf *con +@@ -592,21 +592,25 @@ void save_open_settings(settings_w *sesskey, Conf *con + write_setting_b(sesskey, "Compression", conf_get_bool(conf, CONF_compression)); + write_setting_b(sesskey, "TryAgent", conf_get_bool(conf, CONF_tryagent)); + write_setting_b(sesskey, "AgentFwd", conf_get_bool(conf, CONF_agentfwd)); ++#ifndef NO_GSSAPI + write_setting_b(sesskey, "GssapiFwd", conf_get_bool(conf, CONF_gssapifwd)); ++#endif + write_setting_b(sesskey, "ChangeUsername", conf_get_bool(conf, CONF_change_username)); + wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist); + wprefs(sesskey, "KEX", kexnames, KEX_MAX, conf, CONF_ssh_kexlist); + wprefs(sesskey, "HostKey", hknames, HK_MAX, conf, CONF_ssh_hklist); + write_setting_i(sesskey, "RekeyTime", conf_get_int(conf, CONF_ssh_rekey_time)); ++#ifndef NO_GSSAPI + write_setting_i(sesskey, "GssapiRekey", conf_get_int(conf, CONF_gssapirekey)); ++#endif + write_setting_s(sesskey, "RekeyBytes", conf_get_str(conf, CONF_ssh_rekey_data)); + write_setting_b(sesskey, "SshNoAuth", conf_get_bool(conf, CONF_ssh_no_userauth)); + write_setting_b(sesskey, "SshBanner", conf_get_bool(conf, CONF_ssh_show_banner)); + write_setting_b(sesskey, "AuthTIS", conf_get_bool(conf, CONF_try_tis_auth)); + write_setting_b(sesskey, "AuthKI", conf_get_bool(conf, CONF_try_ki_auth)); ++#ifndef NO_GSSAPI + write_setting_b(sesskey, "AuthGSSAPI", conf_get_bool(conf, CONF_try_gssapi_auth)); + write_setting_b(sesskey, "AuthGSSAPIKEX", conf_get_bool(conf, CONF_try_gssapi_kex)); +-#ifndef NO_GSSAPI + wprefs(sesskey, "GSSLibs", gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist); + write_setting_filename(sesskey, "GSSCustom", conf_get_filename(conf, CONF_ssh_gss_custom)); + #endif +@@ -937,7 +941,9 @@ void load_open_settings(settings_r *sesskey, Conf *con + gppb(sesskey, "TryAgent", true, conf, CONF_tryagent); + gppb(sesskey, "AgentFwd", false, conf, CONF_agentfwd); + gppb(sesskey, "ChangeUsername", false, conf, CONF_change_username); ++#ifndef NO_GSSAPI + gppb(sesskey, "GssapiFwd", false, conf, CONF_gssapifwd); ++#endif + gprefs(sesskey, "Cipher", "\0", + ciphernames, CIPHER_MAX, conf, CONF_ssh_cipherlist); + { +@@ -990,7 +996,9 @@ void load_open_settings(settings_r *sesskey, Conf *con gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN", hknames, HK_MAX, conf, CONF_ssh_hklist); gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time); @@ -10,3 +47,14 @@ gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data); { /* SSH-2 only by default */ +@@ -1007,9 +1015,9 @@ void load_open_settings(settings_r *sesskey, Conf *con + gppb(sesskey, "SshBanner", true, conf, CONF_ssh_show_banner); + gppb(sesskey, "AuthTIS", false, conf, CONF_try_tis_auth); + gppb(sesskey, "AuthKI", true, conf, CONF_try_ki_auth); ++#ifndef NO_GSSAPI + gppb(sesskey, "AuthGSSAPI", true, conf, CONF_try_gssapi_auth); + gppb(sesskey, "AuthGSSAPIKEX", true, conf, CONF_try_gssapi_kex); +-#ifndef NO_GSSAPI + gprefs(sesskey, "GSSLibs", "\0", + gsslibkeywords, ngsslibs, conf, CONF_ssh_gsslist); + gppfile(sesskey, "GSSCustom", conf, CONF_ssh_gss_custom); Added: head/security/putty/files/patch-ssh.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/putty/files/patch-ssh.c Tue Mar 26 23:58:56 2019 (r496930) @@ -0,0 +1,44 @@ +--- ssh.c.orig 2019-03-16 12:26:35 UTC ++++ ssh.c +@@ -50,7 +50,9 @@ struct Ssh { + ssh_sharing_state *connshare; + bool attempting_connshare; + ++#ifndef NO_GSSAPI + struct ssh_connection_shared_gss_state gss_state; ++#endif + + char *savedhost; + int savedport; +@@ -252,10 +254,18 @@ static void ssh_got_ssh_version(struct ssh_version_rec + conf_get_bool(ssh->conf, CONF_tryagent), username, + conf_get_bool(ssh->conf, CONF_change_username), + conf_get_bool(ssh->conf, CONF_try_ki_auth), ++#ifndef NO_GSSAPI + conf_get_bool(ssh->conf, CONF_try_gssapi_auth), + conf_get_bool(ssh->conf, CONF_try_gssapi_kex), + conf_get_bool(ssh->conf, CONF_gssapifwd), +- &ssh->gss_state); ++ &ssh->gss_state ++#else ++ false, ++ false, ++ false, ++ NULL ++#endif ++ ); + ssh_connect_ppl(ssh, userauth_layer); + transport_child_layer = userauth_layer; + +@@ -267,7 +277,11 @@ static void ssh_got_ssh_version(struct ssh_version_rec + ssh->fullhostname, + ssh_verstring_get_local(old_bpp), + ssh_verstring_get_remote(old_bpp), ++#ifndef NO_GSSAPI + &ssh->gss_state, ++#else ++ NULL, ++#endif + &ssh->stats, transport_child_layer, false); + ssh_connect_ppl(ssh, ssh->base_layer); + Added: head/security/putty/files/patch-ssh2transport.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/putty/files/patch-ssh2transport.c Tue Mar 26 23:58:56 2019 (r496930) @@ -0,0 +1,19 @@ +--- ssh2transport.c.orig 2019-03-16 12:26:35 UTC ++++ ssh2transport.c +@@ -1781,6 +1781,7 @@ static void ssh2_transport_gss_update(struct ssh2_tran + if (mins > 0 && s->gss_ctxt_lifetime <= mins * 60) + s->gss_status |= GSS_CTXT_EXPIRES; + } ++#endif /* NO_GSSAPI */ + + ptrlen ssh2_transport_get_session_id(PacketProtocolLayer *ppl) + { +@@ -1804,8 +1805,6 @@ void ssh2_transport_notify_auth_done(PacketProtocolLay + s->rekey_class = RK_POST_USERAUTH; + queue_idempotent_callback(&s->ppl.ic_process_queue); + } +- +-#endif /* NO_GSSAPI */ + + static bool ssh2_transport_get_specials( + PacketProtocolLayer *ppl, add_special_fn_t add_special, void *ctx) Added: head/security/putty/files/patch-ssh2userauth.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/putty/files/patch-ssh2userauth.c Tue Mar 26 23:58:56 2019 (r496930) @@ -0,0 +1,28 @@ +--- ssh2userauth.c.orig 2019-03-16 12:26:35 UTC ++++ ssh2userauth.c +@@ -613,8 +613,10 @@ static void ssh2_userauth_process_queue(PacketProtocol + * Scan it for method identifiers we know about. + */ + bool srv_pubkey = false, srv_passwd = false; +- bool srv_keyb_inter = false, srv_gssapi = false; +- bool srv_gssapi_keyex_auth = false; ++ bool srv_keyb_inter = false; ++#ifndef NO_GSSAPI ++ bool srv_gssapi = false, srv_gssapi_keyex_auth = false; ++#endif + + for (ptrlen method; get_commasep_word(&methods, &method) ;) { + if (ptrlen_eq_string(method, "publickey")) +@@ -623,10 +625,12 @@ static void ssh2_userauth_process_queue(PacketProtocol + srv_passwd = true; + else if (ptrlen_eq_string(method, "keyboard-interactive")) + srv_keyb_inter = true; ++#ifndef NO_GSSAPI + else if (ptrlen_eq_string(method, "gssapi-with-mic")) + srv_gssapi = true; + else if (ptrlen_eq_string(method, "gssapi-keyex")) + srv_gssapi_keyex_auth = true; ++#endif + } + + /* Added: head/security/putty/files/patch-sshserver.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/putty/files/patch-sshserver.c Tue Mar 26 23:58:56 2019 (r496930) @@ -0,0 +1,48 @@ +--- sshserver.c.orig 2019-03-16 12:26:36 UTC ++++ sshserver.c +@@ -50,7 +50,9 @@ struct server { + PacketProtocolLayer *base_layer; + ConnectionLayer *cl; + ++#ifndef NO_GSSAPI + struct ssh_connection_shared_gss_state gss_state; ++#endif + }; + + static void ssh_server_free_callback(void *vsrv); +@@ -245,9 +247,11 @@ Plug *ssh_server_plug( + bufchain_init(&srv->out_raw); + bufchain_init(&srv->dummy_user_input); + ++#ifndef NO_GSSAPI + /* FIXME: replace with sensible */ + srv->gss_state.libs = snew(struct ssh_gss_liblist); + srv->gss_state.libs->nlibraries = 0; ++#endif + + return &srv->plug; + } +@@ -297,7 +301,9 @@ static void ssh_server_free_callback(void *vsrv) + conf_free(srv->conf); + log_free(srv->logctx); + ++#ifndef NO_GSSAPI + sfree(srv->gss_state.libs); /* FIXME: replace with sensible */ ++#endif + + sfree(srv); + +@@ -442,7 +448,12 @@ static void server_got_ssh_version(struct ssh_version_ + srv->conf, NULL, 0, NULL, + ssh_verstring_get_remote(old_bpp), + ssh_verstring_get_local(old_bpp), +- &srv->gss_state, &srv->stats, transport_child_layer, true); ++#ifndef NO_GSSAPI ++ &srv->gss_state, ++#else ++ NULL, ++#endif ++ &srv->stats, transport_child_layer, true); + ssh2_transport_provide_hostkeys( + srv->base_layer, srv->hostkeys, srv->nhostkeys); + if (userauth_layer)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903262358.x2QNwv2N058138>