From owner-svn-ports-all@FreeBSD.ORG Wed May 6 18:39:42 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 76BA5F3C; Wed, 6 May 2015 18:39:42 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 640F51C28; Wed, 6 May 2015 18:39:42 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t46IdgrZ058485; Wed, 6 May 2015 18:39:42 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t46Idfdw058481; Wed, 6 May 2015 18:39:41 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201505061839.t46Idfdw058481@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Wed, 6 May 2015 18:39:41 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r385541 - in head/security/openssh-portable: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 May 2015 18:39:42 -0000 Author: bdrewery Date: Wed May 6 18:39:41 2015 New Revision: 385541 URL: https://svnweb.freebsd.org/changeset/ports/385541 Log: Fix clients getting 'Bad packet length' and 'Disconnecting: Packet corrupt' when the NONECIPHER option is selected but not the HPN option. The server banner was improperly sending a NULL byte after the newline causing confusion on the client. This was an error in my own modifications to the HPN patch in r383231. This may have occurred with stale builds as well, such as running 'make configure' then 'portsnap update' and then 'make build'. Pointyhat to: bdrewery Reported by: many PR: 199352 Modified: head/security/openssh-portable/Makefile head/security/openssh-portable/files/extra-patch-hpn Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Wed May 6 18:34:58 2015 (r385540) +++ head/security/openssh-portable/Makefile Wed May 6 18:39:41 2015 (r385541) @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 6.8p1 -PORTREVISION= 5 +PORTREVISION= 6 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= ${MASTER_SITE_OPENBSD} Modified: head/security/openssh-portable/files/extra-patch-hpn ============================================================================== --- head/security/openssh-portable/files/extra-patch-hpn Wed May 6 18:34:58 2015 (r385540) +++ head/security/openssh-portable/files/extra-patch-hpn Wed May 6 18:39:41 2015 (r385541) @@ -1200,9 +1200,10 @@ diff -urN -x configure -x config.guess - debug("Authentication succeeded (%s).", authctxt.method->name); } ---- work.clean/openssh-6.8p1/sshd.c 2015-04-01 22:07:18.190233000 -0500 -+++ work/openssh-6.8p1/sshd.c 2015-04-03 17:17:03.227774000 -0500 -@@ -439,7 +439,10 @@ +--- work.clean/openssh-6.8p1/sshd.c.orig 2015-03-17 00:49:20.000000000 -0500 ++++ work/openssh-6.8p1/sshd.c 2015-05-06 13:29:02.129507000 -0500 +@@ -430,8 +430,13 @@ sshd_exchange_identification(int sock_in + minor = PROTOCOL_MINOR_1; } - xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", @@ -1210,11 +1211,13 @@ diff -urN -x configure -x config.guess - major, minor, SSH_VERSION, +#ifdef HPN_ENABLED + options.hpn_disabled ? "" : SSH_HPN, ++#else ++ "", +#endif *options.version_addendum == '\0' ? "" : " ", options.version_addendum, newline); -@@ -1157,6 +1160,10 @@ +@@ -1149,6 +1154,10 @@ server_listen(void) int ret, listen_sock, on = 1; struct addrinfo *ai; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; @@ -1225,7 +1228,7 @@ diff -urN -x configure -x config.guess - for (ai = options.listen_addrs; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) -@@ -1197,6 +1204,13 @@ +@@ -1189,6 +1198,13 @@ server_listen(void) debug("Bind to port %s on %s.", strport, ntop); @@ -1239,7 +1242,7 @@ diff -urN -x configure -x config.guess - /* Bind the socket to the desired port. */ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { error("Bind to port %s on %s failed: %.200s.", -@@ -2167,6 +2181,11 @@ +@@ -2132,6 +2148,11 @@ main(int ac, char **av) remote_ip, remote_port, get_local_ipaddr(sock_in), get_local_port()); @@ -1251,7 +1254,7 @@ diff -urN -x configure -x config.guess - /* * We don't want to listen forever unless the other side * successfully authenticates itself. So we set up an alarm which is -@@ -2566,6 +2585,12 @@ +@@ -2531,6 +2552,12 @@ do_ssh2_kex(void) if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;