From owner-svn-ports-head@freebsd.org Wed Jan 20 02:18:43 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D3D0DA89268; Wed, 20 Jan 2016 02:18:43 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ADB651FE7; Wed, 20 Jan 2016 02:18:43 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u0K2IgTx028060; Wed, 20 Jan 2016 02:18:42 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u0K2IgM5028056; Wed, 20 Jan 2016 02:18:42 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201601200218.u0K2IgM5028056@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Wed, 20 Jan 2016 02:18:42 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r406725 - in head/security/openssh-portable: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jan 2016 02:18:44 -0000 Author: bdrewery Date: Wed Jan 20 02:18:42 2016 New Revision: 406725 URL: https://svnweb.freebsd.org/changeset/ports/406725 Log: Fix the KERB_GSSAPI option using the latest patch from Debian. This slightly refactors some of the HPN patch to avoid a conflict. PR: 206346 Submitted by: Garret Wollman Added: head/security/openssh-portable/files/extra-patch-hpn-gss-glue (contents, props changed) Modified: head/security/openssh-portable/Makefile head/security/openssh-portable/distinfo head/security/openssh-portable/files/extra-patch-hpn Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Wed Jan 20 00:59:56 2016 (r406724) +++ head/security/openssh-portable/Makefile Wed Jan 20 02:18:42 2016 (r406725) @@ -90,6 +90,19 @@ PATCH_SITES+= http://mirror.shatow.net/ EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}} .endif +# Must add this patch before HPN due to conflicts +.if ${PORT_OPTIONS:MKERB_GSSAPI} +# 7.1 patch taken from +# http://sources.debian.net/data/main/o/openssh/1:7.1p2-2/debian/patches/gssapi.patch +# which was originally based on 5.7 patch from +# http://www.sxw.org.uk/computing/patches/ +. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} +# Needed glue for applying HPN patch without conflict +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue +. endif +PATCHFILES+= openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz:-p1:gsskex +.endif + # http://www.psc.edu/index.php/hpn-ssh https://github.com/rapier1/hpn-ssh https://github.com/rapier1/openssh-portable .if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} PORTDOCS+= HPN-README @@ -100,15 +113,6 @@ HPN_DISTVERSION= 6.7p1 EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn:-p2 .endif -# Must add this patch after HPN due to conflicts -.if ${PORT_OPTIONS:MKERB_GSSAPI} -# 6.7 patch taken from -# http://sources.debian.net/data/main/o/openssh/1:6.7p1-3/debian/patches/gssapi.patch -# which was originally based on 5.7 patch from -# http://www.sxw.org.uk/computing/patches/ -PATCHFILES+= openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz:-p1:gsskex -.endif - CONFIGURE_LIBS+= -lutil CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog @@ -134,10 +138,6 @@ BROKEN= X509 patch incompatible with KE .endif -. if ${PORT_OPTIONS:MKERB_GSSAPI} -BROKEN= Does not apply to 6.8 -. endif - .if ${PORT_OPTIONS:MHEIMDAL_BASE} && ${PORT_OPTIONS:MKERB_GSSAPI} BROKEN= KERB_GSSAPI Requires either MIT or HEMIDAL, does not build with base Heimdal currently .endif Modified: head/security/openssh-portable/distinfo ============================================================================== --- head/security/openssh-portable/distinfo Wed Jan 20 00:59:56 2016 (r406724) +++ head/security/openssh-portable/distinfo Wed Jan 20 02:18:42 2016 (r406725) @@ -4,5 +4,5 @@ SHA256 (openssh-6.8p1-sctp-2573.patch.gz SIZE (openssh-6.8p1-sctp-2573.patch.gz) = 8531 SHA256 (openssh-7.0p1+x509-8.5.diff.gz) = 6000557f1ddae06aff8837d440d93342a923fada571fec59fc5dedf388fb5f9e SIZE (openssh-7.0p1+x509-8.5.diff.gz) = 411960 -SHA256 (openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz) = 9a361408269a542d28dae77320f30e94a44098acdbbbc552efb0bdeac6270dc8 -SIZE (openssh-6.7p1-gsskex-all-20141021-284f364.patch.gz) = 25825 +SHA256 (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 420f3ee70705de57bb9a9ad66e72c1d40c318d8a882815d108816687fcc79b62 +SIZE (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 25798 Modified: head/security/openssh-portable/files/extra-patch-hpn ============================================================================== --- head/security/openssh-portable/files/extra-patch-hpn Wed Jan 20 00:59:56 2016 (r406724) +++ head/security/openssh-portable/files/extra-patch-hpn Wed Jan 20 02:18:42 2016 (r406725) @@ -1110,8 +1110,8 @@ diff -urN -x configure -x config.guess - } if (roaming_atomicio(vwrite, connection_out, client_version_string, strlen(client_version_string)) != strlen(client_version_string)) ---- work.clean/openssh-6.8p1/sshconnect2.c 2015-03-17 00:49:20.000000000 -0500 -+++ work/openssh-6.8p1/sshconnect2.c 2015-04-03 16:54:23.936298000 -0500 +--- work.clean/openssh-7.1p2/sshconnect2.c.orig 2016-01-13 17:10:45.000000000 -0800 ++++ work.clean/openssh-7.1p2/sshconnect2.c 2016-01-19 17:49:17.929000000 -0800 @@ -80,6 +80,14 @@ extern char *client_version_string; extern char *server_version_string; @@ -1127,7 +1127,7 @@ diff -urN -x configure -x config.guess - /* * SSH2 key exchange -@@ -153,13 +161,16 @@ +@@ -153,13 +161,16 @@ order_hostkeyalgs(char *host, struct soc return ret; } @@ -1145,18 +1145,17 @@ diff -urN -x configure -x config.guess - xxx_host = host; xxx_hostaddr = hostaddr; -@@ -222,6 +233,10 @@ - kex->server_version_string=server_version_string; - kex->verify_host_key=&verify_host_key_callback; - +@@ -232,6 +243,9 @@ ssh_kex2(char *host, struct sockaddr *ho + packet_send(); + packet_write_wait(); + #endif +#ifdef NONE_CIPHER_ENABLED + xxx_kex = kex; +#endif -+ - dispatch_run(DISPATCH_BLOCK, &kex->done, active_state); + } - if (options.use_roaming && !kex->roaming) { -@@ -423,6 +438,29 @@ + /* +@@ -416,6 +430,29 @@ ssh_userauth2(const char *local_user, co pubkey_cleanup(&authctxt); dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); Added: head/security/openssh-portable/files/extra-patch-hpn-gss-glue ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openssh-portable/files/extra-patch-hpn-gss-glue Wed Jan 20 02:18:42 2016 (r406725) @@ -0,0 +1,24 @@ +--- sshconnect2.c.orig 2016-01-19 18:10:12.550854000 -0800 ++++ sshconnect2.c 2016-01-19 18:10:27.290409000 -0800 +@@ -160,11 +160,6 @@ ssh_kex2(char *host, struct sockaddr *ho + struct kex *kex; + int r; + +-#ifdef GSSAPI +- char *orig = NULL, *gss = NULL; +- char *gss_host = NULL; +-#endif +- + xxx_host = host; + xxx_hostaddr = hostaddr; + +@@ -199,6 +194,9 @@ ssh_kex2(char *host, struct sockaddr *ho + } + + #ifdef GSSAPI ++ char *orig = NULL, *gss = NULL; ++ char *gss_host = NULL; ++ + if (options.gss_keyex) { + /* Add the GSSAPI mechanisms currently supported on this + * client to the key exchange algorithm proposal */