Date: Fri, 28 Aug 2009 15:30:02 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.csail.mit.edu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/138284: OpenSSH GSSAPI Key Exchange patch updated Message-ID: <200908281930.n7SJU1Ro065738@khavrinen.csail.mit.edu> Resent-Message-ID: <200908281940.n7SJe4jn058514@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 138284
>Category: ports
>Synopsis: OpenSSH GSSAPI Key Exchange patch updated
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Fri Aug 28 19:40:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Garrett Wollman
>Release: FreeBSD 7.2-RELEASE-p2 amd64
>Organization:
MIT Computer Science & Artificial Intelligence Laboratory
>Environment:
System: FreeBSD khavrinen.csail.mit.edu 7.2-RELEASE-p2 FreeBSD 7.2-RELEASE-p2 #7 r195442M: Wed Jul 8 17:38:11 EDT 2009 wollman@khavrinen.csail.mit.edu:/usr/obj/usr/src/sys/KHAVRINEN amd64
>Description:
Upgrading security/openssh-portable currently fails if you are using
GSSAPI key exchange. Simon Wilkinson has now released a patch for
OpenSSH 5.2p1. Tested and works with krb5-1.6.3_6, including the new
"cascading credentials" function.
>How-To-Repeat:
cd /usr/ports/security/openssh-portable
make
>Fix:
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/openssh-portable/Makefile,v
retrieving revision 1.139
diff -u -r1.139 Makefile
--- Makefile 8 Aug 2009 07:13:49 -0000 1.139
+++ Makefile 28 Aug 2009 19:07:17 -0000
@@ -100,15 +100,17 @@
.if !defined(WITHOUT_KERBEROS)
.if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI)
.if defined(WITH_KERB_GSSAPI)
-BROKEN= KERB_GSSAPI patch incompatible with ${PORTNAME}-5.2p1
PATCH_DIST_STRIP= -p0
PATCH_SITES+= http://www.sxw.org.uk/computing/patches/
-PATCHFILES+= openssh-5.0p1-gsskex-20080404.patch
+PATCHFILES+= openssh-5.2p1-gsskex-all-20090726.patch
.endif
PORTABLE_SUFFIX= # empty
GSSAPI_SUFFIX= -gssapi
CONFLICTS+= openssh-portable-*-[0-9]*
CONFIGURE_ARGS+= --with-kerberos5=${KRB5_HOME}
+.if ${KRB5_HOME} == ${LOCALBASE}
+LIB_DEPENDS+= krb5.3:${PORTSDIR}/security/krb5
+.endif
.if ${OPENSSLBASE} == "/usr"
CONFIGURE_ARGS+= --without-rpath
LDFLAGS= # empty
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/security/openssh-portable/distinfo,v
retrieving revision 1.50
diff -u -r1.50 distinfo
--- distinfo 15 May 2009 11:00:27 -0000 1.50
+++ distinfo 28 Aug 2009 19:07:26 -0000
@@ -1,6 +1,6 @@
MD5 (openssh-5.2p1.tar.gz) = ada79c7328a8551bdf55c95e631e7dad
SHA256 (openssh-5.2p1.tar.gz) = 4023710c37d0b3d79e6299cb79b6de2a31db7d581fe59e775a5351784034ecae
SIZE (openssh-5.2p1.tar.gz) = 1016612
-MD5 (openssh-5.2p1+x509-6.2.diff.gz) = 8dbbfb743226864f6bb49b56e77776d9
-SHA256 (openssh-5.2p1+x509-6.2.diff.gz) = 72cfb1e232b6ae0a9df6e8539a9f6b53db7c0a2141cf2e4dd65b407748fa9f34
-SIZE (openssh-5.2p1+x509-6.2.diff.gz) = 153010
+MD5 (openssh-5.2p1-gsskex-all-20090726.patch) = e5c116b4bc3f4b816206e8403dd08af7
+SHA256 (openssh-5.2p1-gsskex-all-20090726.patch) = 6eb297d6fa74be3323c5e4f53df5b6e1f4edf6bf394e3e707c075846886e18e7
+SIZE (openssh-5.2p1-gsskex-all-20090726.patch) = 90959
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908281930.n7SJU1Ro065738>