From owner-freebsd-ports@FreeBSD.ORG  Sun Jun 24 17:46:21 2012
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 855D4106564A
	for <ports@freebsd.org>; Sun, 24 Jun 2012 17:46:21 +0000 (UTC)
	(envelope-from rsimmons0@gmail.com)
Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com
	[209.85.212.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 3108D8FC08
	for <ports@freebsd.org>; Sun, 24 Jun 2012 17:46:21 +0000 (UTC)
Received: by vbmv11 with SMTP id v11so2025406vbm.13
	for <ports@freebsd.org>; Sun, 24 Jun 2012 10:46:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:content-type; bh=hVg7MjEY98npEX4uULDrv13eeJipEY0nzm6sb3dIaNo=;
	b=g5BqHGTDo0e/5EV3/e+QYhifwkh9hKgDGu26ocXroo3HHk3WGNyJgvraOIEvTmm/iQ
	xy9iTwvlwAVxrgrwz7TWs2/DhgLuW6dMC9gVZ0Ne6D7LDcJdJzQpvZKdjxLgRwbDaDjl
	kqJJbiSyKCaikUqDxWKMGPSfesHfBx2N4fJIU30XRQSVU+REe/k6pEfi0b0u+OGb+sd0
	tyQMVBV9Qe545Oxue/I8+xT+swlTnyxZElaVpZ55Pg78FQjkJ9ldfYQnkT/M83Cfpr2s
	uu0FhcwQgI9BywFBYOnXMhx9GzBsAeCgrRTqolitmFsDtdGlNg2UYfsBYP+CN/jQGwat
	yjxA==
MIME-Version: 1.0
Received: by 10.221.9.197 with SMTP id ox5mr5860861vcb.17.1340559980649; Sun,
	24 Jun 2012 10:46:20 -0700 (PDT)
Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 10:46:20 -0700 (PDT)
In-Reply-To: <20120624171753.GA15646@DataIX.net>
References: <20120624171753.GA15646@DataIX.net>
Date: Sun, 24 Jun 2012 13:46:20 -0400
Message-ID: <CA+QLa9Av=G98qc1jh00M6u2TBLsG0k0TLS2ujk1YnWTV9TyVFQ@mail.gmail.com>
From: Robert Simmons <rsimmons0@gmail.com>
To: ports@freebsd.org
Content-Type: multipart/mixed; boundary=bcaec54eeec6725d7304c33b71fc
Cc: 
Subject: Re: security/openssh-portable line # 82 of rc.d/openssh generates
 DSA not ECDSA
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jun 2012 17:46:21 -0000

--bcaec54eeec6725d7304c33b71fc
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Sun, Jun 24, 2012 at 1:17 PM, J. Hellenthal <jhellenthal@dataix.net> wro=
te:
>
> As stated in the subject
>
> if [ -f /usr/local/etc/ssh/ssh_host_ecdsa_key ]; then
> =A0 =A0 =A0 =A0echo "You already have a Elliptic Curve DSA host key" \
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"in /usr/local/etc/ssh/ssh_host_ecdsa_key"
> =A0 =A0 =A0 =A0echo "Skipping protocol version 2 Elliptic Curve DSA Key G=
eneration"
> else
> =A0 =A0 =A0 =A0/usr/local/bin/ssh-keygen -t dsa \
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0-f /usr/local/etc/ssh/ssh_host_ecdsa_key -=
N ''
> fi
>
>
> Specifically "/usr/local/bin/ssh-keygen -t dsa" needs to be changed to
> "-t ecdsa" to be correct. Otherwise we are just reimplementing a DSA key
> in a different file.

Good eye.  I'm in the process of updating that port to 6.0p1.  There
are quite a lot of local patches that are part of the port.  At the
moment I'm muddling through what they do and whether they can be
removed or not.  I didn't even notice this problem.

I've attached a pair of patches that correct this problem.  Open a PR
about this, and you can attach these patches to it.  I'm not the
maintainer nor do I have commit privileges, but if you open a PR, I'm
sure someone will make the change.

--bcaec54eeec6725d7304c33b71fc
Content-Type: application/octet-stream; name="Makefile.diff"
Content-Disposition: attachment; filename="Makefile.diff"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_h3ueqndo1

LS0tIHBvcnRzL3NlY3VyaXR5L29wZW5zc2gtcG9ydGFibGUvTWFrZWZpbGUub2xkCTIwMTItMDYt
MjQgMTM6NDA6NDAuNzc1MjAzOTExIC0wNDAwCisrKyBwb3J0cy9zZWN1cml0eS9vcGVuc3NoLXBv
cnRhYmxlL01ha2VmaWxlCTIwMTItMDYtMjQgMTM6NDE6MzkuMzUxMjAyNzYxIC0wNDAwCkBAIC03
LDcgKzcsNyBAQAogCiBQT1JUTkFNRT0Jb3BlbnNzaAogRElTVFZFUlNJT049CTUuOHAyCi1QT1JU
UkVWSVNJT049CTIKK1BPUlRSRVZJU0lPTj0JMwogUE9SVEVQT0NIPQkxCiBDQVRFR09SSUVTPQlz
ZWN1cml0eSBpcHY2CiBNQVNURVJfU0lURVM9CSR7TUFTVEVSX1NJVEVfT1BFTkJTRH0K
--bcaec54eeec6725d7304c33b71fc
Content-Type: application/octet-stream; name="openssh.in.diff"
Content-Disposition: attachment; filename="openssh.in.diff"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_h3ueqt412

LS0tIHBvcnRzL3NlY3VyaXR5L29wZW5zc2gtcG9ydGFibGUvZmlsZXMvb3BlbnNzaC5pbi5vbGQJ
MjAxMi0wNi0yNCAxMzo0MDo1My4yODcyMDM2NjUgLTA0MDAKKysrIHBvcnRzL3NlY3VyaXR5L29w
ZW5zc2gtcG9ydGFibGUvZmlsZXMvb3BlbnNzaC5pbgkyMDEyLTA2LTI0IDEzOjQxOjI2Ljk2MzIw
MzAwNCAtMDQwMApAQCAtNzksNyArNzksNyBAQAogCQkJCSJpbiAlJUVUQ1NTSCUlL3NzaF9ob3N0
X2VjZHNhX2tleSIKIAkJCWVjaG8gIlNraXBwaW5nIHByb3RvY29sIHZlcnNpb24gMiBFbGxpcHRp
YyBDdXJ2ZSBEU0EgS2V5IEdlbmVyYXRpb24iCiAJCWVsc2UKLQkJCSUlUFJFRklYJSUvYmluL3Nz
aC1rZXlnZW4gLXQgZHNhIFwKKwkJCSUlUFJFRklYJSUvYmluL3NzaC1rZXlnZW4gLXQgZWNkc2Eg
XAogCQkJCS1mICUlRVRDU1NIJSUvc3NoX2hvc3RfZWNkc2Ffa2V5IC1OICcnCiAJCWZpCiAJZmkK
--bcaec54eeec6725d7304c33b71fc--