From owner-svn-ports-head@freebsd.org Thu Apr 12 04:28:02 2018 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0E8ABF8D906; Thu, 12 Apr 2018 04:28:02 +0000 (UTC) (envelope-from leres@freebsd.org) Received: from xse.com (xse.com [IPv6:2607:f2f8:abb8::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "xse.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8BE0F82DA8; Thu, 12 Apr 2018 04:28:01 +0000 (UTC) (envelope-from leres@freebsd.org) Received-SPF: pass (dot.xse.com: authenticated connection) receiver=dot.xse.com; client-ip=2001:558:6045:10:9084:9e0:4b6d:eb99; helo=ice.alameda.xse.com; envelope-from=leres@freebsd.org; x-software=spfmilter 2.001 http://www.acme.com/software/spfmilter/ with libspf2-1.2.10; Received: from ice.alameda.xse.com (ice.xse.com [IPv6:2001:558:6045:10:9084:9e0:4b6d:eb99]) (authenticated bits=0) by dot.xse.com (8.15.2/8.15.2) with ESMTPSA id w3C4RvVv010299 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 11 Apr 2018 21:28:00 -0700 (PDT) (envelope-from leres@freebsd.org) X-Authentication-Warning: dot.xse.com: Host ice.xse.com [IPv6:2001:558:6045:10:9084:9e0:4b6d:eb99] claimed to be ice.alameda.xse.com Subject: Re: svn commit: r466577 - in head/security/openssh-portable: . files From: Craig Leres To: Bryan Drewery , ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org References: <201804051820.w35IKpi2062956@repo.freebsd.org> <295c901e-d369-fe1b-4f6b-cff59098e166@freebsd.org> Message-ID: Date: Wed, 11 Apr 2018 21:27:57 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <295c901e-d369-fe1b-4f6b-cff59098e166@freebsd.org> Content-Type: multipart/mixed; boundary="------------C356794F9D6559B083B3D6DB" Content-Language: en-US X-Virus-Scanned: clamav-milter 0.99.4 at dot.xse.com X-Virus-Status: Clean X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Apr 2018 04:28:02 -0000 This is a multi-part message in MIME format. --------------C356794F9D6559B083B3D6DB Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit On 04/06/18 18:12, Craig Leres wrote: > This version breaks sshfp support I poked at this and the issue is that a block of code that canonicalizes the host supplied on the command teleported from main() to ssh_session2(). What the VerifyHostKeyDNS yes path now encounters is that the non-canonical version of the hostname is used for the SSHFP lookup. The base problem is that files/patch-ssh.c has not been updated recently and somehow manages to be applied to the wrong part of ssh.c. Attached is an updated patch.ssh.c Craig --------------C356794F9D6559B083B3D6DB Content-Type: text/plain; charset=UTF-8; name="patch-ssh.c" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="patch-ssh.c" LS0tIHNzaC5jLm9yaWcJMjAxOC0wNC0wMiAwNTozODoyOCBVVEMKKysrIHNzaC5jCkBAIC0x MjgxLDYgKzEyODEsMjMgQEAgbWFpbihpbnQgYWMsIGNoYXIgKiphdikKIAlzc2hfZGlnZXN0 X2ZyZWUobWQpOwogCWNvbm5faGFzaF9oZXggPSB0b2hleChjb25uX2hhc2gsIHNzaF9kaWdl c3RfYnl0ZXMoU1NIX0RJR0VTVF9TSEExKSk7CiAKKwkvKiBGaW5kIGNhbm9uaWMgaG9zdCBu YW1lLiAqLworCWlmIChzdHJjaHIoaG9zdCwgJy4nKSA9PSAwKSB7CisJCXN0cnVjdCBhZGRy aW5mbyBoaW50czsKKwkJc3RydWN0IGFkZHJpbmZvICphaSA9IE5VTEw7CisJCWludCBlcnJn YWk7CisJCW1lbXNldCgmaGludHMsIDAsIHNpemVvZihoaW50cykpOworCQloaW50cy5haV9m YW1pbHkgPSBvcHRpb25zLmFkZHJlc3NfZmFtaWx5OworCQloaW50cy5haV9mbGFncyA9IEFJ X0NBTk9OTkFNRTsKKwkJaGludHMuYWlfc29ja3R5cGUgPSBTT0NLX1NUUkVBTTsKKwkJZXJy Z2FpID0gZ2V0YWRkcmluZm8oaG9zdCwgTlVMTCwgJmhpbnRzLCAmYWkpOworCQlpZiAoZXJy Z2FpID09IDApIHsKKwkJCWlmIChhaS0+YWlfY2Fub25uYW1lICE9IE5VTEwpCisJCQkJaG9z dCA9IHhzdHJkdXAoYWktPmFpX2Nhbm9ubmFtZSk7CisJCQlmcmVlYWRkcmluZm8oYWkpOwor CQl9CisJfQorCiAJLyoKIAkgKiBFeHBhbmQgdG9rZW5zIGluIGFyZ3VtZW50cy4gTkIuIExv Y2FsQ29tbWFuZCBpcyBleHBhbmRlZCBsYXRlciwKIAkgKiBhZnRlciBwb3J0LWZvcndhcmRp bmcgaXMgc2V0IHVwLCBzbyBpdCBtYXkgcGljayB1cCBhbnkgbG9jYWwK --------------C356794F9D6559B083B3D6DB--