Date: Thu, 3 May 2018 23:39:11 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r468998 - in head/security/openssh-portable: . files Message-ID: <201805032339.w43NdBk8091997@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Thu May 3 23:39:10 2018 New Revision: 468998 URL: https://svnweb.freebsd.org/changeset/ports/468998 Log: - Add XMSS option to enable experimental key support added in 7.7 [1] - Bring in upstream patches post 7.7 to fix various issues [2]: b81b2d120e9c8a83489e241620843687758925ad - Fix tunnel forwarding broken in 7.7p1 341727df910e12e26ef161508ed76d91c40a61eb - don't kill ssh-agent's listening socket entriely if we fail to accept a connection 85fe48fd49f2e81fa30902841b362cfbb7f1933b - don't free the %C expansion, it's used later for LocalCommand 868afa68469de50d8a43e5daf867d7c624a34d20 - Disable SSH2_MSG_DEBUG messages for Twisted Conch clients f5baa36ba79a6e8c534fb4e0a00f2614ccc42ea6 - Omit 3des-cbc if OpenSSL built without DES PR: 227758 [1] Submitted by: IWAMOTO Kouichi <sue@iwmt.org> [1] PR: 227551 [2] Reported by: rozhuk.im@gmail.com [2] Obtained from: upstream mirror https://github.com/openssh/openssh-portable [2] Added: head/security/openssh-portable/files/patch-341727df910e12e26ef161508ed76d91c40a61eb (contents, props changed) head/security/openssh-portable/files/patch-85fe48fd49f2e81fa30902841b362cfbb7f1933b (contents, props changed) head/security/openssh-portable/files/patch-868afa68469de50d8a43e5daf867d7c624a34d20 (contents, props changed) head/security/openssh-portable/files/patch-b81b2d120e9c8a83489e241620843687758925ad (contents, props changed) head/security/openssh-portable/files/patch-f5baa36ba79a6e8c534fb4e0a00f2614ccc42ea6 (contents, props changed) Modified: head/security/openssh-portable/Makefile Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Thu May 3 23:33:40 2018 (r468997) +++ head/security/openssh-portable/Makefile Thu May 3 23:39:10 2018 (r468998) @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 7.7p1 -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= OPENBSD/OpenSSH/portable @@ -31,7 +31,7 @@ BROKEN_SSL_REASON_openssl-devel= error: OpenSSL >= 1.1 OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT BSM \ HPN X509 KERB_GSSAPI \ - LDNS NONECIPHER + LDNS NONECIPHER XMSS OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS OPTIONS_RADIO= KERBEROS OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE @@ -45,6 +45,7 @@ HEIMDAL_DESC= Heimdal Kerberos (security/heimdal) HEIMDAL_BASE_DESC= Heimdal Kerberos (base) MIT_DESC= MIT Kerberos (security/krb5) NONECIPHER_DESC= NONE Cipher support +XMSS_DESC= XMSS key support (experimental) OPTIONS_SUB= yes @@ -193,6 +194,9 @@ post-patch: ${WRKSRC}/sshd_config.5 @${ECHO_CMD} '#define SSH_VERSION_FREEBSD_PORT "${VERSION_ADDENDUM_DEFAULT}"' >> \ ${WRKSRC}/version.h + +post-configure-XMSS-on: + @${ECHO_CMD} "#define WITH_XMSS 1" >> ${WRKSRC}/config.h post-install: ${MV} ${STAGEDIR}${ETCDIR}/ssh_config \ Added: head/security/openssh-portable/files/patch-341727df910e12e26ef161508ed76d91c40a61eb ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openssh-portable/files/patch-341727df910e12e26ef161508ed76d91c40a61eb Thu May 3 23:39:10 2018 (r468998) @@ -0,0 +1,35 @@ +From 341727df910e12e26ef161508ed76d91c40a61eb Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Mon, 9 Apr 2018 23:54:49 +0000 +Subject: [PATCH] upstream: don't kill ssh-agent's listening socket entriely if + we + +fail to accept a connection; bz#2837, patch from Lukas Kuster + +OpenBSD-Commit-ID: 52413f5069179bebf30d38f524afe1a2133c738f +--- + ssh-agent.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git ssh-agent.c ssh-agent.c +index 2a4578b03..68de56ce6 100644 +--- ssh-agent.c ++++ ssh-agent.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: ssh-agent.c,v 1.228 2018/02/23 15:58:37 markus Exp $ */ ++/* $OpenBSD: ssh-agent.c,v 1.229 2018/04/09 23:54:49 djm Exp $ */ + /* + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland +@@ -909,9 +909,8 @@ after_poll(struct pollfd *pfd, size_t npfd) + /* Process events */ + switch (sockets[socknum].type) { + case AUTH_SOCKET: +- if ((pfd[i].revents & (POLLIN|POLLERR)) != 0 && +- handle_socket_read(socknum) != 0) +- close_socket(&sockets[socknum]); ++ if ((pfd[i].revents & (POLLIN|POLLERR)) != 0) ++ handle_socket_read(socknum); + break; + case AUTH_CONNECTION: + if ((pfd[i].revents & (POLLIN|POLLERR)) != 0 && Added: head/security/openssh-portable/files/patch-85fe48fd49f2e81fa30902841b362cfbb7f1933b ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openssh-portable/files/patch-85fe48fd49f2e81fa30902841b362cfbb7f1933b Thu May 3 23:39:10 2018 (r468998) @@ -0,0 +1,24 @@ +From 85fe48fd49f2e81fa30902841b362cfbb7f1933b Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Sat, 14 Apr 2018 21:50:41 +0000 +Subject: [PATCH] upstream: don't free the %C expansion, it's used later for + +LocalCommand + +OpenBSD-Commit-ID: 857b5cb37b2d856bfdfce61289a415257a487fb1 +--- + ssh.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git ssh.c ssh.c +index d3619fe29..9c011dd7e 100644 +--- ssh.c ++++ ssh.c +@@ -1323,7 +1323,6 @@ main(int ac, char **av) + (char *)NULL); + free(cp); + } +- free(conn_hash_hex); + + if (config_test) { + dump_client_config(&options, host); Added: head/security/openssh-portable/files/patch-868afa68469de50d8a43e5daf867d7c624a34d20 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openssh-portable/files/patch-868afa68469de50d8a43e5daf867d7c624a34d20 Thu May 3 23:39:10 2018 (r468998) @@ -0,0 +1,36 @@ +From 868afa68469de50d8a43e5daf867d7c624a34d20 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Mon, 16 Apr 2018 22:50:44 +0000 +Subject: [PATCH] upstream: Disable SSH2_MSG_DEBUG messages for Twisted Conch + clients + +without version numbers since they choke on them under some circumstances. +https://twistedmatrix.com/trac/ticket/9422 via Colin Watson + +Newer Conch versions have a version number in their ident string and +handle debug messages okay. https://twistedmatrix.com/trac/ticket/9424 + +OpenBSD-Commit-ID: 6cf7be262af0419c58ddae11324d9c0dc1577539 +--- + compat.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git compat.c compat.c +index 861e9e21f..1c0e08732 100644 +--- compat.c ++++ compat.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: compat.c,v 1.106 2018/02/16 04:43:11 dtucker Exp $ */ ++/* $OpenBSD: compat.c,v 1.107 2018/04/16 22:50:44 djm Exp $ */ + /* + * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. + * +@@ -128,6 +128,8 @@ compat_datafellows(const char *version) + SSH_OLD_DHGEX }, + { "ConfD-*", + SSH_BUG_UTF8TTYMODE }, ++ { "Twisted_*", 0 }, ++ { "Twisted*", SSH_BUG_DEBUG }, + { NULL, 0 } + }; + Added: head/security/openssh-portable/files/patch-b81b2d120e9c8a83489e241620843687758925ad ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openssh-portable/files/patch-b81b2d120e9c8a83489e241620843687758925ad Thu May 3 23:39:10 2018 (r468998) @@ -0,0 +1,32 @@ +From b81b2d120e9c8a83489e241620843687758925ad Mon Sep 17 00:00:00 2001 +From: Damien Miller <djm@mindrot.org> +Date: Fri, 13 Apr 2018 13:38:06 +1000 +Subject: [PATCH] Fix tunnel forwarding broken in 7.7p1 + +bz2855, ok dtucker@ +--- + openbsd-compat/port-net.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git openbsd-compat/port-net.c openbsd-compat/port-net.c +index 7050629c3..bb535626f 100644 +--- openbsd-compat/port-net.c ++++ openbsd-compat/port-net.c +@@ -185,7 +185,7 @@ sys_tun_open(int tun, int mode, char **ifname) + else + debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd); + +- if (ifname != NULL && (*ifname = strdup(ifr.ifr_name))) ++ if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL) + goto failed; + + return (fd); +@@ -272,7 +272,7 @@ sys_tun_open(int tun, int mode, char **ifname) + goto failed; + } + +- if (ifname != NULL && (*ifname = strdup(ifr.ifr_name))) ++ if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL) + goto failed; + + close(sock); Added: head/security/openssh-portable/files/patch-f5baa36ba79a6e8c534fb4e0a00f2614ccc42ea6 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/openssh-portable/files/patch-f5baa36ba79a6e8c534fb4e0a00f2614ccc42ea6 Thu May 3 23:39:10 2018 (r468998) @@ -0,0 +1,24 @@ +From f5baa36ba79a6e8c534fb4e0a00f2614ccc42ea6 Mon Sep 17 00:00:00 2001 +From: Darren Tucker <dtucker@dtucker.net> +Date: Thu, 19 Apr 2018 09:53:14 +1000 +Subject: [PATCH] Omit 3des-cbc if OpenSSL built without DES. + +Patch from hongxu.jia at windriver.com, ok djm@ +--- + cipher.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git cipher.c cipher.c +index 578763616..a72682a82 100644 +--- cipher.c ++++ cipher.c +@@ -82,7 +82,9 @@ struct sshcipher { + + static const struct sshcipher ciphers[] = { + #ifdef WITH_OPENSSL ++#ifndef OPENSSL_NO_DES + { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, ++#endif + { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc }, + { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc }, + { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201805032339.w43NdBk8091997>