Date: Wed, 14 Mar 2012 20:19:34 +0100 From: Mel Flynn <rflynn@acsalaska.net> To: Cy Schubert <Cy.Schubert@komquats.com> Cc: magik@roorback.net, freebsd-ports@freebsd.org Subject: Re: security/openssh-portable Message-ID: <4F60EF46.2040405@acsalaska.net> In-Reply-To: <201203140757.q2E7vk8L071546@slippy.cwsent.com> References: <201203140757.q2E7vk8L071546@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------020907030807030308080002 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello Cy, On 3/14/2012 08:57, Cy Schubert wrote: [snip] > What I propose to do is remove the GSSAPI > patch from security/openssh-portable and for those who need the GSSAPI > server key exchange, create a new port (through a repocopy of course) which > includes the illinois.edu GSI patch with reworked FreeBSD patches resolving > patch conflicts, calling it security/openssh-portable-gsi. Does this make > any sense to anyone? > > Or, instead of the above, just include the GSI patch by default in a > one-size-fits-all openssh-portable port? (Meaning that the GSI patch is > applied regardless.) Does this make more sense to people? Personally, I use HPN and LPK. If KRB5 becomes a requirement for HPN, I don't find that an issue, but others may. I'm also keeping a local fix you might want to properly integrate into the LPK patch: it fixes a bug that TLS cannot be turned off if LPKLdapConf is used. -- Mel --------------020907030807030308080002 Content-Type: text/plain; name="openssh-tls.fix" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="openssh-tls.fix" Index: Makefile =================================================================== RCS file: /home/ncvs/ports/security/openssh-portable/Makefile,v retrieving revision 1.157 diff -u -r1.157 Makefile --- Makefile 23 Dec 2011 12:52:28 -0000 1.157 +++ Makefile 14 Mar 2012 19:09:36 -0000 @@ -205,6 +205,9 @@ @${REINPLACE_CMD} -e 's|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION SSH_PORTABLE SSH_HPN|' \ ${WRKSRC}/version.h .endif +.if defined(WITH_LPK) + @${PATCH} ${PATCH_DIST_ARGS} < ${FILESDIR}/fix-lpk-tls.patch +.endif pre-su-install: @${MKDIR} ${EMPTYDIR} Index: files/fix-lpk-tls.patch =================================================================== RCS file: files/fix-lpk-tls.patch diff -N files/fix-lpk-tls.patch --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/fix-lpk-tls.patch 2 Jan 2012 17:26:37 -0000 @@ -0,0 +1,11 @@ +--- ldapauth.c.prev 2012-01-02 07:15:19.000000000 -0900 ++++ ldapauth.c 2012-01-02 08:21:23.000000000 -0900 +@@ -565,6 +565,8 @@ + else if (!strcasecmp (k, "ssl")) { + if (!strcasecmp (v, "start_tls")) + l->tls = 1; ++ else if (!strcasecmp(v, "off")) ++ l->tls = 0; + } + } + --------------020907030807030308080002--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F60EF46.2040405>