Date: Wed, 14 Mar 2012 20:19:34 +0100 From: Mel Flynn <rflynn@acsalaska.net> To: Cy Schubert <Cy.Schubert@komquats.com> Cc: magik@roorback.net, freebsd-ports@freebsd.org Subject: Re: security/openssh-portable Message-ID: <4F60EF46.2040405@acsalaska.net> In-Reply-To: <201203140757.q2E7vk8L071546@slippy.cwsent.com> References: <201203140757.q2E7vk8L071546@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------020907030807030308080002
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Hello Cy,
On 3/14/2012 08:57, Cy Schubert wrote:
[snip]
> What I propose to do is remove the GSSAPI
> patch from security/openssh-portable and for those who need the GSSAPI
> server key exchange, create a new port (through a repocopy of course) which
> includes the illinois.edu GSI patch with reworked FreeBSD patches resolving
> patch conflicts, calling it security/openssh-portable-gsi. Does this make
> any sense to anyone?
>
> Or, instead of the above, just include the GSI patch by default in a
> one-size-fits-all openssh-portable port? (Meaning that the GSI patch is
> applied regardless.) Does this make more sense to people?
Personally, I use HPN and LPK. If KRB5 becomes a requirement for HPN, I
don't find that an issue, but others may.
I'm also keeping a local fix you might want to properly integrate into
the LPK patch: it fixes a bug that TLS cannot be turned off if
LPKLdapConf is used.
--
Mel
--------------020907030807030308080002
Content-Type: text/plain;
name="openssh-tls.fix"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="openssh-tls.fix"
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/openssh-portable/Makefile,v
retrieving revision 1.157
diff -u -r1.157 Makefile
--- Makefile 23 Dec 2011 12:52:28 -0000 1.157
+++ Makefile 14 Mar 2012 19:09:36 -0000
@@ -205,6 +205,9 @@
@${REINPLACE_CMD} -e 's|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION SSH_PORTABLE SSH_HPN|' \
${WRKSRC}/version.h
.endif
+.if defined(WITH_LPK)
+ @${PATCH} ${PATCH_DIST_ARGS} < ${FILESDIR}/fix-lpk-tls.patch
+.endif
pre-su-install:
@${MKDIR} ${EMPTYDIR}
Index: files/fix-lpk-tls.patch
===================================================================
RCS file: files/fix-lpk-tls.patch
diff -N files/fix-lpk-tls.patch
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/fix-lpk-tls.patch 2 Jan 2012 17:26:37 -0000
@@ -0,0 +1,11 @@
+--- ldapauth.c.prev 2012-01-02 07:15:19.000000000 -0900
++++ ldapauth.c 2012-01-02 08:21:23.000000000 -0900
+@@ -565,6 +565,8 @@
+ else if (!strcasecmp (k, "ssl")) {
+ if (!strcasecmp (v, "start_tls"))
+ l->tls = 1;
++ else if (!strcasecmp(v, "off"))
++ l->tls = 0;
+ }
+ }
+
--------------020907030807030308080002--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F60EF46.2040405>