From owner-freebsd-ports@FreeBSD.ORG Sun Jun 24 18:38:55 2012 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 64B4A1065673 for ; Sun, 24 Jun 2012 18:38:55 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 1B4358FC15 for ; Sun, 24 Jun 2012 18:38:55 +0000 (UTC) Received: by vbmv11 with SMTP id v11so2038881vbm.13 for ; Sun, 24 Jun 2012 11:38:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=vztcOoIVIH1SuuO4nVsXSuvh8XglwNmH6Z0xP9ONfAI=; b=HQmtSbGnWJgofOy/Oovs2x5wX2+uGrF67haCB51JDZ5zvWaeEvoGN4j+qG42f1TI6f oty1tRx0lR3BAhkwf/YLcWhgQhU7ZVjwX+4Emso9+1RusHg3do057yl0IjwFohHnoNRq aoZmO2ua3noMAT923wfrs6EMkYm/zy0jJZTs3/9Cj5eQx1VLBS/5YMbyW6nogeXGdoaQ eOMxpMZgGQcMT2EI9dajfw9S+QCCNKa0bNlCW+1BkEobpY2uTiMsLaGDIoUXwp5qsnVY T0jxr93Dt8NPQ7zE1FqjnpzpEvgkPwvlxlVsGLkk8nODfyIFFH0vU7EWdP/9cOHXrXLv G0aQ== MIME-Version: 1.0 Received: by 10.220.115.12 with SMTP id g12mr5920406vcq.44.1340563134355; Sun, 24 Jun 2012 11:38:54 -0700 (PDT) Received: by 10.52.16.148 with HTTP; Sun, 24 Jun 2012 11:38:54 -0700 (PDT) In-Reply-To: <20120624182452.GB4715@DataIX.net> References: <20120624171753.GA15646@DataIX.net> <20120624182452.GB4715@DataIX.net> Date: Sun, 24 Jun 2012 14:38:54 -0400 Message-ID: From: Robert Simmons To: "J. Hellenthal" Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: ports@freebsd.org Subject: Re: security/openssh-portable line # 82 of rc.d/openssh generates DSA not ECDSA X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Jun 2012 18:38:55 -0000 On Sun, Jun 24, 2012 at 2:24 PM, J. Hellenthal wro= te: > On Sun, Jun 24, 2012 at 01:46:20PM -0400, Robert Simmons wrote: >> On Sun, Jun 24, 2012 at 1:17 PM, J. Hellenthal = wrote: >> > >> > As stated in the subject >> > >> > if [ -f /usr/local/etc/ssh/ssh_host_ecdsa_key ]; then >> > =A0 =A0 =A0 =A0echo "You already have a Elliptic Curve DSA host key" \ >> > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0"in /usr/local/etc/ssh/ssh_host_ecdsa_k= ey" >> > =A0 =A0 =A0 =A0echo "Skipping protocol version 2 Elliptic Curve DSA Ke= y Generation" >> > else >> > =A0 =A0 =A0 =A0/usr/local/bin/ssh-keygen -t dsa \ >> > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0-f /usr/local/etc/ssh/ssh_host_ecdsa_ke= y -N '' >> > fi >> > >> > >> > Specifically "/usr/local/bin/ssh-keygen -t dsa" needs to be changed to >> > "-t ecdsa" to be correct. Otherwise we are just reimplementing a DSA k= ey >> > in a different file. >> >> Good eye. =A0I'm in the process of updating that port to 6.0p1. =A0There >> are quite a lot of local patches that are part of the port. =A0At the >> moment I'm muddling through what they do and whether they can be >> removed or not. =A0I didn't even notice this problem. >> >> I've attached a pair of patches that correct this problem. =A0Open a PR >> about this, and you can attach these patches to it. =A0I'm not the >> maintainer nor do I have commit privileges, but if you open a PR, I'm >> sure someone will make the change. > > Should have also said the changes were already committed. I also want to see what can be pushed upstream. I understand that the OpenBSD/OpenSSH people are touchy about outside patches, but I think they should at least accept a patch to configure so that FreeBSD's native openpty() is detected properly.