From owner-svn-ports-branches@freebsd.org Sun Mar 17 17:38:52 2019 Return-Path: Delivered-To: svn-ports-branches@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E7E97154495F; Sun, 17 Mar 2019 17:38:51 +0000 (UTC) (envelope-from mandree@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EFF4E891EE; Sun, 17 Mar 2019 17:38:50 +0000 (UTC) (envelope-from mandree@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AF810D385; Sun, 17 Mar 2019 17:38:50 +0000 (UTC) (envelope-from mandree@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x2HHcou5005493; Sun, 17 Mar 2019 17:38:50 GMT (envelope-from mandree@FreeBSD.org) Received: (from mandree@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x2HHcmf6005485; Sun, 17 Mar 2019 17:38:48 GMT (envelope-from mandree@FreeBSD.org) Message-Id: <201903171738.x2HHcmf6005485@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mandree set sender to mandree@FreeBSD.org using -f From: Matthias Andree Date: Sun, 17 Mar 2019 17:38:48 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r496078 - in branches/2019Q1/security/putty: . files X-SVN-Group: ports-branches X-SVN-Commit-Author: mandree X-SVN-Commit-Paths: in branches/2019Q1/security/putty: . files X-SVN-Commit-Revision: 496078 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: EFF4E891EE X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; NEURAL_HAM_SHORT(-0.97)[-0.965,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Mar 2019 17:38:52 -0000 Author: mandree Date: Sun Mar 17 17:38:48 2019 New Revision: 496078 URL: https://svnweb.freebsd.org/changeset/ports/496078 Log: MFH: r496064 Update security/putty to 0.71 security fix release Unfortunately, this new release breaks GSSAPI_NONE, which is removed for now. Bug has been reported upstream. Changelog: https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html Security: 46e1ece5-48bd-11e9-9c40-080027ac955c Approved by: ports-secteam (joneum) Added: branches/2019Q1/security/putty/files/patch-settings.c - copied unchanged from r496064, head/security/putty/files/patch-settings.c branches/2019Q1/security/putty/files/patch-sshgssc.c - copied unchanged from r496064, head/security/putty/files/patch-sshgssc.c branches/2019Q1/security/putty/files/patch-unix_Makefile.gtk - copied unchanged from r496064, head/security/putty/files/patch-unix_Makefile.gtk branches/2019Q1/security/putty/files/patch-unix_uxnet.c - copied unchanged from r496064, head/security/putty/files/patch-unix_uxnet.c branches/2019Q1/security/putty/files/patch-unix_uxpgnt.c - copied unchanged from r496064, head/security/putty/files/patch-unix_uxpgnt.c branches/2019Q1/security/putty/files/patch-unix_uxpty.c - copied unchanged from r496064, head/security/putty/files/patch-unix_uxpty.c Deleted: branches/2019Q1/security/putty/files/patch-Makefile.gtk branches/2019Q1/security/putty/files/patch-unix__uxpgnt.c branches/2019Q1/security/putty/files/patch-uxnet.c branches/2019Q1/security/putty/files/patch-uxpty.c Modified: branches/2019Q1/security/putty/Makefile branches/2019Q1/security/putty/distinfo Directory Properties: branches/2019Q1/ (props changed) Modified: branches/2019Q1/security/putty/Makefile ============================================================================== --- branches/2019Q1/security/putty/Makefile Sun Mar 17 17:35:38 2019 (r496077) +++ branches/2019Q1/security/putty/Makefile Sun Mar 17 17:38:48 2019 (r496078) @@ -1,21 +1,22 @@ # $FreeBSD$ PORTNAME= putty -PORTVERSION= 0.70 +PORTVERSION= 0.71 CATEGORIES= security ipv6 MASTER_SITES= http://the.earth.li/~sgtatham/putty/${PORTVERSION}/ \ ftp://ftp.chiark.greenend.org.uk/users/sgtatham/putty-latest/ -# Beat Gaetzi (beat@) is permitted to take maintainership back -# or commit to this port without my prior approval. MAINTAINER= mandree@FreeBSD.org COMMENT= Secure shell and telnet client +# test plan: test ALL 4 GSSAPI_* options, ALL 3 GTK options, WITH_DEBUG=yes build. LICENSE= MIT LICENSE_FILE= ${FILESDIR}/LICENSE USES= cpe gmake pkgconfig + WRKSRC= ${WRKDIR}/${DISTNAME}/unix +PATCH_WRKSRC= ${WRKDIR}/${DISTNAME} MAKEFILE= Makefile.gtk CPE_VENDOR= simon_tatham @@ -27,8 +28,10 @@ OPTIONS_RADIO= TOOLKIT OPTIONS_RADIO_TOOLKIT= GTK2 GTK3 OPTIONS_DEFAULT=GSSAPI_BASE GTK3 OPTIONS_SINGLE= GSSAPI_SELECT -OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL \ - GSSAPI_MIT +#OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +# XXX FIXME TODO: GSSAPI_NONE is broken as of PuTTY 0.71 (did work in 0.70). +# Report has been sent to putty.AT.projects.tartarus.org on 2019-03-17 +OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT CONFLICTS_INSTALL?= pssh-[0-9]* putty-gtk2-[0-9]* putty-nogtk-[0-9]* @@ -40,10 +43,12 @@ LDFLAGS+= -Wl,--as-needed .if (${PORT_OPTIONS:MGTK2} || ${PORT_OPTIONS:MGTK3}) && !defined(WITHOUT_X11) USE_XORG= x11 .if ${PORT_OPTIONS:MGTK2} +USES+= gnome USE_GNOME= cairo gdkpixbuf2 gtk20 MAKE_ARGS+= PUTTY_WITH_GTK=yes GTK_CONFIG="pkg-config gtk+-2.0 x11 --cflags" .endif .if ${PORT_OPTIONS:MGTK3} +USES+= gnome USE_GNOME= cairo gdkpixbuf2 gtk30 MAKE_ARGS+= PUTTY_WITH_GTK=yes GTK_CONFIG="pkg-config gtk+-3.0 x11 --cflags" .endif @@ -80,7 +85,9 @@ _COMPAT= -DNO_GSSAPI _COMPAT+= -DOMIT_UTMP .if defined(WITH_DEBUG) +CFLAGS+= -DDEBUG XFLAGS= -DDEBUG +_COMPAT+= -DDEBUG .endif # upstream sets -Werror - there are no issues on 9.1-FreeBSD amd64 Modified: branches/2019Q1/security/putty/distinfo ============================================================================== --- branches/2019Q1/security/putty/distinfo Sun Mar 17 17:35:38 2019 (r496077) +++ branches/2019Q1/security/putty/distinfo Sun Mar 17 17:38:48 2019 (r496078) @@ -1,3 +1,3 @@ -TIMESTAMP = 1500391843 -SHA256 (putty-0.70.tar.gz) = bb8aa49d6e96c5a8e18a057f3150a1695ed99a24eef699e783651d1f24e7b0be -SIZE (putty-0.70.tar.gz) = 2386108 +TIMESTAMP = 1552820659 +SHA256 (putty-0.71.tar.gz) = 2f931ce2f89780cc8ca7bbed90fcd22c44515d2773f5fa954069e209b48ec6b8 +SIZE (putty-0.71.tar.gz) = 2423752 Copied: branches/2019Q1/security/putty/files/patch-settings.c (from r496064, head/security/putty/files/patch-settings.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2019Q1/security/putty/files/patch-settings.c Sun Mar 17 17:38:48 2019 (r496078, copy of r496064, head/security/putty/files/patch-settings.c) @@ -0,0 +1,12 @@ +--- settings.c.orig 2019-03-16 12:26:35 UTC ++++ settings.c +@@ -990,7 +990,9 @@ void load_open_settings(settings_r *sesskey, Conf *con + gprefs(sesskey, "HostKey", "ed25519,ecdsa,rsa,dsa,WARN", + hknames, HK_MAX, conf, CONF_ssh_hklist); + gppi(sesskey, "RekeyTime", 60, conf, CONF_ssh_rekey_time); ++#ifndef NO_GSSAPI + gppi(sesskey, "GssapiRekey", GSS_DEF_REKEY_MINS, conf, CONF_gssapirekey); ++#endif + gpps(sesskey, "RekeyBytes", "1G", conf, CONF_ssh_rekey_data); + { + /* SSH-2 only by default */ Copied: branches/2019Q1/security/putty/files/patch-sshgssc.c (from r496064, head/security/putty/files/patch-sshgssc.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2019Q1/security/putty/files/patch-sshgssc.c Sun Mar 17 17:38:48 2019 (r496078, copy of r496064, head/security/putty/files/patch-sshgssc.c) @@ -0,0 +1,11 @@ +--- sshgssc.c.orig 2019-03-16 12:26:36 UTC ++++ sshgssc.c +@@ -75,7 +75,7 @@ static Ssh_gss_stat ssh_gssapi_acquire_cred(struct ssh + gssctx->maj_stat = + gss->inquire_cred_by_mech(&gssctx->min_stat, cred, + (gss_OID) GSS_MECH_KRB5, +- GSS_C_NO_NAME, ++ NULL, + &time_rec, + NULL, + NULL); Copied: branches/2019Q1/security/putty/files/patch-unix_Makefile.gtk (from r496064, head/security/putty/files/patch-unix_Makefile.gtk) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2019Q1/security/putty/files/patch-unix_Makefile.gtk Sun Mar 17 17:38:48 2019 (r496078, copy of r496064, head/security/putty/files/patch-unix_Makefile.gtk) @@ -0,0 +1,80 @@ +--- unix/Makefile.gtk.orig 2019-03-16 12:26:40 UTC ++++ unix/Makefile.gtk +@@ -109,7 +109,7 @@ GTK_CONFIG = sh -c 'pkg-config gtk+-3.0 x11 $$0 2>/dev + + unexport CFLAGS # work around a weird issue with krb5-config + +-CFLAGS = -O2 -Wall -Werror -std=gnu99 -Wvla -g -I.././ -I../charset/ \ ++CFLAGS := $(CFLAGS) -Wall -Werror -std=gnu99 -Wvla -I.././ -I../charset/ \ + -I../windows/ -I../unix/ $(shell $(GTK_CONFIG) --cflags) -D _FILE_OFFSET_BITS=64 + XLDFLAGS = $(LDFLAGS) $(shell $(GTK_CONFIG) --libs) + ULDFLAGS = $(LDFLAGS) +@@ -136,8 +136,13 @@ man1dir=$(mandir)/man1 + .SUFFIXES: + + ++ifdef PUTTY_WITH_GTK + all: cgtest fuzzterm osxlaunch pageant plink pscp psftp pterm ptermapp putty \ + puttyapp puttygen puttytel testcrypt testsc testzlib uppity ++else ++all: cgtest fuzzterm osxlaunch plink pscp psftp \ ++ puttygen testcrypt testsc testzlib uppity ++endif + + cgtest: cgtest.o conf.o ecc.o import.o marshal.o memory.o misc.o mpint.o \ + notiming.o sshaes.o sshauxcrypt.o sshbcrypt.o sshblowf.o \ +@@ -497,15 +502,15 @@ testsc: ecc.o marshal.o memory.o mpint.o sshaes.o ssha + sshblowf.o sshccp.o sshcrc.o sshcrcda.o sshdes.o sshdh.o \ + sshdss.o sshecc.o sshhmac.o sshmac.o sshmd5.o sshrsa.o \ + sshsh256.o sshsh512.o sshsha.o testsc.o tree234.o utils.o \ +- uxutils.o wildcard.o ++ uxutils.o wildcard.o uxmisc.o + $(CC) -o $@ ecc.o marshal.o memory.o mpint.o sshaes.o ssharcf.o \ + sshauxcrypt.o sshblowf.o sshccp.o sshcrc.o sshcrcda.o \ + sshdes.o sshdh.o sshdss.o sshecc.o sshhmac.o sshmac.o \ + sshmd5.o sshrsa.o sshsh256.o sshsh512.o sshsha.o testsc.o \ +- tree234.o utils.o uxutils.o wildcard.o $(ULDFLAGS) ++ tree234.o utils.o uxutils.o wildcard.o uxmisc.o $(ULDFLAGS) + +-testzlib: marshal.o memory.o sshzlib.o testzlib.o utils.o +- $(CC) -o $@ marshal.o memory.o sshzlib.o testzlib.o utils.o \ ++testzlib: marshal.o memory.o sshzlib.o testzlib.o utils.o uxmisc.o ++ $(CC) -o $@ marshal.o memory.o sshzlib.o testzlib.o utils.o uxmisc.o \ + $(ULDFLAGS) + + uppity: be_misc.o be_none.o callback.o conf.o cproxy.o ecc.o errsock.o \ +@@ -1602,10 +1607,12 @@ xpmputty.o: ../unix/xpmputty.c + + install: + mkdir -p $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir) +- $(INSTALL_PROGRAM) -m 755 pageant $(DESTDIR)$(bindir)/pageant + $(INSTALL_PROGRAM) -m 755 plink $(DESTDIR)$(bindir)/plink + $(INSTALL_PROGRAM) -m 755 pscp $(DESTDIR)$(bindir)/pscp + $(INSTALL_PROGRAM) -m 755 psftp $(DESTDIR)$(bindir)/psftp ++ $(INSTALL_PROGRAM) -m 755 puttygen $(DESTDIR)$(bindir)/puttygen ++ifdef PUTTY_WITH_GTK ++ $(INSTALL_PROGRAM) -m 755 pageant $(DESTDIR)$(bindir)/pageant + $(INSTALL_PROGRAM) -m 755 pterm $(DESTDIR)$(bindir)/pterm + if test -n "$(UTMP_GROUP)"; then \ + chgrp $(UTMP_GROUP) $(DESTDIR)$(bindir)/pterm && \ +@@ -1615,16 +1622,18 @@ install: + chmod 4755 $(DESTDIR)$(bindir)/pterm; \ + fi + $(INSTALL_PROGRAM) -m 755 putty $(DESTDIR)$(bindir)/putty +- $(INSTALL_PROGRAM) -m 755 puttygen $(DESTDIR)$(bindir)/puttygen + $(INSTALL_PROGRAM) -m 755 puttytel $(DESTDIR)$(bindir)/puttytel + $(INSTALL_DATA) -m 644 ../doc/pageant.1 $(DESTDIR)$(man1dir)/pageant.1 ++endif + $(INSTALL_DATA) -m 644 ../doc/plink.1 $(DESTDIR)$(man1dir)/plink.1 + $(INSTALL_DATA) -m 644 ../doc/pscp.1 $(DESTDIR)$(man1dir)/pscp.1 + $(INSTALL_DATA) -m 644 ../doc/psftp.1 $(DESTDIR)$(man1dir)/psftp.1 ++ $(INSTALL_DATA) -m 644 ../doc/puttygen.1 $(DESTDIR)$(man1dir)/puttygen.1 ++ifdef PUTTY_WITH_GTK + $(INSTALL_DATA) -m 644 ../doc/pterm.1 $(DESTDIR)$(man1dir)/pterm.1 + $(INSTALL_DATA) -m 644 ../doc/putty.1 $(DESTDIR)$(man1dir)/putty.1 +- $(INSTALL_DATA) -m 644 ../doc/puttygen.1 $(DESTDIR)$(man1dir)/puttygen.1 + $(INSTALL_DATA) -m 644 ../doc/puttytel.1 $(DESTDIR)$(man1dir)/puttytel.1 ++endif + + install-strip: + $(MAKE) install INSTALL_PROGRAM="$(INSTALL_PROGRAM) -s" Copied: branches/2019Q1/security/putty/files/patch-unix_uxnet.c (from r496064, head/security/putty/files/patch-unix_uxnet.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2019Q1/security/putty/files/patch-unix_uxnet.c Sun Mar 17 17:38:48 2019 (r496078, copy of r496064, head/security/putty/files/patch-unix_uxnet.c) @@ -0,0 +1,16 @@ +--- unix/uxnet.c.orig 2019-03-16 12:26:37 UTC ++++ unix/uxnet.c +@@ -11,8 +11,13 @@ + #include + #include + #include ++#ifdef __FreeBSD__ ++#include + #include ++#else ++#include + #include ++#endif + #include + #include + #include Copied: branches/2019Q1/security/putty/files/patch-unix_uxpgnt.c (from r496064, head/security/putty/files/patch-unix_uxpgnt.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2019Q1/security/putty/files/patch-unix_uxpgnt.c Sun Mar 17 17:38:48 2019 (r496078, copy of r496064, head/security/putty/files/patch-unix_uxpgnt.c) @@ -0,0 +1,11 @@ +--- unix/uxpgnt.c.orig 2019-03-16 12:26:38 UTC ++++ unix/uxpgnt.c +@@ -241,7 +241,7 @@ void pageant_fork_and_print_env(bool retain_tty) + /* Get out of our previous process group, to avoid being + * blasted by passing signals. But keep our controlling tty, + * so we can keep checking to see if we still have one. */ +- setpgrp(); ++ setpgrp(0,0); + } else { + /* Do that, but also leave our entire session and detach from + * the controlling tty (if any). */ Copied: branches/2019Q1/security/putty/files/patch-unix_uxpty.c (from r496064, head/security/putty/files/patch-unix_uxpty.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2019Q1/security/putty/files/patch-unix_uxpty.c Sun Mar 17 17:38:48 2019 (r496078, copy of r496064, head/security/putty/files/patch-unix_uxpty.c) @@ -0,0 +1,10 @@ +--- unix/uxpty.c.orig 2019-03-16 12:26:38 UTC ++++ unix/uxpty.c +@@ -13,7 +13,6 @@ + #include + #include + #include +-#include + #include + #include + #include