From owner-svn-ports-head@freebsd.org Mon Mar 23 17:07:46 2020 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 343FC268CDA; Mon, 23 Mar 2020 17:07:46 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48mLRP6lmVz4W9V; Mon, 23 Mar 2020 17:07:45 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D9E9E19BEB; Mon, 23 Mar 2020 17:07:43 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02NH7hD0093375; Mon, 23 Mar 2020 17:07:43 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02NH7hsK093372; Mon, 23 Mar 2020 17:07:43 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <202003231707.02NH7hsK093372@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Mon, 23 Mar 2020 17:07:43 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r528982 - in head: . security/openssh-portable security/openssh-portable/files X-SVN-Group: ports-head X-SVN-Commit-Author: bdrewery X-SVN-Commit-Paths: in head: . security/openssh-portable security/openssh-portable/files X-SVN-Commit-Revision: 528982 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Mar 2020 17:07:46 -0000 Author: bdrewery Date: Mon Mar 23 17:07:42 2020 New Revision: 528982 URL: https://svnweb.freebsd.org/changeset/ports/528982 Log: Remove long broken X509 patch. Approved by: portmgr (implicit) Deleted: head/security/openssh-portable/files/extra-patch-x509-glue Modified: head/MOVED head/security/openssh-portable/Makefile head/security/openssh-portable/pkg-plist Modified: head/MOVED ============================================================================== --- head/MOVED Mon Mar 23 17:04:51 2020 (r528981) +++ head/MOVED Mon Mar 23 17:07:42 2020 (r528982) @@ -14501,3 +14501,4 @@ textproc/pychm||2020-03-20|Has expired: Unmaintained, x11/rxvt|x11/rxvt-unicode|2020-03-20|Has expired: Abandonware: stable release 2.6.4 / November 1, 2001 and no maintainer x11-wm/clementine-wm||2020-03-20|Removed, unmaintained and depends on expired x11/rxvt net/kdsoap|www/kdsoap|2020-03-21|Already existed in the tree +security/openssh-portable@x509||2020-03-23|Has expired: X509 long broken without known users Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Mon Mar 23 17:04:51 2020 (r528981) +++ head/security/openssh-portable/Makefile Mon Mar 23 17:07:42 2020 (r528982) @@ -26,7 +26,7 @@ CONFIGURE_ARGS= --prefix=${PREFIX} --with-md5-passwor ETCOLD= ${PREFIX}/etc -FLAVORS= default hpn gssapi x509 +FLAVORS= default hpn gssapi default_CONFLICTS_INSTALL= openssh-portable-hpn openssh-portable-gssapi \ openssh-portable-x509 hpn_CONFLICTS_INSTALL= openssh-portable openssh-portable-gssapi \ @@ -35,13 +35,9 @@ hpn_PKGNAMESUFFIX= -portable-hpn gssapi_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \ openssh-portable-x509 gssapi_PKGNAMESUFFIX= -portable-gssapi -x509_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \ - openssh-portable-gssapi -x509_PKGNAMESUFFIX= -portable-x509 -x509_BROKEN= X509 not yet updated for ${DISTVERSION} - Does anyone use this? Contact maintainer bdrewery@FreeBSD.org OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \ - HPN X509 KERB_GSSAPI \ + HPN KERB_GSSAPI \ LDNS NONECIPHER XMSS OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS .if ${FLAVOR:U} == hpn @@ -50,9 +46,6 @@ OPTIONS_DEFAULT+= HPN NONECIPHER .if ${FLAVOR:U} == gssapi OPTIONS_DEFAULT+= KERB_GSSAPI MIT .endif -.if ${FLAVOR:U} == x509 -OPTIONS_DEFAULT+= X509 -.endif OPTIONS_RADIO= KERBEROS OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE TCP_WRAPPERS_DESC= tcp_wrappers support @@ -60,7 +53,6 @@ BSM_DESC= OpenBSM Auditing KERB_GSSAPI_DESC= Kerberos/GSSAPI patch (req: GSSAPI) HPN_DESC= HPN-SSH patch LDNS_DESC= SSHFP/LDNS support -X509_DESC= x509 certificate patch HEIMDAL_DESC= Heimdal Kerberos (security/heimdal) HEIMDAL_BASE_DESC= Heimdal Kerberos (base) MIT_DESC= MIT Kerberos (security/krb5) @@ -80,12 +72,6 @@ LDNS_CONFIGURE_ON= --with-ldflags='-L${LOCALBASE}/lib' HPN_CONFIGURE_WITH= hpn NONECIPHER_CONFIGURE_WITH= nonecipher -# See http://www.roumenpetrov.info/openssh/ -X509_VERSION= 11.5 -X509_PATCH_SITES= http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509 -X509_EXTRA_PATCHES+= ${FILESDIR}/extra-patch-x509-glue -X509_PATCHFILES= ${PORTNAME}-7.9p1+x509-${X509_VERSION}.diff.gz:-p1:x509 - MIT_LIB_DEPENDS= libkrb5.so.3:security/krb5 HEIMDAL_LIB_DEPENDS= libkrb5.so.26:security/heimdal @@ -100,13 +86,8 @@ ETCDIR?= ${PREFIX}/etc/ssh .include -PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex +PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex -# X509 patch includes TCP Wrapper support already -.if ${PORT_OPTIONS:MX509} -EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}} -.endif - # Must add this patch before HPN due to conflicts .if ${PORT_OPTIONS:MKERB_GSSAPI} #BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. @@ -145,17 +126,6 @@ CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disab # Keep this last EXTRA_PATCHES+= ${FILESDIR}/extra-patch-version-addendum - -.if ${PORT_OPTIONS:MX509} -. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} -BROKEN= X509 patch and HPN patch do not apply cleanly together -. endif - -. if ${PORT_OPTIONS:MKERB_GSSAPI} -BROKEN= X509 patch incompatible with KERB_GSSAPI patch -. endif - -.endif .if ${PORT_OPTIONS:MHEIMDAL_BASE} && ${PORT_OPTIONS:MKERB_GSSAPI} BROKEN= KERB_GSSAPI Requires either MIT or HEMIDAL, does not build with base Heimdal currently Modified: head/security/openssh-portable/pkg-plist ============================================================================== --- head/security/openssh-portable/pkg-plist Mon Mar 23 17:04:51 2020 (r528981) +++ head/security/openssh-portable/pkg-plist Mon Mar 23 17:07:42 2020 (r528982) @@ -8,7 +8,6 @@ bin/ssh-keyscan %%ETCDIR%%/moduli @sample %%ETCDIR%%/ssh_config.sample @sample %%ETCDIR%%/sshd_config.sample -%%X509%%@dir %%ETCDIR%%/ca @postexec if [ -f %D/%%ETCDIR%%/ssh_host_ecdsa_key ] && grep -q DSA %D/%%ETCDIR%%/ssh_host_ecdsa_key; then echo; echo "\!/ Warning \!/"; echo; echo "Your %D/%%ETCDIR%%/ssh_host_ecdsa_key is not a valid ECDSA key. It is incorrectly"; echo "a DSA key due to a bug fixed in 2012 in the security/openssh-portable port."; echo; echo "Regenerate a proper one with: rm -f %D/%%ETCDIR%%/ssh_host_ecdsa_key*; service openssh restart"; echo; echo "Clients should not see any key change warning since the ECDSA was not valid and was not actually"; echo "used by the server."; echo; echo "\!/ Warning \!/"; fi sbin/sshd libexec/sftp-server @@ -25,7 +24,6 @@ man/man1/ssh.1.gz man/man5/moduli.5.gz man/man5/ssh_config.5.gz man/man5/sshd_config.5.gz -%%X509%%man/man5/ssh_engine.5.gz man/man8/sftp-server.8.gz man/man8/ssh-keysign.8.gz man/man8/ssh-pkcs11-helper.8.gz