Date: Mon, 23 Mar 2020 17:07:43 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r528982 - in head: . security/openssh-portable security/openssh-portable/files Message-ID: <202003231707.02NH7hsK093372@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Mon Mar 23 17:07:42 2020 New Revision: 528982 URL: https://svnweb.freebsd.org/changeset/ports/528982 Log: Remove long broken X509 patch. Approved by: portmgr (implicit) Deleted: head/security/openssh-portable/files/extra-patch-x509-glue Modified: head/MOVED head/security/openssh-portable/Makefile head/security/openssh-portable/pkg-plist Modified: head/MOVED ============================================================================== --- head/MOVED Mon Mar 23 17:04:51 2020 (r528981) +++ head/MOVED Mon Mar 23 17:07:42 2020 (r528982) @@ -14501,3 +14501,4 @@ textproc/pychm||2020-03-20|Has expired: Unmaintained, x11/rxvt|x11/rxvt-unicode|2020-03-20|Has expired: Abandonware: stable release 2.6.4 / November 1, 2001 and no maintainer x11-wm/clementine-wm||2020-03-20|Removed, unmaintained and depends on expired x11/rxvt net/kdsoap|www/kdsoap|2020-03-21|Already existed in the tree +security/openssh-portable@x509||2020-03-23|Has expired: X509 long broken without known users Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Mon Mar 23 17:04:51 2020 (r528981) +++ head/security/openssh-portable/Makefile Mon Mar 23 17:07:42 2020 (r528982) @@ -26,7 +26,7 @@ CONFIGURE_ARGS= --prefix=${PREFIX} --with-md5-passwor ETCOLD= ${PREFIX}/etc -FLAVORS= default hpn gssapi x509 +FLAVORS= default hpn gssapi default_CONFLICTS_INSTALL= openssh-portable-hpn openssh-portable-gssapi \ openssh-portable-x509 hpn_CONFLICTS_INSTALL= openssh-portable openssh-portable-gssapi \ @@ -35,13 +35,9 @@ hpn_PKGNAMESUFFIX= -portable-hpn gssapi_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \ openssh-portable-x509 gssapi_PKGNAMESUFFIX= -portable-gssapi -x509_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \ - openssh-portable-gssapi -x509_PKGNAMESUFFIX= -portable-x509 -x509_BROKEN= X509 not yet updated for ${DISTVERSION} - Does anyone use this? Contact maintainer bdrewery@FreeBSD.org OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \ - HPN X509 KERB_GSSAPI \ + HPN KERB_GSSAPI \ LDNS NONECIPHER XMSS OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS .if ${FLAVOR:U} == hpn @@ -50,9 +46,6 @@ OPTIONS_DEFAULT+= HPN NONECIPHER .if ${FLAVOR:U} == gssapi OPTIONS_DEFAULT+= KERB_GSSAPI MIT .endif -.if ${FLAVOR:U} == x509 -OPTIONS_DEFAULT+= X509 -.endif OPTIONS_RADIO= KERBEROS OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE TCP_WRAPPERS_DESC= tcp_wrappers support @@ -60,7 +53,6 @@ BSM_DESC= OpenBSM Auditing KERB_GSSAPI_DESC= Kerberos/GSSAPI patch (req: GSSAPI) HPN_DESC= HPN-SSH patch LDNS_DESC= SSHFP/LDNS support -X509_DESC= x509 certificate patch HEIMDAL_DESC= Heimdal Kerberos (security/heimdal) HEIMDAL_BASE_DESC= Heimdal Kerberos (base) MIT_DESC= MIT Kerberos (security/krb5) @@ -80,12 +72,6 @@ LDNS_CONFIGURE_ON= --with-ldflags='-L${LOCALBASE}/lib' HPN_CONFIGURE_WITH= hpn NONECIPHER_CONFIGURE_WITH= nonecipher -# See http://www.roumenpetrov.info/openssh/ -X509_VERSION= 11.5 -X509_PATCH_SITES= http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509 -X509_EXTRA_PATCHES+= ${FILESDIR}/extra-patch-x509-glue -X509_PATCHFILES= ${PORTNAME}-7.9p1+x509-${X509_VERSION}.diff.gz:-p1:x509 - MIT_LIB_DEPENDS= libkrb5.so.3:security/krb5 HEIMDAL_LIB_DEPENDS= libkrb5.so.26:security/heimdal @@ -100,13 +86,8 @@ ETCDIR?= ${PREFIX}/etc/ssh .include <bsd.port.pre.mk> -PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex +PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex -# X509 patch includes TCP Wrapper support already -.if ${PORT_OPTIONS:MX509} -EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}} -.endif - # Must add this patch before HPN due to conflicts .if ${PORT_OPTIONS:MKERB_GSSAPI} #BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. @@ -145,17 +126,6 @@ CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disab # Keep this last EXTRA_PATCHES+= ${FILESDIR}/extra-patch-version-addendum - -.if ${PORT_OPTIONS:MX509} -. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} -BROKEN= X509 patch and HPN patch do not apply cleanly together -. endif - -. if ${PORT_OPTIONS:MKERB_GSSAPI} -BROKEN= X509 patch incompatible with KERB_GSSAPI patch -. endif - -.endif .if ${PORT_OPTIONS:MHEIMDAL_BASE} && ${PORT_OPTIONS:MKERB_GSSAPI} BROKEN= KERB_GSSAPI Requires either MIT or HEMIDAL, does not build with base Heimdal currently Modified: head/security/openssh-portable/pkg-plist ============================================================================== --- head/security/openssh-portable/pkg-plist Mon Mar 23 17:04:51 2020 (r528981) +++ head/security/openssh-portable/pkg-plist Mon Mar 23 17:07:42 2020 (r528982) @@ -8,7 +8,6 @@ bin/ssh-keyscan %%ETCDIR%%/moduli @sample %%ETCDIR%%/ssh_config.sample @sample %%ETCDIR%%/sshd_config.sample -%%X509%%@dir %%ETCDIR%%/ca @postexec if [ -f %D/%%ETCDIR%%/ssh_host_ecdsa_key ] && grep -q DSA %D/%%ETCDIR%%/ssh_host_ecdsa_key; then echo; echo "\!/ Warning \!/"; echo; echo "Your %D/%%ETCDIR%%/ssh_host_ecdsa_key is not a valid ECDSA key. It is incorrectly"; echo "a DSA key due to a bug fixed in 2012 in the security/openssh-portable port."; echo; echo "Regenerate a proper one with: rm -f %D/%%ETCDIR%%/ssh_host_ecdsa_key*; service openssh restart"; echo; echo "Clients should not see any key change warning since the ECDSA was not valid and was not actually"; echo "used by the server."; echo; echo "\!/ Warning \!/"; fi sbin/sshd libexec/sftp-server @@ -25,7 +24,6 @@ man/man1/ssh.1.gz man/man5/moduli.5.gz man/man5/ssh_config.5.gz man/man5/sshd_config.5.gz -%%X509%%man/man5/ssh_engine.5.gz man/man8/sftp-server.8.gz man/man8/ssh-keysign.8.gz man/man8/ssh-pkcs11-helper.8.gz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003231707.02NH7hsK093372>