Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 11 Nov 2018 20:21:04 +0000 (UTC)
From:      Bryan Drewery <bdrewery@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r484765 - in head/security/openssh-portable: . files
Message-ID:  <201811112021.wABKL4fL099723@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: bdrewery
Date: Sun Nov 11 20:21:03 2018
New Revision: 484765
URL: https://svnweb.freebsd.org/changeset/ports/484765

Log:
  Update to 7.9p1.
  
  - Fixes build on 12, head, and openssl-devel.
  - GSSAPI and HPN are currently marked BROKEN as I don't want to block
    the main update for anyone.
  
    http://www.openssh.com/txt/release-7.8
    http://www.openssh.com/txt/release-7.9
  
  MFH:	2018Q4 (due to being broken on 12+head)

Added:
  head/security/openssh-portable/files/patch-serverloop.c
     - copied, changed from r484764, head/security/openssh-portable/files/patch-misc.c
Deleted:
  head/security/openssh-portable/files/patch-341727df910e12e26ef161508ed76d91c40a61eb
  head/security/openssh-portable/files/patch-85fe48fd49f2e81fa30902841b362cfbb7f1933b
  head/security/openssh-portable/files/patch-868afa68469de50d8a43e5daf867d7c624a34d20
  head/security/openssh-portable/files/patch-b81b2d120e9c8a83489e241620843687758925ad
  head/security/openssh-portable/files/patch-f5baa36ba79a6e8c534fb4e0a00f2614ccc42ea6
  head/security/openssh-portable/files/patch-misc.c
Modified:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/distinfo
  head/security/openssh-portable/files/extra-patch-hpn-compat
  head/security/openssh-portable/files/extra-patch-tcpwrappers
  head/security/openssh-portable/files/patch-auth2.c
  head/security/openssh-portable/files/patch-session.c

Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile	Sun Nov 11 19:58:53 2018	(r484764)
+++ head/security/openssh-portable/Makefile	Sun Nov 11 20:21:03 2018	(r484765)
@@ -2,8 +2,8 @@
 # $FreeBSD$
 
 PORTNAME=	openssh
-DISTVERSION=	7.7p1
-PORTREVISION=	6
+DISTVERSION=	7.9p1
+PORTREVISION=	0
 PORTEPOCH=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	OPENBSD/OpenSSH/portable
@@ -26,9 +26,6 @@ CONFIGURE_ARGS=		--prefix=${PREFIX} --with-md5-passwor
 
 ETCOLD=			${PREFIX}/etc
 
-BROKEN_SSL=	openssl111
-BROKEN_SSL_REASON_openssl111=	error: OpenSSL >= 1.1.0 is not yet supported
-
 FLAVORS=			default hpn
 default_CONFLICTS_INSTALL=	openssl-portable-hpn
 hpn_CONFLICTS_INSTALL=		openssh-portable
@@ -70,10 +67,10 @@ HPN_CONFIGURE_WITH=		hpn
 NONECIPHER_CONFIGURE_WITH=	nonecipher
 
 # See http://www.roumenpetrov.info/openssh/
-X509_VERSION=		11.3.2
+X509_VERSION=		11.5
 X509_PATCH_SITES=	http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509
 X509_EXTRA_PATCHES+=	${FILESDIR}/extra-patch-x509-glue
-X509_PATCHFILES=	${PORTNAME}-7.7p1+x509-${X509_VERSION}.diff.gz:-p1:x509
+X509_PATCHFILES=	${PORTNAME}-7.9p1+x509-${X509_VERSION}.diff.gz:-p1:x509
 
 MIT_LIB_DEPENDS=		libkrb5.so.3:security/krb5
 HEIMDAL_LIB_DEPENDS=		libkrb5.so.26:security/heimdal
@@ -98,7 +95,7 @@ EXTRA_PATCHES:=		${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA
 
 # Must add this patch before HPN due to conflicts
 .if ${PORT_OPTIONS:MKERB_GSSAPI}
-#BROKEN=	KERB_GSSAPI No patch for ${DISTVERSION} yet.
+BROKEN=	KERB_GSSAPI No patch for ${DISTVERSION} yet.
 # Patch from:
 # https://sources.debian.org/data/main/o/openssh/1:7.7p1-2/debian/patches/gssapi.patch
 # which was originally based on 5.7 patch from
@@ -113,7 +110,7 @@ PATCHFILES+=	openssh-7.7p1-gsskex-all-20141021-debian-
 
 # https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1
 .if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
-#BROKEN=			HPN: Not yet updated for ${DISTVERSION} and disabled in base
+BROKEN=			HPN: Not yet updated for ${DISTVERSION} yet.
 PORTDOCS+=		HPN-README
 HPN_VERSION=		14v15
 HPN_DISTVERSION=	7.7p1

Modified: head/security/openssh-portable/distinfo
==============================================================================
--- head/security/openssh-portable/distinfo	Sun Nov 11 19:58:53 2018	(r484764)
+++ head/security/openssh-portable/distinfo	Sun Nov 11 20:21:03 2018	(r484765)
@@ -1,7 +1,7 @@
-TIMESTAMP = 1524589531
-SHA256 (openssh-7.7p1.tar.gz) = d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f
-SIZE (openssh-7.7p1.tar.gz) = 1536900
-SHA256 (openssh-7.7p1+x509-11.3.2.diff.gz) = f0549007b2bdb99c41d83e622b6504365a3fa0a5ac22e3d0755c89cb0e29a02f
-SIZE (openssh-7.7p1+x509-11.3.2.diff.gz) = 492142
+TIMESTAMP = 1541877994
+SHA256 (openssh-7.9p1.tar.gz) = 6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad
+SIZE (openssh-7.9p1.tar.gz) = 1565384
+SHA256 (openssh-7.9p1+x509-11.5.diff.gz) = 1d15099ce54614f158f10f55b6b4992d915353f92a05e179a64b0655650c00bb
+SIZE (openssh-7.9p1+x509-11.5.diff.gz) = 594995
 SHA256 (openssh-7.7p1-gsskex-all-20141021-debian-rh-20171004.patch.gz) = c58f10ed5d9550e6e4ac09898a1aa131321e69c4d65a742ab95d357b35576ef4
 SIZE (openssh-7.7p1-gsskex-all-20141021-debian-rh-20171004.patch.gz) = 27251

Modified: head/security/openssh-portable/files/extra-patch-hpn-compat
==============================================================================
--- head/security/openssh-portable/files/extra-patch-hpn-compat	Sun Nov 11 19:58:53 2018	(r484764)
+++ head/security/openssh-portable/files/extra-patch-hpn-compat	Sun Nov 11 20:21:03 2018	(r484765)
@@ -31,12 +31,12 @@ r294563 was incomplete; re-add the client-side options
  
  	{ NULL, oBadOption }
  };
---- servconf.c.orig	2017-10-02 12:34:26.000000000 -0700
-+++ servconf.c	2017-10-12 12:20:19.089884000 -0700
-@@ -618,6 +618,10 @@ static struct {
- 	{ "disableforwarding", sDisableForwarding, SSHCFG_ALL },
+--- servconf.c.orig	2018-10-16 17:01:20.000000000 -0700
++++ servconf.c	2018-11-10 11:32:09.835817000 -0800
+@@ -645,6 +645,10 @@ static struct {
  	{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
  	{ "rdomain", sRDomain, SSHCFG_ALL },
+ 	{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
 +	{ "noneenabled", sUnsupported, SSHCFG_ALL },
 +	{ "hpndisabled", sDeprecated, SSHCFG_ALL },
 +	{ "hpnbuffersize", sDeprecated, SSHCFG_ALL },

Modified: head/security/openssh-portable/files/extra-patch-tcpwrappers
==============================================================================
--- head/security/openssh-portable/files/extra-patch-tcpwrappers	Sun Nov 11 19:58:53 2018	(r484764)
+++ head/security/openssh-portable/files/extra-patch-tcpwrappers	Sun Nov 11 20:21:03 2018	(r484765)
@@ -85,11 +85,11 @@ index 0ade557..045f149 100644
  	laddr = get_local_ipaddr(sock_in);
 diff --git configure.ac configure.ac
 index f48ba4a..66fbe82 100644
---- configure.ac
-+++ configure.ac
-@@ -1380,6 +1380,62 @@ AC_ARG_WITH([skey],
- 	]
- )
+--- configure.ac.orig	2018-10-16 17:01:20.000000000 -0700
++++ configure.ac	2018-11-10 11:29:32.626326000 -0800
+@@ -1493,6 +1493,62 @@ else
+ 	AC_MSG_RESULT([no])
+ fi
  
 +# Check whether user wants TCP wrappers support
 +TCPW_MSG="no"
@@ -150,11 +150,11 @@ index f48ba4a..66fbe82 100644
  # Check whether user wants to use ldns
  LDNS_MSG="no"
  AC_ARG_WITH(ldns,
-@@ -4803,6 +4859,7 @@ echo "                 KerberosV support: $KRB5_MSG"
+@@ -5305,6 +5361,7 @@ echo "                       PAM support: $PAM_MSG"
+ echo "                   OSF SIA support: $SIA_MSG"
+ echo "                 KerberosV support: $KRB5_MSG"
  echo "                   SELinux support: $SELINUX_MSG"
- echo "                 Smartcard support: $SCARD_MSG"
- echo "                     S/KEY support: $SKEY_MSG"
 +echo "              TCP Wrappers support: $TCPW_MSG"
  echo "              MD5 password support: $MD5_MSG"
  echo "                   libedit support: $LIBEDIT_MSG"
- echo "  Solaris process contract support: $SPC_MSG"
+ echo "                   libldns support: $LDNS_MSG"

Modified: head/security/openssh-portable/files/patch-auth2.c
==============================================================================
--- head/security/openssh-portable/files/patch-auth2.c	Sun Nov 11 19:58:53 2018	(r484764)
+++ head/security/openssh-portable/files/patch-auth2.c	Sun Nov 11 20:21:03 2018	(r484765)
@@ -5,31 +5,32 @@ Changed paths:
 
 Apply class-imposed login restrictions.
 
---- auth2.c.orig	2017-03-19 19:39:27.000000000 -0700
-+++ auth2.c	2017-03-20 11:52:27.960733000 -0700
-@@ -47,6 +47,7 @@
- #include "key.h"
+--- auth2.c.orig	2018-10-16 17:01:20.000000000 -0700
++++ auth2.c	2018-11-10 11:35:07.816193000 -0800
+@@ -48,6 +48,7 @@
+ #include "sshkey.h"
  #include "hostfile.h"
  #include "auth.h"
 +#include "canohost.h"
  #include "dispatch.h"
  #include "pathnames.h"
- #include "buffer.h"
-@@ -217,6 +218,13 @@ input_userauth_request(int type, u_int32
- 	Authmethod *m = NULL;
+ #include "sshbuf.h"
+@@ -258,7 +259,14 @@ input_userauth_request(int type, u_int32_t seq, struct
  	char *user, *service, *method, *style = NULL;
  	int authenticated = 0;
+ 	double tstart = monotime_double();
 +#ifdef HAVE_LOGIN_CAP
 +	login_cap_t *lc;
 +	const char *from_host, *from_ip;
-+
+ 
 +	from_host = auth_get_canonical_hostname(ssh, options.use_dns);
 +	from_ip = ssh_remote_ipaddr(ssh);
 +#endif
- 
++
  	if (authctxt == NULL)
  		fatal("input_userauth_request: no authctxt");
-@@ -266,6 +274,27 @@ input_userauth_request(int type, u_int32
+ 
+@@ -307,6 +315,27 @@ input_userauth_request(int type, u_int32_t seq, struct
  		    "(%s,%s) -> (%s,%s)",
  		    authctxt->user, authctxt->service, user, service);
  	}
@@ -55,5 +56,5 @@ Apply class-imposed login restrictions.
 +#endif  /* HAVE_LOGIN_CAP */
 +
  	/* reset state */
- 	auth2_challenge_stop(authctxt);
+ 	auth2_challenge_stop(ssh);
  

Copied and modified: head/security/openssh-portable/files/patch-serverloop.c (from r484764, head/security/openssh-portable/files/patch-misc.c)
==============================================================================
--- head/security/openssh-portable/files/patch-misc.c	Sun Nov 11 19:58:53 2018	(r484764, copy source)
+++ head/security/openssh-portable/files/patch-serverloop.c	Sun Nov 11 20:21:03 2018	(r484765)
@@ -9,21 +9,21 @@ Submitted upstream, no reaction.
 Submitted by:   delphij@
 [rewritten for 7.4 by bdrewery@]
 
---- misc.c.orig	2017-01-12 11:54:41.058558000 -0800
-+++ misc.c	2017-01-12 11:55:16.531356000 -0800
-@@ -56,6 +56,8 @@
- #include <net/if.h>
- #endif
+--- serverloop.c.orig	2018-11-10 11:38:16.728617000 -0800
++++ serverloop.c	2018-11-10 11:38:19.497300000 -0800
+@@ -55,6 +55,8 @@
+ #include <unistd.h>
+ #include <stdarg.h>
  
 +#include <sys/sysctl.h>
 +
+ #include "openbsd-compat/sys-queue.h"
  #include "xmalloc.h"
- #include "misc.h"
- #include "log.h"
-@@ -1253,7 +1255,19 @@ forward_equals(const struct Forward *a, 
- int
- bind_permitted(int port, uid_t uid)
+ #include "packet.h"
+@@ -109,7 +111,19 @@ bind_permitted(int port, uid_t uid)
  {
+ 	if (use_privsep)
+ 		return 1; /* allow system to decide */
 -	if (port < IPPORT_RESERVED && uid != 0)
 +	int ipport_reserved;
 +#ifdef __FreeBSD__

Modified: head/security/openssh-portable/files/patch-session.c
==============================================================================
--- head/security/openssh-portable/files/patch-session.c	Sun Nov 11 19:58:53 2018	(r484764)
+++ head/security/openssh-portable/files/patch-session.c	Sun Nov 11 20:21:03 2018	(r484765)
@@ -10,9 +10,9 @@ Reviewed by:    ache
 Sponsored by:   DARPA, NAI Labs
 
 
---- session.c.orig	2018-04-01 22:38:28.000000000 -0700
-+++ session.c	2018-04-03 13:56:49.599400000 -0700
-@@ -982,6 +982,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+--- session.c.orig	2018-10-16 17:01:20.000000000 -0700
++++ session.c	2018-11-10 11:45:14.645263000 -0800
+@@ -1020,6 +1020,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
  	struct passwd *pw = s->pw;
  #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
  	char *path = NULL;
@@ -22,7 +22,7 @@ Sponsored by:   DARPA, NAI Labs
  #endif
  
  	/* Initialize the environment. */
-@@ -1003,6 +1006,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+@@ -1041,6 +1044,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
  	}
  #endif
  
@@ -32,7 +32,7 @@ Sponsored by:   DARPA, NAI Labs
  #ifdef GSSAPI
  	/* Allow any GSSAPI methods that we've used to alter
  	 * the childs environment as they see fit
-@@ -1020,11 +1026,21 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+@@ -1058,11 +1064,21 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
  	child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
  #endif
  	child_set_env(&env, &envsize, "HOME", pw->pw_dir);
@@ -58,7 +58,7 @@ Sponsored by:   DARPA, NAI Labs
  #else /* HAVE_LOGIN_CAP */
  # ifndef HAVE_CYGWIN
  	/*
-@@ -1044,15 +1060,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
+@@ -1082,14 +1098,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
  # endif /* HAVE_CYGWIN */
  #endif /* HAVE_LOGIN_CAP */
  
@@ -70,11 +70,10 @@ Sponsored by:   DARPA, NAI Labs
  
 -	if (getenv("TZ"))
 -		child_set_env(&env, &envsize, "TZ", getenv("TZ"));
--
- 	/* Set custom environment options from pubkey authentication. */
- 	if (options.permit_user_env) {
- 		for (n = 0 ; n < auth_opts->nenv; n++) {
-@@ -1331,7 +1341,7 @@ do_setusercontext(struct passwd *pw)
+ 	if (s->term)
+ 		child_set_env(&env, &envsize, "TERM", s->term);
+ 	if (s->display)
+@@ -1389,7 +1400,7 @@ do_setusercontext(struct passwd *pw)
  	if (platform_privileged_uidswap()) {
  #ifdef HAVE_LOGIN_CAP
  		if (setusercontext(lc, pw, pw->pw_uid,



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811112021.wABKL4fL099723>