Date: Sun, 26 Sep 2010 19:50:07 GMT From: John Hein <jhein@symmetricom.com> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1 Message-ID: <201009261950.o8QJo7dS023195@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/150493; it has been noted by GNATS.
From: John Hein <jhein@symmetricom.com>
To: Grzegorz Blach <magik@roorback.net>,
<bug-followup@FreeBSD.org>
Cc:
Subject: Re: ports/150493: Update for: security%2Fopenssh-portable port from 5.2p1 to 5.6p1
Date: Sun, 26 Sep 2010 13:43:12 -0600
--xx55/XzeMR
Content-Type: text/plain; charset=us-ascii
Content-Description: message body text
Content-Transfer-Encoding: 7bit
Here's an update to the Makefile patch that moves PATCH_DIST_STRIP
rather than removing it. I mis-read the portlint whine and
overriding the default -p0 is needed for the dist patches.
As it turns out just using no -p arg at all works for all
the openssh dist patches.
Updated Makefile patch attached...
--xx55/XzeMR
Content-Type: text/plain; name="p2"
Content-Description: latest Makefile with dist patch fixes
Content-Disposition: inline;
filename="p2"
Content-Transfer-Encoding: 7bit
Index: Makefile
===================================================================
RCS file: /base/FreeBSD-CVS/ports/security/openssh-portable/Makefile,v
retrieving revision 1.149
diff -u -p -r1.149 Makefile
--- Makefile 31 Aug 2010 02:46:43 -0000 1.149
+++ Makefile 26 Sep 2010 19:38:46 -0000
@@ -6,8 +6,8 @@
#
PORTNAME= openssh
-DISTVERSION= 5.2p1
-PORTREVISION= 2
+DISTVERSION= 5.6p1
+PORTREVISION= 0
PORTEPOCH= 1
CATEGORIES= security ipv6
.if defined(OPENSSH_SNAPSHOT)
@@ -18,6 +18,7 @@ MASTER_SITE_SUBDIR= OpenSSH/portable
.endif
PKGNAMESUFFIX= ${PORTABLE_SUFFIX}${GSSAPI_SUFFIX}${BASE_SUFFIX}
DISTNAME= # empty
+PATCH_DIST_STRIP=
MAINTAINER= ports@FreeBSD.org
COMMENT= The portable version of OpenBSD's OpenSSH
@@ -61,8 +62,6 @@ OPTIONS= PAM "Enable pam(3) support"
GSSAPI "Enable GSSAPI support (req: KERBEROS)" off \
KERB_GSSAPI "Enable Kerberos/GSSAPI patch (req: GSSAPI)" off \
OPENSSH_CHROOT "Enable CHROOT support" off \
- OPENSC "Enable OpenSC smartcard support" off \
- OPENSCPINPATCH "Enable OpenSC PIN patch" off \
HPN "Enable HPN-SSH patch" off \
LPK "Enable LDAP Public Key (LPK) patch" off \
X509 "Enable x509 certificate patch" off \
@@ -75,8 +74,8 @@ OPTIONS= PAM "Enable pam(3) support"
BROKEN= does not build
.endif
-.if defined(WITH_X509) && ( defined(WITH_HPN) || defined(WITH_LPK))
-BROKEN= X509 patch incompatible with HPN and LPK patches
+.if defined(WITH_X509) && defined(WITH_HPN)
+BROKEN= X509 patches and HPN patches do not apply cleanly together
.endif
.if defined(WITH_X509) && defined(WITH_KERB_GSSAPI)
@@ -110,7 +109,9 @@ CONFIGURE_ARGS+= --with-audit=bsm
.if !defined(WITHOUT_KERBEROS)
.if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI)
.if defined(WITH_KERB_GSSAPI)
-PATCH_DIST_STRIP= -p0
+# Latest GSSAPI patch is against 5.3 and does not apply
+# cleanly against 5.6p1, but it's close.
+BROKEN= upstream GSSAPI key exchange patch is not up to date for OpenSSH 5.6p1
PATCH_SITES+= http://www.sxw.org.uk/computing/patches/
PATCHFILES+= openssh-5.2p1-gsskex-all-20090726.patch
.endif
@@ -145,48 +146,29 @@ CONFIGURE_ARGS+= --with-ssl-dir=${OPENSS
CFLAGS+= -DCHROOT
.endif
-.if defined(WITH_OPENSC)
-LIB_DEPENDS+= opensc.2:${PORTSDIR}/security/opensc
-CONFIGURE_ARGS+= --with-opensc=${LOCALBASE}
-.endif
-
-# See http://bugzilla.mindrot.org/show_bug.cgi?id=608
-.if defined(WITH_OPENSCPINPATCH)
-EXTRA_PATCHES+= ${FILESDIR}/scardpin.patch
-.endif
-
.if defined(WITH_HPN)
-EXTRA_PATCHES+= ${FILESDIR}/openssh-5.2p1-hpn13v6.diff
+PATCH_SITES+= http://www.psc.edu/networking/projects/hpn-ssh/
+PATCHFILES+= openssh-5.6p1-hpn13v10.diff.gz
.endif
-# See http://dev.inversepath.com/trac/openssh-lpk
+# See http://code.google.com/p/openssh-lpk/wiki/Main
+# and svn repo described here:
+# http://code.google.com/p/openssh-lpk/source/checkout
.if defined(WITH_LPK)
-EXTRA_PATCHES+= ${FILESDIR}/contrib-openssh-lpk-5.1p1-0.3.10.patch
+# Latest LPK patch is against 5.4p1 and does not apply
+# cleanly against 5.6p1, but it's close.
+BROKEN= latest upstream LDAP public key patch is not up to date for OpenSSH 5.6p1
+EXTRA_PATCHES+= ${FILESDIR}/contrib-openssh-lpk-5.4p1-0.3.13.patch
USE_OPENLDAP= yes
-CPPFLAGS+= "-I${LOCALBASE}/include -DWITH_LDAP_PUBKEY"
+CPPFLAGS+= -I${LOCALBASE}/include
CONFIGURE_ARGS+= --with-libs='-lldap' --with-ldflags='-L${LOCALBASE}/lib' \
- --with-cppflags='-I${LOCALBASE}/include -DWITH_LDAP_PUBKEY'
-.endif
-
-# resolve some patches incompatibility between LPK and HPN patches
-
-.if defined(WITH_HPN) && defined(WITH_LPK)
-EXTRA_PATCHES+= ${FILESDIR}/lpk+hpn-servconf.c.patch
-.elif defined(WITH_HPN) && !defined(WITH_LPK)
-EXTRA_PATCHES+= ${FILESDIR}/openssh-5.2p1-hpn13v6-servconf.c.diff
-.elif defined(WITH_LPK) && !defined(WITH_HPN)
-EXTRA_PATCHES+= ${FILESDIR}/contrib-openssh-lpk-5.1p1-0.3.10-servconf.c.patch
-.endif
-
-.if defined(WITH_LPK) && ${ARCH} == "amd64"
-EXTRA_PATCHES+= ${FILESDIR}/contrib-openssh-5.1_p1-lpk-64bit.patch
+ --with-cppflags='${CPPFLAGS}' --with_ldap=yes
.endif
# See http://www.roumenpetrov.info/openssh/
.if defined(WITH_X509)
-PATCH_DIST_STRIP= -p1
-PATCH_SITES+= http://www.roumenpetrov.info/openssh/x509-6.2/
-PATCHFILES+= openssh-5.2p1+x509-6.2.diff.gz
+PATCH_SITES+= http://www.roumenpetrov.info/openssh/x509-6.2.3/
+PATCHFILES+= openssh-5.6p1+x509-6.2.3.diff.gz
PLIST_SUB+= X509=""
.else
PLIST_SUB+= X509="@comment "
@@ -194,6 +176,9 @@ PLIST_SUB+= X509="@comment "
# See http://sftpfilecontrol.sourceforge.net/
.if defined(WITH_FILECONTROL)
+# Latest sftpfilecontrol patch is against 5.4p1 which does not apply
+# cleanly against 5.6p1, but it's close.
+BROKEN= latest upstream sftp file control public key patch is not up to date for OpenSSH 5.6p1
EXTRA_PATCHES+= ${FILESDIR}/openssh-${DISTVERSION}.sftpfilecontrol-v1.3.patch
.endif
--xx55/XzeMR--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201009261950.o8QJo7dS023195>