Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 19 Jul 2019 19:18:09 +0000 (UTC)
From:      Bryan Drewery <bdrewery@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r506959 - in head/security/openssh-portable: . files
Message-ID:  <201907191918.x6JJI9MW000649@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: bdrewery
Date: Fri Jul 19 19:18:09 2019
New Revision: 506959
URL: https://svnweb.freebsd.org/changeset/ports/506959

Log:
  - Update gssapi patch for 8.0
  - Rework how the gssapi patch is fetched/mirrored so we can fetch
    directly from debian.
  
  PR:		239290
  Submitted by:	david@dcrosstech.com (based on)
  Tested by:	vrwmiller@gmail.com

Modified:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/distinfo
  head/security/openssh-portable/files/extra-patch-hpn-gss-glue

Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile	Fri Jul 19 19:00:04 2019	(r506958)
+++ head/security/openssh-portable/Makefile	Fri Jul 19 19:18:09 2019	(r506959)
@@ -39,7 +39,6 @@ x509_CONFLICTS_INSTALL=		openssh-portable openssh-port
 				openssh-portable-gssapi
 x509_PKGNAMESUFFIX=		-portable-x509
 
-gssapi_BROKEN=		GSSAPI not yet updated for ${DISTVERSION}
 x509_BROKEN=		X509 not yet updated for ${DISTVERSION} - Does anyone use this? Contact maintainer bdrewery@FreeBSD.org
 OPTIONS_DEFINE=		DOCS PAM TCP_WRAPPERS LIBEDIT BSM \
 			HPN X509 KERB_GSSAPI \
@@ -101,7 +100,7 @@ ETCDIR?=		${PREFIX}/etc/ssh
 
 .include <bsd.port.pre.mk>
 
-PATCH_SITES+=		http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex
+PATCH_SITES+=	http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex
 
 # X509 patch includes TCP Wrapper support already
 .if ${PORT_OPTIONS:MX509}
@@ -111,16 +110,19 @@ EXTRA_PATCHES:=		${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA
 # Must add this patch before HPN due to conflicts
 .if ${PORT_OPTIONS:MKERB_GSSAPI}
 #BROKEN=	KERB_GSSAPI No patch for ${DISTVERSION} yet.
-# Patch from:
-# https://sources.debian.org/data/main/o/openssh/1:7.7p1-2/debian/patches/gssapi.patch
-# which was originally based on 5.7 patch from
-# http://www.sxw.org.uk/computing/patches/
-# It is mirrored simply to apply gzip -9.
 .  if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
 # Needed glue for applying HPN patch without conflict
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-hpn-gss-glue
 .  endif
-PATCHFILES+=	openssh-7.9p1-gsskex-all-20141021-debian-rh-20181020.patch.gz:-p1:gsskex
+# - See https://sources.debian.org/data/main/o/openssh/ for which subdir to
+# pull from.
+GSSAPI_DEBIAN_SUBDIR=	${DISTVERSION}-3
+# - Debian does not use a versioned filename so we trick fetch to make one for
+# us with the ?<anything>=/ trick.
+PATCH_SITES+=	https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex
+# Bump this when updating the patch location
+GSSAPI_UPDATE_DATE=	20190719
+PATCHFILES+=	openssh-${DISTVERSION}-gsskex-all-20141021-debian-rh-${GSSAPI_UPDATE_DATE}.patch:-p1:gsskex
 .endif
 
 # https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1

Modified: head/security/openssh-portable/distinfo
==============================================================================
--- head/security/openssh-portable/distinfo	Fri Jul 19 19:00:04 2019	(r506958)
+++ head/security/openssh-portable/distinfo	Fri Jul 19 19:18:09 2019	(r506959)
@@ -3,5 +3,5 @@ SHA256 (openssh-8.0p1.tar.gz) = bd943879e69498e8031eb6
 SIZE (openssh-8.0p1.tar.gz) = 1597697
 SHA256 (openssh-7.9p1+x509-11.5.diff.gz) = 1d15099ce54614f158f10f55b6b4992d915353f92a05e179a64b0655650c00bb
 SIZE (openssh-7.9p1+x509-11.5.diff.gz) = 594995
-SHA256 (openssh-7.9p1-gsskex-all-20141021-debian-rh-20181020.patch.gz) = a9fe46bc97ebb6f32dad44c6e62e712b224392463b2084300835736fe848eabc
-SIZE (openssh-7.9p1-gsskex-all-20141021-debian-rh-20181020.patch.gz) = 27612
+SHA256 (openssh-8.0p1-gsskex-all-20141021-debian-rh-20190719.patch) = 6e07d74626915246d500eeaf9bfb23b1329d6e204d81ba67c09c9c237626c250
+SIZE (openssh-8.0p1-gsskex-all-20141021-debian-rh-20190719.patch) = 128374

Modified: head/security/openssh-portable/files/extra-patch-hpn-gss-glue
==============================================================================
--- head/security/openssh-portable/files/extra-patch-hpn-gss-glue	Fri Jul 19 19:00:04 2019	(r506958)
+++ head/security/openssh-portable/files/extra-patch-hpn-gss-glue	Fri Jul 19 19:18:09 2019	(r506959)
@@ -1,10 +1,10 @@
---- sshconnect2.c.orig	2016-01-19 18:10:12.550854000 -0800
-+++ sshconnect2.c	2016-01-19 18:10:27.290409000 -0800
-@@ -160,11 +160,6 @@ ssh_kex2(char *host, struct sockaddr *ho
- 	struct kex *kex;
+--- sshconnect2.c.orig	2019-07-19 11:53:14.918867000 -0700
++++ sshconnect2.c	2019-07-19 11:53:16.911086000 -0700
+@@ -159,11 +159,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr 
+ 	char *s, *all_key;
  	int r;
  
--#ifdef GSSAPI
+-#if defined(GSSAPI) && defined(WITH_OPENSSL)
 -	char *orig = NULL, *gss = NULL;
 -	char *gss_host = NULL;
 -#endif
@@ -12,13 +12,46 @@
  	xxx_host = host;
  	xxx_hostaddr = hostaddr;
  
-@@ -199,6 +194,9 @@ ssh_kex2(char *host, struct sockaddr *ho
+@@ -197,6 +192,9 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr 
  	}
  
- #ifdef GSSAPI
+ #if defined(GSSAPI) && defined(WITH_OPENSSL)
 +	char *orig = NULL, *gss = NULL;
 +	char *gss_host = NULL;
 +
  	if (options.gss_keyex) {
  		/* Add the GSSAPI mechanisms currently supported on this
  		 * client to the key exchange algorithm proposal */
+--- readconf.c.orig	2019-07-19 12:13:18.000312000 -0700
++++ readconf.c	2019-07-19 12:13:29.614552000 -0700
+@@ -63,11 +63,11 @@
+ #include "readconf.h"
+ #include "match.h"
+ #include "kex.h"
++#include "ssh-gss.h"
+ #include "mac.h"
+ #include "uidswap.h"
+ #include "myproposal.h"
+ #include "digest.h"
+-#include "ssh-gss.h"
+ 
+ /* Format of the configuration file:
+ 
+--- servconf.c.orig	2019-07-19 12:14:42.078398000 -0700
++++ servconf.c	2019-07-19 12:14:43.543687000 -0700
+@@ -54,6 +54,7 @@
+ #include "sshkey.h"
+ #include "kex.h"
+ #include "mac.h"
++#include "ssh-gss.h"
+ #include "match.h"
+ #include "channels.h"
+ #include "groupaccess.h"
+@@ -64,7 +65,6 @@
+ #include "auth.h"
+ #include "myproposal.h"
+ #include "digest.h"
+-#include "ssh-gss.h"
+ 
+ static void add_listen_addr(ServerOptions *, const char *,
+     const char *, int);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201907191918.x6JJI9MW000649>