From owner-svn-ports-head@freebsd.org  Fri Jul 19 19:18:10 2019
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id AAED1A9AD2;
 Fri, 19 Jul 2019 19:18:10 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8D76982D6A;
 Fri, 19 Jul 2019 19:18:10 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6600025B95;
 Fri, 19 Jul 2019 19:18:10 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x6JJIAa6000652;
 Fri, 19 Jul 2019 19:18:10 GMT (envelope-from bdrewery@FreeBSD.org)
Received: (from bdrewery@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x6JJI9MW000649;
 Fri, 19 Jul 2019 19:18:09 GMT (envelope-from bdrewery@FreeBSD.org)
Message-Id: <201907191918.x6JJI9MW000649@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: bdrewery set sender to
 bdrewery@FreeBSD.org using -f
From: Bryan Drewery <bdrewery@FreeBSD.org>
Date: Fri, 19 Jul 2019 19:18:09 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r506959 - in head/security/openssh-portable: . files
X-SVN-Group: ports-head
X-SVN-Commit-Author: bdrewery
X-SVN-Commit-Paths: in head/security/openssh-portable: . files
X-SVN-Commit-Revision: 506959
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 8D76982D6A
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.97 / 15.00];
 local_wl_from(0.00)[FreeBSD.org];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.97)[-0.968,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jul 2019 19:18:10 -0000

Author: bdrewery
Date: Fri Jul 19 19:18:09 2019
New Revision: 506959
URL: https://svnweb.freebsd.org/changeset/ports/506959

Log:
  - Update gssapi patch for 8.0
  - Rework how the gssapi patch is fetched/mirrored so we can fetch
    directly from debian.
  
  PR:		239290
  Submitted by:	david@dcrosstech.com (based on)
  Tested by:	vrwmiller@gmail.com

Modified:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/distinfo
  head/security/openssh-portable/files/extra-patch-hpn-gss-glue

Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile	Fri Jul 19 19:00:04 2019	(r506958)
+++ head/security/openssh-portable/Makefile	Fri Jul 19 19:18:09 2019	(r506959)
@@ -39,7 +39,6 @@ x509_CONFLICTS_INSTALL=		openssh-portable openssh-port
 				openssh-portable-gssapi
 x509_PKGNAMESUFFIX=		-portable-x509
 
-gssapi_BROKEN=		GSSAPI not yet updated for ${DISTVERSION}
 x509_BROKEN=		X509 not yet updated for ${DISTVERSION} - Does anyone use this? Contact maintainer bdrewery@FreeBSD.org
 OPTIONS_DEFINE=		DOCS PAM TCP_WRAPPERS LIBEDIT BSM \
 			HPN X509 KERB_GSSAPI \
@@ -101,7 +100,7 @@ ETCDIR?=		${PREFIX}/etc/ssh
 
 .include <bsd.port.pre.mk>
 
-PATCH_SITES+=		http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex
+PATCH_SITES+=	http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex
 
 # X509 patch includes TCP Wrapper support already
 .if ${PORT_OPTIONS:MX509}
@@ -111,16 +110,19 @@ EXTRA_PATCHES:=		${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA
 # Must add this patch before HPN due to conflicts
 .if ${PORT_OPTIONS:MKERB_GSSAPI}
 #BROKEN=	KERB_GSSAPI No patch for ${DISTVERSION} yet.
-# Patch from:
-# https://sources.debian.org/data/main/o/openssh/1:7.7p1-2/debian/patches/gssapi.patch
-# which was originally based on 5.7 patch from
-# http://www.sxw.org.uk/computing/patches/
-# It is mirrored simply to apply gzip -9.
 .  if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
 # Needed glue for applying HPN patch without conflict
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-hpn-gss-glue
 .  endif
-PATCHFILES+=	openssh-7.9p1-gsskex-all-20141021-debian-rh-20181020.patch.gz:-p1:gsskex
+# - See https://sources.debian.org/data/main/o/openssh/ for which subdir to
+# pull from.
+GSSAPI_DEBIAN_SUBDIR=	${DISTVERSION}-3
+# - Debian does not use a versioned filename so we trick fetch to make one for
+# us with the ?<anything>=/ trick.
+PATCH_SITES+=	https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex
+# Bump this when updating the patch location
+GSSAPI_UPDATE_DATE=	20190719
+PATCHFILES+=	openssh-${DISTVERSION}-gsskex-all-20141021-debian-rh-${GSSAPI_UPDATE_DATE}.patch:-p1:gsskex
 .endif
 
 # https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1

Modified: head/security/openssh-portable/distinfo
==============================================================================
--- head/security/openssh-portable/distinfo	Fri Jul 19 19:00:04 2019	(r506958)
+++ head/security/openssh-portable/distinfo	Fri Jul 19 19:18:09 2019	(r506959)
@@ -3,5 +3,5 @@ SHA256 (openssh-8.0p1.tar.gz) = bd943879e69498e8031eb6
 SIZE (openssh-8.0p1.tar.gz) = 1597697
 SHA256 (openssh-7.9p1+x509-11.5.diff.gz) = 1d15099ce54614f158f10f55b6b4992d915353f92a05e179a64b0655650c00bb
 SIZE (openssh-7.9p1+x509-11.5.diff.gz) = 594995
-SHA256 (openssh-7.9p1-gsskex-all-20141021-debian-rh-20181020.patch.gz) = a9fe46bc97ebb6f32dad44c6e62e712b224392463b2084300835736fe848eabc
-SIZE (openssh-7.9p1-gsskex-all-20141021-debian-rh-20181020.patch.gz) = 27612
+SHA256 (openssh-8.0p1-gsskex-all-20141021-debian-rh-20190719.patch) = 6e07d74626915246d500eeaf9bfb23b1329d6e204d81ba67c09c9c237626c250
+SIZE (openssh-8.0p1-gsskex-all-20141021-debian-rh-20190719.patch) = 128374

Modified: head/security/openssh-portable/files/extra-patch-hpn-gss-glue
==============================================================================
--- head/security/openssh-portable/files/extra-patch-hpn-gss-glue	Fri Jul 19 19:00:04 2019	(r506958)
+++ head/security/openssh-portable/files/extra-patch-hpn-gss-glue	Fri Jul 19 19:18:09 2019	(r506959)
@@ -1,10 +1,10 @@
---- sshconnect2.c.orig	2016-01-19 18:10:12.550854000 -0800
-+++ sshconnect2.c	2016-01-19 18:10:27.290409000 -0800
-@@ -160,11 +160,6 @@ ssh_kex2(char *host, struct sockaddr *ho
- 	struct kex *kex;
+--- sshconnect2.c.orig	2019-07-19 11:53:14.918867000 -0700
++++ sshconnect2.c	2019-07-19 11:53:16.911086000 -0700
+@@ -159,11 +159,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr 
+ 	char *s, *all_key;
  	int r;
  
--#ifdef GSSAPI
+-#if defined(GSSAPI) && defined(WITH_OPENSSL)
 -	char *orig = NULL, *gss = NULL;
 -	char *gss_host = NULL;
 -#endif
@@ -12,13 +12,46 @@
  	xxx_host = host;
  	xxx_hostaddr = hostaddr;
  
-@@ -199,6 +194,9 @@ ssh_kex2(char *host, struct sockaddr *ho
+@@ -197,6 +192,9 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr 
  	}
  
- #ifdef GSSAPI
+ #if defined(GSSAPI) && defined(WITH_OPENSSL)
 +	char *orig = NULL, *gss = NULL;
 +	char *gss_host = NULL;
 +
  	if (options.gss_keyex) {
  		/* Add the GSSAPI mechanisms currently supported on this
  		 * client to the key exchange algorithm proposal */
+--- readconf.c.orig	2019-07-19 12:13:18.000312000 -0700
++++ readconf.c	2019-07-19 12:13:29.614552000 -0700
+@@ -63,11 +63,11 @@
+ #include "readconf.h"
+ #include "match.h"
+ #include "kex.h"
++#include "ssh-gss.h"
+ #include "mac.h"
+ #include "uidswap.h"
+ #include "myproposal.h"
+ #include "digest.h"
+-#include "ssh-gss.h"
+ 
+ /* Format of the configuration file:
+ 
+--- servconf.c.orig	2019-07-19 12:14:42.078398000 -0700
++++ servconf.c	2019-07-19 12:14:43.543687000 -0700
+@@ -54,6 +54,7 @@
+ #include "sshkey.h"
+ #include "kex.h"
+ #include "mac.h"
++#include "ssh-gss.h"
+ #include "match.h"
+ #include "channels.h"
+ #include "groupaccess.h"
+@@ -64,7 +65,6 @@
+ #include "auth.h"
+ #include "myproposal.h"
+ #include "digest.h"
+-#include "ssh-gss.h"
+ 
+ static void add_listen_addr(ServerOptions *, const char *,
+     const char *, int);