From owner-freebsd-ports-bugs@FreeBSD.ORG  Mon Aug 31 18:20:02 2009
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A9C991065672
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Mon, 31 Aug 2009 18:20:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 7E1968FC16
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Mon, 31 Aug 2009 18:20:02 +0000 (UTC)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n7VIK2mA006829
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Mon, 31 Aug 2009 18:20:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n7VIK2VG006828;
	Mon, 31 Aug 2009 18:20:02 GMT (envelope-from gnats)
Resent-Date: Mon, 31 Aug 2009 18:20:02 GMT
Resent-Message-Id: <200908311820.n7VIK2VG006828@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Denis Barov <dindin@dindin.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 976CE106568D
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon, 31 Aug 2009 18:10:22 +0000 (UTC)
	(envelope-from dindin@sepulca.yandex.ru)
Received: from archeopterix.yandex.ru (archeopterix.yandex.ru [93.158.136.52])
	by mx1.freebsd.org (Postfix) with ESMTP id E1D498FC21
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon, 31 Aug 2009 18:10:21 +0000 (UTC)
Received: from sepulca.yandex.ru (dhcp170-57-red.yandex.net [95.108.170.57])
	by archeopterix.yandex.ru (Postfix) with ESMTPS id D02A059DAE7
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon, 31 Aug 2009 22:10:19 +0400 (MSD)
Received: from sepulca.yandex.ru (localhost [127.0.0.1])
	by sepulca.yandex.ru (8.14.3/8.14.3) with ESMTP id n7VIAJGR096045
	for <FreeBSD-gnats-submit@freebsd.org>;
	Mon, 31 Aug 2009 22:10:19 +0400 (MSD)
	(envelope-from dindin@sepulca.yandex.ru)
Received: (from dindin@localhost)
	by sepulca.yandex.ru (8.14.3/8.14.3/Submit) id n7VIAJkV096044;
	Mon, 31 Aug 2009 22:10:19 +0400 (MSD) (envelope-from dindin)
Message-Id: <200908311810.n7VIAJkV096044@sepulca.yandex.ru>
Date: Mon, 31 Aug 2009 22:10:19 +0400 (MSD)
From: Denis Barov <dindin@dindin.ru>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: ports/138409: [MAINTAINER] security/openssh-portable: cumulative
	port
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2009 18:20:02 -0000


>Number:         138409
>Category:       ports
>Synopsis:       [MAINTAINER] security/openssh-portable: cumulative port
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 31 18:20:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Denis Barov
>Release:        FreeBSD 7.2-RELEASE i386
>Organization:
Yandex
>Environment:
System: FreeBSD sepulca.yandex.ru 7.2-RELEASE FreeBSD 7.2-RELEASE #0: Tue Jun  2 19:57:10 MSD
>Description:
[DESCRIBE CHANGES]

cumulative port update for:
- ports/137192
- ports/137100
- ports/138284
- ports/137985

Changed file(s):
- Makefile
- distinfo
- files/openssh-lpk+hpn-servconf.patch

Added file(s):
- files/patch-includes.h

Generated with FreeBSD Port Tools 0.77
>How-To-Repeat:
>Fix:

--- openssh-portable-5.2.p1_1,1 begins here ---
diff -ruN --exclude=CVS /usr/ports/security/openssh-portable/Makefile /usr/ports/security/openssh-portable/Makefile
--- /usr/ports/security/openssh-portable/Makefile	2009-08-24 15:55:27.000000000 +0400
+++ /usr/ports/security/openssh-portable/Makefile	2009-08-31 22:09:08.000000000 +0400
@@ -57,6 +57,7 @@
 		LIBEDIT		"Enable readline support to sftp(1)"		on \
 		KERBEROS	"Enable kerberos (autodetection)"		on \
 		SUID_SSH	"Enable suid SSH (Recommended off)"		off \
+		BSM				"Enable OpenBSM Auditing"						off \
 		GSSAPI		"Enable GSSAPI support (req: KERBEROS)"		off \
 		KERB_GSSAPI	"Enable Kerberos/GSSAPI patch (req: GSSAPI)"	off \
 		OPENSSH_CHROOT	"Enable CHROOT support"				off \
@@ -69,10 +70,6 @@
 
 .include <bsd.port.pre.mk>
 
-.if ${OSVERSION} >= 800037
-BROKEN=		does not compile
-.endif
-
 .if defined(WITH_X509) && ( defined(WITH_HPN) || defined(WITH_LPK))
 BROKEN=		X509 patch incompatible with HPN and LPK patches
 .endif
@@ -97,13 +94,16 @@
 CONFIGURE_ARGS+=	--disable-suid-ssh
 .endif
 
+.if defined(WITH_BSM)
+CONFIGURE_ARGS+=	--with-audit=bsm
+.endif
+
 .if !defined(WITHOUT_KERBEROS)
 .if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI)
 .if defined(WITH_KERB_GSSAPI)
-BROKEN=			KERB_GSSAPI patch incompatible with ${PORTNAME}-5.2p1
 PATCH_DIST_STRIP=	-p0
 PATCH_SITES+=		http://www.sxw.org.uk/computing/patches/
-PATCHFILES+=		openssh-5.0p1-gsskex-20080404.patch
+PATCHFILES+=		openssh-5.2p1-gsskex-all-20090726.patch
 .endif
 PORTABLE_SUFFIX=	# empty
 GSSAPI_SUFFIX=		-gssapi
@@ -182,8 +182,7 @@
 EMPTYDIR=		/var/empty
 PREFIX=			/usr
 ETCSSH=			/etc/ssh
-USE_RC_SUBR=		yes
-SUB_FILES+=		openssh
+USE_RC_SUBR=		openssh
 PLIST_SUB+=		NOTBASE="@comment "
 PLIST_SUB+=		BASE=""
 PLIST_SUB+=		BASEPREFIX="${PREFIX}"
diff -ruN --exclude=CVS /usr/ports/security/openssh-portable/distinfo /usr/ports/security/openssh-portable/distinfo
--- /usr/ports/security/openssh-portable/distinfo	2009-05-15 15:00:27.000000000 +0400
+++ /usr/ports/security/openssh-portable/distinfo	2009-07-29 18:48:34.000000000 +0400
@@ -1,6 +1,6 @@
 MD5 (openssh-5.2p1.tar.gz) = ada79c7328a8551bdf55c95e631e7dad
 SHA256 (openssh-5.2p1.tar.gz) = 4023710c37d0b3d79e6299cb79b6de2a31db7d581fe59e775a5351784034ecae
 SIZE (openssh-5.2p1.tar.gz) = 1016612
-MD5 (openssh-5.2p1+x509-6.2.diff.gz) = 8dbbfb743226864f6bb49b56e77776d9
-SHA256 (openssh-5.2p1+x509-6.2.diff.gz) = 72cfb1e232b6ae0a9df6e8539a9f6b53db7c0a2141cf2e4dd65b407748fa9f34
-SIZE (openssh-5.2p1+x509-6.2.diff.gz) = 153010
+MD5 (openssh-5.2p1-gsskex-all-20090726.patch) = e5c116b4bc3f4b816206e8403dd08af7
+SHA256 (openssh-5.2p1-gsskex-all-20090726.patch) = 6eb297d6fa74be3323c5e4f53df5b6e1f4edf6bf394e3e707c075846886e18e7
+SIZE (openssh-5.2p1-gsskex-all-20090726.patch) = 90959
diff -ruN --exclude=CVS /usr/ports/security/openssh-portable/files/openssh-lpk+hpn-servconf.patch /usr/ports/security/openssh-portable/files/openssh-lpk+hpn-servconf.patch
--- /usr/ports/security/openssh-portable/files/openssh-lpk+hpn-servconf.patch	1970-01-01 03:00:00.000000000 +0300
+++ /usr/ports/security/openssh-portable/files/openssh-lpk+hpn-servconf.patch	2009-07-29 17:50:40.000000000 +0400
@@ -0,0 +1,240 @@
+--- servconf.c.orig	2009-05-02 19:35:42.000000000 +0400
++++ servconf.c	2009-05-02 19:37:13.000000000 +0400
+@@ -42,6 +42,10 @@
+ #include "channels.h"
+ #include "groupaccess.h"
+ 
++#ifdef WITH_LDAP_PUBKEY
++#include "ldapauth.h"
++#endif
++
+ static void add_listen_addr(ServerOptions *, char *, int);
+ static void add_one_listen_addr(ServerOptions *, char *, int);
+ 
+@@ -74,7 +78,7 @@
+ 	options->ignore_user_known_hosts = -1;
+ 	options->print_motd = -1;
+ 	options->print_lastlog = -1;
+-	options->x11_forwarding = -1;
++	options->x11_forwarding = 1;
+ 	options->x11_display_offset = -1;
+ 	options->x11_use_localhost = -1;
+ 	options->xauth_location = NULL;
+@@ -127,12 +131,39 @@
+ 	options->num_permitted_opens = -1;
+ 	options->adm_forced_command = NULL;
+ 	options->chroot_directory = NULL;
++ 	options->none_enabled = -1;
++ 	options->tcp_rcv_buf_poll = -1;
++ 	options->hpn_disabled = -1;
++ 	options->hpn_buffer_size = -1;
+ 	options->zero_knowledge_password_authentication = -1;
++#ifdef WITH_LDAP_PUBKEY
++	/* XXX dirty */
++	options->lpk.ld = NULL;
++	options->lpk.on = -1;
++	options->lpk.servers = NULL;
++	options->lpk.u_basedn = NULL;
++	options->lpk.g_basedn = NULL;
++	options->lpk.binddn = NULL;
++	options->lpk.bindpw = NULL;
++	options->lpk.sgroup = NULL;
++	options->lpk.filter = NULL;
++	options->lpk.fgroup = NULL;
++	options->lpk.l_conf = NULL;
++	options->lpk.tls = -1;
++	options->lpk.b_timeout.tv_sec = -1;
++	options->lpk.s_timeout.tv_sec = -1;
++	options->lpk.flags = FLAG_EMPTY;
++#endif
+ }
+ 
+ void
+ fill_default_server_options(ServerOptions *options)
+ {
++ 	/* needed for hpn socket tests */
++ 	int sock;
++ 	int socksize;
++ 	int socksizelen = sizeof(int);
++ 
+ 	/* Portable-specific options */
+ 	if (options->use_pam == -1)
+ 		options->use_pam = 1;
+@@ -265,6 +296,32 @@
+ 		options->permit_tun = SSH_TUNMODE_NO;
+ 	if (options->zero_knowledge_password_authentication == -1)
+ 		options->zero_knowledge_password_authentication = 0;
++#ifdef WITH_LDAP_PUBKEY
++	if (options->lpk.on == -1)
++	    options->lpk.on = _DEFAULT_LPK_ON;
++	if (options->lpk.servers == NULL)
++	    options->lpk.servers = _DEFAULT_LPK_SERVERS;
++	if (options->lpk.u_basedn == NULL)
++	    options->lpk.u_basedn = _DEFAULT_LPK_UDN;
++	if (options->lpk.g_basedn == NULL)
++	    options->lpk.g_basedn = _DEFAULT_LPK_GDN;
++	if (options->lpk.binddn == NULL)
++	    options->lpk.binddn = _DEFAULT_LPK_BINDDN;
++	if (options->lpk.bindpw == NULL)
++	    options->lpk.bindpw = _DEFAULT_LPK_BINDPW;
++	if (options->lpk.sgroup == NULL)
++	    options->lpk.sgroup = _DEFAULT_LPK_SGROUP;
++	if (options->lpk.filter == NULL)
++	    options->lpk.filter = _DEFAULT_LPK_FILTER;
++	if (options->lpk.tls == -1)
++	    options->lpk.tls = _DEFAULT_LPK_TLS;
++	if (options->lpk.b_timeout.tv_sec == -1)
++	    options->lpk.b_timeout.tv_sec = _DEFAULT_LPK_BTIMEOUT;
++	if (options->lpk.s_timeout.tv_sec == -1)
++	    options->lpk.s_timeout.tv_sec = _DEFAULT_LPK_STIMEOUT;
++	if (options->lpk.l_conf == NULL)
++	    options->lpk.l_conf = _DEFAULT_LPK_LDP;
++#endif
+ 
+ 	if (options->hpn_disabled == -1) 
+ 		options->hpn_disabled = 0;
+@@ -345,8 +402,15 @@
+ 	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+ 	sUsePrivilegeSeparation, sAllowAgentForwarding,
++ 	sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
+ 	sZeroKnowledgePasswordAuthentication,
+ 	sDeprecated, sUnsupported
++#ifdef WITH_LDAP_PUBKEY
++	,sLdapPublickey, sLdapServers, sLdapUserDN
++	,sLdapGroupDN, sBindDN, sBindPw, sMyGroup
++	,sLdapFilter, sForceTLS, sBindTimeout
++	,sSearchTimeout, sLdapConf
++#endif
+ } ServerOpCodes;
+ 
+ #define SSHCFG_GLOBAL	0x01	/* allowed in main section of sshd_config */
+@@ -457,6 +521,20 @@
+ 	{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
+ 	{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL },
+ 	{ "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL },
++#ifdef WITH_LDAP_PUBKEY
++	{ _DEFAULT_LPK_TOKEN, sLdapPublickey, SSHCFG_GLOBAL },
++	{ _DEFAULT_SRV_TOKEN, sLdapServers, SSHCFG_GLOBAL },
++	{ _DEFAULT_USR_TOKEN, sLdapUserDN, SSHCFG_GLOBAL },
++	{ _DEFAULT_GRP_TOKEN, sLdapGroupDN, SSHCFG_GLOBAL },
++	{ _DEFAULT_BDN_TOKEN, sBindDN, SSHCFG_GLOBAL },
++	{ _DEFAULT_BPW_TOKEN, sBindPw, SSHCFG_GLOBAL },
++	{ _DEFAULT_MYG_TOKEN, sMyGroup, SSHCFG_GLOBAL },
++	{ _DEFAULT_FIL_TOKEN, sLdapFilter, SSHCFG_GLOBAL },
++	{ _DEFAULT_TLS_TOKEN, sForceTLS, SSHCFG_GLOBAL },
++	{ _DEFAULT_BTI_TOKEN, sBindTimeout, SSHCFG_GLOBAL },
++	{ _DEFAULT_STI_TOKEN, sSearchTimeout, SSHCFG_GLOBAL },
++	{ _DEFAULT_LDP_TOKEN, sLdapConf, SSHCFG_GLOBAL },
++#endif
+ 	{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL },
+ 	{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
+ 	{ "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
+@@ -1368,6 +1446,107 @@
+ 		while (arg)
+ 		    arg = strdelim(&cp);
+ 		break;
++#ifdef WITH_LDAP_PUBKEY
++	case sLdapPublickey:
++		intptr = &options->lpk.on;
++		goto parse_flag;
++	case sLdapServers:
++		/* arg = strdelim(&cp); */
++		p = line;
++		while(*p++);
++		arg = p;
++		if (!arg || *arg == '\0')
++		    fatal("%s line %d: missing ldap server",filename,linenum);
++		arg[strlen(arg)] = '\0';
++		if ((options->lpk.servers = ldap_parse_servers(arg)) == NULL)
++		    fatal("%s line %d: error in ldap servers", filename, linenum);
++		memset(arg,0,strlen(arg));
++		break;
++	case sLdapUserDN:
++		arg = cp;
++		if (!arg || *arg == '\0')
++		    fatal("%s line %d: missing ldap server",filename,linenum);
++		arg[strlen(arg)] = '\0';
++		options->lpk.u_basedn = xstrdup(arg);
++		memset(arg,0,strlen(arg));
++		break;
++	case sLdapGroupDN:
++		arg = cp;
++		if (!arg || *arg == '\0')
++		    fatal("%s line %d: missing ldap server",filename,linenum);
++		arg[strlen(arg)] = '\0';
++		options->lpk.g_basedn = xstrdup(arg);
++		memset(arg,0,strlen(arg));
++		break;
++	case sBindDN:
++		arg = cp;
++		if (!arg || *arg == '\0')
++		    fatal("%s line %d: missing binddn",filename,linenum);
++		arg[strlen(arg)] = '\0';
++		options->lpk.binddn = xstrdup(arg);
++		memset(arg,0,strlen(arg));
++		break;
++	case sBindPw:
++		arg = cp;
++		if (!arg || *arg == '\0')
++		    fatal("%s line %d: missing bindpw",filename,linenum);
++		arg[strlen(arg)] = '\0';
++		options->lpk.bindpw = xstrdup(arg);
++		memset(arg,0,strlen(arg));
++		break;
++	case sMyGroup:
++		arg = cp;
++		if (!arg || *arg == '\0')
++		    fatal("%s line %d: missing groupname",filename, linenum);
++		arg[strlen(arg)] = '\0';
++		options->lpk.sgroup = xstrdup(arg);
++		if (options->lpk.sgroup)
++		    options->lpk.fgroup = ldap_parse_groups(options->lpk.sgroup);
++		memset(arg,0,strlen(arg));
++		break;
++	case sLdapFilter:
++		arg = cp;
++		if (!arg || *arg == '\0')
++		    fatal("%s line %d: missing filter",filename, linenum);
++		arg[strlen(arg)] = '\0';
++		options->lpk.filter = xstrdup(arg);
++		memset(arg,0,strlen(arg));
++		break;
++	case sForceTLS:
++		intptr = &options->lpk.tls;
++		arg = strdelim(&cp);
++		if (!arg || *arg == '\0')
++			fatal("%s line %d: missing yes/no argument.",
++			    filename, linenum);
++		value = 0;	/* silence compiler */
++		if (strcmp(arg, "yes") == 0)
++			value = 1;
++		else if (strcmp(arg, "no") == 0)
++			value = 0;
++		else if (strcmp(arg, "try") == 0)
++			value = -1;
++		else
++			fatal("%s line %d: Bad yes/no argument: %s",
++				filename, linenum, arg);
++		if (*intptr == -1)
++			*intptr = value;
++		break;
++	case sBindTimeout:
++		intptr = (int *) &options->lpk.b_timeout.tv_sec;
++		goto parse_int;
++	case sSearchTimeout:
++		intptr = (int *) &options->lpk.s_timeout.tv_sec;
++		goto parse_int;
++		break;
++	case sLdapConf:
++		arg = cp;
++		if (!arg || *arg == '\0')
++		    fatal("%s line %d: missing LpkLdapConf", filename, linenum);
++		arg[strlen(arg)] = '\0';
++		options->lpk.l_conf = xstrdup(arg);
++		memset(arg, 0, strlen(arg));
++		break;
++#endif
+ 
+ 	default:
+ 		fatal("%s line %d: Missing handler for opcode %s (%d)",
diff -ruN --exclude=CVS /usr/ports/security/openssh-portable/files/patch-includes.h /usr/ports/security/openssh-portable/files/patch-includes.h
--- /usr/ports/security/openssh-portable/files/patch-includes.h	1970-01-01 03:00:00.000000000 +0300
+++ /usr/ports/security/openssh-portable/files/patch-includes.h	2009-08-31 22:02:01.000000000 +0400
@@ -0,0 +1,13 @@
+--- includes.h     2008-07-04 17:10:49.000000000 +0400
++++ includes.h     2009-08-31 22:01:13.000000000 +0400
+@@ -31,7 +31,8 @@
+ #endif
+ #if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \
+     defined(GLOB_HAS_GL_MATCHC) && \
+-    defined(HAVE_DECL_GLOB_NOMATCH) &&  HAVE_DECL_GLOB_NOMATCH != 0
++    defined(HAVE_DECL_GLOB_NOMATCH) &&  HAVE_DECL_GLOB_NOMATCH != 0 && \
++    !defined(BROKEN_GLOB)
+ # include <glob.h>
+ #endif
+ #ifdef HAVE_ENDIAN_H
+
--- openssh-portable-5.2.p1_1,1 ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:
 >update for ports/137192, ports/137100, ports/138284, ports/137985