Date: Mon, 8 Aug 2016 19:22:37 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r419892 - in head/security/openssh-portable: . files Message-ID: <201608081922.u78JMbXV026225@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Mon Aug 8 19:22:37 2016 New Revision: 419892 URL: https://svnweb.freebsd.org/changeset/ports/419892 Log: - Update to 7.3p1 - X509: Unbreak and update to 9.0 - SCTP: Mark BROKEN - KERB_GSSAPI: Unbreak and update from Debian's patch Release notes: http://www.openssh.com/txt/release-7.3 Modified: head/security/openssh-portable/Makefile head/security/openssh-portable/distinfo head/security/openssh-portable/files/extra-patch-hpn head/security/openssh-portable/files/patch-auth2.c head/security/openssh-portable/files/patch-readconf.c Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Mon Aug 8 19:13:17 2016 (r419891) +++ head/security/openssh-portable/Makefile Mon Aug 8 19:22:37 2016 (r419892) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= openssh -DISTVERSION= 7.2p2 +DISTVERSION= 7.3p1 PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security ipv6 @@ -60,14 +60,15 @@ HPN_CONFIGURE_WITH= hpn NONECIPHER_CONFIGURE_WITH= nonecipher # See http://www.roumenpetrov.info/openssh/ -X509_VERSION= 8.5 +X509_VERSION= 9.0 X509_PATCH_SITES= http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509 -X509_PATCHFILES= ${PORTNAME}-7.0p1+x509-${X509_VERSION}.diff.gz:-p1:x509 +X509_PATCHFILES= ${PORTNAME}-7.3p1+x509-${X509_VERSION}.diff.gz:-p1:x509 # See https://bugzilla.mindrot.org/show_bug.cgi?id=2016 # and https://bugzilla.mindrot.org/show_bug.cgi?id=1604 SCTP_PATCHFILES= ${PORTNAME}-7.2_p1-sctp.patch.gz:-p1 SCTP_CONFIGURE_WITH= sctp +SCTP_BROKEN= does not apply to 7.3+ MIT_LIB_DEPENDS= libkrb5.so.3:security/krb5 HEIMDAL_LIB_DEPENDS= libkrb5.so.26:security/heimdal @@ -92,16 +93,16 @@ EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_ # Must add this patch before HPN due to conflicts .if ${PORT_OPTIONS:MKERB_GSSAPI} -BROKEN= KERN_GSSAPI does not yet apply with 7.2+ -# 7.1 patch taken from +# 7.3 patch taken from # http://sources.debian.net/data/main/o/openssh/1:7.1p2-2/debian/patches/gssapi.patch # which was originally based on 5.7 patch from # http://www.sxw.org.uk/computing/patches/ +# It is mirrored simply to apply gzip -9. . if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} # Needed glue for applying HPN patch without conflict EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue . endif -PATCHFILES+= openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz:-p1:gsskex +PATCHFILES+= openssh-7.3p1-gsskex-all-20141021-debian-rh-20160808.patch.gz:-p1:gsskex .endif # http://www.psc.edu/index.php/hpn-ssh https://github.com/rapier1/hpn-ssh https://github.com/rapier1/openssh-portable @@ -122,7 +123,6 @@ CONFIGURE_ARGS+= --disable-utmp --disabl EXTRA_PATCHES+= ${FILESDIR}/extra-patch-version-addendum .if ${PORT_OPTIONS:MX509} -BROKEN= X509 does not apply with 7.1+ . if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} BROKEN= X509 patch and HPN patch do not apply cleanly together . endif Modified: head/security/openssh-portable/distinfo ============================================================================== --- head/security/openssh-portable/distinfo Mon Aug 8 19:13:17 2016 (r419891) +++ head/security/openssh-portable/distinfo Mon Aug 8 19:22:37 2016 (r419892) @@ -1,8 +1,9 @@ -SHA256 (openssh-7.2p2.tar.gz) = a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c -SIZE (openssh-7.2p2.tar.gz) = 1499808 +TIMESTAMP = 1470675521 +SHA256 (openssh-7.3p1.tar.gz) = 3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc +SIZE (openssh-7.3p1.tar.gz) = 1522617 SHA256 (openssh-7.2_p1-sctp.patch.gz) = fb67e3e23f39fabf44ef198e3e19527417c75c9352747547448512032365dbfc SIZE (openssh-7.2_p1-sctp.patch.gz) = 8501 -SHA256 (openssh-7.0p1+x509-8.5.diff.gz) = 6000557f1ddae06aff8837d440d93342a923fada571fec59fc5dedf388fb5f9e -SIZE (openssh-7.0p1+x509-8.5.diff.gz) = 411960 -SHA256 (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 420f3ee70705de57bb9a9ad66e72c1d40c318d8a882815d108816687fcc79b62 -SIZE (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 25798 +SHA256 (openssh-7.3p1+x509-9.0.diff.gz) = ed468fe2e6220065b2bf3e2ed9eb0c7c8183f32f50fa50d64505d5feaef2d900 +SIZE (openssh-7.3p1+x509-9.0.diff.gz) = 571918 +SHA256 (openssh-7.3p1-gsskex-all-20141021-debian-rh-20160808.patch.gz) = 83698da23a7d4dd24be9bc15ea7e801890dfc9303815135552c8ddfd158f1a95 +SIZE (openssh-7.3p1-gsskex-all-20141021-debian-rh-20160808.patch.gz) = 26818 Modified: head/security/openssh-portable/files/extra-patch-hpn ============================================================================== --- head/security/openssh-portable/files/extra-patch-hpn Mon Aug 8 19:13:17 2016 (r419891) +++ head/security/openssh-portable/files/extra-patch-hpn Mon Aug 8 19:22:37 2016 (r419892) @@ -675,7 +675,7 @@ diff -urN -x configure -x config.guess - int no_host_authentication_for_localhost; --- work.clean/openssh-6.8p1/scp.c 2015-03-17 00:49:20.000000000 -0500 +++ work/openssh-6.8p1/scp.c 2015-04-02 16:51:25.108407000 -0500 -@@ -750,7 +750,7 @@ +@@ -764,7 +764,7 @@ source(int argc, char **argv) off_t i, statbytes; size_t amt, nr; int fd = -1, haderr, indx; @@ -684,12 +684,12 @@ diff -urN -x configure -x config.guess - int len; for (indx = 0; indx < argc; ++indx) { -@@ -919,7 +919,7 @@ +@@ -932,7 +932,7 @@ sink(int argc, char **argv) off_t size, statbytes; unsigned long long ull; int setimes, targisdir, wrerrno = 0; -- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; -+ char ch, *cp, *np, *targ, *why, *vect[1], buf[16384]; +- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; ++ char ch, *cp, *np, *targ, *why, *vect[1], buf[16384], visbuf[16384]; struct timeval tv[2]; #define atime tv[0] Modified: head/security/openssh-portable/files/patch-auth2.c ============================================================================== --- head/security/openssh-portable/files/patch-auth2.c Mon Aug 8 19:13:17 2016 (r419891) +++ head/security/openssh-portable/files/patch-auth2.c Mon Aug 8 19:22:37 2016 (r419892) @@ -15,21 +15,22 @@ Apply class-imposed login restrictions. #include "dispatch.h" #include "pathnames.h" #include "buffer.h" -@@ -219,6 +220,13 @@ +@@ -216,6 +217,14 @@ input_userauth_request(int type, u_int32 Authmethod *m = NULL; char *user, *service, *method, *style = NULL; int authenticated = 0; +#ifdef HAVE_LOGIN_CAP ++ struct ssh *ssh = active_state; /* XXX */ + login_cap_t *lc; + const char *from_host, *from_ip; + -+ from_host = get_canonical_hostname(options.use_dns); -+ from_ip = get_remote_ipaddr(); ++ from_host = auth_get_canonical_hostname(ssh, options.use_dns); ++ from_ip = ssh_remote_ipaddr(ssh); +#endif if (authctxt == NULL) fatal("input_userauth_request: no authctxt"); -@@ -265,6 +273,27 @@ +@@ -262,6 +271,27 @@ input_userauth_request(int type, u_int32 "(%s,%s) -> (%s,%s)", authctxt->user, authctxt->service, user, service); } @@ -56,4 +57,4 @@ Apply class-imposed login restrictions. + /* reset state */ auth2_challenge_stop(authctxt); - #ifdef JPAKE + Modified: head/security/openssh-portable/files/patch-readconf.c ============================================================================== --- head/security/openssh-portable/files/patch-readconf.c Mon Aug 8 19:13:17 2016 (r419891) +++ head/security/openssh-portable/files/patch-readconf.c Mon Aug 8 19:22:37 2016 (r419892) @@ -29,10 +29,11 @@ Submitted by: delphij@ #include <sys/wait.h> #include <sys/un.h> -@@ -281,7 +282,19 @@ add_local_forward(Options *options, cons +@@ -311,8 +312,19 @@ add_local_forward(Options *options, cons struct Forward *fwd; - #ifndef NO_IPPORT_RESERVED_CONCEPT extern uid_t original_real_uid; + int i; +- - if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 && + int ipport_reserved; +#ifdef __FreeBSD__ @@ -49,8 +50,8 @@ Submitted by: delphij@ + if (newfwd->listen_port < ipport_reserved && original_real_uid != 0 && newfwd->listen_path == NULL) fatal("Privileged ports can only be forwarded by root."); - #endif -@@ -1674,7 +1687,7 @@ fill_default_options(Options * options) + /* Don't add duplicates */ +@@ -1934,7 +1946,7 @@ fill_default_options(Options * options) if (options->batch_mode == -1) options->batch_mode = 0; if (options->check_host_ip == -1)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201608081922.u78JMbXV026225>