security/openssh-portable: Add KERB_GSSAPI patch for 9.8p1

This patch unbreaks the gssapi flavor. - Update the distfile location. - Remove files/extra-patch-gssapi-auth2-gss.c. The change is already present in the code so there is no need to carry this extra patch any further. - Add -lgssapi_krb5 to CONFIGURE_LIBS. It fixes the following build errors: ld: error: undefined symbol: gss_indicate_mechs >>> referenced by sshd.c >>> sshd.o:(main) ld: error: undefined symbol: gss_release_oid_set >>> referenced by sshd.c >>> sshd.o:(main) PR: 279437 Approved by: maintainer timeout Sponsored by: Klara, Inc.
2025-01-16 07:58:04 +00:00 · 2024-08-16 10:33:26 +02:00 · 2024-08-16 10:33:26 +02:00 · 09b332a715
commit 09b332a715
parent 453e440ef6
3 changed files with 8 additions and 17 deletions
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@ -102,22 +102,21 @@ PATCH_SITES+=	http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex

 # Must add this patch before HPN due to conflicts
 .if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi
-BROKEN=	KERB_GSSAPI No patch for ${DISTVERSION} yet.
+#BROKEN=	KERB_GSSAPI No patch for ${DISTVERSION} yet.
 .  if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
 # Needed glue for applying HPN patch without conflict
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-hpn-gss-glue
 .  endif
 # - See https://sources.debian.org/data/main/o/openssh/ for which subdir to
 # pull from.
-GSSAPI_DEBIAN_VERSION=	9.7p1
-GSSAPI_DEBIAN_SUBDIR=	${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-2
+GSSAPI_DEBIAN_VERSION=	9.8p1
+GSSAPI_DEBIAN_SUBDIR=	${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-3
 # - Debian does not use a versioned filename so we trick fetch to make one for
 # us with the ?<anything>=/ trick.
 PATCH_SITES+=	https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex
 # Bump this when updating the patch location
-GSSAPI_DISTVERSION=	9.7p1
+GSSAPI_DISTVERSION=	9.8p1
 PATCHFILES+=	openssh-${GSSAPI_DISTVERSION:U${DISTVERSION}}-gsskex-all-debian-rh-${GSSAPI_DISTVERSION}.patch:-p1:gsskex
-EXTRA_PATCHES+=	${FILESDIR}/extra-patch-gssapi-auth2-gss.c
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-gssapi-kexgssc.c
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-gssapi-kexgsss.c
 .endif
@ -158,6 +157,7 @@ IGNORE=		you have selected HEIMDAL_BASE but do not have heimdal installed in bas
 CONFIGURE_LIBS+=	-lgssapi_krb5
 CONFIGURE_ARGS+=	--with-kerberos5=/usr
 .	else
+CONFIGURE_LIBS+=	-lgssapi_krb5
 CONFIGURE_ARGS+=	--with-kerberos5=${LOCALBASE}
 .	endif
 .	if ${OPENSSLBASE} == "/usr"
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@ -1,3 +1,5 @@
-TIMESTAMP = 1719864470
+TIMESTAMP = 1722605239
 SHA256 (openssh-9.8p1.tar.gz) = dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3
 SIZE (openssh-9.8p1.tar.gz) = 1910393
+SHA256 (openssh-9.8p1-gsskex-all-debian-rh-9.8p1.patch) = f5b93bf8076aa386afa63e98bb5b39b6e477b8ccb24d2d4b700f6cd685be6f78
+SIZE (openssh-9.8p1-gsskex-all-debian-rh-9.8p1.patch) = 125084
--- a/security/openssh-portable/files/extra-patch-gssapi-auth2-gss.c
+++ b/security/openssh-portable/files/extra-patch-gssapi-auth2-gss.c
@ -1,11 +0,0 @@
--- auth2-gss.c.orig	2022-03-03 10:56:35.668672000 -0800
-+++ auth2-gss.c	2022-03-03 11:03:16.048838000 -0800
-@@ -59,7 +59,7 @@ static int input_gssapi_errtok(int, u_int32_t, struct 
-  * The 'gssapi_keyex' userauth mechanism.
-  */
- static int
-userauth_gsskeyex(struct ssh *ssh)
-+userauth_gsskeyex(struct ssh *ssh, const char *method)
- {
- 	Authctxt *authctxt = ssh->authctxt;
- 	int r, authenticated = 0;