- Update to 7.3p1

- X509: Unbreak and update to 9.0 - SCTP: Mark BROKEN - KERB_GSSAPI: Unbreak and update from Debian's patch Release notes: http://www.openssh.com/txt/release-7.3
svn path=/head/; revision=419892
2024-12-13 03:03:15 +00:00 · 2016-08-08 19:22:37 +00:00 · 2016-08-08 19:22:37 +00:00 · 4e90011c99 · 2021-03-31 03:12:20 +00:00
commit 4e90011c99
parent bb1cb70a36
5 changed files with 29 additions and 26 deletions
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@ -2,7 +2,7 @@
 # $FreeBSD$

 PORTNAME=	openssh
-DISTVERSION=	7.2p2
+DISTVERSION=	7.3p1
 PORTREVISION=	0
 PORTEPOCH=	1
 CATEGORIES=	security ipv6
@ -60,14 +60,15 @@ HPN_CONFIGURE_WITH=		hpn
 NONECIPHER_CONFIGURE_WITH=	nonecipher

 # See http://www.roumenpetrov.info/openssh/
-X509_VERSION=		8.5
+X509_VERSION=		9.0
 X509_PATCH_SITES=	http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509
-X509_PATCHFILES=	${PORTNAME}-7.0p1+x509-${X509_VERSION}.diff.gz:-p1:x509
+X509_PATCHFILES=	${PORTNAME}-7.3p1+x509-${X509_VERSION}.diff.gz:-p1:x509

 # See https://bugzilla.mindrot.org/show_bug.cgi?id=2016
 # and https://bugzilla.mindrot.org/show_bug.cgi?id=1604
 SCTP_PATCHFILES=	${PORTNAME}-7.2_p1-sctp.patch.gz:-p1
 SCTP_CONFIGURE_WITH=	sctp
+SCTP_BROKEN=		does not apply to 7.3+

 MIT_LIB_DEPENDS=		libkrb5.so.3:security/krb5
 HEIMDAL_LIB_DEPENDS=		libkrb5.so.26:security/heimdal
@ -92,16 +93,16 @@ EXTRA_PATCHES:=		${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}}

 # Must add this patch before HPN due to conflicts
 .if ${PORT_OPTIONS:MKERB_GSSAPI}
-BROKEN=		KERN_GSSAPI does not yet apply with 7.2+
-# 7.1 patch taken from
+# 7.3 patch taken from
 # http://sources.debian.net/data/main/o/openssh/1:7.1p2-2/debian/patches/gssapi.patch
 # which was originally based on 5.7 patch from
 # http://www.sxw.org.uk/computing/patches/
+# It is mirrored simply to apply gzip -9.
 .  if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
 # Needed glue for applying HPN patch without conflict
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-hpn-gss-glue
 .  endif
-PATCHFILES+=	openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz:-p1:gsskex
+PATCHFILES+=	openssh-7.3p1-gsskex-all-20141021-debian-rh-20160808.patch.gz:-p1:gsskex
 .endif

 # http://www.psc.edu/index.php/hpn-ssh https://github.com/rapier1/hpn-ssh https://github.com/rapier1/openssh-portable
@ -122,7 +123,6 @@ CONFIGURE_ARGS+=	--disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog
 EXTRA_PATCHES+=		${FILESDIR}/extra-patch-version-addendum

 .if ${PORT_OPTIONS:MX509}
-BROKEN=	X509 does not apply with 7.1+
 .  if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
 BROKEN=		X509 patch and HPN patch do not apply cleanly together
 .  endif
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@ -1,8 +1,9 @@
-SHA256 (openssh-7.2p2.tar.gz) = a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c
-SIZE (openssh-7.2p2.tar.gz) = 1499808
+TIMESTAMP = 1470675521
+SHA256 (openssh-7.3p1.tar.gz) = 3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc
+SIZE (openssh-7.3p1.tar.gz) = 1522617
 SHA256 (openssh-7.2_p1-sctp.patch.gz) = fb67e3e23f39fabf44ef198e3e19527417c75c9352747547448512032365dbfc
 SIZE (openssh-7.2_p1-sctp.patch.gz) = 8501
-SHA256 (openssh-7.0p1+x509-8.5.diff.gz) = 6000557f1ddae06aff8837d440d93342a923fada571fec59fc5dedf388fb5f9e
-SIZE (openssh-7.0p1+x509-8.5.diff.gz) = 411960
-SHA256 (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 420f3ee70705de57bb9a9ad66e72c1d40c318d8a882815d108816687fcc79b62
-SIZE (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 25798
+SHA256 (openssh-7.3p1+x509-9.0.diff.gz) = ed468fe2e6220065b2bf3e2ed9eb0c7c8183f32f50fa50d64505d5feaef2d900
+SIZE (openssh-7.3p1+x509-9.0.diff.gz) = 571918
+SHA256 (openssh-7.3p1-gsskex-all-20141021-debian-rh-20160808.patch.gz) = 83698da23a7d4dd24be9bc15ea7e801890dfc9303815135552c8ddfd158f1a95
+SIZE (openssh-7.3p1-gsskex-all-20141021-debian-rh-20160808.patch.gz) = 26818
--- a/security/openssh-portable/files/extra-patch-hpn
+++ b/security/openssh-portable/files/extra-patch-hpn
@ -675,7 +675,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
 	int	no_host_authentication_for_localhost;
 --- work.clean/openssh-6.8p1/scp.c	2015-03-17 00:49:20.000000000 -0500
 +++ work/openssh-6.8p1/scp.c	2015-04-02 16:51:25.108407000 -0500
-@@ -750,7 +750,7 @@
+@@ -764,7 +764,7 @@ source(int argc, char **argv)
 	off_t i, statbytes;
 	size_t amt, nr;
 	int fd = -1, haderr, indx;
@ -684,12 +684,12 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
 	int len;
 
 	for (indx = 0; indx < argc; ++indx) {
-@@ -919,7 +919,7 @@
+@@ -932,7 +932,7 @@ sink(int argc, char **argv)
 	off_t size, statbytes;
 	unsigned long long ull;
 	int setimes, targisdir, wrerrno = 0;
-	char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
-+	char ch, *cp, *np, *targ, *why, *vect[1], buf[16384];
+-	char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
+	char ch, *cp, *np, *targ, *why, *vect[1], buf[16384], visbuf[16384];
 	struct timeval tv[2];
 
 #define	atime	tv[0]
--- a/security/openssh-portable/files/patch-auth2.c
+++ b/security/openssh-portable/files/patch-auth2.c
@ -15,21 +15,22 @@ Apply class-imposed login restrictions.
 #include "dispatch.h"
 #include "pathnames.h"
 #include "buffer.h"
-@@ -219,6 +220,13 @@
+@@ -216,6 +217,14 @@ input_userauth_request(int type, u_int32
 	Authmethod *m = NULL;
 	char *user, *service, *method, *style = NULL;
 	int authenticated = 0;
 +#ifdef HAVE_LOGIN_CAP
+	struct ssh *ssh = active_state; /* XXX */
 +	login_cap_t *lc;
 +	const char *from_host, *from_ip;
 +
-+	from_host = get_canonical_hostname(options.use_dns);
-+	from_ip = get_remote_ipaddr();
+	from_host = auth_get_canonical_hostname(ssh, options.use_dns);
+	from_ip = ssh_remote_ipaddr(ssh);
 +#endif
 
 	if (authctxt == NULL)
 		fatal("input_userauth_request: no authctxt");
-@@ -265,6 +273,27 @@
+@@ -262,6 +271,27 @@ input_userauth_request(int type, u_int32
 		    "(%s,%s) -> (%s,%s)",
 		    authctxt->user, authctxt->service, user, service);
 	}
@ -56,4 +57,4 @@ Apply class-imposed login restrictions.
 +
 	/* reset state */
 	auth2_challenge_stop(authctxt);
- #ifdef JPAKE
+ 
--- a/security/openssh-portable/files/patch-readconf.c
+++ b/security/openssh-portable/files/patch-readconf.c
@ -29,10 +29,11 @@ Submitted by:   delphij@
 #include <sys/wait.h>
 #include <sys/un.h>
 
-@@ -281,7 +282,19 @@ add_local_forward(Options *options, cons
+@@ -311,8 +312,19 @@ add_local_forward(Options *options, cons
 	struct Forward *fwd;
- #ifndef NO_IPPORT_RESERVED_CONCEPT
 	extern uid_t original_real_uid;
+ 	int i;
+-
 -	if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 &&
 +	int ipport_reserved;
 +#ifdef __FreeBSD__
@ -49,8 +50,8 @@ Submitted by:   delphij@
 +	if (newfwd->listen_port < ipport_reserved && original_real_uid != 0 &&
 	    newfwd->listen_path == NULL)
 		fatal("Privileged ports can only be forwarded by root.");
- #endif
-@@ -1674,7 +1687,7 @@ fill_default_options(Options * options)
+ 	/* Don't add duplicates */
+@@ -1934,7 +1946,7 @@ fill_default_options(Options * options)
 	if (options->batch_mode == -1)
 		options->batch_mode = 0;
 	if (options->check_host_ip == -1)