mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-13 03:03:15 +00:00
Code Issues Releases Activity

- Update to 7.3p1

Browse Source 
- X509: Unbreak and update to 9.0
- SCTP: Mark BROKEN
- KERB_GSSAPI: Unbreak and update from Debian's patch

Release notes: http://www.openssh.com/txt/release-7.3
This commit is contained in:
Bryan Drewery 2016-08-08 19:22:37 +00:00
parent bb1cb70a36
commit 4e90011c99
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=419892
5 changed files with 29 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
security/openssh-portable/Makefile
View File

@ -2,7 +2,7 @@
# $FreeBSD$ # $FreeBSD$
PORTNAME= openssh PORTNAME= openssh
DISTVERSION= 7.2p2 DISTVERSION= 7.3p1
PORTREVISION= 0 PORTREVISION= 0
PORTEPOCH= 1 PORTEPOCH= 1
CATEGORIES= security ipv6 CATEGORIES= security ipv6
@ -60,14 +60,15 @@ HPN_CONFIGURE_WITH= hpn
NONECIPHER_CONFIGURE_WITH= nonecipher NONECIPHER_CONFIGURE_WITH= nonecipher
# See http://www.roumenpetrov.info/openssh/ # See http://www.roumenpetrov.info/openssh/
X509_VERSION= 8.5 X509_VERSION= 9.0
X509_PATCH_SITES= http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509 X509_PATCH_SITES= http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509
X509_PATCHFILES= ${PORTNAME}-7.0p1+x509-${X509_VERSION}.diff.gz:-p1:x509 X509_PATCHFILES= ${PORTNAME}-7.3p1+x509-${X509_VERSION}.diff.gz:-p1:x509
# See https://bugzilla.mindrot.org/show_bug.cgi?id=2016 # See https://bugzilla.mindrot.org/show_bug.cgi?id=2016
# and https://bugzilla.mindrot.org/show_bug.cgi?id=1604 # and https://bugzilla.mindrot.org/show_bug.cgi?id=1604
SCTP_PATCHFILES= ${PORTNAME}-7.2_p1-sctp.patch.gz:-p1 SCTP_PATCHFILES= ${PORTNAME}-7.2_p1-sctp.patch.gz:-p1
SCTP_CONFIGURE_WITH= sctp SCTP_CONFIGURE_WITH= sctp
SCTP_BROKEN= does not apply to 7.3+
MIT_LIB_DEPENDS= libkrb5.so.3:security/krb5 MIT_LIB_DEPENDS= libkrb5.so.3:security/krb5
HEIMDAL_LIB_DEPENDS= libkrb5.so.26:security/heimdal HEIMDAL_LIB_DEPENDS= libkrb5.so.26:security/heimdal
@ -92,16 +93,16 @@ EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}}
# Must add this patch before HPN due to conflicts # Must add this patch before HPN due to conflicts
.if ${PORT_OPTIONS:MKERB_GSSAPI} .if ${PORT_OPTIONS:MKERB_GSSAPI}
BROKEN= KERN_GSSAPI does not yet apply with 7.2+ # 7.3 patch taken from
# 7.1 patch taken from
# http://sources.debian.net/data/main/o/openssh/1:7.1p2-2/debian/patches/gssapi.patch # http://sources.debian.net/data/main/o/openssh/1:7.1p2-2/debian/patches/gssapi.patch
# which was originally based on 5.7 patch from # which was originally based on 5.7 patch from
# http://www.sxw.org.uk/computing/patches/ # http://www.sxw.org.uk/computing/patches/
# It is mirrored simply to apply gzip -9.
. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} . if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
# Needed glue for applying HPN patch without conflict # Needed glue for applying HPN patch without conflict
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
. endif . endif
PATCHFILES+= openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz:-p1:gsskex PATCHFILES+= openssh-7.3p1-gsskex-all-20141021-debian-rh-20160808.patch.gz:-p1:gsskex
.endif .endif
# http://www.psc.edu/index.php/hpn-ssh https://github.com/rapier1/hpn-ssh https://github.com/rapier1/openssh-portable # http://www.psc.edu/index.php/hpn-ssh https://github.com/rapier1/hpn-ssh https://github.com/rapier1/openssh-portable
@ -122,7 +123,6 @@ CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-version-addendum EXTRA_PATCHES+= ${FILESDIR}/extra-patch-version-addendum
.if ${PORT_OPTIONS:MX509} .if ${PORT_OPTIONS:MX509}
BROKEN= X509 does not apply with 7.1+
. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} . if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
BROKEN= X509 patch and HPN patch do not apply cleanly together BROKEN= X509 patch and HPN patch do not apply cleanly together
. endif . endif

13
security/openssh-portable/distinfo
View File

@ -1,8 +1,9 @@
SHA256 (openssh-7.2p2.tar.gz) = a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c TIMESTAMP = 1470675521
SIZE (openssh-7.2p2.tar.gz) = 1499808 SHA256 (openssh-7.3p1.tar.gz) = 3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc
SIZE (openssh-7.3p1.tar.gz) = 1522617
SHA256 (openssh-7.2_p1-sctp.patch.gz) = fb67e3e23f39fabf44ef198e3e19527417c75c9352747547448512032365dbfc SHA256 (openssh-7.2_p1-sctp.patch.gz) = fb67e3e23f39fabf44ef198e3e19527417c75c9352747547448512032365dbfc
SIZE (openssh-7.2_p1-sctp.patch.gz) = 8501 SIZE (openssh-7.2_p1-sctp.patch.gz) = 8501
SHA256 (openssh-7.0p1+x509-8.5.diff.gz) = 6000557f1ddae06aff8837d440d93342a923fada571fec59fc5dedf388fb5f9e SHA256 (openssh-7.3p1+x509-9.0.diff.gz) = ed468fe2e6220065b2bf3e2ed9eb0c7c8183f32f50fa50d64505d5feaef2d900
SIZE (openssh-7.0p1+x509-8.5.diff.gz) = 411960 SIZE (openssh-7.3p1+x509-9.0.diff.gz) = 571918
SHA256 (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 420f3ee70705de57bb9a9ad66e72c1d40c318d8a882815d108816687fcc79b62 SHA256 (openssh-7.3p1-gsskex-all-20141021-debian-rh-20160808.patch.gz) = 83698da23a7d4dd24be9bc15ea7e801890dfc9303815135552c8ddfd158f1a95
SIZE (openssh-7.1p2-gsskex-all-20141021-debian-rh-20160104.patch.gz) = 25798 SIZE (openssh-7.3p1-gsskex-all-20141021-debian-rh-20160808.patch.gz) = 26818

8
security/openssh-portable/files/extra-patch-hpn
View File

@ -675,7 +675,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
int no_host_authentication_for_localhost; int no_host_authentication_for_localhost;
--- work.clean/openssh-6.8p1/scp.c 2015-03-17 00:49:20.000000000 -0500 --- work.clean/openssh-6.8p1/scp.c 2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/scp.c 2015-04-02 16:51:25.108407000 -0500 +++ work/openssh-6.8p1/scp.c 2015-04-02 16:51:25.108407000 -0500
@@ -750,7 +750,7 @@ @@ -764,7 +764,7 @@ source(int argc, char **argv)
off_t i, statbytes; off_t i, statbytes;
size_t amt, nr; size_t amt, nr;
int fd = -1, haderr, indx; int fd = -1, haderr, indx;
@ -684,12 +684,12 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
int len; int len;
for (indx = 0; indx < argc; ++indx) { for (indx = 0; indx < argc; ++indx) {
@@ -919,7 +919,7 @@ @@ -932,7 +932,7 @@ sink(int argc, char **argv)
off_t size, statbytes; off_t size, statbytes;
unsigned long long ull; unsigned long long ull;
int setimes, targisdir, wrerrno = 0; int setimes, targisdir, wrerrno = 0;
- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; - char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
+ char ch, *cp, *np, *targ, *why, *vect[1], buf[16384]; + char ch, *cp, *np, *targ, *why, *vect[1], buf[16384], visbuf[16384];
struct timeval tv[2]; struct timeval tv[2];
#define atime tv[0] #define atime tv[0]

11
security/openssh-portable/files/patch-auth2.c
View File

@ -15,21 +15,22 @@ Apply class-imposed login restrictions.
#include "dispatch.h" #include "dispatch.h"
#include "pathnames.h" #include "pathnames.h"
#include "buffer.h" #include "buffer.h"
@@ -219,6 +220,13 @@ @@ -216,6 +217,14 @@ input_userauth_request(int type, u_int32
Authmethod *m = NULL; Authmethod *m = NULL;
char *user, *service, *method, *style = NULL; char *user, *service, *method, *style = NULL;
int authenticated = 0; int authenticated = 0;
+#ifdef HAVE_LOGIN_CAP +#ifdef HAVE_LOGIN_CAP
+ struct ssh *ssh = active_state; /* XXX */
+ login_cap_t *lc; + login_cap_t *lc;
+ const char *from_host, *from_ip; + const char *from_host, *from_ip;
+ +
+ from_host = get_canonical_hostname(options.use_dns); + from_host = auth_get_canonical_hostname(ssh, options.use_dns);
+ from_ip = get_remote_ipaddr(); + from_ip = ssh_remote_ipaddr(ssh);
+#endif +#endif
if (authctxt == NULL) if (authctxt == NULL)
fatal("input_userauth_request: no authctxt"); fatal("input_userauth_request: no authctxt");
@@ -265,6 +273,27 @@ @@ -262,6 +271,27 @@ input_userauth_request(int type, u_int32
"(%s,%s) -> (%s,%s)", "(%s,%s) -> (%s,%s)",
authctxt->user, authctxt->service, user, service); authctxt->user, authctxt->service, user, service);
} }
@ -56,4 +57,4 @@ Apply class-imposed login restrictions.
+ +
/* reset state */ /* reset state */
auth2_challenge_stop(authctxt); auth2_challenge_stop(authctxt);
#ifdef JPAKE

9
security/openssh-portable/files/patch-readconf.c
View File

@ -29,10 +29,11 @@ Submitted by: delphij@
#include <sys/wait.h> #include <sys/wait.h>
#include <sys/un.h> #include <sys/un.h>
@@ -281,7 +282,19 @@ add_local_forward(Options *options, cons @@ -311,8 +312,19 @@ add_local_forward(Options *options, cons
struct Forward *fwd; struct Forward *fwd;
#ifndef NO_IPPORT_RESERVED_CONCEPT
extern uid_t original_real_uid; extern uid_t original_real_uid;
int i;
-
- if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 && - if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 &&
+ int ipport_reserved; + int ipport_reserved;
+#ifdef __FreeBSD__ +#ifdef __FreeBSD__
@ -49,8 +50,8 @@ Submitted by: delphij@
+ if (newfwd->listen_port < ipport_reserved && original_real_uid != 0 && + if (newfwd->listen_port < ipport_reserved && original_real_uid != 0 &&
newfwd->listen_path == NULL) newfwd->listen_path == NULL)
fatal("Privileged ports can only be forwarded by root."); fatal("Privileged ports can only be forwarded by root.");
#endif /* Don't add duplicates */
@@ -1674,7 +1687,7 @@ fill_default_options(Options * options) @@ -1934,7 +1946,7 @@ fill_default_options(Options * options)
if (options->batch_mode == -1) if (options->batch_mode == -1)
options->batch_mode = 0; options->batch_mode = 0;
if (options->check_host_ip == -1) if (options->check_host_ip == -1)