- Enable ssl-engine

- Update gsskex patch to 4.6p1-gsskex-20070312 - Update lpk patch to 4.6p1-0.3.9 - Update hpn patch to 4.6p1-hpn12v17 - Fix challenge-response issue - Bump PORTREVISION Reported by: Stefan Lambrev [1], ale@ [1]
svn path=/head/; revision=198532
2024-11-30 01:15:52 +00:00 · 2007-08-30 15:40:39 +00:00 · 2007-08-30 15:40:39 +00:00 · a33136265a · 2021-03-31 03:12:20 +00:00
commit a33136265a
parent 378b7cee5d
5 changed files with 52 additions and 2349 deletions
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@ -7,6 +7,7 @@

 PORTNAME=	openssh
 DISTVERSION=	4.6p1
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%SUBDIR%/ \
@ -41,8 +42,8 @@ USE_OPENSSL=		yes
 USE_PERL5_BUILD=	yes
 GNU_CONFIGURE=		yes
 CONFIGURE_TARGET=	--build=${MACHINE_ARCH}-portbld-freebsd${OSREL}
-CONFIGURE_ARGS=		--prefix=${PREFIX} \
-			--with-md5-passwords --without-zlib-version-check
+CONFIGURE_ARGS=		--prefix=${PREFIX} --with-md5-passwords \
+			--without-zlib-version-check --with-ssl-engine
 PRECIOUS=		ssh_config sshd_config ssh_host_key ssh_host_key.pub \
 			ssh_host_rsa_key ssh_host_rsa_key.pub ssh_host_dsa_key \
 			ssh_host_dsa_key.pub
@ -100,7 +101,8 @@ CONFIGURE_ARGS+=	--disable-suid-ssh
 .if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI)
 .if defined(WITH_KERB_GSSAPI)
 PATCH_DIST_STRIP=	-p0
-EXTRA_PATCHES+=		${FILESDIR}/openssh-4.5p1-gsskex-20061220.patch
+PATCH_SITES+=		http://www.sxw.org.uk/computing/patches/
+PATCHFILES+=		openssh-4.6p1-gsskex-20070312.patch
 .endif
 PORTABLE_SUFFIX=	# empty
 GSSAPI_SUFFIX=		-gssapi
@ -145,14 +147,14 @@ BROKEN=			HPN and LPK patches are incompatible
 .if defined(WITH_HPN)
 PATCH_DIST_STRIP=	-p1
 PATCH_SITES+=		http://www.psc.edu/networking/projects/hpn-ssh/
-PATCHFILES+=		openssh-4.6p1-hpn12v16.diff.gz
+PATCHFILES+=		openssh-4.6p1-hpn12v17.diff.gz
 .endif

 # See http://dev.inversepath.com/trac/openssh-lpk
 .if defined(WITH_LPK)
-PATCH_DIST_STRIP=	-p1
+PATCH_DIST_STRIP=	-p2
 PATCH_SITES+=		http://dev.inversepath.com/openssh-lpk/
-PATCHFILES+=		openssh-lpk-4.5p1-0.3.8.patch
+PATCHFILES+=		openssh-lpk-4.6p1-0.3.9.patch
 USE_OPENLDAP=		yes
 CPPFLAGS+=		"-I${LOCALBASE}/include -DWITH_LDAP_PUBKEY"
 CONFIGURE_ARGS+=	--with-libs='-lldap' --with-ldflags='-L/usr/local/lib' \
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@ -1,9 +1,12 @@
 MD5 (openssh-4.6p1.tar.gz) = 6a7fa99f44d9e1b5b04d15256e1405bb
 SHA256 (openssh-4.6p1.tar.gz) = 7bbe277faa80c8d8d9cb96111db65fc0007d451784cc459207cd46b746a6f23a
 SIZE (openssh-4.6p1.tar.gz) = 967395
-MD5 (openssh-4.6p1-hpn12v16.diff.gz) = 0bc643a4e1588f7abdcdbb31304bac56
-SHA256 (openssh-4.6p1-hpn12v16.diff.gz) = f304e3b04e2772c27c09e9aa5a3fd02747187a8775de39879c3d871fad1e156f
-SIZE (openssh-4.6p1-hpn12v16.diff.gz) = 15944
-MD5 (openssh-lpk-4.5p1-0.3.8.patch) = 663ce0f968c4f7eacc5128dc91645245
-SHA256 (openssh-lpk-4.5p1-0.3.8.patch) = c96cb24ea0c21cd93f2a28c31c38902bed8ddf0cb7a2879337bb21a5edd7ce35
-SIZE (openssh-lpk-4.5p1-0.3.8.patch) = 62340
+MD5 (openssh-4.6p1-gsskex-20070312.patch) = 9607f2faa8a50078d74f1169b5040599
+SHA256 (openssh-4.6p1-gsskex-20070312.patch) = d4f94d0a046ef1ada973faa4815d8af4d74ca068213e34b8537d6ac313895f92
+SIZE (openssh-4.6p1-gsskex-20070312.patch) = 69637
+MD5 (openssh-4.6p1-hpn12v17.diff.gz) = d5d4148c985c58a8784048edae9d8866
+SHA256 (openssh-4.6p1-hpn12v17.diff.gz) = 61438f6dc8959b038dee4fb365fe79b749053ccc149e768cdb73cb9c8740360b
+SIZE (openssh-4.6p1-hpn12v17.diff.gz) = 16145
+MD5 (openssh-lpk-4.6p1-0.3.9.patch) = f43a8aae7d69e72f0ec07bc96e46b328
+SHA256 (openssh-lpk-4.6p1-0.3.9.patch) = e12335e8bf020508ea3866db07b306f4c965e3f9de262c06f62fad494e93107e
+SIZE (openssh-lpk-4.6p1-0.3.9.patch) = 61605
--- a/security/openssh-portable/files/openssh-4.5p1-gsskex-20061220.patch
+++ b/security/openssh-portable/files/openssh-4.5p1-gsskex-20061220.patch
--- a/security/openssh-portable/files/patch-fix-challenge-response
+++ b/security/openssh-portable/files/patch-fix-challenge-response
@ -0,0 +1,32 @@
+#
+# Backported from OpenBSD:
+#
+# Move C/R -> kbdint special case to after the defaults have been
+# loaded, which makes ChallengeResponse default to yes again.  This
+# was broken by the Match changes and not fixed properly subsequently.
+# Found by okan at demirmen.com, ok djm@ "please do it" deraadt@
+#
+--- servconf.c.orig	2007-08-30 11:50:17.000000000 -0300
+++ servconf.c	2007-08-30 11:50:38.000000000 -0300
+@@ -1387,8 +1387,4 @@
+ 	if (bad_options > 0)
+ 		fatal("%s: terminating, %d bad configuration options",
+ 		    filename, bad_options);
+-
+-	/* challenge-response is implemented via keyboard interactive */
+-	if (options->challenge_response_authentication == 1)
+-		options->kbd_interactive_authentication = 1;
+ }
+--- sshd.c.orig	2007-08-30 11:50:30.000000000 -0300
+++ sshd.c	2007-08-30 11:51:42.000000000 -0300
+@@ -1421,6 +1421,10 @@
+ 	/* Fill in default values for those options not explicitly set. */
+ 	fill_default_server_options(&options);
+ 
+	/* challenge-response is implemented via keyboard interactive */
+	if (options.challenge_response_authentication)
+		options.kbd_interactive_authentication = 1;
+
+ 	/* set default channel AF */
+ 	channel_set_af(options.address_family);
+ 
--- a/security/openssh-portable/files/scardpin.patch
+++ b/security/openssh-portable/files/scardpin.patch
@ -1,3 +1,6 @@
+#
+# https://bugzilla.mindrot.org/show_bug.cgi?id=608
+#
 Index: scard-opensc.c
 ===================================================================
 RCS file: /cvs/openssh/scard-opensc.c,v