diff options
author | Bryan Drewery <bdrewery@FreeBSD.org> | 2018-11-12 20:56:11 +0000 |
---|---|---|
committer | Bryan Drewery <bdrewery@FreeBSD.org> | 2018-11-12 20:56:11 +0000 |
commit | e9f6e1dc008a616a5b154e6ed16969ad6b0a1852 (patch) | |
tree | 5c5a347a2131d9ce60a16d75f10e5a0b0e28e93a /security/openssh-portable | |
parent | bd461d2230408c21aa40d61e468cf52407378429 (diff) | |
download | ports-e9f6e1dc008a616a5b154e6ed16969ad6b0a1852.tar.gz ports-e9f6e1dc008a616a5b154e6ed16969ad6b0a1852.zip |
Notes
Diffstat (limited to 'security/openssh-portable')
-rw-r--r-- | security/openssh-portable/Makefile | 7 | ||||
-rw-r--r-- | security/openssh-portable/files/extra-patch-hpn | 34 | ||||
-rw-r--r-- | security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 | 19 |
3 files changed, 40 insertions, 20 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 954625614cd6..ffa3826bb908 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 7.9p1 -PORTREVISION= 0 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= OPENBSD/OpenSSH/portable @@ -31,12 +31,11 @@ default_CONFLICTS_INSTALL= openssl-portable-hpn hpn_CONFLICTS_INSTALL= openssh-portable hpn_PKGNAMESUFFIX= -portable-hpn -OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT BSM \ +OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \ HPN X509 KERB_GSSAPI \ LDNS NONECIPHER XMSS OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS .if ${FLAVOR:U} == hpn -OPTIONS_DEFINE+= DOCS OPTIONS_DEFAULT+= HPN NONECIPHER .endif OPTIONS_RADIO= KERBEROS @@ -110,7 +109,7 @@ PATCHFILES+= openssh-7.7p1-gsskex-all-20141021-debian-rh-20171004.patch.gz:-p1:g # https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1 .if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} -BROKEN= HPN: Not yet updated for ${DISTVERSION} yet. +#BROKEN= HPN: Not yet updated for ${DISTVERSION} yet. PORTDOCS+= HPN-README HPN_VERSION= 14v15 HPN_DISTVERSION= 7.7p1 diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn index aed0663d5fbb..67c15eb80ce9 100644 --- a/security/openssh-portable/files/extra-patch-hpn +++ b/security/openssh-portable/files/extra-patch-hpn @@ -1064,9 +1064,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o #define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */ #define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ #define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */ ---- work/openssh-7.7p1/sshconnect.c.orig 2018-04-01 22:38:28.000000000 -0700 -+++ work/openssh-7.7p1/sshconnect.c 2018-06-26 15:55:19.103812000 -0700 -@@ -337,7 +337,32 @@ check_ifaddrs(const char *ifname, int af, const struct +--- work/openssh/sshconnect.c.orig 2018-10-16 17:01:20.000000000 -0700 ++++ work/openssh/sshconnect.c 2018-11-12 09:04:24.340706000 -0800 +@@ -327,7 +327,32 @@ check_ifaddrs(const char *ifname, int af, const struct } #endif @@ -1096,10 +1096,10 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o +#endif + +/* - * Creates a (possibly privileged) socket for use as the ssh connection. + * Creates a socket for use as the ssh connection. */ static int -@@ -359,6 +384,11 @@ ssh_create_socket(int privileged, struct addrinfo *ai) +@@ -349,6 +374,11 @@ ssh_create_socket(struct addrinfo *ai) } fcntl(sock, F_SETFD, FD_CLOEXEC); @@ -1109,9 +1109,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o +#endif + /* Bind the socket to an alternative local IP address */ - if (options.bind_address == NULL && options.bind_interface == NULL && - !privileged) -@@ -637,8 +667,14 @@ static void + if (options.bind_address == NULL && options.bind_interface == NULL) + return sock; +@@ -608,8 +638,14 @@ static void send_client_banner(int connection_out, int minor1) { /* Send our own protocol version identification. */ @@ -1128,8 +1128,8 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o if (atomicio(vwrite, connection_out, client_version_string, strlen(client_version_string)) != strlen(client_version_string)) fatal("write: %.100s", strerror(errno)); ---- work/openssh-7.7p1/sshconnect2.c.orig 2018-04-01 22:38:28.000000000 -0700 -+++ work/openssh-7.7p1/sshconnect2.c 2018-06-27 17:11:17.543893000 -0700 +--- work/openssh/sshconnect2.c.orig 2018-10-16 17:01:20.000000000 -0700 ++++ work/openssh/sshconnect2.c 2018-11-12 09:06:06.338515000 -0800 @@ -81,7 +81,13 @@ extern char *client_version_string; extern char *server_version_string; @@ -1144,7 +1144,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o /* * SSH2 key exchange */ -@@ -154,14 +160,17 @@ order_hostkeyalgs(char *host, struct sockaddr *hostadd +@@ -154,10 +160,11 @@ order_hostkeyalgs(char *host, struct sockaddr *hostadd return ret; } @@ -1154,16 +1154,18 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) { - char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; - char *s; + char *s, *all_key; struct kex *kex; int r; - -+ memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); -+ +@@ -165,6 +172,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_shor xxx_host = host; xxx_hostaddr = hostaddr; -@@ -409,6 +418,30 @@ ssh_userauth2(const char *local_user, const char *serv ++ memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); + if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) + fatal("%s: kex_names_cat", __func__); + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); +@@ -412,6 +420,30 @@ ssh_userauth2(const char *local_user, const char *serv if (!authctxt.success) fatal("Authentication failed."); diff --git a/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 b/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 new file mode 100644 index 000000000000..2f7f72882af9 --- /dev/null +++ b/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 @@ -0,0 +1,19 @@ +commit c0a35265907533be10ca151ac797f34ae0d68969 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Oct 22 11:22:50 2018 +1100 + + fix compile for openssl 1.0.x w/ --with-ssl-engine + + bz#2921, patch from cotequeiroz + +--- openbsd-compat/openssl-compat.c.orig 2018-11-12 12:52:26 UTC ++++ openbsd-compat/openssl-compat.c +@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void) + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); + +-#if OPENSSL_VERSION_NUMBER < 0x10001000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + OPENSSL_config(NULL); + #else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | |