author: Bryan Drewery <bdrewery@FreeBSD.org> 2018-11-12 20:56:11 +0000
committer: Bryan Drewery <bdrewery@FreeBSD.org> 2018-11-12 20:56:11 +0000
commit: e9f6e1dc008a616a5b154e6ed16969ad6b0a1852 (patch)
tree: 5c5a347a2131d9ce60a16d75f10e5a0b0e28e93a /security/openssh-portable
parent: bd461d2230408c21aa40d61e468cf52407378429 (diff)
download: ports-e9f6e1dc008a616a5b154e6ed16969ad6b0a1852.tar.gz
ports-e9f6e1dc008a616a5b154e6ed16969ad6b0a1852.zip
3 files changed, 40 insertions, 20 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 954625614cd6..ffa3826bb908 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	openssh
 DISTVERSION=	7.9p1
-PORTREVISION=	0
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	OPENBSD/OpenSSH/portable
@@ -31,12 +31,11 @@ default_CONFLICTS_INSTALL=	openssl-portable-hpn
 hpn_CONFLICTS_INSTALL=		openssh-portable
 hpn_PKGNAMESUFFIX=		-portable-hpn
 
-OPTIONS_DEFINE=		PAM TCP_WRAPPERS LIBEDIT BSM \
+OPTIONS_DEFINE=		DOCS PAM TCP_WRAPPERS LIBEDIT BSM \
 			HPN X509 KERB_GSSAPI \
 			LDNS NONECIPHER XMSS
 OPTIONS_DEFAULT=	LIBEDIT PAM TCP_WRAPPERS LDNS
 .if ${FLAVOR:U} == hpn
-OPTIONS_DEFINE+=	DOCS
 OPTIONS_DEFAULT+=	HPN NONECIPHER
 .endif
 OPTIONS_RADIO=		KERBEROS
@@ -110,7 +109,7 @@ PATCHFILES+=	openssh-7.7p1-gsskex-all-20141021-debian-rh-20171004.patch.gz:-p1:g
 
 # https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1
 .if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
-BROKEN=			HPN: Not yet updated for ${DISTVERSION} yet.
+#BROKEN=			HPN: Not yet updated for ${DISTVERSION} yet.
 PORTDOCS+=		HPN-README
 HPN_VERSION=		14v15
 HPN_DISTVERSION=	7.7p1
diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn
index aed0663d5fbb..67c15eb80ce9 100644
--- a/security/openssh-portable/files/extra-patch-hpn
+++ b/security/openssh-portable/files/extra-patch-hpn
@@ -1064,9 +1064,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  #define SSHBUF_REFS_MAX		0x100000	/* Max child buffers */
  #define SSHBUF_MAX_BIGNUM	(16384 / 8)	/* Max bignum *bytes* */
  #define SSHBUF_MAX_ECPOINT	((528 * 2 / 8) + 1) /* Max EC point *bytes* */
---- work/openssh-7.7p1/sshconnect.c.orig	2018-04-01 22:38:28.000000000 -0700
-+++ work/openssh-7.7p1/sshconnect.c	2018-06-26 15:55:19.103812000 -0700
-@@ -337,7 +337,32 @@ check_ifaddrs(const char *ifname, int af, const struct
+--- work/openssh/sshconnect.c.orig	2018-10-16 17:01:20.000000000 -0700
++++ work/openssh/sshconnect.c	2018-11-12 09:04:24.340706000 -0800
+@@ -327,7 +327,32 @@ check_ifaddrs(const char *ifname, int af, const struct
  }
  #endif
  
@@ -1096,10 +1096,10 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
 +#endif
 +
 +/*
-  * Creates a (possibly privileged) socket for use as the ssh connection.
+  * Creates a socket for use as the ssh connection.
   */
  static int
-@@ -359,6 +384,11 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
+@@ -349,6 +374,11 @@ ssh_create_socket(struct addrinfo *ai)
  	}
  	fcntl(sock, F_SETFD, FD_CLOEXEC);
  
@@ -1109,9 +1109,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
 +#endif
 +
  	/* Bind the socket to an alternative local IP address */
- 	if (options.bind_address == NULL && options.bind_interface == NULL &&
- 	    !privileged)
-@@ -637,8 +667,14 @@ static void
+ 	if (options.bind_address == NULL && options.bind_interface == NULL)
+ 		return sock;
+@@ -608,8 +638,14 @@ static void
  send_client_banner(int connection_out, int minor1)
  {
  	/* Send our own protocol version identification. */
@@ -1128,8 +1128,8 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  	if (atomicio(vwrite, connection_out, client_version_string,
  	    strlen(client_version_string)) != strlen(client_version_string))
  		fatal("write: %.100s", strerror(errno));
---- work/openssh-7.7p1/sshconnect2.c.orig	2018-04-01 22:38:28.000000000 -0700
-+++ work/openssh-7.7p1/sshconnect2.c	2018-06-27 17:11:17.543893000 -0700
+--- work/openssh/sshconnect2.c.orig	2018-10-16 17:01:20.000000000 -0700
++++ work/openssh/sshconnect2.c	2018-11-12 09:06:06.338515000 -0800
 @@ -81,7 +81,13 @@
  extern char *client_version_string;
  extern char *server_version_string;
@@ -1144,7 +1144,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  /*
   * SSH2 key exchange
   */
-@@ -154,14 +160,17 @@ order_hostkeyalgs(char *host, struct sockaddr *hostadd
+@@ -154,10 +160,11 @@ order_hostkeyalgs(char *host, struct sockaddr *hostadd
  	return ret;
  }
  
@@ -1154,16 +1154,18 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
  {
 -	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
- 	char *s;
+ 	char *s, *all_key;
  	struct kex *kex;
  	int r;
- 
-+	memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
-+
+@@ -165,6 +172,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_shor
  	xxx_host = host;
  	xxx_hostaddr = hostaddr;
  
-@@ -409,6 +418,30 @@ ssh_userauth2(const char *local_user, const char *serv
++	memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
+ 	if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
+ 		fatal("%s: kex_names_cat", __func__);
+ 	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
+@@ -412,6 +420,30 @@ ssh_userauth2(const char *local_user, const char *serv
  
  	if (!authctxt.success)
  		fatal("Authentication failed.");
diff --git a/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969 b/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969
new file mode 100644
index 000000000000..2f7f72882af9
--- /dev/null
+++ b/security/openssh-portable/files/patch-c0a35265907533be10ca151ac797f34ae0d68969
@@ -0,0 +1,19 @@
+commit c0a35265907533be10ca151ac797f34ae0d68969
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Oct 22 11:22:50 2018 +1100
+
+    fix compile for openssl 1.0.x w/ --with-ssl-engine
+
+    bz#2921, patch from cotequeiroz
+
+--- openbsd-compat/openssl-compat.c.orig	2018-11-12 12:52:26 UTC
++++ openbsd-compat/openssl-compat.c
+@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void)
+ 	ENGINE_load_builtin_engines();
+ 	ENGINE_register_all_complete();
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10001000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	OPENSSL_config(NULL);
+ #else
+ 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
author	Bryan Drewery <bdrewery@FreeBSD.org>	2018-11-12 20:56:11 +0000
committer	Bryan Drewery <bdrewery@FreeBSD.org>	2018-11-12 20:56:11 +0000
commit	e9f6e1dc008a616a5b154e6ed16969ad6b0a1852 (patch)
tree	5c5a347a2131d9ce60a16d75f10e5a0b0e28e93a /security/openssh-portable
parent	bd461d2230408c21aa40d61e468cf52407378429 (diff)
download	ports-e9f6e1dc008a616a5b154e6ed16969ad6b0a1852.tar.gz ports-e9f6e1dc008a616a5b154e6ed16969ad6b0a1852.zip