The block of code that canonicallizes the hostname supplied on

the command line added by patch-ssh.c misapplies to 7.7p1 and moves from main() to to ssh_session2(). This breaks ssh SSHFP support for non-canonical hostnames. For example, "ssh zinc" correctly discovers the FQDN (zinc.ee.lbl.gov) and uses it to look up A and AAAA records but the non-canonical version (zinc) is used in the SSHFP record lookup which or course fails. Regenerate the patch. Reviewed by: bdrewery, ler (mentor) Approved by: bdrewery, ler (mentor) Differential Revision: https://reviews.freebsd.org/D15053
svn path=/head/; revision=467200
2018-04-12 21:54:01 +00:00 · 2018-04-12 21:54:01 +00:00 · 14c5a8610a · 2021-03-31 03:12:20 +00:00
commit 14c5a8610a
parent 2c50dfe111
2 changed files with 9 additions and 9 deletions
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	openssh
 DISTVERSION=	7.7p1
-PORTREVISION=	0
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	OPENBSD/OpenSSH/portable
--- a/security/openssh-portable/files/patch-ssh.c
+++ b/security/openssh-portable/files/patch-ssh.c
@ -5,11 +5,11 @@ Changed paths:

 Canonicize the host name before looking it up in the host file.

--- ssh.c.orig	2010-08-16 09:59:31.000000000 -0600
-+++ ssh.c	2010-08-25 17:55:01.000000000 -0600
-@@ -699,6 +699,23 @@
- 		    "h", host, (char *)NULL);
- 	}
+--- ssh.c.orig	2018-04-02 05:38:28 UTC
+++ ssh.c
+@@ -1281,6 +1281,23 @@ main(int ac, char **av)
+ 	ssh_digest_free(md);
+ 	conn_hash_hex = tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1));
 
 +	/* Find canonic host name. */
 +	if (strchr(host, '.') == 0) {
@ -28,6 +28,6 @@ Canonicize the host name before looking it up in the host file.
 +		}
 +	}
 +
- 	if (options.local_command != NULL) {
- 		char thishost[NI_MAXHOST];
- 
+ 	/*
+ 	 * Expand tokens in arguments. NB. LocalCommand is expanded later,
+ 	 * after port-forwarding is set up, so it may pick up any local