MFH: r484842
- Fix X509 build after r484765 openssl fix - Fix patch URL for KERB_GSSAPI - Add FLAVORs for x509 and gssapi since they are distinct types of OpenSSH rather than feature flags. Approved by: portmgr (implicit)
This commit is contained in:
parent
b22d50c0e1
commit
b2611c3baa
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/branches/2018Q4/; revision=484843
@ -26,10 +26,18 @@ CONFIGURE_ARGS= --prefix=${PREFIX} --with-md5-passwords \
|
||||
|
||||
ETCOLD= ${PREFIX}/etc
|
||||
|
||||
FLAVORS= default hpn
|
||||
default_CONFLICTS_INSTALL= openssl-portable-hpn
|
||||
hpn_CONFLICTS_INSTALL= openssh-portable
|
||||
FLAVORS= default hpn gssapi x509
|
||||
default_CONFLICTS_INSTALL= openssh-portable-hpn openssh-portable-gssapi \
|
||||
openssh-portable-x509
|
||||
hpn_CONFLICTS_INSTALL= openssh-portable openssh-portable-gssapi \
|
||||
openssh-portable-x509
|
||||
hpn_PKGNAMESUFFIX= -portable-hpn
|
||||
gssapi_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \
|
||||
openssh-portable-x509
|
||||
gssapi_PKGNAMESUFFIX= -portable-gssapi
|
||||
x509_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \
|
||||
openssh-portable-gssapi
|
||||
x509_PKGNAMESUFFIX= -portable-x509
|
||||
|
||||
OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \
|
||||
HPN X509 KERB_GSSAPI \
|
||||
@ -38,6 +46,12 @@ OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS
|
||||
.if ${FLAVOR:U} == hpn
|
||||
OPTIONS_DEFAULT+= HPN NONECIPHER
|
||||
.endif
|
||||
.if ${FLAVOR:U} == gssapi
|
||||
OPTIONS_DEFAULT+= KERB_GSSAPI MIT
|
||||
.endif
|
||||
.if ${FLAVOR:U} == x509
|
||||
OPTIONS_DEFAULT+= X509
|
||||
.endif
|
||||
OPTIONS_RADIO= KERBEROS
|
||||
OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE
|
||||
TCP_WRAPPERS_DESC= tcp_wrappers support
|
||||
@ -87,9 +101,13 @@ ETCDIR?= ${PREFIX}/etc/ssh
|
||||
|
||||
PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex
|
||||
|
||||
# Upstream OpenSSL fix but does not apply for x509 patch.
|
||||
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969
|
||||
|
||||
# X509 patch includes TCP Wrapper support already
|
||||
.if ${PORT_OPTIONS:MX509}
|
||||
EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}}
|
||||
EXTRA_PATCHES:= ${EXTRA_PATCHES:N${FILESDIR}/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969}
|
||||
.endif
|
||||
|
||||
# Must add this patch before HPN due to conflicts
|
||||
@ -104,7 +122,7 @@ EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}}
|
||||
# Needed glue for applying HPN patch without conflict
|
||||
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
|
||||
. endif
|
||||
PATCHFILES+= openssh-7.7p1-gsskex-all-20141021-debian-rh-20171004.patch.gz:-p1:gsskex
|
||||
PATCHFILES+= openssh-7.9p1-gsskex-all-20141021-debian-rh-20181020.patch.gz:-p1:gsskex
|
||||
.endif
|
||||
|
||||
# https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1
|
||||
|
@ -1,42 +1,3 @@
|
||||
--- session.c.orig 2017-10-12 11:52:52.953370000 -0700
|
||||
+++ session.c 2017-10-12 11:53:40.793055000 -0700
|
||||
@@ -1062,36 +1062,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
|
||||
if (getenv("TZ"))
|
||||
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
|
||||
|
||||
-#ifdef __ANDROID__
|
||||
-{
|
||||
-#define COPY_ANDROID_ENV(name) { \
|
||||
- char *s = getenv(name); \
|
||||
- if (s) child_set_env(&env, &envsize, name, s); }
|
||||
-
|
||||
- /* from /init.rc */
|
||||
- COPY_ANDROID_ENV("ANDROID_BOOTLOGO");
|
||||
- COPY_ANDROID_ENV("ANDROID_ROOT");
|
||||
- COPY_ANDROID_ENV("ANDROID_ASSETS");
|
||||
- COPY_ANDROID_ENV("ANDROID_DATA");
|
||||
- COPY_ANDROID_ENV("ASEC_MOUNTPOINT");
|
||||
- COPY_ANDROID_ENV("LOOP_MOUNTPOINT");
|
||||
- COPY_ANDROID_ENV("BOOTCLASSPATH");
|
||||
-
|
||||
- /* FIXME: keep android property workspace open
|
||||
- * (see openbsd-compat/bsd-closefrom.c)
|
||||
- */
|
||||
- COPY_ANDROID_ENV("ANDROID_PROPERTY_WORKSPACE");
|
||||
-
|
||||
- COPY_ANDROID_ENV("EXTERNAL_STORAGE"); /* ??? */
|
||||
- COPY_ANDROID_ENV("SECONDARY_STORAGE"); /* ??? */
|
||||
- COPY_ANDROID_ENV("SD_EXT_DIRECTORY"); /* ??? */
|
||||
-
|
||||
- /* may contain path to custom libraries */
|
||||
- COPY_ANDROID_ENV("LD_LIBRARY_PATH");
|
||||
-#undef COPY_ANDROID_ENV
|
||||
-}
|
||||
-#endif
|
||||
-
|
||||
/* Set custom environment options from pubkey authentication. */
|
||||
if (options.permit_user_env) {
|
||||
for (n = 0 ; n < auth_opts->nenv; n++) {
|
||||
--- sshd_config.5.orig 2017-10-12 11:51:06.638814000 -0700
|
||||
+++ sshd_config.5 2017-10-12 11:51:33.780459000 -0700
|
||||
@@ -1682,7 +1682,57 @@ is set to
|
||||
|
@ -50,7 +50,7 @@ Sponsored by: DARPA, NAI Labs
|
||||
+ *environ = NULL;
|
||||
+ (void) setusercontext(lc, pw, pw->pw_uid,
|
||||
+ LOGIN_SETENV|LOGIN_SETPATH);
|
||||
+ copy_environment(environ, &env, &envsize);
|
||||
+ copy_environment_blacklist(environ, &env, &envsize, NULL);
|
||||
+ for (var = environ; *var != NULL; ++var)
|
||||
+ free(*var);
|
||||
+ free(environ);
|
||||
@ -58,7 +58,7 @@ Sponsored by: DARPA, NAI Labs
|
||||
#else /* HAVE_LOGIN_CAP */
|
||||
# ifndef HAVE_CYGWIN
|
||||
/*
|
||||
@@ -1082,14 +1098,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
|
||||
@@ -1082,11 +1098,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
|
||||
# endif /* HAVE_CYGWIN */
|
||||
#endif /* HAVE_LOGIN_CAP */
|
||||
|
||||
@ -70,9 +70,6 @@ Sponsored by: DARPA, NAI Labs
|
||||
|
||||
- if (getenv("TZ"))
|
||||
- child_set_env(&env, &envsize, "TZ", getenv("TZ"));
|
||||
if (s->term)
|
||||
child_set_env(&env, &envsize, "TERM", s->term);
|
||||
if (s->display)
|
||||
@@ -1389,7 +1400,7 @@ do_setusercontext(struct passwd *pw)
|
||||
if (platform_privileged_uidswap()) {
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
|
Loading…
Reference in New Issue
Block a user