MFH: r484842
- Fix X509 build after r484765 openssl fix - Fix patch URL for KERB_GSSAPI - Add FLAVORs for x509 and gssapi since they are distinct types of OpenSSH rather than feature flags. Approved by: portmgr (implicit)
This commit is contained in:
parent
b22d50c0e1
commit
b2611c3baa
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/branches/2018Q4/; revision=484843
@ -26,10 +26,18 @@ CONFIGURE_ARGS= --prefix=${PREFIX} --with-md5-passwords \
|
|||||||
|
|
||||||
ETCOLD= ${PREFIX}/etc
|
ETCOLD= ${PREFIX}/etc
|
||||||
|
|
||||||
FLAVORS= default hpn
|
FLAVORS= default hpn gssapi x509
|
||||||
default_CONFLICTS_INSTALL= openssl-portable-hpn
|
default_CONFLICTS_INSTALL= openssh-portable-hpn openssh-portable-gssapi \
|
||||||
hpn_CONFLICTS_INSTALL= openssh-portable
|
openssh-portable-x509
|
||||||
|
hpn_CONFLICTS_INSTALL= openssh-portable openssh-portable-gssapi \
|
||||||
|
openssh-portable-x509
|
||||||
hpn_PKGNAMESUFFIX= -portable-hpn
|
hpn_PKGNAMESUFFIX= -portable-hpn
|
||||||
|
gssapi_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \
|
||||||
|
openssh-portable-x509
|
||||||
|
gssapi_PKGNAMESUFFIX= -portable-gssapi
|
||||||
|
x509_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \
|
||||||
|
openssh-portable-gssapi
|
||||||
|
x509_PKGNAMESUFFIX= -portable-x509
|
||||||
|
|
||||||
OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \
|
OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \
|
||||||
HPN X509 KERB_GSSAPI \
|
HPN X509 KERB_GSSAPI \
|
||||||
@ -38,6 +46,12 @@ OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS
|
|||||||
.if ${FLAVOR:U} == hpn
|
.if ${FLAVOR:U} == hpn
|
||||||
OPTIONS_DEFAULT+= HPN NONECIPHER
|
OPTIONS_DEFAULT+= HPN NONECIPHER
|
||||||
.endif
|
.endif
|
||||||
|
.if ${FLAVOR:U} == gssapi
|
||||||
|
OPTIONS_DEFAULT+= KERB_GSSAPI MIT
|
||||||
|
.endif
|
||||||
|
.if ${FLAVOR:U} == x509
|
||||||
|
OPTIONS_DEFAULT+= X509
|
||||||
|
.endif
|
||||||
OPTIONS_RADIO= KERBEROS
|
OPTIONS_RADIO= KERBEROS
|
||||||
OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE
|
OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE
|
||||||
TCP_WRAPPERS_DESC= tcp_wrappers support
|
TCP_WRAPPERS_DESC= tcp_wrappers support
|
||||||
@ -87,9 +101,13 @@ ETCDIR?= ${PREFIX}/etc/ssh
|
|||||||
|
|
||||||
PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex
|
PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex
|
||||||
|
|
||||||
|
# Upstream OpenSSL fix but does not apply for x509 patch.
|
||||||
|
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969
|
||||||
|
|
||||||
# X509 patch includes TCP Wrapper support already
|
# X509 patch includes TCP Wrapper support already
|
||||||
.if ${PORT_OPTIONS:MX509}
|
.if ${PORT_OPTIONS:MX509}
|
||||||
EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}}
|
EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}}
|
||||||
|
EXTRA_PATCHES:= ${EXTRA_PATCHES:N${FILESDIR}/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969}
|
||||||
.endif
|
.endif
|
||||||
|
|
||||||
# Must add this patch before HPN due to conflicts
|
# Must add this patch before HPN due to conflicts
|
||||||
@ -104,7 +122,7 @@ EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}}
|
|||||||
# Needed glue for applying HPN patch without conflict
|
# Needed glue for applying HPN patch without conflict
|
||||||
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
|
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
|
||||||
. endif
|
. endif
|
||||||
PATCHFILES+= openssh-7.7p1-gsskex-all-20141021-debian-rh-20171004.patch.gz:-p1:gsskex
|
PATCHFILES+= openssh-7.9p1-gsskex-all-20141021-debian-rh-20181020.patch.gz:-p1:gsskex
|
||||||
.endif
|
.endif
|
||||||
|
|
||||||
# https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1
|
# https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1
|
||||||
|
@ -1,42 +1,3 @@
|
|||||||
--- session.c.orig 2017-10-12 11:52:52.953370000 -0700
|
|
||||||
+++ session.c 2017-10-12 11:53:40.793055000 -0700
|
|
||||||
@@ -1062,36 +1062,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
|
|
||||||
if (getenv("TZ"))
|
|
||||||
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
|
|
||||||
|
|
||||||
-#ifdef __ANDROID__
|
|
||||||
-{
|
|
||||||
-#define COPY_ANDROID_ENV(name) { \
|
|
||||||
- char *s = getenv(name); \
|
|
||||||
- if (s) child_set_env(&env, &envsize, name, s); }
|
|
||||||
-
|
|
||||||
- /* from /init.rc */
|
|
||||||
- COPY_ANDROID_ENV("ANDROID_BOOTLOGO");
|
|
||||||
- COPY_ANDROID_ENV("ANDROID_ROOT");
|
|
||||||
- COPY_ANDROID_ENV("ANDROID_ASSETS");
|
|
||||||
- COPY_ANDROID_ENV("ANDROID_DATA");
|
|
||||||
- COPY_ANDROID_ENV("ASEC_MOUNTPOINT");
|
|
||||||
- COPY_ANDROID_ENV("LOOP_MOUNTPOINT");
|
|
||||||
- COPY_ANDROID_ENV("BOOTCLASSPATH");
|
|
||||||
-
|
|
||||||
- /* FIXME: keep android property workspace open
|
|
||||||
- * (see openbsd-compat/bsd-closefrom.c)
|
|
||||||
- */
|
|
||||||
- COPY_ANDROID_ENV("ANDROID_PROPERTY_WORKSPACE");
|
|
||||||
-
|
|
||||||
- COPY_ANDROID_ENV("EXTERNAL_STORAGE"); /* ??? */
|
|
||||||
- COPY_ANDROID_ENV("SECONDARY_STORAGE"); /* ??? */
|
|
||||||
- COPY_ANDROID_ENV("SD_EXT_DIRECTORY"); /* ??? */
|
|
||||||
-
|
|
||||||
- /* may contain path to custom libraries */
|
|
||||||
- COPY_ANDROID_ENV("LD_LIBRARY_PATH");
|
|
||||||
-#undef COPY_ANDROID_ENV
|
|
||||||
-}
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
/* Set custom environment options from pubkey authentication. */
|
|
||||||
if (options.permit_user_env) {
|
|
||||||
for (n = 0 ; n < auth_opts->nenv; n++) {
|
|
||||||
--- sshd_config.5.orig 2017-10-12 11:51:06.638814000 -0700
|
--- sshd_config.5.orig 2017-10-12 11:51:06.638814000 -0700
|
||||||
+++ sshd_config.5 2017-10-12 11:51:33.780459000 -0700
|
+++ sshd_config.5 2017-10-12 11:51:33.780459000 -0700
|
||||||
@@ -1682,7 +1682,57 @@ is set to
|
@@ -1682,7 +1682,57 @@ is set to
|
||||||
|
@ -50,7 +50,7 @@ Sponsored by: DARPA, NAI Labs
|
|||||||
+ *environ = NULL;
|
+ *environ = NULL;
|
||||||
+ (void) setusercontext(lc, pw, pw->pw_uid,
|
+ (void) setusercontext(lc, pw, pw->pw_uid,
|
||||||
+ LOGIN_SETENV|LOGIN_SETPATH);
|
+ LOGIN_SETENV|LOGIN_SETPATH);
|
||||||
+ copy_environment(environ, &env, &envsize);
|
+ copy_environment_blacklist(environ, &env, &envsize, NULL);
|
||||||
+ for (var = environ; *var != NULL; ++var)
|
+ for (var = environ; *var != NULL; ++var)
|
||||||
+ free(*var);
|
+ free(*var);
|
||||||
+ free(environ);
|
+ free(environ);
|
||||||
@ -58,7 +58,7 @@ Sponsored by: DARPA, NAI Labs
|
|||||||
#else /* HAVE_LOGIN_CAP */
|
#else /* HAVE_LOGIN_CAP */
|
||||||
# ifndef HAVE_CYGWIN
|
# ifndef HAVE_CYGWIN
|
||||||
/*
|
/*
|
||||||
@@ -1082,14 +1098,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
|
@@ -1082,11 +1098,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
|
||||||
# endif /* HAVE_CYGWIN */
|
# endif /* HAVE_CYGWIN */
|
||||||
#endif /* HAVE_LOGIN_CAP */
|
#endif /* HAVE_LOGIN_CAP */
|
||||||
|
|
||||||
@ -70,9 +70,6 @@ Sponsored by: DARPA, NAI Labs
|
|||||||
|
|
||||||
- if (getenv("TZ"))
|
- if (getenv("TZ"))
|
||||||
- child_set_env(&env, &envsize, "TZ", getenv("TZ"));
|
- child_set_env(&env, &envsize, "TZ", getenv("TZ"));
|
||||||
if (s->term)
|
|
||||||
child_set_env(&env, &envsize, "TERM", s->term);
|
|
||||||
if (s->display)
|
|
||||||
@@ -1389,7 +1400,7 @@ do_setusercontext(struct passwd *pw)
|
@@ -1389,7 +1400,7 @@ do_setusercontext(struct passwd *pw)
|
||||||
if (platform_privileged_uidswap()) {
|
if (platform_privileged_uidswap()) {
|
||||||
#ifdef HAVE_LOGIN_CAP
|
#ifdef HAVE_LOGIN_CAP
|
||||||
|
Loading…
Reference in New Issue
Block a user