MFH: r484842

- Fix X509 build after r484765 openssl fix
- Fix patch URL for KERB_GSSAPI
- Add FLAVORs for x509 and gssapi since they are distinct types of
  OpenSSH rather than feature flags.

Approved by:	portmgr (implicit)
This commit is contained in:
Bryan Drewery 2018-11-12 21:55:57 +00:00
parent b22d50c0e1
commit b2611c3baa
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/branches/2018Q4/; revision=484843
4 changed files with 24 additions and 48 deletions

View File

@ -26,10 +26,18 @@ CONFIGURE_ARGS= --prefix=${PREFIX} --with-md5-passwords \
ETCOLD= ${PREFIX}/etc ETCOLD= ${PREFIX}/etc
FLAVORS= default hpn FLAVORS= default hpn gssapi x509
default_CONFLICTS_INSTALL= openssl-portable-hpn default_CONFLICTS_INSTALL= openssh-portable-hpn openssh-portable-gssapi \
hpn_CONFLICTS_INSTALL= openssh-portable openssh-portable-x509
hpn_CONFLICTS_INSTALL= openssh-portable openssh-portable-gssapi \
openssh-portable-x509
hpn_PKGNAMESUFFIX= -portable-hpn hpn_PKGNAMESUFFIX= -portable-hpn
gssapi_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \
openssh-portable-x509
gssapi_PKGNAMESUFFIX= -portable-gssapi
x509_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \
openssh-portable-gssapi
x509_PKGNAMESUFFIX= -portable-x509
OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \ OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \
HPN X509 KERB_GSSAPI \ HPN X509 KERB_GSSAPI \
@ -38,6 +46,12 @@ OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS
.if ${FLAVOR:U} == hpn .if ${FLAVOR:U} == hpn
OPTIONS_DEFAULT+= HPN NONECIPHER OPTIONS_DEFAULT+= HPN NONECIPHER
.endif .endif
.if ${FLAVOR:U} == gssapi
OPTIONS_DEFAULT+= KERB_GSSAPI MIT
.endif
.if ${FLAVOR:U} == x509
OPTIONS_DEFAULT+= X509
.endif
OPTIONS_RADIO= KERBEROS OPTIONS_RADIO= KERBEROS
OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE
TCP_WRAPPERS_DESC= tcp_wrappers support TCP_WRAPPERS_DESC= tcp_wrappers support
@ -87,9 +101,13 @@ ETCDIR?= ${PREFIX}/etc/ssh
PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex
# Upstream OpenSSL fix but does not apply for x509 patch.
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969
# X509 patch includes TCP Wrapper support already # X509 patch includes TCP Wrapper support already
.if ${PORT_OPTIONS:MX509} .if ${PORT_OPTIONS:MX509}
EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}} EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}}
EXTRA_PATCHES:= ${EXTRA_PATCHES:N${FILESDIR}/extra-patch-c0a35265907533be10ca151ac797f34ae0d68969}
.endif .endif
# Must add this patch before HPN due to conflicts # Must add this patch before HPN due to conflicts
@ -104,7 +122,7 @@ EXTRA_PATCHES:= ${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}}
# Needed glue for applying HPN patch without conflict # Needed glue for applying HPN patch without conflict
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
. endif . endif
PATCHFILES+= openssh-7.7p1-gsskex-all-20141021-debian-rh-20171004.patch.gz:-p1:gsskex PATCHFILES+= openssh-7.9p1-gsskex-all-20141021-debian-rh-20181020.patch.gz:-p1:gsskex
.endif .endif
# https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1 # https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1

View File

@ -1,42 +1,3 @@
--- session.c.orig 2017-10-12 11:52:52.953370000 -0700
+++ session.c 2017-10-12 11:53:40.793055000 -0700
@@ -1062,36 +1062,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
if (getenv("TZ"))
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
-#ifdef __ANDROID__
-{
-#define COPY_ANDROID_ENV(name) { \
- char *s = getenv(name); \
- if (s) child_set_env(&env, &envsize, name, s); }
-
- /* from /init.rc */
- COPY_ANDROID_ENV("ANDROID_BOOTLOGO");
- COPY_ANDROID_ENV("ANDROID_ROOT");
- COPY_ANDROID_ENV("ANDROID_ASSETS");
- COPY_ANDROID_ENV("ANDROID_DATA");
- COPY_ANDROID_ENV("ASEC_MOUNTPOINT");
- COPY_ANDROID_ENV("LOOP_MOUNTPOINT");
- COPY_ANDROID_ENV("BOOTCLASSPATH");
-
- /* FIXME: keep android property workspace open
- * (see openbsd-compat/bsd-closefrom.c)
- */
- COPY_ANDROID_ENV("ANDROID_PROPERTY_WORKSPACE");
-
- COPY_ANDROID_ENV("EXTERNAL_STORAGE"); /* ??? */
- COPY_ANDROID_ENV("SECONDARY_STORAGE"); /* ??? */
- COPY_ANDROID_ENV("SD_EXT_DIRECTORY"); /* ??? */
-
- /* may contain path to custom libraries */
- COPY_ANDROID_ENV("LD_LIBRARY_PATH");
-#undef COPY_ANDROID_ENV
-}
-#endif
-
/* Set custom environment options from pubkey authentication. */
if (options.permit_user_env) {
for (n = 0 ; n < auth_opts->nenv; n++) {
--- sshd_config.5.orig 2017-10-12 11:51:06.638814000 -0700 --- sshd_config.5.orig 2017-10-12 11:51:06.638814000 -0700
+++ sshd_config.5 2017-10-12 11:51:33.780459000 -0700 +++ sshd_config.5 2017-10-12 11:51:33.780459000 -0700
@@ -1682,7 +1682,57 @@ is set to @@ -1682,7 +1682,57 @@ is set to

View File

@ -50,7 +50,7 @@ Sponsored by: DARPA, NAI Labs
+ *environ = NULL; + *environ = NULL;
+ (void) setusercontext(lc, pw, pw->pw_uid, + (void) setusercontext(lc, pw, pw->pw_uid,
+ LOGIN_SETENV|LOGIN_SETPATH); + LOGIN_SETENV|LOGIN_SETPATH);
+ copy_environment(environ, &env, &envsize); + copy_environment_blacklist(environ, &env, &envsize, NULL);
+ for (var = environ; *var != NULL; ++var) + for (var = environ; *var != NULL; ++var)
+ free(*var); + free(*var);
+ free(environ); + free(environ);
@ -58,7 +58,7 @@ Sponsored by: DARPA, NAI Labs
#else /* HAVE_LOGIN_CAP */ #else /* HAVE_LOGIN_CAP */
# ifndef HAVE_CYGWIN # ifndef HAVE_CYGWIN
/* /*
@@ -1082,14 +1098,9 @@ do_setup_env(struct ssh *ssh, Session *s, const char * @@ -1082,11 +1098,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
# endif /* HAVE_CYGWIN */ # endif /* HAVE_CYGWIN */
#endif /* HAVE_LOGIN_CAP */ #endif /* HAVE_LOGIN_CAP */
@ -70,9 +70,6 @@ Sponsored by: DARPA, NAI Labs
- if (getenv("TZ")) - if (getenv("TZ"))
- child_set_env(&env, &envsize, "TZ", getenv("TZ")); - child_set_env(&env, &envsize, "TZ", getenv("TZ"));
if (s->term)
child_set_env(&env, &envsize, "TERM", s->term);
if (s->display)
@@ -1389,7 +1400,7 @@ do_setusercontext(struct passwd *pw) @@ -1389,7 +1400,7 @@ do_setusercontext(struct passwd *pw)
if (platform_privileged_uidswap()) { if (platform_privileged_uidswap()) {
#ifdef HAVE_LOGIN_CAP #ifdef HAVE_LOGIN_CAP