From nobody Sun Sep 18 11:35:10 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MVm271dSqz4cr2B; Sun, 18 Sep 2022 11:35:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MVm271H5pz4496; Sun, 18 Sep 2022 11:35:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1663500911; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KlNWLPftn+vwWcbNzLzq2eGdz1vcofHZ/ycTXD55MxY=; b=VjKjw+cNj0dnIS44P71eSKTVoV+8ySbRUN3VifF2W67pGXqQZp+lrk1Szwr1FDI50D9JRN tFA3ztyqgPqFUY4/Kdg2flH3bOtCbY4OcQlWyzxzH58++4pYYhWzmXCpIx7UHdc47BcIwm uC7NcA53ms+W5rpSyQja7F2kfrXA0Ez6SCPXR/3Vuxkew2iQmrMydAY79vvvtW7Vg7WwrU hcuTd3d7hLjDXa6Z1Z0bkThK77GRV4IJ6t1Kb6AT0CswNgifRSM9D2rBLiFsLGP4TJWTRC SZEYAcYZt09ebzpY7ifJefUkYiRlhHab+l8q0eKuNWhG5uAZDDCvsvnmAUCP7A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MVm270Msqz12Kv; Sun, 18 Sep 2022 11:35:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 28IBZBvi054031; Sun, 18 Sep 2022 11:35:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 28IBZA7Z054030; Sun, 18 Sep 2022 11:35:10 GMT (envelope-from git) Date: Sun, 18 Sep 2022 11:35:10 GMT Message-Id: <202209181135.28IBZA7Z054030@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Matthias Andree Subject: git: 41f892414e18 - main - security/putty: Fix static GSSAPI solutions, List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mandree X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 41f892414e181e8938f18ba78ce54a6153d2739c Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1663500911; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KlNWLPftn+vwWcbNzLzq2eGdz1vcofHZ/ycTXD55MxY=; b=k5KdLTotA7az71Ez8q9Ir/FP87qTVHzdqwAhAfP7Xcz6dc+34LK7JIoXJuAS/LZEfuYsou t6Nb/b660PxCH8BnQ6YqJXaX9tkKZilUfENs8PL5gTc143Q3uWoKcIhN/O4MpUXZiQNnqF J96Np+vuejeeXBOpC2zMLBSBdp8YCfvQlynUXBJPwyvk64QmeXExHX4rTy8tgzAp+harm6 G5Xxzvca0jzFloV92sctj6Y9BRienAC7nk3qAC7jbv03+k28os0C9lcVzoco/rYQ7j8QbG pBJsodSxq9PPZB9fyWxrddT2oT0UqXYIVlBepEVvQYnoA7s2TGusilkJZDp0UQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1663500911; a=rsa-sha256; cv=none; b=gh9BKAaHWzruAJXrV46BDe37Ub9fh8NDOG77ZafYQTbnqLB1OJ3Pd57UtsaIrFDgWHVDhA eb/m1RlDkPT3/bO7UIcc6+61nx96aT7HPFO+mNQWdfTxjpwYtHzHxYFhpJZUyVOZJLwEu3 +6YU9VY+WzrVwAewsmoGMOzwQ+zE+2EoE+Gi8yB7Brg6gOaBtaXoKuNKvetv+Ah2l0fZR1 sagnZMdumv5AZEd6QWRa5N60HOWyd4hTJjWoNaVUMOSxZ2+pDZ5wp9CIqIJ3VT19ieWtzh ReAKfQHH4O7b3ys0NvRZF6mAdPshTczk6JRDsrVOeX2pmMs3sjEN3oVWfL2/gA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=41f892414e181e8938f18ba78ce54a6153d2739c commit 41f892414e181e8938f18ba78ce54a6153d2739c Author: Matthias Andree AuthorDate: 2022-09-18 11:30:47 +0000 Commit: Matthias Andree CommitDate: 2022-09-18 11:35:04 +0000 security/putty: Fix static GSSAPI solutions, with a patch received from Simon Tatham, and mask GSSAPI_DYNAMIC for now, because it is not working. Debugging going on, but let's get GSSAPI working at all for now, and make GSSAPI_BASE the default. --- security/putty/Makefile | 40 +++-- ...support-krb5-config-as-well-as-pkg-confi.patch} | 18 +- ...-GSSAPI-fix-an-uninitialised-structure-fi.patch | 29 +++ ...PI-support-static-linking-against-Heimdal.patch | 197 +++++++++++++++++++++ ...don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch | 36 ++++ security/putty/files/patch-network.c | 16 ++ security/putty/files/patch-pageant.c | 11 ++ security/putty/files/patch-ssh_gssc.c | 2 +- security/putty/files/patch-unix_network.c | 4 +- security/putty/files/patch-unix_pageant.c | 4 +- 10 files changed, 326 insertions(+), 31 deletions(-) diff --git a/security/putty/Makefile b/security/putty/Makefile index 77ec0c8b7e7c..86ede48a8a20 100644 --- a/security/putty/Makefile +++ b/security/putty/Makefile @@ -1,9 +1,15 @@ PORTNAME= putty DISTVERSION= 0.78~pre20220916.e1b73f0 +PORTREVISION= 1 CATEGORIES= security #MASTER_SITES= http://the.earth.li/~sgtatham/putty/${PORTVERSION}/ \ # ftp://ftp.chiark.greenend.org.uk/users/sgtatham/putty-latest/ MASTER_SITES= https://tartarus.org/~simon/putty-prerel-snapshots/ +EXTRA_PATCHES+= ${FILESDIR}/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch +EXTRA_PATCHES+= ${FILESDIR}/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch +EXTRA_PATCHES+= ${FILESDIR}/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch +EXTRA_PATCHES+= ${FILESDIR}/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch +PATCH_STRIP= -p1 MAINTAINER= mandree@FreeBSD.org COMMENT= Secure shell and telnet client including xterm emulator @@ -18,11 +24,13 @@ USE_PERL5= build CONFLICTS_INSTALL?= pssh putty-nogtk -PLIST_FILES= bin/plink \ +PLIST_FILES= bin/pageant \ + bin/plink \ bin/pscp \ bin/psftp \ bin/psusan \ bin/puttygen \ + share/man/man1/pageant.1.gz \ share/man/man1/plink.1.gz \ share/man/man1/pscp.1.gz \ share/man/man1/psftp.1.gz \ @@ -30,14 +38,13 @@ PLIST_FILES= bin/plink \ share/man/man1/puttygen.1.gz OPTIONS_DEFINE= GTK3 -OPTIONS_DEFAULT= GSSAPI_NONE GTK3 +OPTIONS_DEFAULT= GSSAPI_BASE GTK3 OPTIONS_SINGLE= GSSAPI_SELECT -OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_DYNAMIC GSSAPI_NONE -#OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_BASE \ -# GSSAPI_DYNAMIC \ -# GSSAPI_HEIMDAL \ -# GSSAPI_MIT \ -# GSSAPI_NONE +OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_BASE \ + GSSAPI_HEIMDAL \ + GSSAPI_MIT \ + GSSAPI_NONE \ + # GSSAPI_DYNAMIC GSSAPI_DYNAMIC_DESC= EXPERIMENTAL dynamic runtime load of GSS libs .include @@ -55,10 +62,8 @@ USES+= gnome USE_GNOME= cairo gdkpixbuf2 gtk30 CMAKE_ARGS+= -DPUTTY_GTK_VERSION:STRING=3 -PLIST_FILES+= bin/pageant \ - bin/pterm \ +PLIST_FILES+= bin/pterm \ bin/putty \ - share/man/man1/pageant.1.gz \ share/man/man1/pterm.1.gz \ share/man/man1/putty.1.gz \ share/pixmaps/putty.ico @@ -77,20 +82,17 @@ CMAKE_ARGS+= -DPUTTY_GTK_VERSION:STRING=OFF CMAKE_ARGS+= -DCMAKE_DISABLE_FIND_PACKAGE_X11:BOOL=TRUE .endif -.if ${PORT_OPTIONS:MGSSAPI_HEIMDAL} -# does not compile currently -BROKEN= GSSAPI_HEIMDAL does not compile as of putty 0.77 and 0.78~pre20220916.e1b73f0 -USES+= gssapi:heimdal,flags -CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC -.elif ${PORT_OPTIONS:MGSSAPI_BASE} -BROKEN= GSSAPI_BASE does not work as of putty 0.77 and 0.78~pre20220916.e1b73f0 +.if ${PORT_OPTIONS:MGSSAPI_BASE} # Heimdal-like in base system USES+= gssapi:base,flags CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC +.elif ${PORT_OPTIONS:MGSSAPI_HEIMDAL} +USES+= gssapi:heimdal,flags +CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC .elif ${PORT_OPTIONS:MGSSAPI_MIT} -BROKEN= GSSAPI_MIT does not work as of putty 0.77 and 0.78~pre20220916.e1b73f0 USES+= gssapi:mit,flags CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC .elif ${PORT_OPTIONS:MGSSAPI_DYNAMIC} +BROKEN= GSSAPI_DYNAMIC does not work as of putty 0.78~pre20220916.e1b73f0 CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=DYNAMIC USES+= gssapi:base,flags .else diff --git a/security/putty/files/patch-krb5cfg b/security/putty/files/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch similarity index 84% rename from security/putty/files/patch-krb5cfg rename to security/putty/files/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch index c0e700a9c1a3..afa8f7539a06 100644 --- a/security/putty/files/patch-krb5cfg +++ b/security/putty/files/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch @@ -1,16 +1,20 @@ -From 1992df5d7a1ea0636a62facbdb74d32cb4d5b50d Mon Sep 17 00:00:00 2001 +From b0a61849efb3cbf0f1c0fead0f422341a969458c Mon Sep 17 00:00:00 2001 From: Simon Tatham -Date: Wed, 1 Jun 2022 10:48:14 +0100 -Subject: [PATCH] First attempt at supporting krb5-config. +Date: Sat, 17 Sep 2022 07:53:43 +0100 +Subject: [PATCH 1/4] Unix GSSAPI: support krb5-config as well as pkg-config. +On FreeBSD, I'm told, you can't configure Kerberos via pkg-config. So +we need a fallback. Here's some manual code to run krb5-config and +pick apart the result, similar to what I already did with gtk-config +for our (still not dead!) GTK 1 support. --- cmake/platforms/unix.cmake | 63 +++++++++++++++++++++++++++++++++++++- 1 file changed, 62 insertions(+), 1 deletion(-) -diff --git ./cmake/platforms/unix.cmake ./cmake/platforms/unix.cmake +diff --git a/cmake/platforms/unix.cmake b/cmake/platforms/unix.cmake index 291d1e64..95339f22 100644 ---- ./cmake/platforms/unix.cmake~ -+++ ./cmake/platforms/unix.cmake +--- a/cmake/platforms/unix.cmake ++++ b/cmake/platforms/unix.cmake @@ -108,16 +108,77 @@ if(PUTTY_GSSAPI STREQUAL DYNAMIC) endif() @@ -91,5 +95,5 @@ index 291d1e64..95339f22 100644 set(NO_GSSAPI ON) endif() -- -2.34.1 +2.37.3 diff --git a/security/putty/files/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch b/security/putty/files/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch new file mode 100644 index 000000000000..c0b7ca5792b9 --- /dev/null +++ b/security/putty/files/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch @@ -0,0 +1,29 @@ +From 374107eb1e2ae576c10cdd538f45f18918df8c4b Mon Sep 17 00:00:00 2001 +From: Simon Tatham +Date: Sat, 17 Sep 2022 07:09:29 +0100 +Subject: [PATCH 2/4] Unix static GSSAPI: fix an uninitialised structure field. + +When linking statically against Kerberos, the setup code in +ssh_got_ssh_version() was trying to look up want_id==0 in the list of +one GSSAPI library, but unfortunately, the id field of that record was +not initialised at all, so if it happened to be nonzero nonsense, the +loop wouldn't find a library at all and would fail an assertion. +--- + unix/gss.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/unix/gss.c b/unix/gss.c +index cd9971c7..bd599fcc 100644 +--- a/unix/gss.c ++++ b/unix/gss.c +@@ -140,6 +140,7 @@ struct ssh_gss_liblist *ssh_gss_setup(Conf *conf) + list->libraries = snew(struct ssh_gss_library); + list->nlibraries = 1; + ++ list->libraries[0].id = 0; + list->libraries[0].gsslogmsg = "Using statically linked GSSAPI"; + + #define BIND_GSS_FN(name) \ +-- +2.37.3 + diff --git a/security/putty/files/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch b/security/putty/files/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch new file mode 100644 index 000000000000..a636197aed46 --- /dev/null +++ b/security/putty/files/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch @@ -0,0 +1,197 @@ +From 35a87984f67ebc2db3f670cb1431f08991853a5e Mon Sep 17 00:00:00 2001 +From: Simon Tatham +Date: Sat, 17 Sep 2022 07:28:46 +0100 +Subject: [PATCH 3/4] Unix GSSAPI: support static linking against Heimdal. + +Heimdal provides its own definitions of OIDs like GSS_C_NT_USER_NAME +in the form of macros, which conflict with our attempt to redefine +them as variables - the macro gets expanded into the middle of the +variable declaration, leaving the poor C compiler trying to parse a +non-declaration along the lines of + +const_gss_OID (&__gss_c_nt_anonymous_oid_desc) = oids+5; + +Easily fixed by just not redefining these at all if they're already +defined as macros. To make that easier, I've broken up the oids[] +array into individual gss_OID_desc declarations, so I can put each one +inside the appropriate ifdef. + +In the process, I've removed the 'const' from the gss_OID_desc +declarations. That's on purpose! The problem is that not all +implementations of the GSSAPI headers make const_gss_OID a pointer to +a *const* gss_OID_desc; sometimes it's just a plain one and the +'const' prefix is just a comment to the user. So removing that const +prevents compiler warnings (or worse) about address-taking a const +thing and assigning it into a non-const pointer. +--- + ssh/pgssapi.c | 106 ++++++++++++++++++++++++++++++++------------------ + 1 file changed, 68 insertions(+), 38 deletions(-) + +diff --git a/ssh/pgssapi.c b/ssh/pgssapi.c +index 1f54d805..1730444d 100644 +--- a/ssh/pgssapi.c ++++ b/ssh/pgssapi.c +@@ -9,38 +9,63 @@ + + #ifndef NO_LIBDL + +-/* Reserved static storage for GSS_oids. Comments are quotes from RFC 2744. */ +-static const gss_OID_desc oids[] = { ++/* Reserved static storage for GSS_oids. ++ * Constants of the form GSS_C_NT_* are specified by rfc 2744. ++ * Comments are quotes from RFC 2744 itself. ++ * ++ * These may be #defined to complex expressions by the local header ++ * file, if we're including one in static-GSSAPI mode. (For example, ++ * Heimdal defines them to things like ++ * (&__gss_c_nt_user_name_oid_desc).) So we only define them if ++ * needed. */ ++ ++#ifndef GSS_C_NT_USER_NAME ++static gss_OID_desc oid_GSS_C_NT_USER_NAME = { + /* The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ +- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"}, ++ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01", + /* corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant + * GSS_C_NT_USER_NAME should be initialized to point +- * to that gss_OID_desc. ++ * to that gss_OID_desc. */ ++}; ++const_gss_OID GSS_C_NT_USER_NAME = &oid_GSS_C_NT_USER_NAME; ++#endif + +- * The implementation must reserve static storage for a ++#ifndef GSS_C_NT_MACHINE_UID_NAME ++static gss_OID_desc oid_GSS_C_NT_MACHINE_UID_NAME = { ++ /* The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ +- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"}, ++ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02", + /* corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. + * The constant GSS_C_NT_MACHINE_UID_NAME should be +- * initialized to point to that gss_OID_desc. ++ * initialized to point to that gss_OID_desc. */ ++}; ++const_gss_OID GSS_C_NT_MACHINE_UID_NAME = &oid_GSS_C_NT_MACHINE_UID_NAME; ++#endif + +- * The implementation must reserve static storage for a ++#ifndef GSS_C_NT_STRING_UID_NAME ++static gss_OID_desc oid_GSS_C_NT_STRING_UID_NAME = { ++ /* The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ +- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"}, ++ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03", + /* corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. + * The constant GSS_C_NT_STRING_UID_NAME should be +- * initialized to point to that gss_OID_desc. +- * +- * The implementation must reserve static storage for a ++ * initialized to point to that gss_OID_desc. */ ++}; ++const_gss_OID GSS_C_NT_STRING_UID_NAME = &oid_GSS_C_NT_STRING_UID_NAME; ++#endif ++ ++#ifndef GSS_C_NT_HOSTBASED_SERVICE_X ++static gss_OID_desc oid_GSS_C_NT_HOSTBASED_SERVICE_X = { ++ /* The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ +- {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, ++ 6, "\x2b\x06\x01\x05\x06\x02", + /* corresponding to an object-identifier value of + * {iso(1) org(3) dod(6) internet(1) security(5) + * nametypes(6) gss-host-based-services(2))}. The constant +@@ -52,29 +77,44 @@ static const gss_OID_desc oids[] = { + * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym + * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input + * parameter, but should not be emitted by GSS-API +- * implementations +- * +- * The implementation must reserve static storage for a ++ * implementations */ ++}; ++const_gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &oid_GSS_C_NT_HOSTBASED_SERVICE_X; ++#endif ++ ++#ifndef GSS_C_NT_HOSTBASED_SERVICE ++static gss_OID_desc oid_GSS_C_NT_HOSTBASED_SERVICE = { ++ /* The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ +- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"}, ++ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04", + /* corresponding to an object-identifier value of {iso(1) + * member-body(2) Unites States(840) mit(113554) infosys(1) + * gssapi(2) generic(1) service_name(4)}. The constant + * GSS_C_NT_HOSTBASED_SERVICE should be initialized +- * to point to that gss_OID_desc. +- * +- * The implementation must reserve static storage for a ++ * to point to that gss_OID_desc. */ ++}; ++const_gss_OID GSS_C_NT_HOSTBASED_SERVICE = &oid_GSS_C_NT_HOSTBASED_SERVICE; ++#endif ++ ++#ifndef GSS_C_NT_ANONYMOUS ++static gss_OID_desc oid_GSS_C_NT_ANONYMOUS = { ++ /* The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ +- {6, (void *)"\x2b\x06\01\x05\x06\x03"}, ++ 6, "\x2b\x06\01\x05\x06\x03", + /* corresponding to an object identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 3(gss-anonymous-name)}. The constant + * and GSS_C_NT_ANONYMOUS should be initialized to point +- * to that gss_OID_desc. +- * +- * The implementation must reserve static storage for a ++ * to that gss_OID_desc. */ ++}; ++const_gss_OID GSS_C_NT_ANONYMOUS = &oid_GSS_C_NT_ANONYMOUS; ++#endif ++ ++#ifndef GSS_C_NT_EXPORT_NAME ++static gss_OID_desc oid_GSS_C_NT_EXPORT_NAME = { ++ /* The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ +- {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, ++ 6, "\x2b\x06\x01\x05\x06\x04", + /* corresponding to an object-identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 4(gss-api-exported-name)}. The constant +@@ -82,23 +122,13 @@ static const gss_OID_desc oids[] = { + * to that gss_OID_desc. + */ + }; +- +-/* Here are the constants which point to the static structure above. +- * +- * Constants of the form GSS_C_NT_* are specified by rfc 2744. +- */ +-const_gss_OID GSS_C_NT_USER_NAME = oids+0; +-const_gss_OID GSS_C_NT_MACHINE_UID_NAME = oids+1; +-const_gss_OID GSS_C_NT_STRING_UID_NAME = oids+2; +-const_gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = oids+3; +-const_gss_OID GSS_C_NT_HOSTBASED_SERVICE = oids+4; +-const_gss_OID GSS_C_NT_ANONYMOUS = oids+5; +-const_gss_OID GSS_C_NT_EXPORT_NAME = oids+6; ++const_gss_OID GSS_C_NT_EXPORT_NAME = &oid_GSS_C_NT_EXPORT_NAME; ++#endif + + #endif /* NO_LIBDL */ + + static gss_OID_desc gss_mech_krb5_desc = +-{ 9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; ++{ 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; + /* iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) krb5(2)*/ + const gss_OID GSS_MECH_KRB5 = &gss_mech_krb5_desc; + +-- +2.37.3 + diff --git a/security/putty/files/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch b/security/putty/files/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch new file mode 100644 index 000000000000..a58bbd185458 --- /dev/null +++ b/security/putty/files/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch @@ -0,0 +1,36 @@ +From a95e38e9b18ce69b542a9a8c0f18ea8f4c7abb3a Mon Sep 17 00:00:00 2001 +From: Simon Tatham +Date: Sat, 17 Sep 2022 07:50:55 +0100 +Subject: [PATCH 4/4] GSSAPI fix: don't pass GSS_C_NO_NAME to + inquire_cred_by_mech. + +This was pointed out by another compiler warning. The 'name' parameter +of inquire_cred_by_mech is not a gss_name_t (which is the type of +GSS_C_NO_NAME); it's a gss_name_t *, because it's an _output_ +parameter. We're not telling the library that we aren't _passing_ a +name: we're telling it that we don't need it to _return_ us a name. So +the appropriate null pointer representation is just NULL. + +(This was harmless apart from a compiler warning, because gss_name_t +is a pointer type in turn and GSS_C_NO_NAME expands to a null pointer +anyway. It was just a wrongly-typed null pointer.) +--- + ssh/gssc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssh/gssc.c b/ssh/gssc.c +index 0224afe2..d10caf8b 100644 +--- a/ssh/gssc.c ++++ b/ssh/gssc.c +@@ -75,7 +75,7 @@ static Ssh_gss_stat ssh_gssapi_acquire_cred(struct ssh_gss_library *lib, + gssctx->maj_stat = + gss->inquire_cred_by_mech(&gssctx->min_stat, cred, + (gss_OID) GSS_MECH_KRB5, +- GSS_C_NO_NAME, ++ NULL, + &time_rec, + NULL, + NULL); +-- +2.37.3 + diff --git a/security/putty/files/patch-network.c b/security/putty/files/patch-network.c new file mode 100644 index 000000000000..61a5b64dc8ab --- /dev/null +++ b/security/putty/files/patch-network.c @@ -0,0 +1,16 @@ +--- unix/network.c.orig 2022-09-15 23:42:29 UTC ++++ unix/network.c +@@ -11,8 +11,13 @@ + #include + #include + #include ++#ifdef __FreeBSD__ ++#include + #include ++#else ++#include + #include ++#endif + #include + #include + #include diff --git a/security/putty/files/patch-pageant.c b/security/putty/files/patch-pageant.c new file mode 100644 index 000000000000..e1361c40a7bb --- /dev/null +++ b/security/putty/files/patch-pageant.c @@ -0,0 +1,11 @@ +--- unix/pageant.c.orig 2022-09-15 23:42:29 UTC ++++ unix/pageant.c +@@ -330,7 +330,7 @@ void pageant_fork_and_print_env(bool retain_tty) + /* Get out of our previous process group, to avoid being + * blasted by passing signals. But keep our controlling tty, + * so we can keep checking to see if we still have one. */ +- setpgrp(); ++ setpgrp(0,0); + } else { + /* Do that, but also leave our entire session and detach from + * the controlling tty (if any). */ diff --git a/security/putty/files/patch-ssh_gssc.c b/security/putty/files/patch-ssh_gssc.c index 91db8b14c57e..1ab63d482f5d 100644 --- a/security/putty/files/patch-ssh_gssc.c +++ b/security/putty/files/patch-ssh_gssc.c @@ -1,4 +1,4 @@ ---- ssh/gssc.c.orig 2022-05-24 16:56:27 UTC +--- ./ssh/gssc.c.orig 2022-05-24 16:56:27 UTC +++ ssh/gssc.c @@ -75,7 +75,7 @@ static Ssh_gss_stat ssh_gssapi_acquire_cred(struct ssh gssctx->maj_stat = diff --git a/security/putty/files/patch-unix_network.c b/security/putty/files/patch-unix_network.c index 19e87ca62c99..7557695903f5 100644 --- a/security/putty/files/patch-unix_network.c +++ b/security/putty/files/patch-unix_network.c @@ -1,5 +1,5 @@ ---- unix/network.c.orig 2022-05-24 16:56:28 UTC -+++ unix/network.c +--- ./unix/network.c.orig 2022-05-24 16:56:28 UTC ++++ ./unix/network.c @@ -11,8 +11,13 @@ #include #include diff --git a/security/putty/files/patch-unix_pageant.c b/security/putty/files/patch-unix_pageant.c index acfcf94966be..fbd68b9aba82 100644 --- a/security/putty/files/patch-unix_pageant.c +++ b/security/putty/files/patch-unix_pageant.c @@ -1,5 +1,5 @@ ---- unix/pageant.c.orig 2022-05-24 16:56:28 UTC -+++ unix/pageant.c +--- ./unix/pageant.c.orig 2022-05-24 16:56:28 UTC ++++ ./unix/pageant.c @@ -330,7 +330,7 @@ void pageant_fork_and_print_env(bool retain_tty) /* Get out of our previous process group, to avoid being * blasted by passing signals. But keep our controlling tty,