From nobody Mon Sep 19 17:29:11 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MWWr76l8Hz4cFks; Mon, 19 Sep 2022 17:29:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MWWr76VDpz3jGN; Mon, 19 Sep 2022 17:29:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1663608551; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=85SJFwYhvuYzVpJbXPloUKVPGyHfBpVe0Y/6pvYZG+A=; b=Kpl4whVIzendu57VUvidtDX7hy7LdKvGgZ3cRoWDxavs2yPV0qlkXaytsz2tuCcqL2EdX1 kLmUIslkmorMQu+Wc95AsaJSpV6QzTE/HHSQCytJLtamfw6mb4WEvT90wY8HY+NuHoxz8Y D4d9kfnZqM0TRoLCuhJS9RnUcNIhF7yymg7GoD7TmKz9xdHP4KuYgaLGYA4iaLbNPh8imh AQbATenaRXGmnxbctLgXWla2Tg81jdAXo/WJHr97SofLZn28XAPbggIa5lYmzOSjT0Xf2X ytmHjPUEF9FGR4fi6VskfpsMWzU6uPI1VQzcplcU8hmanil/AWkrizOKjsm2Gw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MWWr75XK3zS5t; Mon, 19 Sep 2022 17:29:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 28JHTB7Q075737; Mon, 19 Sep 2022 17:29:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 28JHTBEc075736; Mon, 19 Sep 2022 17:29:11 GMT (envelope-from git) Date: Mon, 19 Sep 2022 17:29:11 GMT Message-Id: <202209191729.28JHTBEc075736@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Matthias Andree Subject: git: 4872e1bf8eb0 - main - security/putty: Update to pre20220919 + 2 Git patches List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mandree X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4872e1bf8eb07e7f2cae42145539e1166162dc33 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1663608551; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=85SJFwYhvuYzVpJbXPloUKVPGyHfBpVe0Y/6pvYZG+A=; b=tsmPhMPmDzBL/YAGIH2EEzHWU+309/imxiszeuV3j/Un27QEBe229FmhTh6MBCp9ervzRz Q5pQuk3RuPiiVxzAh2DZuD2V3gEXwdu2OAEeL3m6uhS4w2Hi01yh2I3npOhtp5uR1y+duL heS1RosmL4eMzKLHuv+5eDTn//W7SkW/t0h0G/0n02PtquBzthWCdQGTTeI9E0CN73RWE+ msELDxhuCC1TTHfMzSdj0lSJMBBw53hO13VC4xyQlPIytyVr+LUQA8/RB53Y0iIjBoHSkm V/6Njt5IVeq3TtvL6ijcik9yKYusgQiE3Cw2UiuzXMX9e/O2iNX1eXiRb30V3g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1663608551; a=rsa-sha256; cv=none; b=xsTVQ9qTmw6j29rfve8OYluyvGiSlp4ozWBN0aHEG+rpNn6rWy6pFAH/eXwV1HkSBYwHtd 1MGdyVaMkX/UIoAAydm5LXQcA+17/6fqaZ6dLeA6M5PMh9s05m/jldbNjBuAWqDOfcNXx1 tnRf7+XZwKvmqQ4IeSke0qmlg1xkwf1kKWOPajkV7gmPj08aY9Ud0g1lRQWI199CAsQEEO LLBdQx80Kf9Xi4yev4wh50vEJnMAzLUlmxCMYAueFun+6CODW4tMNBj/+vaINpIqSxe6IZ xEaZNO17NIw8vRXLxoIS5dlVQNrxDzwCATguowvVUF+mO7o6DUbgLwLz97bWtA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=4872e1bf8eb07e7f2cae42145539e1166162dc33 commit 4872e1bf8eb07e7f2cae42145539e1166162dc33 Author: Matthias Andree AuthorDate: 2022-09-19 17:28:08 +0000 Commit: Matthias Andree CommitDate: 2022-09-19 17:29:09 +0000 security/putty: Update to pre20220919 + 2 Git patches This allows us to remove all local patch files. --- security/putty/Makefile | 23 ++- security/putty/distinfo | 6 +- ...-support-krb5-config-as-well-as-pkg-confi.patch | 99 ----------- ...setpgrp-cmake-check-use-if-not-if-defined.patch | 32 ++++ ...-GSSAPI-fix-an-uninitialised-structure-fi.patch | 29 --- ...02-Use-GTK_LDFLAGS-when-testing-for-Pango.patch | 29 +++ ...PI-support-static-linking-against-Heimdal.patch | 197 --------------------- ...don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch | 36 ---- security/putty/files/patch-ssh_gssc.c | 11 -- security/putty/files/patch-unix_network.c | 16 -- security/putty/files/patch-unix_pageant.c | 11 -- 11 files changed, 74 insertions(+), 415 deletions(-) diff --git a/security/putty/Makefile b/security/putty/Makefile index 99e1442aff21..80b4f84f2d28 100644 --- a/security/putty/Makefile +++ b/security/putty/Makefile @@ -1,14 +1,14 @@ PORTNAME= putty -DISTVERSION= 0.78~pre20220916.e1b73f0 -PORTREVISION= 3 +PORTVERSION= 0.78~pre20220919 +DISTNAME= ${PORTNAME}-${PORTVERSION}.fda41e1 +PORTREVISION= 0 CATEGORIES= security #MASTER_SITES= http://the.earth.li/~sgtatham/putty/${PORTVERSION}/ \ # ftp://ftp.chiark.greenend.org.uk/users/sgtatham/putty-latest/ -MASTER_SITES= https://tartarus.org/~simon/putty-prerel-snapshots/ -EXTRA_PATCHES+= ${FILESDIR}/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch -EXTRA_PATCHES+= ${FILESDIR}/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch -EXTRA_PATCHES+= ${FILESDIR}/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch -EXTRA_PATCHES+= ${FILESDIR}/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch +MASTER_SITES= https://tartarus.org/~simon/putty-prerel-snapshots/ \ + LOCAL/mandree/ +EXTRA_PATCHES+= ${FILESDIR}/0001-setpgrp-cmake-check-use-if-not-if-defined.patch +EXTRA_PATCHES+= ${FILESDIR}/0002-Use-GTK_LDFLAGS-when-testing-for-Pango.patch PATCH_STRIP= -p1 MAINTAINER= mandree@FreeBSD.org @@ -72,12 +72,9 @@ DESKTOP_ENTRIES= "PuTTY" \ "" \ false .else -# XXX FIXME HACK ALERT -# PUTTY_GTK_VERSION=OFF is not a valid choice, but manages to -# skip all version comparisons for GTK in cmake/gtk.cmake: -CMAKE_ARGS+= -DPUTTY_GTK_VERSION:STRING=OFF -# this is standard stuff: -CMAKE_ARGS+= -DCMAKE_DISABLE_FIND_PACKAGE_X11:BOOL=TRUE +# hack alert: PuTTY, as of 864b4c, masks the definition of NOT_X_WINDOWS +# under GTK_FOUND; which it defeats. Pass it down explicitly. +CMAKE_ARGS+= -DPUTTY_GTK_VERSION:STRING=NONE -DNOT_X_WINDOWS:BOOL=TRUE .endif .if ${PORT_OPTIONS:MGSSAPI_BASE} # Heimdal-like in base system diff --git a/security/putty/distinfo b/security/putty/distinfo index c372db49ff29..bffdde6560a7 100644 --- a/security/putty/distinfo +++ b/security/putty/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1663360961 -SHA256 (putty-0.78~pre20220916.e1b73f0.tar.gz) = 73d14697ea397f9eb4c6e5e127ef33a15a499947c129e502b3a55a40ce19388d -SIZE (putty-0.78~pre20220916.e1b73f0.tar.gz) = 2810612 +TIMESTAMP = 1663606232 +SHA256 (putty-0.78~pre20220919.fda41e1.tar.gz) = 76be193cc2dd3b38849714ab5f1d4ac539d911ca22c2636a744fc2f09b72dc2a +SIZE (putty-0.78~pre20220919.fda41e1.tar.gz) = 2811117 diff --git a/security/putty/files/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch b/security/putty/files/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch deleted file mode 100644 index afa8f7539a06..000000000000 --- a/security/putty/files/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch +++ /dev/null @@ -1,99 +0,0 @@ -From b0a61849efb3cbf0f1c0fead0f422341a969458c Mon Sep 17 00:00:00 2001 -From: Simon Tatham -Date: Sat, 17 Sep 2022 07:53:43 +0100 -Subject: [PATCH 1/4] Unix GSSAPI: support krb5-config as well as pkg-config. - -On FreeBSD, I'm told, you can't configure Kerberos via pkg-config. So -we need a fallback. Here's some manual code to run krb5-config and -pick apart the result, similar to what I already did with gtk-config -for our (still not dead!) GTK 1 support. ---- - cmake/platforms/unix.cmake | 63 +++++++++++++++++++++++++++++++++++++- - 1 file changed, 62 insertions(+), 1 deletion(-) - -diff --git a/cmake/platforms/unix.cmake b/cmake/platforms/unix.cmake -index 291d1e64..95339f22 100644 ---- a/cmake/platforms/unix.cmake -+++ b/cmake/platforms/unix.cmake -@@ -108,16 +108,77 @@ if(PUTTY_GSSAPI STREQUAL DYNAMIC) - endif() - - if(PUTTY_GSSAPI STREQUAL STATIC) -+ set(KRB5_CFLAGS) -+ set(KRB5_LDFLAGS) -+ -+ # First try using pkg-config - find_package(PkgConfig) - pkg_check_modules(KRB5 krb5-gssapi) -+ -+ # Failing that, try the dedicated krb5-config -+ if(NOT KRB5_FOUND) -+ find_program(KRB5_CONFIG krb5-config) -+ if(KRB5_CONFIG) -+ execute_process(COMMAND ${KRB5_CONFIG} --cflags gssapi -+ OUTPUT_VARIABLE krb5_config_cflags -+ OUTPUT_STRIP_TRAILING_WHITESPACE -+ RESULT_VARIABLE krb5_config_cflags_result) -+ execute_process(COMMAND ${KRB5_CONFIG} --libs gssapi -+ OUTPUT_VARIABLE krb5_config_libs -+ OUTPUT_STRIP_TRAILING_WHITESPACE -+ RESULT_VARIABLE krb5_config_libs_result) -+ -+ if(krb5_config_cflags_result EQUAL 0 AND krb5_config_libs_result EQUAL 0) -+ set(KRB5_INCLUDE_DIRS) -+ set(KRB5_LIBRARY_DIRS) -+ set(KRB5_LIBRARIES) -+ -+ # We can safely put krb5-config's cflags directly into cmake's -+ # cflags, without bothering to extract the include directories. -+ set(KRB5_CFLAGS ${krb5_config_cflags}) -+ -+ # But krb5-config --libs isn't so simple. It will actually -+ # deliver a mix of libraries and other linker options. We have -+ # to separate them for cmake purposes, because if we pass the -+ # whole lot to add_link_options then they'll appear too early -+ # in the command line (so that by the time our own code refers -+ # to GSSAPI functions it'll be too late to search these -+ # libraries for them), and if we pass the whole lot to -+ # link_libraries then it'll get confused about options that -+ # aren't libraries. -+ separate_arguments(krb5_config_libs NATIVE_COMMAND -+ ${krb5_config_libs}) -+ foreach(opt ${krb5_config_libs}) -+ string(REGEX MATCH "^-l" ok ${opt}) -+ if(ok) -+ list(APPEND KRB5_LIBRARIES ${opt}) -+ continue() -+ endif() -+ string(REGEX MATCH "^-L" ok ${opt}) -+ if(ok) -+ string(REGEX REPLACE "^-L" "" optval ${opt}) -+ list(APPEND KRB5_LIBRARY_DIRS ${optval}) -+ continue() -+ endif() -+ list(APPEND KRB5_LDFLAGS ${opt}) -+ endforeach() -+ -+ message(STATUS "Found Kerberos via krb5-config") -+ set(KRB5_FOUND YES) -+ endif() -+ endif() -+ endif() -+ - if(KRB5_FOUND) - include_directories(${KRB5_INCLUDE_DIRS}) - link_directories(${KRB5_LIBRARY_DIRS}) - link_libraries(${KRB5_LIBRARIES}) -+ add_compile_options(${KRB5_CFLAGS}) -+ add_link_options(${KRB5_LDFLAGS}) - set(STATIC_GSSAPI ON) - else() - message(WARNING -- "Could not find krb5 via pkg-config -- \ -+ "Could not find krb5 via pkg-config or krb5-config -- \ - cannot provide static GSSAPI support") - set(NO_GSSAPI ON) - endif() --- -2.37.3 - diff --git a/security/putty/files/0001-setpgrp-cmake-check-use-if-not-if-defined.patch b/security/putty/files/0001-setpgrp-cmake-check-use-if-not-if-defined.patch new file mode 100644 index 000000000000..b5b91d4e6a0e --- /dev/null +++ b/security/putty/files/0001-setpgrp-cmake-check-use-if-not-if-defined.patch @@ -0,0 +1,32 @@ +From ae2c0d40ae61f56994c8d0fc4613ec9758dc2f08 Mon Sep 17 00:00:00 2001 +From: Simon Tatham +Date: Mon, 19 Sep 2022 11:31:27 +0000 +Subject: [PATCH 1/2] setpgrp cmake check: use #if, not #if defined. + +I still haven't got out of the habit of doing this the autotools way, +which doesn't work in cmake. cmake's HAVE_FOO variables are always +defined, and they take values 0 or 1, so testing them with 'defined' +will return the wrong value. +--- + unix/pageant.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/unix/pageant.c b/unix/pageant.c +index 6d125fce..4558cd37 100644 +--- a/unix/pageant.c ++++ b/unix/pageant.c +@@ -330,9 +330,9 @@ void pageant_fork_and_print_env(bool retain_tty) + /* Get out of our previous process group, to avoid being + * blasted by passing signals. But keep our controlling tty, + * so we can keep checking to see if we still have one. */ +-#if defined HAVE_NULLARY_SETPGRP ++#if HAVE_NULLARY_SETPGRP + setpgrp(); +-#elif defined HAVE_BINARY_SETPGRP ++#elif HAVE_BINARY_SETPGRP + setpgrp(0, 0); + #endif + } else { +-- +2.37.3 + diff --git a/security/putty/files/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch b/security/putty/files/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch deleted file mode 100644 index c0b7ca5792b9..000000000000 --- a/security/putty/files/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 374107eb1e2ae576c10cdd538f45f18918df8c4b Mon Sep 17 00:00:00 2001 -From: Simon Tatham -Date: Sat, 17 Sep 2022 07:09:29 +0100 -Subject: [PATCH 2/4] Unix static GSSAPI: fix an uninitialised structure field. - -When linking statically against Kerberos, the setup code in -ssh_got_ssh_version() was trying to look up want_id==0 in the list of -one GSSAPI library, but unfortunately, the id field of that record was -not initialised at all, so if it happened to be nonzero nonsense, the -loop wouldn't find a library at all and would fail an assertion. ---- - unix/gss.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/unix/gss.c b/unix/gss.c -index cd9971c7..bd599fcc 100644 ---- a/unix/gss.c -+++ b/unix/gss.c -@@ -140,6 +140,7 @@ struct ssh_gss_liblist *ssh_gss_setup(Conf *conf) - list->libraries = snew(struct ssh_gss_library); - list->nlibraries = 1; - -+ list->libraries[0].id = 0; - list->libraries[0].gsslogmsg = "Using statically linked GSSAPI"; - - #define BIND_GSS_FN(name) \ --- -2.37.3 - diff --git a/security/putty/files/0002-Use-GTK_LDFLAGS-when-testing-for-Pango.patch b/security/putty/files/0002-Use-GTK_LDFLAGS-when-testing-for-Pango.patch new file mode 100644 index 000000000000..1fdf5cd5b65f --- /dev/null +++ b/security/putty/files/0002-Use-GTK_LDFLAGS-when-testing-for-Pango.patch @@ -0,0 +1,29 @@ +From 864b4c27fa67a95b2daa095923878bdba9fc6fcf Mon Sep 17 00:00:00 2001 +From: Simon Tatham +Date: Mon, 19 Sep 2022 11:34:21 +0000 +Subject: [PATCH 2/2] Use GTK_LDFLAGS when testing for Pango. + +On FreeBSD, the GTK libraries aren't stored on the standard library +path, so pkg-config has to emit a -L option as well as -l options. +This worked fine during the main build, but the -L option wasn't being +passed through to check_symbol_exists() for the tests of Pango API +function availability. +--- + cmake/gtk.cmake | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/cmake/gtk.cmake b/cmake/gtk.cmake +index 34396d2f..13ff7705 100644 +--- a/cmake/gtk.cmake ++++ b/cmake/gtk.cmake +@@ -74,6 +74,7 @@ if(GTK_FOUND) + # Check for some particular Pango functions. + function(pango_check_subscope) + set(CMAKE_REQUIRED_INCLUDES ${GTK_INCLUDE_DIRS}) ++ set(CMAKE_REQUIRED_LINK_OPTIONS ${GTK_LDFLAGS}) + set(CMAKE_REQUIRED_LIBRARIES ${GTK_LIBRARIES}) + check_symbol_exists(pango_font_family_is_monospace "pango/pango.h" + HAVE_PANGO_FONT_FAMILY_IS_MONOSPACE) +-- +2.37.3 + diff --git a/security/putty/files/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch b/security/putty/files/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch deleted file mode 100644 index a636197aed46..000000000000 --- a/security/putty/files/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch +++ /dev/null @@ -1,197 +0,0 @@ -From 35a87984f67ebc2db3f670cb1431f08991853a5e Mon Sep 17 00:00:00 2001 -From: Simon Tatham -Date: Sat, 17 Sep 2022 07:28:46 +0100 -Subject: [PATCH 3/4] Unix GSSAPI: support static linking against Heimdal. - -Heimdal provides its own definitions of OIDs like GSS_C_NT_USER_NAME -in the form of macros, which conflict with our attempt to redefine -them as variables - the macro gets expanded into the middle of the -variable declaration, leaving the poor C compiler trying to parse a -non-declaration along the lines of - -const_gss_OID (&__gss_c_nt_anonymous_oid_desc) = oids+5; - -Easily fixed by just not redefining these at all if they're already -defined as macros. To make that easier, I've broken up the oids[] -array into individual gss_OID_desc declarations, so I can put each one -inside the appropriate ifdef. - -In the process, I've removed the 'const' from the gss_OID_desc -declarations. That's on purpose! The problem is that not all -implementations of the GSSAPI headers make const_gss_OID a pointer to -a *const* gss_OID_desc; sometimes it's just a plain one and the -'const' prefix is just a comment to the user. So removing that const -prevents compiler warnings (or worse) about address-taking a const -thing and assigning it into a non-const pointer. ---- - ssh/pgssapi.c | 106 ++++++++++++++++++++++++++++++++------------------ - 1 file changed, 68 insertions(+), 38 deletions(-) - -diff --git a/ssh/pgssapi.c b/ssh/pgssapi.c -index 1f54d805..1730444d 100644 ---- a/ssh/pgssapi.c -+++ b/ssh/pgssapi.c -@@ -9,38 +9,63 @@ - - #ifndef NO_LIBDL - --/* Reserved static storage for GSS_oids. Comments are quotes from RFC 2744. */ --static const gss_OID_desc oids[] = { -+/* Reserved static storage for GSS_oids. -+ * Constants of the form GSS_C_NT_* are specified by rfc 2744. -+ * Comments are quotes from RFC 2744 itself. -+ * -+ * These may be #defined to complex expressions by the local header -+ * file, if we're including one in static-GSSAPI mode. (For example, -+ * Heimdal defines them to things like -+ * (&__gss_c_nt_user_name_oid_desc).) So we only define them if -+ * needed. */ -+ -+#ifndef GSS_C_NT_USER_NAME -+static gss_OID_desc oid_GSS_C_NT_USER_NAME = { - /* The implementation must reserve static storage for a - * gss_OID_desc object containing the value */ -- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"}, -+ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01", - /* corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant - * GSS_C_NT_USER_NAME should be initialized to point -- * to that gss_OID_desc. -+ * to that gss_OID_desc. */ -+}; -+const_gss_OID GSS_C_NT_USER_NAME = &oid_GSS_C_NT_USER_NAME; -+#endif - -- * The implementation must reserve static storage for a -+#ifndef GSS_C_NT_MACHINE_UID_NAME -+static gss_OID_desc oid_GSS_C_NT_MACHINE_UID_NAME = { -+ /* The implementation must reserve static storage for a - * gss_OID_desc object containing the value */ -- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"}, -+ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02", - /* corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. - * The constant GSS_C_NT_MACHINE_UID_NAME should be -- * initialized to point to that gss_OID_desc. -+ * initialized to point to that gss_OID_desc. */ -+}; -+const_gss_OID GSS_C_NT_MACHINE_UID_NAME = &oid_GSS_C_NT_MACHINE_UID_NAME; -+#endif - -- * The implementation must reserve static storage for a -+#ifndef GSS_C_NT_STRING_UID_NAME -+static gss_OID_desc oid_GSS_C_NT_STRING_UID_NAME = { -+ /* The implementation must reserve static storage for a - * gss_OID_desc object containing the value */ -- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"}, -+ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03", - /* corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. - * The constant GSS_C_NT_STRING_UID_NAME should be -- * initialized to point to that gss_OID_desc. -- * -- * The implementation must reserve static storage for a -+ * initialized to point to that gss_OID_desc. */ -+}; -+const_gss_OID GSS_C_NT_STRING_UID_NAME = &oid_GSS_C_NT_STRING_UID_NAME; -+#endif -+ -+#ifndef GSS_C_NT_HOSTBASED_SERVICE_X -+static gss_OID_desc oid_GSS_C_NT_HOSTBASED_SERVICE_X = { -+ /* The implementation must reserve static storage for a - * gss_OID_desc object containing the value */ -- {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, -+ 6, "\x2b\x06\x01\x05\x06\x02", - /* corresponding to an object-identifier value of - * {iso(1) org(3) dod(6) internet(1) security(5) - * nametypes(6) gss-host-based-services(2))}. The constant -@@ -52,29 +77,44 @@ static const gss_OID_desc oids[] = { - * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym - * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input - * parameter, but should not be emitted by GSS-API -- * implementations -- * -- * The implementation must reserve static storage for a -+ * implementations */ -+}; -+const_gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &oid_GSS_C_NT_HOSTBASED_SERVICE_X; -+#endif -+ -+#ifndef GSS_C_NT_HOSTBASED_SERVICE -+static gss_OID_desc oid_GSS_C_NT_HOSTBASED_SERVICE = { -+ /* The implementation must reserve static storage for a - * gss_OID_desc object containing the value */ -- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"}, -+ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04", - /* corresponding to an object-identifier value of {iso(1) - * member-body(2) Unites States(840) mit(113554) infosys(1) - * gssapi(2) generic(1) service_name(4)}. The constant - * GSS_C_NT_HOSTBASED_SERVICE should be initialized -- * to point to that gss_OID_desc. -- * -- * The implementation must reserve static storage for a -+ * to point to that gss_OID_desc. */ -+}; -+const_gss_OID GSS_C_NT_HOSTBASED_SERVICE = &oid_GSS_C_NT_HOSTBASED_SERVICE; -+#endif -+ -+#ifndef GSS_C_NT_ANONYMOUS -+static gss_OID_desc oid_GSS_C_NT_ANONYMOUS = { -+ /* The implementation must reserve static storage for a - * gss_OID_desc object containing the value */ -- {6, (void *)"\x2b\x06\01\x05\x06\x03"}, -+ 6, "\x2b\x06\01\x05\x06\x03", - /* corresponding to an object identifier value of - * {1(iso), 3(org), 6(dod), 1(internet), 5(security), - * 6(nametypes), 3(gss-anonymous-name)}. The constant - * and GSS_C_NT_ANONYMOUS should be initialized to point -- * to that gss_OID_desc. -- * -- * The implementation must reserve static storage for a -+ * to that gss_OID_desc. */ -+}; -+const_gss_OID GSS_C_NT_ANONYMOUS = &oid_GSS_C_NT_ANONYMOUS; -+#endif -+ -+#ifndef GSS_C_NT_EXPORT_NAME -+static gss_OID_desc oid_GSS_C_NT_EXPORT_NAME = { -+ /* The implementation must reserve static storage for a - * gss_OID_desc object containing the value */ -- {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, -+ 6, "\x2b\x06\x01\x05\x06\x04", - /* corresponding to an object-identifier value of - * {1(iso), 3(org), 6(dod), 1(internet), 5(security), - * 6(nametypes), 4(gss-api-exported-name)}. The constant -@@ -82,23 +122,13 @@ static const gss_OID_desc oids[] = { - * to that gss_OID_desc. - */ - }; -- --/* Here are the constants which point to the static structure above. -- * -- * Constants of the form GSS_C_NT_* are specified by rfc 2744. -- */ --const_gss_OID GSS_C_NT_USER_NAME = oids+0; --const_gss_OID GSS_C_NT_MACHINE_UID_NAME = oids+1; --const_gss_OID GSS_C_NT_STRING_UID_NAME = oids+2; --const_gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = oids+3; --const_gss_OID GSS_C_NT_HOSTBASED_SERVICE = oids+4; --const_gss_OID GSS_C_NT_ANONYMOUS = oids+5; --const_gss_OID GSS_C_NT_EXPORT_NAME = oids+6; -+const_gss_OID GSS_C_NT_EXPORT_NAME = &oid_GSS_C_NT_EXPORT_NAME; -+#endif - - #endif /* NO_LIBDL */ - - static gss_OID_desc gss_mech_krb5_desc = --{ 9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; -+{ 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; - /* iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) krb5(2)*/ - const gss_OID GSS_MECH_KRB5 = &gss_mech_krb5_desc; - --- -2.37.3 - diff --git a/security/putty/files/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch b/security/putty/files/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch deleted file mode 100644 index a58bbd185458..000000000000 --- a/security/putty/files/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch +++ /dev/null @@ -1,36 +0,0 @@ -From a95e38e9b18ce69b542a9a8c0f18ea8f4c7abb3a Mon Sep 17 00:00:00 2001 -From: Simon Tatham -Date: Sat, 17 Sep 2022 07:50:55 +0100 -Subject: [PATCH 4/4] GSSAPI fix: don't pass GSS_C_NO_NAME to - inquire_cred_by_mech. - -This was pointed out by another compiler warning. The 'name' parameter -of inquire_cred_by_mech is not a gss_name_t (which is the type of -GSS_C_NO_NAME); it's a gss_name_t *, because it's an _output_ -parameter. We're not telling the library that we aren't _passing_ a -name: we're telling it that we don't need it to _return_ us a name. So -the appropriate null pointer representation is just NULL. - -(This was harmless apart from a compiler warning, because gss_name_t -is a pointer type in turn and GSS_C_NO_NAME expands to a null pointer -anyway. It was just a wrongly-typed null pointer.) ---- - ssh/gssc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ssh/gssc.c b/ssh/gssc.c -index 0224afe2..d10caf8b 100644 ---- a/ssh/gssc.c -+++ b/ssh/gssc.c -@@ -75,7 +75,7 @@ static Ssh_gss_stat ssh_gssapi_acquire_cred(struct ssh_gss_library *lib, - gssctx->maj_stat = - gss->inquire_cred_by_mech(&gssctx->min_stat, cred, - (gss_OID) GSS_MECH_KRB5, -- GSS_C_NO_NAME, -+ NULL, - &time_rec, - NULL, - NULL); --- -2.37.3 - diff --git a/security/putty/files/patch-ssh_gssc.c b/security/putty/files/patch-ssh_gssc.c deleted file mode 100644 index 1ab63d482f5d..000000000000 --- a/security/putty/files/patch-ssh_gssc.c +++ /dev/null @@ -1,11 +0,0 @@ ---- ./ssh/gssc.c.orig 2022-05-24 16:56:27 UTC -+++ ssh/gssc.c -@@ -75,7 +75,7 @@ static Ssh_gss_stat ssh_gssapi_acquire_cred(struct ssh - gssctx->maj_stat = - gss->inquire_cred_by_mech(&gssctx->min_stat, cred, - (gss_OID) GSS_MECH_KRB5, -- GSS_C_NO_NAME, -+ NULL, - &time_rec, - NULL, - NULL); diff --git a/security/putty/files/patch-unix_network.c b/security/putty/files/patch-unix_network.c deleted file mode 100644 index 7557695903f5..000000000000 --- a/security/putty/files/patch-unix_network.c +++ /dev/null @@ -1,16 +0,0 @@ ---- ./unix/network.c.orig 2022-05-24 16:56:28 UTC -+++ ./unix/network.c -@@ -11,8 +11,13 @@ - #include - #include - #include -+#ifdef __FreeBSD__ -+#include - #include -+#else -+#include - #include -+#endif - #include - #include - #include diff --git a/security/putty/files/patch-unix_pageant.c b/security/putty/files/patch-unix_pageant.c deleted file mode 100644 index fbd68b9aba82..000000000000 --- a/security/putty/files/patch-unix_pageant.c +++ /dev/null @@ -1,11 +0,0 @@ ---- ./unix/pageant.c.orig 2022-05-24 16:56:28 UTC -+++ ./unix/pageant.c -@@ -330,7 +330,7 @@ void pageant_fork_and_print_env(bool retain_tty) - /* Get out of our previous process group, to avoid being - * blasted by passing signals. But keep our controlling tty, - * so we can keep checking to see if we still have one. */ -- setpgrp(); -+ setpgrp(0,0); - } else { - /* Do that, but also leave our entire session and detach from - * the controlling tty (if any). */