git: 09b332a71572 - main - security/openssh-portable: Add KERB_GSSAPI patch for 9.8p1

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mateusz Piotrowski <0mp_at_FreeBSD.org>
Date: Fri, 06 Sep 2024 09:15:36 UTC
The branch main has been updated by 0mp:

URL: https://cgit.FreeBSD.org/ports/commit/?id=09b332a715723a2f6f390125e97effeffa1061b0

commit 09b332a715723a2f6f390125e97effeffa1061b0
Author:     Mateusz Piotrowski <0mp@FreeBSD.org>
AuthorDate: 2024-08-16 08:33:26 +0000
Commit:     Mateusz Piotrowski <0mp@FreeBSD.org>
CommitDate: 2024-09-06 09:12:58 +0000

    security/openssh-portable: Add KERB_GSSAPI patch for 9.8p1
    
    This patch unbreaks the gssapi flavor.
    
    - Update the distfile location.
    - Remove files/extra-patch-gssapi-auth2-gss.c. The change is already
      present in the code so there is no need to carry this extra patch any
      further.
    - Add -lgssapi_krb5 to CONFIGURE_LIBS. It fixes the following build errors:
    
          ld: error: undefined symbol: gss_indicate_mechs
          >>> referenced by sshd.c
          >>>               sshd.o:(main)
          ld: error: undefined symbol: gss_release_oid_set
          >>> referenced by sshd.c
          >>>               sshd.o:(main)
    
    PR:             279437
    Approved by:    maintainer timeout
    Sponsored by:   Klara, Inc.
---
 security/openssh-portable/Makefile                            | 10 +++++-----
 security/openssh-portable/distinfo                            |  4 +++-
 .../openssh-portable/files/extra-patch-gssapi-auth2-gss.c     | 11 -----------
 3 files changed, 8 insertions(+), 17 deletions(-)

diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 482ed3798104..97ba9e01adf9 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -102,22 +102,21 @@ PATCH_SITES+=	http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex
 
 # Must add this patch before HPN due to conflicts
 .if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi
-BROKEN=	KERB_GSSAPI No patch for ${DISTVERSION} yet.
+#BROKEN=	KERB_GSSAPI No patch for ${DISTVERSION} yet.
 .  if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
 # Needed glue for applying HPN patch without conflict
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-hpn-gss-glue
 .  endif
 # - See https://sources.debian.org/data/main/o/openssh/ for which subdir to
 # pull from.
-GSSAPI_DEBIAN_VERSION=	9.7p1
-GSSAPI_DEBIAN_SUBDIR=	${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-2
+GSSAPI_DEBIAN_VERSION=	9.8p1
+GSSAPI_DEBIAN_SUBDIR=	${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-3
 # - Debian does not use a versioned filename so we trick fetch to make one for
 # us with the ?<anything>=/ trick.
 PATCH_SITES+=	https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex
 # Bump this when updating the patch location
-GSSAPI_DISTVERSION=	9.7p1
+GSSAPI_DISTVERSION=	9.8p1
 PATCHFILES+=	openssh-${GSSAPI_DISTVERSION:U${DISTVERSION}}-gsskex-all-debian-rh-${GSSAPI_DISTVERSION}.patch:-p1:gsskex
-EXTRA_PATCHES+=	${FILESDIR}/extra-patch-gssapi-auth2-gss.c
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-gssapi-kexgssc.c
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-gssapi-kexgsss.c
 .endif
@@ -158,6 +157,7 @@ IGNORE=		you have selected HEIMDAL_BASE but do not have heimdal installed in bas
 CONFIGURE_LIBS+=	-lgssapi_krb5
 CONFIGURE_ARGS+=	--with-kerberos5=/usr
 .	else
+CONFIGURE_LIBS+=	-lgssapi_krb5
 CONFIGURE_ARGS+=	--with-kerberos5=${LOCALBASE}
 .	endif
 .	if ${OPENSSLBASE} == "/usr"
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index 53b8c023cdd9..11c1f02429d4 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,3 +1,5 @@
-TIMESTAMP = 1719864470
+TIMESTAMP = 1722605239
 SHA256 (openssh-9.8p1.tar.gz) = dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3
 SIZE (openssh-9.8p1.tar.gz) = 1910393
+SHA256 (openssh-9.8p1-gsskex-all-debian-rh-9.8p1.patch) = f5b93bf8076aa386afa63e98bb5b39b6e477b8ccb24d2d4b700f6cd685be6f78
+SIZE (openssh-9.8p1-gsskex-all-debian-rh-9.8p1.patch) = 125084
diff --git a/security/openssh-portable/files/extra-patch-gssapi-auth2-gss.c b/security/openssh-portable/files/extra-patch-gssapi-auth2-gss.c
deleted file mode 100644
index 68170a9f8e79..000000000000
--- a/security/openssh-portable/files/extra-patch-gssapi-auth2-gss.c
+++ /dev/null
@@ -1,11 +0,0 @@
---- auth2-gss.c.orig	2022-03-03 10:56:35.668672000 -0800
-+++ auth2-gss.c	2022-03-03 11:03:16.048838000 -0800
-@@ -59,7 +59,7 @@ static int input_gssapi_errtok(int, u_int32_t, struct 
-  * The 'gssapi_keyex' userauth mechanism.
-  */
- static int
--userauth_gsskeyex(struct ssh *ssh)
-+userauth_gsskeyex(struct ssh *ssh, const char *method)
- {
- 	Authctxt *authctxt = ssh->authctxt;
- 	int r, authenticated = 0;