svn commit: r467200 - in head/security/openssh-portable: . files

Craig Leres leres at FreeBSD.org
Thu Apr 12 21:54:02 UTC 2018 

Author: leres
Date: Thu Apr 12 21:54:01 2018
New Revision: 467200
URL: https://svnweb.freebsd.org/changeset/ports/467200

Log:
  The block of code that canonicallizes the hostname supplied on
  the command line added by patch-ssh.c misapplies to 7.7p1 and
  moves from main() to to ssh_session2(). This breaks ssh SSHFP
  support for non-canonical hostnames. For example, "ssh zinc"
  correctly discovers the FQDN (zinc.ee.lbl.gov) and uses it to
  look up A and AAAA records but the non-canonical version (zinc)
  is used in the SSHFP record lookup which or course fails.
  
  Regenerate the patch.
  
  Reviewed by:	bdrewery, ler (mentor)
  Approved by:	bdrewery, ler (mentor)
  Differential Revision:	https://reviews.freebsd.org/D15053

Modified:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/files/patch-ssh.c

Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile	Thu Apr 12 21:45:23 2018	(r467199)
+++ head/security/openssh-portable/Makefile	Thu Apr 12 21:54:01 2018	(r467200)
@@ -3,7 +3,7 @@
 
 PORTNAME=	openssh
 DISTVERSION=	7.7p1
-PORTREVISION=	0
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	OPENBSD/OpenSSH/portable

Modified: head/security/openssh-portable/files/patch-ssh.c
==============================================================================
--- head/security/openssh-portable/files/patch-ssh.c	Thu Apr 12 21:45:23 2018	(r467199)
+++ head/security/openssh-portable/files/patch-ssh.c	Thu Apr 12 21:54:01 2018	(r467200)
@@ -5,11 +5,11 @@ Changed paths:
 
 Canonicize the host name before looking it up in the host file.
 
---- ssh.c.orig	2010-08-16 09:59:31.000000000 -0600
-+++ ssh.c	2010-08-25 17:55:01.000000000 -0600
-@@ -699,6 +699,23 @@
- 		    "h", host, (char *)NULL);
- 	}
+--- ssh.c.orig	2018-04-02 05:38:28 UTC
++++ ssh.c
+@@ -1281,6 +1281,23 @@ main(int ac, char **av)
+ 	ssh_digest_free(md);
+ 	conn_hash_hex = tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1));
  
 +	/* Find canonic host name. */
 +	if (strchr(host, '.') == 0) {
@@ -28,6 +28,6 @@ Canonicize the host name before looking it up in the h
 +		}
 +	}
 +
- 	if (options.local_command != NULL) {
- 		char thishost[NI_MAXHOST];
- 
+ 	/*
+ 	 * Expand tokens in arguments. NB. LocalCommand is expanded later,
+ 	 * after port-forwarding is set up, so it may pick up any local

More information about the svn-ports-all mailing list