svn commit: r528982 - in head: . security/openssh-portable security/openssh-portable/files

Mon Mar 23 17:07:46 UTC 2020

Author: bdrewery
Date: Mon Mar 23 17:07:42 2020
New Revision: 528982
URL: https://svnweb.freebsd.org/changeset/ports/528982

Log:
  Remove long broken X509 patch.
  
  Approved by:	portmgr (implicit)

Deleted:
  head/security/openssh-portable/files/extra-patch-x509-glue
Modified:
  head/MOVED
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/pkg-plist

Modified: head/MOVED
==============================================================================

--- head/MOVED	Mon Mar 23 17:04:51 2020	(r528981)
+++ head/MOVED	Mon Mar 23 17:07:42 2020	(r528982)
@@ -14501,3 +14501,4 @@ textproc/pychm||2020-03-20|Has expired: Unmaintained, 
 x11/rxvt|x11/rxvt-unicode|2020-03-20|Has expired: Abandonware: stable release 2.6.4 / November 1, 2001 and no maintainer
 x11-wm/clementine-wm||2020-03-20|Removed, unmaintained and depends on expired x11/rxvt
 net/kdsoap|www/kdsoap|2020-03-21|Already existed in the tree
+security/openssh-portable at x509||2020-03-23|Has expired: X509 long broken without known users

Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile	Mon Mar 23 17:04:51 2020	(r528981)
+++ head/security/openssh-portable/Makefile	Mon Mar 23 17:07:42 2020	(r528982)
@@ -26,7 +26,7 @@ CONFIGURE_ARGS=		--prefix=${PREFIX} --with-md5-passwor
 
 ETCOLD=			${PREFIX}/etc
 
-FLAVORS=			default hpn gssapi x509
+FLAVORS=			default hpn gssapi
 default_CONFLICTS_INSTALL=	openssh-portable-hpn openssh-portable-gssapi \
 				openssh-portable-x509
 hpn_CONFLICTS_INSTALL=		openssh-portable openssh-portable-gssapi \
@@ -35,13 +35,9 @@ hpn_PKGNAMESUFFIX=		-portable-hpn
 gssapi_CONFLICTS_INSTALL=	openssh-portable openssh-portable-hpn \
 				openssh-portable-x509
 gssapi_PKGNAMESUFFIX=		-portable-gssapi
-x509_CONFLICTS_INSTALL=		openssh-portable openssh-portable-hpn \
-				openssh-portable-gssapi
-x509_PKGNAMESUFFIX=		-portable-x509
 
-x509_BROKEN=		X509 not yet updated for ${DISTVERSION} - Does anyone use this? Contact maintainer bdrewery at FreeBSD.org
 OPTIONS_DEFINE=		DOCS PAM TCP_WRAPPERS LIBEDIT BSM \
-			HPN X509 KERB_GSSAPI \
+			HPN KERB_GSSAPI \
 			LDNS NONECIPHER XMSS
 OPTIONS_DEFAULT=	LIBEDIT PAM TCP_WRAPPERS LDNS
 .if ${FLAVOR:U} == hpn
@@ -50,9 +46,6 @@ OPTIONS_DEFAULT+=	HPN NONECIPHER
 .if ${FLAVOR:U} == gssapi
 OPTIONS_DEFAULT+=	KERB_GSSAPI MIT
 .endif
-.if ${FLAVOR:U} == x509
-OPTIONS_DEFAULT+=	X509
-.endif
 OPTIONS_RADIO=		KERBEROS
 OPTIONS_RADIO_KERBEROS=	MIT HEIMDAL HEIMDAL_BASE
 TCP_WRAPPERS_DESC=	tcp_wrappers support
@@ -60,7 +53,6 @@ BSM_DESC=		OpenBSM Auditing
 KERB_GSSAPI_DESC=	Kerberos/GSSAPI patch (req: GSSAPI)
 HPN_DESC=		HPN-SSH patch
 LDNS_DESC=		SSHFP/LDNS support
-X509_DESC=		x509 certificate patch
 HEIMDAL_DESC=		Heimdal Kerberos (security/heimdal)
 HEIMDAL_BASE_DESC=	Heimdal Kerberos (base)
 MIT_DESC=		MIT Kerberos (security/krb5)
@@ -80,12 +72,6 @@ LDNS_CONFIGURE_ON=	--with-ldflags='-L${LOCALBASE}/lib'
 HPN_CONFIGURE_WITH=		hpn
 NONECIPHER_CONFIGURE_WITH=	nonecipher
 
-# See http://www.roumenpetrov.info/openssh/
-X509_VERSION=		11.5
-X509_PATCH_SITES=	http://www.roumenpetrov.info/openssh/x509-${X509_VERSION}/:x509
-X509_EXTRA_PATCHES+=	${FILESDIR}/extra-patch-x509-glue
-X509_PATCHFILES=	${PORTNAME}-7.9p1+x509-${X509_VERSION}.diff.gz:-p1:x509
-
 MIT_LIB_DEPENDS=		libkrb5.so.3:security/krb5
 HEIMDAL_LIB_DEPENDS=		libkrb5.so.26:security/heimdal
 
@@ -100,13 +86,8 @@ ETCDIR?=		${PREFIX}/etc/ssh
 
 .include <bsd.port.pre.mk>
 
-PATCH_SITES+=	http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,x509,hpn,gsskex
+PATCH_SITES+=	http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex
 
-# X509 patch includes TCP Wrapper support already
-.if ${PORT_OPTIONS:MX509}
-EXTRA_PATCHES:=		${EXTRA_PATCHES:N${TCP_WRAPPERS_EXTRA_PATCHES}}
-.endif
-
 # Must add this patch before HPN due to conflicts
 .if ${PORT_OPTIONS:MKERB_GSSAPI}
 #BROKEN=	KERB_GSSAPI No patch for ${DISTVERSION} yet.
@@ -145,17 +126,6 @@ CONFIGURE_ARGS+=	--disable-utmp --disable-wtmp --disab
 
 # Keep this last
 EXTRA_PATCHES+=		${FILESDIR}/extra-patch-version-addendum
-
-.if ${PORT_OPTIONS:MX509}
-.  if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
-BROKEN=		X509 patch and HPN patch do not apply cleanly together
-.  endif
-
-.  if ${PORT_OPTIONS:MKERB_GSSAPI}
-BROKEN=		X509 patch incompatible with KERB_GSSAPI patch
-.  endif
-
-.endif
 
 .if ${PORT_OPTIONS:MHEIMDAL_BASE} && ${PORT_OPTIONS:MKERB_GSSAPI}
 BROKEN=		KERB_GSSAPI Requires either MIT or HEMIDAL, does not build with base Heimdal currently

Modified: head/security/openssh-portable/pkg-plist
==============================================================================
--- head/security/openssh-portable/pkg-plist	Mon Mar 23 17:04:51 2020	(r528981)
+++ head/security/openssh-portable/pkg-plist	Mon Mar 23 17:07:42 2020	(r528982)
@@ -8,7 +8,6 @@ bin/ssh-keyscan
 %%ETCDIR%%/moduli
 @sample %%ETCDIR%%/ssh_config.sample
 @sample %%ETCDIR%%/sshd_config.sample
-%%X509%%@dir %%ETCDIR%%/ca
 @postexec if [ -f %D/%%ETCDIR%%/ssh_host_ecdsa_key ] && grep -q DSA %D/%%ETCDIR%%/ssh_host_ecdsa_key; then echo; echo "\!/ Warning \!/"; echo; echo "Your %D/%%ETCDIR%%/ssh_host_ecdsa_key is not a valid ECDSA key. It is incorrectly"; echo "a DSA key due to a bug fixed in 2012 in the security/openssh-portable port."; echo; echo "Regenerate a proper one with: rm -f %D/%%ETCDIR%%/ssh_host_ecdsa_key*; service openssh restart"; echo; echo "Clients should not see any key change warning since the ECDSA was not valid and was not actually"; echo "used by the server."; echo; echo "\!/ Warning \!/"; fi
 sbin/sshd
 libexec/sftp-server
@@ -25,7 +24,6 @@ man/man1/ssh.1.gz
 man/man5/moduli.5.gz
 man/man5/ssh_config.5.gz
 man/man5/sshd_config.5.gz
-%%X509%%man/man5/ssh_engine.5.gz
 man/man8/sftp-server.8.gz
 man/man8/ssh-keysign.8.gz
 man/man8/ssh-pkcs11-helper.8.gz
