Created attachment 165727 [details] patch for port Makefile Simon Wilkinson's GSSAPI enhancements patch has been updated for OpenSSH 7.1p2. I got the updated patch from Debian, but they credit Red Hat for the actual porting work. Attached are two versions of the patch (they differ only in one file, sshconnect2.c, depending on whether HPN/NONECIPHER options are enabled). I modified the Makefile to treat this as an "extra" rather than "distribution" patch, and to choose the right version of the patch depending on which options are enabled. This is tested with all three possible combinations of options. (I would note in passing that security/krb5 now installs shared libraries with SONAME bogusly set to libfoo.so.X.Y rather than the proper libfoo.so.X.)
Created attachment 165728 [details] GSSAPI patch without HPN
Nice. I'll look at getting this in tomorrow or Tuesday.
Created attachment 165729 [details] GSSAPI patch with HPN
Created attachment 165730 [details] poudriere testport output
I prefer to keep large patches mirrored rather than checked in. I have the HPN patch checked in purely for review since I tend to modify it from upstream. I modified the files/extra-patch-hpn to avoid one of the conflicts. The other conflict I handled with some glue between the GSS and HPN patch to move some variable definitions to a different place that works for C99. ~/svn/ports/security/openssh-portable # cat files/extra-patch-hpn-gss-glue --- sshconnect2.c.orig 2016-01-19 18:10:12.550854000 -0800 +++ sshconnect2.c 2016-01-19 18:10:27.290409000 -0800 @@ -160,11 +160,6 @@ ssh_kex2(char *host, struct sockaddr *ho struct kex *kex; int r; -#ifdef GSSAPI - char *orig = NULL, *gss = NULL; - char *gss_host = NULL; -#endif - xxx_host = host; xxx_hostaddr = hostaddr; @@ -199,6 +194,9 @@ ssh_kex2(char *host, struct sockaddr *ho } #ifdef GSSAPI + char *orig = NULL, *gss = NULL; + char *gss_host = NULL; + if (options.gss_keyex) { /* Add the GSSAPI mechanisms currently supported on this * client to the key exchange algorithm proposal */
(In reply to Garrett Wollman from comment #0) > (I would note in passing that security/krb5 now installs shared libraries > with SONAME bogusly set to libfoo.so.X.Y rather than the proper libfoo.so.X.) You should open a separate bug for that for cy@ to look at.
A commit references this bug: Author: bdrewery Date: Wed Jan 20 02:18:42 UTC 2016 New revision: 406725 URL: https://svnweb.freebsd.org/changeset/ports/406725 Log: Fix the KERB_GSSAPI option using the latest patch from Debian. This slightly refactors some of the HPN patch to avoid a conflict. PR: 206346 Submitted by: Garret Wollman Changes: head/security/openssh-portable/Makefile head/security/openssh-portable/distinfo head/security/openssh-portable/files/extra-patch-hpn head/security/openssh-portable/files/extra-patch-hpn-gss-glue
Thanks for tracking down the latest patch!