[119759] trunk/dports/net/openssh

cal at macports.org cal at macports.org
Mon May 5 14:25:29 PDT 2014 

Revision: 119759
          https://trac.macports.org/changeset/119759
Author:   cal at macports.org
Date:     2014-05-05 14:25:29 -0700 (Mon, 05 May 2014)
Log Message:
-----------
openssh: import BUG_CURVE25519PAD patch, closes #43556

Modified Paths:
--------------
    trunk/dports/net/openssh/Portfile

Added Paths:
-----------
    trunk/dports/net/openssh/files/patch-bug_curve25519pad.diff

Modified: trunk/dports/net/openssh/Portfile
===================================================================
--- trunk/dports/net/openssh/Portfile	2014-05-05 20:45:47 UTC (rev 119758)
+++ trunk/dports/net/openssh/Portfile	2014-05-05 21:25:29 UTC (rev 119759)
@@ -5,7 +5,7 @@
 
 name                openssh
 version             6.6p1
-revision            1
+revision            2
 categories          net
 platforms           darwin
 maintainers         nomaintainer
@@ -48,7 +48,9 @@
 patchfiles          launchd.patch \
                     pam.patch \
                     patch-sandbox-darwin.c-apple-sandbox-named-external.diff \
-                    patch-sshd.c-apple-sandbox-named-external.diff
+                    patch-sshd.c-apple-sandbox-named-external.diff \
+                    patch-bug_curve25519pad.diff
+
 # We need a couple of patches
 # - pam.patch
 #   getpwnam(3) on OS X always returns "*********" in the pw_passwd field even
@@ -133,12 +135,12 @@
     # http://www.psc.edu/index.php/hpn-ssh
     # http://www.freshports.org/security/openssh-portable/ is usually quick in
     # updating the HPN patch for new versions, take a look there, too.
-    patch_sites-append      http://mirror.shatow.net/freebsd/openssh/
-    set hpn_patchfile       ${name}-${version}-hpnssh14v2.diff.gz
+    patch_sites-append      http://mirror.shatow.net/freebsd/${name}/
+    set hpn_patchfile       ${name}-6.6.1p1-hpnssh14v2.diff.gz
     patchfiles-append       ${hpn_patchfile}
     checksums-append        ${hpn_patchfile} \
-                            rmd160  1e553ce6ba06237cfd0eb8c6ad9433df5eec8fee \
-                            sha256  2a1b34dc3bf922e12cbca687e57b1fad2a0b087e38022e6782e99b45fcc1a315
+                            rmd160  61b19b09adb61996703f1bdb82df98c5abe9ebd3 \
+                            sha256  b7f5bd22f1c0bacd41fc4884aeb19bba460d548af875eeb6c857cb77bab53376
 }
 
 variant gsskex conflicts hpn requires kerberos5 description "Add OpenSSH GSSAPI key exchange patch" {

Added: trunk/dports/net/openssh/files/patch-bug_curve25519pad.diff
===================================================================
--- trunk/dports/net/openssh/files/patch-bug_curve25519pad.diff	                        (rev 0)
+++ trunk/dports/net/openssh/files/patch-bug_curve25519pad.diff	2014-05-05 21:25:29 UTC (rev 119759)
@@ -0,0 +1,108 @@
+--- a/version.h	27 Feb 2014 23:01:54 -0000	1.82
++++ b/version.h	20 Apr 2014 03:35:15 -0000
+@@ -1,6 +1,6 @@
+ /* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
+ 
+-#define SSH_VERSION	"OpenSSH_6.6"
++#define SSH_VERSION	"OpenSSH_6.6.1"
+ 
+ #define SSH_PORTABLE	"p1"
+ #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
+--- a/compat.c	31 Dec 2013 01:25:41 -0000	1.82
++++ b/compat.c	20 Apr 2014 03:33:59 -0000	1.85
+@@ -95,6 +95,9 @@ compat_datafellows(const char *version)
+ 		{ "Sun_SSH_1.0*",	SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
+ 		{ "OpenSSH_4*",		0 },
+ 		{ "OpenSSH_5*",		SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
++		{ "OpenSSH_6.6.1*",	SSH_NEW_OPENSSH},
++		{ "OpenSSH_6.5*,"
++		  "OpenSSH_6.6*",	SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
+ 		{ "OpenSSH*",		SSH_NEW_OPENSSH },
+ 		{ "*MindTerm*",		0 },
+ 		{ "2.1.0*",		SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
+@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop
+ 	return cipher_prop;
+ }
+ 
+-
+ char *
+ compat_pkalg_proposal(char *pkalg_prop)
+ {
+@@ -263,5 +265,18 @@ compat_pkalg_proposal(char *pkalg_prop)
+ 	if (*pkalg_prop == '\0')
+ 		fatal("No supported PK algorithms found");
+ 	return pkalg_prop;
++}
++
++char *
++compat_kex_proposal(char *kex_prop)
++{
++	if (!(datafellows & SSH_BUG_CURVE25519PAD))
++		return kex_prop;
++	debug2("%s: original KEX proposal: %s", __func__, kex_prop);
++	kex_prop = filter_proposal(kex_prop, "curve25519-sha256 at libssh.org");
++	debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
++	if (*kex_prop == '\0')
++		fatal("No supported key exchange algorithms found");
++	return kex_prop;
+ }
+ 
+--- a/compat.h	31 Dec 2013 01:25:41 -0000	1.42
++++ b/compat.h	20 Apr 2014 03:25:31 -0000	1.43
+@@ -59,6 +59,7 @@
+ #define SSH_BUG_RFWD_ADDR	0x02000000
+ #define SSH_NEW_OPENSSH		0x04000000
+ #define SSH_BUG_DYNAMIC_RPORT	0x08000000
++#define SSH_BUG_CURVE25519PAD	0x10000000
+ 
+ void     enable_compat13(void);
+ void     enable_compat20(void);
+@@ -66,6 +67,7 @@ void     compat_datafellows(const char *
+ int	 proto_spec(const char *);
+ char	*compat_cipher_proposal(char *);
+ char	*compat_pkalg_proposal(char *);
++char	*compat_kex_proposal(char *);
+ 
+ extern int compat13;
+ extern int compat20;
+--- a/sshd.c	26 Feb 2014 23:20:08 -0000	1.448
++++ b/sshd.c	20 Apr 2014 03:28:41 -0000	1.453
+@@ -2462,6 +2438,9 @@ do_ssh2_kex(void)
+ 	if (options.kex_algorithms != NULL)
+ 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+ 
++	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
++	    myproposal[PROPOSAL_KEX_ALGS]);
++
+ 	if (options.rekey_limit || options.rekey_interval)
+ 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
+ 		    (time_t)options.rekey_interval);
+--- a/sshconnect2.c	4 Feb 2014 00:20:16 -0000	1.197
++++ b/sshconnect2.c	20 Apr 2014 03:25:31 -0000	1.199
+@@ -195,6 +196,8 @@ ssh_kex2(char *host, struct sockaddr *ho
+ 	}
+ 	if (options.kex_algorithms != NULL)
+ 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
++	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
++	    myproposal[PROPOSAL_KEX_ALGS]);
+ 
+ 	if (options.rekey_limit || options.rekey_interval)
+ 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
+--- a/bufaux.c	4 Feb 2014 00:20:15 -0000	1.62
++++ b/bufaux.c	20 Apr 2014 03:24:50 -0000	1.63
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
++/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
+ /*
+  * Author: Tatu Ylonen <ylo at cs.hut.fi>
+  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
+@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *b
+ 
+ 	if (l > 8 * 1024)
+ 		fatal("%s: length %u too long", __func__, l);
++	/* Skip leading zero bytes */
++	for (; l > 0 && *s == 0; l--, s++)
++		;
+ 	p = buf = xmalloc(l + 1);
+ 	/*
+ 	 * If most significant bit is set then prepend a zero byte to
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-changes/attachments/20140505/55533763/attachment.html>

More information about the macports-changes mailing list