[MacPorts] #64748: update OpenSSH to 8.9p1
MacPorts
noreply at macports.org
Tue Mar 8 21:24:41 UTC 2022
#64748: update OpenSSH to 8.9p1
-----------------------+--------------------
Reporter: artkiver | Owner: (none)
Type: update | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords:
Port: openssh |
-----------------------+--------------------
Comment (by artkiver):
Hi thetrial/ (alabay) I am uncertain if git rm in the PR removes the patch
for previous versions? If so, then that seems unwise, but it is my guess
that if following instructions such as
https://trac.macports.org/wiki/howto/InstallingOlderPort that since it
specifies checking out a specific commit, that presumably the 8.8p1 and
patch would be made available for users who may still wish to utilize that
GSSAPI/gsskex patch with 8.8p1 instead of using 8.9p1?
Alas, I am probably not the right person to attempt to refactor the
GSSAPI/gsskex patch at this moment. While I have certainly used OpenSSH
with things such as DuoSec tokens, OATH-TOTP (using Google Authenticator
tokens), yubico tokens (e.g. the yubico-pam MacPort) and even RSA SecurID
tokens (via lib-pam-radius-auth some years ago) and I think Bob Beck's
work with utilizing kerberos and OpenBSD for ethernet authentication to
provide something not entirely dissimilar to 802.1X port level
authentication using libre/free open source software (I think he may have
even later iterated that to use authpf?) as cited here:
https://cvs.afresh1.com/~andrew/o/events.html#lisa99 I personally, do not
have any GSSAPI infrastructure against which I can test even the previous
version of the patch.
Moreover, based upon the, IMHO, rather strong cautionary language of why
the upstream OpenSSH project, did not merge the https://github.com
/openssh-gsskex patches, as well as the fact that they themselves do not
appear to have updated their codebase in several months, as well as my
general tendency to reduce dependencies and attack surfaces and thus my
own personal choice in using the OpenSSH port is to -kerberos5 -gsskex
-authx variants for example, I am probably not really of the general
mindset even think that refactoring the previous patch for the current
version of OpenSSH is a wise idea without a lot more convincing, and given
that my interest in updating the port was predominantly to keep it in
alignment with the openssh.com current release, and I am merely a
volunteer without commit access, I would encourage you to seek out other
guidance since I doubt I will be able to be of much additional assistance
given my present circumstances.
If you want to see this patch updated, I would suggest maybe reaching out
to individuals who did work on previous iterations might be a better
approach, such as found in https://trac.macports.org/ticket/27250 or
https://trac.macports.org/ticket/60959 ?
I apologize in advance if that is not a particularly helpful answer, but
it is the best I can offer at this moment.
Replying to [comment:14 thetrial]:
> Replying to [comment:11 artkiver]:
>
> > {{{
> > git rm openssh-8.8p1-gsskex.patch
> > }}}
> >
> > Under the files subdirectory since that patch should not be needed for
8.9p1.
>
> Is it shure this patch isn’t needed anymore? Of course one can delete
the corresponding line in the portfile – but what is the consequence of
that patch not being implemented? Why not simply renaming the patch file?
Is the content of the patch file irrelevant now?
>
--
Ticket URL: <https://trac.macports.org/ticket/64748#comment:16>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list