Re: security/openssh-portable

Wed, 14 Mar 2012 12:20:19 -0700 

Hello Cy,

On 3/14/2012 08:57, Cy Schubert wrote:

[snip]

> What I propose to do is remove the GSSAPI
> patch from security/openssh-portable and for those who need the GSSAPI 
> server key exchange, create a new port (through a repocopy of course) which 
> includes the illinois.edu GSI patch with reworked FreeBSD patches resolving 
> patch conflicts, calling it security/openssh-portable-gsi. Does this make 
> any sense to anyone?
> 
> Or, instead of the above, just include the GSI patch by default in a 
> one-size-fits-all openssh-portable port? (Meaning that the GSI patch is 
> applied regardless.) Does this make more sense to people?

Personally, I use HPN and LPK. If KRB5 becomes a requirement for HPN, I
don't find that an issue, but others may.

I'm also keeping a local fix you might want to properly integrate into
the LPK patch: it fixes a bug that TLS cannot be turned off if
LPKLdapConf is used.
-- 
Mel

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/openssh-portable/Makefile,v
retrieving revision 1.157
diff -u -r1.157 Makefile
--- Makefile    23 Dec 2011 12:52:28 -0000      1.157
+++ Makefile    14 Mar 2012 19:09:36 -0000
@@ -205,6 +205,9 @@
        @${REINPLACE_CMD} -e 's|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION 
SSH_PORTABLE SSH_HPN|' \
                ${WRKSRC}/version.h
 .endif
+.if defined(WITH_LPK)
+       @${PATCH} ${PATCH_DIST_ARGS} < ${FILESDIR}/fix-lpk-tls.patch
+.endif
 
 pre-su-install:
        @${MKDIR} ${EMPTYDIR}
Index: files/fix-lpk-tls.patch
===================================================================
RCS file: files/fix-lpk-tls.patch
diff -N files/fix-lpk-tls.patch
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ files/fix-lpk-tls.patch     2 Jan 2012 17:26:37 -0000
@@ -0,0 +1,11 @@
+--- ldapauth.c.prev    2012-01-02 07:15:19.000000000 -0900
++++ ldapauth.c 2012-01-02 08:21:23.000000000 -0900
+@@ -565,6 +565,8 @@
+         else if (!strcasecmp (k, "ssl")) {
+             if (!strcasecmp (v, "start_tls"))
+                 l->tls = 1;
++          else if (!strcasecmp(v, "off"))
++              l->tls = 0;
+         }
+     }
+ 

_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Reply via email to