From nobody@FreeBSD.org  Thu May  3 08:14:15 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 93A8D106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  3 May 2012 08:14:15 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 7E8C48FC12
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  3 May 2012 08:14:15 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q438EFKU047593
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 3 May 2012 08:14:15 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q438EFZs047565;
	Thu, 3 May 2012 08:14:15 GMT
	(envelope-from nobody)
Message-Id: <201205030814.q438EFZs047565@red.freebsd.org>
Date: Thu, 3 May 2012 08:14:15 GMT
From: Volodymyr Kostyrko <c.kworr@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: security/openssh-portable has some drawbacks
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         167554
>Category:       ports
>Synopsis:       security/openssh-portable has some drawbacks
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bdrewery
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 03 08:20:07 UTC 2012
>Closed-Date:    Tue Apr 30 08:14:15 CDT 2013
>Last-Modified:  Tue Apr 30 13:20:01 UTC 2013
>Originator:     Volodymyr Kostyrko
>Release:        RELENG_9
>Organization:
None
>Environment:
FreeBSD green.tandem.local 9.0-STABLE FreeBSD 9.0-STABLE #0: Wed May  2 12:38:36 EEST 2012     arcade@green.tandem.local:/usr/obj/usr/src/sys/MINIMAL  amd64
>Description:
1. etc/rc.d/openssh generates DSA key instead of ECDSA (wrong type of key given to ssh-keygen on line 82).

2. on port Makefile line 100 openssh is hard tailored to MIT Kerberos whereas I'd like to use Heimdal. Commenting that line out works for me and files are correctly linked to Heimdal libs.
>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->bdrewery 
Responsible-Changed-By: bdrewery 
Responsible-Changed-When: Mon Nov 5 10:13:01 CST 2012 
Responsible-Changed-Why:  
take 

http://www.freebsd.org/cgi/query-pr.cgi?pr=167554 
State-Changed-From-To: open->closed 
State-Changed-By: bdrewery 
State-Changed-When: Tue Apr 30 08:14:14 CDT 2013 
State-Changed-Why:  
Both issues now addressed. Heimdal support added in r316929. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=167554 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/167554: commit references a PR
Date: Tue, 30 Apr 2013 13:13:57 +0000 (UTC)

 Author: bdrewery
 Date: Tue Apr 30 13:13:49 2013
 New Revision: 316929
 URL: http://svnweb.freebsd.org/changeset/ports/316929
 
 Log:
   - Add support for base and port Heimdal for Kerberos
   
   PR:		ports/167554
   Requested by:	Volodymyr Kostyrko <c.kworr@gmail.com>
 
 Modified:
   head/security/openssh-portable/Makefile
 
 Modified: head/security/openssh-portable/Makefile
 ==============================================================================
 --- head/security/openssh-portable/Makefile	Tue Apr 30 12:38:52 2013	(r316928)
 +++ head/security/openssh-portable/Makefile	Tue Apr 30 13:13:49 2013	(r316929)
 @@ -39,10 +39,12 @@ ETCOLD=			${PREFIX}/etc
  SUDO?=		# empty
  MAKE_ENV+=	SUDO="${SUDO}"
  
 -OPTIONS_DEFINE=		PAM TCP_WRAPPERS LIBEDIT BSM KERBEROS \
 +OPTIONS_DEFINE=		PAM TCP_WRAPPERS LIBEDIT BSM \
  			KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 \
  			OVERWRITE_BASE SCTP
  OPTIONS_DEFAULT=	LIBEDIT PAM TCP_WRAPPERS
 +OPTIONS_RADIO=		KERBEROS
 +OPTIONS_RADIO_KERBEROS=	MIT HEIMDAL HEIMDAL_BASE
  TCP_WRAPPERS_DESC=	Enable tcp_wrappers support
  BSM_DESC=		Enable OpenBSM Auditing
  KERB_GSSAPI_DESC=	Enable Kerberos/GSSAPI patch (req: GSSAPI)
 @@ -52,6 +54,9 @@ LPK_DESC=		Enable LDAP Public Key (LPK) 
  X509_DESC=		Enable x509 certificate patch
  SCTP_DESC=		Enable SCTP support
  OVERWRITE_BASE_DESC=	OpenSSH overwrite base
 +HEIMDAL_DESC=		Heimdal Kerberos (security/heimdal)
 +HEIMDAL_BASE_DESC=	Heimdal Kerberos (base)
 +MIT_DESC=		MIT Kerberos (security/krb5)
  
  .include <bsd.port.pre.mk>
  
 @@ -101,9 +106,19 @@ CONFIGURE_ARGS+=	--with-libedit
  CONFIGURE_ARGS+=	--with-audit=bsm
  .endif
  
 -.if ${PORT_OPTIONS:MKERBEROS}
 +.if ${PORT_OPTIONS:MMIT} || ${PORT_OPTIONS:MHEIMDAL} || ${PORT_OPTIONS:MHEIMDAL_BASE}
  CONFIGURE_ARGS+=	--with-kerberos5
 +.  if ${PORT_OPTIONS:MMIT}
  LIB_DEPENDS+=		krb5.3:${PORTSDIR}/security/krb5
 +.  elif ${PORT_OPTIONS:MHEIMDAL}
 +LIB_DEPENDS+=		krb5.26:${PORTSDIR}/security/heimdal
 +.  elif ${PORT_OPTIONS:MHEIMDAL_BASE}
 +.	if !exists(/usr/lib/libkrb5.so)
 +IGNORE=		You have selected HEIMDAL_BASE but do not have heimdal installed in base
 +.	else
 +CONFIGURE_LIBS+=	-lgssapi_krb5
 +.	endif
 +.  endif
  .if ${PORT_OPTIONS:MKERB_GSSAPI}
  PATCH_SITES+=		http://www.sxw.org.uk/computing/patches/:gsskex
  PATCHFILES+=		openssh-5.7p1-gsskex-all-20110125.patch:gsskex
 _______________________________________________
 svn-ports-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-ports-all
 To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
 
>Unformatted:
