From wollman@hergotha.lcs.mit.edu  Sun Jan 27 17:19:11 2002
Return-Path: <wollman@hergotha.lcs.mit.edu>
Received: from hergotha.lcs.mit.edu (hergotha.lcs.mit.edu [18.23.11.98])
	by hub.freebsd.org (Postfix) with ESMTP id 8A4FC37B402
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 27 Jan 2002 17:19:10 -0800 (PST)
Received: (from wollman@localhost)
	by hergotha.lcs.mit.edu (8.11.6/8.11.6) id g0S1J9a58814;
	Sun, 27 Jan 2002 20:19:09 -0500 (EST)
	(envelope-from wollman)
Message-Id: <200201280119.g0S1J9a58814@hergotha.lcs.mit.edu>
Date: Sun, 27 Jan 2002 20:19:09 -0500 (EST)
From: Garrett Wollman <wollman@hergotha.lcs.mit.edu>
Reply-To: Garrett Wollman <wollman@hergotha.lcs.mit.edu>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: openssh-portable does not support modern Kerberos
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         34363
>Category:       ports
>Synopsis:       openssh-portable does not support modern Kerberos
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    dinoex
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 27 17:20:01 PST 2002
>Closed-Date:    Sun Feb 17 07:13:58 PST 2002
>Last-Modified:  Sun Feb 17 07:14:50 PST 2002
>Originator:     Garrett Wollman
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
MIT Laboratory for Computer Science
>Environment:
System: FreeBSD hergotha.lcs.mit.edu 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Sat Jan 26 16:37:15 EST 2002 wollman@hergotha.lcs.mit.edu:/usr/src/sys/i386/compile/HERGOTHA i386


/usr/ports/security/openssh-portable/Makefile:
     $FreeBSD: ports/security/openssh-portable/Makefile,v 1.18 2002/01/05 11:37:49 dinoex Exp $

(Assuming the patch in my previous PR is already installed.)

>Description:
	OpenSSH supports Kerberos v5 authentication, but this is not
	enabled in the portable version.  A patch is available to
	correct this deficiency for those wishing to use this port
	with Kerberos.  In addition, a patch is also available from
	Simon Wilkinson to implement the GSS-API key-exchange
	mechanism for SSHv2, which is currently being standardized.
	Use of this mechanism with Kerberos v5 obviates the need for
	manual management of host keys, a considerable improvement for
	large Kerberos sites.

>How-To-Repeat:
	N/A

>Fix:

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/openssh-portable/Makefile,v
retrieving revision 1.18
diff -u -r1.18 Makefile
--- Makefile	5 Jan 2002 11:37:49 -0000	1.18
+++ Makefile	28 Jan 2002 01:05:52 -0000
@@ -21,7 +21,8 @@
 
 CRYPTOLIBS=	-L${OPENSSLLIB} -lcrypto
 USE_OPENSSL=	YES
-GNU_CONFIGURE=	yes
+GNU_CONFIGURE=	YES
+
 CONFIGURE_ARGS?=	--prefix=${PREFIX} --with-md5-passwords
 CLEAN=		etc/ssh_config etc/sshd_config etc/moduli \
 		etc/ssh_host_key etc/ssh_host_key.pub \
@@ -34,6 +35,25 @@
 
 .if exists(/usr/include/tcpd.h)
 CONFIGURE_ARGS+=	--with-tcp-wrappers
+.endif
+
+.if defined(KRB5_HOME)
+MASTER_SITES+=	http://www.sxw.org.uk/computing/patches/
+PATCH_SITES+=	${MASTER_SITES}
+EXTRACT_ONLY=	${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX}
+DISTFILES=	${EXTRACT_ONLY} ${PORTNAME}-${PORTVERSION}-gssapi.patch
+PATCHFILES=	${PORTNAME}-${PORTVERSION}-krb5.patch
+
+CONFIGURE_ARGS+=	--with-kerberos5=${KRB5_HOME}
+BUILD_DEPENDS+=		autoconf:${PORTSDIR}/devel/autoconf
+
+post-patch:
+	@${ECHO} Applying extra patch for GSS-API key-exchange...
+	@${PATCH} ${PATCH_DIST_ARGS:S/-p0/-p1/} \
+		< ${DISTDIR}/${PORTNAME}-${PORTVERSION}-gssapi.patch
+
+pre-configure:
+	@cd ${WRKSRC}; autoconf && autoheader
 .endif
 
 .if defined(OPENSSH_OVERWRITE_BASE)
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/security/openssh-portable/distinfo,v
retrieving revision 1.6
diff -u -r1.6 distinfo
--- distinfo	2 Dec 2001 06:52:42 -0000	1.6
+++ distinfo	28 Jan 2002 01:06:41 -0000
@@ -1 +1,3 @@
 MD5 (openssh-3.0.2p1.tar.gz) = 2fa62bf878862cb47a7515c35afe35b6
+MD5 (openssh-3.0.2p1-gssapi.patch) = 66ce171ac4b09603c7069cea198d2090
+MD5 (openssh-3.0.2p1-krb5.patch) = c6fe5622607b3137fa22741897cbd5db



>Release-Note:
>Audit-Trail:

From: Will Andrews <will@csociety.org>
To: Garrett Wollman <wollman@hergotha.lcs.mit.edu>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: ports/34363: openssh-portable does not support modern Kerberos
Date: Sun, 27 Jan 2002 20:23:11 -0500

 On Sun, Jan 27, 2002 at 08:19:09PM -0500, Garrett Wollman wrote:
 > -GNU_CONFIGURE=	yes
 > +GNU_CONFIGURE=	YES
 > +
 
 style bug.
 
 > +BUILD_DEPENDS+=		autoconf:${PORTSDIR}/devel/autoconf
 
 style bug.  use USE_AUTOCONF_VER with an appropriate value.
 
 > +	@cd ${WRKSRC}; autoconf && autoheader
 
 style bug.  use ${AUTOCONF} and ${AUTOHEADER}.
 
 -- 
 wca
Responsible-Changed-From-To: freebsd-ports->dinoex 
Responsible-Changed-By: pat 
Responsible-Changed-When: Sun Jan 27 17:42:13 PST 2002 
Responsible-Changed-Why:  
Over to maintainer 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=34363 

From: dirk.meyer@dinoex.sub.org (Dirk Meyer)
To: FreeBSD-gnats-submit@FreeBSD.ORG
Cc:  
Subject: Re: ports/34363: openssh-portable does not support modern
	Kerberos
Date: Mon, 28 Jan 2002 09:19:29 +0100

 ===>  Configuring for openssh-portable-3.0.2p1
 autoconf: configure.in: No such file or directory
 
 pleases revise your patches, they apppy cleanly,
 but there in no configure.in, only configure.ac
 
 I tested:
 
 .if defined(KRB5_HOME)
 MASTER_SITES+= ${PATCH_SITES}
 DISTFILES=     ${EXTRACT_ONLY} ${PORTNAME}-${PORTVERSION}-gssapi.patch
 EXTRACT_ONLY=  ${PORTNAME}-${PORTVERSION}${EXTRACT_SUFX}
 PATCH_SITES=   http://www.sxw.org.uk/computing/patches/
 PATCHFILES=    ${PORTNAME}-${PORTVERSION}-krb5.patch
 USE_AUTOCONF_VER=      213
 CONFIGURE_ARGS+=       --with-kerberos5=${KRB5_HOME}
 
 post-patch:
        @${ECHO} Applying extra patch for GSS-API key-exchange...
        @${PATCH} ${PATCH_DIST_ARGS:S/-p0/-p1/} \
                < ${DISTDIR}/${PORTNAME}-${PORTVERSION}-gssapi.patch
  
 pre-configure:
        @cd ${WRKSRC} && ${AUTOCONF} && ${AUTOHEADER}
 .endif
 
 kind regards Dirk
 
 - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany

From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To: Will Andrews <will@csociety.org>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: ports/34363: openssh-portable does not support modern Kerberos
Date: Mon, 28 Jan 2002 14:16:32 -0500 (EST)

 <<On Sun, 27 Jan 2002 20:23:11 -0500, Will Andrews <will@csociety.org> said:
 
 >> +BUILD_DEPENDS+=		autoconf:${PORTSDIR}/devel/autoconf
 
 > style bug.  use USE_AUTOCONF_VER with an appropriate value.
 
 You'll have to implement that first.
 
 Quoting bsd.port.mk:
 
 # USE_AUTOCONF_VER      - Says that the port uses autoconf. Possible
 #                               values: 213;
 
 This configure script requires 2.52.
 
 >> +	@cd ${WRKSRC}; autoconf && autoheader
 
 > style bug.  use ${AUTOCONF} and ${AUTOHEADER}.
 
 Ditto.
 
 -GAWollman
 
State-Changed-From-To: open->feedback 
State-Changed-By: dinoex 
State-Changed-When: Mon Feb 4 12:09:26 PST 2002 
State-Changed-Why:  
# automake 
configure.ac: 6: `automake requires `AM_CONFIG_HEADER', not `AC_CONFIG_HEADER' 
automake: configure.ac: `AM_INIT_AUTOMAKE' must be used 
automake: configure.ac: required file `./missing' not found 
automake: no `Makefile.am' found or specified 

# autoconf213  
autoconf: configure.in: No such file or directory 

# autoheader && autoconf 
[...] 
cc -pipe -W -Wall -Waggregate-return -Wbad-function-cast -Wcast-align -Wcast-qua 
l -Wchar-subscripts -Wcomment -Wconversion -Wformat -Wid-clash-30 -Wimplicit -Wi 
mplicit-function-delcaration -Wimplicit-int -Wlong-long -Wmain -Wmissing-declara 
tions -Wmissing-prototypes -Wnested-externs -Wno-import -Wno-parentheses -Wparen 
theses -Wpointer-arith -Wredundant-decls -Wreturn-type -Wshadow -Wsign-compare - 
Wstrict-prototypes -Wswitch -Wtraditional -Wtrigraphs -Wunused -Wwrite-strings 
-Winline -pedantic -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I. -I./.. 
-I/usr/local/include  -I/usr/local/include -I/usr/local/include/gssapi -DHAVE_CO 
NFIG_H -c bsd-arc4random.c 

In file included from ../config.h:14, 
from ../includes.h:22, 
from bsd-arc4random.c:25: 
../defines.h:158: #error "8 bit int type not found." 
../defines.h:166: #error "16 bit int type not found." 
../defines.h:175: #error "32 bit int type not found." 
../defines.h:191: #error "8 bit int type not found." 
../defines.h:199: #error "16 bit int type not found." 
../defines.h:208: #error "32 bit int type not found." 



http://www.FreeBSD.org/cgi/query-pr.cgi?pr=34363 
State-Changed-From-To: feedback->closed 
State-Changed-By: dinoex 
State-Changed-When: Sun Feb 17 07:13:58 PST 2002 
State-Changed-Why:  
Committed after fixups with autoconf deasaster. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=34363 
>Unformatted:
