Page MenuHomeFreeBSD

security/openssh-portable: Regenerate broken patch and fix ssh SSHFP support for non-canonical hostnames

Authored by leres on Apr 12 2018, 8:33 PM.



Proposed commit message:

The block of code that canonicallizes the hostname supplied on
the command line added by patch-ssh.c misapplies to 7.7p1 and
moves from main() to to ssh_session2(). This breaks ssh SSHFP
support for non-canonical hostnames. For example, "ssh zinc"
correctly discovers the FQDN ( and uses it to
look up A and AAAA records but the non-canonical version (zinc)
is used in the SSHFP record lookup which or course fails.

Regenerate the patch.

Reviewed by: ? (mentor)
Approved by: bdrewery, ? (mentor)
Differential Revision: ?

Diff Detail

rP FreeBSD ports repository
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

leres created this revision.Apr 12 2018, 8:33 PM

Looks good but could you add the header back in from the des commit please? It lets me know I took it from the base patches. Anything above the --- ssh.c.orig line is ignored.

bdrewery requested changes to this revision.Apr 12 2018, 8:34 PM

Also you need to bump PORTREVISION too

This revision now requires changes to proceed.Apr 12 2018, 8:34 PM
leres updated this revision to Diff 41417.Apr 12 2018, 8:45 PM

Restore comment/header to patch-ssh.c and Bump PORTREVISION (oops).

bdrewery accepted this revision.Apr 12 2018, 8:48 PM

Thank you!
Approved by me but I think you'll need mentor approval still.

This revision is now accepted and ready to land.Apr 12 2018, 8:48 PM

Also "reviewed" by me.

ler accepted this revision.Apr 12 2018, 9:07 PM


This revision was automatically updated to reflect the committed changes.