Page MenuHomeFreeBSD

security/openssh-portable: Regenerate broken patch and fix ssh SSHFP support for non-canonical hostnames
ClosedPublic

Authored by leres on Apr 12 2018, 8:33 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Dec 9, 2:28 PM
Unknown Object (File)
Sat, Dec 7, 4:41 PM
Unknown Object (File)
Nov 25 2024, 2:56 AM
Unknown Object (File)
Nov 23 2024, 7:08 PM
Unknown Object (File)
Nov 23 2024, 5:37 PM
Unknown Object (File)
Nov 23 2024, 6:36 AM
Unknown Object (File)
Nov 22 2024, 2:49 PM
Unknown Object (File)
Nov 20 2024, 11:49 AM
Subscribers

Details

Summary

Proposed commit message:

The block of code that canonicallizes the hostname supplied on
the command line added by patch-ssh.c misapplies to 7.7p1 and
moves from main() to to ssh_session2(). This breaks ssh SSHFP
support for non-canonical hostnames. For example, "ssh zinc"
correctly discovers the FQDN (zinc.ee.lbl.gov) and uses it to
look up A and AAAA records but the non-canonical version (zinc)
is used in the SSHFP record lookup which or course fails.

Regenerate the patch.

Reviewed by: ? (mentor)
Approved by: bdrewery, ? (mentor)
Differential Revision: ?

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Looks good but could you add the header back in from the des commit please? It lets me know I took it from the base patches. Anything above the --- ssh.c.orig line is ignored.

Also you need to bump PORTREVISION too

This revision now requires changes to proceed.Apr 12 2018, 8:34 PM

Restore comment/header to patch-ssh.c and Bump PORTREVISION (oops).

Thank you!
Approved by me but I think you'll need mentor approval still.

This revision is now accepted and ready to land.Apr 12 2018, 8:48 PM
This revision was automatically updated to reflect the committed changes.