diff --git a/security/putty/Makefile b/security/putty/Makefile index 77ec0c8b7e7c..86ede48a8a20 100644 --- a/security/putty/Makefile +++ b/security/putty/Makefile @@ -1,115 +1,117 @@ PORTNAME= putty DISTVERSION= 0.78~pre20220916.e1b73f0 +PORTREVISION= 1 CATEGORIES= security #MASTER_SITES= http://the.earth.li/~sgtatham/putty/${PORTVERSION}/ \ # ftp://ftp.chiark.greenend.org.uk/users/sgtatham/putty-latest/ MASTER_SITES= https://tartarus.org/~simon/putty-prerel-snapshots/ +EXTRA_PATCHES+= ${FILESDIR}/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch +EXTRA_PATCHES+= ${FILESDIR}/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch +EXTRA_PATCHES+= ${FILESDIR}/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch +EXTRA_PATCHES+= ${FILESDIR}/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch +PATCH_STRIP= -p1 MAINTAINER= mandree@FreeBSD.org COMMENT= Secure shell and telnet client including xterm emulator WWW= https://www.chiark.greenend.org.uk/~sgtatham/putty/ # test plan: test ALL 4 GSSAPI_* options, GTK3 yes/no, WITH_DEBUG=yes build. LICENSE= MIT LICENSE_FILE= ${PATCH_WRKSRC}/LICENCE USES= cmake cpe perl5 pkgconfig USE_PERL5= build CONFLICTS_INSTALL?= pssh putty-nogtk -PLIST_FILES= bin/plink \ +PLIST_FILES= bin/pageant \ + bin/plink \ bin/pscp \ bin/psftp \ bin/psusan \ bin/puttygen \ + share/man/man1/pageant.1.gz \ share/man/man1/plink.1.gz \ share/man/man1/pscp.1.gz \ share/man/man1/psftp.1.gz \ share/man/man1/psusan.1.gz \ share/man/man1/puttygen.1.gz OPTIONS_DEFINE= GTK3 -OPTIONS_DEFAULT= GSSAPI_NONE GTK3 +OPTIONS_DEFAULT= GSSAPI_BASE GTK3 OPTIONS_SINGLE= GSSAPI_SELECT -OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_DYNAMIC GSSAPI_NONE -#OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_BASE \ -# GSSAPI_DYNAMIC \ -# GSSAPI_HEIMDAL \ -# GSSAPI_MIT \ -# GSSAPI_NONE +OPTIONS_SINGLE_GSSAPI_SELECT= GSSAPI_BASE \ + GSSAPI_HEIMDAL \ + GSSAPI_MIT \ + GSSAPI_NONE \ + # GSSAPI_DYNAMIC GSSAPI_DYNAMIC_DESC= EXPERIMENTAL dynamic runtime load of GSS libs .include LDFLAGS+= -Wl,--as-needed # XXX FIXME this is simplified on these assumptions: # - we only support GTK3 in FreeBSD # (Putty would support EOL GTK2 and GTK1 as well) # - Putty 0.77 cannot have X11 without the gdk/gdkx.h header i. e. GTK. .if ${PORT_OPTIONS:MGTK3} && !defined(WITHOUT_X11) USES+= xorg USE_XORG= x11 USES+= gnome USE_GNOME= cairo gdkpixbuf2 gtk30 CMAKE_ARGS+= -DPUTTY_GTK_VERSION:STRING=3 -PLIST_FILES+= bin/pageant \ - bin/pterm \ +PLIST_FILES+= bin/pterm \ bin/putty \ - share/man/man1/pageant.1.gz \ share/man/man1/pterm.1.gz \ share/man/man1/putty.1.gz \ share/pixmaps/putty.ico DESKTOP_ENTRIES= "PuTTY" \ "${COMMENT}" \ "${PREFIX}/share/pixmaps/${PORTNAME}.ico" \ "${PORTNAME}" \ "" \ false .else # XXX FIXME HACK ALERT # PUTTY_GTK_VERSION=OFF is not a valid choice, but manages to # skip all version comparisons for GTK in cmake/gtk.cmake: CMAKE_ARGS+= -DPUTTY_GTK_VERSION:STRING=OFF # this is standard stuff: CMAKE_ARGS+= -DCMAKE_DISABLE_FIND_PACKAGE_X11:BOOL=TRUE .endif -.if ${PORT_OPTIONS:MGSSAPI_HEIMDAL} -# does not compile currently -BROKEN= GSSAPI_HEIMDAL does not compile as of putty 0.77 and 0.78~pre20220916.e1b73f0 -USES+= gssapi:heimdal,flags -CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC -.elif ${PORT_OPTIONS:MGSSAPI_BASE} -BROKEN= GSSAPI_BASE does not work as of putty 0.77 and 0.78~pre20220916.e1b73f0 +.if ${PORT_OPTIONS:MGSSAPI_BASE} # Heimdal-like in base system USES+= gssapi:base,flags CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC +.elif ${PORT_OPTIONS:MGSSAPI_HEIMDAL} +USES+= gssapi:heimdal,flags +CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC .elif ${PORT_OPTIONS:MGSSAPI_MIT} -BROKEN= GSSAPI_MIT does not work as of putty 0.77 and 0.78~pre20220916.e1b73f0 USES+= gssapi:mit,flags CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=STATIC .elif ${PORT_OPTIONS:MGSSAPI_DYNAMIC} +BROKEN= GSSAPI_DYNAMIC does not work as of putty 0.78~pre20220916.e1b73f0 CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=DYNAMIC USES+= gssapi:base,flags .else CMAKE_ARGS+= -DPUTTY_GSSAPI:STRING=OFF .endif post-patch: # we don't want to inherit FreeBSD commits # as PUTTY Git commit revisions, # so pretend we do not have Git: ${REINPLACE_CMD} '/FindGit/d' \ ${WRKSRC}/cmake/setup.cmake \ ${WRKSRC}/doc/CMakeLists.txt post-install: .if ${PORT_OPTIONS:MGTK3} @${MKDIR} ${STAGEDIR}${PREFIX}/share/pixmaps ${INSTALL_DATA} ${WRKSRC}/windows/putty.ico \ ${STAGEDIR}${PREFIX}/share/pixmaps/ .endif .include diff --git a/security/putty/files/patch-krb5cfg b/security/putty/files/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch similarity index 84% rename from security/putty/files/patch-krb5cfg rename to security/putty/files/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch index c0e700a9c1a3..afa8f7539a06 100644 --- a/security/putty/files/patch-krb5cfg +++ b/security/putty/files/0001-Unix-GSSAPI-support-krb5-config-as-well-as-pkg-confi.patch @@ -1,95 +1,99 @@ -From 1992df5d7a1ea0636a62facbdb74d32cb4d5b50d Mon Sep 17 00:00:00 2001 +From b0a61849efb3cbf0f1c0fead0f422341a969458c Mon Sep 17 00:00:00 2001 From: Simon Tatham -Date: Wed, 1 Jun 2022 10:48:14 +0100 -Subject: [PATCH] First attempt at supporting krb5-config. +Date: Sat, 17 Sep 2022 07:53:43 +0100 +Subject: [PATCH 1/4] Unix GSSAPI: support krb5-config as well as pkg-config. +On FreeBSD, I'm told, you can't configure Kerberos via pkg-config. So +we need a fallback. Here's some manual code to run krb5-config and +pick apart the result, similar to what I already did with gtk-config +for our (still not dead!) GTK 1 support. --- cmake/platforms/unix.cmake | 63 +++++++++++++++++++++++++++++++++++++- 1 file changed, 62 insertions(+), 1 deletion(-) -diff --git ./cmake/platforms/unix.cmake ./cmake/platforms/unix.cmake +diff --git a/cmake/platforms/unix.cmake b/cmake/platforms/unix.cmake index 291d1e64..95339f22 100644 ---- ./cmake/platforms/unix.cmake~ -+++ ./cmake/platforms/unix.cmake +--- a/cmake/platforms/unix.cmake ++++ b/cmake/platforms/unix.cmake @@ -108,16 +108,77 @@ if(PUTTY_GSSAPI STREQUAL DYNAMIC) endif() if(PUTTY_GSSAPI STREQUAL STATIC) + set(KRB5_CFLAGS) + set(KRB5_LDFLAGS) + + # First try using pkg-config find_package(PkgConfig) pkg_check_modules(KRB5 krb5-gssapi) + + # Failing that, try the dedicated krb5-config + if(NOT KRB5_FOUND) + find_program(KRB5_CONFIG krb5-config) + if(KRB5_CONFIG) + execute_process(COMMAND ${KRB5_CONFIG} --cflags gssapi + OUTPUT_VARIABLE krb5_config_cflags + OUTPUT_STRIP_TRAILING_WHITESPACE + RESULT_VARIABLE krb5_config_cflags_result) + execute_process(COMMAND ${KRB5_CONFIG} --libs gssapi + OUTPUT_VARIABLE krb5_config_libs + OUTPUT_STRIP_TRAILING_WHITESPACE + RESULT_VARIABLE krb5_config_libs_result) + + if(krb5_config_cflags_result EQUAL 0 AND krb5_config_libs_result EQUAL 0) + set(KRB5_INCLUDE_DIRS) + set(KRB5_LIBRARY_DIRS) + set(KRB5_LIBRARIES) + + # We can safely put krb5-config's cflags directly into cmake's + # cflags, without bothering to extract the include directories. + set(KRB5_CFLAGS ${krb5_config_cflags}) + + # But krb5-config --libs isn't so simple. It will actually + # deliver a mix of libraries and other linker options. We have + # to separate them for cmake purposes, because if we pass the + # whole lot to add_link_options then they'll appear too early + # in the command line (so that by the time our own code refers + # to GSSAPI functions it'll be too late to search these + # libraries for them), and if we pass the whole lot to + # link_libraries then it'll get confused about options that + # aren't libraries. + separate_arguments(krb5_config_libs NATIVE_COMMAND + ${krb5_config_libs}) + foreach(opt ${krb5_config_libs}) + string(REGEX MATCH "^-l" ok ${opt}) + if(ok) + list(APPEND KRB5_LIBRARIES ${opt}) + continue() + endif() + string(REGEX MATCH "^-L" ok ${opt}) + if(ok) + string(REGEX REPLACE "^-L" "" optval ${opt}) + list(APPEND KRB5_LIBRARY_DIRS ${optval}) + continue() + endif() + list(APPEND KRB5_LDFLAGS ${opt}) + endforeach() + + message(STATUS "Found Kerberos via krb5-config") + set(KRB5_FOUND YES) + endif() + endif() + endif() + if(KRB5_FOUND) include_directories(${KRB5_INCLUDE_DIRS}) link_directories(${KRB5_LIBRARY_DIRS}) link_libraries(${KRB5_LIBRARIES}) + add_compile_options(${KRB5_CFLAGS}) + add_link_options(${KRB5_LDFLAGS}) set(STATIC_GSSAPI ON) else() message(WARNING - "Could not find krb5 via pkg-config -- \ + "Could not find krb5 via pkg-config or krb5-config -- \ cannot provide static GSSAPI support") set(NO_GSSAPI ON) endif() -- -2.34.1 +2.37.3 diff --git a/security/putty/files/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch b/security/putty/files/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch new file mode 100644 index 000000000000..c0b7ca5792b9 --- /dev/null +++ b/security/putty/files/0002-Unix-static-GSSAPI-fix-an-uninitialised-structure-fi.patch @@ -0,0 +1,29 @@ +From 374107eb1e2ae576c10cdd538f45f18918df8c4b Mon Sep 17 00:00:00 2001 +From: Simon Tatham +Date: Sat, 17 Sep 2022 07:09:29 +0100 +Subject: [PATCH 2/4] Unix static GSSAPI: fix an uninitialised structure field. + +When linking statically against Kerberos, the setup code in +ssh_got_ssh_version() was trying to look up want_id==0 in the list of +one GSSAPI library, but unfortunately, the id field of that record was +not initialised at all, so if it happened to be nonzero nonsense, the +loop wouldn't find a library at all and would fail an assertion. +--- + unix/gss.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/unix/gss.c b/unix/gss.c +index cd9971c7..bd599fcc 100644 +--- a/unix/gss.c ++++ b/unix/gss.c +@@ -140,6 +140,7 @@ struct ssh_gss_liblist *ssh_gss_setup(Conf *conf) + list->libraries = snew(struct ssh_gss_library); + list->nlibraries = 1; + ++ list->libraries[0].id = 0; + list->libraries[0].gsslogmsg = "Using statically linked GSSAPI"; + + #define BIND_GSS_FN(name) \ +-- +2.37.3 + diff --git a/security/putty/files/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch b/security/putty/files/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch new file mode 100644 index 000000000000..a636197aed46 --- /dev/null +++ b/security/putty/files/0003-Unix-GSSAPI-support-static-linking-against-Heimdal.patch @@ -0,0 +1,197 @@ +From 35a87984f67ebc2db3f670cb1431f08991853a5e Mon Sep 17 00:00:00 2001 +From: Simon Tatham +Date: Sat, 17 Sep 2022 07:28:46 +0100 +Subject: [PATCH 3/4] Unix GSSAPI: support static linking against Heimdal. + +Heimdal provides its own definitions of OIDs like GSS_C_NT_USER_NAME +in the form of macros, which conflict with our attempt to redefine +them as variables - the macro gets expanded into the middle of the +variable declaration, leaving the poor C compiler trying to parse a +non-declaration along the lines of + +const_gss_OID (&__gss_c_nt_anonymous_oid_desc) = oids+5; + +Easily fixed by just not redefining these at all if they're already +defined as macros. To make that easier, I've broken up the oids[] +array into individual gss_OID_desc declarations, so I can put each one +inside the appropriate ifdef. + +In the process, I've removed the 'const' from the gss_OID_desc +declarations. That's on purpose! The problem is that not all +implementations of the GSSAPI headers make const_gss_OID a pointer to +a *const* gss_OID_desc; sometimes it's just a plain one and the +'const' prefix is just a comment to the user. So removing that const +prevents compiler warnings (or worse) about address-taking a const +thing and assigning it into a non-const pointer. +--- + ssh/pgssapi.c | 106 ++++++++++++++++++++++++++++++++------------------ + 1 file changed, 68 insertions(+), 38 deletions(-) + +diff --git a/ssh/pgssapi.c b/ssh/pgssapi.c +index 1f54d805..1730444d 100644 +--- a/ssh/pgssapi.c ++++ b/ssh/pgssapi.c +@@ -9,38 +9,63 @@ + + #ifndef NO_LIBDL + +-/* Reserved static storage for GSS_oids. Comments are quotes from RFC 2744. */ +-static const gss_OID_desc oids[] = { ++/* Reserved static storage for GSS_oids. ++ * Constants of the form GSS_C_NT_* are specified by rfc 2744. ++ * Comments are quotes from RFC 2744 itself. ++ * ++ * These may be #defined to complex expressions by the local header ++ * file, if we're including one in static-GSSAPI mode. (For example, ++ * Heimdal defines them to things like ++ * (&__gss_c_nt_user_name_oid_desc).) So we only define them if ++ * needed. */ ++ ++#ifndef GSS_C_NT_USER_NAME ++static gss_OID_desc oid_GSS_C_NT_USER_NAME = { + /* The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ +- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"}, ++ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01", + /* corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant + * GSS_C_NT_USER_NAME should be initialized to point +- * to that gss_OID_desc. ++ * to that gss_OID_desc. */ ++}; ++const_gss_OID GSS_C_NT_USER_NAME = &oid_GSS_C_NT_USER_NAME; ++#endif + +- * The implementation must reserve static storage for a ++#ifndef GSS_C_NT_MACHINE_UID_NAME ++static gss_OID_desc oid_GSS_C_NT_MACHINE_UID_NAME = { ++ /* The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ +- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"}, ++ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02", + /* corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. + * The constant GSS_C_NT_MACHINE_UID_NAME should be +- * initialized to point to that gss_OID_desc. ++ * initialized to point to that gss_OID_desc. */ ++}; ++const_gss_OID GSS_C_NT_MACHINE_UID_NAME = &oid_GSS_C_NT_MACHINE_UID_NAME; ++#endif + +- * The implementation must reserve static storage for a ++#ifndef GSS_C_NT_STRING_UID_NAME ++static gss_OID_desc oid_GSS_C_NT_STRING_UID_NAME = { ++ /* The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ +- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"}, ++ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03", + /* corresponding to an object-identifier value of + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. + * The constant GSS_C_NT_STRING_UID_NAME should be +- * initialized to point to that gss_OID_desc. +- * +- * The implementation must reserve static storage for a ++ * initialized to point to that gss_OID_desc. */ ++}; ++const_gss_OID GSS_C_NT_STRING_UID_NAME = &oid_GSS_C_NT_STRING_UID_NAME; ++#endif ++ ++#ifndef GSS_C_NT_HOSTBASED_SERVICE_X ++static gss_OID_desc oid_GSS_C_NT_HOSTBASED_SERVICE_X = { ++ /* The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ +- {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, ++ 6, "\x2b\x06\x01\x05\x06\x02", + /* corresponding to an object-identifier value of + * {iso(1) org(3) dod(6) internet(1) security(5) + * nametypes(6) gss-host-based-services(2))}. The constant +@@ -52,29 +77,44 @@ static const gss_OID_desc oids[] = { + * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym + * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input + * parameter, but should not be emitted by GSS-API +- * implementations +- * +- * The implementation must reserve static storage for a ++ * implementations */ ++}; ++const_gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &oid_GSS_C_NT_HOSTBASED_SERVICE_X; ++#endif ++ ++#ifndef GSS_C_NT_HOSTBASED_SERVICE ++static gss_OID_desc oid_GSS_C_NT_HOSTBASED_SERVICE = { ++ /* The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ +- {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"}, ++ 10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04", + /* corresponding to an object-identifier value of {iso(1) + * member-body(2) Unites States(840) mit(113554) infosys(1) + * gssapi(2) generic(1) service_name(4)}. The constant + * GSS_C_NT_HOSTBASED_SERVICE should be initialized +- * to point to that gss_OID_desc. +- * +- * The implementation must reserve static storage for a ++ * to point to that gss_OID_desc. */ ++}; ++const_gss_OID GSS_C_NT_HOSTBASED_SERVICE = &oid_GSS_C_NT_HOSTBASED_SERVICE; ++#endif ++ ++#ifndef GSS_C_NT_ANONYMOUS ++static gss_OID_desc oid_GSS_C_NT_ANONYMOUS = { ++ /* The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ +- {6, (void *)"\x2b\x06\01\x05\x06\x03"}, ++ 6, "\x2b\x06\01\x05\x06\x03", + /* corresponding to an object identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 3(gss-anonymous-name)}. The constant + * and GSS_C_NT_ANONYMOUS should be initialized to point +- * to that gss_OID_desc. +- * +- * The implementation must reserve static storage for a ++ * to that gss_OID_desc. */ ++}; ++const_gss_OID GSS_C_NT_ANONYMOUS = &oid_GSS_C_NT_ANONYMOUS; ++#endif ++ ++#ifndef GSS_C_NT_EXPORT_NAME ++static gss_OID_desc oid_GSS_C_NT_EXPORT_NAME = { ++ /* The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ +- {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, ++ 6, "\x2b\x06\x01\x05\x06\x04", + /* corresponding to an object-identifier value of + * {1(iso), 3(org), 6(dod), 1(internet), 5(security), + * 6(nametypes), 4(gss-api-exported-name)}. The constant +@@ -82,23 +122,13 @@ static const gss_OID_desc oids[] = { + * to that gss_OID_desc. + */ + }; +- +-/* Here are the constants which point to the static structure above. +- * +- * Constants of the form GSS_C_NT_* are specified by rfc 2744. +- */ +-const_gss_OID GSS_C_NT_USER_NAME = oids+0; +-const_gss_OID GSS_C_NT_MACHINE_UID_NAME = oids+1; +-const_gss_OID GSS_C_NT_STRING_UID_NAME = oids+2; +-const_gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = oids+3; +-const_gss_OID GSS_C_NT_HOSTBASED_SERVICE = oids+4; +-const_gss_OID GSS_C_NT_ANONYMOUS = oids+5; +-const_gss_OID GSS_C_NT_EXPORT_NAME = oids+6; ++const_gss_OID GSS_C_NT_EXPORT_NAME = &oid_GSS_C_NT_EXPORT_NAME; ++#endif + + #endif /* NO_LIBDL */ + + static gss_OID_desc gss_mech_krb5_desc = +-{ 9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; ++{ 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; + /* iso(1) member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) krb5(2)*/ + const gss_OID GSS_MECH_KRB5 = &gss_mech_krb5_desc; + +-- +2.37.3 + diff --git a/security/putty/files/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch b/security/putty/files/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch new file mode 100644 index 000000000000..a58bbd185458 --- /dev/null +++ b/security/putty/files/0004-GSSAPI-fix-don-t-pass-GSS_C_NO_NAME-to-inquire_cred_.patch @@ -0,0 +1,36 @@ +From a95e38e9b18ce69b542a9a8c0f18ea8f4c7abb3a Mon Sep 17 00:00:00 2001 +From: Simon Tatham +Date: Sat, 17 Sep 2022 07:50:55 +0100 +Subject: [PATCH 4/4] GSSAPI fix: don't pass GSS_C_NO_NAME to + inquire_cred_by_mech. + +This was pointed out by another compiler warning. The 'name' parameter +of inquire_cred_by_mech is not a gss_name_t (which is the type of +GSS_C_NO_NAME); it's a gss_name_t *, because it's an _output_ +parameter. We're not telling the library that we aren't _passing_ a +name: we're telling it that we don't need it to _return_ us a name. So +the appropriate null pointer representation is just NULL. + +(This was harmless apart from a compiler warning, because gss_name_t +is a pointer type in turn and GSS_C_NO_NAME expands to a null pointer +anyway. It was just a wrongly-typed null pointer.) +--- + ssh/gssc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssh/gssc.c b/ssh/gssc.c +index 0224afe2..d10caf8b 100644 +--- a/ssh/gssc.c ++++ b/ssh/gssc.c +@@ -75,7 +75,7 @@ static Ssh_gss_stat ssh_gssapi_acquire_cred(struct ssh_gss_library *lib, + gssctx->maj_stat = + gss->inquire_cred_by_mech(&gssctx->min_stat, cred, + (gss_OID) GSS_MECH_KRB5, +- GSS_C_NO_NAME, ++ NULL, + &time_rec, + NULL, + NULL); +-- +2.37.3 + diff --git a/security/putty/files/patch-unix_network.c b/security/putty/files/patch-network.c similarity index 86% copy from security/putty/files/patch-unix_network.c copy to security/putty/files/patch-network.c index 19e87ca62c99..61a5b64dc8ab 100644 --- a/security/putty/files/patch-unix_network.c +++ b/security/putty/files/patch-network.c @@ -1,16 +1,16 @@ ---- unix/network.c.orig 2022-05-24 16:56:28 UTC +--- unix/network.c.orig 2022-09-15 23:42:29 UTC +++ unix/network.c @@ -11,8 +11,13 @@ #include #include #include +#ifdef __FreeBSD__ +#include #include +#else +#include #include +#endif #include #include #include diff --git a/security/putty/files/patch-unix_pageant.c b/security/putty/files/patch-pageant.c similarity index 90% copy from security/putty/files/patch-unix_pageant.c copy to security/putty/files/patch-pageant.c index acfcf94966be..e1361c40a7bb 100644 --- a/security/putty/files/patch-unix_pageant.c +++ b/security/putty/files/patch-pageant.c @@ -1,11 +1,11 @@ ---- unix/pageant.c.orig 2022-05-24 16:56:28 UTC +--- unix/pageant.c.orig 2022-09-15 23:42:29 UTC +++ unix/pageant.c @@ -330,7 +330,7 @@ void pageant_fork_and_print_env(bool retain_tty) /* Get out of our previous process group, to avoid being * blasted by passing signals. But keep our controlling tty, * so we can keep checking to see if we still have one. */ - setpgrp(); + setpgrp(0,0); } else { /* Do that, but also leave our entire session and detach from * the controlling tty (if any). */ diff --git a/security/putty/files/patch-ssh_gssc.c b/security/putty/files/patch-ssh_gssc.c index 91db8b14c57e..1ab63d482f5d 100644 --- a/security/putty/files/patch-ssh_gssc.c +++ b/security/putty/files/patch-ssh_gssc.c @@ -1,11 +1,11 @@ ---- ssh/gssc.c.orig 2022-05-24 16:56:27 UTC +--- ./ssh/gssc.c.orig 2022-05-24 16:56:27 UTC +++ ssh/gssc.c @@ -75,7 +75,7 @@ static Ssh_gss_stat ssh_gssapi_acquire_cred(struct ssh gssctx->maj_stat = gss->inquire_cred_by_mech(&gssctx->min_stat, cred, (gss_OID) GSS_MECH_KRB5, - GSS_C_NO_NAME, + NULL, &time_rec, NULL, NULL); diff --git a/security/putty/files/patch-unix_network.c b/security/putty/files/patch-unix_network.c index 19e87ca62c99..7557695903f5 100644 --- a/security/putty/files/patch-unix_network.c +++ b/security/putty/files/patch-unix_network.c @@ -1,16 +1,16 @@ ---- unix/network.c.orig 2022-05-24 16:56:28 UTC -+++ unix/network.c +--- ./unix/network.c.orig 2022-05-24 16:56:28 UTC ++++ ./unix/network.c @@ -11,8 +11,13 @@ #include #include #include +#ifdef __FreeBSD__ +#include #include +#else +#include #include +#endif #include #include #include diff --git a/security/putty/files/patch-unix_pageant.c b/security/putty/files/patch-unix_pageant.c index acfcf94966be..fbd68b9aba82 100644 --- a/security/putty/files/patch-unix_pageant.c +++ b/security/putty/files/patch-unix_pageant.c @@ -1,11 +1,11 @@ ---- unix/pageant.c.orig 2022-05-24 16:56:28 UTC -+++ unix/pageant.c +--- ./unix/pageant.c.orig 2022-05-24 16:56:28 UTC ++++ ./unix/pageant.c @@ -330,7 +330,7 @@ void pageant_fork_and_print_env(bool retain_tty) /* Get out of our previous process group, to avoid being * blasted by passing signals. But keep our controlling tty, * so we can keep checking to see if we still have one. */ - setpgrp(); + setpgrp(0,0); } else { /* Do that, but also leave our entire session and detach from * the controlling tty (if any). */