From b1afedfdf617af7a72534bc0eeeb54c3df5b4e09 Mon Sep 17 00:00:00 2001 From: Maxim Khon Date: Tue, 19 Aug 2025 08:37:19 +0000 Subject: [PATCH] security/openssh-portable: Use SSH_TUN_COMPAT_AF to fix ssh tun device forwarding interoperability with other OSes. See also: https://github.com/openssh/openssh-portable/pull/588 --- security/openssh-portable/Makefile | 2 +- security/openssh-portable/files/patch-ssh_tun | 23 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 security/openssh-portable/files/patch-ssh_tun diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 87e3d95826fdf..842355156ecdf 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -1,6 +1,6 @@ PORTNAME= openssh DISTVERSION= 10.0p1 -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= OPENBSD/OpenSSH/portable diff --git a/security/openssh-portable/files/patch-ssh_tun b/security/openssh-portable/files/patch-ssh_tun new file mode 100644 index 0000000000000..eaf9db9e8de29 --- /dev/null +++ b/security/openssh-portable/files/patch-ssh_tun @@ -0,0 +1,23 @@ +commit 57e76d9b31fd5a5c08e20fd128b09d01e4980274 +Author: Maxim Khon +Date: Mon Aug 18 12:05:42 2025 +0000 + + Use SSH_TUN_COMPAT_AF on FreeBSD. Otherwise tun forwarding from other OSes + fails as soon as the first IPv6 message is sent by the other side + (which is usually a Router Solicitation ICMPv6 message which is sent as soon + as the interface is up): all other OS'es use SSH_TUN_COMPAT_AF or SSH_TUN_PREPEND_AF + which effectively uses OpenBSD AF_INET/AF_INET6 values. + +diff --git a/configure.ac b/configure.ac +index 460ebd3b4..d274d1ab0 100644 +--- configure.ac.orig ++++ configure.ac +@@ -1092,6 +1092,8 @@ mips-sony-bsd|mips-sony-newsos4) + *-*-freebsd*) + AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) + AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) ++ AC_DEFINE([SSH_TUN_COMPAT_AF], [1], ++ [Use tunnel device compatibility to OpenBSD]) + AC_CHECK_HEADER([net/if_tap.h], , + AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) + AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need])