From nobody Tue Dec 26 20:51:24 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T06Pm5kpMz55Vyg; Tue, 26 Dec 2023 20:51:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4T06Pm5G03z3TkC; Tue, 26 Dec 2023 20:51:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1703623884; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pNg7Fi0B74MB//QPdKwzbxhrh1ufeDJ3/IBRVwhlqqg=; b=RX1OjHqwwu0kknH9jzXEKDm6xx/wztVwzK8Uc/mXCTnsweeyEpMCS6byr1XcXFsxKywVSz R+N7OTHOHwx69+VQ2G+Xhm4YS41VFTyyRri0E+gEelg0zVVianvvU9LZlfwmK0HRxKYU7j DzOPzmwQI/0yuAuc5P0bBn3kqK36ICUBPrD7lVdoXUwNdAEN5GuX4/UQa7nUxeK7ipx3Ms YUXjU9dnBsIjCuiQfZ5TwbLRKjw5sWVRCyjW0fHEvPk49mTvEDGj86H8kZvyiUPENgXlfg FOM4ZbgvusPfDFjN9lXwBTjf/2eZ1m92F1kTi0iY10bMvds1W8JyYIeAoKphOg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1703623884; a=rsa-sha256; cv=none; b=kkHezvVKFZbZ9w/gp3e1NhbF0uh7c1MVKHJs8Cl5ZMfSNSWWMQzZfAWRFEgCq/HRC4R31J 7ijeiQ81MnnC8DQlyoKRYrrlrXozS3qKf7JVlDUy+WHcG3Auv5qw5fx/RO/HAo0KUVtV5n rEi4PGpeRE/gQMF3EItq9Y9hzzCy/0ngUz10MFE43fx4QPgj8Ur7rewjhCJyIY1lbTZad9 9QJ+L8zkkd2mDeo95lPXHXhDcToGG/c2u6nWyAFmusTlJwBhK69/xz9D/hIyCPBAeFww/y tEjNh1KmJy+GWcD/e0rIGimsCrd6ty7l5lwjx3xpqm7HPDz2VqPKKUihczh+/g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1703623884; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pNg7Fi0B74MB//QPdKwzbxhrh1ufeDJ3/IBRVwhlqqg=; b=D8YnYvNbYwcrA+Ovrj81AIPTUDyNZVySiBQVUBI1D71VL02hoohGCDUap9NFI9KqQ84cCB fwCBKw6aguA04c4Va5EVVTDPH6pIqgnVZGYt5MrGTPjEB2ppJv1FwG4d96PWPKCxzKj0g9 8zslZ5NCz7RBRL23W+W1moZJHoj1NXESFbR9M+YcjxRxmbETyANb7bRuxxBygzZ958CSsr k4+p9KPcOYWD5q10jIIkzsVPB0SQmKfMn6k6AiSuWymBaiYtEytnyXB+/Uj6QNi/0CEW3x d9JZU6LLzR8md/Eygrx5+MlubelHW11CBTJZUYMxuCjA4I5yKktjEf9JY3KpAg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T06Pm4JPZz19Mg; Tue, 26 Dec 2023 20:51:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3BQKpO1m096156; Tue, 26 Dec 2023 20:51:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3BQKpOmO096153; Tue, 26 Dec 2023 20:51:24 GMT (envelope-from git) Date: Tue, 26 Dec 2023 20:51:24 GMT Message-Id: <202312262051.3BQKpOmO096153@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Gordon Tetlow Subject: git: 277b9fe50d9e - main - security/openssh-portable: Update to 9.6p1 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 277b9fe50d9e7f7b21eb2f3b052f8ea22a3d77d2 Auto-Submitted: auto-generated The branch main has been updated by gordon: URL: https://cgit.FreeBSD.org/ports/commit/?id=277b9fe50d9e7f7b21eb2f3b052f8ea22a3d77d2 commit 277b9fe50d9e7f7b21eb2f3b052f8ea22a3d77d2 Author: Gordon Tetlow AuthorDate: 2023-12-26 20:49:13 +0000 Commit: Gordon Tetlow CommitDate: 2023-12-26 20:49:13 +0000 security/openssh-portable: Update to 9.6p1 Approved by: bdrewery Differential Revision: https://reviews.freebsd.org/D43132 --- security/openssh-portable/Makefile | 7 +++---- security/openssh-portable/distinfo | 8 +++----- .../openssh-portable/files/extra-patch-hpn-compat | 16 +++++++-------- security/openssh-portable/files/patch-ssh-agent.c | 24 +++++++++++----------- security/openssh-portable/files/patch-ssh_config | 17 --------------- 5 files changed, 26 insertions(+), 46 deletions(-) diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 064b00ab8cb3..2991ee04084c 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -1,6 +1,6 @@ PORTNAME= openssh -DISTVERSION= 9.3p2 -PORTREVISION= 2 +DISTVERSION= 9.6p1 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= OPENBSD/OpenSSH/portable @@ -23,8 +23,7 @@ GNU_CONFIGURE= yes CONFIGURE_ARGS= --prefix=${PREFIX} \ --without-zlib-version-check \ --with-ssl-engine \ - --with-mantype=man \ - --with-Werror + --with-mantype=man ETCOLD= ${PREFIX}/etc diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index 244080affd21..8f546e9ce2c5 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,5 +1,3 @@ -TIMESTAMP = 1695396338 -SHA256 (openssh-9.3p2.tar.gz) = 200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8 -SIZE (openssh-9.3p2.tar.gz) = 1835850 -SHA256 (openssh-9.4p1-gsskex-all-debian-rh-9.4p1.patch) = 9492c1db4307aa3fe6e12d77fff01376bf275af2980ae55b926a505aae9e9b14 -SIZE (openssh-9.4p1-gsskex-all-debian-rh-9.4p1.patch) = 131674 +TIMESTAMP = 1703034264 +SHA256 (openssh-9.6p1.tar.gz) = 910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c +SIZE (openssh-9.6p1.tar.gz) = 1857862 diff --git a/security/openssh-portable/files/extra-patch-hpn-compat b/security/openssh-portable/files/extra-patch-hpn-compat index 6f6a0e1aa358..b3a5e0973609 100644 --- a/security/openssh-portable/files/extra-patch-hpn-compat +++ b/security/openssh-portable/files/extra-patch-hpn-compat @@ -16,12 +16,12 @@ r294563 was incomplete; re-add the client-side options as well. ------------------------------------------------------------------------ ---- readconf.c.orig 2023-02-03 11:17:45.506822000 -0800 -+++ readconf.c 2023-02-03 11:30:14.894959000 -0800 -@@ -323,6 +323,12 @@ static struct { - { "knownhostscommand", oKnownHostsCommand }, - { "requiredrsasize", oRequiredRSASize }, +--- readconf.c.orig 2023-12-19 17:09:41.366788000 -0800 ++++ readconf.c 2023-12-19 17:10:24.155247000 -0800 +@@ -329,6 +329,12 @@ { "enableescapecommandline", oEnableEscapeCommandline }, + { "obscurekeystroketiming", oObscureKeystrokeTiming }, + { "channeltimeout", oChannelTimeout }, + { "hpndisabled", oDeprecated }, + { "hpnbuffersize", oDeprecated }, + { "tcprcvbufpoll", oDeprecated }, @@ -31,9 +31,9 @@ r294563 was incomplete; re-add the client-side options as well. { NULL, oBadOption } }; ---- servconf.c.orig 2023-02-02 04:21:54.000000000 -0800 -+++ servconf.c 2023-02-03 11:31:00.387624000 -0800 -@@ -695,6 +695,10 @@ static struct { +--- servconf.c.orig 2023-12-19 17:11:52.320491000 -0800 ++++ servconf.c 2023-12-19 17:12:43.950318000 -0800 +@@ -693,6 +693,10 @@ { "requiredrsasize", sRequiredRSASize, SSHCFG_ALL }, { "channeltimeout", sChannelTimeout, SSHCFG_ALL }, { "unusedconnectiontimeout", sUnusedConnectionTimeout, SSHCFG_ALL }, diff --git a/security/openssh-portable/files/patch-ssh-agent.c b/security/openssh-portable/files/patch-ssh-agent.c index 9fc1abc0dfab..cd85012d883f 100644 --- a/security/openssh-portable/files/patch-ssh-agent.c +++ b/security/openssh-portable/files/patch-ssh-agent.c @@ -8,9 +8,9 @@ r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines Add a -x option that causes ssh-agent(1) to exit when all clients have disconnected. ---- ssh-agent.c.orig 2023-02-02 04:21:54.000000000 -0800 -+++ ssh-agent.c 2023-02-03 10:55:34.277561000 -0800 -@@ -188,11 +188,28 @@ static int restrict_websafe = 1; +--- ssh-agent.c.orig 2023-12-18 06:59:50.000000000 -0800 ++++ ssh-agent.c 2023-12-19 17:16:22.128981000 -0800 +@@ -196,11 +196,28 @@ /* Refuse signing of non-SSH messages for web-origin FIDO keys */ static int restrict_websafe = 1; @@ -39,7 +39,7 @@ disconnected. close(e->fd); sshbuf_free(e->input); sshbuf_free(e->output); -@@ -205,6 +222,8 @@ close_socket(SocketEntry *e) +@@ -213,6 +230,8 @@ memset(e, '\0', sizeof(*e)); e->fd = -1; e->type = AUTH_UNUSED; @@ -48,7 +48,7 @@ disconnected. } static void -@@ -1698,6 +1717,10 @@ new_socket(sock_type type, int fd) +@@ -1893,6 +1912,10 @@ debug_f("type = %s", type == AUTH_CONNECTION ? "CONNECTION" : (type == AUTH_SOCKET ? "SOCKET" : "UNKNOWN")); @@ -59,7 +59,7 @@ disconnected. set_nonblock(fd); if (fd > max_fd) -@@ -1990,7 +2013,7 @@ usage(void) +@@ -2184,7 +2207,7 @@ usage(void) { fprintf(stderr, @@ -68,15 +68,15 @@ disconnected. " [-O option] [-P allowed_providers] [-t life]\n" " ssh-agent [-a bind_address] [-E fingerprint_hash] [-O option]\n" " [-P allowed_providers] [-t life] command [arg ...]\n" -@@ -2024,6 +2047,7 @@ main(int ac, char **av) +@@ -2218,6 +2241,7 @@ /* drop */ - setegid(getgid()); - setgid(getgid()); -+ setuid(geteuid()); + (void)setegid(getgid()); + (void)setgid(getgid()); ++ (void)setuid(geteuid()); platform_disable_tracing(0); /* strict=no */ -@@ -2035,7 +2059,7 @@ main(int ac, char **av) +@@ -2229,7 +2253,7 @@ __progname = ssh_get_progname(av[0]); seed_rng(); @@ -85,7 +85,7 @@ disconnected. switch (ch) { case 'E': fingerprint_hash = ssh_digest_alg_by_name(optarg); -@@ -2084,6 +2108,9 @@ main(int ac, char **av) +@@ -2280,6 +2304,9 @@ fprintf(stderr, "Invalid lifetime\n"); usage(); } diff --git a/security/openssh-portable/files/patch-ssh_config b/security/openssh-portable/files/patch-ssh_config deleted file mode 100644 index efad15f126fd..000000000000 --- a/security/openssh-portable/files/patch-ssh_config +++ /dev/null @@ -1,17 +0,0 @@ ---- UTC -r100678 | fanf | 2002-07-25 10:59:40 -0500 (Thu, 25 Jul 2002) | 5 lines - -Document the FreeBSD default for CheckHostIP, which was changed in -rev 1.2 of readconf.c. - ---- ssh_config.orig 2010-01-12 01:40:27.000000000 -0700 -+++ ssh_config 2010-09-14 16:14:13.000000000 -0600 -@@ -27,7 +27,7 @@ - # GSSAPIAuthentication no - # GSSAPIDelegateCredentials no - # BatchMode no --# CheckHostIP yes -+# CheckHostIP no - # AddressFamily any - # ConnectTimeout 0 - # StrictHostKeyChecking ask