From nobody Tue Dec 26 20:51:24 2023
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T06Pm5kpMz55Vyg;
	Tue, 26 Dec 2023 20:51:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4T06Pm5G03z3TkC;
	Tue, 26 Dec 2023 20:51:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1703623884;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=pNg7Fi0B74MB//QPdKwzbxhrh1ufeDJ3/IBRVwhlqqg=;
	b=RX1OjHqwwu0kknH9jzXEKDm6xx/wztVwzK8Uc/mXCTnsweeyEpMCS6byr1XcXFsxKywVSz
	R+N7OTHOHwx69+VQ2G+Xhm4YS41VFTyyRri0E+gEelg0zVVianvvU9LZlfwmK0HRxKYU7j
	DzOPzmwQI/0yuAuc5P0bBn3kqK36ICUBPrD7lVdoXUwNdAEN5GuX4/UQa7nUxeK7ipx3Ms
	YUXjU9dnBsIjCuiQfZ5TwbLRKjw5sWVRCyjW0fHEvPk49mTvEDGj86H8kZvyiUPENgXlfg
	FOM4ZbgvusPfDFjN9lXwBTjf/2eZ1m92F1kTi0iY10bMvds1W8JyYIeAoKphOg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1703623884; a=rsa-sha256; cv=none;
	b=kkHezvVKFZbZ9w/gp3e1NhbF0uh7c1MVKHJs8Cl5ZMfSNSWWMQzZfAWRFEgCq/HRC4R31J
	7ijeiQ81MnnC8DQlyoKRYrrlrXozS3qKf7JVlDUy+WHcG3Auv5qw5fx/RO/HAo0KUVtV5n
	rEi4PGpeRE/gQMF3EItq9Y9hzzCy/0ngUz10MFE43fx4QPgj8Ur7rewjhCJyIY1lbTZad9
	9QJ+L8zkkd2mDeo95lPXHXhDcToGG/c2u6nWyAFmusTlJwBhK69/xz9D/hIyCPBAeFww/y
	tEjNh1KmJy+GWcD/e0rIGimsCrd6ty7l5lwjx3xpqm7HPDz2VqPKKUihczh+/g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1703623884;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=pNg7Fi0B74MB//QPdKwzbxhrh1ufeDJ3/IBRVwhlqqg=;
	b=D8YnYvNbYwcrA+Ovrj81AIPTUDyNZVySiBQVUBI1D71VL02hoohGCDUap9NFI9KqQ84cCB
	fwCBKw6aguA04c4Va5EVVTDPH6pIqgnVZGYt5MrGTPjEB2ppJv1FwG4d96PWPKCxzKj0g9
	8zslZ5NCz7RBRL23W+W1moZJHoj1NXESFbR9M+YcjxRxmbETyANb7bRuxxBygzZ958CSsr
	k4+p9KPcOYWD5q10jIIkzsVPB0SQmKfMn6k6AiSuWymBaiYtEytnyXB+/Uj6QNi/0CEW3x
	d9JZU6LLzR8md/Eygrx5+MlubelHW11CBTJZUYMxuCjA4I5yKktjEf9JY3KpAg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T06Pm4JPZz19Mg;
	Tue, 26 Dec 2023 20:51:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3BQKpO1m096156;
	Tue, 26 Dec 2023 20:51:24 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3BQKpOmO096153;
	Tue, 26 Dec 2023 20:51:24 GMT
	(envelope-from git)
Date: Tue, 26 Dec 2023 20:51:24 GMT
Message-Id: <202312262051.3BQKpOmO096153@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Gordon Tetlow <gordon@FreeBSD.org>
Subject: git: 277b9fe50d9e - main - security/openssh-portable:
  Update to 9.6p1
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: gordon
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 277b9fe50d9e7f7b21eb2f3b052f8ea22a3d77d2
Auto-Submitted: auto-generated

The branch main has been updated by gordon:

URL: https://cgit.FreeBSD.org/ports/commit/?id=277b9fe50d9e7f7b21eb2f3b052f8ea22a3d77d2

commit 277b9fe50d9e7f7b21eb2f3b052f8ea22a3d77d2
Author:     Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2023-12-26 20:49:13 +0000
Commit:     Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2023-12-26 20:49:13 +0000

    security/openssh-portable: Update to 9.6p1
    
    Approved by:    bdrewery
    Differential Revision:  https://reviews.freebsd.org/D43132
---
 security/openssh-portable/Makefile                 |  7 +++----
 security/openssh-portable/distinfo                 |  8 +++-----
 .../openssh-portable/files/extra-patch-hpn-compat  | 16 +++++++--------
 security/openssh-portable/files/patch-ssh-agent.c  | 24 +++++++++++-----------
 security/openssh-portable/files/patch-ssh_config   | 17 ---------------
 5 files changed, 26 insertions(+), 46 deletions(-)

diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 064b00ab8cb3..2991ee04084c 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	openssh
-DISTVERSION=	9.3p2
-PORTREVISION=	2
+DISTVERSION=	9.6p1
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	security
 MASTER_SITES=	OPENBSD/OpenSSH/portable
@@ -23,8 +23,7 @@ GNU_CONFIGURE=		yes
 CONFIGURE_ARGS=		--prefix=${PREFIX} \
 			--without-zlib-version-check \
 			--with-ssl-engine \
-			--with-mantype=man \
-			--with-Werror
+			--with-mantype=man
 
 ETCOLD=			${PREFIX}/etc
 
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index 244080affd21..8f546e9ce2c5 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,5 +1,3 @@
-TIMESTAMP = 1695396338
-SHA256 (openssh-9.3p2.tar.gz) = 200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8
-SIZE (openssh-9.3p2.tar.gz) = 1835850
-SHA256 (openssh-9.4p1-gsskex-all-debian-rh-9.4p1.patch) = 9492c1db4307aa3fe6e12d77fff01376bf275af2980ae55b926a505aae9e9b14
-SIZE (openssh-9.4p1-gsskex-all-debian-rh-9.4p1.patch) = 131674
+TIMESTAMP = 1703034264
+SHA256 (openssh-9.6p1.tar.gz) = 910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c
+SIZE (openssh-9.6p1.tar.gz) = 1857862
diff --git a/security/openssh-portable/files/extra-patch-hpn-compat b/security/openssh-portable/files/extra-patch-hpn-compat
index 6f6a0e1aa358..b3a5e0973609 100644
--- a/security/openssh-portable/files/extra-patch-hpn-compat
+++ b/security/openssh-portable/files/extra-patch-hpn-compat
@@ -16,12 +16,12 @@ r294563 was incomplete; re-add the client-side options as well.
 
 ------------------------------------------------------------------------
 
---- readconf.c.orig	2023-02-03 11:17:45.506822000 -0800
-+++ readconf.c	2023-02-03 11:30:14.894959000 -0800
-@@ -323,6 +323,12 @@ static struct {
- 	{ "knownhostscommand", oKnownHostsCommand },
- 	{ "requiredrsasize", oRequiredRSASize },
+--- readconf.c.orig	2023-12-19 17:09:41.366788000 -0800
++++ readconf.c	2023-12-19 17:10:24.155247000 -0800
+@@ -329,6 +329,12 @@
  	{ "enableescapecommandline", oEnableEscapeCommandline },
+ 	{ "obscurekeystroketiming", oObscureKeystrokeTiming },
+ 	{ "channeltimeout", oChannelTimeout },
 +	{ "hpndisabled", oDeprecated },
 +	{ "hpnbuffersize", oDeprecated },
 +	{ "tcprcvbufpoll", oDeprecated },
@@ -31,9 +31,9 @@ r294563 was incomplete; re-add the client-side options as well.
  
  	{ NULL, oBadOption }
  };
---- servconf.c.orig	2023-02-02 04:21:54.000000000 -0800
-+++ servconf.c	2023-02-03 11:31:00.387624000 -0800
-@@ -695,6 +695,10 @@ static struct {
+--- servconf.c.orig	2023-12-19 17:11:52.320491000 -0800
++++ servconf.c	2023-12-19 17:12:43.950318000 -0800
+@@ -693,6 +693,10 @@
  	{ "requiredrsasize", sRequiredRSASize, SSHCFG_ALL },
  	{ "channeltimeout", sChannelTimeout, SSHCFG_ALL },
  	{ "unusedconnectiontimeout", sUnusedConnectionTimeout, SSHCFG_ALL },
diff --git a/security/openssh-portable/files/patch-ssh-agent.c b/security/openssh-portable/files/patch-ssh-agent.c
index 9fc1abc0dfab..cd85012d883f 100644
--- a/security/openssh-portable/files/patch-ssh-agent.c
+++ b/security/openssh-portable/files/patch-ssh-agent.c
@@ -8,9 +8,9 @@ r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines
 Add a -x option that causes ssh-agent(1) to exit when all clients have
 disconnected.
 
---- ssh-agent.c.orig	2023-02-02 04:21:54.000000000 -0800
-+++ ssh-agent.c	2023-02-03 10:55:34.277561000 -0800
-@@ -188,11 +188,28 @@ static int restrict_websafe = 1;
+--- ssh-agent.c.orig	2023-12-18 06:59:50.000000000 -0800
++++ ssh-agent.c	2023-12-19 17:16:22.128981000 -0800
+@@ -196,11 +196,28 @@
  /* Refuse signing of non-SSH messages for web-origin FIDO keys */
  static int restrict_websafe = 1;
  
@@ -39,7 +39,7 @@ disconnected.
  	close(e->fd);
  	sshbuf_free(e->input);
  	sshbuf_free(e->output);
-@@ -205,6 +222,8 @@ close_socket(SocketEntry *e)
+@@ -213,6 +230,8 @@
  	memset(e, '\0', sizeof(*e));
  	e->fd = -1;
  	e->type = AUTH_UNUSED;
@@ -48,7 +48,7 @@ disconnected.
  }
  
  static void
-@@ -1698,6 +1717,10 @@ new_socket(sock_type type, int fd)
+@@ -1893,6 +1912,10 @@
  
  	debug_f("type = %s", type == AUTH_CONNECTION ? "CONNECTION" :
  	    (type == AUTH_SOCKET ? "SOCKET" : "UNKNOWN"));
@@ -59,7 +59,7 @@ disconnected.
  	set_nonblock(fd);
  
  	if (fd > max_fd)
-@@ -1990,7 +2013,7 @@ usage(void)
+@@ -2184,7 +2207,7 @@
  usage(void)
  {
  	fprintf(stderr,
@@ -68,15 +68,15 @@ disconnected.
  	    "                 [-O option] [-P allowed_providers] [-t life]\n"
  	    "       ssh-agent [-a bind_address] [-E fingerprint_hash] [-O option]\n"
  	    "                 [-P allowed_providers] [-t life] command [arg ...]\n"
-@@ -2024,6 +2047,7 @@ main(int ac, char **av)
+@@ -2218,6 +2241,7 @@
  	/* drop */
- 	setegid(getgid());
- 	setgid(getgid());
-+	setuid(geteuid());
+ 	(void)setegid(getgid());
+ 	(void)setgid(getgid());
++	(void)setuid(geteuid());
  
  	platform_disable_tracing(0);	/* strict=no */
  
-@@ -2035,7 +2059,7 @@ main(int ac, char **av)
+@@ -2229,7 +2253,7 @@
  	__progname = ssh_get_progname(av[0]);
  	seed_rng();
  
@@ -85,7 +85,7 @@ disconnected.
  		switch (ch) {
  		case 'E':
  			fingerprint_hash = ssh_digest_alg_by_name(optarg);
-@@ -2084,6 +2108,9 @@ main(int ac, char **av)
+@@ -2280,6 +2304,9 @@
  				fprintf(stderr, "Invalid lifetime\n");
  				usage();
  			}
diff --git a/security/openssh-portable/files/patch-ssh_config b/security/openssh-portable/files/patch-ssh_config
deleted file mode 100644
index efad15f126fd..000000000000
--- a/security/openssh-portable/files/patch-ssh_config
+++ /dev/null
@@ -1,17 +0,0 @@
---- UTC
-r100678 | fanf | 2002-07-25 10:59:40 -0500 (Thu, 25 Jul 2002) | 5 lines
-
-Document the FreeBSD default for CheckHostIP, which was changed in
-rev 1.2 of readconf.c.
-
---- ssh_config.orig	2010-01-12 01:40:27.000000000 -0700
-+++ ssh_config	2010-09-14 16:14:13.000000000 -0600
-@@ -27,7 +27,7 @@
- #   GSSAPIAuthentication no
- #   GSSAPIDelegateCredentials no
- #   BatchMode no
--#   CheckHostIP yes
-+#   CheckHostIP no
- #   AddressFamily any
- #   ConnectTimeout 0
- #   StrictHostKeyChecking ask