From nobody Wed Feb 19 16:12:17 2025
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YyhHP3dD4z5pYJD;
	Wed, 19 Feb 2025 16:12:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YyhHP31wjz3YZk;
	Wed, 19 Feb 2025 16:12:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1739981537;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=fS8SCkgu6mC+WvejZQZEQ4ZApEbDVkBdQ3aDohMkDqI=;
	b=AE0m7C0Af4a57piJMF1pnqnglep1LjIw3a/Tob/JKyHyCZsLSQucHr0ArJglgSqNoTlSNN
	Ni1uuZxFLWq3HONVeLETEj3/WypylXnNoOjSY2xBg5cgIJMoYMOfJwkLH8aFXZQQkNHBfh
	+aqkUiYLE/m+KgJoEakYpRzplkLN20qbA+I3judC4Ceq6VX53M3W7R/G1OKHK8qZWBhvQG
	SKE03zMIijbOOb/tSWv4ifZRj/kaEmeRkGRFHdylo6iWBPpd7YVnCxOAzjsaYNpvqBlin8
	WNEqNqEFsk1wj7uO9qC6iLPfIplF1JkxUogvzPp4J/z5e3p8U8lzeUA5Zqbsnw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739981537; a=rsa-sha256; cv=none;
	b=HK22BNl3ZZv49pvq/ePmEsq3fSF5L/Kxmq546i7+b98AuMEvnCUSplVZNIZ9hdTYEQsVpZ
	dOHW78iQKpGQbUV8PspH+vvO4bDu2FHLtVxJhLctsic99kAmvP6k3NBQo9dUkZ3YtyNPWi
	BNhyd9RY5xjkcjCD5jfh4uxRyKZ9iktKHJXr6Zh65jZABfY9ISkaOGXW/nuFvypU+rJZ5b
	1Pm/DUTkUSWc1YN2Np5n5NMtO0Z3vRjYfezl8J0cl9Kzz4hSstfVOIFll+OXLRCpvcfrYq
	nCBfnbLWs0E7pXpQxxfq9KQiv5hGrrpO8Uz9R+bDpqk0Vl94d4ZJxITL3AWwCQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1739981537;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=fS8SCkgu6mC+WvejZQZEQ4ZApEbDVkBdQ3aDohMkDqI=;
	b=djtFtXV0dxmHIx4EWy7ojz9qJIN1QeoXFzN64PDTodU41azezefPQDNUdFsJMVHPvs1nF8
	+Rc6lOgs7tPPWgTep7P3/mIwTNZO+YrZmZekmE3J6DDsXC0z10tVDVW1TXVz9gS/gANKYb
	wwPlczhjhyAEUqXbpM48XRU3qJLrQAIHbCPZYOqCzsA91fliMO97vcSsk0ws91dv0oLHaA
	ytd7jwzjE48rJ5yjXRnQ+BEQO1pa9wA1g5JJhSiIcNihl2ZktLNyKTyAoj2opOVH0lsHGj
	Ma/hbyUmWr/SLmDFQj8ZvwZjswwOp2Dt1NHU636aCwM55nIooaMMKRwz3KXVug==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YyhHP2cSRz1BqL;
	Wed, 19 Feb 2025 16:12:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51JGCHJb059518;
	Wed, 19 Feb 2025 16:12:17 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51JGCHFZ059515;
	Wed, 19 Feb 2025 16:12:17 GMT
	(envelope-from git)
Date: Wed, 19 Feb 2025 16:12:17 GMT
Message-Id: <202502191612.51JGCHFZ059515@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Bryan Drewery <bdrewery@FreeBSD.org>
Subject: git: 1896ee6874cd - main - security/openssh-portable:
  Update to 9.9p2
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: bdrewery
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 1896ee6874cd44b6c8d08feb40b4b8f445ae9184
Auto-Submitted: auto-generated

The branch main has been updated by bdrewery:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1896ee6874cd44b6c8d08feb40b4b8f445ae9184

commit 1896ee6874cd44b6c8d08feb40b4b8f445ae9184
Author:     Bryan Drewery <bdrewery@FreeBSD.org>
AuthorDate: 2025-02-19 16:01:52 +0000
Commit:     Bryan Drewery <bdrewery@FreeBSD.org>
CommitDate: 2025-02-19 16:01:52 +0000

    security/openssh-portable: Update to 9.9p2
    
    Changes: https://www.openssh.com/releasenotes.html
    Security:
      * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
        (inclusive) contained a logic error that allowed an on-path
        attacker (a.k.a MITM) to impersonate any server when the
        VerifyHostKeyDNS option is enabled. This option is off by default.
    
      * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
        (inclusive) is vulnerable to a memory/CPU denial-of-service related
        to the handling of SSH2_MSG_PING packets. This condition may be
---
 security/openssh-portable/Makefile              | 6 +++---
 security/openssh-portable/distinfo              | 6 +++---
 security/openssh-portable/files/extra-patch-hpn | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 676c1b750027..6c140b0c056d 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	openssh
-DISTVERSION=	9.9p1
-PORTREVISION=	1
+DISTVERSION=	9.9p2
+PORTREVISION=	0
 PORTEPOCH=	1
 CATEGORIES=	security
 MASTER_SITES=	OPENBSD/OpenSSH/portable
@@ -109,7 +109,7 @@ EXTRA_PATCHES+=	${FILESDIR}/extra-patch-hpn-gss-glue
 .  endif
 # - See https://sources.debian.org/data/main/o/openssh/ for which subdir to
 # pull from.
-GSSAPI_DEBIAN_VERSION=	9.9p1
+GSSAPI_DEBIAN_VERSION=	9.9p2
 GSSAPI_DEBIAN_SUBDIR=	${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-1
 # - Debian does not use a versioned filename so we trick fetch to make one for
 # us with the ?<anything>=/ trick.
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index 41138b4167db..307b0087264f 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1728410939
-SHA256 (openssh-9.9p1.tar.gz) = b343fbcdbff87f15b1986e6e15d6d4fc9a7d36066be6b7fb507087ba8f966c02
-SIZE (openssh-9.9p1.tar.gz) = 1964864
+TIMESTAMP = 1739980882
+SHA256 (openssh-9.9p2.tar.gz) = 91aadb603e08cc285eddf965e1199d02585fa94d994d6cae5b41e1721e215673
+SIZE (openssh-9.9p2.tar.gz) = 1944499
 SHA256 (openssh-9.9p1-gsskex-all-debian-rh-9.9p1.patch) = b8b590024137d54394fd46ebfe32f2b081d0744abdcdcacf6dd30d1c91339864
 SIZE (openssh-9.9p1-gsskex-all-debian-rh-9.9p1.patch) = 125233
diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn
index c41368af72fb..43152e3d2e82 100644
--- a/security/openssh-portable/files/extra-patch-hpn
+++ b/security/openssh-portable/files/extra-patch-hpn
@@ -1280,11 +1280,11 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  # Example of overriding settings on a per-user basis
  #Match User anoncvs
  #	X11Forwarding no
---- work/openssh/version.h.orig	2023-12-18 06:59:50.000000000 -0800
-+++ work/openssh/version.h	2024-01-08 16:22:25.632475000 -0800
+--- work/openssh/version.h.orig	2025-02-18 00:15:08.000000000 -0800
++++ work/openssh/version.h	2025-02-19 07:59:36.425254000 -0800
 @@ -4,3 +4,4 @@
  
- #define SSH_PORTABLE	"p1"
+ #define SSH_PORTABLE	"p2"
  #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
 +#define SSH_HPN         "-hpn14v15"
 --- work/openssh/kex.h.orig	2019-07-10 17:35:36.523216000 -0700