Re: git: 1896ee6874cd - main - security/openssh-portable: Update to 9.9p2

In reply to: Bryan Drewery : "git: 1896ee6874cd - main - security/openssh-portable: Update to 9.9p2"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Cy Schubert <Cy.Schubert_at_cschubert.com>
Date: Wed, 19 Feb 2025 16:16:53 UTC
In message <202502191612.51JGCHFZ059515@gitrepo.freebsd.org>, Bryan Drewery 
wri
tes:
> The branch main has been updated by bdrewery:
>
> URL: https://cgit.FreeBSD.org/ports/commit/?id=1896ee6874cd44b6c8d08feb40b4b8
> f445ae9184
>
> commit 1896ee6874cd44b6c8d08feb40b4b8f445ae9184
> Author:     Bryan Drewery <bdrewery@FreeBSD.org>
> AuthorDate: 2025-02-19 16:01:52 +0000
> Commit:     Bryan Drewery <bdrewery@FreeBSD.org>
> CommitDate: 2025-02-19 16:01:52 +0000
>
>     security/openssh-portable: Update to 9.9p2
>     
>     Changes: https://www.openssh.com/releasenotes.html
>     Security:
>       * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
>         (inclusive) contained a logic error that allowed an on-path
>         attacker (a.k.a MITM) to impersonate any server when the
>         VerifyHostKeyDNS option is enabled. This option is off by default.
>     
>       * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
>         (inclusive) is vulnerable to a memory/CPU denial-of-service related
>         to the handling of SSH2_MSG_PING packets. This condition may be
> ---
>  security/openssh-portable/Makefile              | 6 +++---
>  security/openssh-portable/distinfo              | 6 +++---
>  security/openssh-portable/files/extra-patch-hpn | 6 +++---
>  3 files changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/M
> akefile
> index 676c1b750027..6c140b0c056d 100644
> --- a/security/openssh-portable/Makefile
> +++ b/security/openssh-portable/Makefile
> @@ -1,6 +1,6 @@
>  PORTNAME=	openssh
> -DISTVERSION=	9.9p1
> -PORTREVISION=	1
> +DISTVERSION=	9.9p2
> +PORTREVISION=	0
>  PORTEPOCH=	1
>  CATEGORIES=	security
>  MASTER_SITES=	OPENBSD/OpenSSH/portable
> @@ -109,7 +109,7 @@ EXTRA_PATCHES+=	${FILESDIR}/extra-patch-hpn-gss-glue
>  .  endif
>  # - See https://sources.debian.org/data/main/o/openssh/ for which subdir to
>  # pull from.
> -GSSAPI_DEBIAN_VERSION=	9.9p1
> +GSSAPI_DEBIAN_VERSION=	9.9p2
>  GSSAPI_DEBIAN_SUBDIR=	${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-1
>  # - Debian does not use a versioned filename so we trick fetch to make one f
> or
>  # us with the ?<anything>=/ trick.
> diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/d
> istinfo
> index 41138b4167db..307b0087264f 100644
> --- a/security/openssh-portable/distinfo
> +++ b/security/openssh-portable/distinfo
> @@ -1,5 +1,5 @@
> -TIMESTAMP = 1728410939
> -SHA256 (openssh-9.9p1.tar.gz) = b343fbcdbff87f15b1986e6e15d6d4fc9a7d36066be6
> b7fb507087ba8f966c02
> -SIZE (openssh-9.9p1.tar.gz) = 1964864
> +TIMESTAMP = 1739980882
> +SHA256 (openssh-9.9p2.tar.gz) = 91aadb603e08cc285eddf965e1199d02585fa94d994d
> 6cae5b41e1721e215673
> +SIZE (openssh-9.9p2.tar.gz) = 1944499
>  SHA256 (openssh-9.9p1-gsskex-all-debian-rh-9.9p1.patch) = b8b590024137d54394
> fd46ebfe32f2b081d0744abdcdcacf6dd30d1c91339864
>  SIZE (openssh-9.9p1-gsskex-all-debian-rh-9.9p1.patch) = 125233
> diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/opens
> sh-portable/files/extra-patch-hpn
> index c41368af72fb..43152e3d2e82 100644
> --- a/security/openssh-portable/files/extra-patch-hpn
> +++ b/security/openssh-portable/files/extra-patch-hpn
> @@ -1280,11 +1280,11 @@ diff -urN -x configure -x config.guess -x config.h.in
>  -x config.sub work.clean/o
>   # Example of overriding settings on a per-user basis
>   #Match User anoncvs
>   #	X11Forwarding no
> ---- work/openssh/version.h.orig	2023-12-18 06:59:50.000000000 -0800
> -+++ work/openssh/version.h	2024-01-08 16:22:25.632475000 -0800
> +--- work/openssh/version.h.orig	2025-02-18 00:15:08.000000000 -0800
> ++++ work/openssh/version.h	2025-02-19 07:59:36.425254000 -0800
>  @@ -4,3 +4,4 @@
>   
> - #define SSH_PORTABLE	"p1"
> + #define SSH_PORTABLE	"p2"
>   #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
>  +#define SSH_HPN         "-hpn14v15"
>  --- work/openssh/kex.h.orig	2019-07-10 17:35:36.523216000 -0700
>

This looks like it could be an MFH candidate.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e^(i*pi)+1=0