From nobody Wed Feb 19 16:16:53 2025 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YyhNl6ZzXz5pYMX; Wed, 19 Feb 2025 16:16:55 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from omta004.cacentral1.a.cloudfilter.net (omta002.cacentral1.a.cloudfilter.net [3.97.99.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YyhNl5YBVz3Z6g; Wed, 19 Feb 2025 16:16:55 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Authentication-Results: mx1.freebsd.org; none Received: from shw-obgw-4001a.ext.cloudfilter.net ([10.228.9.142]) by cmsmtp with ESMTPS id kg0mtwYsd5Mqykmkptik4e; Wed, 19 Feb 2025 16:16:55 +0000 Received: from spqr.komquats.com ([70.66.136.217]) by cmsmtp with ESMTPSA id kmkntcxZc4k0okmkot2eX3; Wed, 19 Feb 2025 16:16:55 +0000 X-Auth-User: cschuber X-Authority-Analysis: v=2.4 cv=fLKa3oae c=1 sm=1 tr=0 ts=67b603f7 a=h7br+8Ma+Xn9xscxy5znUg==:117 a=h7br+8Ma+Xn9xscxy5znUg==:17 a=kj9zAlcOel0A:10 a=T2h4t0Lz3GQA:10 a=6I5d2MoRAAAA:8 a=HU1OPnRnAAAA:8 a=xNf9USuDAAAA:8 a=EkcXrb_YAAAA:8 a=YxBL1-UpAAAA:8 a=nfuukGJfrkWVe87KBTQA:9 a=CjuIK1q_8ugA:10 a=Cil3w7wJrOMA:10 a=y4ddQsrDJA4A:10 a=vQ5cN67eHy2kcvnFvKcb:22 a=LK5xJRSDVpKd5WXXoEvA:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTP id 45175B7; Wed, 19 Feb 2025 08:16:53 -0800 (PST) Received: by slippy.cwsent.com (Postfix, from userid 1000) id 41363203; Wed, 19 Feb 2025 08:16:53 -0800 (PST) X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8+dev Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Bryan Drewery cc: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: Re: git: 1896ee6874cd - main - security/openssh-portable: Update to 9.9p2 In-reply-to: <202502191612.51JGCHFZ059515@gitrepo.freebsd.org> References: <202502191612.51JGCHFZ059515@gitrepo.freebsd.org> Comments: In-reply-to Bryan Drewery message dated "Wed, 19 Feb 2025 16:12:17 +0000." List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 19 Feb 2025 08:16:53 -0800 Message-Id: <20250219161653.41363203@slippy.cwsent.com> X-CMAE-Envelope: MS4xfJC3uC2cWLyXL7Gs8YauZi3Ygx/4Nzls2Uug6/XxPxi7TGBeZNYHHi80EpvetTdJKkomWPlJal7cyp3xiOuf9xGPne2STB0ichBhF/r9c23TiM8foY/6 WNOa30+1LK8+2NzOphENU5a1rzmqTGXalv1rZI8PByvznjg8dsLcnQOBY+fceGR4JCYf0k/7gUbbAZ0uQV4EaOPilqbmbhZLltq1nhexJ4MxjYcb42eLM6nD 6WUjaZRzVL0RNaSheiWgcoqedFEkQwKeUMCrMfjoXUOK4K9+q+DrL4IdalFaWcGTHMT6o9Awcm0UHWP1ohZJ1OBOzoBzH35ASFSowcMNN/sInfFdQZJgI/Kp jkXEEHo2 X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US] X-Rspamd-Queue-Id: 4YyhNl5YBVz3Z6g X-Spamd-Bar: ---- In message <202502191612.51JGCHFZ059515@gitrepo.freebsd.org>, Bryan Drewery wri tes: > The branch main has been updated by bdrewery: > > URL: https://cgit.FreeBSD.org/ports/commit/?id=1896ee6874cd44b6c8d08feb40b4b8 > f445ae9184 > > commit 1896ee6874cd44b6c8d08feb40b4b8f445ae9184 > Author: Bryan Drewery > AuthorDate: 2025-02-19 16:01:52 +0000 > Commit: Bryan Drewery > CommitDate: 2025-02-19 16:01:52 +0000 > > security/openssh-portable: Update to 9.9p2 > > Changes: https://www.openssh.com/releasenotes.html > Security: > * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 > (inclusive) contained a logic error that allowed an on-path > attacker (a.k.a MITM) to impersonate any server when the > VerifyHostKeyDNS option is enabled. This option is off by default. > > * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 > (inclusive) is vulnerable to a memory/CPU denial-of-service related > to the handling of SSH2_MSG_PING packets. This condition may be > --- > security/openssh-portable/Makefile | 6 +++--- > security/openssh-portable/distinfo | 6 +++--- > security/openssh-portable/files/extra-patch-hpn | 6 +++--- > 3 files changed, 9 insertions(+), 9 deletions(-) > > diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/M > akefile > index 676c1b750027..6c140b0c056d 100644 > --- a/security/openssh-portable/Makefile > +++ b/security/openssh-portable/Makefile > @@ -1,6 +1,6 @@ > PORTNAME= openssh > -DISTVERSION= 9.9p1 > -PORTREVISION= 1 > +DISTVERSION= 9.9p2 > +PORTREVISION= 0 > PORTEPOCH= 1 > CATEGORIES= security > MASTER_SITES= OPENBSD/OpenSSH/portable > @@ -109,7 +109,7 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue > . endif > # - See https://sources.debian.org/data/main/o/openssh/ for which subdir to > # pull from. > -GSSAPI_DEBIAN_VERSION= 9.9p1 > +GSSAPI_DEBIAN_VERSION= 9.9p2 > GSSAPI_DEBIAN_SUBDIR= ${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-1 > # - Debian does not use a versioned filename so we trick fetch to make one f > or > # us with the ?=/ trick. > diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/d > istinfo > index 41138b4167db..307b0087264f 100644 > --- a/security/openssh-portable/distinfo > +++ b/security/openssh-portable/distinfo > @@ -1,5 +1,5 @@ > -TIMESTAMP = 1728410939 > -SHA256 (openssh-9.9p1.tar.gz) = b343fbcdbff87f15b1986e6e15d6d4fc9a7d36066be6 > b7fb507087ba8f966c02 > -SIZE (openssh-9.9p1.tar.gz) = 1964864 > +TIMESTAMP = 1739980882 > +SHA256 (openssh-9.9p2.tar.gz) = 91aadb603e08cc285eddf965e1199d02585fa94d994d > 6cae5b41e1721e215673 > +SIZE (openssh-9.9p2.tar.gz) = 1944499 > SHA256 (openssh-9.9p1-gsskex-all-debian-rh-9.9p1.patch) = b8b590024137d54394 > fd46ebfe32f2b081d0744abdcdcacf6dd30d1c91339864 > SIZE (openssh-9.9p1-gsskex-all-debian-rh-9.9p1.patch) = 125233 > diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/opens > sh-portable/files/extra-patch-hpn > index c41368af72fb..43152e3d2e82 100644 > --- a/security/openssh-portable/files/extra-patch-hpn > +++ b/security/openssh-portable/files/extra-patch-hpn > @@ -1280,11 +1280,11 @@ diff -urN -x configure -x config.guess -x config.h.in > -x config.sub work.clean/o > # Example of overriding settings on a per-user basis > #Match User anoncvs > # X11Forwarding no > ---- work/openssh/version.h.orig 2023-12-18 06:59:50.000000000 -0800 > -+++ work/openssh/version.h 2024-01-08 16:22:25.632475000 -0800 > +--- work/openssh/version.h.orig 2025-02-18 00:15:08.000000000 -0800 > ++++ work/openssh/version.h 2025-02-19 07:59:36.425254000 -0800 > @@ -4,3 +4,4 @@ > > - #define SSH_PORTABLE "p1" > + #define SSH_PORTABLE "p2" > #define SSH_RELEASE SSH_VERSION SSH_PORTABLE > +#define SSH_HPN "-hpn14v15" > --- work/openssh/kex.h.orig 2019-07-10 17:35:36.523216000 -0700 > This looks like it could be an MFH candidate. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e^(i*pi)+1=0