git: 162c735b3423 - main - security/openssh-portable: Update to 9.1p1
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 08 Oct 2022 15:53:41 UTC
The branch main has been updated by bdrewery:
URL: https://cgit.FreeBSD.org/ports/commit/?id=162c735b342337126ccc74f625c587a02c4d45fd
commit 162c735b342337126ccc74f625c587a02c4d45fd
Author: Bryan Drewery <bdrewery@FreeBSD.org>
AuthorDate: 2022-10-04 16:39:50 +0000
Commit: Bryan Drewery <bdrewery@FreeBSD.org>
CommitDate: 2022-10-08 15:53:12 +0000
security/openssh-portable: Update to 9.1p1
Changes: https://www.openssh.com/txt/release-9.1
---
security/openssh-portable/Makefile | 7 ++--
security/openssh-portable/distinfo | 6 +--
.../openssh-portable/files/extra-patch-hpn-compat | 16 ++++----
.../files/patch-FreeBSD-caph_cache_tzdata | 43 ----------------------
4 files changed, 15 insertions(+), 57 deletions(-)
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 568f13d839a3..14cb3a8f970a 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -1,5 +1,5 @@
PORTNAME= openssh
-DISTVERSION= 9.0p1
+DISTVERSION= 9.1p1
PORTREVISION= 0
PORTEPOCH= 1
CATEGORIES= security
@@ -101,7 +101,7 @@ PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex
# Must add this patch before HPN due to conflicts
.if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi
-#BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet.
+BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet.
. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
# Needed glue for applying HPN patch without conflict
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
@@ -114,7 +114,8 @@ GSSAPI_DEBIAN_SUBDIR= ${DISTVERSION}-1
PATCH_SITES+= https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex
# Bump this when updating the patch location
GSSAPI_UPDATE_DATE= 20220203
-PATCHFILES+= openssh-${DISTVERSION}-gsskex-all-20141021-debian-rh-${GSSAPI_UPDATE_DATE}.patch:-p1:gsskex
+#GSSAPI_DISTVERSION= 9.0p1
+PATCHFILES+= openssh-${GSSAPI_DISTVERSION:U${DISTVERSION}}-gsskex-all-20141021-debian-rh-${GSSAPI_UPDATE_DATE}.patch:-p1:gsskex
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-auth2-gss.c
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgssc.c
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgsss.c
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index 9f500393410c..1dffd1baac8a 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1654549050
-SHA256 (openssh-9.0p1.tar.gz) = 03974302161e9ecce32153cfa10012f1e65c8f3750f573a73ab1befd5972a28a
-SIZE (openssh-9.0p1.tar.gz) = 1822183
+TIMESTAMP = 1664898976
+SHA256 (openssh-9.1p1.tar.gz) = 19f85009c7e3e23787f0236fbb1578392ab4d4bf9f8ec5fe6bc1cd7e8bfdd288
+SIZE (openssh-9.1p1.tar.gz) = 1838747
SHA256 (openssh-9.0p1-gsskex-all-20141021-debian-rh-20220203.patch) = d2f4c7bb1bc33540605a3bb0c9517d7b4ed2f5d77c24f7afcd64891be59f4ed2
SIZE (openssh-9.0p1-gsskex-all-20141021-debian-rh-20220203.patch) = 127245
diff --git a/security/openssh-portable/files/extra-patch-hpn-compat b/security/openssh-portable/files/extra-patch-hpn-compat
index c47d0a1d3b5d..d78aa1821e49 100644
--- a/security/openssh-portable/files/extra-patch-hpn-compat
+++ b/security/openssh-portable/files/extra-patch-hpn-compat
@@ -16,12 +16,12 @@ r294563 was incomplete; re-add the client-side options as well.
------------------------------------------------------------------------
---- readconf.c.orig 2021-04-27 11:24:15.916596000 -0700
-+++ readconf.c 2021-04-27 11:25:24.222034000 -0700
-@@ -316,6 +316,12 @@ static struct {
- { "proxyjump", oProxyJump },
+--- readconf.c.orig 2022-10-04 08:57:04.041419000 -0700
++++ readconf.c 2022-10-04 08:57:56.915474000 -0700
+@@ -321,6 +321,12 @@ static struct {
{ "securitykeyprovider", oSecurityKeyProvider },
{ "knownhostscommand", oKnownHostsCommand },
+ { "requiredrsasize", oRequiredRSASize },
+ { "hpndisabled", oDeprecated },
+ { "hpnbuffersize", oDeprecated },
+ { "tcprcvbufpoll", oDeprecated },
@@ -31,12 +31,12 @@ r294563 was incomplete; re-add the client-side options as well.
{ NULL, oBadOption }
};
---- servconf.c.orig 2020-02-13 16:40:54.000000000 -0800
-+++ servconf.c 2020-03-21 17:01:18.011062000 -0700
-@@ -695,6 +695,10 @@ static struct {
- { "rdomain", sRDomain, SSHCFG_ALL },
+--- servconf.c.orig 2022-10-03 07:51:42.000000000 -0700
++++ servconf.c 2022-10-04 08:58:21.118208000 -0700
+@@ -681,6 +681,10 @@ static struct {
{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
{ "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
+ { "requiredrsasize", sRequiredRSASize, SSHCFG_ALL },
+ { "noneenabled", sUnsupported, SSHCFG_ALL },
+ { "hpndisabled", sDeprecated, SSHCFG_ALL },
+ { "hpnbuffersize", sDeprecated, SSHCFG_ALL },
diff --git a/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata b/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata
deleted file mode 100644
index bf3889265b77..000000000000
--- a/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata
+++ /dev/null
@@ -1,43 +0,0 @@
-commit fc3c19a9fceeea48a9259ac3833a125804342c0e
-Author: Ed Maste <emaste@FreeBSD.org>
-Date: Sat Oct 6 21:32:55 2018 +0000
-
- sshd: address capsicum issues
-
- * Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
- capability mode.
- * Cache timezone data via caph_cache_tzdata() as we cannot access the
- timezone file.
- * Reverse resolve hostname before entering capability mode.
-
- PR: 231172
- Submitted by: naito.yuichiro@gmail.com
- Reviewed by: cem, des
- Approved by: re (rgrimes)
- MFC after: 3 weeks
- Differential Revision: https://reviews.freebsd.org/D17128
-
-Notes:
- svn path=/head/; revision=339216
-
-diff --git crypto/openssh/sandbox-capsicum.c crypto/openssh/sandbox-capsicum.c
-index 5f41d526292b..f728abd18250 100644
---- sandbox-capsicum.c
-+++ sandbox-capsicum.c
-@@ -31,6 +31,7 @@ __RCSID("$FreeBSD$");
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
-+#include <capsicum_helpers.h>
-
- #include "log.h"
- #include "monitor.h"
-@@ -71,6 +72,8 @@ ssh_sandbox_child(struct ssh_sandbox *box)
- struct rlimit rl_zero;
- cap_rights_t rights;
-
-+ caph_cache_tzdata();
-+
- rl_zero.rlim_cur = rl_zero.rlim_max = 0;
-
- if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)