Date: Wed, 19 Feb 2025 16:12:54 GMT From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org Subject: git: 103d65375884 - 2025Q1 - security/openssh-portable: Update to 9.9p2 Message-ID: <202502191612.51JGCs25063990@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch 2025Q1 has been updated by bdrewery: URL: https://cgit.FreeBSD.org/ports/commit/?id=103d65375884980a3f4dcc84429207b5dde18f58 commit 103d65375884980a3f4dcc84429207b5dde18f58 Author: Bryan Drewery <bdrewery@FreeBSD.org> AuthorDate: 2025-02-19 16:01:52 +0000 Commit: Bryan Drewery <bdrewery@FreeBSD.org> CommitDate: 2025-02-19 16:12:35 +0000 security/openssh-portable: Update to 9.9p2 Changes: https://www.openssh.com/releasenotes.html Security: * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive) contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive) is vulnerable to a memory/CPU denial-of-service related to the handling of SSH2_MSG_PING packets. This condition may be (cherry picked from commit 1896ee6874cd44b6c8d08feb40b4b8f445ae9184) --- security/openssh-portable/Makefile | 6 +++--- security/openssh-portable/distinfo | 6 +++--- security/openssh-portable/files/extra-patch-hpn | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 676c1b750027..6c140b0c056d 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -1,6 +1,6 @@ PORTNAME= openssh -DISTVERSION= 9.9p1 -PORTREVISION= 1 +DISTVERSION= 9.9p2 +PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= OPENBSD/OpenSSH/portable @@ -109,7 +109,7 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue . endif # - See https://sources.debian.org/data/main/o/openssh/ for which subdir to # pull from. -GSSAPI_DEBIAN_VERSION= 9.9p1 +GSSAPI_DEBIAN_VERSION= 9.9p2 GSSAPI_DEBIAN_SUBDIR= ${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-1 # - Debian does not use a versioned filename so we trick fetch to make one for # us with the ?<anything>=/ trick. diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index 41138b4167db..307b0087264f 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1728410939 -SHA256 (openssh-9.9p1.tar.gz) = b343fbcdbff87f15b1986e6e15d6d4fc9a7d36066be6b7fb507087ba8f966c02 -SIZE (openssh-9.9p1.tar.gz) = 1964864 +TIMESTAMP = 1739980882 +SHA256 (openssh-9.9p2.tar.gz) = 91aadb603e08cc285eddf965e1199d02585fa94d994d6cae5b41e1721e215673 +SIZE (openssh-9.9p2.tar.gz) = 1944499 SHA256 (openssh-9.9p1-gsskex-all-debian-rh-9.9p1.patch) = b8b590024137d54394fd46ebfe32f2b081d0744abdcdcacf6dd30d1c91339864 SIZE (openssh-9.9p1-gsskex-all-debian-rh-9.9p1.patch) = 125233 diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn index c41368af72fb..43152e3d2e82 100644 --- a/security/openssh-portable/files/extra-patch-hpn +++ b/security/openssh-portable/files/extra-patch-hpn @@ -1280,11 +1280,11 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no ---- work/openssh/version.h.orig 2023-12-18 06:59:50.000000000 -0800 -+++ work/openssh/version.h 2024-01-08 16:22:25.632475000 -0800 +--- work/openssh/version.h.orig 2025-02-18 00:15:08.000000000 -0800 ++++ work/openssh/version.h 2025-02-19 07:59:36.425254000 -0800 @@ -4,3 +4,4 @@ - #define SSH_PORTABLE "p1" + #define SSH_PORTABLE "p2" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE +#define SSH_HPN "-hpn14v15" --- work/openssh/kex.h.orig 2019-07-10 17:35:36.523216000 -0700
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202502191612.51JGCs25063990>