Date: Tue, 23 May 2023 17:40:20 GMT From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 700625bcd86b - main - security/openssh-portable: Update to 9.3p1. Message-ID: <202305231740.34NHeKC4038631@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by bdrewery: URL: https://cgit.FreeBSD.org/ports/commit/?id=700625bcd86b74cf3fb9536aeea250d7f8cd1fd5 commit 700625bcd86b74cf3fb9536aeea250d7f8cd1fd5 Author: Bryan Drewery <bdrewery@FreeBSD.org> AuthorDate: 2023-05-19 21:45:00 +0000 Commit: Bryan Drewery <bdrewery@FreeBSD.org> CommitDate: 2023-05-23 17:40:07 +0000 security/openssh-portable: Update to 9.3p1. Changes: https://www.openssh.com/txt/release-9.3 --- security/openssh-portable/Makefile | 4 +-- security/openssh-portable/distinfo | 6 ++-- security/openssh-portable/files/extra-patch-hpn | 41 ++++++++----------------- 3 files changed, 17 insertions(+), 34 deletions(-) diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 4c0c4a940024..c311879d1725 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -1,5 +1,5 @@ PORTNAME= openssh -DISTVERSION= 9.2p1 +DISTVERSION= 9.3p1 PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security @@ -101,7 +101,7 @@ PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex # Must add this patch before HPN due to conflicts .if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi -#BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. +BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. . if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} # Needed glue for applying HPN patch without conflict EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index fbd9733b60d3..2e92912f2e3a 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1676575062 -SHA256 (openssh-9.2p1.tar.gz) = 3f66dbf1655fb45f50e1c56da62ab01218c228807b21338d634ebcdf9d71cf46 -SIZE (openssh-9.2p1.tar.gz) = 1852380 +TIMESTAMP = 1684527180 +SHA256 (openssh-9.3p1.tar.gz) = e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8 +SIZE (openssh-9.3p1.tar.gz) = 1856839 SHA256 (openssh-9.2p1-gsskex-all-20141021-debian-rh-20220203.patch) = acf9b12d68eeeae047d1042954473f859c10a7c2a4b5d9dc54fcbbd5e30a3a58 SIZE (openssh-9.2p1-gsskex-all-20141021-debian-rh-20220203.patch) = 131618 diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn index 1f25a207b00b..708c73e7a290 100644 --- a/security/openssh-portable/files/extra-patch-hpn +++ b/security/openssh-portable/files/extra-patch-hpn @@ -1119,9 +1119,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o sshpkt_fatal(ssh, r, "banner exchange"); /* Put the connection into non-blocking mode. */ ---- work/openssh/sshconnect2.c.orig 2021-08-19 21:03:49.000000000 -0700 -+++ work/openssh/sshconnect2.c 2021-09-08 10:02:03.037982000 -0700 -@@ -84,7 +84,13 @@ +--- work/openssh/sshconnect2.c.orig 2023-03-15 14:28:19.000000000 -0700 ++++ work/openssh/sshconnect2.c 2023-05-19 14:20:01.965073000 -0700 +@@ -83,7 +83,13 @@ extern Options options; extern char *client_version_string; extern char *server_version_string; extern Options options; @@ -1135,29 +1135,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o /* * SSH2 key exchange */ -@@ -212,11 +218,12 @@ order_hostkeyalgs(char *host, struct sockaddr *hostadd - return ret; - } - -+static char *myproposal[PROPOSAL_MAX]; -+static const char *myproposal_default[PROPOSAL_MAX] = { KEX_CLIENT }; - void - ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, - const struct ssh_conn_info *cinfo) - { -- char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; - char *s, *all_key; - int r, use_known_hosts_order = 0; - -@@ -241,6 +248,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr - fatal_fr(r, "kex_assemble_namelist"); - free(all_key); - -+ memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); - if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) - fatal_f("kex_names_cat"); - myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, s); -@@ -487,6 +495,29 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, +@@ -482,6 +488,34 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, if (!authctxt.success) fatal("Authentication failed."); @@ -1169,11 +1147,16 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o + * tty allocated. + */ + if ((options.none_switch == 1) && (options.none_enabled == 1)) { ++ char *myproposal[PROPOSAL_MAX]; ++ char *s = NULL; ++ const char *none_cipher = "none"; ++ + if (!tty_flag) { /* no null on tty sessions */ + debug("Requesting none rekeying..."); -+ memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); -+ myproposal[PROPOSAL_ENC_ALGS_STOC] = "none"; -+ myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none"; ++ kex_proposal_populate_entries(ssh, myproposal, s, none_cipher, ++ options.macs, ++ compression_alg_list(options.compression), ++ options.hostkeyalgorithms); + kex_prop2buf(ssh->kex->my, myproposal); + packet_request_rekeying(); + fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202305231740.34NHeKC4038631>