Date: Mon, 6 Oct 2025 17:43:07 GMT From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 7d4f03d56d19 - main - security/openssh-portable: Update to 10.1p1 Message-ID: <202510061743.596Hh7KI008525@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by bdrewery: URL: https://cgit.FreeBSD.org/ports/commit/?id=7d4f03d56d19a19a15399a03b3ceca8a0f5924b4 commit 7d4f03d56d19a19a15399a03b3ceca8a0f5924b4 Author: Bryan Drewery <bdrewery@FreeBSD.org> AuthorDate: 2025-10-06 15:09:10 +0000 Commit: Bryan Drewery <bdrewery@FreeBSD.org> CommitDate: 2025-10-06 17:42:26 +0000 security/openssh-portable: Update to 10.1p1 Changes: https://www.openssh.com/txt/release-10.1 --- security/openssh-portable/Makefile | 5 +-- security/openssh-portable/distinfo | 8 ++--- security/openssh-portable/files/extra-patch-hpn | 28 ++++++++-------- .../openssh-portable/files/extra-patch-hpn-compat | 10 +++--- security/openssh-portable/files/patch-ssh-agent.1 | 18 +++++----- security/openssh-portable/files/patch-ssh-agent.c | 38 +++++++++++----------- 6 files changed, 53 insertions(+), 54 deletions(-) diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index b0188ca89430..6cf668fc4280 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -1,6 +1,6 @@ PORTNAME= openssh -DISTVERSION= 10.0p1 -PORTREVISION= 2 +DISTVERSION= 10.1p1 +PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= OPENBSD/OpenSSH/portable @@ -101,6 +101,7 @@ PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex # Must add this patch before HPN due to conflicts .if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi +BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. . if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} # Needed glue for applying HPN patch without conflict EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index 2b13cb5a64da..20ed1e88abef 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,5 +1,3 @@ -TIMESTAMP = 1759765953 -SHA256 (openssh-10.0p1.tar.gz) = 021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c -SIZE (openssh-10.0p1.tar.gz) = 1972675 -SHA256 (openssh-10.0p1-gsskex-all-debian-rh-10.0p1.patch) = 6749430c148dacf41b396c0f7a107526e6030379ccd4f57f407993748d4a5912 -SIZE (openssh-10.0p1-gsskex-all-debian-rh-10.0p1.patch) = 126360 +TIMESTAMP = 1759763325 +SHA256 (openssh-10.1p1.tar.gz) = b9fc7a2b82579467a6f2f43e4a81c8e1dfda614ddb4f9b255aafd7020bbf0758 +SIZE (openssh-10.1p1.tar.gz) = 1972831 diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn index 6fec82f1fc2e..412cc576fb7c 100644 --- a/security/openssh-portable/files/extra-patch-hpn +++ b/security/openssh-portable/files/extra-patch-hpn @@ -905,9 +905,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o .It Fl r Recursively copy entire directories when uploading and downloading. Note that ---- work/openssh/ssh.c.orig 2024-06-30 21:36:28.000000000 -0700 -+++ work/openssh/ssh.c 2024-07-01 13:58:31.555859000 -0700 -@@ -1070,6 +1070,14 @@ main(int ac, char **av) +--- work/openssh/ssh.c.orig 2025-10-05 19:25:16.000000000 -0700 ++++ work/openssh/ssh.c 2025-10-06 08:20:57.445863000 -0700 +@@ -1092,6 +1092,14 @@ main(int ac, char **av) break; case 'T': options.request_tty = REQUEST_TTY_NO; @@ -922,7 +922,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o break; case 'o': line = xstrdup(optarg); -@@ -2159,6 +2167,78 @@ ssh_session2_setup(struct ssh *ssh, int id, int succes +@@ -2235,6 +2243,78 @@ ssh_session2_setup(struct ssh *ssh, int id, int succes NULL, fileno(stdin), command, environ); } @@ -1001,7 +1001,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o /* open new channel for a session */ static int ssh_session2_open(struct ssh *ssh) -@@ -2177,9 +2257,17 @@ ssh_session2_open(struct ssh *ssh) +@@ -2253,9 +2333,17 @@ ssh_session2_open(struct ssh *ssh) if (in == -1 || out == -1 || err == -1) fatal("dup() in/out/err failed"); @@ -1019,22 +1019,22 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o window >>= 1; packetmax >>= 1; } -@@ -2188,6 +2276,12 @@ ssh_session2_open(struct ssh *ssh) - window, packetmax, CHAN_EXTENDED_WRITE, +@@ -2265,6 +2353,12 @@ ssh_session2_open(struct ssh *ssh) "client-session", CHANNEL_NONBLOCK_STDIO); - + if (tty_flag) + channel_set_tty(ssh, c); +#ifdef HPN_ENABLED + if (options.tcp_rcv_buf_poll > 0 && !options.hpn_disabled) { + c->dynamic_window = 1; + debug ("Enabled Dynamic Window Scaling"); + } +#endif - debug3_f("channel_new: %d", c->self); + debug3_f("channel_new: %d%s", c->self, tty_flag ? " (tty)" : ""); channel_send_open(ssh, c->self); -@@ -2203,6 +2297,15 @@ ssh_session2(struct ssh *ssh, const struct ssh_conn_in +@@ -2280,6 +2374,15 @@ ssh_session2(struct ssh *ssh, const struct ssh_conn_in { - int r, interactive, id = -1; + int r, id = -1; char *cp, *tun_fwd_ifname = NULL; + +#ifdef HPN_ENABLED @@ -1267,11 +1267,11 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no ---- work/openssh/version.h.orig 2025-02-18 00:15:08.000000000 -0800 -+++ work/openssh/version.h 2025-02-19 07:59:36.425254000 -0800 +--- work/openssh/version.h.orig 2025-10-05 19:25:16.000000000 -0700 ++++ work/openssh/version.h 2025-10-06 08:19:38.217160000 -0700 @@ -4,3 +4,4 @@ - #define SSH_PORTABLE "p2" + #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE +#define SSH_HPN "-hpn14v15" --- work/openssh/kex.h.orig 2019-07-10 17:35:36.523216000 -0700 diff --git a/security/openssh-portable/files/extra-patch-hpn-compat b/security/openssh-portable/files/extra-patch-hpn-compat index ef6542e0e64a..58c2d7a0e0e7 100644 --- a/security/openssh-portable/files/extra-patch-hpn-compat +++ b/security/openssh-portable/files/extra-patch-hpn-compat @@ -16,12 +16,12 @@ r294563 was incomplete; re-add the client-side options as well. ------------------------------------------------------------------------ ---- readconf.c.orig 2025-04-09 00:02:43.000000000 -0700 -+++ readconf.c 2025-04-10 21:55:30.974643000 -0700 -@@ -332,6 +332,12 @@ static struct { - { "obscurekeystroketiming", oObscureKeystrokeTiming }, - { "channeltimeout", oChannelTimeout }, +--- readconf.c.orig 2025-10-05 19:25:16.000000000 -0700 ++++ readconf.c 2025-10-06 08:47:03.024775000 -0700 +@@ -328,6 +328,12 @@ static struct { { "versionaddendum", oVersionAddendum }, + { "refuseconnection", oRefuseConnection }, + { "warnweakcrypto", oWarnWeakCrypto }, + { "hpndisabled", oDeprecated }, + { "hpnbuffersize", oDeprecated }, + { "tcprcvbufpoll", oDeprecated }, diff --git a/security/openssh-portable/files/patch-ssh-agent.1 b/security/openssh-portable/files/patch-ssh-agent.1 index 8e5a9777519f..d44465be3124 100644 --- a/security/openssh-portable/files/patch-ssh-agent.1 +++ b/security/openssh-portable/files/patch-ssh-agent.1 @@ -4,21 +4,21 @@ r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines Add a -x option that causes ssh-agent(1) to exit when all clients have disconnected. ---- ssh-agent.1.orig 2020-02-13 16:40:54.000000000 -0800 -+++ ssh-agent.1 2020-03-21 17:03:22.952068000 -0700 +--- ssh-agent.1.orig 2025-10-05 19:25:16.000000000 -0700 ++++ ssh-agent.1 2025-10-06 08:30:26.521757000 -0700 @@ -43,7 +43,7 @@ .Sh SYNOPSIS .Nm ssh-agent .Op Fl c | s --.Op Fl \&Dd -+.Op Fl \&Ddx +-.Op Fl \&DdTU ++.Op Fl \&DdTUx .Op Fl a Ar bind_address .Op Fl E Ar fingerprint_hash - .Op Fl P Ar provider_whitelist -@@ -125,6 +125,8 @@ A lifetime specified for an identity with - .Xr ssh-add 1 - overrides this value. - Without this option the default maximum lifetime is forever. + .Op Fl O Ar option +@@ -203,6 +203,8 @@ will delete stale agent sockets regardless of the host + If this option is given twice, + .Nm + will delete stale agent sockets regardless of the host name that created them. +.It Fl x +Exit after the last client has disconnected. .It Ar command Op Ar arg ... diff --git a/security/openssh-portable/files/patch-ssh-agent.c b/security/openssh-portable/files/patch-ssh-agent.c index cd85012d883f..b17027d0e340 100644 --- a/security/openssh-portable/files/patch-ssh-agent.c +++ b/security/openssh-portable/files/patch-ssh-agent.c @@ -8,11 +8,11 @@ r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines Add a -x option that causes ssh-agent(1) to exit when all clients have disconnected. ---- ssh-agent.c.orig 2023-12-18 06:59:50.000000000 -0800 -+++ ssh-agent.c 2023-12-19 17:16:22.128981000 -0800 -@@ -196,11 +196,28 @@ - /* Refuse signing of non-SSH messages for web-origin FIDO keys */ +--- ssh-agent.c.orig 2025-10-05 19:25:16.000000000 -0700 ++++ ssh-agent.c 2025-10-06 08:33:47.247562000 -0700 +@@ -193,11 +193,28 @@ static char *websafe_allowlist; static int restrict_websafe = 1; + static char *websafe_allowlist; +/* + * Client connection count; incremented in new_socket() and decremented in @@ -39,7 +39,7 @@ disconnected. close(e->fd); sshbuf_free(e->input); sshbuf_free(e->output); -@@ -213,6 +230,8 @@ +@@ -210,6 +227,8 @@ close_socket(SocketEntry *e) memset(e, '\0', sizeof(*e)); e->fd = -1; e->type = AUTH_UNUSED; @@ -48,7 +48,7 @@ disconnected. } static void -@@ -1893,6 +1912,10 @@ +@@ -1887,6 +1906,10 @@ new_socket(sock_type type, int fd) debug_f("type = %s", type == AUTH_CONNECTION ? "CONNECTION" : (type == AUTH_SOCKET ? "SOCKET" : "UNKNOWN")); @@ -59,16 +59,16 @@ disconnected. set_nonblock(fd); if (fd > max_fd) -@@ -2184,7 +2207,7 @@ +@@ -2177,7 +2200,7 @@ usage(void) usage(void) { fprintf(stderr, -- "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" -+ "usage: ssh-agent [-c | -s] [-Ddx] [-a bind_address] [-E fingerprint_hash]\n" +- "usage: ssh-agent [-c | -s] [-DdTU] [-a bind_address] [-E fingerprint_hash]\n" ++ "usage: ssh-agent [-c | -s] [-DdTUx] [-a bind_address] [-E fingerprint_hash]\n" " [-O option] [-P allowed_providers] [-t life]\n" - " ssh-agent [-a bind_address] [-E fingerprint_hash] [-O option]\n" + " ssh-agent [-TU] [-a bind_address] [-E fingerprint_hash] [-O option]\n" " [-P allowed_providers] [-t life] command [arg ...]\n" -@@ -2218,6 +2241,7 @@ +@@ -2218,6 +2241,7 @@ main(int ac, char **av) /* drop */ (void)setegid(getgid()); (void)setgid(getgid()); @@ -76,22 +76,22 @@ disconnected. platform_disable_tracing(0); /* strict=no */ -@@ -2229,7 +2253,7 @@ +@@ -2229,7 +2253,7 @@ main(int ac, char **av) __progname = ssh_get_progname(av[0]); seed_rng(); -- while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:")) != -1) { -+ while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:x")) != -1) { +- while ((ch = getopt(ac, av, "cDdksTuUE:a:O:P:t:")) != -1) { ++ while ((ch = getopt(ac, av, "cDdksTuUE:a:O:P:t:x")) != -1) { switch (ch) { case 'E': fingerprint_hash = ssh_digest_alg_by_name(optarg); -@@ -2280,6 +2304,9 @@ - fprintf(stderr, "Invalid lifetime\n"); +@@ -2286,6 +2310,9 @@ main(int ac, char **av) usage(); } -+ break; + break; + case 'x': + xcount = 0; ++ break; + case 'T': + T_flag++; break; - default: - usage();home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202510061743.596Hh7KI008525>