Date: Mon, 16 Nov 2020 19:39:34 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r555512 - in head/security/openssh-portable: . files Message-ID: <202011161939.0AGJdYBH006605@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Mon Nov 16 19:39:34 2020 New Revision: 555512 URL: https://svnweb.freebsd.org/changeset/ports/555512 Log: - Update to 8.4p1 (skipped 8.3) - https://www.openssh.com/txt/release-8.3 - https://www.openssh.com/txt/release-8.4 PR: 239807, 250319 Sponsored by: Dell EMC Modified: head/security/openssh-portable/Makefile head/security/openssh-portable/distinfo head/security/openssh-portable/files/extra-patch-hpn head/security/openssh-portable/files/patch-ssh-agent.c Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Mon Nov 16 19:29:36 2020 (r555511) +++ head/security/openssh-portable/Makefile Mon Nov 16 19:39:34 2020 (r555512) @@ -2,8 +2,8 @@ # $FreeBSD$ PORTNAME= openssh -DISTVERSION= 8.2p1 -PORTREVISION= 2 +DISTVERSION= 8.4p1 +PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= OPENBSD/OpenSSH/portable @@ -99,12 +99,12 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue . endif # - See https://sources.debian.org/data/main/o/openssh/ for which subdir to # pull from. -GSSAPI_DEBIAN_SUBDIR= ${DISTVERSION}-4 +GSSAPI_DEBIAN_SUBDIR= ${DISTVERSION}-2 # - Debian does not use a versioned filename so we trick fetch to make one for # us with the ?<anything>=/ trick. PATCH_SITES+= https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex # Bump this when updating the patch location -GSSAPI_UPDATE_DATE= 20190719 +GSSAPI_UPDATE_DATE= 20200607 PATCHFILES+= openssh-${DISTVERSION}-gsskex-all-20141021-debian-rh-${GSSAPI_UPDATE_DATE}.patch:-p1:gsskex .endif @@ -206,10 +206,11 @@ post-install: test: build cd ${WRKSRC} && ${SETENV} -i \ - OBJ=${WRKDIR} ${MAKE_ENV} \ + OBJ=${WRKDIR} ${MAKE_ENV:NHOME=*} \ TEST_SHELL=${SH} \ SUDO="${SUDO}" \ LOGNAME="${LOGNAME}" \ + HOME="${HOME}" \ TEST_SSH_TRACE=yes \ PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \ ${MAKE_CMD} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} tests Modified: head/security/openssh-portable/distinfo ============================================================================== --- head/security/openssh-portable/distinfo Mon Nov 16 19:29:36 2020 (r555511) +++ head/security/openssh-portable/distinfo Mon Nov 16 19:39:34 2020 (r555512) @@ -1,5 +1,5 @@ -TIMESTAMP = 1584982081 -SHA256 (openssh-8.2p1.tar.gz) = 43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671 -SIZE (openssh-8.2p1.tar.gz) = 1701197 -SHA256 (openssh-8.2p1-gsskex-all-20141021-debian-rh-20190719.patch) = b035f62000190a2c77257db76b3751acf0e018dc20d55e07a8c3c9702de04989 -SIZE (openssh-8.2p1-gsskex-all-20141021-debian-rh-20190719.patch) = 125954 +TIMESTAMP = 1605552780 +SHA256 (openssh-8.4p1.tar.gz) = 5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24 +SIZE (openssh-8.4p1.tar.gz) = 1742201 +SHA256 (openssh-8.4p1-gsskex-all-20141021-debian-rh-20200607.patch) = 15139c42894dd0ebd182608ecd7151a9eef6158aed30c676e7685e8407c6d1cb +SIZE (openssh-8.4p1-gsskex-all-20141021-debian-rh-20200607.patch) = 126748 Modified: head/security/openssh-portable/files/extra-patch-hpn ============================================================================== --- head/security/openssh-portable/files/extra-patch-hpn Mon Nov 16 19:29:36 2020 (r555511) +++ head/security/openssh-portable/files/extra-patch-hpn Mon Nov 16 19:39:34 2020 (r555512) @@ -685,12 +685,12 @@ diff -urN -x configure -x config.guess -x config.h.in int64_t rekey_limit; int rekey_interval; int no_host_authentication_for_localhost; ---- work/openssh/scp.c.orig 2019-12-20 18:52:08.907088000 -0800 -+++ work/openssh-8.1p1/scp.c 2019-12-20 18:51:55.186005000 -0800 -@@ -1239,7 +1239,7 @@ sink(int argc, char **argv, const char *src) +--- work/openssh/scp.c.orig 2020-09-27 00:25:01.000000000 -0700 ++++ work/openssh/scp.c 2020-11-10 10:31:03.060729000 -0800 +@@ -1246,7 +1246,7 @@ sink(int argc, char **argv, const char *src) off_t size, statbytes; unsigned long long ull; - int setimes, targisdir, wrerrno = 0; + int setimes, targisdir, wrerr; - char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; + char ch, *cp, *np, *targ, *why, *vect[1], buf[COPY_BUFLEN], visbuf[COPY_BUFLEN]; char **patterns = NULL; @@ -1079,9 +1079,9 @@ diff -urN -x configure -x config.guess -x config.h.in #define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */ #define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ #define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */ ---- work/openssh/sshconnect.c.orig 2018-10-16 17:01:20.000000000 -0700 -+++ work/openssh/sshconnect.c 2018-11-12 09:04:24.340706000 -0800 -@@ -355,7 +355,32 @@ check_ifaddrs(const char *ifname, int af, const struct +--- work/openssh/sshconnect.c.orig 2020-09-27 00:25:01.000000000 -0700 ++++ work/openssh/sshconnect.c 2020-11-10 21:35:40.945330000 -0800 +@@ -361,7 +361,32 @@ check_ifaddrs(const char *ifname, int af, const struct } #endif @@ -1114,7 +1114,7 @@ diff -urN -x configure -x config.guess -x config.h.in * Creates a socket for use as the ssh connection. */ static int -@@ -377,6 +402,11 @@ ssh_create_socket(struct addrinfo *ai) +@@ -383,6 +408,11 @@ ssh_create_socket(struct addrinfo *ai) } fcntl(sock, F_SETFD, FD_CLOEXEC); @@ -1126,14 +1126,14 @@ diff -urN -x configure -x config.guess -x config.h.in /* Bind the socket to an alternative local IP address */ if (options.bind_address == NULL && options.bind_interface == NULL) return sock; -@@ -1280,7 +1310,8 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const +@@ -1289,7 +1319,8 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const lowercase(host); /* Exchange protocol version identification strings with the server. */ -- if (kex_exchange_identification(ssh, timeout_ms, NULL) != 0) -+ if (kex_exchange_identification(ssh, timeout_ms, NULL, -+ options.hpn_disabled) != 0) - cleanup_exit(255); /* error already logged */ +- if ((r = kex_exchange_identification(ssh, timeout_ms, NULL)) != 0) ++ if ((r = kex_exchange_identification(ssh, timeout_ms, NULL, ++ options.hpn_disabled)) != 0) + sshpkt_fatal(ssh, r, "banner exchange"); /* Put the connection into non-blocking mode. */ --- sshconnect2.c.orig 2020-02-13 16:40:54.000000000 -0800 @@ -1204,9 +1204,9 @@ diff -urN -x configure -x config.guess -x config.h.in debug("Authentication succeeded (%s).", authctxt.method->name); } ---- work/openssh-7.7p1/sshd.c.orig 2018-04-01 22:38:28.000000000 -0700 -+++ work/openssh-7.7p1/sshd.c 2018-06-27 17:13:03.176633000 -0700 -@@ -957,6 +957,10 @@ listen_on_addrs(struct listenaddr *la) +--- work/openssh/sshd.c.orig 2020-11-10 21:36:31.340159000 -0800 ++++ work/openssh/sshd.c 2020-11-10 21:37:10.097038000 -0800 +@@ -1065,6 +1065,10 @@ listen_on_addrs(struct listenaddr *la) int ret, listen_sock; struct addrinfo *ai; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; @@ -1217,7 +1217,7 @@ diff -urN -x configure -x config.guess -x config.h.in for (ai = la->addrs; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) -@@ -1002,6 +1006,13 @@ listen_on_addrs(struct listenaddr *la) +@@ -1110,6 +1114,13 @@ listen_on_addrs(struct listenaddr *la) debug("Bind to port %s on %s.", strport, ntop); @@ -1229,9 +1229,9 @@ diff -urN -x configure -x config.guess -x config.h.in +#endif + /* Bind the socket to the desired port. */ - if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) { error("Bind to port %s on %s failed: %.200s.", -@@ -1645,6 +1656,15 @@ main(int ac, char **av) +@@ -1753,6 +1764,15 @@ main(int ac, char **av) /* Fill in default values for those options not explicitly set. */ fill_default_server_options(&options); @@ -1247,7 +1247,7 @@ diff -urN -x configure -x config.guess -x config.h.in /* challenge-response is implemented via keyboard interactive */ if (options.challenge_response_authentication) options.kbd_interactive_authentication = 1; -@@ -2090,6 +2110,11 @@ main(int ac, char **av) +@@ -2220,6 +2240,11 @@ main(int ac, char **av) rdomain == NULL ? "" : "\""); free(laddr); @@ -1259,17 +1259,16 @@ diff -urN -x configure -x config.guess -x config.h.in /* * We don't want to listen forever unless the other side * successfully authenticates itself. So we set up an alarm which is -@@ -2102,7 +2127,8 @@ main(int ac, char **av) - if (!debug_flag) +@@ -2233,7 +2258,7 @@ main(int ac, char **av) alarm(options.login_grace_time); -- if (kex_exchange_identification(ssh, -1, options.version_addendum) != 0) -+ if (kex_exchange_identification(ssh, -1, options.version_addendum, -+ options.hpn_disabled) != 0) - cleanup_exit(255); /* error already logged */ + if ((r = kex_exchange_identification(ssh, -1, +- options.version_addendum)) != 0) ++ options.version_addendum, options.hpn_disabled)) != 0) + sshpkt_fatal(ssh, r, "banner exchange"); ssh_packet_set_nonblocking(ssh); -@@ -2264,6 +2290,11 @@ do_ssh2_kex(struct ssh *ssh) +@@ -2397,6 +2422,11 @@ do_ssh2_kex(struct ssh *ssh) char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; struct kex *kex; int r; Modified: head/security/openssh-portable/files/patch-ssh-agent.c ============================================================================== --- head/security/openssh-portable/files/patch-ssh-agent.c Mon Nov 16 19:29:36 2020 (r555511) +++ head/security/openssh-portable/files/patch-ssh-agent.c Mon Nov 16 19:39:34 2020 (r555512) @@ -8,12 +8,12 @@ r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct Add a -x option that causes ssh-agent(1) to exit when all clients have disconnected. ---- ssh-agent.c.orig 2020-02-13 16:40:54.000000000 -0800 -+++ ssh-agent.c 2020-03-21 17:04:44.305866000 -0700 -@@ -167,15 +167,34 @@ static long lifetime = 0; +--- ssh-agent.c.orig 2020-09-27 00:25:01.000000000 -0700 ++++ ssh-agent.c 2020-11-09 09:07:10.924940000 -0800 +@@ -171,15 +171,34 @@ static int fingerprint_hash = SSH_FP_HASH_DEFAULT; + /* Refuse signing of non-SSH messages for web-origin FIDO keys */ + static int restrict_websafe = 1; - static int fingerprint_hash = SSH_FP_HASH_DEFAULT; - +/* + * Client connection count; incremented in new_socket() and decremented in + * close_socket(). When it reaches 0, ssh-agent will exit. Since it is @@ -45,7 +45,7 @@ disconnected. } static void -@@ -875,6 +894,10 @@ new_socket(sock_type type, int fd) +@@ -961,6 +980,10 @@ new_socket(sock_type type, int fd) { u_int i, old_alloc, new_alloc; @@ -56,16 +56,16 @@ disconnected. set_nonblock(fd); if (fd > max_fd) -@@ -1170,7 +1193,7 @@ static void +@@ -1261,7 +1284,7 @@ static void usage(void) { fprintf(stderr, - "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" + "usage: ssh-agent [-c | -s] [-Ddx] [-a bind_address] [-E fingerprint_hash]\n" - " [-P provider_whitelist] [-t life] [command [arg ...]]\n" - " ssh-agent [-c | -s] -k\n"); - exit(1); -@@ -1202,6 +1225,7 @@ main(int ac, char **av) + " [-P allowed_providers] [-t life]\n" + " ssh-agent [-a bind_address] [-E fingerprint_hash] [-P allowed_providers]\n" + " [-t life] command [arg ...]\n" +@@ -1295,6 +1318,7 @@ main(int ac, char **av) /* drop */ setegid(getgid()); setgid(getgid()); @@ -73,16 +73,16 @@ disconnected. platform_disable_tracing(0); /* strict=no */ -@@ -1213,7 +1237,7 @@ main(int ac, char **av) +@@ -1306,7 +1330,7 @@ main(int ac, char **av) __progname = ssh_get_progname(av[0]); seed_rng(); -- while ((ch = getopt(ac, av, "cDdksE:a:P:t:")) != -1) { -+ while ((ch = getopt(ac, av, "cDdksE:a:P:t:x")) != -1) { +- while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:")) != -1) { ++ while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:x")) != -1) { switch (ch) { case 'E': fingerprint_hash = ssh_digest_alg_by_name(optarg); -@@ -1256,6 +1280,9 @@ main(int ac, char **av) +@@ -1355,6 +1379,9 @@ main(int ac, char **av) fprintf(stderr, "Invalid lifetime\n"); usage(); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202011161939.0AGJdYBH006605>