Date: Sat, 8 Oct 2022 15:53:41 GMT From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 162c735b3423 - main - security/openssh-portable: Update to 9.1p1 Message-ID: <202210081553.298FrfaK074069@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by bdrewery: URL: https://cgit.FreeBSD.org/ports/commit/?id=162c735b342337126ccc74f625c587a02c4d45fd commit 162c735b342337126ccc74f625c587a02c4d45fd Author: Bryan Drewery <bdrewery@FreeBSD.org> AuthorDate: 2022-10-04 16:39:50 +0000 Commit: Bryan Drewery <bdrewery@FreeBSD.org> CommitDate: 2022-10-08 15:53:12 +0000 security/openssh-portable: Update to 9.1p1 Changes: https://www.openssh.com/txt/release-9.1 --- security/openssh-portable/Makefile | 7 ++-- security/openssh-portable/distinfo | 6 +-- .../openssh-portable/files/extra-patch-hpn-compat | 16 ++++---- .../files/patch-FreeBSD-caph_cache_tzdata | 43 ---------------------- 4 files changed, 15 insertions(+), 57 deletions(-) diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 568f13d839a3..14cb3a8f970a 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -1,5 +1,5 @@ PORTNAME= openssh -DISTVERSION= 9.0p1 +DISTVERSION= 9.1p1 PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security @@ -101,7 +101,7 @@ PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex # Must add this patch before HPN due to conflicts .if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi -#BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. +BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. . if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} # Needed glue for applying HPN patch without conflict EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue @@ -114,7 +114,8 @@ GSSAPI_DEBIAN_SUBDIR= ${DISTVERSION}-1 PATCH_SITES+= https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex # Bump this when updating the patch location GSSAPI_UPDATE_DATE= 20220203 -PATCHFILES+= openssh-${DISTVERSION}-gsskex-all-20141021-debian-rh-${GSSAPI_UPDATE_DATE}.patch:-p1:gsskex +#GSSAPI_DISTVERSION= 9.0p1 +PATCHFILES+= openssh-${GSSAPI_DISTVERSION:U${DISTVERSION}}-gsskex-all-20141021-debian-rh-${GSSAPI_UPDATE_DATE}.patch:-p1:gsskex EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-auth2-gss.c EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgssc.c EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgsss.c diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index 9f500393410c..1dffd1baac8a 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1654549050 -SHA256 (openssh-9.0p1.tar.gz) = 03974302161e9ecce32153cfa10012f1e65c8f3750f573a73ab1befd5972a28a -SIZE (openssh-9.0p1.tar.gz) = 1822183 +TIMESTAMP = 1664898976 +SHA256 (openssh-9.1p1.tar.gz) = 19f85009c7e3e23787f0236fbb1578392ab4d4bf9f8ec5fe6bc1cd7e8bfdd288 +SIZE (openssh-9.1p1.tar.gz) = 1838747 SHA256 (openssh-9.0p1-gsskex-all-20141021-debian-rh-20220203.patch) = d2f4c7bb1bc33540605a3bb0c9517d7b4ed2f5d77c24f7afcd64891be59f4ed2 SIZE (openssh-9.0p1-gsskex-all-20141021-debian-rh-20220203.patch) = 127245 diff --git a/security/openssh-portable/files/extra-patch-hpn-compat b/security/openssh-portable/files/extra-patch-hpn-compat index c47d0a1d3b5d..d78aa1821e49 100644 --- a/security/openssh-portable/files/extra-patch-hpn-compat +++ b/security/openssh-portable/files/extra-patch-hpn-compat @@ -16,12 +16,12 @@ r294563 was incomplete; re-add the client-side options as well. ------------------------------------------------------------------------ ---- readconf.c.orig 2021-04-27 11:24:15.916596000 -0700 -+++ readconf.c 2021-04-27 11:25:24.222034000 -0700 -@@ -316,6 +316,12 @@ static struct { - { "proxyjump", oProxyJump }, +--- readconf.c.orig 2022-10-04 08:57:04.041419000 -0700 ++++ readconf.c 2022-10-04 08:57:56.915474000 -0700 +@@ -321,6 +321,12 @@ static struct { { "securitykeyprovider", oSecurityKeyProvider }, { "knownhostscommand", oKnownHostsCommand }, + { "requiredrsasize", oRequiredRSASize }, + { "hpndisabled", oDeprecated }, + { "hpnbuffersize", oDeprecated }, + { "tcprcvbufpoll", oDeprecated }, @@ -31,12 +31,12 @@ r294563 was incomplete; re-add the client-side options as well. { NULL, oBadOption } }; ---- servconf.c.orig 2020-02-13 16:40:54.000000000 -0800 -+++ servconf.c 2020-03-21 17:01:18.011062000 -0700 -@@ -695,6 +695,10 @@ static struct { - { "rdomain", sRDomain, SSHCFG_ALL }, +--- servconf.c.orig 2022-10-03 07:51:42.000000000 -0700 ++++ servconf.c 2022-10-04 08:58:21.118208000 -0700 +@@ -681,6 +681,10 @@ static struct { { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, + { "requiredrsasize", sRequiredRSASize, SSHCFG_ALL }, + { "noneenabled", sUnsupported, SSHCFG_ALL }, + { "hpndisabled", sDeprecated, SSHCFG_ALL }, + { "hpnbuffersize", sDeprecated, SSHCFG_ALL }, diff --git a/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata b/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata deleted file mode 100644 index bf3889265b77..000000000000 --- a/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata +++ /dev/null @@ -1,43 +0,0 @@ -commit fc3c19a9fceeea48a9259ac3833a125804342c0e -Author: Ed Maste <emaste@FreeBSD.org> -Date: Sat Oct 6 21:32:55 2018 +0000 - - sshd: address capsicum issues - - * Add a wrapper to proxy login_getpwclass(3) as it is not allowed in - capability mode. - * Cache timezone data via caph_cache_tzdata() as we cannot access the - timezone file. - * Reverse resolve hostname before entering capability mode. - - PR: 231172 - Submitted by: naito.yuichiro@gmail.com - Reviewed by: cem, des - Approved by: re (rgrimes) - MFC after: 3 weeks - Differential Revision: https://reviews.freebsd.org/D17128 - -Notes: - svn path=/head/; revision=339216 - -diff --git crypto/openssh/sandbox-capsicum.c crypto/openssh/sandbox-capsicum.c -index 5f41d526292b..f728abd18250 100644 ---- sandbox-capsicum.c -+++ sandbox-capsicum.c -@@ -31,6 +31,7 @@ __RCSID("$FreeBSD$"); - #include <stdlib.h> - #include <string.h> - #include <unistd.h> -+#include <capsicum_helpers.h> - - #include "log.h" - #include "monitor.h" -@@ -71,6 +72,8 @@ ssh_sandbox_child(struct ssh_sandbox *box) - struct rlimit rl_zero; - cap_rights_t rights; - -+ caph_cache_tzdata(); -+ - rl_zero.rlim_cur = rl_zero.rlim_max = 0; - - if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202210081553.298FrfaK074069>