From nobody Sat Oct 8 15:53:41 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ml8q93k2nz4V093; Sat, 8 Oct 2022 15:53:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ml8q92nj1z3y3V; Sat, 8 Oct 2022 15:53:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665244421; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Dm9bqT7LL92GFNobrtUBTuldimZpTUmORBD9mOyp0/c=; b=Rq2+5vGiuTaP6iZdWNrMWxb7G8CmRWz6uZHkErHGwncUG11pAxHw8SW3WSZW21+p0CRqX3 GNeet26UV8MYmCueTTk28kcbwtr9wkJEU5QG7Qrb1uCbTpy1KmPmtJT4gz2/wG9GVyIcT8 8sBPLBGEZPujkJCeJAQFQrDfuRZwOt1t77P6mkRZarV8Tww8+0TgEJtTmhEHGgn1363ch0 G8q5krmgi9tOyYsxIcLyJmORMoWwEaNZw0oif1JD5z1CkUDxrOcMVBUAJ18SRqm9ObY1xN ZSIc7xRT3dPiQMo9y1T5bGT3yd9VZ+0FOGc2dPsW7p0RFdIGYZbvSVwVHetQXg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Ml8q91qJ7z10Yc; Sat, 8 Oct 2022 15:53:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 298FrfVc074070; Sat, 8 Oct 2022 15:53:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 298FrfaK074069; Sat, 8 Oct 2022 15:53:41 GMT (envelope-from git) Date: Sat, 8 Oct 2022 15:53:41 GMT Message-Id: <202210081553.298FrfaK074069@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Bryan Drewery Subject: git: 162c735b3423 - main - security/openssh-portable: Update to 9.1p1 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bdrewery X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 162c735b342337126ccc74f625c587a02c4d45fd Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665244421; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Dm9bqT7LL92GFNobrtUBTuldimZpTUmORBD9mOyp0/c=; b=OLSYK8yVLN7TXYMob0hALfK1iJ5PCX0ncYymjUe9q8XvcC1ajZ/Nj0/njep+re9RkaKguY ryHv9lvoB57jPR1+i2pyqpTeBsz+vQUhrhIS3ApJMdvVjFgMX6HChj8iNtontIZhu54EOt 5QOjVQvH8YncKrCFhJlNxHtI9K5C4HPd9MnWklW1+tKTuz3eJQ9H7HWQxWXCbcJi4weyV3 lxkBd31NaxKp1Cs2CS9dH2YQgN3EVMBIpVWDt3CZT6gkpbeYvsTPnEXG0+pouCNojtxAAX XQqwlV4qF0lP7CFKOJTqXDRQ7NqQKcCvWUSfcphq2oFav6cAoMU4g92khjGekQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1665244421; a=rsa-sha256; cv=none; b=gyOodpRgJZi1o3p53Lunm364UMjR46Mr3ldZq5KfptHI92wMRkExv6nTu1qTSy1I/u4ipl tK8wDhXrSM2jV6gdQ1UzU2qgGUsp66IBc9oysqom5cr9rYnIDRNotC9c1mMmoGX9gQR9xW P5Vp1XsPLAJii6KnYQkrppy915zZS2Q+pjjAu2EbTPEr7UW526BbFjKXydloc+uX21VLYc dI6sdxayVS6lMI7Ro7N3yZvdSbX/CxHJpbGt1skcuxYR0vJn2BMjw16dmJy1jwUJzcBQAn MwBF4TAODfISZF9/dtkgw9Ojj49OdTWqGtA9AV79npSi6BDfiQOKPLtYfG8TqA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by bdrewery: URL: https://cgit.FreeBSD.org/ports/commit/?id=162c735b342337126ccc74f625c587a02c4d45fd commit 162c735b342337126ccc74f625c587a02c4d45fd Author: Bryan Drewery AuthorDate: 2022-10-04 16:39:50 +0000 Commit: Bryan Drewery CommitDate: 2022-10-08 15:53:12 +0000 security/openssh-portable: Update to 9.1p1 Changes: https://www.openssh.com/txt/release-9.1 --- security/openssh-portable/Makefile | 7 ++-- security/openssh-portable/distinfo | 6 +-- .../openssh-portable/files/extra-patch-hpn-compat | 16 ++++---- .../files/patch-FreeBSD-caph_cache_tzdata | 43 ---------------------- 4 files changed, 15 insertions(+), 57 deletions(-) diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 568f13d839a3..14cb3a8f970a 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -1,5 +1,5 @@ PORTNAME= openssh -DISTVERSION= 9.0p1 +DISTVERSION= 9.1p1 PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security @@ -101,7 +101,7 @@ PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex # Must add this patch before HPN due to conflicts .if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi -#BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. +BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. . if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} # Needed glue for applying HPN patch without conflict EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue @@ -114,7 +114,8 @@ GSSAPI_DEBIAN_SUBDIR= ${DISTVERSION}-1 PATCH_SITES+= https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex # Bump this when updating the patch location GSSAPI_UPDATE_DATE= 20220203 -PATCHFILES+= openssh-${DISTVERSION}-gsskex-all-20141021-debian-rh-${GSSAPI_UPDATE_DATE}.patch:-p1:gsskex +#GSSAPI_DISTVERSION= 9.0p1 +PATCHFILES+= openssh-${GSSAPI_DISTVERSION:U${DISTVERSION}}-gsskex-all-20141021-debian-rh-${GSSAPI_UPDATE_DATE}.patch:-p1:gsskex EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-auth2-gss.c EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgssc.c EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgsss.c diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index 9f500393410c..1dffd1baac8a 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1654549050 -SHA256 (openssh-9.0p1.tar.gz) = 03974302161e9ecce32153cfa10012f1e65c8f3750f573a73ab1befd5972a28a -SIZE (openssh-9.0p1.tar.gz) = 1822183 +TIMESTAMP = 1664898976 +SHA256 (openssh-9.1p1.tar.gz) = 19f85009c7e3e23787f0236fbb1578392ab4d4bf9f8ec5fe6bc1cd7e8bfdd288 +SIZE (openssh-9.1p1.tar.gz) = 1838747 SHA256 (openssh-9.0p1-gsskex-all-20141021-debian-rh-20220203.patch) = d2f4c7bb1bc33540605a3bb0c9517d7b4ed2f5d77c24f7afcd64891be59f4ed2 SIZE (openssh-9.0p1-gsskex-all-20141021-debian-rh-20220203.patch) = 127245 diff --git a/security/openssh-portable/files/extra-patch-hpn-compat b/security/openssh-portable/files/extra-patch-hpn-compat index c47d0a1d3b5d..d78aa1821e49 100644 --- a/security/openssh-portable/files/extra-patch-hpn-compat +++ b/security/openssh-portable/files/extra-patch-hpn-compat @@ -16,12 +16,12 @@ r294563 was incomplete; re-add the client-side options as well. ------------------------------------------------------------------------ ---- readconf.c.orig 2021-04-27 11:24:15.916596000 -0700 -+++ readconf.c 2021-04-27 11:25:24.222034000 -0700 -@@ -316,6 +316,12 @@ static struct { - { "proxyjump", oProxyJump }, +--- readconf.c.orig 2022-10-04 08:57:04.041419000 -0700 ++++ readconf.c 2022-10-04 08:57:56.915474000 -0700 +@@ -321,6 +321,12 @@ static struct { { "securitykeyprovider", oSecurityKeyProvider }, { "knownhostscommand", oKnownHostsCommand }, + { "requiredrsasize", oRequiredRSASize }, + { "hpndisabled", oDeprecated }, + { "hpnbuffersize", oDeprecated }, + { "tcprcvbufpoll", oDeprecated }, @@ -31,12 +31,12 @@ r294563 was incomplete; re-add the client-side options as well. { NULL, oBadOption } }; ---- servconf.c.orig 2020-02-13 16:40:54.000000000 -0800 -+++ servconf.c 2020-03-21 17:01:18.011062000 -0700 -@@ -695,6 +695,10 @@ static struct { - { "rdomain", sRDomain, SSHCFG_ALL }, +--- servconf.c.orig 2022-10-03 07:51:42.000000000 -0700 ++++ servconf.c 2022-10-04 08:58:21.118208000 -0700 +@@ -681,6 +681,10 @@ static struct { { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, + { "requiredrsasize", sRequiredRSASize, SSHCFG_ALL }, + { "noneenabled", sUnsupported, SSHCFG_ALL }, + { "hpndisabled", sDeprecated, SSHCFG_ALL }, + { "hpnbuffersize", sDeprecated, SSHCFG_ALL }, diff --git a/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata b/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata deleted file mode 100644 index bf3889265b77..000000000000 --- a/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata +++ /dev/null @@ -1,43 +0,0 @@ -commit fc3c19a9fceeea48a9259ac3833a125804342c0e -Author: Ed Maste -Date: Sat Oct 6 21:32:55 2018 +0000 - - sshd: address capsicum issues - - * Add a wrapper to proxy login_getpwclass(3) as it is not allowed in - capability mode. - * Cache timezone data via caph_cache_tzdata() as we cannot access the - timezone file. - * Reverse resolve hostname before entering capability mode. - - PR: 231172 - Submitted by: naito.yuichiro@gmail.com - Reviewed by: cem, des - Approved by: re (rgrimes) - MFC after: 3 weeks - Differential Revision: https://reviews.freebsd.org/D17128 - -Notes: - svn path=/head/; revision=339216 - -diff --git crypto/openssh/sandbox-capsicum.c crypto/openssh/sandbox-capsicum.c -index 5f41d526292b..f728abd18250 100644 ---- sandbox-capsicum.c -+++ sandbox-capsicum.c -@@ -31,6 +31,7 @@ __RCSID("$FreeBSD$"); - #include - #include - #include -+#include - - #include "log.h" - #include "monitor.h" -@@ -71,6 +72,8 @@ ssh_sandbox_child(struct ssh_sandbox *box) - struct rlimit rl_zero; - cap_rights_t rights; - -+ caph_cache_tzdata(); -+ - rl_zero.rlim_cur = rl_zero.rlim_max = 0; - - if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)