Date: Mon, 23 Mar 2020 16:53:46 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r528979 - in head/security/openssh-portable: . files Message-ID: <202003231653.02NGrkm2086383@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Mon Mar 23 16:53:46 2020 New Revision: 528979 URL: https://svnweb.freebsd.org/changeset/ports/528979 Log: - Update to 8.2p1 Release notes: https://www.openssh.com/txt/release-8.2 Modified: head/security/openssh-portable/Makefile head/security/openssh-portable/distinfo head/security/openssh-portable/files/extra-patch-hpn head/security/openssh-portable/files/extra-patch-hpn-compat head/security/openssh-portable/files/patch-ssh-agent.1 head/security/openssh-portable/files/patch-ssh-agent.c Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Mon Mar 23 16:05:35 2020 (r528978) +++ head/security/openssh-portable/Makefile Mon Mar 23 16:53:46 2020 (r528979) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= openssh -DISTVERSION= 8.1p1 +DISTVERSION= 8.2p1 PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security @@ -116,7 +116,7 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue . endif # - See https://sources.debian.org/data/main/o/openssh/ for which subdir to # pull from. -GSSAPI_DEBIAN_SUBDIR= ${DISTVERSION}-1 +GSSAPI_DEBIAN_SUBDIR= ${DISTVERSION}-4 # - Debian does not use a versioned filename so we trick fetch to make one for # us with the ?<anything>=/ trick. PATCH_SITES+= https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex Modified: head/security/openssh-portable/distinfo ============================================================================== --- head/security/openssh-portable/distinfo Mon Mar 23 16:05:35 2020 (r528978) +++ head/security/openssh-portable/distinfo Mon Mar 23 16:53:46 2020 (r528979) @@ -1,5 +1,5 @@ -TIMESTAMP = 1576982938 -SHA256 (openssh-8.1p1.tar.gz) = 02f5dbef3835d0753556f973cd57b4c19b6b1f6cd24c03445e23ac77ca1b93ff -SIZE (openssh-8.1p1.tar.gz) = 1625894 -SHA256 (openssh-8.1p1-gsskex-all-20141021-debian-rh-20190719.patch) = 7875fe41ce090ba2bb3d76c396f9e6de863fbad34235bf97a4012d2f949909fb -SIZE (openssh-8.1p1-gsskex-all-20141021-debian-rh-20190719.patch) = 128409 +TIMESTAMP = 1584982081 +SHA256 (openssh-8.2p1.tar.gz) = 43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671 +SIZE (openssh-8.2p1.tar.gz) = 1701197 +SHA256 (openssh-8.2p1-gsskex-all-20141021-debian-rh-20190719.patch) = b035f62000190a2c77257db76b3751acf0e018dc20d55e07a8c3c9702de04989 +SIZE (openssh-8.2p1-gsskex-all-20141021-debian-rh-20190719.patch) = 125954 Modified: head/security/openssh-portable/files/extra-patch-hpn ============================================================================== --- head/security/openssh-portable/files/extra-patch-hpn Mon Mar 23 16:05:35 2020 (r528978) +++ head/security/openssh-portable/files/extra-patch-hpn Mon Mar 23 16:53:46 2020 (r528979) @@ -387,9 +387,9 @@ diff -urN -x configure -x config.guess -x config.h.in void enable_compat13(void); void enable_compat20(void); ---- work.clean/openssh-6.8p1/configure.ac 2015-03-17 00:49:20.000000000 -0500 -+++ work/openssh-6.8p1/configure.ac 2015-04-03 16:36:28.916502000 -0500 -@@ -4238,6 +4238,25 @@ +--- configure.ac.orig 2020-03-22 11:06:53.034550000 -0700 ++++ configure.ac 2020-03-22 11:07:10.017487000 -0700 +@@ -4778,6 +4778,25 @@ AC_ARG_WITH([maildir], ] ) # maildir @@ -415,10 +415,10 @@ diff -urN -x configure -x config.guess -x config.h.in if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) disable_ptmx_check=yes -@@ -4905,6 +4924,8 @@ - echo " BSD Auth support: $BSD_AUTH_MSG" - echo " Random number source: $RAND_MSG" +@@ -5459,6 +5478,8 @@ echo " Random number source: $RAND_MSG" echo " Privsep sandbox style: $SANDBOX_STYLE" + echo " PKCS#11 support: $enable_pkcs11" + echo " U2F/FIDO support: $enable_sk" +echo " HPN support: $HPN_MSG" +echo " NONECIPHER support: $NONECIPHER_MSG" @@ -1136,9 +1136,9 @@ diff -urN -x configure -x config.guess -x config.h.in cleanup_exit(255); /* error already logged */ /* Put the connection into non-blocking mode. */ ---- work/openssh/sshconnect2.c.orig 2018-10-16 17:01:20.000000000 -0700 -+++ work/openssh/sshconnect2.c 2018-11-12 09:06:06.338515000 -0800 -@@ -81,7 +81,13 @@ +--- sshconnect2.c.orig 2020-02-13 16:40:54.000000000 -0800 ++++ sshconnect2.c 2020-03-22 11:10:01.017282000 -0700 +@@ -83,7 +83,13 @@ extern char *client_version_string; extern char *server_version_string; extern Options options; @@ -1152,7 +1152,7 @@ diff -urN -x configure -x config.guess -x config.h.in /* * SSH2 key exchange */ -@@ -154,16 +160,18 @@ order_hostkeyalgs(char *host, struct sockaddr *hostadd +@@ -156,10 +162,11 @@ order_hostkeyalgs(char *host, struct sockaddr *hostadd return ret; } @@ -1163,16 +1163,17 @@ diff -urN -x configure -x config.guess -x config.h.in { - char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; char *s, *all_key; - int r; + int r, use_known_hosts_order = 0; - xxx_host = host; - xxx_hostaddr = hostaddr; +@@ -183,6 +190,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr + fatal("%s: kex_assemble_namelist", __func__); + free(all_key); + memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) fatal("%s: kex_names_cat", __func__); myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); -@@ -422,6 +430,30 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, +@@ -435,6 +443,30 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, if (!authctxt.success) fatal("Authentication failed."); Modified: head/security/openssh-portable/files/extra-patch-hpn-compat ============================================================================== --- head/security/openssh-portable/files/extra-patch-hpn-compat Mon Mar 23 16:05:35 2020 (r528978) +++ head/security/openssh-portable/files/extra-patch-hpn-compat Mon Mar 23 16:53:46 2020 (r528979) @@ -16,12 +16,12 @@ r294563 was incomplete; re-add the client-side options ------------------------------------------------------------------------ ---- readconf.c.orig 2017-10-12 12:18:59.927293000 -0700 -+++ readconf.c 2017-10-12 12:19:45.048532000 -0700 -@@ -305,6 +305,12 @@ static struct { - { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes }, +--- readconf.c.orig 2020-03-21 16:51:23.450425000 -0700 ++++ readconf.c 2020-03-21 17:00:01.827757000 -0700 +@@ -310,6 +310,12 @@ static struct { { "ignoreunknown", oIgnoreUnknown }, { "proxyjump", oProxyJump }, + { "securitykeyprovider", oSecurityKeyProvider }, + { "hpndisabled", oDeprecated }, + { "hpnbuffersize", oDeprecated }, + { "tcprcvbufpoll", oDeprecated }, @@ -31,12 +31,12 @@ r294563 was incomplete; re-add the client-side options { NULL, oBadOption } }; ---- servconf.c.orig 2018-10-16 17:01:20.000000000 -0700 -+++ servconf.c 2018-11-10 11:32:09.835817000 -0800 -@@ -645,6 +645,10 @@ static struct { - { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, +--- servconf.c.orig 2020-02-13 16:40:54.000000000 -0800 ++++ servconf.c 2020-03-21 17:01:18.011062000 -0700 +@@ -695,6 +695,10 @@ static struct { { "rdomain", sRDomain, SSHCFG_ALL }, { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, + { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, + { "noneenabled", sUnsupported, SSHCFG_ALL }, + { "hpndisabled", sDeprecated, SSHCFG_ALL }, + { "hpnbuffersize", sDeprecated, SSHCFG_ALL }, Modified: head/security/openssh-portable/files/patch-ssh-agent.1 ============================================================================== --- head/security/openssh-portable/files/patch-ssh-agent.1 Mon Mar 23 16:05:35 2020 (r528978) +++ head/security/openssh-portable/files/patch-ssh-agent.1 Mon Mar 23 16:53:46 2020 (r528979) @@ -4,8 +4,8 @@ r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct Add a -x option that causes ssh-agent(1) to exit when all clients have disconnected. ---- ssh-agent.1.orig 2015-05-29 03:27:21.000000000 -0500 -+++ ssh-agent.1 2015-06-02 09:45:37.025390000 -0500 +--- ssh-agent.1.orig 2020-02-13 16:40:54.000000000 -0800 ++++ ssh-agent.1 2020-03-21 17:03:22.952068000 -0700 @@ -43,7 +43,7 @@ .Sh SYNOPSIS .Nm ssh-agent @@ -14,13 +14,13 @@ disconnected. +.Op Fl \&Ddx .Op Fl a Ar bind_address .Op Fl E Ar fingerprint_hash - .Op Fl t Ar life -@@ -128,6 +128,8 @@ + .Op Fl P Ar provider_whitelist +@@ -125,6 +125,8 @@ A lifetime specified for an identity with .Xr ssh-add 1 overrides this value. Without this option the default maximum lifetime is forever. +.It Fl x +Exit after the last client has disconnected. - .El - .Pp - If a commandline is given, this is executed as a subprocess of the agent. + .It Ar command Op Ar arg ... + If a command (and optional arguments) is given, + this is executed as a subprocess of the agent. Modified: head/security/openssh-portable/files/patch-ssh-agent.c ============================================================================== --- head/security/openssh-portable/files/patch-ssh-agent.c Mon Mar 23 16:05:35 2020 (r528978) +++ head/security/openssh-portable/files/patch-ssh-agent.c Mon Mar 23 16:53:46 2020 (r528979) @@ -8,9 +8,9 @@ r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct Add a -x option that causes ssh-agent(1) to exit when all clients have disconnected. ---- ssh-agent.c.orig 2017-10-02 12:34:26.000000000 -0700 -+++ ssh-agent.c 2017-10-12 11:31:40.908737000 -0700 -@@ -162,15 +162,34 @@ static long lifetime = 0; +--- ssh-agent.c.orig 2020-02-13 16:40:54.000000000 -0800 ++++ ssh-agent.c 2020-03-21 17:04:44.305866000 -0700 +@@ -167,15 +167,34 @@ static long lifetime = 0; static int fingerprint_hash = SSH_FP_HASH_DEFAULT; @@ -45,7 +45,7 @@ disconnected. } static void -@@ -745,6 +764,10 @@ new_socket(sock_type type, int fd) +@@ -875,6 +894,10 @@ new_socket(sock_type type, int fd) { u_int i, old_alloc, new_alloc; @@ -56,16 +56,16 @@ disconnected. set_nonblock(fd); if (fd > max_fd) -@@ -1007,7 +1030,7 @@ static void +@@ -1170,7 +1193,7 @@ static void usage(void) { fprintf(stderr, - "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n" + "usage: ssh-agent [-c | -s] [-Ddx] [-a bind_address] [-E fingerprint_hash]\n" - " [-P pkcs11_whitelist] [-t life] [command [arg ...]]\n" + " [-P provider_whitelist] [-t life] [command [arg ...]]\n" " ssh-agent [-c | -s] -k\n"); exit(1); -@@ -1039,6 +1062,7 @@ main(int ac, char **av) +@@ -1202,6 +1225,7 @@ main(int ac, char **av) /* drop */ setegid(getgid()); setgid(getgid()); @@ -73,7 +73,7 @@ disconnected. platform_disable_tracing(0); /* strict=no */ -@@ -1049,7 +1073,7 @@ main(int ac, char **av) +@@ -1213,7 +1237,7 @@ main(int ac, char **av) __progname = ssh_get_progname(av[0]); seed_rng(); @@ -82,7 +82,7 @@ disconnected. switch (ch) { case 'E': fingerprint_hash = ssh_digest_alg_by_name(optarg); -@@ -1092,6 +1116,9 @@ main(int ac, char **av) +@@ -1256,6 +1280,9 @@ main(int ac, char **av) fprintf(stderr, "Invalid lifetime\n"); usage(); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003231653.02NGrkm2086383>