diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -1,6 +1,6 @@ PORTNAME= openssh -DISTVERSION= 9.3p2 -PORTREVISION= 2 +DISTVERSION= 9.6p1 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= OPENBSD/OpenSSH/portable @@ -23,8 +23,7 @@ CONFIGURE_ARGS= --prefix=${PREFIX} \ --without-zlib-version-check \ --with-ssl-engine \ - --with-mantype=man \ - --with-Werror + --with-mantype=man ETCOLD= ${PREFIX}/etc diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,5 +1,3 @@ -TIMESTAMP = 1695396338 -SHA256 (openssh-9.3p2.tar.gz) = 200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8 -SIZE (openssh-9.3p2.tar.gz) = 1835850 -SHA256 (openssh-9.4p1-gsskex-all-debian-rh-9.4p1.patch) = 9492c1db4307aa3fe6e12d77fff01376bf275af2980ae55b926a505aae9e9b14 -SIZE (openssh-9.4p1-gsskex-all-debian-rh-9.4p1.patch) = 131674 +TIMESTAMP = 1703034264 +SHA256 (openssh-9.6p1.tar.gz) = 910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c +SIZE (openssh-9.6p1.tar.gz) = 1857862 diff --git a/security/openssh-portable/files/extra-patch-hpn-compat b/security/openssh-portable/files/extra-patch-hpn-compat --- a/security/openssh-portable/files/extra-patch-hpn-compat +++ b/security/openssh-portable/files/extra-patch-hpn-compat @@ -16,12 +16,12 @@ ------------------------------------------------------------------------ ---- readconf.c.orig 2023-02-03 11:17:45.506822000 -0800 -+++ readconf.c 2023-02-03 11:30:14.894959000 -0800 -@@ -323,6 +323,12 @@ static struct { - { "knownhostscommand", oKnownHostsCommand }, - { "requiredrsasize", oRequiredRSASize }, +--- readconf.c.orig 2023-12-19 17:09:41.366788000 -0800 ++++ readconf.c 2023-12-19 17:10:24.155247000 -0800 +@@ -329,6 +329,12 @@ { "enableescapecommandline", oEnableEscapeCommandline }, + { "obscurekeystroketiming", oObscureKeystrokeTiming }, + { "channeltimeout", oChannelTimeout }, + { "hpndisabled", oDeprecated }, + { "hpnbuffersize", oDeprecated }, + { "tcprcvbufpoll", oDeprecated }, @@ -31,9 +31,9 @@ { NULL, oBadOption } }; ---- servconf.c.orig 2023-02-02 04:21:54.000000000 -0800 -+++ servconf.c 2023-02-03 11:31:00.387624000 -0800 -@@ -695,6 +695,10 @@ static struct { +--- servconf.c.orig 2023-12-19 17:11:52.320491000 -0800 ++++ servconf.c 2023-12-19 17:12:43.950318000 -0800 +@@ -693,6 +693,10 @@ { "requiredrsasize", sRequiredRSASize, SSHCFG_ALL }, { "channeltimeout", sChannelTimeout, SSHCFG_ALL }, { "unusedconnectiontimeout", sUnusedConnectionTimeout, SSHCFG_ALL }, diff --git a/security/openssh-portable/files/patch-ssh-agent.c b/security/openssh-portable/files/patch-ssh-agent.c --- a/security/openssh-portable/files/patch-ssh-agent.c +++ b/security/openssh-portable/files/patch-ssh-agent.c @@ -8,9 +8,9 @@ Add a -x option that causes ssh-agent(1) to exit when all clients have disconnected. ---- ssh-agent.c.orig 2023-02-02 04:21:54.000000000 -0800 -+++ ssh-agent.c 2023-02-03 10:55:34.277561000 -0800 -@@ -188,11 +188,28 @@ static int restrict_websafe = 1; +--- ssh-agent.c.orig 2023-12-18 06:59:50.000000000 -0800 ++++ ssh-agent.c 2023-12-19 17:16:22.128981000 -0800 +@@ -196,11 +196,28 @@ /* Refuse signing of non-SSH messages for web-origin FIDO keys */ static int restrict_websafe = 1; @@ -39,7 +39,7 @@ close(e->fd); sshbuf_free(e->input); sshbuf_free(e->output); -@@ -205,6 +222,8 @@ close_socket(SocketEntry *e) +@@ -213,6 +230,8 @@ memset(e, '\0', sizeof(*e)); e->fd = -1; e->type = AUTH_UNUSED; @@ -48,7 +48,7 @@ } static void -@@ -1698,6 +1717,10 @@ new_socket(sock_type type, int fd) +@@ -1893,6 +1912,10 @@ debug_f("type = %s", type == AUTH_CONNECTION ? "CONNECTION" : (type == AUTH_SOCKET ? "SOCKET" : "UNKNOWN")); @@ -59,7 +59,7 @@ set_nonblock(fd); if (fd > max_fd) -@@ -1990,7 +2013,7 @@ usage(void) +@@ -2184,7 +2207,7 @@ usage(void) { fprintf(stderr, @@ -68,15 +68,15 @@ " [-O option] [-P allowed_providers] [-t life]\n" " ssh-agent [-a bind_address] [-E fingerprint_hash] [-O option]\n" " [-P allowed_providers] [-t life] command [arg ...]\n" -@@ -2024,6 +2047,7 @@ main(int ac, char **av) +@@ -2218,6 +2241,7 @@ /* drop */ - setegid(getgid()); - setgid(getgid()); -+ setuid(geteuid()); + (void)setegid(getgid()); + (void)setgid(getgid()); ++ (void)setuid(geteuid()); platform_disable_tracing(0); /* strict=no */ -@@ -2035,7 +2059,7 @@ main(int ac, char **av) +@@ -2229,7 +2253,7 @@ __progname = ssh_get_progname(av[0]); seed_rng(); @@ -85,7 +85,7 @@ switch (ch) { case 'E': fingerprint_hash = ssh_digest_alg_by_name(optarg); -@@ -2084,6 +2108,9 @@ main(int ac, char **av) +@@ -2280,6 +2304,9 @@ fprintf(stderr, "Invalid lifetime\n"); usage(); } diff --git a/security/openssh-portable/files/patch-ssh_config b/security/openssh-portable/files/patch-ssh_config deleted file mode 100644 --- a/security/openssh-portable/files/patch-ssh_config +++ /dev/null @@ -1,17 +0,0 @@ ---- UTC -r100678 | fanf | 2002-07-25 10:59:40 -0500 (Thu, 25 Jul 2002) | 5 lines - -Document the FreeBSD default for CheckHostIP, which was changed in -rev 1.2 of readconf.c. - ---- ssh_config.orig 2010-01-12 01:40:27.000000000 -0700 -+++ ssh_config 2010-09-14 16:14:13.000000000 -0600 -@@ -27,7 +27,7 @@ - # GSSAPIAuthentication no - # GSSAPIDelegateCredentials no - # BatchMode no --# CheckHostIP yes -+# CheckHostIP no - # AddressFamily any - # ConnectTimeout 0 - # StrictHostKeyChecking ask