Page MenuHomeFreeBSD
Files F140148307

D43132.id131599.diff
No OneTemporary
Actions

D43132.id131599.diff
View Options

diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -1,6 +1,6 @@
PORTNAME= openssh
-DISTVERSION= 9.3p2
-PORTREVISION= 2
+DISTVERSION= 9.6p1
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= security
MASTER_SITES= OPENBSD/OpenSSH/portable
@@ -23,8 +23,7 @@
CONFIGURE_ARGS= --prefix=${PREFIX} \
--without-zlib-version-check \
--with-ssl-engine \
- --with-mantype=man \
- --with-Werror
+ --with-mantype=man
ETCOLD= ${PREFIX}/etc
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,5 +1,3 @@
-TIMESTAMP = 1695396338
-SHA256 (openssh-9.3p2.tar.gz) = 200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8
-SIZE (openssh-9.3p2.tar.gz) = 1835850
-SHA256 (openssh-9.4p1-gsskex-all-debian-rh-9.4p1.patch) = 9492c1db4307aa3fe6e12d77fff01376bf275af2980ae55b926a505aae9e9b14
-SIZE (openssh-9.4p1-gsskex-all-debian-rh-9.4p1.patch) = 131674
+TIMESTAMP = 1703034264
+SHA256 (openssh-9.6p1.tar.gz) = 910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c
+SIZE (openssh-9.6p1.tar.gz) = 1857862
diff --git a/security/openssh-portable/files/extra-patch-hpn-compat b/security/openssh-portable/files/extra-patch-hpn-compat
--- a/security/openssh-portable/files/extra-patch-hpn-compat
+++ b/security/openssh-portable/files/extra-patch-hpn-compat
@@ -1,27 +1,9 @@
-------------------------------------------------------------------------
-r294563 | des | 2016-01-22 05:13:46 -0800 (Fri, 22 Jan 2016) | 3 lines
-Changed paths:
- M /head/crypto/openssh/servconf.c
-
-Instead of removing the NoneEnabled option, mark it as unsupported.
-(should have done this in r291198, but didn't think of it until now)
-
-------------------------------------------------------------------------
-------------------------------------------------------------------------
-r294564 | des | 2016-01-22 06:22:11 -0800 (Fri, 22 Jan 2016) | 2 lines
-Changed paths:
- M /head/crypto/openssh/readconf.c
-
-r294563 was incomplete; re-add the client-side options as well.
-
-------------------------------------------------------------------------
-
---- readconf.c.orig 2023-02-03 11:17:45.506822000 -0800
-+++ readconf.c 2023-02-03 11:30:14.894959000 -0800
-@@ -323,6 +323,12 @@ static struct {
- { "knownhostscommand", oKnownHostsCommand },
- { "requiredrsasize", oRequiredRSASize },
+--- readconf.c.orig 2023-12-19 17:09:41.366788000 -0800
++++ readconf.c 2023-12-19 17:10:24.155247000 -0800
+@@ -329,6 +329,12 @@
{ "enableescapecommandline", oEnableEscapeCommandline },
+ { "obscurekeystroketiming", oObscureKeystrokeTiming },
+ { "channeltimeout", oChannelTimeout },
+ { "hpndisabled", oDeprecated },
+ { "hpnbuffersize", oDeprecated },
+ { "tcprcvbufpoll", oDeprecated },
@@ -31,9 +13,9 @@
{ NULL, oBadOption }
};
---- servconf.c.orig 2023-02-02 04:21:54.000000000 -0800
-+++ servconf.c 2023-02-03 11:31:00.387624000 -0800
-@@ -695,6 +695,10 @@ static struct {
+--- servconf.c.orig 2023-12-19 17:11:52.320491000 -0800
++++ servconf.c 2023-12-19 17:12:43.950318000 -0800
+@@ -693,6 +693,10 @@
{ "requiredrsasize", sRequiredRSASize, SSHCFG_ALL },
{ "channeltimeout", sChannelTimeout, SSHCFG_ALL },
{ "unusedconnectiontimeout", sUnusedConnectionTimeout, SSHCFG_ALL },
diff --git a/security/openssh-portable/files/patch-ssh-agent.c b/security/openssh-portable/files/patch-ssh-agent.c
--- a/security/openssh-portable/files/patch-ssh-agent.c
+++ b/security/openssh-portable/files/patch-ssh-agent.c
@@ -1,16 +1,6 @@
---- UTC
-r110506 | des | 2003-02-07 09:48:27 -0600 (Fri, 07 Feb 2003) | 4 lines
-
-Set the ruid to the euid at startup as a workaround for a bug in pam_ssh.
-
-r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines
-
-Add a -x option that causes ssh-agent(1) to exit when all clients have
-disconnected.
-
---- ssh-agent.c.orig 2023-02-02 04:21:54.000000000 -0800
-+++ ssh-agent.c 2023-02-03 10:55:34.277561000 -0800
-@@ -188,11 +188,28 @@ static int restrict_websafe = 1;
+--- ssh-agent.c.orig 2023-12-18 06:59:50.000000000 -0800
++++ ssh-agent.c 2023-12-19 17:16:22.128981000 -0800
+@@ -196,11 +196,28 @@
/* Refuse signing of non-SSH messages for web-origin FIDO keys */
static int restrict_websafe = 1;
@@ -39,7 +29,7 @@
close(e->fd);
sshbuf_free(e->input);
sshbuf_free(e->output);
-@@ -205,6 +222,8 @@ close_socket(SocketEntry *e)
+@@ -213,6 +230,8 @@
memset(e, '\0', sizeof(*e));
e->fd = -1;
e->type = AUTH_UNUSED;
@@ -48,7 +38,7 @@
}
static void
-@@ -1698,6 +1717,10 @@ new_socket(sock_type type, int fd)
+@@ -1893,6 +1912,10 @@
debug_f("type = %s", type == AUTH_CONNECTION ? "CONNECTION" :
(type == AUTH_SOCKET ? "SOCKET" : "UNKNOWN"));
@@ -59,7 +49,7 @@
set_nonblock(fd);
if (fd > max_fd)
-@@ -1990,7 +2013,7 @@ usage(void)
+@@ -2184,7 +2207,7 @@
usage(void)
{
fprintf(stderr,
@@ -68,15 +58,15 @@
" [-O option] [-P allowed_providers] [-t life]\n"
" ssh-agent [-a bind_address] [-E fingerprint_hash] [-O option]\n"
" [-P allowed_providers] [-t life] command [arg ...]\n"
-@@ -2024,6 +2047,7 @@ main(int ac, char **av)
+@@ -2218,6 +2241,7 @@
/* drop */
- setegid(getgid());
- setgid(getgid());
-+ setuid(geteuid());
+ (void)setegid(getgid());
+ (void)setgid(getgid());
++ (void)setuid(geteuid());
platform_disable_tracing(0); /* strict=no */
-@@ -2035,7 +2059,7 @@ main(int ac, char **av)
+@@ -2229,7 +2253,7 @@
__progname = ssh_get_progname(av[0]);
seed_rng();
@@ -85,7 +75,7 @@
switch (ch) {
case 'E':
fingerprint_hash = ssh_digest_alg_by_name(optarg);
-@@ -2084,6 +2108,9 @@ main(int ac, char **av)
+@@ -2280,6 +2304,9 @@
fprintf(stderr, "Invalid lifetime\n");
usage();
}
diff --git a/security/openssh-portable/files/patch-ssh_config b/security/openssh-portable/files/patch-ssh_config
deleted file mode 100644
--- a/security/openssh-portable/files/patch-ssh_config
+++ /dev/null
@@ -1,17 +0,0 @@
---- UTC
-r100678 | fanf | 2002-07-25 10:59:40 -0500 (Thu, 25 Jul 2002) | 5 lines
-
-Document the FreeBSD default for CheckHostIP, which was changed in
-rev 1.2 of readconf.c.
-
---- ssh_config.orig 2010-01-12 01:40:27.000000000 -0700
-+++ ssh_config 2010-09-14 16:14:13.000000000 -0600
-@@ -27,7 +27,7 @@
- # GSSAPIAuthentication no
- # GSSAPIDelegateCredentials no
- # BatchMode no
--# CheckHostIP yes
-+# CheckHostIP no
- # AddressFamily any
- # ConnectTimeout 0
- # StrictHostKeyChecking ask

File Metadata

Mime Type
text/plain
Expires
Sun, Dec 21, 8:55 PM (9 h, 9 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
27121617
Default Alt Text
D43132.id131599.diff (6 KB)

Event Timeline