git: 700625bcd86b - main - security/openssh-portable: Update to 9.3p1.

From: Bryan Drewery <bdrewery_at_FreeBSD.org>
Date: Tue, 23 May 2023 17:40:20 UTC 
The branch main has been updated by bdrewery:

URL: https://cgit.FreeBSD.org/ports/commit/?id=700625bcd86b74cf3fb9536aeea250d7f8cd1fd5

commit 700625bcd86b74cf3fb9536aeea250d7f8cd1fd5
Author:     Bryan Drewery <bdrewery@FreeBSD.org>
AuthorDate: 2023-05-19 21:45:00 +0000
Commit:     Bryan Drewery <bdrewery@FreeBSD.org>
CommitDate: 2023-05-23 17:40:07 +0000

    security/openssh-portable: Update to 9.3p1.
    
    Changes: https://www.openssh.com/txt/release-9.3
---
 security/openssh-portable/Makefile              |  4 +--
 security/openssh-portable/distinfo              |  6 ++--
 security/openssh-portable/files/extra-patch-hpn | 41 ++++++++-----------------
 3 files changed, 17 insertions(+), 34 deletions(-)

diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 4c0c4a940024..c311879d1725 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	openssh
-DISTVERSION=	9.2p1
+DISTVERSION=	9.3p1
 PORTREVISION=	0
 PORTEPOCH=	1
 CATEGORIES=	security
@@ -101,7 +101,7 @@ PATCH_SITES+=	http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex
 
 # Must add this patch before HPN due to conflicts
 .if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi
-#BROKEN=	KERB_GSSAPI No patch for ${DISTVERSION} yet.
+BROKEN=	KERB_GSSAPI No patch for ${DISTVERSION} yet.
 .  if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
 # Needed glue for applying HPN patch without conflict
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-hpn-gss-glue
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index fbd9733b60d3..2e92912f2e3a 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1676575062
-SHA256 (openssh-9.2p1.tar.gz) = 3f66dbf1655fb45f50e1c56da62ab01218c228807b21338d634ebcdf9d71cf46
-SIZE (openssh-9.2p1.tar.gz) = 1852380
+TIMESTAMP = 1684527180
+SHA256 (openssh-9.3p1.tar.gz) = e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8
+SIZE (openssh-9.3p1.tar.gz) = 1856839
 SHA256 (openssh-9.2p1-gsskex-all-20141021-debian-rh-20220203.patch) = acf9b12d68eeeae047d1042954473f859c10a7c2a4b5d9dc54fcbbd5e30a3a58
 SIZE (openssh-9.2p1-gsskex-all-20141021-debian-rh-20220203.patch) = 131618
diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn
index 1f25a207b00b..708c73e7a290 100644
--- a/security/openssh-portable/files/extra-patch-hpn
+++ b/security/openssh-portable/files/extra-patch-hpn
@@ -1119,9 +1119,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  		sshpkt_fatal(ssh, r, "banner exchange");
  
  	/* Put the connection into non-blocking mode. */
---- work/openssh/sshconnect2.c.orig	2021-08-19 21:03:49.000000000 -0700
-+++ work/openssh/sshconnect2.c	2021-09-08 10:02:03.037982000 -0700
-@@ -84,7 +84,13 @@
+--- work/openssh/sshconnect2.c.orig	2023-03-15 14:28:19.000000000 -0700
++++ work/openssh/sshconnect2.c	2023-05-19 14:20:01.965073000 -0700
+@@ -83,7 +83,13 @@ extern Options options;
  extern char *client_version_string;
  extern char *server_version_string;
  extern Options options;
@@ -1135,29 +1135,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  /*
   * SSH2 key exchange
   */
-@@ -212,11 +218,12 @@ order_hostkeyalgs(char *host, struct sockaddr *hostadd
- 	return ret;
- }
- 
-+static char *myproposal[PROPOSAL_MAX];
-+static const char *myproposal_default[PROPOSAL_MAX] = { KEX_CLIENT };
- void
- ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
-     const struct ssh_conn_info *cinfo)
- {
--	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
- 	char *s, *all_key;
- 	int r, use_known_hosts_order = 0;
- 
-@@ -241,6 +248,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr 
- 		fatal_fr(r, "kex_assemble_namelist");
- 	free(all_key);
- 
-+	memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
- 	if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
- 		fatal_f("kex_names_cat");
- 	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, s);
-@@ -487,6 +495,29 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
+@@ -482,6 +488,34 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
  
  	if (!authctxt.success)
  		fatal("Authentication failed.");
@@ -1169,11 +1147,16 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
 +	 * tty allocated.
 +	 */
 +	if ((options.none_switch == 1) && (options.none_enabled == 1)) {
++		char *myproposal[PROPOSAL_MAX];
++		char *s = NULL;
++		const char *none_cipher = "none";
++
 +		if (!tty_flag) { /* no null on tty sessions */
 +			debug("Requesting none rekeying...");
-+			memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
-+			myproposal[PROPOSAL_ENC_ALGS_STOC] = "none";
-+			myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none";
++			kex_proposal_populate_entries(ssh, myproposal, s, none_cipher,
++			    options.macs,
++			    compression_alg_list(options.compression),
++			    options.hostkeyalgorithms);
 +			kex_prop2buf(ssh->kex->my, myproposal);
 +			packet_request_rekeying();
 +			fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n");