From nobody Tue May 23 17:40:20 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QQhRS2YdPz4CkfW; Tue, 23 May 2023 17:40:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QQhRS23WQz4b1w; Tue, 23 May 2023 17:40:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1684863620; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0MNUPwzjCljcqm8NNb9HpviXoinDgqro+avlYfygtRo=; b=QDXhLJIxLDEnvKSZ1AVFjvKa+LQoiZ8aG+29bprd8R8Z5UDhjvqDzlPufXCEYvWC5UG5N8 V8y/R7kXm786x6hmFKfG/NoHAy2KjGnmHQIrMI9JpWRIa3lSfZwR3HNCixagK005IAuPxU D2qpdzEO6muXGQy7rA7WAAanoWhsE6eKWxIWnHYat+M+hLn86JVn1m9hrxI5mWROwUxRI6 /f3NXA79ysitrVTqNzzofpTzHNKCKuH9S+qT1ROZzxTp2Ay5QQ0q76HPtpzQWjbqNh05ba Jeb8AjoKAPjNo2b7JcwEYXLbtuUj7g1rEimOhYjTuuxOXDxfZDOF31b0fHTxYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1684863620; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0MNUPwzjCljcqm8NNb9HpviXoinDgqro+avlYfygtRo=; b=SBZja/Ek7gUKMmxgzR5vvJoeCCee6Ghe7HRygmccELSQD5aJCgpOQZmQnkZXF4xu4RuUz6 LksKS8TafllAG+EiZz7rPXIm/XeXLF5onk9c/VeQh2fedEG4yVb550nycPE/aiv+MHQ674 URzBIGctCV6S8MKfVcWVWo26QPXP1+ViRJuR8YGnrE7Z/AnCJjjM7Bj5jV7D19F1W1vbgf LSZ8bxiBNQGAXoZ4zgpi5DwrQe9ewbItXz6RwNENMTKglEwcSW1KyWf1zgtBpU91PzkiwW hJqIgOKvUGBvDilqWPdX6IA7XrBXWdDT/ai7oevWRl0ADdeGRfLUyRHagNz+RQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1684863620; a=rsa-sha256; cv=none; b=DNt6vfYh0iaczkZiCA8SYSC7g4387RFLk5A0x2HkzBGpvJlEqQBpvtXrjPA/D/5nT9Ll3R SgI7KcrQHogr+tao9uhgAnKijsKW/UCfLyi5v3iLaRe1wmbVhb1ttZ2A6tv/UmBbheONCc IZCz5J7LuUmZRXm+MHgiPbs5Hw9QQc8aW11iuxcC2MuYGtWSEHfP04mAkuSlEZYnn48A6C ZtZ6ijvykRrN83Gd9/kcCcRGBr0G61sUtZUhn8jvWLChpU31yt21hVvcMpqevgej9/5OC8 7olQj3fED03BFmecOu4xg2lH51KfFncBIndekmi/LpLYXhPddTlPvoi+PCxM+A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QQhRS16Nyz17q0; Tue, 23 May 2023 17:40:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34NHeKBv038632; Tue, 23 May 2023 17:40:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34NHeKC4038631; Tue, 23 May 2023 17:40:20 GMT (envelope-from git) Date: Tue, 23 May 2023 17:40:20 GMT Message-Id: <202305231740.34NHeKC4038631@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Bryan Drewery Subject: git: 700625bcd86b - main - security/openssh-portable: Update to 9.3p1. List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bdrewery X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 700625bcd86b74cf3fb9536aeea250d7f8cd1fd5 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by bdrewery: URL: https://cgit.FreeBSD.org/ports/commit/?id=700625bcd86b74cf3fb9536aeea250d7f8cd1fd5 commit 700625bcd86b74cf3fb9536aeea250d7f8cd1fd5 Author: Bryan Drewery AuthorDate: 2023-05-19 21:45:00 +0000 Commit: Bryan Drewery CommitDate: 2023-05-23 17:40:07 +0000 security/openssh-portable: Update to 9.3p1. Changes: https://www.openssh.com/txt/release-9.3 --- security/openssh-portable/Makefile | 4 +-- security/openssh-portable/distinfo | 6 ++-- security/openssh-portable/files/extra-patch-hpn | 41 ++++++++----------------- 3 files changed, 17 insertions(+), 34 deletions(-) diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 4c0c4a940024..c311879d1725 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -1,5 +1,5 @@ PORTNAME= openssh -DISTVERSION= 9.2p1 +DISTVERSION= 9.3p1 PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security @@ -101,7 +101,7 @@ PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex # Must add this patch before HPN due to conflicts .if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi -#BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. +BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. . if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} # Needed glue for applying HPN patch without conflict EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index fbd9733b60d3..2e92912f2e3a 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1676575062 -SHA256 (openssh-9.2p1.tar.gz) = 3f66dbf1655fb45f50e1c56da62ab01218c228807b21338d634ebcdf9d71cf46 -SIZE (openssh-9.2p1.tar.gz) = 1852380 +TIMESTAMP = 1684527180 +SHA256 (openssh-9.3p1.tar.gz) = e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8 +SIZE (openssh-9.3p1.tar.gz) = 1856839 SHA256 (openssh-9.2p1-gsskex-all-20141021-debian-rh-20220203.patch) = acf9b12d68eeeae047d1042954473f859c10a7c2a4b5d9dc54fcbbd5e30a3a58 SIZE (openssh-9.2p1-gsskex-all-20141021-debian-rh-20220203.patch) = 131618 diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn index 1f25a207b00b..708c73e7a290 100644 --- a/security/openssh-portable/files/extra-patch-hpn +++ b/security/openssh-portable/files/extra-patch-hpn @@ -1119,9 +1119,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o sshpkt_fatal(ssh, r, "banner exchange"); /* Put the connection into non-blocking mode. */ ---- work/openssh/sshconnect2.c.orig 2021-08-19 21:03:49.000000000 -0700 -+++ work/openssh/sshconnect2.c 2021-09-08 10:02:03.037982000 -0700 -@@ -84,7 +84,13 @@ +--- work/openssh/sshconnect2.c.orig 2023-03-15 14:28:19.000000000 -0700 ++++ work/openssh/sshconnect2.c 2023-05-19 14:20:01.965073000 -0700 +@@ -83,7 +83,13 @@ extern Options options; extern char *client_version_string; extern char *server_version_string; extern Options options; @@ -1135,29 +1135,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o /* * SSH2 key exchange */ -@@ -212,11 +218,12 @@ order_hostkeyalgs(char *host, struct sockaddr *hostadd - return ret; - } - -+static char *myproposal[PROPOSAL_MAX]; -+static const char *myproposal_default[PROPOSAL_MAX] = { KEX_CLIENT }; - void - ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, - const struct ssh_conn_info *cinfo) - { -- char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; - char *s, *all_key; - int r, use_known_hosts_order = 0; - -@@ -241,6 +248,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr - fatal_fr(r, "kex_assemble_namelist"); - free(all_key); - -+ memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); - if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) - fatal_f("kex_names_cat"); - myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, s); -@@ -487,6 +495,29 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, +@@ -482,6 +488,34 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, if (!authctxt.success) fatal("Authentication failed."); @@ -1169,11 +1147,16 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o + * tty allocated. + */ + if ((options.none_switch == 1) && (options.none_enabled == 1)) { ++ char *myproposal[PROPOSAL_MAX]; ++ char *s = NULL; ++ const char *none_cipher = "none"; ++ + if (!tty_flag) { /* no null on tty sessions */ + debug("Requesting none rekeying..."); -+ memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); -+ myproposal[PROPOSAL_ENC_ALGS_STOC] = "none"; -+ myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none"; ++ kex_proposal_populate_entries(ssh, myproposal, s, none_cipher, ++ options.macs, ++ compression_alg_list(options.compression), ++ options.hostkeyalgorithms); + kex_prop2buf(ssh->kex->my, myproposal); + packet_request_rekeying(); + fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n");