From nobody Mon Jul 01 11:05:35 2024 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WCNW3300vz5QGNQ; Mon, 01 Jul 2024 11:05:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WCNW32JXQz4Q9H; Mon, 1 Jul 2024 11:05:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1719831935; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CECTMcK4u4PyxK2XvH9pVje0UOLoNOPRVN+h3Zh0DSk=; b=Qx0ddKOTpg0mj5h/3C2q/ffjKmfWSlb3M8xD94aBMMEwKzGAWYdzQ8WOjxR6pj44ftAZVt sZ8Ow33J4I2SRHZj3L3ajfdW/IwxvcbQ+fgyRkXLJ/3JBpiuZyBZsNCY98EXnGnQCEN3oL LqbWNoPLyKl+hoJaGaDlTn4IwnJbPooKMmbzapyQv/OE/Yr4XjeK1tT1Ln9LKyJAU/0h/E Uk3ogn+uZrDFA9K3x2ijzXTxNrOEYd9F0WT+5+L/VubG3bwF2kED81cbJkgK01WnOHxFEQ 73NgkPlTaVXazPnjjJ3yNyP0flPcG0G6bItpyBf0cy7E2xuuAnTHBg3d6yuY2w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1719831935; a=rsa-sha256; cv=none; b=BuKoWOKydLQuN4DDwy9F91XecXX3Q5eT27TTmx/F4rPjORbFV1FYdR7q0DVA3MA8Z54B8k sWH0CP5EAtkPj7pJ7mTwv37u4s1WQmu2A9xDkHhIFMiwb7X4QD7KAYL6o54u+lOMavetQV eZcBuqN42ApF39mkKVcUbg4hGGgXt8BmIUWm4RoBvc949XZJnKTXxEapIVKHXpXIhqKY9v MCZnZEBV3b9vMaibm0Y2cjZi4D7j/sT06M0dQtpPR8I7DEeKzTL+XAk7TXJn4rpEiQQK8q wfTJWoVstbiqB5idvlb0fCzMsifF8JeTcSAVevbgDhpaq3Pw58WvhWERoI56Dg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1719831935; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CECTMcK4u4PyxK2XvH9pVje0UOLoNOPRVN+h3Zh0DSk=; b=Ccygxx3C4WGrjBvfREp9fEb8JGuP/dMQgVJGl1TA3emXNhrzUIo3qpwm85/V/ob0001TMB AyO1icD+ym0gvfXgmdPNOs/qfIAfzad3Ty7B16+PvqlLt8c+no6qXOoknS8imG53fDHnFg 4wZd9Lo45JlETWP/Tz9m2FYpDvX5d4KdrnNAK9XXCciea2GKo0tplwr7h88yEu4dUltzU4 v/nwTv5mmL4fB4P53GkBqW41p4OVQWMyVqZYW0TltIKhWvzOFzVh3yB8YZwdna4y6lcIlt gzQnlcA6gW51vaRFpjSiyRsk5ZGiC836LOnoDBVLp4+qVz/oqIuLPRRs1eNK4g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WCNW31trHz12nN; Mon, 1 Jul 2024 11:05:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 461B5ZFS057343; Mon, 1 Jul 2024 11:05:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 461B5Z6e057340; Mon, 1 Jul 2024 11:05:35 GMT (envelope-from git) Date: Mon, 1 Jul 2024 11:05:35 GMT Message-Id: <202407011105.461B5Z6e057340@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Bernard Spil Subject: git: 6c74a768ede7 - main - security/openssh-portable: Revert commit List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: brnrd X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 6c74a768ede70109e336be37bf3fe2ae655cd2b6 Auto-Submitted: auto-generated The branch main has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=6c74a768ede70109e336be37bf3fe2ae655cd2b6 commit 6c74a768ede70109e336be37bf3fe2ae655cd2b6 Author: Bernard Spil AuthorDate: 2024-07-01 11:03:32 +0000 Commit: Bernard Spil CommitDate: 2024-07-01 11:03:32 +0000 security/openssh-portable: Revert commit * Revert changes other than the PORTREVISION bump * See PR 280068 --- security/openssh-portable/Makefile | 11 ++----- .../openssh-portable/files/patch-CVE-2024-6387 | 36 ---------------------- 2 files changed, 3 insertions(+), 44 deletions(-) diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 65f88b3e3f82..5cf4aa38d3e3 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -23,6 +23,7 @@ GNU_CONFIGURE= yes GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share CONFIGURE_ARGS= --prefix=${PREFIX} \ --without-zlib-version-check \ + --with-ssl-engine \ --with-mantype=man ETCOLD= ${PREFIX}/etc @@ -41,8 +42,8 @@ gssapi_PKGNAMESUFFIX= -portable-gssapi OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \ HPN KERB_GSSAPI \ - LDNS NONECIPHER XMSS FIDO_U2F BLACKLISTD OPENSSL -OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS FIDO_U2F OPENSSL + LDNS NONECIPHER XMSS FIDO_U2F BLACKLISTD +OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS FIDO_U2F .if ${FLAVOR:U} == hpn OPTIONS_DEFAULT+= HPN NONECIPHER .endif @@ -63,7 +64,6 @@ NONECIPHER_DESC= NONE Cipher support XMSS_DESC= XMSS key support (experimental) FIDO_U2F_DESC= FIDO/U2F support (security/libfido2) BLACKLISTD_DESC= FreeBSD blacklistd(8) support -OPENSSL_DESC= Use of OpenSSL; when disabled use only limited internal crypto **EXPERIMENTAL** OPTIONS_SUB= yes @@ -94,9 +94,6 @@ FIDO_U2F_CONFIGURE_OFF= --disable-security-key BLACKLISTD_EXTRA_PATCHES= ${FILESDIR}/extra-patch-blacklistd -OPENSSL_CONFIGURE_ON= --with-ssl-engine -OPENSSL_CONFIGURE_OFF= --without-openssl - ETCDIR?= ${PREFIX}/etc/ssh .include @@ -212,8 +209,6 @@ post-patch: ${WRKSRC}/sshd_config.5 @${ECHO_CMD} '#define SSH_VERSION_FREEBSD_PORT "${VERSION_ADDENDUM_DEFAULT}"' >> \ ${WRKSRC}/version.h - @${REINPLACE_CMD} \ - -e 's|BLACKLIST_BAD_USER|BLACKLIST_AUTH_FAIL|' ${WRKSRC}/auth.c post-configure-XMSS-on: @${ECHO_CMD} "#define WITH_XMSS 1" >> ${WRKSRC}/config.h diff --git a/security/openssh-portable/files/patch-CVE-2024-6387 b/security/openssh-portable/files/patch-CVE-2024-6387 deleted file mode 100644 index 65d0fe4323a4..000000000000 --- a/security/openssh-portable/files/patch-CVE-2024-6387 +++ /dev/null @@ -1,36 +0,0 @@ -From 8f80def8aa085385dc4fe4668f0e29d3a0dc8510 Mon Sep 17 00:00:00 2001 -From: Philip Paeps -Date: Mon, 1 Jul 2024 16:20:01 +0800 -Subject: openssh: Fix pre-authentication remote code execution in sshd. - -Reported by: Qualys Threat Research Unit (TRU) -Approved by: so -Security: FreeBSD-SA-24:04.openssh -Security: CVE-2024-6387 - -(cherry picked from commit 2abea9df01655633aabbb9bf3204c90722001202) -(cherry picked from commit 620a6a54bb7bb6e1c5607092b6ec49e353e0925f) ---- - crypto/openssh/log.c | 2 ++ - crypto/openssh/version.h | 2 +- - 2 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/crypto/openssh/log.c b/crypto/openssh/log.c -index 9fc1a2e2eaf6..436c75630181 100644 ---- log.c.orig -+++ log.c -@@ -451,12 +451,14 @@ void - sshsigdie(const char *file, const char *func, int line, int showfunc, - LogLevel level, const char *suffix, const char *fmt, ...) - { -+#if 0 - va_list args; - - va_start(args, fmt); - sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, - suffix, fmt, args); - va_end(args); -+#endif - _exit(1); - } -