diff options
author | wiz <wiz@pkgsrc.org> | 2021-09-26 15:37:51 +0000 |
---|---|---|
committer | wiz <wiz@pkgsrc.org> | 2021-09-26 15:37:51 +0000 |
commit | 5834b22b25141fa1fa4acfe20a871315b1785c25 (patch) | |
tree | e7abc3da8c7c3964d6e6c9812de2bca153340714 /security | |
parent | 0e5dd9d812d87060307573a5b0d258d136fa6b42 (diff) | |
download | pkgsrc-5834b22b25141fa1fa4acfe20a871315b1785c25.tar.gz |
openssh: update to 8.8p1.
Changes:
One year of development, details at
https://www.openssh.com/releasenotes.html
Diffstat (limited to 'security')
-rw-r--r-- | security/openssh/Makefile | 5 | ||||
-rw-r--r-- | security/openssh/distinfo | 15 | ||||
-rw-r--r-- | security/openssh/patches/patch-auth.c | 17 | ||||
-rw-r--r-- | security/openssh/patches/patch-sshd.c | 14 | ||||
-rw-r--r-- | security/openssh/patches/patch-sshkey.h | 8 |
5 files changed, 20 insertions, 39 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 2f6397ee8d3..b886f88bfa2 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.269 2021/05/24 19:53:55 wiz Exp $ +# $NetBSD: Makefile,v 1.270 2021/09/26 15:37:51 wiz Exp $ -DISTNAME= openssh-8.4p1 +DISTNAME= openssh-8.8p1 PKGNAME= ${DISTNAME:S/p1/.1/} -PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenSSH/portable/} diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 1ac009347eb..2ecb93a0ab9 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,11 +1,10 @@ -$NetBSD: distinfo,v 1.111 2020/09/29 15:17:42 ryoon Exp $ +$NetBSD: distinfo,v 1.112 2021/09/26 15:37:51 wiz Exp $ -SHA1 (openssh-8.4p1.tar.gz) = 69305059e10a60693ebe6f17731f962c9577535c -RMD160 (openssh-8.4p1.tar.gz) = 2d3eec0b56f7edef5d50b8defa2f143ffee5c65a -SHA512 (openssh-8.4p1.tar.gz) = d65275b082c46c5efe7cf3264fa6794d6e99a36d4a54b50554fc56979d6c0837381587fd5399195e1db680d2a5ad1ef0b99a180eac2b4de5637906cb7a89e9ce -Size (openssh-8.4p1.tar.gz) = 1742201 bytes +SHA1 (openssh-8.8p1.tar.gz) = 1eb964897a4372f6fb96c7effeb509ec71c379c9 +RMD160 (openssh-8.8p1.tar.gz) = 6ba3f5af90f960e1add6f81c1173adee8197e705 +SHA512 (openssh-8.8p1.tar.gz) = d44cd04445f9c8963513b0d5a7e8348985114ff2471e119a6e344498719ef40f09c61c354888a3be9dabcb5870e5cbe5d3aafbb861dfa1d82a4952f3d233a8df +Size (openssh-8.8p1.tar.gz) = 1815060 bytes SHA1 (patch-Makefile.in) = 13502b825c13c98b2ba3b84ff4bae9aa664b76b1 -SHA1 (patch-auth.c) = 060a93f5264751769f2fdf98fefd154bd80c0c5f SHA1 (patch-clientloop.c) = 4e88fbd14db33f003eb93c30c682a017e102196e SHA1 (patch-config.h.in) = 7d1050743da7264763254b57938775c546c3baa5 SHA1 (patch-configure.ac) = 321ef5ed83abe7e07d38026e096a10700b010ac8 @@ -15,5 +14,5 @@ SHA1 (patch-openbsd-compat_openbsd-compat.h) = bedbede16ab2fe918419c994ba15a2016 SHA1 (patch-openbsd-compat_port-tun.c) = b2a0ce81a52b00f106198d549b5068a5e67092ef SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75 SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1 -SHA1 (patch-sshd.c) = b3674e9f467323d1852dd988a408ac23896f6700 -SHA1 (patch-sshkey.h) = 074e9be70af58772d3172d1cb2c936000ca9a8d7 +SHA1 (patch-sshd.c) = 0c5725305cbab3855b52c1a63fe4e987ed14e44e +SHA1 (patch-sshkey.h) = aaaf622f377e455c49683fcc2ca42576ccd097bb diff --git a/security/openssh/patches/patch-auth.c b/security/openssh/patches/patch-auth.c deleted file mode 100644 index c04a7ac0c31..00000000000 --- a/security/openssh/patches/patch-auth.c +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-auth.c,v 1.6 2019/06/04 09:08:06 he Exp $ - -* Use login_getpwclass() instead of login_getclass() so that the root - vs. default login class distinction is made correctly, from FrrrBSD's - ports. - ---- auth.c.orig 2019-05-01 11:28:52.028281617 +0000 -+++ auth.c -@@ -599,7 +599,7 @@ getpwnamallow(struct ssh *ssh, const cha - if (!allowed_user(ssh, pw)) - return (NULL); - #ifdef HAVE_LOGIN_CAP -- if ((lc = login_getclass(pw->pw_class)) == NULL) { -+ if ((lc = login_getpwclass(pw)) == NULL) { - debug("unable to get login class: %s", user); - return (NULL); - } diff --git a/security/openssh/patches/patch-sshd.c b/security/openssh/patches/patch-sshd.c index 92dd5e3b8ab..007118fb9e5 100644 --- a/security/openssh/patches/patch-sshd.c +++ b/security/openssh/patches/patch-sshd.c @@ -1,12 +1,12 @@ -$NetBSD: patch-sshd.c,v 1.12 2020/05/27 13:49:27 sevan Exp $ +$NetBSD: patch-sshd.c,v 1.13 2021/09/26 15:37:51 wiz Exp $ * Revive tcp_wrappers support. ---- sshd.c.orig 2020-05-27 00:38:00.000000000 +0000 +--- sshd.c.orig 2021-09-26 14:03:19.000000000 +0000 +++ sshd.c -@@ -124,6 +124,13 @@ - #include "ssherr.h" - #include "sk-api.h" +@@ -126,6 +126,13 @@ + #include "srclimit.h" + #include "dh.h" +#ifdef LIBWRAP +#include <tcpd.h> @@ -18,7 +18,7 @@ $NetBSD: patch-sshd.c,v 1.12 2020/05/27 13:49:27 sevan Exp $ /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) -@@ -538,10 +545,17 @@ privsep_preauth(struct ssh *ssh) +@@ -532,10 +539,17 @@ privsep_preauth(struct ssh *ssh) /* Arrange for logging to be sent to the monitor */ set_log_handler(mm_log_handler, pmonitor); @@ -36,7 +36,7 @@ $NetBSD: patch-sshd.c,v 1.12 2020/05/27 13:49:27 sevan Exp $ return 0; } -@@ -2132,6 +2146,25 @@ main(int ac, char **av) +@@ -2179,6 +2193,25 @@ main(int ac, char **av) audit_connection_from(remote_ip, remote_port); #endif diff --git a/security/openssh/patches/patch-sshkey.h b/security/openssh/patches/patch-sshkey.h index ae5c3348c0d..83fc5a5a5c6 100644 --- a/security/openssh/patches/patch-sshkey.h +++ b/security/openssh/patches/patch-sshkey.h @@ -1,13 +1,13 @@ -$NetBSD: patch-sshkey.h,v 1.2 2020/09/29 15:17:42 ryoon Exp $ +$NetBSD: patch-sshkey.h,v 1.3 2021/09/26 15:37:51 wiz Exp $ Support for non recommendable (insecure) modulus size for RSA. This may be required in order to access old, non-upgradable, devices for which modulus size is less than 1024 bits (frequently 768 bits). ---- sshkey.h.orig 2020-09-27 07:25:01.000000000 +0000 +--- sshkey.h.orig 2021-09-26 14:03:19.000000000 +0000 +++ sshkey.h -@@ -48,7 +48,11 @@ - # define EC_POINT void +@@ -50,7 +50,11 @@ + #define SSH_OPENSSL_VERSION "without OpenSSL" #endif /* WITH_OPENSSL */ +#ifdef SSH_RSA_INSECURE_LEGACY_MIN_MOD_SZ |