sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-18 17:59:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security/openssh-portable: Update to 9.9p2

Browse source 
Changes: https://www.openssh.com/releasenotes.html
Security:
  * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
    (inclusive) contained a logic error that allowed an on-path
    attacker (a.k.a MITM) to impersonate any server when the
    VerifyHostKeyDNS option is enabled. This option is off by default.

  * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
    (inclusive) is vulnerable to a memory/CPU denial-of-service related
    to the handling of SSH2_MSG_PING packets. This condition may be
This commit is contained in:
Bryan Drewery 2025-02-19 08:01:52 -08:00
parent 54c4465a77
commit 1896ee6874
3 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
security/openssh-portable/Makefile
View file

@ -1,6 +1,6 @@
PORTNAME= openssh
DISTVERSION= 9.9p1
PORTREVISION= 1
DISTVERSION= 9.9p2
PORTREVISION= 0
PORTEPOCH= 1
CATEGORIES= security
MASTER_SITES= OPENBSD/OpenSSH/portable
@ -109,7 +109,7 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
. endif
# - See https://sources.debian.org/data/main/o/openssh/ for which subdir to
# pull from.
GSSAPI_DEBIAN_VERSION= 9.9p1
GSSAPI_DEBIAN_VERSION= 9.9p2
GSSAPI_DEBIAN_SUBDIR= ${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-1
# - Debian does not use a versioned filename so we trick fetch to make one for
# us with the ?<anything>=/ trick.

6
security/openssh-portable/distinfo
View file

@ -1,5 +1,5 @@
TIMESTAMP = 1728410939
SHA256 (openssh-9.9p1.tar.gz) = b343fbcdbff87f15b1986e6e15d6d4fc9a7d36066be6b7fb507087ba8f966c02
SIZE (openssh-9.9p1.tar.gz) = 1964864
TIMESTAMP = 1739980882
SHA256 (openssh-9.9p2.tar.gz) = 91aadb603e08cc285eddf965e1199d02585fa94d994d6cae5b41e1721e215673
SIZE (openssh-9.9p2.tar.gz) = 1944499
SHA256 (openssh-9.9p1-gsskex-all-debian-rh-9.9p1.patch) = b8b590024137d54394fd46ebfe32f2b081d0744abdcdcacf6dd30d1c91339864
SIZE (openssh-9.9p1-gsskex-all-debian-rh-9.9p1.patch) = 125233

6
security/openssh-portable/files/extra-patch-hpn
View file

@ -1280,11 +1280,11 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
--- work/openssh/version.h.orig 2023-12-18 06:59:50.000000000 -0800
+++ work/openssh/version.h 2024-01-08 16:22:25.632475000 -0800
--- work/openssh/version.h.orig 2025-02-18 00:15:08.000000000 -0800
+++ work/openssh/version.h 2025-02-19 07:59:36.425254000 -0800
@@ -4,3 +4,4 @@
#define SSH_PORTABLE "p1"
#define SSH_PORTABLE "p2"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+#define SSH_HPN "-hpn14v15"
--- work/openssh/kex.h.orig 2019-07-10 17:35:36.523216000 -0700