<pre style='margin:0'>
Blair Zajac (blair) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/9dd69e16170cc19255e7179eff54324a9be81879">https://github.com/macports/macports-ports/commit/9dd69e16170cc19255e7179eff54324a9be81879</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 9dd69e16170 openssh: update to 8.8p1, drop CVE-2021-28041 and fido patches
</span>9dd69e16170 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 9dd69e16170cc19255e7179eff54324a9be81879
</span>Author: Blair Zajac <blair@macports.org>
AuthorDate: Fri Oct 8 23:30:47 2021 -0700
<span style='display:block; white-space:pre;color:#404040;'> openssh: update to 8.8p1, drop CVE-2021-28041 and fido patches
</span>---
net/openssh/Portfile | 14 ++----
net/openssh/files/agent.patch | 2 +-
net/openssh/files/openssh-8.4p1-fido2.patch | 53 ----------------------
net/openssh/files/patch-zz-8.4-CVE-2021-28041.diff | 32 -------------
4 files changed, 6 insertions(+), 95 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/openssh/Portfile b/net/openssh/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index ea573135304..8dd8436b67a 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/openssh/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/openssh/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -5,8 +5,8 @@ PortSystem 1.0
</span> PortGroup compiler_blacklist_versions 1.0
name openssh
<span style='display:block; white-space:pre;background:#ffe0e0;'>-version 8.4p1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-revision 6
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version 8.8p1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 0
</span> categories net
platforms darwin
maintainers nomaintainer
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -29,9 +29,9 @@ long_description OpenSSH is a FREE version of the SSH protocol suite of \
</span>
homepage https://www.openbsd.org/openssh/
<span style='display:block; white-space:pre;background:#ffe0e0;'>-checksums rmd160 2d3eec0b56f7edef5d50b8defa2f143ffee5c65a \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sha256 5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- size 1742201
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+checksums rmd160 6ba3f5af90f960e1add6f81c1173adee8197e705 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sha256 4590890ea9bb9ace4f71ae331785a3a5823232435161960ed5fc86588f331fe9 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ size 1815060
</span>
master_sites openbsd:OpenSSH/portable \
ftp://ftp.cise.ufl.edu/pub/mirrors/openssh/portable/ \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -53,9 +53,6 @@ if {${name} eq ${subport}} {
</span> patch-sshd.c-apple-sandbox-named-external.diff \
macports-config.patch
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # OpenBSD patch for CVE-2021-28041, remove after upgrading to >= 8.5p1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- patchfiles-append patch-zz-8.4-CVE-2021-28041.diff
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span> # We need a couple of patches
# - pam.patch
# getpwnam(3) on OS X always returns "*********" in the pw_passwd field even
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -204,7 +201,6 @@ if {${name} eq ${subport}} {
</span> variant fido2 description "Enable fido2 support" {
configure.args-delete --without-security-key-builtin
configure.args-append --with-security-key-builtin
<span style='display:block; white-space:pre;background:#ffe0e0;'>- patchfiles-append openssh-8.4p1-fido2.patch
</span> depends_lib-append port:libfido2
}
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/openssh/files/agent.patch b/net/openssh/files/agent.patch
</span><span style='display:block; white-space:pre;color:#808080;'>index 32ff7767569..d787a2052f2 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/openssh/files/agent.patch
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/openssh/files/agent.patch
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -18,7 +18,7 @@
</span> + #ifdef __APPLE_LAUNCHD__
+ int l_flag = 0;
+ #endif
<span style='display:block; white-space:pre;background:#ffe0e0;'>- int sock, fd, ch, result, saved_errno;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ int sock, ch, result, saved_errno;
</span> char *shell, *format, *pidstr, *agentsocket = NULL;
#ifdef HAVE_SETRLIMIT
@@ -1119,7 +1126,11 @@ main(int ac, char **av)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/openssh/files/openssh-8.4p1-fido2.patch b/net/openssh/files/openssh-8.4p1-fido2.patch
</span>deleted file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index f932225a3bd..00000000000
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/openssh/files/openssh-8.4p1-fido2.patch
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,53 +0,0 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Fix for +fido2 variant compilation for 8.4p1.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Addresses https://trac.macports.org/ticket/62890.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-The first part of this is a commit picked from upstream making sure that the
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-correct variant of the "sha2.h" file is being included.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-The second part seemed to be necessary for exactly the same reason in
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-sk-usbhid.c although it was not applied upstream and doesn't seem to need to be.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-I simply remove the reference to <sha2.h> because the openbsd-compat version is
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-already referenced in "includes.h".
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-From 86cc8ce002ea10e88a4c5d622a8fdfab8a7d261f Mon Sep 17 00:00:00 2001
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-From: Damien Miller <djm@mindrot.org>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Date: Sat, 3 Oct 2020 13:38:55 +1000
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Subject: [PATCH] use relative rather than system include here
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>----
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- openbsd-compat/sha2.c | 2 +-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- 1 file changed, 1 insertion(+), 1 deletion(-)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-index e36cc24e..ce936e26 100644
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/openbsd-compat/sha2.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/openbsd-compat/sha2.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -45,7 +45,7 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #define MAKE_CLONE(x, y) void __ssh_compat_make_clone_##x_##y(void)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <string.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#include <sha2.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+#include "openbsd-compat/sha2.h"
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- /*
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- * UNROLLED TRANSFORM LOOP NOTE:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- a/sk-usbhid.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ b/sk-usbhid.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -26,9 +26,6 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <stdio.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <stddef.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <stdarg.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#ifdef HAVE_SHA2_H
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#include <sha2.h>
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--#endif
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #ifdef WITH_OPENSSL
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- #include <openssl/opensslv.h>
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/openssh/files/patch-zz-8.4-CVE-2021-28041.diff b/net/openssh/files/patch-zz-8.4-CVE-2021-28041.diff
</span>deleted file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index be1012a14dd..00000000000
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/openssh/files/patch-zz-8.4-CVE-2021-28041.diff
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -1,32 +0,0 @@
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-untrusted comment: verify with openbsd-68-base.pub
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-RWQZj25CSG5R2lgsgSLgQjjy3/BFahe7C64NJOej05Naf0mm//TKykuXL7pxOVsY5rnXH0A6vBdO5UNx7PkuTxLOACHx5xV7Gws=
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-OpenBSD 6.8 errata 015, March 4, 2021:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Double free in ssh-agent(1)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Apply by doing:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- signify -Vep /etc/signify/openbsd-68-base.pub -x 015_sshagent.patch.sig \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -m - | (cd /usr/src && patch -p0)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-And then rebuild and install ssh (as well as ssh-agent)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- cd /usr/src/usr.bin/ssh
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- make obj
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- make clean
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- make
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- make install
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-Index: usr.bin/ssh/ssh-agent.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-===================================================================
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-RCS file: /cvs/src/usr.bin/ssh/ssh-agent.c,v
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-diff -u -p -u -r1.264 ssh-agent.c
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>---- ssh/ssh-agent.c 18 Sep 2020 08:16:38 -0000 1.264
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+++ ssh/ssh-agent.c 3 Mar 2021 01:08:25 -0000
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-@@ -567,6 +567,7 @@ process_add_identity(SocketEntry *e)
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- goto err;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- }
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- free(ext_name);
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-+ ext_name = NULL;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- break;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- default:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- error("%s: Unknown constraint %d", __func__, ctype);
</span></pre><pre style='margin:0'>
</pre>