summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/openssh-portable/Makefile5
-rw-r--r--security/openssh-portable/distinfo8
-rw-r--r--security/openssh-portable/files/extra-patch-hpn28
-rw-r--r--security/openssh-portable/files/extra-patch-hpn-compat10
-rw-r--r--security/openssh-portable/files/patch-ssh-agent.118
-rw-r--r--security/openssh-portable/files/patch-ssh-agent.c38
6 files changed, 53 insertions, 54 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index b0188ca89430..6cf668fc4280 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -1,6 +1,6 @@
PORTNAME= openssh
-DISTVERSION= 10.0p1
-PORTREVISION= 2
+DISTVERSION= 10.1p1
+PORTREVISION= 0
PORTEPOCH= 1
CATEGORIES= security
MASTER_SITES= OPENBSD/OpenSSH/portable
@@ -101,6 +101,7 @@ PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex
# Must add this patch before HPN due to conflicts
.if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi
+BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet.
. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
# Needed glue for applying HPN patch without conflict
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index 2b13cb5a64da..20ed1e88abef 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,5 +1,3 @@
-TIMESTAMP = 1759765953
-SHA256 (openssh-10.0p1.tar.gz) = 021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c
-SIZE (openssh-10.0p1.tar.gz) = 1972675
-SHA256 (openssh-10.0p1-gsskex-all-debian-rh-10.0p1.patch) = 6749430c148dacf41b396c0f7a107526e6030379ccd4f57f407993748d4a5912
-SIZE (openssh-10.0p1-gsskex-all-debian-rh-10.0p1.patch) = 126360
+TIMESTAMP = 1759763325
+SHA256 (openssh-10.1p1.tar.gz) = b9fc7a2b82579467a6f2f43e4a81c8e1dfda614ddb4f9b255aafd7020bbf0758
+SIZE (openssh-10.1p1.tar.gz) = 1972831
diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn
index 6fec82f1fc2e..412cc576fb7c 100644
--- a/security/openssh-portable/files/extra-patch-hpn
+++ b/security/openssh-portable/files/extra-patch-hpn
@@ -905,9 +905,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
.It Fl r
Recursively copy entire directories when uploading and downloading.
Note that
---- work/openssh/ssh.c.orig 2024-06-30 21:36:28.000000000 -0700
-+++ work/openssh/ssh.c 2024-07-01 13:58:31.555859000 -0700
-@@ -1070,6 +1070,14 @@ main(int ac, char **av)
+--- work/openssh/ssh.c.orig 2025-10-05 19:25:16.000000000 -0700
++++ work/openssh/ssh.c 2025-10-06 08:20:57.445863000 -0700
+@@ -1092,6 +1092,14 @@ main(int ac, char **av)
break;
case 'T':
options.request_tty = REQUEST_TTY_NO;
@@ -922,7 +922,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
break;
case 'o':
line = xstrdup(optarg);
-@@ -2159,6 +2167,78 @@ ssh_session2_setup(struct ssh *ssh, int id, int succes
+@@ -2235,6 +2243,78 @@ ssh_session2_setup(struct ssh *ssh, int id, int succes
NULL, fileno(stdin), command, environ);
}
@@ -1001,7 +1001,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
/* open new channel for a session */
static int
ssh_session2_open(struct ssh *ssh)
-@@ -2177,9 +2257,17 @@ ssh_session2_open(struct ssh *ssh)
+@@ -2253,9 +2333,17 @@ ssh_session2_open(struct ssh *ssh)
if (in == -1 || out == -1 || err == -1)
fatal("dup() in/out/err failed");
@@ -1019,22 +1019,22 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
window >>= 1;
packetmax >>= 1;
}
-@@ -2188,6 +2276,12 @@ ssh_session2_open(struct ssh *ssh)
- window, packetmax, CHAN_EXTENDED_WRITE,
+@@ -2265,6 +2353,12 @@ ssh_session2_open(struct ssh *ssh)
"client-session", CHANNEL_NONBLOCK_STDIO);
-
+ if (tty_flag)
+ channel_set_tty(ssh, c);
+#ifdef HPN_ENABLED
+ if (options.tcp_rcv_buf_poll > 0 && !options.hpn_disabled) {
+ c->dynamic_window = 1;
+ debug ("Enabled Dynamic Window Scaling");
+ }
+#endif
- debug3_f("channel_new: %d", c->self);
+ debug3_f("channel_new: %d%s", c->self, tty_flag ? " (tty)" : "");
channel_send_open(ssh, c->self);
-@@ -2203,6 +2297,15 @@ ssh_session2(struct ssh *ssh, const struct ssh_conn_in
+@@ -2280,6 +2374,15 @@ ssh_session2(struct ssh *ssh, const struct ssh_conn_in
{
- int r, interactive, id = -1;
+ int r, id = -1;
char *cp, *tun_fwd_ifname = NULL;
+
+#ifdef HPN_ENABLED
@@ -1267,11 +1267,11 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
---- work/openssh/version.h.orig 2025-02-18 00:15:08.000000000 -0800
-+++ work/openssh/version.h 2025-02-19 07:59:36.425254000 -0800
+--- work/openssh/version.h.orig 2025-10-05 19:25:16.000000000 -0700
++++ work/openssh/version.h 2025-10-06 08:19:38.217160000 -0700
@@ -4,3 +4,4 @@
- #define SSH_PORTABLE "p2"
+ #define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+#define SSH_HPN "-hpn14v15"
--- work/openssh/kex.h.orig 2019-07-10 17:35:36.523216000 -0700
diff --git a/security/openssh-portable/files/extra-patch-hpn-compat b/security/openssh-portable/files/extra-patch-hpn-compat
index ef6542e0e64a..58c2d7a0e0e7 100644
--- a/security/openssh-portable/files/extra-patch-hpn-compat
+++ b/security/openssh-portable/files/extra-patch-hpn-compat
@@ -16,12 +16,12 @@ r294563 was incomplete; re-add the client-side options as well.
------------------------------------------------------------------------
---- readconf.c.orig 2025-04-09 00:02:43.000000000 -0700
-+++ readconf.c 2025-04-10 21:55:30.974643000 -0700
-@@ -332,6 +332,12 @@ static struct {
- { "obscurekeystroketiming", oObscureKeystrokeTiming },
- { "channeltimeout", oChannelTimeout },
+--- readconf.c.orig 2025-10-05 19:25:16.000000000 -0700
++++ readconf.c 2025-10-06 08:47:03.024775000 -0700
+@@ -328,6 +328,12 @@ static struct {
{ "versionaddendum", oVersionAddendum },
+ { "refuseconnection", oRefuseConnection },
+ { "warnweakcrypto", oWarnWeakCrypto },
+ { "hpndisabled", oDeprecated },
+ { "hpnbuffersize", oDeprecated },
+ { "tcprcvbufpoll", oDeprecated },
diff --git a/security/openssh-portable/files/patch-ssh-agent.1 b/security/openssh-portable/files/patch-ssh-agent.1
index 8e5a9777519f..d44465be3124 100644
--- a/security/openssh-portable/files/patch-ssh-agent.1
+++ b/security/openssh-portable/files/patch-ssh-agent.1
@@ -4,21 +4,21 @@ r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines
Add a -x option that causes ssh-agent(1) to exit when all clients have
disconnected.
---- ssh-agent.1.orig 2020-02-13 16:40:54.000000000 -0800
-+++ ssh-agent.1 2020-03-21 17:03:22.952068000 -0700
+--- ssh-agent.1.orig 2025-10-05 19:25:16.000000000 -0700
++++ ssh-agent.1 2025-10-06 08:30:26.521757000 -0700
@@ -43,7 +43,7 @@
.Sh SYNOPSIS
.Nm ssh-agent
.Op Fl c | s
--.Op Fl \&Dd
-+.Op Fl \&Ddx
+-.Op Fl \&DdTU
++.Op Fl \&DdTUx
.Op Fl a Ar bind_address
.Op Fl E Ar fingerprint_hash
- .Op Fl P Ar provider_whitelist
-@@ -125,6 +125,8 @@ A lifetime specified for an identity with
- .Xr ssh-add 1
- overrides this value.
- Without this option the default maximum lifetime is forever.
+ .Op Fl O Ar option
+@@ -203,6 +203,8 @@ will delete stale agent sockets regardless of the host
+ If this option is given twice,
+ .Nm
+ will delete stale agent sockets regardless of the host name that created them.
+.It Fl x
+Exit after the last client has disconnected.
.It Ar command Op Ar arg ...
diff --git a/security/openssh-portable/files/patch-ssh-agent.c b/security/openssh-portable/files/patch-ssh-agent.c
index cd85012d883f..b17027d0e340 100644
--- a/security/openssh-portable/files/patch-ssh-agent.c
+++ b/security/openssh-portable/files/patch-ssh-agent.c
@@ -8,11 +8,11 @@ r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines
Add a -x option that causes ssh-agent(1) to exit when all clients have
disconnected.
---- ssh-agent.c.orig 2023-12-18 06:59:50.000000000 -0800
-+++ ssh-agent.c 2023-12-19 17:16:22.128981000 -0800
-@@ -196,11 +196,28 @@
- /* Refuse signing of non-SSH messages for web-origin FIDO keys */
+--- ssh-agent.c.orig 2025-10-05 19:25:16.000000000 -0700
++++ ssh-agent.c 2025-10-06 08:33:47.247562000 -0700
+@@ -193,11 +193,28 @@ static char *websafe_allowlist;
static int restrict_websafe = 1;
+ static char *websafe_allowlist;
+/*
+ * Client connection count; incremented in new_socket() and decremented in
@@ -39,7 +39,7 @@ disconnected.
close(e->fd);
sshbuf_free(e->input);
sshbuf_free(e->output);
-@@ -213,6 +230,8 @@
+@@ -210,6 +227,8 @@ close_socket(SocketEntry *e)
memset(e, '\0', sizeof(*e));
e->fd = -1;
e->type = AUTH_UNUSED;
@@ -48,7 +48,7 @@ disconnected.
}
static void
-@@ -1893,6 +1912,10 @@
+@@ -1887,6 +1906,10 @@ new_socket(sock_type type, int fd)
debug_f("type = %s", type == AUTH_CONNECTION ? "CONNECTION" :
(type == AUTH_SOCKET ? "SOCKET" : "UNKNOWN"));
@@ -59,16 +59,16 @@ disconnected.
set_nonblock(fd);
if (fd > max_fd)
-@@ -2184,7 +2207,7 @@
+@@ -2177,7 +2200,7 @@ usage(void)
usage(void)
{
fprintf(stderr,
-- "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n"
-+ "usage: ssh-agent [-c | -s] [-Ddx] [-a bind_address] [-E fingerprint_hash]\n"
+- "usage: ssh-agent [-c | -s] [-DdTU] [-a bind_address] [-E fingerprint_hash]\n"
++ "usage: ssh-agent [-c | -s] [-DdTUx] [-a bind_address] [-E fingerprint_hash]\n"
" [-O option] [-P allowed_providers] [-t life]\n"
- " ssh-agent [-a bind_address] [-E fingerprint_hash] [-O option]\n"
+ " ssh-agent [-TU] [-a bind_address] [-E fingerprint_hash] [-O option]\n"
" [-P allowed_providers] [-t life] command [arg ...]\n"
-@@ -2218,6 +2241,7 @@
+@@ -2218,6 +2241,7 @@ main(int ac, char **av)
/* drop */
(void)setegid(getgid());
(void)setgid(getgid());
@@ -76,22 +76,22 @@ disconnected.
platform_disable_tracing(0); /* strict=no */
-@@ -2229,7 +2253,7 @@
+@@ -2229,7 +2253,7 @@ main(int ac, char **av)
__progname = ssh_get_progname(av[0]);
seed_rng();
-- while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:")) != -1) {
-+ while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:x")) != -1) {
+- while ((ch = getopt(ac, av, "cDdksTuUE:a:O:P:t:")) != -1) {
++ while ((ch = getopt(ac, av, "cDdksTuUE:a:O:P:t:x")) != -1) {
switch (ch) {
case 'E':
fingerprint_hash = ssh_digest_alg_by_name(optarg);
-@@ -2280,6 +2304,9 @@
- fprintf(stderr, "Invalid lifetime\n");
+@@ -2286,6 +2310,9 @@ main(int ac, char **av)
usage();
}
-+ break;
+ break;
+ case 'x':
+ xcount = 0;
++ break;
+ case 'T':
+ T_flag++;
break;
- default:
- usage();
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-20 05:25:16 +0000