#56216 closed update (fixed)
openssh: update to 7.9p1
Reported by: | l2dy (Zero King) | Owned by: | |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | |
Keywords: | Cc: | Schamschula (Marius Schamschula) | |
Port: | openssh |
Description (last modified by yan12125 (Chih-Hsuan Yen))
Fixed, thanks slewsys!
Attachments (1)
Change History (13)
comment:1 Changed 7 years ago by Schamschula (Marius Schamschula)
Cc: | Schamschula added |
---|
Changed 7 years ago by danielluke (Daniel J. Luke)
Attachment: | Portfile.diff added |
---|
comment:2 Changed 7 years ago by danielluke (Daniel J. Luke)
As per usual, I've tested this and it works - but I don't use the +hpn or +gsskex variants, so I didn't check to see if the patchefiles applied or work (they usually need attention after a new upstream release).
comment:3 Changed 7 years ago by Schamschula (Marius Schamschula)
I consider the +hpn variant obsolete. FreeBSD has not offered updated patches for HPN since 7.5p1 either, and has marked the port as broken if you choose to build it with the HPN variant.
comment:4 Changed 6 years ago by l2dy (Zero King)
Description: | modified (diff) |
---|---|
Keywords: | security added |
Summary: | openssh: update to 7.7p1 → openssh: update to 7.9p1 |
comment:5 Changed 6 years ago by l2dy (Zero King)
Description: | modified (diff) |
---|---|
Keywords: | security removed |
Sorry, none of the vulnerabilities were fixed in OpenSSH 7.9.
comment:6 Changed 6 years ago by neverpanic (Clemens Lang)
I'm kinda thinking maybe we should just drop all the patches and package upstream as close as possible (some of the patches we actually need to fix bugs, but we should probably not ship the feature patches anymore considering the effort).
comment:7 Changed 6 years ago by Schamschula (Marius Schamschula)
+1
I gave up long ago and put openssh into my local tree, so I could get back to running the current version, albeit w/o those variants, which for all I can tell I never really used.
comment:8 Changed 6 years ago by yan12125 (Chih-Hsuan Yen)
This issue blocks updating OpenSSL to 1.1 (#52101). For +gsskex, dropping it might not be the best option as some servers might require it. Fortunately Debian already has a patch for OpenSSH 7.9 (1). For +hpn, I'm all for dropping it. People seeking high performance data exchanging should use other protocols.
(1) https://salsa.debian.org/ssh-team/openssh/blob/master/debian/patches/gssapi.patch
comment:9 Changed 6 years ago by Schamschula (Marius Schamschula)
FreeBSD Freshports also has a patch for hpn.
comment:10 Changed 6 years ago by slewsys (Andrew L. Moore)
comment:11 Changed 6 years ago by yan12125 (Chih-Hsuan Yen)
Description: | modified (diff) |
---|---|
Resolution: | → fixed |
Status: | new → closed |
comment:12 Changed 5 years ago by yan12125 (Chih-Hsuan Yen)
As a side note, the discussion for the Apple keychain patch continues in ticket:59016.
Simple version bump