Opened 6 years ago

Closed 6 years ago

Last modified 5 years ago

#56216 closed update (fixed)

openssh: update to 7.9p1

Reported by: l2dy (Zero King) Owned by:
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc: Schamschula (Marius Schamschula)
Port: openssh

Description (last modified by yan12125 (Chih-Hsuan Yen))

Fixed, thanks slewsys!

Attachments (1)

Portfile.diff (1.1 KB) - added by danielluke (Daniel J. Luke) 6 years ago.
Simple version bump

Download all attachments as: .zip

Change History (13)

comment:1 Changed 6 years ago by Schamschula (Marius Schamschula)

Cc: Schamschula added

Changed 6 years ago by danielluke (Daniel J. Luke)

Attachment: Portfile.diff added

Simple version bump

comment:2 Changed 6 years ago by danielluke (Daniel J. Luke)

As per usual, I've tested this and it works - but I don't use the +hpn or +gsskex variants, so I didn't check to see if the patchefiles applied or work (they usually need attention after a new upstream release).

comment:3 Changed 6 years ago by Schamschula (Marius Schamschula)

I consider the +hpn variant obsolete. FreeBSD has not offered updated patches for HPN since 7.5p1 either, and has marked the port as broken if you choose to build it with the HPN variant.

comment:4 Changed 6 years ago by l2dy (Zero King)

Description: modified (diff)
Keywords: security added
Summary: openssh: update to 7.7p1openssh: update to 7.9p1

comment:5 Changed 6 years ago by l2dy (Zero King)

Description: modified (diff)
Keywords: security removed

Sorry, none of the vulnerabilities were fixed in OpenSSH 7.9.

comment:6 Changed 6 years ago by neverpanic (Clemens Lang)

I'm kinda thinking maybe we should just drop all the patches and package upstream as close as possible (some of the patches we actually need to fix bugs, but we should probably not ship the feature patches anymore considering the effort).

comment:7 Changed 6 years ago by Schamschula (Marius Schamschula)

+1

I gave up long ago and put openssh into my local tree, so I could get back to running the current version, albeit w/o those variants, which for all I can tell I never really used.

comment:8 Changed 6 years ago by yan12125 (Chih-Hsuan Yen)

This issue blocks updating OpenSSL to 1.1 (#52101). For +gsskex, dropping it might not be the best option as some servers might require it. Fortunately Debian already has a patch for OpenSSH 7.9 (1). For +hpn, I'm all for dropping it. People seeking high performance data exchanging should use other protocols.

(1) https://salsa.debian.org/ssh-team/openssh/blob/master/debian/patches/gssapi.patch

comment:10 Changed 6 years ago by slewsys (Andrew L. Moore)

In c15ce48157fd32bd5362ce868b9e32a54ea4d089/macports-ports (master):

net/openssh: Upgrade to version 7.9p1.

Prepare net/openssh for PR https://github.com/macports/macports-ports/pull/3822
Ref: #56216

Added hpn-ssh patch from FreeBSD-12 ports tree.
Added gssapi.patch from https://salsa.debian.org/ssh-team/openssh/blob/master/debian/patches/gssapi.patch

Temporarily disabled macOS keychain integration until this can be
updated to 7.9p1 APIs.

comment:11 Changed 6 years ago by yan12125 (Chih-Hsuan Yen)

Description: modified (diff)
Resolution: fixed
Status: newclosed

comment:12 Changed 5 years ago by yan12125 (Chih-Hsuan Yen)

As a side note, the discussion for the Apple keychain patch continues in ticket:59016.

Note: See TracTickets for help on using tickets.