From 877f46fba99fa539bc9ac9cd3aca6a44c682bfad Mon Sep 17 00:00:00 2001 From: Enno Boland Date: Thu, 14 Jan 2016 16:33:10 +0100 Subject: [PATCH] openssh: update to 7.1p2. --- srcpkgs/openssh/patches/010_ssh.patch | 61 --------------------------- srcpkgs/openssh/template | 6 +-- 2 files changed, 3 insertions(+), 64 deletions(-) delete mode 100644 srcpkgs/openssh/patches/010_ssh.patch diff --git a/srcpkgs/openssh/patches/010_ssh.patch b/srcpkgs/openssh/patches/010_ssh.patch deleted file mode 100644 index d6d8fc96de0..00000000000 --- a/srcpkgs/openssh/patches/010_ssh.patch +++ /dev/null @@ -1,61 +0,0 @@ -OpenBSD 5.8 errata 10, Jan 14, 2016: - -Experimental roaming code in the ssh client could be tricked by a hostile sshd -server, potentially leaking key material. CVE-2016-077 and CVE-0216-078. -Prevent this problem immediately by adding the line "UseRoaming no" to -/etc/ssh/ssh_config. - -Apply by doing: - signify -Vep /etc/signify/openbsd-58-base.pub -x 010_ssh.patch.sig \ - -m - | (cd /usr/src && patch -p0) - -And then rebuild and install sshd: - cd /usr/src/usr.bin/ssh - make obj - make depend - make - make install - -Index: usr.bin/ssh/readconf.c -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/readconf.c,v -retrieving revision 1.239 -diff -u -p -r1.239 readconf.c ---- readconf.c 30 Jul 2015 00:01:34 -0000 1.239 -+++ readconf.c 13 Jan 2016 23:17:23 -0000 -@@ -1648,7 +1648,7 @@ initialize_options(Options * options) - options->tun_remote = -1; - options->local_command = NULL; - options->permit_local_command = -1; -- options->use_roaming = -1; -+ options->use_roaming = 0; - options->visual_host_key = -1; - options->ip_qos_interactive = -1; - options->ip_qos_bulk = -1; -@@ -1819,8 +1819,7 @@ fill_default_options(Options * options) - options->tun_remote = SSH_TUNID_ANY; - if (options->permit_local_command == -1) - options->permit_local_command = 0; -- if (options->use_roaming == -1) -- options->use_roaming = 1; -+ options->use_roaming = 0; - if (options->visual_host_key == -1) - options->visual_host_key = 0; - if (options->ip_qos_interactive == -1) -Index: usr.bin/ssh/ssh.c -=================================================================== -RCS file: /cvs/src/usr.bin/ssh/ssh.c,v -retrieving revision 1.420 -diff -u -p -r1.420 ssh.c ---- ssh.c 30 Jul 2015 00:01:34 -0000 1.420 -+++ ssh.c 13 Jan 2016 23:17:23 -0000 -@@ -1882,9 +1882,6 @@ ssh_session2(void) - fork_postauth(); - } - -- if (options.use_roaming) -- request_roaming(); -- - return client_loop(tty_flag, tty_flag ? - options.escape_char : SSH_ESCAPECHAR_NONE, id); - } diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template index 91bd0987fc0..9a6b6e27b82 100644 --- a/srcpkgs/openssh/template +++ b/srcpkgs/openssh/template @@ -1,7 +1,7 @@ # Template file for 'openssh' pkgname=openssh -version=7.1p1 -revision=2 +version=7.1p2 +revision=1 build_style=gnu-configure configure_args="--sbindir=/usr/bin --datadir=/usr/share/openssh --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody @@ -20,7 +20,7 @@ maintainer="Juan RP " homepage="http://www.openssh.org" license="BSD" distfiles="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$version.tar.gz" -checksum=fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428 +checksum=dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd # Package build options build_options="openssh_identitypersist ldns ssl"