Created attachment 223403 [details] Patch file Update to 8.5p1. Release Notes: https://www.openssh.com/txt/release-8.5 Please keep in mind that currently following options are broken. * HPN * KERB_GSSAPI * NONECIPHER * HEIMDAL_BASE Vulnerability fixed in this release is documented in bug #254258. So please commit it together.
Please never wait to commit a vuxml entry. It makes no sense to not tell users about the problem until we have a fix. They deserve to know there is a problem and address it however they can regardless of us having a fix. We're not talking about an unpublished issue here so we should not hide it from our users.
Thank you for this. I'll get it in with fixing the other patches. They are usually more trivial than they appear.
(In reply to Bryan Drewery from comment #2) As for HPN option, I updated extra-patch-hpn so at least it can be applied cleanly. But I couldn't fix the build error that caused by `datafellows` variable in hpn_options_init() function. Just FYI.
For the CVE I am going to apply the more limited patch from upstream at https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig And then spend a few days on 8.5 making sure `make test` passes. Thanks for the initial work. It will speed it up a lot.
(In reply to Yasuhiro Kimura from comment #3) One more comment about extra-patch-hpn. There is non-trivial change about compat.c and I'm not fully sure if it is proper. So please double-check it.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=de9fffcec89b58fb6f77b72a55975eccb01eb480 commit de9fffcec89b58fb6f77b72a55975eccb01eb480 Author: Bryan Drewery <bdrewery@FreeBSD.org> AuthorDate: 2021-04-28 20:15:54 +0000 Commit: Bryan Drewery <bdrewery@FreeBSD.org> CommitDate: 2021-04-29 16:05:55 +0000 security/openssh-portable: Update to 8.6p1 - gssapi is disabled for now. Changes: - https://www.openssh.com/txt/release-8.5 - https://www.openssh.com/txt/release-8.6 Submitted by: Yasuhiro Kimura [earlier version][1] PR: 254389 [1] security/openssh-portable/Makefile | 8 +- security/openssh-portable/distinfo | 8 +- .../openssh-portable/files/extra-patch-blacklistd | 44 +++---- security/openssh-portable/files/extra-patch-hpn | 144 +++++++++------------ .../openssh-portable/files/extra-patch-hpn-compat | 8 +- .../openssh-portable/files/patch-auth.c (gone) | 21 --- .../openssh-portable/files/patch-readconf.c (gone) | 22 ---- security/openssh-portable/files/patch-session.c | 20 +-- security/openssh-portable/files/patch-ssh-agent.c | 27 ++-- security/openssh-portable/files/patch-ssh_config.5 | 14 -- security/openssh-portable/files/patch-sshd.c | 43 +++--- .../files/patch-zz-8.4-CVE-2021-28041 (gone) | 32 ----- 12 files changed, 143 insertions(+), 248 deletions(-)