Created attachment 223403 [details]
Update to 8.5p1.
Release Notes: https://www.openssh.com/txt/release-8.5
Please keep in mind that currently following options are broken.
Vulnerability fixed in this release is documented in bug #254258. So please commit it together.
Please never wait to commit a vuxml entry. It makes no sense to not tell users about the problem until we have a fix. They deserve to know there is a problem and address it however they can regardless of us having a fix. We're not talking about an unpublished issue here so we should not hide it from our users.
Thank you for this. I'll get it in with fixing the other patches. They are usually more trivial than they appear.
(In reply to Bryan Drewery from comment #2)
As for HPN option, I updated extra-patch-hpn so at least it can be applied cleanly. But I couldn't fix the build error that caused by `datafellows` variable in hpn_options_init() function.
For the CVE I am going to apply the more limited patch from upstream at https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig
And then spend a few days on 8.5 making sure `make test` passes. Thanks for the initial work. It will speed it up a lot.
(In reply to Yasuhiro Kimura from comment #3)
One more comment about extra-patch-hpn. There is non-trivial change about compat.c and I'm not fully sure if it is proper. So please double-check it.
A commit in branch main references this bug:
Author: Bryan Drewery <bdrewery@FreeBSD.org>
AuthorDate: 2021-04-28 20:15:54 +0000
Commit: Bryan Drewery <bdrewery@FreeBSD.org>
CommitDate: 2021-04-29 16:05:55 +0000
security/openssh-portable: Update to 8.6p1
- gssapi is disabled for now.
Submitted by: Yasuhiro Kimura [earlier version]
PR: 254389 
security/openssh-portable/Makefile | 8 +-
security/openssh-portable/distinfo | 8 +-
.../openssh-portable/files/extra-patch-blacklistd | 44 +++----
security/openssh-portable/files/extra-patch-hpn | 144 +++++++++------------
.../openssh-portable/files/extra-patch-hpn-compat | 8 +-
.../openssh-portable/files/patch-auth.c (gone) | 21 ---
.../openssh-portable/files/patch-readconf.c (gone) | 22 ----
security/openssh-portable/files/patch-session.c | 20 +--
security/openssh-portable/files/patch-ssh-agent.c | 27 ++--
security/openssh-portable/files/patch-ssh_config.5 | 14 --
security/openssh-portable/files/patch-sshd.c | 43 +++---
.../files/patch-zz-8.4-CVE-2021-28041 (gone) | 32 -----
12 files changed, 143 insertions(+), 248 deletions(-)