Using options: BLACKLISTD=on: FreeBSD blacklistd(8) support BSM=off: OpenBSM Auditing Run "portmaser -d openssh-portable" and result as follows ===> Cleaning for openssh-portable-9.8.p1,1 ===> License OPENSSH accepted by the user ===> openssh-portable-9.8.p1,1 depends on file: /usr/local/sbin/pkg - found ===> Fetching all distfiles required by openssh-portable-9.8.p1,1 for building ===> Extracting for openssh-portable-9.8.p1,1 => SHA256 Checksum OK for openssh-9.8p1.tar.gz. ===> Patching for openssh-portable-9.8.p1,1 ===> Applying extra patch /usr/ports/security/openssh-portable/files/extra-patch-blacklistd 1 out of 2 hunks failed--saving rejects to auth-pam.c.rej No such line 2224 in input file, ignoring 3 out of 3 hunks failed--saving rejects to sshd.c.rej ===> FAILED Applying extra patch /usr/ports/security/openssh-portable/files/extra-patch-blacklistd *** Error code 1 Stop. make[1]: stopped in /usr/ports/security/openssh-portable *** Error code 1 Thanks a lot.
I think you could change the importance. It effects every one who uses the blacklistd patch.
(In reply to aaron from comment #1) Thanks you, importance changed.
Created attachment 252576 [details] Candidate replacement for extra-patch-blacklistd This patches and compiles (on FreeBSD 13.3-RELEASE_p3 amd64). sshd works. Haven't verified that blacklistd is successfully integrated.
(In reply to Kenneth Graves from comment #3) Your patch file integrated and build successful. Thanks you very much. About status of the bug, keep "New" until official ports integrate your patch to fix?
(In reply to Kenneth Graves from comment #3) Addition... Build successful but connect failed as follows $ /usr/local/bin/ssh 10.0.3.254 -vv OpenSSH_9.7p1, OpenSSL 3.0.13 30 Jan 2024 debug2: resolve_canonicalize: hostname 10.0.3.254 is address debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling debug1: Connecting to 10.0.3.254 [10.0.3.254] port 2222. debug1: Connection established. debug1: identity file /home/login/.ssh/id_rsa type -1 debug1: identity file /home/login/.ssh/id_rsa-cert type -1 debug1: identity file /home/login/.ssh/id_ecdsa type -1 debug1: identity file /home/login/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/login/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/login/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/login/.ssh/id_ed25519 type -1 debug1: identity file /home/login/.ssh/id_ed25519-cert type -1 debug1: identity file /home/login/.ssh/id_ed25519_sk type -1 debug1: identity file /home/login/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/login/.ssh/id_xmss type -1 debug1: identity file /home/login/.ssh/id_xmss-cert type -1 debug1: identity file /home/login/.ssh/id_dsa type -1 debug1: identity file /home/login/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.7-hpn14v15 kex_exchange_identification: Connection closed by remote host Connection closed by 10.0.3.254 port 2222 Root cause unknown Prevent lost ssh connect with server, I rollbacke to v9.7p1. Thanks a lot.
Created attachment 254125 [details] 9.9.p1,1 version of extra-patch-blacklistd Minor update of the patch to work on the new openssh-portable version. I don't use -hpn or -gssapi, so I don't know if it will work with those.
MARKED AS SPAM
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=28bb20eaf642aa9d6f517f61d16aeb4694e716df commit 28bb20eaf642aa9d6f517f61d16aeb4694e716df Author: Jose Luis Duran <jlduran@FreeBSD.org> AuthorDate: 2025-10-11 16:15:20 +0000 Commit: Bryan Drewery <bdrewery@FreeBSD.org> CommitDate: 2025-10-11 17:29:47 +0000 security/openssh-portable: Sync blocklist with base, include by default. The patch is included by default in base as well. It remains off by default though. Added glue for HPN patch to apply. Reviewed By: bdrewery Differential Revision: https://reviews.freebsd.org/D52880 PR: 280203 security/openssh-portable/Makefile | 12 +- .../openssh-portable/files/extra-patch-blacklistd | 387 +++++++++++---------- security/openssh-portable/files/extra-patch-hpn | 16 +- .../files/extra-patch-no-blocklistd-hpn-glue (new) | 27 ++ 4 files changed, 241 insertions(+), 201 deletions(-)
A commit in branch 2025Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=08772b31e1711e6803d1993fc98a6d62ec804924 commit 08772b31e1711e6803d1993fc98a6d62ec804924 Author: Jose Luis Duran <jlduran@FreeBSD.org> AuthorDate: 2025-10-11 16:15:20 +0000 Commit: Bryan Drewery <bdrewery@FreeBSD.org> CommitDate: 2025-10-11 17:59:00 +0000 security/openssh-portable: Sync blocklist with base Quarterly: Not enabled by default here as in main. Added glue for HPN patch to apply. Reviewed By: bdrewery Differential Revision: https://reviews.freebsd.org/D52880 PR: 280203 (cherry picked from commit 28bb20eaf642aa9d6f517f61d16aeb4694e716df) security/openssh-portable/Makefile | 10 +- .../openssh-portable/files/extra-patch-blacklistd | 387 +++++++++++---------- security/openssh-portable/files/extra-patch-hpn | 16 +- .../files/extra-patch-no-blocklistd-hpn-glue (new) | 27 ++ 4 files changed, 240 insertions(+), 200 deletions(-)
^Triage: committed.