[MacPorts] #53108: openssh 7.4p1 release

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[MacPorts] #53108: openssh 7.4p1 release

MacPorts
#53108: openssh 7.4p1 release
------------------------+---------------------
 Reporter:  danielluke  |      Owner:
     Type:  defect      |     Status:  new
 Priority:  Normal      |  Milestone:
Component:  ports       |    Version:
 Keywords:              |       Port:  openssh
------------------------+---------------------
 As per usual, a simple version bump works for me (but I did not test the
 +hpn or +gsskex variants - which usually need some attention).

--
Ticket URL: <https://trac.macports.org/ticket/53108>
MacPorts <https://www.macports.org/>
Ports system for macOS
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MacPorts] #53108: openssh 7.4p1 release

MacPorts
#53108: openssh 7.4p1 release
-------------------------+-----------------
  Reporter:  danielluke  |      Owner:
      Type:  defect      |     Status:  new
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:
Resolution:              |   Keywords:
      Port:  openssh     |
-------------------------+-----------------
Changes (by danielluke):

 * Attachment "openssh_version_bump.diff" added.

 simple version bump

--
Ticket URL: <https://trac.macports.org/ticket/53108>
MacPorts <https://www.macports.org/>
Ports system for macOS
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MacPorts] #53108: openssh 7.4p1 release

MacPorts
In reply to this post by MacPorts
#53108: openssh 7.4p1 release
-------------------------+----------------------
  Reporter:  danielluke  |      Owner:
      Type:  update      |     Status:  new
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:
Resolution:              |   Keywords:  haspatch
      Port:  openssh     |
-------------------------+----------------------
Changes (by mf2k):

 * keywords:   => haspatch
 * type:  defect => update


--
Ticket URL: <https://trac.macports.org/ticket/53108#comment:1>
MacPorts <https://www.macports.org/>
Ports system for macOS
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MacPorts] #53108: openssh 7.4p1 release

MacPorts
In reply to this post by MacPorts
#53108: openssh 7.4p1 release
-------------------------+----------------------
  Reporter:  danielluke  |      Owner:
      Type:  update      |     Status:  new
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:
Resolution:              |   Keywords:  haspatch
      Port:  openssh     |
-------------------------+----------------------

Comment (by myrkraverk):

 There are at least two relevant CVEs so I'd like to bump up the priority.

 https://bugs.chromium.org/p/project-zero/issues/detail?id=1010

 https://bugs.chromium.org/p/project-zero/issues/detail?id=1009

--
Ticket URL: <https://trac.macports.org/ticket/53108#comment:3>
MacPorts <https://www.macports.org/>
Ports system for macOS
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MacPorts] #53108: openssh 7.4p1 release

MacPorts
In reply to this post by MacPorts
#53108: openssh 7.4p1 release
-------------------------+----------------------
  Reporter:  danielluke  |      Owner:
      Type:  update      |     Status:  new
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:
Resolution:              |   Keywords:  haspatch
      Port:  openssh     |
-------------------------+----------------------

Comment (by raimue):

 Replying to [comment:3 myrkraverk]:
 > There are at least two relevant CVEs so I'd like to bump up the
 priority.
 >
 > https://bugs.chromium.org/p/project-zero/issues/detail?id=1010

 Bug against sshd.

 > https://bugs.chromium.org/p/project-zero/issues/detail?id=1009

 Bug against ssh-agent.

 Both of these binaries are usually the version provided by Apple, unless
 you explicitly exposed the MacPorts version by changing your system
 configuration. Upgrading MacPorts will not remove the attack vector.

--
Ticket URL: <https://trac.macports.org/ticket/53108#comment:5>
MacPorts <https://www.macports.org/>
Ports system for macOS
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MacPorts] #53108: openssh 7.4p1 release

MacPorts
In reply to this post by MacPorts
#53108: openssh 7.4p1 release
-------------------------+----------------------
  Reporter:  danielluke  |      Owner:
      Type:  update      |     Status:  new
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:
Resolution:              |   Keywords:  haspatch
      Port:  openssh     |
-------------------------+----------------------

Comment (by myrkraverk):

 Replying to [comment:5 raimue]:
 > Both of these binaries are usually the version provided by Apple, unless
 you explicitly exposed the MacPorts version by changing your system
 configuration. Upgrading MacPorts will not remove the attack vector.

 Ok, so purely installing MacPorts is not sufficient, but can I still use
 the provided ssh-agent by changing my system config to use it? Or is it
 incompatible somehow?

 Right now I'm less concerned about the SSH daemon than the agent.

--
Ticket URL: <https://trac.macports.org/ticket/53108#comment:6>
MacPorts <https://www.macports.org/>
Ports system for macOS
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MacPorts] #53108: openssh 7.4p1 release

MacPorts
In reply to this post by MacPorts
#53108: openssh 7.4p1 release
-------------------------+----------------------
  Reporter:  danielluke  |      Owner:  Ionic
      Type:  update      |     Status:  accepted
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:
Resolution:              |   Keywords:  haspatch
      Port:  openssh     |
-------------------------+----------------------
Changes (by Ionic):

 * status:  new => accepted
 * owner:   => Ionic


Comment:

 You could, but it doesn't make a whole lot of sense. In theory, the
 MacPorts ssh-agent binary should be compatible to the Apple-provided one,
 although I've had reports of it crashing for users with me being unable to
 reproduce it.

 The gist is that switching to the MacPorts-provided ssh-agent binary as
 your system daemon only really makes sense if you want to use key types
 that are not supported by the system version, especially on older systems,
 as Apple is generally not updating software they ship within a release
 (short of bugfixes.)

 I can't promise an update soonishly, will probably take me few weeks.

--
Ticket URL: <https://trac.macports.org/ticket/53108#comment:8>
MacPorts <https://www.macports.org/>
Ports system for macOS
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MacPorts] #53108: openssh 7.4p1 release

MacPorts
In reply to this post by MacPorts
#53108: openssh 7.4p1 release
-------------------------+----------------------
  Reporter:  danielluke  |      Owner:  Ionic
      Type:  update      |     Status:  accepted
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:
Resolution:              |   Keywords:  haspatch
      Port:  openssh     |
-------------------------+----------------------

Comment (by Schamschula):

 I'm more concerned about missing security fixes, than I am about the
 latest key types. Apple's sshd for Sierra currently is 7.3p1 - libressl
 2.4.1, but on my El Capitan machine it is only 6.9p1 - libressl 2.1.8.

 For the same reason I don't run the OS openssh under FreeBSD either
 (currently OpenSSH_7.2p2, OpenSSL 1.0.2j-freebsd vs. OpenSSH_7.4p1,
 OpenSSL 1.0.2k from the openssh-portable package).

--
Ticket URL: <https://trac.macports.org/ticket/53108#comment:9>
MacPorts <https://www.macports.org/>
Ports system for macOS
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MacPorts] #53108: openssh 7.4p1 release

MacPorts
In reply to this post by MacPorts
#53108: openssh 7.4p1 release
-------------------------+----------------------
  Reporter:  danielluke  |      Owner:  Ionic
      Type:  update      |     Status:  accepted
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:
Resolution:              |   Keywords:  haspatch
      Port:  openssh     |
-------------------------+----------------------

Comment (by danielluke):

 7.5p1 is out now.

 Unfortunately, a simple version bump fails earlier now (launchd.patch for
 channels.c fails). I don't know when I'll have time to look at it, but
 I'll try and get the default build working if no one beats me to it).

--
Ticket URL: <https://trac.macports.org/ticket/53108#comment:11>
MacPorts <https://www.macports.org/>
Ports system for macOS
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MacPorts] #53108: openssh 7.5p1 release (was: openssh 7.4p1 release)

MacPorts
In reply to this post by MacPorts
#53108: openssh 7.5p1 release
-------------------------+----------------------
  Reporter:  danielluke  |      Owner:  Ionic
      Type:  update      |     Status:  accepted
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:
Resolution:              |   Keywords:  haspatch
      Port:  openssh     |
-------------------------+----------------------

--
Ticket URL: <https://trac.macports.org/ticket/53108#comment:12>
MacPorts <https://www.macports.org/>
Ports system for macOS
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MacPorts] #53108: openssh 7.5p1 release

MacPorts
In reply to this post by MacPorts
#53108: openssh 7.5p1 release
-------------------------+----------------------
  Reporter:  danielluke  |      Owner:  Ionic
      Type:  update      |     Status:  accepted
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:
Resolution:              |   Keywords:  haspatch
      Port:  openssh     |
-------------------------+----------------------
Description changed by danielluke:

Old description:

> As per usual, a simple version bump works for me (but I did not test the
> +hpn or +gsskex variants - which usually need some attention).

New description:

 (for 7.4p1):[[BR]]
 As per usual, a simple version bump works for me (but I did not test the
 +hpn or +gsskex variants - which usually need some attention).
 [[BR]]
 (for 7.5p1):[[BR]]
 Unfortunately, a simple version bump fails earlier now (launchd.patch for
 channels.c fails).

--

--
Ticket URL: <https://trac.macports.org/ticket/53108#comment:13>
MacPorts <https://www.macports.org/>
Ports system for macOS
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MacPorts] #53108: openssh 7.5p1 release

MacPorts
In reply to this post by MacPorts
#53108: openssh 7.5p1 release
-------------------------+----------------------
  Reporter:  danielluke  |      Owner:  Ionic
      Type:  update      |     Status:  accepted
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:
Resolution:              |   Keywords:
      Port:  openssh     |
-------------------------+----------------------
Changes (by danielluke):

 * keywords:  haspatch =>


--
Ticket URL: <https://trac.macports.org/ticket/53108#comment:14>
MacPorts <https://www.macports.org/>
Ports system for macOS
Loading...