security/openssh-portable: Update to 9.1p1

Changes: https://www.openssh.com/txt/release-9.1

4 files changed, 15 insertions, 57 deletions

diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 568f13d839a3..14cb3a8f970a 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	openssh
-DISTVERSION=	9.0p1
+DISTVERSION=	9.1p1
 PORTREVISION=	0
 PORTEPOCH=	1
 CATEGORIES=	security
@@ -101,7 +101,7 @@ PATCH_SITES+=	http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex
 
 # Must add this patch before HPN due to conflicts
 .if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi
-#BROKEN=	KERB_GSSAPI No patch for ${DISTVERSION} yet.
+BROKEN=	KERB_GSSAPI No patch for ${DISTVERSION} yet.
 .  if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
 # Needed glue for applying HPN patch without conflict
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-hpn-gss-glue
@@ -114,7 +114,8 @@ GSSAPI_DEBIAN_SUBDIR=	${DISTVERSION}-1
 PATCH_SITES+=	https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex
 # Bump this when updating the patch location
 GSSAPI_UPDATE_DATE=	20220203
-PATCHFILES+=	openssh-${DISTVERSION}-gsskex-all-20141021-debian-rh-${GSSAPI_UPDATE_DATE}.patch:-p1:gsskex
+#GSSAPI_DISTVERSION=	9.0p1
+PATCHFILES+=	openssh-${GSSAPI_DISTVERSION:U${DISTVERSION}}-gsskex-all-20141021-debian-rh-${GSSAPI_UPDATE_DATE}.patch:-p1:gsskex
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-gssapi-auth2-gss.c
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-gssapi-kexgssc.c
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-gssapi-kexgsss.c
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index 9f500393410c..1dffd1baac8a 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1654549050
-SHA256 (openssh-9.0p1.tar.gz) = 03974302161e9ecce32153cfa10012f1e65c8f3750f573a73ab1befd5972a28a
-SIZE (openssh-9.0p1.tar.gz) = 1822183
+TIMESTAMP = 1664898976
+SHA256 (openssh-9.1p1.tar.gz) = 19f85009c7e3e23787f0236fbb1578392ab4d4bf9f8ec5fe6bc1cd7e8bfdd288
+SIZE (openssh-9.1p1.tar.gz) = 1838747
 SHA256 (openssh-9.0p1-gsskex-all-20141021-debian-rh-20220203.patch) = d2f4c7bb1bc33540605a3bb0c9517d7b4ed2f5d77c24f7afcd64891be59f4ed2
 SIZE (openssh-9.0p1-gsskex-all-20141021-debian-rh-20220203.patch) = 127245
diff --git a/security/openssh-portable/files/extra-patch-hpn-compat b/security/openssh-portable/files/extra-patch-hpn-compat
index c47d0a1d3b5d..d78aa1821e49 100644
--- a/security/openssh-portable/files/extra-patch-hpn-compat
+++ b/security/openssh-portable/files/extra-patch-hpn-compat
@@ -16,12 +16,12 @@ r294563 was incomplete; re-add the client-side options as well.
 
 ------------------------------------------------------------------------
 
---- readconf.c.orig	2021-04-27 11:24:15.916596000 -0700
-+++ readconf.c	2021-04-27 11:25:24.222034000 -0700
-@@ -316,6 +316,12 @@ static struct {
- 	{ "proxyjump", oProxyJump },
+--- readconf.c.orig	2022-10-04 08:57:04.041419000 -0700
++++ readconf.c	2022-10-04 08:57:56.915474000 -0700
+@@ -321,6 +321,12 @@ static struct {
  	{ "securitykeyprovider", oSecurityKeyProvider },
  	{ "knownhostscommand", oKnownHostsCommand },
+ 	{ "requiredrsasize", oRequiredRSASize },
 +	{ "hpndisabled", oDeprecated },
 +	{ "hpnbuffersize", oDeprecated },
 +	{ "tcprcvbufpoll", oDeprecated },
@@ -31,12 +31,12 @@ r294563 was incomplete; re-add the client-side options as well.
  
  	{ NULL, oBadOption }
  };
---- servconf.c.orig	2020-02-13 16:40:54.000000000 -0800
-+++ servconf.c	2020-03-21 17:01:18.011062000 -0700
-@@ -695,6 +695,10 @@ static struct {
- 	{ "rdomain", sRDomain, SSHCFG_ALL },
+--- servconf.c.orig	2022-10-03 07:51:42.000000000 -0700
++++ servconf.c	2022-10-04 08:58:21.118208000 -0700
+@@ -681,6 +681,10 @@ static struct {
  	{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
  	{ "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
+ 	{ "requiredrsasize", sRequiredRSASize, SSHCFG_ALL },
 +	{ "noneenabled", sUnsupported, SSHCFG_ALL },
 +	{ "hpndisabled", sDeprecated, SSHCFG_ALL },
 +	{ "hpnbuffersize", sDeprecated, SSHCFG_ALL },
diff --git a/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata b/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata
deleted file mode 100644
index bf3889265b77..000000000000
--- a/security/openssh-portable/files/patch-FreeBSD-caph_cache_tzdata
+++ /dev/null
@@ -1,43 +0,0 @@
-commit fc3c19a9fceeea48a9259ac3833a125804342c0e
-Author: Ed Maste <emaste@FreeBSD.org>
-Date:   Sat Oct 6 21:32:55 2018 +0000
-
-    sshd: address capsicum issues
-    
-    * Add a wrapper to proxy login_getpwclass(3) as it is not allowed in
-      capability mode.
-    * Cache timezone data via caph_cache_tzdata() as we cannot access the
-      timezone file.
-    * Reverse resolve hostname before entering capability mode.
-    
-    PR:             231172
-    Submitted by:   naito.yuichiro@gmail.com
-    Reviewed by:    cem, des
-    Approved by:    re (rgrimes)
-    MFC after:      3 weeks
-    Differential Revision:  https://reviews.freebsd.org/D17128
-
-Notes:
-    svn path=/head/; revision=339216
-
-diff --git crypto/openssh/sandbox-capsicum.c crypto/openssh/sandbox-capsicum.c
-index 5f41d526292b..f728abd18250 100644
---- sandbox-capsicum.c
-+++ sandbox-capsicum.c
-@@ -31,6 +31,7 @@ __RCSID("$FreeBSD$");
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
-+#include <capsicum_helpers.h>
- 
- #include "log.h"
- #include "monitor.h"
-@@ -71,6 +72,8 @@ ssh_sandbox_child(struct ssh_sandbox *box)
- 	struct rlimit rl_zero;
- 	cap_rights_t rights;
- 
-+	caph_cache_tzdata();
-+
- 	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
- 
- 	if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)