openssh: Update to 9.9p2
This release exists primarily to fix two security bugs. The fixes have
been independently imported into FreeBSD. This import serves to update
the ssh and sshd version number.
A few minor bug fixes are also included; see the upstream release notes
for full details of the 9.9p2 release
(https://www.openssh.com/releasenotes.html).
Sponsored by: The FreeBSD Foundation
ssh: Remove unused prerendered man page
We use the source mdoc man pages (i.e., ssh-sk-helper.8) not the
rendered ones included in the OpenSSH releases.
Fixes: 0fdf8fae8b56 ("openssh: Update to 9.8p1")
Sponsored by: The FreeBSD Foundation
pkg-stage.sh: kde5 -> kde
The "kde5" package no longer exists; KDE goes to 6.
Note: Depending on the size of 13.5-BETA3 DVD images, KDE might end
up being removed from this list in the near future.
With hat: re@
MFC after: 30 seconds
Sponsored by: Amazon
(cherry picked from commit 0d7b98c06c5ec9638020844ee460af075cfc6e54)
pkg-stage.sh: kde5 -> kde
The "kde5" package no longer exists; KDE goes to 6.
Note: Depending on the size of 13.5-BETA3 DVD images, KDE might end
up being removed from this list in the near future.
With hat: re@
MFC after: 30 seconds
Sponsored by: Amazon
openssh: Update to 9.9p1
Highlights from the release notes are reproduced below. Bug fixes and
improvements that were previously merged into FreeBSD have been elided.
See the upstream release notes for full details of the 9.9p1 release
(https://www.openssh.com/releasenotes.html).
---
Future deprecation notice
=========================
OpenSSH plans to remove support for the DSA signature algorithm in
early 2025.
Potentially-incompatible changes
--------------------------------
[55 lines not shown]
Revert "libsys: Don't create or expose __realpathat"
This change broke RTLD. Revert while I test a fix.
This reverts commit fdccf0336197afe59be6f8859177fe2ff8f87fa6.
ssh: Remove unintended XAUTH_PATH setting
This crept in while rebasing the OpenSSH 9.8p1 update across
a63701848fe5 ("ssh: Move XAUTH_PATH setting to ssh.mk").
Fixes: 0fdf8fae8b56 ("openssh: Update to 9.8p1")
Sponsored by: The FreeBSD Foundation
openssh: Update to 9.8p1
Highlights from the release notes are reproduced below. Some security
and bug fixes were previously merged into FreeBSD and have been elided.
See the upstream release notes for full details
(https://www.openssh.com/releasenotes.html).
---
Future deprecation notice
=========================
OpenSSH plans to remove support for the DSA signature algorithm in
early 2025.
Potentially-incompatible changes
--------------------------------
* sshd(8): the server will now block client addresses that
[56 lines not shown]
libsys: Don't create or expose __realpathat
Previously, __realpathat was in libc and libsys (as is currently
standard), but not exported from libc which meant the stub in libc was
not filtered and thus libc's copy of the syscall was used. This broke
an upcoming change to CheriBSD limiting syscalls to libsys.
The realpath(3) implementation now uses __sys___realpathat so there are no
consumers of __realpathat. Switch it to PSEUDO (only _foo and __sys_foo
symbols) and remove __realpathat from Symbol.map.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D49049
