[PR PATCH] openssh: update to 9.8p1.

[PR PATCH] openssh: update to 9.8p1.

[classabbyamp]

[-- Attachment #1: Type: text/plain, Size: 649 bytes --]

There is a new pull request by classabbyamp against master on the void-packages repository

https://github.com/classabbyamp/void-packages openssh
https://github.com/void-linux/void-packages/pull/51059

openssh: update to 9.8p1.
fixes CVE-2024-6387

> OpenSSH plans to remove support for the DSA signature algorithm in early 2025. This release disables DSA by default at compile time.

do we reënable it?

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**



A patch file from https://github.com/void-linux/void-packages/pull/51059.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-openssh-51059.patch --]
[-- Type: text/x-diff, Size: 1296 bytes --]

From 748793e7422357861069ef60010ecffaba3b541d Mon Sep 17 00:00:00 2001
From: classabbyamp <void@placeviolette.net>
Date: Mon, 1 Jul 2024 05:57:21 -0400
Subject: [PATCH] openssh: update to 9.8p1.

fixes CVE-2024-6387
---
 srcpkgs/openssh/template | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template
index 0a7dcaa5ba079a..5bd67e87037497 100644
--- a/srcpkgs/openssh/template
+++ b/srcpkgs/openssh/template
@@ -1,6 +1,6 @@
 # Template file for 'openssh'
 pkgname=openssh
-version=9.7p1
+version=9.8p1
 revision=1
 build_style=gnu-configure
 configure_args="--datadir=/usr/share/openssh
@@ -24,8 +24,9 @@ short_desc="OpenSSH free Secure Shell (SSH) client and server implementation"
 maintainer="Leah Neukirchen <leah@vuxu.org>"
 license="BSD-2-Clause, ISC"
 homepage="https://www.openssh.com"
+changelog="https://www.openssh.com/releasenotes.html"
 distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz"
-checksum=490426f766d82a2763fcacd8d83ea3d70798750c7bd2aff2e57dc5660f773ffd
+checksum=dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3
 conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd"
 make_dirs="
  /var/chroot/ssh 0755 root root

Re: [PR PATCH] [Updated] openssh: update to 9.8p1.

[classabbyamp]

[-- Attachment #1: Type: text/plain, Size: 654 bytes --]

There is an updated pull request by classabbyamp against master on the void-packages repository

https://github.com/classabbyamp/void-packages openssh
https://github.com/void-linux/void-packages/pull/51059

openssh: update to 9.8p1.
fixes CVE-2024-6387

> OpenSSH plans to remove support for the DSA signature algorithm in early 2025. This release disables DSA by default at compile time.

do we reënable it?

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**



A patch file from https://github.com/void-linux/void-packages/pull/51059.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-openssh-51059.patch --]
[-- Type: text/x-diff, Size: 2052 bytes --]

From ea16ad5744fe84768e64816f32b4dcd47e139d15 Mon Sep 17 00:00:00 2001
From: classabbyamp <void@placeviolette.net>
Date: Mon, 1 Jul 2024 05:57:21 -0400
Subject: [PATCH] openssh: update to 9.8p1.

fixes CVE-2024-6387
---
 srcpkgs/openssh/patches/musl-connect.patch | 11 +++++++++++
 srcpkgs/openssh/template                   |  5 +++--
 2 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100644 srcpkgs/openssh/patches/musl-connect.patch

diff --git a/srcpkgs/openssh/patches/musl-connect.patch b/srcpkgs/openssh/patches/musl-connect.patch
new file mode 100644
index 00000000000000..cde7bc8cb1f45b
--- /dev/null
+++ b/srcpkgs/openssh/patches/musl-connect.patch
@@ -0,0 +1,11 @@
+--- a/openbsd-compat/port-linux.c
++++ b/openbsd-compat/port-linux.c
+@@ -366,7 +366,7 @@
+ 		error_f("socket \"%s\": %s", path, strerror(errno));
+ 		goto out;
+ 	}
+-	if (connect(fd, &addr, sizeof(addr)) != 0) {
++	if (connect(fd, (const struct sockaddr *)&addr, sizeof(addr)) != 0) {
+ 		error_f("socket \"%s\" connect: %s", path, strerror(errno));
+ 		goto out;
+ 	}
diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template
index 0a7dcaa5ba079a..5bd67e87037497 100644
--- a/srcpkgs/openssh/template
+++ b/srcpkgs/openssh/template
@@ -1,6 +1,6 @@
 # Template file for 'openssh'
 pkgname=openssh
-version=9.7p1
+version=9.8p1
 revision=1
 build_style=gnu-configure
 configure_args="--datadir=/usr/share/openssh
@@ -24,8 +24,9 @@ short_desc="OpenSSH free Secure Shell (SSH) client and server implementation"
 maintainer="Leah Neukirchen <leah@vuxu.org>"
 license="BSD-2-Clause, ISC"
 homepage="https://www.openssh.com"
+changelog="https://www.openssh.com/releasenotes.html"
 distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz"
-checksum=490426f766d82a2763fcacd8d83ea3d70798750c7bd2aff2e57dc5660f773ffd
+checksum=dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3
 conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd"
 make_dirs="
  /var/chroot/ssh 0755 root root

Re: [PR PATCH] [Merged]: openssh: update to 9.8p1.

[classabbyamp]

[-- Attachment #1: Type: text/plain, Size: 488 bytes --]

There's a merged pull request on the void-packages repository

openssh: update to 9.8p1.
https://github.com/void-linux/void-packages/pull/51059

Description:
fixes CVE-2024-6387

> OpenSSH plans to remove support for the DSA signature algorithm in early 2025. This release disables DSA by default at compile time.

do we reënable it?

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**