ssh: Apply CVE-2023-38408 fix from OpenSSH 9.3p2

Approved by:	so
Security:	FreeBSD-SA-23:08.ssh
Security:	CVE-2023-38408

crypto/openssh/ssh-pkcs11.c

@@ -1536,10 +1536,8 @@ pkcs11_register_provider(char *provider_id, char *pin,
 		error("dlopen %s failed: %s", provider_id, dlerror());
 		goto fail;
 	}
-	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
-		error("dlsym(C_GetFunctionList) failed: %s", dlerror());
-		goto fail;
-	}
+	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
+		fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
 	p = xcalloc(1, sizeof(*p));
 	p->name = xstrdup(provider_id);
 	p->handle = handle;

crypto/openssh/sshd_config

@@ -105,7 +105,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #PermitTunnel no
 #ChrootDirectory none
 #UseBlacklist no
-#VersionAddendum FreeBSD-20211221
+#VersionAddendum FreeBSD-20230719
 
 # no default banner path
 #Banner none

crypto/openssh/sshd_config.5

@@ -1805,7 +1805,7 @@ The default is
 Optionally specifies additional text to append to the SSH protocol banner
 sent by the server upon connection.
 The default is
-.Qq FreeBSD-20211221 .
+.Qq FreeBSD-20230719 .
 The value
 .Cm none
 may be used to disable this.

crypto/openssh/version.h

@@ -6,7 +6,7 @@
 #define SSH_PORTABLE	"p1"
 #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
 
-#define SSH_VERSION_FREEBSD	"FreeBSD-20211221"
+#define SSH_VERSION_FREEBSD	"FreeBSD-20230719"
 
 #ifdef WITH_OPENSSL
 #define OPENSSL_VERSION_STRING	OpenSSL_version(OPENSSL_VERSION)