diff options
| author | Bryan Drewery <bdrewery@FreeBSD.org> | 2013-09-29 15:07:15 +0000 |
|---|---|---|
| committer | Bryan Drewery <bdrewery@FreeBSD.org> | 2013-09-29 15:07:15 +0000 |
| commit | 6dff6e39eb6f09542f5faf240b9110f9311acd68 (patch) | |
| tree | eba1ad72aa6383a8788811cb295b49483b15c22b /security | |
| parent | 6d08a5276dcff1dd2c3068873a43146aad5f769e (diff) | |
| download | ports-6dff6e39eb6f09542f5faf240b9110f9311acd68.tar.gz ports-6dff6e39eb6f09542f5faf240b9110f9311acd68.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/openssh-portable/Makefile | 2 | ||||
| -rw-r--r-- | security/openssh-portable/files/patch-servconf.c | 9 | ||||
| -rw-r--r-- | security/openssh-portable/files/patch-sshd_config | 2 | ||||
| -rw-r--r-- | security/openssh-portable/files/patch-sshd_config.5 | 9 |
4 files changed, 2 insertions, 20 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 10f2e8113347..3751a030e711 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 6.2p2 -PORTREVISION= 3 +PORTREVISION= 4 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= ${MASTER_SITE_OPENBSD} diff --git a/security/openssh-portable/files/patch-servconf.c b/security/openssh-portable/files/patch-servconf.c index 67e45e98a1fe..55363fb67186 100644 --- a/security/openssh-portable/files/patch-servconf.c +++ b/security/openssh-portable/files/patch-servconf.c @@ -39,12 +39,3 @@ if (options->kbd_interactive_authentication == -1) options->kbd_interactive_authentication = 0; if (options->challenge_response_authentication == -1) -@@ -335,7 +339,7 @@ - options->version_addendum = xstrdup(""); - /* Turn privilege separation on by default */ - if (use_privsep == -1) -- use_privsep = PRIVSEP_NOSANDBOX; -+ use_privsep = PRIVSEP_ON; - - #ifndef HAVE_MMAP - if (use_privsep && options->compression == 1) { diff --git a/security/openssh-portable/files/patch-sshd_config b/security/openssh-portable/files/patch-sshd_config index 4727afd69d26..b6a6013d2390 100644 --- a/security/openssh-portable/files/patch-sshd_config +++ b/security/openssh-portable/files/patch-sshd_config @@ -72,7 +72,7 @@ #TCPKeepAlive yes #UseLogin no -UsePrivilegeSeparation sandbox # Default for new installations. -+#UsePrivilegeSeparation sandbox ++#UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 diff --git a/security/openssh-portable/files/patch-sshd_config.5 b/security/openssh-portable/files/patch-sshd_config.5 index 3e62cb1be0bf..096631d0df3d 100644 --- a/security/openssh-portable/files/patch-sshd_config.5 +++ b/security/openssh-portable/files/patch-sshd_config.5 @@ -79,15 +79,6 @@ .It Cm UsePrivilegeSeparation Specifies whether .Xr sshd 8 -@@ -1157,7 +1183,7 @@ - The goal of privilege separation is to prevent privilege - escalation by containing any corruption within the unprivileged processes. - The default is --.Dq yes . -+.Dq sandbox . - If - .Cm UsePrivilegeSeparation - is set to @@ -1182,7 +1208,7 @@ or .Dq no . |