| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Notes:
svn path=/head/; revision=395182
|
| |
|
|
|
|
|
|
|
| |
- Update X509 patch to 8.5
Changes: http://www.openssh.com/txt/release-7.0
Notes:
svn path=/head/; revision=394608
|
| |
|
|
|
|
|
| |
Security: 5b74a5bc-348f-11e5-ba05-c80aa9043978
Notes:
svn path=/head/; revision=393004
|
| |
|
|
|
|
|
|
|
| |
This was due to the patch not being needed in the snapshot version
which I based the 6.9 update off of. The default is changed in
the upcoming 7.0 release
Notes:
svn path=/head/; revision=393002
|
| |
|
|
|
|
|
|
|
| |
- Update X509 patch to 8.4
Changes: http://www.openssh.com/txt/release-6.9
Notes:
svn path=/head/; revision=392998
|
| |
|
|
|
|
|
|
| |
With hat: portmgr
Sponsored by: Absolight
Notes:
svn path=/head/; revision=387082
|
| |
|
|
|
|
|
|
|
|
|
|
| |
upstream; it was fixed upstream comprehensively a few weeks ago in
77199d6ec8986d470487e66f8ea8f4cf43d2e20c.
PR: 200241
Patch by: Hanno Böck <hanno@hboeck.de>
Obtained from: http://www.openwall.com/lists/oss-security/2015/05/16/3
Notes:
svn path=/head/; revision=386554
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when the NONECIPHER option is selected but not the HPN option. The server
banner was improperly sending a NULL byte after the newline causing confusion
on the client. This was an error in my own modifications to the HPN patch
in r383231.
This may have occurred with stale builds as well, such as running
'make configure' then 'portsnap update' and then 'make build'.
Pointyhat to: bdrewery
Reported by: many
PR: 199352
Notes:
svn path=/head/; revision=385541
|
| |
|
|
|
|
|
| |
Obtained from upstream d8f391caef623
Notes:
svn path=/head/; revision=384006
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. There's no need to patch the xauth(1) location as the OpenSSH build already
does so based on the --with-xauth path provided. It also updates manpages.
2. Don't modify manpage for shosts location as it was wrong. The proper
LOCALBASE path is now used due to OpenSSH's build already handling it
properly.
3. Remove confusing UsePrivilegeSeparation change in sshd_config. The default
upstream is to have it disabled by default. The sshd_config line is in
upstream to enable it by default in new installations. We always enable
it though. So remove the sshd_config change which makes it look like
we don't use it; it was not a needed difference with upstream.
From discussion with: TJ <tj@mrsk.me>
Notes:
svn path=/head/; revision=383678
|
| |
|
|
|
|
|
| |
Submitted by: IWAMOTO Kouichi <sue@iwmt.org>
Notes:
svn path=/head/; revision=383675
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Unexpected SSH2 message(80) on current stage(6)
This patch was submitted upstream. The client has fixed it in their SVN [1][2]
but not yet released a fixed build.
[1] http://en.sourceforge.jp/ticket/browse.php?group_id=1412&tid=35010
[2] http://en.sourceforge.jp/projects/ttssh2/scm/svn/commits/5829
Notes:
svn path=/head/; revision=383618
|
| |
|
|
|
|
|
|
|
| |
error: mm_request_receive: socket closed
Obtained from: Upstream c7fe79ed7db427f1474e72b9f8b465901d61d3f6
Notes:
svn path=/head/; revision=383616
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fix 'make test'
- HPN:
- NONECIPHER is no longer default. This is not default in base and should not
be default here as it introduces security holes.
- HPN: I've audited the patch and included it in the port directory for
transparency. I identified several bugs and submitted them to the new
upstream: https://github.com/rapier1/openssh-portable/pull/2
- HPN: The entire patch is now ifdef'd to ensure various bits are properly
removed depending on the OPTIONS selected.
- AES_THREADED is removed. It has questionable benefit on modern HW and is not
stable.
- The "enhanced logging" was removed from the patch as it is too
intrusive and difficult to maintain in the port.
- The progress meter "peak throughput" patch was removed.
- Fixed HPN version showing in client/server version string when HPN
was disabled in the config.
- KERB_GSSAPI is currently BROKEN as it does not apply.
- Update X509 to 8.3
Changelog: http://www.openssh.com/txt/release-6.8
Notes:
svn path=/head/; revision=383231
|
| |
|
|
|
|
|
|
|
|
| |
Once I ran into the X509 issue previously I failed to retest that the patch
worked.
PR: 193127
Notes:
svn path=/head/; revision=382566
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The port now uses VersionAddendum in the sshd_config to allow overriding
this value. Using "none" allows disabling the default of the port
version string. The default is kept to show the port version string to
remain close to the base version.
Support for the client VersionAddendum may be added soon as well to better
match base and not give surprises when switching from base to the port.
PR: 193127
Requested by: many, including myself when this was broken years ago.
Notes:
svn path=/head/; revision=381981
|
| |
|
|
| |
Notes:
svn path=/head/; revision=381823
|
| |
|
|
|
|
|
|
| |
- Add back HPN and NONECIPHER for the default options and bump PORTREVISION
due to this.
Notes:
svn path=/head/; revision=374833
|
| |
|
|
|
|
|
|
|
|
| |
Several patches do not currently apply. Use security/openssh-portable66 for:
HPN, NONECIPHER, KERB_GSSAPI, X509.
- Add a TCP_WRAPPER patch to re-enable support after it was removed upstream.
Notes:
svn path=/head/; revision=372676
|
| |
|
|
|
|
|
| |
Reported by: rustamabd@gmail.com
Notes:
svn path=/head/; revision=369931
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Switch to using @sample keyword, fixing orphans.
Upstream note on "6.6.1" [1]:
OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519
key exchange incorrectly, causing connection failures about 0.2% of
the time when this method is used against a peer that implements
the method properly.
Fix the problem and disable the curve25519 KEX when speaking to
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
to enable the compatability code.
[1] https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032494.html
Notes:
svn path=/head/; revision=351982
|
| |
|
|
|
|
|
|
|
|
| |
- Capsicum patch no longer needed
- Update X509 patch to 7.9
Changelog: http://www.openssh.org/txt/release-6.6
Notes:
svn path=/head/; revision=348420
|
| |
|
|
|
|
|
|
| |
Pointyhat to: bdrewery
Reported by: Kenta S. <kentas@hush.com>
Notes:
svn path=/head/; revision=342628
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog: http://www.openssh.org/txt/release-6.5
- Update X509 patch to 7.8
- Update LIB_DEPENDS to new format
- Revert r328706 and re-enable privilege separation sandboxing by default
as the issue causing crashes has been fixed upstream
- capsicum(4) is now enabled upstream. A local patch is added to fix an issue
with it [1]
- KERB_GSSAPI is marked BROKEN. It does not build.
This patch lacks an upstream and I have no way to test it. It needs
a non-trivial amount of refactoring for 6.5 as the key handling API
has changed quite a bit.
Submitted by: pjd@ [1]
Notes:
svn path=/head/; revision=342618
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: http://www.openssh.org/txt/release-6.3
- Use options helpers where possible
- Use upstream patch mirror for x509 and HPN
- Update HPN patch to v14 and use upstream version
- Add option NONECIPHER to allow disabling NONE in HPN patch
- Update x509 patch from 7.4.1 to 7.6
- Add support for LDNS and enable by it and VerifyHostKeyDNS/SSHFP by default.
See http://lists.freebsd.org/pipermail/freebsd-security/2013-September/007180.html
which describes this change, but is supported on releases before 10 as well
with LDNS option.
- Update SCTP to patchlevel 2329
- Update recommendation on secure usage of SSH
- Add pkg-message warning about ECDSA key possibly being incorrect due to
previously being written as DSA by the rc script and fixed in r299902 in
2012
Notes:
svn path=/head/; revision=330200
|
| |
|
|
| |
Notes:
svn path=/head/; revision=329185
|
| |
|
|
|
|
|
|
|
|
|
| |
privilege separation as it causes crashes when using AES crypto devices.
This now uses 'yes' for UsePrivilegeSeparation instead of 'sandbox' by
default
Reminded by: Garrett Wollman
Notes:
svn path=/head/; revision=328706
|
| |
|
|
|
|
|
|
|
| |
if needed, as well as checking for port collision with base sshd.
Reported by: delphij
Notes:
svn path=/head/; revision=321578
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was due to not including the canohost.h header for our
base customization to respect class login restrictions. I had
missed this as I was only tested with the default (HPN enabled)
which already was including this header.
Reported by: runelind in ##freenode
Tested by: runelind, myself
Reported by: Krzysztof Stryjek
Notes:
svn path=/head/; revision=318808
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- The LPK patch has been updated but is obsolete, deprecated and
untested. It has been replaced by AuthorizedKeysCommand
- The upstream HPN's last update was for 6.1 and is mostly
abandoned. The patch has had bugs since 5.9. I have reworked
it and split into into HPN and AES_THREADED options. The
debugging/logging part of the patch is incomplete. I may
change the patch to more closely match our base version
eventually.
- The KERB_GSSAPI option has been removed as the patch has not
been updated by upstream since 5.7
- sshd VersionAddendum is currently not working as intended;
it will be fixed later to allow removing the port/pkg version.
- Update our patchset to match latest base version
- Bring in ssh-agent -x support from base
- I incrementally updated the port from 5.8 up to 6.2p2 along
with patches. You can find all of the versions at
https://github.com/bdrewery/openssh
Changes:
http://www.openssh.com/txt/release-5.9
http://www.openssh.org/txt/release-6.0
http://www.openssh.org/txt/release-6.1
http://www.openssh.org/txt/release-6.2
http://www.openssh.org/txt/release-6.2p2
Notes:
svn path=/head/; revision=318400
|
| |
|
|
|
|
|
| |
high-pressure swapping environments
Notes:
svn path=/head/; revision=318392
|
| |
|
|
|
|
|
| |
base r213250
Notes:
svn path=/head/; revision=318390
|
| |
|
|
|
|
|
| |
to achieve the same thing.
Notes:
svn path=/head/; revision=318386
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* /var/empty has been in hier(7) since 4.x
* User sshd has been in base since 4.x
* Simplify a patch for realhostname_sa(3) usage
- Remove SUID_SSH - It was removed from ssh in 2002
- Fix 'make test'
- Add some hints into the patches on where they came from
- Mirror all patches
- Move LPK patch out of files/
- Remove the need for 2 patches
* Removal of 'host-key check-config' in install phase
* Adding -lutil
- Add SCTP support [1]
- Remove FILECONTROL as it has not been supported since the 5.8
update
- Replace tab with space pkg-descr
- Remove default WRKSRC
- Add 'configtest' command to rc script
- Mark X509 broken with other patches due to PATCH_DIST_STRIP=-p1
PR: ports/174570 [1]
Submitted by: oleg <proler@gmail.com> [1]
Obtained from: https://bugzilla.mindrot.org/show_bug.cgi?id=2016 (upstream) [1]
Feature safe: yes
Notes:
svn path=/head/; revision=315920
|
| |
|
|
|
|
|
| |
Approved by: portmgr (bapt)
Notes:
svn path=/head/; revision=311381
|
| |
|
|
|
|
|
|
| |
Simplify some code
Fix an error message
Notes:
svn path=/head/; revision=299909
|
| |
|
|
|
|
|
|
|
| |
- Bump PORTREVISION for package change
Submitted by: J. Hellenthal <jhellenthal@dataix.net>
Notes:
svn path=/head/; revision=299902
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().
In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.
Notes:
svn path=/head/; revision=289156
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- fix Kerberos knob [2]
- fix build on 9.0 [3]
- fix deinstall with various knobs [4]
- fix LPK knob [5]
PR: ports/161818 [1], ports/144597 [2], ports/160389 [3]
ports/150493, ports/156926 [4], ports/155456 [5]
Submitted by: "Grzegorz Blach" <magik@roorback.net> [1], [2], [4], [5]
pluknet [3]
Reported by: Jonathan <lordsith49@hotmail.com> [2]
Kevin Thompson <antiduh@csh.rit.edu> [4]
Alexey Remizov <alexey@remizov.org> [5]
Notes:
svn path=/head/; revision=284070
|
| |
|
|
|
|
|
|
|
|
|
| |
- Bump portrevision.
PR: ports/142824
Submitted by: Scot Hetzel <swhetzel@gmail.com>
Approved by: gabor (mentor)
Notes:
svn path=/head/; revision=277657
|
| |
|
|
| |
Notes:
svn path=/head/; revision=266965
|
| |
|
|
|
|
|
|
|
|
| |
See http://sftpfilecontrol.sourceforge.net/ for details.
PR: ports/146338
Submitted by: Steve Wills <steve@mouf.net>
Notes:
svn path=/head/; revision=260249
|
| |
|
|
|
|
|
| |
s#. %%RC_SUBR%%#. /etc/rc.subr#
Notes:
svn path=/head/; revision=251553
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Add option for OpenBSD support
- Fix crash in sftp listing
PR: ports/138409 (cumulative patch)
Submitted by: Denis Barov <dindin@dindin.ru> (maintainer)
Feature safe: yes
Notes:
svn path=/head/; revision=241653
|
| |
|
|
|
|
|
|
|
|
| |
- still broken on -CURRENT
PR: ports/135407
Submitted by: Denis Barov <dindin@dindin.ru> (maintainer)
Notes:
svn path=/head/; revision=236442
|
| |
|
|
|
|
|
| |
Approved by: pav
Notes:
svn path=/head/; revision=234048
|
| |
|
|
|
|
|
|
|
|
| |
- Assign maintainership to the submitter
PR: ports/134160
Submitted by: Denis Barov <dindin@dindin.ru>
Notes:
svn path=/head/; revision=233924
|
| |
|
|
|
|
|
|
|
| |
PR: ports/129092
Submitted by: Jui-Nan Lin <jnlin@csie.nctu.edu.tw>
Approved by: maintainer timeout (mnag; 4 months)
Notes:
svn path=/head/; revision=230883
|
| |
|
|
|
|
|
|
|
| |
PR: ports/128679
Submitted by: Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net>
Approved by: maintainer timeout (mnag; 4 months)
Notes:
svn path=/head/; revision=230882
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Port LPK patch to 5.0p1 and add to files dir
- Remove USE_PERL_BUILD since doesn't need [1]
- Update KERB_GSSAPI to 5.0p1
- Update HPN patch to 5.0p1 13v3
- Respect LOCALBASE on configure_args of LPK [2]
- Change MASTER_SITE of snapshot
- portlint(1)
PR: 121826 [2]
Submitted by: Andrew Kolchoogin <andrew___rinet.ru> [2]
Reported by: Björn König <bkoenig___alpha-tierchen.d [1]
Notes:
svn path=/head/; revision=211576
|
