| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
- Fix patch URL for KERB_GSSAPI
- Add FLAVORs for x509 and gssapi since they are distinct types of
OpenSSH rather than feature flags.
Approved by: portmgr (implicit)
Notes:
svn path=/head/; revision=484842
|
|
|
|
| |
Notes:
svn path=/head/; revision=484824
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- DOCS is required for HPN but it's not exclusively a flavor so needs to be
in the default list.
- Fix a build-time OpenSSL version comparison [1]
PR: 233157 [1]
Reported by: Robert Schulze <rs@bytecamp.net> [1]
Obtained from: upstream c0a35265907533be10ca151ac797f34ae0d68969 [1]
Notes:
svn path=/head/; revision=484823
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Fixes build on 12, head, and openssl-devel.
- GSSAPI and HPN are currently marked BROKEN as I don't want to block
the main update for anyone.
http://www.openssh.com/txt/release-7.8
http://www.openssh.com/txt/release-7.9
MFH: 2018Q4 (due to being broken on 12+head)
Notes:
svn path=/head/; revision=484765
|
|
|
|
| |
Notes:
svn path=/head/; revision=484599
|
|
|
|
|
|
|
|
|
|
|
| |
Also various fixes related to said option.
PR: 230864
Submitted by: mat
exp-runs by: antoine
Notes:
svn path=/head/; revision=479406
|
|
|
|
|
|
|
| |
Reported by: mat
Notes:
svn path=/head/; revision=473555
|
|
|
|
|
|
|
|
|
|
|
| |
default.
- Add an 'hpn' FLAVOR to produce a package for users with HPN and
NONECIPHER enabled.
Approved by: portmgr (implicit)
Notes:
svn path=/head/; revision=473485
|
|
|
|
| |
Notes:
svn path=/head/; revision=473412
|
|
|
|
|
|
|
| |
PR: 229147
Notes:
svn path=/head/; revision=472798
|
|
|
|
|
|
|
|
| |
PR: 229147
Submitted by: Robert Schulze <rs@bytecamp.net>
Notes:
svn path=/head/; revision=472797
|
|
|
|
| |
Notes:
svn path=/head/; revision=472796
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Bring in upstream patches post 7.7 to fix various issues [2]:
b81b2d120e9c8a83489e241620843687758925ad - Fix tunnel forwarding broken in 7.7p1
341727df910e12e26ef161508ed76d91c40a61eb - don't kill ssh-agent's listening socket entriely if we fail to accept a connection
85fe48fd49f2e81fa30902841b362cfbb7f1933b - don't free the %C expansion, it's used later for LocalCommand
868afa68469de50d8a43e5daf867d7c624a34d20 - Disable SSH2_MSG_DEBUG messages for Twisted Conch clients
f5baa36ba79a6e8c534fb4e0a00f2614ccc42ea6 - Omit 3des-cbc if OpenSSL built without DES
PR: 227758 [1]
Submitted by: IWAMOTO Kouichi <sue@iwmt.org> [1]
PR: 227551 [2]
Reported by: rozhuk.im@gmail.com [2]
Obtained from: upstream mirror https://github.com/openssh/openssh-portable [2]
Notes:
svn path=/head/; revision=468998
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://sources.debian.org/data/main/o/openssh/1:7.7p1-2/debian/patches/gssapi.patch
is mirrored due to not being filename-unique and not gzipped.
PR: 226789
Submitted by: Rick Miller <vmiller@verisign.com> (based on)
Tested by: Rick Miller <vmiller@verisign.com>
Reported by: david@dcrosstech.com
Notes:
svn path=/head/; revision=468286
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the command line added by patch-ssh.c misapplies to 7.7p1 and
moves from main() to to ssh_session2(). This breaks ssh SSHFP
support for non-canonical hostnames. For example, "ssh zinc"
correctly discovers the FQDN (zinc.ee.lbl.gov) and uses it to
look up A and AAAA records but the non-canonical version (zinc)
is used in the SSHFP record lookup which or course fails.
Regenerate the patch.
Reviewed by: bdrewery, ler (mentor)
Approved by: bdrewery, ler (mentor)
Differential Revision: https://reviews.freebsd.org/D15053
Notes:
svn path=/head/; revision=467200
|
|
|
|
| |
Notes:
svn path=/head/; revision=466595
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update x509 patch to 11.3
- Remove SCTP option as it has not had a patch available since 7.2.
Changes: https://www.openssh.com/txt/release-7.7
Notable changes:
* ssh(1)/sshd(8): Drop compatibility support for some very old SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These
versions were all released in or before 2001 and predate the final
SSH RFCs. The support in question isn't necessary for RFC-compliant
SSH implementations.
Notes:
svn path=/head/; revision=466577
|
|
|
|
| |
Notes:
svn path=/head/; revision=466385
|
|
|
|
|
|
|
| |
Sponsored by: Absolight
Notes:
svn path=/head/; revision=465899
|
|
|
|
| |
Notes:
svn path=/head/; revision=464727
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This happens due to ldns-config --libs adding in too many libraries
(overlinking), and -lcrypto again, which causes some strange
conflict/corruption. By specifying the path to --with-ldns, configure only
adds in -ldns rather than every library ldns itself needs.
PR: 223000
Reported by: many
Notes:
svn path=/head/; revision=452358
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An unconditional dependency on groff was added in ports r441907 [1] as part
of bug 213725 (groff removal from base). OpenSSH release-5.7 notes the
following:
* Use mandoc as preferred manpage formatter if it is present, followed
by nroff and groff respectively.
This change removes groff as an unconditional dependency allowing mandoc
to be used, and reduces many subsequence dependencies accordingly.
It additionally explicitly sets 'mantype', which ensures that man pages
are installed in the same location (LOCALBASE/man) independently from the
generator used. Without this, a packaging (pkg-plist) error is observed
(installing man pages into LOCALBASE/doc not LOCALBASE/man), which was
presumably the genesis of the groff dependency addition in the first place.
[1] http://svnweb.freebsd.org/changeset/ports/441907
Reviewed by: bdrewery (maintainer), allanjude
Approved by: bdrewery (maintainer)
Differential Revision: D11793
Notes:
svn path=/head/; revision=452177
|
|
|
|
|
|
|
| |
PR: 223000
Notes:
svn path=/head/; revision=452074
|
|
|
|
| |
Notes:
svn path=/head/; revision=452035
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update x509 patch to 11.0
- HPN/NONECIPHER do not apply currently and are disabled by default,
same as the base sshd. A compatibility patch is applied if
these options are disabled to prevent startup failures; the options
are kept as deprecated.
- SCTP patch does not apply.
Changes: https://www.openssh.com/txt/release-7.6
Notable changes:
- SSH version 1 support dropped.
- Dropped support for hmac-ripemd160 MAC.
- Dropped support for the ciphers arcfour, blowfish and CAST.
- RSA keys less than 1024 bits are refused.
Notes:
svn path=/head/; revision=451927
|
|
|
|
|
|
|
|
|
|
|
| |
This is the same fix made upstream as well.
PR: 218472
Submitted by: leres@ee.lbl.gov
MFH: 2017Q2
Notes:
svn path=/head/; revision=442999
|
|
|
|
|
|
|
| |
PR: 213725
Notes:
svn path=/head/; revision=441907
|
|
|
|
|
|
|
| |
Sponsored by: Absolight
Notes:
svn path=/head/; revision=439541
|
|
|
|
|
|
|
|
|
|
| |
- Update X509 to 10.1.
- Disable KERB_GSSAPI for now as it does not build.
Changes: https://www.openssh.com/txt/release-7.5
Notes:
svn path=/head/; revision=437391
|
|
|
|
|
|
|
|
|
|
| |
- Change @exec to @postexec in pkg-plist
Submitted by: brnrd
PR: 217962
Notes:
svn path=/head/; revision=436555
|
|
|
|
|
|
|
| |
Sponsored by: Absolight
Notes:
svn path=/head/; revision=436247
|
|
|
|
|
|
|
| |
PR: 217495
Notes:
svn path=/head/; revision=435306
|
|
|
|
| |
Notes:
svn path=/head/; revision=431773
|
|
|
|
|
|
|
|
|
|
| |
- Update X509 patch to 9.3
- SCTP patch from soralx@cydem.org
Changes: https://www.openssh.com/txt/release-7.4
Notes:
svn path=/head/; revision=431698
|
|
|
|
| |
Notes:
svn path=/head/; revision=431448
|
|
|
|
|
|
|
|
|
| |
Security: 2c948527-d823-11e6-9171-14dae9d210b8
Submitted by: Tim Zingelman <zingelman@gmail.com>
MFH: 2017Q1
Notes:
svn path=/head/; revision=431445
|
|
|
|
|
|
|
|
|
|
| |
This has 2 minor changes from the upstream bug 1604
PR: 215632
Submitted by: soralx@cydem.org
Notes:
svn path=/head/; revision=431441
|
|
|
|
|
|
|
|
|
| |
Security: 2c948527-d823-11e6-9171-14dae9d210b8
Submitted by: Tim Zingelman <zingelman@gmail.com>
MFH: 2017Q1
Notes:
svn path=/head/; revision=431438
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unregister the KEXINIT handler after message has been
received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
allocation of up to 128MB -- until the connection is closed. Reported by
shilei-c at 360.cn
Security: CVE-2016-8858
Notes:
svn path=/head/; revision=424592
|
|
|
|
|
|
|
|
|
|
|
| |
- X509: Unbreak and update to 9.0
- SCTP: Mark BROKEN
- KERB_GSSAPI: Unbreak and update from Debian's patch
Release notes: http://www.openssh.com/txt/release-7.3
Notes:
svn path=/head/; revision=419892
|
|
|
|
|
|
|
| |
Approved by: portmgr blanket
Notes:
svn path=/head/; revision=415503
|
|
|
|
|
|
|
| |
Approved by: portmgr blanket
Notes:
svn path=/head/; revision=415500
|
|
|
|
|
|
|
| |
Submitted by: Eduardo Morras <emorrasg@yahoo.es>
Notes:
svn path=/head/; revision=415340
|
|
|
|
|
|
|
|
| |
With hat: portmgr
Sponsored by: Absolight
Notes:
svn path=/head/; revision=412349
|
|
|
|
|
|
|
|
| |
Changelog: http://www.openssh.com/txt/release-7.2p2
Advisory: http://www.openssh.com/txt/x11fwd.adv
Notes:
svn path=/head/; revision=410844
|
|
|
|
|
|
|
|
|
|
|
| |
- Mark X509 and KERB_GSSAPI as BROKEN.
Changelog: http://www.openssh.com/txt/release-7.2
With help from: brnrd
Notes:
svn path=/head/; revision=409823
|
|
|
|
|
|
|
|
|
| |
also link to libncurses rather than libcurses
approved by: infrastructure blanket
Notes:
svn path=/head/; revision=407996
|
|
|
|
|
|
|
|
|
|
| |
This slightly refactors some of the HPN patch to avoid a conflict.
PR: 206346
Submitted by: Garret Wollman
Notes:
svn path=/head/; revision=406725
|
|
|
|
|
|
|
|
|
|
|
| |
Changes: http://www.openssh.com/txt/release-7.1p2
MFH: 2016Q1
Security: CVE-2016-0777
Security: CVE-2016-0778
Notes:
svn path=/head/; revision=406123
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's no reason to regenerate these for the sake of having 'UTC' in the patch
and it also considers patches with comments to be invalid.
WARN: /root/svn/ports/security/openssh-portable/files/patch-auth.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-auth2.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-readconf.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-regress__test-exec.sh: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-servconf.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-session.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.1: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config.5: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshconnect.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.8: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config.5: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
Notes:
svn path=/head/; revision=401299
|