aboutsummaryrefslogtreecommitdiff
path: root/security/openssh-portable
Commit message (Collapse)AuthorAgeFilesLines
* - Fix X509 build after r484765 openssl fixBryan Drewery2018-11-124-48/+24
| | | | | | | | | | | - Fix patch URL for KERB_GSSAPI - Add FLAVORs for x509 and gssapi since they are distinct types of OpenSSH rather than feature flags. Approved by: portmgr (implicit) Notes: svn path=/head/; revision=484842
* - Update KERB_GSSAPI for 7.9p1Bryan Drewery2018-11-122-3/+3
| | | | Notes: svn path=/head/; revision=484824
* - Fix HPN for 7.9p1Bryan Drewery2018-11-123-20/+40
| | | | | | | | | | | | | - DOCS is required for HPN but it's not exclusively a flavor so needs to be in the default list. - Fix a build-time OpenSSL version comparison [1] PR: 233157 [1] Reported by: Robert Schulze <rs@bytecamp.net> [1] Obtained from: upstream c0a35265907533be10ca151ac797f34ae0d68969 [1] Notes: svn path=/head/; revision=484823
* Update to 7.9p1.Bryan Drewery2018-11-1112-210/+56
| | | | | | | | | | | | | | - Fixes build on 12, head, and openssl-devel. - GSSAPI and HPN are currently marked BROKEN as I don't want to block the main update for anyone. http://www.openssh.com/txt/release-7.8 http://www.openssh.com/txt/release-7.9 MFH: 2018Q4 (due to being broken on 12+head) Notes: svn path=/head/; revision=484765
* security/openssl-devel was removed, but there is a security/openssl111 now.Mathieu Arnold2018-11-101-2/+2
| | | | Notes: svn path=/head/; revision=484599
* Add DOCS options to ports that should have one.Mathieu Arnold2018-09-101-0/+1
| | | | | | | | | | | Also various fixes related to said option. PR: 230864 Submitted by: mat exp-runs by: antoine Notes: svn path=/head/; revision=479406
* Simplify CONFLICTS_INSTALL.Bryan Drewery2018-06-291-3/+3
| | | | | | | Reported by: mat Notes: svn path=/head/; revision=473555
* - Fix and update HPN patch to latest from upstream but leave it off byBryan Drewery2018-06-283-282/+307
| | | | | | | | | | | default. - Add an 'hpn' FLAVOR to produce a package for users with HPN and NONECIPHER enabled. Approved by: portmgr (implicit) Notes: svn path=/head/; revision=473485
* Update x509 patch to 11.3.2Bryan Drewery2018-06-263-4/+38
| | | | Notes: svn path=/head/; revision=473412
* Forgot PORTREVISION bump for r472797.Bryan Drewery2018-06-191-1/+1
| | | | | | | PR: 229147 Notes: svn path=/head/; revision=472798
* Fix nologin check when PAM option is disabled in the port.Bryan Drewery2018-06-191-11/+14
| | | | | | | | PR: 229147 Submitted by: Robert Schulze <rs@bytecamp.net> Notes: svn path=/head/; revision=472797
* Add lost metadata on why this patch existsBryan Drewery2018-06-191-0/+8
| | | | Notes: svn path=/head/; revision=472796
* - Add XMSS option to enable experimental key support added in 7.7 [1]Bryan Drewery2018-05-036-2/+157
| | | | | | | | | | | | | | | | | | - Bring in upstream patches post 7.7 to fix various issues [2]: b81b2d120e9c8a83489e241620843687758925ad - Fix tunnel forwarding broken in 7.7p1 341727df910e12e26ef161508ed76d91c40a61eb - don't kill ssh-agent's listening socket entriely if we fail to accept a connection 85fe48fd49f2e81fa30902841b362cfbb7f1933b - don't free the %C expansion, it's used later for LocalCommand 868afa68469de50d8a43e5daf867d7c624a34d20 - Disable SSH2_MSG_DEBUG messages for Twisted Conch clients f5baa36ba79a6e8c534fb4e0a00f2614ccc42ea6 - Omit 3des-cbc if OpenSSL built without DES PR: 227758 [1] Submitted by: IWAMOTO Kouichi <sue@iwmt.org> [1] PR: 227551 [2] Reported by: rozhuk.im@gmail.com [2] Obtained from: upstream mirror https://github.com/openssh/openssh-portable [2] Notes: svn path=/head/; revision=468998
* Update the KERB_GSSAPI patch from debian.Bryan Drewery2018-04-252-4/+6
| | | | | | | | | | | | | https://sources.debian.org/data/main/o/openssh/1:7.7p1-2/debian/patches/gssapi.patch is mirrored due to not being filename-unique and not gzipped. PR: 226789 Submitted by: Rick Miller <vmiller@verisign.com> (based on) Tested by: Rick Miller <vmiller@verisign.com> Reported by: david@dcrosstech.com Notes: svn path=/head/; revision=468286
* The block of code that canonicallizes the hostname supplied onCraig Leres2018-04-122-9/+9
| | | | | | | | | | | | | | | | | | the command line added by patch-ssh.c misapplies to 7.7p1 and moves from main() to to ssh_session2(). This breaks ssh SSHFP support for non-canonical hostnames. For example, "ssh zinc" correctly discovers the FQDN (zinc.ee.lbl.gov) and uses it to look up A and AAAA records but the non-canonical version (zinc) is used in the SSHFP record lookup which or course fails. Regenerate the patch. Reviewed by: bdrewery, ler (mentor) Approved by: bdrewery, ler (mentor) Differential Revision: https://reviews.freebsd.org/D15053 Notes: svn path=/head/; revision=467200
* Make BROKEN lines more clearBryan Drewery2018-04-051-2/+2
| | | | Notes: svn path=/head/; revision=466595
* Update to 7.7p1Bryan Drewery2018-04-057-187/+141
| | | | | | | | | | | | | | | | | - Update x509 patch to 11.3 - Remove SCTP option as it has not had a patch available since 7.2. Changes: https://www.openssh.com/txt/release-7.7 Notable changes: * ssh(1)/sshd(8): Drop compatibility support for some very old SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The support in question isn't necessary for RFC-compliant SSH implementations. Notes: svn path=/head/; revision=466577
* libressl support was fixed in r452358Bryan Drewery2018-04-031-2/+1
| | | | Notes: svn path=/head/; revision=466385
* Mark some ports broken with openssl-devel.Mathieu Arnold2018-03-291-1/+2
| | | | | | | Sponsored by: Absolight Notes: svn path=/head/; revision=465899
* Remove OVERWRITE_BASE compat - it was marked IGNORE in 2015Bryan Drewery2018-03-161-6/+1
| | | | Notes: svn path=/head/; revision=464727
* LibreSSL + LDNS: Fix random crashes.Bryan Drewery2017-10-181-3/+2
| | | | | | | | | | | | | This happens due to ldns-config --libs adding in too many libraries (overlinking), and -lcrypto again, which causes some strange conflict/corruption. By specifying the path to --with-ldns, configure only adds in -ldns rather than every library ldns itself needs. PR: 223000 Reported by: many Notes: svn path=/head/; revision=452358
* security/openssh-portable: Remove groff dependencyKubilay Kocak2017-10-161-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | An unconditional dependency on groff was added in ports r441907 [1] as part of bug 213725 (groff removal from base). OpenSSH release-5.7 notes the following: * Use mandoc as preferred manpage formatter if it is present, followed by nroff and groff respectively. This change removes groff as an unconditional dependency allowing mandoc to be used, and reduces many subsequence dependencies accordingly. It additionally explicitly sets 'mantype', which ensures that man pages are installed in the same location (LOCALBASE/man) independently from the generator used. Without this, a packaging (pkg-plist) error is observed (installing man pages into LOCALBASE/doc not LOCALBASE/man), which was presumably the genesis of the groff dependency addition in the first place. [1] http://svnweb.freebsd.org/changeset/ports/441907 Reviewed by: bdrewery (maintainer), allanjude Approved by: bdrewery (maintainer) Differential Revision: D11793 Notes: svn path=/head/; revision=452177
* Mark broken with libressl as it has several random crashses.Bryan Drewery2017-10-141-1/+2
| | | | | | | PR: 223000 Notes: svn path=/head/; revision=452074
* Bring in upstream fix for PermitOpen from commit 7c9613fac337Bryan Drewery2017-10-132-1/+45
| | | | Notes: svn path=/head/; revision=452035
* Update to 7.6p1Bryan Drewery2017-10-126-35/+184
| | | | | | | | | | | | | | | | | | | | - Update x509 patch to 11.0 - HPN/NONECIPHER do not apply currently and are disabled by default, same as the base sshd. A compatibility patch is applied if these options are disabled to prevent startup failures; the options are kept as deprecated. - SCTP patch does not apply. Changes: https://www.openssh.com/txt/release-7.6 Notable changes: - SSH version 1 support dropped. - Dropped support for hmac-ripemd160 MAC. - Dropped support for the ciphers arcfour, blowfish and CAST. - RSA keys less than 1024 bits are refused. Notes: svn path=/head/; revision=451927
* Fix LDNS detection.Bryan Drewery2017-06-092-3/+11
| | | | | | | | | | | This is the same fix made upstream as well. PR: 218472 Submitted by: leres@ee.lbl.gov MFH: 2017Q2 Notes: svn path=/head/; revision=442999
* Register dependency on groffAntoine Brodin2017-05-281-1/+1
| | | | | | | PR: 213725 Notes: svn path=/head/; revision=441907
* Mark those as not building with openssl-devel.Mathieu Arnold2017-04-271-0/+3
| | | | | | | Sponsored by: Absolight Notes: svn path=/head/; revision=439541
* - Update to 7.5p1.Bryan Drewery2017-04-015-32/+30
| | | | | | | | | | - Update X509 to 10.1. - Disable KERB_GSSAPI for now as it does not build. Changes: https://www.openssh.com/txt/release-7.5 Notes: svn path=/head/; revision=437391
* - Change USE_AUTOTOOLS to USES= autoreconfBryan Drewery2017-03-202-3/+2
| | | | | | | | | | - Change @exec to @postexec in pkg-plist Submitted by: brnrd PR: 217962 Notes: svn path=/head/; revision=436555
* Remove all USE_OPENSSL occurrences.Mathieu Arnold2017-03-151-2/+1
| | | | | | | Sponsored by: Absolight Notes: svn path=/head/; revision=436247
* - Chase ldns shlip bumpMartin Wilke2017-03-031-1/+1
| | | | | | | PR: 217495 Notes: svn path=/head/; revision=435306
* Fix build with NONE_CIPHER.Bryan Drewery2017-01-171-3/+3
| | | | Notes: svn path=/head/; revision=431773
* Update to 7.4p1.Bryan Drewery2017-01-1616-390/+264
| | | | | | | | | | - Update X509 patch to 9.3 - SCTP patch from soralx@cydem.org Changes: https://www.openssh.com/txt/release-7.4 Notes: svn path=/head/; revision=431698
* Fix to only enable SCTP patch with option from r431441Bryan Drewery2017-01-131-2/+2
| | | | Notes: svn path=/head/; revision=431448
* Add forgotten patch in r431438 for CVE-2016-10009 and CVE-2016-10010.Bryan Drewery2017-01-132-1/+24
| | | | | | | | | Security: 2c948527-d823-11e6-9171-14dae9d210b8 Submitted by: Tim Zingelman <zingelman@gmail.com> MFH: 2017Q1 Notes: svn path=/head/; revision=431445
* Add working SCTP patch.Bryan Drewery2017-01-132-3/+877
| | | | | | | | | | This has 2 minor changes from the upstream bug 1604 PR: 215632 Submitted by: soralx@cydem.org Notes: svn path=/head/; revision=431441
* Add patches to cover security issues CVE-2016-10009 and CVE-2016-10010.Bryan Drewery2017-01-133-18/+150
| | | | | | | | | Security: 2c948527-d823-11e6-9171-14dae9d210b8 Submitted by: Tim Zingelman <zingelman@gmail.com> MFH: 2017Q1 Notes: svn path=/head/; revision=431438
* Bring in upstream commit ec165c392ca54317dbe3064a8c200de6531e89ad:Bryan Drewery2016-10-242-1/+34
| | | | | | | | | | | | Unregister the KEXINIT handler after message has been received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause allocation of up to 128MB -- until the connection is closed. Reported by shilei-c at 360.cn Security: CVE-2016-8858 Notes: svn path=/head/; revision=424592
* - Update to 7.3p1Bryan Drewery2016-08-085-26/+29
| | | | | | | | | | | - X509: Unbreak and update to 9.0 - SCTP: Mark BROKEN - KERB_GSSAPI: Unbreak and update from Debian's patch Release notes: http://www.openssh.com/txt/release-7.3 Notes: svn path=/head/; revision=419892
* - Fix trailing whitespace in pkg-messagesDmitry Marakasov2016-05-191-1/+1
| | | | | | | Approved by: portmgr blanket Notes: svn path=/head/; revision=415503
* - Fix trailing whitespace in pkg-descrs, categories [p-x]*Dmitry Marakasov2016-05-191-2/+2
| | | | | | | Approved by: portmgr blanket Notes: svn path=/head/; revision=415500
* Bring in updated SCTP patch from gentoo.Bryan Drewery2016-05-162-4/+3
| | | | | | | Submitted by: Eduardo Morras <emorrasg@yahoo.es> Notes: svn path=/head/; revision=415340
* Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.Mathieu Arnold2016-04-011-3/+3
| | | | | | | | With hat: portmgr Sponsored by: Absolight Notes: svn path=/head/; revision=412349
* - Update to 7.2p2 which fixes X11Forwarding command injection vulnerability.Bryan Drewery2016-03-112-3/+3
| | | | | | | | Changelog: http://www.openssh.com/txt/release-7.2p2 Advisory: http://www.openssh.com/txt/x11fwd.adv Notes: svn path=/head/; revision=410844
* - Update to 7.2p1Bryan Drewery2016-02-298-110/+37
| | | | | | | | | | | - Mark X509 and KERB_GSSAPI as BROKEN. Changelog: http://www.openssh.com/txt/release-7.2 With help from: brnrd Notes: svn path=/head/; revision=409823
* x11/xterm: document ncurses requirement (USES+=ncurses)John Marino2016-02-032-1/+12
| | | | | | | | | also link to libncurses rather than libcurses approved by: infrastructure blanket Notes: svn path=/head/; revision=407996
* Fix the KERB_GSSAPI option using the latest patch from Debian.Bryan Drewery2016-01-204-26/+49
| | | | | | | | | | This slightly refactors some of the HPN patch to avoid a conflict. PR: 206346 Submitted by: Garret Wollman Notes: svn path=/head/; revision=406725
* Update to 7.1p2Bryan Drewery2016-01-142-4/+4
| | | | | | | | | | | Changes: http://www.openssh.com/txt/release-7.1p2 MFH: 2016Q1 Security: CVE-2016-0777 Security: CVE-2016-0778 Notes: svn path=/head/; revision=406123
* Make portlint stop spamming me. It's gotten quite silly.Bryan Drewery2015-11-1116-6/+17
| | | | | | | | | | | | | | | | | | | | | | | | | There's no reason to regenerate these for the sake of having 'UTC' in the patch and it also considers patches with comments to be invalid. WARN: /root/svn/ports/security/openssh-portable/files/patch-auth.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-auth2.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-readconf.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-regress__test-exec.sh: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-servconf.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-session.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.1: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config.5: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-sshconnect.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.8: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config.5: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format. Notes: svn path=/head/; revision=401299