aboutsummaryrefslogtreecommitdiff
path: root/security/openssh-portable
Commit message (Collapse)AuthorAgeFilesLines
* - Fix packaging when not using HPN patchesBryan Drewery2013-11-121-2/+1
| | | | | | | | PR: ports/183895 Reported by: mat Notes: svn path=/head/; revision=333580
* - Update to 6.4p1Bryan Drewery2013-11-082-6/+10
| | | | | | | | | | | | | This release fixes a security bug: * sshd(8): fix a memory corruption problem triggered during rekeying when an AES-GCM cipher is selected. Full details of the vulnerability are available at: http://www.openssh.com/txt/gcmrekey.adv Security: http://www.openssh.com/txt/gcmrekey.adv Notes: svn path=/head/; revision=333215
* - Update to 6.3p1Bryan Drewery2013-10-139-115/+338
| | | | | | | | | | | | | | | | | | | | | Changelog: http://www.openssh.org/txt/release-6.3 - Use options helpers where possible - Use upstream patch mirror for x509 and HPN - Update HPN patch to v14 and use upstream version - Add option NONECIPHER to allow disabling NONE in HPN patch - Update x509 patch from 7.4.1 to 7.6 - Add support for LDNS and enable by it and VerifyHostKeyDNS/SSHFP by default. See http://lists.freebsd.org/pipermail/freebsd-security/2013-September/007180.html which describes this change, but is supported on releases before 10 as well with LDNS option. - Update SCTP to patchlevel 2329 - Update recommendation on secure usage of SSH - Add pkg-message warning about ECDSA key possibly being incorrect due to previously being written as DSA by the rc script and fixed in r299902 in 2012 Notes: svn path=/head/; revision=330200
* - Now that :DEFAULT can be used in PATCH_SITES (fixed in 329679),Bryan Drewery2013-10-071-4/+1
| | | | | | | | depend on the upstream mirror for the x509 patch and my mirror as a fallback Notes: svn path=/head/; revision=329681
* Remove useless -c flagBryan Drewery2013-10-061-2/+2
| | | | Notes: svn path=/head/; revision=329605
* Perl has not been needed as a direct dependency since 6.0Bryan Drewery2013-10-031-2/+0
| | | | Notes: svn path=/head/; revision=329250
* - Fix KERB_GSSAPI incorrectly using a predictable cache file.Bryan Drewery2013-10-032-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | This was due to a mistake in r319062 when porting the patch from 5.8 to 6.2 There is no active upstream for this patch. For reference here are the changes made in the patch: --- - 2013-10-03 11:07:21.262913573 -0500 +++ /tmp/zdiff.XXXXXXXXXX.STScEeSI 2013-10-03 11:07:21.000000000 -0500 @@ -183,7 +183,7 @@ if (ret < 0 || (size_t)ret >= sizeof(ccname)) return ENOMEM; -+#ifdef USE_CCAPI ++#ifndef USE_CCAPI old_umask = umask(0177); tmpfd = mkstemp(ccname + strlen("FILE:")); oerrno = errno; PR: ports/180419 Reported by: Garrett Wollman <wollman@khavrinen.csail.mit.edu> Notes: svn path=/head/; revision=329246
* Mark IGNORE if KERB_GSSAPI incorrectly selectedBryan Drewery2013-10-031-4/+8
| | | | Notes: svn path=/head/; revision=329189
* Cleanup patch-readconf.c to only have 1 diffBryan Drewery2013-10-031-17/+17
| | | | Notes: svn path=/head/; revision=329185
* Update descriptions to match current conventionsBryan Drewery2013-10-031-7/+7
| | | | Notes: svn path=/head/; revision=329176
* - Copy base r251088 over (which removes a patch) and disable default sandboxBryan Drewery2013-09-294-20/+2
| | | | | | | | | | | privilege separation as it causes crashes when using AES crypto devices. This now uses 'yes' for UsePrivilegeSeparation instead of 'sandbox' by default Reminded by: Garrett Wollman Notes: svn path=/head/; revision=328706
* Fix sshd.8 referring to LOCALBASE with OVERWRITE_BASEBryan Drewery2013-09-291-0/+2
| | | | Notes: svn path=/head/; revision=328704
* Don't extract mtree with OVERWRITE_BASEBryan Drewery2013-09-291-0/+1
| | | | Notes: svn path=/head/; revision=328703
* Convert to stagedirBryan Drewery2013-09-292-20/+25
| | | | Notes: svn path=/head/; revision=328701
* - Add NO_STAGE until validated to be safe for upcoming staging supportBryan Drewery2013-09-201-0/+1
| | | | Notes: svn path=/head/; revision=327710
* - Convert to new perl5 frameworkAndrej Zverev2013-08-201-1/+2
| | | | | | | Approved by: bdrewery@ (maintainer) Notes: svn path=/head/; revision=325040
* Add an openssh-portable-base slave port to install with OVERWRITE_BASEBryan Drewery2013-07-051-1/+1
| | | | Notes: svn path=/head/; revision=322345
* Add LICENSEBryan Drewery2013-07-051-0/+2
| | | | Notes: svn path=/head/; revision=322321
* - In rc script, be consistent in reload and check for and generate keysBryan Drewery2013-06-222-2/+2
| | | | | | | | | if needed, as well as checking for port collision with base sshd. Reported by: delphij Notes: svn path=/head/; revision=321578
* - Update and re-add KERB_GSSAPI gsskex patch.Bryan Drewery2013-05-252-2/+20
| | | | | | | | | | | | | | | I did very minor porting of the upstream patch to make it apply. Note that this currently does not build with base heimdal, but does build with port MIT or port HEIMDAL. - Bump PORTREVISION in case someone built the update, expecting this option to work and now have a broken ssh. PR: ports/178885 Reported by: Garrett Wollman <wollman@csail.mit.edu> Notes: svn path=/head/; revision=319062
* - Fix sshd crash when not using HPNBryan Drewery2013-05-232-6/+13
| | | | | | | | | | | | | | This was due to not including the canohost.h header for our base customization to respect class login restrictions. I had missed this as I was only tested with the default (HPN enabled) which already was including this header. Reported by: runelind in ##freenode Tested by: runelind, myself Reported by: Krzysztof Stryjek Notes: svn path=/head/; revision=318808
* Mark BROKEN as I have received 2 separate reportsBryan Drewery2013-05-211-0/+2
| | | | | | | of crashing. Notes: svn path=/head/; revision=318727
* - Update to 6.2p2Bryan Drewery2013-05-1715-261/+369
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - The LPK patch has been updated but is obsolete, deprecated and untested. It has been replaced by AuthorizedKeysCommand - The upstream HPN's last update was for 6.1 and is mostly abandoned. The patch has had bugs since 5.9. I have reworked it and split into into HPN and AES_THREADED options. The debugging/logging part of the patch is incomplete. I may change the patch to more closely match our base version eventually. - The KERB_GSSAPI option has been removed as the patch has not been updated by upstream since 5.7 - sshd VersionAddendum is currently not working as intended; it will be fixed later to allow removing the port/pkg version. - Update our patchset to match latest base version - Bring in ssh-agent -x support from base - I incrementally updated the port from 5.8 up to 6.2p2 along with patches. You can find all of the versions at https://github.com/bdrewery/openssh Changes: http://www.openssh.com/txt/release-5.9 http://www.openssh.org/txt/release-6.0 http://www.openssh.org/txt/release-6.1 http://www.openssh.org/txt/release-6.2 http://www.openssh.org/txt/release-6.2p2 Notes: svn path=/head/; revision=318400
* - Bring in r199804 and r206397 from base to avoid killing sshd inBryan Drewery2013-05-171-0/+43
| | | | | | | high-pressure swapping environments Notes: svn path=/head/; revision=318392
* - Remove copyright as it was a base customization that was removed inBryan Drewery2013-05-171-25/+0
| | | | | | | base r213250 Notes: svn path=/head/; revision=318390
* - Remove CHROOT option and patch. ChrootDirectory was added in 5.0Bryan Drewery2013-05-172-35/+4
| | | | | | | to achieve the same thing. Notes: svn path=/head/; revision=318386
* Fix xauth and ssh-askpass still being expected in /usr/X11R6Bryan Drewery2013-05-021-1/+4
| | | | | | | This was fixed in base in 2007 in r169966 Notes: svn path=/head/; revision=317070
* - Add support for base and port Heimdal for KerberosBryan Drewery2013-04-301-2/+17
| | | | | | | | PR: ports/167554 Requested by: Volodymyr Kostyrko <c.kworr@gmail.com> Notes: svn path=/head/; revision=316929
* - Remove compatibiliy for FreeBSD <4.xBryan Drewery2013-04-1723-1971/+193
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * /var/empty has been in hier(7) since 4.x * User sshd has been in base since 4.x * Simplify a patch for realhostname_sa(3) usage - Remove SUID_SSH - It was removed from ssh in 2002 - Fix 'make test' - Add some hints into the patches on where they came from - Mirror all patches - Move LPK patch out of files/ - Remove the need for 2 patches * Removal of 'host-key check-config' in install phase * Adding -lutil - Add SCTP support [1] - Remove FILECONTROL as it has not been supported since the 5.8 update - Replace tab with space pkg-descr - Remove default WRKSRC - Add 'configtest' command to rc script - Mark X509 broken with other patches due to PATCH_DIST_STRIP=-p1 PR: ports/174570 [1] Submitted by: oleg <proler@gmail.com> [1] Obtained from: https://bugzilla.mindrot.org/show_bug.cgi?id=2016 (upstream) [1] Feature safe: yes Notes: svn path=/head/; revision=315920
* - Fix runtime crash on CURRENT due to import of NetBSD strnvis() [1]Bryan Drewery2013-02-081-1/+2
| | | | | | | | | | | | which differs in prototype from OpenBSD strnvis() [2] [1] http://lists.freebsd.org/pipermail/freebsd-stable/2013-January/071703.html [2] http://gnats.netbsd.org/44977 Submitted by: dim Notes: svn path=/head/; revision=311891
* - Fix all cases of 'No newline at end of file' in ports treeAlex Kozlov2013-02-011-1/+1
| | | | | | | Approved by: portmgr (bapt) Notes: svn path=/head/; revision=311381
* - Update mirror site for HPN patchBryan Drewery2012-12-051-1/+1
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=308352
* - Take maintainershipBryan Drewery2012-10-291-1/+1
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=306620
* Convert to OptionsNGEitan Adler2012-10-131-35/+32
| | | | | | | | | | | Trim Headers PR: ports/172429 Submitted by: Michael Gmelin <freebsd@grem.de> Feature safe: yes Notes: svn path=/head/; revision=305839
* When installing in the base, USE_RCORDER does the right thing withoutDoug Barton2012-08-051-10/+2
| | | | | | | all the gymnastics Notes: svn path=/head/; revision=302140
* Add KEYWORD: shutdownDoug Barton2012-06-241-58/+53
| | | | | | | | Simplify some code Fix an error message Notes: svn path=/head/; revision=299909
* - Fix ECDSA key generation in openssh rc.d scriptSunpoet Po-Chuan Hsieh2012-06-242-2/+2
| | | | | | | | | - Bump PORTREVISION for package change Submitted by: J. Hellenthal <jhellenthal@dataix.net> Notes: svn path=/head/; revision=299902
* Change HPN patch mirror location to one that worksEitan Adler2012-06-131-1/+1
| | | | | | | | PR: ports/168306 Submitted by: "Bryan Drewery" <bryan@shatow.net> Notes: svn path=/head/; revision=299163
* - Reset maintainershipSunpoet Po-Chuan Hsieh2012-05-011-1/+1
| | | | | | | | PR: ports/167423 Submitted by: Grzegorz Blach <magik@roorback.net> (maintainer) Notes: svn path=/head/; revision=295776
* - Perl only needed to build, not needed to run. remove PERL5_RUN from MakefileMichael Scheidell2012-03-281-2/+1
| | | | | | | | | | | | - Bump PORTREVISION PR: ports/166413 Submitted by: Gleb Smirnoff <glebius@cell.glebius.int.ru> Approved by: Grzegorz Blach <magik@roorback.net> (maintainer) Feature safe: yes Notes: svn path=/head/; revision=293925
* In the rc.d scripts, change assignments to rcvar to use theDoug Barton2012-01-141-1/+1
| | | | | | | | | | | | | | literal name_enable wherever possible, and ${name}_enable when it's not, to prepare for the demise of set_rcvar(). In cases where I had to hand-edit unusual instances also modify formatting slightly to be more uniform (and in some cases, correct). This includes adding some $FreeBSD$ tags, and most importantly moving rcvar= to right after name= so it's clear that one is derived from the other. Notes: svn path=/head/; revision=289156
* - Add USE_PERL5_BUILDMichael Scheidell2011-12-231-0/+1
| | | | | | | | | PR: ports/163414 Submitted by: portmgr (pav) Approved by: gabor (mentor) Notes: svn path=/head/; revision=287929
* - openssh-portable needs perl to build (reported by Gleb Smirnoff via mail)Michael Scheidell2011-12-231-0/+3
| | | | | | | | | | | - add ssh_engine.5 man page when openssh-portable WITH_X509 is turned on (reported by John Hein via mail) PR: ports/163414 Submitted by: Grzegorz Blach <magik@roorback.net> Approved by: gabor (mentor) Notes: svn path=/head/; revision=287924
* - update to 5.8p2 [1]Florian Smeets2011-10-2134-5635/+844
| | | | | | | | | | | | | | | | | | | - fix Kerberos knob [2] - fix build on 9.0 [3] - fix deinstall with various knobs [4] - fix LPK knob [5] PR: ports/161818 [1], ports/144597 [2], ports/160389 [3] ports/150493, ports/156926 [4], ports/155456 [5] Submitted by: "Grzegorz Blach" <magik@roorback.net> [1], [2], [4], [5] pluknet [3] Reported by: Jonathan <lordsith49@hotmail.com> [2] Kevin Thompson <antiduh@csh.rit.edu> [4] Alexey Remizov <alexey@remizov.org> [5] Notes: svn path=/head/; revision=284070
* - Maintainer to magik@roorback.netStephen Montgomery-Smith2011-07-191-1/+1
| | | | | | | Approved by: maho (mentor) and magik@roorback.net Notes: svn path=/head/; revision=277928
* - Add VersionAddendum support.Stephen Montgomery-Smith2011-07-1312-43/+244
| | | | | | | | | | | - Bump portrevision. PR: ports/142824 Submitted by: Scot Hetzel <swhetzel@gmail.com> Approved by: gabor (mentor) Notes: svn path=/head/; revision=277657
* -remove MD5Olli Hauer2011-07-031-3/+0
| | | | Notes: svn path=/head/; revision=276991
* Unbreak build with LPK option (broken after commit 1.674 in bsd.port.mk).Sergey Skvortsov2011-03-111-1/+1
| | | | Notes: svn path=/head/; revision=270702
* Remove OpenSC support. This port should be updated to support PKCS#11.Alex Dupre2010-12-272-146/+0
| | | | Notes: svn path=/head/; revision=266965
* - Fix optional dependency on security/heimdalRene Ladan2010-11-211-2/+2
| | | | | | | | | | | | - Bump PORTREVISION PR: ports/152029 Submitted by: Joerg Pulz [Joerg.Pulz frm2.tum.de] Approved by: Ryan Steinmetz <rpsfa@rit.edu> (maintainer of net/freeradius*) girgen (maintainer of databases/postgresql*-server, 14 day timeout) Notes: svn path=/head/; revision=264890
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-02 20:14:14 +0000