aboutsummaryrefslogtreecommitdiff
path: root/security/ssh2
Commit message (Collapse)AuthorAgeFilesLines
* - Remove unneeded dependency from gtk12/gtk20 [1]Martin Wilke2008-04-191-5/+5
| | | | | | | | | | | | | | | | | | - Remove USE_XLIB/USE_X_PREFIX/USE_XPM in favor of USE_XORG - Remove X11BASE support in favor of LOCALBASE or PREFIX - Use USE_LDCONFIG instead of INSTALLS_SHLIB - Remove unneeded USE_GCC 3.4+ Thanks to all Helpers: Dmitry Marakasov, Chess Griffin, beech@, dinoex, rafan, gahr, ehaupt, nox, itetcu, flz, pav PR: 116263 Tested on: pointyhat Approved by: portmgr (pav) Notes: svn path=/head/; revision=211584
* - Welcome X.org 7.2 \o/.Florent Thoumie2007-05-191-1/+1
| | | | | | | | - Set X11BASE to ${LOCALBASE} for recent ${OSVERSION}. - Bump PORTREVISION for ports intalling files in ${X11BASE}. Notes: svn path=/head/; revision=191544
* - Cast the arguments of ssh_conn_send_channel_data_type() andMarius Strobl2006-08-2813-9/+220
| | | | | | | | | | | | | | | | | | | | | | | ssh_encode_{array_alloc,buffer}() calls as appropriate in order to fix argument size problems on 64-bit platforms and that manifest themselves on amd64 and ia64. [1] - Allow the tcsetattr(3) calls in ssh_rl_{restore,set}_tty_modes_for_fd() to be interrupted by signal. This fixes occasional problems when connecting to a host for the first time. - Use the base zlib instead of the one shipping with SSH; although the latter has an enhancement allowing a minor SSH-specific optimization, using the base one has the benefit of not needing to track security vulnerabilities of zlib in this port (SSH 3.2.9.1 ships with zlib 1.1.4 which is not know to be vulnerable though). - Try to make the description of the WITHOUT_X11 option of the port Makefile to be more sentence-like. PR: 98016 [1] Approved by: netchild Obtained from: NetBSD [1] Notes: svn path=/head/; revision=171488
* Add a patch which fixes a format string vulnerability in the SFTP server.Marius Strobl2006-03-042-1/+22
| | | | | | | | | Submitted by: Jarkko Santala <jake@iki.fi> Approved by: portmgr (erwin) Security: http://vuxml.freebsd.org/594ad3c5-a39b-11da-926c-0800209adf0e.html Notes: svn path=/head/; revision=156956
* - Switch to a rc.d startup script.Marius Strobl2006-02-198-93/+114
| | | | | | | | | | | | | | | - Move the generation of the host key (if not present) from the package/ port installation to the startup script in order to be in line with what the base OpenSSH and the OpenSSH-portable port do. - Flush stdout when updating the transfer progress bar of sftp2 and scp2 so the info displayed is up to date. [1] - Remove obsolete USE_REINPLACE, remove trailing white space in Makefile. PR: 91262 [1] Approved by: netchild Notes: svn path=/head/; revision=156419
* SHA256ifyEdwin Groothuis2006-01-241-0/+1
| | | | | | | Approved by: krion@ Notes: svn path=/head/; revision=154303
* Replace ugly "@unexec rmdir %D... 2>/dev/null || true" with @dirrmtryEdwin Groothuis2006-01-221-3/+3
| | | | | | | | Approved by: krion@ PR: ports/88711 (related) Notes: svn path=/head/; revision=154116
* Remove obsolete mastersites.Mark Linimon2005-10-061-6/+0
| | | | | | | | Source: distfile survey Approved by: maintainer Notes: svn path=/head/; revision=144436
* - Add the X_WINDOW_SYSTEM={xorg,xfree86-4,xfree86-3} variable to bsd.port.mk,Eric Anholt2004-07-231-4/+2
| | | | | | | | | | | | | | | and make XFREE86_VERSION map to it. XFREE86_VERSION is now deprecated. - Make xorg the default X_WINDOW_SYSTEM on -current. - Add several new X_*_PORT variables which point to various pieces of X11 based on the setting of X_WINDOW_SYSTEM, and make ports use them. - Add information to CHANGES about how to handle the transition. PR: ports/68763 Approved by: portmgr (marcus) Approved by: re (scottl) Notes: svn path=/head/; revision=114511
* - Register dependency on x11/XFree86-4-clients for xauth(1).Alexander Leidinger2004-04-221-1/+8
| | | | | | | | | | | - Make configure explicitly look in X11BASE/bin for xauth(1) in order to also catch non-standard locations. Submitted by: maintainer (marius) Approved by: portmgr (marcus) Notes: svn path=/head/; revision=107797
* Use the @FreeBSD.org address of the maintainer.Alexander Leidinger2004-04-201-1/+1
| | | | | | | Approved by: marius Notes: svn path=/head/; revision=107715
* - Display the available build knobs via a pre-everything target.Alexander Leidinger2004-04-201-4/+34
| | | | | | | | | | | | | - Remove the autodetection for X11 support and the WITH_X11 knob, instead always build with X11 support and add a WITHOUT_X11 knob. Together with an additional ssh2-nox11 slave port this allows easier handling of these two variants and to have pre-compiled packages for both (ssh2 with X11 support depends on X11 libraries). Submitted by: maintainer (marius) Notes: svn path=/head/; revision=107710
* Add SIZE info.Alexander Leidinger2004-03-271-0/+1
| | | | | | | Submitted by: trevor via maintainer Notes: svn path=/head/; revision=105416
* ---snip---Alexander Leidinger2004-01-253-2/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | Improve Kerberos support in ssh2: - Change the WITH_KERBEROS knob into a WITHOUT_KERBEROS knob so kerberized ssh2 automatically is built when MIT Kerberos is installed, unless the WITHOUT_KERBEROS knob is defined. - Check for a library unique to MIT Kerberos to make sure it's not Heimdal that KRB5_HOME accidentally points to. - Add dependency on security/krb5 when built with Kerberos support. - When compiled with Kerberos support also turn it on by default in client and server config files and set "PermitRootLogin" to "nopwd" to only allow those with root tickets declared in ~root/.k5login" to login as root. [1] Ssh2 now should work out of the box in an environment using MIT Kerberos. Submitted by: Peter Losher <Peter_Losher@isc.org> [1] (kerberos-patch-*) Tested by: Peter Losher <Peter_Losher@isc.org> ---snip--- Submitted by: maintainer Strange commit log formatting to prevent ambiguous "Submitted by" lines by: committer Notes: svn path=/head/; revision=99040
* HEADS-UP: Traditionally this port automatically installs a start-up script forAlexander Leidinger2004-01-0417-117/+839
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there are three ways to automatically start sshd2 and /etc/rc.conf is the simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is fixed to not be tailored to the base sshd) this version of the port is the last one to do so. Beginning with next version it will only install a sample start-up script. To prevent foot shooting when updating to the next version this port won't remove an existing start-up scripting on deinstall. Please see also the pkg-message that gets displayed on installation. - Update to 3.2.9.1. This is _not_ a security update. For the non-commercial version the only change worth mentioning since 3.2.5 is the addition of the config option "DisableVersionFallback", see sshd2_config(5) for further details. - Use sites from the official list of mirrors for MASTER_SITES. - Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3. - Revise list of installed documentation. No longer install MANIFEST (list of source files) and INSTALL, install RFCs referenced in sshd2_config(5) and HOWTO.anonymous.sftp (patched to better fit FreeBSD). - Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the external (static) one is much simpler to set up and maintain (using the external one requires to install a copy of it in the home directory of the anonymous sftp user which has to be manually updated when installing a newer version of the port). - Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2. - Install examples scripts for the ExternalAuthorizationProgram and AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for further information. - Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*. - Add a pkg-message displaying the different methods to automatically start sshd2. - Switch to the start-up script for Solaris which is part of the tarball, it handles the name of the pidfile better. - Fix detection of X11 headers, this enables compilation with support for X11 SECURITY extension. See TrustX11Applications in ssh2_config(5) for further information. - Add a test target to the Makefile of the port, the tests seem a bit outdated and buggy but it's enough to e.g. do a bit of speed comparison when building with different compilers. - Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to the library search path when compiling, etc.). Revive some local modifications lost with the update to 3.1.0: - Use login_cap(3)/login_class(3) facilities to set environment variables, prority and shell, get motd, copyright, hushlogin and nologin, respect ignorenologin and requirehome. This changes are roughly based on former patch-ah and patch-ai and patches of security/openssh. - Don't print "No mail.", it's not FreeBSD login style. Submitted by: maintainer Notes: svn path=/head/; revision=97275
* Rename PORTDOCS to MYPORTDOCS to avoid a conflict with the recently addedJoe Marcus Clarke2003-11-071-2/+2
| | | | | | | | | bsd.port.mk macro. Submitted by: Oliver Eikemeier <eikemeier@fillmore-labs.com> Notes: svn path=/head/; revision=93295
* - add CONFLICTSDirk Meyer2003-10-141-0/+1
| | | | | | | | Submitted by: eikemeier@fillmore-labs.com Approved by: kris Notes: svn path=/head/; revision=91213
* Fix plist.Alexander Leidinger2003-07-071-10/+10
| | | | | | | | | No PORTREVISION update because of the short timeframe between the commits. Submitted by: maintainer Notes: svn path=/head/; revision=84396
* Update to 3.2.5:Alexander Leidinger2003-07-074-42/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fixed a critical security bug with RSA signature verification. Mitigating factors: DSA is used by default (not vulnerable). Also, the attack requires that attacker has the public key and the attacker needs to precompute the signature data so, that it looks like a valid PKCS#1 signature. This is a non-trivial task to perform without the private key. Nonetheless, all users should update their servers and clients as soon as convenient. Workarounds are to not use RSA keys as host keys (though connecting to existing hosts with RSA hostkeys poses a serious risk with a vulnerable client), and disabling publickey authentication. Update your clients and servers. Update MASTER_SITES, remove sites that are down or no langer carry ssh2 and add some new. - Turn Kerberos and group writeability support into knobs so one hasn't to edit the Makefile. - Remove dependency on security/tcp_wrapper for tcp-wrapper support on systems < FreeBSD 4.0, that port is no longer persistent. - Fix pkg-plist for WITH_STATIC_SFTP case. - Replace referneces to /etc/ssh2/* in man pages with references to PREFIX/etc/ssh2/* in order to better fit for FreeBSD. - Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc. - Remove duplicated mechanism for generating the host key if an old one isn't found in the post-install target in the Makefile of the port, this is already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile. - Fix differences between the install action done when installing the package versus installing the port. I.e. make the package create the host key with what ever bits ssh-keygen2 defaults to (currently 2048) instead of 1024 bits, copy over the configuration files for ssh2 and sshd2 from the examples if not already existent and create the directories for the global host keys and known hosts files. - Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2, i.e. configuration files that don't differ from the corresponding examples and empty directories. Inform the user to remove what's left over if any. - Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH and seems more usefull. One might want to patch ssh2 to also use login_cap(3) so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf. - Change MAINTAINER. - Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist. Submitted by: Marius Strobl <marius@alchemy.franken.de> Approved by: maintainer Notes: svn path=/head/; revision=84393
* Update port: security/ssh2 3.2.2 -> 3.2.3Edwin Groothuis2003-02-233-19/+13
| | | | | | | | PR: ports/48542 Submitted by: Lars Eggert <larse@isi.edu> Notes: svn path=/head/; revision=76323
* De-pkg-comment.Akinori MUSHA2003-02-212-1/+1
| | | | Notes: svn path=/head/; revision=76041
* 1.) If WITH_STATIC_SFTP is defined, ssh-chrootmgr works.Ying-Chieh Liao2003-01-022-7/+13
| | | | | | | | | | | | | 2.) If libX11.a exists and xauth not, the build of ssh2 fails. This patch fix this. 3.) ssh2/files/sshd.sh looks for the wrong pid file in /var/run. This patch fix this and adds 2> /dev/null to the sshd2 startup PR: 46012 Submitted by: maintainer Notes: svn path=/head/; revision=72287
* upgrade to 3.2.2Ying-Chieh Liao2003-01-022-2/+2
| | | | | | | | PR: 45876 Submitted by: maintainer Notes: svn path=/head/; revision=72254
* Update to 3.2.0Patrick Li2002-06-183-7/+3
| | | | | | | | PR: 39491 Submitted by: maintainer Notes: svn path=/head/; revision=61534
* Update to 3.1.2 which fixes a recent security problem described at:Pete Fritchman2002-05-282-3/+2
| | | | | | | | | | http://www.ssh.com/products/ssh/advisories/authentication.cfm PR: 38592 Submitted by: maintainer Notes: svn path=/head/; revision=60230
* Oops, ".include <bsd.port.pre.mk>" line must be placed here.SADA Kenji2002-05-171-2/+2
| | | | Notes: svn path=/head/; revision=59313
* Install default config files as *.sample instead of overwriting existing ones.SADA Kenji2002-05-172-25/+46
| | | | | | | | | | | Note: The PR includes diffs to cope with WITHOUT_X11 env, but this was already committed by knu-san. So I just added CONFIGURE_ARGS line, please verify it. PR: ports/35385 Submitted by: maintainer Notes: svn path=/head/; revision=59308
* ssh_askpass2 is built only when X11 is installed. SupportAkinori MUSHA2002-04-022-1/+9
| | | | | | | | | | {WITH,WITHOUT}_X11 and detect ${X11BASE}/lib/libX11.a. Reported by: bento Obtained from: security/ssh (partly) Notes: svn path=/head/; revision=57179
* - Update to 3.1.0.Akinori MUSHA2002-02-2214-326/+45
| | | | | | | | | | | | | | PR: ports/34740 Submitted by: larse@ISI.EDU - Add %%PORTDOCS%% to pkg-plist. - Assign MAINTAINER to the submitter. Requested by: issei (previous MAINTAINER) Notes: svn path=/head/; revision=55065
* Remove myself from MAINTAINERIssei Suzuki2002-02-161-1/+1
| | | | Notes: svn path=/head/; revision=54769
* Remove extra file from pkg-plist to fix package buildingDavid W. Chapman Jr.2001-09-141-1/+0
| | | | Notes: svn path=/head/; revision=47836
* Unrestrict to match the ssh port.David E. O'Brien2001-02-171-1/+1
| | | | Notes: svn path=/head/; revision=38417
* Don't install etc/rc.d/sshd.sh if sshd is being started from inetd.conf.Steve Price2000-10-301-1/+3
| | | | | | | | | PR: 15691 Submitted by: Roger Marquis <marquis@roble.com> Reviewed by: maintainer Notes: svn path=/head/; revision=34448
* Upgrade to ssh-2.3.0.Kris Kennaway2000-09-0215-152/+109
| | | | | | | | PR: ports/20869 Submitted by: Issei Suzuki <issei@issei.org> (Maintainer) Notes: svn path=/head/; revision=32191
* Remove redundant/inappropriate CATEGORIES. People need to start readingWill Andrews2000-06-021-1/+1
| | | | | | | the Porter's Handbook. :-) Notes: svn path=/head/; revision=29084
* Update to version 2.1.0pl2.Steve Price2000-05-2912-100/+119
| | | | | | | | PR: 18620 Submitted by: maintainer Notes: svn path=/head/; revision=28875
* Correct whitespace introduced during PORTNAME conversion and portlintMichael Haro2000-04-211-3/+3
| | | | Notes: svn path=/head/; revision=27847
* Standardize all user defined options to the booleans WITH_FOO andJeremy Lea2000-04-171-16/+14
| | | | | | | | | | WITHOUT_FOO. Begin the process of reserving these prefixes for user defined options. No comment by: ports Notes: svn path=/head/; revision=27680
* Sorry to everyone, the commits previously broke installing for these ports.Will Andrews2000-04-141-1/+1
| | | | | | | | | | | Thanks to those who reported this. PRs: 17927, 17937 Submitted by: Keith Davey <redlance@primenet.com> maintainer (ssh2) Notes: svn path=/head/; revision=27523
* Update with the new PORTNAME/PORTVERSION variablesChris Piazza2000-04-091-3/+3
| | | | Notes: svn path=/head/; revision=27426
* Add better sshd startup scripts; specifically, allow restarting andWill Andrews2000-04-052-2/+29
| | | | | | | | | | | | | | | | stopping the server. Martti's submission did not include -h, which I added because if I had added the scripts the way he submitted them, the server wouldn't be started on startup. PR: 10196 Submitted by: Martti Kuparinen <martti.kuparinen@ericsson.com> Reviewed by: kris (partially) No response: maintainers (PR opened February 22, 1999) Notes: svn path=/head/; revision=27351
* Support OpenSSH in the base system as the ssh1 component.David E. O'Brien2000-03-111-2/+10
| | | | Notes: svn path=/head/; revision=26743
* Make pkgname match the directory the port lives in, and to reduce collsionDavid E. O'Brien2000-01-281-2/+3
| | | | | | | | | | with the ssh1 port. Asked for by: several on the ports list over time [the maintainer has not responded to multiple emails asking about this change] Notes: svn path=/head/; revision=25179
* remove --prefix=${PREFIX} when GNU_CONFIGURE=yes and other minor cleanupsMichael Haro1999-12-242-12/+2
| | | | | | | | PR: 14759 Submitted by: Jeremy Lea <reg@shale.csir.co.za> Notes: svn path=/head/; revision=23999
* Forgot a lineChris Piazza1999-11-251-0/+1
| | | | Notes: svn path=/head/; revision=23333
* Patches are now available from www.ssh.org/patchesChris Piazza1999-11-251-0/+3
| | | | | | | Submitted by: Issei Suzuki <issei@jp.freebsd.org> Notes: svn path=/head/; revision=23332
* Removed an obsoleted patch.SADA Kenji1999-11-241-4/+0
| | | | | | | | PR: 15059 Submitted by: Maintainer Notes: svn path=/head/; revision=23303
* Path for problem with tty ownership with chflags and chown in BSD 4.4Chris Piazza1999-09-022-0/+5
| | | | | | | | | | | variants. Fixes a security bug in tty allocation. PR: 13515 PR: 13536 Submitted by: Issei Suzuki <issei@jp.FreeBSD.org> (ssh2 maintainer) Notes: svn path=/head/; revision=21200
* FreeBSD.ORG -> FreeBSD.orgMichael Haro1999-08-311-1/+1
| | | | | | | | Prompted by PR: 13476, 13477 Submitted by: KATO Tsuguru Notes: svn path=/head/; revision=21157
* $Id$ -> $FreeBSD$Peter Wemm1999-08-311-1/+1
| | | | Notes: svn path=/head/; revision=21143
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-14 13:10:40 +0000