| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
7.6.p1_1,1
13 Oct 2017 23:27:20
    |
bdrewery  |
Bring in upstream fix for PermitOpen from commit 7c9613fac337 |
7.6.p1,1
12 Oct 2017 19:40:58
|
bdrewery |
Update to 7.6p1
- Update x509 patch to 11.0
- HPN/NONECIPHER do not apply currently and are disabled by default,
same as the base sshd. A compatibility patch is applied if
these options are disabled to prevent startup failures; the options
are kept as deprecated.
- SCTP patch does not apply.
Changes: https://www.openssh.com/txt/release-7.6
Notable changes:
- SSH version 1 support dropped.
- Dropped support for hmac-ripemd160 MAC.
- Dropped support for the ciphers arcfour, blowfish and CAST.
- RSA keys less than 1024 bits are refused. |
7.5.p1_1,1
09 Jun 2017 14:44:19
|
bdrewery |
Fix LDNS detection.
This is the same fix made upstream as well.
PR: 218472
Submitted by: leres@ee.lbl.gov
MFH: 2017Q2 |
7.5.p1,1
28 May 2017 10:58:00
|
antoine |
Register dependency on groff
PR: 213725 |
7.5.p1,1
27 Apr 2017 12:14:37
|
mat |
Mark those as not building with openssl-devel.
Sponsored by: Absolight |
7.5.p1,1
01 Apr 2017 01:59:25
|
bdrewery |
- Update to 7.5p1.
- Update X509 to 10.1.
- Disable KERB_GSSAPI for now as it does not build.
Changes: https://www.openssh.com/txt/release-7.5 |
7.4.p1_1,1
20 Mar 2017 18:16:43
|
bdrewery |
- Change USE_AUTOTOOLS to USES= autoreconf
- Change @exec to @postexec in pkg-plist
Submitted by: brnrd
PR: 217962 |
7.4.p1_1,1
15 Mar 2017 14:45:31
|
mat |
Remove all USE_OPENSSL occurrences.
Sponsored by: Absolight |
7.4.p1_1,1
03 Mar 2017 04:12:21
|
miwi |
- Chase ldns shlip bump
PR: 217495 |
7.4.p1,1
17 Jan 2017 19:38:38
|
bdrewery |
Fix build with NONE_CIPHER. |
7.4.p1,1
16 Jan 2017 19:30:31
|
bdrewery |
Update to 7.4p1.
- Update X509 patch to 9.3
- SCTP patch from soralx@cydem.org
Changes: https://www.openssh.com/txt/release-7.4 |
7.3.p1_5,1
13 Jan 2017 23:44:24
|
bdrewery |
Fix to only enable SCTP patch with option from r431441 |
7.3.p1_4,1
13 Jan 2017 23:39:48
|
bdrewery |
Add forgotten patch in r431438 for CVE-2016-10009 and CVE-2016-10010.
Security: 2c948527-d823-11e6-9171-14dae9d210b8
Submitted by: Tim Zingelman <zingelman@gmail.com>
MFH: 2017Q1 |
7.3.p1_3,1
13 Jan 2017 23:28:54
|
bdrewery |
Add working SCTP patch.
This has 2 minor changes from the upstream bug 1604
PR: 215632
Submitted by: soralx@cydem.org |
7.3.p1_2,1
13 Jan 2017 23:23:36
|
bdrewery |
Add patches to cover security issues CVE-2016-10009 and CVE-2016-10010.
Security: 2c948527-d823-11e6-9171-14dae9d210b8
Submitted by: Tim Zingelman <zingelman@gmail.com>
MFH: 2017Q1 |
7.3.p1_1,1
24 Oct 2016 22:52:17
|
bdrewery |
Bring in upstream commit ec165c392ca54317dbe3064a8c200de6531e89ad:
Unregister the KEXINIT handler after message has been
received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
allocation of up to 128MB -- until the connection is closed. Reported by
shilei-c at 360.cn
Security: CVE-2016-8858 |
7.3.p1,1
08 Aug 2016 19:22:37
|
bdrewery |
- Update to 7.3p1
- X509: Unbreak and update to 9.0
- SCTP: Mark BROKEN
- KERB_GSSAPI: Unbreak and update from Debian's patch
Release notes: http://www.openssh.com/txt/release-7.3 |
7.2.p2,1
19 May 2016 11:09:14
|
amdmi3 |
- Fix trailing whitespace in pkg-messages
Approved by: portmgr blanket |
7.2.p2,1
19 May 2016 10:53:06
|
amdmi3 |
- Fix trailing whitespace in pkg-descrs, categories [p-x]*
Approved by: portmgr blanket |
7.2.p2,1
16 May 2016 16:56:48
|
bdrewery |
Bring in updated SCTP patch from gentoo.
Submitted by: Eduardo Morras <emorrasg@yahoo.es> |
7.2.p2,1
01 Apr 2016 14:25:18
|
mat |
Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.
With hat: portmgr
Sponsored by: Absolight |
7.2.p2,1
11 Mar 2016 22:49:26
|
bdrewery |
- Update to 7.2p2 which fixes X11Forwarding command injection vulnerability.
Changelog: http://www.openssh.com/txt/release-7.2p2
Advisory: http://www.openssh.com/txt/x11fwd.adv |
7.2.p1,1
29 Feb 2016 18:36:58
|
bdrewery |
- Update to 7.2p1
- Mark X509 and KERB_GSSAPI as BROKEN.
Changelog: http://www.openssh.com/txt/release-7.2
With help from: brnrd |
7.1.p2,1
03 Feb 2016 22:15:12
|
marino |
x11/xterm: document ncurses requirement (USES+=ncurses)
also link to libncurses rather than libcurses
approved by: infrastructure blanket |
7.1.p2,1
20 Jan 2016 02:18:42
|
bdrewery |
Fix the KERB_GSSAPI option using the latest patch from Debian.
This slightly refactors some of the HPN patch to avoid a conflict.
PR: 206346
Submitted by: Garret Wollman |
7.1.p2,1
14 Jan 2016 16:41:45
|
bdrewery |
Update to 7.1p2
Changes: http://www.openssh.com/txt/release-7.1p2
MFH: 2016Q1
Security: CVE-2016-0777
Security: CVE-2016-0778 |
7.1.p1_4,1
11 Nov 2015 21:21:45
|
bdrewery |
Make portlint stop spamming me. It's gotten quite silly.
There's no reason to regenerate these for the sake of having 'UTC' in the patch
and it also considers patches with comments to be invalid.
WARN: /root/svn/ports/security/openssh-portable/files/patch-auth.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-auth2.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-readconf.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN:
/root/svn/ports/security/openssh-portable/files/patch-regress__test-exec.sh:
patch was not generated using ``make makepatch''. It is recommended to use
``make makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-servconf.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-session.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.1: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh.c: patch was not
generated using ``make makepatch''. It is recommended to use ``make makepatch''
when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config.5: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshconnect.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.8: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config.5: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format. |
7.1.p1_4,1
11 Nov 2015 21:04:48
|
bdrewery |
Fix the NONECIPHER not actually being offered by the server.
Upstream issue: https://github.com/rapier1/openssh-portable/issues/3 |
7.1.p1_3,1
11 Nov 2015 18:04:40
|
bdrewery |
Update advice to disable ChallengeResponseAuthentication for key usage.
PR: 204475
Reported by: Mark.Martinec@ijs.si |
7.1.p1_2,1
15 Oct 2015 14:55:14
 |
mat |
Drop 8 support.
With hat: portmgr
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D3694 |
7.1.p1_2,1
24 Sep 2015 21:54:40
|
bdrewery |
Stop trying to create the RSA protocol 1 key from the rc.d file. It is no
longer supported by default since 7.0. [1]
I do plan to make this configurable based on PR 202169 [2] soon.
PR: 202792 [1]
PR: 202169 [2]
Submitted by: chrysalis@chrysalisnet.org [1] |
7.1.p1_1,1
16 Sep 2015 13:03:46
|
mat |
It seems some people keep adding $FreeBSD$ to patch files.
Patches must not be changed by the vcs, this includes the
svn:keyword expansion. Set fbsd:nokeywords to a couple of patches.
With hat: portmgr
Sponsored by: Absolight |
7.1.p1_1,1
25 Aug 2015 03:59:54
|
bdrewery |
Fix patch from r395182 on head. The patch(1) command works fine on 8.4
and 9.3 but not head with this patch. |
7.1.p1_1,1
24 Aug 2015 18:51:08
|
bdrewery |
Apply upstream fix for 'HostkeyAlgorithms +' support. |
7.1.p1,1
21 Aug 2015 21:51:01
|
bdrewery |
Update to 7.1p1
Changes: http://www.openssh.com/txt/release-7.1 |
7.0.p1,1
18 Aug 2015 15:42:52
|
bdrewery |
- Update to OpenSSH 7.0p1
- Update X509 patch to 8.5
Changes: http://www.openssh.com/txt/release-7.0 |
6.9.p1_2,1
27 Jul 2015 18:47:56
|
bdrewery |
Add upstream fix to address CVE-2015-5600 for MaxAuthTries bypass.
Security: 5b74a5bc-348f-11e5-ba05-c80aa9043978 |
6.9.p1_1,1
27 Jul 2015 18:41:02
|
bdrewery |
Fix accidental revert of PermitRootLogin default to NO.
This was due to the patch not being needed in the snapshot version
which I based the 6.9 update off of. The default is changed in
the upcoming 7.0 release |
6.9.p1,1
27 Jul 2015 18:30:25
|
bdrewery |
- Update to 6.9p1
- Update X509 patch to 8.4
Changes: http://www.openssh.com/txt/release-6.9 |
6.8.p1_8,1
24 Jul 2015 17:01:58
|
bdrewery |
Use new USES=libedit |
6.8.p1_8,1
24 Jun 2015 19:35:58
|
bdrewery |
Support changed ETCDIR in pkg-plist |
6.8.p1_7,1
24 Jun 2015 18:38:00
|
bdrewery |
Allow user overriding ETCDIR |
6.8.p1_7,1
02 Jun 2015 15:00:44
|
bdrewery |
Add openssh-portable-devel which is based on the upstream snapshots for staging
and testing.
Its initial version is 20150602 which is nearly the upcoming 6.9 version. |
6.8.p1_7,1
22 May 2015 20:34:29
|
mat |
Remove $FreeBSD$ from patches files everywhere.
With hat: portmgr
Sponsored by: Absolight |
6.8.p1_7,1
16 May 2015 16:28:40
|
bdrewery |
Avoid a potential read overflow. This was not deemed a security issue by
upstream; it was fixed upstream comprehensively a few weeks ago in
77199d6ec8986d470487e66f8ea8f4cf43d2e20c.
PR: 200241
Patch by: Hanno Bock <hanno@hboeck.de>
Obtained from: http://www.openwall.com/lists/oss-security/2015/05/16/3 |
6.8.p1_6,1
14 May 2015 10:15:09
|
mat |
MASTER_SITES cleanup.
- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.
While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.
Also, replace some EXTRACT_SUFX occurences with USES=tar:*.
Checked by: make fetch-urlall-list
With hat: portmgr
Sponsored by: Absolight |
6.8.p1_6,1
06 May 2015 18:39:41
|
bdrewery |
Fix clients getting 'Bad packet length' and 'Disconnecting: Packet corrupt'
when the NONECIPHER option is selected but not the HPN option. The server
banner was improperly sending a NULL byte after the newline causing confusion
on the client. This was an error in my own modifications to the HPN patch
in r383231.
This may have occurred with stale builds as well, such as running
'make configure' then 'portsnap update' and then 'make build'.
Pointyhat to: bdrewery
Reported by: many
PR: 199352 |
6.8.p1_5,1
14 Apr 2015 16:42:25
|
bdrewery |
Replace the TTSH patch from r383618 with the one that upstream took.
Obtained from upstream d8f391caef623 |
6.8.p1_4,1
09 Apr 2015 20:57:24
|
bdrewery |
Cleanup some unneeded patches.
1. There's no need to patch the xauth(1) location as the OpenSSH build already
does so based on the --with-xauth path provided. It also updates manpages.
2. Don't modify manpage for shosts location as it was wrong. The proper
LOCALBASE path is now used due to OpenSSH's build already handling it
properly.
3. Remove confusing UsePrivilegeSeparation change in sshd_config. The default
upstream is to have it disabled by default. The sshd_config line is in
upstream to enable it by default in new installations. We always enable
it though. So remove the sshd_config change which makes it look like
we don't use it; it was not a needed difference with upstream.
From discussion with: TJ <tj@mrsk.me> |
6.8.p1_3,1
09 Apr 2015 20:19:18
|
bdrewery |
Limit the TTSSH bug fix in r383618 to only versions that have it.
Submitted by: IWAMOTO Kouichi <sue@iwmt.org> |
6.8.p1_2,1
09 Apr 2015 02:33:47
|
bdrewery |
Fix TTSSH (Tera Type/Term) client crash:
Unexpected SSH2 message(80) on current stage(6)
This patch was submitted upstream. The client has fixed it in their SVN [1][2]
but not yet released a fixed build.
[1] http://en.sourceforge.jp/ticket/browse.php?group_id=1412&tid=35010
[2] http://en.sourceforge.jp/projects/ttssh2/scm/svn/commits/5829 |
6.8.p1_1,1
09 Apr 2015 01:49:10
|
bdrewery |
Remove debugging leftover in release.
error: mm_request_receive: socket closed
Obtained from: Upstream c7fe79ed7db427f1474e72b9f8b465901d61d3f6 |
6.8.p1,1
04 Apr 2015 17:16:59
|
bdrewery |
- Update to 6.8p1
- Fix 'make test'
- HPN:
- NONECIPHER is no longer default. This is not default in base and should not
be default here as it introduces security holes.
- HPN: I've audited the patch and included it in the port directory for
transparency. I identified several bugs and submitted them to the new
upstream: https://github.com/rapier1/openssh-portable/pull/2
- HPN: The entire patch is now ifdef'd to ensure various bits are properly
removed depending on the OPTIONS selected.
- AES_THREADED is removed. It has questionable benefit on modern HW and is not
stable.
- The "enhanced logging" was removed from the patch as it is too
intrusive and difficult to maintain in the port.
- The progress meter "peak throughput" patch was removed.
- Fixed HPN version showing in client/server version string when HPN
was disabled in the config.
- KERB_GSSAPI is currently BROKEN as it does not apply.
- Update X509 to 8.3
Changelog: http://www.openssh.com/txt/release-6.8 |
6.7.p1_5,1
02 Apr 2015 02:22:00
|
bdrewery |
Remove unused variable PRECIOUS |
6.7.p1_5,1
01 Apr 2015 01:04:23
|
bdrewery |
Make the check added in 2013 in r330200 for a bad ECDSA key actually work. |
6.7.p1_4,1
31 Mar 2015 19:07:26
|
bdrewery |
Remove useless IGNORE for TCP_WRAPPERS and PAM.
TCP_WRAPPERS: /usr/include/tcpd.h is always installed by the base system.
It is only libwrap.so that is conditional on WITH_TCP_WRAPPERS.
PAM: /usr/include/security/pam_modules.h is always installed.
This fixes FreshPorts claiming this port is ignored. |
6.7.p1_4,1
29 Mar 2015 04:17:54
|
bdrewery |
Make the VersionAddendum fix use the proper default.
Once I ran into the X509 issue previously I failed to retest that the patch
worked.
PR: 193127 |
6.7.p1_3,1
25 Mar 2015 08:30:28
|
marino |
security category: Remove $PTHREAD_LIBS
approved by: PTHREAD blanket |
6.7.p1_3,1
23 Mar 2015 04:23:09
|
bdrewery |
Stop forcing the port version string into the server banner.
The port now uses VersionAddendum in the sshd_config to allow overriding
this value. Using "none" allows disabling the default of the port
version string. The default is kept to show the port version string to
remain close to the base version.
Support for the client VersionAddendum may be added soon as well to better
match base and not give surprises when switching from base to the port.
PR: 193127
Requested by: many, including myself when this was broken years ago. |
6.7.p1_2,1
21 Mar 2015 19:28:41
|
bdrewery |
Fix incorrect reference to ETCSSH from r381709 |
6.7.p1_1,1
20 Mar 2015 07:07:27
|
bdrewery |
Set proper ETCDIR. Mistake in r381709 |
6.7.p1_1,1
20 Mar 2015 02:43:44
|
bdrewery |
Remove remnants of OVERWRITE_BASE which was removed in r376306 |
6.7.p1_1,1
05 Jan 2015 23:21:28
|
bdrewery |
Fix application of GSSAPI patch when using HPN. It applies fine if done after
HPN.
Reported by: gwollman |
6.7.p1_1,1
05 Jan 2015 16:13:20
|
bdrewery |
Mark OVERWRITE_BASE as IGNORE.
Keep it as an option as otherwise the user won't be notified that
their configuration is wrong and it will just install to PREFIX
instead, which would be surprising. |
6.7.p1_1,1
17 Dec 2014 02:34:44
|
bdrewery |
- Fix HPN patches for 6.7p1
- Add back HPN and NONECIPHER for the default options and bump PORTREVISION
due to this. |
6.7.p1,1
16 Dec 2014 21:44:12
|
bdrewery |
- Unbreak KERB_GSSAPI option by using Debian's patch.
I am serving the patch exactly as-is from their site. Obtained from:
http://sources.debian.net/data/main/o/openssh/1:6.7p1-3/debian/patches/gssapi.patch |
6.7.p1,1
16 Dec 2014 21:29:04
|
bdrewery |
Unmark X509 option as BROKEN after fixed in r374821 |
6.7.p1,1
16 Dec 2014 20:14:05
|
bdrewery |
- Update X509 patch to 8.2 which now supports OpenSSH 6.7p1
No PORTREVISION bump since it was BROKEN before with X509. |
6.7.p1,1
17 Nov 2014 18:08:15
|
bdrewery |
- Update to 6.7p1.
Several patches do not currently apply. Use security/openssh-portable66 for:
HPN, NONECIPHER, KERB_GSSAPI, X509.
- Add a TCP_WRAPPER patch to re-enable support after it was removed upstream. |
6.6.p1_4,1
20 Oct 2014 10:09:20
|
marino |
Add USES=alias to several ports
Alias is a new USES tool that allows DragonFly to masquerade as FreeBSD
by setting CFLAGS+= -D__FreeBSD__. For some ports, this fixes the build
without the need for additional patches.
Approved by: portmgr (bapt, blanket) |
6.6.p1_4,1
07 Oct 2014 00:48:25
|
bdrewery |
Note my intentions with OVERWRITE_BASE |
6.6.p1_4,1
03 Oct 2014 19:31:07
|
bdrewery |
- Mark OVERWRITE_BASE and security/openssh-portable-base as DEPRECATED.
These will be removed on January 1 2015.
Really ports should not be touching the base system at all.
This option is a big foot-shoot problem:
1. Recent versions of FreeBSD such as 9.3, 10.0, 10.1+, now remove all ssh
files from /usr if you 'make delete-old' with WITHOUT_SSH. This results in
removing the overwrite base files.
2. Uninstalling the package leaves the system with no ssh.
3. Running installworld without WITHOUT_SSH results in overwriting the
package, or giving false-positive 'pkg check -s' errors.
4. The port fails to pass QA checks because it removes system files. |
6.6.p1_4,1
03 Oct 2014 19:23:03
|
bdrewery |
Support multiple ListenAddress ports
Reported by: rustamabd@gmail.com |
6.6.p1_3,1
24 Jul 2014 18:34:16
|
tijl |
net/openldap24-*:
- Convert to USES=libtool and bump dependent ports
- Avoid USE_AUTOTOOLS
- Don't use PTHREAD_LIBS
- Use MAKE_CMD
databases/glom:
- Drop :keepla
- Add INSTALL_TARGET=install-strip
databases/libgda4* databases/libgda5*:
- Convert to USES=libtool and bump dependent ports
- USES=tar:xz
- Use INSTALL_TARGET=install-strip
- Use @sample (Only the first 15 lines of the commit message are shown above  ) |
6.6.p1_2,1
24 Apr 2014 01:54:58
|
bdrewery |
- Update to "6.6.1" [1]
- Switch to using @sample keyword, fixing orphans.
Upstream note on "6.6.1" [1]:
OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519
key exchange incorrectly, causing connection failures about 0.2% of
the time when this method is used against a peer that implements
the method properly.
Fix the problem and disable the curve25519 KEX when speaking to
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
to enable the compatability code.
[1] https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032494.html |
6.6.p1_1,1
24 Apr 2014 01:04:52
|
bdrewery |
Fix minor plist issues from check-plist |
6.6.p1_1,1
11 Apr 2014 03:38:16
|
bdrewery |
- Update GSS API Key Exchange patch with working version.
PR: ports/183006
Submitted by: Garrett Wollman (via email)
Tested by: Garrett Wollman |
6.6.p1,1
16 Mar 2014 17:35:33
|
bdrewery |
- Update to 6.6
- Capsicum patch no longer needed
- Update X509 patch to 7.9
Changelog: http://www.openssh.org/txt/release-6.6 |
6.5.p1_1,1
02 Mar 2014 08:43:41
|
bdrewery |
- Fix build with HEIMBAL_BASE
PR: ports/186830
Reported by: Robert Simmons <rsimmons0@gmail.com> |
6.5.p1_1,1
05 Feb 2014 03:06:08
|
bdrewery |
- Fix RC script
Pointyhat to: bdrewery
Reported by: Kenta S. <kentas@hush.com> |
6.5.p1,1
05 Feb 2014 01:40:46
|
bdrewery |
- Update to 6.5
ChangeLog: http://www.openssh.org/txt/release-6.5
- Update X509 patch to 7.8
- Update LIB_DEPENDS to new format
- Revert r328706 and re-enable privilege separation sandboxing by default
as the issue causing crashes has been fixed upstream
- capsicum(4) is now enabled upstream. A local patch is added to fix an issue
with it [1]
- KERB_GSSAPI is marked BROKEN. It does not build.
This patch lacks an upstream and I have no way to test it. It needs
a non-trivial amount of refactoring for 6.5 as the key handling API
has changed quite a bit.
Submitted by: pjd@ [1] |
6.4.p1,1
02 Feb 2014 15:47:08
|
bdrewery |
- License is all of BSD2,BSD3,MIT,public domain,BSD-Style,BEER-WARE,
"any purpose with notice intact",ISC-Style. The framework does not
support such a case easily.
See http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/LICENCE?rev=HEAD |
6.4.p1,1
12 Nov 2013 15:35:03
|
bdrewery |
- Fix packaging when not using HPN patches
PR: ports/183895
Reported by: mat |
6.4.p1,1
08 Nov 2013 12:41:44
|
bdrewery |
- Update to 6.4p1
This release fixes a security bug:
* sshd(8): fix a memory corruption problem triggered during rekeying
when an AES-GCM cipher is selected. Full details of the vulnerability
are available at: http://www.openssh.com/txt/gcmrekey.adv
Security: http://www.openssh.com/txt/gcmrekey.adv |
6.3.p1,1
13 Oct 2013 02:20:07
|
bdrewery |
- Update to 6.3p1
Changelog: http://www.openssh.org/txt/release-6.3
- Use options helpers where possible
- Use upstream patch mirror for x509 and HPN
- Update HPN patch to v14 and use upstream version
- Add option NONECIPHER to allow disabling NONE in HPN patch
- Update x509 patch from 7.4.1 to 7.6
- Add support for LDNS and enable by it and VerifyHostKeyDNS/SSHFP by default.
See
http://lists.freebsd.org/pipermail/freebsd-security/2013-September/007180.html
which describes this change, but is supported on releases before 10 as well
with LDNS option.
- Update SCTP to patchlevel 2329
- Update recommendation on secure usage of SSH
- Add pkg-message warning about ECDSA key possibly being incorrect due to
previously being written as DSA by the rc script and fixed in r299902 in
2012 |
6.2.p2_5,1
07 Oct 2013 10:41:10
|
bdrewery |
- Now that :DEFAULT can be used in PATCH_SITES (fixed in 329679),
depend on the upstream mirror for the x509 patch and my mirror
as a fallback |
6.2.p2_5,1
06 Oct 2013 17:24:26
|
bdrewery |
Remove useless -c flag |
6.2.p2_5,1
03 Oct 2013 23:45:27
|
bdrewery |
Perl has not been needed as a direct dependency since 6.0 |
6.2.p2_5,1
03 Oct 2013 22:38:57
|
bdrewery |
- Fix KERB_GSSAPI incorrectly using a predictable cache file.
This was due to a mistake in r319062 when porting the patch from 5.8 to 6.2
There is no active upstream for this patch. For reference here are the
changes made in the patch:
--- - 2013-10-03 11:07:21.262913573 -0500
+++ /tmp/zdiff.XXXXXXXXXX.STScEeSI 2013-10-03 11:07:21.000000000 -0500
@@ -183,7 +183,7 @@
if (ret < 0 || (size_t)ret >= sizeof(ccname))
return ENOMEM;
-+#ifdef USE_CCAPI
++#ifndef USE_CCAPI
old_umask = umask(0177);
tmpfd = mkstemp(ccname + strlen("FILE:"));
oerrno = errno;
PR: ports/180419
Reported by: Garrett Wollman <wollman@khavrinen.csail.mit.edu> |
6.2.p2_4,1
03 Oct 2013 13:36:40
|
bdrewery |
Mark IGNORE if KERB_GSSAPI incorrectly selected |
6.2.p2_4,1
03 Oct 2013 13:31:42
|
bdrewery |
Cleanup patch-readconf.c to only have 1 diff |
6.2.p2_4,1
03 Oct 2013 12:57:47
|
bdrewery |
Update descriptions to match current conventions |
6.2.p2_4,1
29 Sep 2013 15:07:15
|
bdrewery |
- Copy base r251088 over (which removes a patch) and disable default sandbox
privilege separation as it causes crashes when using AES crypto devices.
This now uses 'yes' for UsePrivilegeSeparation instead of 'sandbox' by
default
Reminded by: Garrett Wollman |
6.2.p2_3,1
29 Sep 2013 14:54:20
|
bdrewery |
Fix sshd.8 referring to LOCALBASE with OVERWRITE_BASE |
6.2.p2_3,1
29 Sep 2013 14:53:42
|
bdrewery |
Don't extract mtree with OVERWRITE_BASE |
6.2.p2_3,1
29 Sep 2013 14:51:30
|
bdrewery |
Convert to stagedir |
6.2.p2_3,1
20 Sep 2013 15:58:09
|
bdrewery |
- Add NO_STAGE until validated to be safe for upcoming staging support |
6.2.p2_3,1
20 Aug 2013 11:43:44
|
az |
- Convert to new perl5 framework
Approved by: bdrewery@ (maintainer) |
6.2.p2_3,1
05 Jul 2013 18:27:51
|
bdrewery |
Add an openssh-portable-base slave port to install with OVERWRITE_BASE |
6.2.p2_3,1
05 Jul 2013 12:46:46
|
bdrewery |
Add LICENSE |
As an Amazon Associate I earn from qualifying purchases.
