FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us

I am looking for an LTO tape library. Do you have one to spare?
Commit found by message id
Mon, 7 Jul 2003
[ 14:19:07 netchild ] Original commit 
ssh2 security  Deleted Deprecated Expired files touched by this commit  An older version of this port was marked as vulnerable. Secure shell client and server for V.2 SSH protocol
Update to 3.2.5:

        * Fixed a critical security bug with RSA signature
          verification. Mitigating factors: DSA is used by default (not
          vulnerable). Also, the attack requires that attacker has the
          public key and the attacker needs to precompute the signature
          data so, that it looks like a valid PKCS#1 signature. This is a
          non-trivial task to perform without the private
          key. Nonetheless, all users should update their servers and
          clients as soon as convenient. Workarounds are to not use RSA
          keys as host keys (though connecting to existing hosts with RSA
          hostkeys poses a serious risk with a vulnerable client), and
          disabling publickey authentication. Update your clients and

 Update MASTER_SITES, remove sites that are down or no langer carry ssh2
  and add some new.
- Turn Kerberos and group writeability support into knobs so one hasn't to
  edit the Makefile.
- Remove dependency on security/tcp_wrapper for tcp-wrapper support on
  systems < FreeBSD 4.0, that port is no longer persistent.
- Fix pkg-plist for WITH_STATIC_SFTP case.
- Replace referneces to /etc/ssh2/* in man pages with references to
  PREFIX/etc/ssh2/* in order to better fit for FreeBSD.
- Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc.
- Remove duplicated mechanism for generating the host key if an old one isn't
  found in the post-install target in the Makefile of the port, this is
  already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile.
- Fix differences between the install action done when installing the
  package versus installing the port. I.e. make the package create the host
  key with what ever bits ssh-keygen2 defaults to (currently 2048) instead
  of 1024 bits, copy over the configuration files for ssh2 and sshd2 from
  the examples if not already existent and create the directories for the
  global host keys and known hosts files.
- Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2,
  i.e. configuration files that don't differ from the corresponding examples
  and empty directories. Inform the user to remove what's left over if any.
- Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets
  set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of
  "/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH
  and seems more usefull. One might want to patch ssh2 to also use login_cap(3)
  so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf.
- Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist.

Submitted by:   Marius Strobl <>
Approved by:    maintainer

Number of ports [& non-ports] in this commit: 1

show all files

User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
How big is it?
The latest upgrade!

Enter Keywords:

Latest Vulnerabilities
phpmyadminSep 13
ossec-hids-clientSep 11
ossec-hids-localSep 11
ossec-hids-serverSep 11
chromiumSep 09
trafficserverSep 05
apache22*Sep 03
apache22-event-mpm*Sep 03
apache22-itk-mpm*Sep 03
apache22-peruser-mpm*Sep 03
apache22-worker-mpm*Sep 03
chromiumAug 26
fileAug 21
py-djangoAug 21
py-django-develAug 21

5 vulnerabilities affecting 12 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Deleted ports
Sanity Test Failures

NEW Graphs (Javascript)

Calculated hourly:
Port count 24092
Broken 121
Deprecated 93
Ignore 386
Forbidden 17
Restricted 205
Vulnerable 21
Expired 7
Set to expire 88
Interactive 0
new 24 hours 0
new 48 hours6
new 7 days51
new fortnight137
new month246

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.