notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.

Get notified when packages are built

A new feature has been added. FreshPorts already tracks package built by the FreeBSD project. This information is displayed on each port page. You can now get an email when FreshPorts notices a new package is available for something on one of your watch lists. However, you must opt into that. Click on Report Subscriptions on the right, and New Package Notification box, and click on Update.

FInally, under Watch Lists, click on ABI Package Subscriptions to select your ABI (e.g. FreeBSD:14:amd64) & package set (latest/quarterly) combinatio for a given watch list. This is what FreshPorts will look for.

Port details
openssh-portable The portable version of OpenBSD's OpenSSH
9.6.p1_2,1 security on this many watch lists=118 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 9.6.p1_1,1Version of this port present on the latest quarterly branch.
Maintainer: bdrewery@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2001-06-01 11:49:36
Last Update: 2024-03-06 03:17:56
Commit Hash: 69c74a9
People watching this port, also watch:: openssl, wget, libiconv, expat
License: OPENSSH
WWW:
https://www.openssh.com/portable.html
Description:
OpenBSD's OpenSSH portable version Normal OpenSSH development produces a very small, secure, and easy to maintain version for the OpenBSD project. The OpenSSH Portability Team takes that pure version and adds portability code so that OpenSSH can run on many other operating systems (Unfortunately, in particular since OpenSSH does authentication, it runs into a *lot* of differences between Unix operating systems). The portable OpenSSH follows development of the official version, but releases are not synchronized. Portable releases are marked with a 'p' (e.g. 3.1p1). The official OpenBSD source will never use the 'p' suffix, but will instead increment the version number when they hit 'stable spots' in their development.
Homepage    cgit ¦ Codeberg ¦ GitHub ¦ GitLab ¦ SVNWeb

Manual pages:
FreshPorts has no man page information for this port.
pkg-plist: as obtained via: make generate-plist
There is no configure plist information for this port.
Dependency lines:
  • openssh-portable>0:security/openssh-portable
Conflicts:
CONFLICTS:
  • openssh-3.*
  • ssh-1.*
  • ssh2-3.*
  • openssh-portable-devel
CONFLICTS_INSTALL:
  • openssh-portable-hpn
  • openssh-portable-gssapi
  • openssh-portable-x509
Conflicts Matches:
There are no Conflicts Matches for this port. This is usually an error.
To install the port:
cd /usr/ports/security/openssh-portable/ && make install clean
To add the package, run one of these commands:
  • pkg install security/openssh-portable
  • pkg install openssh-portable
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
PKGNAME: openssh-portable
Package flavors (<flavor>: <package>)
  • default: openssh-portable
  • hpn: openssh-portable-hpn
  • gssapi: openssh-portable-gssapi
distinfo:
TIMESTAMP = 1706059638 SHA256 (openssh-9.6p1.tar.gz) = 910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c SIZE (openssh-9.6p1.tar.gz) = 1857862

Expand this list (2 items)

Collapse this list.

SHA256 (openssh-9.4p1-gsskex-all-debian-rh-9.4p1.patch) = 03a32678a96cfd274482378d0d2889709018c403e40207b8d5dca41b7e9941bd SIZE (openssh-9.4p1-gsskex-all-debian-rh-9.4p1.patch) = 131920

Collapse this list.


Packages (timestamps in pop-ups are UTC):
openssh-portable
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest9.6.p1_1,19.6.p1_2,18.4.p1_3,19.6.p1_1,19.6.p1_2,1-8.4.p1_3,1-
FreeBSD:13:quarterly9.6.p1_1,19.6.p1_1,19.3.p1,19.6.p1_1,19.6.p1_1,19.6.p1_1,19.6.p1_1,19.6.p1_1,1
FreeBSD:14:latest9.6.p1_1,19.6.p1_2,19.1.p1,19.6.p1_1,19.6.p1_2,19.3.p1,1-9.3.p1,1
FreeBSD:14:quarterly9.6.p1_1,19.6.p1_1,1-9.6.p1_1,19.6.p1_1,19.6.p1_1,19.6.p1_1,19.6.p1_1,1
FreeBSD:15:latest9.6.p1_1,19.6.p1_2,1n/a9.6.p1_1,1n/a9.6.p1_1,19.6.p1_1,19.6.p1_1,1
FreeBSD:15:quarterly--n/a-n/a---
 
openssh-portable-gssapi
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest9.6.p1_1,19.6.p1_2,18.4.p1_3,19.6.p1_1,19.6.p1_2,1-8.4.p1_3,1-
FreeBSD:13:quarterly9.6.p1_1,19.6.p1_1,1-9.6.p1_1,19.6.p1_1,19.6.p1_1,19.6.p1_1,19.6.p1_1,1
FreeBSD:14:latest9.6.p1_1,19.6.p1_2,1-9.6.p1_1,19.6.p1_2,1---
FreeBSD:14:quarterly9.6.p1_1,19.6.p1_1,1-9.6.p1_1,19.6.p1_1,19.6.p1_1,19.6.p1_1,19.6.p1_1,1
FreeBSD:15:latest9.6.p1_1,19.6.p1_2,1n/a9.6.p1_1,1n/a9.6.p1_1,19.6.p1_1,19.6.p1_1,1
FreeBSD:15:quarterly--n/a-n/a---
 
openssh-portable-hpn
ABIaarch64amd64armv6armv7i386powerpcpowerpc64powerpc64le
FreeBSD:13:latest9.6.p1_1,19.6.p1_2,18.4.p1_3,19.6.p1_1,19.6.p1_2,1-8.4.p1_3,1-
FreeBSD:13:quarterly9.6.p1_1,19.6.p1_1,19.3.p1,19.6.p1_1,19.6.p1_1,19.6.p1_1,19.6.p1_1,19.6.p1_1,1
FreeBSD:14:latest9.6.p1_1,19.6.p1_2,19.1.p1,19.6.p1_1,19.6.p1_2,19.3.p1,1-9.3.p1,1
FreeBSD:14:quarterly9.6.p1_1,19.6.p1_1,1-9.6.p1_1,19.6.p1_1,19.6.p1_1,19.6.p1_1,19.6.p1_1,1
FreeBSD:15:latest9.6.p1_1,19.6.p1_2,1n/a9.6.p1_1,1n/a9.6.p1_1,19.6.p1_1,19.6.p1_1,1
FreeBSD:15:quarterly--n/a-n/a---
 
Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. pkgconf>=1.3.0_1 : devel/pkgconf
  2. autoconf>=2.71 : devel/autoconf
  3. automake>=1.16.5 : devel/automake
Library dependencies:
  1. libfido2.so : security/libfido2
  2. libldns.so : dns/ldns
  3. libedit.so.0 : devel/libedit
There are no ports dependent upon this port

Configuration Options:
===> The following configuration options are available for openssh-portable-9.6.p1_2,1: BLACKLISTD=off: FreeBSD blacklistd(8) support BSM=off: OpenBSM Auditing DOCS=on: Build and/or install documentation FIDO_U2F=on: FIDO/U2F support (security/libfido2) HPN=off: HPN-SSH patch KERB_GSSAPI=off: Kerberos/GSSAPI patch (req: GSSAPI) LDNS=on: SSHFP/LDNS support LIBEDIT=on: Command line editing via libedit NONECIPHER=off: NONE Cipher support PAM=on: Pluggable authentication module support TCP_WRAPPERS=on: tcp_wrappers support XMSS=off: XMSS key support (experimental) ====> Kerberos support: you can only select none or one of them MIT=off: MIT Kerberos (security/krb5) HEIMDAL=off: Heimdal Kerberos (security/heimdal) HEIMDAL_BASE=off: Heimdal Kerberos (base) ===> Use 'make config' to modify these settings
Options name:
security_openssh-portable
USES:
alias autoreconf compiler:c11 cpe localbase ncurses pkgconfig ssl libedit
pkg-message:
For install:
To enable this port, add openssh_enable="YES" in your rc.conf. To prevent conflict with openssh in the base system add sshd_enable="NO" in your rc.conf. Also you can configure openssh at another TCP port (via sshd_config 'Port' and 'Listen' options or via 'openssh_flags' variable in rc.conf) and run it in same time with base sshd. 'PermitRootLogin no' is the default for the OpenSSH port. This now matches the PermitRootLogin configuration of OpenSSH in the base system. Please be aware of this when upgrading your OpenSSH port, and if truly necessary, re-enable remote root login by readjusting this option in your sshd_config. Users are encouraged to create single-purpose users with ssh keys, disable Password authentication by setting 'PasswordAuthentication no' and 'ChallengeResponseAuthentication no', and to define very narrow sudo privileges instead of using root for automated tasks.
Master Sites:
Expand this list (7 items)
Collapse this list.
  1. https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  2. https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  3. https://ftp.OpenBSD.org/pub/OpenBSD/OpenSSH/portable/
  4. https://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  5. https://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  6. https://mirror.aarnet.edu.au/pub/OpenBSD/OpenSSH/portable/
  7. https://mirror.leaseweb.com/pub/OpenBSD/OpenSSH/portable/
Collapse this list.
Notes from UPDATING
These upgrade notes are taken from /usr/ports/UPDATING
  • 2022-06-07
    Affects: security/openssh-portable
    Author: bdrewery@FreeBSD.org
    Reason: 
      OpenSSH has been updated to 9.0p1 with incompatible changes.
      See https://www.openssh.com/txt/release-9.0 for details.
    
    

Number of commits found: 398 (showing only 100 on this page)

1 | 2 | 3 | 4  »  

Commit History - (may be incomplete: for full details, see links to repositories near top of page)
CommitCreditsLog message
9.6.p1_2,1
06 Mar 2024 03:17:56
commit hash: 69c74a9674ca9a218010bbacfffc207df1415833commit hash: 69c74a9674ca9a218010bbacfffc207df1415833commit hash: 69c74a9674ca9a218010bbacfffc207df1415833commit hash: 69c74a9674ca9a218010bbacfffc207df1415833 files touched by this commit
Yasuhiro Kimura (yasu) search for other commits by this committer
security/openssh-portable: Move manpages to share/man

Approved by:	portmgr (blanket)
9.6.p1_1,1
24 Jan 2024 01:40:42
commit hash: bb65ffae9e937ddb7f11c9cf683d98be502dcfc5commit hash: bb65ffae9e937ddb7f11c9cf683d98be502dcfc5commit hash: bb65ffae9e937ddb7f11c9cf683d98be502dcfc5commit hash: bb65ffae9e937ddb7f11c9cf683d98be502dcfc5 files touched by this commit
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix KERB_GSSAPI build
9.6.p1_1,1
11 Jan 2024 18:05:39
commit hash: b3f86656fc67aa397f60747c85f7f7b967c3279dcommit hash: b3f86656fc67aa397f60747c85f7f7b967c3279dcommit hash: b3f86656fc67aa397f60747c85f7f7b967c3279dcommit hash: b3f86656fc67aa397f60747c85f7f7b967c3279d files touched by this commit
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Update HPN patch.

- Mark GSSAPI build as broken while here.
9.6.p1_1,1
06 Jan 2024 15:49:12
commit hash: d820fcf123b40037884c06a94a42275934587a8fcommit hash: d820fcf123b40037884c06a94a42275934587a8fcommit hash: d820fcf123b40037884c06a94a42275934587a8fcommit hash: d820fcf123b40037884c06a94a42275934587a8f files touched by this commit
Bernard Spil (brnrd) search for other commits by this committer
security/openssh-portable: Fix blacklistd patch
9.6.p1_1,1
26 Dec 2023 21:24:05
commit hash: 7627c9552c475568f0b86b60487e223ae91b30d9commit hash: 7627c9552c475568f0b86b60487e223ae91b30d9commit hash: 7627c9552c475568f0b86b60487e223ae91b30d9commit hash: 7627c9552c475568f0b86b60487e223ae91b30d9 files touched by this commit
Gordon Tetlow (gordon) search for other commits by this committer
security/openssh-portable: Make HPN as BROKEN.
9.6.p1_1,1
26 Dec 2023 20:49:13
commit hash: 277b9fe50d9e7f7b21eb2f3b052f8ea22a3d77d2commit hash: 277b9fe50d9e7f7b21eb2f3b052f8ea22a3d77d2commit hash: 277b9fe50d9e7f7b21eb2f3b052f8ea22a3d77d2commit hash: 277b9fe50d9e7f7b21eb2f3b052f8ea22a3d77d2 files touched by this commit
Gordon Tetlow (gordon) search for other commits by this committer
security/openssh-portable: Update to 9.6p1

Approved by:	bdrewery
Differential Revision:	https://reviews.freebsd.org/D43132
9.3.p2_2,1
24 Oct 2023 02:16:26
commit hash: d839d49f92329b640249b7ca790cc83338814d62commit hash: d839d49f92329b640249b7ca790cc83338814d62commit hash: d839d49f92329b640249b7ca790cc83338814d62commit hash: d839d49f92329b640249b7ca790cc83338814d62 files touched by this commit
Xin LI (delphij) search for other commits by this committer
Author: Rozhuk Ivan
security/openssh-portable: fix build with zlib 1.3

PR:		ports/273578
Approved by:	maintainer timeout
9.3.p2_1,1
21 Oct 2023 11:53:28
commit hash: 8269bdb998a83ceb1204bbaa8b1466035d2f32c8commit hash: 8269bdb998a83ceb1204bbaa8b1466035d2f32c8commit hash: 8269bdb998a83ceb1204bbaa8b1466035d2f32c8commit hash: 8269bdb998a83ceb1204bbaa8b1466035d2f32c8 files touched by this commit
Bernard Spil (brnrd) search for other commits by this committer
www/vaultwarden-web_vault: Revert borked git add

This reverts commit 3a3fbae18157d39b68c43c590fa9e977fed9cef4.
9.3.p2_1,1
21 Oct 2023 11:45:06
commit hash: 3a3fbae18157d39b68c43c590fa9e977fed9cef4commit hash: 3a3fbae18157d39b68c43c590fa9e977fed9cef4commit hash: 3a3fbae18157d39b68c43c590fa9e977fed9cef4commit hash: 3a3fbae18157d39b68c43c590fa9e977fed9cef4 files touched by this commit
Bernard Spil (brnrd) search for other commits by this committer
www/vaultwarden-web_vault: Update to 2023.8.2

PR:		274304
Approved by:	maintainer time-out
9.3.p2_1,1
22 Sep 2023 16:23:04
commit hash: 3bd9ddb0b5576371b0dcda72c173fe348a3dcbd9commit hash: 3bd9ddb0b5576371b0dcda72c173fe348a3dcbd9commit hash: 3bd9ddb0b5576371b0dcda72c173fe348a3dcbd9commit hash: 3bd9ddb0b5576371b0dcda72c173fe348a3dcbd9 files touched by this commit
Mateusz Piotrowski (0mp) search for other commits by this committer
security/openssh-portable: Fix build with KERB_GSSAPI set

PR:		273052
Reported by:	brd
Approved by:	maintainer timeout
Tested by:	wollman
Sponsored by:	Klara Inc.
9.3.p2,1
21 Jul 2023 14:33:02
commit hash: f6d0388dfe5fbdaba1ca9a7896cbb91f11609051commit hash: f6d0388dfe5fbdaba1ca9a7896cbb91f11609051commit hash: f6d0388dfe5fbdaba1ca9a7896cbb91f11609051commit hash: f6d0388dfe5fbdaba1ca9a7896cbb91f11609051 files touched by this commit
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Update to 9.3p2.

Changes:	https://www.openssh.com/txt/release-9.3p2
Security:	CVE-2023-38408
9.3.p1,1
23 May 2023 17:40:07
commit hash: 700625bcd86b74cf3fb9536aeea250d7f8cd1fd5commit hash: 700625bcd86b74cf3fb9536aeea250d7f8cd1fd5commit hash: 700625bcd86b74cf3fb9536aeea250d7f8cd1fd5commit hash: 700625bcd86b74cf3fb9536aeea250d7f8cd1fd5 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Update to 9.3p1.

Changes: https://www.openssh.com/txt/release-9.3
9.2.p1,1
16 Feb 2023 19:23:04
commit hash: 10491773d88012fe81d9c039cbbba647bde9ebc9commit hash: 10491773d88012fe81d9c039cbbba647bde9ebc9commit hash: 10491773d88012fe81d9c039cbbba647bde9ebc9commit hash: 10491773d88012fe81d9c039cbbba647bde9ebc9 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Upgrade to 9.2p1

Changes: https://www.openssh.com/txt/release-9.2
9.1.p1,1
03 Feb 2023 21:42:13
commit hash: c56b161c93596d2c1c52fc24f7b7e17f5bd040b8commit hash: c56b161c93596d2c1c52fc24f7b7e17f5bd040b8commit hash: c56b161c93596d2c1c52fc24f7b7e17f5bd040b8commit hash: c56b161c93596d2c1c52fc24f7b7e17f5bd040b8 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix GSSAPI build for 9.1
9.1.p1,1
09 Oct 2022 17:51:28
commit hash: 810702f666291eb5948623e9cfb05598421cdf01commit hash: 810702f666291eb5948623e9cfb05598421cdf01commit hash: 810702f666291eb5948623e9cfb05598421cdf01commit hash: 810702f666291eb5948623e9cfb05598421cdf01 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix BLACKLISTD patch

Reported by:	Chad J. Milios
9.1.p1,1
08 Oct 2022 15:53:12
commit hash: 162c735b342337126ccc74f625c587a02c4d45fdcommit hash: 162c735b342337126ccc74f625c587a02c4d45fdcommit hash: 162c735b342337126ccc74f625c587a02c4d45fdcommit hash: 162c735b342337126ccc74f625c587a02c4d45fd files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Update to 9.1p1

Changes: https://www.openssh.com/txt/release-9.1
07 Sep 2022 21:58:51
commit hash: fb16dfecae4a6efac9f3a78e0b759fb7a3c53de4commit hash: fb16dfecae4a6efac9f3a78e0b759fb7a3c53de4commit hash: fb16dfecae4a6efac9f3a78e0b759fb7a3c53de4commit hash: fb16dfecae4a6efac9f3a78e0b759fb7a3c53de4 files touched by this commit
Stefan Eßer (se) search for other commits by this committer
Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)
9.0.p1,1
07 Sep 2022 21:10:59
commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 files touched by this commit This port version is marked as vulnerable.
Stefan Eßer (se) search for other commits by this committer
Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
(Only the first 15 lines of the commit message are shown above View all of this commit message)
9.0.p1,1
20 Jul 2022 14:22:56
commit hash: 857c05f8674c5f4c990f49f9d0fb7034ebd340fecommit hash: 857c05f8674c5f4c990f49f9d0fb7034ebd340fecommit hash: 857c05f8674c5f4c990f49f9d0fb7034ebd340fecommit hash: 857c05f8674c5f4c990f49f9d0fb7034ebd340fe files touched by this commit This port version is marked as vulnerable.
Tobias C. Berner (tcberner) search for other commits by this committer
security: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  <ports@c0decafe.net>
  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Adam Weinberger <adamw@FreeBSD.org>
  *  Ade Lovett <ade@FreeBSD.org>
  *  Aldis Berjoza <aldis@bsdroot.lv>
  *  Alex Dupre <ale@FreeBSD.org>
  *  Alex Kapranoff <kappa@rambler-co.ru>
  *  Alex Samorukov <samm@freebsd.org>
  *  Alexander Botero-Lowry <alex@foxybanana.com>
  *  Alexander Kriventsov <avk@vl.ru>
  *  Alexander Leidinger <netchild@FreeBSD.org>
(Only the first 15 lines of the commit message are shown above View all of this commit message)
9.0.p1,1
07 Jun 2022 19:21:43
commit hash: ca9ce6929f98fddf259c03bc6dfa4916e16da6e9commit hash: ca9ce6929f98fddf259c03bc6dfa4916e16da6e9commit hash: ca9ce6929f98fddf259c03bc6dfa4916e16da6e9commit hash: ca9ce6929f98fddf259c03bc6dfa4916e16da6e9 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Update to 9.0p1

Changes:        https://www.openssh.com/txt/release-9.0
PR:		264211
8.9.p1_4,1
25 May 2022 13:34:24
commit hash: 272dd07a309c086a4bc97dc015ef7faf4fbf89cacommit hash: 272dd07a309c086a4bc97dc015ef7faf4fbf89cacommit hash: 272dd07a309c086a4bc97dc015ef7faf4fbf89cacommit hash: 272dd07a309c086a4bc97dc015ef7faf4fbf89ca files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix some capsicum issues

- Brings in latest changes from base. See patches for details.
- Version 9.0 is being worked on but I wanted to fix this issue
  before proceeding with bigger changes.

PR:		263753
8.9.p1_3,1
07 Mar 2022 23:02:47
commit hash: 21cedc6ee57bc9321c9cb5ebe21bdf2c4bc154eecommit hash: 21cedc6ee57bc9321c9cb5ebe21bdf2c4bc154eecommit hash: 21cedc6ee57bc9321c9cb5ebe21bdf2c4bc154eecommit hash: 21cedc6ee57bc9321c9cb5ebe21bdf2c4bc154ee files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Add comment in openssh.in about host keys

Commit ae66cffc19f added some rc vars to allow disabling host keys.
The naming caused some confusion. Attempt to address that with a
comment since these are not documented anywhere else.

PR:	        202169
8.9.p1_2,1
07 Mar 2022 23:02:47
commit hash: a12058fae3bb09a1aba41d24383b6f1d93f2b330commit hash: a12058fae3bb09a1aba41d24383b6f1d93f2b330commit hash: a12058fae3bb09a1aba41d24383b6f1d93f2b330commit hash: a12058fae3bb09a1aba41d24383b6f1d93f2b330 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Again fix procctl(2) usage

The 8.9p1 update was supposed to have a fix for incorrect
use of procctl(2) but was left out for some reason. A wrong
assumption missed keeping it in ae66cffc19f357cbd5.

PR:          262352
8.9.p1_1,1
07 Mar 2022 22:46:42
commit hash: df3a937145b1bef1b3c08515dc6619b12654415fcommit hash: df3a937145b1bef1b3c08515dc6619b12654415fcommit hash: df3a937145b1bef1b3c08515dc6619b12654415fcommit hash: df3a937145b1bef1b3c08515dc6619b12654415f files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix fetching gssapi patch

- Mirror it
- Update to latest Debian location
8.9.p1_1,1
03 Mar 2022 19:59:09
commit hash: 418bb1fbd26b1b66b71096b364b0ee10477541b7commit hash: 418bb1fbd26b1b66b71096b364b0ee10477541b7commit hash: 418bb1fbd26b1b66b71096b364b0ee10477541b7commit hash: 418bb1fbd26b1b66b71096b364b0ee10477541b7 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
Author: Andrew Fyfe
security/openssh-portable: fix docs when built without PAM support

The defaults documented in sshd_config and sshd_config.5 are incorrect
if OpenSSH was built without PAM support and can be misleading to the
user whether or not password authentication is enabled.

- Moved PAM specific changes out of patch-sshd_config and into
  extra-patch-pam-sshd_config
- sshd_config.5 PasswordAuthentication: added a new line before the note
  to make it easier to read.
- sshd_config.5 UsePAM: noted the default value depends on whether
  sshd was built with or without PAM support.

PR:		261342
8.9.p1,1
03 Mar 2022 19:37:07
commit hash: 1249b096fa52847f13a956ee0364b2a14c60e9b5commit hash: 1249b096fa52847f13a956ee0364b2a14c60e9b5commit hash: 1249b096fa52847f13a956ee0364b2a14c60e9b5commit hash: 1249b096fa52847f13a956ee0364b2a14c60e9b5 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Tweak new rc var names

Commit ae66cffc19f357cbd5 added new rc vars to control generating of
host keys [1].  Rename these to more closely match the base version
before it becomes widely adopted.

PR:	        202169 [1]
PR:	        209948 [FYI]
8.9.p1,1
03 Mar 2022 19:25:36
commit hash: ae66cffc19f357cbd51d5841c9b110a9ffd63e32commit hash: ae66cffc19f357cbd51d5841c9b110a9ffd63e32commit hash: ae66cffc19f357cbd51d5841c9b110a9ffd63e32commit hash: ae66cffc19f357cbd51d5841c9b110a9ffd63e32 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Update to 8.9p1

- Unbreak GSSAPI [1]
- rc.d/openssh: Allow modifying host key generation [2]

Changes: https://www.openssh.com/txt/release-8.9
PR:     	259909 [1]
PR:		202169 [2]
Submitted by:	Rick Miller [1]
Submitted by:	Chad Jacob Milios [2]
8.8.p1_2,1
03 Mar 2022 19:25:36
commit hash: ad60ad3528afdeafa5eb9a13a70fea04a0565b0ccommit hash: ad60ad3528afdeafa5eb9a13a70fea04a0565b0ccommit hash: ad60ad3528afdeafa5eb9a13a70fea04a0565b0ccommit hash: ad60ad3528afdeafa5eb9a13a70fea04a0565b0c files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix subtle rc script problem.

Invoking 'run_rc_command' taints '$rc_var' with 'keygen' which blocks further
processing for something like openssh_oomprotect.  Note that openssh_oomprotect
is broken in rc.subr until it learns to read a pidfile.
8.8.p1_1,1
25 Nov 2021 21:40:11
commit hash: 04b9da414081a733478d3def4e1e3777908536c6commit hash: 04b9da414081a733478d3def4e1e3777908536c6commit hash: 04b9da414081a733478d3def4e1e3777908536c6commit hash: 04b9da414081a733478d3def4e1e3777908536c6 files touched by this commit This port version is marked as vulnerable.
Stefan Eßer (se) search for other commits by this committer
*/*: Remove redundant '-*' from CONFLICTS definitions

The conflict checks compare the patterns first against the package
names without version (as reported by "pkg query "%n"), then - if
there was no match - agsinst the full package names including the
version (as reported by "pkg query "%n-%v").

Approved by: portmgr (blanket)
8.8.p1_1,1
16 Oct 2021 03:58:23
commit hash: 02dbfbc67645e88e9865f2885b124da170688c33commit hash: 02dbfbc67645e88e9865f2885b124da170688c33commit hash: 02dbfbc67645e88e9865f2885b124da170688c33commit hash: 02dbfbc67645e88e9865f2885b124da170688c33 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: libfido fix went in 505373243
8.8.p1_1,1
15 Oct 2021 17:10:21
commit hash: f4a5ae5fd8ee4948c8b7d1c9bfd0e07d33a8aa18commit hash: f4a5ae5fd8ee4948c8b7d1c9bfd0e07d33a8aa18commit hash: f4a5ae5fd8ee4948c8b7d1c9bfd0e07d33a8aa18commit hash: f4a5ae5fd8ee4948c8b7d1c9bfd0e07d33a8aa18 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix sftp crash

This fixes an error trying to disabling process tracing.

It has been sent upstream.

PR:		259174
Submitted by:	mike at sentex dot net
8.8.p1,1
12 Oct 2021 21:05:45
commit hash: 8d40d32ae3734f26b59ddff988aced383907d2a5commit hash: 8d40d32ae3734f26b59ddff988aced383907d2a5commit hash: 8d40d32ae3734f26b59ddff988aced383907d2a5commit hash: 8d40d32ae3734f26b59ddff988aced383907d2a5 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix build without LIBEDIT

This removes a patch that is no longer needed with 8.8p1.

Reported by:	leres
8.8.p1,1
12 Oct 2021 18:06:52
commit hash: 384966798240c189323385c19fed055d686be27acommit hash: 384966798240c189323385c19fed055d686be27acommit hash: 384966798240c189323385c19fed055d686be27acommit hash: 384966798240c189323385c19fed055d686be27a files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Update to 8.8p1

Changelog:	https://www.openssh.com/txt/release-8.8
Security:	CVE-2021-41617
8.7.p1_1,1
27 Sep 2021 22:42:58
commit hash: fd74bc8eb2fed86275167e58e9349045c6bbbaa4commit hash: fd74bc8eb2fed86275167e58e9349045c6bbbaa4commit hash: fd74bc8eb2fed86275167e58e9349045c6bbbaa4commit hash: fd74bc8eb2fed86275167e58e9349045c6bbbaa4 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix default ssh-askpass path

Reported by:	Piotr Smyrak
8.7.p1,1
10 Sep 2021 21:17:20
commit hash: 44052bec2c67ce32ff3f8936ecde9870aaa6d8becommit hash: 44052bec2c67ce32ff3f8936ecde9870aaa6d8becommit hash: 44052bec2c67ce32ff3f8936ecde9870aaa6d8becommit hash: 44052bec2c67ce32ff3f8936ecde9870aaa6d8be files touched by this commit This port version is marked as vulnerable.
Bernhard Froehlich (decke) search for other commits by this committer
security/openssh-portable: Add CPE information

Approved by:	portmgr (blanket)
8.7.p1,1
10 Sep 2021 17:48:05
commit hash: d27003d5644902b91d86ff3f0c36d7b8c56710f0commit hash: d27003d5644902b91d86ff3f0c36d7b8c56710f0commit hash: d27003d5644902b91d86ff3f0c36d7b8c56710f0commit hash: d27003d5644902b91d86ff3f0c36d7b8c56710f0 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Various build fixes

- Fix build with WITH_BLACKLISTD [1]
- Fix build with WITHOUT_LIBEDIT due to upstream bug [2]

Reported by:	emaste [1]
Reported by:	Ivan Rozhuk [2]
PR:		258402 [2]
8.7.p1,1
09 Sep 2021 19:09:40
commit hash: a981593ecc06f124506f481e5dd0eee9ea6a70f8commit hash: a981593ecc06f124506f481e5dd0eee9ea6a70f8commit hash: a981593ecc06f124506f481e5dd0eee9ea6a70f8commit hash: a981593ecc06f124506f481e5dd0eee9ea6a70f8 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Update to 8.7p1.

Changes: https://www.openssh.com/txt/release-8.7
8.6.p1,1
29 Apr 2021 16:05:55
commit hash: de9fffcec89b58fb6f77b72a55975eccb01eb480commit hash: de9fffcec89b58fb6f77b72a55975eccb01eb480commit hash: de9fffcec89b58fb6f77b72a55975eccb01eb480commit hash: de9fffcec89b58fb6f77b72a55975eccb01eb480 files touched by this commit This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Update to 8.6p1

- gssapi is disabled for now.

Changes:
 - https://www.openssh.com/txt/release-8.5
 - https://www.openssh.com/txt/release-8.6

Submitted by:	Yasuhiro Kimura [earlier version][1]
PR:		254389 [1]
8.4.p1_4,1
06 Apr 2021 14:31:13
commit hash: 135fdeebb99c3569e42d8162b265e15d29bd937dcommit hash: 135fdeebb99c3569e42d8162b265e15d29bd937dcommit hash: 135fdeebb99c3569e42d8162b265e15d29bd937dcommit hash: 135fdeebb99c3569e42d8162b265e15d29bd937d files touched by this commit This port version is marked as vulnerable.
Mathieu Arnold (mat) search for other commits by this committer
all: Remove all other $FreeBSD keywords.
8.4.p1_4,1
06 Apr 2021 14:31:07
commit hash: 305f148f482daf30dcf728039d03d019f88344ebcommit hash: 305f148f482daf30dcf728039d03d019f88344ebcommit hash: 305f148f482daf30dcf728039d03d019f88344ebcommit hash: 305f148f482daf30dcf728039d03d019f88344eb files touched by this commit This port version is marked as vulnerable.
Mathieu Arnold (mat) search for other commits by this committer
Remove # $FreeBSD$ from Makefiles.
8.4.p1_4,1
18 Mar 2021 20:49:45
Revision:568761Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Add limited patch for CVE-2021-28041 from upstream.
8.4.p1_3,1
09 Dec 2020 02:46:43
Revision:557337Original commit files touched by this commit This port version is marked as vulnerable.
pkubaj search for other commits by this committer
security/openssh-portable@gssapi: fix build on GCC architectures

gss-genr.c: In function 'ssh_gssapi_kex_mechs':
gss-genr.c:175:9: error: 'strncpy' specified bound depends on the length of the
source argument [-Werror=stringop-overflow=]
  175 |    cp = strncpy(s, kex, strlen(kex));
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
8.4.p1_3,1
29 Nov 2020 02:16:29
Revision:556545Original commit files touched by this commit This port version is marked as vulnerable.
pkubaj search for other commits by this committer
security/openssh-portable: fix build on GCC architectures

loginrec.c:763:2: error: 'strncpy' output may be truncated copying 32 bytes from
a string of length 511 [-Werror=stringop-truncation]
strncpy(utx->ut_user, li->username,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MIN_SIZEOF(utx->ut_user, li->username));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
loginrec.c: In function 'record_failed_login':
loginrec.c:1687:2: error: 'strncpy' specified bound 32 equals destination size
[-Werror=stringop-truncation]
strncpy(ut.ut_user, username, sizeof(ut.ut_user));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
loginrec.c:1696:2: error: 'strncpy' specified bound 256 equals destination size
[-Werror=stringop-truncation]
strncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
8.4.p1_3,1
24 Nov 2020 20:46:21
Revision:556185Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix KERB_GSSAPI build; missing prototypes for DH openssl-compat.

PR:		212151 (maybe)
8.4.p1_2,1
20 Nov 2020 03:41:56
Revision:555734Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Add pkg-config dependency which avoids some maintainer testing errors
  and also removes a few unneeded library links such as -lcurses.
- libfido2 package is broken with pkg-config and base ssl. Workaround this
  by not using pkg-config for that library for now.
- Add USES=localbase to simplify some options
- Make crypt(3) MD5 password support optional but still on-by-default.  The
  default in FreeBSD changed in 10.0 but that does not mean
- Enable -Werror
- Remove some old baggage from the port build
 o The zlib version check has not been needed for a while.
 o sshd.8 has not had %%PREFIX%% or %$RC_SCRIPT_NAME%% since 2011
   and is not worth more patches/complexity.
 o The strnvis(3) problem noted in r311891 was fixed in OpenSSH 7.4.
 o autoreconf is run so it makes no sense to patch configure for -ldes
 o --with-md5-passwords is not needed as our crypt(3) supports it
   natively.  This is only relevant without PAM.
8.4.p1_1,1
17 Nov 2020 01:45:12
Revision:555531Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Add blacklistd(8) support.
  This differs slightly from base as it uses the current NetBSD
  hook points.
  This is off-by-default as it needs testing and has issues that may cause
  crashes.  One such issue is the use of private bl_create() symbol from
  libblacklist.  It is also unclear if the hook points are sufficient
  or proper after the libssh refactoring in 8.x.

PR:		223628 (patch rewritten as it no longer applied)
8.4.p1_1,1
16 Nov 2020 23:36:49
Revision:555524Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Add and enable FIDO/U2F support for security keys by default.
  This feature came in 8.2, is enabled by default on OpenBSD,
  and suggested to be enabled by default for packages.
8.4.p1,1
16 Nov 2020 22:25:28
Revision:555518Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Slightly reduce diff with base
- No functional changes.

PR:		223010
Submitted by:	brnrd (earlier patch)
8.4.p1,1
16 Nov 2020 20:39:13
Revision:555516Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- bindresvport support hasn't been used since 7.8
8.4.p1,1
16 Nov 2020 20:36:17
Revision:555514Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Remove sctp patch missed in r466577
8.4.p1,1
16 Nov 2020 19:39:34
Revision:555512Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 8.4p1 (skipped 8.3)

 - https://www.openssh.com/txt/release-8.3
 - https://www.openssh.com/txt/release-8.4

PR:		239807, 250319
Sponsored by:	Dell EMC
8.2.p1_2,1
12 Nov 2020 10:51:31
Revision:554948Original commit files touched by this commit This port version is marked as vulnerable.
0mp search for other commits by this committer
security/openssh-portable: Set LICENSE

In the past, the ports framework did not support handling situations
where a port contained a multitude of licenses. In case of OpenSSH
the list is/was: BSD2, BSD3, MIT, public domain, BSD-Style, BEER-WARE,
"any purpose with notice intact", and ISC-Style.

Instead of having to keep track of all the involved licenses which all
are very similar, let's use LICENSE_PERMS.

I am not bumping PORTREVISION as it is not a vital change from the
perspective of package users.

Approved by:	bdrewery (maintainer)
Differential Revision:	https://reviews.freebsd.org/D27133
8.2.p1_2,1
07 Nov 2020 14:46:38
Revision:554395Original commit files touched by this commit This port version is marked as vulnerable.
0mp search for other commits by this committer
Install the moduli file as a @sample

PR:		250559
Submitted by:	Michal "rysiek" Wozniak <rysiek % isnic.is>
Approved by:	maintainer timeout
8.2.p1_1,1
07 Nov 2020 14:18:46
Revision:554393Original commit files touched by this commit This port version is marked as vulnerable.
0mp search for other commits by this committer
Fix a typo

Approved by:	portmgr blanket
8.2.p1_1,1
15 Aug 2020 17:12:09
Revision:545050Original commit files touched by this commit This port version is marked as vulnerable.
sunpoet search for other commits by this committer
Update WWW

Approved by:	portmgr (blanket)
8.2.p1_1,1
23 Mar 2020 23:15:10
Revision:529015Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Simplify and refactor login.conf environment handling.
8.2.p1,1
23 Mar 2020 21:56:17
Revision:529010Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix build without PAM option
8.2.p1,1
23 Mar 2020 17:07:43
Revision:528982Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Remove long broken X509 patch.

Approved by:	portmgr (implicit)
8.2.p1,1
23 Mar 2020 17:04:51
Revision:528981Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix plist for 8.2p1
8.2.p1,1
23 Mar 2020 16:53:46
Revision:528979Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 8.2p1

Release notes: https://www.openssh.com/txt/release-8.2
8.1.p1,1
22 Dec 2019 02:55:14
Revision:520603Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update to 8.1p1

Changes: https://www.openssh.com/txt/release-8.1

Sponsored by:	Dell EMC
8.0.p1_1,1
09 Oct 2019 12:20:31
Revision:514144Original commit files touched by this commit This port version is marked as vulnerable.
bapt search for other commits by this committer
Drop the ipv6 virtual category for s* category as it is not relevant anymore
8.0.p1_1,1
02 Sep 2019 21:23:28
Revision:510851Original commit files touched by this commit This port version is marked as vulnerable.
swills search for other commits by this committer
Bump PORTREVISION on ldns consumers

Shared lib version changed in update

Reported by:	sunpoet
8.0.p1,1
14 Aug 2019 12:16:13
Revision:508909Original commit files touched by this commit This port version is marked as vulnerable.
mat search for other commits by this committer
Convert to UCL & cleanup pkg-message (categories s)
8.0.p1,1
19 Jul 2019 19:18:09
Revision:506959Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update gssapi patch for 8.0
- Rework how the gssapi patch is fetched/mirrored so we can fetch
  directly from debian.

PR:		239290
Submitted by:	david@dcrosstech.com (based on)
Tested by:	vrwmiller@gmail.com
8.0.p1,1
18 Jul 2019 20:10:07
Revision:506878Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix BROKEN handling for x509/gssapi FLAVORS
8.0.p1,1
12 Jul 2019 03:48:48
Revision:506433Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update to 8.0p1

Changes: https://www.openssh.com/txt/release-8.0

With help from:	Lee Prokowich
Sponsored by:	DellEMC
7.9.p1_1,1
12 Nov 2018 21:55:35
Revision:484842Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix X509 build after r484765 openssl fix
- Fix patch URL for KERB_GSSAPI
- Add FLAVORs for x509 and gssapi since they are distinct types of
  OpenSSH rather than feature flags.

Approved by:	portmgr (implicit)
7.9.p1_1,1
12 Nov 2018 21:04:05
Revision:484824Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update KERB_GSSAPI for 7.9p1
7.9.p1_1,1
12 Nov 2018 20:56:11
Revision:484823Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix HPN for 7.9p1
- DOCS is required for HPN but it's not exclusively a flavor so needs to be
  in the default list.
- Fix a build-time OpenSSL version comparison [1]

PR:		233157 [1]
Reported by:	Robert Schulze <rs@bytecamp.net> [1]
Obtained from:	upstream c0a35265907533be10ca151ac797f34ae0d68969 [1]
7.9.p1,1
11 Nov 2018 20:21:04
Revision:484765Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update to 7.9p1.

- Fixes build on 12, head, and openssl-devel.
- GSSAPI and HPN are currently marked BROKEN as I don't want to block
  the main update for anyone.

  http://www.openssh.com/txt/release-7.8
  http://www.openssh.com/txt/release-7.9

MFH:	2018Q4 (due to being broken on 12+head)
7.7.p1_6,1
10 Nov 2018 10:09:49
Revision:484599Original commit files touched by this commit This port version is marked as vulnerable.
mat search for other commits by this committer
security/openssl-devel was removed, but there is a security/openssl111 now.
7.7.p1_6,1
10 Sep 2018 13:14:52
Revision:479406Original commit files touched by this commit This port version is marked as vulnerable.
mat search for other commits by this committer
Add DOCS options to ports that should have one.

Also various fixes related to said option.

PR:		230864
Submitted by:	mat
exp-runs by:	antoine
7.7.p1_6,1
29 Jun 2018 15:44:33
Revision:473555Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Simplify CONFLICTS_INSTALL.

Reported by:	mat
7.7.p1_5,1
28 Jun 2018 03:38:33
Revision:473485Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix and update HPN patch to latest from upstream but leave it off by
  default.
- Add an 'hpn' FLAVOR to produce a package for users with HPN and
  NONECIPHER enabled.

Approved by:	portmgr (implicit)
7.7.p1_4,1
26 Jun 2018 22:32:37
Revision:473412Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update x509 patch to 11.3.2
7.7.p1_3,1
19 Jun 2018 15:42:54
Revision:472798Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Forgot PORTREVISION bump for r472797.

PR:		229147
7.7.p1_2,1
19 Jun 2018 15:42:32
Revision:472797Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix nologin check when PAM option is disabled in the port.

PR:		229147
Submitted by:	Robert Schulze <rs@bytecamp.net>
7.7.p1_2,1
19 Jun 2018 15:34:14
Revision:472796Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Add lost metadata on why this patch exists
7.7.p1_2,1
03 May 2018 23:39:11
Revision:468998Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Add XMSS option to enable experimental key support added in 7.7 [1]
- Bring in upstream patches post 7.7 to fix various issues [2]:
  b81b2d120e9c8a83489e241620843687758925ad - Fix tunnel forwarding broken in
7.7p1
  341727df910e12e26ef161508ed76d91c40a61eb - don't kill ssh-agent's listening
socket entriely if we fail to accept a connection
  85fe48fd49f2e81fa30902841b362cfbb7f1933b - don't free the %C expansion, it's
used later for LocalCommand
  868afa68469de50d8a43e5daf867d7c624a34d20 - Disable SSH2_MSG_DEBUG messages for
Twisted Conch clients
  f5baa36ba79a6e8c534fb4e0a00f2614ccc42ea6 - Omit 3des-cbc if OpenSSL built
without DES

PR:		227758 [1]
Submitted by:	IWAMOTO Kouichi <sue@iwmt.org> [1]
PR:		227551 [2]
Reported by:	rozhuk.im@gmail.com [2]
Obtained from:	upstream mirror https://github.com/openssh/openssh-portable [2]
7.7.p1_1,1
25 Apr 2018 18:05:41
Revision:468286Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update the KERB_GSSAPI patch from debian.

https://sources.debian.org/data/main/o/openssh/1:7.7p1-2/debian/patches/gssapi.patch
is mirrored due to not being filename-unique and not gzipped.

PR:		226789
Submitted by:	Rick Miller <vmiller@verisign.com> (based on)
Tested by:	Rick Miller <vmiller@verisign.com>
Reported by:	david@dcrosstech.com
7.7.p1_1,1
12 Apr 2018 21:54:01
Revision:467200Original commit files touched by this commit This port version is marked as vulnerable.
leres search for other commits by this committer
The block of code that canonicallizes the hostname supplied on
the command line added by patch-ssh.c misapplies to 7.7p1 and
moves from main() to to ssh_session2(). This breaks ssh SSHFP
support for non-canonical hostnames. For example, "ssh zinc"
correctly discovers the FQDN (zinc.ee.lbl.gov) and uses it to
look up A and AAAA records but the non-canonical version (zinc)
is used in the SSHFP record lookup which or course fails.

Regenerate the patch.

Reviewed by:	bdrewery, ler (mentor)
Approved by:	bdrewery, ler (mentor)
Differential Revision:	https://reviews.freebsd.org/D15053
7.7.p1,1
05 Apr 2018 19:57:07
Revision:466595Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Make BROKEN lines more clear
7.7.p1,1
05 Apr 2018 18:20:51
Revision:466577Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update to 7.7p1

- Update x509 patch to 11.3
- Remove SCTP option as it has not had a patch available since 7.2.

Changes: https://www.openssh.com/txt/release-7.7

Notable changes:
 * ssh(1)/sshd(8): Drop compatibility support for some very old SSH
   implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These
   versions were all released in or before 2001 and predate the final
   SSH RFCs. The support in question isn't necessary for RFC-compliant
   SSH implementations.
7.6.p1_3,1
03 Apr 2018 23:14:18
Revision:466385Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
libressl support was fixed in r452358
7.6.p1_3,1
29 Mar 2018 14:53:24
Revision:465899Original commit files touched by this commit This port version is marked as vulnerable.
mat search for other commits by this committer
Mark some ports broken with openssl-devel.

Sponsored by:	Absolight
7.6.p1_3,1
16 Mar 2018 20:20:09
Revision:464727Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Remove OVERWRITE_BASE compat - it was marked IGNORE in 2015
7.6.p1_3,1
18 Oct 2017 17:19:26
Revision:452358Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
LibreSSL + LDNS: Fix random crashes.

This happens due to ldns-config --libs adding in too many libraries
(overlinking), and -lcrypto again, which causes some strange
conflict/corruption.  By specifying the path to --with-ldns, configure only
adds in -ldns rather than every library ldns itself needs.

PR:		223000
Reported by:	many
7.6.p1_2,1
16 Oct 2017 07:26:09
Revision:452177Original commit files touched by this commit This port version is marked as vulnerable.
koobs search for other commits by this committer
security/openssh-portable: Remove groff dependency

An unconditional dependency on groff was added in ports r441907 [1] as part
of bug 213725 (groff removal from base). OpenSSH release-5.7 notes the
following:

 * Use mandoc as preferred manpage formatter if it is present, followed
   by nroff and groff respectively.

This change removes groff as an unconditional dependency allowing mandoc
to be used, and reduces many subsequence dependencies accordingly.

It additionally explicitly sets 'mantype', which ensures that man pages
are installed in the same location (LOCALBASE/man) independently from the
generator used. Without this, a packaging (pkg-plist) error is observed
(installing man pages into LOCALBASE/doc not LOCALBASE/man), which was
presumably the genesis of the groff dependency addition in the first place.

[1] http://svnweb.freebsd.org/changeset/ports/441907

Reviewed by:		bdrewery (maintainer), allanjude
Approved by:		bdrewery (maintainer)
Differential Revision:	D11793
7.6.p1_1,1
14 Oct 2017 18:09:35
Revision:452074Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Mark broken with libressl as it has several random crashses.

PR:		223000
7.6.p1_1,1
13 Oct 2017 23:27:20
Revision:452035Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Bring in upstream fix for PermitOpen from commit 7c9613fac337
7.6.p1,1
12 Oct 2017 19:40:58
Revision:451927Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update to 7.6p1

- Update x509 patch to 11.0
- HPN/NONECIPHER do not apply currently and are disabled by default,
  same as the base sshd.  A compatibility patch is applied if
  these options are disabled to prevent startup failures; the options
  are kept as deprecated.
- SCTP patch does not apply.

Changes: https://www.openssh.com/txt/release-7.6

Notable changes:
  - SSH version 1 support dropped.
  - Dropped support for hmac-ripemd160 MAC.
  - Dropped support for the ciphers arcfour, blowfish and CAST.
  - RSA keys less than 1024 bits are refused.
7.5.p1_1,1
09 Jun 2017 14:44:19
Revision:442999Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix LDNS detection.

This is the same fix made upstream as well.

PR:		218472
Submitted by:	leres@ee.lbl.gov
MFH:		2017Q2
7.5.p1,1
28 May 2017 10:58:00
Revision:441907Original commit files touched by this commit This port version is marked as vulnerable.
antoine search for other commits by this committer
Register dependency on groff

PR:		213725
7.5.p1,1
27 Apr 2017 12:14:37
Revision:439541Original commit files touched by this commit This port version is marked as vulnerable.
mat search for other commits by this committer
Mark those as not building with openssl-devel.

Sponsored by:	Absolight
7.5.p1,1
01 Apr 2017 01:59:25
Revision:437391Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 7.5p1.
- Update X509 to 10.1.
- Disable KERB_GSSAPI for now as it does not build.

Changes: https://www.openssh.com/txt/release-7.5
7.4.p1_1,1
20 Mar 2017 18:16:43
Revision:436555Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Change USE_AUTOTOOLS to USES= autoreconf
- Change @exec to @postexec in pkg-plist

Submitted by:	brnrd
PR:		217962
7.4.p1_1,1
15 Mar 2017 14:45:31
Revision:436247Original commit files touched by this commit This port version is marked as vulnerable.
mat search for other commits by this committer
Remove all USE_OPENSSL occurrences.

Sponsored by:	Absolight
7.4.p1_1,1
03 Mar 2017 04:12:21
Revision:435306Original commit files touched by this commit This port version is marked as vulnerable.
miwi search for other commits by this committer
- Chase ldns shlip bump

PR:		217495
7.4.p1,1
17 Jan 2017 19:38:38
Revision:431773Original commit files touched by this commit This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix build with NONE_CIPHER.

Number of commits found: 398 (showing only 100 on this page)

1 | 2 | 3 | 4  »