FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

Please give me your LTO-4 or better tape library and I'll put it to good use.
Port details
openssh-portable The portable version of OpenBSD's OpenSSH
6.8.p1_7,1 security on this many watch lists=112 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port
Maintainer: bdrewery@FreeBSD.org search for ports maintained by this maintainer
Port Added: 01 Jun 2001 11:49:36
Also Listed In: ipv6
License: not specified in port
OpenBSD's OpenSSH portable version

Normal OpenSSH development produces a very small, secure, and easy to maintain
version for the OpenBSD project. The OpenSSH Portability Team takes that pure
version and adds portability code so that OpenSSH can run on many other
operating systems (Unfortunately, in particular since OpenSSH does
authentication, it runs into a *lot* of differences between Unix operating
systems). 

The portable OpenSSH follows development of the official version, but releases
are not synchronized. Portable releases are marked with a 'p' (e.g. 3.1p1).
The official OpenBSD source will never use the 'p' suffix, but will instead
increment the version number when they hit 'stable spots' in their development. 

WWW: http://www.openssh.org/portable.html
SVNWeb : Homepage : Distfiles Availability : PortsMon

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:
  1. libcrypto.so.8 : security/openssl
  2. autoconf-2.69 : devel/autoconf
Runtime dependencies:
  1. libcrypto.so.8 : security/openssl
Library dependencies:
  1. libldns.so : dns/ldns

This port is required by:

for Build for Run * - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...

To install the port: cd /usr/ports/security/openssh-portable/ && make install clean
To add the package: pkg install security/openssh-portable


Configuration Options
===> The following configuration options are available for openssh-portable-6.8.p1_7,1:
     BSM=off: OpenBSM Auditing
     HPN=on: HPN-SSH patch
     KERB_GSSAPI=off: Kerberos/GSSAPI patch (req: GSSAPI)
     LDNS=on: SSHFP/LDNS support
     LIBEDIT=on: Command line editing via libedit
     NONECIPHER=off: NONE Cipher support
     OVERWRITE_BASE=off: EOL, No longer supported.
     PAM=on: Pluggable authentication module support
     SCTP=off: SCTP support
     TCP_WRAPPERS=on: tcp_wrappers support
     X509=off: x509 certificate patch
====> Kerberos support: you can only select none or one of them
     MIT=off: MIT Kerberos (security/krb5)
     HEIMDAL=off: Heimdal Kerberos (security/heimdal)
     HEIMDAL_BASE=off: Heimdal Kerberos (base)
===> Use 'make config' to modify these settings

USES:
alias

Master Sites:
  1. ftp://carroll.cac.psu.edu/pub/OpenBSD/OpenSSH/portable/
  2. ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  3. ftp://ftp.dkuug.dk/pub/OpenBSD/OpenSSH/portable/
  4. ftp://ftp.freebsdchina.org/pub/OpenBSD/OpenSSH/portable/
  5. ftp://ftp.gamma.ru/pub/OpenBSD/OpenSSH/portable/
  6. ftp://ftp.inet.no/pub/OpenBSD/OpenSSH/portable/
  7. ftp://ftp.irisa.fr/pub/OpenBSD/OpenSSH/portable/
  8. ftp://ftp.jyu.fi/pub/OpenBSD/OpenSSH/portable/
  9. ftp://ftp.nara.wide.ad.jp/pub/OpenBSD/OpenSSH/portable/
  10. ftp://ftp.nluug.nl/pub/OpenBSD/OpenSSH/portable/
  11. ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  12. ftp://ftp.rediris.es/pub/OpenBSD/OpenSSH/portable/
  13. ftp://ftp.stacken.kth.se/pub/OpenBSD/OpenSSH/portable/
  14. ftp://ftp.su.se/pub/OpenBSD/OpenSSH/portable/
  15. ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  16. ftp://ftp5.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  17. ftp://openbsd.informatik.uni-erlangen.de/pub/OpenBSD/OpenSSH/portable/
  18. ftp://openbsd.mirrors.tds.net/pub/OpenBSD/OpenSSH/portable/
  19. ftp://osmirrors.cerias.purdue.edu/pub/OpenBSD/OpenSSH/portable/
  20. ftp://rt.fm/pub/OpenBSD/OpenSSH/portable/
  21. http://anga.funkfeuer.at/ftp/pub/OpenBSD/OpenSSH/portable/
  22. http://distcache.FreeBSD.org/ports-distfiles/
  23. http://ftp.arcane-networks.fr/pub/OpenBSD/OpenSSH/portable/
  24. http://ftp.belnet.be/packages/openbsd/OpenSSH/portable/
  25. http://ftp.cc.uoc.gr/mirrors/OpenBSD/OpenSSH/portable/
  26. http://ftp.chg.ru/pub/OpenBSD/OpenSSH/portable/
  27. http://ftp.estpak.ee/pub/OpenBSD/OpenSSH/portable/
  28. http://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  29. http://ftp.heanet.ie/pub/OpenBSD/OpenSSH/portable/
  30. http://ftp.jaist.ac.jp/pub/OpenBSD/OpenSSH/portable/
  31. http://ftp.netbsd.se/OpenBSD/OpenSSH/portable/
  32. http://ftp.openbsd.dk/pub/OpenBSD/OpenSSH/portable/
  33. http://mirror.hostfuss.com/pub/OpenBSD/OpenSSH/portable/
  34. http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/
  35. http://mirror.pacific.net.au/OpenBSD/OpenSSH/portable/
  36. http://mirror.switch.ch/ftp/pub/OpenBSD/OpenSSH/portable/
  37. http://mirrors.nic.funet.fi/pub/OpenBSD/OpenSSH/portable/
  38. http://www.mirrorservice.org/pub/OpenBSD/OpenSSH/portable/

Number of commits found: 265 (showing only 100 on this page)

1 | 2 | 3  »  

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
22 May 2015 20:34:29
Original commit files touched by this commit  6.8.p1_7,1
Revision:387082
mat search for other commits by this committer
Remove $FreeBSD$ from patches files everywhere.

With hat:	portmgr
Sponsored by:	Absolight
16 May 2015 16:28:40
Original commit files touched by this commit  6.8.p1_7,1
Revision:386554
bdrewery search for other commits by this committer
Avoid a potential read overflow. This was not deemed a security issue by
upstream; it was fixed upstream comprehensively a few weeks ago in
77199d6ec8986d470487e66f8ea8f4cf43d2e20c.

PR:		200241
Patch by:	Hanno Bock <hanno@hboeck.de>
Obtained from:	http://www.openwall.com/lists/oss-security/2015/05/16/3
14 May 2015 10:15:09
Original commit files touched by this commit  6.8.p1_6,1
Revision:386312
mat search for other commits by this committer
MASTER_SITES cleanup.

- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
  of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
  no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.

While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.

Also, replace some EXTRACT_SUFX occurences with USES=tar:*.

Checked by:	make fetch-urlall-list
With hat:	portmgr
Sponsored by:	Absolight
06 May 2015 18:39:41
Original commit files touched by this commit  6.8.p1_6,1
Revision:385541
bdrewery search for other commits by this committer
Fix clients getting 'Bad packet length' and 'Disconnecting: Packet corrupt'
when the NONECIPHER option is selected but not the HPN option.  The server
banner was improperly sending a NULL byte after the newline causing confusion
on the client.  This was an error in my own modifications to the HPN patch
in r383231.

This may have occurred with stale builds as well, such as running
'make configure' then 'portsnap update' and then 'make build'.

Pointyhat to:	bdrewery
Reported by:	many
PR:		199352
14 Apr 2015 16:42:25
Original commit files touched by this commit  6.8.p1_5,1
Revision:384006
bdrewery search for other commits by this committer
Replace the TTSH patch from r383618 with the one that upstream took.

Obtained from upstream d8f391caef623
09 Apr 2015 20:57:24
Original commit files touched by this commit  6.8.p1_4,1
Revision:383678
bdrewery search for other commits by this committer
Cleanup some unneeded patches.

1. There's no need to patch the xauth(1) location as the OpenSSH build already
   does so based on the --with-xauth path provided. It also updates manpages.
2. Don't modify manpage for shosts location as it was wrong. The proper
   LOCALBASE path is now used due to OpenSSH's build already handling it
   properly.
3. Remove confusing UsePrivilegeSeparation change in sshd_config. The default
   upstream is to have it disabled by default. The sshd_config line is in
   upstream to enable it by default in new installations. We always enable
   it though. So remove the sshd_config change which makes it look like
   we don't use it; it was not a needed difference with upstream.

From discussion with:	TJ <tj@mrsk.me>
09 Apr 2015 20:19:18
Original commit files touched by this commit  6.8.p1_3,1
Revision:383675
bdrewery search for other commits by this committer
Limit the TTSSH bug fix in r383618 to only versions that have it.

Submitted by:	IWAMOTO Kouichi <sue@iwmt.org>
09 Apr 2015 02:33:47
Original commit files touched by this commit  6.8.p1_2,1
Revision:383618
bdrewery search for other commits by this committer
Fix TTSSH (Tera Type/Term) client crash:

  Unexpected SSH2 message(80) on current stage(6)

This patch was submitted upstream. The client has fixed it in their SVN [1][2]
but not yet released a fixed build.

[1] http://en.sourceforge.jp/ticket/browse.php?group_id=1412&tid=35010
[2] http://en.sourceforge.jp/projects/ttssh2/scm/svn/commits/5829
09 Apr 2015 01:49:10
Original commit files touched by this commit  6.8.p1_1,1
Revision:383616
bdrewery search for other commits by this committer
Remove debugging leftover in release.

  error: mm_request_receive: socket closed

Obtained from:	Upstream c7fe79ed7db427f1474e72b9f8b465901d61d3f6
04 Apr 2015 17:16:59
Original commit files touched by this commit  6.8.p1,1
Revision:383231
bdrewery search for other commits by this committer
- Update to 6.8p1
- Fix 'make test'
- HPN:
  - NONECIPHER is no longer default. This is not default in base and should not
    be default here as it introduces security holes.
  - HPN: I've audited the patch and included it in the port directory for
    transparency. I identified several bugs and submitted them to the new
    upstream: https://github.com/rapier1/openssh-portable/pull/2
  - HPN: The entire patch is now ifdef'd to ensure various bits are properly
    removed depending on the OPTIONS selected.
  - AES_THREADED is removed. It has questionable benefit on modern HW and is not
    stable.
  - The "enhanced logging" was removed from the patch as it is too
    intrusive and difficult to maintain in the port.
  - The progress meter "peak throughput" patch was removed.
  - Fixed HPN version showing in client/server version string when HPN
    was disabled in the config.
- KERB_GSSAPI is currently BROKEN as it does not apply.
- Update X509 to 8.3

Changelog: http://www.openssh.com/txt/release-6.8
02 Apr 2015 02:22:00
Original commit files touched by this commit  6.7.p1_5,1
Revision:382980
bdrewery search for other commits by this committer
Remove unused variable PRECIOUS
01 Apr 2015 01:04:23
Original commit files touched by this commit  6.7.p1_5,1
Revision:382887
bdrewery search for other commits by this committer
Make the check added in 2013 in r330200 for a bad ECDSA key actually work.
31 Mar 2015 19:07:26
Original commit files touched by this commit  6.7.p1_4,1
Revision:382859
bdrewery search for other commits by this committer
Remove useless IGNORE for TCP_WRAPPERS and PAM.

TCP_WRAPPERS: /usr/include/tcpd.h is always installed by the base system.
              It is only libwrap.so that is conditional on WITH_TCP_WRAPPERS.

PAM:          /usr/include/security/pam_modules.h is always installed.

This fixes FreshPorts claiming this port is ignored.
29 Mar 2015 04:17:54
Original commit files touched by this commit  6.7.p1_4,1
Revision:382566
bdrewery search for other commits by this committer
Make the VersionAddendum fix use the proper default.

Once I ran into the X509 issue previously I failed to retest that the patch
worked.

PR:		193127
25 Mar 2015 08:30:28
Original commit files touched by this commit  6.7.p1_3,1
Revision:382200
marino search for other commits by this committer
security category: Remove $PTHREAD_LIBS

approved by:	PTHREAD blanket
23 Mar 2015 04:23:09
Original commit files touched by this commit  6.7.p1_3,1
Revision:381981
bdrewery search for other commits by this committer
Stop forcing the port version string into the server banner.

The port now uses VersionAddendum in the sshd_config to allow overriding
this value. Using "none" allows disabling the default of the port
version string. The default is kept to show the port version string to
remain close to the base version.

Support for the client VersionAddendum may be added soon as well to better
match base and not give surprises when switching from base to the port.

PR:		193127
Requested by:	many, including myself when this was broken years ago.
21 Mar 2015 19:28:41
Original commit files touched by this commit  6.7.p1_2,1
Revision:381823
bdrewery search for other commits by this committer
Fix incorrect reference to ETCSSH from r381709
20 Mar 2015 07:07:27
Original commit files touched by this commit  6.7.p1_1,1
Revision:381712
bdrewery search for other commits by this committer
Set proper ETCDIR. Mistake in r381709
20 Mar 2015 02:43:44
Original commit files touched by this commit  6.7.p1_1,1
Revision:381709
bdrewery search for other commits by this committer
Remove remnants of OVERWRITE_BASE which was removed in r376306
05 Jan 2015 23:21:28
Original commit files touched by this commit  6.7.p1_1,1
Revision:376373
bdrewery search for other commits by this committer
Fix application of GSSAPI patch when using HPN. It applies fine if done after
HPN.

Reported by:	gwollman
05 Jan 2015 16:13:20
Original commit files touched by this commit  6.7.p1_1,1
Revision:376306
bdrewery search for other commits by this committer
Mark OVERWRITE_BASE as IGNORE.

Keep it as an option as otherwise the user won't be notified that
their configuration is wrong and it will just install to PREFIX
instead, which would be surprising.
17 Dec 2014 02:34:44
Original commit files touched by this commit  6.7.p1_1,1
Revision:374833
bdrewery search for other commits by this committer
- Fix HPN patches for 6.7p1
- Add back HPN and NONECIPHER for the default options and bump PORTREVISION
  due to this.
16 Dec 2014 21:44:12
Original commit files touched by this commit  6.7.p1,1
Revision:374825
bdrewery search for other commits by this committer
- Unbreak KERB_GSSAPI option by using Debian's patch.

  I am serving the patch exactly as-is from their site. Obtained from:
 
http://sources.debian.net/data/main/o/openssh/1:6.7p1-3/debian/patches/gssapi.patch
16 Dec 2014 21:29:04
Original commit files touched by this commit  6.7.p1,1
Revision:374823
bdrewery search for other commits by this committer
Unmark X509 option as BROKEN after fixed in r374821
16 Dec 2014 20:14:05
Original commit files touched by this commit  6.7.p1,1
Revision:374821
bdrewery search for other commits by this committer
- Update X509 patch to 8.2 which now supports OpenSSH 6.7p1
  No PORTREVISION bump since it was BROKEN before with X509.
17 Nov 2014 18:08:15
Original commit files touched by this commit  6.7.p1,1
Revision:372676
bdrewery search for other commits by this committer
- Update to 6.7p1.

  Several patches do not currently apply. Use security/openssh-portable66 for:
  HPN, NONECIPHER, KERB_GSSAPI, X509.

- Add a TCP_WRAPPER patch to re-enable support after it was removed upstream.
20 Oct 2014 10:09:20
Original commit files touched by this commit  6.6.p1_4,1
Revision:371252
marino search for other commits by this committer
Add USES=alias to several ports

Alias is a new USES tool that allows DragonFly to masquerade as FreeBSD
by setting CFLAGS+= -D__FreeBSD__.  For some ports, this fixes the build
without the need for additional patches.

Approved by:	portmgr (bapt, blanket)
07 Oct 2014 00:48:25
Original commit files touched by this commit  6.6.p1_4,1
Revision:370264
bdrewery search for other commits by this committer
Note my intentions with OVERWRITE_BASE
03 Oct 2014 19:31:07
Original commit files touched by this commit  6.6.p1_4,1
Revision:369933
bdrewery search for other commits by this committer
- Mark OVERWRITE_BASE and security/openssh-portable-base as DEPRECATED.
  These will be removed on January 1 2015.

  Really ports should not be touching the base system at all.

  This option is a big foot-shoot problem:

  1. Recent versions of FreeBSD such as 9.3, 10.0, 10.1+, now remove all ssh
     files from /usr if you 'make delete-old' with WITHOUT_SSH. This results in
     removing the overwrite base files.
  2. Uninstalling the package leaves the system with no ssh.
  3. Running installworld without WITHOUT_SSH results in overwriting the
     package, or giving false-positive 'pkg check -s' errors.
  4. The port fails to pass QA checks because it removes system files.
03 Oct 2014 19:23:03
Original commit files touched by this commit  6.6.p1_4,1
Revision:369931
bdrewery search for other commits by this committer
Support multiple ListenAddress ports

Reported by:	rustamabd@gmail.com
24 Jul 2014 18:34:16
Original commit files touched by this commit  6.6.p1_3,1
Revision:362835
tijl search for other commits by this committer
net/openldap24-*:
- Convert to USES=libtool and bump dependent ports
- Avoid USE_AUTOTOOLS
- Don't use PTHREAD_LIBS
- Use MAKE_CMD

databases/glom:
- Drop :keepla
- Add INSTALL_TARGET=install-strip

databases/libgda4* databases/libgda5*:
- Convert to USES=libtool and bump dependent ports
- USES=tar:xz
- Use INSTALL_TARGET=install-strip
- Use @sample
(Only the first 15 lines of the commit message are shown above View all of this commit message)
24 Apr 2014 01:54:58
Original commit files touched by this commit  6.6.p1_2,1
Revision:351982
bdrewery search for other commits by this committer
- Update to "6.6.1" [1]
- Switch to using @sample keyword, fixing orphans.

Upstream note on "6.6.1" [1]:

  OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519
  key exchange incorrectly, causing connection failures about 0.2% of
  the time when this method is used against a peer that implements
  the method properly.

  Fix the problem and disable the curve25519 KEX when speaking to
  OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
  to enable the compatability code.

[1] https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032494.html
24 Apr 2014 01:04:52
Original commit files touched by this commit  6.6.p1_1,1
Revision:351981
bdrewery search for other commits by this committer
Fix minor plist issues from check-plist
11 Apr 2014 03:38:16
Original commit files touched by this commit  6.6.p1_1,1
Revision:350880
bdrewery search for other commits by this committer
- Update GSS API Key Exchange patch with working version.

PR:		ports/183006
Submitted by:	Garrett Wollman (via email)
Tested by:	Garrett Wollman
16 Mar 2014 17:35:33
Original commit files touched by this commit  6.6.p1,1
Revision:348420
bdrewery search for other commits by this committer
- Update to 6.6
- Capsicum patch no longer needed
- Update X509 patch to 7.9

Changelog: http://www.openssh.org/txt/release-6.6
02 Mar 2014 08:43:41
Original commit files touched by this commit  6.5.p1_1,1
Revision:346742
bdrewery search for other commits by this committer
- Fix build with HEIMBAL_BASE

PR:		ports/186830
Reported by:	Robert Simmons <rsimmons0@gmail.com>
05 Feb 2014 03:06:08
Original commit files touched by this commit  6.5.p1_1,1
Revision:342628
bdrewery search for other commits by this committer
- Fix RC script

Pointyhat to:	bdrewery
Reported by:	Kenta S. <kentas@hush.com>
05 Feb 2014 01:40:46
Original commit files touched by this commit  6.5.p1,1
Revision:342618
bdrewery search for other commits by this committer
- Update to 6.5
  ChangeLog: http://www.openssh.org/txt/release-6.5

- Update X509 patch to 7.8
- Update LIB_DEPENDS to new format
- Revert r328706 and re-enable privilege separation sandboxing by default
  as the issue causing crashes has been fixed upstream
- capsicum(4) is now enabled upstream. A local patch is added to fix an issue
  with it [1]
- KERB_GSSAPI is marked BROKEN. It does not build.
  This patch lacks an upstream and I have no way to test it. It needs
  a non-trivial amount of refactoring for 6.5 as the key handling API
  has changed quite a bit.

Submitted by:	pjd@ [1]
02 Feb 2014 15:47:08
Original commit files touched by this commit  6.4.p1,1
Revision:342318
bdrewery search for other commits by this committer
- License is all of BSD2,BSD3,MIT,public domain,BSD-Style,BEER-WARE,
  "any purpose with notice intact",ISC-Style. The framework does not
  support such a case easily.
  See http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/LICENCE?rev=HEAD
12 Nov 2013 15:35:03
Original commit files touched by this commit  6.4.p1,1
Revision:333580
bdrewery search for other commits by this committer
- Fix packaging when not using HPN patches

PR:		ports/183895
Reported by:	mat
08 Nov 2013 12:41:44
Original commit files touched by this commit  6.4.p1,1
Revision:333215
bdrewery search for other commits by this committer
- Update to 6.4p1

This release fixes a security bug:

 * sshd(8): fix a memory corruption problem triggered during rekeying
   when an AES-GCM cipher is selected. Full details of the vulnerability
   are available at: http://www.openssh.com/txt/gcmrekey.adv

Security:	http://www.openssh.com/txt/gcmrekey.adv
13 Oct 2013 02:20:07
Original commit files touched by this commit  6.3.p1,1
Revision:330200 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 6.3p1
  Changelog: http://www.openssh.org/txt/release-6.3
- Use options helpers where possible
- Use upstream patch mirror for x509 and HPN
- Update HPN patch to v14 and use upstream version
- Add option NONECIPHER to allow disabling NONE in HPN patch
- Update x509 patch from 7.4.1 to 7.6
- Add support for LDNS and enable by it and VerifyHostKeyDNS/SSHFP by default.
  See
http://lists.freebsd.org/pipermail/freebsd-security/2013-September/007180.html
  which describes this change, but is supported on releases before 10 as well
  with LDNS option.
- Update SCTP to patchlevel 2329
- Update recommendation on secure usage of SSH
- Add pkg-message warning about ECDSA key possibly being incorrect due to
  previously being written as DSA by the rc script and fixed in r299902 in
  2012
07 Oct 2013 10:41:10
Original commit files touched by this commit  6.2.p2_5,1
Revision:329681 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Now that :DEFAULT can be used in PATCH_SITES (fixed in 329679),
  depend on the upstream mirror for the x509 patch and my mirror
  as a fallback
06 Oct 2013 17:24:26
Original commit files touched by this commit  6.2.p2_5,1
Revision:329605 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Remove useless -c flag
03 Oct 2013 23:45:27
Original commit files touched by this commit  6.2.p2_5,1
Revision:329250 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Perl has not been needed as a direct dependency since 6.0
03 Oct 2013 22:38:57
Original commit files touched by this commit  6.2.p2_5,1
Revision:329246 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix KERB_GSSAPI incorrectly using a predictable cache file.
  This was due to a mistake in r319062 when porting the patch from 5.8 to 6.2

  There is no active upstream for this patch. For reference here are the
  changes made in the patch:

  --- -	2013-10-03 11:07:21.262913573 -0500
  +++ /tmp/zdiff.XXXXXXXXXX.STScEeSI	2013-10-03 11:07:21.000000000 -0500
  @@ -183,7 +183,7 @@
	  if (ret < 0 || (size_t)ret >= sizeof(ccname))
		  return ENOMEM;

  -+#ifdef USE_CCAPI
  ++#ifndef USE_CCAPI
	  old_umask = umask(0177);
	  tmpfd = mkstemp(ccname + strlen("FILE:"));
	  oerrno = errno;

PR:		ports/180419
Reported by:	Garrett Wollman <wollman@khavrinen.csail.mit.edu>
03 Oct 2013 13:36:40
Original commit files touched by this commit  6.2.p2_4,1
Revision:329189 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Mark IGNORE if KERB_GSSAPI incorrectly selected
03 Oct 2013 13:31:42
Original commit files touched by this commit  6.2.p2_4,1
Revision:329185 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Cleanup patch-readconf.c to only have 1 diff
03 Oct 2013 12:57:47
Original commit files touched by this commit  6.2.p2_4,1
Revision:329176 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update descriptions to match current conventions
29 Sep 2013 15:07:15
Original commit files touched by this commit  6.2.p2_4,1
Revision:328706 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Copy base r251088 over (which removes a patch) and disable default sandbox
  privilege separation as it causes crashes when using AES crypto devices.
  This now uses 'yes' for UsePrivilegeSeparation instead of 'sandbox' by
  default

Reminded by:	Garrett Wollman
29 Sep 2013 14:54:20
Original commit files touched by this commit  6.2.p2_3,1
Revision:328704 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix sshd.8 referring to LOCALBASE with OVERWRITE_BASE
29 Sep 2013 14:53:42
Original commit files touched by this commit  6.2.p2_3,1
Revision:328703 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Don't extract mtree with OVERWRITE_BASE
29 Sep 2013 14:51:30
Original commit files touched by this commit  6.2.p2_3,1
Revision:328701 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Convert to stagedir
20 Sep 2013 15:58:09
Original commit files touched by this commit  6.2.p2_3,1
Revision:327710 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Add NO_STAGE until validated to be safe for upcoming staging support
20 Aug 2013 11:43:44
Original commit files touched by this commit  6.2.p2_3,1
Revision:325040 This port version is marked as vulnerable.
az search for other commits by this committer
- Convert to new perl5 framework

Approved by:	bdrewery@ (maintainer)
05 Jul 2013 18:27:51
Original commit files touched by this commit  6.2.p2_3,1
Revision:322345 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Add an openssh-portable-base slave port to install with OVERWRITE_BASE
05 Jul 2013 12:46:46
Original commit files touched by this commit  6.2.p2_3,1
Revision:322321 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Add LICENSE
22 Jun 2013 15:11:30
Original commit files touched by this commit  6.2.p2_3,1
Revision:321578 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- In rc script, be consistent in reload and check for and generate keys
  if needed, as well as checking for port collision with base sshd.

Reported by:	delphij
25 May 2013 16:44:01
Original commit files touched by this commit  6.2.p2_2,1
Revision:319062 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update and re-add KERB_GSSAPI gsskex patch.
  I did very minor porting of the upstream patch to make
  it apply.
  Note that this currently does not build with base heimdal, but
  does build with port MIT or port HEIMDAL.
- Bump PORTREVISION in case someone built the update, expecting
  this option to work and now have a broken ssh.

PR:		ports/178885
Reported by:	Garrett Wollman <wollman@csail.mit.edu>
23 May 2013 00:30:31
Original commit files touched by this commit  6.2.p2_1,1
Revision:318808 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix sshd crash when not using HPN
  This was due to not including the canohost.h header for our
  base customization to respect class login restrictions. I had
  missed this as I was only tested with the default (HPN enabled)
  which already was including this header.

Reported by:	runelind in ##freenode
Tested by:	runelind, myself
Reported by:	Krzysztof Stryjek
21 May 2013 22:29:08
Original commit files touched by this commit  6.2.p2,1
Revision:318727 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Mark BROKEN as I have received 2 separate reports
of crashing.
17 May 2013 19:47:35
Original commit files touched by this commit  6.2.p2,1
Revision:318400 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 6.2p2

- The LPK patch has been updated but is obsolete, deprecated and
  untested. It has been replaced by AuthorizedKeysCommand
- The upstream HPN's last update was for 6.1 and is mostly
  abandoned. The patch has had bugs since 5.9. I have reworked
  it and split into into HPN and AES_THREADED options. The
  debugging/logging part of the patch is incomplete. I may
  change the patch to more closely match our base version
  eventually.
- The KERB_GSSAPI option has been removed as the patch has not
  been updated by upstream since 5.7
- sshd VersionAddendum is currently not working as intended;
  it will be fixed later to allow removing the port/pkg version.
- Update our patchset to match latest base version
(Only the first 15 lines of the commit message are shown above View all of this commit message)
17 May 2013 14:36:34
Original commit files touched by this commit  5.8.p2_5,1
Revision:318392
bdrewery search for other commits by this committer
- Bring in r199804 and r206397 from base to avoid killing sshd in
  high-pressure swapping environments
17 May 2013 14:16:10
Original commit files touched by this commit  5.8.p2_5,1
Revision:318390
bdrewery search for other commits by this committer
- Remove copyright as it was a base customization that was removed in
  base r213250
17 May 2013 13:56:29
Original commit files touched by this commit  5.8.p2_5,1
Revision:318386
bdrewery search for other commits by this committer
- Remove CHROOT option and patch. ChrootDirectory was added in 5.0
  to achieve the same thing.
02 May 2013 02:03:09
Original commit files touched by this commit  5.8.p2_5,1
Revision:317070
bdrewery search for other commits by this committer
Fix xauth and ssh-askpass still being expected in /usr/X11R6

This was fixed in base in 2007 in r169966
30 Apr 2013 13:13:49
Original commit files touched by this commit  5.8.p2_4,1
Revision:316929
bdrewery search for other commits by this committer
- Add support for base and port Heimdal for Kerberos

PR:		ports/167554
Requested by:	Volodymyr Kostyrko <c.kworr@gmail.com>
17 Apr 2013 00:35:32
Original commit files touched by this commit  5.8.p2_4,1
Revision:315920
bdrewery search for other commits by this committer
- Remove compatibiliy for FreeBSD <4.x
  * /var/empty has been in hier(7) since 4.x
  * User sshd has been in base since 4.x
  * Simplify a patch for realhostname_sa(3) usage
- Remove SUID_SSH - It was removed from ssh in 2002
- Fix 'make test'
- Add some hints into the patches on where they came from
- Mirror all patches
- Move LPK patch out of files/
- Remove the need for 2 patches
  * Removal of 'host-key check-config' in install phase
  * Adding -lutil
- Add SCTP support [1]
- Remove FILECONTROL as it has not been supported since the 5.8
  update
- Replace tab with space pkg-descr
- Remove default WRKSRC
- Add 'configtest' command to rc script
- Mark X509 broken with other patches due to PATCH_DIST_STRIP=-p1

PR:		ports/174570 [1]
Submitted by:	oleg <proler@gmail.com> [1]
Obtained from:	https://bugzilla.mindrot.org/show_bug.cgi?id=2016 (upstream) [1]
Feature safe:	yes
08 Feb 2013 00:03:19
Original commit files touched by this commit  5.8.p2_4,1
Revision:311891
bdrewery search for other commits by this committer
- Fix runtime crash on CURRENT due to import of NetBSD strnvis() [1]
  which differs in prototype from OpenBSD strnvis() [2]

[1] http://lists.freebsd.org/pipermail/freebsd-stable/2013-January/071703.html
[2] http://gnats.netbsd.org/44977

Submitted by:	dim
01 Feb 2013 15:04:01
Original commit files touched by this commit  5.8.p2_3,1
Revision:311381
ak search for other commits by this committer
- Fix all cases of 'No newline at end of file' in ports tree

Approved by: portmgr (bapt)
05 Dec 2012 22:32:30
Original commit files touched by this commit  5.8.p2_3,1
Revision:308352
bdrewery search for other commits by this committer
- Update mirror site for HPN patch

Feature safe:	yes
29 Oct 2012 15:08:31
Original commit files touched by this commit  5.8.p2_3,1
Revision:306620
bdrewery search for other commits by this committer
- Take maintainership

Feature safe:	yes
13 Oct 2012 17:13:34
Original commit files touched by this commit  5.8.p2_3,1
Revision:305839
eadler search for other commits by this committer
Convert to OptionsNG
Trim Headers

PR:	ports/172429
Submitted by:	Michael Gmelin <freebsd@grem.de>
Feature safe:	yes
05 Aug 2012 23:05:24
Original commit files touched by this commit  5.8.p2_3,1
dougb search for other commits by this committer
When installing in the base, USE_RCORDER does the right thing without
all the gymnastics
24 Jun 2012 22:49:52
Original commit files touched by this commit  5.8.p2_3,1
dougb search for other commits by this committer
Add KEYWORD: shutdown
Simplify some code
Fix an error message
24 Jun 2012 17:51:21
Original commit files touched by this commit  5.8.p2_3,1
sunpoet search for other commits by this committer
- Fix ECDSA key generation in openssh rc.d script
- Bump PORTREVISION for package change

Submitted by:   J. Hellenthal <jhellenthal@dataix.net>
13 Jun 2012 03:02:04
Original commit files touched by this commit  5.8.p2_2,1
eadler search for other commits by this committer
Change HPN patch mirror location to one that works

PR:             ports/168306
Submitted by:   "Bryan Drewery" <bryan@shatow.net>
01 May 2012 09:56:31
Original commit files touched by this commit  5.8.p2_2,1
sunpoet search for other commits by this committer
- Reset maintainership

PR:             ports/167423
Submitted by:   Grzegorz Blach <magik@roorback.net> (maintainer)
28 Mar 2012 18:04:42
Original commit files touched by this commit  5.8.p2_2,1
scheidell search for other commits by this committer
- Perl only needed to build, not needed to run. remove PERL5_RUN from Makefile
- Bump PORTREVISION

PR:             ports/166413
Submitted by:   Gleb Smirnoff <glebius@cell.glebius.int.ru>
Approved by:    Grzegorz Blach <magik@roorback.net> (maintainer)
Feature safe:   yes
14 Jan 2012 08:57:23
Original commit files touched by this commit  5.8.p2_1,1
dougb search for other commits by this committer
In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.
23 Dec 2011 12:52:28
Original commit files touched by this commit  5.8.p2_1,1
scheidell search for other commits by this committer
- Add USE_PERL5_BUILD

PR:             ports/163414
Submitted by:   portmgr (pav)
Approved by:    gabor (mentor)
23 Dec 2011 12:24:23
Original commit files touched by this commit  5.8.p2_1,1
scheidell search for other commits by this committer
- openssh-portable needs perl to build (reported by Gleb Smirnoff via mail)
- add ssh_engine.5 man page when openssh-portable WITH_X509 is turned on
(reported by John Hein via mail)

PR:             ports/163414
Submitted by:   Grzegorz Blach <magik@roorback.net>
Approved by:    gabor (mentor)
21 Oct 2011 16:18:57
Original commit files touched by this commit  5.8.p2,1
flo search for other commits by this committer
- update to 5.8p2 [1]
- fix Kerberos knob [2]
- fix build on 9.0 [3]
- fix deinstall with various knobs [4]
- fix LPK knob [5]

PR:             ports/161818 [1], ports/144597 [2], ports/160389 [3]
                ports/150493, ports/156926 [4], ports/155456 [5]

Submitted by:   "Grzegorz Blach" <magik@roorback.net> [1], [2], [4], [5]
                pluknet [3]
Reported by:    Jonathan <lordsith49@hotmail.com> [2]
                Kevin Thompson <antiduh@csh.rit.edu> [4]
                Alexey Remizov <alexey@remizov.org> [5]
19 Jul 2011 02:05:33
Original commit files touched by this commit  5.2.p1_4,1
stephen search for other commits by this committer
- Maintainer to magik@roorback.net

Approved by:    maho (mentor) and magik@roorback.net
13 Jul 2011 21:47:05
Original commit files touched by this commit  5.2.p1_4,1
stephen search for other commits by this committer
- Add VersionAddendum support.
- Bump portrevision.

PR:             ports/142824
Submitted by:   Scot Hetzel <swhetzel@gmail.com>
Approved by:    gabor (mentor)
03 Jul 2011 14:03:52
Original commit files touched by this commit  5.2.p1_3,1
ohauer search for other commits by this committer
-remove MD5
11 Mar 2011 17:11:08
Original commit files touched by this commit  5.2.p1_3,1
skv search for other commits by this committer
Unbreak build with LPK option (broken after commit 1.674 in bsd.port.mk).
27 Dec 2010 09:58:51
Original commit files touched by this commit  5.2.p1_3,1
ale search for other commits by this committer
Remove OpenSC support. This port should be updated to support PKCS#11.
21 Nov 2010 23:48:49
Original commit files touched by this commit  5.2.p1_3,1
rene search for other commits by this committer
- Fix optional dependency on security/heimdal
- Bump PORTREVISION
PR:             ports/152029
Submitted by:   Joerg Pulz [Joerg.Pulz frm2.tum.de]
Approved by:    Ryan Steinmetz <rpsfa@rit.edu> (maintainer of net/freeradius*)
                girgen (maintainer of databases/postgresql*-server,
                        14 day timeout)
31 Aug 2010 02:46:44
Original commit files touched by this commit  5.2.p1_2,1
pgollucci search for other commits by this committer
Add the sftpfilecontrol patch as an OPTION (WITH_FILECONTROL)
See http://sftpfilecontrol.sourceforge.net/  for details.

PR:             ports/146338
Submitted by:   Steve Wills <steve@mouf.net>
22 Aug 2010 23:20:17
Original commit files touched by this commit  5.2.p1_2,1
linimon search for other commits by this committer
Reset dindin@dindin.ru due to maintainer-timeout and no response to email.

Hat:            portmgr
04 May 2010 09:14:22
Original commit files touched by this commit  5.2.p1_2,1
pav search for other commits by this committer
- Annotate the combination of X509 and KERB_GSSAPI patches as broken

PR:             ports/142819
Submitted by:   Scot Hetzel <swhetzel@gmail.com>
Approved by:    maintainer timeout (1 month)
18 Apr 2010 21:40:14
Original commit files touched by this commit  5.2.p1_2,1
erwin search for other commits by this committer
Mark BROKEN on 9.x: does not build
27 Mar 2010 06:14:03
Original commit files touched by this commit  5.2.p1_2,1
dougb search for other commits by this committer
RC_SUBR_SUFFIX has not been needed for a long time now, all supported
versions of FreeBSD now use /etc/rc.subr and rc.d scripts without .sh
appended to the script name.
27 Mar 2010 00:15:24
Original commit files touched by this commit  5.2.p1_2
 This port version is marked as vulnerable.
dougb search for other commits by this committer
Begin the process of deprecating sysutils/rc_subr by
s#. %%RC_SUBR%%#. /etc/rc.subr#
16 Dec 2009 16:43:21
Original commit files touched by this commit  5.2.p1_2,1
amdmi3 search for other commits by this committer
- Remove BROKEN on 8.x WITH_KERBEROS case. Builds fine on 8.0 and 9.0, i386 and
amd64
- While here, fix minor plist issue for WITH_X509 case

PR:             141679
Submitted by:   Denis Barov <dindin@dindin.ru> (maintainer)
02 Nov 2009 08:08:46
Original commit files touched by this commit  5.2.p1_2,1
lioux search for other commits by this committer
- Under OSVERSION >= 800000, only mark BROKEN if WITH_KERBEROS.
- The port links fine otherwise.
30 Sep 2009 21:09:06
Original commit files touched by this commit  5.2.p1_2,1
pav search for other commits by this committer
- Mark BROKEN on 8.X with Kerberos - does not link

Reported by:    pointyhat
23 Sep 2009 18:44:47
Original commit files touched by this commit  5.2.p1_2,1
pav search for other commits by this committer
- Revert USE_RC_SUBR change from last commit, it breaks OVERWRITE_BASE
- Add a hint to pkg-message about running this together with base sshd

PR:             ports/138943
Submitted by:   Denis Barov <dindin@yandex-team.ru> (maintainer)
Feature safe:   yes
18 Sep 2009 14:05:52
Original commit files touched by this commit  5.2.p1_2,1
pav search for other commits by this committer
- Unbreak KERBEROS option
- Add option for OpenBSD support
- Fix crash in sftp listing

PR:             ports/138409 (cumulative patch)
Submitted by:   Denis Barov <dindin@dindin.ru> (maintainer)
Feature safe:   yes

Number of commits found: 265 (showing only 100 on this page)

1 | 2 | 3  »  

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
proxychains-ngMay 29
krb5May 28
krb5-112May 28
tsharkMay 28
tshark-liteMay 28
wiresharkMay 28
wireshark-liteMay 28
curlMay 26
curlMay 26
cassandraMay 24
cassandra2May 24
py-saltMay 24
davmailMay 23
dnsmasqMay 23
dnsmasq-develMay 23

22 vulnerabilities affecting 39 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 24832
Broken 225
Deprecated 71
Ignore 493
Forbidden 1
Restricted 204
No CDROM 95
Vulnerable 21
Expired 10
Set to expire 60
Interactive 0
new 24 hours 9
new 48 hours13
new 7 days46
new fortnight84
new month165

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.