non port: security/openssh-portable/files/patch-ssh-agent.c |
Number of commits found: 20 |
Tuesday, 26 Dec 2023
|
20:49 Gordon Tetlow (gordon)
security/openssh-portable: Update to 9.6p1
Approved by: bdrewery
Differential Revision: https://reviews.freebsd.org/D43132
277b9fe |
Thursday, 16 Feb 2023
|
19:23 Bryan Drewery (bdrewery)
security/openssh-portable: Upgrade to 9.2p1
Changes: https://www.openssh.com/txt/release-9.2
10491773 |
Thursday, 3 Mar 2022
|
19:25 Bryan Drewery (bdrewery)
security/openssh-portable: Update to 8.9p1
- Unbreak GSSAPI [1]
- rc.d/openssh: Allow modifying host key generation [2]
Changes: https://www.openssh.com/txt/release-8.9
PR: 259909 [1]
PR: 202169 [2]
Submitted by: Rick Miller [1]
Submitted by: Chad Jacob Milios [2]
ae66cff |
Thursday, 29 Apr 2021
|
16:05 Bryan Drewery (bdrewery)
security/openssh-portable: Update to 8.6p1
- gssapi is disabled for now.
Changes:
- https://www.openssh.com/txt/release-8.5
- https://www.openssh.com/txt/release-8.6
Submitted by: Yasuhiro Kimura [earlier version][1]
PR: 254389 [1]
de9fffc |
Monday, 16 Nov 2020
|
19:39 bdrewery
- Update to 8.4p1 (skipped 8.3)
- https://www.openssh.com/txt/release-8.3
- https://www.openssh.com/txt/release-8.4
PR: 239807, 250319
Sponsored by: Dell EMC
|
Monday, 23 Mar 2020
|
16:53 bdrewery
- Update to 8.2p1
Release notes: https://www.openssh.com/txt/release-8.2
|
Thursday, 12 Oct 2017
|
19:40 bdrewery
Update to 7.6p1
- Update x509 patch to 11.0
- HPN/NONECIPHER do not apply currently and are disabled by default,
same as the base sshd. A compatibility patch is applied if
these options are disabled to prevent startup failures; the options
are kept as deprecated.
- SCTP patch does not apply.
Changes: https://www.openssh.com/txt/release-7.6
Notable changes:
- SSH version 1 support dropped.
- Dropped support for hmac-ripemd160 MAC.
- Dropped support for the ciphers arcfour, blowfish and CAST.
- RSA keys less than 1024 bits are refused.
|
Monday, 16 Jan 2017
|
19:30 bdrewery
Update to 7.4p1.
- Update X509 patch to 9.3
- SCTP patch from soralx@cydem.org
Changes: https://www.openssh.com/txt/release-7.4
|
Friday, 13 Jan 2017
|
23:23 bdrewery
Add patches to cover security issues CVE-2016-10009 and CVE-2016-10010.
Security: 2c948527-d823-11e6-9171-14dae9d210b8
Submitted by: Tim Zingelman <zingelman@gmail.com>
MFH: 2017Q1
|
Wednesday, 11 Nov 2015
|
21:21 bdrewery
Make portlint stop spamming me. It's gotten quite silly.
There's no reason to regenerate these for the sake of having 'UTC' in the patch
and it also considers patches with comments to be invalid.
WARN: /root/svn/ports/security/openssh-portable/files/patch-auth.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-auth2.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-readconf.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN:
/root/svn/ports/security/openssh-portable/files/patch-regress__test-exec.sh:
patch was not generated using ``make makepatch''. It is recommended to use
``make makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-servconf.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-session.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.1: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh.c: patch was not
generated using ``make makepatch''. It is recommended to use ``make makepatch''
when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config.5: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshconnect.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.8: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config.5: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
|
Monday, 27 Jul 2015
|
18:30 bdrewery
- Update to 6.9p1
- Update X509 patch to 8.4
Changes: http://www.openssh.com/txt/release-6.9
|
Saturday, 4 Apr 2015
|
17:16 bdrewery
- Update to 6.8p1
- Fix 'make test'
- HPN:
- NONECIPHER is no longer default. This is not default in base and should not
be default here as it introduces security holes.
- HPN: I've audited the patch and included it in the port directory for
transparency. I identified several bugs and submitted them to the new
upstream: https://github.com/rapier1/openssh-portable/pull/2
- HPN: The entire patch is now ifdef'd to ensure various bits are properly
removed depending on the OPTIONS selected.
- AES_THREADED is removed. It has questionable benefit on modern HW and is not
stable.
- The "enhanced logging" was removed from the patch as it is too
intrusive and difficult to maintain in the port.
- The progress meter "peak throughput" patch was removed.
- Fixed HPN version showing in client/server version string when HPN
was disabled in the config.
- KERB_GSSAPI is currently BROKEN as it does not apply.
- Update X509 to 8.3
Changelog: http://www.openssh.com/txt/release-6.8
|
Monday, 17 Nov 2014
|
18:08 bdrewery
- Update to 6.7p1.
Several patches do not currently apply. Use security/openssh-portable66 for:
HPN, NONECIPHER, KERB_GSSAPI, X509.
- Add a TCP_WRAPPER patch to re-enable support after it was removed upstream.
|
Sunday, 13 Oct 2013
|
02:20 bdrewery
- Update to 6.3p1
Changelog: http://www.openssh.org/txt/release-6.3
- Use options helpers where possible
- Use upstream patch mirror for x509 and HPN
- Update HPN patch to v14 and use upstream version
- Add option NONECIPHER to allow disabling NONE in HPN patch
- Update x509 patch from 7.4.1 to 7.6
- Add support for LDNS and enable by it and VerifyHostKeyDNS/SSHFP by default.
See
http://lists.freebsd.org/pipermail/freebsd-security/2013-September/007180.html
which describes this change, but is supported on releases before 10 as well
with LDNS option.
- Update SCTP to patchlevel 2329
- Update recommendation on secure usage of SSH
- Add pkg-message warning about ECDSA key possibly being incorrect due to
previously being written as DSA by the rc script and fixed in r299902 in
2012
|
Friday, 17 May 2013
|
19:47 bdrewery
- Update to 6.2p2
- The LPK patch has been updated but is obsolete, deprecated and
untested. It has been replaced by AuthorizedKeysCommand
- The upstream HPN's last update was for 6.1 and is mostly
abandoned. The patch has had bugs since 5.9. I have reworked
it and split into into HPN and AES_THREADED options. The
debugging/logging part of the patch is incomplete. I may
change the patch to more closely match our base version
eventually.
- The KERB_GSSAPI option has been removed as the patch has not
been updated by upstream since 5.7
- sshd VersionAddendum is currently not working as intended;
it will be fixed later to allow removing the port/pkg version.
- Update our patchset to match latest base version
- Bring in ssh-agent -x support from base
- I incrementally updated the port from 5.8 up to 6.2p2 along
with patches. You can find all of the versions at
https://github.com/bdrewery/openssh
Changes:
http://www.openssh.com/txt/release-5.9
http://www.openssh.org/txt/release-6.0
http://www.openssh.org/txt/release-6.1
http://www.openssh.org/txt/release-6.2
http://www.openssh.org/txt/release-6.2p2
|
Wednesday, 17 Apr 2013
|
00:35 bdrewery
- Remove compatibiliy for FreeBSD <4.x
* /var/empty has been in hier(7) since 4.x
* User sshd has been in base since 4.x
* Simplify a patch for realhostname_sa(3) usage
- Remove SUID_SSH - It was removed from ssh in 2002
- Fix 'make test'
- Add some hints into the patches on where they came from
- Mirror all patches
- Move LPK patch out of files/
- Remove the need for 2 patches
* Removal of 'host-key check-config' in install phase
* Adding -lutil
- Add SCTP support [1]
- Remove FILECONTROL as it has not been supported since the 5.8
update
- Replace tab with space pkg-descr
- Remove default WRKSRC
- Add 'configtest' command to rc script
- Mark X509 broken with other patches due to PATCH_DIST_STRIP=-p1
PR: ports/174570 [1]
Submitted by: oleg <proler@gmail.com> [1]
Obtained from: https://bugzilla.mindrot.org/show_bug.cgi?id=2016 (upstream) [1]
Feature safe: yes
|
Friday, 21 Oct 2011
|
16:18 flo
- update to 5.8p2 [1]
- fix Kerberos knob [2]
- fix build on 9.0 [3]
- fix deinstall with various knobs [4]
- fix LPK knob [5]
PR: ports/161818 [1], ports/144597 [2], ports/160389 [3]
ports/150493, ports/156926 [4], ports/155456 [5]
Submitted by: "Grzegorz Blach" <magik@roorback.net> [1], [2], [4], [5]
pluknet [3]
Reported by: Jonathan <lordsith49@hotmail.com> [2]
Kevin Thompson <antiduh@csh.rit.edu> [4]
Alexey Remizov <alexey@remizov.org> [5]
|
Sunday, 1 Oct 2006
|
02:15 mnag
- Update to 4.4p1.
- Disable temporary HPN patch until HPN release new version.
- Fix rc.d script path in sshd.8
- Add FreeBSD-${PKGNAME} in SSH_VERSION and SSH_RELEASE like src does.
- Sync patches with src.
Security: CVE-2006-4924, CVE-2006-5051
|
Friday, 26 Sep 2003
|
18:13 dinoex
- update to 3.7.1p2
more regressions tests successfull
|
Wednesday, 17 Sep 2003
|
16:07 nectar
Add Solar Designer's additional fixes to buffer management.
|
Number of commits found: 20 |