FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

We also have a status page: https://freshports.wordpress.com/

Port details
openssh-portable The portable version of OpenBSD's OpenSSH
7.6.p1_3,1 security on this many watch lists=116 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port
Maintainer: bdrewery@FreeBSD.org search for ports maintained by this maintainer
Port Added: 01 Jun 2001 11:49:36
Also Listed In: ipv6
License: not specified in port
OpenBSD's OpenSSH portable version

Normal OpenSSH development produces a very small, secure, and easy to maintain
version for the OpenBSD project. The OpenSSH Portability Team takes that pure
version and adds portability code so that OpenSSH can run on many other
operating systems (Unfortunately, in particular since OpenSSH does
authentication, it runs into a *lot* of differences between Unix operating
systems).

The portable OpenSSH follows development of the official version, but releases
are not synchronized. Portable releases are marked with a 'p' (e.g. 3.1p1).
The official OpenBSD source will never use the 'p' suffix, but will instead
increment the version number when they hit 'stable spots' in their development.

WWW: http://www.openssh.org/portable.html
SVNWeb : Homepage : PortsMon
    Pseudo-pkg-plist information, but much better, from make generate-plist
    Expand this list (31 items)
  1. bin/scp
  2. bin/sftp
  3. bin/ssh
  4. bin/ssh-add
  5. bin/ssh-agent
  6. bin/ssh-keygen
  7. bin/ssh-keyscan
  8. etc/ssh/moduli
  9. @sample etc/ssh/ssh_config.sample
  10. @sample etc/ssh/sshd_config.sample
  11. @comment @dir etc/ssh/ca
  12. @postexec if [ -f %D/etc/ssh/ssh_host_ecdsa_key ] && grep -q DSA %D/etc/ssh/ssh_host_ecdsa_key; then echo; echo "\!/ Warning \!/"; echo; echo "Your %D/etc/ssh/ssh_host_ecdsa_key is not a valid ECDSA key. It is incorrectly"; echo "a DSA key due to a bug fixed in 2012 in the security/openssh-portable port."; echo; echo "Regenerate a proper one with: rm -f %D/etc/ssh/ssh_host_ecdsa_key*; service openssh restart"; echo; echo "Clients should not see any key change warning since the ECDSA was not valid and was not actually"; echo "used by the server."; echo; echo "\!/ Warning \!/"; fi
  13. sbin/sshd
  14. libexec/sftp-server
  15. libexec/ssh-keysign
  16. libexec/ssh-pkcs11-helper
  17. man/man1/sftp.1.gz
  18. man/man1/ssh-add.1.gz
  19. man/man1/ssh-agent.1.gz
  20. man/man1/ssh-keygen.1.gz
  21. man/man1/ssh-keyscan.1.gz
  22. man/man1/scp.1.gz
  23. man/man1/ssh.1.gz
  24. man/man5/moduli.5.gz
  25. man/man5/ssh_config.5.gz
  26. man/man5/sshd_config.5.gz
  27. @comment man/man5/ssh_engine.5.gz
  28. man/man8/sftp-server.8.gz
  29. man/man8/sshd.8.gz
  30. man/man8/ssh-keysign.8.gz
  31. man/man8/ssh-pkcs11-helper.8.gz
  32. Collapse this list.

To install the port: cd /usr/ports/security/openssh-portable/ && make install clean
To add the package: pkg install openssh-portable

PKGNAME: openssh-portable

distinfo:

TIMESTAMP = 1507833573
SHA256 (openssh-7.6p1.tar.gz) = a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723
SIZE (openssh-7.6p1.tar.gz) = 1489788
SHA256 (openssh-7.2_p1-sctp.patch.gz) = fb67e3e23f39fabf44ef198e3e19527417c75c9352747547448512032365dbfc
SIZE (openssh-7.2_p1-sctp.patch.gz) = 8501
SHA256 (openssh-7.6p1+x509-11.0.diff.gz) = bc4175ed8efce14579f10e242b25a23c959b1ff0e63b7c15493503eb654a960e
SIZE (openssh-7.6p1+x509-11.0.diff.gz) = 440219


NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:
  1. autoconf-2.69 : devel/autoconf
  2. autoheader-2.69 : devel/autoconf
  3. autoreconf-2.69 : devel/autoconf
  4. aclocal-1.15 : devel/automake
  5. automake-1.15 : devel/automake
Library dependencies:
  1. libldns.so : dns/ldns
  2. libedit.so.0 : devel/libedit
There are no ports dependent upon this port

Configuration Options
===> The following configuration options are available for openssh-portable-7.6.p1_3,1:
     BSM=off: OpenBSM Auditing
     HPN=off: HPN-SSH patch
     KERB_GSSAPI=off: Kerberos/GSSAPI patch (req: GSSAPI)
     LDNS=on: SSHFP/LDNS support
     LIBEDIT=on: Command line editing via libedit
     NONECIPHER=off: NONE Cipher support
     OVERWRITE_BASE=off: EOL, No longer supported.
     PAM=on: Pluggable authentication module support
     SCTP=off: SCTP support
     TCP_WRAPPERS=on: tcp_wrappers support
     X509=off: x509 certificate patch
====> Kerberos support: you can only select none or one of them
     MIT=off: MIT Kerberos (security/krb5)
     HEIMDAL=off: Heimdal Kerberos (security/heimdal)
     HEIMDAL_BASE=off: Heimdal Kerberos (base)
===> Use 'make config' to modify these settings

USES:
alias autoreconf ncurses ssl libedit

pkg-message:
To enable this port, add openssh_enable="YES" in your rc.conf. To
prevent conflict with openssh in the base system add sshd_enable="NO"
in your rc.conf. Also you can configure openssh at another TCP port (via
sshd_config 'Port' and 'Listen' options or via 'openssh_flags'
variable in rc.conf) and run it in same time with base sshd.

'PermitRootLogin no' is the default for the OpenSSH port.
This now matches the PermitRootLogin configuration of OpenSSH in
the base system.  Please be aware of this when upgrading your
OpenSSH port, and if truly necessary, re-enable remote root login
by readjusting this option in your sshd_config.

Users are encouraged to create single-purpose users with ssh keys, disable
Password authentication by setting 'PasswordAuthentication no' and
'ChallengeResponseAuthentication no', and to define very narrow sudo
privileges instead of using root for automated tasks.

Master Sites:
  1. https://ftp.OpenBSD.org/pub/OpenBSD/OpenSSH/portable/
  2. https://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  3. https://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  4. https://mirror.aarnet.edu.au/pub/OpenBSD/OpenSSH/portable/
  5. https://mirrors.evowise.com/pub/OpenBSD/OpenSSH/portable/
  6. https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/
Notes from UPDATING
These upgrade notes are taken from /usr/ports/UPDATING
  • 2017-03-31
    Affects: users of security/openssh-portable
    Author: bdrewery@FreeBSD.org
    Reason: 
      The format of several log messages emitted by the packet code has
      changed to include additional information about the user and
      their authentication state. Software that monitors ssh/sshd logs
      may need to account for these changes. For example:
    
      Connection closed by user x 1.1.1.1 port 1234 [preauth]
      Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth]
      Connection closed by invalid user x 1.1.1.1 port 1234 [preauth]
    
      Affected messages include connection closure, timeout, remote
      disconnection, negotiation failure and some other fatal messages
      generated by the packet code.
    
    
  • 2015-08-21
    Affects: users of security/openssh-portable
    Author: bdrewery@FreeBSD.org
    Reason: 
      OpenSSH 7.0 disables support for:
        * SSH protocol 1
        * 1024-bit diffie-hellman-group1-sha1 key exchange
        * ssh-dss, ssh-dss-cert-* host and user keys
        * legacy v00 cert format
    
      See http://www.openssh.com/txt/release-7.0 for more information and
      http://www.openssh.com/legacy.html for how to re-enable some of these
      algorithms.
    
    
  • 2015-03-22
    Affects: users of security/openssh-portable
    Author: bdrewery@FreeBSD.org
    Reason: 
      The port now uses VersionAddendum for the port version string. Setting
      the value to "none" in your sshd_config and restarting openssh will allow
      removing the version from the banner.
    
    
  • 2014-12-18
    Affects: users of security/openssh-portable
    Author: bdrewery@FreeBSD.org
    Reason: 
      OpenSSH 6.7 disables some insecure ciphers by default, such as arcfour
      and blowfish. You may have clients using these over LAN where security is
      considered less important for the connection. For these cases you may need
      to update your Ciphers entry in your sshd_config to enable them again.
    
      See http://mgalgs.github.io/2014/10/22/enable-arcfour-and-other-fast-ciphers-on-recent-versions-of-openssh.html
    
    
  • 2014-12-16
    Affects: users of security/openssh-portable, security/openssh-portable66
    Author: bdrewery@FreeBSD.org
    Reason: 
      All patches have been fixed for version 6.7. It is no longer required to use
      the security/openssh-portable66 port.
    
      The LPK option was removed from security/openssh-portable as it has been
      deprecated since May 2013. Use AuthorizedKeysCommand as a replacement.
    
    
  • 2014-11-17
    Affects: users of security/openssh-portable
    Author: bdrewery@FreeBSD.org
    Reason: 
      Most of the optional patches for OpenSSH do not apply to the 6.7 update yet.
      The 6.6 version has been copied to security/openssh-portable66 if you require
      the use of one of the optional ports.
    
    
Port Moves

Number of commits found: 311 (showing only 100 on this page)

1 | 2 | 3 | 4  »  

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
18 Oct 2017 17:19:26
Original commit files touched by this commit  7.6.p1_3,1
Revision:452358
bdrewery search for other commits by this committer
LibreSSL + LDNS: Fix random crashes.

This happens due to ldns-config --libs adding in too many libraries
(overlinking), and -lcrypto again, which causes some strange
conflict/corruption.  By specifying the path to --with-ldns, configure only
adds in -ldns rather than every library ldns itself needs.

PR:		223000
Reported by:	many
16 Oct 2017 07:26:09
Original commit files touched by this commit  7.6.p1_2,1
Revision:452177
koobs search for other commits by this committer
security/openssh-portable: Remove groff dependency

An unconditional dependency on groff was added in ports r441907 [1] as part
of bug 213725 (groff removal from base). OpenSSH release-5.7 notes the
following:

 * Use mandoc as preferred manpage formatter if it is present, followed
   by nroff and groff respectively.

This change removes groff as an unconditional dependency allowing mandoc
to be used, and reduces many subsequence dependencies accordingly.

It additionally explicitly sets 'mantype', which ensures that man pages
are installed in the same location (LOCALBASE/man) independently from the
generator used. Without this, a packaging (pkg-plist) error is observed
(installing man pages into LOCALBASE/doc not LOCALBASE/man), which was
presumably the genesis of the groff dependency addition in the first place.

[1] http://svnweb.freebsd.org/changeset/ports/441907

Reviewed by:		bdrewery (maintainer), allanjude
Approved by:		bdrewery (maintainer)
Differential Revision:	D11793
14 Oct 2017 18:09:35
Original commit files touched by this commit  7.6.p1_1,1
Revision:452074
bdrewery search for other commits by this committer
Mark broken with libressl as it has several random crashses.

PR:		223000
13 Oct 2017 23:27:20
Original commit files touched by this commit  7.6.p1_1,1
Revision:452035
bdrewery search for other commits by this committer
Bring in upstream fix for PermitOpen from commit 7c9613fac337
12 Oct 2017 19:40:58
Original commit files touched by this commit  7.6.p1,1
Revision:451927
bdrewery search for other commits by this committer
Update to 7.6p1

- Update x509 patch to 11.0
- HPN/NONECIPHER do not apply currently and are disabled by default,
  same as the base sshd.  A compatibility patch is applied if
  these options are disabled to prevent startup failures; the options
  are kept as deprecated.
- SCTP patch does not apply.

Changes: https://www.openssh.com/txt/release-7.6

Notable changes:
  - SSH version 1 support dropped.
  - Dropped support for hmac-ripemd160 MAC.
  - Dropped support for the ciphers arcfour, blowfish and CAST.
  - RSA keys less than 1024 bits are refused.
09 Jun 2017 14:44:19
Original commit files touched by this commit  7.5.p1_1,1
Revision:442999
bdrewery search for other commits by this committer
Fix LDNS detection.

This is the same fix made upstream as well.

PR:		218472
Submitted by:	leres@ee.lbl.gov
MFH:		2017Q2
28 May 2017 10:58:00
Original commit files touched by this commit  7.5.p1,1
Revision:441907
antoine search for other commits by this committer
Register dependency on groff

PR:		213725
27 Apr 2017 12:14:37
Original commit files touched by this commit  7.5.p1,1
Revision:439541
mat search for other commits by this committer
Mark those as not building with openssl-devel.

Sponsored by:	Absolight
01 Apr 2017 01:59:25
Original commit files touched by this commit  7.5.p1,1
Revision:437391
bdrewery search for other commits by this committer
- Update to 7.5p1.
- Update X509 to 10.1.
- Disable KERB_GSSAPI for now as it does not build.

Changes: https://www.openssh.com/txt/release-7.5
20 Mar 2017 18:16:43
Original commit files touched by this commit  7.4.p1_1,1
Revision:436555
bdrewery search for other commits by this committer
- Change USE_AUTOTOOLS to USES= autoreconf
- Change @exec to @postexec in pkg-plist

Submitted by:	brnrd
PR:		217962
15 Mar 2017 14:45:31
Original commit files touched by this commit  7.4.p1_1,1
Revision:436247
mat search for other commits by this committer
Remove all USE_OPENSSL occurrences.

Sponsored by:	Absolight
03 Mar 2017 04:12:21
Original commit files touched by this commit  7.4.p1_1,1
Revision:435306
miwi search for other commits by this committer
- Chase ldns shlip bump

PR:		217495
17 Jan 2017 19:38:38
Original commit files touched by this commit  7.4.p1,1
Revision:431773
bdrewery search for other commits by this committer
Fix build with NONE_CIPHER.
16 Jan 2017 19:30:31
Original commit files touched by this commit  7.4.p1,1
Revision:431698
bdrewery search for other commits by this committer
Update to 7.4p1.

- Update X509 patch to 9.3
- SCTP patch from soralx@cydem.org

Changes: https://www.openssh.com/txt/release-7.4
13 Jan 2017 23:44:24
Original commit files touched by this commit  7.3.p1_5,1
Revision:431448
bdrewery search for other commits by this committer
Fix to only enable SCTP patch with option from r431441
13 Jan 2017 23:39:48
Original commit files touched by this commit  7.3.p1_4,1
Revision:431445 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Add forgotten patch in r431438 for CVE-2016-10009 and CVE-2016-10010.

Security:	2c948527-d823-11e6-9171-14dae9d210b8
Submitted by:	Tim Zingelman <zingelman@gmail.com>
MFH:		2017Q1
13 Jan 2017 23:28:54
Original commit files touched by this commit  7.3.p1_3,1
Revision:431441 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Add working SCTP patch.

This has 2 minor changes from the upstream bug 1604

PR:		215632
Submitted by:	soralx@cydem.org
13 Jan 2017 23:23:36
Original commit files touched by this commit  7.3.p1_2,1
Revision:431438 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Add patches to cover security issues CVE-2016-10009 and CVE-2016-10010.

Security:	2c948527-d823-11e6-9171-14dae9d210b8
Submitted by:	Tim Zingelman <zingelman@gmail.com>
MFH:		2017Q1
24 Oct 2016 22:52:17
Original commit files touched by this commit  7.3.p1_1,1
Revision:424592 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Bring in upstream commit ec165c392ca54317dbe3064a8c200de6531e89ad:
  Unregister the KEXINIT handler after message has been
  received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
  allocation of up to 128MB -- until the connection is closed. Reported by
  shilei-c at 360.cn

Security:	CVE-2016-8858
08 Aug 2016 19:22:37
Original commit files touched by this commit  7.3.p1,1
Revision:419892 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 7.3p1
- X509: Unbreak and update to 9.0
- SCTP: Mark BROKEN
- KERB_GSSAPI: Unbreak and update from Debian's patch

Release notes: http://www.openssh.com/txt/release-7.3
19 May 2016 11:09:14
Original commit files touched by this commit  7.2.p2,1
Revision:415503 This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
- Fix trailing whitespace in pkg-messages

Approved by:	portmgr blanket
19 May 2016 10:53:06
Original commit files touched by this commit  7.2.p2,1
Revision:415500 This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
- Fix trailing whitespace in pkg-descrs, categories [p-x]*

Approved by:	portmgr blanket
16 May 2016 16:56:48
Original commit files touched by this commit  7.2.p2,1
Revision:415340 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Bring in updated SCTP patch from gentoo.

Submitted by:	Eduardo Morras <emorrasg@yahoo.es>
01 Apr 2016 14:25:18
Original commit files touched by this commit  7.2.p2,1
Revision:412349 This port version is marked as vulnerable.
mat search for other commits by this committer
Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight
11 Mar 2016 22:49:26
Original commit files touched by this commit  7.2.p2,1
Revision:410844 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 7.2p2 which fixes X11Forwarding command injection vulnerability.

Changelog:	http://www.openssh.com/txt/release-7.2p2
Advisory:	http://www.openssh.com/txt/x11fwd.adv
29 Feb 2016 18:36:58
Original commit files touched by this commit  7.2.p1,1
Revision:409823 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 7.2p1
- Mark X509 and KERB_GSSAPI as BROKEN.

Changelog: http://www.openssh.com/txt/release-7.2

With help from:	brnrd
03 Feb 2016 22:15:12
Original commit files touched by this commit  7.1.p2,1
Revision:407996 This port version is marked as vulnerable.
marino search for other commits by this committer
x11/xterm: document ncurses requirement (USES+=ncurses)

also link to libncurses rather than libcurses

approved by:	infrastructure blanket
20 Jan 2016 02:18:42
Original commit files touched by this commit  7.1.p2,1
Revision:406725 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix the KERB_GSSAPI option using the latest patch from Debian.

This slightly refactors some of the HPN patch to avoid a conflict.

PR:		206346
Submitted by:	Garret Wollman
14 Jan 2016 16:41:45
Original commit files touched by this commit  7.1.p2,1
Revision:406123 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update to 7.1p2

Changes: http://www.openssh.com/txt/release-7.1p2

MFH:		2016Q1
Security:	CVE-2016-0777
Security:	CVE-2016-0778
11 Nov 2015 21:21:45
Original commit files touched by this commit  7.1.p1_4,1
Revision:401299 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Make portlint stop spamming me.  It's gotten quite silly.

There's no reason to regenerate these for the sake of having 'UTC' in the patch
and it also considers patches with comments to be invalid.

WARN: /root/svn/ports/security/openssh-portable/files/patch-auth.c: patch was
not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-auth2.c: patch was
not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-readconf.c: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN:
/root/svn/ports/security/openssh-portable/files/patch-regress__test-exec.sh:
patch was not generated using ``make makepatch''.  It is recommended to use
``make makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-servconf.c: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-session.c: patch was
not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.1: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.c: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh.c: patch was not
generated using ``make makepatch''.  It is recommended to use ``make makepatch''
when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config.5: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshconnect.c: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.8: patch was
not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.c: patch was
not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config.5: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
11 Nov 2015 21:04:48
Original commit files touched by this commit  7.1.p1_4,1
Revision:401298 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix the NONECIPHER not actually being offered by the server.

Upstream issue: https://github.com/rapier1/openssh-portable/issues/3
11 Nov 2015 18:04:40
Original commit files touched by this commit  7.1.p1_3,1
Revision:401289 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update advice to disable ChallengeResponseAuthentication for key usage.

PR:		204475
Reported by:	Mark.Martinec@ijs.si
15 Oct 2015 14:55:14
Original commit files touched by this commit  7.1.p1_2,1
Revision:399346  Sanity Test Failure This port version is marked as vulnerable.
mat search for other commits by this committer
Drop 8 support.

With hat:	portmgr
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D3694
24 Sep 2015 21:54:40
Original commit files touched by this commit  7.1.p1_2,1
Revision:397771 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Stop trying to create the RSA protocol 1 key from the rc.d file.  It is no
longer supported by default since 7.0. [1]

I do plan to make this configurable based on PR 202169 [2] soon.

PR:		202792 [1]
PR:		202169 [2]
Submitted by:	chrysalis@chrysalisnet.org [1]
16 Sep 2015 13:03:46
Original commit files touched by this commit  7.1.p1_1,1
Revision:397064 This port version is marked as vulnerable.
mat search for other commits by this committer
It seems some people keep adding $FreeBSD$ to patch files.

Patches must not be changed by the vcs, this includes the
svn:keyword expansion.  Set fbsd:nokeywords to a couple of patches.

With hat:	portmgr
Sponsored by:	Absolight
25 Aug 2015 03:59:54
Original commit files touched by this commit  7.1.p1_1,1
Revision:395214 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix patch from r395182 on head. The patch(1) command works fine on 8.4
and 9.3 but not head with this patch.
24 Aug 2015 18:51:08
Original commit files touched by this commit  7.1.p1_1,1
Revision:395182 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Apply upstream fix for 'HostkeyAlgorithms +' support.
21 Aug 2015 21:51:01
Original commit files touched by this commit  7.1.p1,1
Revision:394995 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update to 7.1p1

Changes: http://www.openssh.com/txt/release-7.1
18 Aug 2015 15:42:52
Original commit files touched by this commit  7.0.p1,1
Revision:394608 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to OpenSSH 7.0p1
- Update X509 patch to 8.5

Changes: http://www.openssh.com/txt/release-7.0
27 Jul 2015 18:47:56
Original commit files touched by this commit  6.9.p1_2,1
Revision:393004 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Add upstream fix to address CVE-2015-5600 for MaxAuthTries bypass.

Security:	5b74a5bc-348f-11e5-ba05-c80aa9043978
27 Jul 2015 18:41:02
Original commit files touched by this commit  6.9.p1_1,1
Revision:393002 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix accidental revert of PermitRootLogin default to NO.

This was due to the patch not being needed in the snapshot version
which I based the 6.9 update off of. The default is changed in
the upcoming 7.0 release
27 Jul 2015 18:30:25
Original commit files touched by this commit  6.9.p1,1
Revision:392998 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 6.9p1
- Update X509 patch to 8.4

Changes:	http://www.openssh.com/txt/release-6.9
24 Jul 2015 17:01:58
Original commit files touched by this commit  6.8.p1_8,1
Revision:392830 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Use new USES=libedit
24 Jun 2015 19:35:58
Original commit files touched by this commit  6.8.p1_8,1
Revision:390514 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Support changed ETCDIR in pkg-plist
24 Jun 2015 18:38:00
Original commit files touched by this commit  6.8.p1_7,1
Revision:390512 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Allow user overriding ETCDIR
02 Jun 2015 15:00:44
Original commit files touched by this commit  6.8.p1_7,1
Revision:388363 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Add openssh-portable-devel which is based on the upstream snapshots for staging
and testing.

Its initial version is 20150602 which is nearly the upcoming 6.9 version.
22 May 2015 20:34:29
Original commit files touched by this commit  6.8.p1_7,1
Revision:387082 This port version is marked as vulnerable.
mat search for other commits by this committer
Remove $FreeBSD$ from patches files everywhere.

With hat:	portmgr
Sponsored by:	Absolight
16 May 2015 16:28:40
Original commit files touched by this commit  6.8.p1_7,1
Revision:386554 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Avoid a potential read overflow. This was not deemed a security issue by
upstream; it was fixed upstream comprehensively a few weeks ago in
77199d6ec8986d470487e66f8ea8f4cf43d2e20c.

PR:		200241
Patch by:	Hanno Bock <hanno@hboeck.de>
Obtained from:	http://www.openwall.com/lists/oss-security/2015/05/16/3
14 May 2015 10:15:09
Original commit files touched by this commit  6.8.p1_6,1
Revision:386312 This port version is marked as vulnerable.
mat search for other commits by this committer
MASTER_SITES cleanup.

- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
  of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
  no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.

While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.

Also, replace some EXTRACT_SUFX occurences with USES=tar:*.

Checked by:	make fetch-urlall-list
With hat:	portmgr
Sponsored by:	Absolight
06 May 2015 18:39:41
Original commit files touched by this commit  6.8.p1_6,1
Revision:385541 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix clients getting 'Bad packet length' and 'Disconnecting: Packet corrupt'
when the NONECIPHER option is selected but not the HPN option.  The server
banner was improperly sending a NULL byte after the newline causing confusion
on the client.  This was an error in my own modifications to the HPN patch
in r383231.

This may have occurred with stale builds as well, such as running
'make configure' then 'portsnap update' and then 'make build'.

Pointyhat to:	bdrewery
Reported by:	many
PR:		199352
14 Apr 2015 16:42:25
Original commit files touched by this commit  6.8.p1_5,1
Revision:384006 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Replace the TTSH patch from r383618 with the one that upstream took.

Obtained from upstream d8f391caef623
09 Apr 2015 20:57:24
Original commit files touched by this commit  6.8.p1_4,1
Revision:383678 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Cleanup some unneeded patches.

1. There's no need to patch the xauth(1) location as the OpenSSH build already
   does so based on the --with-xauth path provided. It also updates manpages.
2. Don't modify manpage for shosts location as it was wrong. The proper
   LOCALBASE path is now used due to OpenSSH's build already handling it
   properly.
3. Remove confusing UsePrivilegeSeparation change in sshd_config. The default
   upstream is to have it disabled by default. The sshd_config line is in
   upstream to enable it by default in new installations. We always enable
   it though. So remove the sshd_config change which makes it look like
   we don't use it; it was not a needed difference with upstream.

From discussion with:	TJ <tj@mrsk.me>
09 Apr 2015 20:19:18
Original commit files touched by this commit  6.8.p1_3,1
Revision:383675 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Limit the TTSSH bug fix in r383618 to only versions that have it.

Submitted by:	IWAMOTO Kouichi <sue@iwmt.org>
09 Apr 2015 02:33:47
Original commit files touched by this commit  6.8.p1_2,1
Revision:383618 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix TTSSH (Tera Type/Term) client crash:

  Unexpected SSH2 message(80) on current stage(6)

This patch was submitted upstream. The client has fixed it in their SVN [1][2]
but not yet released a fixed build.

[1] http://en.sourceforge.jp/ticket/browse.php?group_id=1412&tid=35010
[2] http://en.sourceforge.jp/projects/ttssh2/scm/svn/commits/5829
09 Apr 2015 01:49:10
Original commit files touched by this commit  6.8.p1_1,1
Revision:383616 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Remove debugging leftover in release.

  error: mm_request_receive: socket closed

Obtained from:	Upstream c7fe79ed7db427f1474e72b9f8b465901d61d3f6
04 Apr 2015 17:16:59
Original commit files touched by this commit  6.8.p1,1
Revision:383231 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 6.8p1
- Fix 'make test'
- HPN:
  - NONECIPHER is no longer default. This is not default in base and should not
    be default here as it introduces security holes.
  - HPN: I've audited the patch and included it in the port directory for
    transparency. I identified several bugs and submitted them to the new
    upstream: https://github.com/rapier1/openssh-portable/pull/2
  - HPN: The entire patch is now ifdef'd to ensure various bits are properly
    removed depending on the OPTIONS selected.
  - AES_THREADED is removed. It has questionable benefit on modern HW and is not
    stable.
  - The "enhanced logging" was removed from the patch as it is too
    intrusive and difficult to maintain in the port.
  - The progress meter "peak throughput" patch was removed.
  - Fixed HPN version showing in client/server version string when HPN
    was disabled in the config.
- KERB_GSSAPI is currently BROKEN as it does not apply.
- Update X509 to 8.3

Changelog: http://www.openssh.com/txt/release-6.8
02 Apr 2015 02:22:00
Original commit files touched by this commit  6.7.p1_5,1
Revision:382980 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Remove unused variable PRECIOUS
01 Apr 2015 01:04:23
Original commit files touched by this commit  6.7.p1_5,1
Revision:382887 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Make the check added in 2013 in r330200 for a bad ECDSA key actually work.
31 Mar 2015 19:07:26
Original commit files touched by this commit  6.7.p1_4,1
Revision:382859 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Remove useless IGNORE for TCP_WRAPPERS and PAM.

TCP_WRAPPERS: /usr/include/tcpd.h is always installed by the base system.
              It is only libwrap.so that is conditional on WITH_TCP_WRAPPERS.

PAM:          /usr/include/security/pam_modules.h is always installed.

This fixes FreshPorts claiming this port is ignored.
29 Mar 2015 04:17:54
Original commit files touched by this commit  6.7.p1_4,1
Revision:382566 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Make the VersionAddendum fix use the proper default.

Once I ran into the X509 issue previously I failed to retest that the patch
worked.

PR:		193127
25 Mar 2015 08:30:28
Original commit files touched by this commit  6.7.p1_3,1
Revision:382200 This port version is marked as vulnerable.
marino search for other commits by this committer
security category: Remove $PTHREAD_LIBS

approved by:	PTHREAD blanket
23 Mar 2015 04:23:09
Original commit files touched by this commit  6.7.p1_3,1
Revision:381981 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Stop forcing the port version string into the server banner.

The port now uses VersionAddendum in the sshd_config to allow overriding
this value. Using "none" allows disabling the default of the port
version string. The default is kept to show the port version string to
remain close to the base version.

Support for the client VersionAddendum may be added soon as well to better
match base and not give surprises when switching from base to the port.

PR:		193127
Requested by:	many, including myself when this was broken years ago.
21 Mar 2015 19:28:41
Original commit files touched by this commit  6.7.p1_2,1
Revision:381823 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix incorrect reference to ETCSSH from r381709
20 Mar 2015 07:07:27
Original commit files touched by this commit  6.7.p1_1,1
Revision:381712 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Set proper ETCDIR. Mistake in r381709
20 Mar 2015 02:43:44
Original commit files touched by this commit  6.7.p1_1,1
Revision:381709 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Remove remnants of OVERWRITE_BASE which was removed in r376306
05 Jan 2015 23:21:28
Original commit files touched by this commit  6.7.p1_1,1
Revision:376373 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix application of GSSAPI patch when using HPN. It applies fine if done after
HPN.

Reported by:	gwollman
05 Jan 2015 16:13:20
Original commit files touched by this commit  6.7.p1_1,1
Revision:376306 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Mark OVERWRITE_BASE as IGNORE.

Keep it as an option as otherwise the user won't be notified that
their configuration is wrong and it will just install to PREFIX
instead, which would be surprising.
17 Dec 2014 02:34:44
Original commit files touched by this commit  6.7.p1_1,1
Revision:374833 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix HPN patches for 6.7p1
- Add back HPN and NONECIPHER for the default options and bump PORTREVISION
  due to this.
16 Dec 2014 21:44:12
Original commit files touched by this commit  6.7.p1,1
Revision:374825 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Unbreak KERB_GSSAPI option by using Debian's patch.

  I am serving the patch exactly as-is from their site. Obtained from:
 
http://sources.debian.net/data/main/o/openssh/1:6.7p1-3/debian/patches/gssapi.patch
16 Dec 2014 21:29:04
Original commit files touched by this commit  6.7.p1,1
Revision:374823 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Unmark X509 option as BROKEN after fixed in r374821
16 Dec 2014 20:14:05
Original commit files touched by this commit  6.7.p1,1
Revision:374821 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update X509 patch to 8.2 which now supports OpenSSH 6.7p1
  No PORTREVISION bump since it was BROKEN before with X509.
17 Nov 2014 18:08:15
Original commit files touched by this commit  6.7.p1,1
Revision:372676 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 6.7p1.

  Several patches do not currently apply. Use security/openssh-portable66 for:
  HPN, NONECIPHER, KERB_GSSAPI, X509.

- Add a TCP_WRAPPER patch to re-enable support after it was removed upstream.
20 Oct 2014 10:09:20
Original commit files touched by this commit  6.6.p1_4,1
Revision:371252 This port version is marked as vulnerable.
marino search for other commits by this committer
Add USES=alias to several ports

Alias is a new USES tool that allows DragonFly to masquerade as FreeBSD
by setting CFLAGS+= -D__FreeBSD__.  For some ports, this fixes the build
without the need for additional patches.

Approved by:	portmgr (bapt, blanket)
07 Oct 2014 00:48:25
Original commit files touched by this commit  6.6.p1_4,1
Revision:370264 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Note my intentions with OVERWRITE_BASE
03 Oct 2014 19:31:07
Original commit files touched by this commit  6.6.p1_4,1
Revision:369933 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Mark OVERWRITE_BASE and security/openssh-portable-base as DEPRECATED.
  These will be removed on January 1 2015.

  Really ports should not be touching the base system at all.

  This option is a big foot-shoot problem:

  1. Recent versions of FreeBSD such as 9.3, 10.0, 10.1+, now remove all ssh
     files from /usr if you 'make delete-old' with WITHOUT_SSH. This results in
     removing the overwrite base files.
  2. Uninstalling the package leaves the system with no ssh.
  3. Running installworld without WITHOUT_SSH results in overwriting the
     package, or giving false-positive 'pkg check -s' errors.
  4. The port fails to pass QA checks because it removes system files.
03 Oct 2014 19:23:03
Original commit files touched by this commit  6.6.p1_4,1
Revision:369931 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Support multiple ListenAddress ports

Reported by:	rustamabd@gmail.com
24 Jul 2014 18:34:16
Original commit files touched by this commit  6.6.p1_3,1
Revision:362835 This port version is marked as vulnerable.
tijl search for other commits by this committer
net/openldap24-*:
- Convert to USES=libtool and bump dependent ports
- Avoid USE_AUTOTOOLS
- Don't use PTHREAD_LIBS
- Use MAKE_CMD

databases/glom:
- Drop :keepla
- Add INSTALL_TARGET=install-strip

databases/libgda4* databases/libgda5*:
- Convert to USES=libtool and bump dependent ports
- USES=tar:xz
- Use INSTALL_TARGET=install-strip
- Use @sample
(Only the first 15 lines of the commit message are shown above View all of this commit message)
24 Apr 2014 01:54:58
Original commit files touched by this commit  6.6.p1_2,1
Revision:351982 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to "6.6.1" [1]
- Switch to using @sample keyword, fixing orphans.

Upstream note on "6.6.1" [1]:

  OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519
  key exchange incorrectly, causing connection failures about 0.2% of
  the time when this method is used against a peer that implements
  the method properly.

  Fix the problem and disable the curve25519 KEX when speaking to
  OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
  to enable the compatability code.

[1] https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032494.html
24 Apr 2014 01:04:52
Original commit files touched by this commit  6.6.p1_1,1
Revision:351981 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix minor plist issues from check-plist
11 Apr 2014 03:38:16
Original commit files touched by this commit  6.6.p1_1,1
Revision:350880 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update GSS API Key Exchange patch with working version.

PR:		ports/183006
Submitted by:	Garrett Wollman (via email)
Tested by:	Garrett Wollman
16 Mar 2014 17:35:33
Original commit files touched by this commit  6.6.p1,1
Revision:348420 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 6.6
- Capsicum patch no longer needed
- Update X509 patch to 7.9

Changelog: http://www.openssh.org/txt/release-6.6
02 Mar 2014 08:43:41
Original commit files touched by this commit  6.5.p1_1,1
Revision:346742 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix build with HEIMBAL_BASE

PR:		ports/186830
Reported by:	Robert Simmons <rsimmons0@gmail.com>
05 Feb 2014 03:06:08
Original commit files touched by this commit  6.5.p1_1,1
Revision:342628 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix RC script

Pointyhat to:	bdrewery
Reported by:	Kenta S. <kentas@hush.com>
05 Feb 2014 01:40:46
Original commit files touched by this commit  6.5.p1,1
Revision:342618 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 6.5
  ChangeLog: http://www.openssh.org/txt/release-6.5

- Update X509 patch to 7.8
- Update LIB_DEPENDS to new format
- Revert r328706 and re-enable privilege separation sandboxing by default
  as the issue causing crashes has been fixed upstream
- capsicum(4) is now enabled upstream. A local patch is added to fix an issue
  with it [1]
- KERB_GSSAPI is marked BROKEN. It does not build.
  This patch lacks an upstream and I have no way to test it. It needs
  a non-trivial amount of refactoring for 6.5 as the key handling API
  has changed quite a bit.

Submitted by:	pjd@ [1]
02 Feb 2014 15:47:08
Original commit files touched by this commit  6.4.p1,1
Revision:342318 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- License is all of BSD2,BSD3,MIT,public domain,BSD-Style,BEER-WARE,
  "any purpose with notice intact",ISC-Style. The framework does not
  support such a case easily.
  See http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/LICENCE?rev=HEAD
12 Nov 2013 15:35:03
Original commit files touched by this commit  6.4.p1,1
Revision:333580 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix packaging when not using HPN patches

PR:		ports/183895
Reported by:	mat
08 Nov 2013 12:41:44
Original commit files touched by this commit  6.4.p1,1
Revision:333215 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 6.4p1

This release fixes a security bug:

 * sshd(8): fix a memory corruption problem triggered during rekeying
   when an AES-GCM cipher is selected. Full details of the vulnerability
   are available at: http://www.openssh.com/txt/gcmrekey.adv

Security:	http://www.openssh.com/txt/gcmrekey.adv
13 Oct 2013 02:20:07
Original commit files touched by this commit  6.3.p1,1
Revision:330200 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 6.3p1
  Changelog: http://www.openssh.org/txt/release-6.3
- Use options helpers where possible
- Use upstream patch mirror for x509 and HPN
- Update HPN patch to v14 and use upstream version
- Add option NONECIPHER to allow disabling NONE in HPN patch
- Update x509 patch from 7.4.1 to 7.6
- Add support for LDNS and enable by it and VerifyHostKeyDNS/SSHFP by default.
  See
http://lists.freebsd.org/pipermail/freebsd-security/2013-September/007180.html
  which describes this change, but is supported on releases before 10 as well
  with LDNS option.
- Update SCTP to patchlevel 2329
- Update recommendation on secure usage of SSH
- Add pkg-message warning about ECDSA key possibly being incorrect due to
  previously being written as DSA by the rc script and fixed in r299902 in
  2012
07 Oct 2013 10:41:10
Original commit files touched by this commit  6.2.p2_5,1
Revision:329681 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Now that :DEFAULT can be used in PATCH_SITES (fixed in 329679),
  depend on the upstream mirror for the x509 patch and my mirror
  as a fallback
06 Oct 2013 17:24:26
Original commit files touched by this commit  6.2.p2_5,1
Revision:329605 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Remove useless -c flag
03 Oct 2013 23:45:27
Original commit files touched by this commit  6.2.p2_5,1
Revision:329250 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Perl has not been needed as a direct dependency since 6.0
03 Oct 2013 22:38:57
Original commit files touched by this commit  6.2.p2_5,1
Revision:329246 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix KERB_GSSAPI incorrectly using a predictable cache file.
  This was due to a mistake in r319062 when porting the patch from 5.8 to 6.2

  There is no active upstream for this patch. For reference here are the
  changes made in the patch:

  --- -	2013-10-03 11:07:21.262913573 -0500
  +++ /tmp/zdiff.XXXXXXXXXX.STScEeSI	2013-10-03 11:07:21.000000000 -0500
  @@ -183,7 +183,7 @@
	  if (ret < 0 || (size_t)ret >= sizeof(ccname))
		  return ENOMEM;

  -+#ifdef USE_CCAPI
  ++#ifndef USE_CCAPI
	  old_umask = umask(0177);
	  tmpfd = mkstemp(ccname + strlen("FILE:"));
	  oerrno = errno;

PR:		ports/180419
Reported by:	Garrett Wollman <wollman@khavrinen.csail.mit.edu>
03 Oct 2013 13:36:40
Original commit files touched by this commit  6.2.p2_4,1
Revision:329189 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Mark IGNORE if KERB_GSSAPI incorrectly selected
03 Oct 2013 13:31:42
Original commit files touched by this commit  6.2.p2_4,1
Revision:329185 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Cleanup patch-readconf.c to only have 1 diff
03 Oct 2013 12:57:47
Original commit files touched by this commit  6.2.p2_4,1
Revision:329176 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update descriptions to match current conventions
29 Sep 2013 15:07:15
Original commit files touched by this commit  6.2.p2_4,1
Revision:328706 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Copy base r251088 over (which removes a patch) and disable default sandbox
  privilege separation as it causes crashes when using AES crypto devices.
  This now uses 'yes' for UsePrivilegeSeparation instead of 'sandbox' by
  default

Reminded by:	Garrett Wollman
29 Sep 2013 14:54:20
Original commit files touched by this commit  6.2.p2_3,1
Revision:328704 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix sshd.8 referring to LOCALBASE with OVERWRITE_BASE
29 Sep 2013 14:53:42
Original commit files touched by this commit  6.2.p2_3,1
Revision:328703 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Don't extract mtree with OVERWRITE_BASE
29 Sep 2013 14:51:30
Original commit files touched by this commit  6.2.p2_3,1
Revision:328701 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Convert to stagedir
20 Sep 2013 15:58:09
Original commit files touched by this commit  6.2.p2_3,1
Revision:327710 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Add NO_STAGE until validated to be safe for upcoming staging support

Number of commits found: 311 (showing only 100 on this page)

1 | 2 | 3 | 4  »  

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
opensslNov 02
openssl-develNov 02
wordpressNov 01
php56Oct 30
php70Oct 30
php71Oct 30
wiresharkOct 30
chromiumOct 28
wgetOct 27
wgetOct 27
openoffice-4*Oct 26
openoffice-devel*Oct 26
gitlabOct 25
nodeOct 25
node4Oct 25

No vulnerabilities have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 31892
Broken 125
Deprecated 46
Ignore 361
Forbidden 0
Restricted 173
No CDROM 78
Vulnerable 48
Expired 11
Set to expire 38
Interactive 0
new 24 hours 6
new 48 hours15
new 7 days124
new fortnight3279
new month3477

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2017 Dan Langille. All rights reserved.