notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Ukraine
non port: security/openssh-portable/Makefile
SVNWeb

Number of commits found: 325 (showing only 100 on this page)

1 | 2 | 3 | 4  »  

Mon, 7 Mar 2022
[ 23:02 Bryan Drewery (bdrewery) search for other commits by this committer ]    commit hash:a12058fae3bb09a1aba41d24383b6f1d93f2b330  a12058f 
security/openssh-portable: Again fix procctl(2) usage

The 8.9p1 update was supposed to have a fix for incorrect
use of procctl(2) but was left out for some reason. A wrong
assumption missed keeping it in ae66cffc19f357cbd5.

PR:          262352
[ 23:02 Bryan Drewery (bdrewery) search for other commits by this committer ]    commit hash:21cedc6ee57bc9321c9cb5ebe21bdf2c4bc154ee  21cedc6 
security/openssh-portable: Add comment in openssh.in about host keys

Commit ae66cffc19f added some rc vars to allow disabling host keys.
The naming caused some confusion. Attempt to address that with a
comment since these are not documented anywhere else.

PR:	        202169
[ 22:46 Bryan Drewery (bdrewery) search for other commits by this committer ]    commit hash:df3a937145b1bef1b3c08515dc6619b12654415f  df3a937 
security/openssh-portable: Fix fetching gssapi patch

- Mirror it
- Update to latest Debian location
Thu, 3 Mar 2022
[ 19:59 Bryan Drewery (bdrewery) search for other commits by this committer Author: Andrew Fyfe ]    commit hash:418bb1fbd26b1b66b71096b364b0ee10477541b7  418bb1f 
security/openssh-portable: fix docs when built without PAM support

The defaults documented in sshd_config and sshd_config.5 are incorrect
if OpenSSH was built without PAM support and can be misleading to the
user whether or not password authentication is enabled.

- Moved PAM specific changes out of patch-sshd_config and into
  extra-patch-pam-sshd_config
- sshd_config.5 PasswordAuthentication: added a new line before the note
  to make it easier to read.
- sshd_config.5 UsePAM: noted the default value depends on whether
  sshd was built with or without PAM support.

PR:		261342
[ 19:25 Bryan Drewery (bdrewery) search for other commits by this committer ]    commit hash:ad60ad3528afdeafa5eb9a13a70fea04a0565b0c  ad60ad3 
security/openssh-portable: Fix subtle rc script problem.

Invoking 'run_rc_command' taints '$rc_var' with 'keygen' which blocks further
processing for something like openssh_oomprotect.  Note that openssh_oomprotect
is broken in rc.subr until it learns to read a pidfile.
[ 19:25 Bryan Drewery (bdrewery) search for other commits by this committer ]    commit hash:ae66cffc19f357cbd51d5841c9b110a9ffd63e32  ae66cff 
security/openssh-portable: Update to 8.9p1

- Unbreak GSSAPI [1]
- rc.d/openssh: Allow modifying host key generation [2]

Changes: https://www.openssh.com/txt/release-8.9
PR:     	259909 [1]
PR:		202169 [2]
Submitted by:	Rick Miller [1]
Submitted by:	Chad Jacob Milios [2]
Thu, 25 Nov 2021
[ 21:40 Stefan E├čer (se) search for other commits by this committer ]    commit hash:04b9da414081a733478d3def4e1e3777908536c6  04b9da4  (Only the first 10 of 188 ports in this commit are shown above. View all ports for this commit)
*/*: Remove redundant '-*' from CONFLICTS definitions

The conflict checks compare the patterns first against the package
names without version (as reported by "pkg query "%n"), then - if
there was no match - agsinst the full package names including the
version (as reported by "pkg query "%n-%v").

Approved by: portmgr (blanket)
Sat, 16 Oct 2021
[ 03:58 Bryan Drewery (bdrewery) search for other commits by this committer ]    commit hash:02dbfbc67645e88e9865f2885b124da170688c33  02dbfbc 
security/openssh-portable: libfido fix went in 505373243
Fri, 15 Oct 2021
[ 17:10 Bryan Drewery (bdrewery) search for other commits by this committer ]    commit hash:f4a5ae5fd8ee4948c8b7d1c9bfd0e07d33a8aa18  f4a5ae5 
security/openssh-portable: Fix sftp crash

This fixes an error trying to disabling process tracing.

It has been sent upstream.

PR:		259174
Submitted by:	mike at sentex dot net
Tue, 12 Oct 2021
[ 18:06 Bryan Drewery (bdrewery) search for other commits by this committer ]    commit hash:384966798240c189323385c19fed055d686be27a  3849667 
security/openssh-portable: Update to 8.8p1

Changelog:	https://www.openssh.com/txt/release-8.8
Security:	CVE-2021-41617
Mon, 27 Sep 2021
[ 22:42 Bryan Drewery (bdrewery) search for other commits by this committer ]    commit hash:fd74bc8eb2fed86275167e58e9349045c6bbbaa4  fd74bc8 
security/openssh-portable: Fix default ssh-askpass path

Reported by:	Piotr Smyrak
Fri, 10 Sep 2021
[ 21:17 Bernhard Froehlich (decke) search for other commits by this committer ]    commit hash:44052bec2c67ce32ff3f8936ecde9870aaa6d8be  44052be 
security/openssh-portable: Add CPE information

Approved by:	portmgr (blanket)
Thu, 9 Sep 2021
[ 19:09 Bryan Drewery (bdrewery) search for other commits by this committer ]    commit hash:a981593ecc06f124506f481e5dd0eee9ea6a70f8  a981593 
security/openssh-portable: Update to 8.7p1.

Changes: https://www.openssh.com/txt/release-8.7
Thu, 29 Apr 2021
[ 16:05 Bryan Drewery (bdrewery) search for other commits by this committer ]    commit hash:de9fffcec89b58fb6f77b72a55975eccb01eb480  de9fffc  (Only the first 10 of 12 ports in this commit are shown above. View all ports for this commit)
security/openssh-portable: Update to 8.6p1

- gssapi is disabled for now.

Changes:
 - https://www.openssh.com/txt/release-8.5
 - https://www.openssh.com/txt/release-8.6

Submitted by:	Yasuhiro Kimura [earlier version][1]
PR:		254389 [1]
Tue, 6 Apr 2021
[ 14:31 Mathieu Arnold (mat) search for other commits by this committer ]    commit hash:305f148f482daf30dcf728039d03d019f88344eb  305f148  (Only the first 10 of 29333 ports in this commit are shown above. View all ports for this commit)
Remove # $FreeBSD$ from Makefiles.
Thu, 18 Mar 2021
[ 20:49 bdrewery search for other commits by this committer ] Original commit   Revision:568761
Add limited patch for CVE-2021-28041 from upstream.
Wed, 9 Dec 2020
[ 02:46 pkubaj search for other commits by this committer ] Original commit   Revision:557337
security/openssh-portable@gssapi: fix build on GCC architectures

gss-genr.c: In function 'ssh_gssapi_kex_mechs':
gss-genr.c:175:9: error: 'strncpy' specified bound depends on the length of the
source argument [-Werror=stringop-overflow=]
  175 |    cp = strncpy(s, kex, strlen(kex));
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Sun, 29 Nov 2020
[ 02:16 pkubaj search for other commits by this committer ] Original commit   Revision:556545
security/openssh-portable: fix build on GCC architectures

loginrec.c:763:2: error: 'strncpy' output may be truncated copying 32 bytes from
a string of length 511 [-Werror=stringop-truncation]
strncpy(utx->ut_user, li->username,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MIN_SIZEOF(utx->ut_user, li->username));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
loginrec.c: In function 'record_failed_login':
loginrec.c:1687:2: error: 'strncpy' specified bound 32 equals destination size
[-Werror=stringop-truncation]
strncpy(ut.ut_user, username, sizeof(ut.ut_user));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
loginrec.c:1696:2: error: 'strncpy' specified bound 256 equals destination size
[-Werror=stringop-truncation]
strncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
Tue, 24 Nov 2020
[ 20:46 bdrewery search for other commits by this committer ] Original commit   Revision:556185
- Fix KERB_GSSAPI build; missing prototypes for DH openssl-compat.

PR:		212151 (maybe)
Fri, 20 Nov 2020
[ 03:41 bdrewery search for other commits by this committer ] Original commit   Revision:555734
- Add pkg-config dependency which avoids some maintainer testing errors
  and also removes a few unneeded library links such as -lcurses.
- libfido2 package is broken with pkg-config and base ssl. Workaround this
  by not using pkg-config for that library for now.
- Add USES=localbase to simplify some options
- Make crypt(3) MD5 password support optional but still on-by-default.  The
  default in FreeBSD changed in 10.0 but that does not mean
- Enable -Werror
- Remove some old baggage from the port build
 o The zlib version check has not been needed for a while.
 o sshd.8 has not had %%PREFIX%% or %$RC_SCRIPT_NAME%% since 2011
   and is not worth more patches/complexity.
 o The strnvis(3) problem noted in r311891 was fixed in OpenSSH 7.4.
 o autoreconf is run so it makes no sense to patch configure for -ldes
 o --with-md5-passwords is not needed as our crypt(3) supports it
   natively.  This is only relevant without PAM.
Tue, 17 Nov 2020
[ 01:45 bdrewery search for other commits by this committer ] Original commit   Revision:555531
- Add blacklistd(8) support.
  This differs slightly from base as it uses the current NetBSD
  hook points.
  This is off-by-default as it needs testing and has issues that may cause
  crashes.  One such issue is the use of private bl_create() symbol from
  libblacklist.  It is also unclear if the hook points are sufficient
  or proper after the libssh refactoring in 8.x.

PR:		223628 (patch rewritten as it no longer applied)
Mon, 16 Nov 2020
[ 23:36 bdrewery search for other commits by this committer ] Original commit   Revision:555524
- Add and enable FIDO/U2F support for security keys by default.
  This feature came in 8.2, is enabled by default on OpenBSD,
  and suggested to be enabled by default for packages.
[ 22:25 bdrewery search for other commits by this committer ] Original commit   Revision:555518
- Slightly reduce diff with base
- No functional changes.

PR:		223010
Submitted by:	brnrd (earlier patch)
[ 19:39 bdrewery search for other commits by this committer ] Original commit   Revision:555512
- Update to 8.4p1 (skipped 8.3)

 - https://www.openssh.com/txt/release-8.3
 - https://www.openssh.com/txt/release-8.4

PR:		239807, 250319
Sponsored by:	Dell EMC
Thu, 12 Nov 2020
[ 10:51 0mp search for other commits by this committer ] Original commit   Revision:554948
security/openssh-portable: Set LICENSE

In the past, the ports framework did not support handling situations
where a port contained a multitude of licenses. In case of OpenSSH
the list is/was: BSD2, BSD3, MIT, public domain, BSD-Style, BEER-WARE,
"any purpose with notice intact", and ISC-Style.

Instead of having to keep track of all the involved licenses which all
are very similar, let's use LICENSE_PERMS.

I am not bumping PORTREVISION as it is not a vital change from the
perspective of package users.

Approved by:	bdrewery (maintainer)
Differential Revision:	https://reviews.freebsd.org/D27133
Sat, 7 Nov 2020
[ 14:46 0mp search for other commits by this committer ] Original commit   Revision:554395
Install the moduli file as a @sample

PR:		250559
Submitted by:	Michal "rysiek" Wozniak <rysiek % isnic.is>
Approved by:	maintainer timeout
[ 14:18 0mp search for other commits by this committer ] Original commit   Revision:554393
Fix a typo

Approved by:	portmgr blanket
Mon, 23 Mar 2020
[ 23:15 bdrewery search for other commits by this committer ] Original commit   Revision:529015
- Simplify and refactor login.conf environment handling.
[ 17:07 bdrewery search for other commits by this committer ] Original commit   Revision:528982
Remove long broken X509 patch.

Approved by:	portmgr (implicit)
[ 16:53 bdrewery search for other commits by this committer ] Original commit   Revision:528979
- Update to 8.2p1

Release notes: https://www.openssh.com/txt/release-8.2
Sun, 22 Dec 2019
[ 02:55 bdrewery search for other commits by this committer ] Original commit   Revision:520603
Update to 8.1p1

Changes: https://www.openssh.com/txt/release-8.1

Sponsored by:	Dell EMC
Wed, 9 Oct 2019
[ 12:20 bapt search for other commits by this committer ] Original commit   Revision:514144 (Only the first 10 of 20 ports in this commit are shown above. View all ports for this commit)
Drop the ipv6 virtual category for s* category as it is not relevant anymore
Mon, 2 Sep 2019
[ 21:23 swills search for other commits by this committer ] Original commit   Revision:510851
Bump PORTREVISION on ldns consumers

Shared lib version changed in update

Reported by:	sunpoet
Fri, 19 Jul 2019
[ 19:18 bdrewery search for other commits by this committer ] Original commit   Revision:506959
- Update gssapi patch for 8.0
- Rework how the gssapi patch is fetched/mirrored so we can fetch
  directly from debian.

PR:		239290
Submitted by:	david@dcrosstech.com (based on)
Tested by:	vrwmiller@gmail.com
Thu, 18 Jul 2019
[ 20:10 bdrewery search for other commits by this committer ] Original commit   Revision:506878
Fix BROKEN handling for x509/gssapi FLAVORS
Fri, 12 Jul 2019
[ 03:48 bdrewery search for other commits by this committer ] Original commit   Revision:506433
Update to 8.0p1

Changes: https://www.openssh.com/txt/release-8.0

With help from:	Lee Prokowich
Sponsored by:	DellEMC
Mon, 12 Nov 2018
[ 21:55 bdrewery search for other commits by this committer ] Original commit   Revision:484842
- Fix X509 build after r484765 openssl fix
- Fix patch URL for KERB_GSSAPI
- Add FLAVORs for x509 and gssapi since they are distinct types of
  OpenSSH rather than feature flags.

Approved by:	portmgr (implicit)
[ 21:04 bdrewery search for other commits by this committer ] Original commit   Revision:484824
- Update KERB_GSSAPI for 7.9p1
[ 20:56 bdrewery search for other commits by this committer ] Original commit   Revision:484823
- Fix HPN for 7.9p1
- DOCS is required for HPN but it's not exclusively a flavor so needs to be
  in the default list.
- Fix a build-time OpenSSL version comparison [1]

PR:		233157 [1]
Reported by:	Robert Schulze <rs@bytecamp.net> [1]
Obtained from:	upstream c0a35265907533be10ca151ac797f34ae0d68969 [1]
Sun, 11 Nov 2018
[ 20:21 bdrewery search for other commits by this committer ] Original commit   Revision:484765 (Only the first 10 of 13 ports in this commit are shown above. View all ports for this commit)
Update to 7.9p1.

- Fixes build on 12, head, and openssl-devel.
- GSSAPI and HPN are currently marked BROKEN as I don't want to block
  the main update for anyone.

  http://www.openssh.com/txt/release-7.8
  http://www.openssh.com/txt/release-7.9

MFH:	2018Q4 (due to being broken on 12+head)
Sat, 10 Nov 2018
[ 10:09 mat search for other commits by this committer ] Original commit   Revision:484599 (Only the first 10 of 86 ports in this commit are shown above. View all ports for this commit)
security/openssl-devel was removed, but there is a security/openssl111 now.
Mon, 10 Sep 2018
[ 13:14 mat search for other commits by this committer ] Original commit   Revision:479406 (Only the first 10 of 995 ports in this commit are shown above. View all ports for this commit)
Add DOCS options to ports that should have one.

Also various fixes related to said option.

PR:		230864
Submitted by:	mat
exp-runs by:	antoine
Fri, 29 Jun 2018
[ 15:44 bdrewery search for other commits by this committer ] Original commit   Revision:473555
Simplify CONFLICTS_INSTALL.

Reported by:	mat
Thu, 28 Jun 2018
[ 03:38 bdrewery search for other commits by this committer ] Original commit   Revision:473485
- Fix and update HPN patch to latest from upstream but leave it off by
  default.
- Add an 'hpn' FLAVOR to produce a package for users with HPN and
  NONECIPHER enabled.

Approved by:	portmgr (implicit)
Tue, 26 Jun 2018
[ 22:32 bdrewery search for other commits by this committer ] Original commit   Revision:473412
Update x509 patch to 11.3.2
Tue, 19 Jun 2018
[ 15:42 bdrewery search for other commits by this committer ] Original commit   Revision:472798
Forgot PORTREVISION bump for r472797.

PR:		229147
Thu, 3 May 2018
[ 23:39 bdrewery search for other commits by this committer ] Original commit   Revision:468998
- Add XMSS option to enable experimental key support added in 7.7 [1]
- Bring in upstream patches post 7.7 to fix various issues [2]:
  b81b2d120e9c8a83489e241620843687758925ad - Fix tunnel forwarding broken in
7.7p1
  341727df910e12e26ef161508ed76d91c40a61eb - don't kill ssh-agent's listening
socket entriely if we fail to accept a connection
  85fe48fd49f2e81fa30902841b362cfbb7f1933b - don't free the %C expansion, it's
used later for LocalCommand
  868afa68469de50d8a43e5daf867d7c624a34d20 - Disable SSH2_MSG_DEBUG messages for
Twisted Conch clients
  f5baa36ba79a6e8c534fb4e0a00f2614ccc42ea6 - Omit 3des-cbc if OpenSSL built
without DES

PR:		227758 [1]
Submitted by:	IWAMOTO Kouichi <sue@iwmt.org> [1]
PR:		227551 [2]
Reported by:	rozhuk.im@gmail.com [2]
Obtained from:	upstream mirror https://github.com/openssh/openssh-portable [2]
Wed, 25 Apr 2018
[ 18:05 bdrewery search for other commits by this committer ] Original commit   Revision:468286
Update the KERB_GSSAPI patch from debian.

https://sources.debian.org/data/main/o/openssh/1:7.7p1-2/debian/patches/gssapi.patch
is mirrored due to not being filename-unique and not gzipped.

PR:		226789
Submitted by:	Rick Miller <vmiller@verisign.com> (based on)
Tested by:	Rick Miller <vmiller@verisign.com>
Reported by:	david@dcrosstech.com
Thu, 12 Apr 2018
[ 21:54 leres search for other commits by this committer ] Original commit   Revision:467200
The block of code that canonicallizes the hostname supplied on
the command line added by patch-ssh.c misapplies to 7.7p1 and
moves from main() to to ssh_session2(). This breaks ssh SSHFP
support for non-canonical hostnames. For example, "ssh zinc"
correctly discovers the FQDN (zinc.ee.lbl.gov) and uses it to
look up A and AAAA records but the non-canonical version (zinc)
is used in the SSHFP record lookup which or course fails.

Regenerate the patch.

Reviewed by:	bdrewery, ler (mentor)
Approved by:	bdrewery, ler (mentor)
Differential Revision:	https://reviews.freebsd.org/D15053
Thu, 5 Apr 2018
[ 19:57 bdrewery search for other commits by this committer ] Original commit   Revision:466595
Make BROKEN lines more clear
[ 18:20 bdrewery search for other commits by this committer ] Original commit   Revision:466577
Update to 7.7p1

- Update x509 patch to 11.3
- Remove SCTP option as it has not had a patch available since 7.2.

Changes: https://www.openssh.com/txt/release-7.7

Notable changes:
 * ssh(1)/sshd(8): Drop compatibility support for some very old SSH
   implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These
   versions were all released in or before 2001 and predate the final
   SSH RFCs. The support in question isn't necessary for RFC-compliant
   SSH implementations.
Tue, 3 Apr 2018
[ 23:14 bdrewery search for other commits by this committer ] Original commit   Revision:466385
libressl support was fixed in r452358
Thu, 29 Mar 2018
[ 14:53 mat search for other commits by this committer ] Original commit   Revision:465899 (Only the first 10 of 13 ports in this commit are shown above. View all ports for this commit)
Mark some ports broken with openssl-devel.

Sponsored by:	Absolight
Fri, 16 Mar 2018
[ 20:20 bdrewery search for other commits by this committer ] Original commit   Revision:464727
Remove OVERWRITE_BASE compat - it was marked IGNORE in 2015
Wed, 18 Oct 2017
[ 17:19 bdrewery search for other commits by this committer ] Original commit   Revision:452358
LibreSSL + LDNS: Fix random crashes.

This happens due to ldns-config --libs adding in too many libraries
(overlinking), and -lcrypto again, which causes some strange
conflict/corruption.  By specifying the path to --with-ldns, configure only
adds in -ldns rather than every library ldns itself needs.

PR:		223000
Reported by:	many
Mon, 16 Oct 2017
[ 07:26 koobs search for other commits by this committer ] Original commit   Revision:452177
security/openssh-portable: Remove groff dependency

An unconditional dependency on groff was added in ports r441907 [1] as part
of bug 213725 (groff removal from base). OpenSSH release-5.7 notes the
following:

 * Use mandoc as preferred manpage formatter if it is present, followed
   by nroff and groff respectively.

This change removes groff as an unconditional dependency allowing mandoc
to be used, and reduces many subsequence dependencies accordingly.

It additionally explicitly sets 'mantype', which ensures that man pages
are installed in the same location (LOCALBASE/man) independently from the
generator used. Without this, a packaging (pkg-plist) error is observed
(installing man pages into LOCALBASE/doc not LOCALBASE/man), which was
presumably the genesis of the groff dependency addition in the first place.

[1] http://svnweb.freebsd.org/changeset/ports/441907

Reviewed by:		bdrewery (maintainer), allanjude
Approved by:		bdrewery (maintainer)
Differential Revision:	D11793
Sat, 14 Oct 2017
[ 18:09 bdrewery search for other commits by this committer ] Original commit   Revision:452074
Mark broken with libressl as it has several random crashses.

PR:		223000
Fri, 13 Oct 2017
[ 23:27 bdrewery search for other commits by this committer ] Original commit   Revision:452035
Bring in upstream fix for PermitOpen from commit 7c9613fac337
Thu, 12 Oct 2017
[ 19:40 bdrewery search for other commits by this committer ] Original commit   Revision:451927
Update to 7.6p1

- Update x509 patch to 11.0
- HPN/NONECIPHER do not apply currently and are disabled by default,
  same as the base sshd.  A compatibility patch is applied if
  these options are disabled to prevent startup failures; the options
  are kept as deprecated.
- SCTP patch does not apply.

Changes: https://www.openssh.com/txt/release-7.6

Notable changes:
  - SSH version 1 support dropped.
  - Dropped support for hmac-ripemd160 MAC.
  - Dropped support for the ciphers arcfour, blowfish and CAST.
  - RSA keys less than 1024 bits are refused.
Fri, 9 Jun 2017
[ 14:44 bdrewery search for other commits by this committer ] Original commit   Revision:442999
Fix LDNS detection.

This is the same fix made upstream as well.

PR:		218472
Submitted by:	leres@ee.lbl.gov
MFH:		2017Q2
Sun, 28 May 2017
[ 10:58 antoine search for other commits by this committer ] Original commit   Revision:441907 (Only the first 10 of 11 ports in this commit are shown above. View all ports for this commit)
Register dependency on groff

PR:		213725
Thu, 27 Apr 2017
[ 12:14 mat search for other commits by this committer ] Original commit   Revision:439541
Mark those as not building with openssl-devel.

Sponsored by:	Absolight
Sat, 1 Apr 2017
[ 01:59 bdrewery search for other commits by this committer ] Original commit   Revision:437391
- Update to 7.5p1.
- Update X509 to 10.1.
- Disable KERB_GSSAPI for now as it does not build.

Changes: https://www.openssh.com/txt/release-7.5
Mon, 20 Mar 2017
[ 18:16 bdrewery search for other commits by this committer ] Original commit   Revision:436555
- Change USE_AUTOTOOLS to USES= autoreconf
- Change @exec to @postexec in pkg-plist

Submitted by:	brnrd
PR:		217962
Wed, 15 Mar 2017
[ 14:45 mat search for other commits by this committer ] Original commit   Revision:436247 (Only the first 10 of 257 ports in this commit are shown above. View all ports for this commit)
Remove all USE_OPENSSL occurrences.

Sponsored by:	Absolight
Fri, 3 Mar 2017
[ 04:12 miwi search for other commits by this committer ] Original commit   Revision:435306 (Only the first 10 of 15 ports in this commit are shown above. View all ports for this commit)
- Chase ldns shlip bump

PR:		217495
Mon, 16 Jan 2017
[ 19:30 bdrewery search for other commits by this committer ] Original commit   Revision:431698 (Only the first 10 of 16 ports in this commit are shown above. View all ports for this commit)
Update to 7.4p1.

- Update X509 patch to 9.3
- SCTP patch from soralx@cydem.org

Changes: https://www.openssh.com/txt/release-7.4
Fri, 13 Jan 2017
[ 23:44 bdrewery search for other commits by this committer ] Original commit   Revision:431448
Fix to only enable SCTP patch with option from r431441
[ 23:39 bdrewery search for other commits by this committer ] Original commit   Revision:431445
Add forgotten patch in r431438 for CVE-2016-10009 and CVE-2016-10010.

Security:	2c948527-d823-11e6-9171-14dae9d210b8
Submitted by:	Tim Zingelman <zingelman@gmail.com>
MFH:		2017Q1
[ 23:28 bdrewery search for other commits by this committer ] Original commit   Revision:431441
Add working SCTP patch.

This has 2 minor changes from the upstream bug 1604

PR:		215632
Submitted by:	soralx@cydem.org
[ 23:23 bdrewery search for other commits by this committer ] Original commit   Revision:431438
Add patches to cover security issues CVE-2016-10009 and CVE-2016-10010.

Security:	2c948527-d823-11e6-9171-14dae9d210b8
Submitted by:	Tim Zingelman <zingelman@gmail.com>
MFH:		2017Q1
Mon, 24 Oct 2016
[ 22:52 bdrewery search for other commits by this committer ] Original commit   Revision:424592
Bring in upstream commit ec165c392ca54317dbe3064a8c200de6531e89ad:
  Unregister the KEXINIT handler after message has been
  received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
  allocation of up to 128MB -- until the connection is closed. Reported by
  shilei-c at 360.cn

Security:	CVE-2016-8858
Mon, 8 Aug 2016
[ 19:22 bdrewery search for other commits by this committer ] Original commit   Revision:419892
- Update to 7.3p1
- X509: Unbreak and update to 9.0
- SCTP: Mark BROKEN
- KERB_GSSAPI: Unbreak and update from Debian's patch

Release notes: http://www.openssh.com/txt/release-7.3
Mon, 16 May 2016
[ 16:56 bdrewery search for other commits by this committer ] Original commit   Revision:415340
Bring in updated SCTP patch from gentoo.

Submitted by:	Eduardo Morras <emorrasg@yahoo.es>
Fri, 1 Apr 2016
[ 14:25 mat search for other commits by this committer ] Original commit   Revision:412349 (Only the first 10 of 2099 ports in this commit are shown above. View all ports for this commit)
Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight
Fri, 11 Mar 2016
[ 22:49 bdrewery search for other commits by this committer ] Original commit   Revision:410844
- Update to 7.2p2 which fixes X11Forwarding command injection vulnerability.

Changelog:	http://www.openssh.com/txt/release-7.2p2
Advisory:	http://www.openssh.com/txt/x11fwd.adv
Mon, 29 Feb 2016
[ 18:36 bdrewery search for other commits by this committer ] Original commit   Revision:409823
- Update to 7.2p1
- Mark X509 and KERB_GSSAPI as BROKEN.

Changelog: http://www.openssh.com/txt/release-7.2

With help from:	brnrd
Wed, 3 Feb 2016
[ 22:15 marino search for other commits by this committer ] Original commit   Revision:407996
x11/xterm: document ncurses requirement (USES+=ncurses)

also link to libncurses rather than libcurses

approved by:	infrastructure blanket
Wed, 20 Jan 2016
[ 02:18 bdrewery search for other commits by this committer ] Original commit   Revision:406725
Fix the KERB_GSSAPI option using the latest patch from Debian.

This slightly refactors some of the HPN patch to avoid a conflict.

PR:		206346
Submitted by:	Garret Wollman
Thu, 14 Jan 2016
[ 16:41 bdrewery search for other commits by this committer ] Original commit   Revision:406123
Update to 7.1p2

Changes: http://www.openssh.com/txt/release-7.1p2

MFH:		2016Q1
Security:	CVE-2016-0777
Security:	CVE-2016-0778
Wed, 11 Nov 2015
[ 21:04 bdrewery search for other commits by this committer ] Original commit   Revision:401298
Fix the NONECIPHER not actually being offered by the server.

Upstream issue: https://github.com/rapier1/openssh-portable/issues/3
[ 18:04 bdrewery search for other commits by this committer ] Original commit   Revision:401289
Update advice to disable ChallengeResponseAuthentication for key usage.

PR:		204475
Reported by:	Mark.Martinec@ijs.si
Thu, 15 Oct 2015
[ 14:55 mat search for other commits by this committer ] Original commit   Revision:399346 (Only the first 10 of 135 ports in this commit are shown above. View all ports for this commit)
Drop 8 support.

With hat:	portmgr
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D3694
Thu, 24 Sep 2015
[ 21:54 bdrewery search for other commits by this committer ] Original commit   Revision:397771
Stop trying to create the RSA protocol 1 key from the rc.d file.  It is no
longer supported by default since 7.0. [1]

I do plan to make this configurable based on PR 202169 [2] soon.

PR:		202792 [1]
PR:		202169 [2]
Submitted by:	chrysalis@chrysalisnet.org [1]
Tue, 25 Aug 2015
[ 03:59 bdrewery search for other commits by this committer ] Original commit   Revision:395214
Fix patch from r395182 on head. The patch(1) command works fine on 8.4
and 9.3 but not head with this patch.
Mon, 24 Aug 2015
[ 18:51 bdrewery search for other commits by this committer ] Original commit   Revision:395182
Apply upstream fix for 'HostkeyAlgorithms +' support.
Fri, 21 Aug 2015
[ 21:51 bdrewery search for other commits by this committer ] Original commit   Revision:394995
Update to 7.1p1

Changes: http://www.openssh.com/txt/release-7.1
Tue, 18 Aug 2015
[ 15:42 bdrewery search for other commits by this committer ] Original commit   Revision:394608
- Update to OpenSSH 7.0p1
- Update X509 patch to 8.5

Changes: http://www.openssh.com/txt/release-7.0
Mon, 27 Jul 2015
[ 18:47 bdrewery search for other commits by this committer ] Original commit   Revision:393004
Add upstream fix to address CVE-2015-5600 for MaxAuthTries bypass.

Security:	5b74a5bc-348f-11e5-ba05-c80aa9043978
[ 18:41 bdrewery search for other commits by this committer ] Original commit   Revision:393002
Fix accidental revert of PermitRootLogin default to NO.

This was due to the patch not being needed in the snapshot version
which I based the 6.9 update off of. The default is changed in
the upcoming 7.0 release
[ 18:30 bdrewery search for other commits by this committer ] Original commit   Revision:392998 (Only the first 10 of 11 ports in this commit are shown above. View all ports for this commit)
- Update to 6.9p1
- Update X509 patch to 8.4

Changes:	http://www.openssh.com/txt/release-6.9
Fri, 24 Jul 2015
[ 17:01 bdrewery search for other commits by this committer ] Original commit   Revision:392830
Use new USES=libedit
Wed, 24 Jun 2015
[ 19:35 bdrewery search for other commits by this committer ] Original commit   Revision:390514
Support changed ETCDIR in pkg-plist
[ 18:38 bdrewery search for other commits by this committer ] Original commit   Revision:390512
Allow user overriding ETCDIR
Tue, 2 Jun 2015
[ 15:00 bdrewery search for other commits by this committer ] Original commit   Revision:388363 (Only the first 10 of 14 ports in this commit are shown above. View all ports for this commit)
Add openssh-portable-devel which is based on the upstream snapshots for staging
and testing.

Its initial version is 20150602 which is nearly the upcoming 6.9 version.
Sat, 16 May 2015
[ 16:28 bdrewery search for other commits by this committer ] Original commit   Revision:386554
Avoid a potential read overflow. This was not deemed a security issue by
upstream; it was fixed upstream comprehensively a few weeks ago in
77199d6ec8986d470487e66f8ea8f4cf43d2e20c.

PR:		200241
Patch by:	Hanno Bock <hanno@hboeck.de>
Obtained from:	http://www.openwall.com/lists/oss-security/2015/05/16/3
Thu, 14 May 2015
[ 10:15 mat search for other commits by this committer ] Original commit   Revision:386312 (Only the first 10 of 1814 ports in this commit are shown above. View all ports for this commit)
MASTER_SITES cleanup.

- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
  of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
  no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.

While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.

Also, replace some EXTRACT_SUFX occurences with USES=tar:*.

Checked by:	make fetch-urlall-list
With hat:	portmgr
Sponsored by:	Absolight
Wed, 6 May 2015
[ 18:39 bdrewery search for other commits by this committer ] Original commit   Revision:385541
Fix clients getting 'Bad packet length' and 'Disconnecting: Packet corrupt'
when the NONECIPHER option is selected but not the HPN option.  The server
banner was improperly sending a NULL byte after the newline causing confusion
on the client.  This was an error in my own modifications to the HPN patch
in r383231.

This may have occurred with stale builds as well, such as running
'make configure' then 'portsnap update' and then 'make build'.

Pointyhat to:	bdrewery
Reported by:	many
PR:		199352
Tue, 14 Apr 2015
[ 16:42 bdrewery search for other commits by this committer ] Original commit   Revision:384006
Replace the TTSH patch from r383618 with the one that upstream took.

Obtained from upstream d8f391caef623
Thu, 9 Apr 2015
[ 20:57 bdrewery search for other commits by this committer ] Original commit   Revision:383678
Cleanup some unneeded patches.

1. There's no need to patch the xauth(1) location as the OpenSSH build already
   does so based on the --with-xauth path provided. It also updates manpages.
2. Don't modify manpage for shosts location as it was wrong. The proper
   LOCALBASE path is now used due to OpenSSH's build already handling it
   properly.
3. Remove confusing UsePrivilegeSeparation change in sshd_config. The default
   upstream is to have it disabled by default. The sshd_config line is in
   upstream to enable it by default in new installations. We always enable
   it though. So remove the sshd_config change which makes it look like
   we don't use it; it was not a needed difference with upstream.

From discussion with:	TJ <tj@mrsk.me>

Number of commits found: 325 (showing only 100 on this page)

1 | 2 | 3 | 4  »