notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Ukraine
Port details
openssh-portable The portable version of OpenBSD's OpenSSH
9.0.p1,1 security on this many watch lists=119 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 8.9.p1_4,1Version of this port present on the latest quarterly branch.
Maintainer: bdrewery@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2001-06-01 11:49:36
Last Update: 2022-06-07 19:21:43
Commit Hash: ca9ce69
People watching this port, also watch:: openssl, wget, libiconv, expat
License: OPENSSH
Description:
SVNWeb : git : Homepage
pkg-plist: as obtained via: make generate-plist
There is no configure plist information for this port.
Dependency lines:
  • openssh-portable>0:security/openssh-portable
Conflicts:
CONFLICTS:
  • openssh-3.*
  • ssh-1.*
  • ssh2-3.*
  • openssh-portable-devel
CONFLICTS_INSTALL:
  • openssh-portable-hpn
  • openssh-portable-gssapi
  • openssh-portable-x509
Conflicts Matches:
There are no Conflicts Matches for this port. This is usually an error.
To install the port:
cd /usr/ports/security/openssh-portable/ && make install clean
To add the package, run one of these commands:
  • pkg install security/openssh-portable
  • pkg install openssh-portable
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.
PKGNAME: openssh-portable
Package flavors (<flavor>: <package>)
  • default: openssh-portable
  • hpn: openssh-portable-hpn
  • gssapi: openssh-portable-gssapi
distinfo:
Packages (timestamps in pop-ups are UTC):
openssh-portable
ABIlatestquarterly
FreeBSD:11:aarch647.7.p1_6,18.2.p1_1,1
FreeBSD:11:amd648.7.p1_1,18.6.p1,1
FreeBSD:11:armv67.2.p2,18.2.p1_1,1
FreeBSD:11:i3868.7.p1_1,18.6.p1,1
FreeBSD:11:mips--
FreeBSD:11:mips647.2.p2,18.2.p1_1,1
FreeBSD:12:aarch647.7.p1_6,18.9.p1_4,1
FreeBSD:12:amd649.0.p1,18.9.p1_4,1
FreeBSD:12:armv67.7.p1_6,18.2.p1_1,1
FreeBSD:12:armv7-8.2.p1_1,1
FreeBSD:12:i3869.0.p1,18.9.p1_4,1
FreeBSD:12:mips--
FreeBSD:12:mips64-8.2.p1_1,1
FreeBSD:12:powerpc64-8.4.p1_4,1
FreeBSD:13:aarch649.0.p1,18.9.p1_4,1
FreeBSD:13:amd649.0.p1,18.9.p1_4,1
FreeBSD:13:armv68.4.p1_3,18.9.p1_3,1
FreeBSD:13:armv78.4.p1_3,18.9.p1_3,1
FreeBSD:13:i3869.0.p1,18.9.p1_4,1
FreeBSD:13:mips--
FreeBSD:13:mips64--
FreeBSD:13:powerpc648.4.p1_3,18.6.p1,1
FreeBSD:14:aarch649.0.p1,1-
FreeBSD:14:amd649.0.p1,1-
FreeBSD:14:armv69.0.p1,1-
FreeBSD:14:armv78.9.p1_4,1-
FreeBSD:14:i3869.0.p1,1-
FreeBSD:14:mips--
FreeBSD:14:mips64--
FreeBSD:14:powerpc648.4.p1_4,1-
 
openssh-portable-gssapi
ABIlatestquarterly
FreeBSD:11:aarch64-8.2.p1_1,1
FreeBSD:11:amd64--
FreeBSD:11:armv6-8.2.p1_1,1
FreeBSD:11:i386--
FreeBSD:11:mips--
FreeBSD:11:mips64--
FreeBSD:12:aarch64-8.9.p1_4,1
FreeBSD:12:amd649.0.p1,18.9.p1_4,1
FreeBSD:12:armv6-8.2.p1_1,1
FreeBSD:12:armv7-8.2.p1_1,1
FreeBSD:12:i3869.0.p1,18.9.p1_4,1
FreeBSD:12:mips--
FreeBSD:12:mips64--
FreeBSD:12:powerpc64-8.4.p1_4,1
FreeBSD:13:aarch649.0.p1,18.9.p1_4,1
FreeBSD:13:amd649.0.p1,18.9.p1_4,1
FreeBSD:13:armv68.4.p1_3,18.9.p1_3,1
FreeBSD:13:armv78.4.p1_3,18.9.p1_3,1
FreeBSD:13:i3869.0.p1,18.9.p1_4,1
FreeBSD:13:mips--
FreeBSD:13:mips64--
FreeBSD:13:powerpc648.4.p1_3,1-
FreeBSD:14:aarch649.0.p1,1-
FreeBSD:14:amd649.0.p1,1-
FreeBSD:14:armv69.0.p1,1-
FreeBSD:14:armv78.9.p1_4,1-
FreeBSD:14:i3869.0.p1,1-
FreeBSD:14:mips--
FreeBSD:14:mips64--
FreeBSD:14:powerpc648.4.p1_4,1-
 
openssh-portable-hpn
ABIlatestquarterly
FreeBSD:11:aarch647.7.p1_6,18.2.p1_1,1
FreeBSD:11:amd648.7.p1_1,18.6.p1,1
FreeBSD:11:armv6-8.2.p1_1,1
FreeBSD:11:i3868.7.p1_1,18.6.p1,1
FreeBSD:11:mips--
FreeBSD:11:mips64-8.2.p1_1,1
FreeBSD:12:aarch647.7.p1_6,18.9.p1_4,1
FreeBSD:12:amd649.0.p1,18.9.p1_4,1
FreeBSD:12:armv67.7.p1_6,18.2.p1_1,1
FreeBSD:12:armv7-8.2.p1_1,1
FreeBSD:12:i3869.0.p1,18.9.p1_4,1
FreeBSD:12:mips--
FreeBSD:12:mips64-8.2.p1_1,1
FreeBSD:12:powerpc64-8.4.p1_4,1
FreeBSD:13:aarch649.0.p1,18.9.p1_4,1
FreeBSD:13:amd649.0.p1,18.9.p1_4,1
FreeBSD:13:armv68.4.p1_3,18.9.p1_3,1
FreeBSD:13:armv78.4.p1_3,18.9.p1_3,1
FreeBSD:13:i3869.0.p1,18.9.p1_4,1
FreeBSD:13:mips--
FreeBSD:13:mips64--
FreeBSD:13:powerpc648.4.p1_3,18.6.p1,1
FreeBSD:14:aarch649.0.p1,1-
FreeBSD:14:amd649.0.p1,1-
FreeBSD:14:armv69.0.p1,1-
FreeBSD:14:armv78.9.p1_4,1-
FreeBSD:14:i3869.0.p1,1-
FreeBSD:14:mips--
FreeBSD:14:mips64--
FreeBSD:14:powerpc648.4.p1_4,1-
 

Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. pkgconf>=1.3.0_1 : devel/pkgconf
  2. autoconf>=2.69 : devel/autoconf
  3. automake>=1.16.1 : devel/automake
Library dependencies:
  1. libfido2.so : security/libfido2
  2. libldns.so : dns/ldns
  3. libedit.so.0 : devel/libedit
There are no ports dependent upon this port

Configuration Options:
Options name:

USES:

pkg-message:
For install:
Master Sites:
Expand this list (7 items)
Collapse this list.
  1. https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  2. https://ftp.OpenBSD.org/pub/OpenBSD/OpenSSH/portable/
  3. https://ftp.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  4. https://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  5. https://mirror.aarnet.edu.au/pub/OpenBSD/OpenSSH/portable/
  6. https://mirror.leaseweb.com/pub/OpenBSD/OpenSSH/portable/
  7. https://openbsd.hk/pub/OpenBSD/OpenSSH/portable/
Collapse this list.
Notes from UPDATING
These upgrade notes are taken from /usr/ports/UPDATING
  • 2017-10-12
    Affects: users of security/openssh-portable
    Author: bdrewery@FreeBSD.org
    Reason: 
      OpenSSH has been upgraded to 7.6p1 which has removed several deprecated
      features:
    
        - SSH version 1 support dropped.
        - Dropped support for hmac-ripemd160 MAC.
        - Dropped support for the ciphers arcfour, blowfish and CAST.
        - RSA keys less than 1024 bits are refused.
    
      The HPN option is currently disabled by default, and does not build,
      in the package.  This follows what happened in base as well.
    
    
Expand this list (6 items)
  • 2017-03-31
    Affects: users of security/openssh-portable
    Author: bdrewery@FreeBSD.org
    Reason: 
      The format of several log messages emitted by the packet code has
      changed to include additional information about the user and
      their authentication state. Software that monitors ssh/sshd logs
      may need to account for these changes. For example:
    
      Connection closed by user x 1.1.1.1 port 1234 [preauth]
      Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth]
      Connection closed by invalid user x 1.1.1.1 port 1234 [preauth]
    
      Affected messages include connection closure, timeout, remote
      disconnection, negotiation failure and some other fatal messages
      generated by the packet code.
    
    
  • 2015-08-21
    Affects: users of security/openssh-portable
    Author: bdrewery@FreeBSD.org
    Reason: 
      OpenSSH 7.0 disables support for:
        * SSH protocol 1
        * 1024-bit diffie-hellman-group1-sha1 key exchange
        * ssh-dss, ssh-dss-cert-* host and user keys
        * legacy v00 cert format
    
      See http://www.openssh.com/txt/release-7.0 for more information and
      http://www.openssh.com/legacy.html for how to re-enable some of these
      algorithms.
    
    
  • 2015-03-22
    Affects: users of security/openssh-portable
    Author: bdrewery@FreeBSD.org
    Reason: 
      The port now uses VersionAddendum for the port version string. Setting
      the value to "none" in your sshd_config and restarting openssh will allow
      removing the version from the banner.
    
    
  • 2014-12-18
    Affects: users of security/openssh-portable
    Author: bdrewery@FreeBSD.org
    Reason: 
      OpenSSH 6.7 disables some insecure ciphers by default, such as arcfour
      and blowfish. You may have clients using these over LAN where security is
      considered less important for the connection. For these cases you may need
      to update your Ciphers entry in your sshd_config to enable them again.
    
      See http://mgalgs.github.io/2014/10/22/enable-arcfour-and-other-fast-ciphers-on-recent-versions-of-openssh.html
    
    
  • 2014-12-16
    Affects: users of security/openssh-portable, security/openssh-portable66
    Author: bdrewery@FreeBSD.org
    Reason: 
      All patches have been fixed for version 6.7. It is no longer required to use
      the security/openssh-portable66 port.
    
      The LPK option was removed from security/openssh-portable as it has been
      deprecated since May 2013. Use AuthorizedKeysCommand as a replacement.
    
    
  • 2014-11-17
    Affects: users of security/openssh-portable
    Author: bdrewery@FreeBSD.org
    Reason: 
      Most of the optional patches for OpenSSH do not apply to the 6.7 update yet.
      The 6.6 version has been copied to security/openssh-portable66 if you require
      the use of one of the optional ports.
    
    
  • Collapse this list.
Port Moves

Number of commits found: 379 (showing only 100 on this page)

1 | 2 | 3 | 4  »  

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
07 Jun 2022 19:21:43
 files touched by this commit commit hash:ca9ce6929f98fddf259c03bc6dfa4916e16da6e9  9.0.p1,1
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Update to 9.0p1

Changes:        https://www.openssh.com/txt/release-9.0
PR:		264211
25 May 2022 13:34:24
 files touched by this commit commit hash:272dd07a309c086a4bc97dc015ef7faf4fbf89ca  8.9.p1_4,1
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix some capsicum issues

- Brings in latest changes from base. See patches for details.
- Version 9.0 is being worked on but I wanted to fix this issue
  before proceeding with bigger changes.

PR:		263753
07 Mar 2022 23:02:47
 files touched by this commit commit hash:a12058fae3bb09a1aba41d24383b6f1d93f2b330  8.9.p1_2,1
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Again fix procctl(2) usage

The 8.9p1 update was supposed to have a fix for incorrect
use of procctl(2) but was left out for some reason. A wrong
assumption missed keeping it in ae66cffc19f357cbd5.

PR:          262352
07 Mar 2022 23:02:47
 files touched by this commit commit hash:21cedc6ee57bc9321c9cb5ebe21bdf2c4bc154ee  8.9.p1_3,1
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Add comment in openssh.in about host keys

Commit ae66cffc19f added some rc vars to allow disabling host keys.
The naming caused some confusion. Attempt to address that with a
comment since these are not documented anywhere else.

PR:	        202169
07 Mar 2022 22:46:42
 files touched by this commit commit hash:df3a937145b1bef1b3c08515dc6619b12654415f  8.9.p1_1,1
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix fetching gssapi patch

- Mirror it
- Update to latest Debian location
03 Mar 2022 19:59:09
 files touched by this commit commit hash:418bb1fbd26b1b66b71096b364b0ee10477541b7  8.9.p1_1,1
Bryan Drewery (bdrewery) search for other commits by this committer
Author: Andrew Fyfe
security/openssh-portable: fix docs when built without PAM support

The defaults documented in sshd_config and sshd_config.5 are incorrect
if OpenSSH was built without PAM support and can be misleading to the
user whether or not password authentication is enabled.

- Moved PAM specific changes out of patch-sshd_config and into
  extra-patch-pam-sshd_config
- sshd_config.5 PasswordAuthentication: added a new line before the note
  to make it easier to read.
- sshd_config.5 UsePAM: noted the default value depends on whether
  sshd was built with or without PAM support.

PR:		261342
03 Mar 2022 19:37:07
 files touched by this commit commit hash:1249b096fa52847f13a956ee0364b2a14c60e9b5  8.9.p1,1
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Tweak new rc var names

Commit ae66cffc19f357cbd5 added new rc vars to control generating of
host keys [1].  Rename these to more closely match the base version
before it becomes widely adopted.

PR:	        202169 [1]
PR:	        209948 [FYI]
03 Mar 2022 19:25:36
 files touched by this commit commit hash:ae66cffc19f357cbd51d5841c9b110a9ffd63e32  8.9.p1,1
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Update to 8.9p1

- Unbreak GSSAPI [1]
- rc.d/openssh: Allow modifying host key generation [2]

Changes: https://www.openssh.com/txt/release-8.9
PR:     	259909 [1]
PR:		202169 [2]
Submitted by:	Rick Miller [1]
Submitted by:	Chad Jacob Milios [2]
03 Mar 2022 19:25:36
 files touched by this commit commit hash:ad60ad3528afdeafa5eb9a13a70fea04a0565b0c  8.8.p1_2,1
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix subtle rc script problem.

Invoking 'run_rc_command' taints '$rc_var' with 'keygen' which blocks further
processing for something like openssh_oomprotect.  Note that openssh_oomprotect
is broken in rc.subr until it learns to read a pidfile.
25 Nov 2021 21:40:11
 files touched by this commit commit hash:04b9da414081a733478d3def4e1e3777908536c6  8.8.p1_1,1
Stefan E├čer (se) search for other commits by this committer
*/*: Remove redundant '-*' from CONFLICTS definitions

The conflict checks compare the patterns first against the package
names without version (as reported by "pkg query "%n"), then - if
there was no match - agsinst the full package names including the
version (as reported by "pkg query "%n-%v").

Approved by: portmgr (blanket)
16 Oct 2021 03:58:23
 files touched by this commit commit hash:02dbfbc67645e88e9865f2885b124da170688c33  8.8.p1_1,1
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: libfido fix went in 505373243
15 Oct 2021 17:10:21
 files touched by this commit commit hash:f4a5ae5fd8ee4948c8b7d1c9bfd0e07d33a8aa18  8.8.p1_1,1
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix sftp crash

This fixes an error trying to disabling process tracing.

It has been sent upstream.

PR:		259174
Submitted by:	mike at sentex dot net
12 Oct 2021 21:05:45
 files touched by this commit commit hash:8d40d32ae3734f26b59ddff988aced383907d2a5  8.8.p1,1
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix build without LIBEDIT

This removes a patch that is no longer needed with 8.8p1.

Reported by:	leres
12 Oct 2021 18:06:52
 files touched by this commit commit hash:384966798240c189323385c19fed055d686be27a  8.8.p1,1
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Update to 8.8p1

Changelog:	https://www.openssh.com/txt/release-8.8
Security:	CVE-2021-41617
27 Sep 2021 22:42:58
 files touched by this commit commit hash:fd74bc8eb2fed86275167e58e9349045c6bbbaa4  8.7.p1_1,1 This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Fix default ssh-askpass path

Reported by:	Piotr Smyrak
10 Sep 2021 21:17:20
 files touched by this commit commit hash:44052bec2c67ce32ff3f8936ecde9870aaa6d8be  8.7.p1,1 This port version is marked as vulnerable.
Bernhard Froehlich (decke) search for other commits by this committer
security/openssh-portable: Add CPE information

Approved by:	portmgr (blanket)
10 Sep 2021 17:48:05
 files touched by this commit commit hash:d27003d5644902b91d86ff3f0c36d7b8c56710f0  8.7.p1,1 This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Various build fixes

- Fix build with WITH_BLACKLISTD [1]
- Fix build with WITHOUT_LIBEDIT due to upstream bug [2]

Reported by:	emaste [1]
Reported by:	Ivan Rozhuk [2]
PR:		258402 [2]
09 Sep 2021 19:09:40
 files touched by this commit commit hash:a981593ecc06f124506f481e5dd0eee9ea6a70f8  8.7.p1,1 This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Update to 8.7p1.

Changes: https://www.openssh.com/txt/release-8.7
29 Apr 2021 16:05:55
 files touched by this commit commit hash:de9fffcec89b58fb6f77b72a55975eccb01eb480  8.6.p1,1 This port version is marked as vulnerable.
Bryan Drewery (bdrewery) search for other commits by this committer
security/openssh-portable: Update to 8.6p1

- gssapi is disabled for now.

Changes:
 - https://www.openssh.com/txt/release-8.5
 - https://www.openssh.com/txt/release-8.6

Submitted by:	Yasuhiro Kimura [earlier version][1]
PR:		254389 [1]
06 Apr 2021 14:31:13
 files touched by this commit commit hash:135fdeebb99c3569e42d8162b265e15d29bd937d  8.4.p1_4,1 This port version is marked as vulnerable.
Mathieu Arnold (mat) search for other commits by this committer
all: Remove all other $FreeBSD keywords.
06 Apr 2021 14:31:07
 files touched by this commit commit hash:305f148f482daf30dcf728039d03d019f88344eb  8.4.p1_4,1 This port version is marked as vulnerable.
Mathieu Arnold (mat) search for other commits by this committer
Remove # $FreeBSD$ from Makefiles.
18 Mar 2021 20:49:45
Original commit files touched by this commit Revision:568761  8.4.p1_4,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Add limited patch for CVE-2021-28041 from upstream.
09 Dec 2020 02:46:43
Original commit files touched by this commit Revision:557337  8.4.p1_3,1 This port version is marked as vulnerable.
pkubaj search for other commits by this committer
security/openssh-portable@gssapi: fix build on GCC architectures

gss-genr.c: In function 'ssh_gssapi_kex_mechs':
gss-genr.c:175:9: error: 'strncpy' specified bound depends on the length of the
source argument [-Werror=stringop-overflow=]
  175 |    cp = strncpy(s, kex, strlen(kex));
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
29 Nov 2020 02:16:29
Original commit files touched by this commit Revision:556545  8.4.p1_3,1 This port version is marked as vulnerable.
pkubaj search for other commits by this committer
security/openssh-portable: fix build on GCC architectures

loginrec.c:763:2: error: 'strncpy' output may be truncated copying 32 bytes from
a string of length 511 [-Werror=stringop-truncation]
strncpy(utx->ut_user, li->username,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MIN_SIZEOF(utx->ut_user, li->username));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
loginrec.c: In function 'record_failed_login':
loginrec.c:1687:2: error: 'strncpy' specified bound 32 equals destination size
[-Werror=stringop-truncation]
strncpy(ut.ut_user, username, sizeof(ut.ut_user));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
loginrec.c:1696:2: error: 'strncpy' specified bound 256 equals destination size
[-Werror=stringop-truncation]
strncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
24 Nov 2020 20:46:21
Original commit files touched by this commit Revision:556185  8.4.p1_3,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix KERB_GSSAPI build; missing prototypes for DH openssl-compat.

PR:		212151 (maybe)
20 Nov 2020 03:41:56
Original commit files touched by this commit Revision:555734  8.4.p1_2,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Add pkg-config dependency which avoids some maintainer testing errors
  and also removes a few unneeded library links such as -lcurses.
- libfido2 package is broken with pkg-config and base ssl. Workaround this
  by not using pkg-config for that library for now.
- Add USES=localbase to simplify some options
- Make crypt(3) MD5 password support optional but still on-by-default.  The
  default in FreeBSD changed in 10.0 but that does not mean
- Enable -Werror
- Remove some old baggage from the port build
 o The zlib version check has not been needed for a while.
 o sshd.8 has not had %%PREFIX%% or %$RC_SCRIPT_NAME%% since 2011
   and is not worth more patches/complexity.
 o The strnvis(3) problem noted in r311891 was fixed in OpenSSH 7.4.
 o autoreconf is run so it makes no sense to patch configure for -ldes
 o --with-md5-passwords is not needed as our crypt(3) supports it
   natively.  This is only relevant without PAM.
17 Nov 2020 01:45:12
Original commit files touched by this commit Revision:555531  8.4.p1_1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Add blacklistd(8) support.
  This differs slightly from base as it uses the current NetBSD
  hook points.
  This is off-by-default as it needs testing and has issues that may cause
  crashes.  One such issue is the use of private bl_create() symbol from
  libblacklist.  It is also unclear if the hook points are sufficient
  or proper after the libssh refactoring in 8.x.

PR:		223628 (patch rewritten as it no longer applied)
16 Nov 2020 23:36:49
Original commit files touched by this commit Revision:555524  8.4.p1_1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Add and enable FIDO/U2F support for security keys by default.
  This feature came in 8.2, is enabled by default on OpenBSD,
  and suggested to be enabled by default for packages.
16 Nov 2020 22:25:28
Original commit files touched by this commit Revision:555518  8.4.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Slightly reduce diff with base
- No functional changes.

PR:		223010
Submitted by:	brnrd (earlier patch)
16 Nov 2020 20:39:13
Original commit files touched by this commit Revision:555516  8.4.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- bindresvport support hasn't been used since 7.8
16 Nov 2020 20:36:17
Original commit files touched by this commit Revision:555514  8.4.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Remove sctp patch missed in r466577
16 Nov 2020 19:39:34
Original commit files touched by this commit Revision:555512  8.4.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 8.4p1 (skipped 8.3)

 - https://www.openssh.com/txt/release-8.3
 - https://www.openssh.com/txt/release-8.4

PR:		239807, 250319
Sponsored by:	Dell EMC
12 Nov 2020 10:51:31
Original commit files touched by this commit Revision:554948  8.2.p1_2,1 This port version is marked as vulnerable.
0mp search for other commits by this committer
security/openssh-portable: Set LICENSE

In the past, the ports framework did not support handling situations
where a port contained a multitude of licenses. In case of OpenSSH
the list is/was: BSD2, BSD3, MIT, public domain, BSD-Style, BEER-WARE,
"any purpose with notice intact", and ISC-Style.

Instead of having to keep track of all the involved licenses which all
are very similar, let's use LICENSE_PERMS.

I am not bumping PORTREVISION as it is not a vital change from the
perspective of package users.

Approved by:	bdrewery (maintainer)
Differential Revision:	https://reviews.freebsd.org/D27133
07 Nov 2020 14:46:38
Original commit files touched by this commit Revision:554395  8.2.p1_2,1 This port version is marked as vulnerable.
0mp search for other commits by this committer
Install the moduli file as a @sample

PR:		250559
Submitted by:	Michal "rysiek" Wozniak <rysiek % isnic.is>
Approved by:	maintainer timeout
07 Nov 2020 14:18:46
Original commit files touched by this commit Revision:554393  8.2.p1_1,1 This port version is marked as vulnerable.
0mp search for other commits by this committer
Fix a typo

Approved by:	portmgr blanket
15 Aug 2020 17:12:09
Original commit files touched by this commit Revision:545050  8.2.p1_1,1 This port version is marked as vulnerable.
sunpoet search for other commits by this committer
Update WWW

Approved by:	portmgr (blanket)
23 Mar 2020 23:15:10
Original commit files touched by this commit Revision:529015  8.2.p1_1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Simplify and refactor login.conf environment handling.
23 Mar 2020 21:56:17
Original commit files touched by this commit Revision:529010  8.2.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix build without PAM option
23 Mar 2020 17:07:43
Original commit files touched by this commit Revision:528982  8.2.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Remove long broken X509 patch.

Approved by:	portmgr (implicit)
23 Mar 2020 17:04:51
Original commit files touched by this commit Revision:528981  8.2.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix plist for 8.2p1
23 Mar 2020 16:53:46
Original commit files touched by this commit Revision:528979  8.2.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 8.2p1

Release notes: https://www.openssh.com/txt/release-8.2
22 Dec 2019 02:55:14
Original commit files touched by this commit Revision:520603  8.1.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update to 8.1p1

Changes: https://www.openssh.com/txt/release-8.1

Sponsored by:	Dell EMC
09 Oct 2019 12:20:31
Original commit files touched by this commit Revision:514144  8.0.p1_1,1 This port version is marked as vulnerable.
bapt search for other commits by this committer
Drop the ipv6 virtual category for s* category as it is not relevant anymore
02 Sep 2019 21:23:28
Original commit files touched by this commit Revision:510851  8.0.p1_1,1 This port version is marked as vulnerable.
swills search for other commits by this committer
Bump PORTREVISION on ldns consumers

Shared lib version changed in update

Reported by:	sunpoet
14 Aug 2019 12:16:13
Original commit files touched by this commit Revision:508909  8.0.p1,1 This port version is marked as vulnerable.
mat search for other commits by this committer
Convert to UCL & cleanup pkg-message (categories s)
19 Jul 2019 19:18:09
Original commit files touched by this commit Revision:506959  8.0.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update gssapi patch for 8.0
- Rework how the gssapi patch is fetched/mirrored so we can fetch
  directly from debian.

PR:		239290
Submitted by:	david@dcrosstech.com (based on)
Tested by:	vrwmiller@gmail.com
18 Jul 2019 20:10:07
Original commit files touched by this commit Revision:506878  8.0.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix BROKEN handling for x509/gssapi FLAVORS
12 Jul 2019 03:48:48
Original commit files touched by this commit Revision:506433  8.0.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update to 8.0p1

Changes: https://www.openssh.com/txt/release-8.0

With help from:	Lee Prokowich
Sponsored by:	DellEMC
12 Nov 2018 21:55:35
Original commit files touched by this commit Revision:484842  7.9.p1_1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix X509 build after r484765 openssl fix
- Fix patch URL for KERB_GSSAPI
- Add FLAVORs for x509 and gssapi since they are distinct types of
  OpenSSH rather than feature flags.

Approved by:	portmgr (implicit)
12 Nov 2018 21:04:05
Original commit files touched by this commit Revision:484824  7.9.p1_1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update KERB_GSSAPI for 7.9p1
12 Nov 2018 20:56:11
Original commit files touched by this commit Revision:484823  7.9.p1_1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix HPN for 7.9p1
- DOCS is required for HPN but it's not exclusively a flavor so needs to be
  in the default list.
- Fix a build-time OpenSSL version comparison [1]

PR:		233157 [1]
Reported by:	Robert Schulze <rs@bytecamp.net> [1]
Obtained from:	upstream c0a35265907533be10ca151ac797f34ae0d68969 [1]
11 Nov 2018 20:21:04
Original commit files touched by this commit Revision:484765  7.9.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update to 7.9p1.

- Fixes build on 12, head, and openssl-devel.
- GSSAPI and HPN are currently marked BROKEN as I don't want to block
  the main update for anyone.

  http://www.openssh.com/txt/release-7.8
  http://www.openssh.com/txt/release-7.9

MFH:	2018Q4 (due to being broken on 12+head)
10 Nov 2018 10:09:49
Original commit files touched by this commit Revision:484599  7.7.p1_6,1 This port version is marked as vulnerable.
mat search for other commits by this committer
security/openssl-devel was removed, but there is a security/openssl111 now.
10 Sep 2018 13:14:52
Original commit files touched by this commit Revision:479406  7.7.p1_6,1 This port version is marked as vulnerable.
mat search for other commits by this committer
Add DOCS options to ports that should have one.

Also various fixes related to said option.

PR:		230864
Submitted by:	mat
exp-runs by:	antoine
29 Jun 2018 15:44:33
Original commit files touched by this commit Revision:473555  7.7.p1_6,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Simplify CONFLICTS_INSTALL.

Reported by:	mat
28 Jun 2018 03:38:33
Original commit files touched by this commit Revision:473485  7.7.p1_5,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Fix and update HPN patch to latest from upstream but leave it off by
  default.
- Add an 'hpn' FLAVOR to produce a package for users with HPN and
  NONECIPHER enabled.

Approved by:	portmgr (implicit)
26 Jun 2018 22:32:37
Original commit files touched by this commit Revision:473412  7.7.p1_4,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update x509 patch to 11.3.2
19 Jun 2018 15:42:54
Original commit files touched by this commit Revision:472798  7.7.p1_3,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Forgot PORTREVISION bump for r472797.

PR:		229147
19 Jun 2018 15:42:32
Original commit files touched by this commit Revision:472797  7.7.p1_2,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix nologin check when PAM option is disabled in the port.

PR:		229147
Submitted by:	Robert Schulze <rs@bytecamp.net>
19 Jun 2018 15:34:14
Original commit files touched by this commit Revision:472796  7.7.p1_2,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Add lost metadata on why this patch exists
03 May 2018 23:39:11
Original commit files touched by this commit Revision:468998  7.7.p1_2,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Add XMSS option to enable experimental key support added in 7.7 [1]
- Bring in upstream patches post 7.7 to fix various issues [2]:
  b81b2d120e9c8a83489e241620843687758925ad - Fix tunnel forwarding broken in
7.7p1
  341727df910e12e26ef161508ed76d91c40a61eb - don't kill ssh-agent's listening
socket entriely if we fail to accept a connection
  85fe48fd49f2e81fa30902841b362cfbb7f1933b - don't free the %C expansion, it's
used later for LocalCommand
  868afa68469de50d8a43e5daf867d7c624a34d20 - Disable SSH2_MSG_DEBUG messages for
Twisted Conch clients
  f5baa36ba79a6e8c534fb4e0a00f2614ccc42ea6 - Omit 3des-cbc if OpenSSL built
without DES

PR:		227758 [1]
Submitted by:	IWAMOTO Kouichi <sue@iwmt.org> [1]
PR:		227551 [2]
Reported by:	rozhuk.im@gmail.com [2]
Obtained from:	upstream mirror https://github.com/openssh/openssh-portable [2]
25 Apr 2018 18:05:41
Original commit files touched by this commit Revision:468286  7.7.p1_1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update the KERB_GSSAPI patch from debian.

https://sources.debian.org/data/main/o/openssh/1:7.7p1-2/debian/patches/gssapi.patch
is mirrored due to not being filename-unique and not gzipped.

PR:		226789
Submitted by:	Rick Miller <vmiller@verisign.com> (based on)
Tested by:	Rick Miller <vmiller@verisign.com>
Reported by:	david@dcrosstech.com
12 Apr 2018 21:54:01
Original commit files touched by this commit Revision:467200  7.7.p1_1,1 This port version is marked as vulnerable.
leres search for other commits by this committer
The block of code that canonicallizes the hostname supplied on
the command line added by patch-ssh.c misapplies to 7.7p1 and
moves from main() to to ssh_session2(). This breaks ssh SSHFP
support for non-canonical hostnames. For example, "ssh zinc"
correctly discovers the FQDN (zinc.ee.lbl.gov) and uses it to
look up A and AAAA records but the non-canonical version (zinc)
is used in the SSHFP record lookup which or course fails.

Regenerate the patch.

Reviewed by:	bdrewery, ler (mentor)
Approved by:	bdrewery, ler (mentor)
Differential Revision:	https://reviews.freebsd.org/D15053
05 Apr 2018 19:57:07
Original commit files touched by this commit Revision:466595  7.7.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Make BROKEN lines more clear
05 Apr 2018 18:20:51
Original commit files touched by this commit Revision:466577  7.7.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update to 7.7p1

- Update x509 patch to 11.3
- Remove SCTP option as it has not had a patch available since 7.2.

Changes: https://www.openssh.com/txt/release-7.7

Notable changes:
 * ssh(1)/sshd(8): Drop compatibility support for some very old SSH
   implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These
   versions were all released in or before 2001 and predate the final
   SSH RFCs. The support in question isn't necessary for RFC-compliant
   SSH implementations.
03 Apr 2018 23:14:18
Original commit files touched by this commit Revision:466385  7.6.p1_3,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
libressl support was fixed in r452358
29 Mar 2018 14:53:24
Original commit files touched by this commit Revision:465899  7.6.p1_3,1 This port version is marked as vulnerable.
mat search for other commits by this committer
Mark some ports broken with openssl-devel.

Sponsored by:	Absolight
16 Mar 2018 20:20:09
Original commit files touched by this commit Revision:464727  7.6.p1_3,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Remove OVERWRITE_BASE compat - it was marked IGNORE in 2015
18 Oct 2017 17:19:26
Original commit files touched by this commit Revision:452358  7.6.p1_3,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
LibreSSL + LDNS: Fix random crashes.

This happens due to ldns-config --libs adding in too many libraries
(overlinking), and -lcrypto again, which causes some strange
conflict/corruption.  By specifying the path to --with-ldns, configure only
adds in -ldns rather than every library ldns itself needs.

PR:		223000
Reported by:	many
16 Oct 2017 07:26:09
Original commit files touched by this commit Revision:452177  7.6.p1_2,1 This port version is marked as vulnerable.
koobs search for other commits by this committer
security/openssh-portable: Remove groff dependency

An unconditional dependency on groff was added in ports r441907 [1] as part
of bug 213725 (groff removal from base). OpenSSH release-5.7 notes the
following:

 * Use mandoc as preferred manpage formatter if it is present, followed
   by nroff and groff respectively.

This change removes groff as an unconditional dependency allowing mandoc
to be used, and reduces many subsequence dependencies accordingly.

It additionally explicitly sets 'mantype', which ensures that man pages
are installed in the same location (LOCALBASE/man) independently from the
generator used. Without this, a packaging (pkg-plist) error is observed
(installing man pages into LOCALBASE/doc not LOCALBASE/man), which was
presumably the genesis of the groff dependency addition in the first place.

[1] http://svnweb.freebsd.org/changeset/ports/441907

Reviewed by:		bdrewery (maintainer), allanjude
Approved by:		bdrewery (maintainer)
Differential Revision:	D11793
14 Oct 2017 18:09:35
Original commit files touched by this commit Revision:452074  7.6.p1_1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Mark broken with libressl as it has several random crashses.

PR:		223000
13 Oct 2017 23:27:20
Original commit files touched by this commit Revision:452035  7.6.p1_1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Bring in upstream fix for PermitOpen from commit 7c9613fac337
12 Oct 2017 19:40:58
Original commit files touched by this commit Revision:451927  7.6.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update to 7.6p1

- Update x509 patch to 11.0
- HPN/NONECIPHER do not apply currently and are disabled by default,
  same as the base sshd.  A compatibility patch is applied if
  these options are disabled to prevent startup failures; the options
  are kept as deprecated.
- SCTP patch does not apply.

Changes: https://www.openssh.com/txt/release-7.6

Notable changes:
  - SSH version 1 support dropped.
  - Dropped support for hmac-ripemd160 MAC.
  - Dropped support for the ciphers arcfour, blowfish and CAST.
  - RSA keys less than 1024 bits are refused.
09 Jun 2017 14:44:19
Original commit files touched by this commit Revision:442999  7.5.p1_1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix LDNS detection.

This is the same fix made upstream as well.

PR:		218472
Submitted by:	leres@ee.lbl.gov
MFH:		2017Q2
28 May 2017 10:58:00
Original commit files touched by this commit Revision:441907  7.5.p1,1 This port version is marked as vulnerable.
antoine search for other commits by this committer
Register dependency on groff

PR:		213725
27 Apr 2017 12:14:37
Original commit files touched by this commit Revision:439541  7.5.p1,1 This port version is marked as vulnerable.
mat search for other commits by this committer
Mark those as not building with openssl-devel.

Sponsored by:	Absolight
01 Apr 2017 01:59:25
Original commit files touched by this commit Revision:437391  7.5.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 7.5p1.
- Update X509 to 10.1.
- Disable KERB_GSSAPI for now as it does not build.

Changes: https://www.openssh.com/txt/release-7.5
20 Mar 2017 18:16:43
Original commit files touched by this commit Revision:436555  7.4.p1_1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Change USE_AUTOTOOLS to USES= autoreconf
- Change @exec to @postexec in pkg-plist

Submitted by:	brnrd
PR:		217962
15 Mar 2017 14:45:31
Original commit files touched by this commit Revision:436247  7.4.p1_1,1 This port version is marked as vulnerable.
mat search for other commits by this committer
Remove all USE_OPENSSL occurrences.

Sponsored by:	Absolight
03 Mar 2017 04:12:21
Original commit files touched by this commit Revision:435306  7.4.p1_1,1 This port version is marked as vulnerable.
miwi search for other commits by this committer
- Chase ldns shlip bump

PR:		217495
17 Jan 2017 19:38:38
Original commit files touched by this commit Revision:431773  7.4.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix build with NONE_CIPHER.
16 Jan 2017 19:30:31
Original commit files touched by this commit Revision:431698  7.4.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update to 7.4p1.

- Update X509 patch to 9.3
- SCTP patch from soralx@cydem.org

Changes: https://www.openssh.com/txt/release-7.4
13 Jan 2017 23:44:24
Original commit files touched by this commit Revision:431448  7.3.p1_5,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix to only enable SCTP patch with option from r431441
13 Jan 2017 23:39:48
Original commit files touched by this commit Revision:431445  7.3.p1_4,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Add forgotten patch in r431438 for CVE-2016-10009 and CVE-2016-10010.

Security:	2c948527-d823-11e6-9171-14dae9d210b8
Submitted by:	Tim Zingelman <zingelman@gmail.com>
MFH:		2017Q1
13 Jan 2017 23:28:54
Original commit files touched by this commit Revision:431441  7.3.p1_3,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Add working SCTP patch.

This has 2 minor changes from the upstream bug 1604

PR:		215632
Submitted by:	soralx@cydem.org
13 Jan 2017 23:23:36
Original commit files touched by this commit Revision:431438  7.3.p1_2,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Add patches to cover security issues CVE-2016-10009 and CVE-2016-10010.

Security:	2c948527-d823-11e6-9171-14dae9d210b8
Submitted by:	Tim Zingelman <zingelman@gmail.com>
MFH:		2017Q1
24 Oct 2016 22:52:17
Original commit files touched by this commit Revision:424592  7.3.p1_1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Bring in upstream commit ec165c392ca54317dbe3064a8c200de6531e89ad:
  Unregister the KEXINIT handler after message has been
  received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
  allocation of up to 128MB -- until the connection is closed. Reported by
  shilei-c at 360.cn

Security:	CVE-2016-8858
08 Aug 2016 19:22:37
Original commit files touched by this commit Revision:419892  7.3.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 7.3p1
- X509: Unbreak and update to 9.0
- SCTP: Mark BROKEN
- KERB_GSSAPI: Unbreak and update from Debian's patch

Release notes: http://www.openssh.com/txt/release-7.3
19 May 2016 11:09:14
Original commit files touched by this commit Revision:415503  7.2.p2,1 This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
- Fix trailing whitespace in pkg-messages

Approved by:	portmgr blanket
19 May 2016 10:53:06
Original commit files touched by this commit Revision:415500  7.2.p2,1 This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
- Fix trailing whitespace in pkg-descrs, categories [p-x]*

Approved by:	portmgr blanket
16 May 2016 16:56:48
Original commit files touched by this commit Revision:415340  7.2.p2,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Bring in updated SCTP patch from gentoo.

Submitted by:	Eduardo Morras <emorrasg@yahoo.es>
01 Apr 2016 14:25:18
Original commit files touched by this commit Revision:412349  7.2.p2,1 This port version is marked as vulnerable.
mat search for other commits by this committer
Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight
11 Mar 2016 22:49:26
Original commit files touched by this commit Revision:410844  7.2.p2,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 7.2p2 which fixes X11Forwarding command injection vulnerability.

Changelog:	http://www.openssh.com/txt/release-7.2p2
Advisory:	http://www.openssh.com/txt/x11fwd.adv
29 Feb 2016 18:36:58
Original commit files touched by this commit Revision:409823  7.2.p1,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
- Update to 7.2p1
- Mark X509 and KERB_GSSAPI as BROKEN.

Changelog: http://www.openssh.com/txt/release-7.2

With help from:	brnrd
03 Feb 2016 22:15:12
Original commit files touched by this commit Revision:407996  7.1.p2,1 This port version is marked as vulnerable.
marino search for other commits by this committer
x11/xterm: document ncurses requirement (USES+=ncurses)

also link to libncurses rather than libcurses

approved by:	infrastructure blanket
20 Jan 2016 02:18:42
Original commit files touched by this commit Revision:406725  7.1.p2,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix the KERB_GSSAPI option using the latest patch from Debian.

This slightly refactors some of the HPN patch to avoid a conflict.

PR:		206346
Submitted by:	Garret Wollman
14 Jan 2016 16:41:45
Original commit files touched by this commit Revision:406123  7.1.p2,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update to 7.1p2

Changes: http://www.openssh.com/txt/release-7.1p2

MFH:		2016Q1
Security:	CVE-2016-0777
Security:	CVE-2016-0778
11 Nov 2015 21:21:45
Original commit files touched by this commit Revision:401299  7.1.p1_4,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Make portlint stop spamming me.  It's gotten quite silly.

There's no reason to regenerate these for the sake of having 'UTC' in the patch
and it also considers patches with comments to be invalid.

WARN: /root/svn/ports/security/openssh-portable/files/patch-auth.c: patch was
not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-auth2.c: patch was
not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-readconf.c: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN:
/root/svn/ports/security/openssh-portable/files/patch-regress__test-exec.sh:
patch was not generated using ``make makepatch''.  It is recommended to use
``make makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-servconf.c: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-session.c: patch was
not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.1: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.c: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh.c: patch was not
generated using ``make makepatch''.  It is recommended to use ``make makepatch''
when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config.5: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshconnect.c: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.8: patch was
not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.c: patch was
not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config.5: patch
was not generated using ``make makepatch''.  It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
11 Nov 2015 21:04:48
Original commit files touched by this commit Revision:401298  7.1.p1_4,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Fix the NONECIPHER not actually being offered by the server.

Upstream issue: https://github.com/rapier1/openssh-portable/issues/3
11 Nov 2015 18:04:40
Original commit files touched by this commit Revision:401289  7.1.p1_3,1 This port version is marked as vulnerable.
bdrewery search for other commits by this committer
Update advice to disable ChallengeResponseAuthentication for key usage.

PR:		204475
Reported by:	Mark.Martinec@ijs.si

Number of commits found: 379 (showing only 100 on this page)

1 | 2 | 3 | 4  »