| non port: security/openssh-portable/files/patch-servconf.c |
Number of commits found: 17 |
|
Thursday, 28 Jun 2018
|
03:38 bdrewery 
- Fix and update HPN patch to latest from upstream but leave it off by
default.
- Add an 'hpn' FLAVOR to produce a package for users with HPN and
NONECIPHER enabled.
Approved by: portmgr (implicit)
  |
|
Tuesday, 19 Jun 2018
|
15:42 bdrewery
Fix nologin check when PAM option is disabled in the port.
PR: 229147
Submitted by: Robert Schulze <rs@bytecamp.net>
|
15:34 bdrewery
Add lost metadata on why this patch exists
|
|
Monday, 29 Feb 2016
|
18:36 bdrewery
- Update to 7.2p1
- Mark X509 and KERB_GSSAPI as BROKEN.
Changelog: http://www.openssh.com/txt/release-7.2
With help from: brnrd
|
|
Wednesday, 11 Nov 2015
|
21:21 bdrewery
Make portlint stop spamming me. It's gotten quite silly.
There's no reason to regenerate these for the sake of having 'UTC' in the patch
and it also considers patches with comments to be invalid.
WARN: /root/svn/ports/security/openssh-portable/files/patch-auth.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-auth2.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-readconf.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN:
/root/svn/ports/security/openssh-portable/files/patch-regress__test-exec.sh:
patch was not generated using ``make makepatch''. It is recommended to use
``make makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-servconf.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-session.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.1: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh.c: patch was not
generated using ``make makepatch''. It is recommended to use ``make makepatch''
when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config.5: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshconnect.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.8: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config.5: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
|
|
Tuesday, 18 Aug 2015
|
15:42 bdrewery
- Update to OpenSSH 7.0p1
- Update X509 patch to 8.5
Changes: http://www.openssh.com/txt/release-7.0
|
|
Monday, 27 Jul 2015
|
18:41 bdrewery
Fix accidental revert of PermitRootLogin default to NO.
This was due to the patch not being needed in the snapshot version
which I based the 6.9 update off of. The default is changed in
the upcoming 7.0 release
|
18:30 bdrewery
- Update to 6.9p1
- Update X509 patch to 8.4
Changes: http://www.openssh.com/txt/release-6.9
|
|
Saturday, 4 Apr 2015
|
17:16 bdrewery
- Update to 6.8p1
- Fix 'make test'
- HPN:
- NONECIPHER is no longer default. This is not default in base and should not
be default here as it introduces security holes.
- HPN: I've audited the patch and included it in the port directory for
transparency. I identified several bugs and submitted them to the new
upstream: https://github.com/rapier1/openssh-portable/pull/2
- HPN: The entire patch is now ifdef'd to ensure various bits are properly
removed depending on the OPTIONS selected.
- AES_THREADED is removed. It has questionable benefit on modern HW and is not
stable.
- The "enhanced logging" was removed from the patch as it is too
intrusive and difficult to maintain in the port.
- The progress meter "peak throughput" patch was removed.
- Fixed HPN version showing in client/server version string when HPN
was disabled in the config.
- KERB_GSSAPI is currently BROKEN as it does not apply.
- Update X509 to 8.3
Changelog: http://www.openssh.com/txt/release-6.8
|
|
Monday, 23 Mar 2015
|
04:23 bdrewery
Stop forcing the port version string into the server banner.
The port now uses VersionAddendum in the sshd_config to allow overriding
this value. Using "none" allows disabling the default of the port
version string. The default is kept to show the port version string to
remain close to the base version.
Support for the client VersionAddendum may be added soon as well to better
match base and not give surprises when switching from base to the port.
PR: 193127
Requested by: many, including myself when this was broken years ago.
|
|
Wednesday, 5 Feb 2014
|
01:40 bdrewery
- Update to 6.5
ChangeLog: http://www.openssh.org/txt/release-6.5
- Update X509 patch to 7.8
- Update LIB_DEPENDS to new format
- Revert r328706 and re-enable privilege separation sandboxing by default
as the issue causing crashes has been fixed upstream
- capsicum(4) is now enabled upstream. A local patch is added to fix an issue
with it [1]
- KERB_GSSAPI is marked BROKEN. It does not build.
This patch lacks an upstream and I have no way to test it. It needs
a non-trivial amount of refactoring for 6.5 as the key handling API
has changed quite a bit.
Submitted by: pjd@ [1]
|
|
Sunday, 29 Sep 2013
|
15:07 bdrewery
- Copy base r251088 over (which removes a patch) and disable default sandbox
privilege separation as it causes crashes when using AES crypto devices.
This now uses 'yes' for UsePrivilegeSeparation instead of 'sandbox' by
default
Reminded by: Garrett Wollman
|
|
Friday, 17 May 2013
|
19:47 bdrewery
- Update to 6.2p2
- The LPK patch has been updated but is obsolete, deprecated and
untested. It has been replaced by AuthorizedKeysCommand
- The upstream HPN's last update was for 6.1 and is mostly
abandoned. The patch has had bugs since 5.9. I have reworked
it and split into into HPN and AES_THREADED options. The
debugging/logging part of the patch is incomplete. I may
change the patch to more closely match our base version
eventually.
- The KERB_GSSAPI option has been removed as the patch has not
been updated by upstream since 5.7
- sshd VersionAddendum is currently not working as intended;
it will be fixed later to allow removing the port/pkg version.
- Update our patchset to match latest base version
- Bring in ssh-agent -x support from base
- I incrementally updated the port from 5.8 up to 6.2p2 along
with patches. You can find all of the versions at
https://github.com/bdrewery/openssh
Changes:
http://www.openssh.com/txt/release-5.9
http://www.openssh.org/txt/release-6.0
http://www.openssh.org/txt/release-6.1
http://www.openssh.org/txt/release-6.2
http://www.openssh.org/txt/release-6.2p2
|
|
Wednesday, 17 Apr 2013
|
00:35 bdrewery
- Remove compatibiliy for FreeBSD <4.x
* /var/empty has been in hier(7) since 4.x
* User sshd has been in base since 4.x
* Simplify a patch for realhostname_sa(3) usage
- Remove SUID_SSH - It was removed from ssh in 2002
- Fix 'make test'
- Add some hints into the patches on where they came from
- Mirror all patches
- Move LPK patch out of files/
- Remove the need for 2 patches
* Removal of 'host-key check-config' in install phase
* Adding -lutil
- Add SCTP support [1]
- Remove FILECONTROL as it has not been supported since the 5.8
update
- Replace tab with space pkg-descr
- Remove default WRKSRC
- Add 'configtest' command to rc script
- Mark X509 broken with other patches due to PATCH_DIST_STRIP=-p1
PR: ports/174570 [1]
Submitted by: oleg <proler@gmail.com> [1]
Obtained from: https://bugzilla.mindrot.org/show_bug.cgi?id=2016 (upstream) [1]
Feature safe: yes
|
|
Friday, 21 Oct 2011
|
16:18 flo
- update to 5.8p2 [1]
- fix Kerberos knob [2]
- fix build on 9.0 [3]
- fix deinstall with various knobs [4]
- fix LPK knob [5]
PR: ports/161818 [1], ports/144597 [2], ports/160389 [3]
ports/150493, ports/156926 [4], ports/155456 [5]
Submitted by: "Grzegorz Blach" <magik@roorback.net> [1], [2], [4], [5]
pluknet [3]
Reported by: Jonathan <lordsith49@hotmail.com> [2]
Kevin Thompson <antiduh@csh.rit.edu> [4]
Alexey Remizov <alexey@remizov.org> [5]
|
|
Wednesday, 13 Jul 2011
|
21:47 stephen
- Add VersionAddendum support.
- Bump portrevision.
PR: ports/142824
Submitted by: Scot Hetzel <swhetzel@gmail.com>
Approved by: gabor (mentor)
|
|
Sunday, 1 Oct 2006
|
02:15 mnag
- Update to 4.4p1.
- Disable temporary HPN patch until HPN release new version.
- Fix rc.d script path in sshd.8
- Add FreeBSD-${PKGNAME} in SSH_VERSION and SSH_RELEASE like src does.
- Sync patches with src.
Security: CVE-2006-4924, CVE-2006-5051
|
Number of commits found: 17 |
As an Amazon Associate I earn from qualifying purchases.