| non port: security/openssh-portable/files/patch-sshd_config |
|
SVNWeb
|
Number of commits found: 17 |
|
Thu, 3 Mar 2022
|
[ 19:59 Bryan Drewery (bdrewery)  Author: Andrew Fyfe ]    418bb1f
security/openssh-portable: fix docs when built without PAM support
The defaults documented in sshd_config and sshd_config.5 are incorrect
if OpenSSH was built without PAM support and can be misleading to the
user whether or not password authentication is enabled.
- Moved PAM specific changes out of patch-sshd_config and into
extra-patch-pam-sshd_config
- sshd_config.5 PasswordAuthentication: added a new line before the note
to make it easier to read.
- sshd_config.5 UsePAM: noted the default value depends on whether
sshd was built with or without PAM support.
PR: 261342
|
|
Thu, 9 Sep 2021
|
[ 19:09 Bryan Drewery (bdrewery) ] a981593
security/openssh-portable: Update to 8.7p1.
Changes: https://www.openssh.com/txt/release-8.7
|
|
Wed, 11 Nov 2015
|
[ 21:21 bdrewery ]   (Only the first 10 of 16 ports in this commit are shown above.  )
Make portlint stop spamming me. It's gotten quite silly.
There's no reason to regenerate these for the sake of having 'UTC' in the patch
and it also considers patches with comments to be invalid.
WARN: /root/svn/ports/security/openssh-portable/files/patch-auth.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-auth2.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-readconf.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN:
/root/svn/ports/security/openssh-portable/files/patch-regress__test-exec.sh:
patch was not generated using ``make makepatch''. It is recommended to use
``make makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-servconf.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-session.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.1: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh.c: patch was not
generated using ``make makepatch''. It is recommended to use ``make makepatch''
when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config.5: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshconnect.c: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.8: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.c: patch was
not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config.5: patch
was not generated using ``make makepatch''. It is recommended to use ``make
makepatch'' when you need to [re-]generate a patch to ensure proper patch
format.
|
|
Mon, 27 Jul 2015
|
[ 18:30 bdrewery ] (Only the first 10 of 11 ports in this commit are shown above. )
- Update to 6.9p1
- Update X509 patch to 8.4
Changes: http://www.openssh.com/txt/release-6.9
|
|
Thu, 9 Apr 2015
|
[ 20:57 bdrewery ]
Cleanup some unneeded patches.
1. There's no need to patch the xauth(1) location as the OpenSSH build already
does so based on the --with-xauth path provided. It also updates manpages.
2. Don't modify manpage for shosts location as it was wrong. The proper
LOCALBASE path is now used due to OpenSSH's build already handling it
properly.
3. Remove confusing UsePrivilegeSeparation change in sshd_config. The default
upstream is to have it disabled by default. The sshd_config line is in
upstream to enable it by default in new installations. We always enable
it though. So remove the sshd_config change which makes it look like
we don't use it; it was not a needed difference with upstream.
From discussion with: TJ <tj@mrsk.me>
|
|
Wed, 5 Feb 2014
|
[ 01:40 bdrewery ]
- Update to 6.5
ChangeLog: http://www.openssh.org/txt/release-6.5
- Update X509 patch to 7.8
- Update LIB_DEPENDS to new format
- Revert r328706 and re-enable privilege separation sandboxing by default
as the issue causing crashes has been fixed upstream
- capsicum(4) is now enabled upstream. A local patch is added to fix an issue
with it [1]
- KERB_GSSAPI is marked BROKEN. It does not build.
This patch lacks an upstream and I have no way to test it. It needs
a non-trivial amount of refactoring for 6.5 as the key handling API
has changed quite a bit.
Submitted by: pjd@ [1]
|
|
Sun, 29 Sep 2013
|
[ 15:07 bdrewery ]
- Copy base r251088 over (which removes a patch) and disable default sandbox
privilege separation as it causes crashes when using AES crypto devices.
This now uses 'yes' for UsePrivilegeSeparation instead of 'sandbox' by
default
Reminded by: Garrett Wollman
|
|
Fri, 17 May 2013
|
[ 19:47 bdrewery ] (Only the first 10 of 15 ports in this commit are shown above. )
- Update to 6.2p2
- The LPK patch has been updated but is obsolete, deprecated and
untested. It has been replaced by AuthorizedKeysCommand
- The upstream HPN's last update was for 6.1 and is mostly
abandoned. The patch has had bugs since 5.9. I have reworked
it and split into into HPN and AES_THREADED options. The
debugging/logging part of the patch is incomplete. I may
change the patch to more closely match our base version
eventually.
- The KERB_GSSAPI option has been removed as the patch has not
been updated by upstream since 5.7
- sshd VersionAddendum is currently not working as intended;
it will be fixed later to allow removing the port/pkg version.
- Update our patchset to match latest base version (Only the first 15 lines of the commit message are shown above )
|
|
Wed, 17 Apr 2013
|
[ 00:35 bdrewery ] (Only the first 10 of 23 ports in this commit are shown above. )
- Remove compatibiliy for FreeBSD <4.x
* /var/empty has been in hier(7) since 4.x
* User sshd has been in base since 4.x
* Simplify a patch for realhostname_sa(3) usage
- Remove SUID_SSH - It was removed from ssh in 2002
- Fix 'make test'
- Add some hints into the patches on where they came from
- Mirror all patches
- Move LPK patch out of files/
- Remove the need for 2 patches
* Removal of 'host-key check-config' in install phase
* Adding -lutil
- Add SCTP support [1]
- Remove FILECONTROL as it has not been supported since the 5.8
update
- Replace tab with space pkg-descr
- Remove default WRKSRC
- Add 'configtest' command to rc script
- Mark X509 broken with other patches due to PATCH_DIST_STRIP=-p1
PR: ports/174570 [1]
Submitted by: oleg <proler@gmail.com> [1]
Obtained from: https://bugzilla.mindrot.org/show_bug.cgi?id=2016 (upstream) [1]
Feature safe: yes
|
|
Fri, 21 Oct 2011
|
[ 16:18 flo ] (Only the first 10 of 35 ports in this commit are shown above. )
- update to 5.8p2 [1]
- fix Kerberos knob [2]
- fix build on 9.0 [3]
- fix deinstall with various knobs [4]
- fix LPK knob [5]
PR: ports/161818 [1], ports/144597 [2], ports/160389 [3]
ports/150493, ports/156926 [4], ports/155456 [5]
Submitted by: "Grzegorz Blach" <magik@roorback.net> [1], [2], [4], [5]
pluknet [3]
Reported by: Jonathan <lordsith49@hotmail.com> [2]
Kevin Thompson <antiduh@csh.rit.edu> [4]
Alexey Remizov <alexey@remizov.org> [5]
|
|
Wed, 13 Jul 2011
|
[ 21:47 stephen ] (Only the first 10 of 12 ports in this commit are shown above. )
- Add VersionAddendum support.
- Bump portrevision.
PR: ports/142824
Submitted by: Scot Hetzel <swhetzel@gmail.com>
Approved by: gabor (mentor)
|
|
Tue, 24 Mar 2009
|
[ 17:26 pav ]
- Update to 5.1p1
PR: ports/128679
Submitted by: Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net>
Approved by: maintainer timeout (mnag; 4 months)
|
|
Sun, 1 Oct 2006
|
[ 02:15 mnag ] (Only the first 10 of 21 ports in this commit are shown above. )
- Update to 4.4p1.
- Disable temporary HPN patch until HPN release new version.
- Fix rc.d script path in sshd.8
- Add FreeBSD-${PKGNAME} in SSH_VERSION and SSH_RELEASE like src does.
- Sync patches with src.
Security: CVE-2006-4924, CVE-2006-5051
|
|
Tue, 12 Oct 2004
|
[ 04:42 dinoex ]
- cleanup patches
(only context changed)
|
|
Fri, 26 Sep 2003
|
[ 18:13 dinoex ] (Only the first 10 of 24 ports in this commit are shown above. )
- update to 3.7.1p2
more regressions tests successfull
|
|
Thu, 4 Jul 2002
|
[ 18:29 dinoex ]
'PermitRootLogin no' is the new default for the OpenSSH port.
This now matches the PermitRootLogin configuration of OpenSSH in
the base system. Please be aware of this when upgrading your
OpenSSH port, and if truly necessary, re-enable remote root login
by readjusting this option in your sshd_config.
Users are encouraged to create single-purpose users with ssh keys
and very narrowly defined sudo privileges instead of using root
for automated tasks.
- PKGNAMESUFFIX for GSSAPI set.
- Merged some patches from current to improve PAM.
- Fix BATCH=yes for bento.
|
|
Fri, 28 Jun 2002
|
[ 05:28 dinoex ]
Defaults changed: (Gregory Sutter)
ChallengeResponseAuthentication no
UseLogin no
patch for configure, to detect MAP_ANON submitted by:
Christophe Labouisse,Michael Handler,Gert Doering,Phil Oleson,Dave Baker
fix missing includes for "canohost.h"
|
Number of commits found: 17 |
As an Amazon Associate I earn from qualifying purchases.