| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ssh_encode_{array_alloc,buffer}() calls as appropriate in order to
fix argument size problems on 64-bit platforms and that manifest
themselves on amd64 and ia64. [1]
- Allow the tcsetattr(3) calls in ssh_rl_{restore,set}_tty_modes_for_fd()
to be interrupted by signal. This fixes occasional problems when
connecting to a host for the first time.
- Use the base zlib instead of the one shipping with SSH; although the
latter has an enhancement allowing a minor SSH-specific optimization,
using the base one has the benefit of not needing to track security
vulnerabilities of zlib in this port (SSH 3.2.9.1 ships with zlib
1.1.4 which is not know to be vulnerable though).
- Try to make the description of the WITHOUT_X11 option of the port
Makefile to be more sentence-like.
PR: 98016 [1]
Approved by: netchild
Obtained from: NetBSD [1]
|
| |
|
|
|
|
| |
Submitted by: Jarkko Santala <jake@iki.fi>
Approved by: portmgr (erwin)
Security: http://vuxml.freebsd.org/594ad3c5-a39b-11da-926c-0800209adf0e.html
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Move the generation of the host key (if not present) from the package/
port installation to the startup script in order to be in line with
what the base OpenSSH and the OpenSSH-portable port do.
- Flush stdout when updating the transfer progress bar of sftp2 and scp2
so the info displayed is up to date. [1]
- Remove obsolete USE_REINPLACE, remove trailing white space in Makefile.
PR: 91262 [1]
Approved by: netchild
|
| |
|
|
| |
Approved by: krion@
|
| |
|
|
|
| |
Approved by: krion@
PR: ports/88711 (related)
|
| |
|
|
|
| |
Source: distfile survey
Approved by: maintainer
|
| |
|
|
|
|
|
|
|
|
|
|
| |
and make XFREE86_VERSION map to it. XFREE86_VERSION is now deprecated.
- Make xorg the default X_WINDOW_SYSTEM on -current.
- Add several new X_*_PORT variables which point to various pieces of X11 based
on the setting of X_WINDOW_SYSTEM, and make ports use them.
- Add information to CHANGES about how to handle the transition.
PR: ports/68763
Approved by: portmgr (marcus)
Approved by: re (scottl)
|
| |
|
|
|
|
|
|
| |
- Make configure explicitly look in X11BASE/bin for xauth(1) in order to
also catch non-standard locations.
Submitted by: maintainer (marius)
Approved by: portmgr (marcus)
|
| |
|
|
| |
Approved by: marius
|
| |
|
|
|
|
|
|
|
|
| |
- Remove the autodetection for X11 support and the WITH_X11 knob, instead
always build with X11 support and add a WITHOUT_X11 knob. Together with
an additional ssh2-nox11 slave port this allows easier handling of these
two variants and to have pre-compiled packages for both (ssh2 with X11
support depends on X11 libraries).
Submitted by: maintainer (marius)
|
| |
|
|
| |
Submitted by: trevor via maintainer
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Improve Kerberos support in ssh2:
- Change the WITH_KERBEROS knob into a WITHOUT_KERBEROS knob so kerberized
ssh2 automatically is built when MIT Kerberos is installed, unless the
WITHOUT_KERBEROS knob is defined.
- Check for a library unique to MIT Kerberos to make sure it's not Heimdal
that KRB5_HOME accidentally points to.
- Add dependency on security/krb5 when built with Kerberos support.
- When compiled with Kerberos support also turn it on by default in client
and server config files and set "PermitRootLogin" to "nopwd" to only allow
those with root tickets declared in ~root/.k5login" to login as root. [1]
Ssh2 now should work out of the box in an environment using MIT Kerberos.
Submitted by: Peter Losher <Peter_Losher@isc.org> [1] (kerberos-patch-*)
Tested by: Peter Losher <Peter_Losher@isc.org>
---snip---
Submitted by: maintainer
Strange commit log formatting to prevent
ambiguous "Submitted by" lines by: committer
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sshd2 unless it detects an entry for ssh in /etc/inetd.conf. As there
are three ways to automatically start sshd2 and /etc/rc.conf is the
simplest one (at least on FreeBSD 4, with rcNG once /etc/rc.d/sshd is
fixed to not be tailored to the base sshd) this version of the port
is the last one to do so. Beginning with next version it will only
install a sample start-up script. To prevent foot shooting when
updating to the next version this port won't remove an existing
start-up scripting on deinstall. Please see also the pkg-message that
gets displayed on installation.
- Update to 3.2.9.1. This is _not_ a security update. For the non-commercial
version the only change worth mentioning since 3.2.5 is the addition of the
config option "DisableVersionFallback", see sshd2_config(5) for further
details.
- Use sites from the official list of mirrors for MASTER_SITES.
- Adjust COMMENT to justify why this port is security/ssh2, not security/ssh3.
- Revise list of installed documentation. No longer install MANIFEST (list of
source files) and INSTALL, install RFCs referenced in sshd2_config(5) and
HOWTO.anonymous.sftp (patched to better fit FreeBSD).
- Remove WITH_STATIC_SFTP knob. Using the internal sftp-server instead of the
external (static) one is much simpler to set up and maintain (using the
external one requires to install a copy of it in the home directory of the
anonymous sftp user which has to be manually updated when installing a newer
version of the port).
- Remove WITHOUT_TCPWRAP knob, libwarp is part of FreeBSD since 3.2.
- Install examples scripts for the ExternalAuthorizationProgram and
AuthKbdInt.Plugin config options in EXAMPLESDIR. See sshd2_config(5) for
further information.
- Replace references to /etc/ssh2/* in config files with PREFIX/etc/ssh2/*.
- Add a pkg-message displaying the different methods to automatically start
sshd2.
- Switch to the start-up script for Solaris which is part of the tarball, it
handles the name of the pidfile better.
- Fix detection of X11 headers, this enables compilation with support for X11
SECURITY extension. See TrustX11Applications in ssh2_config(5) for further
information.
- Add a test target to the Makefile of the port, the tests seem a bit outdated
and buggy but it's enough to e.g. do a bit of speed comparison when building
with different compilers.
- Minor changes and clean-up (sort pkg-plist, don't add /usr/local/lib to
the library search path when compiling, etc.).
Revive some local modifications lost with the update to 3.1.0:
- Use login_cap(3)/login_class(3) facilities to set environment variables,
prority and shell, get motd, copyright, hushlogin and nologin, respect
ignorenologin and requirehome. This changes are roughly based on former
patch-ah and patch-ai and patches of security/openssh.
- Don't print "No mail.", it's not FreeBSD login style.
Submitted by: maintainer
|
| |
|
|
|
|
| |
bsd.port.mk macro.
Submitted by: Oliver Eikemeier <eikemeier@fillmore-labs.com>
|
| |
|
|
|
| |
Submitted by: eikemeier@fillmore-labs.com
Approved by: kris
|
| |
|
|
|
|
| |
No PORTREVISION update because of the short timeframe between the commits.
Submitted by: maintainer
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixed a critical security bug with RSA signature
verification. Mitigating factors: DSA is used by default (not
vulnerable). Also, the attack requires that attacker has the
public key and the attacker needs to precompute the signature
data so, that it looks like a valid PKCS#1 signature. This is a
non-trivial task to perform without the private
key. Nonetheless, all users should update their servers and
clients as soon as convenient. Workarounds are to not use RSA
keys as host keys (though connecting to existing hosts with RSA
hostkeys poses a serious risk with a vulnerable client), and
disabling publickey authentication. Update your clients and
servers.
Update MASTER_SITES, remove sites that are down or no langer carry ssh2
and add some new.
- Turn Kerberos and group writeability support into knobs so one hasn't to
edit the Makefile.
- Remove dependency on security/tcp_wrapper for tcp-wrapper support on
systems < FreeBSD 4.0, that port is no longer persistent.
- Fix pkg-plist for WITH_STATIC_SFTP case.
- Replace referneces to /etc/ssh2/* in man pages with references to
PREFIX/etc/ssh2/* in order to better fit for FreeBSD.
- Replace "$(ETCDIR)" in ssh_dummy_shell.out with PREFIX/etc.
- Remove duplicated mechanism for generating the host key if an old one isn't
found in the post-install target in the Makefile of the port, this is
already done by the generate-host-key target in WRKSRC/apps/ssh/Makefile.
- Fix differences between the install action done when installing the
package versus installing the port. I.e. make the package create the host
key with what ever bits ssh-keygen2 defaults to (currently 2048) instead
of 1024 bits, copy over the configuration files for ssh2 and sshd2 from
the examples if not already existent and create the directories for the
global host keys and known hosts files.
- Add some foo to pkg-plist to remove as much as possible from PREFIX/etc/ssh2,
i.e. configuration files that don't differ from the corresponding examples
and empty directories. Inform the user to remove what's left over if any.
- Use _PATH_STDPATH instead of _PATH_DEFPATH so that the default PATH gets
set to "/usr/bin:/bin:/usr/sbin:/sbin:PREFIX/bin" instead of
"/usr/bin:/bin:PREFIX/bin". Using _PATH_STDPATH is consistent with OpenSSH
and seems more usefull. One might want to patch ssh2 to also use login_cap(3)
so that e.g. PATH gets picked up from whatever is defined in /etc/login.conf.
- Change MAINTAINER.
- Replace "share/doc/ssh2" with %%DATADIR%% in pkg-plist.
Submitted by: Marius Strobl <marius@alchemy.franken.de>
Approved by: maintainer
|
| |
|
|
|
| |
PR: ports/48542
Submitted by: Lars Eggert <larse@isi.edu>
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
2.) If libX11.a exists and xauth not, the build of ssh2 fails. This
patch fix this.
3.) ssh2/files/sshd.sh looks for the wrong pid file in /var/run.
This patch fix this and adds 2> /dev/null to the sshd2 startup
PR: 46012
Submitted by: maintainer
|
| |
|
|
|
| |
PR: 45876
Submitted by: maintainer
|
| |
|
|
|
| |
PR: 39491
Submitted by: maintainer
|
| |
|
|
|
|
|
| |
http://www.ssh.com/products/ssh/advisories/authentication.cfm
PR: 38592
Submitted by: maintainer
|
| | |
|
| |
|
|
|
|
|
|
| |
Note: The PR includes diffs to cope with WITHOUT_X11 env,
but this was already committed by knu-san.
So I just added CONFIGURE_ARGS line, please verify it.
PR: ports/35385
Submitted by: maintainer
|
| |
|
|
|
|
|
| |
{WITH,WITHOUT}_X11 and detect ${X11BASE}/lib/libX11.a.
Reported by: bento
Obtained from: security/ssh (partly)
|
| |
|
|
|
|
|
|
|
|
|
| |
PR: ports/34740
Submitted by: larse@ISI.EDU
- Add %%PORTDOCS%% to pkg-plist.
- Assign MAINTAINER to the submitter.
Requested by: issei (previous MAINTAINER)
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
PR: 15691
Submitted by: Roger Marquis <marquis@roble.com>
Reviewed by: maintainer
|
| |
|
|
|
| |
PR: ports/20869
Submitted by: Issei Suzuki <issei@issei.org> (Maintainer)
|
| |
|
|
| |
the Porter's Handbook. :-)
|
| |
|
|
|
| |
PR: 18620
Submitted by: maintainer
|
| | |
|
| |
|
|
|
|
|
| |
WITHOUT_FOO. Begin the process of reserving these prefixes for user defined
options.
No comment by: ports
|
| |
|
|
|
|
|
|
| |
Thanks to those who reported this.
PRs: 17927, 17937
Submitted by: Keith Davey <redlance@primenet.com>
maintainer (ssh2)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
stopping the server.
Martti's submission did not include -h, which I added because if I had
added the scripts the way he submitted them, the server wouldn't be
started on startup.
PR: 10196
Submitted by: Martti Kuparinen <martti.kuparinen@ericsson.com>
Reviewed by: kris (partially)
No response: maintainers (PR opened February 22, 1999)
|
| | |
|
| |
|
|
|
|
|
| |
with the ssh1 port.
Asked for by: several on the ports list over time
[the maintainer has not responded to multiple emails asking about this change]
|
| |
|
|
|
| |
PR: 14759
Submitted by: Jeremy Lea <reg@shale.csir.co.za>
|
| | |
|
| |
|
|
| |
Submitted by: Issei Suzuki <issei@jp.freebsd.org>
|
| |
|
|
|
| |
PR: 15059
Submitted by: Maintainer
|
| |
|
|
|
|
|
|
| |
variants. Fixes a security bug in tty allocation.
PR: 13515
PR: 13536
Submitted by: Issei Suzuki <issei@jp.FreeBSD.org> (ssh2 maintainer)
|
| |
|
|
|
| |
Prompted by PR: 13476, 13477
Submitted by: KATO Tsuguru
|
| | |
|
| |
|
|
| |
chown -> ${CHOWN}
|
| |
|
|
|
|
|
|
|
|
|
|
| |
[Has anyone figured-out what makes the number 393 so interesting to PW, now?]
I wonder what was going through Jordan's head during his infamous
$Id$-smashing commit.
Before I forget....
Thanks to naddy@mips.rhein-neckar.de (Christian Weisgerber) for prompting
this commit. See msg-id: 7geokh$tje$1@mips.rhein-neckar.de
|
| | |
|
| |
|
|
|
|
|
| |
XXXtgetent from original PR fixed
PR: 12279
Submitted by: Issei Suzuki <issei@issei.org>
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
is picked up correctly.
PR: 10577
Submitted by: maintainer
|
| |
|
|
|
|
| |
variables and priority!
Enable light debugging for compatibility with -v option
Don't print "No mail." - not in BSD login style.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ssh 2.0.9 has bugs abount updating utmp/wtmp file.
2. Now you can compile ssh2 to support TCP_Wrapper
(security/tcp_wrapper) when you define USE_TCPWRAP=YES
3. Fix typo in MASTER_SITES
(Thanks to Chris Piazza <norn@home.net>)
4. Use /usr/lib/libz.so.* instead of libz in ssh2 source file.
5. Delete some obsolute pathes.
PR: ports/8916
Submitted by: issei@jp.FreeBSD.ORG
|
| | |
|
| | |
|
| |
|
|
|
| |
PR: ports/8204
Submitted by: Issei Suzuki <issei@jp.FreeBSD.ORG>
|
| | |
|
| | |
|
| |
|
|
| |
Requested by: Studded@gorean.org
|
| |
|
|
|
|
| |
CONFIGURE_ARGS defintion to use "+=" so it won't override the first.
While I'm here, GNU_CONFIGURE implies --prefix=${PREFIX} so take it out.
|
| |
|
|
| |
Also Suggested by: asami
|
| |
|
|
| |
Suggested by: asami
|
| |
|
|
|
| |
of ssh now. If anyone knows of a way of making the build dependency here
less gross, I'm listening! :)
|
| |
|
|
| |
available "broken out."
|
| | |
|
| |
|
|
|
| |
libwrap is a shared library so it should be LIB_DEPENDS, and delete
some spaces and tab-only lines.
|
| |
|
|
|
|
| |
checks haven't missed anything.
Submitted by: dima
|
| |
|
|
|
| |
specify the location of system libs.
Reviewed by: Mark Murray, David O'Brien
|
| | |
|
| |
|
|
| |
Reminded by: asami
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Somebody needs to go through patch-af to check it, since I'm not sure
about some of the stuff.
This version fixes a security flaw in previous version.
|
| | |
|
| |
|
|
|
|
|
|
| |
fast assembly code. Patchfile must be manually placed in DISTDIR,
as described in the Makefile.
PR: 6446
Submitted by: Jonathan Hanna <pangolin@rogers.wave.ca>
|
| | |
|
| |
|
|
| |
have been bugging me for many months. :)
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Remove FreeBSD mail check, now done elsewhere in the code
Use bsdi code to warn about expired/changed passwords
Move misplaced login_close up
|
| |
|
|
|
|
|
| |
1.2.22 fixes a security hole with ssh-agent, so users are encouraged
to upgrade.
OK'd by: Torsten Blum (torstenb@freebsd.org)
|
| |
|
|
|
|
| |
OpenBSD and FreeBSD now both use rresvport. This is a nop for
FreeBSD, but for OpenBSD this picks random port numbers.
Submitted by: deraadt@cvs.openbsd.org
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Use USE_PERL5 when appropriate (i.e., defined in both BUILD_DEPENDS
and RUN_DEPENDS).
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Remove p5-CGI.pm and p5-ExtUtils-Embed; they are now part of the perl5.004 distribution.
|
| | |
|
| |
|
|
|
|
|
| |
1) pw->pw_class was always zero since not copied
2) login_getuserclass() used instead of login_getclass(), so
default class always returned
3) env pointer can be redefined at the moment of setusercontext() call
|
| |
|
|
|
|
|
|
|
| |
regenerated them to fix the line numbers. Also, I added two commented out
options in Makefile, one to tell sshd that a group writeable homedir
is OK because all users are in their own group, and the other is to allow
an unencrypted connection (which is dangerous since it can lead to
compromise of keys), but on a secure network it's damn useful for backups
etc.
|
| | |
|
| |
|
|
|
| |
properly. In old variant /var/mail/root was always checked instead of
/var/mail/<user>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Submitted by: davidn
|
| |
|
|
|
|
|
| |
ignores it's argument (it's meaningless, the kernel keeps the state), but
2.1.x use it. ssh was effectively giving a random port to 2.1.
Originally noticed by: John Polstra <jdp@polstra.com>
|
| |
|
|
| |
(new agent forwarding protocol that is said to work this time)
|
| | |
|
| |
|
|
|
|
| |
Mimic login more closely now:
1) Put usual Copyright line
2) You have mail
|
| |
|
|
|
| |
1) Too many false open syscalls on pty allocation
2) (more serious) ssh not use about half of available ptys
|
| | |
|
| |
|
|
|
|
|
|
| |
reporting bug which happens if the remote end uses tcp_wrappers to control
sshd access (it says something like "read: no such file or directory" or
"read: permission denied" instead of "connection closed"). I already sent it
in to the ssh mailing list.
Submitted by: fenner
|
| |
|
|
| |
Fix PLIST
|
| |
|
|
|
|
|
|
|
|
| |
all the COMMENTs! No package names, no version numbers, no "this is
absolutix-3.1.2" type comments that have zero information contents.
Now, without any bad examples to follow, nobody has an excuse to import
a port with those kind of comments. :)
Phew! 238 ports modified!
|
| | |
|
| |
|
|
| |
itself. This means it obeys the portrange sysctl's.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- protect the secret RSA etc/ssh_host_key. It is now generated on install
(either by pkg_add or make install) if not already present and is not
ever added to a package since it's your host's credentials. It should
not be removed on pkg_delete, since you are in big trouble if you did
this (for example) pkg_delete ssh-1.2.14; pkg_add ssh-1.2.15.tgz.
- fix the broken manpage symlink when compressing man pages (slogin.1
has been causing /etc/weekly to generate cron messages)
- zlib 1.0.4 is now "blessed" again, the ssh working sources now use this
instead of v0.95. The decompression problem was fixed in either 1.0.3
or 1.0.4. Also, the current version of cvs uses zlib 1.0.4 as well..
- perl5.002 -> perl5.003
Reviewed by: torstenb
|
| |
|
|
|
|
|
| |
ssh for transport. FreeBSD does not have the implementation bugs that some
other systems appear to have, this option only hurts us.
Reviewed by: torstenb
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Misc bugfixes
|
| |
|
|
|
|
|
| |
People, if you do a "make makesum" on a non-US machine, don't forget
to add this line back before commiting it:
MD5 (rsaref2.tar.gz) = 0b474c97bf1f1c0d27e5a95f1239c08d
|
| | |
|
| |
|
|
| |
valid information in utmp and lastlog
|
| | |
|
| | |
|
| |
|
|
|
| |
All libzs 0.99-1.0.2 produce deflate error on certain files (with ssh)
I don't know, is it ssh error or libz error
|
| |
|
|
|
|
|
| |
ssh-askpass no longer uses wish, so chop the make rules that attempt to
locate it.
Go further to try and protect the ssh_host_key, since it's critical to
the operation and security of the machine.
|
| |
|
|
| |
that we have that one too.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Found by: Andrzej Tobola <san@iem.pw.edu.pl>
|
| |
|
|
|
|
|
| |
security problems.
Also re-do the method we use for disconnecting ourselves from the supplied
gmp and z libraries so that this can be maintained in the future (sigh!).
|
| | |
|
| |
|
|
| |
Autopick libwrap.a
|
| |
|
|
| |
Make the Makefile aware of libz dependancies.
|
| |
|
|
|
| |
and not contains ssh in this directory. Another directory there have
obsoleted ssh version.
|
| | |
|
| |
|
|
|
| |
Fix installation bug too (scripts not installed)
Fix PLIST (missing files)
|
| |
|
|
|
|
| |
1) It eliminated the need for my horrible kludge patch-ad
2) 1.2.12 has data stream compression (like gzip).
(I'm talking with the author about the remining three patches)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
patch-ac: call setsid() before setlogin() in the child (when emulating rsh)
otherwise the setlogin() will fail when/if the proposed setlogin() changes
go in. Otherwise it silently fails and may leave the login name of the user
session as "root" (depending on how sshd was started). Without the proposed
kernel change, it harmlessly sets the login name of the user's session.
patch-ad: patch the #ifdef botch that stopped a ssh login from using and
updating the lastlog file. This is because we have struct lastlog defined
inside utmp.h rather than a lastlog.h include file like it was expecting.
|
| | |
|
| | |
|
| | |
|
|
|
(.rhosts together with RSA based host authentication, and pure RSA
authentication) and improved privacy (all communications are automatically
and transparently encrypted).
|
