longer supported by default since 7.0. [1]
I do plan to make this configurable based on PR 202169 [2] soon.
PR: 202792 [1]
PR: 202169 [2]
Submitted by: chrysalis@chrysalisnet.org [1]
Patches must not be changed by the vcs, this includes the
svn:keyword expansion. Set fbsd:nokeywords to a couple of patches.
With hat: portmgr
Sponsored by: Absolight
This was due to the patch not being needed in the snapshot version
which I based the 6.9 update off of. The default is changed in
the upcoming 7.0 release
upstream; it was fixed upstream comprehensively a few weeks ago in
77199d6ec8986d470487e66f8ea8f4cf43d2e20c.
PR: 200241
Patch by: Hanno Böck <hanno@hboeck.de>
Obtained from: http://www.openwall.com/lists/oss-security/2015/05/16/3
- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.
While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.
Also, replace some EXTRACT_SUFX occurences with USES=tar:*.
Checked by: make fetch-urlall-list
With hat: portmgr
Sponsored by: Absolight
when the NONECIPHER option is selected but not the HPN option. The server
banner was improperly sending a NULL byte after the newline causing confusion
on the client. This was an error in my own modifications to the HPN patch
in r383231.
This may have occurred with stale builds as well, such as running
'make configure' then 'portsnap update' and then 'make build'.
Pointyhat to: bdrewery
Reported by: many
PR: 199352
1. There's no need to patch the xauth(1) location as the OpenSSH build already
does so based on the --with-xauth path provided. It also updates manpages.
2. Don't modify manpage for shosts location as it was wrong. The proper
LOCALBASE path is now used due to OpenSSH's build already handling it
properly.
3. Remove confusing UsePrivilegeSeparation change in sshd_config. The default
upstream is to have it disabled by default. The sshd_config line is in
upstream to enable it by default in new installations. We always enable
it though. So remove the sshd_config change which makes it look like
we don't use it; it was not a needed difference with upstream.
From discussion with: TJ <tj@mrsk.me>
- Fix 'make test'
- HPN:
- NONECIPHER is no longer default. This is not default in base and should not
be default here as it introduces security holes.
- HPN: I've audited the patch and included it in the port directory for
transparency. I identified several bugs and submitted them to the new
upstream: https://github.com/rapier1/openssh-portable/pull/2
- HPN: The entire patch is now ifdef'd to ensure various bits are properly
removed depending on the OPTIONS selected.
- AES_THREADED is removed. It has questionable benefit on modern HW and is not
stable.
- The "enhanced logging" was removed from the patch as it is too
intrusive and difficult to maintain in the port.
- The progress meter "peak throughput" patch was removed.
- Fixed HPN version showing in client/server version string when HPN
was disabled in the config.
- KERB_GSSAPI is currently BROKEN as it does not apply.
- Update X509 to 8.3
Changelog: http://www.openssh.com/txt/release-6.8
TCP_WRAPPERS: /usr/include/tcpd.h is always installed by the base system.
It is only libwrap.so that is conditional on WITH_TCP_WRAPPERS.
PAM: /usr/include/security/pam_modules.h is always installed.
This fixes FreshPorts claiming this port is ignored.
The port now uses VersionAddendum in the sshd_config to allow overriding
this value. Using "none" allows disabling the default of the port
version string. The default is kept to show the port version string to
remain close to the base version.
Support for the client VersionAddendum may be added soon as well to better
match base and not give surprises when switching from base to the port.
PR: 193127
Requested by: many, including myself when this was broken years ago.
Keep it as an option as otherwise the user won't be notified that
their configuration is wrong and it will just install to PREFIX
instead, which would be surprising.
Several patches do not currently apply. Use security/openssh-portable66 for:
HPN, NONECIPHER, KERB_GSSAPI, X509.
- Add a TCP_WRAPPER patch to re-enable support after it was removed upstream.
Alias is a new USES tool that allows DragonFly to masquerade as FreeBSD
by setting CFLAGS+= -D__FreeBSD__. For some ports, this fixes the build
without the need for additional patches.
Approved by: portmgr (bapt, blanket)
These will be removed on January 1 2015.
Really ports should not be touching the base system at all.
This option is a big foot-shoot problem:
1. Recent versions of FreeBSD such as 9.3, 10.0, 10.1+, now remove all ssh
files from /usr if you 'make delete-old' with WITHOUT_SSH. This results in
removing the overwrite base files.
2. Uninstalling the package leaves the system with no ssh.
3. Running installworld without WITHOUT_SSH results in overwriting the
package, or giving false-positive 'pkg check -s' errors.
4. The port fails to pass QA checks because it removes system files.
- Switch to using @sample keyword, fixing orphans.
Upstream note on "6.6.1" [1]:
OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519
key exchange incorrectly, causing connection failures about 0.2% of
the time when this method is used against a peer that implements
the method properly.
Fix the problem and disable the curve25519 KEX when speaking to
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
to enable the compatability code.
[1] https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032494.html
