Re: security/openssh-portable HPN 404
Yeah I was told about that earlier on today. This version is closer to 5.8 so its an easy patch to fix multiple vulns. Not really meant as an end solution. On Thu, May 31, 2012 at 05:51:19AM +, Michael Scheidell wrote: > There is a pr already for 6.0 that needs submitter fixes. Search gnats for > prs owned by scheidell. > > -- > Michael Scheidell, CTO > >|SECNAP Network Security > > > -Original message- > From: Jason Hellenthal > To: Michael Scheidell > Cc: "freebsd-ports@freebsd.org" > Sent: Thu, May 31, 2012 03:38:32 GMT+00:00 > Subject: Re: security/openssh-portable HPN 404 > > > You guys may want to try these out... > > This updates to openssh-portable-5.9p1_2,1 > > See the attached config file for the options I tested with. If you want > something else and it does not work feel free to email me directly and > I will see what I can do. > > I don't have time to put this up publicly yet but will soon. > > On Wed, May 30, 2012 at 09:44:13PM -0400, Michael Scheidell wrote: > > > > > > On 5/30/12 9:25 PM, Bryan Drewery wrote: > > > cd /usr/ports/security/openssh-portable > > > fetchhttp://www.freebsd.org/cgi/query-pr.cgi?pr=ports%2F168306&getpatch=1 > > > patch< patch-openssh-hpn-mirror.txt > > > > > actually, the & in the command line mucks things up. > > > > this should work: > > cd /usr/ports/security/openssh-portable > > fetch -o - > > 'http://www.freebsd.org/cgi/query-pr.cgi?pr=ports%2F168306&getpatch=1' > > | patch > > > > (-o is output file.. unless you want a strange file hanging around, - > > means stdout, | patch just pipes standard out to in and to patch. > > > > -- > > Michael Scheidell, CTO > > >*| * SECNAP Network Security Corporation > > d: +1.561.948.2259 > > w: http://people.freebsd.org/~scheidell > > ___ > > freebsd-ports@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > > To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" > > -- > > - (2^(N-1)) -- - (2^(N-1)) ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: security/openssh-portable HPN 404
There is a pr already for 6.0 that needs submitter fixes. Search gnats for prs owned by scheidell. -- Michael Scheidell, CTO >|SECNAP Network Security -Original message- From: Jason Hellenthal To: Michael Scheidell Cc: "freebsd-ports@freebsd.org" Sent: Thu, May 31, 2012 03:38:32 GMT+00:00 Subject: Re: security/openssh-portable HPN 404 You guys may want to try these out... This updates to openssh-portable-5.9p1_2,1 See the attached config file for the options I tested with. If you want something else and it does not work feel free to email me directly and I will see what I can do. I don't have time to put this up publicly yet but will soon. On Wed, May 30, 2012 at 09:44:13PM -0400, Michael Scheidell wrote: > > > On 5/30/12 9:25 PM, Bryan Drewery wrote: > > cd /usr/ports/security/openssh-portable > > fetchhttp://www.freebsd.org/cgi/query-pr.cgi?pr=ports%2F168306&getpatch=1 > > patch< patch-openssh-hpn-mirror.txt > > > actually, the & in the command line mucks things up. > > this should work: > cd /usr/ports/security/openssh-portable > fetch -o - > 'http://www.freebsd.org/cgi/query-pr.cgi?pr=ports%2F168306&getpatch=1' > | patch > > (-o is output file.. unless you want a strange file hanging around, - > means stdout, | patch just pipes standard out to in and to patch. > > -- > Michael Scheidell, CTO > >*| * SECNAP Network Security Corporation > d: +1.561.948.2259 > w: http://people.freebsd.org/~scheidell > ___ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org" -- - (2^(N-1)) ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: security/openssh-portable HPN 404
You guys may want to try these out...
This updates to openssh-portable-5.9p1_2,1
See the attached config file for the options I tested with. If you want
something else and it does not work feel free to email me directly and
I will see what I can do.
I don't have time to put this up publicly yet but will soon.
On Wed, May 30, 2012 at 09:44:13PM -0400, Michael Scheidell wrote:
>
>
> On 5/30/12 9:25 PM, Bryan Drewery wrote:
> > cd /usr/ports/security/openssh-portable
> > fetchhttp://www.freebsd.org/cgi/query-pr.cgi?pr=ports%2F168306&getpatch=1
> > patch< patch-openssh-hpn-mirror.txt
> >
> actually, the & in the command line mucks things up.
>
> this should work:
> cd /usr/ports/security/openssh-portable
> fetch -o -
> 'http://www.freebsd.org/cgi/query-pr.cgi?pr=ports%2F168306&getpatch=1'
> | patch
>
> (-o is output file.. unless you want a strange file hanging around, -
> means stdout, | patch just pipes standard out to in and to patch.
>
> --
> Michael Scheidell, CTO
> >*| * SECNAP Network Security Corporation
> d: +1.561.948.2259
> w: http://people.freebsd.org/~scheidell
> ___
> freebsd-ports@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
--
- (2^(N-1))
===> The following configuration options are available for
openssh-portable-5.9.p1_2,1:
BSM=on: "Enable OpenBSM Auditing"
FILECONTROL=off: "Enable file control patch (broken)"
HPN=on: "Enable HPN-SSH patch"
KERBEROS=off: "Enable kerberos (autodetection)"
KERB_GSSAPI=off: "Enable Kerberos/GSSAPI patch (req: GSSAPI)"
LIBEDIT=on: "Enable readline support to sftp(1)"
LPK=off: "Enable LDAP Public Key (LPK) patch"
OPENSSH_CHROOT=on: "Enable CHROOT support"
OVERWRITE_BASE=off: "OpenSSH overwrite base"
PAM=on: "Enable pam(3) support"
TCP_WRAPPERS=on: "Enable tcp_wrappers support"
X509=off: "Enable x509 certificate patch"
===> Use 'make config' to modify these settings
diff -urN security/openssh-portable-5.8p2/Makefile security/openssh-portable/Makefile
--- security/openssh-portable-5.8p2/Makefile 2012-05-01 05:56:31.0 -0400
+++ security/openssh-portable/Makefile 2012-05-30 20:01:26.493449509 -0400
@@ -6,9 +6,9 @@
#
PORTNAME= openssh
-DISTVERSION= 5.8p2
-PORTREVISION= 2
-PORTEPOCH= 1
+DISTVERSION= 5.9p1
+PORTREVISION= 2
+PORTEPOCH= 1
CATEGORIES= security ipv6
MASTER_SITES= ${MASTER_SITE_OPENBSD}
MASTER_SITE_SUBDIR= OpenSSH/portable
@@ -42,7 +42,6 @@
OPTIONS= PAM "Enable pam(3) support"on \
TCP_WRAPPERS "Enable tcp_wrappers support" on \
LIBEDIT "Enable readline support to sftp(1)" on \
- SUID_SSH "Enable suid SSH (Recommended off)" off \
BSM "Enable OpenBSM Auditing" off \
KERBEROS "Enable kerberos (autodetection)" off \
KERB_GSSAPI "Enable Kerberos/GSSAPI patch (req: GSSAPI)" off \
@@ -87,10 +86,6 @@
CONFIGURE_ARGS+= --with-libedit
.endif
-.if !defined(WITH_SUID_SSH)
-CONFIGURE_ARGS+= --disable-suid-ssh
-.endif
-
.if defined(WITH_BSM)
CONFIGURE_ARGS+= --with-audit=bsm
.endif
@@ -119,7 +114,7 @@
.if defined(WITH_HPN)
PATCH_SITES+= http://www.psc.edu/networking/projects/hpn-ssh/
-PATCHFILES+= ${PORTNAME}-5.8p1-hpn13v11.diff.gz
+PATCHFILES+= ${PORTNAME}-5.9p1-hpn13v12.diff.gz
PATCH_DIST_STRIP=
.endif
@@ -194,11 +189,9 @@
-e 's|%%RC_SCRIPT_NAME%%|${RC_SCRIPT_NAME}|' ${WRKSRC}/sshd.8
@${REINPLACE_CMD} -E -e 's|SSH_VERSION|TMP_SSH_VERSION|' \
-e 's|.*SSH_RELEASE.*||' ${WRKSRC}/version.h
- @${ECHO_CMD} '#define FREEBSD_PORT_VERSION " FreeBSD-${PKGNAME}"' >> \
- ${WRKSRC}/version.h
- @${ECHO_CMD} '#define SSH_VERSION TMP_SSH_VERSION SSH_PORTABLE FREEBSD_PORT_VERSION' >> \
+ @${ECHO_CMD} '#define SSH_VERSION TMP_SSH_VERSION SSH_PORTABLE' >> \
${WRKSRC}/version.h
- @${ECHO_CMD} '#define SSH_RELEASE TMP_SSH_VERSION SSH_PORTABLE FREEBSD_PORT_VERSION' >> \
+ @${ECHO_CMD} '#define SSH_RELEASE TMP_SSH_VERSION SSH_PORTABLE' >> \
${WRKSRC}/version.h
.if defined(WITH_HPN)
@${REINPLACE_CMD} -e 's|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION SSH_PORTABLE SSH_HPN|' \
diff -urN security/openssh-portable-5.8p2/distinfo security/openssh-portable/distinfo
--- security/openssh-portable-5.8p2/distinfo 2011-10-21 12:18:56.0 -0400
+++ security/openssh-portable/distinfo 2012-05-30 19:07:47.129970365 -0400
@@ -1,8 +1,4 @@
-SHA256 (openssh-5.8p2.tar.gz) = 5c35ec7c966ce05cc4497ac59c0b54a556e55ae7368165cc8c4129694654f314
-SIZE (openssh-5.8p2.tar.gz) = 1115475
-SHA256 (openssh-5.8p1-hpn13v11.diff.gz) = 62b500d29d8889ce76c8b596eb65731d8ac3469d89d9c6eb29fec2a845159df7
-SIZE (openssh-5.8p1-hpn13v11.diff.gz) = 22993
-SHA256 (openssh-5.8p1+x509-7.0.diff.gz) = 3b578cbf69f25e630e8da52b6586a36c62c0c7ce026f95acda91c023dc47c85b
-SIZE (openssh-5.8p1+x509-7.0.diff.gz) = 184277
-SHA256 (openssh-5.7p1-gsskex-all-20110125.patch) = bfdc72c3d7d5d4f9f8a78b649988dff8fad780cfa72bad4a69eb
Re: security/openssh-portable HPN 404
On 5/30/12 9:25 PM, Bryan Drewery wrote: cd /usr/ports/security/openssh-portable fetchhttp://www.freebsd.org/cgi/query-pr.cgi?pr=ports%2F168306&getpatch=1 patch< patch-openssh-hpn-mirror.txt actually, the & in the command line mucks things up. this should work: cd /usr/ports/security/openssh-portable fetch -o - 'http://www.freebsd.org/cgi/query-pr.cgi?pr=ports%2F168306&getpatch=1' | patch (-o is output file.. unless you want a strange file hanging around, - means stdout, | patch just pipes standard out to in and to patch. -- Michael Scheidell, CTO >*| * SECNAP Network Security Corporation d: +1.561.948.2259 w: http://people.freebsd.org/~scheidell ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Re: security/openssh-portable HPN 404
Hi, On 5/30/2012 6:38 PM, Michael wrote: > Hi, I found problem on FreeBSd 9.0 RELEASE p2 > > dev# cd /usr/ports/security/openssh-portable > dev# make deinstall > ===> Deinstalling for security/openssh-portable > ===> openssh-portable not installed, skipping > dev# make clean > ===> Cleaning for openssh-portable-5.8.p2_2,1 > dev# make > ===> License check disabled, port has not defined LICENSE > ===> Found saved configuration for openssh-portable-5.8.p2_2,1 > => openssh-5.8p1-hpn13v11.diff.gz doesn't seem to exist in > /usr/ports/distfiles/. > => Attempting to fetch > http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.8p1-hpn13v11.diff.g > z > fetch: > http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.8p1-hpn13v11.diff.g > z: Not Found > => Attempting to fetch > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/openssh-5.8p1-hpn13v11.dif > f.gz > fetch: > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/openssh-5.8p1-hpn13v11.dif > f.gz: File unavailable (e.g., file not found, no access) > => Couldn't fetch it - please try to retrieve this > => port manually into /usr/ports/distfiles/ and try again. > *** Error code 1 > > Stop in /usr/ports/security/openssh-portable. > *** Error code 1 > > Stop in /usr/ports/security/openssh-portable. > > As we see it no longer can fetch sources. > Can the port maintainer please fix this? > Best to email po...@freebsd.org, not freebsd-ports-bugs@. There is a patch for this problem in ports/168306: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/168306 cd /usr/ports/security/openssh-portable fetch http://www.freebsd.org/cgi/query-pr.cgi?pr=ports%2F168306&getpatch=1 patch < patch-openssh-hpn-mirror.txt Currently there is no maintainer of security/openssh-portable, but there are some patches to upgrade to 5.9/6.0 in the works. Regards, Bryan Drewery signature.asc Description: OpenPGP digital signature
