--- - branch: pkgsrc-2015Q2 date: Tue Jul 14 22:03:39 UTC 2015 files: - new: 1.230.2.1 old: '1.230' path: pkgsrc/security/openssh/Makefile pathrev: pkgsrc/security/openssh/Makefile@1.230.2.1 type: modified - new: 1.91.2.1 old: '1.91' path: pkgsrc/security/openssh/distinfo pathrev: pkgsrc/security/openssh/distinfo@1.91.2.1 type: modified - new: 1.29.12.1 old: '1.29' path: pkgsrc/security/openssh/options.mk pathrev: pkgsrc/security/openssh/options.mk@1.29.12.1 type: modified - new: 1.3.12.1 old: '1.3' path: pkgsrc/security/openssh/patches/patch-Makefile.in pathrev: pkgsrc/security/openssh/patches/patch-Makefile.in@1.3.12.1 type: modified - new: 1.3.12.1 old: '1.3' path: pkgsrc/security/openssh/patches/patch-auth2.c pathrev: pkgsrc/security/openssh/patches/patch-auth2.c@1.3.12.1 type: modified - new: 1.3.12.1 old: '1.3' path: pkgsrc/security/openssh/patches/patch-config.h.in pathrev: pkgsrc/security/openssh/patches/patch-config.h.in@1.3.12.1 type: modified - new: 1.3.12.1 old: '1.3' path: pkgsrc/security/openssh/patches/patch-configure.ac pathrev: pkgsrc/security/openssh/patches/patch-configure.ac@1.3.12.1 type: modified - new: 1.3.12.1 old: '1.3' path: pkgsrc/security/openssh/patches/patch-platform.c pathrev: pkgsrc/security/openssh/patches/patch-platform.c@1.3.12.1 type: modified - new: 1.3.12.1 old: '1.3' path: pkgsrc/security/openssh/patches/patch-session.c pathrev: pkgsrc/security/openssh/patches/patch-session.c@1.3.12.1 type: modified - new: 1.3.12.1 old: '1.3' path: pkgsrc/security/openssh/patches/patch-ssh.c pathrev: pkgsrc/security/openssh/patches/patch-ssh.c@1.3.12.1 type: modified - new: 1.3.12.1 old: '1.3' path: pkgsrc/security/openssh/patches/patch-sshd.c pathrev: pkgsrc/security/openssh/patches/patch-sshd.c@1.3.12.1 type: modified - new: 1.1.18.1 old: '1.1' path: pkgsrc/security/openssh/patches/patch-auth-passwd.c pathrev: pkgsrc/security/openssh/patches/patch-auth-passwd.c@1.1.18.1 type: modified - new: 1.1.18.1 old: '1.1' path: pkgsrc/security/openssh/patches/patch-auth-rhosts.c pathrev: pkgsrc/security/openssh/patches/patch-auth-rhosts.c@1.1.18.1 type: modified - new: 1.1.18.1 old: '1.1' path: pkgsrc/security/openssh/patches/patch-openbsd-compat_port-tun.c pathrev: pkgsrc/security/openssh/patches/patch-openbsd-compat_port-tun.c@1.1.18.1 type: modified - new: 1.1.18.1 old: '1.1' path: pkgsrc/security/openssh/patches/patch-sshpty.c pathrev: pkgsrc/security/openssh/patches/patch-sshpty.c@1.1.18.1 type: modified - new: 1.2.14.1 old: '1.2' path: pkgsrc/security/openssh/patches/patch-auth.c pathrev: pkgsrc/security/openssh/patches/patch-auth.c@1.2.14.1 type: modified - new: 1.2.14.1 old: '1.2' path: pkgsrc/security/openssh/patches/patch-auth1.c pathrev: pkgsrc/security/openssh/patches/patch-auth1.c@1.2.14.1 type: modified - new: 1.2.14.1 old: '1.2' path: pkgsrc/security/openssh/patches/patch-includes.h pathrev: pkgsrc/security/openssh/patches/patch-includes.h@1.2.14.1 type: modified - new: 1.2.14.1 old: '1.2' path: pkgsrc/security/openssh/patches/patch-scp.c pathrev: pkgsrc/security/openssh/patches/patch-scp.c@1.2.14.1 type: modified - new: 1.1.4.1 old: '1.1' path: pkgsrc/security/openssh/patches/patch-channels.c pathrev: pkgsrc/security/openssh/patches/patch-channels.c@1.1.4.1 type: modified - new: 1.1.4.1 old: '1.1' path: pkgsrc/security/openssh/patches/patch-clientloop.c pathrev: pkgsrc/security/openssh/patches/patch-clientloop.c@1.1.4.1 type: modified - new: '0' old: '1.1' path: pkgsrc/security/openssh/patches/patch-compat.c pathrev: pkgsrc/security/openssh/patches/patch-compat.c@0 type: deleted - new: '0' old: '1.1' path: pkgsrc/security/openssh/patches/patch-sshconnect.c pathrev: pkgsrc/security/openssh/patches/patch-sshconnect.c@0 type: deleted - new: '0' old: '1.3' path: pkgsrc/security/openssh/patches/patch-configure pathrev: pkgsrc/security/openssh/patches/patch-configure@0 type: deleted - new: 1.2.12.1 old: '1.2' path: pkgsrc/security/openssh/patches/patch-defines.h pathrev: pkgsrc/security/openssh/patches/patch-defines.h@1.2.12.1 type: modified - new: 1.2.12.1 old: '1.2' path: pkgsrc/security/openssh/patches/patch-openbsd-compat_openbsd-compat.h pathrev: pkgsrc/security/openssh/patches/patch-openbsd-compat_openbsd-compat.h@1.2.12.1 type: modified - new: 1.1.2.2 old: '0' path: pkgsrc/security/openssh/patches/patch-sshd.8 pathrev: pkgsrc/security/openssh/patches/patch-sshd.8@1.1.2.2 type: added id: 20150714T220339Z.36f9f9bc6bb70f24b7da3d3a4b05953d1423805c log: "Pullup ticket #4771 - requested by taca\nsecurity/openssh: security update\n\nRevisions pulled up:\n- security/openssh/Makefile 1.233\n- security/openssh/distinfo 1.92-1.93\n- security/openssh/options.mk \ 1.30\n- security/openssh/patches/patch-Makefile.in \ 1.4\n- security/openssh/patches/patch-auth-passwd.c 1.2\n- security/openssh/patches/patch-auth-rhosts.c 1.2\n- security/openssh/patches/patch-auth.c \ 1.3\n- security/openssh/patches/patch-auth1.c 1.3\n- security/openssh/patches/patch-auth2.c 1.4\n- security/openssh/patches/patch-channels.c \ 1.2\n- security/openssh/patches/patch-clientloop.c 1.2\n- security/openssh/patches/patch-compat.c deleted\n- security/openssh/patches/patch-config.h.in \ 1.4\n- security/openssh/patches/patch-configure deleted\n- security/openssh/patches/patch-configure.ac 1.4\n- security/openssh/patches/patch-defines.h \ 1.3\n- security/openssh/patches/patch-includes.h 1.3\n- security/openssh/patches/patch-openbsd-compat_openbsd-compat.h 1.3\n- security/openssh/patches/patch-openbsd-compat_port-tun.c \ 1.2\n- security/openssh/patches/patch-platform.c 1.4\n- security/openssh/patches/patch-scp.c 1.3\n- security/openssh/patches/patch-session.c \ 1.4\n- security/openssh/patches/patch-ssh.c 1.4\n- security/openssh/patches/patch-sshconnect.c deleted\n- security/openssh/patches/patch-sshd.8 \ 1.1\n- security/openssh/patches/patch-sshd.c 1.4\n- security/openssh/patches/patch-sshpty.c 1.2\n\n---\n Module Name:\tpkgsrc\n Committed By:\ttaca\n Date:\t\tThu Jul 9 16:14:24 UTC 2015\n\n \ Modified Files:\n \tpkgsrc/security/openssh: Makefile distinfo options.mk\n \ \tpkgsrc/security/openssh/patches: patch-Makefile.in patch-auth-passwd.c\n \ \t patch-auth-rhosts.c patch-auth.c patch-auth1.c patch-auth2.c\n \t patch-channels.c patch-clientloop.c patch-config.h.in\n \t patch-configure.ac patch-defines.h patch-includes.h\n \t patch-openbsd-compat_openbsd-compat.h\n \t patch-openbsd-compat_port-tun.c patch-platform.c patch-scp.c\n \t patch-session.c patch-ssh.c patch-sshd.c patch-sshpty.c\n Added Files:\n \tpkgsrc/security/openssh/patches: patch-sshd.8\n \ Removed Files:\n \tpkgsrc/security/openssh/patches: patch-compat.c patch-configure\n \ \t patch-sshconnect.c\n\n Log Message:\n Update openssh to 6.9.1 (OpenSSH 6.9p1) which contains security fix.\n\n pkgsrc change:\n\n * tcp_wrappers support was removed from release 6.7, but add it refering\n FreeBSD's ports.\n \ * hpn-patch is also based on FreeBSD's ports.\n\n Security\n --------\n\n \ * ssh(1): when forwarding X11 connections with ForwardX11Trusted=no,\n connections made after ForwardX11Timeout expired could be permitted\n and no longer subject to XSECURITY restrictions because of an\n ineffective timeout check in ssh(1) coupled with \"fail open\"\n behaviour in the X11 server when clients attempted connections with\n expired credentials. This problem was reported by Jann Horn.\n\n * ssh-agent(1): fix weakness of agent locking (ssh-add -x) to\n password guessing by implementing an increasing failure delay,\n storing a salted hash of the password rather than the password\n itself and using a timing-safe comparison function for verifying\n unlock attempts. This problem was reported by Ryan Castellucci.\n\n For more information, please refer release announce.\n\n \ \thttp://www.openssh.com/txt/release-6.9\n \thttp://www.openssh.com/txt/release-6.8\n \ \thttp://www.openssh.com/txt/release-6.7\n\n---\n Module Name:\tpkgsrc\n \ Committed By:\tdsainty\n Date:\t\tFri Jul 10 07:00:29 UTC 2015\n\n Modified Files:\n \tpkgsrc/security/openssh: distinfo\n\n Log Message:\n Remove dangling stale hash for patch-sshconnect.c\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2015Q2] pkgsrc/security/openssh' unixtime: '1436911419' user: tron