summaryrefslogtreecommitdiffstats
path: root/security
Commit message (Collapse)AuthorAgeFilesLines
* update to 1.6.1mharo1999-12-221-1/+3
|
* Update to 1.6.1mharo1999-12-223-19/+8
|
* * Update portsentry to 1.0jedgar1999-12-222-6/+6
| | | | | | | | * Remove current MAINTAINER as email has been unreachable for weeks * Add dan@freebsddiary.com as MAINTAINER at his request PR: 15490 Submitted by: Dan Langille <dan@freebsddiary.com>
* Upgrade to 1.5.dirk1999-12-222-3/+3
|
* Install sudoers in correct place.asami1999-12-171-6/+6
| | | | Submitted by: jhb via cpiazza
* Fix whitespace problem.asami1999-12-141-46/+38
| | | | Submitted by: jedgar@fxp.org
* Fix buffer overflow problem properly.asami1999-12-131-38/+46
| | | | | Submitted by: kris Obtained from: bugtraq list (I believe)
* For some reason etc/sudoers.sample isn't installed by the distfiles'sobrien1999-12-101-0/+3
| | | | Makefile any more. So install it manually.
* Unbreak for 3.4-R by changing the MASTER_SITE path in case mharocpiazza1999-12-101-1/+1
| | | | doesn't get to PR 15403 in time.
* update to 1.6.mharo1999-12-102-7/+4
| | | | | had to remove manpage path corrections patch (patch-ac) because I don't have time till after Friday to work on this port more.
* Back out my change from Oct.26, this was a misconfigured hack and shouldfoxfair1999-12-091-5/+0
| | | | | | never be taken. Pointed out by : maintainer.
* Activate chrootuid.truckman1999-12-091-0/+1
|
* The chrootuid command combines chroot(8) and su(1) into one program,truckman1999-12-096-0/+59
| | | | | | | | so that there is no need to have commands such as /usr/bin/su in the restricted environment. Access to the file system is restricted to the newroot subtree and privileges are restricted to those of the newuser account (which must be a known account in the unrestricted environment).
* Change broken link to homepage to official oneache1999-12-084-2/+4
|
* I've cleaned up ${CVS_DATE} usage a bit (keep spaces correctly), andgreen1999-12-085-61/+63
| | | | | | | | | | updated to today's snapshot of OpenSSH. Various updates from the latest ${CVS_DATE}, and requisite patch changes, are the "big new thing". Nothing major has changed; the biggest ones would be using atomicio() in a lot of places and a fix for a SIGHUP not updating sshd(8)'s configuration until the next connection.
* Update to 2.3 beta #9.obrien1999-12-072-3/+3
| | | | This speeds up OS scans.
* The software's www page has been moved.sada1999-12-071-1/+1
|
* In the meantime (while things are being worked and decided on on thegreen1999-12-065-22/+328
| | | | | | | | | | | | | | | OpenBSD OpenSSH front), add ConnectionsPerPeriod to prevent DoS via running the system out of resources. In reality, this wouldn't be a full DoS, but would make a system slower, but this is a better thing to do than let the system get loaded down. So here we are, rate-limiting. The default settings are now: Five connections are allowed to authenticate (and not be rejected) in a period of ten seconds. One minute is given for login grace time. More work in this area is being done by alfred@FreeBSD.org and markus@OpenBSD.org, at the very least. This is, essentially, a stopgap solution; however, it is a properly implemented and documented one, and has an easily modifiable framework.
* Under advisories, put RESTRICTED back. It more accurately reflectsgreen1999-12-061-0/+2
| | | | | | | | reality, though. One file, cipher.c, calls cryptographic routines from external libraries. This really cannot encumber OpenSSH in any case, but I put RESTRICTED back since it would give people a false hope of being able to install the OpenSSH package but not the requisite, RESTRICTED (so nonexistant) openssl package.
* Upgrade to l0pht-watch 1.1kris1999-12-063-11/+11
| | | | Reviewed by: Maintainer
* Good-bye, RESTRICTED.green1999-12-061-2/+0
| | | | | | | | | | | | | Reasons: 1. It's not crypto. 2. It links with crypto. a. That crypto is in the public domain. b. Linking with crypto does not constitute cryptography. 3. Even if it were crypto, the description of the entire protocol, etc., is in the public domain. The RFC is PD in the USA, and the white paper in Europe. 4. Precedence? Even if it were crypto, the Bernstein case has set precedence for allowing export of that. But it's not even crypto.
* Reduce LoginGraceTime from 10 minutes (!!!) to 30 seconds. More togreen1999-12-041-2/+3
| | | | come, soon.
* fix buffer overflow in RSA{Public,Private}Decrypt. from CORE SDI.cpiazza1999-12-021-0/+42
|
* PORTLINT rules.foxfair1999-12-012-8/+6
|
* More portlint cleanup.foxfair1999-12-012-8/+8
|
* PORTLINT rules.foxfair1999-12-012-10/+10
|
* Upgrade nessus-plugins to 0.99.1 .foxfair1999-12-018-82/+126
|
* Upgrade to 0.99.1, and make portlint happy.foxfair1999-12-016-8/+12
|
* Active nessus-* ports.foxfair1999-12-011-0/+3
|
* PR: 14776foxfair1999-12-0110-0/+618
| | | | | | | | Submitted by: Anders Nordby <anders@fix.no> Import the plugins for nessus, network security scanner program. WWW: http://www.nessus.org/
* PR: 14775foxfair1999-12-0110-0/+134
| | | | | | | | | | | | | | | | | | Submitted by: Anders Nordby <anders@fix.no> NASL is a scripting language designed for the Nessus security scanner. Its aim is to allow anyone to write a test for a given security hole in a few minutes, to allow people to share their tests without having to worry about their operating system, and to garantee everyone that a NASL script can not do anything nasty except performing a given security test against a given target. NASL is not a powerful scripting language. Its purpose is to make scripts that are security tests. So, do not expect to write a third generation web server in this language, nor a file conversion utility. Use perl, python or whatever scripting language to do this. WWW: http://www.nessus.org/doc/nasl.html
* PR: 14774foxfair1999-12-0110-0/+126
| | | | | Submitted by: Anders Nordby <anders@fix.no> Split nessus-libraries from nessus port.
* PR: ports/14773foxfair1999-12-0110-522/+182
| | | | | | Submitted by: maintainer Update to 0.99.1, and disable nessus for compiling in -current. Original patch submitted by the maintainer, and some fixes from me.
* Update one of the master sites.archie1999-11-301-1/+1
| | | | Submitted by: Brent <brent@kearneys.ca>
* Add the PAM SSH RSA key authentication module. For example, you can add,green1999-11-295-6/+373
| | | | | | | | | "login auth sufficient pam_ssh.so" to your /etc/pam.conf, and users with a ~/.ssh/identity can login(1) with their SSH key :) PR: 15158 Submitted by: Andrew J. Korty <ajk@waterspout.com> Reviewed by: obrien
* Update to a current CVS_DATE. The only real change I see is the (big)green1999-11-284-155/+157
| | | | | | | change of KNFization being finalized :) Patches had to be modified, but should look "better" according to style(9), now.
* Change CFLAGS to get modified in Makefile.inc, fixing thegreen1999-11-282-4/+6
| | | | | | problem several people have reported with make.conf setting ${CFLAGS}. Partially submitted by: Jos Backus <Jos.Backus@nl.origin-it.com>
* Update to 0.6.1nsayer1999-11-282-4/+4
| | | | Submitted by: sascha@schumann.cx
* Re-importing in net.steve1999-11-261-1/+0
| | | | Suggested by: kris
* Activate the dante and p5-Authen-PAM ports.steve1999-11-261-0/+2
|
* Initial import of p5-Authen-PAM version 0.08.steve1999-11-265-0/+35
| | | | | | | A Perl interface to the PAM library. PR: 14137 Submitted by: Matt Behrens <matt@zigg.com>
* Forgot a linecpiazza1999-11-251-0/+1
|
* Patches are now available from www.ssh.org/patchescpiazza1999-11-252-2/+5
| | | | Submitted by: Issei Suzuki <issei@jp.freebsd.org>
* Removed an obsoleted patch.sada1999-11-241-4/+0
| | | | | PR: 15059 Submitted by: Maintainer
* Also, set SSH_PROGRAM correctly.green1999-11-241-1/+1
|
* Update the CVS_DATE. This brings in support for TIS authentication,green1999-11-2421-298/+578
| | | | | | | | | | | | | | | | | | obsoleting a couple patches (it's the same code, though, except for additions). This also brings in KNFization of everything (please hold the cheering down :) and made me reroll all my patches. My patches have been almost entirely rewritten. The places are the same, but the code's rewritten. It fits with the style (KNF) now, and looks better. I've also added strlcat.c to the build, which, just like strlcpy.c, is necessary for compatibility with older libcs. After strlcat() snuck into the OpenSSH code recently, this would prevent OpenSSH from building on (e.g.) FreeBSD 3.2. Adding it to ssh/lib/ makes it work yet again :)
* Correct ssh-keygen usage.green1999-11-231-1/+1
| | | | Submitted by: Larry Baird <lab@gta.com>
* Clean up some shell scripting and replace it with proper Makefilegreen1999-11-221-8/+12
| | | | | syntax. Run ssh-keygen for ssh_host_key on port install, not just package install.
* I wish CVS would report new files. This broke the carefully designedgreen1999-11-221-8/+10
| | | | mirroring system. The tarball was fine, but the extraction was not
* And away we go! Here comes the source mirror, thanks Mark!green1999-11-211-1/+1
| | | | Submitted by: markm
OpenPOWER on IntegriCloud