From owner-svn-ports-all@FreeBSD.ORG Wed Apr 1 01:04:24 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9CCBAC0E; Wed, 1 Apr 2015 01:04:24 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6D715652; Wed, 1 Apr 2015 01:04:24 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t3114O2M029155; Wed, 1 Apr 2015 01:04:24 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t3114Nou029153; Wed, 1 Apr 2015 01:04:23 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201504010104.t3114Nou029153@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Wed, 1 Apr 2015 01:04:23 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r382887 - head/security/openssh-portable X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2015 01:04:24 -0000 Author: bdrewery Date: Wed Apr 1 01:04:23 2015 New Revision: 382887 URL: https://svnweb.freebsd.org/changeset/ports/382887 QAT: https://qat.redports.org/buildarchive/r382887/ Log: Make the check added in 2013 in r330200 for a bad ECDSA key actually work. Modified: head/security/openssh-portable/Makefile head/security/openssh-portable/pkg-plist Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Wed Apr 1 01:02:17 2015 (r382886) +++ head/security/openssh-portable/Makefile Wed Apr 1 01:04:23 2015 (r382887) @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 6.7p1 -PORTREVISION= 4 +PORTREVISION= 5 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= ${MASTER_SITE_OPENBSD} Modified: head/security/openssh-portable/pkg-plist ============================================================================== --- head/security/openssh-portable/pkg-plist Wed Apr 1 01:02:17 2015 (r382886) +++ head/security/openssh-portable/pkg-plist Wed Apr 1 01:04:23 2015 (r382887) @@ -13,7 +13,7 @@ etc/ssh/moduli @sample etc/ssh/ssh_config.sample @sample etc/ssh/sshd_config.sample %%X509%%@dir etc/ssh/ca -@exec if [ -f %D/etc/ssh_host_ecdsa_key ] && grep -q DSA %D/etc/ssh_host_ecdsa_key; then echo; echo "\!/ Warning \!/"; echo; echo "Your %D/etc/ssh_host_ecdsa_key is not a valid ECDSA key. It is incorrectly"; echo "a DSA key due to a bug fixed in 2012 in the security/openssh-portable port."; echo; echo "Regenerate a proper one with: rm -f %D/etc/ssh_host_ecdsa_key*; service openssh restart"; echo; echo "Clients should not see any key change warning since the ECDSA was not valid and was not actually"; echo "used by the server."; echo; echo "\!/ Warning \!/"; fi +@exec if [ -f %D/%%ETCDIR%%/ssh_host_ecdsa_key ] && grep -q DSA %D/%%ETCDIR%%/ssh_host_ecdsa_key; then echo; echo "\!/ Warning \!/"; echo; echo "Your %D/%%ETCDIR%%/ssh_host_ecdsa_key is not a valid ECDSA key. It is incorrectly"; echo "a DSA key due to a bug fixed in 2012 in the security/openssh-portable port."; echo; echo "Regenerate a proper one with: rm -f %D/%%ETCDIR%%/ssh_host_ecdsa_key*; service openssh restart"; echo; echo "Clients should not see any key change warning since the ECDSA was not valid and was not actually"; echo "used by the server."; echo; echo "\!/ Warning \!/"; fi sbin/sshd libexec/sftp-server libexec/ssh-keysign