Date: Sun, 29 Sep 2013 15:07:15 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r328706 - in head/security/openssh-portable: . files Message-ID: <201309291507.r8TF7FWr043462@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Sun Sep 29 15:07:15 2013 New Revision: 328706 URL: http://svnweb.freebsd.org/changeset/ports/328706 Log: - Copy base r251088 over (which removes a patch) and disable default sandbox privilege separation as it causes crashes when using AES crypto devices. This now uses 'yes' for UsePrivilegeSeparation instead of 'sandbox' by default Reminded by: Garrett Wollman Modified: head/security/openssh-portable/Makefile head/security/openssh-portable/files/patch-servconf.c head/security/openssh-portable/files/patch-sshd_config head/security/openssh-portable/files/patch-sshd_config.5 Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Sun Sep 29 14:55:52 2013 (r328705) +++ head/security/openssh-portable/Makefile Sun Sep 29 15:07:15 2013 (r328706) @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 6.2p2 -PORTREVISION= 3 +PORTREVISION= 4 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= ${MASTER_SITE_OPENBSD} Modified: head/security/openssh-portable/files/patch-servconf.c ============================================================================== --- head/security/openssh-portable/files/patch-servconf.c Sun Sep 29 14:55:52 2013 (r328705) +++ head/security/openssh-portable/files/patch-servconf.c Sun Sep 29 15:07:15 2013 (r328706) @@ -39,12 +39,3 @@ if (options->kbd_interactive_authentication == -1) options->kbd_interactive_authentication = 0; if (options->challenge_response_authentication == -1) -@@ -335,7 +339,7 @@ - options->version_addendum = xstrdup(""); - /* Turn privilege separation on by default */ - if (use_privsep == -1) -- use_privsep = PRIVSEP_NOSANDBOX; -+ use_privsep = PRIVSEP_ON; - - #ifndef HAVE_MMAP - if (use_privsep && options->compression == 1) { Modified: head/security/openssh-portable/files/patch-sshd_config ============================================================================== --- head/security/openssh-portable/files/patch-sshd_config Sun Sep 29 14:55:52 2013 (r328705) +++ head/security/openssh-portable/files/patch-sshd_config Sun Sep 29 15:07:15 2013 (r328706) @@ -72,7 +72,7 @@ #TCPKeepAlive yes #UseLogin no -UsePrivilegeSeparation sandbox # Default for new installations. -+#UsePrivilegeSeparation sandbox ++#UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 Modified: head/security/openssh-portable/files/patch-sshd_config.5 ============================================================================== --- head/security/openssh-portable/files/patch-sshd_config.5 Sun Sep 29 14:55:52 2013 (r328705) +++ head/security/openssh-portable/files/patch-sshd_config.5 Sun Sep 29 15:07:15 2013 (r328706) @@ -79,15 +79,6 @@ .It Cm UsePrivilegeSeparation Specifies whether .Xr sshd 8 -@@ -1157,7 +1183,7 @@ - The goal of privilege separation is to prevent privilege - escalation by containing any corruption within the unprivileged processes. - The default is --.Dq yes . -+.Dq sandbox . - If - .Cm UsePrivilegeSeparation - is set to @@ -1182,7 +1208,7 @@ or .Dq no .
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309291507.r8TF7FWr043462>