![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / security / lsh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.24 / (download) - annotate - [select for diffs], Sun Jan 26 17:32:04 2020 UTC (3 years, 4 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3,
pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4,
pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4,
pkgsrc-2020Q3-base,
pkgsrc-2020Q3,
pkgsrc-2020Q2-base,
pkgsrc-2020Q2,
pkgsrc-2020Q1-base,
pkgsrc-2020Q1,
HEAD
Changes since 1.23: +2 -2
lines
Diff to previous 1.23 (colored)
all: migrate homepages from http to https pkglint -r --network --only "migrate" As a side-effect of migrating the homepages, pkglint also fixed a few indentations in unrelated lines. These and the new homepages have been checked manually.
Revision 1.23 / (download) - annotate - [select for diffs], Wed May 10 10:45:26 2017 UTC (6 years ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base,
pkgsrc-2019Q4,
pkgsrc-2019Q3-base,
pkgsrc-2019Q3,
pkgsrc-2019Q2-base,
pkgsrc-2019Q2,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4,
pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Changes since 1.22: +2 -1
lines
Diff to previous 1.22 (colored)
Requires termcap.
Revision 1.22 / (download) - annotate - [select for diffs], Thu Jan 19 18:52:24 2017 UTC (6 years, 4 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base,
pkgsrc-2017Q1
Changes since 1.21: +3 -3
lines
Diff to previous 1.21 (colored)
Convert all occurrences (353 by my count) of MASTER_SITES= site1 \ site2 style continuation lines to be simple repeated MASTER_SITES+= site1 MASTER_SITES+= site2 lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint accordingly.
Revision 1.21 / (download) - annotate - [select for diffs], Tue Oct 23 18:16:35 2012 UTC (10 years, 7 months ago) by asau
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base,
pkgsrc-2016Q4,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2,
pkgsrc-2016Q1-base,
pkgsrc-2016Q1,
pkgsrc-2015Q4-base,
pkgsrc-2015Q4,
pkgsrc-2015Q3-base,
pkgsrc-2015Q3,
pkgsrc-2015Q2-base,
pkgsrc-2015Q2,
pkgsrc-2015Q1-base,
pkgsrc-2015Q1,
pkgsrc-2014Q4-base,
pkgsrc-2014Q4,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3,
pkgsrc-2014Q2-base,
pkgsrc-2014Q2,
pkgsrc-2014Q1-base,
pkgsrc-2014Q1,
pkgsrc-2013Q4-base,
pkgsrc-2013Q4,
pkgsrc-2013Q3-base,
pkgsrc-2013Q3,
pkgsrc-2013Q2-base,
pkgsrc-2013Q2,
pkgsrc-2013Q1-base,
pkgsrc-2013Q1,
pkgsrc-2012Q4-base,
pkgsrc-2012Q4
Changes since 1.20: +1 -3
lines
Diff to previous 1.20 (colored)
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Revision 1.20 / (download) - annotate - [select for diffs], Fri Dec 16 12:54:41 2011 UTC (11 years, 5 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base,
pkgsrc-2012Q3,
pkgsrc-2012Q2-base,
pkgsrc-2012Q2,
pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4
Changes since 1.19: +3 -3
lines
Diff to previous 1.19 (colored)
-explicitely disable kerberos support to avoid PLIST fluctuations (seen in bulk build) -fix obvious typo in asm code (fixes i386 build) -don't install nettle library to avoid conflict with pkgsrc/nettle bump PKGREV
Revision 1.19 / (download) - annotate - [select for diffs], Wed Mar 24 19:43:28 2010 UTC (13 years, 2 months ago) by asau
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base,
pkgsrc-2011Q3,
pkgsrc-2011Q2-base,
pkgsrc-2011Q2,
pkgsrc-2011Q1-base,
pkgsrc-2011Q1,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1
Changes since 1.18: +2 -1
lines
Diff to previous 1.18 (colored)
Recursive revision bump for GMP update.
Revision 1.18 / (download) - annotate - [select for diffs], Sat Mar 13 04:40:12 2010 UTC (13 years, 2 months ago) by obache
Branch: MAIN
Changes since 1.17: +9 -4
lines
Diff to previous 1.17 (colored)
Updte lsh to 2.0.4. While here, * set LICENSE=gnu-gpl-v2 * marked as user-destdir installation ready * switch to use system argp * add missing zlib buildlink News for the 2.0.4 release Fixed x11 forwarding bug in the lsh client. News for the 2.0.3 release At startup, lshd now tries to close any spurious open file descriptors. New test case for lshd fd leakage. lshd --daemonic --no-syslog now sets up a proper daemonic environment, except that log messages are still sent to stderr. Improved testing of this feature.
Revision 1.17 / (download) - annotate - [select for diffs], Sun Aug 17 05:32:12 2008 UTC (14 years, 9 months ago) by dholland
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2009Q3-base,
pkgsrc-2009Q3,
pkgsrc-2009Q2-base,
pkgsrc-2009Q2,
pkgsrc-2009Q1-base,
pkgsrc-2009Q1,
pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
cube-native-xorg-base,
cube-native-xorg
Changes since 1.16: +4 -2
lines
Diff to previous 1.16 (colored)
This installs a bash script. Handle it properly. PKGREVISION++
Revision 1.16 / (download) - annotate - [select for diffs], Sun Apr 1 21:26:48 2007 UTC (16 years, 2 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
pkgsrc-2008Q1-base,
pkgsrc-2008Q1,
pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
pkgsrc-2007Q3-base,
pkgsrc-2007Q3,
pkgsrc-2007Q2-base,
pkgsrc-2007Q2,
pkgsrc-2007Q1-base,
pkgsrc-2007Q1,
cwrapper
Changes since 1.15: +14 -9
lines
Diff to previous 1.15 (colored)
Upgrade lsh to version 2 (from lsh2) and remove lsh2. No disagreement on pkgsrc-users.
Revision 1.15 / (download) - annotate - [select for diffs], Thu Feb 15 21:23:55 2007 UTC (16 years, 3 months ago) by rillig
Branch: MAIN
Changes since 1.14: +2 -1
lines
Diff to previous 1.14 (colored)
This package has info files.
Revision 1.14 / (download) - annotate - [select for diffs], Fri Jun 16 18:43:18 2006 UTC (16 years, 11 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base,
pkgsrc-2006Q4,
pkgsrc-2006Q3-base,
pkgsrc-2006Q3,
pkgsrc-2006Q2-base,
pkgsrc-2006Q2
Changes since 1.13: +6 -2
lines
Diff to previous 1.13 (colored)
Support checking passwords using either Kerberos or PAM via PKG_OPTIONS. This fixes the PLIST on systems that have PAM natively. Bump the PKGREVISION to 5.
Revision 1.12.2.1 / (download) - annotate - [select for diffs], Thu Apr 6 00:47:01 2006 UTC (17 years, 2 months ago) by snj
Branch: pkgsrc-2006Q1
Changes since 1.12: +2 -2
lines
Diff to previous 1.12 (colored) next main 1.13 (colored)
Pullup ticket 1329 - requested by salo
security fix for lsh
Revisions pulled up:
- pkgsrc/security/lsh/Makefile 1.13
- pkgsrc/security/lsh/distinfo 1.5
- pkgsrc/security/lsh/patches/patch-ad 1.1
Module Name: pkgsrc
Committed By: salo
Date: Wed Apr 5 23:59:33 UTC 2006
Modified Files:
pkgsrc/security/lsh: Makefile distinfo
Added Files:
pkgsrc/security/lsh/patches: patch-ad
Log Message:
Backport fix for CVE-2006-0353 from lsh2:
"unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related
to the randomness generator, which allows local users to cause a denial
of service by truncating the seed file, which prevents the server from
starting, or obtain sensitive seed information that could be used to
crack keys."
Revision 1.13 / (download) - annotate - [select for diffs], Wed Apr 5 23:59:33 2006 UTC (17 years, 2 months ago) by salo
Branch: MAIN
Changes since 1.12: +2 -2
lines
Diff to previous 1.12 (colored)
Backport fix for CVE-2006-0353 from lsh2: "unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys." http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0353
Revision 1.12 / (download) - annotate - [select for diffs], Sat Mar 4 21:30:34 2006 UTC (17 years, 3 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base
Branch point for: pkgsrc-2006Q1
Changes since 1.11: +2 -2
lines
Diff to previous 1.11 (colored)
Point MAINTAINER to pkgsrc-users@NetBSD.org in the case where no developer is officially maintaining the package. The rationale for changing this from "tech-pkg" to "pkgsrc-users" is that it implies that any user can try to maintain the package (by submitting patches to the mailing list). Since the folks most likely to care about the package are the folks that want to use it or are already using it, this would leverage the energy of users who aren't developers.
Revision 1.11 / (download) - annotate - [select for diffs], Sun Feb 5 23:10:45 2006 UTC (17 years, 4 months ago) by joerg
Branch: MAIN
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
Recursive revision bump / recommended bump for gettext ABI change.
Revision 1.10 / (download) - annotate - [select for diffs], Tue Dec 27 22:28:33 2005 UTC (17 years, 5 months ago) by reed
Branch: MAIN
Changes since 1.9: +2 -2
lines
Diff to previous 1.9 (colored)
Mention this is version 1 in the COMMENT.
Revision 1.9 / (download) - annotate - [select for diffs], Sun May 22 20:08:30 2005 UTC (18 years ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base,
pkgsrc-2005Q4,
pkgsrc-2005Q3-base,
pkgsrc-2005Q3,
pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.8: +2 -2
lines
Diff to previous 1.8 (colored)
Remove USE_GNU_TOOLS and replace with the correct USE_TOOLS definitions: USE_GNU_TOOLS -> USE_TOOLS awk -> gawk m4 -> gm4 make -> gmake sed -> gsed yacc -> bison
Revision 1.5.4.1 / (download) - annotate - [select for diffs], Thu May 12 22:36:02 2005 UTC (18 years, 1 month ago) by snj
Branch: pkgsrc-2005Q1
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored) next main 1.6 (colored)
Pullup ticket 492 - requested by Lubomir Sedlacik
security fix for lsh
Revisions pulled up:
- pkgsrc/security/lsh/Makefile 1.8
- pkgsrc/security/lsh/distinfo 1.4
- pkgsrc/security/lsh/patches/patch-ac 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Sat Apr 30 12:23:42 UTC 2005
Modified Files:
pkgsrc/security/lsh: Makefile PLIST distinfo
Added Files:
pkgsrc/security/lsh/patches: patch-ac
pkgsrc/security/lsh2: DESCR Makefile PLIST distinfo
pkgsrc/security/lsh2/patches: patch-aa patch-ab
Log Message:
Move the freshly update lsh-2.0.1 into a separate pkg and leave
security/lsh at 1.4.3.
lsh-2.0.1 has interoperability problems with openssh servers
(always gets "Invalid server signature" errors).
lsh-1.4.3 is not affected by CAN-2003-0826. Add a patch to address
CAN-2005-0814 and bump PKGREVISION.
Revision 1.8 / (download) - annotate - [select for diffs], Sat Apr 30 12:23:42 2005 UTC (18 years, 1 month ago) by drochner
Branch: MAIN
Changes since 1.7: +3 -11
lines
Diff to previous 1.7 (colored)
Move the freshly update lsh-2.0.1 into a separate pkg and leave security/lsh at 1.4.3. lsh-2.0.1 has interoperability problems with openssh servers (always gets "Invalid server signature" errors). lsh-1.4.3 is not affected by CAN-2003-0826. Add a patch to address CAN-2005-0814 and bump PKGREVISION.
Revision 1.7 / (download) - annotate - [select for diffs], Thu Apr 28 14:10:04 2005 UTC (18 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.6: +12 -4
lines
Diff to previous 1.6 (colored)
Update to 2.0.1:
News for the 2.0.1 release
Fixed denial of service bug in lshd.
Fixed a bug in lsh-make-seed, which could make the program go
into an infinite loop on read errors.
lsh now asks for passwords also in quite (-q) mode, as
described in the manual.
Control character filtering used to sometimes consider newline
as a dangerous control character. Now newlines should be
displayed normally.
Removed support for the non-standard alias
"diffie-hellman-group2-sha1". The standardized name is for
this key exchange method is "diffie-hellman-group14-sha1".
News for the 2.0 release
Several programs have new default behaviour:
* lshd enables X11 forwarding by default (lsh still does not).
* lsh-keygen generates RSA rather than DSA keys by default.
* lsh-writekey encrypts the private key by default, using
aes256-cbc. Unless the --server flag is used.
Improved the lcp script. It is now installed by default.
Implemented the client side of "keyboard-interactive" user
authentication.
Support keyexchange with
diffie-hellman-group14-sha1/diffie-hellman-group2-sha1 (the
standardized name is at the moment not decided).
Fixes to the utf8 encoder, and in particular interactions
between utf8 and control character filtering.
News for the 1.5.5 release
Added SOCKS-style proxying to lsh and lshg. See the new -D
command line option. Supports both SOCKS-4 and SOCKS-5.
The lsh client no longer sets its stdio file descriptors into
non-blocking mode, which should avoid a bunch of problems. As
a consequence, the --cvs-workaround command line option has
been deleted.
In the user lookup code, lshd now ignores the shadow database
if getspnam returns NULL.
In the server pty setup code, use the group "system" as a
fallback if the group "tty" doesn't exist. This is the case on
AIX. (There are however more problems on AIX, which makes it
uncertain that lshd will work out of the box).
Deleted the --ssh1-fallback option for lshd. I hope ssh1 is
dead by now; if it isn't, you have to run ssh1d and lshd on
different ports.
Deleted code for bug-compatibility with ancient versions of
Datafellow's SSH2. There are zero bug-compatibility hacks in
this version.
News for the 1.5.4 release
Added logging of tcpip-forward requests.
Includes nettle-1.9, which have had some portability fixes and
optimizations. In particular, arcfour on x86 should be much
faster.
Implemented flow control on the raw ssh connection. Enforce
limits on the amount of buffered data waiting to be written to
the socket.
Moved all destructive string operations to a separate file
lsh_string.c, which has exclusive rights of accessing string
internals. Should make the code more robust, as buffer size
and index calculations elsewhere in the code should hit an
assert in lsh_string.c before doing damage.
Some general simplification and cleanup of the code.
News for the 1.5.3 release
Fixed heap buffer overrun with potential remote root
compromise. Initial bug report by Bennett Todd.
Fixed a similar bug in the check for channel number allocation
failure in the handling of channel_open, and in the
experimental client SRP code.
lshd now has an experimental mode similar to telnet, where it
accepts the 'none' authentication method and automatically
disables services such as X and TCP forwarding. This can be
useful in environment where it's required that /bin/login or
some other program handle authentication and session setup
(e.g. handle security contexts and so on).
News for the 1.5.2 release
Encrypted private keys works again.
New client escape sequence RET ~ ?, which lists all available
escape sequences. Also fixed the werror functions so that they
use \r\n to terminate lines when writing to a tty in raw mode.
Implemented handling of multiple --interface options to lshd.
As a side effect, The -p option must now be given before
--interface to have any effect.
Connecting to machines with multiple IP-adresses is smarter,
it connects to a few addresses at a time, in parallel.
Fixed a file descriptor leak in the server tcpip forwarding
code.
Lots of portability fixes.
News for the 1.5.1 release
Incompatible change to key format, to comply with the current
spki structure draft. You can use the script lsh-upgrade to
copy and convert the information in the old .lsh/known-hosts
to the new file .lsh/host-acls. The new code uses libspki.
Fixed IPv6 bug reported by Simon Kowallik.
lshd now does the equivalence of ulimit -n unlimited, this is
inherited by processes started upon client requests. If you
don't want this, you should use /etc/{profile,login,whatever}
to set limits for your users. Do note that PAM-based solutions
will NOT work as PAM is used from a separate process that
terminates as soon as the authentication is finished (this of
course goes for environment variables too).
lsh and and lshg now parses options from LSHFLAGS and
LSHGFLAGS, these are parsed before and can be overridden by
the command line.
News for the 1.5 release
Implemented the server side of X11 forwarding. Try lshd
--x11-forward. There's one known bug: The server may start
sending data on the session channel (typically your first
shell prompt) before it has sent the reply to the client's
"shell" or "exec" request. lsh will complain about, and ignore
that data.
As part of the X11 hacking, the socket code have been
reorganized.
Deleted one of the ipv6 configure tests. Now lsh will happily
build ipv6 support even if ipv6 is not available at run-time
on the build machine.
Fixed bug preventing -c none from working.
Another bug fix, call setsid even in the non-pty case.
Various bug fixes.
Revision 1.6 / (download) - annotate - [select for diffs], Mon Apr 11 21:47:13 2005 UTC (18 years, 2 months ago) by tv
Branch: MAIN
Changes since 1.5: +1 -2
lines
Diff to previous 1.5 (colored)
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.
Revision 1.5 / (download) - annotate - [select for diffs], Sun Oct 3 00:18:10 2004 UTC (18 years, 8 months ago) by tv
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base,
pkgsrc-2004Q4-base,
pkgsrc-2004Q4
Branch point for: pkgsrc-2005Q1
Changes since 1.4: +2 -1
lines
Diff to previous 1.4 (colored)
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
Revision 1.4 / (download) - annotate - [select for diffs], Sun Apr 25 03:47:56 2004 UTC (19 years, 1 month ago) by snj
Branch: MAIN
CVS Tags: pkgsrc-2004Q3-base,
pkgsrc-2004Q3,
pkgsrc-2004Q2-base,
pkgsrc-2004Q2
Changes since 1.3: +4 -4
lines
Diff to previous 1.3 (colored)
Convert to buildlink3.
Revision 1.3 / (download) - annotate - [select for diffs], Sat Feb 14 22:41:17 2004 UTC (19 years, 3 months ago) by grant
Branch: MAIN
CVS Tags: pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored)
USE_GNU_TOOLS should be appended to with +=
Revision 1.2 / (download) - annotate - [select for diffs], Sat Feb 14 15:10:27 2004 UTC (19 years, 3 months ago) by uebayasi
Branch: MAIN
Changes since 1.1: +2 -2
lines
Diff to previous 1.1 (colored)
USE_GMAKE=yes -> USE_GNU_TOOLS=make
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Mon Jan 12 15:55:11 2004 UTC (19 years, 5 months ago) by drochner
Branch: TNF
CVS Tags: pkgsrc_base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
add a pkg for lsh-1.4.3, an alternative ssh2 client/server
Revision 1.1 / (download) - annotate - [select for diffs], Mon Jan 12 15:55:11 2004 UTC (19 years, 5 months ago) by drochner
Branch: MAIN
Initial revision