Date: Mon, 23 Mar 2020 14:06:36 -0700 From: Bryan Drewery <bdrewery@FreeBSD.org> To: freebsd-security@freebsd.org Subject: Re: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd Message-ID: <51853162-95e6-9345-6d25-3b88657600a9@FreeBSD.org> In-Reply-To: <CAPyFy2Die2tynFM3m3-5zBtWAOpHf-QHY-bE2JY7KKGiP8Tz_Q@mail.gmail.com> References: <CAPyFy2Die2tynFM3m3-5zBtWAOpHf-QHY-bE2JY7KKGiP8Tz_Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --e7YwdGOj4zvbG6AZW6ltT8y2IbpQmzLIE Content-Type: multipart/mixed; boundary="Zy9RcDxV8atAVptJeKDq1GlLJas3Wquv2"; protected-headers="v1" From: Bryan Drewery <bdrewery@FreeBSD.org> To: freebsd-security@freebsd.org Message-ID: <51853162-95e6-9345-6d25-3b88657600a9@FreeBSD.org> Subject: Re: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd References: <CAPyFy2Die2tynFM3m3-5zBtWAOpHf-QHY-bE2JY7KKGiP8Tz_Q@mail.gmail.com> In-Reply-To: <CAPyFy2Die2tynFM3m3-5zBtWAOpHf-QHY-bE2JY7KKGiP8Tz_Q@mail.gmail.com> --Zy9RcDxV8atAVptJeKDq1GlLJas3Wquv2 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 2/14/2020 10:18 AM, Ed Maste wrote: > Upstream OpenSSH-portable removed libwrap support in version 6.7, > released in October 2014. We've maintained a patch in our tree to > restore it, but it causes friction on each OpenSSH update and may > introduce security vulnerabilities not present upstream. It's (past) > time to remove it. >=20 > Although the specific deprecation steps aren't yet fleshed out I'm > sending this as an early notice that I plan to disable libwrap support > from the base system sshd and that FreeBSD 13 will not support it. > We'll probably keep the patch in the tree for some time, to support > MFCs to stable branches; the patch will be removed entirely later on. FYI if you need this feature the port still has it and is at 8.2 now. --=20 Regards, Bryan Drewery --Zy9RcDxV8atAVptJeKDq1GlLJas3Wquv2-- --e7YwdGOj4zvbG6AZW6ltT8y2IbpQmzLIE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAEBCgB9FiEE+Rc8ssOq6npcih8JNddxu25Gl88FAl55JONfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEY5 MTczQ0IyQzNBQUVBN0E1QzhBMUYwOTM1RDc3MUJCNkU0Njk3Q0YACgkQNddxu25G l88Riwf/Yc9Vi1qSkFod09QX8Fy2DSJKlfyjtx/+qZcsW1SgCRqjn/eXTb6N2sgW dY1W/EnPxW3joO6vvlwat9AhY1ZS3DRZd0eX0UP5sw01nKrE70Ym0qItinYN5NA0 o2VnBJfZYISoEpMC41uGNBZmF2PL7yE7VI8eox91DcIuHATQFCRi2UJBmKtnSopi q3xZy46DGc5yyE4e82mfo2PrkoQsucg+zW+sREjKaXMaiDwiPcppNU8Z540yz3mT 1oSKGPvOV4HPAGyRS/ZAlxRTp9iK7H/jIwV7MH59j8VSFAvthnjoxgbskNNjCobR DvUMvWCtT9PHYtUZ71kadZhWKg89bw== =Z+WT -----END PGP SIGNATURE----- --e7YwdGOj4zvbG6AZW6ltT8y2IbpQmzLIE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51853162-95e6-9345-6d25-3b88657600a9>