Date: Wed, 1 Apr 2015 01:04:23 +0000 (UTC) From: Bryan Drewery <bdrewery@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r382887 - head/security/openssh-portable Message-ID: <201504010104.t3114Nou029153@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bdrewery Date: Wed Apr 1 01:04:23 2015 New Revision: 382887 URL: https://svnweb.freebsd.org/changeset/ports/382887 QAT: https://qat.redports.org/buildarchive/r382887/ Log: Make the check added in 2013 in r330200 for a bad ECDSA key actually work. Modified: head/security/openssh-portable/Makefile head/security/openssh-portable/pkg-plist Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Wed Apr 1 01:02:17 2015 (r382886) +++ head/security/openssh-portable/Makefile Wed Apr 1 01:04:23 2015 (r382887) @@ -3,7 +3,7 @@ PORTNAME= openssh DISTVERSION= 6.7p1 -PORTREVISION= 4 +PORTREVISION= 5 PORTEPOCH= 1 CATEGORIES= security ipv6 MASTER_SITES= ${MASTER_SITE_OPENBSD} Modified: head/security/openssh-portable/pkg-plist ============================================================================== --- head/security/openssh-portable/pkg-plist Wed Apr 1 01:02:17 2015 (r382886) +++ head/security/openssh-portable/pkg-plist Wed Apr 1 01:04:23 2015 (r382887) @@ -13,7 +13,7 @@ etc/ssh/moduli @sample etc/ssh/ssh_config.sample @sample etc/ssh/sshd_config.sample %%X509%%@dir etc/ssh/ca -@exec if [ -f %D/etc/ssh_host_ecdsa_key ] && grep -q DSA %D/etc/ssh_host_ecdsa_key; then echo; echo "\!/ Warning \!/"; echo; echo "Your %D/etc/ssh_host_ecdsa_key is not a valid ECDSA key. It is incorrectly"; echo "a DSA key due to a bug fixed in 2012 in the security/openssh-portable port."; echo; echo "Regenerate a proper one with: rm -f %D/etc/ssh_host_ecdsa_key*; service openssh restart"; echo; echo "Clients should not see any key change warning since the ECDSA was not valid and was not actually"; echo "used by the server."; echo; echo "\!/ Warning \!/"; fi +@exec if [ -f %D/%%ETCDIR%%/ssh_host_ecdsa_key ] && grep -q DSA %D/%%ETCDIR%%/ssh_host_ecdsa_key; then echo; echo "\!/ Warning \!/"; echo; echo "Your %D/%%ETCDIR%%/ssh_host_ecdsa_key is not a valid ECDSA key. It is incorrectly"; echo "a DSA key due to a bug fixed in 2012 in the security/openssh-portable port."; echo; echo "Regenerate a proper one with: rm -f %D/%%ETCDIR%%/ssh_host_ecdsa_key*; service openssh restart"; echo; echo "Clients should not see any key change warning since the ECDSA was not valid and was not actually"; echo "used by the server."; echo; echo "\!/ Warning \!/"; fi sbin/sshd libexec/sftp-server libexec/ssh-keysign
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201504010104.t3114Nou029153>