Date: Fri, 14 Feb 2020 13:18:44 -0500 From: Ed Maste <emaste@freebsd.org> To: FreeBSD Current <freebsd-current@freebsd.org>, freebsd-security@freebsd.org Subject: Early heads-up: plan to remove local patches for TCP Wrappers support in sshd Message-ID: <CAPyFy2Die2tynFM3m3-5zBtWAOpHf-QHY-bE2JY7KKGiP8Tz_Q@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Upstream OpenSSH-portable removed libwrap support in version 6.7, released in October 2014. We've maintained a patch in our tree to restore it, but it causes friction on each OpenSSH update and may introduce security vulnerabilities not present upstream. It's (past) time to remove it. Although the specific deprecation steps aren't yet fleshed out I'm sending this as an early notice that I plan to disable libwrap support from the base system sshd and that FreeBSD 13 will not support it. We'll probably keep the patch in the tree for some time, to support MFCs to stable branches; the patch will be removed entirely later on.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2Die2tynFM3m3-5zBtWAOpHf-QHY-bE2JY7KKGiP8Tz_Q>