Subject: CVS commit: pkgsrc/security/openssh
From: Takahiro Kambe
Date: 2015-07-09 18:14:24
Message id: 20150709161424.0D3FA98@cvs.netbsd.org
Log Message:
Update openssh to 6.9.1 (OpenSSH 6.9p1) which contains security fix.

pkgsrc change:

* tcp_wrappers support was removed from release 6.7, but add it refering
  FreeBSD's ports.
* hpn-patch is also based on FreeBSD's ports.

Security
--------

 * ssh(1): when forwarding X11 connections with ForwardX11Trusted=no,
   connections made after ForwardX11Timeout expired could be permitted
   and no longer subject to XSECURITY restrictions because of an
   ineffective timeout check in ssh(1) coupled with "fail open"
   behaviour in the X11 server when clients attempted connections with
   expired credentials. This problem was reported by Jann Horn.

 * ssh-agent(1): fix weakness of agent locking (ssh-add -x) to
   password guessing by implementing an increasing failure delay,
   storing a salted hash of the password rather than the password
   itself and using a timing-safe comparison function for verifying
   unlock attempts. This problem was reported by Ryan Castellucci.

For more information, please refer release announce.

	http://www.openssh.com/txt/release-6.9
	http://www.openssh.com/txt/release-6.8
	http://www.openssh.com/txt/release-6.7
Files:
RevisionActionfile
1.233modifypkgsrc/security/openssh/Makefile
1.92modifypkgsrc/security/openssh/distinfo
1.30modifypkgsrc/security/openssh/options.mk
1.4modifypkgsrc/security/openssh/patches/patch-Makefile.in
1.2modifypkgsrc/security/openssh/patches/patch-auth-passwd.c
1.2modifypkgsrc/security/openssh/patches/patch-auth-rhosts.c
1.3modifypkgsrc/security/openssh/patches/patch-auth.c
1.3modifypkgsrc/security/openssh/patches/patch-auth1.c
1.4modifypkgsrc/security/openssh/patches/patch-auth2.c
1.2modifypkgsrc/security/openssh/patches/patch-channels.c
1.2modifypkgsrc/security/openssh/patches/patch-clientloop.c
1.4modifypkgsrc/security/openssh/patches/patch-config.h.in
1.4modifypkgsrc/security/openssh/patches/patch-configure.ac
1.3modifypkgsrc/security/openssh/patches/patch-defines.h
1.3modifypkgsrc/security/openssh/patches/patch-includes.h
1.3modifypkgsrc/security/openssh/patches/patch-openbsd-compat_openbsd-compat.h
1.2modifypkgsrc/security/openssh/patches/patch-openbsd-compat_port-tun.c
1.4modifypkgsrc/security/openssh/patches/patch-platform.c
1.3modifypkgsrc/security/openssh/patches/patch-scp.c
1.4modifypkgsrc/security/openssh/patches/patch-session.c
1.4modifypkgsrc/security/openssh/patches/patch-ssh.c
1.4modifypkgsrc/security/openssh/patches/patch-sshd.c
1.2modifypkgsrc/security/openssh/patches/patch-sshpty.c
1.1addpkgsrc/security/openssh/patches/patch-sshd.8
1.1removepkgsrc/security/openssh/patches/patch-compat.c
1.3removepkgsrc/security/openssh/patches/patch-configure
1.1removepkgsrc/security/openssh/patches/patch-sshconnect.c