svn commit: r262566 - in stable/10: crypto/openssh crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-comp...

[Dimitry Andric]

On 03 Mar 2014, at 21:36, John Baldwin <jhb at freebsd.org> wrote:
> On Thursday, February 27, 2014 12:29:02 pm Dag-Erling SmXXrgrav wrote:
>> Author: des
>> Date: Thu Feb 27 17:29:02 2014
>> New Revision: 262566
>> URL: http://svnweb.freebsd.org/changeset/base/262566
>> 
>> Log:
>>  MFH (r261320): upgrade openssh to 6.5p1
>>  MFH (r261340): enable sandboxing by default
> 
> Mails on stable@ suggest that this latter change may be a bit of a POLA 
> violation as if people are using a custom kernel configuration that doesn't 
> include CAPSICUM they are now locked out of their boxes as sshd fails.  It 
> seems that this is at least worth a note in UPDATING if not adding a 
> workaround to handle the case of a kernel without CAPSICUM.

Wouldn't it be enough to merge r261499 ("Fix installations that use
kernels without CAPABILITIES support") by pjd?

-Dimitry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/svn-src-stable/attachments/20140303/6b0e8af9/attachment.sig>