| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
| |
fixes #9317
|
|
|
|
|
|
|
|
| |
Having TCP forward enabled by default may make it eaiser for attackers
who have gained control due to badly configured passwords.
So we keep things disabled by default and users can enable when they
need it.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
ref #8006
|
| |
|
|
|
|
|
|
|
|
| |
This confuses lua-ports' scanning of packages. _subpackages is
also used in other aports, and not initializing it will cause
lua-aports' scanning script to leak values from previous pkg.
This caused lua-aports' to think openssh is dirty, but running
abuild later thinks nothing was needed to be done.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Remove '|| return 1'
Move ssh-pkcs11-helper into client sbpkg
|
| |
|
|
|
|
|
| |
Ref : https://bugzilla.redhat.com/show_bug.cgi?id=1434341
Patch from fedora team
|
| |
|
|
|
|
|
|
|
| |
fix hpn patches which was unintentionally disabled with commit
756f181a5 (main/openssh: support cross building and use default_prepare)
rename *.diff to *.patch because *.diff are ignored by default_prepare
|
|
|
|
|
| |
This makes it possible to install the server without installing the
client.
|
|
|
|
| |
CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since commit 71eb72d62425082850604f526dbcbfdcf2808c31 (2016-03-13,
pre-v3.4) openssh is build with pid dir explicitly set to /run.
The change was not reflected in sshd.confd or sshd.initd, though,
and sadly not even in the commit message.
(Before it was set implicitly to /var/run.)
/var/run and /run semantics are the same, but AL does not truly
guarantee (at least yet) that the first is symlinked to the latter
(which is a common practice among Linux distributions nowadays, where
/run is tmpfs mounted very early - in AL openrc's init.sh does that).
alpine-baselayout package simply has run and var/run directories and
they are not related in any way from the package point of view.
Unless you create such symlink yourself or it is created via openrc's
boot service bootmisc (performing /var/run -> /run migration and some
other stuff), you cannot use /var/run/ and /run/ paths interchangeably.
The patch should be applied to 3.4-stable branch too (without changing
pkgver used there and with proper pkgrel increment, of course).
I was seeing false crashed state next to sshd in rc-status after
upgrading AL from 3.3 to 3.4 on machine where bootmisc is not used.
(I don't think it's a grave enough lack to warrant patch rejection.)
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
http://www.openssh.com/txt/x11fwd.adv
|
| |
|
|
|
|
| |
fixes #5014
|
| |
|
| |
|
|
|
|
|
|
| |
we need linux-headers for ssh tunneling
fixes #4597
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ref #4578
CVE-2015-6563:
sshd(8): Portable OpenSSH only: Fixed a privilege separation
weakness related to PAM support. Attackers who could successfully
compromise the pre-authentication process for remote code
execution and who had valid credentials on the host could
impersonate other users. Reported by Moritz Jodeit.
CVE-2015-6564:
sshd(8): Portable OpenSSH only: Fixed a use-after-free bug related to
PAM support that was reachable by attackers who could compromise the
pre-authentication process for remote code execution. Also reported by
Moritz Jodeit.
CVE-2015-6565:
sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-
writable. Local attackers may be able to write arbitrary messages
to logged-in users, including terminal escape sequences.
Reported by Nikolay Edigaryev.
|
|
|
|
| |
ref #4473
|
| |
|
|
|
|
|
|
|
|
|
| |
Add support for SSHD_DISABLE_KEYGEN in /etc/conf.d/sshd to make it
possible disable host key generation at startup.
Also sync with gentoo's init.d script
fixes #4171
|
| |
|
|
|
|
| |
rebase manually the hpn patch
|
| |
|
|
|
|
|
|
| |
Previously, the "sftp> " prompt would only appear after a command was
entered. This simply calls fflush on stdout to force the prompt to
appear during interactive mode.
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032494.html:
> bad bignum encoding for curve25519-sha256@libssh.org
>[...]
> So I screwed up when writing the support for the curve25519 KEX method
> that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left
> leading zero bytes where they should have been skipped. The impact of
> this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a
> peer that implements curve25519-sha256@libssh.org properly about 0.2%
> of the time (one in every 512ish connections).
|