aboutsummaryrefslogtreecommitdiffstats
path: root/main/openssh
Commit message (Collapse)AuthorAgeFilesLines
* main/openssh: split out openssh-server and openssh-keygen packagesNatanael Copa2017-01-251-6/+35
| | | | | This makes it possible to install the server without installing the client.
* main/openssh: track secfixesSergey Lukin2016-12-291-0/+8
| | | | CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012
* main/openssh: upgrade to 7.4_p1Natanael Copa2016-12-191-5/+5
|
* main/openssh: rebuild against libresslNatanael Copa2016-10-101-2/+2
|
* main/openssh: Fix pid dir expectation in confd and initd files.Przemyslaw Pawelczyk2016-08-223-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | Since commit 71eb72d62425082850604f526dbcbfdcf2808c31 (2016-03-13, pre-v3.4) openssh is build with pid dir explicitly set to /run. The change was not reflected in sshd.confd or sshd.initd, though, and sadly not even in the commit message. (Before it was set implicitly to /var/run.) /var/run and /run semantics are the same, but AL does not truly guarantee (at least yet) that the first is symlinked to the latter (which is a common practice among Linux distributions nowadays, where /run is tmpfs mounted very early - in AL openrc's init.sh does that). alpine-baselayout package simply has run and var/run directories and they are not related in any way from the package point of view. Unless you create such symlink yourself or it is created via openrc's boot service bootmisc (performing /var/run -> /run migration and some other stuff), you cannot use /var/run/ and /run/ paths interchangeably. The patch should be applied to 3.4-stable branch too (without changing pkgver used there and with proper pkgrel increment, of course). I was seeing false crashed state next to sshd in rc-status after upgrading AL from 3.3 to 3.4 on machine where bootmisc is not used. (I don't think it's a grave enough lack to warrant patch rejection.)
* main/openssh: upgrade to 7.3_p1Natanael Copa2016-08-042-231/+8
|
* main/openssh: security fix for CVE-2016-6210Natanael Copa2016-07-202-4/+227
|
* main/openssh: support cross building and use default_prepareTimo Teräs2016-07-182-44/+50
|
* main/openssh: fixed upstream urlFrancesco Colista2016-04-251-2/+2
|
* main/openssh: security upgrade to 7.2_p2, closed ↵Valery Kartel2016-03-182-9/+9
| | | | http://www.openssh.com/txt/x11fwd.adv
* main/openssh: upgrade to 7.2_p1Valery Kartel2016-03-013-16/+16
|
* main/openssh: security upgrade to 7.1_p2 (CVE-2016-0777,CVE-2016-0778)Natanael Copa2016-01-142-9/+9
| | | | fixes #5014
* main/openssh: Added description to init.d scriptDaniele Coli2015-10-222-4/+8
|
* main/openssh: upgrade to 7.1_p1Natanael Copa2015-09-287-207/+99
|
* main/openssh: enabls ssh tunnelingNatanael Copa2015-09-221-2/+2
| | | | | | we need linux-headers for ssh tunneling fixes #4597
* openssh: fix subpackage dependenciesEivind Uggedal2015-09-091-1/+3
|
* main/openssh: openssh-sftp-server subpackageEivind Uggedal2015-09-091-3/+11
|
* main/openssh: security fixes from upstreamNatanael Copa2015-08-264-1/+118
| | | | | | | | | | | | | | | | | | | | | | | ref #4578 CVE-2015-6563: sshd(8): Portable OpenSSH only: Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users. Reported by Moritz Jodeit. CVE-2015-6564: sshd(8): Portable OpenSSH only: Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution. Also reported by Moritz Jodeit. CVE-2015-6565: sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world- writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. Reported by Nikolay Edigaryev.
* main/openssh: security fix for CVE-2015-5600Natanael Copa2015-07-302-1/+44
| | | | ref #4473
* main/openssh: upgrade to 6.9_p1Natanael Copa2015-07-152-114/+159
|
* main/openssh: add support for disable keygenNatanael Copa2015-05-212-37/+38
| | | | | | | | | Add support for SSHD_DISABLE_KEYGEN in /etc/conf.d/sshd to make it possible disable host key generation at startup. Also sync with gentoo's init.d script fixes #4171
* main/*: replace all sbin/runscript with sbin/openrc-runNatanael Copa2015-04-282-5/+5
|
* main/openssh: upgrade to 6.8p1Timo Teräs2015-03-194-184/+152
| | | | rebase manually the hpn patch
* main/openssh: upgrade to 6.7p1Timo Teräs2014-11-214-458/+142
|
* main/openssh: flush stdout for interactive sftpPeter Bui2014-10-302-4/+22
| | | | | | Previously, the "sftp> " prompt would only appear after a command was entered. This simply calls fflush on stdout to force the prompt to appear during interactive mode.
* main/openssh: curve25519pad patch addedJohannes Matheis2014-09-032-4/+177
| | | | | | | | | | | | https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032494.html: > bad bignum encoding for curve25519-sha256@libssh.org >[...] > So I screwed up when writing the support for the curve25519 KEX method > that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left > leading zero bytes where they should have been skipped. The impact of > this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a > peer that implements curve25519-sha256@libssh.org properly about 0.2% > of the time (one in every 512ish connections).
* main/openssh: move ssh-keysign to separate subpackageNatanael Copa2014-08-271-4/+10
| | | | | | | | | This is a helper utility for host-based authentication, which is disabled by default and normally not needed. We move it to subpackage because it is suid root. fixes #3311
* main/openssh: disable wtmpNatanael Copa2014-05-271-1/+2
| | | | fixes #2744
* main/openssh: security fix for CVE-2014-2653Timo Teräs2014-04-183-36/+89
| | | | | patch cherry-picked from debian also delete the obsolete old CVE patch (6.6 has the fix builtin)
* main/openssh: generate ed25519 host keyEivind Uggedal2014-04-042-5/+5
|
* openssh: upgrade to 6.2Natanael Copa2014-04-034-362/+212
|
* main/openssh: security fix for CVE-2014-2532Bartłomiej Piotrowski2014-03-262-4/+38
|
* main/openssh: upgrade to 6.4_p1Natanael Copa2013-11-081-5/+5
|
* main/openssh: fix buildTimo Teräs2013-09-201-1/+0
| | | | | openssh got upgraded since my last musl build, and had config.sub updated. remove the now unneeded update_config_sub check.
* main/openssh: fix build against muslTimo Teräs2013-09-203-1/+43
|
* main/openssh: update checksumsBartłomiej Piotrowski2013-09-141-3/+3
|
* main/openssh: rebase openssh-peaktput.diffBartłomiej Piotrowski2013-09-141-1/+1
|
* main/openssh: upgrade to 6.3_p1Bartłomiej Piotrowski2013-09-142-12/+13
|
* Revert "main/openssh: upgrade to 6.3_p1"Bartłomiej Piotrowski2013-09-142-9/+9
| | | | This reverts commit 4f91876c99dba7e38c09a2c0dc87c5ff4f148461.
* main/openssh: upgrade to 6.3_p1Bartłomiej Piotrowski2013-09-142-9/+9
|
* main/openssh: reintroduce dynwindows HPN patchNatanael Copa2013-09-022-869/+265
|
* main/openssh: disable reverse DNS lookupLeonardo Arena2013-08-231-1/+2
|
* main/openssh: remove references to missing patchesNatanael Copa2013-08-161-8/+0
|
* [all autotools packages]: normalize ./configureTimo Teräs2013-07-301-11/+22
|
* main/openssh: upgrade to 6.2_p2Bartłomiej Piotrowski2013-05-171-8/+5
|
* main/openssh: upgrade to 6.2_p1Timo Teräs2013-04-122-87/+103
| | | | rebase dynwindow patch.
* main/openssh: remove libcrypto1.0 from depsCarlo Landmeter2013-02-081-2/+2
|
* main/openssh: add contrib scriptsCarlo Landmeter2013-01-071-11/+21
|
* main/openssh: upgrade to 6.1Timo Teräs2012-09-043-152/+110
| | | | * rebase hpn dynamic window patch
* main/openssh: upgrade to 6.0p1Timo Teräs2012-08-025-34/+21
| | | | | | | * also add support for hmac oneshot mode (requires patched openssl; we have these patches in Alpine) * rebase hpn patches * remove obsolete patch (upstreamed)