aboutsummaryrefslogtreecommitdiffstats
path: root/main/openssh
Commit message (Collapse)AuthorAgeFilesLines
* main: (Bulk change) Update source urls to https using HTTPS EverywhereJ0WI2018-10-061-1/+1
|
* main/openssh: upgrade to 7.8_p1Natanael Copa2018-08-242-151/+3
|
* main/openssh: backport security fix (CVE-2018-15473)Natanael Copa2018-08-222-1/+151
| | | | fixes #9317
* main/openssh: disable tcp forwarding in default configNatanael Copa2018-07-302-4/+22
| | | | | | | | Having TCP forward enabled by default may make it eaiser for attackers who have gained control due to badly configured passwords. So we keep things disabled by default and users can enable when they need it.
* main/openssh: modernize runscriptJakub Jirutka2018-04-123-58/+55
|
* main/openssh: rebuild against libressl-2.7Natanael Copa2018-04-061-1/+1
|
* main/openssh: upgrade to 7.7_p1Andy Postnikov2018-04-051-3/+3
|
* main/openssh: fix license, add secfixes commentNatanael Copa2017-12-281-3/+10
|
* main/openssh: upgrade to 7.6_p1Drew DeVault2017-12-284-908/+4
|
* main/openssh: fixed typo in secfixes descriptionFrancesco Colista2017-12-151-1/+1
|
* main/openssh: security fixes for CVE-2017-15906. Fixes #8280Francesco Colista2017-12-152-3/+38
|
* main/openssh: fix man pagesNatanael Copa2017-12-041-2/+2
| | | | ref #8006
* main/openssh: rebuild against libressl-2.6Natanael Copa2017-11-091-1/+1
|
* main/openssh: don't use _subpackages uninitializedTimo Teräs2017-10-101-4/+5
| | | | | | | | This confuses lua-ports' scanning of packages. _subpackages is also used in other aports, and not initializing it will cause lua-aports' scanning script to leak values from previous pkg. This caused lua-aports' to think openssh is dirty, but running abuild later thinks nothing was needed to be done.
* main/openssh: fix cross-compilationKaarle Ritvanen2017-08-241-4/+4
|
* main/openssh: bump pkgrelNatanael Copa2017-07-211-1/+1
|
* main/openssh: fix secfixes commentNatanael Copa2017-07-201-1/+0
|
* main/openssh: bump pkgrelNatanael Copa2017-07-141-1/+1
|
* main/openssh: do not crossbuild pam flavorTimo Teräs2017-07-141-1/+1
|
* main/openssh: add subpkg with PAM supportLeonardo Arena2017-06-071-30/+83
| | | | | Remove '|| return 1' Move ssh-pkcs11-helper into client sbpkg
* main/openssh: rebuild against libressl 2.5Natanael Copa2017-04-181-1/+1
|
* main/openssh: add missing header on s390xTuan M. Hoang2017-04-102-1/+26
| | | | | Ref : https://bugzilla.redhat.com/show_bug.cgi?id=1434341 Patch from fedora team
* main/openssh: upgrade to 7.5_p1André Klitzing2017-03-241-3/+3
|
* main/openssh: fix patchesValery Kartel2017-03-235-163/+103
| | | | | | | fix hpn patches which was unintentionally disabled with commit 756f181a5 (main/openssh: support cross building and use default_prepare) rename *.diff to *.patch because *.diff are ignored by default_prepare
* main/openssh: split out openssh-server and openssh-keygen packagesNatanael Copa2017-01-251-6/+35
| | | | | This makes it possible to install the server without installing the client.
* main/openssh: track secfixesSergey Lukin2016-12-291-0/+8
| | | | CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012
* main/openssh: upgrade to 7.4_p1Natanael Copa2016-12-191-5/+5
|
* main/openssh: rebuild against libresslNatanael Copa2016-10-101-2/+2
|
* main/openssh: Fix pid dir expectation in confd and initd files.Przemyslaw Pawelczyk2016-08-223-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | Since commit 71eb72d62425082850604f526dbcbfdcf2808c31 (2016-03-13, pre-v3.4) openssh is build with pid dir explicitly set to /run. The change was not reflected in sshd.confd or sshd.initd, though, and sadly not even in the commit message. (Before it was set implicitly to /var/run.) /var/run and /run semantics are the same, but AL does not truly guarantee (at least yet) that the first is symlinked to the latter (which is a common practice among Linux distributions nowadays, where /run is tmpfs mounted very early - in AL openrc's init.sh does that). alpine-baselayout package simply has run and var/run directories and they are not related in any way from the package point of view. Unless you create such symlink yourself or it is created via openrc's boot service bootmisc (performing /var/run -> /run migration and some other stuff), you cannot use /var/run/ and /run/ paths interchangeably. The patch should be applied to 3.4-stable branch too (without changing pkgver used there and with proper pkgrel increment, of course). I was seeing false crashed state next to sshd in rc-status after upgrading AL from 3.3 to 3.4 on machine where bootmisc is not used. (I don't think it's a grave enough lack to warrant patch rejection.)
* main/openssh: upgrade to 7.3_p1Natanael Copa2016-08-042-231/+8
|
* main/openssh: security fix for CVE-2016-6210Natanael Copa2016-07-202-4/+227
|
* main/openssh: support cross building and use default_prepareTimo Teräs2016-07-182-44/+50
|
* main/openssh: fixed upstream urlFrancesco Colista2016-04-251-2/+2
|
* main/openssh: security upgrade to 7.2_p2, closed ↵Valery Kartel2016-03-182-9/+9
| | | | http://www.openssh.com/txt/x11fwd.adv
* main/openssh: upgrade to 7.2_p1Valery Kartel2016-03-013-16/+16
|
* main/openssh: security upgrade to 7.1_p2 (CVE-2016-0777,CVE-2016-0778)Natanael Copa2016-01-142-9/+9
| | | | fixes #5014
* main/openssh: Added description to init.d scriptDaniele Coli2015-10-222-4/+8
|
* main/openssh: upgrade to 7.1_p1Natanael Copa2015-09-287-207/+99
|
* main/openssh: enabls ssh tunnelingNatanael Copa2015-09-221-2/+2
| | | | | | we need linux-headers for ssh tunneling fixes #4597
* openssh: fix subpackage dependenciesEivind Uggedal2015-09-091-1/+3
|
* main/openssh: openssh-sftp-server subpackageEivind Uggedal2015-09-091-3/+11
|
* main/openssh: security fixes from upstreamNatanael Copa2015-08-264-1/+118
| | | | | | | | | | | | | | | | | | | | | | | ref #4578 CVE-2015-6563: sshd(8): Portable OpenSSH only: Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users. Reported by Moritz Jodeit. CVE-2015-6564: sshd(8): Portable OpenSSH only: Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution. Also reported by Moritz Jodeit. CVE-2015-6565: sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world- writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. Reported by Nikolay Edigaryev.
* main/openssh: security fix for CVE-2015-5600Natanael Copa2015-07-302-1/+44
| | | | ref #4473
* main/openssh: upgrade to 6.9_p1Natanael Copa2015-07-152-114/+159
|
* main/openssh: add support for disable keygenNatanael Copa2015-05-212-37/+38
| | | | | | | | | Add support for SSHD_DISABLE_KEYGEN in /etc/conf.d/sshd to make it possible disable host key generation at startup. Also sync with gentoo's init.d script fixes #4171
* main/*: replace all sbin/runscript with sbin/openrc-runNatanael Copa2015-04-282-5/+5
|
* main/openssh: upgrade to 6.8p1Timo Teräs2015-03-194-184/+152
| | | | rebase manually the hpn patch
* main/openssh: upgrade to 6.7p1Timo Teräs2014-11-214-458/+142
|
* main/openssh: flush stdout for interactive sftpPeter Bui2014-10-302-4/+22
| | | | | | Previously, the "sftp> " prompt would only appear after a command was entered. This simply calls fflush on stdout to force the prompt to appear during interactive mode.
* main/openssh: curve25519pad patch addedJohannes Matheis2014-09-032-4/+177
| | | | | | | | | | | | https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032494.html: > bad bignum encoding for curve25519-sha256@libssh.org >[...] > So I screwed up when writing the support for the curve25519 KEX method > that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left > leading zero bytes where they should have been skipped. The impact of > this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a > peer that implements curve25519-sha256@libssh.org properly about 0.2% > of the time (one in every 512ish connections).