webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 19:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
12,864 Commits 2 Branches 1 Tag
8076deba79f9bbd4e551fdfe1eb49e8a77b2c19e
Commit Graph

49 Commits

Author SHA1 Message Date
Peter Müller
fee8b1c504 OpenSSH: update to 7.9p1 
Update OpenSSH to 7.9p1 (release note is available at
https://www.openssh.com/txt/release-7.9). Patching support
for OpenSSL 1.1.0 is no longer required, thus the orphaned
patchfile has been deleted.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2019-01-23 05:13:47 +00:00
Matthias Fischer
74189c1d55 openssh: Update to 7.8p1 
For details see:
http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog

I didn't find an official lfs-patch for openssl-1.1-compatibility,
so I used the patch from here:
https://git.archlinux.org/svntogit/packages.git/plain/trunk/openssl-1.1.0.patch?h=packages/openssh

Building ran without any errors.

I tested with both machines (test on Core 120 - and productive - on Core 122) and found no errors so far:

...
[root@ipfiretest ~]# ssh -V
OpenSSH_7.8p1, OpenSSL 1.1.0h  27 Mar 2018
...

...
root@ipfire: / # ssh -V
OpenSSH_7.8p1, OpenSSL 1.1.0h  27 Mar 2018
...

All ssh-connections ran fine but I'm not REALLY sure if this is sufficient for anyone else.

Could someone please check and confirm!?

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Tested-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-09-20 14:51:44 +01:00
Peter Müller
07da1af688 use custom SSH server configuration in LFS file 
Include OpenSSH server configuration file during build.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-09-20 14:28:15 +01:00
Peter Müller
cc3e41cb8b use custom SSH client configuration in LFS file 
Include OpenSSH client configuration file during build.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-09-10 16:36:41 +01:00
Michael Tremer
ebbca90d70 openssh: Disable password authentication by default 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-08-09 16:28:14 +01:00
Michael Tremer
16c31d1004 openssh: Write port 22 into the default configuration file 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-06-30 19:25:15 +01:00
Matthias Fischer
1698eb73c7 openssh: Update to 7.7p1 
For details see:
http://www.openssh.com/txt/release-7.7

This release fixes:
https://bugzilla.ipfire.org/show_bug.cgi?id=11693
https://bugzilla.ipfire.org/show_bug.cgi?id=11694

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-05-07 11:33:41 +01:00
Michael Tremer
07b8dcd0b2 openssh: Update to 7.6p1 and patch against OpenSSL 1.1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2018-02-11 22:19:45 +00:00
Peter Müller
ba7cd7b624 openssh: update to 7.6p1 
Signed-off-by: Marcel Lorenz <marcel.lorenz@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-14 16:43:04 +00:00
Matthias Fischer
8f6e4eaff7 Update for numerous lfs-files: removed deprecated configure options 
Also includes some reformatting, but no changes to configuration.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-12-05 17:02:24 +00:00
Michael Tremer
be3d3959d2 openssh: Remove deprecated configuration options 
This was used for SSH version 1 which is not supported
any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-04 19:08:34 +01:00
Michael Tremer
e8607830b0 openssh: Update to 7.4p1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-02-27 12:09:15 +00:00
Michael Tremer
4b8f1ffb31 openssh: Update to 7.3p1 
Includes various security fixes:

 * sshd(8): Mitigate a potential denial-of-service attack against
   the system's crypt(3) function via sshd(8). An attacker could
   send very long passwords that would cause excessive CPU use in
   crypt(3). sshd(8) now refuses to accept password authentication
   requests of length greater than 1024 characters. Independently
   reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto.

 * sshd(8): Mitigate timing differences in password authentication
   that could be used to discern valid from invalid account names
   when long passwords were sent and particular password hashing
   algorithms are in use on the server. CVE-2016-6210, reported by
   EddieEzra.Harari at verint.com

 * ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
   oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
   Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
   are disabled by default and only included for legacy compatibility.

 * ssh(1), sshd(8): Improve operation ordering of MAC verification for
   Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
   MAC before decrypting any ciphertext. This removes the possibility
   of timing differences leaking facts about the plaintext, though no
   such leakage has been observed.  Reported by Jean Paul Degabriele,
   Kenny Paterson, Torben Hansen and Martin Albrecht.

 * sshd(8): (portable only) Ignore PAM environment vars when
   UseLogin=yes. If PAM is configured to read user-specified
   environment variables and UseLogin=yes in sshd_config, then a
   hostile local user may attack /bin/login via LD_PRELOAD or
   similar environment variables set via PAM. CVE-2015-8325,
   found by Shayan Sadigh.

Fixes: #11160

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-08-02 16:06:35 +01:00
Sascha Kilian
68aa7aa602 openssh: Update to 7.2p2 
Signed-off-by: Sascha Kilian <sascha@sakisoft.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-05-03 11:56:19 +01:00
Arne Fitzenreiter
aced5a9578 openssh: update to 7.2p1 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2016-03-01 15:59:34 +01:00
Matthias Fischer
1b8c3e2362 openssh: Update to 7.1p2 
Fixes CVE-2016-0777

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-01-28 13:38:18 +01:00
Arne Fitzenreiter
3a6784c065 ssh: preferre ecdsa cipher again. 
Previous we had not configured it so the ssh default order was used.
Now we define it to disable dsa so we had to give the correct order but
in the example cfg rsa is prefered.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-10-24 12:07:29 +02:00
Arne Fitzenreiter
d7b82e7cce openssh: disable dsa key usage. 
fixes #10934

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2015-10-22 13:08:27 +02:00
Michael Tremer
0ce8df2890 openssh: Update to 7.1p1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-21 21:21:27 +01:00
Michael Tremer
45b6ea63af openssh: Update to 7.0p1 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-12 14:01:55 +01:00
Matthias Fischer
016e63e818 openssh: lfs-update 2015-05-26 14:29:38 +02:00
Michael Tremer
102825b673 openssh: Update to version 6.8p1 2015-03-18 15:52:28 +01:00
Michael Tremer
bb0618287b openssh: Update to 6.6p1. 2014-03-18 18:03:14 +01:00
Michael Tremer
167e6ec7a8 openssh: Update to 6.5p1. 
Adds support for ed25519.
 2014-02-01 16:15:10 +01:00
Michael Tremer
33590570fb openssh: Update to 6.4p1. 
Security fix because of
 http://www.openssh.com/txt/gcmrekey.adv
 2013-11-09 14:16:52 +01:00
Arne Fitzenreiter
e2903617ca openssh: update to 6.2p2. 2013-06-07 12:54:34 +02:00
Michael Tremer
f1a58c3322 openssh: Update to 6.1p1. 2013-02-05 19:26:58 +01:00
Arne Fitzenreiter
d7d2dca964 openssh: update to 6.0p1. 2012-05-12 15:32:47 +02:00
Arne Fitzenreiter
8384f58553 openssh: update to 5.9p1. 2012-01-05 14:38:01 +01:00
Arne Fitzenreiter
bac3bb44e6 Updated openssh (5.8p1). 2011-02-08 22:15:53 +01:00
Arne Fitzenreiter
99fcb81b45 Updated openssh (5.6p1). 2010-11-16 22:42:59 +01:00
Arne Fitzenreiter
c5ae9f26a9 Updated openssh (5.4p1). 2010-03-12 17:24:15 +01:00
Arne Fitzenreiter
98eda9b110 Updated openssh (5.3p1). 2010-01-24 16:04:17 +01:00
maniacikarus
258fd16c24 Openssh now logs to auth facility, this makes filtering easier 2009-03-14 10:07:22 +01:00
maniacikarus
be01b81247 Upgraded openssh to current stable and added to core28 2009-03-04 07:07:45 +01:00
Maniacikarus
fcc535236f Done a whole review of the lfs to make building more paralell 
you may need to clean your ccache
 2008-10-28 18:14:09 +01:00
Arne Fitzennreiter
1c49a60462 Fix openssh patch part II 2008-10-20 19:47:01 +02:00
Arne Fitzennreiter
6f5bb9b8bd Fix openssh patch download 2008-10-20 10:05:18 +02:00
Maniacikarus
25414d25eb It should be enough to apply this patch 2008-10-19 18:56:40 +02:00
Maniacikarus
f22e302253 Applied SSH Patch to unleashe full power 2008-10-19 18:42:48 +02:00
Maniacikarus
027306bfe5 Some Final Upgrade before RC just to have latests bugfixes 2008-10-19 16:52:47 +02:00
Christian Schmidt
f24c9564f0 Update samba and collectd to current versions 
Included padlock patches for openssh and openssl not yet included in make
 2008-05-24 13:12:04 +02:00
ms
b493d055b7 Disable SSH at the beginning. 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@1058 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-11-04 16:54:52 +00:00
maniacikarus
3d1f6a3556 Update mldonkey openssh openssl ntfs-3g nfs and hdparm 
Change samba default config
Some fixes for mpfire


git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@998 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-10-25 08:51:31 +00:00
ms
70df830214 Ein Paar Dateien fuer die GPLv3 angepasst. 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@853 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2007-08-29 13:25:32 +00:00
ms
fd3e7da032 Zwischencommit fuer LFS. 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@324 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2006-10-15 20:25:07 +00:00
ms
e6eaa4ec2f SSH von vornherein aktiviert 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@68 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2006-02-21 21:26:55 +00:00
ms
ac1cfefab2 SMP-Config angepasst.. CGIs usw. wurden im Windoof-Format gespeichert... muss noch alles korrigiert werden... 
git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@67 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8
 2006-02-21 20:38:06 +00:00
ipfire
cd1a292722 git-svn-id: http://svn.ipfire.org/svn/ipfire/IPFire/source@16 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8 2006-02-15 21:15:54 +00:00