aboutsummaryrefslogtreecommitdiff
path: root/net/openssh
Commit message (Collapse)AuthorAge
* treewide: fix broken conffilesHuangbin Zhan2020-07-07
| | | | Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
* openssh: update to 8.3p1Rosen Penev2020-06-25
| | | | | | | | Removed outdated options. Small bashism fix in the init script. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openssh: always enable stackprotect optionRosen Penev2020-06-20
| | | | | | | | | | b933f9cf0cb254e368027cad6d5799e45b237df5 in base made several changes to OpenWrt's libssp support. It seems this workaround is no longer needed. Simplified the configure script slightly. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openssh-server: deprecate the ecdsa HostKeyPhilip Prindeville2020-05-05
| | | | | | | | | | | | | | | | | | | | | | | | The init.d script for sshd never generates an ecdsa HostKey as seen here: for type in rsa ed25519 do # check for keys key=/etc/ssh/ssh_host_${type}_key [ ! -f $key ] && { # generate missing keys [ -x /usr/bin/ssh-keygen ] && { /usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&- } } done so we'll never succeed at loading one. Get rid of the resultant error message in logging: May 5 17:13:59 OpenWrt sshd[20070]: error: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* openssh: don't create ECDSA keysPeter Wagner2020-04-06
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: update to 8.2p1Sibren Vasse2020-04-05
| | | | Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
* openssh: update to 8.1p1Sibren Vasse2019-11-09
| | | | Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
* treewide: Use default PKG_BUILD_DIR when possibleJeffery To2019-10-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This removes lines that set PKG_BUILD_DIR when the set value is no different from the default value. Specifically, the line is removed if the assigned value is: * $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) The default PKG_BUILD_DIR was updated[1] to incorporate BUILD_VARIANT if it is set, so now this is identical to the default value. * $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_SUBDIR) if PKG_SOURCE_SUBDIR is set to $(PKG_NAME)-$(PKG_VERSION), making it the same as the previous case * $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) This is the same as the default PKG_BUILD_DIR when there is no BUILD_VARIANT. * $(BUILD_DIR)/[name]-$(PKG_VERSION) where [name] is a string that is identical to PKG_NAME [1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e545fac8d968864a965edb9e50c6f90940b0a6c9 Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* treewide: add PKG_CPE_ID for better cvescanner coverageJan Pavlinec2019-09-17
| | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* openssh: Fix compilation with -Wimplicit-functionRosen Penev2019-07-21
| | | | | | Upstream backport. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openssh: update to 8.0p1Peter Wagner2019-04-20
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: adjust engine support to openssl 1.1.1Eneas U de Queiroz2019-04-02
| | | | | | | | Openssl 1.1.1 package in openwrt enabled more than just the devcrypto engine, so the engine support in openssh should be enabled when general engine support is enabled in openssl. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssh: use quotesPeter Wagner2019-03-22
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: handle multiple ports and simplify init scriptPeter Wagner2019-03-21
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: add upstream patches, including CVE-2019-6111Peter Wagner2019-03-03
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: patch scp security issuesJan Pavlinec2019-02-10
| | | | | | | | Fixes CVE-2019-6109 CVE-2019-6111 Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* openssh: backport patch for CVE-2018-20685Peter Wagner2019-01-15
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: fixes issues with some openssl optionsPeter Wagner2018-10-20
| | | | | | | | | | | | | | This adds a couple of patches when setting some openssl options: * ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be be guarded by OPENSSL_HAS_ECC; otherwise, it will not build with openssl compiled without ECC support. * Fix openssl version number in openbsd-compat/openssl-compat.c which failed to compile --with-ssl-engine; this option is used when CONFIG_OPENSSL_ENGINE_CRYPTO=y Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: update to 7.9p1Peter Wagner2018-10-19
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: add openssl 1.1.0 compatibilityEneas U de Queiroz2018-09-30
| | | | | | | | | | | | | Five commits from upstream were applied to v. 7.8-p1: 482d23bc upstream: hold our collective noses and use the openssl-1.1.x API in 48f54b9d adapt -portable to OpenSSL 1.1x API 86e0a9f3 upstream: use only openssl-1.1.x API here too a3fd8074 upstream: missed a bit of openssl-1.0.x API in this unittest d64e7852 add compat header Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* openssh: update to 7.8p1Peter Wagner2018-08-27
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: let opkg manage openssh symlinks of ssh, scpYousong Zhou2018-06-25
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openssh: update to 7.7p1Peter Wagner2018-04-08
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* treewide: fix incorrect *_BUILD_DEPENDSMatthias Schiffer2018-01-09
| | | | | | | | | | | | | | | | Build depends refer to source package names, not binary package names. In many cases, PKG_BUILD_DEPENDS simply duplicated runtime dependencies of a source package's binary packages; as the corresponding source packages are implicitly added as bulid dependencies, PKG_BUILD_DEPENDS can simply be dropped in these cases. In the other cases, *_BUILD_DEPENDS is fixed to refer to the correct source package name. Dependency of mysql-server is adjusted from libncursesw to libncurses (as libncursesw is a virtual package provided by libncurses), so the build dependency on ncurses is emitted unconditionally. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* openssh: update to 7.6p1Peter Wagner2017-10-05
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* ssh: Add umdns entry to the init script.Rosen Penev2017-08-15
| | | | | | | This is usefull for hosts to discover the ssh server, especially on macOS. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openssh: add ssh_host keys to openssh-server/conffilesPeter Wagner2017-07-15
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: if we don't generate a dsa key we shouldn't look for itPhilip Prindeville2017-06-05
| | | | | | | | | | | | | | | The earlier commit ea119211b21 removed 'dsa' as one of the ssh_host_*_key types that got generated. Problem was that it didn't remove that key as one of the paths that the server looks for by default. As a consequence, your log file might fill up with messages like: 2017-06-01T15:43:07-06:00 openwrt sshd[31929]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key The patch is forunately trivial. Don't set the path for the dsa key file in the server configuration. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "The earlier commit ea119211b21 removed 'dsa' as one of the ↵Daniel Golle2017-06-05
| | | | | | | | | | | | | | ssh_host_*_key" The author (@pprindeville) of the original commit noted that the wrong commit was picked, see https://github.com/openwrt/packages/commit/325b7d2cd2d6e9d4903c6e7628c7c9ae0ddab564#commitcomment-22387528 "Err... looks like the wrong fix got committed. I was hoping that this commit d902e5d would have gone in instead." This reverts commit 325b7d2cd2d6e9d4903c6e7628c7c9ae0ddab564. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* The earlier commit ea119211b21 removed 'dsa' as one of the ssh_host_*_keyPeter Wagner2017-06-03
| | | | | | | | | | | | | | types that got generated. Problem was that it didn't remove that key as one of the paths that the server looks for by default. As a consequence, your log file might fill up with messages like: 2017-06-01T15:43:07-06:00 openwrt sshd[31929]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key The patch is forunately trivial. Don't set the path for the dsa key file in the server configuration. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: update to 7.5p1, remove unneeded patchesPeter Wagner2017-03-21
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: Fix ssl-engine supportMartin Schiller2017-02-27
| | | | Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* net/openssh: Offload main sitePeter Wagner2017-01-11
| | | | | | | Add a few mirrors in-front of main site for offloading Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: update to 7.4p1Peter Wagner2016-12-22
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: Unregister the KEXINIT handler after message has beenPeter Wagner2016-10-17
| | | | | | | | | | received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause allocation of up to 128MB -- until the connection is closed. Reported by shilei-c at 360.cn https://github.com/openssh/openssh-portable/commit/ec165c392ca54317dbe3064a8c200de6531e89ad Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: move inbound NEWKEYS handling to kex layer; otherwise early NEWKEYS ↵Peter Wagner2016-10-03
| | | | | | | | causes NULL deref see: https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737 Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: update to 7.3p1Peter Wagner2016-08-09
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: update to 7.2p2Peter Wagner2016-03-11
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: v7.2p1Peter Wagner2016-03-06
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: update to 7.1p2Peter Wagner2016-01-15
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: remove dsa and add ecdsa + ed25519 to initial keygen.Mangix2015-11-27
| | | | Signed-off by: Rosen Penev <rosenp@gmail.com>
* openssh: update to 7.1p1Peter Wagner2015-08-26
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: update to 6.9p1Peter Wagner2015-07-18
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: strip openssh-sftp-server dependencies againOliver Middleton2015-03-23
| | | | | | Reapply 99c6c3d830156ce13f415c698343353c477cd9f9 Signed-off-by: Oliver Middleton <olliemail27@gmail.com>
* openssh: remove optional dependency on libsspStijn Tintel2015-03-20
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* openssh: update to 6.8p1Peter Wagner2015-03-19
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh: provide an avahi service fileMichael Heimpold2014-12-08
| | | | | | | As discussed in #543, we can announce the SFTP service via Avahi when sftp-server is installed. Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* misc: correct typo in Makefiles for PKG_LICENSE_FILESIan Leonard2014-11-24
| | | | Signed-off-by: Ian Leonard <antonlacon@gmail.com>
* openssh: update to 6.7p1Peter Wagner2014-10-19
| | | | Signed-off-by: Peter Wagner <tripolar@gmx.at>
* openssh,ntpd: move USERID to the server only as the client utils don't need ↵Peter Wagner2014-10-14
| | | | | | a user/group Signed-off-by: Peter Wagner <tripolar@gmx.at>
Powered by cgit, Themed by Ted Yin.