| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
| |
Closes: https://bugs.gentoo.org/941255
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add a patch from master for slow X forwarding (bug #929191) with
the default-on ObscureKeystrokeTiming feature.
* Pull in various patches from upstream's stable branch (V_9_9) and
add a note to the ebuild about checking it, see
https://marc.info/?l=openssh-unix-dev&m=172723798122122&w=2.
* Add USE=legacy-ciphers (bug #941255) to support DSA keys. I'll probably
backport this to 9.8 too.
Bug: https://bugs.gentoo.org/929191
Closes: https://bugs.gentoo.org/940250
Closes: https://bugs.gentoo.org/941255
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
|
|
|
|
| |
Backport upstream fix from OpenSSH to fix compat w/ xinetd.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=3717
Bug: https://github.com/openSUSE/xinetd/issues/46
Closes: https://bugs.gentoo.org/936041
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
|
|
|
| |
Change was created by running the following command::
ekeyword ^ia64 */*/*.ebuild
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
| |
|
|
|
| |
Signed-off-by: Rolf Eike Beer <eike@sf-mail.de>
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
| |
Bug: https://bugs.gentoo.org/935353
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
|
|
| |
Closes: https://github.com/gentoo/gentoo/pull/37440
Closes: https://bugs.gentoo.org/935353
Signed-off-by: Quincy Fleming <quincyf467@protonmail.com>
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
| |
Bug: https://bugs.gentoo.org/935271
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
| |
|
|
|
|
| |
ago pointed out that it's confusing.
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
openssh-9.8_p1 again breaks cross-version compatibility, meaning that
a running sshd with 9.7_p1 will no longer be able to accept connections
after upgrading to 9.8_p1.
We tried doing a news item on this in the past (bug #709748) and it ended
up being insufficient and poorly coordinated (as you really need it again
when stabling).
Nobody is going to thank us for leaving their sshd broken, so pick
the lesser evil and attempt to restart sshd on major version upgrades.
This is especially important as people may be racing to upgrade to 9.8_p1
for the CVE-2024-6387 fix (although we have backported a fix to older versions).
I also note there's precedent here with e.g. the systemd rebuild where
it's done to avoid immediate breakage of user sessions.
Thanks to kerframil who proposed a snippet for this some time ago whose
work I've lifted here.
Bug: https://bugs.gentoo.org/709748
Bug: https://bugs.gentoo.org/935271
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
|
|
|
| |
This applies upstream's backport suggestions from https://marc.info/?l=oss-security&m=171982317624594&w=2
for both CVE-2024-6387 and a "minor logic error in ObscureKeystrokeTiming".
Bug: https://bugs.gentoo.org/935271
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
|
|
|
|
| |
This fixes CVE-2024-6387 but I'm going to backport a fix to 9.7 shortly
as 9.8_p1 isn't a good stable candidate given it's only just been released
and has many other changes.
Bug: https://bugs.gentoo.org/935271
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
|
|
| |
OpenSSH itself automatically adjusts the paths in sshd_config but not in our
drop-ins, so I missed this. Sorry!
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Put the Include option before options that introduce conditional
blocks to avoid having the drop-in files to be included
conditionally. For client configs the options that introduce such
blocks are Match and Host options, for daemon configs it is the
Match option.
- Move the Subsystem option out of the top-level daemon config into a
separate drop-in. That way we can add the drop-in into INSTALL_MASK
if we want to provide custom drop-in with a different settings for
subsystems. This is necessary as there is no way to override a
once-specified subsystem - doing so results in daemon printing an
error and quitting.
Closes: https://bugs.gentoo.org/907068
Closes: https://github.com/gentoo/gentoo/pull/31615
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
| |
|
|
|
|
|
|
| |
Link: https://bugzilla.mindrot.org/show_bug.cgi?id=3689
Closes: https://bugs.gentoo.org/919685
Signed-off-by: Gabi Falk <gabifalk@gmx.com>
Closes: https://github.com/gentoo/gentoo/pull/36623
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
|
|
|
| |
Patch has long been upstreamed:
- https://github.com/openssh/openssh-portable/pull/148
- https://github.com/openssh/openssh-portable/commit/3ef92a657444f172b61f92d5da66d94fa8265602
Signed-off-by: David Seifert <soap@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Sam James <sam@gentoo.org>
|
| |
|
|
|
| |
Signed-off-by: Matoro Mahri <matoro_gentoo@matoro.tk>
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
| |
|
|
| |
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
|
Sam James
Arthur Zamarin
Jakov Smolić
Rolf Eike Beer
Quincy Fleming
Mike Gilbert
James Le Cuirot
Gabi Falk
David Seifert
Matoro Mahri
GitWeb