[Astlinux-commits] SF.net SVN: astlinux:[8221] branches/1.0/package

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 8221
          http://sourceforge.net/p/astlinux/code/8221
Author:   abelbeck
Date:     2017-03-22 23:06:28 +0000 (Wed, 22 Mar 2017)
Log Message:
-----------
OpenSSH, (major) version bump to 7.5p1, tweak adaptive-ban plugin to match the latest sshd logging

Modified Paths:
--------------
    branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh
    branches/1.0/package/openssh/openssh.mk
    branches/1.0/package/openssh/sshd.init

Removed Paths:
-------------
    branches/1.0/package/openssh/openssh-UseRoaming-CVE-2016-0777-CVE-2016-0778.patch

Modified: branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh
===================================================================

--- branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh	2017-03-21 19:52:05 UTC (rev 8220)
+++ branches/1.0/package/arnofw/adaptive-ban/adaptive-ban-helper.sh	2017-03-22 23:06:28 UTC (rev 8221)
@@ -172,7 +172,7 @@
   local file="$1" PREFIX="$2" HOST="$3"
 
   sed -n -r -e "s/^${PREFIX}Failed (password|publickey) for .* from ${HOST}( port [0-9]*)?( ssh[0-9]*)?$/\2/p" \
-            -e "s/^${PREFIX}[iI](llegal|nvalid) user .* from ${HOST}[[:space:]]*$/\2/p" \
+            -e "s/^${PREFIX}[iI](llegal|nvalid) user .* from ${HOST}( port [0-9]*)?$/\2/p" \
                "$file" >"$TEMPFILE"
 }
 

Deleted: branches/1.0/package/openssh/openssh-UseRoaming-CVE-2016-0777-CVE-2016-0778.patch
===================================================================
--- branches/1.0/package/openssh/openssh-UseRoaming-CVE-2016-0777-CVE-2016-0778.patch	2017-03-21 19:52:05 UTC (rev 8220)
+++ branches/1.0/package/openssh/openssh-UseRoaming-CVE-2016-0777-CVE-2016-0778.patch	2017-03-22 23:06:28 UTC (rev 8221)
@@ -1,43 +0,0 @@
-Experimental roaming code in the ssh client could be tricked by a
-hostile sshd server, potentially leaking key material.
-CVE-2016-0777 and CVE-2016-0778.
-Prevent this problem immediately by adding the line "UseRoaming no" to
-/etc/ssh/ssh_config.
-
-Index: usr.bin/ssh/readconf.c
-===================================================================
---- openssh-6.6p1/readconf.c	30 Jul 2015 00:01:34 -0000
-+++ openssh-6.6p1/readconf.c	13 Jan 2016 23:17:23 -0000
-@@ -1556,7 +1556,7 @@ initialize_options(Options * options)
- 	options->tun_remote = -1;
- 	options->local_command = NULL;
- 	options->permit_local_command = -1;
--	options->use_roaming = -1;
-+	options->use_roaming = 0;
- 	options->visual_host_key = -1;
- 	options->ip_qos_interactive = -1;
- 	options->ip_qos_bulk = -1;
-@@ -1723,8 +1723,7 @@ fill_default_options(Options * options)
- 		options->tun_remote = SSH_TUNID_ANY;
- 	if (options->permit_local_command == -1)
- 		options->permit_local_command = 0;
--	if (options->use_roaming == -1)
--		options->use_roaming = 1;
-+	options->use_roaming = 0;
- 	if (options->visual_host_key == -1)
- 		options->visual_host_key = 0;
- 	if (options->ip_qos_interactive == -1)
-Index: usr.bin/ssh/ssh.c
-===================================================================
---- openssh-6.6p1/ssh.c	30 Jul 2015 00:01:34 -0000
-+++ openssh-6.6p1/ssh.c	13 Jan 2016 23:17:23 -0000
-@@ -1729,9 +1729,6 @@ ssh_session2(void)
- 			fork_postauth();
- 	}
- 
--	if (options.use_roaming)
--		request_roaming();
--
- 	return client_loop(tty_flag, tty_flag ?
- 	    options.escape_char : SSH_ESCAPECHAR_NONE, id);
- }

Modified: branches/1.0/package/openssh/openssh.mk
===================================================================
--- branches/1.0/package/openssh/openssh.mk	2017-03-21 19:52:05 UTC (rev 8220)
+++ branches/1.0/package/openssh/openssh.mk	2017-03-22 23:06:28 UTC (rev 8221)
@@ -4,7 +4,7 @@
 #
 #############################################################
 
-OPENSSH_VERSION = 6.6p1
+OPENSSH_VERSION = 7.5p1
 OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
 OPENSSH_CONF_ENV = LD="$(TARGET_CC)" LDFLAGS="$(TARGET_CFLAGS)"
 
@@ -12,13 +12,13 @@
 
 OPENSSH_CONF_OPT = \
 	--libexecdir=/usr/libexec \
+	--sysconfdir=/etc/ssh \
 	--disable-lastlog \
 	--disable-utmp \
 	--disable-utmpx \
 	--disable-wtmp \
 	--disable-wtmpx \
-	--disable-strip \
-	--sysconfdir=/etc/ssh
+	--disable-strip
 
 ifeq ($(BR2_PACKAGE_LIBEDIT),y)
 OPENSSH_DEPENDENCIES += libedit
@@ -25,6 +25,10 @@
 OPENSSH_CONF_OPT += --with-libedit="$(STAGING_DIR)/usr"
 endif
 
+OPENSSH_CONF_OPT += --without-pam
+
+OPENSSH_CONF_OPT += --without-selinux
+
 OPENSSH_INSTALL_TARGET_OPT = DESTDIR=$(TARGET_DIR) -C $(@D) install-nosysconf
 
 define OPENSSH_INSTALL_INITSCRIPT

Modified: branches/1.0/package/openssh/sshd.init
===================================================================
--- branches/1.0/package/openssh/sshd.init	2017-03-21 19:52:05 UTC (rev 8220)
+++ branches/1.0/package/openssh/sshd.init	2017-03-22 23:06:28 UTC (rev 8221)
@@ -32,6 +32,9 @@
 PermitRootLogin ${SSHDROOT:-yes}
 PasswordAuthentication ${SSHD_PASS_AUTH:-yes}
 
+UseDNS no
+PubkeyAcceptedKeyTypes=+ssh-dss
+
 IPQoS		cs2 af41
 
 Subsystem       sftp    /usr/libexec/sftp-server" >> /tmp/etc/ssh/sshd_config

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



