kumquat-buildroot/package/openssh/openssh.hash

# From https://www.openssh.com/txt/release-8.8 (base64 encoded)
sha256  4590890ea9bb9ace4f71ae331785a3a5823232435161960ed5fc86588f331fe9  openssh-8.8p1.tar.gz
# Locally calculated
sha256  432abf7480fb31473a6706627212913fc70032e3fb71b90fecb28ae26a2d741d  LICENCE
package/openssh: security bump to version 8.8p1 Fix CVE-2021-41617: sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. https://www.openssh.com/txt/release-8.8 https://www.openssh.com/txt/release-8.7 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2021-10-07 22:59:53 +02:00			`# From https://www.openssh.com/txt/release-8.8 (base64 encoded)`
			`sha256 4590890ea9bb9ace4f71ae331785a3a5823232435161960ed5fc86588f331fe9 openssh-8.8p1.tar.gz`
openssh: security bump to version 7.6p1 Fixes CVE-2017-15906 - The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. For more details, see the release notes: https://www.openssh.com/txt/release-7.6 Also add a hash for the license file while we're at it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-10-26 14:52:47 +02:00			`# Locally calculated`
package/openssh: security bump to version 8.5p1 * ssh-agent(1): fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker with access to the agent socket. On modern operating systems where the OS can provide information about the user identity connected to a socket, OpenSSH ssh-agent and sshd limit agent socket access only to the originating user and root. Additional mitigation may be afforded by the system's malloc(3)/free(3) implementation, if it detects double-free conditions. The most likely scenario for exploitation is a user forwarding an agent either to an account shared with a malicious user or to a host with an attacker holding root access. * Portable sshd(8): Prevent excessively long username going to PAM. This is a mitigation for a buffer overflow in Solaris' PAM username handling (CVE-2020-14871), and is only enabled for Sun-derived PAM implementations. This is not a problem in sshd itself, it only prevents sshd from being used as a vector to attack Solaris' PAM. It does not prevent the bug in PAM from being exploited via some other PAM application. GHPR#212 Also license has been updated to add some openbsd-compat licenses: https://github.com/openssh/openssh-portable/commit/922cfac5ed5ead9f796f7d39f012dd653dc5c173 https://www.openssh.com/txt/release-8.5 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> 2021-03-22 20:00:34 +01:00			`sha256 432abf7480fb31473a6706627212913fc70032e3fb71b90fecb28ae26a2d741d LICENCE`