diff --git a/srcpkgs/openssh/patches/sshd_config.patch b/srcpkgs/openssh/patches/sshd_config.patch index aa87fdc677b..3eb0b6a46fd 100644 --- a/srcpkgs/openssh/patches/sshd_config.patch +++ b/srcpkgs/openssh/patches/sshd_config.patch @@ -12,16 +12,16 @@ #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 -@@ -58,7 +63,7 @@ AuthorizedKeysFile .ssh/authorized_keys - #PermitEmptyPasswords no - - # Change to no to disable s/key passwords +@@ -60,7 +65,7 @@ + # Change to "no" to disable keyboard-interactive authentication. Depending on + # the system's configuration, this may involve passwords, challenge-response, + # one-time passwords or some combination of these and other methods. -#KbdInteractiveAuthentication yes +KbdInteractiveAuthentication no # Kerberos options #KerberosAuthentication no -@@ -79,7 +84,7 @@ AuthorizedKeysFile .ssh/authorized_keys +@@ -81,7 +86,7 @@ # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'. @@ -30,7 +30,7 @@ #AllowAgentForwarding yes #AllowTcpForwarding yes -@@ -88,7 +93,7 @@ AuthorizedKeysFile .ssh/authorized_keys +@@ -90,7 +95,7 @@ #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes diff --git a/srcpkgs/openssh/patches/time_t.patch b/srcpkgs/openssh/patches/time_t.patch new file mode 100644 index 00000000000..5a8a08fac55 --- /dev/null +++ b/srcpkgs/openssh/patches/time_t.patch @@ -0,0 +1,28 @@ +--- a/log.c ++++ b/log.c +@@ -595,14 +595,14 @@ + olast_event == 0 ? -1 : (long)(now - olast_event))); + if (rl->hysteresis_start == 0) { + /* active, but under threshold; hysteresis */ +- if (olast_event + rl->hysteresis < now) { ++ if (olast_event + (time_t)rl->hysteresis < now) { + /* hysteresis expired before this event */ + RLDBG(("hysteresis preexpired")); + goto inactive; + } + RLDBG(("start hysteresis")); + rl->hysteresis_start = now; +- } else if (rl->hysteresis_start + rl->hysteresis < now) { ++ } else if (rl->hysteresis_start + (time_t)rl->hysteresis < now) { + /* Hysteresis period expired, transition to inactive */ + RLDBG(("complete hysteresis")); + inactive: +@@ -640,7 +640,7 @@ + *active = 1; + RLDBG(("log_every=%u since_log=%ld", rl->log_every, + (long)(now - rl->last_log))); +- if (rl->log_every > 0 && now >= rl->last_log + rl->log_every) { ++ if (rl->log_every > 0 && now >= rl->last_log + (time_t)rl->log_every) { + RLDBG(("periodic: since_last=%u", rl->ratelimited_events)); + rl->last_log = now; + if (events_dropped != NULL) { diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template index 50df7e1525a..fd93b46c3b8 100644 --- a/srcpkgs/openssh/template +++ b/srcpkgs/openssh/template @@ -1,6 +1,6 @@ # Template file for 'openssh' pkgname=openssh -version=9.9p2 +version=10.0p1 revision=1 build_style=gnu-configure configure_args="--datadir=/usr/share/openssh @@ -26,7 +26,7 @@ license="BSD-2-Clause, ISC" homepage="https://www.openssh.com" changelog="https://www.openssh.com/releasenotes.html" distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz" -checksum=91aadb603e08cc285eddf965e1199d02585fa94d994d6cae5b41e1721e215673 +checksum=021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd" make_dirs=" /var/chroot/ssh 0755 root root