system/openssh: add agent-forwarding to list of insecure defaults to change

author: A. Wilcox <AWilcox@Wilcox-Tech.com> 2019-04-12 18:38:14 +0000
committer: A. Wilcox <AWilcox@Wilcox-Tech.com> 2019-04-12 18:38:14 +0000
commit: eebc569a2b303691e1d52f2672896a0d4015972b (patch)
tree: b7498dfd3267f99d4033c72d2e758563aa80ac5f /system/openssh
parent: cfc995507eeee6456c2fcd8315fd1df8e1c8c984 (diff)
download: packages-eebc569a2b303691e1d52f2672896a0d4015972b.tar.gz
packages-eebc569a2b303691e1d52f2672896a0d4015972b.tar.bz2
packages-eebc569a2b303691e1d52f2672896a0d4015972b.tar.xz
packages-eebc569a2b303691e1d52f2672896a0d4015972b.zip
2 files changed, 4 insertions, 3 deletions
diff --git a/system/openssh/APKBUILD b/system/openssh/APKBUILD
index af1bc23f4..1239de8b8 100644
--- a/system/openssh/APKBUILD
+++ b/system/openssh/APKBUILD
@@ -4,7 +4,7 @@
 pkgname=openssh
 pkgver=7.9_p1
 _myver=${pkgver%_*}${pkgver#*_}
-pkgrel=2
+pkgrel=3
 pkgdesc="Port of OpenBSD's free SSH release"
 url="https://www.openssh.com/portable.html"
 arch="all"
@@ -154,7 +154,7 @@ openrc() {
 sha512sums="0412c9c429c9287f0794023951469c8e6ec833cdb55821bfa0300dd90d0879ff60484f620cffd93372641ab69bf0b032c2d700ccc680950892725fb631b7708e  openssh-7.9p1.tar.gz
 f2b8daa537ea3f32754a4485492cc6eb3f40133ed46c0a5a29a89e4bcf8583d82d891d94bf2e5eb1c916fa68ec094abf4e6cd641e9737a6c05053808012b3a73  bsd-compatible-realpath.patch
 b8907d3d6ebceeca15f6bc97551a7613c68df5c31e4e76d43b7c0bd9ad42dedcabc20a2cc5404b89f40850a4765b24892bde50eab1db55c96ad5cf23bb1f8d04  CVE-2018-20685.patch
-8df35d72224cd255eb0685d2c707b24e5eb24f0fdd67ca6cc0f615bdbd3eeeea2d18674a6af0c6dab74c2d8247e2370d0b755a84c99f766a431bc50c40b557de  disable-forwarding-by-default.patch
+f3d5960572ddf49635d4edbdff45835df1b538a81840db169c36b39862e6fa8b0393ca90626000b758f59567ff6810b2537304098652483b3b31fb438a061de6  disable-forwarding-by-default.patch
 0c1e832cec420bc7b57558041d2288912a438db97050b87f6a57e94a2741a374cc5d141fe352968b0d1ba6accaff965794463fe9169d136678a8915a60d2f0b7  fix-utmpx.patch
 398096a89aa104abeff31aa043ac406a6348e0fdd4d313b7888ee0b931d38fd71fc21bceee46145e88f03bc27e00890e068442faee2d33f86cfbc04d58ffa4b6  openssh7.4-peaktput.patch
 dde28496df7ee74a2bbcf0aba389abefade3dc41f7d10dc6d3c1a0aca087478bafe10d31ec5e61e758084fa0a2a7c64314502091d900d9cee487c1bdc92722a6  openssh-7.9_p1-openssl-1.0.2-compat.patch
diff --git a/system/openssh/disable-forwarding-by-default.patch b/system/openssh/disable-forwarding-by-default.patch
index 9d27926d9..dbd9205ea 100644
--- a/system/openssh/disable-forwarding-by-default.patch
+++ b/system/openssh/disable-forwarding-by-default.patch
@@ -3,11 +3,12 @@
 @@ -82,9 +82,10 @@
  #UsePAM no
  
- #AllowAgentForwarding yes
+-#AllowAgentForwarding yes
 -#AllowTcpForwarding yes
 -#GatewayPorts no
 -#X11Forwarding no
 +# Feel free to re-enable these if your use case requires them.
++AllowAgentForwarding no
 +AllowTcpForwarding no
 +GatewayPorts no
 +X11Forwarding no
author	A. Wilcox <AWilcox@Wilcox-Tech.com>	2019-04-12 18:38:14 +0000
committer	A. Wilcox <AWilcox@Wilcox-Tech.com>	2019-04-12 18:38:14 +0000
commit	eebc569a2b303691e1d52f2672896a0d4015972b (patch)
tree	b7498dfd3267f99d4033c72d2e758563aa80ac5f /system/openssh
parent	cfc995507eeee6456c2fcd8315fd1df8e1c8c984 (diff)
download	packages-eebc569a2b303691e1d52f2672896a0d4015972b.tar.gz packages-eebc569a2b303691e1d52f2672896a0d4015972b.tar.bz2 packages-eebc569a2b303691e1d52f2672896a0d4015972b.tar.xz packages-eebc569a2b303691e1d52f2672896a0d4015972b.zip