packages/net/openssh, branch master

openssh: update to 10.3p1

2026-04-06T19:22:32Z

Changelog: https://www.openssh.com/txt/release-10.3 Build system: x86/64 Build-tested: x86/64-glibc Run-tested: x86/64-glibc Signed-off-by: John Audia

openssh: update to 10.2p1

2025-10-17T03:50:11Z

Changelog: https://www.openssh.com/txt/release-10.2 Build system: x86/64 Build-tested: x86/64-glibc Run-tested: x86/64-glibc Signed-off-by: John Audia

openssh: update to 10.1p1

2025-10-11T16:01:17Z

Changelog: https://www.openssh.com/txt/release-10.1 Build system: x86/64 Build-tested: x86/64-glibc Run-tested: x86/64-glibc Signed-off-by: John Audia

openssh: adjust with glibc and libcrypt-compat

2025-07-14T08:40:15Z

glibc 2.39 has removed libcrypt completely. solution: link against libxcrypt built with glibc compatibility. Signed-off-by: Konstantin Demin

openssh: wrong permissions on /etc/ssh

2025-06-07T20:44:07Z

For users to make use of system-wide settings, the /etc/ssh/ directory and its contents need to be world readable. Fixes: #26608 Signed-off-by: Philip Prindeville

net/openssh: fix PKG_CPE_ID

2025-04-24T11:44:38Z

openbsd:openssh is a better CPE ID than openssh:openssh as this CPE ID has the latest CVEs (whereas openssh:openssh has no CVEs): https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:openbsd:openssh Fixes: 299e5b0a9bce19d6e96cb9ff217028b36ee2dd36 (treewide: add PKG_CPE_ID for better cvescanner coverage) Signed-off-by: Fabrice Fontaine

openssh: bump to 10.0p1

2025-04-16T16:52:44Z

This update requires sshd-auth to be packaged due to the authentication bin split introduced in this version. Changelog: https://www.openssh.com/txt/release-10.0 Build system: x86/64 Build-tested: x86/64 Run-tested: x86/64 Signed-off-by: John Audia

openssh: add FIDO U2F and FIDO2 hardware token support

2025-04-13T08:48:17Z

Add openssh-sk-helper package containing ssh-sk-helper. The helper can be used by openssh-client, openssh-sftp-client, and openssh-keygen to access `ecdsa_sk` and `ed25519_sk keys provided by a FIDO U2F or FIDO2 hardware token connected over USB. Close #24509 Signed-off-by: Mikael Magnusson

Revert "openssh: Add FIDO2 hardware token support"

2025-04-13T08:48:17Z

This reverts commit 855db864b0c4d2dcc5ed2f0182ea4a7942314086. The reverted commit doesn't make sense since the component (ssh-sk-helper) that uses libfido2, which is mentioned in the commit message, isn't packaged. Signed-off-by: Mikael Magnusson

openssh: bump to 9.9p2

2025-02-20T08:48:21Z

Updated and removed upstreamed patch. Highlights relating to security: * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive) contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive) is vulnerable to a memory/CPU denial-of-service related to the handling of SSH2_MSG_PING packets. This condition may be mitigated using the existing PerSourcePenalties feature. Both vulnerabilities were discovered and demonstrated to be exploitable by the Qualys Security Advisory team. We thank them for their detailed review of OpenSSH. Full release notes: https://www.openssh.com/txt/release-9.9p2 Signed-off-by: John Audia