Commit Graph

870 Commits

Author SHA1 Message Date
Jakub Jelen
cdc7ba7293 get rid of unconditional goto in RSA1 code
Reported by <vyekkira@illinois.edu>
2017-06-19 18:24:05 +02:00
Jakub Jelen
f07a0866e1 Avoid double-free in the openssl-1.1.0 patch 2017-06-15 13:41:24 +02:00
Jakub Jelen
eb751fd1d3 In FIPS mode do not append bogus comma after the kex list 2017-04-26 14:26:50 +02:00
Jakub Jelen
204765aba1 openssh-7.5p1-2 + 0.10.3-2 2017-03-23 14:48:09 +01:00
Jakub Jelen
c2f63ba00b Revert the chroot magic 2017-03-23 14:47:27 +01:00
Jakub Jelen
93868f39a9 Remove RestartPreventExitStatus which can break on slow networks 2017-03-22 18:00:29 +01:00
Jakub Jelen
fb74d1ec96 Add missing header on s390 (#1434341) 2017-03-22 14:35:55 +01:00
Jakub Jelen
09320cf61a Fix typo in sandbox code, that got out after release
http://lists.mindrot.org/pipermail/openssh-unix-dev/2017-March/035879.html
2017-03-21 10:12:44 +01:00
Jakub Jelen
17b491b307 openssh-7.5p1-1 + 0.10.3-2 2017-03-20 16:00:16 +01:00
Jakub Jelen
fd58b9eabb Add new DH kex into the FIPS-allowed list 2017-03-08 14:37:07 +01:00
Jakub Jelen
7b666e5764 openssh-7.4p1-4 + 0.10.3-1 2017-03-03 15:53:31 +01:00
Jakub Jelen
a9ad706d82 Coverity reports applied 2017-03-03 15:51:52 +01:00
Jakub Jelen
f499c489fd Do not leave service in auto-restarting mode in case of configuration failure 2017-03-01 18:35:56 +01:00
Jakub Jelen
b83281f89d Avoid sending SD_NOTIFY from wrong processes (#1427526) 2017-02-28 15:13:24 +01:00
Jakub Jelen
ab7f9474c7 openssh-7.4p1-3 + 0.10.3-1 2017-02-22 14:56:00 +01:00
Jakub Jelen
3448f25d85 Typo 2017-02-22 14:56:00 +01:00
Jakub Jelen
b92d3c8ae0 Reference upstream bug 2017-02-22 14:56:00 +01:00
Jakub Jelen
4e7cdec7ef Add systemd stuff to keep track of service 2017-02-22 14:56:00 +01:00
Jakub Jelen
140ef5a0f5 Properly report errors from included files (#1408558) 2017-02-22 14:56:00 +01:00
Jakub Jelen
a97eeb671c ppc architecture is gone for years 2017-02-22 14:56:00 +01:00
Jakub Jelen
4cf8f1aa09 Cleaner linking ldap-helper (circular dependencies) 2017-02-22 14:56:00 +01:00
Jakub Jelen
465b6e6b82 Check seteuid return values in all cases 2017-02-22 14:56:00 +01:00
Jakub Jelen
bdb932c46a new pam_ssh_agent_auth-0.10.3 release 2017-02-22 14:55:59 +01:00
Jakub Jelen
26cec0607f openssh-7.4p1-2 + 0.10.2-5 2017-02-06 09:47:28 +01:00
Jakub Jelen
640dfa350e Set environment variable to avoid race condition with systemd (#1415218) 2017-02-06 09:41:32 +01:00
Jakub Jelen
4a6ef41937 Do not overwrite N and E for RSA-certs in ssh-agent (#1416584) 2017-02-03 11:06:19 +01:00
Jakub Jelen
28ff3aa1c5 Correct path to crypto policies 2017-01-06 13:00:16 +01:00
Jakub Jelen
b19926d292 openssh-7.4p1-1 + 0.10.2-5 2017-01-03 14:31:29 +01:00
Jakub Jelen
58f79a27c3 Whitelist /usr/lib64/ for PKCS#11 modules 2017-01-03 14:31:29 +01:00
Jakub Jelen
6cf9b8e61b rebase to openssh-7.4p1-1
* Drop unaccepted (unapplying) coverity patches
 * Drop server support for SSH1 (server)
 * Workaround #2641 for systemd
 * UseLogin is gone
 * Drop upstream commit 28652bca
 * Tighten seccomp filter (cache credentials before entering sandbox) (#1395288)
2017-01-03 14:31:20 +01:00
Jakub Jelen
4189cebf7a Cache supported OIDS for GSSAPI kex (#1395288) 2017-01-03 14:31:20 +01:00
Jakub Jelen
dd8e5419eb Fix use-after-free error (#1409433) 2017-01-03 14:30:50 +01:00
Jakub Jelen
38869a3406 Prevent hangs with long MOTD (filling buffers and blocking) 2016-12-20 17:31:03 +01:00
Jakub Jelen
d8c2e8dc88 openssh-7.3p1-7 + 0.10.2-4 2016-12-08 14:13:32 +01:00
Jakub Jelen
162941961a Move MAX_DISPLAYS to a configuration option 2016-12-08 14:13:32 +01:00
Jakub Jelen
4ce5741703 Properly deserialize received RSA certificates in ssh-agent (#1402029) 2016-12-08 13:50:08 +01:00
Jakub Jelen
7bccf7e6e0 openssh-7.3p1-6 + 0.10.2-4 2016-11-16 11:07:41 +01:00
Jakub Jelen
ef1da17783 GSSAPI requires futex syscall in privsep child (#1395288) 2016-11-16 08:48:33 +01:00
Jakub Jelen
ccf623128a Fix changelog 2016-11-07 09:33:43 +01:00
Jakub Jelen
2a8bce34e4 openssh-7.3p1-5 + 0.10.2-4 2016-10-27 18:26:25 +02:00
Jakub Jelen
aacf0d429a OpenSSL 1.1.0 compat 2016-10-27 17:19:17 +02:00
Jakub Jelen
ecc9f8d02b When doing chroot
* we should not drop any capabilities for root
 * we should not clear bounding capabilities for other users
 * we should probably retain the supplement groups
2016-10-21 14:50:42 +02:00
Jakub Jelen
c9d9fe9b0f Recommend crypto-policies for a client package 2016-10-11 10:29:50 +02:00
Jakub Jelen
d924bc6892 openssh-7.3p1-4 + 0.10.2-4 2016-09-29 14:14:19 +02:00
Jakub Jelen
639ae2c73c Include client Crypto Policy (#1225752) 2016-09-29 14:14:19 +02:00
Jakub Jelen
ae831ab305 Fix NULL derefence (#1380297)
https://anongit.mindrot.org/openssh.git/patch/?id=28652bca29046f62c7045e933e6b931de1d16737
2016-09-29 11:15:13 +02:00
Jakub Jelen
739842b137 Make the code build without SELinux and without Audit 2016-09-15 16:36:04 +02:00
Jakub Jelen
0a605f4d31 openssh-7.3p1-3 + 0.10.2-4 2016-08-15 12:20:15 +02:00
Jakub Jelen
38d533a5e1 Proper content of the included configuration files 2016-08-15 12:18:50 +02:00
Jakub Jelen
73953d29f1 openssh-7.3p1-2 + 0.10.2-4 2016-08-09 10:32:01 +02:00