Jakub Jelen
140ef5a0f5
Properly report errors from included files ( #1408558 )
2017-02-22 14:56:00 +01:00
Jakub Jelen
a97eeb671c
ppc architecture is gone for years
2017-02-22 14:56:00 +01:00
Jakub Jelen
4cf8f1aa09
Cleaner linking ldap-helper (circular dependencies)
2017-02-22 14:56:00 +01:00
Jakub Jelen
465b6e6b82
Check seteuid return values in all cases
2017-02-22 14:56:00 +01:00
Jakub Jelen
bdb932c46a
new pam_ssh_agent_auth-0.10.3 release
2017-02-22 14:55:59 +01:00
Jakub Jelen
26cec0607f
openssh-7.4p1-2 + 0.10.2-5
2017-02-06 09:47:28 +01:00
Jakub Jelen
640dfa350e
Set environment variable to avoid race condition with systemd ( #1415218 )
2017-02-06 09:41:32 +01:00
Jakub Jelen
4a6ef41937
Do not overwrite N and E for RSA-certs in ssh-agent ( #1416584 )
2017-02-03 11:06:19 +01:00
Jakub Jelen
28ff3aa1c5
Correct path to crypto policies
2017-01-06 13:00:16 +01:00
Jakub Jelen
b19926d292
openssh-7.4p1-1 + 0.10.2-5
2017-01-03 14:31:29 +01:00
Jakub Jelen
58f79a27c3
Whitelist /usr/lib64/ for PKCS#11 modules
2017-01-03 14:31:29 +01:00
Jakub Jelen
6cf9b8e61b
rebase to openssh-7.4p1-1
...
* Drop unaccepted (unapplying) coverity patches
* Drop server support for SSH1 (server)
* Workaround #2641 for systemd
* UseLogin is gone
* Drop upstream commit 28652bca
* Tighten seccomp filter (cache credentials before entering sandbox) (#1395288 )
2017-01-03 14:31:20 +01:00
Jakub Jelen
4189cebf7a
Cache supported OIDS for GSSAPI kex ( #1395288 )
2017-01-03 14:31:20 +01:00
Jakub Jelen
dd8e5419eb
Fix use-after-free error ( #1409433 )
2017-01-03 14:30:50 +01:00
Jakub Jelen
38869a3406
Prevent hangs with long MOTD (filling buffers and blocking)
2016-12-20 17:31:03 +01:00
Jakub Jelen
d8c2e8dc88
openssh-7.3p1-7 + 0.10.2-4
2016-12-08 14:13:32 +01:00
Jakub Jelen
162941961a
Move MAX_DISPLAYS to a configuration option
2016-12-08 14:13:32 +01:00
Jakub Jelen
4ce5741703
Properly deserialize received RSA certificates in ssh-agent ( #1402029 )
2016-12-08 13:50:08 +01:00
Jakub Jelen
7bccf7e6e0
openssh-7.3p1-6 + 0.10.2-4
2016-11-16 11:07:41 +01:00
Jakub Jelen
ef1da17783
GSSAPI requires futex syscall in privsep child ( #1395288 )
2016-11-16 08:48:33 +01:00
Jakub Jelen
ccf623128a
Fix changelog
2016-11-07 09:33:43 +01:00
Jakub Jelen
2a8bce34e4
openssh-7.3p1-5 + 0.10.2-4
2016-10-27 18:26:25 +02:00
Jakub Jelen
aacf0d429a
OpenSSL 1.1.0 compat
2016-10-27 17:19:17 +02:00
Jakub Jelen
ecc9f8d02b
When doing chroot
...
* we should not drop any capabilities for root
* we should not clear bounding capabilities for other users
* we should probably retain the supplement groups
2016-10-21 14:50:42 +02:00
Jakub Jelen
c9d9fe9b0f
Recommend crypto-policies for a client package
2016-10-11 10:29:50 +02:00
Jakub Jelen
d924bc6892
openssh-7.3p1-4 + 0.10.2-4
2016-09-29 14:14:19 +02:00
Jakub Jelen
639ae2c73c
Include client Crypto Policy ( #1225752 )
2016-09-29 14:14:19 +02:00
Jakub Jelen
ae831ab305
Fix NULL derefence ( #1380297 )
...
https://anongit.mindrot.org/openssh.git/patch/?id=28652bca29046f62c7045e933e6b931de1d16737
2016-09-29 11:15:13 +02:00
Jakub Jelen
739842b137
Make the code build without SELinux and without Audit
2016-09-15 16:36:04 +02:00
Jakub Jelen
0a605f4d31
openssh-7.3p1-3 + 0.10.2-4
2016-08-15 12:20:15 +02:00
Jakub Jelen
38d533a5e1
Proper content of the included configuration files
2016-08-15 12:18:50 +02:00
Jakub Jelen
73953d29f1
openssh-7.3p1-2 + 0.10.2-4
2016-08-09 10:32:01 +02:00
Jakub Jelen
88f3a752ae
openssh-7.3p1-1. + 0.10.2-4
2016-08-09 08:24:35 +02:00
Jakub Jelen
90ffc35e29
Correct permissions on the ssh_config directory ( #1365270 )
2016-08-09 08:23:44 +02:00
Jakub Jelen
7ea4bdf410
forgotten sources
2016-08-05 15:50:24 +02:00
Jakub Jelen
a711d3c82f
openssh-7.3p1-1 + 0.10.2-4
2016-08-04 13:57:21 +02:00
Jakub Jelen
6454089e75
Create include directory with example content (redhat modifications)
2016-08-04 13:57:21 +02:00
Jakub Jelen
334feb284c
Do not build ssh-keycat with sshd LIBS
2016-08-04 13:57:21 +02:00
Jakub Jelen
b165161da2
When we don't listen for the clients, num_listen_socks is -1
2016-08-04 13:57:21 +02:00
Jakub Jelen
6da7f4d0ed
Drop SCP progressmeter patch because of reworked UTF-8 API (tracked upstream #2434 )
2016-08-04 13:57:02 +02:00
Jakub Jelen
b487a6d746
Move old canohost.h API to shared place, so it can be used by audit and gssapi (states)
2016-08-04 11:00:00 +02:00
Jakub Jelen
5878ebb50e
Most of the coverity patch applied upstream, context changes for rebase
2016-08-04 10:59:59 +02:00
Jakub Jelen
70c2ac20bd
CVE-2016-6210 is fixed upstream
2016-08-04 10:59:59 +02:00
Jakub Jelen
13a7aaf5e3
CVE-2015-8325 and certificate regression are fixed upstream
2016-08-04 10:59:59 +02:00
Jakub Jelen
38e1dfa80d
Upstream bug #2477 applied
2016-08-04 10:59:59 +02:00
Jakub Jelen
4bd77fcccc
seccomp for secondary architecures patch already upstream ( #2590 )
2016-08-04 10:59:59 +02:00
Jakub Jelen
05bc93847e
Bug #2281 resolved upstream
2016-08-04 10:59:59 +02:00
Jakub Jelen
178ce15f5a
UTF-8 banners resolved by upstream bug #2058
2016-08-04 10:59:59 +02:00
Jakub Jelen
14320ca590
The upstream bug #2257 is fixed
2016-08-04 10:59:59 +02:00
Jakub Jelen
82bfd19e51
openssh-7.2p2-11 + 0.10.2-3
2016-07-26 15:41:29 +02:00