Commit Graph

1043 Commits

Author SHA1 Message Date
Jakub Jelen
b19926d292 openssh-7.4p1-1 + 0.10.2-5 2017-01-03 14:31:29 +01:00
Jakub Jelen
58f79a27c3 Whitelist /usr/lib64/ for PKCS#11 modules 2017-01-03 14:31:29 +01:00
Jakub Jelen
6cf9b8e61b rebase to openssh-7.4p1-1
* Drop unaccepted (unapplying) coverity patches
 * Drop server support for SSH1 (server)
 * Workaround #2641 for systemd
 * UseLogin is gone
 * Drop upstream commit 28652bca
 * Tighten seccomp filter (cache credentials before entering sandbox) (#1395288)
2017-01-03 14:31:20 +01:00
Jakub Jelen
4189cebf7a Cache supported OIDS for GSSAPI kex (#1395288) 2017-01-03 14:31:20 +01:00
Jakub Jelen
dd8e5419eb Fix use-after-free error (#1409433) 2017-01-03 14:30:50 +01:00
Jakub Jelen
38869a3406 Prevent hangs with long MOTD (filling buffers and blocking) 2016-12-20 17:31:03 +01:00
Jakub Jelen
d8c2e8dc88 openssh-7.3p1-7 + 0.10.2-4 2016-12-08 14:13:32 +01:00
Jakub Jelen
162941961a Move MAX_DISPLAYS to a configuration option 2016-12-08 14:13:32 +01:00
Jakub Jelen
4ce5741703 Properly deserialize received RSA certificates in ssh-agent (#1402029) 2016-12-08 13:50:08 +01:00
Jakub Jelen
7bccf7e6e0 openssh-7.3p1-6 + 0.10.2-4 2016-11-16 11:07:41 +01:00
Jakub Jelen
ef1da17783 GSSAPI requires futex syscall in privsep child (#1395288) 2016-11-16 08:48:33 +01:00
Jakub Jelen
ccf623128a Fix changelog 2016-11-07 09:33:43 +01:00
Jakub Jelen
2a8bce34e4 openssh-7.3p1-5 + 0.10.2-4 2016-10-27 18:26:25 +02:00
Jakub Jelen
aacf0d429a OpenSSL 1.1.0 compat 2016-10-27 17:19:17 +02:00
Jakub Jelen
ecc9f8d02b When doing chroot
* we should not drop any capabilities for root
 * we should not clear bounding capabilities for other users
 * we should probably retain the supplement groups
2016-10-21 14:50:42 +02:00
Jakub Jelen
c9d9fe9b0f Recommend crypto-policies for a client package 2016-10-11 10:29:50 +02:00
Jakub Jelen
d924bc6892 openssh-7.3p1-4 + 0.10.2-4 2016-09-29 14:14:19 +02:00
Jakub Jelen
639ae2c73c Include client Crypto Policy (#1225752) 2016-09-29 14:14:19 +02:00
Jakub Jelen
ae831ab305 Fix NULL derefence (#1380297)
https://anongit.mindrot.org/openssh.git/patch/?id=28652bca29046f62c7045e933e6b931de1d16737
2016-09-29 11:15:13 +02:00
Jakub Jelen
739842b137 Make the code build without SELinux and without Audit 2016-09-15 16:36:04 +02:00
Jakub Jelen
0a605f4d31 openssh-7.3p1-3 + 0.10.2-4 2016-08-15 12:20:15 +02:00
Jakub Jelen
38d533a5e1 Proper content of the included configuration files 2016-08-15 12:18:50 +02:00
Jakub Jelen
73953d29f1 openssh-7.3p1-2 + 0.10.2-4 2016-08-09 10:32:01 +02:00
Jakub Jelen
88f3a752ae openssh-7.3p1-1. + 0.10.2-4 2016-08-09 08:24:35 +02:00
Jakub Jelen
90ffc35e29 Correct permissions on the ssh_config directory (#1365270) 2016-08-09 08:23:44 +02:00
Jakub Jelen
7ea4bdf410 forgotten sources 2016-08-05 15:50:24 +02:00
Jakub Jelen
a711d3c82f openssh-7.3p1-1 + 0.10.2-4 2016-08-04 13:57:21 +02:00
Jakub Jelen
6454089e75 Create include directory with example content (redhat modifications) 2016-08-04 13:57:21 +02:00
Jakub Jelen
334feb284c Do not build ssh-keycat with sshd LIBS 2016-08-04 13:57:21 +02:00
Jakub Jelen
b165161da2 When we don't listen for the clients, num_listen_socks is -1 2016-08-04 13:57:21 +02:00
Jakub Jelen
6da7f4d0ed Drop SCP progressmeter patch because of reworked UTF-8 API (tracked upstream #2434) 2016-08-04 13:57:02 +02:00
Jakub Jelen
b487a6d746 Move old canohost.h API to shared place, so it can be used by audit and gssapi (states) 2016-08-04 11:00:00 +02:00
Jakub Jelen
5878ebb50e Most of the coverity patch applied upstream, context changes for rebase 2016-08-04 10:59:59 +02:00
Jakub Jelen
70c2ac20bd CVE-2016-6210 is fixed upstream 2016-08-04 10:59:59 +02:00
Jakub Jelen
13a7aaf5e3 CVE-2015-8325 and certificate regression are fixed upstream 2016-08-04 10:59:59 +02:00
Jakub Jelen
38e1dfa80d Upstream bug #2477 applied 2016-08-04 10:59:59 +02:00
Jakub Jelen
4bd77fcccc seccomp for secondary architecures patch already upstream (#2590) 2016-08-04 10:59:59 +02:00
Jakub Jelen
05bc93847e Bug #2281 resolved upstream 2016-08-04 10:59:59 +02:00
Jakub Jelen
178ce15f5a UTF-8 banners resolved by upstream bug #2058 2016-08-04 10:59:59 +02:00
Jakub Jelen
14320ca590 The upstream bug #2257 is fixed 2016-08-04 10:59:59 +02:00
Jakub Jelen
82bfd19e51 openssh-7.2p2-11 + 0.10.2-3 2016-07-26 15:41:29 +02:00
Jakub Jelen
6a7dd92929 Remove legacy sshd-keygen (#1359762)
Revert "Add legacy sshd-keygen for anaconda (#1331077)"

This reverts commit 0b5300a59c.
2016-07-26 15:41:29 +02:00
Jakub Jelen
793bc4b1cc Remove slogin symlinks (#1359762)
Revert "Restore slogin symlinks"

This reverts commit e762f7265e.
2016-07-26 15:41:29 +02:00
Jakub Jelen
b4df5ebb8d Rework SELinux context handling with chroot using libcap-ng (#1357860) 2016-07-26 15:40:30 +02:00
Jakub Jelen
9dc741314f openssh-7.2p2-10 + 0.10.2-3 2016-07-18 13:55:58 +02:00
Jakub Jelen
1057900209 Prevent user enumeration via timing channel (CVE-2016-6210) 2016-07-18 13:30:52 +02:00
Jakub Jelen
209c7a8aea Expose more information to PAM 2016-07-18 13:30:51 +02:00
Jakub Jelen
9864973c69 Make closefrom() ignore softlinks to the /dev/ devices on s390 2016-07-18 12:26:15 +02:00
Jakub Jelen
a49441fa52 openssh-7.2p2-9 + 0.10.2-3 2016-07-01 09:07:18 +02:00
Jakub Jelen
a8068249cb Bad condition for UseLogin check (#1350347) 2016-06-27 10:33:57 +02:00