Jakub Jelen
cdc7ba7293
get rid of unconditional goto in RSA1 code
...
Reported by <vyekkira@illinois.edu>
2017-06-19 18:24:05 +02:00
Jakub Jelen
f07a0866e1
Avoid double-free in the openssl-1.1.0 patch
2017-06-15 13:41:24 +02:00
Jakub Jelen
eb751fd1d3
In FIPS mode do not append bogus comma after the kex list
2017-04-26 14:26:50 +02:00
Jakub Jelen
204765aba1
openssh-7.5p1-2 + 0.10.3-2
2017-03-23 14:48:09 +01:00
Jakub Jelen
c2f63ba00b
Revert the chroot magic
2017-03-23 14:47:27 +01:00
Jakub Jelen
93868f39a9
Remove RestartPreventExitStatus which can break on slow networks
2017-03-22 18:00:29 +01:00
Jakub Jelen
fb74d1ec96
Add missing header on s390 ( #1434341 )
2017-03-22 14:35:55 +01:00
Jakub Jelen
09320cf61a
Fix typo in sandbox code, that got out after release
...
http://lists.mindrot.org/pipermail/openssh-unix-dev/2017-March/035879.html
2017-03-21 10:12:44 +01:00
Jakub Jelen
17b491b307
openssh-7.5p1-1 + 0.10.3-2
2017-03-20 16:00:16 +01:00
Jakub Jelen
fd58b9eabb
Add new DH kex into the FIPS-allowed list
2017-03-08 14:37:07 +01:00
Jakub Jelen
7b666e5764
openssh-7.4p1-4 + 0.10.3-1
2017-03-03 15:53:31 +01:00
Jakub Jelen
a9ad706d82
Coverity reports applied
2017-03-03 15:51:52 +01:00
Jakub Jelen
f499c489fd
Do not leave service in auto-restarting mode in case of configuration failure
2017-03-01 18:35:56 +01:00
Jakub Jelen
b83281f89d
Avoid sending SD_NOTIFY from wrong processes ( #1427526 )
2017-02-28 15:13:24 +01:00
Jakub Jelen
ab7f9474c7
openssh-7.4p1-3 + 0.10.3-1
2017-02-22 14:56:00 +01:00
Jakub Jelen
3448f25d85
Typo
2017-02-22 14:56:00 +01:00
Jakub Jelen
b92d3c8ae0
Reference upstream bug
2017-02-22 14:56:00 +01:00
Jakub Jelen
4e7cdec7ef
Add systemd stuff to keep track of service
2017-02-22 14:56:00 +01:00
Jakub Jelen
140ef5a0f5
Properly report errors from included files ( #1408558 )
2017-02-22 14:56:00 +01:00
Jakub Jelen
a97eeb671c
ppc architecture is gone for years
2017-02-22 14:56:00 +01:00
Jakub Jelen
4cf8f1aa09
Cleaner linking ldap-helper (circular dependencies)
2017-02-22 14:56:00 +01:00
Jakub Jelen
465b6e6b82
Check seteuid return values in all cases
2017-02-22 14:56:00 +01:00
Jakub Jelen
bdb932c46a
new pam_ssh_agent_auth-0.10.3 release
2017-02-22 14:55:59 +01:00
Jakub Jelen
26cec0607f
openssh-7.4p1-2 + 0.10.2-5
2017-02-06 09:47:28 +01:00
Jakub Jelen
640dfa350e
Set environment variable to avoid race condition with systemd ( #1415218 )
2017-02-06 09:41:32 +01:00
Jakub Jelen
4a6ef41937
Do not overwrite N and E for RSA-certs in ssh-agent ( #1416584 )
2017-02-03 11:06:19 +01:00
Jakub Jelen
28ff3aa1c5
Correct path to crypto policies
2017-01-06 13:00:16 +01:00
Jakub Jelen
b19926d292
openssh-7.4p1-1 + 0.10.2-5
2017-01-03 14:31:29 +01:00
Jakub Jelen
58f79a27c3
Whitelist /usr/lib64/ for PKCS#11 modules
2017-01-03 14:31:29 +01:00
Jakub Jelen
6cf9b8e61b
rebase to openssh-7.4p1-1
...
* Drop unaccepted (unapplying) coverity patches
* Drop server support for SSH1 (server)
* Workaround #2641 for systemd
* UseLogin is gone
* Drop upstream commit 28652bca
* Tighten seccomp filter (cache credentials before entering sandbox) (#1395288 )
2017-01-03 14:31:20 +01:00
Jakub Jelen
4189cebf7a
Cache supported OIDS for GSSAPI kex ( #1395288 )
2017-01-03 14:31:20 +01:00
Jakub Jelen
dd8e5419eb
Fix use-after-free error ( #1409433 )
2017-01-03 14:30:50 +01:00
Jakub Jelen
38869a3406
Prevent hangs with long MOTD (filling buffers and blocking)
2016-12-20 17:31:03 +01:00
Jakub Jelen
d8c2e8dc88
openssh-7.3p1-7 + 0.10.2-4
2016-12-08 14:13:32 +01:00
Jakub Jelen
162941961a
Move MAX_DISPLAYS to a configuration option
2016-12-08 14:13:32 +01:00
Jakub Jelen
4ce5741703
Properly deserialize received RSA certificates in ssh-agent ( #1402029 )
2016-12-08 13:50:08 +01:00
Jakub Jelen
7bccf7e6e0
openssh-7.3p1-6 + 0.10.2-4
2016-11-16 11:07:41 +01:00
Jakub Jelen
ef1da17783
GSSAPI requires futex syscall in privsep child ( #1395288 )
2016-11-16 08:48:33 +01:00
Jakub Jelen
ccf623128a
Fix changelog
2016-11-07 09:33:43 +01:00
Jakub Jelen
2a8bce34e4
openssh-7.3p1-5 + 0.10.2-4
2016-10-27 18:26:25 +02:00
Jakub Jelen
aacf0d429a
OpenSSL 1.1.0 compat
2016-10-27 17:19:17 +02:00
Jakub Jelen
ecc9f8d02b
When doing chroot
...
* we should not drop any capabilities for root
* we should not clear bounding capabilities for other users
* we should probably retain the supplement groups
2016-10-21 14:50:42 +02:00
Jakub Jelen
c9d9fe9b0f
Recommend crypto-policies for a client package
2016-10-11 10:29:50 +02:00
Jakub Jelen
d924bc6892
openssh-7.3p1-4 + 0.10.2-4
2016-09-29 14:14:19 +02:00
Jakub Jelen
639ae2c73c
Include client Crypto Policy ( #1225752 )
2016-09-29 14:14:19 +02:00
Jakub Jelen
ae831ab305
Fix NULL derefence ( #1380297 )
...
https://anongit.mindrot.org/openssh.git/patch/?id=28652bca29046f62c7045e933e6b931de1d16737
2016-09-29 11:15:13 +02:00
Jakub Jelen
739842b137
Make the code build without SELinux and without Audit
2016-09-15 16:36:04 +02:00
Jakub Jelen
0a605f4d31
openssh-7.3p1-3 + 0.10.2-4
2016-08-15 12:20:15 +02:00
Jakub Jelen
38d533a5e1
Proper content of the included configuration files
2016-08-15 12:18:50 +02:00
Jakub Jelen
73953d29f1
openssh-7.3p1-2 + 0.10.2-4
2016-08-09 10:32:01 +02:00