Commit Graph

717 Commits

Author SHA1 Message Date
Jakub Jelen
180d4765d3 6.9p1-12 + 0.9.3-6 2016-05-02 14:11:09 +02:00
Jakub Jelen
0a18e4800e Fix DH GEX against non-default group sizes (openssh-7.2) (#1332082) 2016-05-02 14:05:19 +02:00
Jakub Jelen
10f391c509 openssh-6.9p1-11 + 0.9.3-6 2016-03-10 14:02:33 +01:00
Jakub Jelen
47f126ca0a sanitise characters destined for xauth(1) (#1316529)
Upstream:
9d47b8d3f5
2016-03-10 14:02:33 +01:00
Jakub Jelen
08f0c1b883 6.9p1-10 + 0.9.3-6 2016-01-15 09:36:19 +01:00
Jakub Jelen
5cbd391da9 Fix vulnerabilities published with openssh-7.1p2 (#1298626)
* CVE-2016-0777 OpenSSH: Client Information leak due to use of roaming connection feature
 * Fix an out of-bound read access in the packet handling code
2016-01-15 09:34:05 +01:00
Jakub Jelen
2cc5f8d34f 6.9p1-9 + 0.9.3-6 2015-10-06 18:13:39 +02:00
Jakub Jelen
17fe33f562 Revert "Apply GSSAPI key exchange methods in client offered list (#1261414)" (#1268968)
This reverts commit a78d20aea9, which is not applicable on openssh-6.9p1 and breaks gssapi keyex offer list from client.
2015-10-06 18:12:44 +02:00
Jakub Jelen
1163e29a09 6.9p1-8 + 0.9.3-6 2015-10-01 10:17:35 +02:00
Jakub Jelen
f57d783933 Increase size limit of glob structures in sftp 2015-10-01 10:16:18 +02:00
Jakub Jelen
88e0ad5272 Having no keys is not fatal in gssapi key exchange (#1261414) 2015-09-30 15:54:44 +02:00
Jakub Jelen
a78d20aea9 Apply GSSAPI key exchange methods in client offered list (#1261414) 2015-09-30 15:51:27 +02:00
Jakub Jelen
76d20b5d73 Return back forgotten patch which prevent connection using GSSAPI key exchange (#1261414) 2015-09-30 15:35:47 +02:00
Jakub Jelen
851c2edb82 6.9p1-7 + 0.9.3-6 2015-09-09 16:56:30 +02:00
Jakub Jelen
c4d3e04417 Fix warnings produced by gcc
related to
 * ssh-keysign and fingerprint algorithms
 * ssh and GSSAPI algorithms validation
2015-09-09 16:00:40 +02:00
Jakub Jelen
e41c4da9c3 6.9p1-6.1 + 0.9.3-6 2015-08-20 12:13:13 +02:00
Jakub Jelen
7eedf13e93 rebase gssKex patch to 6.9 2015-08-20 12:12:57 +02:00
Jakub Jelen
b03894d4b8 6.9p1-6 + 0.9.3-6 2015-08-20 11:37:07 +02:00
Jakub Jelen
4f43511091 Add GSSAPIKexAlgorithms option for server and client application 2015-08-20 11:36:20 +02:00
Jakub Jelen
e18038aa0e Add possibility to validate legacy system md5 fingerprints with less effort from user (#1249626) 2015-08-20 11:18:53 +02:00
Jakub Jelen
8cbf67daf2 Fix problem with DSA keys using pam_ssh_agent_auth (#1251777) 2015-08-19 16:48:56 +02:00
Jakub Jelen
23f2b8953b 6.9p1-5 + 0.9.3-6 2015-08-14 12:53:32 +02:00
Jakub Jelen
4776fad91e Fix several vulnerabilities published with new openssh-7.0, namely:
Incorrectly set TTYs to be world-writable (#1252861)
		https://anongit.mindrot.org/openssh.git/commit/?id=6f941396b6835ad18018845f515b0c4fe20be21a
	Privilege separation weakness related to PAM support (#1252844)
		https://anongit.mindrot.org/openssh.git/commit/?id=d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
	Use-after-free bug related to PAM support (#1252852)
		https://anongit.mindrot.org/openssh.git/commit/?id=5e75f5198769056089fb06c4d738ab0e5abc66f7
2015-08-14 12:49:23 +02:00
Jakub Jelen
405790ef61 Fix pam_ssh_agent_auth after rebase (#1251777) 2015-08-11 17:58:03 +02:00
Jakub Jelen
1d50678457 Remove obsolete triggerruns for migration to systemd
- overlapping versions are not supported by current rpm
2015-07-28 13:08:55 +02:00
Jakub Jelen
6286d6a8e6 6.9p1-4 + 0.9.3-6 2015-07-28 11:24:35 +02:00
Jakub Jelen
67938e0c00 Handle terminal control characters in scp progressmeter (#1247204) 2015-07-28 11:23:51 +02:00
Jakub Jelen
83bfb1fce5 6.9p1-3 + 0.9.3-6 2015-07-23 11:12:19 +02:00
Jakub Jelen
c6d2eca7de only query each keyboard-interactive device once (#1245971)
Upstream commit
https://anongit.mindrot.org/openssh.git/commit/?id=5b64f85bb811246c59ebab70aed331f26ba37b18
2015-07-23 11:06:12 +02:00
Jakub Jelen
ca62b6133e 6.9p1-2 + 0.9.3-6 2015-07-15 09:44:37 +02:00
Jakub Jelen
6e9574d7ec Fix race condition with auditing messages answers (#1242682) 2015-07-15 08:35:18 +02:00
Jakub Jelen
a4d9cd5694 Patch name, formating 2015-07-08 12:24:34 +02:00
Jakub Jelen
58ba50440e Allow building seccomp filters also for s390(x) architectures (#1195065) 2015-07-02 17:10:58 +02:00
Jakub Jelen
274e22c863 Forgotten sources 2015-07-01 17:54:29 +02:00
Jakub Jelen
187a349ee6 6.9p1-1 + 0.9.3-6 2015-07-01 15:51:20 +02:00
Jakub Jelen
5de6c89ff2 Correctly revert "PermitRootLogin no" option from upstream sources 2015-07-01 15:51:20 +02:00
Jakub Jelen
535d341e70 rebase to new upstream release 6.9 2015-07-01 15:51:01 +02:00
Jakub Jelen
21bee694ac Increase limitation number of files which can be listed using glob in sftp 2015-06-25 16:10:55 +02:00
Jakub Jelen
f3002bfb7b 6.8p1-9 + 0.9.3-5 2015-06-24 10:49:08 +02:00
Jakub Jelen
252221e6a1 Allow socketcall(SYS_SHUTDOWN) for net_child on ix86 architecture 2015-06-24 10:48:38 +02:00
Dennis Gilmore
b59dd83265 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-18 00:06:18 +00:00
Jakub Jelen
5aa47ae6f4 6.8p1-8 + 0.9.3-5 2015-06-08 09:06:12 +02:00
Jakub Jelen
7fa5057af5 Return stat syscall to seccomp filter, since it is not yet completely legacy (#1228323)
* problems occured with gssapi, which is trying to touch some libraries
2015-06-08 09:04:48 +02:00
Jakub Jelen
f049b3b1ad 6.8p1-7 + 0.9.3-5 2015-06-03 07:54:20 +02:00
Jakub Jelen
73d45fa321 Correct handle pam_ssh_agent_auth memory, buffers and variable sizes, which caused segfaults (#1225106) 2015-06-02 18:56:57 +02:00
Jakub Jelen
8a10dcb363 6.8p1-6 + 0.9.3-5 2015-05-28 14:02:26 +02:00
Jakub Jelen
09ca6ef2e6 Provide LDIF version of LPK schema 2015-05-28 13:51:58 +02:00
Jakub Jelen
474a38f916 Document required selinux boolean for working ssh-ldap-helper 2015-05-28 13:48:02 +02:00
Jakub Jelen
df3679f973 Add missing configuration values to ssh man page 2015-05-28 13:43:22 +02:00
Jakub Jelen
0a076e7e9e Add missing Banner in sshd -T output 2015-05-28 13:39:34 +02:00