4a6ef41937
Do not overwrite N and E for RSA-certs in ssh-agent ( #1416584 )
2017-02-03 11:06:19 +01:00
28ff3aa1c5
Correct path to crypto policies
2017-01-06 13:00:16 +01:00
b19926d292
openssh-7.4p1-1 + 0.10.2-5
2017-01-03 14:31:29 +01:00
58f79a27c3
Whitelist /usr/lib64/ for PKCS#11 modules
2017-01-03 14:31:29 +01:00
6cf9b8e61b
rebase to openssh-7.4p1-1
...
* Drop unaccepted (unapplying) coverity patches
* Drop server support for SSH1 (server)
* Workaround #2641 for systemd
* UseLogin is gone
* Drop upstream commit 28652bca
* Tighten seccomp filter (cache credentials before entering sandbox) (#1395288 )
2017-01-03 14:31:20 +01:00
4189cebf7a
Cache supported OIDS for GSSAPI kex ( #1395288 )
2017-01-03 14:31:20 +01:00
dd8e5419eb
Fix use-after-free error ( #1409433 )
2017-01-03 14:30:50 +01:00
38869a3406
Prevent hangs with long MOTD (filling buffers and blocking)
2016-12-20 17:31:03 +01:00
d8c2e8dc88
openssh-7.3p1-7 + 0.10.2-4
2016-12-08 14:13:32 +01:00
162941961a
Move MAX_DISPLAYS to a configuration option
2016-12-08 14:13:32 +01:00
4ce5741703
Properly deserialize received RSA certificates in ssh-agent ( #1402029 )
2016-12-08 13:50:08 +01:00
7bccf7e6e0
openssh-7.3p1-6 + 0.10.2-4
2016-11-16 11:07:41 +01:00
ef1da17783
GSSAPI requires futex syscall in privsep child ( #1395288 )
2016-11-16 08:48:33 +01:00
ccf623128a
Fix changelog
2016-11-07 09:33:43 +01:00
2a8bce34e4
openssh-7.3p1-5 + 0.10.2-4
2016-10-27 18:26:25 +02:00
aacf0d429a
OpenSSL 1.1.0 compat
2016-10-27 17:19:17 +02:00
ecc9f8d02b
When doing chroot
...
* we should not drop any capabilities for root
* we should not clear bounding capabilities for other users
* we should probably retain the supplement groups
2016-10-21 14:50:42 +02:00
c9d9fe9b0f
Recommend crypto-policies for a client package
2016-10-11 10:29:50 +02:00
d924bc6892
openssh-7.3p1-4 + 0.10.2-4
2016-09-29 14:14:19 +02:00
639ae2c73c
Include client Crypto Policy ( #1225752 )
2016-09-29 14:14:19 +02:00
ae831ab305
Fix NULL derefence ( #1380297 )
...
https://anongit.mindrot.org/openssh.git/patch/?id=28652bca29046f62c7045e933e6b931de1d16737
2016-09-29 11:15:13 +02:00
739842b137
Make the code build without SELinux and without Audit
2016-09-15 16:36:04 +02:00
0a605f4d31
openssh-7.3p1-3 + 0.10.2-4
2016-08-15 12:20:15 +02:00
38d533a5e1
Proper content of the included configuration files
2016-08-15 12:18:50 +02:00
73953d29f1
openssh-7.3p1-2 + 0.10.2-4
2016-08-09 10:32:01 +02:00
88f3a752ae
openssh-7.3p1-1. + 0.10.2-4
2016-08-09 08:24:35 +02:00
90ffc35e29
Correct permissions on the ssh_config directory ( #1365270 )
2016-08-09 08:23:44 +02:00
7ea4bdf410
forgotten sources
2016-08-05 15:50:24 +02:00
a711d3c82f
openssh-7.3p1-1 + 0.10.2-4
2016-08-04 13:57:21 +02:00
6454089e75
Create include directory with example content (redhat modifications)
2016-08-04 13:57:21 +02:00
334feb284c
Do not build ssh-keycat with sshd LIBS
2016-08-04 13:57:21 +02:00
b165161da2
When we don't listen for the clients, num_listen_socks is -1
2016-08-04 13:57:21 +02:00
6da7f4d0ed
Drop SCP progressmeter patch because of reworked UTF-8 API (tracked upstream #2434 )
2016-08-04 13:57:02 +02:00
b487a6d746
Move old canohost.h API to shared place, so it can be used by audit and gssapi (states)
2016-08-04 11:00:00 +02:00
5878ebb50e
Most of the coverity patch applied upstream, context changes for rebase
2016-08-04 10:59:59 +02:00
70c2ac20bd
CVE-2016-6210 is fixed upstream
2016-08-04 10:59:59 +02:00
13a7aaf5e3
CVE-2015-8325 and certificate regression are fixed upstream
2016-08-04 10:59:59 +02:00
38e1dfa80d
Upstream bug #2477 applied
2016-08-04 10:59:59 +02:00
4bd77fcccc
seccomp for secondary architecures patch already upstream ( #2590 )
2016-08-04 10:59:59 +02:00
05bc93847e
Bug #2281 resolved upstream
2016-08-04 10:59:59 +02:00
178ce15f5a
UTF-8 banners resolved by upstream bug #2058
2016-08-04 10:59:59 +02:00
14320ca590
The upstream bug #2257 is fixed
2016-08-04 10:59:59 +02:00
82bfd19e51
openssh-7.2p2-11 + 0.10.2-3
2016-07-26 15:41:29 +02:00
6a7dd92929
Remove legacy sshd-keygen ( #1359762 )
...
Revert "Add legacy sshd-keygen for anaconda (#1331077 )"
This reverts commit 0b5300a59c
2016-07-26 15:41:29 +02:00
793bc4b1cc
Remove slogin symlinks ( #1359762 )
...
Revert "Restore slogin symlinks"
This reverts commit e762f7265e
2016-07-26 15:41:29 +02:00
b4df5ebb8d
Rework SELinux context handling with chroot using libcap-ng ( #1357860 )
2016-07-26 15:40:30 +02:00
9dc741314f
openssh-7.2p2-10 + 0.10.2-3
2016-07-18 13:55:58 +02:00
1057900209
Prevent user enumeration via timing channel (CVE-2016-6210)
2016-07-18 13:30:52 +02:00
209c7a8aea
Expose more information to PAM
2016-07-18 13:30:51 +02:00
9864973c69
Make closefrom() ignore softlinks to the /dev/ devices on s390
2016-07-18 12:26:15 +02:00
Jakub Jelen