similar to: OpenSSH security advisory: legacy certificate signing in 5.6/5.7

OpenSSH Security Advisory: legacy-certs.adv This document may be found at: http://www.openssh.com/txt/legacy-cert.adv 1. Vulnerability Legacy certificates generated by OpenSSH might contain data from the stack thus leaking confidential information. 2. Affected configurations OpenSSH 5.6 and OpenSSH 5.7 only when generating legacy certificates. These must be

Hello Steve, Hello OpenSSH-portable developers, I am building OpenSSH for our (EBCDIC-based) BS2000 mainframe operating system, and I noticed you do the same for OS/390. Because my initial ssh port was based on IBM's OSS port (ssh-1.2.2 or some such), I thought it was fair enough to help with a little co-operation; we might come up with a unified EBCDIC patch which could be contributed to

This (very quick) patch allows you to connect with the commercial ssh.com windows client and use x509 certs for hostkeys. You have to import your CA cert (ca.crt) in the windows client and certify your hostkey: $ cat << 'EOF' > x509v3.cnf CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 [x509v3_CA]

libXdmcp is the X Display Manager Control Protocol library, used by both X servers and display managers to handle both ends of the XDMCP connection. This release provides a fix for CVE-2017-2625 for platforms which don't have arc4random_buf() in their default libraries but do have getentropy(), such as Linux platforms with a kernel version of 3.17 or newer and a glibc version of 2.25 or

libICE provides the API for the Inter-Client Exchange protocol. This release provides a fix for CVE-2017-2626 for platforms which don't have arc4random_buf() in their default libraries but do have getentropy(), such as Linux platforms with a kernel version of 3.17 or newer and a glibc version of 2.25 or newer. (libICE 1.0.9 already ensured that arc4random_buf() is used on platforms that

OpenSSH 5.8 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

https://bugzilla.mindrot.org/show_bug.cgi?id=2465 Bug ID: 2465 Summary: openssh portable does not check if arc4random_buf is declared in the system headers? Product: Portable OpenSSH Version: 7.1p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5

This patch against OpenBSD -current adds a simple form of PKI to OpenSSH. We'll be using it at work. See README.certkey (the first chunk of the patch) for details. Everything below is BSD licensed, sponsored by Allamanda Networks AG. Daniel --- /dev/null Wed Nov 15 15:14:20 2006 +++ README.certkey Wed Nov 15 15:13:45 2006 @@ -0,0 +1,176 @@ +OpenSSH Certkey + +INTRODUCTION + +Certkey allows

A collection of stability fixes here across glamor, Xwayland, input, and Prime support. Also a security fix for CVE-2017-2624, a timing attack which can brute-force MIT-MAGIC-COOKIE authentication. Everybody is encouraged to upgrade. Thanks to all who contributed fixes! Adam Jackson (5):       xserver 1.19.2       Revert "xserver 1.19.2"       os: Squash missing declaration warning for

On Fri, 22 Jul 2016, Hisashi T Fujinaka wrote: > regress/unittests/test_helper/test_helper.c:162 > (gdb) p key > $1 = (struct sshkey *) 0x7037f9b120c0 > (gdb) p key->cert > $2 = (struct sshkey_cert *) 0x7037f9b1b080 > (gdb) p *key->cert > $3 = {certblob = 0x7037f9b162a0, type = 2, serial = 5, key_id = 0x7037f9b18090 > "julius", nprincipals = 1, >

On Tue, 16 Feb 2016, Hisashi T Fujinaka wrote: > On Wed, 17 Feb 2016, Damien Miller wrote: > > > > Core was generated by `test_sshkey'. > > > Program terminated with signal SIGSEGV, Segmentation fault. > > > #0 0x000000000041273e in cert_parse (key=0x7f7ff7b120c0, > > > certbuf=0x7f7ff7b16200, b=0x7f7ff7b161b0) at sshkey.c:1896 > > > 1896

hello.. i am running openssh-3.7.1p2. on linux.It is working successfully..and daemon is running &client also connecting.But the problem is with the mips architecture when i connecting this server from remote syytem.?i got an error of buufer_get:trying to get more bytes 1 than buffer0.And client is not connecting from remote system.My out is as follows on my server ?in sshd main before

hello.. i am running openssh-3.7.1p2. on linux.It is working successfully.and daemon is running &client also connecting.But the problem is with the mips architecture when i connecting this server from remote syytem. i got an error of buufer_get:trying to get more bytes 1 than buffer0.And client is not connecting from remote system.My out is as follows on my server in sshd main before

Please CC me. I'm not subscribed. Attached is a patch against 2.5.4pre1 CVS current to add the --link-dest option so rsync will create hardlinks for unchanged regular files to a directory on the destination. This is like --compare-dest except that the result is not a sparse tree. Also included is extension to --(ex|in)clude-from to allow - for stdin. Could one of the maintainers please add

Hi all, I recently made a patch to openssh 4.1p1 to allow it to use the in-kernel key management provided by 2.6.12 or later Linux kernels. I've attached the patch (which is still only a proof-of-concept, for instance its very verbose right now) to this mail. Now, my question is, is this a completely insane idea and would (a later version of) the patch have a chance of making it into the

OpenSSH 7.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. Once again, we would like to thank the OpenSSH community

does somebody like this? Index: Makefile.inc =================================================================== RCS file: /cvs/src/usr.bin/ssh/Makefile.inc,v retrieving revision 1.21 diff -u -r1.21 Makefile.inc --- Makefile.inc 30 Oct 2001 20:32:31 -0000 1.21 +++ Makefile.inc 16 Nov 2001 12:07:22 -0000 @@ -10,7 +10,7 @@ CDIAGFLAGS+= -Wmissing-prototypes CDIAGFLAGS+= -Wunused -#DEBUG=-g

OpenSSH 7.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. Once again, we would like to thank the OpenSSH community

Hi all, This is a patch against 4.2p1 (compiling for a Linux --- an old, highly customized 7.2 to be specific). When I compiled it from your original source, installed it, and turned on PAM (for passwd aging), I couldn't get the passwd expiration warnings as specified in /etc/shadow to work at all (the message that is supposed to warn you as you're logging in that your passwd will expire

Here are three versions (patch against openbsd cvs) 1) repace nacl w/libsodium, so i could test 2) curve25519-donna 3) Matthew's public domain reference implementation. i'd vote for #3 -------------- next part -------------- Am 30.10.2013 um 07:27 schrieb Damien Miller <djm at mindrot.org>: > On Tue, 24 Sep 2013, Aris Adamantiadis wrote: > >> Dear OpenSSH