similar to: openSSH versions

Hi, I saw this spec file for curl-7.29: https://git.centos.org/blob/rpms!curl.git/c7/SPECS!curl.spec And was wondering if you have one for a later version. And if not, how hard is it to modify the existing one to support later versions. Thanks! Roee.

Thanks! I can try to modify that for my needs. Any idea where can I find a list of patches? I'll look for centos specific ones that I might want to apply. The spec file you shared has a few upstream patches as well as Fedora specific ones. I wonder does one knows which patches should be applied to each release, do they publish it somewhere? Roee. ?On 1/23/19, 6:35 PM, "CentOS on behalf

On Jan 23, 2019, at 16:55, Roee Agami <ragami at bluecedar.com> wrote: > > Hi, > I saw this spec file for curl-7.29: > https://git.centos.org/blob/rpms!curl.git/c7/SPECS!curl.spec > > And was wondering if you have one for a later version. > And if not, how hard is it to modify the existing one to support later versions. There?s always the Fedora package?s spec file.

On Fri 2015-06-12 01:52:54 -0400, Mark D. Baushke wrote: > I have communicated with Allen Roginsky on this topic and I have been given permission to post his response. > > In this message below, the 'vendor' was Darren Tucker's generated prime > that used a generator value of 5. > > -- Mark > > From: "Roginsky, Allen" <allen.roginsky at

Darren Tucker <dtucker at zip.com.au> writes: > On Thu, Oct 29, 2015 at 12:32 PM, Mark D. Baushke <mdb at juniper.net> wrote: > > Diff updated with suggested changes (also, making the timestamp format > > ISO8601 compliant). > > > > Hmmm... full IOS8601 compliance would include the timzeone so the format > > I don't have a copy of the ISO8601

Hi Damien, Damien Miller <djm at mindrot.org> writes: > Thanks, but I don't think we're going to merge this one because I'm > somewhat worried that some systems we currently build on do not support > the -n syntax. Conversely, AFAIK everything* supports -number. Michael Forney said that he was trying to run on a system that did NOT support head -number and tail

Greetings, Given the weakness with Diffie-Hellman modp groups less than 2048, is it time to bump the suggested 1024 bit minimum value from the RFC 4419 to a more current 2048 value for OpenSSH 7.0? If so, should this be just a compile-time change, or should there be a new client and server runtime option? Thanks, -- Mark

https://bugzilla.mindrot.org/show_bug.cgi?id=2464 --- Comment #3 from Darren Tucker <dtucker at zip.com.au> --- Created attachment 2741 --> https://bugzilla.mindrot.org/attachment.cgi?id=2741&action=edit Changes as suggested. Diff updated with suggested changes (also, making the timestamp format ISO8601 compliant). That said, what's the use case for this? The timestamps are

On 25 September 2017 at 02:32, Mark D. Baushke <mdb at juniper.net> wrote: > [+CC Loganaden Velvindron <logan at hackers.mu>] primary author of > the RFC 4419 refresh draft. https://datatracker.ietf.org/doc/draft-lvelvindron-curdle-dh-group-exchange/ ? Tangent: has any consideration been given to increasing the maximum allowed beyond 8192 bits (which is below the current NIST

Can we disable diffie-hellman-group14-sha1 too? On Thu, Feb 14, 2019 at 10:23 PM Mark D. Baushke <mdb at juniper.net> wrote: > > Hi John, > > The short answer is YES. > > Jon DeVree <nuxi at vault24.org> writes: > > > I ask because the removal of diffie-hellman-group-exchange-sha1 happened > > accidently in 7.8 due to a mistake in a change to

On 1/23/19 1:55 PM, Roee Agami wrote: > Hi, > I saw this spec file for curl-7.29: > https://git.centos.org/blob/rpms!curl.git/c7/SPECS!curl.spec > > And was wondering if you have one for a later version. > And if not, how hard is it to modify the existing one to support later versions. > > Thanks! > Roee. > _______________________________________________ > CentOS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 2019-01-24 at 15:40 +0000, Roee Agami wrote: > Thanks! I can try to modify that for my needs. > Any idea where can I find a list of patches? I'll look for centos specific > ones that I might want to apply. > The spec file you shared has a few upstream patches as well as Fedora specific > ones. I wonder does one knows which

Also, a lot of measurement/research on deployment of OpenSSH rely on version advertising for their statistics. It's going to be harder to know impact of deprecation of certain legacy features without statistics. I also agree with Mark here. On Wed, Feb 20, 2019 at 10:57 AM Mark D. Baushke <mdb at juniper.net> wrote: > Nagesh writes: > > > Cyber security team has

I am having problems with EDNS support on a few Centos 6.3 bind servers. I am trying to determine if the problem is my Juniper SSG5 firewall of Centos. All the servers have firewall enabled, though I have tested with stopping iptables and ip6tables. I am using tests from: https://www.dns-oarc.net/oarc/services/replysizetest dig @localhost +short rs.dns-oarc.net txt gets: ;; Truncated,

On 09/24/2017 12:21 AM, Mark D. Baushke wrote: > I suggest you upgrade to a more recent edition of the OpenSSH software. > The most recent release is OpenSSH 7.5 and OpenSSH 7.6 will be released > very soon. This problem is in v7.5 and v7.6. See dh.c:436. > OpenSSH 6.6 was first released on October 6, 2014. I brought up v6.6 to give an example that older clients wouldn't be

https://bugzilla.mindrot.org/show_bug.cgi?id=2971 Bug ID: 2971 Summary: Prevent OpenSSH from advertising its version number Product: Portable OpenSSH Version: 7.6p1 Hardware: All OS: Linux Status: NEW Severity: security Priority: P5 Component: sshd Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2971 Bug ID: 2971 Summary: Prevent OpenSSH from advertising its version number Product: Portable OpenSSH Version: 7.6p1 Hardware: All OS: Linux Status: NEW Severity: security Priority: P5 Component: sshd Assignee: unassigned-bugs at

I needed to manually add a '#define HAVE_BOGUS_SYS_QUEUE_H 1' to the config.h file to get OpenSSH 3.1p1 to properly build under Solaris 2.6. Without it, the system <sys/queue.h> is included rather than using the openbsd-compat/fake-queue.h and the various TAILQ_* macros are not defined. I suspect that the configure.ac file needs to be updated to add the lines: if test

Please have a look at: http://www.experts- exchange.com/Networking/Linux_Networking/Q_21101467 .html and my responses to it. It is reasonably easy to get around the problem on Cygwin, and the windows version with putty doesn't appear to be a problem...but how is one supposed to deal with it in the linux. Perhaps a need to alter the sanity checks for the scp inpur args? Best regards

I ask because the removal of diffie-hellman-group-exchange-sha1 happened accidently in 7.8 due to a mistake in a change to readconf.c. I noticed this and filed a bug about it along with a patch to fix readconf.c to use KEX_CLIENT_* like it used to: https://github.com/openssh/openssh-portable/commit/1b9dd4aa https://bugzilla.mindrot.org/show_bug.cgi?id=2967 Its clear the removal was unintentional