similar to: [ANNOUNCE] libICE 1.0.10

libXdmcp is the X Display Manager Control Protocol library, used by both X servers and display managers to handle both ends of the XDMCP connection. This release provides a fix for CVE-2017-2625 for platforms which don't have arc4random_buf() in their default libraries but do have getentropy(), such as Linux platforms with a kernel version of 3.17 or newer and a glibc version of 2.25 or

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alan Coopersmith: Add *~ to .gitignore to skip emacs/patch droppings Coverity #1085: Double free of pointer "*listenObjsRet" Coverity #1086: Double free of pointer "*listenObjsRet" Add hooks for checking source code with lint/sparse/etc. Convert authutil.c static helpers to ANSI C prototypes to clear

https://bugzilla.mindrot.org/show_bug.cgi?id=2465 Bug ID: 2465 Summary: openssh portable does not check if arc4random_buf is declared in the system headers? Product: Portable OpenSSH Version: 7.1p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5

OpenSSH Security Advisory: legacy-certs.adv This document may be found at: http://www.openssh.com/txt/legacy-cert.adv 1. Vulnerability Legacy certificates generated by OpenSSH might contain data from the stack thus leaking confidential information. 2. Affected configurations OpenSSH 5.6 and OpenSSH 5.7 only when generating legacy certificates. These must be

OpenSSH Security Advisory: legacy-certs.adv This document may be found at: http://www.openssh.com/txt/legacy-cert.adv 1. Vulnerability Legacy certificates generated by OpenSSH might contain data from the stack thus leaking confidential information. 2. Affected configurations OpenSSH 5.6 and OpenSSH 5.7 only when generating legacy certificates. These must be

A collection of stability fixes here across glamor, Xwayland, input, and Prime support. Also a security fix for CVE-2017-2624, a timing attack which can brute-force MIT-MAGIC-COOKIE authentication. Everybody is encouraged to upgrade. Thanks to all who contributed fixes! Adam Jackson (5):       xserver 1.19.2       Revert "xserver 1.19.2"       os: Squash missing declaration warning for

Here are three versions (patch against openbsd cvs) 1) repace nacl w/libsodium, so i could test 2) curve25519-donna 3) Matthew's public domain reference implementation. i'd vote for #3 -------------- next part -------------- Am 30.10.2013 um 07:27 schrieb Damien Miller <djm at mindrot.org>: > On Tue, 24 Sep 2013, Aris Adamantiadis wrote: > >> Dear OpenSSH

I have an NXP i.MX6-based armv7l-dey-linux-gnueabihf system in which I am seeing some as-yet-unaccountable behavior in sshd when compiled with Arm/GCC 10/11/12. That is, when attempting to scp/slogin/ssh to 'root@<host>', where <host> is either a name or IPv4 or IPv6 address, the connection is quickly closed by the server without prompting for a password. The variable I can

This is the first release candidate for xserver 1.20. Notable changes since 1.19 include: - RANDR 1.6, which enables leasing RANDR resources to a client for its exclusive use (e.g. head mounted displays) - Depth 30 support in glamor and the modesetting driver - A meson-based build system, parallel to autotools - Pageflipping support for PRIME output sinks - OutputClass device matching for

https://bugzilla.mindrot.org/show_bug.cgi?id=3487 Bug ID: 3487 Summary: "getentropy failed" after upgrade from 9.0 Product: Portable OpenSSH Version: 9.1p1 Hardware: ARM OS: Linux Status: NEW Severity: critical Priority: P5 Component: sshd Assignee: unassigned-bugs

On Sun, 19 Mar 2023 at 12:25, Nathan Wagner <nw at hydaspes.if.org> wrote: > I'm trying to compile openssh with openssl 3.1 on a linux machine with > kernel 4.15.10. I seem to get stuck at: > > configure: error: OpenSSH has no source of random numbers. Please > configure OpenSSL with an entropy source or re-run configure using one > of the --with-prngd-port or

Hi, Yesterday I tried to replace the system openssl in a gentoo system with libressl. With openssh an interesting issue popped up: * RAND_bytes in libressl calls arc4random * arc4random is a compat function both in openssh and libressl * arc4random from openssh uses RAND_bytes So what's happening is a recursion. arc4random wants to use RAND_bytes and RAND_bytes wants to use arc4random. The

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

Dear openssh developers In a shell script I need to verify if a key belonging to a given public key file is already loaded into the agent. To achieve this, I added a new option -v to ssh-add which does this verification. The patch bases on openssh v5.8p1. The regression test agent.sh was extended to test this new feature. Is there any chance for inclusion of attached patch? Cheers Konrad --

Hi, A question regarding chroot, internal-sftp, and time zones: Is it possible to get the time stamps presented by the chrooted internal-sftp to always be aligned with the system global time zone setting? What is the reason this not done by default, that is couldn't the chrooted internal-sftp inherit the time zone information from the SSH daemon? /John -- John Olsson Ericsson AB

Hello, With current portable master source tree HAVE_CRYPT and HAVE_DES_CRYPT are not defined. It seems to me this is regression introduced with implementation of configure options --with-openssl. Impacted code is in xcrypt.c: ... # if defined(WITH_OPENSSL) && !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT) # include <openssl/des.h> # define crypt DES_crypt # endif ...

I am having trouble figuring out how to build openssh-5.8p1 for QNX 6.5. I am trying to build on linux, cross-compiling for armv7. If I configure like this: configure CC=ntoarmv7-gcc --host=i686-pc-linux-gnu --target=arm-unknown-nto-qnx6.5.0 then I get these errors: sshconnect.o: In function `timeout_connect': sshconnect.c:(.text+0x778): undefined reference to

I used 1.0.10 with the quota-rewrite patch for v1.0. With that, I configured: quota_warning = storage=10%% /usr/local/scripts/quota-warning 90 quota_warning2 = storage=5%% /usr/local/scripts/quota-warning 95 quota_warning3 = storage=1%% /usr/local/scripts/quota-warning 99 with 1.1, the logic for the quota_warning entries changed (http://wiki.dovecot.org/Quota/New): quota_warning =

Greetings- I'm running dovecot 1.0.10, but am seeing the "too little data" error that was supposedly fixed in 1.0.9. Not sure how long it's been going on. I have a straightforward mbox setup, and am using Thunderbird to check my inbox. It can't read the box. The log fills up with these messages: Feb 8 23:24:43 chilled dovecot: imap-login: Login: user=<mike>,

Hi, Does anyone know how to configure speex in asterisk 1.0.10? I've successfully installed it but cannot get any idea how to set the quality, etc.. Thanks Regards, Stevanus