Commit Graph

668 Commits

Author SHA1 Message Date
Jakub Jelen
bb3e880c01 Add SSH KDF CAVS test driver for future FIPS validation (#1193045) 2015-02-18 15:48:10 +01:00
Jakub Jelen
14c675f3a5 Use global hardening specification instead of hardening made by openssh.
Openssh uses by default -fPIE flag, which didn't allow to build
pam_ssh_agent_auth.so with from libssh.a.
Validated using /CoreOS/openssh/Regression/bz642927-add-relro-flag
2015-02-18 10:34:40 +01:00
Jakub Jelen
0a4ac4f4d3 Enable seccomp sandboxing after resolving problems with audit patch (#1062953) 2015-02-11 14:08:42 +01:00
Jakub Jelen
b552eb6714 Make output of sshd -T more consistent, using upstream patch (#1187521) 2015-02-03 14:17:05 +01:00
Jakub Jelen
580f986839 Update coverity patch after rebase to 6.7 2015-02-03 14:09:51 +01:00
Jakub Jelen
6c6416dc9d 6.7p1-2 + 0.9.3-4 2015-01-27 14:10:18 +01:00
Jakub Jelen
021326a6ae Fix audit patch after rebase to 6.7 2015-01-27 12:07:13 +01:00
Petr Lautrbach
9b4e25cce0 temporarily disable audit patch causing segmentation faults 2015-01-20 17:08:25 +01:00
Petr Lautrbach
f29c8784c6 restore tcp wrappers support, based on Debian patch
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
2015-01-20 17:06:46 +01:00
Petr Lautrbach
1900351913 6.7p1-1 + 0.9.3-4 2015-01-20 13:21:45 +01:00
Petr Lautrbach
b457c98bec use upstream FigerPrintHash for fingerprint - 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 2015-01-19 15:26:56 +01:00
Petr Lautrbach
98584338a4 fix direction in CRYPTO_SESSION audit message 2015-01-16 17:40:20 +01:00
Jakub Jelen
3ffcb799b3 Fix changelog entry 2015-01-15 15:03:12 +01:00
Jakub Jelen
2109ab67c2 6.6.1p1-11 + 0.9.3-3 2015-01-14 17:15:02 +01:00
Petr Lautrbach
140e5ca05d add new option GSSAPIEnablek5users and disable using ~/.k5users by default
CVE-2014-9278 (#1170745)
2015-01-14 17:10:40 +01:00
Jakub Jelen
9080a85b54 Update vendor-patchlevel string 2015-01-14 16:55:27 +01:00
Jakub Jelen
f92cd01d62 Update ldap extension to resolve #981058 2015-01-14 16:52:03 +01:00
Jakub Jelen
e581af0a84 Add missing documentation link to systemd service files (RHBZ#1181593) 2015-01-14 16:51:44 +01:00
Jakub Jelen
b9d68e7db4 Fix config parser for ip:port values (#1130733) 2015-01-14 16:48:32 +01:00
Jakub Jelen
fd06d69c6a Fix confusing error message in scp (#1142223) 2015-01-14 16:46:23 +01:00
Petr Lautrbach
62986c5e87 6.6.1p1-10 + 0.9.3-3 2014-12-19 10:24:59 +01:00
Petr Lautrbach
7a7b8f0984 log via monitor in chroots without /dev/log 2014-12-19 10:14:36 +01:00
Petr Lautrbach
720cf82ef2 record pfs= field in CRYPTO_SESSION audit event 2014-12-15 18:59:39 +01:00
Petr Lautrbach
cf5c1140f2 increase size of AUDIT_LOG_SIZE to 256 2014-12-11 14:21:42 +01:00
Petr Lautrbach
276c16ce71 6.6.1p1-9 + 0.9.3-3 2014-12-03 18:18:19 +01:00
Petr Lautrbach
56a647f5e3 the .local domain example should be in ssh_config, not in sshd_config 2014-12-03 18:15:25 +01:00
Petr Lautrbach
08fe9e8e47 use different values for DH for Cisco servers (#1026430) 2014-12-03 17:10:47 +01:00
Petr Lautrbach
823364a11e 6.6.1p1-8 + 0.9.3-3 2014-11-13 22:21:52 +01:00
Petr Lautrbach
44f0ac8d08 fix several coverity issues Resolves: rhbz#1139794 2014-11-13 22:16:51 +01:00
Petr Lautrbach
57666dc3be fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request (#1118005) 2014-11-12 17:35:37 +01:00
Petr Lautrbach
a1e1ac2bfc 6.6.1p1-7 + 0.9.3-3 2014-11-07 12:53:03 +01:00
Petr Lautrbach
65a6cd2d8c correct the calculation of bytes for authctxt->krb5_ccname <ams@corefiling.com> (#1161073) 2014-11-07 12:52:06 +01:00
Petr Lautrbach
3b7c8620a1 6.6.1p1-6 + 0.9.3-3 2014-11-04 19:09:42 +01:00
Petr Lautrbach
5296a797aa privsep_preauth: use SELinux context from selinux-policy (#1008580) 2014-11-04 19:06:14 +01:00
Petr Lautrbach
414bfae1bc change audit trail
- do not use (invalid user)
- change acct for an unknown user "(unknown)"
- don't send login audit event in getpwnamallow()
2014-11-04 18:56:47 +01:00
Petr Lautrbach
30c06a07fb fix kuserok patch which checked for the existence of .k5login unconditionally and hence prevented other mechanisms to be used properly 2014-10-24 23:50:58 +02:00
Petr Lautrbach
1ba984dcf2 revert the default of KerberosUseKuserok back to yes (#1153076) 2014-10-24 23:50:09 +02:00
Petr Lautrbach
0f0e055d6a Ignore SIGXFSZ in postauth monitor
https://bugzilla.mindrot.org/show_bug.cgi?id=2263
2014-09-29 08:37:05 +02:00
Petr Lautrbach
4b24967a9c fix parsing of empty arguments in sshd_conf
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
2014-09-25 11:45:47 +02:00
Stanislav Zidek
c8fc193f3d sshd-keygen - don't generate DSA and ED25519 host keys in FIPS mode 2014-09-23 12:29:25 +02:00
Petr Lautrbach
afde9f8153 6.6.1p1-5 + 0.9.3-3 2014-09-08 10:35:57 +02:00
Petr Lautrbach
ce2d80b4e7 don't consider a partial success as a failure 2014-09-04 16:33:25 +02:00
Petr Lautrbach
163064841f apply RFC3454 stringprep to banners when possible
https://bugzilla.mindrot.org/show_bug.cgi?id=2058
2014-09-04 16:12:11 +02:00
Petr Lautrbach
c16b7033ca change the rsa key generation error message due to FIPS restrictions in openssl 2014-09-02 15:41:51 +02:00
Petr Lautrbach
0a3f4e122d set a client's address right after a connection is set
http://bugzilla.mindrot.org/show_bug.cgi?id=2257
2014-09-02 10:49:31 +02:00
Peter Robinson
662c5a05b3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 14:08:07 +00:00
Tom Callaway
e336e33a32 fix license handling 2014-07-18 19:28:30 -04:00
Petr Lautrbach
8ff21c966a 6.6.1p1-3 + 0.9.3-2 2014-07-18 08:38:51 +02:00
Petr Lautrbach
817071dc4d standardise on NI_MAXHOST for gethostname() string lengths (#1051490) 2014-07-17 14:28:16 +02:00
Petr Lautrbach
cef0d582b6 6.6.1p1-2 + 0.9.3-2 2014-07-14 12:35:16 +02:00