Commit Graph

619 Commits

Author SHA1 Message Date
Jakub Jelen
cbda6f57fb Solve issue with ssh-copy-id and keys without trailing newline (#1093168) 2015-02-25 10:46:29 +01:00
Jakub Jelen
5f3c83fd09 6.7p1-8 + 0.9.3-4 2015-02-24 10:10:07 +01:00
Marcin Juszkiewicz
6656486e18 Add AArch64 support for seccomp_filter sandbox (#1195065) 2015-02-24 09:17:43 +01:00
Jakub Jelen
e0f867b153 6.7p1-7 + 0.9.3-4 2015-02-23 12:43:25 +01:00
Jakub Jelen
c13a4b7170 6.7p1-6 + 0.9.3-4 2015-02-23 12:18:07 +01:00
Jakub Jelen
d5a8001387 Fix seccomp filter for ix68 (#1194401), fix previous commit 2015-02-23 12:17:30 +01:00
Peter Robinson
b9846a816d fix if statement 2015-02-22 17:36:25 +00:00
Peter Robinson
74e740c136 Only use seccomp for sandboxing on supported platforms 2015-02-22 17:28:16 +00:00
Jakub Jelen
c6945293fd 6.7p1-4 + 0.9.3-4 2015-02-20 15:06:26 +01:00
Jakub Jelen
77f453b74d cleanup working directory, spec file and unused patches after rebase 2015-02-20 15:06:17 +01:00
Jakub Jelen
08cb909f5d Move cavs tests into subpackage -cavs (#1194320) 2015-02-20 13:24:42 +01:00
Jakub Jelen
2f556360f6 6.7p1-3 + 0.9.3-4 2015-02-18 16:11:48 +01:00
Jakub Jelen
6df422d544 Fix ssh-copy-id on non-sh shells (#1045191) 2015-02-18 16:01:39 +01:00
Jakub Jelen
bb3e880c01 Add SSH KDF CAVS test driver for future FIPS validation (#1193045) 2015-02-18 15:48:10 +01:00
Jakub Jelen
14c675f3a5 Use global hardening specification instead of hardening made by openssh.
Openssh uses by default -fPIE flag, which didn't allow to build
pam_ssh_agent_auth.so with from libssh.a.
Validated using /CoreOS/openssh/Regression/bz642927-add-relro-flag
2015-02-18 10:34:40 +01:00
Jakub Jelen
0a4ac4f4d3 Enable seccomp sandboxing after resolving problems with audit patch (#1062953) 2015-02-11 14:08:42 +01:00
Jakub Jelen
b552eb6714 Make output of sshd -T more consistent, using upstream patch (#1187521) 2015-02-03 14:17:05 +01:00
Jakub Jelen
580f986839 Update coverity patch after rebase to 6.7 2015-02-03 14:09:51 +01:00
Jakub Jelen
6c6416dc9d 6.7p1-2 + 0.9.3-4 2015-01-27 14:10:18 +01:00
Jakub Jelen
021326a6ae Fix audit patch after rebase to 6.7 2015-01-27 12:07:13 +01:00
Petr Lautrbach
9b4e25cce0 temporarily disable audit patch causing segmentation faults 2015-01-20 17:08:25 +01:00
Petr Lautrbach
f29c8784c6 restore tcp wrappers support, based on Debian patch
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
2015-01-20 17:06:46 +01:00
Petr Lautrbach
1900351913 6.7p1-1 + 0.9.3-4 2015-01-20 13:21:45 +01:00
Petr Lautrbach
b457c98bec use upstream FigerPrintHash for fingerprint - 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 2015-01-19 15:26:56 +01:00
Jakub Jelen
3ffcb799b3 Fix changelog entry 2015-01-15 15:03:12 +01:00
Jakub Jelen
2109ab67c2 6.6.1p1-11 + 0.9.3-3 2015-01-14 17:15:02 +01:00
Petr Lautrbach
140e5ca05d add new option GSSAPIEnablek5users and disable using ~/.k5users by default
CVE-2014-9278 (#1170745)
2015-01-14 17:10:40 +01:00
Jakub Jelen
9080a85b54 Update vendor-patchlevel string 2015-01-14 16:55:27 +01:00
Jakub Jelen
b9d68e7db4 Fix config parser for ip:port values (#1130733) 2015-01-14 16:48:32 +01:00
Jakub Jelen
fd06d69c6a Fix confusing error message in scp (#1142223) 2015-01-14 16:46:23 +01:00
Petr Lautrbach
62986c5e87 6.6.1p1-10 + 0.9.3-3 2014-12-19 10:24:59 +01:00
Petr Lautrbach
7a7b8f0984 log via monitor in chroots without /dev/log 2014-12-19 10:14:36 +01:00
Petr Lautrbach
720cf82ef2 record pfs= field in CRYPTO_SESSION audit event 2014-12-15 18:59:39 +01:00
Petr Lautrbach
276c16ce71 6.6.1p1-9 + 0.9.3-3 2014-12-03 18:18:19 +01:00
Petr Lautrbach
56a647f5e3 the .local domain example should be in ssh_config, not in sshd_config 2014-12-03 18:15:25 +01:00
Petr Lautrbach
08fe9e8e47 use different values for DH for Cisco servers (#1026430) 2014-12-03 17:10:47 +01:00
Petr Lautrbach
823364a11e 6.6.1p1-8 + 0.9.3-3 2014-11-13 22:21:52 +01:00
Petr Lautrbach
44f0ac8d08 fix several coverity issues Resolves: rhbz#1139794 2014-11-13 22:16:51 +01:00
Petr Lautrbach
a1e1ac2bfc 6.6.1p1-7 + 0.9.3-3 2014-11-07 12:53:03 +01:00
Petr Lautrbach
3b7c8620a1 6.6.1p1-6 + 0.9.3-3 2014-11-04 19:09:42 +01:00
Petr Lautrbach
5296a797aa privsep_preauth: use SELinux context from selinux-policy (#1008580) 2014-11-04 19:06:14 +01:00
Petr Lautrbach
0f0e055d6a Ignore SIGXFSZ in postauth monitor
https://bugzilla.mindrot.org/show_bug.cgi?id=2263
2014-09-29 08:37:05 +02:00
Petr Lautrbach
4b24967a9c fix parsing of empty arguments in sshd_conf
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
2014-09-25 11:45:47 +02:00
Petr Lautrbach
afde9f8153 6.6.1p1-5 + 0.9.3-3 2014-09-08 10:35:57 +02:00
Petr Lautrbach
ce2d80b4e7 don't consider a partial success as a failure 2014-09-04 16:33:25 +02:00
Petr Lautrbach
163064841f apply RFC3454 stringprep to banners when possible
https://bugzilla.mindrot.org/show_bug.cgi?id=2058
2014-09-04 16:12:11 +02:00
Petr Lautrbach
0a3f4e122d set a client's address right after a connection is set
http://bugzilla.mindrot.org/show_bug.cgi?id=2257
2014-09-02 10:49:31 +02:00
Peter Robinson
662c5a05b3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 14:08:07 +00:00
Tom Callaway
e336e33a32 fix license handling 2014-07-18 19:28:30 -04:00
Petr Lautrbach
8ff21c966a 6.6.1p1-3 + 0.9.3-2 2014-07-18 08:38:51 +02:00
Petr Lautrbach
817071dc4d standardise on NI_MAXHOST for gethostname() string lengths (#1051490) 2014-07-17 14:28:16 +02:00
Petr Lautrbach
cef0d582b6 6.6.1p1-2 + 0.9.3-2 2014-07-14 12:35:16 +02:00
Petr Lautrbach
d8b90ac6f8 minor spec file cleanup 2014-07-09 21:40:06 +02:00
Petr Lautrbach
8028159313 fix and rebase fips patch to 6.6.1p1 2014-07-09 21:16:53 +02:00
Petr Lautrbach
5160c9c8f3 rebase audit patch for 6.6.1p1 2014-07-08 17:42:18 +02:00
Petr Lautrbach
86f29c353e bring back openssh-5.5p1-x11.patch 2014-07-03 16:42:56 +02:00
Petr Lautrbach
5fcfcac428 drop openssh-5.8p2-remove-stale-control-socket.patch 2014-07-03 16:23:00 +02:00
Petr Lautrbach
8b5feef2c8 bring back the openssh-5.8p2-sigpipe.patch 2014-07-03 16:14:38 +02:00
Dennis Gilmore
d1b0938acc - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 12:01:42 -05:00
Petr Lautrbach
5cde9cd3f2 6.6.1p1-1 + 0.9.3-2 2014-06-03 17:52:36 +02:00
Petr Lautrbach
fb6f390a78 drop openssh-server-sysvinit subpackage 2014-06-03 17:42:49 +02:00
Petr Lautrbach
44fb3c6aeb OpenSSH 6.5 and 6.6 sometimes encode a value used in the
curve25519 key exchange incorrectly, causing connection failures
about 0.2% of the time when this method is used against a peer that
implements the method properly.

Fix the problem and disable the curve25519 KEX when speaking to
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
to enable the compatability code.

openssh-6.6.1p1
2014-06-03 17:18:36 +02:00
Petr Lautrbach
94c6f8ddcc rebase to openssh-6.6p1 2014-06-03 16:51:07 +02:00
Petr Lautrbach
d75575229f 6.4p1-4 + 0.9.3-1 2014-05-15 10:37:16 +02:00
Petr Lautrbach
8f8619e1e6 ignore environment variables with embedded '=' or '\0' characters (#1077843)
CVE-2014-2532
2014-05-15 10:24:04 +02:00
Petr Lautrbach
d271e02296 prevent a server from skipping SSHFP lookup (#1081338)
CVE-2014-2653
2014-05-15 10:23:46 +02:00
Petr Lautrbach
9a031d2641 try CLOCK_BOOTTIME with fallback (#1091992) 2014-05-14 17:30:43 +02:00
Petr Lautrbach
f9f83a00b5 make /etc/ssh/moduli file public (#1043661) 2014-02-26 15:54:02 +01:00
Petr Lautrbach
96df3b5ecb use tty allocation for a remote scp 2014-01-23 18:30:39 +01:00
Petr Lautrbach
b898cbf5e1 Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set 2014-01-23 18:30:03 +01:00
Petr Lautrbach
084bc6fca5 FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A 2014-01-23 18:29:02 +01:00
Petr Lautrbach
222dd2e358 6.4p1-3 + 0.9.3-1 2013-12-11 14:32:11 +01:00
Petr Lautrbach
89d920b074 6.4p1-2 + 0.9.3-1 2013-11-26 15:28:39 +01:00
Petr Lautrbach
09e9ef3d7c 6.4p1-1 + 0.9.3-1 2013-11-08 14:04:33 +01:00
Petr Lautrbach
3ed6191f56 6.3p1-5 + 0.9.3-7 2013-11-01 17:07:27 +01:00
Petr Lautrbach
5795323a53 don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> (#1024965) 2013-11-01 17:06:02 +01:00
Petr Lautrbach
7feb965804 6.3p1-4 + 0.9.3-6 2013-10-25 15:46:49 +02:00
Petr Lautrbach
2add7a8ff5 rebuild with openssl-1.0.1e-29.fc20 to enable ECC support 2013-10-25 15:19:26 +02:00
Petr Lautrbach
f0aa6e5f51 rebuild with openssl-1.0.1e-29.fc20 to enable ECC support 2013-10-25 14:46:48 +02:00
Petr Lautrbach
a5e23f2861 6.3p1-3 + 0.9.3-6 2013-10-24 16:45:21 +02:00
Petr Lautrbach
ff7a26b109 6.3p1-2 + 0.9.3-6 2013-10-23 23:14:38 +02:00
Petr Lautrbach
1f36406833 Increase the size of the Diffie-Hellman groups requested for a each
symmetric key size.  New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419.  Pointed out by Peter Backes, ok
djm@. (#1010607)
2013-10-23 22:41:53 +02:00
Petr Lautrbach
d088f94bd9 use default_ccache_name from /etc/krb5.conf for a kerberos cache (#991186) 2013-10-23 22:08:19 +02:00
Petr Lautrbach
e40d5d19d9 added Obsoletes: *fips 2013-10-15 17:55:40 +02:00
Petr Lautrbach
a92e916970 6.3p1-1 + 0.9.3-6 2013-10-14 15:55:03 +02:00
Petr Lautrbach
84822b5dec rebase for openssh-6.3p1, remove unused patches (#1007769) 2013-10-14 15:54:41 +02:00
Petr Lautrbach
c33ef551ca 6.2p2-9 + 0.9.3-5 2013-10-08 17:28:16 +02:00
Petr Lautrbach
2ae5f9ff89 Revert "add -fips subpackages that contains the FIPS module files"
This reverts commit 227f4f7628.
2013-10-08 17:13:39 +02:00
Petr Lautrbach
d4d8299c30 Revert "add missing Requires: openssl-fips in -fips subpackages"
This reverts commit a19397fdd2.

Conflicts:
	openssh.spec
2013-10-08 17:06:14 +02:00
Petr Lautrbach
b61d9c10d3 Revert "use hmac_suffix for ssh{,d} hmac checksums"
This reverts commit c6724c72f4.
2013-10-08 17:04:53 +02:00
Petr Lautrbach
0cc0054215 Revert "use {?dist} tag in suffixes for hmac checksum files"
This reverts commit 15244ec178.
2013-10-08 17:04:40 +02:00
Petr Lautrbach
f344f8490c 6.2p2-8 + 0.9.3-5 2013-09-25 14:13:01 +02:00
Petr Lautrbach
15244ec178 use {?dist} tag in suffixes for hmac checksum files 2013-09-20 17:11:49 +02:00
Petr Lautrbach
eba55f9c1b 6.2p2-7 + 0.9.3-5 2013-09-11 16:54:14 +02:00
Petr Lautrbach
c6724c72f4 use hmac_suffix for ssh{,d} hmac checksums 2013-09-11 16:05:58 +02:00
Petr Lautrbach
a19397fdd2 add missing Requires: openssl-fips in -fips subpackages
6.2p2-6.1 + 0.9.3-5
2013-08-29 09:32:04 +02:00
Petr Lautrbach
f4e927b62d 6.2p2-6 + 0.9.3-5 2013-08-28 21:28:04 +02:00
Petr Lautrbach
227f4f7628 add -fips subpackages that contains the FIPS module files 2013-08-28 19:37:08 +02:00
Petr Lautrbach
631ffb2c5b 6.2p2-5 + 0.9.3-5 2013-08-01 09:50:41 +02:00
Petr Lautrbach
115aad3f92 6.2p2-4 + 0.9.3-5 2013-07-23 16:01:17 +02:00
Petr Lautrbach
17df27c668 don't show Success for EAI_SYSTEM (#985964) 2013-07-23 12:07:49 +02:00
Petr Lautrbach
2ee6810919 make sftp's libedit interface marginally multibyte aware (#841771) 2013-06-19 17:10:49 +02:00
Petr Lautrbach
66608a1ded 6.2p2-3 + 0.9.3-5 2013-06-17 17:30:04 +02:00
Petr Lautrbach
e99c4840f1 6.2p2-2 + 0.9.3-5 2013-05-21 18:38:15 +02:00
Petr Lautrbach
678b8081f1 add socket activated sshd units to the package (#963268) 2013-05-21 18:37:18 +02:00
Petr Lautrbach
21acbc4795 6.2p2-1 + 0.9.3-5 2013-05-20 09:31:57 +02:00
Petr Lautrbach
d48f1a7bde always use /sbin/nologin as privsep user's shell 2013-04-24 18:08:00 +02:00
Petr Lautrbach
a92d7445da 6.2p1-4 + 0.9.3-4 2013-04-17 17:12:32 +02:00
Petr Lautrbach
1d76d11f64 cleanup spec file and patches 2013-04-16 18:30:43 +02:00
Petr Lautrbach
c276d31b49 6.2p1-3 + 0.9.3-4 2013-04-16 18:15:20 +02:00
Petr Lautrbach
894ab5eaaf add latest config.{sub,guess} to support aarch64 (#926284) 2013-04-16 18:12:15 +02:00
Petr Lautrbach
1042786f58 6.2p1-2 + 0.9.3-4 2013-04-09 23:25:17 +02:00
Petr Lautrbach
fcef7f6231 keep track of which IndentityFile options were manually supplied and which were default options, and don't warn if the latter are missing. (mindrot#2084) 2013-04-09 23:22:42 +02:00
Petr Lautrbach
b6f89abe5c 6.2p1-1 + 0.9.3-4 2013-04-09 00:07:04 +02:00
Petr Lautrbach
d3d59da0b5 merge all -audit* patches together 2013-04-08 17:17:10 +02:00
Petr Lautrbach
8d97022c57 build regress/modpipe tests with $(CFLAGS) 2013-04-04 16:50:06 +02:00
Petr Lautrbach
8a29dedfa7 rebase to openssh-6.2p1 (#924727)
ACSS was removed from upstream sources
2013-04-04 16:49:30 +02:00
Petr Lautrbach
1b95bc38df 6.1p1-7 + 0.9.3-3 2013-03-06 10:41:50 +01:00
Petr Lautrbach
2a7883d153 6.1p1-6 + 0.9.3-3 2013-02-14 18:08:21 +01:00
Petr Lautrbach
d2b3b9a27e pam_ssh_agent_auth - change paths from %{_lib} to %{_libdir} 2013-02-12 09:42:54 +01:00
Petr Lautrbach
19725a9954 fix bogus day names in changelog dates 2013-02-08 15:44:40 +01:00
Petr Lautrbach
cab7f53408 6.1p1-5 + 0.9.3-3 2013-02-08 14:56:47 +01:00
Petr Lautrbach
5bc906c19a change default value of MaxStartups - CVE-2010-5107 - #908707 2013-02-08 14:32:20 +01:00
Petr Lautrbach
87391b7d01 add BuildRequires: perl-podlators 2013-02-07 14:21:38 +01:00
Petr Lautrbach
7642de98e4 6.1p1-4 + 0.9.3-3 2012-12-03 17:16:39 +01:00
Petr Lautrbach
790103e764 6.1p1-3 + 0.9.3-3 2012-12-03 10:29:07 +01:00
Petr Lautrbach
fe661c5cbb obsolete RequiredAuthentications[12] options 2012-11-30 21:40:22 +01:00
Petr Lautrbach
5039c7c85d reformat several patches after openssh-6.1p1-authenticationmethods.patch 2012-11-30 16:25:51 +01:00
Petr Lautrbach
bffd1c2234 replace RequiredAuthentications2 with AuthenticationMethods according to upstream
the upstream refused original patch with RequiredAuthentications2, but they came with their own implementation of required authentications,
see https://bugzilla.mindrot.org/show_bug.cgi?id=983. The new method is more robust and flexible
it will be included in next openssh-6.2 release
2012-11-30 16:23:29 +01:00
Petr Lautrbach
ab30b92bd6 fix the man moduli page (#841065) 2012-11-06 09:59:17 +01:00
bach
f7f8b483b0 adapt openssh-6.1p1-akc.patch to the upstream version - https://bugzilla.mindrot.org/show_bug.cgi?id=1663 2012-11-05 14:43:22 +01:00
Petr Lautrbach
52c8eca4d9 fix gssapi canohost patch (#863350) 2012-10-30 11:06:45 +01:00
Petr Lautrbach
af2ebf77dc 6.1p1-2 + 0.9.3-3 2012-10-26 17:15:55 +02:00
Petr Lautrbach
afd52c4857 drop openssh-5.9p1-sftp-chroot.patch (#830237) 2012-10-26 17:04:25 +02:00
Petr Lautrbach
470ebd7abc add SELinux comment to /etc/ssh/sshd_config about SELinux command to modify port (#861400) 2012-10-26 16:34:55 +02:00
Petr Lautrbach
13cf2478d6 smartcard support is replaced with PKCS#11 support already in 5.4p1 https://bugzilla.mindrot.org/show_bug.cgi?id=1371 2012-10-26 15:42:59 +02:00
Petr Lautrbach
1a5c95ee57 drop required chkconfig (#865498) 2012-10-12 13:03:26 +02:00
Petr Lautrbach
d0630aa358 6.1p1-1 + 0.9.3-3 2012-09-15 13:48:14 +02:00
Petr Lautrbach
fd408ed2a5 to run tests use --with check 2012-09-15 13:48:13 +02:00
Petr Lautrbach
e58e548a57 don't use /bin and /sbin paths (#856590) 2012-09-15 13:48:13 +02:00
Petr Lautrbach
581bf30d07 don't use chroot_user_t for chrooted users (#830237) 2012-09-15 13:47:45 +02:00
Petr Lautrbach
9fe1afc163 rebase to openssh-6.1p1 (#852651) 2012-09-15 13:29:49 +02:00
Petr Lautrbach
51ca3be245 use DIR: kerberos cache type (#848228) 2012-09-15 13:28:23 +02:00
Petr Lautrbach
94943d59db replace scriptlets with systemd macros (#850249) 2012-09-15 13:28:01 +02:00
Petr Lautrbach
65ba94ef1a rebase to openssh-6.0p1
6.0p1-1 + 0.9.3-2
2012-08-06 21:33:33 +02:00
Petr Lautrbach
90e11f338c 5.9p1-26 + 0.9.3-1 2012-08-06 19:42:13 +02:00
Petr Lautrbach
5382ccbe9b handle crypt() returning NULL (#815993) 2012-08-06 09:08:52 +02:00
Petr Lautrbach
b648890ead 5.9p1-25 + 0.9.3-1 2012-07-27 14:35:43 +02:00
Tomas Mraz
e9620308c8 allow sha256 and sha512 hmacs in the FIPS mode 2012-07-17 21:03:59 +02:00
Tomas Mraz
4f4687ce80 fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent
is not running, most probably not exploitable
update pam_ssh_agent_auth to 0.9.3 upstream version
2012-06-22 14:52:35 +02:00