Commit Graph

604 Commits

Author SHA1 Message Date
Petr Lautrbach
140e5ca05d add new option GSSAPIEnablek5users and disable using ~/.k5users by default
CVE-2014-9278 (#1170745)
2015-01-14 17:10:40 +01:00
Jakub Jelen
9080a85b54 Update vendor-patchlevel string 2015-01-14 16:55:27 +01:00
Jakub Jelen
f92cd01d62 Update ldap extension to resolve #981058 2015-01-14 16:52:03 +01:00
Jakub Jelen
e581af0a84 Add missing documentation link to systemd service files (RHBZ#1181593) 2015-01-14 16:51:44 +01:00
Jakub Jelen
b9d68e7db4 Fix config parser for ip:port values (#1130733) 2015-01-14 16:48:32 +01:00
Jakub Jelen
fd06d69c6a Fix confusing error message in scp (#1142223) 2015-01-14 16:46:23 +01:00
Petr Lautrbach
62986c5e87 6.6.1p1-10 + 0.9.3-3 2014-12-19 10:24:59 +01:00
Petr Lautrbach
7a7b8f0984 log via monitor in chroots without /dev/log 2014-12-19 10:14:36 +01:00
Petr Lautrbach
720cf82ef2 record pfs= field in CRYPTO_SESSION audit event 2014-12-15 18:59:39 +01:00
Petr Lautrbach
cf5c1140f2 increase size of AUDIT_LOG_SIZE to 256 2014-12-11 14:21:42 +01:00
Petr Lautrbach
276c16ce71 6.6.1p1-9 + 0.9.3-3 2014-12-03 18:18:19 +01:00
Petr Lautrbach
56a647f5e3 the .local domain example should be in ssh_config, not in sshd_config 2014-12-03 18:15:25 +01:00
Petr Lautrbach
08fe9e8e47 use different values for DH for Cisco servers (#1026430) 2014-12-03 17:10:47 +01:00
Petr Lautrbach
823364a11e 6.6.1p1-8 + 0.9.3-3 2014-11-13 22:21:52 +01:00
Petr Lautrbach
44f0ac8d08 fix several coverity issues Resolves: rhbz#1139794 2014-11-13 22:16:51 +01:00
Petr Lautrbach
57666dc3be fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request (#1118005) 2014-11-12 17:35:37 +01:00
Petr Lautrbach
a1e1ac2bfc 6.6.1p1-7 + 0.9.3-3 2014-11-07 12:53:03 +01:00
Petr Lautrbach
65a6cd2d8c correct the calculation of bytes for authctxt->krb5_ccname <ams@corefiling.com> (#1161073) 2014-11-07 12:52:06 +01:00
Petr Lautrbach
3b7c8620a1 6.6.1p1-6 + 0.9.3-3 2014-11-04 19:09:42 +01:00
Petr Lautrbach
5296a797aa privsep_preauth: use SELinux context from selinux-policy (#1008580) 2014-11-04 19:06:14 +01:00
Petr Lautrbach
414bfae1bc change audit trail
- do not use (invalid user)
- change acct for an unknown user "(unknown)"
- don't send login audit event in getpwnamallow()
2014-11-04 18:56:47 +01:00
Petr Lautrbach
30c06a07fb fix kuserok patch which checked for the existence of .k5login unconditionally and hence prevented other mechanisms to be used properly 2014-10-24 23:50:58 +02:00
Petr Lautrbach
1ba984dcf2 revert the default of KerberosUseKuserok back to yes (#1153076) 2014-10-24 23:50:09 +02:00
Petr Lautrbach
0f0e055d6a Ignore SIGXFSZ in postauth monitor
https://bugzilla.mindrot.org/show_bug.cgi?id=2263
2014-09-29 08:37:05 +02:00
Petr Lautrbach
4b24967a9c fix parsing of empty arguments in sshd_conf
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
2014-09-25 11:45:47 +02:00
Stanislav Zidek
c8fc193f3d sshd-keygen - don't generate DSA and ED25519 host keys in FIPS mode 2014-09-23 12:29:25 +02:00
Petr Lautrbach
afde9f8153 6.6.1p1-5 + 0.9.3-3 2014-09-08 10:35:57 +02:00
Petr Lautrbach
ce2d80b4e7 don't consider a partial success as a failure 2014-09-04 16:33:25 +02:00
Petr Lautrbach
163064841f apply RFC3454 stringprep to banners when possible
https://bugzilla.mindrot.org/show_bug.cgi?id=2058
2014-09-04 16:12:11 +02:00
Petr Lautrbach
c16b7033ca change the rsa key generation error message due to FIPS restrictions in openssl 2014-09-02 15:41:51 +02:00
Petr Lautrbach
0a3f4e122d set a client's address right after a connection is set
http://bugzilla.mindrot.org/show_bug.cgi?id=2257
2014-09-02 10:49:31 +02:00
Peter Robinson
662c5a05b3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 14:08:07 +00:00
Tom Callaway
e336e33a32 fix license handling 2014-07-18 19:28:30 -04:00
Petr Lautrbach
8ff21c966a 6.6.1p1-3 + 0.9.3-2 2014-07-18 08:38:51 +02:00
Petr Lautrbach
817071dc4d standardise on NI_MAXHOST for gethostname() string lengths (#1051490) 2014-07-17 14:28:16 +02:00
Petr Lautrbach
cef0d582b6 6.6.1p1-2 + 0.9.3-2 2014-07-14 12:35:16 +02:00
Petr Lautrbach
d8b90ac6f8 minor spec file cleanup 2014-07-09 21:40:06 +02:00
Petr Lautrbach
8028159313 fix and rebase fips patch to 6.6.1p1 2014-07-09 21:16:53 +02:00
Petr Lautrbach
9f526c6f31 cleanup and remove FIPS code from audit patch 2014-07-09 21:08:53 +02:00
Petr Lautrbach
5160c9c8f3 rebase audit patch for 6.6.1p1 2014-07-08 17:42:18 +02:00
Stef Walter
26621fa3b8 Add pam_reauthorize.so to sshd.pam (#1115977) 2014-07-08 12:46:52 +02:00
Petr Lautrbach
86f29c353e bring back openssh-5.5p1-x11.patch 2014-07-03 16:42:56 +02:00
Petr Lautrbach
5fcfcac428 drop openssh-5.8p2-remove-stale-control-socket.patch 2014-07-03 16:23:00 +02:00
Petr Lautrbach
8b5feef2c8 bring back the openssh-5.8p2-sigpipe.patch 2014-07-03 16:14:38 +02:00
Dennis Gilmore
d1b0938acc - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 12:01:42 -05:00
Petr Lautrbach
7463b66c25 add missing patches and remove unused patches 2014-06-04 10:26:58 +02:00
Petr Lautrbach
3e1dd6c5fd add forgotten openssh-6.6p1-gsskex.patch 2014-06-04 10:17:31 +02:00
Petr Lautrbach
5cde9cd3f2 6.6.1p1-1 + 0.9.3-2 2014-06-03 17:52:36 +02:00
Petr Lautrbach
d1c2eb285e slightly change systemd units logic - use sshd-keygen.service (#1066615) 2014-06-03 17:47:56 +02:00
Petr Lautrbach
fb6f390a78 drop openssh-server-sysvinit subpackage 2014-06-03 17:42:49 +02:00