Jakub Jelen
d711f557f7
Log when a client requests an interactive session and only sftp is allowed
2019-02-06 17:18:30 +01:00
Jakub Jelen
e8524ac3f4
ssh-copy-id: Minor issues found by shellcheck
2019-02-06 17:18:30 +01:00
Jakub Jelen
8622e384ef
ssh-copy-id: Do not fail in case remote system is out of space
2019-02-06 17:18:30 +01:00
Jakub Jelen
ffb1787c07
Enclose redhat specific configuration with Match final block
...
This allows users to specify options in user configuration files overwriting
the defaults we propose without ovewriting them in the shipped configuration
file and without opting out from the crypto policy altogether.
Resolves: rhbz#1438326 rhbz#1630166
2019-02-06 17:18:30 +01:00
Fedora Release Engineering
4e5f61c2a0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-01 17:32:05 +00:00
Igor Gnatenko
7c726e0a13
Remove obsolete Group tag
...
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:24:24 +01:00
Björn Esser
018ac8d1d9
Rebuilt for libcrypt.so.2 ( #1666033 )
2019-01-14 19:11:16 +01:00
Jakub Jelen
311908c042
openssh-7.9p1-3 + 0.10.3-6
2019-01-14 15:39:08 +01:00
Jakub Jelen
1b0cc8ff3b
Correctly initialize ECDSA key structures from PKCS#11
2019-01-14 15:39:08 +01:00
Jakub Jelen
ba99e00fe8
tests: Do not expect /var/log/secure to be there
2019-01-14 15:39:08 +01:00
Jakub Jelen
40d2a04909
CVE-2018-20685 ( #1665786 )
2019-01-14 11:05:35 +01:00
Jakub Jelen
322896958a
Backport several fixes from 7_9 branch ( #1665611 )
2019-01-14 11:05:35 +01:00
Jakub Jelen
661c7c0582
gsskex: Dump correct option
2018-11-26 12:50:16 +01:00
Jakub Jelen
d6cc5f4740
Backport Match final so the crypto-policies do not break canonicalization ( #1630166 )
2018-11-26 10:16:35 +01:00
Jakub Jelen
a4c0a26cd4
openssh-7.9p1-2 + 0.10.3-6
2018-11-14 09:57:17 +01:00
Jakub Jelen
57e280d1f4
Allow to disable RSA signatures with SHA-1
2018-11-14 09:54:54 +01:00
Jakub Jelen
3ae9c1b0c1
Dump missing GSS options from client configuration
2018-11-14 09:44:48 +01:00
Jakub Jelen
03264b16f7
Reference the correct file in configuration file ( #1643274 )
2018-10-26 14:03:00 +02:00
Jakub Jelen
0b6cc18df0
Avoid segfault on kerberos authentication failure
2018-10-26 14:03:00 +02:00
Mattias Ellert
be6a344dcd
Fix LDAP configure test ( #1642414 )
2018-10-26 14:03:00 +02:00
Jakub Jelen
9f2c8b948c
openssh-7.9p1-1 + 0.10.3-6
2018-10-19 11:46:02 +02:00
Jakub Jelen
e8876f1b1f
Honor GSSAPIServerIdentity for GSSAPI Key Exchange ( #1637167 )
2018-10-19 11:41:34 +02:00
Jakub Jelen
6666c19414
Do not break gssapi-kex authentication method
2018-10-19 11:41:34 +02:00
Jakub Jelen
eaa7af2e41
rebase patches to openssh-7.9p1
2018-10-19 11:41:07 +02:00
Jakub Jelen
8089081fa9
Improve the naming of the new kerberos configuration option
2018-10-19 10:19:42 +02:00
Jakub Jelen
6c9d993869
Follow the system-wide PATH settings
...
https://fedoraproject.org/wiki/Features/SbinSanity
2018-10-03 11:00:12 +02:00
Jakub Jelen
f3715e62da
auth-krb5: Avoid memory leaks and unread assignments
2018-09-25 16:34:19 +02:00
Jakub Jelen
97ee52c0a3
openssh-7.8p1-3 + 0.10.3-5
2018-09-24 15:25:57 +02:00
Jakub Jelen
8ebb9915a3
Cleanup specfile comments
2018-09-24 15:25:40 +02:00
Jakub Jelen
84d3ff9306
Do not let OpenSSH control our hardening flags
2018-09-21 17:22:35 +02:00
Jakub Jelen
e815fba204
Ignore unknown parts of PKCS#11 URI
2018-09-21 15:50:04 +02:00
Jakub Jelen
55520c5691
Fix sandbox for conditional gssapi authentication ( #1580017 )
...
Upstream:
https://bugzilla.mindrot.org/attachment.cgi?id=3168&action=diff
2018-09-21 09:50:45 +02:00
Jakub Jelen
178f3a4f56
Fix the cavs test and avoid it crashing ( #1628962 )
...
Patch from Stephan Mueller, adjusted by myselt
2018-09-14 16:53:24 +02:00
Jakub Jelen
8b9448c5ba
openssh-7.8p1-2 + 0.10.3-5
2018-08-31 13:32:02 +02:00
Jakub Jelen
dba154f20c
Unbreak gssapi rekeying ( #1624344 )
2018-08-31 13:26:44 +02:00
Jakub Jelen
90edc0cc1d
Properly allocate buffer for gsskex ( #1624323 )
2018-08-31 13:26:44 +02:00
Jakub Jelen
9409715f65
Unbreak scp between two IPv6 hosts ( #1620333 )
2018-08-31 13:26:44 +02:00
Jakub Jelen
c60b555ac2
Address issues reported by coverity
2018-08-31 13:26:44 +02:00
Jakub Jelen
4c36c2a9ee
Drop unused environment variable
2018-08-29 12:55:36 +02:00
Jakub Jelen
afaf23f6c3
Drop unused patch
2018-08-28 10:51:37 +02:00
Jakub Jelen
bbf61daf97
openssh-7.8p1-1 + 0.10.3-5
...
New upstream release including:
* Dropping entropy patch
* Remove default support for MD5 fingerprints
* Porting all the downstream patches and pam_ssh_agent_auth
to new sshbuf and sshkey API
* pam_ssh_agent_auth is no longer using MD5 fingerprints
2018-08-24 23:16:24 +02:00
Jakub Jelen
01ba761e18
7.7p1-6 + 0.10.3-4
2018-08-09 14:14:18 +02:00
Jakub Jelen
44e2032a0a
fips: Show real list of kex algoritms in FIPS
2018-08-08 10:18:27 +02:00
Jakub Jelen
951e3ca00b
Allow aes-GCM modes in FIPS
2018-08-07 18:08:08 +02:00
Jakub Jelen
baff4a61a7
fixup the coverity fix
2018-08-07 18:07:36 +02:00
Jakub Jelen
009e39709f
coverity: RESOURCE_LEAK (CWE-772)
2018-07-18 16:49:07 +02:00
Fedora Release Engineering
600d4011b5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 15:11:56 +00:00
Jakub Jelen
e1d855438b
7.7p1-5 + 0.10.3-4
2018-07-03 11:27:15 +02:00
Jakub Jelen
6c68d655b2
Disable manual reading of MOTD by default
2018-07-03 11:26:01 +02:00
Jakub Jelen
191bbb979e
Drop the unused locks
2018-06-28 09:24:57 +02:00