Commit Graph

1204 Commits

Author SHA1 Message Date
Timothée Ravier
a886069993 Use /usr/share/empty.ssh instead of /var/empty/sshd
This has the following advantages:
  * Removes a dependency on a directory stored in /var
  * /usr is mounted read only on ostree based systems (CoreOS, Silverblue)

This also removes the tmpfiles config.

Edit Jakub Jelen: Removed the version bump from PR

https://src.fedoraproject.org/rpms/openssh/pull-request/14
2021-01-22 12:57:36 +01:00
Jakub Jelen
1a45c5da8d Remove openssh-cavs subpackage as it is no longer needed and broken anyway
The CAVS drivers were used for FIPS certification when OpenSSH used to
be a FIPS module. This is no longer the case and these leftovers
were left in place until they work. This is no longer the case either
so lets get rid of 1000 lines of patches.
2021-01-22 12:50:51 +01:00
Jakub Jelen
ee6f0fcc0a Accept empty labels (#1919007) 2021-01-22 12:22:08 +01:00
Jakub Jelen
557f728956 Fix malformed patch 2020-12-01 11:43:46 +01:00
Jakub Jelen
258db094bd 8.4p1-4 + 0.10.4-1 2020-12-01 09:54:21 +01:00
Jakub Jelen
d8a80c8be6 Fix Obsoletes for openssh-ldap (#1902084) 2020-12-01 09:53:40 +01:00
Jakub Jelen
eced70a8bd Remove PasswordAuthentication yes from shipped configuration as it is already default and it might be hard to override 2020-11-30 08:52:02 +01:00
Jakub Jelen
b6df6b3e29 List updated RFC 2020-11-26 11:48:54 +01:00
Jakub Jelen
126d278fec 8.4p1-3 + 0.10.4-1 2020-11-19 15:08:05 +01:00
Jakub Jelen
6a07699454 Compatibility with Debian's openssh-7.4p1 (#1881301)
This only version does incorrectly reports server_sig_algorithms
extension and in Fedora 33 with disabled SHA1, clients are unable
to connect to Debian servers
2020-11-19 15:08:05 +01:00
Jakub Jelen
bbe3c2e156 Fix missing syscall in sandbox on arm (#1897712) 2020-11-19 15:08:02 +01:00
Jakub Jelen
a048fcc3d0 8.4p1-2 + 0.10.4-1 2020-10-06 10:01:41 +02:00
Jakub Jelen
914eb2d891 Drop misleading comment about crypto policies 2020-10-06 10:01:41 +02:00
Jakub Jelen
62e762b7d5 ssh-copy-id compatibility with ksh 2020-10-06 10:01:41 +02:00
Jakub Jelen
dc5e3131ec Unbreak ssh-copy-id (#1884231) 2020-10-06 10:01:23 +02:00
Jakub Jelen
7b064ea363 Add missing changelog 2020-09-29 16:10:09 +02:00
Jakub Jelen
527f79ee8c Remove the snap version, which is not used for build 2020-09-29 15:56:35 +02:00
Jakub Jelen
bd35168662 8.4p1-1 + 0.10.4-1 2020-09-29 14:53:14 +02:00
Jakub Jelen
3783a5da43 Rebase pam_ssh_agent_auth to 0.10.4 2020-09-29 14:53:14 +02:00
Jakub Jelen
9c88962b82 Improve crypto policies mention in manual pages (#1881301) 2020-09-29 14:53:06 +02:00
Jakub Jelen
7e9d046986 Remove support for building rescue CD
This is not used for close to 20 years and is broken at least from Fedora 31
2020-09-07 09:37:58 +02:00
Jakub Jelen
10cdecf4f1 8.3p1-4 + 0.10.3-10 2020-08-28 20:14:42 +02:00
Jakub Jelen
26c894b07f Second iteration of sftp-server -m documentation (#1862504) 2020-08-28 20:14:42 +02:00
Jakub Jelen
44157573e5 Remove openssh-ldap subpackage 2020-08-21 09:40:42 +02:00
Jakub Jelen
4c85eb3d53 pkcs11: Do not crash with invalid paths in ssh-agent (#1868996) 2020-08-17 09:37:02 +02:00
Jakub Jelen
77aa771110 Clarify documentation about sftp-server -m (#1862504) 2020-08-12 15:09:02 +02:00
Jakub Jelen
68460c09bb Use make macros
Based on https://src.fedoraproject.org/rpms/openssh/pull-request/11

https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
2020-07-31 15:33:21 +02:00
Jakub Jelen
dfeecfb1e8 Drop loading of anaconda configuration from sysconfig including scriptlet to migrate to include drop-in directory 2020-07-31 15:26:55 +02:00
Fedora Release Engineering
fccd87eb18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-28 12:48:46 +00:00
Jakub Jelen
996e25f2f9 8.3p1-3 + 0.10.3-10 2020-06-10 14:36:49 +02:00
Jakub Jelen
653d073710 Move sshd_config include before any other definitions (#1824913) 2020-06-10 14:36:37 +02:00
Jakub Jelen
ed59cb1783 Do not lose PIN when more slots match PKCS#11 URI (#1843372) 2020-06-10 14:36:27 +02:00
Jakub Jelen
868439f73a Stop loading crypto policy for command line in service files 2020-06-10 14:35:23 +02:00
Jakub Jelen
8b7ddfb28b Move included configuration files in order to allow applications to include their defaults
See more discussin in

https://src.fedoraproject.org/rpms/openssh/pull-request/9#

https://github.com/coreos/fedora-coreos-docs/pull/80#discussion_r434961161
2020-06-08 21:52:42 +02:00
Jakub Jelen
3bd5ced9ee 8.3p1-2 + 0.10.3-10 2020-06-01 13:51:43 +02:00
Jakub Jelen
7f87bd9cc9 Avoid crash on cleanup 2020-06-01 12:20:31 +02:00
Jakub Jelen
5cd9552fc4 8.3p1-1 + 0.10.3-10 2020-05-27 09:57:29 +02:00
Jakub Jelen
efd1b7e5c8 Unbreak corner cases of sshd_config include 2020-05-27 09:53:38 +02:00
Jakub Jelen
169fdb8814 Fix order of GSSAPI key exchange methods 2020-05-05 10:56:47 +02:00
Jakub Jelen
4e3553bf2a openssh-8.2p1-3 + 0.10.3-9 2020-04-08 10:27:07 +02:00
Jakub Jelen
a848054c8a Clarify crypto policies documentation in manual pages
* All the options that are affected by crypto policies will mention that + and -
       work with built-in defaults and not the crypto-policies ones.
     * The line mentioning crypto policies will be the first one in the option description.
2020-03-30 16:38:36 +02:00
Jakub Jelen
eb546ec1a7 Drop fipscheck dependency and non-standard fips checks 2020-03-30 16:38:36 +02:00
Jakub Jelen
02af5cfa17 Do not break X11 forwarding without IPv6 2020-03-30 16:38:36 +02:00
Jakub Jelen
1cc7c87af2 Enable SHA2-based GSSAPI key exchange algorithms by default (#1666781) 2020-03-30 16:38:36 +02:00
Jakub Jelen
fbd5f1bee2 Print FIPS mode initialized in debug mode after the configuration is processed
Amends ee9cb00
2020-03-30 16:38:36 +02:00
Jakub Jelen
57ba1bd853 Restore gssapi-canohost.patch (#1749862)
This is useful when connecting through proxyjump in combination with
GSSAPITrustDNS yes, because we can not get remote address of such socket.

https://src.fedoraproject.org/rpms/openssh/blob/f29/f/openssh-6.1p1-gssapi-canohost.patch
2020-03-30 16:38:36 +02:00
Jakub Jelen
3e611d91bb Simplify references to crypto policies in configuration files (#1812854) 2020-03-30 14:19:17 +02:00
Jakub Jelen
b2417553a2 openssh-8.2p1-2 + 0.10.3-9 2020-02-20 10:34:01 +01:00
Jakub Jelen
82f9421fb4 Build properly with integrated u2f support (#1803948) 2020-02-20 10:32:48 +01:00
Jakub Jelen
51f5c1c99f openssh-8.2p1-1 + 0.10.3-9 2020-02-17 14:34:41 +01:00