Timothée Ravier
a886069993
Use /usr/share/empty.ssh instead of /var/empty/sshd
...
This has the following advantages:
* Removes a dependency on a directory stored in /var
* /usr is mounted read only on ostree based systems (CoreOS, Silverblue)
This also removes the tmpfiles config.
Edit Jakub Jelen: Removed the version bump from PR
https://src.fedoraproject.org/rpms/openssh/pull-request/14
2021-01-22 12:57:36 +01:00
Jakub Jelen
1a45c5da8d
Remove openssh-cavs subpackage as it is no longer needed and broken anyway
...
The CAVS drivers were used for FIPS certification when OpenSSH used to
be a FIPS module. This is no longer the case and these leftovers
were left in place until they work. This is no longer the case either
so lets get rid of 1000 lines of patches.
2021-01-22 12:50:51 +01:00
Jakub Jelen
ee6f0fcc0a
Accept empty labels ( #1919007 )
2021-01-22 12:22:08 +01:00
Jakub Jelen
557f728956
Fix malformed patch
2020-12-01 11:43:46 +01:00
Jakub Jelen
258db094bd
8.4p1-4 + 0.10.4-1
2020-12-01 09:54:21 +01:00
Jakub Jelen
d8a80c8be6
Fix Obsoletes for openssh-ldap ( #1902084 )
2020-12-01 09:53:40 +01:00
Jakub Jelen
eced70a8bd
Remove PasswordAuthentication yes from shipped configuration as it is already default and it might be hard to override
2020-11-30 08:52:02 +01:00
Jakub Jelen
b6df6b3e29
List updated RFC
2020-11-26 11:48:54 +01:00
Jakub Jelen
126d278fec
8.4p1-3 + 0.10.4-1
2020-11-19 15:08:05 +01:00
Jakub Jelen
6a07699454
Compatibility with Debian's openssh-7.4p1 ( #1881301 )
...
This only version does incorrectly reports server_sig_algorithms
extension and in Fedora 33 with disabled SHA1, clients are unable
to connect to Debian servers
2020-11-19 15:08:05 +01:00
Jakub Jelen
bbe3c2e156
Fix missing syscall in sandbox on arm ( #1897712 )
2020-11-19 15:08:02 +01:00
Jakub Jelen
a048fcc3d0
8.4p1-2 + 0.10.4-1
2020-10-06 10:01:41 +02:00
Jakub Jelen
914eb2d891
Drop misleading comment about crypto policies
2020-10-06 10:01:41 +02:00
Jakub Jelen
62e762b7d5
ssh-copy-id compatibility with ksh
2020-10-06 10:01:41 +02:00
Jakub Jelen
dc5e3131ec
Unbreak ssh-copy-id ( #1884231 )
2020-10-06 10:01:23 +02:00
Jakub Jelen
7b064ea363
Add missing changelog
2020-09-29 16:10:09 +02:00
Jakub Jelen
527f79ee8c
Remove the snap version, which is not used for build
2020-09-29 15:56:35 +02:00
Jakub Jelen
bd35168662
8.4p1-1 + 0.10.4-1
2020-09-29 14:53:14 +02:00
Jakub Jelen
3783a5da43
Rebase pam_ssh_agent_auth to 0.10.4
2020-09-29 14:53:14 +02:00
Jakub Jelen
9c88962b82
Improve crypto policies mention in manual pages ( #1881301 )
2020-09-29 14:53:06 +02:00
Jakub Jelen
7e9d046986
Remove support for building rescue CD
...
This is not used for close to 20 years and is broken at least from Fedora 31
2020-09-07 09:37:58 +02:00
Jakub Jelen
10cdecf4f1
8.3p1-4 + 0.10.3-10
2020-08-28 20:14:42 +02:00
Jakub Jelen
26c894b07f
Second iteration of sftp-server -m documentation ( #1862504 )
2020-08-28 20:14:42 +02:00
Jakub Jelen
44157573e5
Remove openssh-ldap subpackage
2020-08-21 09:40:42 +02:00
Jakub Jelen
4c85eb3d53
pkcs11: Do not crash with invalid paths in ssh-agent ( #1868996 )
2020-08-17 09:37:02 +02:00
Jakub Jelen
77aa771110
Clarify documentation about sftp-server -m ( #1862504 )
2020-08-12 15:09:02 +02:00
Jakub Jelen
68460c09bb
Use make macros
...
Based on https://src.fedoraproject.org/rpms/openssh/pull-request/11
https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
2020-07-31 15:33:21 +02:00
Jakub Jelen
dfeecfb1e8
Drop loading of anaconda configuration from sysconfig including scriptlet to migrate to include drop-in directory
2020-07-31 15:26:55 +02:00
Fedora Release Engineering
fccd87eb18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-28 12:48:46 +00:00
Jakub Jelen
996e25f2f9
8.3p1-3 + 0.10.3-10
2020-06-10 14:36:49 +02:00
Jakub Jelen
653d073710
Move sshd_config include before any other definitions ( #1824913 )
2020-06-10 14:36:37 +02:00
Jakub Jelen
ed59cb1783
Do not lose PIN when more slots match PKCS#11 URI ( #1843372 )
2020-06-10 14:36:27 +02:00
Jakub Jelen
868439f73a
Stop loading crypto policy for command line in service files
2020-06-10 14:35:23 +02:00
Jakub Jelen
8b7ddfb28b
Move included configuration files in order to allow applications to include their defaults
...
See more discussin in
https://src.fedoraproject.org/rpms/openssh/pull-request/9#
https://github.com/coreos/fedora-coreos-docs/pull/80#discussion_r434961161
2020-06-08 21:52:42 +02:00
Jakub Jelen
3bd5ced9ee
8.3p1-2 + 0.10.3-10
2020-06-01 13:51:43 +02:00
Jakub Jelen
7f87bd9cc9
Avoid crash on cleanup
2020-06-01 12:20:31 +02:00
Jakub Jelen
5cd9552fc4
8.3p1-1 + 0.10.3-10
2020-05-27 09:57:29 +02:00
Jakub Jelen
efd1b7e5c8
Unbreak corner cases of sshd_config include
2020-05-27 09:53:38 +02:00
Jakub Jelen
169fdb8814
Fix order of GSSAPI key exchange methods
2020-05-05 10:56:47 +02:00
Jakub Jelen
4e3553bf2a
openssh-8.2p1-3 + 0.10.3-9
2020-04-08 10:27:07 +02:00
Jakub Jelen
a848054c8a
Clarify crypto policies documentation in manual pages
...
* All the options that are affected by crypto policies will mention that + and -
work with built-in defaults and not the crypto-policies ones.
* The line mentioning crypto policies will be the first one in the option description.
2020-03-30 16:38:36 +02:00
Jakub Jelen
eb546ec1a7
Drop fipscheck dependency and non-standard fips checks
2020-03-30 16:38:36 +02:00
Jakub Jelen
02af5cfa17
Do not break X11 forwarding without IPv6
2020-03-30 16:38:36 +02:00
Jakub Jelen
1cc7c87af2
Enable SHA2-based GSSAPI key exchange algorithms by default ( #1666781 )
2020-03-30 16:38:36 +02:00
Jakub Jelen
fbd5f1bee2
Print FIPS mode initialized in debug mode after the configuration is processed
...
Amends ee9cb00
2020-03-30 16:38:36 +02:00
Jakub Jelen
57ba1bd853
Restore gssapi-canohost.patch ( #1749862 )
...
This is useful when connecting through proxyjump in combination with
GSSAPITrustDNS yes, because we can not get remote address of such socket.
https://src.fedoraproject.org/rpms/openssh/blob/f29/f/openssh-6.1p1-gssapi-canohost.patch
2020-03-30 16:38:36 +02:00
Jakub Jelen
3e611d91bb
Simplify references to crypto policies in configuration files ( #1812854 )
2020-03-30 14:19:17 +02:00
Jakub Jelen
b2417553a2
openssh-8.2p1-2 + 0.10.3-9
2020-02-20 10:34:01 +01:00
Jakub Jelen
82f9421fb4
Build properly with integrated u2f support ( #1803948 )
2020-02-20 10:32:48 +01:00
Jakub Jelen
51f5c1c99f
openssh-8.2p1-1 + 0.10.3-9
2020-02-17 14:34:41 +01:00