Jakub Jelen
0ebe96b604
Handle root logins the same way as other users ( #1269072 )
...
root users are unconfined by definition, but they can be limited by SELinux so having privilege separation still makes sense. As a consequence we can remove hunk that handled this condition if we skipped forking.
2015-10-22 14:52:55 +02:00
Jakub Jelen
22a08c3da4
Review SELinux user context handling after authentication ( #1269072 )
...
The previous required to have for all SELInux user contexts with setexec capability. Otherwise user would not be able to change password if it is expired. This patch sets correct context and cleans up the exec context.
When doing chroot, copy_selinux_context is called twice
2015-10-15 16:21:33 +02:00
Jakub Jelen
8395bb78d0
Increase size limit of glob structures in sftp
2015-09-30 15:27:08 +02:00
Jakub Jelen
a80c277795
openssh-7.1p1-3 + 0.9.2-8
2015-09-25 14:10:39 +02:00
Jakub Jelen
a01bd486f0
Fix obsolete usage of SELinux constants ( #1261496 )
2015-09-25 14:10:25 +02:00
Jakub Jelen
bf69b47630
Allow gss-keyex root login when without-password is set ( #2456 )
...
Reported upstream, but applicable also for our gss-keyex patch:
https://bugzilla.mindrot.org/show_bug.cgi?id=2456
2015-09-24 15:57:11 +02:00
Jakub Jelen
6bf47e3d35
Having no keys is not fatal in gssapi key exchange ( #1261414 )
2015-09-24 15:57:11 +02:00
Jakub Jelen
9a804fa266
Apply GSSAPI key exchange methods in client offered list ( #1261414 )
2015-09-24 15:57:11 +02:00
Jakub Jelen
c6ba7b1e09
Return back forgotten patch which prevent connection using GSSAPI key exchange ( #1261414 )
2015-09-24 15:57:11 +02:00
Jakub Jelen
812f08d95e
Provide full RELRO and PIE form askpass helper ( #1264036 )
2015-09-24 15:57:11 +02:00
Jakub Jelen
3e5d955bcb
Fix FIPS mode for DH kex ( #1260253 )
2015-09-11 11:32:37 +02:00
Jakub Jelen
98262158d8
openssh-7.1p1-2 + 0.9.2-8
2015-09-09 14:29:31 +02:00
Jakub Jelen
c4c52b0667
Fix warnings produced by gcc
...
related to
* ssh-keysign and fingerprint algorithms
* ssh and GSSAPI algorithms validation
2015-09-09 10:59:19 +02:00
Jakub Jelen
757fec581b
openssh-7.1p1-1 + 0.9.3-8
2015-08-22 22:22:48 +02:00
Jakub Jelen
ccd186847a
Add corresponding options for ssh1 configure
2015-08-22 22:22:48 +02:00
Jakub Jelen
c98f559725
HostKeyAlgorithms option on server is broken when using + sign
2015-08-22 22:22:48 +02:00
Jakub Jelen
ebdae84225
openssh-7.0p1-2 + 0.9.3-7
2015-08-19 13:49:45 +02:00
Jakub Jelen
18e54994fa
Fix typo in version string
2015-08-19 13:47:28 +02:00
Jakub Jelen
4df30a2a72
Possibility to validate legacy systems by more fingerprints ( #1249626 )
2015-08-19 13:43:36 +02:00
Jakub Jelen
bc4ef0f373
Add GSSAPIKexAlgorithms option for server and client application
2015-08-19 13:18:07 +02:00
Jakub Jelen
459bd27529
Fix problem with DSA keys using pam_ssh_agent_auth ( #1251777 )
2015-08-17 16:27:38 +02:00
Jakub Jelen
d0337fc530
Forgotten sources :(
2015-08-13 18:03:38 +02:00
Jakub Jelen
3f55133c24
openssh-7.0p1-1 + 6.9.3-7
...
New upstream release (#1252639 )
- allow root login in default config
Security: Use-after-free bug related to PAM support (#1252853 )
Security: Privilege separation weakness related to PAM support (#1252854 )
Security: Incorrectly set TTYs to be world-writable (#1252862 )
2015-08-13 17:44:41 +02:00
Jakub Jelen
2939c322fa
Create openssh-clients-ssh1 subpackage with tools for protocol SSHv1
2015-08-13 17:44:41 +02:00
Jakub Jelen
405790ef61
Fix pam_ssh_agent_auth after rebase ( #1251777 )
2015-08-11 17:58:03 +02:00
Jakub Jelen
1d50678457
Remove obsolete triggerruns for migration to systemd
...
- overlapping versions are not supported by current rpm
2015-07-28 13:08:55 +02:00
Jakub Jelen
6286d6a8e6
6.9p1-4 + 0.9.3-6
2015-07-28 11:24:35 +02:00
Jakub Jelen
67938e0c00
Handle terminal control characters in scp progressmeter ( #1247204 )
2015-07-28 11:23:51 +02:00
Jakub Jelen
83bfb1fce5
6.9p1-3 + 0.9.3-6
2015-07-23 11:12:19 +02:00
Jakub Jelen
c6d2eca7de
only query each keyboard-interactive device once ( #1245971 )
...
Upstream commit
https://anongit.mindrot.org/openssh.git/commit/?id=5b64f85bb811246c59ebab70aed331f26ba37b18
2015-07-23 11:06:12 +02:00
Jakub Jelen
ca62b6133e
6.9p1-2 + 0.9.3-6
2015-07-15 09:44:37 +02:00
Jakub Jelen
6e9574d7ec
Fix race condition with auditing messages answers ( #1242682 )
2015-07-15 08:35:18 +02:00
Jakub Jelen
a4d9cd5694
Patch name, formating
2015-07-08 12:24:34 +02:00
Jakub Jelen
58ba50440e
Allow building seccomp filters also for s390(x) architectures ( #1195065 )
2015-07-02 17:10:58 +02:00
Jakub Jelen
274e22c863
Forgotten sources
2015-07-01 17:54:29 +02:00
Jakub Jelen
187a349ee6
6.9p1-1 + 0.9.3-6
2015-07-01 15:51:20 +02:00
Jakub Jelen
5de6c89ff2
Correctly revert "PermitRootLogin no" option from upstream sources
2015-07-01 15:51:20 +02:00
Jakub Jelen
535d341e70
rebase to new upstream release 6.9
2015-07-01 15:51:01 +02:00
Jakub Jelen
21bee694ac
Increase limitation number of files which can be listed using glob in sftp
2015-06-25 16:10:55 +02:00
Jakub Jelen
f3002bfb7b
6.8p1-9 + 0.9.3-5
2015-06-24 10:49:08 +02:00
Jakub Jelen
252221e6a1
Allow socketcall(SYS_SHUTDOWN) for net_child on ix86 architecture
2015-06-24 10:48:38 +02:00
Dennis Gilmore
b59dd83265
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-18 00:06:18 +00:00
Jakub Jelen
5aa47ae6f4
6.8p1-8 + 0.9.3-5
2015-06-08 09:06:12 +02:00
Jakub Jelen
7fa5057af5
Return stat syscall to seccomp filter, since it is not yet completely legacy ( #1228323 )
...
* problems occured with gssapi, which is trying to touch some libraries
2015-06-08 09:04:48 +02:00
Jakub Jelen
f049b3b1ad
6.8p1-7 + 0.9.3-5
2015-06-03 07:54:20 +02:00
Jakub Jelen
73d45fa321
Correct handle pam_ssh_agent_auth memory, buffers and variable sizes, which caused segfaults ( #1225106 )
2015-06-02 18:56:57 +02:00
Jakub Jelen
8a10dcb363
6.8p1-6 + 0.9.3-5
2015-05-28 14:02:26 +02:00
Jakub Jelen
09ca6ef2e6
Provide LDIF version of LPK schema
2015-05-28 13:51:58 +02:00
Jakub Jelen
474a38f916
Document required selinux boolean for working ssh-ldap-helper
2015-05-28 13:48:02 +02:00
Jakub Jelen
df3679f973
Add missing configuration values to ssh man page
2015-05-28 13:43:22 +02:00