Commit Graph

987 Commits

Author SHA1 Message Date
Jakub Jelen
40d2a04909 CVE-2018-20685 (#1665786) 2019-01-14 11:05:35 +01:00
Jakub Jelen
322896958a Backport several fixes from 7_9 branch (#1665611) 2019-01-14 11:05:35 +01:00
Jakub Jelen
661c7c0582 gsskex: Dump correct option 2018-11-26 12:50:16 +01:00
Jakub Jelen
d6cc5f4740 Backport Match final so the crypto-policies do not break canonicalization (#1630166) 2018-11-26 10:16:35 +01:00
Jakub Jelen
a4c0a26cd4 openssh-7.9p1-2 + 0.10.3-6 2018-11-14 09:57:17 +01:00
Jakub Jelen
57e280d1f4 Allow to disable RSA signatures with SHA-1 2018-11-14 09:54:54 +01:00
Jakub Jelen
3ae9c1b0c1 Dump missing GSS options from client configuration 2018-11-14 09:44:48 +01:00
Jakub Jelen
03264b16f7 Reference the correct file in configuration file (#1643274) 2018-10-26 14:03:00 +02:00
Jakub Jelen
0b6cc18df0 Avoid segfault on kerberos authentication failure 2018-10-26 14:03:00 +02:00
Mattias Ellert
be6a344dcd Fix LDAP configure test (#1642414) 2018-10-26 14:03:00 +02:00
Jakub Jelen
9f2c8b948c openssh-7.9p1-1 + 0.10.3-6 2018-10-19 11:46:02 +02:00
Jakub Jelen
e8876f1b1f Honor GSSAPIServerIdentity for GSSAPI Key Exchange (#1637167) 2018-10-19 11:41:34 +02:00
Jakub Jelen
6666c19414 Do not break gssapi-kex authentication method 2018-10-19 11:41:34 +02:00
Jakub Jelen
eaa7af2e41 rebase patches to openssh-7.9p1 2018-10-19 11:41:07 +02:00
Jakub Jelen
8089081fa9 Improve the naming of the new kerberos configuration option 2018-10-19 10:19:42 +02:00
Jakub Jelen
6c9d993869 Follow the system-wide PATH settings
https://fedoraproject.org/wiki/Features/SbinSanity
2018-10-03 11:00:12 +02:00
Jakub Jelen
f3715e62da auth-krb5: Avoid memory leaks and unread assignments 2018-09-25 16:34:19 +02:00
Jakub Jelen
97ee52c0a3 openssh-7.8p1-3 + 0.10.3-5 2018-09-24 15:25:57 +02:00
Jakub Jelen
8ebb9915a3 Cleanup specfile comments 2018-09-24 15:25:40 +02:00
Jakub Jelen
84d3ff9306 Do not let OpenSSH control our hardening flags 2018-09-21 17:22:35 +02:00
Jakub Jelen
e815fba204 Ignore unknown parts of PKCS#11 URI 2018-09-21 15:50:04 +02:00
Jakub Jelen
55520c5691 Fix sandbox for conditional gssapi authentication (#1580017)
Upstream:
https://bugzilla.mindrot.org/attachment.cgi?id=3168&action=diff
2018-09-21 09:50:45 +02:00
Jakub Jelen
178f3a4f56 Fix the cavs test and avoid it crashing (#1628962)
Patch from Stephan Mueller, adjusted by myselt
2018-09-14 16:53:24 +02:00
Jakub Jelen
8b9448c5ba openssh-7.8p1-2 + 0.10.3-5 2018-08-31 13:32:02 +02:00
Jakub Jelen
dba154f20c Unbreak gssapi rekeying (#1624344) 2018-08-31 13:26:44 +02:00
Jakub Jelen
90edc0cc1d Properly allocate buffer for gsskex (#1624323) 2018-08-31 13:26:44 +02:00
Jakub Jelen
9409715f65 Unbreak scp between two IPv6 hosts (#1620333) 2018-08-31 13:26:44 +02:00
Jakub Jelen
c60b555ac2 Address issues reported by coverity 2018-08-31 13:26:44 +02:00
Jakub Jelen
4c36c2a9ee Drop unused environment variable 2018-08-29 12:55:36 +02:00
Jakub Jelen
afaf23f6c3 Drop unused patch 2018-08-28 10:51:37 +02:00
Jakub Jelen
bbf61daf97 openssh-7.8p1-1 + 0.10.3-5
New upstream release including:
 * Dropping entropy patch
 * Remove default support for MD5 fingerprints
 * Porting all the downstream patches and pam_ssh_agent_auth
   to new sshbuf and sshkey API
 * pam_ssh_agent_auth is no longer using MD5 fingerprints
2018-08-24 23:16:24 +02:00
Jakub Jelen
01ba761e18 7.7p1-6 + 0.10.3-4 2018-08-09 14:14:18 +02:00
Jakub Jelen
44e2032a0a fips: Show real list of kex algoritms in FIPS 2018-08-08 10:18:27 +02:00
Jakub Jelen
951e3ca00b Allow aes-GCM modes in FIPS 2018-08-07 18:08:08 +02:00
Jakub Jelen
baff4a61a7 fixup the coverity fix 2018-08-07 18:07:36 +02:00
Jakub Jelen
009e39709f coverity: RESOURCE_LEAK (CWE-772) 2018-07-18 16:49:07 +02:00
Fedora Release Engineering
600d4011b5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 15:11:56 +00:00
Jakub Jelen
e1d855438b 7.7p1-5 + 0.10.3-4 2018-07-03 11:27:15 +02:00
Jakub Jelen
6c68d655b2 Disable manual reading of MOTD by default 2018-07-03 11:26:01 +02:00
Jakub Jelen
191bbb979e Drop the unused locks 2018-06-28 09:24:57 +02:00
Jakub Jelen
62f1736470 7.7p1-4 + 0.10.3-4 2018-06-27 14:09:27 +02:00
Jakub Jelen
1176788778 Improve kerberos credential cache handling (#1566494) 2018-06-27 13:40:48 +02:00
Stephen Gallagher
4ef6823ff4
Add pam_motd to the PAM stack
This will allow Cockpit to update /etc/motd.d/cockpit with
information informing the user of the location of the admin console
on the system if it is available.

Resolves: rhbz#1591381
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2018-06-14 11:28:51 -04:00
Jakub Jelen
04ca5e7b0b 7.7p1-3 + 0.10.3-4 2018-04-16 11:15:43 +02:00
Jakub Jelen
48cef7a0b8 Opening tun devices fails + other regressions in OpenSSH v7.7 fixed upstream 2018-04-16 11:15:37 +02:00
Jakub Jelen
836590e795 7.7p1-2 + 0.10.3-4 2018-04-12 10:35:14 +02:00
Jakub Jelen
ab24bd6608 Do not break quotes parsing in configuration file (#1566295) 2018-04-12 10:26:26 +02:00
Jakub Jelen
b0815ca514 7.7p1-1 + 0.10.3-4 2018-04-04 16:59:45 +02:00
Jakub Jelen
af10de8f01 Update to latest version of URI patch passing the new tests + rebase to 7.7 2018-04-04 16:59:45 +02:00
Jakub Jelen
273086d13a Need a p11-kit to allow default pkcs11 proxy 2018-04-04 16:59:45 +02:00