Commit Graph

1142 Commits

Author SHA1 Message Date
Jakub Jelen
914eb2d891 Drop misleading comment about crypto policies 2020-10-06 10:01:41 +02:00
Jakub Jelen
62e762b7d5 ssh-copy-id compatibility with ksh 2020-10-06 10:01:41 +02:00
Jakub Jelen
dc5e3131ec Unbreak ssh-copy-id (#1884231) 2020-10-06 10:01:23 +02:00
Jakub Jelen
7b064ea363 Add missing changelog 2020-09-29 16:10:09 +02:00
Jakub Jelen
527f79ee8c Remove the snap version, which is not used for build 2020-09-29 15:56:35 +02:00
Jakub Jelen
bd35168662 8.4p1-1 + 0.10.4-1 2020-09-29 14:53:14 +02:00
Jakub Jelen
3783a5da43 Rebase pam_ssh_agent_auth to 0.10.4 2020-09-29 14:53:14 +02:00
Jakub Jelen
9c88962b82 Improve crypto policies mention in manual pages (#1881301) 2020-09-29 14:53:06 +02:00
Jakub Jelen
7e9d046986 Remove support for building rescue CD
This is not used for close to 20 years and is broken at least from Fedora 31
2020-09-07 09:37:58 +02:00
Jakub Jelen
10cdecf4f1 8.3p1-4 + 0.10.3-10 2020-08-28 20:14:42 +02:00
Jakub Jelen
26c894b07f Second iteration of sftp-server -m documentation (#1862504) 2020-08-28 20:14:42 +02:00
Jakub Jelen
44157573e5 Remove openssh-ldap subpackage 2020-08-21 09:40:42 +02:00
Jakub Jelen
4c85eb3d53 pkcs11: Do not crash with invalid paths in ssh-agent (#1868996) 2020-08-17 09:37:02 +02:00
Jakub Jelen
77aa771110 Clarify documentation about sftp-server -m (#1862504) 2020-08-12 15:09:02 +02:00
Jakub Jelen
68460c09bb Use make macros
Based on https://src.fedoraproject.org/rpms/openssh/pull-request/11

https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
2020-07-31 15:33:21 +02:00
Jakub Jelen
dfeecfb1e8 Drop loading of anaconda configuration from sysconfig including scriptlet to migrate to include drop-in directory 2020-07-31 15:26:55 +02:00
Fedora Release Engineering
fccd87eb18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-28 12:48:46 +00:00
Jakub Jelen
996e25f2f9 8.3p1-3 + 0.10.3-10 2020-06-10 14:36:49 +02:00
Jakub Jelen
653d073710 Move sshd_config include before any other definitions (#1824913) 2020-06-10 14:36:37 +02:00
Jakub Jelen
ed59cb1783 Do not lose PIN when more slots match PKCS#11 URI (#1843372) 2020-06-10 14:36:27 +02:00
Jakub Jelen
868439f73a Stop loading crypto policy for command line in service files 2020-06-10 14:35:23 +02:00
Jakub Jelen
8b7ddfb28b Move included configuration files in order to allow applications to include their defaults
See more discussin in

https://src.fedoraproject.org/rpms/openssh/pull-request/9#

https://github.com/coreos/fedora-coreos-docs/pull/80#discussion_r434961161
2020-06-08 21:52:42 +02:00
Jakub Jelen
3bd5ced9ee 8.3p1-2 + 0.10.3-10 2020-06-01 13:51:43 +02:00
Jakub Jelen
7f87bd9cc9 Avoid crash on cleanup 2020-06-01 12:20:31 +02:00
Jakub Jelen
5cd9552fc4 8.3p1-1 + 0.10.3-10 2020-05-27 09:57:29 +02:00
Jakub Jelen
efd1b7e5c8 Unbreak corner cases of sshd_config include 2020-05-27 09:53:38 +02:00
Jakub Jelen
169fdb8814 Fix order of GSSAPI key exchange methods 2020-05-05 10:56:47 +02:00
Jakub Jelen
4e3553bf2a openssh-8.2p1-3 + 0.10.3-9 2020-04-08 10:27:07 +02:00
Jakub Jelen
a848054c8a Clarify crypto policies documentation in manual pages
* All the options that are affected by crypto policies will mention that + and -
       work with built-in defaults and not the crypto-policies ones.
     * The line mentioning crypto policies will be the first one in the option description.
2020-03-30 16:38:36 +02:00
Jakub Jelen
eb546ec1a7 Drop fipscheck dependency and non-standard fips checks 2020-03-30 16:38:36 +02:00
Jakub Jelen
02af5cfa17 Do not break X11 forwarding without IPv6 2020-03-30 16:38:36 +02:00
Jakub Jelen
1cc7c87af2 Enable SHA2-based GSSAPI key exchange algorithms by default (#1666781) 2020-03-30 16:38:36 +02:00
Jakub Jelen
fbd5f1bee2 Print FIPS mode initialized in debug mode after the configuration is processed
Amends ee9cb00
2020-03-30 16:38:36 +02:00
Jakub Jelen
57ba1bd853 Restore gssapi-canohost.patch (#1749862)
This is useful when connecting through proxyjump in combination with
GSSAPITrustDNS yes, because we can not get remote address of such socket.

https://src.fedoraproject.org/rpms/openssh/blob/f29/f/openssh-6.1p1-gssapi-canohost.patch
2020-03-30 16:38:36 +02:00
Jakub Jelen
3e611d91bb Simplify references to crypto policies in configuration files (#1812854) 2020-03-30 14:19:17 +02:00
Jakub Jelen
b2417553a2 openssh-8.2p1-2 + 0.10.3-9 2020-02-20 10:34:01 +01:00
Jakub Jelen
82f9421fb4 Build properly with integrated u2f support (#1803948) 2020-02-20 10:32:48 +01:00
Jakub Jelen
51f5c1c99f openssh-8.2p1-1 + 0.10.3-9 2020-02-17 14:34:41 +01:00
Jakub Jelen
ee9cb005b3 Do not write information about FIPS mode to stderr (#1778224) 2020-02-17 14:34:04 +01:00
Jakub Jelen
2b86acd332 Correctly report invalid key permissions (#1801459) 2020-02-17 14:28:10 +01:00
Jakub Jelen
a2cffc6e9b openssh-8.1p1-4 + 0.10.3-8 2020-02-03 00:51:53 +01:00
Jakub Jelen
7f46693182 Unbreak seccomp filter on ARM (#1796267) 2020-02-03 00:50:34 +01:00
Fedora Release Engineering
657d132847 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-29 20:24:49 +00:00
Jakub Jelen
62361a761c openssh-8.1p1-3 + 0.10.3-8 2019-11-27 11:16:26 +01:00
Jakub Jelen
c28decf412 Unbreak the seccomp filter also on ARM (#1777054) 2019-11-27 11:15:00 +01:00
Jakub Jelen
7254607b91 Do not extensively modify sshd_config -- DSA keys are not loaded for some time already 2019-11-19 13:16:28 +01:00
Jakub Jelen
d26b44fe7f openssh-8.1p1-2 + 0.10.3-8 2019-11-14 09:24:36 +01:00
Jakub Jelen
6a2fce44b5 Unbreak seccomp filter with latest glibc (#1771946) 2019-11-14 09:18:41 +01:00
Jakub Jelen
36fef5669a openssh-8.1p1-1 + 0.10.3-8 2019-10-09 10:24:21 +02:00
Jakub Jelen
5eb2d51328 Add missing hostkey certificate algorithms to the FIPS list 2019-07-26 09:27:52 +02:00