Commit Graph

1095 Commits

Author SHA1 Message Date
Petr Lautrbach
cf5c1140f2 increase size of AUDIT_LOG_SIZE to 256 2014-12-11 14:21:42 +01:00
Petr Lautrbach
276c16ce71 6.6.1p1-9 + 0.9.3-3 2014-12-03 18:18:19 +01:00
Petr Lautrbach
56a647f5e3 the .local domain example should be in ssh_config, not in sshd_config 2014-12-03 18:15:25 +01:00
Petr Lautrbach
08fe9e8e47 use different values for DH for Cisco servers (#1026430) 2014-12-03 17:10:47 +01:00
Petr Lautrbach
823364a11e 6.6.1p1-8 + 0.9.3-3 2014-11-13 22:21:52 +01:00
Petr Lautrbach
44f0ac8d08 fix several coverity issues Resolves: rhbz#1139794 2014-11-13 22:16:51 +01:00
Petr Lautrbach
57666dc3be fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request (#1118005) 2014-11-12 17:35:37 +01:00
Petr Lautrbach
a1e1ac2bfc 6.6.1p1-7 + 0.9.3-3 2014-11-07 12:53:03 +01:00
Petr Lautrbach
65a6cd2d8c correct the calculation of bytes for authctxt->krb5_ccname <ams@corefiling.com> (#1161073) 2014-11-07 12:52:06 +01:00
Petr Lautrbach
3b7c8620a1 6.6.1p1-6 + 0.9.3-3 2014-11-04 19:09:42 +01:00
Petr Lautrbach
5296a797aa privsep_preauth: use SELinux context from selinux-policy (#1008580) 2014-11-04 19:06:14 +01:00
Petr Lautrbach
414bfae1bc change audit trail
- do not use (invalid user)
- change acct for an unknown user "(unknown)"
- don't send login audit event in getpwnamallow()
2014-11-04 18:56:47 +01:00
Petr Lautrbach
30c06a07fb fix kuserok patch which checked for the existence of .k5login unconditionally and hence prevented other mechanisms to be used properly 2014-10-24 23:50:58 +02:00
Petr Lautrbach
1ba984dcf2 revert the default of KerberosUseKuserok back to yes (#1153076) 2014-10-24 23:50:09 +02:00
Petr Lautrbach
0f0e055d6a Ignore SIGXFSZ in postauth monitor
https://bugzilla.mindrot.org/show_bug.cgi?id=2263
2014-09-29 08:37:05 +02:00
Petr Lautrbach
4b24967a9c fix parsing of empty arguments in sshd_conf
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
2014-09-25 11:45:47 +02:00
Stanislav Zidek
c8fc193f3d sshd-keygen - don't generate DSA and ED25519 host keys in FIPS mode 2014-09-23 12:29:25 +02:00
Petr Lautrbach
afde9f8153 6.6.1p1-5 + 0.9.3-3 2014-09-08 10:35:57 +02:00
Petr Lautrbach
ce2d80b4e7 don't consider a partial success as a failure 2014-09-04 16:33:25 +02:00
Petr Lautrbach
163064841f apply RFC3454 stringprep to banners when possible
https://bugzilla.mindrot.org/show_bug.cgi?id=2058
2014-09-04 16:12:11 +02:00
Petr Lautrbach
c16b7033ca change the rsa key generation error message due to FIPS restrictions in openssl 2014-09-02 15:41:51 +02:00
Petr Lautrbach
0a3f4e122d set a client's address right after a connection is set
http://bugzilla.mindrot.org/show_bug.cgi?id=2257
2014-09-02 10:49:31 +02:00
Peter Robinson
662c5a05b3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 14:08:07 +00:00
Tom Callaway
e336e33a32 fix license handling 2014-07-18 19:28:30 -04:00
Petr Lautrbach
8ff21c966a 6.6.1p1-3 + 0.9.3-2 2014-07-18 08:38:51 +02:00
Petr Lautrbach
817071dc4d standardise on NI_MAXHOST for gethostname() string lengths (#1051490) 2014-07-17 14:28:16 +02:00
Petr Lautrbach
cef0d582b6 6.6.1p1-2 + 0.9.3-2 2014-07-14 12:35:16 +02:00
Petr Lautrbach
d8b90ac6f8 minor spec file cleanup 2014-07-09 21:40:06 +02:00
Petr Lautrbach
8028159313 fix and rebase fips patch to 6.6.1p1 2014-07-09 21:16:53 +02:00
Petr Lautrbach
9f526c6f31 cleanup and remove FIPS code from audit patch 2014-07-09 21:08:53 +02:00
Petr Lautrbach
5160c9c8f3 rebase audit patch for 6.6.1p1 2014-07-08 17:42:18 +02:00
Stef Walter
26621fa3b8 Add pam_reauthorize.so to sshd.pam (#1115977) 2014-07-08 12:46:52 +02:00
Petr Lautrbach
86f29c353e bring back openssh-5.5p1-x11.patch 2014-07-03 16:42:56 +02:00
Petr Lautrbach
5fcfcac428 drop openssh-5.8p2-remove-stale-control-socket.patch 2014-07-03 16:23:00 +02:00
Petr Lautrbach
8b5feef2c8 bring back the openssh-5.8p2-sigpipe.patch 2014-07-03 16:14:38 +02:00
Dennis Gilmore
d1b0938acc - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 12:01:42 -05:00
Petr Lautrbach
7463b66c25 add missing patches and remove unused patches 2014-06-04 10:26:58 +02:00
Petr Lautrbach
3e1dd6c5fd add forgotten openssh-6.6p1-gsskex.patch 2014-06-04 10:17:31 +02:00
Petr Lautrbach
5cde9cd3f2 6.6.1p1-1 + 0.9.3-2 2014-06-03 17:52:36 +02:00
Petr Lautrbach
d1c2eb285e slightly change systemd units logic - use sshd-keygen.service (#1066615) 2014-06-03 17:47:56 +02:00
Petr Lautrbach
fb6f390a78 drop openssh-server-sysvinit subpackage 2014-06-03 17:42:49 +02:00
Petr Lautrbach
4253bf87ac add support for ED25519 keys to sshd-keygen and sshd.sysconfig 2014-06-03 17:41:32 +02:00
Petr Lautrbach
44fb3c6aeb OpenSSH 6.5 and 6.6 sometimes encode a value used in the
curve25519 key exchange incorrectly, causing connection failures
about 0.2% of the time when this method is used against a peer that
implements the method properly.

Fix the problem and disable the curve25519 KEX when speaking to
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
to enable the compatability code.

openssh-6.6.1p1
2014-06-03 17:18:36 +02:00
Petr Lautrbach
94c6f8ddcc rebase to openssh-6.6p1 2014-06-03 16:51:07 +02:00
Petr Lautrbach
d75575229f 6.4p1-4 + 0.9.3-1 2014-05-15 10:37:16 +02:00
Petr Lautrbach
8f8619e1e6 ignore environment variables with embedded '=' or '\0' characters (#1077843)
CVE-2014-2532
2014-05-15 10:24:04 +02:00
Petr Lautrbach
d271e02296 prevent a server from skipping SSHFP lookup (#1081338)
CVE-2014-2653
2014-05-15 10:23:46 +02:00
Petr Lautrbach
9a031d2641 try CLOCK_BOOTTIME with fallback (#1091992) 2014-05-14 17:30:43 +02:00
Petr Lautrbach
f3b39bb6cb don't clean up gssapi credentials by default (#1055016) 2014-02-26 17:08:07 +01:00
Petr Lautrbach
f9f83a00b5 make /etc/ssh/moduli file public (#1043661) 2014-02-26 15:54:02 +01:00