Jakub Jelen
eda4c070da
Drop unused unversioned Obsoletes and Provides, which are 5 or 10 years old now
2019-06-26 14:06:48 +02:00
Jakub Jelen
4bd6cfb874
Disable root password logins ( #1722928 )
2019-06-26 14:06:37 +02:00
Jakub Jelen
dad744a32b
openssh-8.0p1-4 + 0.10.3-7
2019-06-17 12:49:59 +02:00
Jakub Jelen
50e2b60d3f
Provide correct signature type for SHA2 certificates in agent
2019-06-17 12:40:12 +02:00
Jakub Jelen
56fdfa2a52
Use the new OpenSSL API to export PEM files to avoid dependency on MD5
2019-05-30 11:29:43 +02:00
Jakub Jelen
7f1ad371a4
openssh-8.0p1-3 + 0.10.3-7
2019-05-27 10:23:08 +02:00
Jakub Jelen
7a14283cba
Drop the problematic patch for updating pw structure after authentication
2019-05-23 15:34:17 +02:00
Jakub Jelen
53c9085316
openssh-8.0p1-2 + 0.10.3-7
2019-05-14 13:45:08 +02:00
Jakub Jelen
f726e51d86
Use OpenSSL KDF
...
Resolves: rhbz#1631761
2019-05-14 13:35:14 +02:00
Jakub Jelen
751cd9acc7
Use OpenSSL high-level API to produce and verify signatures
...
Resolves: rhbz#1707485
2019-05-14 13:32:04 +02:00
Jakub Jelen
6caa973459
Mention crypto-policies in the manual pages instead of the hardcoded defaults
...
Resolves: rhbz#1668325
2019-05-13 14:22:21 +02:00
Jakub Jelen
4feb6a973f
Verify SCP vulnerabilities are fixed in the package testsuite
2019-05-10 14:34:35 +02:00
Jakub Jelen
b33caef080
Drop unused patch
2019-05-07 13:45:34 +02:00
Jakub Jelen
def1debf2e
openssh-8.0p1-1 + 0.10.3-7
...
Resolves rhbz#1701072
2019-04-29 14:12:13 +02:00
Jakub Jelen
f51d092120
Remove unused parts of spec file
2019-03-27 13:20:32 +01:00
Jakub Jelen
91aa3d4921
openssh-7.9p1-5 + 0.10.3.6
2019-03-12 15:16:35 +01:00
Jakub Jelen
1341391c78
Update cached passwd structure after PAM authentication
2019-03-11 17:17:49 +01:00
Jakub Jelen
7295e97cd1
openssh-7.9p1-4 + 0.10.3.6
2019-02-06 17:19:52 +01:00
Jakub Jelen
d711f557f7
Log when a client requests an interactive session and only sftp is allowed
2019-02-06 17:18:30 +01:00
Jakub Jelen
e8524ac3f4
ssh-copy-id: Minor issues found by shellcheck
2019-02-06 17:18:30 +01:00
Jakub Jelen
8622e384ef
ssh-copy-id: Do not fail in case remote system is out of space
2019-02-06 17:18:30 +01:00
Fedora Release Engineering
4e5f61c2a0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-01 17:32:05 +00:00
Igor Gnatenko
7c726e0a13
Remove obsolete Group tag
...
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:24:24 +01:00
Björn Esser
018ac8d1d9
Rebuilt for libcrypt.so.2 ( #1666033 )
2019-01-14 19:11:16 +01:00
Jakub Jelen
311908c042
openssh-7.9p1-3 + 0.10.3-6
2019-01-14 15:39:08 +01:00
Jakub Jelen
40d2a04909
CVE-2018-20685 ( #1665786 )
2019-01-14 11:05:35 +01:00
Jakub Jelen
322896958a
Backport several fixes from 7_9 branch ( #1665611 )
2019-01-14 11:05:35 +01:00
Jakub Jelen
d6cc5f4740
Backport Match final so the crypto-policies do not break canonicalization ( #1630166 )
2018-11-26 10:16:35 +01:00
Jakub Jelen
a4c0a26cd4
openssh-7.9p1-2 + 0.10.3-6
2018-11-14 09:57:17 +01:00
Jakub Jelen
57e280d1f4
Allow to disable RSA signatures with SHA-1
2018-11-14 09:54:54 +01:00
Jakub Jelen
9f2c8b948c
openssh-7.9p1-1 + 0.10.3-6
2018-10-19 11:46:02 +02:00
Jakub Jelen
6666c19414
Do not break gssapi-kex authentication method
2018-10-19 11:41:34 +02:00
Jakub Jelen
eaa7af2e41
rebase patches to openssh-7.9p1
2018-10-19 11:41:07 +02:00
Jakub Jelen
6c9d993869
Follow the system-wide PATH settings
...
https://fedoraproject.org/wiki/Features/SbinSanity
2018-10-03 11:00:12 +02:00
Jakub Jelen
97ee52c0a3
openssh-7.8p1-3 + 0.10.3-5
2018-09-24 15:25:57 +02:00
Jakub Jelen
8ebb9915a3
Cleanup specfile comments
2018-09-24 15:25:40 +02:00
Jakub Jelen
84d3ff9306
Do not let OpenSSH control our hardening flags
2018-09-21 17:22:35 +02:00
Jakub Jelen
8b9448c5ba
openssh-7.8p1-2 + 0.10.3-5
2018-08-31 13:32:02 +02:00
Jakub Jelen
9409715f65
Unbreak scp between two IPv6 hosts ( #1620333 )
2018-08-31 13:26:44 +02:00
Jakub Jelen
afaf23f6c3
Drop unused patch
2018-08-28 10:51:37 +02:00
Jakub Jelen
bbf61daf97
openssh-7.8p1-1 + 0.10.3-5
...
New upstream release including:
* Dropping entropy patch
* Remove default support for MD5 fingerprints
* Porting all the downstream patches and pam_ssh_agent_auth
to new sshbuf and sshkey API
* pam_ssh_agent_auth is no longer using MD5 fingerprints
2018-08-24 23:16:24 +02:00
Jakub Jelen
01ba761e18
7.7p1-6 + 0.10.3-4
2018-08-09 14:14:18 +02:00
Jakub Jelen
44e2032a0a
fips: Show real list of kex algoritms in FIPS
2018-08-08 10:18:27 +02:00
Fedora Release Engineering
600d4011b5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 15:11:56 +00:00
Jakub Jelen
e1d855438b
7.7p1-5 + 0.10.3-4
2018-07-03 11:27:15 +02:00
Jakub Jelen
6c68d655b2
Disable manual reading of MOTD by default
2018-07-03 11:26:01 +02:00
Jakub Jelen
62f1736470
7.7p1-4 + 0.10.3-4
2018-06-27 14:09:27 +02:00
Jakub Jelen
1176788778
Improve kerberos credential cache handling ( #1566494 )
2018-06-27 13:40:48 +02:00
Jakub Jelen
04ca5e7b0b
7.7p1-3 + 0.10.3-4
2018-04-16 11:15:43 +02:00
Jakub Jelen
48cef7a0b8
Opening tun devices fails + other regressions in OpenSSH v7.7 fixed upstream
2018-04-16 11:15:37 +02:00
Jakub Jelen
836590e795
7.7p1-2 + 0.10.3-4
2018-04-12 10:35:14 +02:00
Jakub Jelen
b0815ca514
7.7p1-1 + 0.10.3-4
2018-04-04 16:59:45 +02:00
Jakub Jelen
273086d13a
Need a p11-kit to allow default pkcs11 proxy
2018-04-04 16:59:45 +02:00
Jakub Jelen
7e9748a2b5
PKCS#11: Support ECDSA keys and PKCS#11 URIs
...
Based on the patches in upstream bugzilla:
ECDSA:
https://bugzilla.mindrot.org/show_bug.cgi?id=2474
PKCS#11 URI:
https://bugzilla.mindrot.org/show_bug.cgi?id=2817
2018-04-04 16:56:59 +02:00
Jakub Jelen
3cd4899257
Rebase to latest OpenSSH 7.7p1 ( #1563223 )
2018-04-04 16:50:43 +02:00
Jakub Jelen
cbb6ca5123
openssh-7.6p1-7 + 0.10.3-3
2018-03-06 14:37:01 +01:00
Jakub Jelen
bd5b563008
Require crypto policies
2018-03-06 13:53:02 +01:00
Jakub Jelen
c2a9e41702
Recommend crypto policies also for a server
2018-02-19 12:10:48 +01:00
Jakub Jelen
07c951f665
Require gcc
...
https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot
2018-02-19 12:10:48 +01:00
Igor Gnatenko
a6b5c2c42d
Remove %clean section
...
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 08:27:35 +01:00
Igor Gnatenko
5f6f10859d
Remove BuildRoot definition
...
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-13 23:58:21 +01:00
Fedora Release Engineering
13efdb1d7f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-08 17:49:28 +00:00
Jakub Jelen
6a6c2bc3ab
We need systemd-devel for sdnotify()
2018-02-01 16:30:07 +01:00
Jakub Jelen
0780f33c5f
removal of systemd-units and conforming to packaging guidelines
...
Per announcement on fedora-devel:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/LLG4T53FW2BGVZLGLKNYTKPD5SQNBZ2Y/
2018-01-27 10:57:06 +01:00
Jakub Jelen
bb4b7b77fc
openssh-7.6p1-6 + 0.10.3-3
2018-01-26 16:26:50 +01:00
Florian Weimer
f61eaad2bd
Rebuild to work around gcc bug leading to sshd miscompilation ( #1538648 )
2018-01-25 16:48:03 +01:00
Björn Esser
427beb2f9e
Rebuilt for switch to libxcrypt
2018-01-20 23:07:25 +01:00
Jakub Jelen
38b67ad605
Avoid undefined TRUE/FALSE in ldap patch to build in rawhide
2018-01-17 10:50:05 +01:00
Jakub Jelen
4d97279349
openssh-7.6p1-5 + 0.10.3-3
2018-01-17 10:13:18 +01:00
Jakub Jelen
316553ade0
Remove TCP wrappers support ( #1530163 )
2018-01-16 15:06:23 +01:00
Jakub Jelen
871dc3ed3e
openssh-7.6p1-4 + 0.10.3-3
2017-12-14 10:23:37 +01:00
Jakub Jelen
1f2a7f3926
openssh-7.6p1-3 + 0.10.3-3
2017-12-11 11:54:38 +01:00
Jakub Jelen
eef660e534
7.6p1-2 + 0.10.3-3
2017-11-22 08:57:03 +01:00
Jakub Jelen
8fc2fee4e4
7.6p1-1 + 0.10.3-3
2017-11-07 14:58:44 +01:00
Jakub Jelen
c08aa4b8b1
Fix after-release bug in PermitOpen (posted on ML)
2017-11-07 14:58:44 +01:00
Jakub Jelen
5b55d0951d
rebase patches to openssh-7.6p1 and make it build
2017-11-07 14:58:44 +01:00
Jakub Jelen
9e46aafab9
openssh-7.5p1-6 + 0.10.3-2
2017-10-19 16:09:53 +02:00
Jakub Jelen
72514f7644
Add newer gssapi kex methods, but leave them disabled out of the box yet
2017-10-19 16:09:53 +02:00
Jakub Jelen
8c9e97e65a
Do not export KRBCCNAME if the default path is used ( #1199363 )
2017-10-19 16:09:53 +02:00
Jakub Jelen
ef66c0c677
openssh-7.5p1-5 + 0.10.3-2
2017-08-14 09:45:09 +02:00
Jakub Jelen
970a418151
Do not talk about SSHv1 in Summary
2017-08-09 16:10:33 +02:00
Jakub Jelen
6a05936971
Revert "server crypto policy"
...
This reverts commit 1d8ffcfe05
.
2017-08-09 14:58:13 +02:00
Jakub Jelen
fffad0579c
openssh-7.5p1-4 + 0.10.3-2
2017-08-02 15:46:58 +02:00
Jakub Jelen
722f82b9ab
Remove openssh-clients-ssh1 subpackage ( #1474942 )
2017-08-02 15:46:58 +02:00
Jakub Jelen
1d8ffcfe05
Preprocess the configuration files to include crypto policies.
...
* The services are using ExecPre to start sshd-pre script
* The sshd-pre script substitutes token in standard configuration file and writes a new on in /run
* The services are using a file in /run as a sshd_config
2017-08-02 15:46:57 +02:00
Fedora Release Engineering
be108c2c82
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-27 01:53:26 +00:00
Petr Písař
64a3610c1f
perl dependency renamed to perl-interpreter < https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules >
2017-07-12 14:20:53 +02:00
Jakub Jelen
2ea24bb006
openssh-7.5p1-2 + 0.10.3-2
2017-06-30 12:44:10 +02:00
Jakub Jelen
204765aba1
openssh-7.5p1-2 + 0.10.3-2
2017-03-23 14:48:09 +01:00
Jakub Jelen
c2f63ba00b
Revert the chroot magic
2017-03-23 14:47:27 +01:00
Jakub Jelen
fb74d1ec96
Add missing header on s390 ( #1434341 )
2017-03-22 14:35:55 +01:00
Jakub Jelen
09320cf61a
Fix typo in sandbox code, that got out after release
...
http://lists.mindrot.org/pipermail/openssh-unix-dev/2017-March/035879.html
2017-03-21 10:12:44 +01:00
Jakub Jelen
17b491b307
openssh-7.5p1-1 + 0.10.3-2
2017-03-20 16:00:16 +01:00
Jakub Jelen
7b666e5764
openssh-7.4p1-4 + 0.10.3-1
2017-03-03 15:53:31 +01:00
Jakub Jelen
ab7f9474c7
openssh-7.4p1-3 + 0.10.3-1
2017-02-22 14:56:00 +01:00
Jakub Jelen
b92d3c8ae0
Reference upstream bug
2017-02-22 14:56:00 +01:00
Jakub Jelen
4e7cdec7ef
Add systemd stuff to keep track of service
2017-02-22 14:56:00 +01:00
Jakub Jelen
140ef5a0f5
Properly report errors from included files ( #1408558 )
2017-02-22 14:56:00 +01:00
Jakub Jelen
a97eeb671c
ppc architecture is gone for years
2017-02-22 14:56:00 +01:00
Jakub Jelen
465b6e6b82
Check seteuid return values in all cases
2017-02-22 14:56:00 +01:00
Jakub Jelen
bdb932c46a
new pam_ssh_agent_auth-0.10.3 release
2017-02-22 14:55:59 +01:00
Jakub Jelen
26cec0607f
openssh-7.4p1-2 + 0.10.2-5
2017-02-06 09:47:28 +01:00
Jakub Jelen
b19926d292
openssh-7.4p1-1 + 0.10.2-5
2017-01-03 14:31:29 +01:00
Jakub Jelen
58f79a27c3
Whitelist /usr/lib64/ for PKCS#11 modules
2017-01-03 14:31:29 +01:00
Jakub Jelen
6cf9b8e61b
rebase to openssh-7.4p1-1
...
* Drop unaccepted (unapplying) coverity patches
* Drop server support for SSH1 (server)
* Workaround #2641 for systemd
* UseLogin is gone
* Drop upstream commit 28652bca
* Tighten seccomp filter (cache credentials before entering sandbox) (#1395288 )
2017-01-03 14:31:20 +01:00
Jakub Jelen
d8c2e8dc88
openssh-7.3p1-7 + 0.10.2-4
2016-12-08 14:13:32 +01:00
Jakub Jelen
162941961a
Move MAX_DISPLAYS to a configuration option
2016-12-08 14:13:32 +01:00
Jakub Jelen
7bccf7e6e0
openssh-7.3p1-6 + 0.10.2-4
2016-11-16 11:07:41 +01:00
Jakub Jelen
ccf623128a
Fix changelog
2016-11-07 09:33:43 +01:00
Jakub Jelen
2a8bce34e4
openssh-7.3p1-5 + 0.10.2-4
2016-10-27 18:26:25 +02:00
Jakub Jelen
aacf0d429a
OpenSSL 1.1.0 compat
2016-10-27 17:19:17 +02:00
Jakub Jelen
c9d9fe9b0f
Recommend crypto-policies for a client package
2016-10-11 10:29:50 +02:00
Jakub Jelen
d924bc6892
openssh-7.3p1-4 + 0.10.2-4
2016-09-29 14:14:19 +02:00
Jakub Jelen
ae831ab305
Fix NULL derefence ( #1380297 )
...
https://anongit.mindrot.org/openssh.git/patch/?id=28652bca29046f62c7045e933e6b931de1d16737
2016-09-29 11:15:13 +02:00
Jakub Jelen
739842b137
Make the code build without SELinux and without Audit
2016-09-15 16:36:04 +02:00
Jakub Jelen
0a605f4d31
openssh-7.3p1-3 + 0.10.2-4
2016-08-15 12:20:15 +02:00
Jakub Jelen
38d533a5e1
Proper content of the included configuration files
2016-08-15 12:18:50 +02:00
Jakub Jelen
73953d29f1
openssh-7.3p1-2 + 0.10.2-4
2016-08-09 10:32:01 +02:00
Jakub Jelen
88f3a752ae
openssh-7.3p1-1. + 0.10.2-4
2016-08-09 08:24:35 +02:00
Jakub Jelen
90ffc35e29
Correct permissions on the ssh_config directory ( #1365270 )
2016-08-09 08:23:44 +02:00
Jakub Jelen
a711d3c82f
openssh-7.3p1-1 + 0.10.2-4
2016-08-04 13:57:21 +02:00
Jakub Jelen
6454089e75
Create include directory with example content (redhat modifications)
2016-08-04 13:57:21 +02:00
Jakub Jelen
6da7f4d0ed
Drop SCP progressmeter patch because of reworked UTF-8 API (tracked upstream #2434 )
2016-08-04 13:57:02 +02:00
Jakub Jelen
70c2ac20bd
CVE-2016-6210 is fixed upstream
2016-08-04 10:59:59 +02:00
Jakub Jelen
13a7aaf5e3
CVE-2015-8325 and certificate regression are fixed upstream
2016-08-04 10:59:59 +02:00
Jakub Jelen
38e1dfa80d
Upstream bug #2477 applied
2016-08-04 10:59:59 +02:00
Jakub Jelen
4bd77fcccc
seccomp for secondary architecures patch already upstream ( #2590 )
2016-08-04 10:59:59 +02:00
Jakub Jelen
05bc93847e
Bug #2281 resolved upstream
2016-08-04 10:59:59 +02:00
Jakub Jelen
178ce15f5a
UTF-8 banners resolved by upstream bug #2058
2016-08-04 10:59:59 +02:00
Jakub Jelen
14320ca590
The upstream bug #2257 is fixed
2016-08-04 10:59:59 +02:00
Jakub Jelen
82bfd19e51
openssh-7.2p2-11 + 0.10.2-3
2016-07-26 15:41:29 +02:00
Jakub Jelen
6a7dd92929
Remove legacy sshd-keygen ( #1359762 )
...
Revert "Add legacy sshd-keygen for anaconda (#1331077 )"
This reverts commit 0b5300a59c
.
2016-07-26 15:41:29 +02:00
Jakub Jelen
793bc4b1cc
Remove slogin symlinks ( #1359762 )
...
Revert "Restore slogin symlinks"
This reverts commit e762f7265e
.
2016-07-26 15:41:29 +02:00
Jakub Jelen
b4df5ebb8d
Rework SELinux context handling with chroot using libcap-ng ( #1357860 )
2016-07-26 15:40:30 +02:00
Jakub Jelen
9dc741314f
openssh-7.2p2-10 + 0.10.2-3
2016-07-18 13:55:58 +02:00
Jakub Jelen
1057900209
Prevent user enumeration via timing channel (CVE-2016-6210)
2016-07-18 13:30:52 +02:00
Jakub Jelen
209c7a8aea
Expose more information to PAM
2016-07-18 13:30:51 +02:00
Jakub Jelen
9864973c69
Make closefrom() ignore softlinks to the /dev/ devices on s390
2016-07-18 12:26:15 +02:00
Jakub Jelen
a49441fa52
openssh-7.2p2-9 + 0.10.2-3
2016-07-01 09:07:18 +02:00
Jakub Jelen
5a67d51d0f
openssh-7.2p2-8 + 0.10.2-3
2016-06-24 12:07:22 +02:00
Jakub Jelen
186bf3858e
UseLogin yes is not supported in Fedora
2016-06-24 12:07:22 +02:00
Petr Písař
ad928ac7d1
Mandatory Perl build-requires added < https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl >
2016-06-24 10:03:17 +02:00
Jakub Jelen
ba8f38935c
openssh-7.2p2-7
2016-06-06 16:39:35 +02:00
Jakub Jelen
f6a096caf2
Build seccomp filter on ppc64(le) architecture ( #1195065 )
2016-06-06 16:39:35 +02:00
Jakub Jelen
1144aef1d1
Comments for patches, merge ssh_config from localdomain to redhat patch (ssh_config related)
2016-06-06 16:39:17 +02:00
Jakub Jelen
f2868287aa
rebase x11 patch to clean up coverity patch
2016-06-03 10:44:32 +02:00
Jakub Jelen
ea9421342e
Coverity: dereference in pam_ssh_agent_auth
...
Upstream: https://sourceforge.net/p/pamsshagentauth/bugs/22/
2016-06-03 09:49:44 +02:00
Jakub Jelen
d78d347c11
Check for real location of .k5login file ( #1328243 )
2016-06-03 09:29:58 +02:00
Jakub Jelen
8dd0608e77
Regression in certificate-based authentication ( #1333498 )
2016-05-06 09:25:20 +02:00
Jakub Jelen
991b66246f
openssh-7.2p2-6 + 0.10.2-3
2016-04-29 13:57:45 +02:00