Jakub Jelen
d924bc6892
openssh-7.3p1-4 + 0.10.2-4
2016-09-29 14:14:19 +02:00
Jakub Jelen
ae831ab305
Fix NULL derefence ( #1380297 )
...
https://anongit.mindrot.org/openssh.git/patch/?id=28652bca29046f62c7045e933e6b931de1d16737
2016-09-29 11:15:13 +02:00
Jakub Jelen
739842b137
Make the code build without SELinux and without Audit
2016-09-15 16:36:04 +02:00
Jakub Jelen
0a605f4d31
openssh-7.3p1-3 + 0.10.2-4
2016-08-15 12:20:15 +02:00
Jakub Jelen
38d533a5e1
Proper content of the included configuration files
2016-08-15 12:18:50 +02:00
Jakub Jelen
73953d29f1
openssh-7.3p1-2 + 0.10.2-4
2016-08-09 10:32:01 +02:00
Jakub Jelen
88f3a752ae
openssh-7.3p1-1. + 0.10.2-4
2016-08-09 08:24:35 +02:00
Jakub Jelen
90ffc35e29
Correct permissions on the ssh_config directory ( #1365270 )
2016-08-09 08:23:44 +02:00
Jakub Jelen
a711d3c82f
openssh-7.3p1-1 + 0.10.2-4
2016-08-04 13:57:21 +02:00
Jakub Jelen
6454089e75
Create include directory with example content (redhat modifications)
2016-08-04 13:57:21 +02:00
Jakub Jelen
6da7f4d0ed
Drop SCP progressmeter patch because of reworked UTF-8 API (tracked upstream #2434 )
2016-08-04 13:57:02 +02:00
Jakub Jelen
70c2ac20bd
CVE-2016-6210 is fixed upstream
2016-08-04 10:59:59 +02:00
Jakub Jelen
13a7aaf5e3
CVE-2015-8325 and certificate regression are fixed upstream
2016-08-04 10:59:59 +02:00
Jakub Jelen
38e1dfa80d
Upstream bug #2477 applied
2016-08-04 10:59:59 +02:00
Jakub Jelen
4bd77fcccc
seccomp for secondary architecures patch already upstream ( #2590 )
2016-08-04 10:59:59 +02:00
Jakub Jelen
05bc93847e
Bug #2281 resolved upstream
2016-08-04 10:59:59 +02:00
Jakub Jelen
178ce15f5a
UTF-8 banners resolved by upstream bug #2058
2016-08-04 10:59:59 +02:00
Jakub Jelen
14320ca590
The upstream bug #2257 is fixed
2016-08-04 10:59:59 +02:00
Jakub Jelen
82bfd19e51
openssh-7.2p2-11 + 0.10.2-3
2016-07-26 15:41:29 +02:00
Jakub Jelen
6a7dd92929
Remove legacy sshd-keygen ( #1359762 )
...
Revert "Add legacy sshd-keygen for anaconda (#1331077 )"
This reverts commit 0b5300a59c
.
2016-07-26 15:41:29 +02:00
Jakub Jelen
793bc4b1cc
Remove slogin symlinks ( #1359762 )
...
Revert "Restore slogin symlinks"
This reverts commit e762f7265e
.
2016-07-26 15:41:29 +02:00
Jakub Jelen
b4df5ebb8d
Rework SELinux context handling with chroot using libcap-ng ( #1357860 )
2016-07-26 15:40:30 +02:00
Jakub Jelen
9dc741314f
openssh-7.2p2-10 + 0.10.2-3
2016-07-18 13:55:58 +02:00
Jakub Jelen
1057900209
Prevent user enumeration via timing channel (CVE-2016-6210)
2016-07-18 13:30:52 +02:00
Jakub Jelen
209c7a8aea
Expose more information to PAM
2016-07-18 13:30:51 +02:00
Jakub Jelen
9864973c69
Make closefrom() ignore softlinks to the /dev/ devices on s390
2016-07-18 12:26:15 +02:00
Jakub Jelen
a49441fa52
openssh-7.2p2-9 + 0.10.2-3
2016-07-01 09:07:18 +02:00
Jakub Jelen
5a67d51d0f
openssh-7.2p2-8 + 0.10.2-3
2016-06-24 12:07:22 +02:00
Jakub Jelen
186bf3858e
UseLogin yes is not supported in Fedora
2016-06-24 12:07:22 +02:00
Petr Písař
ad928ac7d1
Mandatory Perl build-requires added < https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl >
2016-06-24 10:03:17 +02:00
Jakub Jelen
ba8f38935c
openssh-7.2p2-7
2016-06-06 16:39:35 +02:00
Jakub Jelen
f6a096caf2
Build seccomp filter on ppc64(le) architecture ( #1195065 )
2016-06-06 16:39:35 +02:00
Jakub Jelen
1144aef1d1
Comments for patches, merge ssh_config from localdomain to redhat patch (ssh_config related)
2016-06-06 16:39:17 +02:00
Jakub Jelen
f2868287aa
rebase x11 patch to clean up coverity patch
2016-06-03 10:44:32 +02:00
Jakub Jelen
ea9421342e
Coverity: dereference in pam_ssh_agent_auth
...
Upstream: https://sourceforge.net/p/pamsshagentauth/bugs/22/
2016-06-03 09:49:44 +02:00
Jakub Jelen
d78d347c11
Check for real location of .k5login file ( #1328243 )
2016-06-03 09:29:58 +02:00
Jakub Jelen
8dd0608e77
Regression in certificate-based authentication ( #1333498 )
2016-05-06 09:25:20 +02:00
Jakub Jelen
991b66246f
openssh-7.2p2-6 + 0.10.2-3
2016-04-29 13:57:45 +02:00
Jakub Jelen
0b5300a59c
Add legacy sshd-keygen for anaconda ( #1331077 )
2016-04-29 13:41:38 +02:00
Jakub Jelen
1380564732
openssh-7.2p2-5 + 0.10.2-3
2016-04-22 14:52:57 +02:00
Jakub Jelen
cf4e3a1844
Fix for CVE-2015-8325 ( #1328013 )
2016-04-18 12:39:11 +02:00
Jakub Jelen
58d2868dfe
openssh-7.2p2-4 + 0.10.2-3
2016-04-15 17:56:43 +02:00
Jakub Jelen
5489ace8dc
Add sshd-keygen.target to abstract key creation from sshd.service and sshd@.service ( #1325535 )
...
* PartOf is needed to trigger sshd-keygen checks for sshd.service restarts
* sshd-keygen.target makes a level of abstraction to eliminate dupplicate
dependencies on both sshd and sshd@ services
2016-04-15 17:05:32 +02:00
Jakub Jelen
461b3af818
Remove unused sshd init script
2016-04-15 17:04:59 +02:00
Jakub Jelen
32a74888d5
openssh-7.2p2-3 + 0.10.2-3
2016-04-13 13:44:58 +02:00
Jakub Jelen
00c7b75439
Make sshd-keygen comply with packaging guidelines ( #1325535 )
2016-04-13 13:42:12 +02:00
Jakub Jelen
f7e56a52db
openssh-7.2p2-2 + 0.10.2-3
2016-04-06 13:01:29 +02:00
Jakub Jelen
9163ba11f1
openssh-7.2p2-1 + 0.10.2-3
2016-03-10 13:36:41 +01:00
Jakub Jelen
0bdae3b8df
openssh-7.2p1-1 + 0.10.2-2
2016-03-03 17:59:53 +01:00
Jakub Jelen
e762f7265e
Restore slogin symlinks
2016-03-03 17:48:20 +01:00
Jakub Jelen
13073f8d9c
openssh-7.2p1-1 ( #1312870 )
2016-02-29 15:01:33 +01:00
Jakub Jelen
46445f1c7a
openssh-7.1p2-4 + 0.10.2-1
2016-02-25 10:38:09 +01:00
Jakub Jelen
44fc97266b
Audit race condition resolved ( #1308295 )
2016-02-25 10:37:22 +01:00
Jakub Jelen
700da17374
Remove hard glob limit since the CVE introducing this one is unrelated.
2016-02-24 09:51:43 +01:00
Fedora Release Engineering
b2b837ad97
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-04 11:34:23 +00:00
Jakub Jelen
8ddd3edcd8
openssh-7.1p2-3 + 0.10.2-1
2016-01-30 01:18:26 +01:00
Jakub Jelen
6c2eb5e22d
openssh-7.1p2-2 + 0.10.2-1
2016-01-26 09:00:28 +01:00
Jakub Jelen
38c7737421
Remove defattr from spec file
...
Mailing list thread:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/KEO7AX3JXR2TY6OVL4M7HDISZ6YIJNKU/
2016-01-26 09:00:28 +01:00
Jakub Jelen
733cea720e
CVE-2016-1908: Prevent possible fallback from untrusted to trusted X11 forwarding
...
Upstream commits:
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f
2016-01-26 09:00:23 +01:00
Jakub Jelen
87ab5fc4af
Reabse to latest release of pam_ssh_agent_auth with preserving current functionality
...
* Rebase to latest upstream version
* Clean up older patches for pam_ssh_agent_auth
* Remove prefixes from upstream release so we can build it against current
openssh library
* Remove copied files and headers so we make sure we build against current openssh
2016-01-25 13:32:42 +01:00
Jakub Jelen
7bc64374b0
openssh-7.1p2-1 + 0.9.2-9
2016-01-14 16:11:06 +01:00
Jakub Jelen
b2191db92e
openssh-7.1p1-7 + 0.9.2-8
2016-01-12 13:15:33 +01:00
Jakub Jelen
06b1d5330a
Make ssh-keysign world readable ( #1296724 )
2016-01-08 13:22:09 +01:00
Jakub Jelen
f26cd8d6ee
Update ssh-agent permissions ( #1296724 )
...
* It is no longer required to have ssh-agent with suid bit, because
the ptrace attach is prevented using PR_SET_DUMPABLE 0 [1]
[1] https://anongit.mindrot.org/openssh.git/commit/?id=6c4914afccb0c188a2c412d12dfb1b73e362e07e
2016-01-08 11:27:02 +01:00
Jakub Jelen
7c5d0a686c
Make sure the semantics of %global macro stays the same as before a0e252571b
2016-01-08 09:15:52 +01:00
Jakub Jelen
a0e252571b
Change %define to %global according to packaging guidelines
...
Based on discussion started on fedora-devel:
https://lists.fedoraproject.org/archives/list/devel%40lists.fedoraproject.org/thread/AS35NKZSAWRIKY77IUYOVNFAT6AJQVAU/
2016-01-04 10:41:27 +01:00
Jakub Jelen
c45d147a86
openssh-7.1p1-6 + 0.9.2-8
2015-12-18 14:36:00 +01:00
Jakub Jelen
f6bd29aaca
Preserve IUTF8 tty mode flag over ssh connections ( #1270248 )
2015-12-18 14:36:00 +01:00
Jakub Jelen
86f52d4e69
Rebase downstream patches of ssh-copy-id into one from upstream
...
Source:
http://git.hands.com/ssh-copy-id
2015-12-16 15:40:10 +01:00
Jakub Jelen
d9d9575f00
GSSAPI Key Exchange documentation improvements
...
from Debian patches:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765655
2015-12-10 15:37:52 +01:00
Jakub Jelen
ef86a312db
openssh-7.1p1-5 + 0.9.2-8
2015-11-04 10:18:50 +01:00
Jakub Jelen
fa54d5472d
openssh-7.1p1-4 + 0.9.2-8
2015-10-22 14:55:07 +02:00
Jakub Jelen
a80c277795
openssh-7.1p1-3 + 0.9.2-8
2015-09-25 14:10:39 +02:00
Jakub Jelen
812f08d95e
Provide full RELRO and PIE form askpass helper ( #1264036 )
2015-09-24 15:57:11 +02:00
Jakub Jelen
98262158d8
openssh-7.1p1-2 + 0.9.2-8
2015-09-09 14:29:31 +02:00
Jakub Jelen
757fec581b
openssh-7.1p1-1 + 0.9.3-8
2015-08-22 22:22:48 +02:00
Jakub Jelen
ccd186847a
Add corresponding options for ssh1 configure
2015-08-22 22:22:48 +02:00
Jakub Jelen
c98f559725
HostKeyAlgorithms option on server is broken when using + sign
2015-08-22 22:22:48 +02:00
Jakub Jelen
ebdae84225
openssh-7.0p1-2 + 0.9.3-7
2015-08-19 13:49:45 +02:00
Jakub Jelen
18e54994fa
Fix typo in version string
2015-08-19 13:47:28 +02:00
Jakub Jelen
4df30a2a72
Possibility to validate legacy systems by more fingerprints ( #1249626 )
2015-08-19 13:43:36 +02:00
Jakub Jelen
bc4ef0f373
Add GSSAPIKexAlgorithms option for server and client application
2015-08-19 13:18:07 +02:00
Jakub Jelen
3f55133c24
openssh-7.0p1-1 + 6.9.3-7
...
New upstream release (#1252639 )
- allow root login in default config
Security: Use-after-free bug related to PAM support (#1252853 )
Security: Privilege separation weakness related to PAM support (#1252854 )
Security: Incorrectly set TTYs to be world-writable (#1252862 )
2015-08-13 17:44:41 +02:00
Jakub Jelen
2939c322fa
Create openssh-clients-ssh1 subpackage with tools for protocol SSHv1
2015-08-13 17:44:41 +02:00
Jakub Jelen
1d50678457
Remove obsolete triggerruns for migration to systemd
...
- overlapping versions are not supported by current rpm
2015-07-28 13:08:55 +02:00
Jakub Jelen
6286d6a8e6
6.9p1-4 + 0.9.3-6
2015-07-28 11:24:35 +02:00
Jakub Jelen
67938e0c00
Handle terminal control characters in scp progressmeter ( #1247204 )
2015-07-28 11:23:51 +02:00
Jakub Jelen
83bfb1fce5
6.9p1-3 + 0.9.3-6
2015-07-23 11:12:19 +02:00
Jakub Jelen
c6d2eca7de
only query each keyboard-interactive device once ( #1245971 )
...
Upstream commit
https://anongit.mindrot.org/openssh.git/commit/?id=5b64f85bb811246c59ebab70aed331f26ba37b18
2015-07-23 11:06:12 +02:00
Jakub Jelen
ca62b6133e
6.9p1-2 + 0.9.3-6
2015-07-15 09:44:37 +02:00
Jakub Jelen
a4d9cd5694
Patch name, formating
2015-07-08 12:24:34 +02:00
Jakub Jelen
58ba50440e
Allow building seccomp filters also for s390(x) architectures ( #1195065 )
2015-07-02 17:10:58 +02:00
Jakub Jelen
187a349ee6
6.9p1-1 + 0.9.3-6
2015-07-01 15:51:20 +02:00
Jakub Jelen
5de6c89ff2
Correctly revert "PermitRootLogin no" option from upstream sources
2015-07-01 15:51:20 +02:00
Jakub Jelen
535d341e70
rebase to new upstream release 6.9
2015-07-01 15:51:01 +02:00
Jakub Jelen
f3002bfb7b
6.8p1-9 + 0.9.3-5
2015-06-24 10:49:08 +02:00
Dennis Gilmore
b59dd83265
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-18 00:06:18 +00:00
Jakub Jelen
5aa47ae6f4
6.8p1-8 + 0.9.3-5
2015-06-08 09:06:12 +02:00
Jakub Jelen
f049b3b1ad
6.8p1-7 + 0.9.3-5
2015-06-03 07:54:20 +02:00
Jakub Jelen
8a10dcb363
6.8p1-6 + 0.9.3-5
2015-05-28 14:02:26 +02:00
Jakub Jelen
09ca6ef2e6
Provide LDIF version of LPK schema
2015-05-28 13:51:58 +02:00
Jakub Jelen
0a076e7e9e
Add missing Banner in sshd -T output
2015-05-28 13:39:34 +02:00
Jakub Jelen
8244d5a508
Fix upstream memory problems
2015-05-27 16:16:41 +02:00
Jakub Jelen
637556d934
Resolve problem with pam_ssh_agent_auth after rebase ( #1225106 )
...
* authfd internals changed in upstream commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622
* Reintroduced missing structure AuthenticationConnection
* inspired by ssh-add.c
2015-05-27 15:08:37 +02:00
Jakub Jelen
3e3570ad64
ssh-copy-id: tcsh doesnt work with multiline strings so we will make it uggly one-line
2015-05-27 12:05:49 +02:00
Jakub Jelen
775e1b20e6
6.8p1-5 + 0.9.3-5
2015-04-20 17:28:43 +02:00
Jakub Jelen
c5163162d3
6.8p1-4 + 0.9.3-5
2015-04-02 17:51:58 +02:00
Jakub Jelen
c028ac51a4
6.8p1-3 + 0.9.3-5
2015-03-31 17:24:34 +02:00
Jakub Jelen
23bc31b25a
Remove krb5-config workaround for #1203900
2015-03-30 11:48:11 +02:00
Jakub Jelen
e5b15a7419
6.8p1-2 + 0.9.3-5
2015-03-26 14:20:31 +01:00
Jakub Jelen
07756a2278
Fix reintroduced upstrem bug #1878
2015-03-26 14:20:31 +01:00
Jakub Jelen
12cf3e4d35
Update audit patch after rebase with more sanity checks
2015-03-26 14:20:31 +01:00
Jakub Jelen
aa8fb3e1cc
rebuild 6.8p1-1.1 + 0.9.3-5
2015-03-24 11:04:38 +01:00
Jakub Jelen
1330ede7ff
rebuild 6.8p1-1.1 + 0.9.3-5
2015-03-24 11:00:15 +01:00
Jakub Jelen
e3688f35e1
release 6.8p1-1 + 0.9.3-5
2015-03-24 10:40:21 +01:00
Jakub Jelen
d276698802
Workaround krb5-config bug ( #1204646 )
2015-03-24 10:39:01 +01:00
Jakub Jelen
132f8f8686
6.8p1-1 + 0.9.3-5
2015-03-23 16:05:49 +01:00
Jakub Jelen
7b82d087e1
6.7p1-11 + 0.9.3-4
2015-03-12 11:46:33 +01:00
Jakub Jelen
c31740f8ea
Fix tmpfiles to be more consistent with other config files in package ( #1196807 )
2015-03-12 11:45:59 +01:00
Jakub Jelen
558fb7b2f4
Add sftp option to force mode of created files
2015-03-11 18:09:06 +01:00
Jakub Jelen
7aa6321a86
6.7p1-10 + 0.9.3-4
2015-03-02 08:23:32 +01:00
Jakub Jelen
766438b1d5
Add tmpfiles.d entries ( #1196807 )
2015-03-02 08:23:31 +01:00
Jakub Jelen
c8b4078a3f
6.7p1-9 + 0.9.3-4
2015-02-27 18:44:47 +01:00
Jakub Jelen
cbda6f57fb
Solve issue with ssh-copy-id and keys without trailing newline ( #1093168 )
2015-02-25 10:46:29 +01:00
Jakub Jelen
5f3c83fd09
6.7p1-8 + 0.9.3-4
2015-02-24 10:10:07 +01:00
Marcin Juszkiewicz
6656486e18
Add AArch64 support for seccomp_filter sandbox ( #1195065 )
2015-02-24 09:17:43 +01:00
Jakub Jelen
e0f867b153
6.7p1-7 + 0.9.3-4
2015-02-23 12:43:25 +01:00
Jakub Jelen
c13a4b7170
6.7p1-6 + 0.9.3-4
2015-02-23 12:18:07 +01:00
Jakub Jelen
d5a8001387
Fix seccomp filter for ix68 ( #1194401 ), fix previous commit
2015-02-23 12:17:30 +01:00
Peter Robinson
b9846a816d
fix if statement
2015-02-22 17:36:25 +00:00
Peter Robinson
74e740c136
Only use seccomp for sandboxing on supported platforms
2015-02-22 17:28:16 +00:00
Jakub Jelen
c6945293fd
6.7p1-4 + 0.9.3-4
2015-02-20 15:06:26 +01:00
Jakub Jelen
77f453b74d
cleanup working directory, spec file and unused patches after rebase
2015-02-20 15:06:17 +01:00
Jakub Jelen
08cb909f5d
Move cavs tests into subpackage -cavs ( #1194320 )
2015-02-20 13:24:42 +01:00
Jakub Jelen
2f556360f6
6.7p1-3 + 0.9.3-4
2015-02-18 16:11:48 +01:00
Jakub Jelen
6df422d544
Fix ssh-copy-id on non-sh shells ( #1045191 )
2015-02-18 16:01:39 +01:00
Jakub Jelen
bb3e880c01
Add SSH KDF CAVS test driver for future FIPS validation ( #1193045 )
2015-02-18 15:48:10 +01:00
Jakub Jelen
14c675f3a5
Use global hardening specification instead of hardening made by openssh.
...
Openssh uses by default -fPIE flag, which didn't allow to build
pam_ssh_agent_auth.so with from libssh.a.
Validated using /CoreOS/openssh/Regression/bz642927-add-relro-flag
2015-02-18 10:34:40 +01:00
Jakub Jelen
0a4ac4f4d3
Enable seccomp sandboxing after resolving problems with audit patch ( #1062953 )
2015-02-11 14:08:42 +01:00
Jakub Jelen
b552eb6714
Make output of sshd -T more consistent, using upstream patch ( #1187521 )
2015-02-03 14:17:05 +01:00
Jakub Jelen
580f986839
Update coverity patch after rebase to 6.7
2015-02-03 14:09:51 +01:00
Jakub Jelen
6c6416dc9d
6.7p1-2 + 0.9.3-4
2015-01-27 14:10:18 +01:00
Jakub Jelen
021326a6ae
Fix audit patch after rebase to 6.7
2015-01-27 12:07:13 +01:00
Petr Lautrbach
9b4e25cce0
temporarily disable audit patch causing segmentation faults
2015-01-20 17:08:25 +01:00
Petr Lautrbach
f29c8784c6
restore tcp wrappers support, based on Debian patch
...
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
2015-01-20 17:06:46 +01:00
Petr Lautrbach
1900351913
6.7p1-1 + 0.9.3-4
2015-01-20 13:21:45 +01:00
Petr Lautrbach
b457c98bec
use upstream FigerPrintHash for fingerprint - 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994
2015-01-19 15:26:56 +01:00
Jakub Jelen
3ffcb799b3
Fix changelog entry
2015-01-15 15:03:12 +01:00
Jakub Jelen
2109ab67c2
6.6.1p1-11 + 0.9.3-3
2015-01-14 17:15:02 +01:00
Petr Lautrbach
140e5ca05d
add new option GSSAPIEnablek5users and disable using ~/.k5users by default
...
CVE-2014-9278 (#1170745 )
2015-01-14 17:10:40 +01:00
Jakub Jelen
9080a85b54
Update vendor-patchlevel string
2015-01-14 16:55:27 +01:00
Jakub Jelen
b9d68e7db4
Fix config parser for ip:port values ( #1130733 )
2015-01-14 16:48:32 +01:00
Jakub Jelen
fd06d69c6a
Fix confusing error message in scp ( #1142223 )
2015-01-14 16:46:23 +01:00
Petr Lautrbach
62986c5e87
6.6.1p1-10 + 0.9.3-3
2014-12-19 10:24:59 +01:00
Petr Lautrbach
7a7b8f0984
log via monitor in chroots without /dev/log
2014-12-19 10:14:36 +01:00
Petr Lautrbach
720cf82ef2
record pfs= field in CRYPTO_SESSION audit event
2014-12-15 18:59:39 +01:00
Petr Lautrbach
276c16ce71
6.6.1p1-9 + 0.9.3-3
2014-12-03 18:18:19 +01:00
Petr Lautrbach
56a647f5e3
the .local domain example should be in ssh_config, not in sshd_config
2014-12-03 18:15:25 +01:00
Petr Lautrbach
08fe9e8e47
use different values for DH for Cisco servers ( #1026430 )
2014-12-03 17:10:47 +01:00
Petr Lautrbach
823364a11e
6.6.1p1-8 + 0.9.3-3
2014-11-13 22:21:52 +01:00
Petr Lautrbach
44f0ac8d08
fix several coverity issues Resolves: rhbz#1139794
2014-11-13 22:16:51 +01:00
Petr Lautrbach
a1e1ac2bfc
6.6.1p1-7 + 0.9.3-3
2014-11-07 12:53:03 +01:00
Petr Lautrbach
3b7c8620a1
6.6.1p1-6 + 0.9.3-3
2014-11-04 19:09:42 +01:00
Petr Lautrbach
5296a797aa
privsep_preauth: use SELinux context from selinux-policy ( #1008580 )
2014-11-04 19:06:14 +01:00
Petr Lautrbach
0f0e055d6a
Ignore SIGXFSZ in postauth monitor
...
https://bugzilla.mindrot.org/show_bug.cgi?id=2263
2014-09-29 08:37:05 +02:00
Petr Lautrbach
4b24967a9c
fix parsing of empty arguments in sshd_conf
...
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
2014-09-25 11:45:47 +02:00
Petr Lautrbach
afde9f8153
6.6.1p1-5 + 0.9.3-3
2014-09-08 10:35:57 +02:00
Petr Lautrbach
ce2d80b4e7
don't consider a partial success as a failure
2014-09-04 16:33:25 +02:00
Petr Lautrbach
163064841f
apply RFC3454 stringprep to banners when possible
...
https://bugzilla.mindrot.org/show_bug.cgi?id=2058
2014-09-04 16:12:11 +02:00
Petr Lautrbach
0a3f4e122d
set a client's address right after a connection is set
...
http://bugzilla.mindrot.org/show_bug.cgi?id=2257
2014-09-02 10:49:31 +02:00
Peter Robinson
662c5a05b3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-17 14:08:07 +00:00
Tom Callaway
e336e33a32
fix license handling
2014-07-18 19:28:30 -04:00
Petr Lautrbach
8ff21c966a
6.6.1p1-3 + 0.9.3-2
2014-07-18 08:38:51 +02:00
Petr Lautrbach
817071dc4d
standardise on NI_MAXHOST for gethostname() string lengths ( #1051490 )
2014-07-17 14:28:16 +02:00
Petr Lautrbach
cef0d582b6
6.6.1p1-2 + 0.9.3-2
2014-07-14 12:35:16 +02:00
Petr Lautrbach
d8b90ac6f8
minor spec file cleanup
2014-07-09 21:40:06 +02:00
Petr Lautrbach
8028159313
fix and rebase fips patch to 6.6.1p1
2014-07-09 21:16:53 +02:00
Petr Lautrbach
5160c9c8f3
rebase audit patch for 6.6.1p1
2014-07-08 17:42:18 +02:00
Petr Lautrbach
86f29c353e
bring back openssh-5.5p1-x11.patch
2014-07-03 16:42:56 +02:00
Petr Lautrbach
5fcfcac428
drop openssh-5.8p2-remove-stale-control-socket.patch
2014-07-03 16:23:00 +02:00
Petr Lautrbach
8b5feef2c8
bring back the openssh-5.8p2-sigpipe.patch
2014-07-03 16:14:38 +02:00
Dennis Gilmore
d1b0938acc
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-07 12:01:42 -05:00
Petr Lautrbach
5cde9cd3f2
6.6.1p1-1 + 0.9.3-2
2014-06-03 17:52:36 +02:00
Petr Lautrbach
fb6f390a78
drop openssh-server-sysvinit subpackage
2014-06-03 17:42:49 +02:00
Petr Lautrbach
44fb3c6aeb
OpenSSH 6.5 and 6.6 sometimes encode a value used in the
...
curve25519 key exchange incorrectly, causing connection failures
about 0.2% of the time when this method is used against a peer that
implements the method properly.
Fix the problem and disable the curve25519 KEX when speaking to
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
to enable the compatability code.
openssh-6.6.1p1
2014-06-03 17:18:36 +02:00
Petr Lautrbach
94c6f8ddcc
rebase to openssh-6.6p1
2014-06-03 16:51:07 +02:00
Petr Lautrbach
d75575229f
6.4p1-4 + 0.9.3-1
2014-05-15 10:37:16 +02:00
Petr Lautrbach
8f8619e1e6
ignore environment variables with embedded '=' or '\0' characters ( #1077843 )
...
CVE-2014-2532
2014-05-15 10:24:04 +02:00
Petr Lautrbach
d271e02296
prevent a server from skipping SSHFP lookup ( #1081338 )
...
CVE-2014-2653
2014-05-15 10:23:46 +02:00
Petr Lautrbach
9a031d2641
try CLOCK_BOOTTIME with fallback ( #1091992 )
2014-05-14 17:30:43 +02:00
Petr Lautrbach
f9f83a00b5
make /etc/ssh/moduli file public ( #1043661 )
2014-02-26 15:54:02 +01:00
Petr Lautrbach
96df3b5ecb
use tty allocation for a remote scp
2014-01-23 18:30:39 +01:00
Petr Lautrbach
b898cbf5e1
Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set
2014-01-23 18:30:03 +01:00
Petr Lautrbach
084bc6fca5
FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A
2014-01-23 18:29:02 +01:00
Petr Lautrbach
222dd2e358
6.4p1-3 + 0.9.3-1
2013-12-11 14:32:11 +01:00
Petr Lautrbach
89d920b074
6.4p1-2 + 0.9.3-1
2013-11-26 15:28:39 +01:00
Petr Lautrbach
09e9ef3d7c
6.4p1-1 + 0.9.3-1
2013-11-08 14:04:33 +01:00
Petr Lautrbach
3ed6191f56
6.3p1-5 + 0.9.3-7
2013-11-01 17:07:27 +01:00
Petr Lautrbach
5795323a53
don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> ( #1024965 )
2013-11-01 17:06:02 +01:00
Petr Lautrbach
7feb965804
6.3p1-4 + 0.9.3-6
2013-10-25 15:46:49 +02:00
Petr Lautrbach
2add7a8ff5
rebuild with openssl-1.0.1e-29.fc20 to enable ECC support
2013-10-25 15:19:26 +02:00
Petr Lautrbach
f0aa6e5f51
rebuild with openssl-1.0.1e-29.fc20 to enable ECC support
2013-10-25 14:46:48 +02:00
Petr Lautrbach
a5e23f2861
6.3p1-3 + 0.9.3-6
2013-10-24 16:45:21 +02:00
Petr Lautrbach
ff7a26b109
6.3p1-2 + 0.9.3-6
2013-10-23 23:14:38 +02:00
Petr Lautrbach
1f36406833
Increase the size of the Diffie-Hellman groups requested for a each
...
symmetric key size. New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
djm@. (#1010607 )
2013-10-23 22:41:53 +02:00
Petr Lautrbach
d088f94bd9
use default_ccache_name from /etc/krb5.conf for a kerberos cache ( #991186 )
2013-10-23 22:08:19 +02:00
Petr Lautrbach
e40d5d19d9
added Obsoletes: *fips
2013-10-15 17:55:40 +02:00
Petr Lautrbach
a92e916970
6.3p1-1 + 0.9.3-6
2013-10-14 15:55:03 +02:00
Petr Lautrbach
84822b5dec
rebase for openssh-6.3p1, remove unused patches ( #1007769 )
2013-10-14 15:54:41 +02:00
Petr Lautrbach
c33ef551ca
6.2p2-9 + 0.9.3-5
2013-10-08 17:28:16 +02:00
Petr Lautrbach
2ae5f9ff89
Revert "add -fips subpackages that contains the FIPS module files"
...
This reverts commit 227f4f7628
.
2013-10-08 17:13:39 +02:00
Petr Lautrbach
d4d8299c30
Revert "add missing Requires: openssl-fips in -fips subpackages"
...
This reverts commit a19397fdd2
.
Conflicts:
openssh.spec
2013-10-08 17:06:14 +02:00
Petr Lautrbach
b61d9c10d3
Revert "use hmac_suffix for ssh{,d} hmac checksums"
...
This reverts commit c6724c72f4
.
2013-10-08 17:04:53 +02:00
Petr Lautrbach
0cc0054215
Revert "use {?dist} tag in suffixes for hmac checksum files"
...
This reverts commit 15244ec178
.
2013-10-08 17:04:40 +02:00
Petr Lautrbach
f344f8490c
6.2p2-8 + 0.9.3-5
2013-09-25 14:13:01 +02:00
Petr Lautrbach
15244ec178
use {?dist} tag in suffixes for hmac checksum files
2013-09-20 17:11:49 +02:00
Petr Lautrbach
eba55f9c1b
6.2p2-7 + 0.9.3-5
2013-09-11 16:54:14 +02:00
Petr Lautrbach
c6724c72f4
use hmac_suffix for ssh{,d} hmac checksums
2013-09-11 16:05:58 +02:00
Petr Lautrbach
a19397fdd2
add missing Requires: openssl-fips in -fips subpackages
...
6.2p2-6.1 + 0.9.3-5
2013-08-29 09:32:04 +02:00
Petr Lautrbach
f4e927b62d
6.2p2-6 + 0.9.3-5
2013-08-28 21:28:04 +02:00
Petr Lautrbach
227f4f7628
add -fips subpackages that contains the FIPS module files
2013-08-28 19:37:08 +02:00
Petr Lautrbach
631ffb2c5b
6.2p2-5 + 0.9.3-5
2013-08-01 09:50:41 +02:00
Petr Lautrbach
115aad3f92
6.2p2-4 + 0.9.3-5
2013-07-23 16:01:17 +02:00
Petr Lautrbach
17df27c668
don't show Success for EAI_SYSTEM ( #985964 )
2013-07-23 12:07:49 +02:00
Petr Lautrbach
2ee6810919
make sftp's libedit interface marginally multibyte aware ( #841771 )
2013-06-19 17:10:49 +02:00
Petr Lautrbach
66608a1ded
6.2p2-3 + 0.9.3-5
2013-06-17 17:30:04 +02:00
Petr Lautrbach
e99c4840f1
6.2p2-2 + 0.9.3-5
2013-05-21 18:38:15 +02:00
Petr Lautrbach
678b8081f1
add socket activated sshd units to the package ( #963268 )
2013-05-21 18:37:18 +02:00
Petr Lautrbach
21acbc4795
6.2p2-1 + 0.9.3-5
2013-05-20 09:31:57 +02:00
Petr Lautrbach
d48f1a7bde
always use /sbin/nologin as privsep user's shell
2013-04-24 18:08:00 +02:00
Petr Lautrbach
a92d7445da
6.2p1-4 + 0.9.3-4
2013-04-17 17:12:32 +02:00
Petr Lautrbach
1d76d11f64
cleanup spec file and patches
2013-04-16 18:30:43 +02:00
Petr Lautrbach
c276d31b49
6.2p1-3 + 0.9.3-4
2013-04-16 18:15:20 +02:00
Petr Lautrbach
894ab5eaaf
add latest config.{sub,guess} to support aarch64 ( #926284 )
2013-04-16 18:12:15 +02:00
Petr Lautrbach
1042786f58
6.2p1-2 + 0.9.3-4
2013-04-09 23:25:17 +02:00
Petr Lautrbach
fcef7f6231
keep track of which IndentityFile options were manually supplied and which were default options, and don't warn if the latter are missing. (mindrot#2084)
2013-04-09 23:22:42 +02:00
Petr Lautrbach
b6f89abe5c
6.2p1-1 + 0.9.3-4
2013-04-09 00:07:04 +02:00
Petr Lautrbach
d3d59da0b5
merge all -audit* patches together
2013-04-08 17:17:10 +02:00
Petr Lautrbach
8d97022c57
build regress/modpipe tests with $(CFLAGS)
2013-04-04 16:50:06 +02:00
Petr Lautrbach
8a29dedfa7
rebase to openssh-6.2p1 ( #924727 )
...
ACSS was removed from upstream sources
2013-04-04 16:49:30 +02:00
Petr Lautrbach
1b95bc38df
6.1p1-7 + 0.9.3-3
2013-03-06 10:41:50 +01:00
Petr Lautrbach
2a7883d153
6.1p1-6 + 0.9.3-3
2013-02-14 18:08:21 +01:00
Petr Lautrbach
d2b3b9a27e
pam_ssh_agent_auth - change paths from %{_lib} to %{_libdir}
2013-02-12 09:42:54 +01:00
Petr Lautrbach
19725a9954
fix bogus day names in changelog dates
2013-02-08 15:44:40 +01:00
Petr Lautrbach
cab7f53408
6.1p1-5 + 0.9.3-3
2013-02-08 14:56:47 +01:00
Petr Lautrbach
5bc906c19a
change default value of MaxStartups - CVE-2010-5107 - #908707
2013-02-08 14:32:20 +01:00
Petr Lautrbach
87391b7d01
add BuildRequires: perl-podlators
2013-02-07 14:21:38 +01:00
Petr Lautrbach
7642de98e4
6.1p1-4 + 0.9.3-3
2012-12-03 17:16:39 +01:00
Petr Lautrbach
790103e764
6.1p1-3 + 0.9.3-3
2012-12-03 10:29:07 +01:00
Petr Lautrbach
fe661c5cbb
obsolete RequiredAuthentications[12] options
2012-11-30 21:40:22 +01:00