Jakub Jelen
d8c2e8dc88
openssh-7.3p1-7 + 0.10.2-4
2016-12-08 14:13:32 +01:00
Jakub Jelen
162941961a
Move MAX_DISPLAYS to a configuration option
2016-12-08 14:13:32 +01:00
Jakub Jelen
7bccf7e6e0
openssh-7.3p1-6 + 0.10.2-4
2016-11-16 11:07:41 +01:00
Jakub Jelen
ccf623128a
Fix changelog
2016-11-07 09:33:43 +01:00
Jakub Jelen
2a8bce34e4
openssh-7.3p1-5 + 0.10.2-4
2016-10-27 18:26:25 +02:00
Jakub Jelen
aacf0d429a
OpenSSL 1.1.0 compat
2016-10-27 17:19:17 +02:00
Jakub Jelen
c9d9fe9b0f
Recommend crypto-policies for a client package
2016-10-11 10:29:50 +02:00
Jakub Jelen
d924bc6892
openssh-7.3p1-4 + 0.10.2-4
2016-09-29 14:14:19 +02:00
Jakub Jelen
ae831ab305
Fix NULL derefence ( #1380297 )
...
https://anongit.mindrot.org/openssh.git/patch/?id=28652bca29046f62c7045e933e6b931de1d16737
2016-09-29 11:15:13 +02:00
Jakub Jelen
739842b137
Make the code build without SELinux and without Audit
2016-09-15 16:36:04 +02:00
Jakub Jelen
0a605f4d31
openssh-7.3p1-3 + 0.10.2-4
2016-08-15 12:20:15 +02:00
Jakub Jelen
38d533a5e1
Proper content of the included configuration files
2016-08-15 12:18:50 +02:00
Jakub Jelen
73953d29f1
openssh-7.3p1-2 + 0.10.2-4
2016-08-09 10:32:01 +02:00
Jakub Jelen
88f3a752ae
openssh-7.3p1-1. + 0.10.2-4
2016-08-09 08:24:35 +02:00
Jakub Jelen
90ffc35e29
Correct permissions on the ssh_config directory ( #1365270 )
2016-08-09 08:23:44 +02:00
Jakub Jelen
a711d3c82f
openssh-7.3p1-1 + 0.10.2-4
2016-08-04 13:57:21 +02:00
Jakub Jelen
6454089e75
Create include directory with example content (redhat modifications)
2016-08-04 13:57:21 +02:00
Jakub Jelen
6da7f4d0ed
Drop SCP progressmeter patch because of reworked UTF-8 API (tracked upstream #2434 )
2016-08-04 13:57:02 +02:00
Jakub Jelen
70c2ac20bd
CVE-2016-6210 is fixed upstream
2016-08-04 10:59:59 +02:00
Jakub Jelen
13a7aaf5e3
CVE-2015-8325 and certificate regression are fixed upstream
2016-08-04 10:59:59 +02:00
Jakub Jelen
38e1dfa80d
Upstream bug #2477 applied
2016-08-04 10:59:59 +02:00
Jakub Jelen
4bd77fcccc
seccomp for secondary architecures patch already upstream ( #2590 )
2016-08-04 10:59:59 +02:00
Jakub Jelen
05bc93847e
Bug #2281 resolved upstream
2016-08-04 10:59:59 +02:00
Jakub Jelen
178ce15f5a
UTF-8 banners resolved by upstream bug #2058
2016-08-04 10:59:59 +02:00
Jakub Jelen
14320ca590
The upstream bug #2257 is fixed
2016-08-04 10:59:59 +02:00
Jakub Jelen
82bfd19e51
openssh-7.2p2-11 + 0.10.2-3
2016-07-26 15:41:29 +02:00
Jakub Jelen
6a7dd92929
Remove legacy sshd-keygen ( #1359762 )
...
Revert "Add legacy sshd-keygen for anaconda (#1331077 )"
This reverts commit 0b5300a59c
.
2016-07-26 15:41:29 +02:00
Jakub Jelen
793bc4b1cc
Remove slogin symlinks ( #1359762 )
...
Revert "Restore slogin symlinks"
This reverts commit e762f7265e
.
2016-07-26 15:41:29 +02:00
Jakub Jelen
b4df5ebb8d
Rework SELinux context handling with chroot using libcap-ng ( #1357860 )
2016-07-26 15:40:30 +02:00
Jakub Jelen
9dc741314f
openssh-7.2p2-10 + 0.10.2-3
2016-07-18 13:55:58 +02:00
Jakub Jelen
1057900209
Prevent user enumeration via timing channel (CVE-2016-6210)
2016-07-18 13:30:52 +02:00
Jakub Jelen
209c7a8aea
Expose more information to PAM
2016-07-18 13:30:51 +02:00
Jakub Jelen
9864973c69
Make closefrom() ignore softlinks to the /dev/ devices on s390
2016-07-18 12:26:15 +02:00
Jakub Jelen
a49441fa52
openssh-7.2p2-9 + 0.10.2-3
2016-07-01 09:07:18 +02:00
Jakub Jelen
5a67d51d0f
openssh-7.2p2-8 + 0.10.2-3
2016-06-24 12:07:22 +02:00
Jakub Jelen
186bf3858e
UseLogin yes is not supported in Fedora
2016-06-24 12:07:22 +02:00
Petr Písař
ad928ac7d1
Mandatory Perl build-requires added < https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl >
2016-06-24 10:03:17 +02:00
Jakub Jelen
ba8f38935c
openssh-7.2p2-7
2016-06-06 16:39:35 +02:00
Jakub Jelen
f6a096caf2
Build seccomp filter on ppc64(le) architecture ( #1195065 )
2016-06-06 16:39:35 +02:00
Jakub Jelen
1144aef1d1
Comments for patches, merge ssh_config from localdomain to redhat patch (ssh_config related)
2016-06-06 16:39:17 +02:00
Jakub Jelen
f2868287aa
rebase x11 patch to clean up coverity patch
2016-06-03 10:44:32 +02:00
Jakub Jelen
ea9421342e
Coverity: dereference in pam_ssh_agent_auth
...
Upstream: https://sourceforge.net/p/pamsshagentauth/bugs/22/
2016-06-03 09:49:44 +02:00
Jakub Jelen
d78d347c11
Check for real location of .k5login file ( #1328243 )
2016-06-03 09:29:58 +02:00
Jakub Jelen
8dd0608e77
Regression in certificate-based authentication ( #1333498 )
2016-05-06 09:25:20 +02:00
Jakub Jelen
991b66246f
openssh-7.2p2-6 + 0.10.2-3
2016-04-29 13:57:45 +02:00
Jakub Jelen
0b5300a59c
Add legacy sshd-keygen for anaconda ( #1331077 )
2016-04-29 13:41:38 +02:00
Jakub Jelen
1380564732
openssh-7.2p2-5 + 0.10.2-3
2016-04-22 14:52:57 +02:00
Jakub Jelen
cf4e3a1844
Fix for CVE-2015-8325 ( #1328013 )
2016-04-18 12:39:11 +02:00
Jakub Jelen
58d2868dfe
openssh-7.2p2-4 + 0.10.2-3
2016-04-15 17:56:43 +02:00
Jakub Jelen
5489ace8dc
Add sshd-keygen.target to abstract key creation from sshd.service and sshd@.service ( #1325535 )
...
* PartOf is needed to trigger sshd-keygen checks for sshd.service restarts
* sshd-keygen.target makes a level of abstraction to eliminate dupplicate
dependencies on both sshd and sshd@ services
2016-04-15 17:05:32 +02:00
Jakub Jelen
461b3af818
Remove unused sshd init script
2016-04-15 17:04:59 +02:00
Jakub Jelen
32a74888d5
openssh-7.2p2-3 + 0.10.2-3
2016-04-13 13:44:58 +02:00
Jakub Jelen
00c7b75439
Make sshd-keygen comply with packaging guidelines ( #1325535 )
2016-04-13 13:42:12 +02:00
Jakub Jelen
f7e56a52db
openssh-7.2p2-2 + 0.10.2-3
2016-04-06 13:01:29 +02:00
Jakub Jelen
9163ba11f1
openssh-7.2p2-1 + 0.10.2-3
2016-03-10 13:36:41 +01:00
Jakub Jelen
0bdae3b8df
openssh-7.2p1-1 + 0.10.2-2
2016-03-03 17:59:53 +01:00
Jakub Jelen
e762f7265e
Restore slogin symlinks
2016-03-03 17:48:20 +01:00
Jakub Jelen
13073f8d9c
openssh-7.2p1-1 ( #1312870 )
2016-02-29 15:01:33 +01:00
Jakub Jelen
46445f1c7a
openssh-7.1p2-4 + 0.10.2-1
2016-02-25 10:38:09 +01:00
Jakub Jelen
44fc97266b
Audit race condition resolved ( #1308295 )
2016-02-25 10:37:22 +01:00
Jakub Jelen
700da17374
Remove hard glob limit since the CVE introducing this one is unrelated.
2016-02-24 09:51:43 +01:00
Fedora Release Engineering
b2b837ad97
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-04 11:34:23 +00:00
Jakub Jelen
8ddd3edcd8
openssh-7.1p2-3 + 0.10.2-1
2016-01-30 01:18:26 +01:00
Jakub Jelen
6c2eb5e22d
openssh-7.1p2-2 + 0.10.2-1
2016-01-26 09:00:28 +01:00
Jakub Jelen
38c7737421
Remove defattr from spec file
...
Mailing list thread:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/KEO7AX3JXR2TY6OVL4M7HDISZ6YIJNKU/
2016-01-26 09:00:28 +01:00
Jakub Jelen
733cea720e
CVE-2016-1908: Prevent possible fallback from untrusted to trusted X11 forwarding
...
Upstream commits:
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f
2016-01-26 09:00:23 +01:00
Jakub Jelen
87ab5fc4af
Reabse to latest release of pam_ssh_agent_auth with preserving current functionality
...
* Rebase to latest upstream version
* Clean up older patches for pam_ssh_agent_auth
* Remove prefixes from upstream release so we can build it against current
openssh library
* Remove copied files and headers so we make sure we build against current openssh
2016-01-25 13:32:42 +01:00
Jakub Jelen
7bc64374b0
openssh-7.1p2-1 + 0.9.2-9
2016-01-14 16:11:06 +01:00
Jakub Jelen
b2191db92e
openssh-7.1p1-7 + 0.9.2-8
2016-01-12 13:15:33 +01:00
Jakub Jelen
06b1d5330a
Make ssh-keysign world readable ( #1296724 )
2016-01-08 13:22:09 +01:00
Jakub Jelen
f26cd8d6ee
Update ssh-agent permissions ( #1296724 )
...
* It is no longer required to have ssh-agent with suid bit, because
the ptrace attach is prevented using PR_SET_DUMPABLE 0 [1]
[1] https://anongit.mindrot.org/openssh.git/commit/?id=6c4914afccb0c188a2c412d12dfb1b73e362e07e
2016-01-08 11:27:02 +01:00
Jakub Jelen
7c5d0a686c
Make sure the semantics of %global macro stays the same as before a0e252571b
2016-01-08 09:15:52 +01:00
Jakub Jelen
a0e252571b
Change %define to %global according to packaging guidelines
...
Based on discussion started on fedora-devel:
https://lists.fedoraproject.org/archives/list/devel%40lists.fedoraproject.org/thread/AS35NKZSAWRIKY77IUYOVNFAT6AJQVAU/
2016-01-04 10:41:27 +01:00
Jakub Jelen
c45d147a86
openssh-7.1p1-6 + 0.9.2-8
2015-12-18 14:36:00 +01:00
Jakub Jelen
f6bd29aaca
Preserve IUTF8 tty mode flag over ssh connections ( #1270248 )
2015-12-18 14:36:00 +01:00
Jakub Jelen
86f52d4e69
Rebase downstream patches of ssh-copy-id into one from upstream
...
Source:
http://git.hands.com/ssh-copy-id
2015-12-16 15:40:10 +01:00
Jakub Jelen
d9d9575f00
GSSAPI Key Exchange documentation improvements
...
from Debian patches:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765655
2015-12-10 15:37:52 +01:00
Jakub Jelen
ef86a312db
openssh-7.1p1-5 + 0.9.2-8
2015-11-04 10:18:50 +01:00
Jakub Jelen
fa54d5472d
openssh-7.1p1-4 + 0.9.2-8
2015-10-22 14:55:07 +02:00
Jakub Jelen
a80c277795
openssh-7.1p1-3 + 0.9.2-8
2015-09-25 14:10:39 +02:00
Jakub Jelen
812f08d95e
Provide full RELRO and PIE form askpass helper ( #1264036 )
2015-09-24 15:57:11 +02:00
Jakub Jelen
98262158d8
openssh-7.1p1-2 + 0.9.2-8
2015-09-09 14:29:31 +02:00
Jakub Jelen
757fec581b
openssh-7.1p1-1 + 0.9.3-8
2015-08-22 22:22:48 +02:00
Jakub Jelen
ccd186847a
Add corresponding options for ssh1 configure
2015-08-22 22:22:48 +02:00
Jakub Jelen
c98f559725
HostKeyAlgorithms option on server is broken when using + sign
2015-08-22 22:22:48 +02:00
Jakub Jelen
ebdae84225
openssh-7.0p1-2 + 0.9.3-7
2015-08-19 13:49:45 +02:00
Jakub Jelen
18e54994fa
Fix typo in version string
2015-08-19 13:47:28 +02:00
Jakub Jelen
4df30a2a72
Possibility to validate legacy systems by more fingerprints ( #1249626 )
2015-08-19 13:43:36 +02:00
Jakub Jelen
bc4ef0f373
Add GSSAPIKexAlgorithms option for server and client application
2015-08-19 13:18:07 +02:00
Jakub Jelen
3f55133c24
openssh-7.0p1-1 + 6.9.3-7
...
New upstream release (#1252639 )
- allow root login in default config
Security: Use-after-free bug related to PAM support (#1252853 )
Security: Privilege separation weakness related to PAM support (#1252854 )
Security: Incorrectly set TTYs to be world-writable (#1252862 )
2015-08-13 17:44:41 +02:00
Jakub Jelen
2939c322fa
Create openssh-clients-ssh1 subpackage with tools for protocol SSHv1
2015-08-13 17:44:41 +02:00
Jakub Jelen
1d50678457
Remove obsolete triggerruns for migration to systemd
...
- overlapping versions are not supported by current rpm
2015-07-28 13:08:55 +02:00
Jakub Jelen
6286d6a8e6
6.9p1-4 + 0.9.3-6
2015-07-28 11:24:35 +02:00
Jakub Jelen
67938e0c00
Handle terminal control characters in scp progressmeter ( #1247204 )
2015-07-28 11:23:51 +02:00
Jakub Jelen
83bfb1fce5
6.9p1-3 + 0.9.3-6
2015-07-23 11:12:19 +02:00
Jakub Jelen
c6d2eca7de
only query each keyboard-interactive device once ( #1245971 )
...
Upstream commit
https://anongit.mindrot.org/openssh.git/commit/?id=5b64f85bb811246c59ebab70aed331f26ba37b18
2015-07-23 11:06:12 +02:00
Jakub Jelen
ca62b6133e
6.9p1-2 + 0.9.3-6
2015-07-15 09:44:37 +02:00
Jakub Jelen
a4d9cd5694
Patch name, formating
2015-07-08 12:24:34 +02:00
Jakub Jelen
58ba50440e
Allow building seccomp filters also for s390(x) architectures ( #1195065 )
2015-07-02 17:10:58 +02:00
Jakub Jelen
187a349ee6
6.9p1-1 + 0.9.3-6
2015-07-01 15:51:20 +02:00
Jakub Jelen
5de6c89ff2
Correctly revert "PermitRootLogin no" option from upstream sources
2015-07-01 15:51:20 +02:00
Jakub Jelen
535d341e70
rebase to new upstream release 6.9
2015-07-01 15:51:01 +02:00
Jakub Jelen
f3002bfb7b
6.8p1-9 + 0.9.3-5
2015-06-24 10:49:08 +02:00
Dennis Gilmore
b59dd83265
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-18 00:06:18 +00:00
Jakub Jelen
5aa47ae6f4
6.8p1-8 + 0.9.3-5
2015-06-08 09:06:12 +02:00
Jakub Jelen
f049b3b1ad
6.8p1-7 + 0.9.3-5
2015-06-03 07:54:20 +02:00
Jakub Jelen
8a10dcb363
6.8p1-6 + 0.9.3-5
2015-05-28 14:02:26 +02:00
Jakub Jelen
09ca6ef2e6
Provide LDIF version of LPK schema
2015-05-28 13:51:58 +02:00
Jakub Jelen
0a076e7e9e
Add missing Banner in sshd -T output
2015-05-28 13:39:34 +02:00
Jakub Jelen
8244d5a508
Fix upstream memory problems
2015-05-27 16:16:41 +02:00
Jakub Jelen
637556d934
Resolve problem with pam_ssh_agent_auth after rebase ( #1225106 )
...
* authfd internals changed in upstream commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622
* Reintroduced missing structure AuthenticationConnection
* inspired by ssh-add.c
2015-05-27 15:08:37 +02:00
Jakub Jelen
3e3570ad64
ssh-copy-id: tcsh doesnt work with multiline strings so we will make it uggly one-line
2015-05-27 12:05:49 +02:00
Jakub Jelen
775e1b20e6
6.8p1-5 + 0.9.3-5
2015-04-20 17:28:43 +02:00
Jakub Jelen
c5163162d3
6.8p1-4 + 0.9.3-5
2015-04-02 17:51:58 +02:00
Jakub Jelen
c028ac51a4
6.8p1-3 + 0.9.3-5
2015-03-31 17:24:34 +02:00
Jakub Jelen
23bc31b25a
Remove krb5-config workaround for #1203900
2015-03-30 11:48:11 +02:00
Jakub Jelen
e5b15a7419
6.8p1-2 + 0.9.3-5
2015-03-26 14:20:31 +01:00
Jakub Jelen
07756a2278
Fix reintroduced upstrem bug #1878
2015-03-26 14:20:31 +01:00
Jakub Jelen
12cf3e4d35
Update audit patch after rebase with more sanity checks
2015-03-26 14:20:31 +01:00
Jakub Jelen
aa8fb3e1cc
rebuild 6.8p1-1.1 + 0.9.3-5
2015-03-24 11:04:38 +01:00
Jakub Jelen
1330ede7ff
rebuild 6.8p1-1.1 + 0.9.3-5
2015-03-24 11:00:15 +01:00
Jakub Jelen
e3688f35e1
release 6.8p1-1 + 0.9.3-5
2015-03-24 10:40:21 +01:00
Jakub Jelen
d276698802
Workaround krb5-config bug ( #1204646 )
2015-03-24 10:39:01 +01:00
Jakub Jelen
132f8f8686
6.8p1-1 + 0.9.3-5
2015-03-23 16:05:49 +01:00
Jakub Jelen
7b82d087e1
6.7p1-11 + 0.9.3-4
2015-03-12 11:46:33 +01:00
Jakub Jelen
c31740f8ea
Fix tmpfiles to be more consistent with other config files in package ( #1196807 )
2015-03-12 11:45:59 +01:00
Jakub Jelen
558fb7b2f4
Add sftp option to force mode of created files
2015-03-11 18:09:06 +01:00
Jakub Jelen
7aa6321a86
6.7p1-10 + 0.9.3-4
2015-03-02 08:23:32 +01:00
Jakub Jelen
766438b1d5
Add tmpfiles.d entries ( #1196807 )
2015-03-02 08:23:31 +01:00
Jakub Jelen
c8b4078a3f
6.7p1-9 + 0.9.3-4
2015-02-27 18:44:47 +01:00
Jakub Jelen
cbda6f57fb
Solve issue with ssh-copy-id and keys without trailing newline ( #1093168 )
2015-02-25 10:46:29 +01:00
Jakub Jelen
5f3c83fd09
6.7p1-8 + 0.9.3-4
2015-02-24 10:10:07 +01:00
Marcin Juszkiewicz
6656486e18
Add AArch64 support for seccomp_filter sandbox ( #1195065 )
2015-02-24 09:17:43 +01:00
Jakub Jelen
e0f867b153
6.7p1-7 + 0.9.3-4
2015-02-23 12:43:25 +01:00
Jakub Jelen
c13a4b7170
6.7p1-6 + 0.9.3-4
2015-02-23 12:18:07 +01:00
Jakub Jelen
d5a8001387
Fix seccomp filter for ix68 ( #1194401 ), fix previous commit
2015-02-23 12:17:30 +01:00
Peter Robinson
b9846a816d
fix if statement
2015-02-22 17:36:25 +00:00
Peter Robinson
74e740c136
Only use seccomp for sandboxing on supported platforms
2015-02-22 17:28:16 +00:00
Jakub Jelen
c6945293fd
6.7p1-4 + 0.9.3-4
2015-02-20 15:06:26 +01:00
Jakub Jelen
77f453b74d
cleanup working directory, spec file and unused patches after rebase
2015-02-20 15:06:17 +01:00
Jakub Jelen
08cb909f5d
Move cavs tests into subpackage -cavs ( #1194320 )
2015-02-20 13:24:42 +01:00
Jakub Jelen
2f556360f6
6.7p1-3 + 0.9.3-4
2015-02-18 16:11:48 +01:00
Jakub Jelen
6df422d544
Fix ssh-copy-id on non-sh shells ( #1045191 )
2015-02-18 16:01:39 +01:00
Jakub Jelen
bb3e880c01
Add SSH KDF CAVS test driver for future FIPS validation ( #1193045 )
2015-02-18 15:48:10 +01:00
Jakub Jelen
14c675f3a5
Use global hardening specification instead of hardening made by openssh.
...
Openssh uses by default -fPIE flag, which didn't allow to build
pam_ssh_agent_auth.so with from libssh.a.
Validated using /CoreOS/openssh/Regression/bz642927-add-relro-flag
2015-02-18 10:34:40 +01:00
Jakub Jelen
0a4ac4f4d3
Enable seccomp sandboxing after resolving problems with audit patch ( #1062953 )
2015-02-11 14:08:42 +01:00
Jakub Jelen
b552eb6714
Make output of sshd -T more consistent, using upstream patch ( #1187521 )
2015-02-03 14:17:05 +01:00
Jakub Jelen
580f986839
Update coverity patch after rebase to 6.7
2015-02-03 14:09:51 +01:00
Jakub Jelen
6c6416dc9d
6.7p1-2 + 0.9.3-4
2015-01-27 14:10:18 +01:00
Jakub Jelen
021326a6ae
Fix audit patch after rebase to 6.7
2015-01-27 12:07:13 +01:00