Jakub Jelen
e8876f1b1f
Honor GSSAPIServerIdentity for GSSAPI Key Exchange ( #1637167 )
2018-10-19 11:41:34 +02:00
Jakub Jelen
6666c19414
Do not break gssapi-kex authentication method
2018-10-19 11:41:34 +02:00
Jakub Jelen
eaa7af2e41
rebase patches to openssh-7.9p1
2018-10-19 11:41:07 +02:00
Jakub Jelen
8089081fa9
Improve the naming of the new kerberos configuration option
2018-10-19 10:19:42 +02:00
Jakub Jelen
6c9d993869
Follow the system-wide PATH settings
...
https://fedoraproject.org/wiki/Features/SbinSanity
2018-10-03 11:00:12 +02:00
Jakub Jelen
f3715e62da
auth-krb5: Avoid memory leaks and unread assignments
2018-09-25 16:34:19 +02:00
Jakub Jelen
97ee52c0a3
openssh-7.8p1-3 + 0.10.3-5
2018-09-24 15:25:57 +02:00
Jakub Jelen
8ebb9915a3
Cleanup specfile comments
2018-09-24 15:25:40 +02:00
Jakub Jelen
84d3ff9306
Do not let OpenSSH control our hardening flags
2018-09-21 17:22:35 +02:00
Jakub Jelen
e815fba204
Ignore unknown parts of PKCS#11 URI
2018-09-21 15:50:04 +02:00
Jakub Jelen
55520c5691
Fix sandbox for conditional gssapi authentication ( #1580017 )
...
Upstream:
https://bugzilla.mindrot.org/attachment.cgi?id=3168&action=diff
2018-09-21 09:50:45 +02:00
Jakub Jelen
178f3a4f56
Fix the cavs test and avoid it crashing ( #1628962 )
...
Patch from Stephan Mueller, adjusted by myselt
2018-09-14 16:53:24 +02:00
Jakub Jelen
8b9448c5ba
openssh-7.8p1-2 + 0.10.3-5
2018-08-31 13:32:02 +02:00
Jakub Jelen
dba154f20c
Unbreak gssapi rekeying ( #1624344 )
2018-08-31 13:26:44 +02:00
Jakub Jelen
90edc0cc1d
Properly allocate buffer for gsskex ( #1624323 )
2018-08-31 13:26:44 +02:00
Jakub Jelen
9409715f65
Unbreak scp between two IPv6 hosts ( #1620333 )
2018-08-31 13:26:44 +02:00
Jakub Jelen
c60b555ac2
Address issues reported by coverity
2018-08-31 13:26:44 +02:00
Jakub Jelen
4c36c2a9ee
Drop unused environment variable
2018-08-29 12:55:36 +02:00
Jakub Jelen
afaf23f6c3
Drop unused patch
2018-08-28 10:51:37 +02:00
Jakub Jelen
bbf61daf97
openssh-7.8p1-1 + 0.10.3-5
...
New upstream release including:
* Dropping entropy patch
* Remove default support for MD5 fingerprints
* Porting all the downstream patches and pam_ssh_agent_auth
to new sshbuf and sshkey API
* pam_ssh_agent_auth is no longer using MD5 fingerprints
2018-08-24 23:16:24 +02:00
Jakub Jelen
01ba761e18
7.7p1-6 + 0.10.3-4
2018-08-09 14:14:18 +02:00
Jakub Jelen
44e2032a0a
fips: Show real list of kex algoritms in FIPS
2018-08-08 10:18:27 +02:00
Jakub Jelen
951e3ca00b
Allow aes-GCM modes in FIPS
2018-08-07 18:08:08 +02:00
Jakub Jelen
baff4a61a7
fixup the coverity fix
2018-08-07 18:07:36 +02:00
Jakub Jelen
009e39709f
coverity: RESOURCE_LEAK (CWE-772)
2018-07-18 16:49:07 +02:00
Fedora Release Engineering
600d4011b5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 15:11:56 +00:00
Jakub Jelen
e1d855438b
7.7p1-5 + 0.10.3-4
2018-07-03 11:27:15 +02:00
Jakub Jelen
6c68d655b2
Disable manual reading of MOTD by default
2018-07-03 11:26:01 +02:00
Jakub Jelen
191bbb979e
Drop the unused locks
2018-06-28 09:24:57 +02:00
Jakub Jelen
62f1736470
7.7p1-4 + 0.10.3-4
2018-06-27 14:09:27 +02:00
Jakub Jelen
1176788778
Improve kerberos credential cache handling ( #1566494 )
2018-06-27 13:40:48 +02:00
Stephen Gallagher
4ef6823ff4
Add pam_motd to the PAM stack
...
This will allow Cockpit to update /etc/motd.d/cockpit with
information informing the user of the location of the admin console
on the system if it is available.
Resolves: rhbz#1591381
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2018-06-14 11:28:51 -04:00
Jakub Jelen
04ca5e7b0b
7.7p1-3 + 0.10.3-4
2018-04-16 11:15:43 +02:00
Jakub Jelen
48cef7a0b8
Opening tun devices fails + other regressions in OpenSSH v7.7 fixed upstream
2018-04-16 11:15:37 +02:00
Jakub Jelen
836590e795
7.7p1-2 + 0.10.3-4
2018-04-12 10:35:14 +02:00
Jakub Jelen
ab24bd6608
Do not break quotes parsing in configuration file ( #1566295 )
2018-04-12 10:26:26 +02:00
Jakub Jelen
b0815ca514
7.7p1-1 + 0.10.3-4
2018-04-04 16:59:45 +02:00
Jakub Jelen
af10de8f01
Update to latest version of URI patch passing the new tests + rebase to 7.7
2018-04-04 16:59:45 +02:00
Jakub Jelen
273086d13a
Need a p11-kit to allow default pkcs11 proxy
2018-04-04 16:59:45 +02:00
Jakub Jelen
42fe13ff31
Allow loading more keys from single PKCS#11 module
2018-04-04 16:58:34 +02:00
Jakub Jelen
077597136c
PKCS#11: Load public keys from ECDSA certificates
...
Submitted in upstream bugzilla
https://bugzilla.mindrot.org/show_bug.cgi?id=2474#c21
2018-04-04 16:57:59 +02:00
Jakub Jelen
aad4430f17
Print PKCS#11 URI also for ECDSA keys
2018-04-04 16:57:59 +02:00
Jakub Jelen
7e9748a2b5
PKCS#11: Support ECDSA keys and PKCS#11 URIs
...
Based on the patches in upstream bugzilla:
ECDSA:
https://bugzilla.mindrot.org/show_bug.cgi?id=2474
PKCS#11 URI:
https://bugzilla.mindrot.org/show_bug.cgi?id=2817
2018-04-04 16:56:59 +02:00
Jakub Jelen
3cd4899257
Rebase to latest OpenSSH 7.7p1 ( #1563223 )
2018-04-04 16:50:43 +02:00
Jakub Jelen
1ce235ac38
tests/pam_ssh_agent_auth: Add a new sanity test
2018-03-12 16:48:08 +01:00
Jakub Jelen
6b2140deea
tests/port-forwarding: Do not expect the nc will succeed
2018-03-12 15:54:35 +01:00
Jakub Jelen
b4cbb0fe23
tests/port-forwarding: Do not require rhts makefile
2018-03-12 15:54:35 +01:00
Jakub Jelen
830acce379
revert part of the nss removal from LDAP
2018-03-06 15:15:03 +01:00
Jakub Jelen
cbb6ca5123
openssh-7.6p1-7 + 0.10.3-3
2018-03-06 14:37:01 +01:00
Jakub Jelen
c8f1381d11
Remove bogus nss linking
2018-03-06 14:37:01 +01:00