Commit Graph

603 Commits

Author SHA1 Message Date
Petr Lautrbach
44fb3c6aeb OpenSSH 6.5 and 6.6 sometimes encode a value used in the
curve25519 key exchange incorrectly, causing connection failures
about 0.2% of the time when this method is used against a peer that
implements the method properly.

Fix the problem and disable the curve25519 KEX when speaking to
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
to enable the compatability code.

openssh-6.6.1p1
2014-06-03 17:18:36 +02:00
Petr Lautrbach
94c6f8ddcc rebase to openssh-6.6p1 2014-06-03 16:51:07 +02:00
Petr Lautrbach
d75575229f 6.4p1-4 + 0.9.3-1 2014-05-15 10:37:16 +02:00
Petr Lautrbach
8f8619e1e6 ignore environment variables with embedded '=' or '\0' characters (#1077843)
CVE-2014-2532
2014-05-15 10:24:04 +02:00
Petr Lautrbach
d271e02296 prevent a server from skipping SSHFP lookup (#1081338)
CVE-2014-2653
2014-05-15 10:23:46 +02:00
Petr Lautrbach
9a031d2641 try CLOCK_BOOTTIME with fallback (#1091992) 2014-05-14 17:30:43 +02:00
Petr Lautrbach
f3b39bb6cb don't clean up gssapi credentials by default (#1055016) 2014-02-26 17:08:07 +01:00
Petr Lautrbach
f9f83a00b5 make /etc/ssh/moduli file public (#1043661) 2014-02-26 15:54:02 +01:00
Petr Lautrbach
c3c35d5f25 fix ssh-copy-id (#1058792) 2014-02-26 14:53:23 +01:00
Petr Lautrbach
e2813b36f4 log fipscheck verification message into syslog authpriv 2014-02-26 14:52:42 +01:00
Petr Lautrbach
9060bbe156 sshd-keygen.service - don't check dsa key, use ecdsa instead 2014-02-19 13:58:34 +01:00
Petr Lautrbach
96df3b5ecb use tty allocation for a remote scp 2014-01-23 18:30:39 +01:00
Petr Lautrbach
b898cbf5e1 Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set 2014-01-23 18:30:03 +01:00
Petr Lautrbach
084bc6fca5 FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A 2014-01-23 18:29:02 +01:00
Petr Lautrbach
222dd2e358 6.4p1-3 + 0.9.3-1 2013-12-11 14:32:11 +01:00
Petr Lautrbach
2b2955a332 use only rsa and ecdsa host keys by default 2013-12-11 14:28:49 +01:00
Petr Lautrbach
545aa0d026 sshd-keygen - create an ecdsa host key with 640 permissions (#1023945) 2013-12-09 11:14:59 +01:00
Petr Lautrbach
89d920b074 6.4p1-2 + 0.9.3-1 2013-11-26 15:28:39 +01:00
Petr Lautrbach
82d2beb4d4 fix fatal() cleanup in the audit patch (#1029074) 2013-11-26 13:22:08 +01:00
Petr Lautrbach
36a09e37e8 fix parsing logic of ldap.conf file (#1033662) 2013-11-26 11:10:04 +01:00
Petr Lautrbach
8f439b3006 minor change in HOWTO.ssh-keycat - s/AuthorizedKeysCommandRunAs/AuthorizedKeysCommandUser/ 2013-11-25 15:40:42 +01:00
Petr Lautrbach
09e9ef3d7c 6.4p1-1 + 0.9.3-1 2013-11-08 14:04:33 +01:00
Petr Lautrbach
27189b85ef rebase audit patch for openssh-6.4p1 2013-11-08 13:33:51 +01:00
Petr Lautrbach
3ed6191f56 6.3p1-5 + 0.9.3-7 2013-11-01 17:07:27 +01:00
Petr Lautrbach
5795323a53 don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> (#1024965) 2013-11-01 17:06:02 +01:00
Petr Lautrbach
3834483295 adjust gss kex mechanism to the upstream changes (#1024004) 2013-10-31 11:30:12 +01:00
Petr Lautrbach
7feb965804 6.3p1-4 + 0.9.3-6 2013-10-25 15:46:49 +02:00
Petr Lautrbach
2add7a8ff5 rebuild with openssl-1.0.1e-29.fc20 to enable ECC support 2013-10-25 15:19:26 +02:00
Petr Lautrbach
f0aa6e5f51 rebuild with openssl-1.0.1e-29.fc20 to enable ECC support 2013-10-25 14:46:48 +02:00
Petr Lautrbach
a5e23f2861 6.3p1-3 + 0.9.3-6 2013-10-24 16:45:21 +02:00
Petr Lautrbach
265df55bb8 don't use SSH_FP_MD5 for fingerprints in FIPS mode 2013-10-24 16:41:18 +02:00
Petr Lautrbach
ff7a26b109 6.3p1-2 + 0.9.3-6 2013-10-23 23:14:38 +02:00
Petr Lautrbach
1462de5deb sshd-keygen to generate ECDSA keys <i.grok@comcast.net> (#1019222) 2013-10-23 22:51:32 +02:00
Petr Lautrbach
1f36406833 Increase the size of the Diffie-Hellman groups requested for a each
symmetric key size.  New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419.  Pointed out by Peter Backes, ok
djm@. (#1010607)
2013-10-23 22:41:53 +02:00
Petr Lautrbach
d088f94bd9 use default_ccache_name from /etc/krb5.conf for a kerberos cache (#991186) 2013-10-23 22:08:19 +02:00
Petr Lautrbach
99076b0f8b cleanup GSSAPI code 2013-10-23 21:56:25 +02:00
Petr Lautrbach
e40d5d19d9 added Obsoletes: *fips 2013-10-15 17:55:40 +02:00
Petr Lautrbach
9723b77ff6 bring pam_ssh_agent_auth-0.9.3.tar.bz2 back to sources 2013-10-14 17:46:04 +02:00
Petr Lautrbach
bf9d268c1b upload openssh-6.3p1.tar.gz to cache 2013-10-14 17:38:33 +02:00
Petr Lautrbach
c67d841973 upload openssh-6.3p1.tar.gz to cache 2013-10-14 17:34:32 +02:00
Petr Lautrbach
a92e916970 6.3p1-1 + 0.9.3-6 2013-10-14 15:55:03 +02:00
Petr Lautrbach
84822b5dec rebase for openssh-6.3p1, remove unused patches (#1007769) 2013-10-14 15:54:41 +02:00
Petr Lautrbach
c33ef551ca 6.2p2-9 + 0.9.3-5 2013-10-08 17:28:16 +02:00
Petr Lautrbach
f12afd6496 use dracut-fips file /etc/system-fips to determine if a FIPS module is installed 2013-10-08 17:24:54 +02:00
Petr Lautrbach
2ae5f9ff89 Revert "add -fips subpackages that contains the FIPS module files"
This reverts commit 227f4f7628.
2013-10-08 17:13:39 +02:00
Petr Lautrbach
d4d8299c30 Revert "add missing Requires: openssl-fips in -fips subpackages"
This reverts commit a19397fdd2.

Conflicts:
	openssh.spec
2013-10-08 17:06:14 +02:00
Petr Lautrbach
b61d9c10d3 Revert "use hmac_suffix for ssh{,d} hmac checksums"
This reverts commit c6724c72f4.
2013-10-08 17:04:53 +02:00
Petr Lautrbach
47b1c9e6a4 Revert "adjust openssh-6.2p1-vendor.patch after previous commit"
This reverts commit 4936e20991.
2013-10-08 17:04:51 +02:00
Petr Lautrbach
0cc0054215 Revert "use {?dist} tag in suffixes for hmac checksum files"
This reverts commit 15244ec178.
2013-10-08 17:04:40 +02:00
Petr Lautrbach
f344f8490c 6.2p2-8 + 0.9.3-5 2013-09-25 14:13:01 +02:00