Petr Lautrbach
5160c9c8f3
rebase audit patch for 6.6.1p1
2014-07-08 17:42:18 +02:00
Stef Walter
26621fa3b8
Add pam_reauthorize.so to sshd.pam ( #1115977 )
2014-07-08 12:46:52 +02:00
Petr Lautrbach
86f29c353e
bring back openssh-5.5p1-x11.patch
2014-07-03 16:42:56 +02:00
Petr Lautrbach
5fcfcac428
drop openssh-5.8p2-remove-stale-control-socket.patch
2014-07-03 16:23:00 +02:00
Petr Lautrbach
8b5feef2c8
bring back the openssh-5.8p2-sigpipe.patch
2014-07-03 16:14:38 +02:00
Dennis Gilmore
d1b0938acc
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-07 12:01:42 -05:00
Petr Lautrbach
7463b66c25
add missing patches and remove unused patches
2014-06-04 10:26:58 +02:00
Petr Lautrbach
3e1dd6c5fd
add forgotten openssh-6.6p1-gsskex.patch
2014-06-04 10:17:31 +02:00
Petr Lautrbach
5cde9cd3f2
6.6.1p1-1 + 0.9.3-2
2014-06-03 17:52:36 +02:00
Petr Lautrbach
d1c2eb285e
slightly change systemd units logic - use sshd-keygen.service ( #1066615 )
2014-06-03 17:47:56 +02:00
Petr Lautrbach
fb6f390a78
drop openssh-server-sysvinit subpackage
2014-06-03 17:42:49 +02:00
Petr Lautrbach
4253bf87ac
add support for ED25519 keys to sshd-keygen and sshd.sysconfig
2014-06-03 17:41:32 +02:00
Petr Lautrbach
44fb3c6aeb
OpenSSH 6.5 and 6.6 sometimes encode a value used in the
...
curve25519 key exchange incorrectly, causing connection failures
about 0.2% of the time when this method is used against a peer that
implements the method properly.
Fix the problem and disable the curve25519 KEX when speaking to
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
to enable the compatability code.
openssh-6.6.1p1
2014-06-03 17:18:36 +02:00
Petr Lautrbach
94c6f8ddcc
rebase to openssh-6.6p1
2014-06-03 16:51:07 +02:00
Petr Lautrbach
d75575229f
6.4p1-4 + 0.9.3-1
2014-05-15 10:37:16 +02:00
Petr Lautrbach
8f8619e1e6
ignore environment variables with embedded '=' or '\0' characters ( #1077843 )
...
CVE-2014-2532
2014-05-15 10:24:04 +02:00
Petr Lautrbach
d271e02296
prevent a server from skipping SSHFP lookup ( #1081338 )
...
CVE-2014-2653
2014-05-15 10:23:46 +02:00
Petr Lautrbach
9a031d2641
try CLOCK_BOOTTIME with fallback ( #1091992 )
2014-05-14 17:30:43 +02:00
Petr Lautrbach
f3b39bb6cb
don't clean up gssapi credentials by default ( #1055016 )
2014-02-26 17:08:07 +01:00
Petr Lautrbach
f9f83a00b5
make /etc/ssh/moduli file public ( #1043661 )
2014-02-26 15:54:02 +01:00
Petr Lautrbach
c3c35d5f25
fix ssh-copy-id ( #1058792 )
2014-02-26 14:53:23 +01:00
Petr Lautrbach
e2813b36f4
log fipscheck verification message into syslog authpriv
2014-02-26 14:52:42 +01:00
Petr Lautrbach
9060bbe156
sshd-keygen.service - don't check dsa key, use ecdsa instead
2014-02-19 13:58:34 +01:00
Petr Lautrbach
96df3b5ecb
use tty allocation for a remote scp
2014-01-23 18:30:39 +01:00
Petr Lautrbach
b898cbf5e1
Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set
2014-01-23 18:30:03 +01:00
Petr Lautrbach
084bc6fca5
FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A
2014-01-23 18:29:02 +01:00
Petr Lautrbach
222dd2e358
6.4p1-3 + 0.9.3-1
2013-12-11 14:32:11 +01:00
Petr Lautrbach
2b2955a332
use only rsa and ecdsa host keys by default
2013-12-11 14:28:49 +01:00
Petr Lautrbach
545aa0d026
sshd-keygen - create an ecdsa host key with 640 permissions ( #1023945 )
2013-12-09 11:14:59 +01:00
Petr Lautrbach
89d920b074
6.4p1-2 + 0.9.3-1
2013-11-26 15:28:39 +01:00
Petr Lautrbach
82d2beb4d4
fix fatal() cleanup in the audit patch ( #1029074 )
2013-11-26 13:22:08 +01:00
Petr Lautrbach
36a09e37e8
fix parsing logic of ldap.conf file ( #1033662 )
2013-11-26 11:10:04 +01:00
Petr Lautrbach
8f439b3006
minor change in HOWTO.ssh-keycat - s/AuthorizedKeysCommandRunAs/AuthorizedKeysCommandUser/
2013-11-25 15:40:42 +01:00
Petr Lautrbach
09e9ef3d7c
6.4p1-1 + 0.9.3-1
2013-11-08 14:04:33 +01:00
Petr Lautrbach
27189b85ef
rebase audit patch for openssh-6.4p1
2013-11-08 13:33:51 +01:00
Petr Lautrbach
3ed6191f56
6.3p1-5 + 0.9.3-7
2013-11-01 17:07:27 +01:00
Petr Lautrbach
5795323a53
don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> ( #1024965 )
2013-11-01 17:06:02 +01:00
Petr Lautrbach
3834483295
adjust gss kex mechanism to the upstream changes ( #1024004 )
2013-10-31 11:30:12 +01:00
Petr Lautrbach
7feb965804
6.3p1-4 + 0.9.3-6
2013-10-25 15:46:49 +02:00
Petr Lautrbach
2add7a8ff5
rebuild with openssl-1.0.1e-29.fc20 to enable ECC support
2013-10-25 15:19:26 +02:00
Petr Lautrbach
f0aa6e5f51
rebuild with openssl-1.0.1e-29.fc20 to enable ECC support
2013-10-25 14:46:48 +02:00
Petr Lautrbach
a5e23f2861
6.3p1-3 + 0.9.3-6
2013-10-24 16:45:21 +02:00
Petr Lautrbach
265df55bb8
don't use SSH_FP_MD5 for fingerprints in FIPS mode
2013-10-24 16:41:18 +02:00
Petr Lautrbach
ff7a26b109
6.3p1-2 + 0.9.3-6
2013-10-23 23:14:38 +02:00
Petr Lautrbach
1462de5deb
sshd-keygen to generate ECDSA keys <i.grok@comcast.net> ( #1019222 )
2013-10-23 22:51:32 +02:00
Petr Lautrbach
1f36406833
Increase the size of the Diffie-Hellman groups requested for a each
...
symmetric key size. New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
djm@. (#1010607 )
2013-10-23 22:41:53 +02:00
Petr Lautrbach
d088f94bd9
use default_ccache_name from /etc/krb5.conf for a kerberos cache ( #991186 )
2013-10-23 22:08:19 +02:00
Petr Lautrbach
99076b0f8b
cleanup GSSAPI code
2013-10-23 21:56:25 +02:00
Petr Lautrbach
e40d5d19d9
added Obsoletes: *fips
2013-10-15 17:55:40 +02:00
Petr Lautrbach
9723b77ff6
bring pam_ssh_agent_auth-0.9.3.tar.bz2 back to sources
2013-10-14 17:46:04 +02:00