Jakub Jelen
bc083eb557
Adjust seccomp fiter for primary architectures and solve aarch64 issue ( #1197051 )
2015-02-27 18:22:34 +01:00
Jakub Jelen
cbda6f57fb
Solve issue with ssh-copy-id and keys without trailing newline ( #1093168 )
2015-02-25 10:46:29 +01:00
Jakub Jelen
5f3c83fd09
6.7p1-8 + 0.9.3-4
2015-02-24 10:10:07 +01:00
Marcin Juszkiewicz
6656486e18
Add AArch64 support for seccomp_filter sandbox ( #1195065 )
2015-02-24 09:17:43 +01:00
Jakub Jelen
e0f867b153
6.7p1-7 + 0.9.3-4
2015-02-23 12:43:25 +01:00
Jakub Jelen
e3a6256653
Fix build issue without getuid32
2015-02-23 12:41:59 +01:00
Jakub Jelen
c13a4b7170
6.7p1-6 + 0.9.3-4
2015-02-23 12:18:07 +01:00
Jakub Jelen
d5a8001387
Fix seccomp filter for ix68 ( #1194401 ), fix previous commit
2015-02-23 12:17:30 +01:00
Peter Robinson
b9846a816d
fix if statement
2015-02-22 17:36:25 +00:00
Peter Robinson
74e740c136
Only use seccomp for sandboxing on supported platforms
2015-02-22 17:28:16 +00:00
Jakub Jelen
c6945293fd
6.7p1-4 + 0.9.3-4
2015-02-20 15:06:26 +01:00
Jakub Jelen
77f453b74d
cleanup working directory, spec file and unused patches after rebase
2015-02-20 15:06:17 +01:00
Jakub Jelen
08cb909f5d
Move cavs tests into subpackage -cavs ( #1194320 )
2015-02-20 13:24:42 +01:00
Jakub Jelen
2f556360f6
6.7p1-3 + 0.9.3-4
2015-02-18 16:11:48 +01:00
Jakub Jelen
6df422d544
Fix ssh-copy-id on non-sh shells ( #1045191 )
2015-02-18 16:01:39 +01:00
Jakub Jelen
bb3e880c01
Add SSH KDF CAVS test driver for future FIPS validation ( #1193045 )
2015-02-18 15:48:10 +01:00
Jakub Jelen
14c675f3a5
Use global hardening specification instead of hardening made by openssh.
...
Openssh uses by default -fPIE flag, which didn't allow to build
pam_ssh_agent_auth.so with from libssh.a.
Validated using /CoreOS/openssh/Regression/bz642927-add-relro-flag
2015-02-18 10:34:40 +01:00
Jakub Jelen
0a4ac4f4d3
Enable seccomp sandboxing after resolving problems with audit patch ( #1062953 )
2015-02-11 14:08:42 +01:00
Jakub Jelen
b552eb6714
Make output of sshd -T more consistent, using upstream patch ( #1187521 )
2015-02-03 14:17:05 +01:00
Jakub Jelen
580f986839
Update coverity patch after rebase to 6.7
2015-02-03 14:09:51 +01:00
Jakub Jelen
6c6416dc9d
6.7p1-2 + 0.9.3-4
2015-01-27 14:10:18 +01:00
Jakub Jelen
021326a6ae
Fix audit patch after rebase to 6.7
2015-01-27 12:07:13 +01:00
Petr Lautrbach
9b4e25cce0
temporarily disable audit patch causing segmentation faults
2015-01-20 17:08:25 +01:00
Petr Lautrbach
f29c8784c6
restore tcp wrappers support, based on Debian patch
...
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
2015-01-20 17:06:46 +01:00
Petr Lautrbach
1900351913
6.7p1-1 + 0.9.3-4
2015-01-20 13:21:45 +01:00
Petr Lautrbach
b457c98bec
use upstream FigerPrintHash for fingerprint - 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994
2015-01-19 15:26:56 +01:00
Petr Lautrbach
98584338a4
fix direction in CRYPTO_SESSION audit message
2015-01-16 17:40:20 +01:00
Jakub Jelen
3ffcb799b3
Fix changelog entry
2015-01-15 15:03:12 +01:00
Jakub Jelen
2109ab67c2
6.6.1p1-11 + 0.9.3-3
2015-01-14 17:15:02 +01:00
Petr Lautrbach
140e5ca05d
add new option GSSAPIEnablek5users and disable using ~/.k5users by default
...
CVE-2014-9278 (#1170745 )
2015-01-14 17:10:40 +01:00
Jakub Jelen
9080a85b54
Update vendor-patchlevel string
2015-01-14 16:55:27 +01:00
Jakub Jelen
f92cd01d62
Update ldap extension to resolve #981058
2015-01-14 16:52:03 +01:00
Jakub Jelen
e581af0a84
Add missing documentation link to systemd service files (RHBZ#1181593)
2015-01-14 16:51:44 +01:00
Jakub Jelen
b9d68e7db4
Fix config parser for ip:port values ( #1130733 )
2015-01-14 16:48:32 +01:00
Jakub Jelen
fd06d69c6a
Fix confusing error message in scp ( #1142223 )
2015-01-14 16:46:23 +01:00
Petr Lautrbach
62986c5e87
6.6.1p1-10 + 0.9.3-3
2014-12-19 10:24:59 +01:00
Petr Lautrbach
7a7b8f0984
log via monitor in chroots without /dev/log
2014-12-19 10:14:36 +01:00
Petr Lautrbach
720cf82ef2
record pfs= field in CRYPTO_SESSION audit event
2014-12-15 18:59:39 +01:00
Petr Lautrbach
cf5c1140f2
increase size of AUDIT_LOG_SIZE to 256
2014-12-11 14:21:42 +01:00
Petr Lautrbach
276c16ce71
6.6.1p1-9 + 0.9.3-3
2014-12-03 18:18:19 +01:00
Petr Lautrbach
56a647f5e3
the .local domain example should be in ssh_config, not in sshd_config
2014-12-03 18:15:25 +01:00
Petr Lautrbach
08fe9e8e47
use different values for DH for Cisco servers ( #1026430 )
2014-12-03 17:10:47 +01:00
Petr Lautrbach
823364a11e
6.6.1p1-8 + 0.9.3-3
2014-11-13 22:21:52 +01:00
Petr Lautrbach
44f0ac8d08
fix several coverity issues Resolves: rhbz#1139794
2014-11-13 22:16:51 +01:00
Petr Lautrbach
57666dc3be
fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request ( #1118005 )
2014-11-12 17:35:37 +01:00
Petr Lautrbach
a1e1ac2bfc
6.6.1p1-7 + 0.9.3-3
2014-11-07 12:53:03 +01:00
Petr Lautrbach
65a6cd2d8c
correct the calculation of bytes for authctxt->krb5_ccname <ams@corefiling.com> ( #1161073 )
2014-11-07 12:52:06 +01:00
Petr Lautrbach
3b7c8620a1
6.6.1p1-6 + 0.9.3-3
2014-11-04 19:09:42 +01:00
Petr Lautrbach
5296a797aa
privsep_preauth: use SELinux context from selinux-policy ( #1008580 )
2014-11-04 19:06:14 +01:00
Petr Lautrbach
414bfae1bc
change audit trail
...
- do not use (invalid user)
- change acct for an unknown user "(unknown)"
- don't send login audit event in getpwnamallow()
2014-11-04 18:56:47 +01:00