Commit Graph

924 Commits

Author SHA1 Message Date
Jakub Jelen
c2a9e41702 Recommend crypto policies also for a server 2018-02-19 12:10:48 +01:00
Jakub Jelen
07c951f665 Require gcc
https://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot
2018-02-19 12:10:48 +01:00
Igor Gnatenko
a6b5c2c42d
Remove %clean section
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 08:27:35 +01:00
Igor Gnatenko
5f6f10859d Remove BuildRoot definition
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-13 23:58:21 +01:00
Fedora Release Engineering
13efdb1d7f - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-08 17:49:28 +00:00
Jakub Jelen
6a6c2bc3ab We need systemd-devel for sdnotify() 2018-02-01 16:30:07 +01:00
Jakub Jelen
0780f33c5f removal of systemd-units and conforming to packaging guidelines
Per announcement on fedora-devel:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/LLG4T53FW2BGVZLGLKNYTKPD5SQNBZ2Y/
2018-01-27 10:57:06 +01:00
Jakub Jelen
bb4b7b77fc openssh-7.6p1-6 + 0.10.3-3 2018-01-26 16:26:50 +01:00
Florian Weimer
f61eaad2bd Rebuild to work around gcc bug leading to sshd miscompilation (#1538648) 2018-01-25 16:48:03 +01:00
Jakub Jelen
c45ece5fe8 Do not audit partial auth failures 2018-01-22 12:58:09 +01:00
Jakub Jelen
6996c6f503 Do not audit passsword authentication, if handled by PAM
and avoid auditing none auth method (not acually a method)
2018-01-22 12:58:09 +01:00
Jakub Jelen
9b05c6d476 USER_AUTH: Remove bogus rport, add required grantors 2018-01-22 12:58:09 +01:00
Jakub Jelen
667e6f013f Do not audit final success (#1534577) 2018-01-22 12:58:09 +01:00
Jakub Jelen
57349a88a8 Use correct audit event for pubkey auth 2018-01-22 12:58:09 +01:00
Björn Esser
427beb2f9e
Rebuilt for switch to libxcrypt 2018-01-20 23:07:25 +01:00
Jakub Jelen
b1ec43ef50 Add missing header to make it build (related to #1534577) 2018-01-19 10:46:01 +01:00
Jakub Jelen
0f4b4ccdea Audit correctly the res= after upstream refactoring 2018-01-19 10:18:51 +01:00
Jakub Jelen
38b67ad605 Avoid undefined TRUE/FALSE in ldap patch to build in rawhide 2018-01-17 10:50:05 +01:00
Jakub Jelen
4d97279349 openssh-7.6p1-5 + 0.10.3-3 2018-01-17 10:13:18 +01:00
Jakub Jelen
f284c5eb83 Do not attempt to pass hostnames to audit (inconsistency) (#1534577) 2018-01-17 10:10:28 +01:00
Jakub Jelen
32dc9bd1cd Drop unused function from audit 2018-01-16 16:24:27 +01:00
Jakub Jelen
316553ade0 Remove TCP wrappers support (#1530163) 2018-01-16 15:06:23 +01:00
Jakub Jelen
871dc3ed3e openssh-7.6p1-4 + 0.10.3-3 2017-12-14 10:23:37 +01:00
Jakub Jelen
17cd512319 Whitelist gettid() syscall for systemd (cleanup procedure?) 2017-12-12 14:19:35 +01:00
Jakub Jelen
1f2a7f3926 openssh-7.6p1-3 + 0.10.3-3 2017-12-11 11:54:38 +01:00
Jakub Jelen
fde6b96b35 Avoid gcc warnings about uninitialized variables 2017-12-11 11:53:10 +01:00
Jakub Jelen
217da75d53 Do not segfault for repetitive cipher_free() from audit (#1524233) 2017-12-11 11:53:03 +01:00
Jakub Jelen
eef660e534 7.6p1-2 + 0.10.3-3 2017-11-22 08:57:03 +01:00
Jakub Jelen
e3f4c1243d Do not build all the binaries against libldap 2017-11-15 10:17:46 +01:00
Jakub Jelen
2087929a90 Do not segfault for ECC keys in PKCS#11 2017-11-15 10:17:46 +01:00
Jakub Jelen
a464c88ee6 forgotten sources 2017-11-07 16:49:23 +01:00
Jakub Jelen
8fc2fee4e4 7.6p1-1 + 0.10.3-3 2017-11-07 14:58:44 +01:00
Jakub Jelen
cdc735a59b Make sure we audit properly from the new code 2017-11-07 14:58:44 +01:00
Jakub Jelen
e0e7ed914b Address issues of another PR#48 review 2017-11-07 14:58:44 +01:00
Jakub Jelen
c08aa4b8b1 Fix after-release bug in PermitOpen (posted on ML) 2017-11-07 14:58:44 +01:00
Jakub Jelen
5b55d0951d rebase patches to openssh-7.6p1 and make it build 2017-11-07 14:58:44 +01:00
Jakub Jelen
9e46aafab9 openssh-7.5p1-6 + 0.10.3-2 2017-10-19 16:09:53 +02:00
Jakub Jelen
ed0b5e5a9f Remove pam_reauthorize, not needed by cockpit anymore (#1492313) 2017-10-19 16:09:53 +02:00
Jakub Jelen
e044c5cf76 Enforce pam_sepermit for all logins (#1492313) 2017-10-19 16:09:53 +02:00
Jakub Jelen
72514f7644 Add newer gssapi kex methods, but leave them disabled out of the box yet 2017-10-19 16:09:53 +02:00
Jakub Jelen
8bcc21ed64 Add enablement for openssl-ibmca and openssl-ibmpkcs11 (#1477636) 2017-10-19 16:09:53 +02:00
Jakub Jelen
8c9e97e65a Do not export KRBCCNAME if the default path is used (#1199363) 2017-10-19 16:09:53 +02:00
Mike Gahagan
ce1afcf244 initial commit of tests from upstreamfirst project 2017-09-29 12:58:09 -04:00
Jakub Jelen
ef66c0c677 openssh-7.5p1-5 + 0.10.3-2 2017-08-14 09:45:09 +02:00
Jakub Jelen
0ce6c7b710 Another approach for crypto policies (#1479271) 2017-08-14 09:42:02 +02:00
Jakub Jelen
970a418151 Do not talk about SSHv1 in Summary 2017-08-09 16:10:33 +02:00
Jakub Jelen
6a05936971 Revert "server crypto policy"
This reverts commit 1d8ffcfe05.
2017-08-09 14:58:13 +02:00
Jakub Jelen
fffad0579c openssh-7.5p1-4 + 0.10.3-2 2017-08-02 15:46:58 +02:00
Jakub Jelen
722f82b9ab Remove openssh-clients-ssh1 subpackage (#1474942) 2017-08-02 15:46:58 +02:00
Jakub Jelen
1d8ffcfe05 Preprocess the configuration files to include crypto policies.
* The services are using ExecPre to start sshd-pre script
 * The sshd-pre script substitutes token in standard configuration file and writes a new on in /run
 * The services are using a file in /run as a sshd_config
2017-08-02 15:46:57 +02:00