Commit Graph

892 Commits

Author SHA1 Message Date
Jakub Jelen
6a6c2bc3ab We need systemd-devel for sdnotify() 2018-02-01 16:30:07 +01:00
Jakub Jelen
0780f33c5f removal of systemd-units and conforming to packaging guidelines
Per announcement on fedora-devel:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/LLG4T53FW2BGVZLGLKNYTKPD5SQNBZ2Y/
2018-01-27 10:57:06 +01:00
Jakub Jelen
bb4b7b77fc openssh-7.6p1-6 + 0.10.3-3 2018-01-26 16:26:50 +01:00
Florian Weimer
f61eaad2bd Rebuild to work around gcc bug leading to sshd miscompilation (#1538648) 2018-01-25 16:48:03 +01:00
Björn Esser
427beb2f9e
Rebuilt for switch to libxcrypt 2018-01-20 23:07:25 +01:00
Jakub Jelen
38b67ad605 Avoid undefined TRUE/FALSE in ldap patch to build in rawhide 2018-01-17 10:50:05 +01:00
Jakub Jelen
4d97279349 openssh-7.6p1-5 + 0.10.3-3 2018-01-17 10:13:18 +01:00
Jakub Jelen
316553ade0 Remove TCP wrappers support (#1530163) 2018-01-16 15:06:23 +01:00
Jakub Jelen
871dc3ed3e openssh-7.6p1-4 + 0.10.3-3 2017-12-14 10:23:37 +01:00
Jakub Jelen
1f2a7f3926 openssh-7.6p1-3 + 0.10.3-3 2017-12-11 11:54:38 +01:00
Jakub Jelen
eef660e534 7.6p1-2 + 0.10.3-3 2017-11-22 08:57:03 +01:00
Jakub Jelen
8fc2fee4e4 7.6p1-1 + 0.10.3-3 2017-11-07 14:58:44 +01:00
Jakub Jelen
c08aa4b8b1 Fix after-release bug in PermitOpen (posted on ML) 2017-11-07 14:58:44 +01:00
Jakub Jelen
5b55d0951d rebase patches to openssh-7.6p1 and make it build 2017-11-07 14:58:44 +01:00
Jakub Jelen
9e46aafab9 openssh-7.5p1-6 + 0.10.3-2 2017-10-19 16:09:53 +02:00
Jakub Jelen
72514f7644 Add newer gssapi kex methods, but leave them disabled out of the box yet 2017-10-19 16:09:53 +02:00
Jakub Jelen
8c9e97e65a Do not export KRBCCNAME if the default path is used (#1199363) 2017-10-19 16:09:53 +02:00
Jakub Jelen
ef66c0c677 openssh-7.5p1-5 + 0.10.3-2 2017-08-14 09:45:09 +02:00
Jakub Jelen
970a418151 Do not talk about SSHv1 in Summary 2017-08-09 16:10:33 +02:00
Jakub Jelen
6a05936971 Revert "server crypto policy"
This reverts commit 1d8ffcfe05.
2017-08-09 14:58:13 +02:00
Jakub Jelen
fffad0579c openssh-7.5p1-4 + 0.10.3-2 2017-08-02 15:46:58 +02:00
Jakub Jelen
722f82b9ab Remove openssh-clients-ssh1 subpackage (#1474942) 2017-08-02 15:46:58 +02:00
Jakub Jelen
1d8ffcfe05 Preprocess the configuration files to include crypto policies.
* The services are using ExecPre to start sshd-pre script
 * The sshd-pre script substitutes token in standard configuration file and writes a new on in /run
 * The services are using a file in /run as a sshd_config
2017-08-02 15:46:57 +02:00
Fedora Release Engineering
be108c2c82 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 01:53:26 +00:00
Petr Písař
64a3610c1f perl dependency renamed to perl-interpreter <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules> 2017-07-12 14:20:53 +02:00
Jakub Jelen
2ea24bb006 openssh-7.5p1-2 + 0.10.3-2 2017-06-30 12:44:10 +02:00
Jakub Jelen
204765aba1 openssh-7.5p1-2 + 0.10.3-2 2017-03-23 14:48:09 +01:00
Jakub Jelen
c2f63ba00b Revert the chroot magic 2017-03-23 14:47:27 +01:00
Jakub Jelen
fb74d1ec96 Add missing header on s390 (#1434341) 2017-03-22 14:35:55 +01:00
Jakub Jelen
09320cf61a Fix typo in sandbox code, that got out after release
http://lists.mindrot.org/pipermail/openssh-unix-dev/2017-March/035879.html
2017-03-21 10:12:44 +01:00
Jakub Jelen
17b491b307 openssh-7.5p1-1 + 0.10.3-2 2017-03-20 16:00:16 +01:00
Jakub Jelen
7b666e5764 openssh-7.4p1-4 + 0.10.3-1 2017-03-03 15:53:31 +01:00
Jakub Jelen
ab7f9474c7 openssh-7.4p1-3 + 0.10.3-1 2017-02-22 14:56:00 +01:00
Jakub Jelen
b92d3c8ae0 Reference upstream bug 2017-02-22 14:56:00 +01:00
Jakub Jelen
4e7cdec7ef Add systemd stuff to keep track of service 2017-02-22 14:56:00 +01:00
Jakub Jelen
140ef5a0f5 Properly report errors from included files (#1408558) 2017-02-22 14:56:00 +01:00
Jakub Jelen
a97eeb671c ppc architecture is gone for years 2017-02-22 14:56:00 +01:00
Jakub Jelen
465b6e6b82 Check seteuid return values in all cases 2017-02-22 14:56:00 +01:00
Jakub Jelen
bdb932c46a new pam_ssh_agent_auth-0.10.3 release 2017-02-22 14:55:59 +01:00
Jakub Jelen
26cec0607f openssh-7.4p1-2 + 0.10.2-5 2017-02-06 09:47:28 +01:00
Jakub Jelen
b19926d292 openssh-7.4p1-1 + 0.10.2-5 2017-01-03 14:31:29 +01:00
Jakub Jelen
58f79a27c3 Whitelist /usr/lib64/ for PKCS#11 modules 2017-01-03 14:31:29 +01:00
Jakub Jelen
6cf9b8e61b rebase to openssh-7.4p1-1
* Drop unaccepted (unapplying) coverity patches
 * Drop server support for SSH1 (server)
 * Workaround #2641 for systemd
 * UseLogin is gone
 * Drop upstream commit 28652bca
 * Tighten seccomp filter (cache credentials before entering sandbox) (#1395288)
2017-01-03 14:31:20 +01:00
Jakub Jelen
d8c2e8dc88 openssh-7.3p1-7 + 0.10.2-4 2016-12-08 14:13:32 +01:00
Jakub Jelen
162941961a Move MAX_DISPLAYS to a configuration option 2016-12-08 14:13:32 +01:00
Jakub Jelen
7bccf7e6e0 openssh-7.3p1-6 + 0.10.2-4 2016-11-16 11:07:41 +01:00
Jakub Jelen
ccf623128a Fix changelog 2016-11-07 09:33:43 +01:00
Jakub Jelen
2a8bce34e4 openssh-7.3p1-5 + 0.10.2-4 2016-10-27 18:26:25 +02:00
Jakub Jelen
aacf0d429a OpenSSL 1.1.0 compat 2016-10-27 17:19:17 +02:00
Jakub Jelen
c9d9fe9b0f Recommend crypto-policies for a client package 2016-10-11 10:29:50 +02:00
Jakub Jelen
d924bc6892 openssh-7.3p1-4 + 0.10.2-4 2016-09-29 14:14:19 +02:00
Jakub Jelen
ae831ab305 Fix NULL derefence (#1380297)
https://anongit.mindrot.org/openssh.git/patch/?id=28652bca29046f62c7045e933e6b931de1d16737
2016-09-29 11:15:13 +02:00
Jakub Jelen
739842b137 Make the code build without SELinux and without Audit 2016-09-15 16:36:04 +02:00
Jakub Jelen
0a605f4d31 openssh-7.3p1-3 + 0.10.2-4 2016-08-15 12:20:15 +02:00
Jakub Jelen
38d533a5e1 Proper content of the included configuration files 2016-08-15 12:18:50 +02:00
Jakub Jelen
73953d29f1 openssh-7.3p1-2 + 0.10.2-4 2016-08-09 10:32:01 +02:00
Jakub Jelen
88f3a752ae openssh-7.3p1-1. + 0.10.2-4 2016-08-09 08:24:35 +02:00
Jakub Jelen
90ffc35e29 Correct permissions on the ssh_config directory (#1365270) 2016-08-09 08:23:44 +02:00
Jakub Jelen
a711d3c82f openssh-7.3p1-1 + 0.10.2-4 2016-08-04 13:57:21 +02:00
Jakub Jelen
6454089e75 Create include directory with example content (redhat modifications) 2016-08-04 13:57:21 +02:00
Jakub Jelen
6da7f4d0ed Drop SCP progressmeter patch because of reworked UTF-8 API (tracked upstream #2434) 2016-08-04 13:57:02 +02:00
Jakub Jelen
70c2ac20bd CVE-2016-6210 is fixed upstream 2016-08-04 10:59:59 +02:00
Jakub Jelen
13a7aaf5e3 CVE-2015-8325 and certificate regression are fixed upstream 2016-08-04 10:59:59 +02:00
Jakub Jelen
38e1dfa80d Upstream bug #2477 applied 2016-08-04 10:59:59 +02:00
Jakub Jelen
4bd77fcccc seccomp for secondary architecures patch already upstream (#2590) 2016-08-04 10:59:59 +02:00
Jakub Jelen
05bc93847e Bug #2281 resolved upstream 2016-08-04 10:59:59 +02:00
Jakub Jelen
178ce15f5a UTF-8 banners resolved by upstream bug #2058 2016-08-04 10:59:59 +02:00
Jakub Jelen
14320ca590 The upstream bug #2257 is fixed 2016-08-04 10:59:59 +02:00
Jakub Jelen
82bfd19e51 openssh-7.2p2-11 + 0.10.2-3 2016-07-26 15:41:29 +02:00
Jakub Jelen
6a7dd92929 Remove legacy sshd-keygen (#1359762)
Revert "Add legacy sshd-keygen for anaconda (#1331077)"

This reverts commit 0b5300a59c.
2016-07-26 15:41:29 +02:00
Jakub Jelen
793bc4b1cc Remove slogin symlinks (#1359762)
Revert "Restore slogin symlinks"

This reverts commit e762f7265e.
2016-07-26 15:41:29 +02:00
Jakub Jelen
b4df5ebb8d Rework SELinux context handling with chroot using libcap-ng (#1357860) 2016-07-26 15:40:30 +02:00
Jakub Jelen
9dc741314f openssh-7.2p2-10 + 0.10.2-3 2016-07-18 13:55:58 +02:00
Jakub Jelen
1057900209 Prevent user enumeration via timing channel (CVE-2016-6210) 2016-07-18 13:30:52 +02:00
Jakub Jelen
209c7a8aea Expose more information to PAM 2016-07-18 13:30:51 +02:00
Jakub Jelen
9864973c69 Make closefrom() ignore softlinks to the /dev/ devices on s390 2016-07-18 12:26:15 +02:00
Jakub Jelen
a49441fa52 openssh-7.2p2-9 + 0.10.2-3 2016-07-01 09:07:18 +02:00
Jakub Jelen
5a67d51d0f openssh-7.2p2-8 + 0.10.2-3 2016-06-24 12:07:22 +02:00
Jakub Jelen
186bf3858e UseLogin yes is not supported in Fedora 2016-06-24 12:07:22 +02:00
Petr Písař
ad928ac7d1 Mandatory Perl build-requires added <https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl> 2016-06-24 10:03:17 +02:00
Jakub Jelen
ba8f38935c openssh-7.2p2-7 2016-06-06 16:39:35 +02:00
Jakub Jelen
f6a096caf2 Build seccomp filter on ppc64(le) architecture (#1195065) 2016-06-06 16:39:35 +02:00
Jakub Jelen
1144aef1d1 Comments for patches, merge ssh_config from localdomain to redhat patch (ssh_config related) 2016-06-06 16:39:17 +02:00
Jakub Jelen
f2868287aa rebase x11 patch to clean up coverity patch 2016-06-03 10:44:32 +02:00
Jakub Jelen
ea9421342e Coverity: dereference in pam_ssh_agent_auth
Upstream: https://sourceforge.net/p/pamsshagentauth/bugs/22/
2016-06-03 09:49:44 +02:00
Jakub Jelen
d78d347c11 Check for real location of .k5login file (#1328243) 2016-06-03 09:29:58 +02:00
Jakub Jelen
8dd0608e77 Regression in certificate-based authentication (#1333498) 2016-05-06 09:25:20 +02:00
Jakub Jelen
991b66246f openssh-7.2p2-6 + 0.10.2-3 2016-04-29 13:57:45 +02:00
Jakub Jelen
0b5300a59c Add legacy sshd-keygen for anaconda (#1331077) 2016-04-29 13:41:38 +02:00
Jakub Jelen
1380564732 openssh-7.2p2-5 + 0.10.2-3 2016-04-22 14:52:57 +02:00
Jakub Jelen
cf4e3a1844 Fix for CVE-2015-8325 (#1328013) 2016-04-18 12:39:11 +02:00
Jakub Jelen
58d2868dfe openssh-7.2p2-4 + 0.10.2-3 2016-04-15 17:56:43 +02:00
Jakub Jelen
5489ace8dc Add sshd-keygen.target to abstract key creation from sshd.service and sshd@.service (#1325535)
* PartOf  is needed to trigger  sshd-keygen  checks for  sshd.service  restarts
 * sshd-keygen.target  makes a level of abstraction to eliminate dupplicate
   dependencies on both  sshd  and  sshd@  services
2016-04-15 17:05:32 +02:00
Jakub Jelen
461b3af818 Remove unused sshd init script 2016-04-15 17:04:59 +02:00
Jakub Jelen
32a74888d5 openssh-7.2p2-3 + 0.10.2-3 2016-04-13 13:44:58 +02:00
Jakub Jelen
00c7b75439 Make sshd-keygen comply with packaging guidelines (#1325535) 2016-04-13 13:42:12 +02:00
Jakub Jelen
f7e56a52db openssh-7.2p2-2 + 0.10.2-3 2016-04-06 13:01:29 +02:00
Jakub Jelen
9163ba11f1 openssh-7.2p2-1 + 0.10.2-3 2016-03-10 13:36:41 +01:00
Jakub Jelen
0bdae3b8df openssh-7.2p1-1 + 0.10.2-2 2016-03-03 17:59:53 +01:00
Jakub Jelen
e762f7265e Restore slogin symlinks 2016-03-03 17:48:20 +01:00
Jakub Jelen
13073f8d9c openssh-7.2p1-1 (#1312870) 2016-02-29 15:01:33 +01:00
Jakub Jelen
46445f1c7a openssh-7.1p2-4 + 0.10.2-1 2016-02-25 10:38:09 +01:00
Jakub Jelen
44fc97266b Audit race condition resolved (#1308295) 2016-02-25 10:37:22 +01:00
Jakub Jelen
700da17374 Remove hard glob limit since the CVE introducing this one is unrelated. 2016-02-24 09:51:43 +01:00
Fedora Release Engineering
b2b837ad97 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 11:34:23 +00:00
Jakub Jelen
8ddd3edcd8 openssh-7.1p2-3 + 0.10.2-1 2016-01-30 01:18:26 +01:00
Jakub Jelen
6c2eb5e22d openssh-7.1p2-2 + 0.10.2-1 2016-01-26 09:00:28 +01:00
Jakub Jelen
38c7737421 Remove defattr from spec file
Mailing list thread:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/KEO7AX3JXR2TY6OVL4M7HDISZ6YIJNKU/
2016-01-26 09:00:28 +01:00
Jakub Jelen
733cea720e CVE-2016-1908: Prevent possible fallback from untrusted to trusted X11 forwarding
Upstream commits:
  https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
  https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f
2016-01-26 09:00:23 +01:00
Jakub Jelen
87ab5fc4af Reabse to latest release of pam_ssh_agent_auth with preserving current functionality
* Rebase to latest upstream version
 * Clean up older patches for pam_ssh_agent_auth
 * Remove prefixes from upstream release so we can build it against current
   openssh library
 * Remove copied files and headers so we make sure we build against current openssh
2016-01-25 13:32:42 +01:00
Jakub Jelen
7bc64374b0 openssh-7.1p2-1 + 0.9.2-9 2016-01-14 16:11:06 +01:00
Jakub Jelen
b2191db92e openssh-7.1p1-7 + 0.9.2-8 2016-01-12 13:15:33 +01:00
Jakub Jelen
06b1d5330a Make ssh-keysign world readable (#1296724) 2016-01-08 13:22:09 +01:00
Jakub Jelen
f26cd8d6ee Update ssh-agent permissions (#1296724)
* It is no longer required to have ssh-agent with suid bit, because
  the ptrace attach is prevented using PR_SET_DUMPABLE 0 [1]

[1] https://anongit.mindrot.org/openssh.git/commit/?id=6c4914afccb0c188a2c412d12dfb1b73e362e07e
2016-01-08 11:27:02 +01:00
Jakub Jelen
7c5d0a686c Make sure the semantics of %global macro stays the same as before a0e252571b 2016-01-08 09:15:52 +01:00
Jakub Jelen
a0e252571b Change %define to %global according to packaging guidelines
Based on discussion started on fedora-devel:
https://lists.fedoraproject.org/archives/list/devel%40lists.fedoraproject.org/thread/AS35NKZSAWRIKY77IUYOVNFAT6AJQVAU/
2016-01-04 10:41:27 +01:00
Jakub Jelen
c45d147a86 openssh-7.1p1-6 + 0.9.2-8 2015-12-18 14:36:00 +01:00
Jakub Jelen
f6bd29aaca Preserve IUTF8 tty mode flag over ssh connections (#1270248) 2015-12-18 14:36:00 +01:00
Jakub Jelen
86f52d4e69 Rebase downstream patches of ssh-copy-id into one from upstream
Source:
http://git.hands.com/ssh-copy-id
2015-12-16 15:40:10 +01:00
Jakub Jelen
d9d9575f00 GSSAPI Key Exchange documentation improvements
from Debian patches:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765655
2015-12-10 15:37:52 +01:00
Jakub Jelen
ef86a312db openssh-7.1p1-5 + 0.9.2-8 2015-11-04 10:18:50 +01:00
Jakub Jelen
fa54d5472d openssh-7.1p1-4 + 0.9.2-8 2015-10-22 14:55:07 +02:00
Jakub Jelen
a80c277795 openssh-7.1p1-3 + 0.9.2-8 2015-09-25 14:10:39 +02:00
Jakub Jelen
812f08d95e Provide full RELRO and PIE form askpass helper (#1264036) 2015-09-24 15:57:11 +02:00
Jakub Jelen
98262158d8 openssh-7.1p1-2 + 0.9.2-8 2015-09-09 14:29:31 +02:00
Jakub Jelen
757fec581b openssh-7.1p1-1 + 0.9.3-8 2015-08-22 22:22:48 +02:00
Jakub Jelen
ccd186847a Add corresponding options for ssh1 configure 2015-08-22 22:22:48 +02:00
Jakub Jelen
c98f559725 HostKeyAlgorithms option on server is broken when using + sign 2015-08-22 22:22:48 +02:00
Jakub Jelen
ebdae84225 openssh-7.0p1-2 + 0.9.3-7 2015-08-19 13:49:45 +02:00
Jakub Jelen
18e54994fa Fix typo in version string 2015-08-19 13:47:28 +02:00
Jakub Jelen
4df30a2a72 Possibility to validate legacy systems by more fingerprints (#1249626) 2015-08-19 13:43:36 +02:00
Jakub Jelen
bc4ef0f373 Add GSSAPIKexAlgorithms option for server and client application 2015-08-19 13:18:07 +02:00
Jakub Jelen
3f55133c24 openssh-7.0p1-1 + 6.9.3-7
New upstream release (#1252639)
                - allow root login in default config
        Security: Use-after-free bug related to PAM support (#1252853)
        Security: Privilege separation weakness related to PAM support (#1252854)
        Security: Incorrectly set TTYs to be world-writable (#1252862)
2015-08-13 17:44:41 +02:00
Jakub Jelen
2939c322fa Create openssh-clients-ssh1 subpackage with tools for protocol SSHv1 2015-08-13 17:44:41 +02:00
Jakub Jelen
1d50678457 Remove obsolete triggerruns for migration to systemd
- overlapping versions are not supported by current rpm
2015-07-28 13:08:55 +02:00
Jakub Jelen
6286d6a8e6 6.9p1-4 + 0.9.3-6 2015-07-28 11:24:35 +02:00
Jakub Jelen
67938e0c00 Handle terminal control characters in scp progressmeter (#1247204) 2015-07-28 11:23:51 +02:00
Jakub Jelen
83bfb1fce5 6.9p1-3 + 0.9.3-6 2015-07-23 11:12:19 +02:00
Jakub Jelen
c6d2eca7de only query each keyboard-interactive device once (#1245971)
Upstream commit
https://anongit.mindrot.org/openssh.git/commit/?id=5b64f85bb811246c59ebab70aed331f26ba37b18
2015-07-23 11:06:12 +02:00
Jakub Jelen
ca62b6133e 6.9p1-2 + 0.9.3-6 2015-07-15 09:44:37 +02:00
Jakub Jelen
a4d9cd5694 Patch name, formating 2015-07-08 12:24:34 +02:00
Jakub Jelen
58ba50440e Allow building seccomp filters also for s390(x) architectures (#1195065) 2015-07-02 17:10:58 +02:00
Jakub Jelen
187a349ee6 6.9p1-1 + 0.9.3-6 2015-07-01 15:51:20 +02:00
Jakub Jelen
5de6c89ff2 Correctly revert "PermitRootLogin no" option from upstream sources 2015-07-01 15:51:20 +02:00
Jakub Jelen
535d341e70 rebase to new upstream release 6.9 2015-07-01 15:51:01 +02:00
Jakub Jelen
f3002bfb7b 6.8p1-9 + 0.9.3-5 2015-06-24 10:49:08 +02:00
Dennis Gilmore
b59dd83265 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-18 00:06:18 +00:00
Jakub Jelen
5aa47ae6f4 6.8p1-8 + 0.9.3-5 2015-06-08 09:06:12 +02:00
Jakub Jelen
f049b3b1ad 6.8p1-7 + 0.9.3-5 2015-06-03 07:54:20 +02:00
Jakub Jelen
8a10dcb363 6.8p1-6 + 0.9.3-5 2015-05-28 14:02:26 +02:00
Jakub Jelen
09ca6ef2e6 Provide LDIF version of LPK schema 2015-05-28 13:51:58 +02:00
Jakub Jelen
0a076e7e9e Add missing Banner in sshd -T output 2015-05-28 13:39:34 +02:00
Jakub Jelen
8244d5a508 Fix upstream memory problems 2015-05-27 16:16:41 +02:00
Jakub Jelen
637556d934 Resolve problem with pam_ssh_agent_auth after rebase (#1225106)
* authfd internals changed in upstream commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622
 * Reintroduced missing structure AuthenticationConnection
 * inspired by ssh-add.c
2015-05-27 15:08:37 +02:00
Jakub Jelen
3e3570ad64 ssh-copy-id: tcsh doesnt work with multiline strings so we will make it uggly one-line 2015-05-27 12:05:49 +02:00
Jakub Jelen
775e1b20e6 6.8p1-5 + 0.9.3-5 2015-04-20 17:28:43 +02:00
Jakub Jelen
c5163162d3 6.8p1-4 + 0.9.3-5 2015-04-02 17:51:58 +02:00
Jakub Jelen
c028ac51a4 6.8p1-3 + 0.9.3-5 2015-03-31 17:24:34 +02:00
Jakub Jelen
23bc31b25a Remove krb5-config workaround for #1203900 2015-03-30 11:48:11 +02:00
Jakub Jelen
e5b15a7419 6.8p1-2 + 0.9.3-5 2015-03-26 14:20:31 +01:00
Jakub Jelen
07756a2278 Fix reintroduced upstrem bug #1878 2015-03-26 14:20:31 +01:00
Jakub Jelen
12cf3e4d35 Update audit patch after rebase with more sanity checks 2015-03-26 14:20:31 +01:00
Jakub Jelen
aa8fb3e1cc rebuild 6.8p1-1.1 + 0.9.3-5 2015-03-24 11:04:38 +01:00
Jakub Jelen
1330ede7ff rebuild 6.8p1-1.1 + 0.9.3-5 2015-03-24 11:00:15 +01:00
Jakub Jelen
e3688f35e1 release 6.8p1-1 + 0.9.3-5 2015-03-24 10:40:21 +01:00
Jakub Jelen
d276698802 Workaround krb5-config bug (#1204646) 2015-03-24 10:39:01 +01:00
Jakub Jelen
132f8f8686 6.8p1-1 + 0.9.3-5 2015-03-23 16:05:49 +01:00
Jakub Jelen
7b82d087e1 6.7p1-11 + 0.9.3-4 2015-03-12 11:46:33 +01:00
Jakub Jelen
c31740f8ea Fix tmpfiles to be more consistent with other config files in package (#1196807) 2015-03-12 11:45:59 +01:00
Jakub Jelen
558fb7b2f4 Add sftp option to force mode of created files 2015-03-11 18:09:06 +01:00
Jakub Jelen
7aa6321a86 6.7p1-10 + 0.9.3-4 2015-03-02 08:23:32 +01:00
Jakub Jelen
766438b1d5 Add tmpfiles.d entries (#1196807) 2015-03-02 08:23:31 +01:00
Jakub Jelen
c8b4078a3f 6.7p1-9 + 0.9.3-4 2015-02-27 18:44:47 +01:00
Jakub Jelen
cbda6f57fb Solve issue with ssh-copy-id and keys without trailing newline (#1093168) 2015-02-25 10:46:29 +01:00
Jakub Jelen
5f3c83fd09 6.7p1-8 + 0.9.3-4 2015-02-24 10:10:07 +01:00
Marcin Juszkiewicz
6656486e18 Add AArch64 support for seccomp_filter sandbox (#1195065) 2015-02-24 09:17:43 +01:00
Jakub Jelen
e0f867b153 6.7p1-7 + 0.9.3-4 2015-02-23 12:43:25 +01:00
Jakub Jelen
c13a4b7170 6.7p1-6 + 0.9.3-4 2015-02-23 12:18:07 +01:00
Jakub Jelen
d5a8001387 Fix seccomp filter for ix68 (#1194401), fix previous commit 2015-02-23 12:17:30 +01:00
Peter Robinson
b9846a816d fix if statement 2015-02-22 17:36:25 +00:00
Peter Robinson
74e740c136 Only use seccomp for sandboxing on supported platforms 2015-02-22 17:28:16 +00:00
Jakub Jelen
c6945293fd 6.7p1-4 + 0.9.3-4 2015-02-20 15:06:26 +01:00
Jakub Jelen
77f453b74d cleanup working directory, spec file and unused patches after rebase 2015-02-20 15:06:17 +01:00
Jakub Jelen
08cb909f5d Move cavs tests into subpackage -cavs (#1194320) 2015-02-20 13:24:42 +01:00
Jakub Jelen
2f556360f6 6.7p1-3 + 0.9.3-4 2015-02-18 16:11:48 +01:00
Jakub Jelen
6df422d544 Fix ssh-copy-id on non-sh shells (#1045191) 2015-02-18 16:01:39 +01:00
Jakub Jelen
bb3e880c01 Add SSH KDF CAVS test driver for future FIPS validation (#1193045) 2015-02-18 15:48:10 +01:00
Jakub Jelen
14c675f3a5 Use global hardening specification instead of hardening made by openssh.
Openssh uses by default -fPIE flag, which didn't allow to build
pam_ssh_agent_auth.so with from libssh.a.
Validated using /CoreOS/openssh/Regression/bz642927-add-relro-flag
2015-02-18 10:34:40 +01:00
Jakub Jelen
0a4ac4f4d3 Enable seccomp sandboxing after resolving problems with audit patch (#1062953) 2015-02-11 14:08:42 +01:00
Jakub Jelen
b552eb6714 Make output of sshd -T more consistent, using upstream patch (#1187521) 2015-02-03 14:17:05 +01:00
Jakub Jelen
580f986839 Update coverity patch after rebase to 6.7 2015-02-03 14:09:51 +01:00
Jakub Jelen
6c6416dc9d 6.7p1-2 + 0.9.3-4 2015-01-27 14:10:18 +01:00
Jakub Jelen
021326a6ae Fix audit patch after rebase to 6.7 2015-01-27 12:07:13 +01:00
Petr Lautrbach
9b4e25cce0 temporarily disable audit patch causing segmentation faults 2015-01-20 17:08:25 +01:00
Petr Lautrbach
f29c8784c6 restore tcp wrappers support, based on Debian patch
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
2015-01-20 17:06:46 +01:00
Petr Lautrbach
1900351913 6.7p1-1 + 0.9.3-4 2015-01-20 13:21:45 +01:00
Petr Lautrbach
b457c98bec use upstream FigerPrintHash for fingerprint - 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 2015-01-19 15:26:56 +01:00
Jakub Jelen
3ffcb799b3 Fix changelog entry 2015-01-15 15:03:12 +01:00
Jakub Jelen
2109ab67c2 6.6.1p1-11 + 0.9.3-3 2015-01-14 17:15:02 +01:00
Petr Lautrbach
140e5ca05d add new option GSSAPIEnablek5users and disable using ~/.k5users by default
CVE-2014-9278 (#1170745)
2015-01-14 17:10:40 +01:00
Jakub Jelen
9080a85b54 Update vendor-patchlevel string 2015-01-14 16:55:27 +01:00
Jakub Jelen
b9d68e7db4 Fix config parser for ip:port values (#1130733) 2015-01-14 16:48:32 +01:00
Jakub Jelen
fd06d69c6a Fix confusing error message in scp (#1142223) 2015-01-14 16:46:23 +01:00
Petr Lautrbach
62986c5e87 6.6.1p1-10 + 0.9.3-3 2014-12-19 10:24:59 +01:00
Petr Lautrbach
7a7b8f0984 log via monitor in chroots without /dev/log 2014-12-19 10:14:36 +01:00
Petr Lautrbach
720cf82ef2 record pfs= field in CRYPTO_SESSION audit event 2014-12-15 18:59:39 +01:00
Petr Lautrbach
276c16ce71 6.6.1p1-9 + 0.9.3-3 2014-12-03 18:18:19 +01:00
Petr Lautrbach
56a647f5e3 the .local domain example should be in ssh_config, not in sshd_config 2014-12-03 18:15:25 +01:00
Petr Lautrbach
08fe9e8e47 use different values for DH for Cisco servers (#1026430) 2014-12-03 17:10:47 +01:00
Petr Lautrbach
823364a11e 6.6.1p1-8 + 0.9.3-3 2014-11-13 22:21:52 +01:00
Petr Lautrbach
44f0ac8d08 fix several coverity issues Resolves: rhbz#1139794 2014-11-13 22:16:51 +01:00
Petr Lautrbach
a1e1ac2bfc 6.6.1p1-7 + 0.9.3-3 2014-11-07 12:53:03 +01:00
Petr Lautrbach
3b7c8620a1 6.6.1p1-6 + 0.9.3-3 2014-11-04 19:09:42 +01:00
Petr Lautrbach
5296a797aa privsep_preauth: use SELinux context from selinux-policy (#1008580) 2014-11-04 19:06:14 +01:00
Petr Lautrbach
0f0e055d6a Ignore SIGXFSZ in postauth monitor
https://bugzilla.mindrot.org/show_bug.cgi?id=2263
2014-09-29 08:37:05 +02:00
Petr Lautrbach
4b24967a9c fix parsing of empty arguments in sshd_conf
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
2014-09-25 11:45:47 +02:00
Petr Lautrbach
afde9f8153 6.6.1p1-5 + 0.9.3-3 2014-09-08 10:35:57 +02:00
Petr Lautrbach
ce2d80b4e7 don't consider a partial success as a failure 2014-09-04 16:33:25 +02:00
Petr Lautrbach
163064841f apply RFC3454 stringprep to banners when possible
https://bugzilla.mindrot.org/show_bug.cgi?id=2058
2014-09-04 16:12:11 +02:00
Petr Lautrbach
0a3f4e122d set a client's address right after a connection is set
http://bugzilla.mindrot.org/show_bug.cgi?id=2257
2014-09-02 10:49:31 +02:00
Peter Robinson
662c5a05b3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 14:08:07 +00:00
Tom Callaway
e336e33a32 fix license handling 2014-07-18 19:28:30 -04:00
Petr Lautrbach
8ff21c966a 6.6.1p1-3 + 0.9.3-2 2014-07-18 08:38:51 +02:00
Petr Lautrbach
817071dc4d standardise on NI_MAXHOST for gethostname() string lengths (#1051490) 2014-07-17 14:28:16 +02:00
Petr Lautrbach
cef0d582b6 6.6.1p1-2 + 0.9.3-2 2014-07-14 12:35:16 +02:00
Petr Lautrbach
d8b90ac6f8 minor spec file cleanup 2014-07-09 21:40:06 +02:00
Petr Lautrbach
8028159313 fix and rebase fips patch to 6.6.1p1 2014-07-09 21:16:53 +02:00
Petr Lautrbach
5160c9c8f3 rebase audit patch for 6.6.1p1 2014-07-08 17:42:18 +02:00
Petr Lautrbach
86f29c353e bring back openssh-5.5p1-x11.patch 2014-07-03 16:42:56 +02:00
Petr Lautrbach
5fcfcac428 drop openssh-5.8p2-remove-stale-control-socket.patch 2014-07-03 16:23:00 +02:00
Petr Lautrbach
8b5feef2c8 bring back the openssh-5.8p2-sigpipe.patch 2014-07-03 16:14:38 +02:00
Dennis Gilmore
d1b0938acc - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 12:01:42 -05:00
Petr Lautrbach
5cde9cd3f2 6.6.1p1-1 + 0.9.3-2 2014-06-03 17:52:36 +02:00
Petr Lautrbach
fb6f390a78 drop openssh-server-sysvinit subpackage 2014-06-03 17:42:49 +02:00
Petr Lautrbach
44fb3c6aeb OpenSSH 6.5 and 6.6 sometimes encode a value used in the
curve25519 key exchange incorrectly, causing connection failures
about 0.2% of the time when this method is used against a peer that
implements the method properly.

Fix the problem and disable the curve25519 KEX when speaking to
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
to enable the compatability code.

openssh-6.6.1p1
2014-06-03 17:18:36 +02:00
Petr Lautrbach
94c6f8ddcc rebase to openssh-6.6p1 2014-06-03 16:51:07 +02:00
Petr Lautrbach
d75575229f 6.4p1-4 + 0.9.3-1 2014-05-15 10:37:16 +02:00
Petr Lautrbach
8f8619e1e6 ignore environment variables with embedded '=' or '\0' characters (#1077843)
CVE-2014-2532
2014-05-15 10:24:04 +02:00
Petr Lautrbach
d271e02296 prevent a server from skipping SSHFP lookup (#1081338)
CVE-2014-2653
2014-05-15 10:23:46 +02:00
Petr Lautrbach
9a031d2641 try CLOCK_BOOTTIME with fallback (#1091992) 2014-05-14 17:30:43 +02:00
Petr Lautrbach
f9f83a00b5 make /etc/ssh/moduli file public (#1043661) 2014-02-26 15:54:02 +01:00
Petr Lautrbach
96df3b5ecb use tty allocation for a remote scp 2014-01-23 18:30:39 +01:00
Petr Lautrbach
b898cbf5e1 Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set 2014-01-23 18:30:03 +01:00
Petr Lautrbach
084bc6fca5 FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A 2014-01-23 18:29:02 +01:00
Petr Lautrbach
222dd2e358 6.4p1-3 + 0.9.3-1 2013-12-11 14:32:11 +01:00
Petr Lautrbach
89d920b074 6.4p1-2 + 0.9.3-1 2013-11-26 15:28:39 +01:00
Petr Lautrbach
09e9ef3d7c 6.4p1-1 + 0.9.3-1 2013-11-08 14:04:33 +01:00
Petr Lautrbach
3ed6191f56 6.3p1-5 + 0.9.3-7 2013-11-01 17:07:27 +01:00
Petr Lautrbach
5795323a53 don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> (#1024965) 2013-11-01 17:06:02 +01:00
Petr Lautrbach
7feb965804 6.3p1-4 + 0.9.3-6 2013-10-25 15:46:49 +02:00