Commit Graph

601 Commits

Author SHA1 Message Date
Petr Lautrbach
d75575229f 6.4p1-4 + 0.9.3-1 2014-05-15 10:37:16 +02:00
Petr Lautrbach
8f8619e1e6 ignore environment variables with embedded '=' or '\0' characters (#1077843)
CVE-2014-2532
2014-05-15 10:24:04 +02:00
Petr Lautrbach
d271e02296 prevent a server from skipping SSHFP lookup (#1081338)
CVE-2014-2653
2014-05-15 10:23:46 +02:00
Petr Lautrbach
9a031d2641 try CLOCK_BOOTTIME with fallback (#1091992) 2014-05-14 17:30:43 +02:00
Petr Lautrbach
f3b39bb6cb don't clean up gssapi credentials by default (#1055016) 2014-02-26 17:08:07 +01:00
Petr Lautrbach
f9f83a00b5 make /etc/ssh/moduli file public (#1043661) 2014-02-26 15:54:02 +01:00
Petr Lautrbach
c3c35d5f25 fix ssh-copy-id (#1058792) 2014-02-26 14:53:23 +01:00
Petr Lautrbach
e2813b36f4 log fipscheck verification message into syslog authpriv 2014-02-26 14:52:42 +01:00
Petr Lautrbach
9060bbe156 sshd-keygen.service - don't check dsa key, use ecdsa instead 2014-02-19 13:58:34 +01:00
Petr Lautrbach
96df3b5ecb use tty allocation for a remote scp 2014-01-23 18:30:39 +01:00
Petr Lautrbach
b898cbf5e1 Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set 2014-01-23 18:30:03 +01:00
Petr Lautrbach
084bc6fca5 FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A 2014-01-23 18:29:02 +01:00
Petr Lautrbach
222dd2e358 6.4p1-3 + 0.9.3-1 2013-12-11 14:32:11 +01:00
Petr Lautrbach
2b2955a332 use only rsa and ecdsa host keys by default 2013-12-11 14:28:49 +01:00
Petr Lautrbach
545aa0d026 sshd-keygen - create an ecdsa host key with 640 permissions (#1023945) 2013-12-09 11:14:59 +01:00
Petr Lautrbach
89d920b074 6.4p1-2 + 0.9.3-1 2013-11-26 15:28:39 +01:00
Petr Lautrbach
82d2beb4d4 fix fatal() cleanup in the audit patch (#1029074) 2013-11-26 13:22:08 +01:00
Petr Lautrbach
36a09e37e8 fix parsing logic of ldap.conf file (#1033662) 2013-11-26 11:10:04 +01:00
Petr Lautrbach
8f439b3006 minor change in HOWTO.ssh-keycat - s/AuthorizedKeysCommandRunAs/AuthorizedKeysCommandUser/ 2013-11-25 15:40:42 +01:00
Petr Lautrbach
09e9ef3d7c 6.4p1-1 + 0.9.3-1 2013-11-08 14:04:33 +01:00
Petr Lautrbach
27189b85ef rebase audit patch for openssh-6.4p1 2013-11-08 13:33:51 +01:00
Petr Lautrbach
3ed6191f56 6.3p1-5 + 0.9.3-7 2013-11-01 17:07:27 +01:00
Petr Lautrbach
5795323a53 don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> (#1024965) 2013-11-01 17:06:02 +01:00
Petr Lautrbach
3834483295 adjust gss kex mechanism to the upstream changes (#1024004) 2013-10-31 11:30:12 +01:00
Petr Lautrbach
7feb965804 6.3p1-4 + 0.9.3-6 2013-10-25 15:46:49 +02:00
Petr Lautrbach
2add7a8ff5 rebuild with openssl-1.0.1e-29.fc20 to enable ECC support 2013-10-25 15:19:26 +02:00
Petr Lautrbach
f0aa6e5f51 rebuild with openssl-1.0.1e-29.fc20 to enable ECC support 2013-10-25 14:46:48 +02:00
Petr Lautrbach
a5e23f2861 6.3p1-3 + 0.9.3-6 2013-10-24 16:45:21 +02:00
Petr Lautrbach
265df55bb8 don't use SSH_FP_MD5 for fingerprints in FIPS mode 2013-10-24 16:41:18 +02:00
Petr Lautrbach
ff7a26b109 6.3p1-2 + 0.9.3-6 2013-10-23 23:14:38 +02:00
Petr Lautrbach
1462de5deb sshd-keygen to generate ECDSA keys <i.grok@comcast.net> (#1019222) 2013-10-23 22:51:32 +02:00
Petr Lautrbach
1f36406833 Increase the size of the Diffie-Hellman groups requested for a each
symmetric key size.  New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419.  Pointed out by Peter Backes, ok
djm@. (#1010607)
2013-10-23 22:41:53 +02:00
Petr Lautrbach
d088f94bd9 use default_ccache_name from /etc/krb5.conf for a kerberos cache (#991186) 2013-10-23 22:08:19 +02:00
Petr Lautrbach
99076b0f8b cleanup GSSAPI code 2013-10-23 21:56:25 +02:00
Petr Lautrbach
e40d5d19d9 added Obsoletes: *fips 2013-10-15 17:55:40 +02:00
Petr Lautrbach
9723b77ff6 bring pam_ssh_agent_auth-0.9.3.tar.bz2 back to sources 2013-10-14 17:46:04 +02:00
Petr Lautrbach
bf9d268c1b upload openssh-6.3p1.tar.gz to cache 2013-10-14 17:38:33 +02:00
Petr Lautrbach
c67d841973 upload openssh-6.3p1.tar.gz to cache 2013-10-14 17:34:32 +02:00
Petr Lautrbach
a92e916970 6.3p1-1 + 0.9.3-6 2013-10-14 15:55:03 +02:00
Petr Lautrbach
84822b5dec rebase for openssh-6.3p1, remove unused patches (#1007769) 2013-10-14 15:54:41 +02:00
Petr Lautrbach
c33ef551ca 6.2p2-9 + 0.9.3-5 2013-10-08 17:28:16 +02:00
Petr Lautrbach
f12afd6496 use dracut-fips file /etc/system-fips to determine if a FIPS module is installed 2013-10-08 17:24:54 +02:00
Petr Lautrbach
2ae5f9ff89 Revert "add -fips subpackages that contains the FIPS module files"
This reverts commit 227f4f7628.
2013-10-08 17:13:39 +02:00
Petr Lautrbach
d4d8299c30 Revert "add missing Requires: openssl-fips in -fips subpackages"
This reverts commit a19397fdd2.

Conflicts:
	openssh.spec
2013-10-08 17:06:14 +02:00
Petr Lautrbach
b61d9c10d3 Revert "use hmac_suffix for ssh{,d} hmac checksums"
This reverts commit c6724c72f4.
2013-10-08 17:04:53 +02:00
Petr Lautrbach
47b1c9e6a4 Revert "adjust openssh-6.2p1-vendor.patch after previous commit"
This reverts commit 4936e20991.
2013-10-08 17:04:51 +02:00
Petr Lautrbach
0cc0054215 Revert "use {?dist} tag in suffixes for hmac checksum files"
This reverts commit 15244ec178.
2013-10-08 17:04:40 +02:00
Petr Lautrbach
f344f8490c 6.2p2-8 + 0.9.3-5 2013-09-25 14:13:01 +02:00
Petr Lautrbach
65d16ffe59 sshd-keygen: generate only RSA keys by default (#1010092) 2013-09-20 17:25:17 +02:00
Petr Lautrbach
15244ec178 use {?dist} tag in suffixes for hmac checksum files 2013-09-20 17:11:49 +02:00