Jakub Jelen
f22e5dcaeb
pselect6 is already in upstream seccomp filter
2016-06-24 12:07:22 +02:00
Jakub Jelen
186bf3858e
UseLogin yes is not supported in Fedora
2016-06-24 12:07:22 +02:00
Jakub Jelen
c06fe506bc
seccomp filter for MIPS ( #1195065 )
2016-06-24 12:07:22 +02:00
Petr Písař
ad928ac7d1
Mandatory Perl build-requires added < https://fedoraproject.org/wiki/Changes/Build_Root_Without_Perl >
2016-06-24 10:03:17 +02:00
Jakub Jelen
ba8f38935c
openssh-7.2p2-7
2016-06-06 16:39:35 +02:00
Jakub Jelen
f6a096caf2
Build seccomp filter on ppc64(le) architecture ( #1195065 )
2016-06-06 16:39:35 +02:00
Jakub Jelen
1144aef1d1
Comments for patches, merge ssh_config from localdomain to redhat patch (ssh_config related)
2016-06-06 16:39:17 +02:00
Jakub Jelen
84d3989ec8
Coverity -> FIPS patch
2016-06-03 12:54:03 +02:00
Jakub Jelen
31536c7ac6
Move linux_seed() header from coverity to entropy patch
2016-06-03 12:54:03 +02:00
Jakub Jelen
f2868287aa
rebase x11 patch to clean up coverity patch
2016-06-03 10:44:32 +02:00
Jakub Jelen
ea9421342e
Coverity: dereference in pam_ssh_agent_auth
...
Upstream: https://sourceforge.net/p/pamsshagentauth/bugs/22/
2016-06-03 09:49:44 +02:00
Jakub Jelen
d78d347c11
Check for real location of .k5login file ( #1328243 )
2016-06-03 09:29:58 +02:00
Jakub Jelen
8dd0608e77
Regression in certificate-based authentication ( #1333498 )
2016-05-06 09:25:20 +02:00
Jakub Jelen
991b66246f
openssh-7.2p2-6 + 0.10.2-3
2016-04-29 13:57:45 +02:00
Jakub Jelen
0b5300a59c
Add legacy sshd-keygen for anaconda ( #1331077 )
2016-04-29 13:41:38 +02:00
Jakub Jelen
1380564732
openssh-7.2p2-5 + 0.10.2-3
2016-04-22 14:52:57 +02:00
Jakub Jelen
b7de610db3
Fix typo about sshd-keygen in sysconfig ( #1325535 )
2016-04-22 14:50:30 +02:00
Jakub Jelen
cf4e3a1844
Fix for CVE-2015-8325 ( #1328013 )
2016-04-18 12:39:11 +02:00
Jakub Jelen
58d2868dfe
openssh-7.2p2-4 + 0.10.2-3
2016-04-15 17:56:43 +02:00
Jakub Jelen
5489ace8dc
Add sshd-keygen.target to abstract key creation from sshd.service and sshd@.service ( #1325535 )
...
* PartOf is needed to trigger sshd-keygen checks for sshd.service restarts
* sshd-keygen.target makes a level of abstraction to eliminate dupplicate
dependencies on both sshd and sshd@ services
2016-04-15 17:05:32 +02:00
Jakub Jelen
461b3af818
Remove unused sshd init script
2016-04-15 17:04:59 +02:00
Jakub Jelen
32a74888d5
openssh-7.2p2-3 + 0.10.2-3
2016-04-13 13:44:58 +02:00
Jakub Jelen
00c7b75439
Make sshd-keygen comply with packaging guidelines ( #1325535 )
2016-04-13 13:42:12 +02:00
Jakub Jelen
3d2c14680b
Soft-deny socket() syscall in seccomp sandbox ( #1324493 )
...
* Used for ecdh-sha2-nistp* key exchange methods in FIPS mode
2016-04-11 16:14:25 +02:00
Jakub Jelen
0509c6c977
Remove *sha1 Kex in FIPS mode ( #1324493 )
2016-04-11 13:16:52 +02:00
Jakub Jelen
117a730ded
Remove *gcm ciphers in FIPS mode ( #1324493 )
2016-04-11 13:16:44 +02:00
Jakub Jelen
f7e56a52db
openssh-7.2p2-2 + 0.10.2-3
2016-04-06 13:01:29 +02:00
Jakub Jelen
fc0cf7f8d5
Fix GSSAPI Key Exchange for older clients ( #1323622 )
...
Failed with older clients, because server was doing signature over
different data than the verifying client. It was caused by bump of
minimal DH groups offered by server and a bug in code, which was
using max(client_min, server_min) instead of client_min as proposed
by RFC4462.
2016-04-06 12:53:37 +02:00
Jakub Jelen
bda184b249
pam_ssh_agent_auth: prevent using MD5 in Fips mode
2016-03-16 09:40:35 +01:00
Jakub Jelen
53c9992786
Drop init scripts dependency from sshd-keygen ( #1317722 )
2016-03-15 09:06:10 +01:00
Jakub Jelen
9163ba11f1
openssh-7.2p2-1 + 0.10.2-3
2016-03-10 13:36:41 +01:00
Jakub Jelen
28ce052525
Audit: Cleanup for upstream proposal
...
* whitespace cleanup
* use constants instead of magic numbers
* get rid of backup_state from old API
* proper conditionalization of audit code
* remove ancient fingerprint_prefix() function
2016-03-04 17:36:08 +01:00
Jakub Jelen
0bdae3b8df
openssh-7.2p1-1 + 0.10.2-2
2016-03-03 17:59:53 +01:00
Jakub Jelen
e762f7265e
Restore slogin symlinks
2016-03-03 17:48:20 +01:00
Jakub Jelen
13bf5bef36
Forgotten rebased FIPS patch
2016-02-29 15:16:45 +01:00
Jakub Jelen
13073f8d9c
openssh-7.2p1-1 ( #1312870 )
2016-02-29 15:01:33 +01:00
Jakub Jelen
46445f1c7a
openssh-7.1p2-4 + 0.10.2-1
2016-02-25 10:38:09 +01:00
Jakub Jelen
44fc97266b
Audit race condition resolved ( #1308295 )
2016-02-25 10:37:22 +01:00
Jakub Jelen
7b15444065
Fix X11 forwarding CVE according to upstream
2016-02-24 09:51:43 +01:00
Jakub Jelen
4fdc3c59c4
Fix problem when running without privsep ( #1303910 )
2016-02-24 09:51:43 +01:00
Jakub Jelen
700da17374
Remove hard glob limit since the CVE introducing this one is unrelated.
2016-02-24 09:51:43 +01:00
Fedora Release Engineering
b2b837ad97
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-04 11:34:23 +00:00
Jakub Jelen
8ddd3edcd8
openssh-7.1p2-3 + 0.10.2-1
2016-01-30 01:18:26 +01:00
Jakub Jelen
ca79709ade
Silently disable X11 forwarding
...
Based on feedback on previous update:
https://bodhi.fedoraproject.org/updates/FEDORA-2016-47ac27532d
2016-01-30 01:18:12 +01:00
Jakub Jelen
c08255b7b1
Fix pam_ssh_agent_auth segfaults with non-accepted keys ( #1303036 )
2016-01-30 01:18:06 +01:00
Jakub Jelen
d1b43a2865
Update sshd service file to forking (as #1291172 )
2016-01-26 13:54:53 +01:00
Jakub Jelen
7adf5f4c63
Missing pam_ssh_agent_auth sources
2016-01-26 09:10:27 +01:00
Jakub Jelen
6c2eb5e22d
openssh-7.1p2-2 + 0.10.2-1
2016-01-26 09:00:28 +01:00
Jakub Jelen
38c7737421
Remove defattr from spec file
...
Mailing list thread:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/KEO7AX3JXR2TY6OVL4M7HDISZ6YIJNKU/
2016-01-26 09:00:28 +01:00
Jakub Jelen
733cea720e
CVE-2016-1908: Prevent possible fallback from untrusted to trusted X11 forwarding
...
Upstream commits:
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f
2016-01-26 09:00:23 +01:00