Commit Graph

971 Commits

Author SHA1 Message Date
Jakub Jelen
b6d4dc0a6f Do not set user context too many times for root logins (#1269072) 2015-11-04 10:17:32 +01:00
Jakub Jelen
fa54d5472d openssh-7.1p1-4 + 0.9.2-8 2015-10-22 14:55:07 +02:00
Jakub Jelen
aa9a7754ed Audit implicit mac, if mac is covered in cipher (#1271694)
For example chacha20-poly1305@openssh.com is AEAD (Authenticated Encryption with Associated Data) cipher and thus there is no separate MAC when it is used.
2015-10-22 14:53:36 +02:00
Jakub Jelen
0ebe96b604 Handle root logins the same way as other users (#1269072)
root users are unconfined by definition, but they can be limited by SELinux so having privilege separation still makes sense. As a consequence we can remove hunk that handled this condition if we skipped forking.
2015-10-22 14:52:55 +02:00
Jakub Jelen
22a08c3da4 Review SELinux user context handling after authentication (#1269072)
The previous required to have for all SELInux user contexts with setexec capability. Otherwise user would not be able to change password if it is expired. This patch sets correct context and cleans up the exec context.

When doing chroot, copy_selinux_context is called twice
2015-10-15 16:21:33 +02:00
Jakub Jelen
8395bb78d0 Increase size limit of glob structures in sftp 2015-09-30 15:27:08 +02:00
Jakub Jelen
a80c277795 openssh-7.1p1-3 + 0.9.2-8 2015-09-25 14:10:39 +02:00
Jakub Jelen
a01bd486f0 Fix obsolete usage of SELinux constants (#1261496) 2015-09-25 14:10:25 +02:00
Jakub Jelen
bf69b47630 Allow gss-keyex root login when without-password is set (#2456)
Reported upstream, but applicable also for our gss-keyex patch:
https://bugzilla.mindrot.org/show_bug.cgi?id=2456
2015-09-24 15:57:11 +02:00
Jakub Jelen
6bf47e3d35 Having no keys is not fatal in gssapi key exchange (#1261414) 2015-09-24 15:57:11 +02:00
Jakub Jelen
9a804fa266 Apply GSSAPI key exchange methods in client offered list (#1261414) 2015-09-24 15:57:11 +02:00
Jakub Jelen
c6ba7b1e09 Return back forgotten patch which prevent connection using GSSAPI key exchange (#1261414) 2015-09-24 15:57:11 +02:00
Jakub Jelen
812f08d95e Provide full RELRO and PIE form askpass helper (#1264036) 2015-09-24 15:57:11 +02:00
Jakub Jelen
3e5d955bcb Fix FIPS mode for DH kex (#1260253) 2015-09-11 11:32:37 +02:00
Jakub Jelen
98262158d8 openssh-7.1p1-2 + 0.9.2-8 2015-09-09 14:29:31 +02:00
Jakub Jelen
c4c52b0667 Fix warnings produced by gcc
related to
 * ssh-keysign and fingerprint algorithms
 * ssh and GSSAPI algorithms validation
2015-09-09 10:59:19 +02:00
Jakub Jelen
757fec581b openssh-7.1p1-1 + 0.9.3-8 2015-08-22 22:22:48 +02:00
Jakub Jelen
ccd186847a Add corresponding options for ssh1 configure 2015-08-22 22:22:48 +02:00
Jakub Jelen
c98f559725 HostKeyAlgorithms option on server is broken when using + sign 2015-08-22 22:22:48 +02:00
Jakub Jelen
ebdae84225 openssh-7.0p1-2 + 0.9.3-7 2015-08-19 13:49:45 +02:00
Jakub Jelen
18e54994fa Fix typo in version string 2015-08-19 13:47:28 +02:00
Jakub Jelen
4df30a2a72 Possibility to validate legacy systems by more fingerprints (#1249626) 2015-08-19 13:43:36 +02:00
Jakub Jelen
bc4ef0f373 Add GSSAPIKexAlgorithms option for server and client application 2015-08-19 13:18:07 +02:00
Jakub Jelen
459bd27529 Fix problem with DSA keys using pam_ssh_agent_auth (#1251777) 2015-08-17 16:27:38 +02:00
Jakub Jelen
d0337fc530 Forgotten sources :( 2015-08-13 18:03:38 +02:00
Jakub Jelen
3f55133c24 openssh-7.0p1-1 + 6.9.3-7
New upstream release (#1252639)
                - allow root login in default config
        Security: Use-after-free bug related to PAM support (#1252853)
        Security: Privilege separation weakness related to PAM support (#1252854)
        Security: Incorrectly set TTYs to be world-writable (#1252862)
2015-08-13 17:44:41 +02:00
Jakub Jelen
2939c322fa Create openssh-clients-ssh1 subpackage with tools for protocol SSHv1 2015-08-13 17:44:41 +02:00
Jakub Jelen
405790ef61 Fix pam_ssh_agent_auth after rebase (#1251777) 2015-08-11 17:58:03 +02:00
Jakub Jelen
1d50678457 Remove obsolete triggerruns for migration to systemd
- overlapping versions are not supported by current rpm
2015-07-28 13:08:55 +02:00
Jakub Jelen
6286d6a8e6 6.9p1-4 + 0.9.3-6 2015-07-28 11:24:35 +02:00
Jakub Jelen
67938e0c00 Handle terminal control characters in scp progressmeter (#1247204) 2015-07-28 11:23:51 +02:00
Jakub Jelen
83bfb1fce5 6.9p1-3 + 0.9.3-6 2015-07-23 11:12:19 +02:00
Jakub Jelen
c6d2eca7de only query each keyboard-interactive device once (#1245971)
Upstream commit
https://anongit.mindrot.org/openssh.git/commit/?id=5b64f85bb811246c59ebab70aed331f26ba37b18
2015-07-23 11:06:12 +02:00
Jakub Jelen
ca62b6133e 6.9p1-2 + 0.9.3-6 2015-07-15 09:44:37 +02:00
Jakub Jelen
6e9574d7ec Fix race condition with auditing messages answers (#1242682) 2015-07-15 08:35:18 +02:00
Jakub Jelen
a4d9cd5694 Patch name, formating 2015-07-08 12:24:34 +02:00
Jakub Jelen
58ba50440e Allow building seccomp filters also for s390(x) architectures (#1195065) 2015-07-02 17:10:58 +02:00
Jakub Jelen
274e22c863 Forgotten sources 2015-07-01 17:54:29 +02:00
Jakub Jelen
187a349ee6 6.9p1-1 + 0.9.3-6 2015-07-01 15:51:20 +02:00
Jakub Jelen
5de6c89ff2 Correctly revert "PermitRootLogin no" option from upstream sources 2015-07-01 15:51:20 +02:00
Jakub Jelen
535d341e70 rebase to new upstream release 6.9 2015-07-01 15:51:01 +02:00
Jakub Jelen
21bee694ac Increase limitation number of files which can be listed using glob in sftp 2015-06-25 16:10:55 +02:00
Jakub Jelen
f3002bfb7b 6.8p1-9 + 0.9.3-5 2015-06-24 10:49:08 +02:00
Jakub Jelen
252221e6a1 Allow socketcall(SYS_SHUTDOWN) for net_child on ix86 architecture 2015-06-24 10:48:38 +02:00
Dennis Gilmore
b59dd83265 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-18 00:06:18 +00:00
Jakub Jelen
5aa47ae6f4 6.8p1-8 + 0.9.3-5 2015-06-08 09:06:12 +02:00
Jakub Jelen
7fa5057af5 Return stat syscall to seccomp filter, since it is not yet completely legacy (#1228323)
* problems occured with gssapi, which is trying to touch some libraries
2015-06-08 09:04:48 +02:00
Jakub Jelen
f049b3b1ad 6.8p1-7 + 0.9.3-5 2015-06-03 07:54:20 +02:00
Jakub Jelen
73d45fa321 Correct handle pam_ssh_agent_auth memory, buffers and variable sizes, which caused segfaults (#1225106) 2015-06-02 18:56:57 +02:00
Jakub Jelen
8a10dcb363 6.8p1-6 + 0.9.3-5 2015-05-28 14:02:26 +02:00