2007-09-06 19:49:16 +00:00
|
|
|
# Do we want SELinux & Audit
|
2011-06-16 08:24:30 +00:00
|
|
|
%if 0%{?!noselinux:1}
|
2004-09-09 09:45:31 +00:00
|
|
|
%define WITH_SELINUX 1
|
2011-06-16 08:24:30 +00:00
|
|
|
%else
|
|
|
|
%define WITH_SELINUX 0
|
|
|
|
%endif
|
2005-10-28 16:02:53 +00:00
|
|
|
|
2004-09-09 09:43:04 +00:00
|
|
|
# OpenSSH privilege separation requires a user & group ID
|
|
|
|
%define sshd_uid 74
|
|
|
|
%define sshd_gid 74
|
|
|
|
|
2004-09-09 09:35:17 +00:00
|
|
|
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
|
|
|
|
%define no_gnome_askpass 0
|
|
|
|
|
2004-09-09 09:39:27 +00:00
|
|
|
# Do we want to link against a static libcrypto? (1=yes 0=no)
|
|
|
|
%define static_libcrypto 0
|
|
|
|
|
2004-09-09 09:43:25 +00:00
|
|
|
# Use GTK2 instead of GNOME in gnome-ssh-askpass
|
|
|
|
%define gtk2 1
|
|
|
|
|
2004-09-09 09:45:31 +00:00
|
|
|
# Build position-independent executables (requires toolchain support)?
|
2004-11-29 11:18:58 +00:00
|
|
|
%define pie 1
|
2004-09-09 09:45:31 +00:00
|
|
|
|
2004-09-09 09:43:25 +00:00
|
|
|
# Do we want kerberos5 support (1=yes 0=no)
|
|
|
|
%define kerberos5 1
|
2004-09-09 09:43:04 +00:00
|
|
|
|
2007-09-06 19:49:16 +00:00
|
|
|
# Do we want libedit support
|
|
|
|
%define libedit 1
|
|
|
|
|
2010-04-28 11:07:03 +00:00
|
|
|
# Do we want LDAP support
|
|
|
|
%define ldap 1
|
|
|
|
|
2009-10-19 07:32:33 +00:00
|
|
|
# Whether to build pam_ssh_agent_auth
|
2011-06-16 08:24:30 +00:00
|
|
|
%if 0%{?!nopam:1}
|
2009-10-19 07:32:33 +00:00
|
|
|
%define pam_ssh_agent 1
|
2011-06-16 08:24:30 +00:00
|
|
|
%else
|
|
|
|
%define pam_ssh_agent 0
|
|
|
|
%endif
|
2009-10-19 07:32:33 +00:00
|
|
|
|
2004-09-09 09:35:41 +00:00
|
|
|
# Reserve options to override askpass settings with:
|
|
|
|
# rpm -ba|--rebuild --define 'skip_xxx 1'
|
2010-01-08 11:30:34 +00:00
|
|
|
%{?skip_gnome_askpass:%global no_gnome_askpass 1}
|
2004-09-09 09:35:41 +00:00
|
|
|
|
2004-09-09 09:47:30 +00:00
|
|
|
# Add option to build without GTK2 for older platforms with only GTK+.
|
2005-02-14 22:57:10 +00:00
|
|
|
# Red Hat Linux <= 7.2 and Red Hat Advanced Server 2.1 are examples.
|
2004-09-09 09:47:30 +00:00
|
|
|
# rpm -ba|--rebuild --define 'no_gtk2 1'
|
2010-01-08 11:30:34 +00:00
|
|
|
%{?no_gtk2:%global gtk2 0}
|
2004-09-09 09:47:30 +00:00
|
|
|
|
2004-09-09 09:39:27 +00:00
|
|
|
# Options for static OpenSSL link:
|
|
|
|
# rpm -ba|--rebuild --define "static_openssl 1"
|
2010-01-08 11:30:34 +00:00
|
|
|
%{?static_openssl:%global static_libcrypto 1}
|
2004-09-09 09:39:27 +00:00
|
|
|
|
|
|
|
# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
|
|
|
|
%define rescue 0
|
2010-01-08 11:30:34 +00:00
|
|
|
%{?build_rescue:%global rescue 1}
|
|
|
|
%{?build_rescue:%global rescue_rel rescue}
|
2004-09-09 09:39:27 +00:00
|
|
|
|
2004-09-09 09:43:25 +00:00
|
|
|
# Turn off some stuff for resuce builds
|
|
|
|
%if %{rescue}
|
|
|
|
%define kerberos5 0
|
2007-09-06 19:49:16 +00:00
|
|
|
%define libedit 0
|
2009-10-19 07:32:33 +00:00
|
|
|
%define pam_ssh_agent 0
|
2004-09-09 09:43:25 +00:00
|
|
|
%endif
|
|
|
|
|
2010-03-09 09:58:14 +00:00
|
|
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
2014-06-03 15:18:36 +00:00
|
|
|
%define openssh_ver 6.6.1p1
|
2014-06-03 14:51:07 +00:00
|
|
|
%define openssh_rel 1
|
2012-06-22 12:52:35 +00:00
|
|
|
%define pam_ssh_agent_ver 0.9.3
|
2014-06-03 14:51:07 +00:00
|
|
|
%define pam_ssh_agent_rel 2
|
2009-10-19 07:32:33 +00:00
|
|
|
|
2008-12-11 21:48:41 +00:00
|
|
|
Summary: An open source implementation of SSH protocol versions 1 and 2
|
2004-09-09 09:35:01 +00:00
|
|
|
Name: openssh
|
2010-04-16 08:09:50 +00:00
|
|
|
Version: %{openssh_ver}
|
2014-06-07 17:01:42 +00:00
|
|
|
Release: %{openssh_rel}%{?dist}%{?rescue_rel}.1
|
2004-09-09 09:35:01 +00:00
|
|
|
URL: http://www.openssh.com/portable.html
|
2010-01-25 14:36:10 +00:00
|
|
|
#URL1: http://pamsshagentauth.sourceforge.net
|
2014-06-03 15:18:36 +00:00
|
|
|
# Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
|
|
|
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.6p1.tar.gz
|
2007-09-06 19:49:16 +00:00
|
|
|
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
|
2008-04-07 20:14:31 +00:00
|
|
|
Source2: sshd.pam
|
|
|
|
Source3: sshd.init
|
2009-10-19 07:32:33 +00:00
|
|
|
Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
|
|
|
|
Source5: pam_ssh_agent-rmheaders
|
2011-02-28 15:42:58 +00:00
|
|
|
Source6: ssh-keycat.pam
|
2011-03-29 21:25:53 +00:00
|
|
|
Source7: sshd.sysconfig
|
2011-06-28 08:35:28 +00:00
|
|
|
Source9: sshd@.service
|
|
|
|
Source10: sshd.socket
|
2011-04-23 07:13:06 +00:00
|
|
|
Source11: sshd.service
|
2013-05-21 16:37:18 +00:00
|
|
|
Source12: sshd-keygen.service
|
2011-06-28 08:35:28 +00:00
|
|
|
Source13: sshd-keygen
|
2010-05-04 07:27:28 +00:00
|
|
|
|
2011-09-07 13:12:54 +00:00
|
|
|
# Internal debug
|
2011-09-14 15:03:03 +00:00
|
|
|
Patch0: openssh-5.9p1-wIm.patch
|
2011-09-07 13:12:54 +00:00
|
|
|
|
2011-09-08 22:54:28 +00:00
|
|
|
#?
|
2013-10-14 13:54:41 +00:00
|
|
|
Patch100: openssh-6.3p1-coverity.patch
|
2011-03-01 16:10:09 +00:00
|
|
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1872
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch101: openssh-6.6p1-fingerprint.patch
|
2011-04-27 10:16:14 +00:00
|
|
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1894
|
2012-02-14 15:55:51 +00:00
|
|
|
#https://bugzilla.redhat.com/show_bug.cgi?id=735889
|
2011-09-08 22:54:28 +00:00
|
|
|
Patch102: openssh-5.8p1-getaddrinfo.patch
|
2011-04-21 15:22:18 +00:00
|
|
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1889
|
2011-09-08 22:54:28 +00:00
|
|
|
Patch103: openssh-5.8p1-packet.patch
|
2011-09-07 13:12:54 +00:00
|
|
|
|
|
|
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
|
2013-11-08 12:38:07 +00:00
|
|
|
Patch200: openssh-6.4p1-audit.patch
|
2011-09-07 13:12:54 +00:00
|
|
|
|
2011-02-14 14:32:49 +00:00
|
|
|
# --- pam_ssh-agent ---
|
2012-06-22 12:52:35 +00:00
|
|
|
# make it build reusing the openssh sources
|
|
|
|
Patch300: pam_ssh_agent_auth-0.9.3-build.patch
|
|
|
|
# check return value of seteuid()
|
2011-09-07 13:12:54 +00:00
|
|
|
Patch301: pam_ssh_agent_auth-0.9.2-seteuid.patch
|
2012-06-22 12:52:35 +00:00
|
|
|
# explicitly make pam callbacks visible
|
|
|
|
Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
|
2013-11-01 16:04:34 +00:00
|
|
|
# don't use xfree (#1024965)
|
|
|
|
Patch303: pam_ssh_agent_auth-0.9.3-no-xfree.patch
|
2011-03-17 10:31:16 +00:00
|
|
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch400: openssh-6.6p1-role-mls.patch
|
2012-01-31 13:09:00 +00:00
|
|
|
#https://bugzilla.redhat.com/show_bug.cgi?id=781634
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch404: openssh-6.6p1-privsep-selinux.patch
|
2011-09-07 13:12:54 +00:00
|
|
|
|
|
|
|
#?-- unwanted child :(
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch501: openssh-6.6p1-ldap.patch
|
2011-03-17 07:18:17 +00:00
|
|
|
#?
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch502: openssh-6.6p1-keycat.patch
|
2011-09-07 13:12:54 +00:00
|
|
|
|
|
|
|
#http6://bugzilla.mindrot.org/show_bug.cgi?id=1644
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch601: openssh-6.6p1-allow-ip-opts.patch
|
2010-05-04 07:27:28 +00:00
|
|
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1701
|
2011-09-07 13:12:54 +00:00
|
|
|
Patch602: openssh-5.9p1-randclean.patch
|
2011-03-07 19:31:52 +00:00
|
|
|
#http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c.diff?r1=1.13&r2=1.13.12.1&f=h
|
2011-09-07 13:12:54 +00:00
|
|
|
Patch603: openssh-5.8p1-glob.patch
|
2011-04-21 21:27:01 +00:00
|
|
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1893
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch604: openssh-6.6p1-keyperm.patch
|
2011-09-07 13:12:54 +00:00
|
|
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1925
|
|
|
|
Patch606: openssh-5.9p1-ipv6man.patch
|
2011-04-21 15:22:18 +00:00
|
|
|
#?
|
2014-07-03 14:14:38 +00:00
|
|
|
Patch607: openssh-5.8p2-sigpipe.patch
|
2011-02-14 14:32:49 +00:00
|
|
|
#?
|
2012-09-14 20:18:22 +00:00
|
|
|
Patch608: openssh-6.1p1-askpass-ld.patch
|
2011-09-07 13:12:54 +00:00
|
|
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1789
|
2014-07-03 14:42:56 +00:00
|
|
|
Patch609: openssh-5.5p1-x11.patch
|
2011-09-07 13:12:54 +00:00
|
|
|
|
2011-02-14 14:32:49 +00:00
|
|
|
#?
|
2013-10-14 13:54:41 +00:00
|
|
|
Patch700: openssh-6.3p1-fips.patch
|
2011-02-14 14:32:49 +00:00
|
|
|
#?
|
2014-06-03 14:51:07 +00:00
|
|
|
# drop? Patch701: openssh-5.6p1-exit-deadlock.patch
|
2011-02-14 14:32:49 +00:00
|
|
|
#?
|
2011-09-07 13:12:54 +00:00
|
|
|
Patch702: openssh-5.1p1-askpass-progress.patch
|
2011-02-14 14:32:49 +00:00
|
|
|
#?
|
2011-09-07 13:12:54 +00:00
|
|
|
Patch703: openssh-4.3p2-askpass-grab-info.patch
|
2014-06-03 14:51:07 +00:00
|
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=205842
|
|
|
|
# drop? Patch704: openssh-5.9p1-edns.patch
|
2011-02-14 14:32:49 +00:00
|
|
|
#?
|
2011-09-07 13:12:54 +00:00
|
|
|
Patch705: openssh-5.1p1-scp-manpage.patch
|
2011-04-22 09:43:01 +00:00
|
|
|
#?
|
2011-09-07 13:12:54 +00:00
|
|
|
Patch706: openssh-5.8p1-localdomain.patch
|
|
|
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch707: openssh-6.6p1-redhat.patch
|
2011-09-07 13:12:54 +00:00
|
|
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1890 (WONTFIX) need integration to prng helper which is discontinued :)
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch708: openssh-6.6p1-entropy.patch
|
2011-09-07 13:12:54 +00:00
|
|
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)
|
2013-04-04 14:42:32 +00:00
|
|
|
Patch709: openssh-6.2p1-vendor.patch
|
2011-12-06 16:41:06 +00:00
|
|
|
# warn users for unsupported UsePAM=no (#757545)
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch711: openssh-6.6p1-log-usepam-no.patch
|
2012-01-11 18:11:33 +00:00
|
|
|
# make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL
|
2013-10-14 13:54:41 +00:00
|
|
|
Patch712: openssh-6.3p1-ctr-evp-fast.patch
|
2012-01-13 17:28:47 +00:00
|
|
|
# add cavs test binary for the aes-ctr
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch713: openssh-6.6p1-ctr-cavstest.patch
|
2012-08-06 07:00:49 +00:00
|
|
|
|
2011-09-07 13:12:54 +00:00
|
|
|
|
|
|
|
#http://www.sxw.org.uk/computing/patches/openssh.html
|
2012-09-13 10:59:31 +00:00
|
|
|
#changed cache storage type - #848228
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch800: openssh-6.6p1-gsskex.patch
|
2011-05-22 21:49:15 +00:00
|
|
|
#http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch801: openssh-6.6p1-force_krb.patch
|
2012-10-30 10:06:45 +00:00
|
|
|
Patch900: openssh-6.1p1-gssapi-canohost.patch
|
2011-09-07 13:12:54 +00:00
|
|
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch901: openssh-6.6p1-kuserok.patch
|
2013-10-23 20:08:19 +00:00
|
|
|
# use default_ccache_name from /etc/krb5.conf (#991186)
|
|
|
|
Patch902: openssh-6.3p1-krb5-use-default_ccache_name.patch
|
2014-01-20 14:24:47 +00:00
|
|
|
# FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A (#1001748)
|
2014-06-03 14:51:07 +00:00
|
|
|
# merge: Patch904: openssh-6.4p1-FIPS-mode-SP800-131A.patch
|
2014-01-20 15:41:00 +00:00
|
|
|
# Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set (#969375
|
|
|
|
Patch905: openssh-6.4p1-legacy-ssh-copy-id.patch
|
2014-01-20 18:41:27 +00:00
|
|
|
# Use tty allocation for a remote scp (#985650)
|
|
|
|
Patch906: openssh-6.4p1-fromto-remote.patch
|
2014-05-14 15:27:32 +00:00
|
|
|
# Try CLOCK_BOOTTIME with fallback (#1091992)
|
|
|
|
Patch907: openssh-6.4p1-CLOCK_BOOTTIME.patch
|
2014-05-14 16:04:10 +00:00
|
|
|
# Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
|
|
|
|
# dialog by offering only certificate keys. (#1081338)
|
2014-06-03 14:51:07 +00:00
|
|
|
Patch908: openssh-6.6p1-CVE-2014-2653.patch
|
2014-06-03 15:18:36 +00:00
|
|
|
# OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519 key exchange incorrectly
|
|
|
|
# Disable the curve25519 KEX when speaking to OpenSSH 6.5 or 6.6
|
|
|
|
Patch909: openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch
|
2008-02-29 16:34:03 +00:00
|
|
|
|
2004-09-09 09:36:07 +00:00
|
|
|
License: BSD
|
2004-09-09 09:35:01 +00:00
|
|
|
Group: Applications/Internet
|
2007-02-22 13:00:51 +00:00
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
2004-09-09 09:43:04 +00:00
|
|
|
Requires: /sbin/nologin
|
2013-10-15 15:53:42 +00:00
|
|
|
Obsoletes: openssh-clients-fips, openssh-server-fips
|
2014-05-08 09:13:15 +00:00
|
|
|
Obsoletes: openssh-server-sysvinit
|
2004-09-09 09:43:04 +00:00
|
|
|
|
2004-09-20 22:10:11 +00:00
|
|
|
%if ! %{no_gnome_askpass}
|
2004-09-09 09:44:54 +00:00
|
|
|
%if %{gtk2}
|
2006-07-17 14:09:15 +00:00
|
|
|
BuildRequires: gtk2-devel
|
|
|
|
BuildRequires: libX11-devel
|
2004-09-20 22:10:11 +00:00
|
|
|
%else
|
2006-07-17 14:09:15 +00:00
|
|
|
BuildRequires: gnome-libs-devel
|
2004-09-09 09:44:54 +00:00
|
|
|
%endif
|
2004-09-20 22:10:11 +00:00
|
|
|
%endif
|
|
|
|
|
2010-04-28 11:07:03 +00:00
|
|
|
%if %{ldap}
|
|
|
|
BuildRequires: openldap-devel
|
|
|
|
%endif
|
2009-02-12 18:19:52 +00:00
|
|
|
BuildRequires: autoconf, automake, perl, zlib-devel
|
2010-09-21 03:36:25 +00:00
|
|
|
BuildRequires: audit-libs-devel >= 2.0.5
|
2010-04-20 07:25:26 +00:00
|
|
|
BuildRequires: util-linux, groff
|
2006-07-17 14:09:15 +00:00
|
|
|
BuildRequires: pam-devel
|
2007-06-20 19:33:53 +00:00
|
|
|
BuildRequires: tcp_wrappers-devel
|
2013-10-08 15:04:53 +00:00
|
|
|
BuildRequires: fipscheck-devel >= 1.3.0
|
2009-02-12 18:19:52 +00:00
|
|
|
BuildRequires: openssl-devel >= 0.9.8j
|
2013-02-05 12:09:16 +00:00
|
|
|
BuildRequires: perl-podlators
|
2004-09-09 09:43:04 +00:00
|
|
|
|
2004-09-09 09:43:25 +00:00
|
|
|
%if %{kerberos5}
|
2006-07-17 14:09:15 +00:00
|
|
|
BuildRequires: krb5-devel
|
2004-09-09 09:43:25 +00:00
|
|
|
%endif
|
|
|
|
|
2007-09-06 19:49:16 +00:00
|
|
|
%if %{libedit}
|
2007-11-20 18:26:30 +00:00
|
|
|
BuildRequires: libedit-devel ncurses-devel
|
2007-09-06 19:49:16 +00:00
|
|
|
%endif
|
|
|
|
|
2005-10-28 16:02:53 +00:00
|
|
|
%if %{WITH_SELINUX}
|
2005-10-13 21:14:36 +00:00
|
|
|
Requires: libselinux >= 1.27.7
|
|
|
|
BuildRequires: libselinux-devel >= 1.27.7
|
2005-10-28 16:02:53 +00:00
|
|
|
Requires: audit-libs >= 1.0.8
|
|
|
|
BuildRequires: audit-libs >= 1.0.8
|
|
|
|
%endif
|
2004-09-09 09:48:29 +00:00
|
|
|
|
2006-07-17 14:09:15 +00:00
|
|
|
BuildRequires: xauth
|
|
|
|
|
2004-09-09 09:35:01 +00:00
|
|
|
%package clients
|
2008-12-11 21:48:41 +00:00
|
|
|
Summary: An open source SSH client applications
|
2004-09-09 09:35:01 +00:00
|
|
|
Group: Applications/Internet
|
2010-09-08 07:00:22 +00:00
|
|
|
Requires: openssh = %{version}-%{release}
|
2013-10-08 15:04:53 +00:00
|
|
|
Requires: fipscheck-lib%{_isa} >= 1.3.0
|
2004-09-09 09:35:01 +00:00
|
|
|
|
|
|
|
%package server
|
2008-12-11 21:48:41 +00:00
|
|
|
Summary: An open source SSH server daemon
|
2004-09-09 09:35:01 +00:00
|
|
|
Group: System Environment/Daemons
|
2006-07-17 14:09:15 +00:00
|
|
|
Requires: openssh = %{version}-%{release}
|
|
|
|
Requires(pre): /usr/sbin/useradd
|
2008-05-19 16:53:29 +00:00
|
|
|
Requires: pam >= 1.0.1-3
|
2013-10-08 15:13:39 +00:00
|
|
|
Requires: fipscheck-lib%{_isa} >= 1.3.0
|
2011-06-28 08:35:28 +00:00
|
|
|
Requires(post): systemd-units
|
|
|
|
Requires(preun): systemd-units
|
|
|
|
Requires(postun): systemd-units
|
|
|
|
|
2010-05-03 13:32:38 +00:00
|
|
|
%if %{ldap}
|
|
|
|
%package ldap
|
|
|
|
Summary: A LDAP support for open source SSH server daemon
|
|
|
|
Requires: openssh = %{version}-%{release}
|
|
|
|
Group: System Environment/Daemons
|
|
|
|
%endif
|
|
|
|
|
2011-02-28 15:42:58 +00:00
|
|
|
%package keycat
|
|
|
|
Summary: A mls keycat backend for openssh
|
|
|
|
Requires: openssh = %{version}-%{release}
|
|
|
|
Group: System Environment/Daemons
|
|
|
|
|
2004-09-09 09:35:01 +00:00
|
|
|
%package askpass
|
2006-07-17 14:09:15 +00:00
|
|
|
Summary: A passphrase dialog for OpenSSH and X
|
2004-09-09 09:35:01 +00:00
|
|
|
Group: Applications/Internet
|
2004-09-09 09:35:10 +00:00
|
|
|
Requires: openssh = %{version}-%{release}
|
2006-07-20 11:06:42 +00:00
|
|
|
Obsoletes: openssh-askpass-gnome
|
|
|
|
Provides: openssh-askpass-gnome
|
2004-09-09 09:35:01 +00:00
|
|
|
|
2009-10-19 07:32:33 +00:00
|
|
|
%package -n pam_ssh_agent_auth
|
|
|
|
Summary: PAM module for authentication with ssh-agent
|
|
|
|
Group: System Environment/Base
|
|
|
|
Version: %{pam_ssh_agent_ver}
|
2014-06-07 17:01:42 +00:00
|
|
|
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}.1
|
2010-01-25 14:36:10 +00:00
|
|
|
License: BSD
|
2009-10-19 07:32:33 +00:00
|
|
|
|
2004-09-09 09:35:01 +00:00
|
|
|
%description
|
2004-09-09 09:36:07 +00:00
|
|
|
SSH (Secure SHell) is a program for logging into and executing
|
|
|
|
commands on a remote machine. SSH is intended to replace rlogin and
|
|
|
|
rsh, and to provide secure encrypted communications between two
|
|
|
|
untrusted hosts over an insecure network. X11 connections and
|
2004-09-09 09:35:01 +00:00
|
|
|
arbitrary TCP/IP ports can also be forwarded over the secure channel.
|
|
|
|
|
2004-09-09 09:36:07 +00:00
|
|
|
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
|
2008-12-11 21:48:41 +00:00
|
|
|
it up to date in terms of security and features.
|
2004-09-09 09:35:01 +00:00
|
|
|
|
|
|
|
This package includes the core files necessary for both the OpenSSH
|
2004-09-09 09:36:07 +00:00
|
|
|
client and server. To make this package useful, you should also
|
2004-09-09 09:35:01 +00:00
|
|
|
install openssh-clients, openssh-server, or both.
|
|
|
|
|
|
|
|
%description clients
|
2004-09-09 09:36:07 +00:00
|
|
|
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
|
|
|
into and executing commands on a remote machine. This package includes
|
|
|
|
the clients necessary to make encrypted connections to SSH servers.
|
2004-09-09 09:35:01 +00:00
|
|
|
|
|
|
|
%description server
|
2004-09-09 09:36:07 +00:00
|
|
|
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
|
|
|
into and executing commands on a remote machine. This package contains
|
|
|
|
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
|
2008-12-11 21:48:41 +00:00
|
|
|
securely connect to your SSH server.
|
2004-09-09 09:35:01 +00:00
|
|
|
|
2010-05-03 13:32:38 +00:00
|
|
|
%if %{ldap}
|
|
|
|
%description ldap
|
|
|
|
OpenSSH LDAP backend is a way how to distribute the authorized tokens
|
|
|
|
among the servers in the network.
|
|
|
|
%endif
|
|
|
|
|
2011-02-28 15:42:58 +00:00
|
|
|
%description keycat
|
|
|
|
OpenSSH mls keycat is backend for using the authorized keys in the
|
|
|
|
openssh in the mls mode.
|
|
|
|
|
2004-09-09 09:35:01 +00:00
|
|
|
%description askpass
|
2004-09-09 09:36:07 +00:00
|
|
|
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
|
|
|
into and executing commands on a remote machine. This package contains
|
|
|
|
an X11 passphrase dialog for OpenSSH.
|
2004-09-09 09:35:01 +00:00
|
|
|
|
2009-10-19 07:32:33 +00:00
|
|
|
%description -n pam_ssh_agent_auth
|
|
|
|
This package contains a PAM module which can be used to authenticate
|
|
|
|
users using ssh keys stored in a ssh-agent. Through the use of the
|
|
|
|
forwarding of ssh-agent connection it also allows to authenticate with
|
|
|
|
remote ssh-agent instance.
|
|
|
|
|
|
|
|
The module is most useful for su and sudo service stacks.
|
|
|
|
|
2004-09-09 09:35:41 +00:00
|
|
|
%prep
|
2014-06-03 15:18:36 +00:00
|
|
|
%setup -q -a 4 -n openssh-6.6p1
|
2011-01-12 10:09:58 +00:00
|
|
|
#Do not enable by default
|
2011-09-19 05:26:32 +00:00
|
|
|
%if 0
|
|
|
|
%patch0 -p1 -b .wIm
|
|
|
|
%endif
|
2011-05-22 21:49:15 +00:00
|
|
|
|
2014-06-03 14:51:07 +00:00
|
|
|
# rework %patch100 -p1 -b .coverity
|
2011-09-08 22:54:28 +00:00
|
|
|
%patch101 -p1 -b .fingerprint
|
2014-06-03 14:51:07 +00:00
|
|
|
# investigate %patch102 -p1 -b .getaddrinfo
|
2011-09-08 22:54:28 +00:00
|
|
|
%patch103 -p1 -b .packet
|
2011-09-07 13:12:54 +00:00
|
|
|
|
2014-06-03 14:51:07 +00:00
|
|
|
# rework %patch200 -p1 -b .audit
|
2011-09-07 13:12:54 +00:00
|
|
|
|
2009-10-19 07:32:33 +00:00
|
|
|
%if %{pam_ssh_agent}
|
|
|
|
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
2011-09-07 13:12:54 +00:00
|
|
|
%patch300 -p1 -b .psaa-build
|
|
|
|
%patch301 -p1 -b .psaa-seteuid
|
2012-06-22 12:52:35 +00:00
|
|
|
%patch302 -p1 -b .psaa-visibility
|
2013-11-01 16:04:34 +00:00
|
|
|
%patch303 -p1 -b .psaa-xfree
|
2009-10-19 07:32:33 +00:00
|
|
|
# Remove duplicate headers
|
|
|
|
rm -f $(cat %{SOURCE5})
|
|
|
|
popd
|
|
|
|
%endif
|
2011-09-07 13:12:54 +00:00
|
|
|
|
2011-02-14 14:32:49 +00:00
|
|
|
%if %{WITH_SELINUX}
|
2012-08-06 19:32:10 +00:00
|
|
|
%patch400 -p1 -b .role-mls
|
2012-01-31 13:09:00 +00:00
|
|
|
%patch404 -p1 -b .privsep-selinux
|
2011-09-07 13:12:54 +00:00
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{ldap}
|
|
|
|
%patch501 -p1 -b .ldap
|
|
|
|
%endif
|
|
|
|
%patch502 -p1 -b .keycat
|
|
|
|
|
|
|
|
%patch601 -p1 -b .ip-opts
|
2014-06-03 14:51:07 +00:00
|
|
|
# merge to fips
|
|
|
|
# %patch602 -p1 -b .randclean
|
2011-09-07 13:12:54 +00:00
|
|
|
%patch603 -p1 -b .glob
|
|
|
|
%patch604 -p1 -b .keyperm
|
|
|
|
%patch606 -p1 -b .ipv6man
|
2014-07-03 14:14:38 +00:00
|
|
|
%patch607 -p1 -b .sigpipe
|
2011-09-07 13:12:54 +00:00
|
|
|
%patch608 -p1 -b .askpass-ld
|
2014-07-03 14:42:56 +00:00
|
|
|
%patch609 -p1 -b .x11
|
2014-06-03 14:51:07 +00:00
|
|
|
#
|
|
|
|
# move to the end %patch700 -p1 -b .fips
|
|
|
|
# drop? %patch701 -p1 -b .exit-deadlock
|
2011-09-07 13:12:54 +00:00
|
|
|
%patch702 -p1 -b .progress
|
|
|
|
%patch703 -p1 -b .grab-info
|
2014-06-03 14:51:07 +00:00
|
|
|
# investigate - https://bugzilla.redhat.com/show_bug.cgi?id=205842
|
|
|
|
# probably not needed anymore %patch704 -p1 -b .edns
|
|
|
|
# drop it %patch705 -p1 -b .manpage
|
2011-09-07 13:12:54 +00:00
|
|
|
%patch706 -p1 -b .localdomain
|
|
|
|
%patch707 -p1 -b .redhat
|
|
|
|
%patch708 -p1 -b .entropy
|
|
|
|
%patch709 -p1 -b .vendor
|
2011-12-06 16:41:06 +00:00
|
|
|
%patch711 -p1 -b .log-usepam-no
|
2012-01-11 18:11:33 +00:00
|
|
|
%patch712 -p1 -b .evp-ctr
|
2012-01-13 17:28:47 +00:00
|
|
|
%patch713 -p1 -b .ctr-cavs
|
2014-06-03 14:51:07 +00:00
|
|
|
#
|
2011-09-07 13:12:54 +00:00
|
|
|
%patch800 -p1 -b .gsskex
|
|
|
|
%patch801 -p1 -b .force_krb
|
2014-06-03 14:51:07 +00:00
|
|
|
#
|
2011-09-07 13:12:54 +00:00
|
|
|
%patch900 -p1 -b .canohost
|
|
|
|
%patch901 -p1 -b .kuserok
|
2013-10-23 20:08:19 +00:00
|
|
|
%patch902 -p1 -b .ccache_name
|
2014-06-03 14:51:07 +00:00
|
|
|
# merge with fips %patch904 -p1 -b .SP800-131A
|
2014-01-20 15:41:00 +00:00
|
|
|
%patch905 -p1 -b .legacy-ssh-copy-id
|
2014-01-20 18:41:27 +00:00
|
|
|
%patch906 -p1 -b .fromto-remote
|
2014-05-14 15:27:32 +00:00
|
|
|
%patch907 -p1 -b .CLOCK_BOOTTIME
|
2014-05-14 16:04:10 +00:00
|
|
|
%patch908 -p1 -b .CVE-2014-2653
|
2014-06-03 15:18:36 +00:00
|
|
|
%patch909 -p1 -b .6.6.1
|
2005-11-18 17:03:02 +00:00
|
|
|
|
2011-09-19 05:26:32 +00:00
|
|
|
%if 0
|
|
|
|
# Nothing here yet
|
|
|
|
%endif
|
|
|
|
|
2004-10-04 20:57:32 +00:00
|
|
|
autoreconf
|
2010-03-19 20:11:25 +00:00
|
|
|
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
|
|
|
autoreconf
|
|
|
|
popd
|
2004-09-09 09:47:30 +00:00
|
|
|
|
2004-09-09 09:35:41 +00:00
|
|
|
%build
|
2012-06-22 12:52:35 +00:00
|
|
|
# the -fvisibility=hidden is needed for clean build of the pam_ssh_agent_auth
|
|
|
|
# and it makes the ssh build more clean and even optimized better
|
|
|
|
CFLAGS="$RPM_OPT_FLAGS -fvisibility=hidden"; export CFLAGS
|
2004-09-09 09:45:31 +00:00
|
|
|
%if %{rescue}
|
|
|
|
CFLAGS="$CFLAGS -Os"
|
|
|
|
%endif
|
|
|
|
%if %{pie}
|
2008-02-13 03:52:43 +00:00
|
|
|
%ifarch s390 s390x sparc sparcv9 sparc64
|
2009-10-19 07:32:33 +00:00
|
|
|
CFLAGS="$CFLAGS -fPIC"
|
2004-09-09 09:46:59 +00:00
|
|
|
%else
|
2009-10-19 07:32:33 +00:00
|
|
|
CFLAGS="$CFLAGS -fpic"
|
2004-09-09 09:46:59 +00:00
|
|
|
%endif
|
2009-10-19 07:32:33 +00:00
|
|
|
SAVE_LDFLAGS="$LDFLAGS"
|
2011-02-14 14:32:49 +00:00
|
|
|
LDFLAGS="$LDFLAGS -pie -z relro -z now"
|
|
|
|
|
|
|
|
export CFLAGS
|
|
|
|
export LDFLAGS
|
|
|
|
|
2004-09-09 09:45:31 +00:00
|
|
|
%endif
|
2004-09-09 09:44:54 +00:00
|
|
|
%if %{kerberos5}
|
2010-03-12 10:47:29 +00:00
|
|
|
if test -r /etc/profile.d/krb5-devel.sh ; then
|
|
|
|
source /etc/profile.d/krb5-devel.sh
|
|
|
|
fi
|
2004-09-09 09:44:54 +00:00
|
|
|
krb5_prefix=`krb5-config --prefix`
|
|
|
|
if test "$krb5_prefix" != "%{_prefix}" ; then
|
|
|
|
CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS
|
|
|
|
CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"
|
|
|
|
LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS
|
|
|
|
else
|
|
|
|
krb5_prefix=
|
|
|
|
CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS
|
|
|
|
CFLAGS="$CFLAGS -I%{_includedir}/gssapi"
|
|
|
|
fi
|
|
|
|
%endif
|
2004-09-09 09:39:27 +00:00
|
|
|
|
2004-09-09 09:35:41 +00:00
|
|
|
%configure \
|
|
|
|
--sysconfdir=%{_sysconfdir}/ssh \
|
|
|
|
--libexecdir=%{_libexecdir}/openssh \
|
2004-09-09 09:39:27 +00:00
|
|
|
--datadir=%{_datadir}/openssh \
|
2004-09-09 09:35:41 +00:00
|
|
|
--with-tcp-wrappers \
|
2012-09-15 11:14:04 +00:00
|
|
|
--with-default-path=/usr/local/bin:/usr/bin \
|
|
|
|
--with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
|
2004-09-09 09:43:04 +00:00
|
|
|
--with-privsep-path=%{_var}/empty/sshd \
|
2004-10-04 20:57:32 +00:00
|
|
|
--enable-vendor-patchlevel="FC-%{version}-%{release}" \
|
|
|
|
--disable-strip \
|
2005-09-06 19:55:17 +00:00
|
|
|
--without-zlib-version-check \
|
2009-01-30 15:44:41 +00:00
|
|
|
--with-ssl-engine \
|
2011-09-12 06:11:41 +00:00
|
|
|
--with-ipaddr-display \
|
2010-04-28 11:07:03 +00:00
|
|
|
%if %{ldap}
|
|
|
|
--with-ldap \
|
|
|
|
%endif
|
2004-09-09 09:35:41 +00:00
|
|
|
%if %{rescue}
|
2004-09-09 09:47:30 +00:00
|
|
|
--without-pam \
|
2004-09-09 09:43:25 +00:00
|
|
|
%else
|
|
|
|
--with-pam \
|
|
|
|
%endif
|
2005-10-28 16:02:53 +00:00
|
|
|
%if %{WITH_SELINUX}
|
2011-09-19 05:26:32 +00:00
|
|
|
--with-selinux --with-audit=linux \
|
2012-08-06 19:32:10 +00:00
|
|
|
%if 0
|
|
|
|
#seccomp_filter cannot be build right now
|
|
|
|
--with-sandbox=seccomp_filter \
|
2011-09-19 05:26:32 +00:00
|
|
|
%else
|
2012-08-06 19:32:10 +00:00
|
|
|
--with-sandbox=rlimit \
|
2011-09-19 05:26:32 +00:00
|
|
|
%endif
|
2005-10-28 16:02:53 +00:00
|
|
|
%endif
|
2004-09-09 09:43:25 +00:00
|
|
|
%if %{kerberos5}
|
2007-09-06 19:49:16 +00:00
|
|
|
--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
|
2004-09-09 09:35:41 +00:00
|
|
|
%else
|
2007-09-06 19:49:16 +00:00
|
|
|
--without-kerberos5 \
|
|
|
|
%endif
|
|
|
|
%if %{libedit}
|
2013-10-08 15:04:53 +00:00
|
|
|
--with-libedit
|
2007-09-06 19:49:16 +00:00
|
|
|
%else
|
2013-10-08 15:04:53 +00:00
|
|
|
--without-libedit
|
2004-09-09 09:39:27 +00:00
|
|
|
%endif
|
|
|
|
|
|
|
|
%if %{static_libcrypto}
|
|
|
|
perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
|
2004-09-09 09:35:41 +00:00
|
|
|
%endif
|
|
|
|
|
|
|
|
make
|
|
|
|
|
2004-09-09 09:43:04 +00:00
|
|
|
# Define a variable to toggle gnome1/gtk2 building. This is necessary
|
|
|
|
# because RPM doesn't handle nested %if statements.
|
|
|
|
%if %{gtk2}
|
2004-09-09 09:43:25 +00:00
|
|
|
gtk2=yes
|
2004-09-09 09:43:04 +00:00
|
|
|
%else
|
2004-09-09 09:43:25 +00:00
|
|
|
gtk2=no
|
2004-09-09 09:43:04 +00:00
|
|
|
%endif
|
|
|
|
|
2004-09-09 09:35:41 +00:00
|
|
|
%if ! %{no_gnome_askpass}
|
|
|
|
pushd contrib
|
2004-09-09 09:43:04 +00:00
|
|
|
if [ $gtk2 = yes ] ; then
|
2004-09-09 09:43:25 +00:00
|
|
|
make gnome-ssh-askpass2
|
|
|
|
mv gnome-ssh-askpass2 gnome-ssh-askpass
|
2004-09-09 09:43:04 +00:00
|
|
|
else
|
2004-09-09 09:43:25 +00:00
|
|
|
make gnome-ssh-askpass1
|
|
|
|
mv gnome-ssh-askpass1 gnome-ssh-askpass
|
2004-09-09 09:43:04 +00:00
|
|
|
fi
|
2004-09-09 09:35:41 +00:00
|
|
|
popd
|
|
|
|
%endif
|
|
|
|
|
2009-10-19 07:32:33 +00:00
|
|
|
%if %{pam_ssh_agent}
|
|
|
|
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
|
|
|
LDFLAGS="$SAVE_LDFLAGS"
|
2013-02-12 08:42:54 +00:00
|
|
|
%configure --with-selinux --libexecdir=/%{_libdir}/security --with-mantype=man
|
2009-10-19 07:32:33 +00:00
|
|
|
make
|
|
|
|
popd
|
|
|
|
%endif
|
|
|
|
|
2009-02-12 18:19:52 +00:00
|
|
|
# Add generation of HMAC checksums of the final stripped binaries
|
|
|
|
%define __spec_install_post \
|
|
|
|
%{?__debug_package:%{__debug_install_post}} \
|
|
|
|
%{__arch_install_post} \
|
|
|
|
%{__os_install_post} \
|
2010-09-08 07:00:22 +00:00
|
|
|
fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_bindir}/ssh $RPM_BUILD_ROOT%{_sbindir}/sshd \
|
2009-02-12 18:19:52 +00:00
|
|
|
%{nil}
|
|
|
|
|
2012-09-15 11:40:43 +00:00
|
|
|
%check
|
|
|
|
#to run tests use "--with check"
|
|
|
|
%if %{?_with_check:1}%{!?_with_check:0}
|
|
|
|
make tests
|
|
|
|
%endif
|
|
|
|
|
2004-09-09 09:35:41 +00:00
|
|
|
%install
|
|
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
|
|
|
|
mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
|
2007-11-20 18:38:37 +00:00
|
|
|
mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
|
2004-09-09 09:35:41 +00:00
|
|
|
make install DESTDIR=$RPM_BUILD_ROOT
|
2010-05-14 08:19:04 +00:00
|
|
|
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ldap.conf
|
2004-09-09 09:35:41 +00:00
|
|
|
|
|
|
|
install -d $RPM_BUILD_ROOT/etc/pam.d/
|
2011-03-29 21:25:53 +00:00
|
|
|
install -d $RPM_BUILD_ROOT/etc/sysconfig/
|
2004-09-09 09:35:41 +00:00
|
|
|
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
|
2010-09-08 07:00:22 +00:00
|
|
|
install -d $RPM_BUILD_ROOT%{_libdir}/fipscheck
|
2008-04-07 20:14:31 +00:00
|
|
|
install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
|
2011-02-28 15:42:58 +00:00
|
|
|
install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat
|
2011-03-29 21:25:53 +00:00
|
|
|
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd
|
2011-06-28 08:35:28 +00:00
|
|
|
install -m755 %{SOURCE13} $RPM_BUILD_ROOT/%{_sbindir}/sshd-keygen
|
2011-04-23 14:15:56 +00:00
|
|
|
install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
|
2013-05-21 16:37:18 +00:00
|
|
|
install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/sshd@.service
|
|
|
|
install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/sshd.socket
|
2011-04-23 11:43:22 +00:00
|
|
|
install -m644 %{SOURCE11} $RPM_BUILD_ROOT/%{_unitdir}/sshd.service
|
2013-05-21 16:37:18 +00:00
|
|
|
install -m644 %{SOURCE12} $RPM_BUILD_ROOT/%{_unitdir}/sshd-keygen.service
|
2005-08-16 11:18:44 +00:00
|
|
|
install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/
|
|
|
|
install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/
|
2004-09-09 09:35:41 +00:00
|
|
|
|
|
|
|
%if ! %{no_gnome_askpass}
|
2011-08-09 13:15:23 +00:00
|
|
|
install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
|
2004-09-09 09:35:41 +00:00
|
|
|
%endif
|
|
|
|
|
2004-09-09 09:47:30 +00:00
|
|
|
%if ! %{no_gnome_askpass}
|
2005-11-22 16:48:57 +00:00
|
|
|
ln -s gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
|
2004-09-09 09:39:27 +00:00
|
|
|
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
|
2004-09-09 09:43:04 +00:00
|
|
|
install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
|
|
|
|
install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
|
2004-09-09 09:47:30 +00:00
|
|
|
%endif
|
2004-09-09 09:35:41 +00:00
|
|
|
|
2004-09-09 09:48:29 +00:00
|
|
|
%if %{no_gnome_askpass}
|
|
|
|
rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.*
|
|
|
|
%endif
|
|
|
|
|
2004-09-09 09:35:41 +00:00
|
|
|
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
|
|
|
|
|
2009-10-19 07:32:33 +00:00
|
|
|
%if %{pam_ssh_agent}
|
|
|
|
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
|
|
|
make install DESTDIR=$RPM_BUILD_ROOT
|
|
|
|
popd
|
|
|
|
%endif
|
2004-09-09 09:35:41 +00:00
|
|
|
%clean
|
|
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
|
2011-04-21 15:22:18 +00:00
|
|
|
%pre
|
|
|
|
getent group ssh_keys >/dev/null || groupadd -r ssh_keys || :
|
|
|
|
|
2004-09-09 09:43:04 +00:00
|
|
|
%pre server
|
2010-05-21 13:23:44 +00:00
|
|
|
getent group sshd >/dev/null || groupadd -g %{sshd_uid} -r sshd || :
|
|
|
|
getent passwd sshd >/dev/null || \
|
2013-04-24 16:08:00 +00:00
|
|
|
useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd \
|
2010-05-21 13:23:44 +00:00
|
|
|
-s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || :
|
2004-09-09 09:43:04 +00:00
|
|
|
|
2004-09-09 09:35:41 +00:00
|
|
|
%post server
|
2013-05-21 16:37:18 +00:00
|
|
|
%systemd_post sshd.service sshd.socket
|
2004-09-09 09:35:41 +00:00
|
|
|
|
|
|
|
%preun server
|
2013-05-21 16:37:18 +00:00
|
|
|
%systemd_preun sshd.service sshd.socket
|
2012-09-14 16:48:08 +00:00
|
|
|
|
|
|
|
%postun server
|
|
|
|
%systemd_postun_with_restart sshd.service
|
2011-06-28 08:35:28 +00:00
|
|
|
|
|
|
|
%triggerun -n openssh-server -- openssh-server < 5.8p2-12
|
|
|
|
/usr/bin/systemd-sysv-convert --save sshd >/dev/null 2>&1 || :
|
|
|
|
/bin/systemctl enable sshd.service >/dev/null 2>&1
|
|
|
|
/sbin/chkconfig --del sshd >/dev/null 2>&1 || :
|
|
|
|
/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
|
2012-04-06 19:01:06 +00:00
|
|
|
|
|
|
|
%triggerun -n openssh-server -- openssh-server < 5.9p1-22
|
|
|
|
/bin/systemctl --no-reload disable sshd-keygen.service >/dev/null 2>&1 || :
|
2011-06-28 08:35:28 +00:00
|
|
|
|
2004-09-09 09:35:41 +00:00
|
|
|
%files
|
|
|
|
%defattr(-,root,root)
|
2011-09-07 13:12:54 +00:00
|
|
|
%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW PROTOCOL* README README.platform README.privsep README.tun README.dns TODO
|
2004-09-09 09:35:41 +00:00
|
|
|
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
|
2014-02-26 14:53:34 +00:00
|
|
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
|
2004-09-09 09:35:41 +00:00
|
|
|
%if ! %{rescue}
|
|
|
|
%attr(0755,root,root) %{_bindir}/ssh-keygen
|
|
|
|
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
|
|
|
|
%attr(0755,root,root) %dir %{_libexecdir}/openssh
|
2011-04-21 15:22:18 +00:00
|
|
|
%attr(2111,root,ssh_keys) %{_libexecdir}/openssh/ssh-keysign
|
2012-01-13 17:28:47 +00:00
|
|
|
%attr(0755,root,root) %{_libexecdir}/openssh/ctr-cavstest
|
2004-09-09 09:43:04 +00:00
|
|
|
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
|
2004-09-09 09:35:41 +00:00
|
|
|
%endif
|
|
|
|
|
|
|
|
%files clients
|
|
|
|
%defattr(-,root,root)
|
2004-09-09 09:43:04 +00:00
|
|
|
%attr(0755,root,root) %{_bindir}/ssh
|
2013-10-08 15:13:39 +00:00
|
|
|
%attr(0644,root,root) %{_libdir}/fipscheck/ssh.hmac
|
2004-09-09 09:35:41 +00:00
|
|
|
%attr(0644,root,root) %{_mandir}/man1/ssh.1*
|
2004-09-09 09:43:25 +00:00
|
|
|
%attr(0755,root,root) %{_bindir}/scp
|
|
|
|
%attr(0644,root,root) %{_mandir}/man1/scp.1*
|
2004-09-09 09:35:41 +00:00
|
|
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
|
2006-07-17 14:09:15 +00:00
|
|
|
%attr(0755,root,root) %{_bindir}/slogin
|
2004-09-09 09:43:25 +00:00
|
|
|
%attr(0644,root,root) %{_mandir}/man1/slogin.1*
|
|
|
|
%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
|
2004-09-09 09:35:41 +00:00
|
|
|
%if ! %{rescue}
|
2010-10-10 03:43:12 +00:00
|
|
|
%attr(2111,root,nobody) %{_bindir}/ssh-agent
|
2004-09-09 09:35:41 +00:00
|
|
|
%attr(0755,root,root) %{_bindir}/ssh-add
|
|
|
|
%attr(0755,root,root) %{_bindir}/ssh-keyscan
|
|
|
|
%attr(0755,root,root) %{_bindir}/sftp
|
2005-08-16 11:18:44 +00:00
|
|
|
%attr(0755,root,root) %{_bindir}/ssh-copy-id
|
2010-03-03 09:36:51 +00:00
|
|
|
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
|
2004-09-09 09:35:41 +00:00
|
|
|
%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
|
|
|
|
%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
|
|
|
|
%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
|
|
|
|
%attr(0644,root,root) %{_mandir}/man1/sftp.1*
|
2005-08-16 11:18:44 +00:00
|
|
|
%attr(0644,root,root) %{_mandir}/man1/ssh-copy-id.1*
|
2010-03-03 09:36:51 +00:00
|
|
|
%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
|
2004-09-09 09:35:41 +00:00
|
|
|
%endif
|
|
|
|
|
|
|
|
%if ! %{rescue}
|
|
|
|
%files server
|
|
|
|
%defattr(-,root,root)
|
2006-07-17 14:09:15 +00:00
|
|
|
%dir %attr(0711,root,root) %{_var}/empty/sshd
|
2004-09-09 09:35:41 +00:00
|
|
|
%attr(0755,root,root) %{_sbindir}/sshd
|
2011-06-28 08:35:28 +00:00
|
|
|
%attr(0755,root,root) %{_sbindir}/sshd-keygen
|
2013-10-08 15:13:39 +00:00
|
|
|
%attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac
|
2004-09-09 09:35:41 +00:00
|
|
|
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
|
2004-09-09 09:43:04 +00:00
|
|
|
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
|
2008-07-23 14:50:23 +00:00
|
|
|
%attr(0644,root,root) %{_mandir}/man5/moduli.5*
|
2004-09-09 09:35:41 +00:00
|
|
|
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
|
|
|
|
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
|
|
|
|
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
|
2005-02-04 13:25:38 +00:00
|
|
|
%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
|
2011-03-29 21:25:53 +00:00
|
|
|
%attr(0640,root,root) %config(noreplace) /etc/sysconfig/sshd
|
2011-04-23 07:13:06 +00:00
|
|
|
%attr(0644,root,root) %{_unitdir}/sshd.service
|
2013-05-21 16:37:18 +00:00
|
|
|
%attr(0644,root,root) %{_unitdir}/sshd@.service
|
|
|
|
%attr(0644,root,root) %{_unitdir}/sshd.socket
|
|
|
|
%attr(0644,root,root) %{_unitdir}/sshd-keygen.service
|
2011-04-28 10:43:31 +00:00
|
|
|
%endif
|
2004-09-09 09:35:41 +00:00
|
|
|
|
2010-05-03 13:32:38 +00:00
|
|
|
%if %{ldap}
|
|
|
|
%files ldap
|
|
|
|
%defattr(-,root,root)
|
2011-03-10 17:26:11 +00:00
|
|
|
%doc HOWTO.ldap-keys openssh-lpk-openldap.schema openssh-lpk-sun.schema ldap.conf
|
2010-05-03 13:32:38 +00:00
|
|
|
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-ldap-helper
|
2011-02-25 11:07:01 +00:00
|
|
|
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-ldap-wrapper
|
2010-05-03 13:32:38 +00:00
|
|
|
%attr(0644,root,root) %{_mandir}/man8/ssh-ldap-helper.8*
|
2010-05-13 13:53:16 +00:00
|
|
|
%attr(0644,root,root) %{_mandir}/man5/ssh-ldap.conf.5*
|
2010-05-03 13:32:38 +00:00
|
|
|
%endif
|
|
|
|
|
2011-02-28 15:42:58 +00:00
|
|
|
%files keycat
|
|
|
|
%defattr(-,root,root)
|
2011-03-04 14:22:12 +00:00
|
|
|
%doc HOWTO.ssh-keycat
|
2011-02-28 15:42:58 +00:00
|
|
|
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-keycat
|
|
|
|
%attr(0644,root,root) %config(noreplace) /etc/pam.d/ssh-keycat
|
|
|
|
|
2004-09-09 09:35:41 +00:00
|
|
|
%if ! %{no_gnome_askpass}
|
2005-11-22 16:48:57 +00:00
|
|
|
%files askpass
|
2004-09-09 09:35:41 +00:00
|
|
|
%defattr(-,root,root)
|
2007-03-19 11:57:36 +00:00
|
|
|
%attr(0644,root,root) %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
|
2004-09-09 09:35:41 +00:00
|
|
|
%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
|
2005-11-22 16:48:57 +00:00
|
|
|
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
|
2004-09-09 09:35:41 +00:00
|
|
|
%endif
|
|
|
|
|
2009-10-19 07:32:33 +00:00
|
|
|
%if %{pam_ssh_agent}
|
|
|
|
%files -n pam_ssh_agent_auth
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%doc pam_ssh_agent_auth-%{pam_ssh_agent_ver}/OPENSSH_LICENSE
|
2013-02-12 08:42:54 +00:00
|
|
|
%attr(0755,root,root) %{_libdir}/security/pam_ssh_agent_auth.so
|
2009-10-19 07:32:33 +00:00
|
|
|
%attr(0644,root,root) %{_mandir}/man8/pam_ssh_agent_auth.8*
|
|
|
|
%endif
|
|
|
|
|
2004-09-09 09:35:01 +00:00
|
|
|
%changelog
|
2014-06-07 17:01:42 +00:00
|
|
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.6.1p1-1.1
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
|
|
2014-06-03 15:52:36 +00:00
|
|
|
* Tue Jun 03 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-1 + 0.9.3-2
|
|
|
|
- disable the curve25519 KEX when speaking to OpenSSH 6.5 or 6.6
|
|
|
|
- add support for ED25519 keys to sshd-keygen and sshd.sysconfig
|
|
|
|
- drop openssh-server-sysvinit subpackage
|
|
|
|
- slightly change systemd units logic - use sshd-keygen.service (#1066615)
|
|
|
|
|
2014-06-03 14:51:07 +00:00
|
|
|
* Tue Jun 03 2014 Petr Lautrbach <plautrba@redhat.com> 6.6p1-1 + 0.9.3-2
|
|
|
|
- new upstream release openssh-6.6p1
|
|
|
|
|
2014-05-15 08:37:16 +00:00
|
|
|
* Thu May 15 2014 Petr Lautrbach <plautrba@redhat.com> 6.4p1-4 + 0.9.3-1
|
|
|
|
- use SSH_COPY_ID_LEGACY variable to run ssh-copy-id in the legacy mode
|
|
|
|
- make /etc/ssh/moduli file public (#1043661)
|
|
|
|
- test existence of /etc/ssh/ssh_host_ecdsa_key in sshd-keygen.service
|
|
|
|
- don't clean up gssapi credentials by default (#1055016)
|
|
|
|
- ssh-agent - try CLOCK_BOOTTIME with fallback (#1091992)
|
|
|
|
- prevent a server from skipping SSHFP lookup - CVE-2014-2653 (#1081338)
|
|
|
|
- ignore environment variables with embedded '=' or '\0' characters - CVE-2014-2532
|
|
|
|
(#1077843)
|
|
|
|
|
2013-12-11 13:32:11 +00:00
|
|
|
* Wed Dec 11 2013 Petr Lautrbach <plautrba@redhat.com> 6.4p1-3 + 0.9.3-1
|
|
|
|
- sshd-keygen - use correct permissions on ecdsa host key (#1023945)
|
|
|
|
- use only rsa and ecdsa host keys by default
|
|
|
|
|
2013-11-26 14:28:39 +00:00
|
|
|
* Tue Nov 26 2013 Petr Lautrbach <plautrba@redhat.com> 6.4p1-2 + 0.9.3-1
|
|
|
|
- fix fatal() cleanup in the audit patch (#1029074)
|
|
|
|
- fix parsing logic of ldap.conf file (#1033662)
|
|
|
|
|
2013-11-08 12:38:07 +00:00
|
|
|
* Fri Nov 08 2013 Petr Lautrbach <plautrba@redhat.com> 6.4p1-1 + 0.9.3-1
|
|
|
|
- new upstream release
|
|
|
|
|
2013-11-01 16:07:27 +00:00
|
|
|
* Fri Nov 01 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-5 + 0.9.3-7
|
|
|
|
- adjust gss kex mechanism to the upstream changes (#1024004)
|
|
|
|
- don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> (#1024965)
|
|
|
|
|
2013-10-25 13:46:49 +00:00
|
|
|
* Fri Oct 25 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-4 + 0.9.3-6
|
|
|
|
- rebuild with the openssl with the ECC support
|
|
|
|
|
2013-10-24 14:38:21 +00:00
|
|
|
* Thu Oct 24 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-3 + 0.9.3-6
|
|
|
|
- don't use SSH_FP_MD5 for fingerprints in FIPS mode
|
|
|
|
|
2013-10-23 21:14:38 +00:00
|
|
|
* Wed Oct 23 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-2 + 0.9.3-6
|
|
|
|
- use default_ccache_name from /etc/krb5.conf for a kerberos cache (#991186)
|
|
|
|
- increase the size of the Diffie-Hellman groups (#1010607)
|
|
|
|
- sshd-keygen to generate ECDSA keys <i.grok@comcast.net> (#1019222)
|
|
|
|
|
2013-10-15 15:53:42 +00:00
|
|
|
* Tue Oct 15 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-1.1 + 0.9.3-6
|
2013-10-14 13:55:03 +00:00
|
|
|
- new upstream release (#1007769)
|
|
|
|
|
2013-10-08 15:28:16 +00:00
|
|
|
* Tue Oct 08 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-9 + 0.9.3-5
|
|
|
|
- use dracut-fips package to determine if a FIPS module is installed
|
|
|
|
- revert -fips subpackages and hmac files suffixes
|
|
|
|
|
2013-09-25 12:13:01 +00:00
|
|
|
* Wed Sep 25 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-8 + 0.9.3-5
|
|
|
|
- sshd-keygen: generate only RSA keys by default (#1010092)
|
|
|
|
- use dist tag in suffixes for hmac checksum files
|
|
|
|
|
2013-09-11 14:54:14 +00:00
|
|
|
* Wed Sep 11 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-7 + 0.9.3-5
|
|
|
|
- use hmac_suffix for ssh{,d} hmac checksums
|
|
|
|
- bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A
|
|
|
|
- automatically restart sshd.service on-failure after 42s interval
|
|
|
|
|
2013-08-28 19:57:17 +00:00
|
|
|
* Thu Aug 29 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-6.1 + 0.9.3-5
|
2013-08-28 19:28:04 +00:00
|
|
|
- add -fips subpackages that contains the FIPS module files
|
|
|
|
|
2013-08-01 07:50:41 +00:00
|
|
|
* Wed Jul 31 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-5 + 0.9.3-5
|
|
|
|
- gssapi credentials need to be stored before a pam session opened (#987792)
|
|
|
|
|
2013-07-23 14:01:17 +00:00
|
|
|
* Tue Jul 23 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-4 + 0.9.3-5
|
|
|
|
- don't show Success for EAI_SYSTEM (#985964)
|
|
|
|
- make sftp's libedit interface marginally multibyte aware (#841771)
|
|
|
|
|
2013-06-17 15:30:04 +00:00
|
|
|
* Mon Jun 17 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-3 + 0.9.3-5
|
|
|
|
- move default gssapi cache to /run/user/<uid> (#848228)
|
|
|
|
|
2013-05-21 16:38:15 +00:00
|
|
|
* Tue May 21 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-2 + 0.9.3-5
|
|
|
|
- add socket activated sshd units to the package (#963268)
|
|
|
|
- fix the example in the HOWTO.ldap-keys
|
|
|
|
|
2013-05-20 07:31:57 +00:00
|
|
|
* Mon May 20 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-1 + 0.9.3-5
|
|
|
|
- new upstream release (#963582)
|
|
|
|
|
2013-04-17 15:12:32 +00:00
|
|
|
* Wed Apr 17 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-4 + 0.9.3-4
|
|
|
|
- don't use export in sysconfig file (#953111)
|
|
|
|
|
2013-04-16 16:15:20 +00:00
|
|
|
* Tue Apr 16 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-3 + 0.9.3-4
|
|
|
|
- sshd.service: use KillMode=process (#890376)
|
|
|
|
- add latest config.{sub,guess} to support aarch64 (#926284)
|
|
|
|
|
2013-04-09 21:25:17 +00:00
|
|
|
* Tue Apr 09 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-2 + 0.9.3-4
|
|
|
|
- keep track of which IndentityFile options were manually supplied and
|
|
|
|
which were default options, and don't warn if the latter are missing.
|
|
|
|
(mindrot#2084)
|
|
|
|
|
2013-04-08 22:07:04 +00:00
|
|
|
* Tue Apr 09 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-1 + 0.9.3-4
|
|
|
|
- new upstream release (#924727)
|
|
|
|
|
2013-03-06 09:41:50 +00:00
|
|
|
* Wed Mar 06 2013 Petr Lautrbach <plautrba@redhat.com> 6.1p1-7 + 0.9.3-3
|
|
|
|
- use SELinux type sshd_net_t for [net] childs (#915085)
|
|
|
|
|
2013-02-14 17:08:21 +00:00
|
|
|
* Thu Feb 14 2013 Petr Lautrbach <plautrba@redhat.com> 6.1p1-6 + 0.9.3-3
|
|
|
|
- fix AuthorizedKeysCommand option
|
|
|
|
|
2013-02-08 13:56:47 +00:00
|
|
|
* Fri Feb 08 2013 Petr Lautrbach <plautrba@redhat.com> 6.1p1-5 + 0.9.3-3
|
|
|
|
- change default value of MaxStartups - CVE-2010-5107 (#908707)
|
|
|
|
|
2012-12-03 16:16:39 +00:00
|
|
|
* Mon Dec 03 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-4 + 0.9.3-3
|
|
|
|
- fix segfault in openssh-5.8p2-force_krb.patch (#882541)
|
|
|
|
|
2012-12-03 09:29:07 +00:00
|
|
|
* Mon Dec 03 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-3 + 0.9.3-3
|
|
|
|
- replace RequiredAuthentications2 with AuthenticationMethods based on upstream
|
|
|
|
- obsolete RequiredAuthentications[12] options
|
|
|
|
- fix openssh-6.1p1-privsep-selinux.patch
|
|
|
|
|
2012-10-26 15:15:55 +00:00
|
|
|
* Fri Oct 26 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-2
|
|
|
|
- add SELinux comment to /etc/ssh/sshd_config about SELinux command to modify port (#861400)
|
|
|
|
- drop required chkconfig (#865498)
|
|
|
|
- drop openssh-5.9p1-sftp-chroot.patch (#830237)
|
|
|
|
|
2012-09-15 11:25:52 +00:00
|
|
|
* Sat Sep 15 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-1 + 0.9.3-3
|
|
|
|
- new upstream release (#852651)
|
|
|
|
- use DIR: kerberos type cache (#848228)
|
|
|
|
- don't use chroot_user_t for chrooted users (#830237)
|
|
|
|
- replace scriptlets with systemd macros (#850249)
|
|
|
|
- don't use /bin and /sbin paths (#856590)
|
|
|
|
|
2012-08-06 19:32:10 +00:00
|
|
|
* Mon Aug 06 2012 Petr Lautrbach <plautrba@redhat.com> 6.0p1-1 + 0.9.3-2
|
|
|
|
- new upstream release
|
|
|
|
|
2012-08-06 17:42:13 +00:00
|
|
|
* Mon Aug 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-26 + 0.9.3-1
|
|
|
|
- change SELinux context also for root user (#827109)
|
|
|
|
|
2012-07-27 12:35:43 +00:00
|
|
|
* Fri Jul 27 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-25 + 0.9.3-1
|
|
|
|
- fix various issues in openssh-5.9p1-required-authentications.patch
|
|
|
|
|
2012-07-17 19:03:59 +00:00
|
|
|
* Tue Jul 17 2012 Tomas Mraz <tmraz@redhat.com> 5.9p1-24 + 0.9.3-1
|
|
|
|
- allow sha256 and sha512 hmacs in the FIPS mode
|
|
|
|
|
2012-06-22 12:52:35 +00:00
|
|
|
* Fri Jun 22 2012 Tomas Mraz <tmraz@redhat.com> 5.9p1-23 + 0.9.3-1
|
|
|
|
- fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent
|
|
|
|
is not running, most probably not exploitable
|
|
|
|
- update pam_ssh_agent_auth to 0.9.3 upstream version
|
|
|
|
|
2012-04-06 19:01:27 +00:00
|
|
|
* Fri Apr 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-22 + 0.9.2-32
|
|
|
|
- don't create RSA1 key in FIPS mode
|
|
|
|
- don't install sshd-keygen.service (#810419)
|
|
|
|
|
2012-03-30 18:07:50 +00:00
|
|
|
* Fri Mar 30 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-21 + 0.9.2-32
|
|
|
|
- fix various issues in openssh-5.9p1-required-authentications.patch
|
|
|
|
|
2012-03-23 08:16:52 +00:00
|
|
|
* Wed Mar 21 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-20 + 0.9.2-32
|
|
|
|
- Fix dependencies in systemd units, don't enable sshd-keygen.service (#805338)
|
|
|
|
|
2012-02-22 08:03:07 +00:00
|
|
|
* Wed Feb 22 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-19 + 0.9.2-32
|
|
|
|
- Look for x11 forward sockets with AI_ADDRCONFIG flag getaddrinfo (#735889)
|
|
|
|
|
2012-02-06 21:16:49 +00:00
|
|
|
* Mon Feb 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-18 + 0.9.2-32
|
|
|
|
- replace TwoFactorAuth with RequiredAuthentications[12]
|
|
|
|
https://bugzilla.mindrot.org/show_bug.cgi?id=983
|
|
|
|
|
2012-01-31 13:09:17 +00:00
|
|
|
* Tue Jan 31 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-17 + 0.9.2-32
|
|
|
|
- run privsep slave process as the users SELinux context (#781634)
|
|
|
|
|
2013-02-08 14:44:40 +00:00
|
|
|
* Tue Dec 13 2011 Tomas Mraz <tmraz@redhat.com> 5.9p1-16 + 0.9.2-32
|
2012-01-13 17:28:47 +00:00
|
|
|
- add CAVS test driver for the aes-ctr ciphers
|
|
|
|
|
2013-02-08 14:44:40 +00:00
|
|
|
* Sun Dec 11 2011 Tomas Mraz <tmraz@redhat.com> 5.9p1-15 + 0.9.2-32
|
2012-01-11 18:11:33 +00:00
|
|
|
- enable aes-ctr ciphers use the EVP engines from OpenSSL such as the AES-NI
|
|
|
|
|
2011-12-06 16:42:00 +00:00
|
|
|
* Tue Dec 06 2011 Petr Lautrbach <plautrba@redhat.com> 5.9p1-14 + 0.9.2-32
|
|
|
|
- warn about unsupported option UsePAM=no (#757545)
|
|
|
|
|
2011-11-21 08:03:05 +00:00
|
|
|
* Mon Nov 21 2011 Tomas Mraz <tmraz@redhat.com> - 5.9p1-13 + 0.9.2-32
|
|
|
|
- add back the restorecon call to ssh-copy-id - it might be needed on older
|
|
|
|
distributions (#739989)
|
|
|
|
|
2011-11-18 08:20:54 +00:00
|
|
|
* Fri Nov 18 2011 Tomas Mraz <tmraz@redhat.com> - 5.9p1-12 + 0.9.2-32
|
|
|
|
- still support /etc/sysconfig/sshd loading in sshd service (#754732)
|
2011-11-18 08:26:19 +00:00
|
|
|
- fix incorrect key permissions generated by sshd-keygen script (#754779)
|
2011-11-18 08:20:54 +00:00
|
|
|
|
2011-10-14 16:19:47 +00:00
|
|
|
* Fri Oct 14 2011 Tomas Mraz <tmraz@redhat.com> - 5.9p1-11 + 0.9.2-32
|
|
|
|
- remove unnecessary requires on initscripts
|
|
|
|
- set VerifyHostKeyDNS to ask in the default configuration (#739856)
|
|
|
|
|
2011-09-19 05:26:32 +00:00
|
|
|
* Mon Sep 19 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-10 + 0.9.2-32
|
|
|
|
- selinux sandbox rewrite
|
|
|
|
- two factor authentication tweaking
|
|
|
|
|
2011-09-14 15:03:03 +00:00
|
|
|
* Wed Sep 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-9 + 0.9.2-32
|
|
|
|
- coverity upgrade
|
|
|
|
- wipe off nonfunctional nss
|
|
|
|
- selinux sandbox tweaking
|
|
|
|
|
2011-09-13 15:14:48 +00:00
|
|
|
* Tue Sep 13 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-8 + 0.9.2-32
|
|
|
|
- coverity upgrade
|
|
|
|
- experimental selinux sandbox
|
|
|
|
|
2011-09-13 05:53:08 +00:00
|
|
|
* Tue Sep 13 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-7 + 0.9.2-32
|
|
|
|
- fully reanable auditing
|
|
|
|
|
2011-09-12 18:44:35 +00:00
|
|
|
* Mon Sep 12 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-6 + 0.9.2-32
|
|
|
|
- repair signedness in akc patch
|
|
|
|
|
2011-09-12 06:34:27 +00:00
|
|
|
* Mon Sep 12 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-5 + 0.9.2-32
|
2011-09-12 06:11:41 +00:00
|
|
|
- temporarily disable part of audit4 patch
|
|
|
|
|
2011-09-09 19:18:35 +00:00
|
|
|
* Fri Sep 9 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-3 + 0.9.2-32
|
|
|
|
- Coverity second pass
|
|
|
|
- Reenable akc patch
|
|
|
|
|
2011-09-08 22:54:28 +00:00
|
|
|
* Thu Sep 8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-2 + 0.9.2-32
|
|
|
|
- Coverity first pass
|
|
|
|
|
2011-09-07 13:31:21 +00:00
|
|
|
* Wed Sep 7 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-1 + 0.9.2-32
|
|
|
|
- Rebase to 5.9p1
|
|
|
|
- Add chroot sftp patch
|
|
|
|
- Add two factor auth patch
|
|
|
|
|
2011-08-23 17:01:59 +00:00
|
|
|
* Tue Aug 23 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-21 + 0.9.2-31
|
|
|
|
- ignore SIGPIPE in ssh keyscan
|
|
|
|
|
2011-08-09 13:15:23 +00:00
|
|
|
* Tue Aug 9 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-20 + 0.9.2-31
|
|
|
|
- save ssh-askpass's debuginfo
|
|
|
|
|
2011-08-08 21:32:31 +00:00
|
|
|
* Mon Aug 8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-19 + 0.9.2-31
|
|
|
|
- compile ssh-askpass with corect CFLAGS
|
|
|
|
|
2011-08-08 11:24:47 +00:00
|
|
|
* Mon Aug 8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-18 + 0.9.2-31
|
|
|
|
- improve selinux's change context log
|
|
|
|
|
2011-08-08 09:57:43 +00:00
|
|
|
* Mon Aug 8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-17 + 0.9.2-31
|
|
|
|
- repair broken man pages
|
|
|
|
|
2011-07-25 07:27:57 +00:00
|
|
|
* Mon Jul 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-16 + 0.9.2-31
|
2011-08-08 09:57:43 +00:00
|
|
|
- rebuild due to broken rpmbiild
|
2011-07-25 07:27:57 +00:00
|
|
|
|
2011-07-21 12:52:20 +00:00
|
|
|
* Thu Jul 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-15 + 0.9.2-31
|
|
|
|
- Do not change context when run under unconfined_t
|
|
|
|
|
2011-07-14 13:15:29 +00:00
|
|
|
* Thu Jul 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-14 + 0.9.2-31
|
2011-07-14 11:46:20 +00:00
|
|
|
- Add postlogin to pam. (#718807)
|
|
|
|
|
2011-06-29 06:03:00 +00:00
|
|
|
* Tue Jun 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-12 + 0.9.2-31
|
2011-06-28 08:35:28 +00:00
|
|
|
- Systemd compatibility according to Mathieu Bridon <bochecha@fedoraproject.org>
|
|
|
|
- Split out the host keygen into their own command, to ease future migration
|
|
|
|
to systemd. Compatitbility with the init script was kept.
|
|
|
|
- Migrate the package to full native systemd unit files, according to the Fedora
|
|
|
|
packaging guidelines.
|
|
|
|
- Prepate the unit files for running an ondemand server. (do not add it actually)
|
|
|
|
|
2011-06-21 09:01:06 +00:00
|
|
|
* Tue Jun 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-10 + 0.9.2-31
|
|
|
|
- Mention IPv6 usage in man pages
|
|
|
|
|
2011-06-20 08:44:49 +00:00
|
|
|
* Mon Jun 20 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-9 + 0.9.2-31
|
2011-06-16 13:44:03 +00:00
|
|
|
- Improve init script
|
|
|
|
|
2011-06-16 08:24:30 +00:00
|
|
|
* Thu Jun 16 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-7 + 0.9.2-31
|
|
|
|
- Add possibility to compile openssh without downstream patches
|
|
|
|
|
2011-06-09 14:10:59 +00:00
|
|
|
* Thu Jun 9 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-6 + 0.9.2-31
|
|
|
|
- remove stale control sockets (#706396)
|
|
|
|
|
2011-05-31 21:09:30 +00:00
|
|
|
* Tue May 31 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-5 + 0.9.2-31
|
|
|
|
- improove entropy manuals
|
|
|
|
|
2011-05-28 20:03:43 +00:00
|
|
|
* Fri May 27 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-4 + 0.9.2-31
|
|
|
|
- improove entropy handling
|
|
|
|
- concat ldap patches
|
|
|
|
|
2011-05-24 17:08:34 +00:00
|
|
|
* Tue May 24 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-3 + 0.9.2-31
|
|
|
|
- improove ldap manuals
|
|
|
|
|
2011-05-22 21:49:15 +00:00
|
|
|
* Mon May 23 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-2 + 0.9.2-31
|
|
|
|
- add gssapi forced command
|
|
|
|
|
2011-05-03 06:37:54 +00:00
|
|
|
* Tue May 3 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-1 + 0.9.2-31
|
2011-05-03 07:27:52 +00:00
|
|
|
- update the openssh version
|
2011-05-03 06:37:54 +00:00
|
|
|
|
2011-04-28 10:43:31 +00:00
|
|
|
* Thu Apr 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-34 + 0.9.2-30
|
|
|
|
- temporarily disabling systemd units
|
|
|
|
|
2011-04-27 10:16:14 +00:00
|
|
|
* Wed Apr 27 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-33 + 0.9.2-30
|
|
|
|
- add flags AI_V4MAPPED and AI_ADDRCONFIG to getaddrinfo
|
|
|
|
|
2011-04-26 19:51:33 +00:00
|
|
|
* Tue Apr 26 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-32 + 0.9.2-30
|
2011-04-26 18:44:25 +00:00
|
|
|
- update scriptlets
|
|
|
|
|
2011-04-23 14:17:45 +00:00
|
|
|
* Fri Apr 22 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-30 + 0.9.2-30
|
2011-04-23 07:13:06 +00:00
|
|
|
- add systemd units
|
|
|
|
|
2011-04-22 09:36:52 +00:00
|
|
|
* Fri Apr 22 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-28 + 0.9.2-30
|
|
|
|
- improving sshd -> passwd transation
|
2011-04-22 09:43:01 +00:00
|
|
|
- add template for .local domain to sshd_config
|
2011-04-22 09:36:52 +00:00
|
|
|
|
2011-04-21 15:22:18 +00:00
|
|
|
* Thu Apr 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-27 + 0.9.2-30
|
|
|
|
- the private keys may be 640 root:ssh_keys ssh_keysign is sgid
|
|
|
|
|
2011-04-20 19:59:24 +00:00
|
|
|
* Wed Apr 20 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-26 + 0.9.2-30
|
|
|
|
- improving sshd -> passwd transation
|
|
|
|
|
2011-04-05 18:54:56 +00:00
|
|
|
* Tue Apr 5 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-25 + 0.9.2-30
|
2011-04-05 18:54:12 +00:00
|
|
|
- the intermediate context is set to sshd_sftpd_t
|
|
|
|
- do not crash in packet.c if no connection
|
|
|
|
|
2011-03-31 11:43:13 +00:00
|
|
|
* Thu Mar 31 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-24 + 0.9.2-30
|
|
|
|
- resolve warnings in port_linux.c
|
|
|
|
|
2011-03-29 21:25:53 +00:00
|
|
|
* Tue Mar 29 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-23 + 0.9.2-30
|
|
|
|
- add /etc/sysconfig/sshd
|
|
|
|
|
2011-03-28 14:40:17 +00:00
|
|
|
* Mon Mar 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-22 + 0.9.2-30
|
|
|
|
- improve reseeding and seed source (documentation)
|
2011-03-27 19:50:47 +00:00
|
|
|
|
2011-03-22 21:05:18 +00:00
|
|
|
* Tue Mar 22 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-20 + 0.9.2-30
|
2011-03-22 18:04:37 +00:00
|
|
|
- use /dev/random or /dev/urandom for seeding prng
|
2011-03-22 21:05:18 +00:00
|
|
|
- improve periodical reseeding of random generator
|
2011-03-22 18:04:37 +00:00
|
|
|
|
2011-03-17 07:18:17 +00:00
|
|
|
* Thu Mar 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-18 + 0.9.2-30
|
|
|
|
- add periodical reseeding of random generator
|
|
|
|
- change selinux contex for internal sftp in do_usercontext
|
|
|
|
- exit(0) after sigterm
|
|
|
|
|
2011-03-10 17:26:11 +00:00
|
|
|
* Thu Mar 10 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-17 + 0.9.2-30
|
|
|
|
- improove ssh-ldap (documentation)
|
|
|
|
|
2011-03-09 07:48:51 +00:00
|
|
|
* Tue Mar 8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-16 + 0.9.2-30
|
|
|
|
- improve session keys audit
|
|
|
|
|
2011-03-07 19:31:52 +00:00
|
|
|
* Mon Mar 7 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-15 + 0.9.2-30
|
|
|
|
- CVE-2010-4755
|
|
|
|
|
2011-03-04 14:22:12 +00:00
|
|
|
* Fri Mar 4 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-14 + 0.9.2-30
|
2011-03-10 17:26:11 +00:00
|
|
|
- improove ssh-keycat (documentation)
|
2011-03-04 14:22:12 +00:00
|
|
|
|
2011-03-03 09:54:47 +00:00
|
|
|
* Thu Mar 3 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-13 + 0.9.2-30
|
|
|
|
- improve audit of logins and auths
|
|
|
|
|
2011-03-01 06:44:22 +00:00
|
|
|
* Tue Mar 1 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-12 + 0.9.2-30
|
|
|
|
- improove ssk-keycat
|
|
|
|
|
2011-02-28 15:42:58 +00:00
|
|
|
* Mon Feb 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-11 + 0.9.2-30
|
|
|
|
- add ssk-keycat
|
|
|
|
|
2011-02-25 11:07:01 +00:00
|
|
|
* Fri Feb 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-10 + 0.9.2-30
|
|
|
|
- reenable auth-keys ldap backend
|
|
|
|
|
2011-02-25 08:30:56 +00:00
|
|
|
* Fri Feb 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-9 + 0.9.2-30
|
|
|
|
- another audit improovements
|
|
|
|
|
2011-02-24 13:17:34 +00:00
|
|
|
* Thu Feb 24 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-8 + 0.9.2-30
|
2011-02-21 18:33:56 +00:00
|
|
|
- another audit improovements
|
2011-02-25 08:30:56 +00:00
|
|
|
- switchable fingerprint mode
|
2011-02-21 18:33:56 +00:00
|
|
|
|
2011-02-17 16:54:23 +00:00
|
|
|
* Thu Feb 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-4 + 0.9.2-30
|
2011-02-25 08:30:56 +00:00
|
|
|
- improve audit of server key management
|
2011-02-17 16:54:23 +00:00
|
|
|
|
2011-02-16 22:36:59 +00:00
|
|
|
* Wed Feb 16 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-3 + 0.9.2-30
|
2011-02-16 16:30:51 +00:00
|
|
|
- improve audit of logins and auths
|
|
|
|
|
2011-02-14 14:32:49 +00:00
|
|
|
* Mon Feb 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-1 + 0.9.2-30
|
|
|
|
- bump openssh version to 5.8p1
|
|
|
|
|
2011-02-09 03:31:13 +00:00
|
|
|
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.6p1-30.1
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
|
|
2011-02-07 19:47:23 +00:00
|
|
|
* Mon Feb 7 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-30 + 0.9.2-29
|
|
|
|
- clean the data structures in the non privileged process
|
2011-02-07 08:21:27 +00:00
|
|
|
- clean the data structures when roaming
|
|
|
|
|
2013-02-08 14:44:40 +00:00
|
|
|
* Wed Feb 2 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-28 + 0.9.2-29
|
2011-01-31 16:04:10 +00:00
|
|
|
- clean the data structures in the privileged process
|
|
|
|
|
2011-01-25 13:06:13 +00:00
|
|
|
* Tue Jan 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-25 + 0.9.2-29
|
|
|
|
- clean the data structures before exit net process
|
|
|
|
|
2011-01-16 22:50:01 +00:00
|
|
|
* Mon Jan 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-24 + 0.9.2-29
|
|
|
|
- make audit compatible with the fips mode
|
|
|
|
|
2011-01-14 08:45:08 +00:00
|
|
|
* Fri Jan 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-23 + 0.9.2-29
|
|
|
|
- add audit of destruction the server keys
|
|
|
|
|
2011-01-12 10:09:58 +00:00
|
|
|
* Wed Jan 12 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-22 + 0.9.2-29
|
|
|
|
- add audit of destruction the session keys
|
|
|
|
|
2010-10-28 11:04:45 +00:00
|
|
|
* Fri Dec 10 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-21 + 0.9.2-29
|
|
|
|
- reenable run sshd as non root user
|
|
|
|
- renable rekeying
|
|
|
|
|
2010-11-24 07:24:42 +00:00
|
|
|
* Wed Nov 24 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-20 + 0.9.2-29
|
|
|
|
- reapair clientloop crash (#627332)
|
2010-11-24 06:49:04 +00:00
|
|
|
- properly restore euid in case connect to the ssh-agent socket fails
|
|
|
|
|
2010-10-10 03:43:12 +00:00
|
|
|
* Mon Nov 22 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-19 + 0.9.2-28
|
|
|
|
- striped read permissions from suid and sgid binaries
|
|
|
|
|
2010-11-15 13:01:18 +00:00
|
|
|
* Mon Nov 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-18 + 0.9.2-27
|
|
|
|
- used upstream version of the biguid patch
|
|
|
|
|
2010-11-15 09:35:33 +00:00
|
|
|
* Mon Nov 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-17 + 0.9.2-27
|
|
|
|
- improoved kuserok patch
|
|
|
|
|
2010-11-05 16:31:30 +00:00
|
|
|
* Fri Nov 5 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-16 + 0.9.2-27
|
|
|
|
- add auditing the host based key ussage
|
|
|
|
- repait X11 abstract layer socket (#648896)
|
|
|
|
|
2010-09-21 03:36:25 +00:00
|
|
|
* Wed Nov 3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-15 + 0.9.2-27
|
|
|
|
- add auditing the kex result
|
|
|
|
|
2013-02-08 14:44:40 +00:00
|
|
|
* Tue Nov 2 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-14 + 0.9.2-27
|
2010-11-02 12:10:33 +00:00
|
|
|
- add auditing the key ussage
|
|
|
|
|
2013-02-08 14:44:40 +00:00
|
|
|
* Wed Oct 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-12 + 0.9.2-27
|
2010-10-22 13:45:07 +00:00
|
|
|
- update gsskex patch (#645389)
|
|
|
|
|
2010-10-20 09:52:05 +00:00
|
|
|
* Wed Oct 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-11 + 0.9.2-27
|
|
|
|
- rebase linux audit according to upstream
|
|
|
|
|
2010-08-31 19:47:07 +00:00
|
|
|
* Fri Oct 1 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-10 + 0.9.2-27
|
|
|
|
- add missing headers to linux audit
|
|
|
|
|
2010-09-29 07:17:40 +00:00
|
|
|
* Wed Sep 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-9 + 0.9.2-27
|
|
|
|
- audit module now uses openssh audit framevork
|
|
|
|
|
2010-09-15 13:55:55 +00:00
|
|
|
* Wed Sep 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-8 + 0.9.2-27
|
|
|
|
- Add the GSSAPI kuserok switch to the kuserok patch
|
|
|
|
|
2010-09-15 08:07:41 +00:00
|
|
|
* Wed Sep 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-7 + 0.9.2-27
|
|
|
|
- Repaired the kuserok patch
|
|
|
|
|
2010-09-13 11:02:01 +00:00
|
|
|
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-6 + 0.9.2-27
|
|
|
|
- Repaired the problem with puting entries with very big uid into lastlog
|
|
|
|
|
2010-09-13 09:38:26 +00:00
|
|
|
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-5 + 0.9.2-27
|
|
|
|
- Merging selabel patch with the upstream version. (#632914)
|
|
|
|
|
2010-09-13 08:26:50 +00:00
|
|
|
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-4 + 0.9.2-27
|
2010-09-13 09:38:26 +00:00
|
|
|
- Tweaking selabel patch to work properly without selinux rules loaded. (#632914)
|
2010-09-13 08:26:50 +00:00
|
|
|
|
2010-09-08 07:00:22 +00:00
|
|
|
* Wed Sep 8 2010 Tomas Mraz <tmraz@redhat.com> - 5.6p1-3 + 0.9.2-27
|
|
|
|
- Make fipscheck hmacs compliant with FHS - requires new fipscheck
|
|
|
|
|
2010-09-08 06:41:29 +00:00
|
|
|
* Fri Sep 3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-2 + 0.9.2-27
|
|
|
|
- Added -z relro -z now to LDFLAGS
|
|
|
|
|
2010-08-12 05:41:58 +00:00
|
|
|
* Fri Sep 3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-1 + 0.9.2-27
|
|
|
|
- Rebased to openssh5.6p1
|
|
|
|
|
2010-07-07 13:48:36 +00:00
|
|
|
* Wed Jul 7 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-18 + 0.9.2-26
|
|
|
|
- merged with newer bugzilla's version of authorized keys command patch
|
|
|
|
|
2010-06-30 14:50:51 +00:00
|
|
|
* Wed Jun 30 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-17 + 0.9.2-26
|
|
|
|
- improved the x11 patch according to upstream (#598671)
|
|
|
|
|
2013-02-08 14:44:40 +00:00
|
|
|
* Fri Jun 25 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-16 + 0.9.2-26
|
2010-06-25 12:08:42 +00:00
|
|
|
- improved the x11 patch (#598671)
|
|
|
|
|
2010-06-24 07:02:37 +00:00
|
|
|
* Thu Jun 24 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-15 + 0.9.2-26
|
|
|
|
- changed _PATH_UNIX_X to unexistent file name (#598671)
|
|
|
|
|
2010-06-23 13:53:38 +00:00
|
|
|
* Wed Jun 23 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-14 + 0.9.2-26
|
|
|
|
- sftp works in deviceless chroot again (broken from 5.5p1-3)
|
|
|
|
|
2010-06-08 10:06:35 +00:00
|
|
|
* Tue Jun 8 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-13 + 0.9.2-26
|
|
|
|
- add option to switch out krb5_kuserok
|
|
|
|
|
2010-05-21 13:23:44 +00:00
|
|
|
* Fri May 21 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-12 + 0.9.2-26
|
|
|
|
- synchronize uid and gid for the user sshd
|
|
|
|
|
2010-05-20 07:02:32 +00:00
|
|
|
* Thu May 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-11 + 0.9.2-26
|
|
|
|
- Typo in ssh-ldap.conf(5) and ssh-ladap-helper(8)
|
|
|
|
|
2010-05-14 08:19:04 +00:00
|
|
|
* Fri May 14 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-10 + 0.9.2-26
|
|
|
|
- Repair the reference in man ssh-ldap-helper(8)
|
|
|
|
- Repair the PubkeyAgent section in sshd_config(5)
|
|
|
|
- Provide example ldap.conf
|
|
|
|
|
2010-05-13 13:53:16 +00:00
|
|
|
* Thu May 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-9 + 0.9.2-26
|
|
|
|
- Make the Ldap configuration widely compatible
|
|
|
|
- create the aditional docs for LDAP support.
|
|
|
|
|
2010-05-06 14:01:16 +00:00
|
|
|
* Thu May 6 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-8 + 0.9.2-26
|
|
|
|
- Make LDAP config elements TLS_CACERT and TLS_REQCERT compatiple with pam_ldap (#589360)
|
|
|
|
|
2010-05-06 09:39:44 +00:00
|
|
|
* Thu May 6 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-7 + 0.9.2-26
|
|
|
|
- Make LDAP config element tls_checkpeer compatiple with nss_ldap (#589360)
|
|
|
|
|
2010-05-04 07:27:28 +00:00
|
|
|
* Tue May 4 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-6 + 0.9.2-26
|
|
|
|
- Comment spec.file
|
|
|
|
- Sync patches from upstream
|
|
|
|
|
2010-05-03 13:32:38 +00:00
|
|
|
* Mon May 3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-5 + 0.9.2-26
|
|
|
|
- Create separate ldap package
|
|
|
|
- Tweak the ldap patch
|
|
|
|
- Rename stderr patch properly
|
|
|
|
|
2013-02-08 14:44:40 +00:00
|
|
|
* Thu Apr 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-4 + 0.9.2-26
|
2010-04-28 11:07:03 +00:00
|
|
|
- Added LDAP support
|
|
|
|
|
2010-04-26 09:50:26 +00:00
|
|
|
* Mon Apr 26 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-3 + 0.9.2-26
|
|
|
|
- Ignore .bashrc output to stderr in the subsystems
|
|
|
|
|
2010-04-20 07:25:26 +00:00
|
|
|
* Tue Apr 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-2 + 0.9.2-26
|
|
|
|
- Drop dependency on man
|
|
|
|
|
2010-04-16 08:09:50 +00:00
|
|
|
* Fri Apr 16 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-1 + 0.9.2-26
|
|
|
|
- Update to 5.5p1
|
|
|
|
|
2010-03-19 20:21:36 +00:00
|
|
|
* Fri Mar 12 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-3 + 0.9.2-25
|
2010-03-19 20:11:25 +00:00
|
|
|
- repair configure script of pam_ssh_agent
|
2010-03-19 20:21:36 +00:00
|
|
|
- repair error mesage in ssh-keygen
|
2010-03-19 20:11:25 +00:00
|
|
|
|
2010-03-12 10:47:29 +00:00
|
|
|
* Fri Mar 12 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-2
|
|
|
|
- source krb5-devel profile script only if exists
|
|
|
|
|
2010-03-09 06:54:34 +00:00
|
|
|
* Tue Mar 9 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-1
|
|
|
|
- Update to 5.4p1
|
2010-03-09 09:58:14 +00:00
|
|
|
- discontinued support for nss-keys
|
|
|
|
- discontinued support for scard
|
2010-03-09 06:54:34 +00:00
|
|
|
|
2010-03-03 09:36:51 +00:00
|
|
|
* Wed Mar 3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-0.snap20100302.1
|
|
|
|
- Prepare update to 5.4p1
|
|
|
|
|
2010-02-15 12:20:04 +00:00
|
|
|
* Mon Feb 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-22
|
|
|
|
- ImplicitDSOLinking (#564824)
|
|
|
|
|
2010-01-29 10:20:07 +00:00
|
|
|
* Fri Jan 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-21
|
|
|
|
- Allow to use hardware crypto if awailable (#559555)
|
|
|
|
|
2010-01-25 18:59:02 +00:00
|
|
|
* Mon Jan 25 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-20
|
|
|
|
- optimized FD_CLOEXEC on accept socket (#541809)
|
|
|
|
|
2010-01-25 14:36:10 +00:00
|
|
|
* Mon Jan 25 2010 Tomas Mraz <tmraz@redhat.com> - 5.3p1-19
|
|
|
|
- updated pam_ssh_agent_auth to new version from upstream (just
|
|
|
|
a licence change)
|
|
|
|
|
2010-01-21 09:00:42 +00:00
|
|
|
* Thu Jan 21 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-18
|
|
|
|
- optimized RAND_cleanup patch (#557166)
|
|
|
|
|
2010-01-20 18:43:25 +00:00
|
|
|
* Wed Jan 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-17
|
|
|
|
- add RAND_cleanup at the exit of each program using RAND (#557166)
|
|
|
|
|
2010-01-19 09:07:39 +00:00
|
|
|
* Tue Jan 19 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-16
|
|
|
|
- set FD_CLOEXEC on accepted socket (#541809)
|
|
|
|
|
2010-01-11 08:32:06 +00:00
|
|
|
* Fri Jan 8 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-15
|
2010-01-08 11:30:34 +00:00
|
|
|
- replaced define by global in macros
|
|
|
|
|
2010-01-05 09:27:12 +00:00
|
|
|
* Tue Jan 5 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-14
|
|
|
|
- Update the pka patch
|
|
|
|
|
2009-12-21 10:54:59 +00:00
|
|
|
* Mon Dec 21 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-13
|
|
|
|
- Update the audit patch
|
|
|
|
|
2009-12-04 13:31:18 +00:00
|
|
|
* Fri Dec 4 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-12
|
|
|
|
- Add possibility to autocreate only RSA key into initscript (#533339)
|
|
|
|
|
2009-11-27 13:22:15 +00:00
|
|
|
* Fri Nov 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-11
|
|
|
|
- Prepare NSS key patch for future SEC_ERROR_LOCKED_PASSWORD (#537411)
|
|
|
|
|
2009-11-24 13:53:46 +00:00
|
|
|
* Tue Nov 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-10
|
|
|
|
- Update NSS key patch (#537411, #356451)
|
|
|
|
|
|
|
|
* Fri Nov 20 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-9
|
2009-11-20 15:06:47 +00:00
|
|
|
- Add gssapi key exchange patch (#455351)
|
|
|
|
|
2009-11-20 10:51:18 +00:00
|
|
|
* Fri Nov 20 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-8
|
|
|
|
- Add public key agent patch (#455350)
|
|
|
|
|
2009-11-02 11:29:48 +00:00
|
|
|
* Mon Nov 2 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-7
|
|
|
|
- Repair canohost patch to allow gssapi to work when host is acessed via pipe proxy (#531849)
|
|
|
|
|
2009-10-29 09:30:48 +00:00
|
|
|
* Thu Oct 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-6
|
|
|
|
- Modify the init script to prevent it to hang during generating the keys (#515145)
|
|
|
|
|
2009-10-27 13:48:48 +00:00
|
|
|
* Tue Oct 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-5
|
|
|
|
- Add README.nss
|
|
|
|
|
2009-10-19 07:32:33 +00:00
|
|
|
* Mon Oct 19 2009 Tomas Mraz <tmraz@redhat.com> - 5.3p1-4
|
|
|
|
- Add pam_ssh_agent_auth module to a subpackage.
|
|
|
|
|
2009-10-17 07:46:49 +00:00
|
|
|
* Fri Oct 16 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-3
|
|
|
|
- Reenable audit.
|
|
|
|
|
2009-10-02 13:50:30 +00:00
|
|
|
* Fri Oct 2 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-2
|
2009-10-02 13:17:07 +00:00
|
|
|
- Upgrade to new wersion 5.3p1
|
|
|
|
|
2009-09-30 06:43:43 +00:00
|
|
|
* Tue Sep 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-29
|
|
|
|
- Resolve locking in ssh-add (#491312)
|
|
|
|
|
2009-09-24 16:05:27 +00:00
|
|
|
* Thu Sep 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-28
|
2009-09-24 12:34:16 +00:00
|
|
|
- Repair initscript to be acord to guidelines (#521860)
|
|
|
|
- Add bugzilla# to application of edns and xmodifiers patch
|
|
|
|
|
2009-09-16 08:12:30 +00:00
|
|
|
* Wed Sep 16 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-26
|
|
|
|
- Changed pam stack to password-auth
|
|
|
|
|
2009-09-11 08:04:22 +00:00
|
|
|
* Fri Sep 11 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-25
|
|
|
|
- Dropped homechroot patch
|
|
|
|
|
2009-09-07 10:20:22 +00:00
|
|
|
* Mon Sep 7 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-24
|
|
|
|
- Add check for nosuid, nodev in homechroot
|
|
|
|
|
2009-09-01 18:51:41 +00:00
|
|
|
* Tue Sep 1 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-23
|
|
|
|
- add correct patch for ip-opts
|
|
|
|
|
2009-09-01 14:02:15 +00:00
|
|
|
* Tue Sep 1 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-22
|
|
|
|
- replace ip-opts patch by an upstream candidate version
|
|
|
|
|
2009-08-31 12:40:05 +00:00
|
|
|
* Mon Aug 31 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-21
|
2009-08-31 12:38:20 +00:00
|
|
|
- rearange selinux patch to be acceptable for upstream
|
|
|
|
- replace seftp patch by an upstream version
|
|
|
|
|
2009-08-28 21:46:27 +00:00
|
|
|
* Fri Aug 28 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-20
|
|
|
|
- merged xmodifiers to redhat patch
|
|
|
|
- merged gssapi-role to selinux patch
|
|
|
|
- merged cve-2007_3102 to audit patch
|
|
|
|
- sesftp patch only with WITH_SELINUX flag
|
2009-08-28 22:43:53 +00:00
|
|
|
- rearange sesftp patch according to upstream request
|
2009-08-28 21:46:27 +00:00
|
|
|
|
2009-08-26 11:01:42 +00:00
|
|
|
* Wed Aug 26 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-19
|
|
|
|
- minor change in sesftp patch
|
|
|
|
|
2009-08-21 15:08:09 +00:00
|
|
|
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-18
|
|
|
|
- rebuilt with new openssl
|
|
|
|
|
2009-07-30 08:29:01 +00:00
|
|
|
* Thu Jul 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-17
|
2009-09-24 12:34:16 +00:00
|
|
|
- Added dnssec support. (#205842)
|
2009-07-30 08:29:01 +00:00
|
|
|
|
2009-07-25 20:53:38 +00:00
|
|
|
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.2p1-16
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
|
|
2009-07-24 06:15:35 +00:00
|
|
|
* Fri Jul 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-15
|
|
|
|
- only INTERNAL_SFTP can be home-chrooted
|
|
|
|
- save _u and _r parts of context changing to sftpd_t
|
|
|
|
|
2009-07-17 07:06:59 +00:00
|
|
|
* Fri Jul 17 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-14
|
|
|
|
- changed internal-sftp context to sftpd_t
|
|
|
|
|
|
|
|
* Fri Jul 3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-13
|
|
|
|
- changed home length path patch to upstream version
|
|
|
|
|
|
|
|
* Tue Jun 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-12
|
2009-06-30 10:26:13 +00:00
|
|
|
- create '~/.ssh/known_hosts' within proper context
|
|
|
|
|
2009-06-29 20:51:17 +00:00
|
|
|
* Mon Jun 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-11
|
|
|
|
- length of home path in ssh now limited by PATH_MAX
|
2009-06-30 10:26:13 +00:00
|
|
|
- correct timezone with daylight processing
|
2009-06-29 20:51:17 +00:00
|
|
|
|
2009-06-27 06:24:04 +00:00
|
|
|
* Sat Jun 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-10
|
|
|
|
- final version chroot %%h (sftp only)
|
|
|
|
|
2009-06-23 17:59:23 +00:00
|
|
|
* Tue Jun 23 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-9
|
|
|
|
- repair broken ls in chroot %%h
|
|
|
|
|
2009-06-12 12:57:27 +00:00
|
|
|
* Fri Jun 12 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-8
|
2009-09-24 12:34:16 +00:00
|
|
|
- add XMODIFIERS to exported environment (#495690)
|
2009-06-12 12:12:51 +00:00
|
|
|
|
2009-05-15 14:44:21 +00:00
|
|
|
* Fri May 15 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-6
|
|
|
|
- allow only protocol 2 in the FIPS mode
|
|
|
|
|
2009-04-30 12:03:29 +00:00
|
|
|
* Thu Apr 30 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-5
|
|
|
|
- do integrity verification only on binaries which are part
|
|
|
|
of the OpenSSH FIPS modules
|
|
|
|
|
2009-04-20 12:18:49 +00:00
|
|
|
* Mon Apr 20 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-4
|
|
|
|
- log if FIPS mode is initialized
|
|
|
|
- make aes-ctr cipher modes work in the FIPS mode
|
|
|
|
|
2009-04-03 12:37:30 +00:00
|
|
|
* Fri Apr 3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-3
|
|
|
|
- fix logging after chroot
|
2009-04-03 13:03:29 +00:00
|
|
|
- enable non root users to use chroot %%h in internal-sftp
|
2009-04-03 12:37:30 +00:00
|
|
|
|
2009-03-13 10:32:52 +00:00
|
|
|
* Fri Mar 13 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-2
|
|
|
|
- add AES-CTR ciphers to the FIPS mode proposal
|
|
|
|
|
|
|
|
* Mon Mar 9 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-1
|
2009-03-10 11:54:44 +00:00
|
|
|
- upgrade to new upstream release
|
|
|
|
|
2009-02-26 08:48:36 +00:00
|
|
|
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.1p1-8
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
|
|
2009-02-12 18:19:52 +00:00
|
|
|
* Thu Feb 12 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-7
|
|
|
|
- drop obsolete triggers
|
|
|
|
- add testing FIPS mode support
|
|
|
|
- LSBize the initscript (#247014)
|
|
|
|
|
2009-01-30 15:44:41 +00:00
|
|
|
* Fri Jan 30 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-6
|
|
|
|
- enable use of ssl engines (#481100)
|
|
|
|
|
2009-01-15 10:52:07 +00:00
|
|
|
* Thu Jan 15 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-5
|
|
|
|
- remove obsolete --with-rsh (#478298)
|
|
|
|
- add pam_sepermit to allow blocking confined users in permissive mode
|
|
|
|
(#471746)
|
|
|
|
- move system-auth after pam_selinux in the session stack
|
|
|
|
|
2008-12-11 21:48:41 +00:00
|
|
|
* Thu Dec 11 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-4
|
|
|
|
- set FD_CLOEXEC on channel sockets (#475866)
|
|
|
|
- adjust summary
|
|
|
|
- adjust nss-keys patch so it is applicable without selinux patches (#470859)
|
|
|
|
|
2008-10-17 08:34:36 +00:00
|
|
|
* Fri Oct 17 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-3
|
|
|
|
- fix compatibility with some servers (#466818)
|
|
|
|
|
2008-07-31 09:22:18 +00:00
|
|
|
* Thu Jul 31 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-2
|
|
|
|
- fixed zero length banner problem (#457326)
|
|
|
|
|
2008-07-23 14:50:23 +00:00
|
|
|
* Wed Jul 23 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-1
|
|
|
|
- upgrade to new upstream release
|
|
|
|
- fixed a problem with public key authentication and explicitely
|
|
|
|
specified SELinux role
|
|
|
|
|
2008-05-21 08:16:23 +00:00
|
|
|
* Wed May 21 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-3
|
|
|
|
- pass the connection socket to ssh-keysign (#447680)
|
|
|
|
|
2008-05-19 16:53:29 +00:00
|
|
|
* Mon May 19 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-2
|
|
|
|
- add LANGUAGE to accepted/sent environment variables (#443231)
|
|
|
|
- use pam_selinux to obtain the user context instead of doing it itself
|
|
|
|
- unbreak server keep alive settings (patch from upstream)
|
|
|
|
- small addition to scp manpage
|
|
|
|
|
2008-04-07 20:14:31 +00:00
|
|
|
* Mon Apr 7 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-1
|
|
|
|
- upgrade to new upstream (#441066)
|
|
|
|
- prevent initscript from killing itself on halt with upstart (#438449)
|
|
|
|
- initscript status should show that the daemon is running
|
|
|
|
only when the main daemon is still alive (#430882)
|
|
|
|
|
|
|
|
* Thu Mar 6 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-10
|
|
|
|
- fix race on control master and cleanup stale control socket (#436311)
|
|
|
|
patches by David Woodhouse
|
|
|
|
|
2008-02-29 16:34:03 +00:00
|
|
|
* Fri Feb 29 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-9
|
|
|
|
- set FD_CLOEXEC on client socket
|
|
|
|
- apply real fix for window size problem (#286181) from upstream
|
|
|
|
- apply fix for the spurious failed bind from upstream
|
|
|
|
- apply open handle leak in sftp fix from upstream
|
|
|
|
|
2008-02-13 03:52:43 +00:00
|
|
|
* Tue Feb 12 2008 Dennis Gilmore <dennis@ausil.us> - 4.7p1-8
|
|
|
|
- we build for sparcv9 now and it needs -fPIE
|
|
|
|
|
2008-01-03 17:45:59 +00:00
|
|
|
* Thu Jan 3 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-7
|
|
|
|
- fix gssapi auth with explicit selinux role requested (#427303) - patch
|
|
|
|
by Nalin Dahyabhai
|
|
|
|
|
2007-12-04 19:03:49 +00:00
|
|
|
* Tue Dec 4 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-6
|
2007-12-04 18:58:25 +00:00
|
|
|
- explicitly source krb5-devel profile script
|
2007-12-04 19:03:49 +00:00
|
|
|
|
|
|
|
* Tue Dec 04 2007 Release Engineering <rel-eng at fedoraproject dot org> - 4.7p1-5
|
|
|
|
- Rebuild for openssl bump
|
2007-12-04 18:47:33 +00:00
|
|
|
|
2007-11-20 15:04:37 +00:00
|
|
|
* Tue Nov 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-4
|
2007-11-20 14:53:45 +00:00
|
|
|
- do not copy /etc/localtime into the chroot as it is not
|
|
|
|
necessary anymore (#193184)
|
|
|
|
- call setkeycreatecon when selinux context is established
|
|
|
|
- test for NULL privk when freeing key (#391871) - patch by
|
|
|
|
Pierre Ossman
|
|
|
|
|
2007-09-17 21:33:02 +00:00
|
|
|
* Mon Sep 17 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-2
|
|
|
|
- revert default window size adjustments (#286181)
|
|
|
|
|
2007-09-06 19:49:16 +00:00
|
|
|
* Thu Sep 6 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-1
|
|
|
|
- upgrade to latest upstream
|
|
|
|
- use libedit in sftp (#203009)
|
|
|
|
- fixed audit log injection problem (CVE-2007-3102)
|
|
|
|
|
2007-08-09 18:33:41 +00:00
|
|
|
* Thu Aug 9 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-8
|
|
|
|
- fix sftp client problems on write error (#247802)
|
|
|
|
- allow disabling autocreation of server keys (#235466)
|
|
|
|
|
2007-06-20 17:47:18 +00:00
|
|
|
* Wed Jun 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-7
|
|
|
|
- experimental NSS keys support
|
|
|
|
- correctly setup context when empty level requested (#234951)
|
|
|
|
|
2007-03-20 09:13:40 +00:00
|
|
|
* Tue Mar 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-6
|
|
|
|
- mls level check must be done with default role same as requested
|
|
|
|
|
2007-03-19 11:57:36 +00:00
|
|
|
* Mon Mar 19 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-5
|
|
|
|
- make profile.d/gnome-ssh-askpass.* regular files (#226218)
|
|
|
|
|
2013-02-08 14:44:40 +00:00
|
|
|
* Tue Feb 27 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-4
|
2007-03-01 08:28:22 +00:00
|
|
|
- reject connection if requested mls range is not obtained (#229278)
|
|
|
|
|
2013-02-08 14:44:40 +00:00
|
|
|
* Thu Feb 22 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-3
|
2007-02-22 13:00:51 +00:00
|
|
|
- improve Buildroot
|
|
|
|
- remove duplicate /etc/ssh from files
|
|
|
|
|
2007-01-16 20:58:00 +00:00
|
|
|
* Tue Jan 16 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-2
|
|
|
|
- support mls on labeled networks (#220487)
|
|
|
|
- support mls level selection on unlabeled networks
|
|
|
|
- allow / in usernames in scp (only beginning /, ./, and ../ is special)
|
|
|
|
|
2006-12-21 13:42:47 +00:00
|
|
|
* Thu Dec 21 2006 Tomas Mraz <tmraz@redhat.com> - 4.5p1-1
|
|
|
|
- update to 4.5p1 (#212606)
|
|
|
|
|
2006-11-30 10:50:12 +00:00
|
|
|
* Thu Nov 30 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-14
|
|
|
|
- fix gssapi with DNS loadbalanced clusters (#216857)
|
|
|
|
|
2006-11-28 21:14:50 +00:00
|
|
|
* Tue Nov 28 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-13
|
|
|
|
- improved pam_session patch so it doesn't regress, the patch is necessary
|
|
|
|
for the pam_session_close to be called correctly as uid 0
|
|
|
|
|
2006-11-10 10:00:04 +00:00
|
|
|
* Fri Nov 10 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-12
|
|
|
|
- CVE-2006-5794 - properly detect failed key verify in monitor (#214641)
|
|
|
|
|
2006-11-02 13:33:37 +00:00
|
|
|
* Thu Nov 2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-11
|
|
|
|
- merge sshd initscript patches
|
|
|
|
- kill all ssh sessions when stop is called in halt or reboot runlevel
|
|
|
|
- remove -TERM option from killproc so we don't race on sshd restart
|
|
|
|
|
2006-10-02 17:35:50 +00:00
|
|
|
* Mon Oct 2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-10
|
|
|
|
- improve gssapi-no-spnego patch (#208102)
|
|
|
|
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
|
|
|
|
- CVE-2006-5051 - don't call cleanups from signal handler (#208459)
|
|
|
|
|
2006-08-23 21:06:38 +00:00
|
|
|
* Wed Aug 23 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-9
|
|
|
|
- don't report duplicate syslog messages, use correct local time (#189158)
|
|
|
|
- don't allow spnego as gssapi mechanism (from upstream)
|
|
|
|
- fixed memleaks found by Coverity (from upstream)
|
|
|
|
- allow ip options except source routing (#202856) (patch by HP)
|
|
|
|
|
2006-08-08 11:58:33 +00:00
|
|
|
* Tue Aug 8 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-8
|
|
|
|
- drop the pam-session patch from the previous build (#201341)
|
|
|
|
- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)
|
|
|
|
|
2006-07-20 11:06:42 +00:00
|
|
|
* Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-7
|
|
|
|
- dropped old ssh obsoletes
|
|
|
|
- call the pam_session_open/close from the monitor when privsep is
|
|
|
|
enabled so it is always called as root (patch by Darren Tucker)
|
|
|
|
|
2006-07-17 14:09:15 +00:00
|
|
|
* Mon Jul 17 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-6
|
|
|
|
- improve selinux patch (by Jan Kiszka)
|
|
|
|
- upstream patch for buffer append space error (#191940)
|
|
|
|
- fixed typo in configure.ac (#198986)
|
|
|
|
- added pam_keyinit to pam configuration (#198628)
|
|
|
|
- improved error message when askpass dialog cannot grab
|
|
|
|
keyboard input (#198332)
|
|
|
|
- buildrequires xauth instead of xorg-x11-xauth
|
|
|
|
- fixed a few rpmlint warnings
|
|
|
|
|
2006-07-12 07:35:41 +00:00
|
|
|
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 4.3p2-5.1
|
|
|
|
- rebuild
|
|
|
|
|
2006-04-14 08:26:10 +00:00
|
|
|
* Fri Apr 14 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-5
|
|
|
|
- don't request pseudoterminal allocation if stdin is not tty (#188983)
|
|
|
|
|
2006-03-02 21:37:28 +00:00
|
|
|
* Thu Mar 2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-4
|
|
|
|
- allow access if audit is not compiled in kernel (#183243)
|
|
|
|
|
2006-02-24 14:07:41 +00:00
|
|
|
* Fri Feb 24 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-3
|
|
|
|
- enable the subprocess in chroot to send messages to system log
|
|
|
|
- sshd should prevent login if audit call fails
|
|
|
|
|
2006-02-21 16:00:42 +00:00
|
|
|
* Tue Feb 21 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-2
|
|
|
|
- print error from scp if not remote (patch by Bjorn Augustsson #178923)
|
|
|
|
|
2006-02-13 14:11:41 +00:00
|
|
|
* Mon Feb 13 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-1
|
|
|
|
- new version
|
|
|
|
|
2006-02-11 04:53:48 +00:00
|
|
|
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 4.3p1-2.1
|
|
|
|
- bump again for double-long bug on ppc(64)
|
|
|
|
|
2006-02-06 20:16:03 +00:00
|
|
|
* Mon Feb 6 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p1-2
|
|
|
|
- fixed another place where syslog was called in signal handler
|
|
|
|
- pass locale environment variables to server, accept them there (#179851)
|
|
|
|
|
2006-02-01 16:26:13 +00:00
|
|
|
* Wed Feb 1 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p1-1
|
|
|
|
- new version, dropped obsolete patches
|
|
|
|
|
2005-12-20 14:44:46 +00:00
|
|
|
* Tue Dec 20 2005 Tomas Mraz <tmraz@redhat.com> - 4.2p1-10
|
|
|
|
- hopefully make the askpass dialog less confusing (#174765)
|
|
|
|
|
2005-12-09 22:42:35 +00:00
|
|
|
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
|
|
|
- rebuilt
|
|
|
|
|
2005-11-22 16:48:57 +00:00
|
|
|
* Tue Nov 22 2005 Tomas Mraz <tmraz@redhat.com> - 4.2p1-9
|
|
|
|
- drop x11-ssh-askpass from the package
|
|
|
|
- drop old build_6x ifs from spec file
|
|
|
|
- improve gnome-ssh-askpass so it doesn't reveal number of passphrase
|
|
|
|
characters to person looking at the display
|
|
|
|
- less hackish fix for the __USE_GNU problem
|
|
|
|
|
2005-11-18 17:03:02 +00:00
|
|
|
* Fri Nov 18 2005 Nalin Dahyabhai <nalin@redhat.com> - 4.2p1-8
|
|
|
|
- work around missing gccmakedep by wrapping makedepend in a local script
|
2005-11-18 17:12:23 +00:00
|
|
|
- remove now-obsolete build dependency on "xauth"
|
2005-11-18 17:03:02 +00:00
|
|
|
|
2005-11-17 19:47:35 +00:00
|
|
|
* Thu Nov 17 2005 Warren Togami <wtogami@redhat.com> - 4.2p1-7
|
2005-11-17 20:02:37 +00:00
|
|
|
- xorg-x11-devel -> libXt-devel
|
|
|
|
- rebuild for new xauth location so X forwarding works
|
2005-11-18 04:37:53 +00:00
|
|
|
- buildreq audit-libs-devel
|
|
|
|
- buildreq automake for aclocal
|
|
|
|
- buildreq imake for xmkmf
|
|
|
|
- -D_GNU_SOURCE in flags in order to get it to build
|
|
|
|
Ugly hack to workaround openssh defining __USE_GNU which is
|
|
|
|
not allowed and causes problems according to Ulrich Drepper
|
|
|
|
fix this the correct way after FC5test1
|
2005-11-17 19:47:35 +00:00
|
|
|
|
2005-11-10 00:10:18 +00:00
|
|
|
* Wed Nov 9 2005 Jeremy Katz <katzj@redhat.com> - 4.2p1-6
|
|
|
|
- rebuild against new openssl
|
|
|
|
|
2005-10-28 16:02:53 +00:00
|
|
|
* Fri Oct 28 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-5
|
|
|
|
- put back the possibility to skip SELinux patch
|
|
|
|
- add patch for user login auditing by Steve Grubb
|
|
|
|
|
2005-10-18 20:57:59 +00:00
|
|
|
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 4.2p1-4
|
|
|
|
- Change selinux patch to use get_default_context_with_rolelevel in libselinux.
|
|
|
|
|
2005-10-13 21:14:36 +00:00
|
|
|
* Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-3
|
|
|
|
- Update selinux patch to use getseuserbyname
|
|
|
|
|
2005-10-07 12:29:15 +00:00
|
|
|
* Fri Oct 7 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-2
|
|
|
|
- use include instead of pam_stack in pam config
|
2006-02-01 16:26:13 +00:00
|
|
|
- use fork+exec instead of system in scp - CVE-2006-0225 (#168167)
|
2005-10-07 12:29:15 +00:00
|
|
|
- upstream patch for displaying authentication errors
|
|
|
|
|
2005-09-06 19:55:17 +00:00
|
|
|
* Tue Sep 06 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-1
|
|
|
|
- upgrade to a new upstream version
|
|
|
|
|
2005-08-16 11:18:44 +00:00
|
|
|
* Tue Aug 16 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-5
|
|
|
|
- use x11-ssh-askpass if openssh-askpass-gnome is not installed (#165207)
|
|
|
|
- install ssh-copy-id from contrib (#88707)
|
|
|
|
|
2005-07-27 11:42:36 +00:00
|
|
|
* Wed Jul 27 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-4
|
|
|
|
- don't deadlock on exit with multiple X forwarded channels (#152432)
|
|
|
|
- don't use X11 port which can't be bound on all IP families (#163732)
|
|
|
|
|
2005-06-29 11:24:36 +00:00
|
|
|
* Wed Jun 29 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-3
|
|
|
|
- fix small regression caused by the nologin patch (#161956)
|
|
|
|
- fix race in getpeername error checking (mindrot #1054)
|
|
|
|
|
2005-06-09 19:58:01 +00:00
|
|
|
* Thu Jun 9 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-2
|
|
|
|
- use only pam_nologin for nologin testing
|
|
|
|
|
2005-06-06 19:45:23 +00:00
|
|
|
* Mon Jun 6 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-1
|
|
|
|
- upgrade to a new upstream version
|
|
|
|
- call pam_loginuid as a pam session module
|
|
|
|
|
2005-05-16 17:18:02 +00:00
|
|
|
* Mon May 16 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-3
|
|
|
|
- link libselinux only to sshd (#157678)
|
|
|
|
|
2005-04-04 09:37:28 +00:00
|
|
|
* Mon Apr 4 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-2
|
|
|
|
- fixed Local/RemoteForward in ssh_config.5 manpage
|
|
|
|
- fix fatal when Local/RemoteForward is used and scp run (#153258)
|
|
|
|
- don't leak user validity when using krb5 authentication
|
|
|
|
|
2005-03-24 12:02:37 +00:00
|
|
|
* Thu Mar 24 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-1
|
|
|
|
- upgrade to 4.0p1
|
|
|
|
- remove obsolete groups patch
|
|
|
|
|
2005-03-16 21:38:56 +00:00
|
|
|
* Wed Mar 16 2005 Elliot Lee <sopwith@redhat.com>
|
|
|
|
- rebuilt
|
|
|
|
|
2005-02-28 23:39:06 +00:00
|
|
|
* Mon Feb 28 2005 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-12
|
|
|
|
- rebuild so that configure can detect that krb5_init_ets is gone now
|
|
|
|
|
2005-02-21 17:18:42 +00:00
|
|
|
* Mon Feb 21 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-11
|
2005-02-21 17:07:55 +00:00
|
|
|
- don't call syslog in signal handler
|
2005-02-21 17:18:42 +00:00
|
|
|
- allow password authentication when copying from remote
|
|
|
|
to remote machine (#103364)
|
2005-02-21 17:07:55 +00:00
|
|
|
|
2005-02-09 14:19:14 +00:00
|
|
|
* Wed Feb 9 2005 Tomas Mraz <tmraz@redhat.com>
|
|
|
|
- add spaces to messages in initscript (#138508)
|
|
|
|
|
2005-02-08 14:44:52 +00:00
|
|
|
* Tue Feb 8 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-10
|
|
|
|
- enable trusted forwarding by default if X11 forwarding is
|
|
|
|
required by user (#137685 and duplicates)
|
|
|
|
- disable protocol 1 support by default in sshd server config (#88329)
|
|
|
|
- keep the gnome-askpass dialog above others (#69131)
|
|
|
|
|
2005-02-04 13:25:38 +00:00
|
|
|
* Fri Feb 4 2005 Tomas Mraz <tmraz@redhat.com>
|
2005-02-08 14:44:52 +00:00
|
|
|
- change permissions on pam.d/sshd to 0644 (#64697)
|
2005-02-04 13:25:38 +00:00
|
|
|
- patch initscript so it doesn't kill opened sessions if
|
2005-02-08 14:44:52 +00:00
|
|
|
the sshd daemon isn't running anymore (#67624)
|
2005-02-04 13:25:38 +00:00
|
|
|
|
2005-01-03 22:35:32 +00:00
|
|
|
* Mon Jan 3 2005 Bill Nottingham <notting@redhat.com> 3.9p1-9
|
|
|
|
- don't use initlog
|
|
|
|
|
2004-11-29 11:18:58 +00:00
|
|
|
* Mon Nov 29 2004 Thomas Woerner <twoerner@redhat.com> 3.9p1-8.1
|
|
|
|
- fixed PIE build for all architectures
|
|
|
|
|
2004-10-04 20:57:32 +00:00
|
|
|
* Mon Oct 4 2004 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-8
|
|
|
|
- add a --enable-vendor-patchlevel option which allows a ShowPatchLevel option
|
|
|
|
to enable display of a vendor patch level during version exchange (#120285)
|
|
|
|
- configure with --disable-strip to build useful debuginfo subpackages
|
|
|
|
|
2004-09-20 22:10:11 +00:00
|
|
|
* Mon Sep 20 2004 Bill Nottingham <notting@redhat.com> 3.9p1-7
|
|
|
|
- when using gtk2 for askpass, don't buildprereq gnome-libs-devel
|
|
|
|
|
2004-09-14 22:08:22 +00:00
|
|
|
* Tue Sep 14 2004 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-6
|
|
|
|
- build
|
|
|
|
|
2004-09-13 19:39:41 +00:00
|
|
|
* Mon Sep 13 2004 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- disable ACSS support
|
|
|
|
|
2004-09-09 20:44:41 +00:00
|
|
|
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-5
|
|
|
|
- Change selinux patch to use get_default_context_with_role in libselinux.
|
|
|
|
|
|
|
|
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-4
|
|
|
|
- Fix patch
|
|
|
|
* Bad debug statement.
|
|
|
|
* Handle root/sysadm_r:kerberos
|
|
|
|
|
2004-09-09 09:49:02 +00:00
|
|
|
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-3
|
|
|
|
- Modify Colin Walter's patch to allow specifying rule during connection
|
|
|
|
|
2004-09-09 09:48:56 +00:00
|
|
|
* Tue Aug 31 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-2
|
|
|
|
- Fix TTY handling for SELinux
|
|
|
|
|
2004-09-09 09:48:39 +00:00
|
|
|
* Tue Aug 24 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-1
|
|
|
|
- Update to upstream
|
|
|
|
|
2004-09-09 09:48:29 +00:00
|
|
|
* Sun Aug 1 2004 Alan Cox <alan@redhat.com> 3.8.1p1-5
|
|
|
|
- Apply buildreq fixup patch (#125296)
|
|
|
|
|
2004-09-09 09:48:26 +00:00
|
|
|
* Tue Jun 15 2004 Daniel Walsh <dwalsh@redhat.com> 3.8.1p1-4
|
|
|
|
- Clean up patch for upstream submission.
|
|
|
|
|
2004-09-09 09:48:02 +00:00
|
|
|
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
|
|
|
- rebuilt
|
|
|
|
|
2004-09-09 09:47:48 +00:00
|
|
|
* Wed Jun 9 2004 Daniel Walsh <dwalsh@redhat.com> 3.8.1p1-2
|
|
|
|
- Remove use of pam_selinux and patch selinux in directly.
|
|
|
|
|
2004-09-09 09:47:30 +00:00
|
|
|
* Mon Jun 7 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-1
|
|
|
|
- request gssapi-with-mic by default but not delegation (flag day for anyone
|
|
|
|
who used previous gssapi patches)
|
|
|
|
- no longer request x11 forwarding by default
|
|
|
|
|
2004-09-09 09:47:11 +00:00
|
|
|
* Thu Jun 3 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-36
|
|
|
|
- Change pam file to use open and close with pam_selinux
|
|
|
|
|
2004-09-09 09:47:30 +00:00
|
|
|
* Tue Jun 1 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-0
|
|
|
|
- update to 3.8.1p1
|
|
|
|
- add workaround from CVS to reintroduce passwordauth using pam
|
|
|
|
|
2004-09-09 09:47:06 +00:00
|
|
|
* Tue Jun 1 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-35
|
|
|
|
- Remove CLOSEXEC on STDERR
|
|
|
|
|
2004-09-09 09:46:59 +00:00
|
|
|
* Tue Mar 16 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-34
|
|
|
|
|
|
|
|
* Wed Mar 03 2004 Phil Knirsch <pknirsch@redhat.com> 3.6.1p2-33.30.1
|
|
|
|
- Built RHLE3 U2 update package.
|
|
|
|
|
|
|
|
* Wed Mar 3 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-33
|
|
|
|
- Close file descriptors on exec
|
|
|
|
|
|
|
|
* Mon Mar 1 2004 Thomas Woerner <twoerner@redhat.com> 3.6.1p2-32
|
|
|
|
- fixed pie build
|
|
|
|
|
|
|
|
* Thu Feb 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-31
|
|
|
|
- Add restorecon to startup scripts
|
|
|
|
|
|
|
|
* Thu Feb 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-30
|
|
|
|
- Add multiple qualified to openssh
|
|
|
|
|
|
|
|
* Mon Feb 23 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-29
|
|
|
|
- Eliminate selinux code and use pam_selinux
|
|
|
|
|
|
|
|
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
|
|
|
|
- rebuilt
|
|
|
|
|
2004-09-09 09:45:31 +00:00
|
|
|
* Mon Jan 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-27
|
|
|
|
- turn off pie on ppc
|
|
|
|
|
|
|
|
* Mon Jan 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-26
|
|
|
|
- fix is_selinux_enabled
|
|
|
|
|
|
|
|
* Wed Jan 14 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-25
|
|
|
|
- Rebuild to grab shared libselinux
|
|
|
|
|
|
|
|
* Wed Dec 3 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-24
|
|
|
|
- turn on selinux
|
|
|
|
|
|
|
|
* Tue Nov 18 2003 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- un#ifdef out code for reporting password expiration in non-privsep
|
|
|
|
mode (#83585)
|
|
|
|
|
|
|
|
* Mon Nov 10 2003 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- add machinery to build with/without -fpie/-pie, default to doing so
|
|
|
|
|
|
|
|
* Thu Nov 06 2003 David Woodhouse <dwmw2@redhat.com> 3.6.1p2-23
|
|
|
|
- Don't whinge about getsockopt failing (#109161)
|
|
|
|
|
|
|
|
* Fri Oct 24 2003 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- add missing buildprereq on zlib-devel (#104558)
|
|
|
|
|
|
|
|
* Mon Oct 13 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-22
|
|
|
|
- turn selinux off
|
|
|
|
|
|
|
|
* Mon Oct 13 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-21.sel
|
|
|
|
- turn selinux on
|
|
|
|
|
|
|
|
* Fri Sep 19 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-21
|
|
|
|
- turn selinux off
|
|
|
|
|
|
|
|
* Fri Sep 19 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-20.sel
|
|
|
|
- turn selinux on
|
|
|
|
|
|
|
|
* Fri Sep 19 2003 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- additional fix for apparently-never-happens double-free in buffer_free()
|
|
|
|
- extend fix for #103998 to cover SSH1
|
|
|
|
|
|
|
|
* Wed Sep 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-19
|
2004-09-09 09:44:54 +00:00
|
|
|
- rebuild
|
|
|
|
|
2004-09-09 09:45:31 +00:00
|
|
|
* Wed Sep 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-18
|
2004-09-09 09:44:29 +00:00
|
|
|
- additional buffer manipulation cleanups from Solar Designer
|
|
|
|
|
2004-09-09 09:44:54 +00:00
|
|
|
* Wed Sep 17 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-17
|
|
|
|
- turn selinux off
|
|
|
|
|
|
|
|
* Wed Sep 17 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-16.sel
|
|
|
|
- turn selinux on
|
|
|
|
|
2004-09-09 09:45:31 +00:00
|
|
|
* Tue Sep 16 2003 Bill Nottingham <notting@redhat.com> 3.6.1p2-15
|
2004-09-09 09:44:54 +00:00
|
|
|
- rebuild
|
|
|
|
|
2004-09-09 09:45:31 +00:00
|
|
|
* Tue Sep 16 2003 Bill Nottingham <notting@redhat.com> 3.6.1p2-14
|
2004-09-09 09:44:29 +00:00
|
|
|
- additional buffer manipulation fixes (CAN-2003-0695)
|
2004-09-09 09:43:57 +00:00
|
|
|
|
2004-09-09 09:44:54 +00:00
|
|
|
* Tue Sep 16 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-13.sel
|
|
|
|
- turn selinux on
|
|
|
|
|
2004-09-09 09:45:31 +00:00
|
|
|
* Tue Sep 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-12
|
2004-09-09 09:44:54 +00:00
|
|
|
- rebuild
|
|
|
|
|
2004-09-09 09:45:31 +00:00
|
|
|
* Tue Sep 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-11
|
2004-09-09 09:43:51 +00:00
|
|
|
- apply patch to store the correct buffer size in allocated buffers
|
|
|
|
(CAN-2003-0693)
|
|
|
|
- skip the initial PAM authentication attempt with an empty password if
|
|
|
|
empty passwords are not permitted in our configuration (#103998)
|
|
|
|
|
2004-09-09 09:44:54 +00:00
|
|
|
* Fri Sep 5 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-10
|
|
|
|
- turn selinux off
|
|
|
|
|
|
|
|
* Fri Sep 5 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-9.sel
|
|
|
|
- turn selinux on
|
|
|
|
|
|
|
|
* Tue Aug 26 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-8
|
|
|
|
- Add BuildPreReq gtk2-devel if gtk2
|
|
|
|
|
|
|
|
* Tue Aug 12 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-7
|
|
|
|
- rebuild
|
|
|
|
|
|
|
|
* Tue Aug 12 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-6
|
|
|
|
- modify patch which clears the supplemental group list at startup to only
|
|
|
|
complain if setgroups() fails if sshd has euid == 0
|
|
|
|
- handle krb5 installed in %%{_prefix} or elsewhere by using krb5-config
|
|
|
|
|
2013-02-08 14:44:40 +00:00
|
|
|
* Mon Jul 28 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-5
|
2004-09-09 09:44:54 +00:00
|
|
|
- Add SELinux patch
|
|
|
|
|
|
|
|
* Tue Jul 22 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-4
|
|
|
|
- rebuild
|
|
|
|
|
2013-02-08 14:44:40 +00:00
|
|
|
* Wed Jul 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-3
|
2004-09-09 09:44:54 +00:00
|
|
|
- rebuild
|
|
|
|
|
2013-02-08 14:44:40 +00:00
|
|
|
* Wed Jul 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-2
|
2004-09-09 09:44:54 +00:00
|
|
|
- rebuild
|
|
|
|
|
|
|
|
* Thu Jun 5 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-1
|
|
|
|
- update to 3.6.1p2
|
|
|
|
|
|
|
|
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
|
2010-01-19 09:07:39 +00:00
|
|
|
6 rebuilt
|
2004-09-09 09:44:54 +00:00
|
|
|
|
|
|
|
* Mon Mar 24 2003 Florian La Roche <Florian.LaRoche@redhat.de>
|
|
|
|
- add patch for getsockopt() call to work on bigendian 64bit archs
|
2004-09-09 09:43:44 +00:00
|
|
|
|
2004-09-09 09:43:25 +00:00
|
|
|
* Fri Feb 14 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-6
|
|
|
|
- move scp to the -clients subpackage, because it directly depends on ssh
|
|
|
|
which is also in -clients (#84329)
|
|
|
|
|
|
|
|
* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-5
|
|
|
|
- rebuild
|
|
|
|
|
|
|
|
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
|
|
|
|
- rebuilt
|
2004-09-09 09:43:13 +00:00
|
|
|
|
2004-09-09 09:43:25 +00:00
|
|
|
* Tue Jan 7 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-3
|
2004-09-09 09:43:13 +00:00
|
|
|
- rebuild
|
|
|
|
|
2004-09-09 09:43:25 +00:00
|
|
|
* Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-2
|
|
|
|
- patch PAM configuration to use relative path names for the modules, allowing
|
|
|
|
us to not worry about which arch the modules are built for on multilib systems
|
|
|
|
|
|
|
|
* Tue Oct 15 2002 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-1
|
|
|
|
- update to 3.5p1, merging in filelist/perm changes from the upstream spec
|
|
|
|
|
|
|
|
* Fri Oct 4 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-3
|
|
|
|
- merge
|
|
|
|
|
|
|
|
* Thu Sep 12 2002 Than Ngo <than@redhat.com> 3.4p1-2.1
|
|
|
|
- fix to build on multilib systems
|
|
|
|
|
|
|
|
* Thu Aug 29 2002 Curtis Zinzilieta <curtisz@redhat.com> 3.4p1-2gss
|
|
|
|
- added gssapi patches and uncommented patch here
|
2004-09-09 09:43:13 +00:00
|
|
|
|
2004-09-09 09:43:09 +00:00
|
|
|
* Wed Aug 14 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-2
|
|
|
|
- pull patch from CVS to fix too-early free in ssh-keysign (#70009)
|
|
|
|
|
2004-09-09 09:43:04 +00:00
|
|
|
* Thu Jun 27 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-1
|
|
|
|
- 3.4p1
|
|
|
|
- drop anon mmap patch
|
|
|
|
|
|
|
|
* Tue Jun 25 2002 Nalin Dahyabhai <nalin@redhat.com> 3.3p1-2
|
|
|
|
- rework the close-on-exit docs
|
|
|
|
- include configuration file man pages
|
|
|
|
- make use of nologin as the privsep shell optional
|
|
|
|
|
|
|
|
* Mon Jun 24 2002 Nalin Dahyabhai <nalin@redhat.com> 3.3p1-1
|
|
|
|
- update to 3.3p1
|
|
|
|
- merge in spec file changes from upstream (remove setuid from ssh, ssh-keysign)
|
|
|
|
- disable gtk2 askpass
|
|
|
|
- require pam-devel by filename rather than by package for erratum
|
|
|
|
- include patch from Solar Designer to work around anonymous mmap failures
|
2004-09-09 09:42:23 +00:00
|
|
|
|
2004-09-09 09:43:04 +00:00
|
|
|
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
|
|
|
|
- automated rebuild
|
2004-09-09 09:42:23 +00:00
|
|
|
|
2004-09-09 09:43:04 +00:00
|
|
|
* Fri Jun 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-3
|
|
|
|
- don't require autoconf any more
|
2004-09-09 09:42:23 +00:00
|
|
|
|
2004-09-09 09:43:04 +00:00
|
|
|
* Fri May 31 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-2
|
|
|
|
- build gnome-ssh-askpass with gtk2
|
2004-09-09 09:42:23 +00:00
|
|
|
|
2004-09-09 09:43:04 +00:00
|
|
|
* Tue May 28 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-1
|
|
|
|
- update to 3.2.3p1
|
|
|
|
- merge in spec file changes from upstream
|
2004-09-09 09:41:36 +00:00
|
|
|
|
2004-09-09 09:43:04 +00:00
|
|
|
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.2p1-1
|
|
|
|
- update to 3.2.2p1
|
2004-09-09 09:41:36 +00:00
|
|
|
|
2004-09-09 09:43:04 +00:00
|
|
|
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-4
|
2004-09-09 09:41:36 +00:00
|
|
|
- drop buildreq on db1-devel
|
|
|
|
- require pam-devel by package name
|
|
|
|
- require autoconf instead of autoconf253 again
|
|
|
|
|
2004-09-09 09:40:40 +00:00
|
|
|
* Tue Apr 2 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-3
|
|
|
|
- pull patch from CVS to avoid printing error messages when some of the
|
|
|
|
default keys aren't available when running ssh-add
|
|
|
|
- refresh to current revisions of Simon's patches
|
|
|
|
|
|
|
|
* Thu Mar 21 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2gss
|
|
|
|
- reintroduce Simon's gssapi patches
|
|
|
|
- add buildprereq for autoconf253, which is needed to regenerate configure
|
|
|
|
after applying the gssapi patches
|
|
|
|
- refresh to the latest version of Markus's patch to build properly with
|
|
|
|
older versions of OpenSSL
|
2004-09-09 09:39:52 +00:00
|
|
|
|
2004-09-09 09:39:27 +00:00
|
|
|
* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2
|
|
|
|
- bump and grind (through the build system)
|
|
|
|
|
|
|
|
* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1
|
|
|
|
- require sharutils for building (mindrot #137)
|
|
|
|
- require db1-devel only when building for 6.x (#55105), which probably won't
|
|
|
|
work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
|
|
|
|
- require pam-devel by file (not by package name) again
|
|
|
|
- add Markus's patch to compile with OpenSSL 0.9.5a (from
|
|
|
|
http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
|
|
|
|
building for 6.x
|
|
|
|
|
|
|
|
* Thu Mar 7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0
|
|
|
|
- update to 3.1p1
|
|
|
|
|
|
|
|
* Tue Mar 5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305
|
|
|
|
- update to SNAP-20020305
|
|
|
|
- drop debug patch, fixed upstream
|
|
|
|
|
|
|
|
* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220
|
|
|
|
- update to SNAP-20020220 for testing purposes (you've been warned, if there's
|
|
|
|
anything to be warned about, gss patches won't apply, I don't mind)
|
|
|
|
|
|
|
|
* Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3
|
|
|
|
- add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
|
|
|
|
exchange, authentication, and named key support
|
|
|
|
|
|
|
|
* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2
|
|
|
|
- remove dependency on db1-devel, which has just been swallowed up whole
|
|
|
|
by gnome-libs-devel
|
|
|
|
|
2013-02-08 14:44:40 +00:00
|
|
|
* Sat Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
|
2004-09-09 09:39:27 +00:00
|
|
|
- adjust build dependencies so that build6x actually works right (fix
|
|
|
|
from Hugo van der Kooij)
|
|
|
|
|
|
|
|
* Tue Dec 4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1
|
|
|
|
- update to 3.0.2p1
|
|
|
|
|
|
|
|
* Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1
|
|
|
|
- update to 3.0.1p1
|
2004-09-09 09:38:40 +00:00
|
|
|
|
2004-09-09 09:39:27 +00:00
|
|
|
* Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- update to current CVS (not for use in distribution)
|
2004-09-09 09:38:17 +00:00
|
|
|
|
2004-09-09 09:39:27 +00:00
|
|
|
* Thu Nov 8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1
|
|
|
|
- merge some of Damien Miller <djm@mindrot.org> changes from the upstream
|
|
|
|
3.0p1 spec file and init script
|
2004-09-09 09:38:17 +00:00
|
|
|
|
2004-09-09 09:39:27 +00:00
|
|
|
* Wed Nov 7 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- update to 3.0p1
|
|
|
|
- update to x11-ssh-askpass 1.2.4.1
|
|
|
|
- change build dependency on a file from pam-devel to the pam-devel package
|
|
|
|
- replace primes with moduli
|
2004-09-09 09:38:17 +00:00
|
|
|
|
2004-09-09 09:37:42 +00:00
|
|
|
* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9
|
|
|
|
- incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
|
|
|
|
|
|
|
|
* Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8
|
|
|
|
- Merge changes to rescue build from current sysadmin survival cd
|
|
|
|
|
2004-09-09 09:36:53 +00:00
|
|
|
* Thu Sep 6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7
|
|
|
|
- fix scp's server's reporting of file sizes, and build with the proper
|
|
|
|
preprocessor define to get large-file capable open(), stat(), etc.
|
|
|
|
(sftp has been doing this correctly all along) (#51827)
|
|
|
|
- configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
|
|
|
|
- pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
|
|
|
|
- mark profile.d scriptlets as config files (#42337)
|
|
|
|
- refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
|
|
|
|
- change a couple of log() statements to debug() statements (#50751)
|
|
|
|
- pull cvs patch to add -t flag to sshd (#28611)
|
|
|
|
- clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
|
|
|
|
|
|
|
|
* Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6
|
2004-09-09 09:36:21 +00:00
|
|
|
- add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
|
|
|
|
|
|
|
|
* Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- pull cvs patch to fix remote port forwarding with protocol 2
|
|
|
|
|
2004-09-09 09:36:16 +00:00
|
|
|
* Thu Aug 9 2001 Nalin Dahyabhai <nalin@redhat.com>
|
2004-09-09 09:36:21 +00:00
|
|
|
- pull cvs patch to add session initialization to no-pty sessions
|
2004-09-09 09:39:27 +00:00
|
|
|
- pull cvs patch to not cut off challengeresponse auth needlessly
|
2004-09-09 09:36:16 +00:00
|
|
|
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
|
|
|
|
it by default on a system that doesn't have X installed (#49263)
|
|
|
|
|
|
|
|
* Wed Aug 8 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
|
|
|
|
|
2004-09-09 09:36:07 +00:00
|
|
|
* Mon Aug 6 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- pass OPTIONS correctly to initlog (#50151)
|
|
|
|
|
|
|
|
* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- switch to x11-ssh-askpass 1.2.2
|
|
|
|
|
|
|
|
* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- rebuild in new environment
|
|
|
|
|
|
|
|
* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- disable the gssapi patch
|
|
|
|
|
|
|
|
* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- update to 2.9p2
|
|
|
|
- refresh to a new version of the gssapi patch
|
|
|
|
|
|
|
|
* Thu Jun 7 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- change Copyright: BSD to License: BSD
|
|
|
|
- add Markus Friedl's unverified patch for the cookie file deletion problem
|
|
|
|
so that we can verify it
|
|
|
|
- drop patch to check if xauth is present (was folded into cookie patch)
|
|
|
|
- don't apply gssapi patches for the errata candidate
|
|
|
|
- clear supplemental groups list at startup
|
|
|
|
|
|
|
|
* Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- fix an error parsing the new default sshd_config
|
|
|
|
- add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
|
|
|
|
dealing with comments right
|
|
|
|
|
|
|
|
* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
|
|
|
|
to be removed before the next beta cycle because it's a big departure
|
|
|
|
from the upstream version
|
|
|
|
|
|
|
|
* Thu May 3 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- finish marking strings in the init script for translation
|
|
|
|
- modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
|
|
|
|
at startup (change merged from openssh.com init script, originally by
|
|
|
|
Pekka Savola)
|
|
|
|
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
|
|
|
|
it by default on a system that doesn't have X installed
|
|
|
|
|
|
|
|
* Wed May 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- update to 2.9
|
|
|
|
- drop various patches that came from or went upstream or to or from CVS
|
|
|
|
|
|
|
|
* Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
|
|
|
|
|
2004-09-09 09:35:53 +00:00
|
|
|
* Sun Apr 8 2001 Preston Brown <pbrown@redhat.com>
|
|
|
|
- remove explicit openssl requirement, fixes builddistro issue
|
|
|
|
- make initscript stop() function wait until sshd really dead to avoid
|
|
|
|
races in condrestart
|
2004-09-09 09:35:41 +00:00
|
|
|
|
2004-09-09 09:35:53 +00:00
|
|
|
* Mon Apr 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- mention that challengereponse supports PAM, so disabling password doesn't
|
|
|
|
limit users to pubkey and rsa auth (#34378)
|
2004-09-09 09:39:27 +00:00
|
|
|
- bypass the daemon() function in the init script and call initlog directly,
|
|
|
|
because daemon() won't start a daemon it detects is already running (like
|
|
|
|
open connections)
|
2004-09-09 09:35:53 +00:00
|
|
|
- require the version of openssl we had when we were built
|
2004-09-09 09:35:41 +00:00
|
|
|
|
|
|
|
* Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- make do_pam_setcred() smart enough to know when to establish creds and
|
|
|
|
when to reinitialize them
|
|
|
|
- add in a couple of other fixes from Damien for inclusion in the errata
|
|
|
|
|
|
|
|
* Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- update to 2.5.2p2
|
|
|
|
- call setcred() again after initgroups, because the "creds" could actually
|
|
|
|
be group memberships
|
|
|
|
|
|
|
|
* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
|
|
|
|
- don't enable challenge-response by default until we find a way to not
|
|
|
|
have too many userauth requests (we may make up to six pubkey and up to
|
|
|
|
three password attempts as it is)
|
|
|
|
- remove build dependency on rsh to match openssh.com's packages more closely
|
|
|
|
|
|
|
|
* Sat Mar 3 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- remove dependency on openssl -- would need to be too precise
|
|
|
|
|
|
|
|
* Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- rebuild in new environment
|
|
|
|
|
|
|
|
* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Revert the patch to move pam_open_session.
|
|
|
|
- Init script and spec file changes from Pekka Savola. (#28750)
|
|
|
|
- Patch sftp to recognize '-o protocol' arguments. (#29540)
|
|
|
|
|
|
|
|
* Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Chuck the closing patch.
|
|
|
|
- Add a trigger to add host keys for protocol 2 to the config file, now that
|
|
|
|
configuration file syntax requires us to specify it with HostKey if we
|
|
|
|
specify any other HostKey values, which we do.
|
|
|
|
|
|
|
|
* Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Redo patch to move pam_open_session after the server setuid()s to the user.
|
|
|
|
- Rework the nopam patch to use be picked up by autoconf.
|
|
|
|
|
|
|
|
* Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Update for 2.5.1p1.
|
|
|
|
- Add init script mods from Pekka Savola.
|
|
|
|
- Tweak the init script to match the CVS contrib script more closely.
|
|
|
|
- Redo patch to ssh-add to try to adding both identity and id_dsa to also try
|
|
|
|
adding id_rsa.
|
|
|
|
|
|
|
|
* Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Update for 2.5.0p1.
|
|
|
|
- Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
|
|
|
|
- Resync with parts of Damien Miller's openssh.spec from CVS, including
|
|
|
|
update of x11 askpass to 1.2.0.
|
|
|
|
- Only require openssl (don't prereq) because we generate keys in the init
|
|
|
|
script now.
|
|
|
|
|
|
|
|
* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Don't open a PAM session until we've forked and become the user (#25690).
|
|
|
|
- Apply Andrew Bartlett's patch for letting pam_authenticate() know which
|
|
|
|
host the user is attempting a login from.
|
|
|
|
- Resync with parts of Damien Miller's openssh.spec from CVS.
|
|
|
|
- Don't expose KbdInt responses in debug messages (from CVS).
|
|
|
|
- Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
|
|
|
|
|
2004-09-09 09:35:53 +00:00
|
|
|
* Wed Feb 7 2001 Trond Eivind Glomsrxd <teg@redhat.com>
|
2004-09-09 09:35:41 +00:00
|
|
|
- i18n-tweak to initscript.
|
|
|
|
|
|
|
|
* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- More gettextizing.
|
|
|
|
- Close all files after going into daemon mode (needs more testing).
|
|
|
|
- Extract patch from CVS to handle auth banners (in the client).
|
|
|
|
- Extract patch from CVS to handle compat weirdness.
|
|
|
|
|
|
|
|
* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Finish with the gettextizing.
|
|
|
|
|
|
|
|
* Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Fix a bug in auth2-pam.c (#23877)
|
|
|
|
- Gettextize the init script.
|
|
|
|
|
|
|
|
* Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Incorporate a switch for using PAM configs for 6.x, just in case.
|
|
|
|
|
|
|
|
* Tue Dec 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Incorporate Bero's changes for a build specifically for rescue CDs.
|
|
|
|
|
|
|
|
* Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
|
|
|
|
succeeded, to allow public-key authentication after a failure with "none"
|
|
|
|
authentication. (#21268)
|
|
|
|
|
|
|
|
* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Update to x11-askpass 1.1.1. (#21301)
|
|
|
|
- Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
|
|
|
|
|
|
|
|
* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Merge multiple PAM text messages into subsequent prompts when possible when
|
|
|
|
doing keyboard-interactive authentication.
|
|
|
|
|
|
|
|
* Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Disable the built-in MD5 password support. We're using PAM.
|
|
|
|
- Take a crack at doing keyboard-interactive authentication with PAM, and
|
|
|
|
enable use of it in the default client configuration so that the client
|
|
|
|
will try it when the server disallows password authentication.
|
|
|
|
- Build with debugging flags. Build root policies strip all binaries anyway.
|
|
|
|
|
2004-09-09 09:35:17 +00:00
|
|
|
* Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Use DESTDIR instead of %%makeinstall.
|
|
|
|
- Remove /usr/X11R6/bin from the path-fixing patch.
|
|
|
|
|
|
|
|
* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Add the primes file from the latest snapshot to the main package (#20884).
|
|
|
|
- Add the dev package to the prereq list (#19984).
|
|
|
|
- Remove the default path and mimic login's behavior in the server itself.
|
|
|
|
|
|
|
|
* Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Resync with conditional options in Damien Miller's .spec file for an errata.
|
|
|
|
- Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh.
|
|
|
|
|
|
|
|
* Tue Nov 7 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Update to OpenSSH 2.3.0p1.
|
|
|
|
- Update to x11-askpass 1.1.0.
|
|
|
|
- Enable keyboard-interactive authentication.
|
|
|
|
|
|
|
|
* Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Update to ssh-askpass-x11 1.0.3.
|
|
|
|
- Change authentication related messages to be private (#19966).
|
|
|
|
|
|
|
|
* Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Patch ssh-keygen to be able to list signatures for DSA public key files
|
|
|
|
it generates.
|
|
|
|
|
2004-09-09 09:35:10 +00:00
|
|
|
* Thu Oct 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always
|
|
|
|
build PAM authentication in.
|
|
|
|
- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
|
|
|
|
- Clean out no-longer-used patches.
|
|
|
|
- Patch ssh-add to try to add both identity and id_dsa, and to error only
|
|
|
|
when neither exists.
|
|
|
|
|
|
|
|
* Mon Oct 2 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Update x11-askpass to 1.0.2. (#17835)
|
|
|
|
- Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will
|
|
|
|
always find them in the right place. (#17909)
|
|
|
|
- Set the default path to be the same as the one supplied by /bin/login, but
|
|
|
|
add /usr/X11R6/bin. (#17909)
|
|
|
|
- Try to handle obsoletion of ssh-server more cleanly. Package names
|
|
|
|
are different, but init script name isn't. (#17865)
|
|
|
|
|
|
|
|
* Wed Sep 6 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Update to 2.2.0p1. (#17835)
|
|
|
|
- Tweak the init script to allow proper restarting. (#18023)
|
|
|
|
|
|
|
|
* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Update to 20000823 snapshot.
|
|
|
|
- Change subpackage requirements from %%{version} to %%{version}-%%{release}
|
|
|
|
- Back out the pipe patch.
|
|
|
|
|
2004-09-09 09:35:01 +00:00
|
|
|
* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Update to 2.1.1p4, which includes fixes for config file parsing problems.
|
|
|
|
- Move the init script back.
|
|
|
|
- Add Damien's quick fix for wackiness.
|
|
|
|
|
|
|
|
* Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
|
|
|
|
|
|
|
|
* Thu Jul 6 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Move condrestart to server postun.
|
|
|
|
- Move key generation to init script.
|
|
|
|
- Actually use the right patch for moving the key generation to the init script.
|
|
|
|
- Clean up the init script a bit.
|
|
|
|
|
|
|
|
* Wed Jul 5 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
|
|
|
|
|
|
|
|
* Sun Jul 2 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Update to 2.1.1p2.
|
|
|
|
- Use of strtok() considered harmful.
|
|
|
|
|
|
|
|
* Sat Jul 1 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Get the build root out of the man pages.
|
|
|
|
|
|
|
|
* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Add and use condrestart support in the init script.
|
|
|
|
- Add newer initscripts as a prereq.
|
|
|
|
|
|
|
|
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Build in new environment (release 2)
|
|
|
|
- Move -clients subpackage to Applications/Internet group
|
|
|
|
|
|
|
|
* Fri Jun 9 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Update to 2.2.1p1
|
|
|
|
|
|
|
|
* Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com>
|
|
|
|
- Patch to build with neither RSA nor RSAref.
|
|
|
|
- Miscellaneous FHS-compliance tweaks.
|
|
|
|
- Fix for possibly-compressed man pages.
|
|
|
|
|
|
|
|
* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
|
|
|
|
- Updated for new location
|
|
|
|
- Updated for new gnome-ssh-askpass build
|
|
|
|
|
|
|
|
* Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
|
|
|
|
- Added Jim Knoble's <jmknoble@pobox.com> askpass
|
|
|
|
|
|
|
|
* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
|
|
|
|
- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
|
|
|
|
|
|
|
|
* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
|
|
|
|
- Added 'Obsoletes' directives
|
|
|
|
|
|
|
|
* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
|
|
|
|
- Use make install
|
|
|
|
- Subpackages
|
|
|
|
|
|
|
|
* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
|
|
|
|
- Added links for slogin
|
|
|
|
- Fixed perms on manpages
|
|
|
|
|
|
|
|
* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
|
|
|
|
- Renamed init script
|
|
|
|
|
|
|
|
* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
|
|
|
|
- Back to old binary names
|
|
|
|
|
|
|
|
* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
|
|
|
|
- Use autoconf
|
|
|
|
- New binary names
|
|
|
|
|
|
|
|
* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
|
|
|
|
- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.
|