e3688ed6ab
6.4p1-8 + 0.9.3-1
2015-01-15 15:27:59 +01:00
e83e64b469
add new option GSSAPIEnablek5users and disable using ~/.k5users by default CVE-2014-9278 ( #1170745 )
2015-01-15 15:27:59 +01:00
6d6c363361
Update vendor-patchlevel string
2015-01-15 15:27:59 +01:00
6b64f7566c
Fix config parser for ip:port values ( #1130733 )
2015-01-15 15:27:59 +01:00
87ef7b8238
Fix confusing error message in scp ( #1142223 )
2015-01-15 15:27:59 +01:00
91cb47ec28
backport fix for sftp prepending remote directory to relative symlinks ( #825538 )
2015-01-09 17:21:15 +01:00
2de83b1356
6.4p1-7 + 0.9.3-1
2014-12-04 14:30:46 +01:00
2f3cd96ab9
use different values for DH for Cisco servers ( #1026430 )
2014-12-04 14:30:23 +01:00
b64b2cc975
6.4p1-6 + 0.9.3-1
2014-11-11 16:06:16 +01:00
4a92081130
fix kuserok patch which checked for the existence of .k5login unconditionally and hence prevented other mechanisms to be used properly
2014-11-11 11:34:18 +01:00
3c7aefbbeb
Ignore SIGXFSZ in postauth monitor
...
https://bugzilla.mindrot.org/show_bug.cgi?id=2263
2014-11-10 14:39:23 +01:00
f9f5754ffc
fix parsing of empty arguments in sshd_conf
...
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
2014-11-10 10:58:25 +01:00
2ab5418106
don't consider a partial success as a failure
2014-11-10 10:53:49 +01:00
a1fe096ff3
apply RFC3454 stringprep to banners when possible
...
https://bugzilla.mindrot.org/show_bug.cgi?id=2058
2014-11-10 10:51:04 +01:00
9f170e3ec1
set a client's address right after a connection is set
...
http://bugzilla.mindrot.org/show_bug.cgi?id=2257
2014-11-10 10:30:45 +01:00
81226fcc51
6.4p1-5 + 0.9.3-1
2014-07-18 08:42:26 +02:00
66d55f7a69
standardise on NI_MAXHOST for gethostname() string lengths ( #1051490 )
2014-07-17 18:30:37 +02:00
d75575229f
6.4p1-4 + 0.9.3-1
2014-05-15 10:37:16 +02:00
8f8619e1e6
ignore environment variables with embedded '=' or '\0' characters ( #1077843 )
...
CVE-2014-2532
2014-05-15 10:24:04 +02:00
d271e02296
prevent a server from skipping SSHFP lookup ( #1081338 )
...
CVE-2014-2653
2014-05-15 10:23:46 +02:00
9a031d2641
try CLOCK_BOOTTIME with fallback ( #1091992 )
2014-05-14 17:30:43 +02:00
f9f83a00b5
make /etc/ssh/moduli file public ( #1043661 )
2014-02-26 15:54:02 +01:00
96df3b5ecb
use tty allocation for a remote scp
2014-01-23 18:30:39 +01:00
b898cbf5e1
Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set
2014-01-23 18:30:03 +01:00
084bc6fca5
FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A
2014-01-23 18:29:02 +01:00
222dd2e358
6.4p1-3 + 0.9.3-1
2013-12-11 14:32:11 +01:00
89d920b074
6.4p1-2 + 0.9.3-1
2013-11-26 15:28:39 +01:00
09e9ef3d7c
6.4p1-1 + 0.9.3-1
2013-11-08 14:04:33 +01:00
3ed6191f56
6.3p1-5 + 0.9.3-7
2013-11-01 17:07:27 +01:00
5795323a53
don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> ( #1024965 )
2013-11-01 17:06:02 +01:00
7feb965804
6.3p1-4 + 0.9.3-6
2013-10-25 15:46:49 +02:00
2add7a8ff5
rebuild with openssl-1.0.1e-29.fc20 to enable ECC support
2013-10-25 15:19:26 +02:00
f0aa6e5f51
rebuild with openssl-1.0.1e-29.fc20 to enable ECC support
2013-10-25 14:46:48 +02:00
a5e23f2861
6.3p1-3 + 0.9.3-6
2013-10-24 16:45:21 +02:00
ff7a26b109
6.3p1-2 + 0.9.3-6
2013-10-23 23:14:38 +02:00
1f36406833
Increase the size of the Diffie-Hellman groups requested for a each
...
symmetric key size. New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
djm@. (#1010607 )
2013-10-23 22:41:53 +02:00
d088f94bd9
use default_ccache_name from /etc/krb5.conf for a kerberos cache ( #991186 )
2013-10-23 22:08:19 +02:00
e40d5d19d9
added Obsoletes: *fips
2013-10-15 17:55:40 +02:00
a92e916970
6.3p1-1 + 0.9.3-6
2013-10-14 15:55:03 +02:00
84822b5dec
rebase for openssh-6.3p1, remove unused patches ( #1007769 )
2013-10-14 15:54:41 +02:00
c33ef551ca
6.2p2-9 + 0.9.3-5
2013-10-08 17:28:16 +02:00
2ae5f9ff89
Revert "add -fips subpackages that contains the FIPS module files"
...
This reverts commit 227f4f7628
2013-10-08 17:13:39 +02:00
d4d8299c30
Revert "add missing Requires: openssl-fips in -fips subpackages"
...
This reverts commit a19397fdd2
2013-10-08 17:06:14 +02:00
b61d9c10d3
Revert "use hmac_suffix for ssh{,d} hmac checksums"
...
This reverts commit c6724c72f4
2013-10-08 17:04:53 +02:00
0cc0054215
Revert "use {?dist} tag in suffixes for hmac checksum files"
...
This reverts commit 15244ec178
2013-10-08 17:04:40 +02:00
f344f8490c
6.2p2-8 + 0.9.3-5
2013-09-25 14:13:01 +02:00
15244ec178
use {?dist} tag in suffixes for hmac checksum files
2013-09-20 17:11:49 +02:00
eba55f9c1b
6.2p2-7 + 0.9.3-5
2013-09-11 16:54:14 +02:00
c6724c72f4
use hmac_suffix for ssh{,d} hmac checksums
2013-09-11 16:05:58 +02:00
a19397fdd2
add missing Requires: openssl-fips in -fips subpackages
...
6.2p2-6.1 + 0.9.3-5
2013-08-29 09:32:04 +02:00
Jakub Jelen
Petr Lautrbach