Commit Graph

637 Commits

Author SHA1 Message Date
Jakub Jelen
900cf59aaa 6.6.1p1-16 + 0.9.3-3 2015-08-14 13:41:31 +02:00
Jakub Jelen
08d2600aab Fix several vulnerabilities published with new openssh-7.0, namely:
Privilege separation weakness related to PAM support (#1252844)
		https://anongit.mindrot.org/openssh.git/commit/?id=d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
	Use-after-free bug related to PAM support (#1252852)
		https://anongit.mindrot.org/openssh.git/commit/?id=5e75f5198769056089fb06c4d738ab0e5abc66f7
2015-08-14 13:40:32 +02:00
Jakub Jelen
9c925c2906 6.6.1p1-15 + 0.9.3-3 2015-07-28 15:10:37 +02:00
Jakub Jelen
5804c90187 Handle terminal control characters in scp progressmeter (#1247204) 2015-07-28 15:09:09 +02:00
Jakub Jelen
c4cc2d9a05 6.6p1-14 + 0.9.3-3 2015-07-23 13:03:15 +02:00
Jakub Jelen
88adbf2b73 only query each keyboard-interactive device once (#1245971) 2015-07-23 13:01:43 +02:00
Jakub Jelen
2cad5f521e 6.6p1-13 + 0.9.3-3 2015-07-01 20:11:01 +02:00
Jakub Jelen
1951e1b5a4 Security fixes released with openssh-6.9
* XSECURITY restrictions bypass under certain conditions in ssh(1) (#1238231)
  * https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d
 * weakness of agent locking (ssh-add -x) to password guessing (#1238238)
  * https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=9173d0fbe44de7ebcad8a15618e13a8b8d78902e
  * https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=e97201feca10b5196da35819ae516d0b87cf3a50
2015-07-01 20:11:01 +02:00
Jakub Jelen
90469031ee ssh-copy-id: tcsh doesnt work with multiline strings so we will make it uggly one-line 2015-07-01 19:09:05 +02:00
Jakub Jelen
1f82f4e6c3 Fix auditing when using combination of ForceCommand and PTY to restore ControlPersist function (#1203900) 2015-07-01 19:08:33 +02:00
Petr Lautrbach
39ae32632c fix direction in CRYPTO_SESSION audit message 2015-04-08 18:25:27 +02:00
Jakub Jelen
680ce4039a 6.6.1p1-12 + 0.9.3-3 2015-03-30 08:17:24 +02:00
Jakub Jelen
00050d05ad Solve issue with ssh-copy-id and keys without trailing newline (#1093168) 2015-03-30 08:17:24 +02:00
Jakub Jelen
edabae2a71 Add tmpfiles.d entris (#1196807) 2015-03-30 08:17:20 +02:00
Jakub Jelen
81e0433a58 Remove unused patch 2015-03-30 08:16:54 +02:00
Jakub Jelen
efcbda1905 Fix ssh-copy-id on non-sh shells (#1045191) 2015-03-30 08:16:46 +02:00
Petr Lautrbach
2bcb9f6f88 Merge remote-tracking branch 'origin/master' into f21 2015-01-15 15:04:45 +01:00
Jakub Jelen
3ffcb799b3 Fix changelog entry 2015-01-15 15:03:12 +01:00
Petr Lautrbach
6a46008ce7 Merge remote-tracking branch 'origin/master' into f21 2015-01-14 17:16:34 +01:00
Jakub Jelen
2109ab67c2 6.6.1p1-11 + 0.9.3-3 2015-01-14 17:15:02 +01:00
Petr Lautrbach
140e5ca05d add new option GSSAPIEnablek5users and disable using ~/.k5users by default
CVE-2014-9278 (#1170745)
2015-01-14 17:10:40 +01:00
Jakub Jelen
9080a85b54 Update vendor-patchlevel string 2015-01-14 16:55:27 +01:00
Jakub Jelen
f92cd01d62 Update ldap extension to resolve #981058 2015-01-14 16:52:03 +01:00
Jakub Jelen
e581af0a84 Add missing documentation link to systemd service files (RHBZ#1181593) 2015-01-14 16:51:44 +01:00
Jakub Jelen
b9d68e7db4 Fix config parser for ip:port values (#1130733) 2015-01-14 16:48:32 +01:00
Jakub Jelen
fd06d69c6a Fix confusing error message in scp (#1142223) 2015-01-14 16:46:23 +01:00
Petr Lautrbach
a955bb2b7a Merge remote-tracking branch 'origin/master' into f21 2014-12-19 10:47:02 +01:00
Petr Lautrbach
62986c5e87 6.6.1p1-10 + 0.9.3-3 2014-12-19 10:24:59 +01:00
Petr Lautrbach
7a7b8f0984 log via monitor in chroots without /dev/log 2014-12-19 10:14:36 +01:00
Petr Lautrbach
392e4a4ec1 Merge remote-tracking branch 'origin/master' into f21 2014-12-15 19:24:24 +01:00
Petr Lautrbach
720cf82ef2 record pfs= field in CRYPTO_SESSION audit event 2014-12-15 18:59:39 +01:00
Petr Lautrbach
cf5c1140f2 increase size of AUDIT_LOG_SIZE to 256 2014-12-11 14:21:42 +01:00
Petr Lautrbach
e3dc63b806 Merge remote-tracking branch 'origin/master' into f21 2014-12-03 18:20:45 +01:00
Petr Lautrbach
276c16ce71 6.6.1p1-9 + 0.9.3-3 2014-12-03 18:18:19 +01:00
Petr Lautrbach
56a647f5e3 the .local domain example should be in ssh_config, not in sshd_config 2014-12-03 18:15:25 +01:00
Petr Lautrbach
08fe9e8e47 use different values for DH for Cisco servers (#1026430) 2014-12-03 17:10:47 +01:00
Petr Lautrbach
f6f4e6e58b Merge remote-tracking branch 'origin/master' into f21 2014-11-13 22:23:33 +01:00
Petr Lautrbach
823364a11e 6.6.1p1-8 + 0.9.3-3 2014-11-13 22:21:52 +01:00
Petr Lautrbach
44f0ac8d08 fix several coverity issues Resolves: rhbz#1139794 2014-11-13 22:16:51 +01:00
Petr Lautrbach
a861892af4 Merge remote-tracking branch 'origin/master' into f21 2014-11-12 17:42:39 +01:00
Petr Lautrbach
57666dc3be fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request (#1118005) 2014-11-12 17:35:37 +01:00
Petr Lautrbach
2e03f2060c Merge remote-tracking branch 'origin/master' into f21 2014-11-07 12:58:05 +01:00
Petr Lautrbach
a1e1ac2bfc 6.6.1p1-7 + 0.9.3-3 2014-11-07 12:53:03 +01:00
Petr Lautrbach
65a6cd2d8c correct the calculation of bytes for authctxt->krb5_ccname <ams@corefiling.com> (#1161073) 2014-11-07 12:52:06 +01:00
Petr Lautrbach
d64ab980a2 Merge remote-tracking branch 'origin/master' into f21 2014-11-04 19:24:28 +01:00
Petr Lautrbach
3b7c8620a1 6.6.1p1-6 + 0.9.3-3 2014-11-04 19:09:42 +01:00
Petr Lautrbach
5296a797aa privsep_preauth: use SELinux context from selinux-policy (#1008580) 2014-11-04 19:06:14 +01:00
Petr Lautrbach
414bfae1bc change audit trail
- do not use (invalid user)
- change acct for an unknown user "(unknown)"
- don't send login audit event in getpwnamallow()
2014-11-04 18:56:47 +01:00
Petr Lautrbach
b7e2bae5c4 Merge remote-tracking branch 'origin/master' into f21 2014-10-26 22:50:54 +01:00
Petr Lautrbach
30c06a07fb fix kuserok patch which checked for the existence of .k5login unconditionally and hence prevented other mechanisms to be used properly 2014-10-24 23:50:58 +02:00