rpms/openssh
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
736 Commits 32 Branches 239 Tags 9.6 MiB
06b1d5330a
Commit Graph

580 Commits

Author SHA1 Message Date
Jakub Jelen
aa8fb3e1cc rebuild 6.8p1-1.1 + 0.9.3-5 2015-03-24 11:04:38 +01:00
Jakub Jelen
1330ede7ff rebuild 6.8p1-1.1 + 0.9.3-5 2015-03-24 11:00:15 +01:00
Jakub Jelen
e3688f35e1 release 6.8p1-1 + 0.9.3-5 2015-03-24 10:40:21 +01:00
Jakub Jelen
d276698802 Workaround krb5-config bug (#1204646) 2015-03-24 10:39:01 +01:00
Jakub Jelen
132f8f8686 6.8p1-1 + 0.9.3-5 2015-03-23 16:05:49 +01:00
Jakub Jelen
7b82d087e1 6.7p1-11 + 0.9.3-4 2015-03-12 11:46:33 +01:00
Jakub Jelen
c31740f8ea Fix tmpfiles to be more consistent with other config files in package (#1196807) 2015-03-12 11:45:59 +01:00
Jakub Jelen
558fb7b2f4 Add sftp option to force mode of created files 2015-03-11 18:09:06 +01:00
Jakub Jelen
7aa6321a86 6.7p1-10 + 0.9.3-4 2015-03-02 08:23:32 +01:00
Jakub Jelen
766438b1d5 Add tmpfiles.d entries (#1196807) 2015-03-02 08:23:31 +01:00
Jakub Jelen
c8b4078a3f 6.7p1-9 + 0.9.3-4 2015-02-27 18:44:47 +01:00
Jakub Jelen
cbda6f57fb Solve issue with ssh-copy-id and keys without trailing newline (#1093168) 2015-02-25 10:46:29 +01:00
Jakub Jelen
5f3c83fd09 6.7p1-8 + 0.9.3-4 2015-02-24 10:10:07 +01:00
Marcin Juszkiewicz
6656486e18 Add AArch64 support for seccomp_filter sandbox (#1195065) 2015-02-24 09:17:43 +01:00
Jakub Jelen
e0f867b153 6.7p1-7 + 0.9.3-4 2015-02-23 12:43:25 +01:00
Jakub Jelen
c13a4b7170 6.7p1-6 + 0.9.3-4 2015-02-23 12:18:07 +01:00
Jakub Jelen
d5a8001387 Fix seccomp filter for ix68 (#1194401), fix previous commit 2015-02-23 12:17:30 +01:00
Peter Robinson
b9846a816d fix if statement 2015-02-22 17:36:25 +00:00
Peter Robinson
74e740c136 Only use seccomp for sandboxing on supported platforms 2015-02-22 17:28:16 +00:00
Jakub Jelen
c6945293fd 6.7p1-4 + 0.9.3-4 2015-02-20 15:06:26 +01:00
Jakub Jelen
77f453b74d cleanup working directory, spec file and unused patches after rebase 2015-02-20 15:06:17 +01:00
Jakub Jelen
08cb909f5d Move cavs tests into subpackage -cavs (#1194320) 2015-02-20 13:24:42 +01:00
Jakub Jelen
2f556360f6 6.7p1-3 + 0.9.3-4 2015-02-18 16:11:48 +01:00
Jakub Jelen
6df422d544 Fix ssh-copy-id on non-sh shells (#1045191) 2015-02-18 16:01:39 +01:00
Jakub Jelen
bb3e880c01 Add SSH KDF CAVS test driver for future FIPS validation (#1193045) 2015-02-18 15:48:10 +01:00
Jakub Jelen
14c675f3a5 Use global hardening specification instead of hardening made by openssh. 
Openssh uses by default -fPIE flag, which didn't allow to build
pam_ssh_agent_auth.so with from libssh.a.
Validated using /CoreOS/openssh/Regression/bz642927-add-relro-flag
 2015-02-18 10:34:40 +01:00
Jakub Jelen
0a4ac4f4d3 Enable seccomp sandboxing after resolving problems with audit patch (#1062953) 2015-02-11 14:08:42 +01:00
Jakub Jelen
b552eb6714 Make output of sshd -T more consistent, using upstream patch (#1187521) 2015-02-03 14:17:05 +01:00
Jakub Jelen
580f986839 Update coverity patch after rebase to 6.7 2015-02-03 14:09:51 +01:00
Jakub Jelen
6c6416dc9d 6.7p1-2 + 0.9.3-4 2015-01-27 14:10:18 +01:00
Jakub Jelen
021326a6ae Fix audit patch after rebase to 6.7 2015-01-27 12:07:13 +01:00
Petr Lautrbach
9b4e25cce0 temporarily disable audit patch causing segmentation faults 2015-01-20 17:08:25 +01:00
Petr Lautrbach
f29c8784c6 restore tcp wrappers support, based on Debian patch 
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
 2015-01-20 17:06:46 +01:00
Petr Lautrbach
1900351913 6.7p1-1 + 0.9.3-4 2015-01-20 13:21:45 +01:00
Petr Lautrbach
b457c98bec use upstream FigerPrintHash for fingerprint - 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 2015-01-19 15:26:56 +01:00
Jakub Jelen
3ffcb799b3 Fix changelog entry 2015-01-15 15:03:12 +01:00
Jakub Jelen
2109ab67c2 6.6.1p1-11 + 0.9.3-3 2015-01-14 17:15:02 +01:00
Petr Lautrbach
140e5ca05d add new option GSSAPIEnablek5users and disable using ~/.k5users by default 
CVE-2014-9278 (#1170745)
 2015-01-14 17:10:40 +01:00
Jakub Jelen
9080a85b54 Update vendor-patchlevel string 2015-01-14 16:55:27 +01:00
Jakub Jelen
b9d68e7db4 Fix config parser for ip:port values (#1130733) 2015-01-14 16:48:32 +01:00
Jakub Jelen
fd06d69c6a Fix confusing error message in scp (#1142223) 2015-01-14 16:46:23 +01:00
Petr Lautrbach
62986c5e87 6.6.1p1-10 + 0.9.3-3 2014-12-19 10:24:59 +01:00
Petr Lautrbach
7a7b8f0984 log via monitor in chroots without /dev/log 2014-12-19 10:14:36 +01:00
Petr Lautrbach
720cf82ef2 record pfs= field in CRYPTO_SESSION audit event 2014-12-15 18:59:39 +01:00
Petr Lautrbach
276c16ce71 6.6.1p1-9 + 0.9.3-3 2014-12-03 18:18:19 +01:00
Petr Lautrbach
56a647f5e3 the .local domain example should be in ssh_config, not in sshd_config 2014-12-03 18:15:25 +01:00
Petr Lautrbach
08fe9e8e47 use different values for DH for Cisco servers (#1026430) 2014-12-03 17:10:47 +01:00
Petr Lautrbach
823364a11e 6.6.1p1-8 + 0.9.3-3 2014-11-13 22:21:52 +01:00
Petr Lautrbach
44f0ac8d08 fix several coverity issues Resolves: rhbz#1139794 2014-11-13 22:16:51 +01:00
Petr Lautrbach
a1e1ac2bfc 6.6.1p1-7 + 0.9.3-3 2014-11-07 12:53:03 +01:00
Petr Lautrbach
3b7c8620a1 6.6.1p1-6 + 0.9.3-3 2014-11-04 19:09:42 +01:00
Petr Lautrbach
5296a797aa privsep_preauth: use SELinux context from selinux-policy (#1008580) 2014-11-04 19:06:14 +01:00
Petr Lautrbach
0f0e055d6a Ignore SIGXFSZ in postauth monitor 
https://bugzilla.mindrot.org/show_bug.cgi?id=2263
 2014-09-29 08:37:05 +02:00
Petr Lautrbach
4b24967a9c fix parsing of empty arguments in sshd_conf 
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
 2014-09-25 11:45:47 +02:00
Petr Lautrbach
afde9f8153 6.6.1p1-5 + 0.9.3-3 2014-09-08 10:35:57 +02:00
Petr Lautrbach
ce2d80b4e7 don't consider a partial success as a failure 2014-09-04 16:33:25 +02:00
Petr Lautrbach
163064841f apply RFC3454 stringprep to banners when possible 
https://bugzilla.mindrot.org/show_bug.cgi?id=2058
 2014-09-04 16:12:11 +02:00
Petr Lautrbach
0a3f4e122d set a client's address right after a connection is set 
http://bugzilla.mindrot.org/show_bug.cgi?id=2257
 2014-09-02 10:49:31 +02:00
Peter Robinson
662c5a05b3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 14:08:07 +00:00
Tom Callaway
e336e33a32 fix license handling 2014-07-18 19:28:30 -04:00
Petr Lautrbach
8ff21c966a 6.6.1p1-3 + 0.9.3-2 2014-07-18 08:38:51 +02:00
Petr Lautrbach
817071dc4d standardise on NI_MAXHOST for gethostname() string lengths (#1051490) 2014-07-17 14:28:16 +02:00
Petr Lautrbach
cef0d582b6 6.6.1p1-2 + 0.9.3-2 2014-07-14 12:35:16 +02:00
Petr Lautrbach
d8b90ac6f8 minor spec file cleanup 2014-07-09 21:40:06 +02:00
Petr Lautrbach
8028159313 fix and rebase fips patch to 6.6.1p1 2014-07-09 21:16:53 +02:00
Petr Lautrbach
5160c9c8f3 rebase audit patch for 6.6.1p1 2014-07-08 17:42:18 +02:00
Petr Lautrbach
86f29c353e bring back openssh-5.5p1-x11.patch 2014-07-03 16:42:56 +02:00
Petr Lautrbach
5fcfcac428 drop openssh-5.8p2-remove-stale-control-socket.patch 2014-07-03 16:23:00 +02:00
Petr Lautrbach
8b5feef2c8 bring back the openssh-5.8p2-sigpipe.patch 2014-07-03 16:14:38 +02:00
Dennis Gilmore
d1b0938acc - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 12:01:42 -05:00
Petr Lautrbach
5cde9cd3f2 6.6.1p1-1 + 0.9.3-2 2014-06-03 17:52:36 +02:00
Petr Lautrbach
fb6f390a78 drop openssh-server-sysvinit subpackage 2014-06-03 17:42:49 +02:00
Petr Lautrbach
44fb3c6aeb OpenSSH 6.5 and 6.6 sometimes encode a value used in the 
curve25519 key exchange incorrectly, causing connection failures
about 0.2% of the time when this method is used against a peer that
implements the method properly.

Fix the problem and disable the curve25519 KEX when speaking to
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
to enable the compatability code.

openssh-6.6.1p1
 2014-06-03 17:18:36 +02:00
Petr Lautrbach
94c6f8ddcc rebase to openssh-6.6p1 2014-06-03 16:51:07 +02:00
Petr Lautrbach
d75575229f 6.4p1-4 + 0.9.3-1 2014-05-15 10:37:16 +02:00
Petr Lautrbach
8f8619e1e6 ignore environment variables with embedded '=' or '\0' characters (#1077843) 
CVE-2014-2532
 2014-05-15 10:24:04 +02:00
Petr Lautrbach
d271e02296 prevent a server from skipping SSHFP lookup (#1081338) 
CVE-2014-2653
 2014-05-15 10:23:46 +02:00
Petr Lautrbach
9a031d2641 try CLOCK_BOOTTIME with fallback (#1091992) 2014-05-14 17:30:43 +02:00
Petr Lautrbach
f9f83a00b5 make /etc/ssh/moduli file public (#1043661) 2014-02-26 15:54:02 +01:00
Petr Lautrbach
96df3b5ecb use tty allocation for a remote scp 2014-01-23 18:30:39 +01:00
Petr Lautrbach
b898cbf5e1 Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set 2014-01-23 18:30:03 +01:00
Petr Lautrbach
084bc6fca5 FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A 2014-01-23 18:29:02 +01:00
Petr Lautrbach
222dd2e358 6.4p1-3 + 0.9.3-1 2013-12-11 14:32:11 +01:00
Petr Lautrbach
89d920b074 6.4p1-2 + 0.9.3-1 2013-11-26 15:28:39 +01:00
Petr Lautrbach
09e9ef3d7c 6.4p1-1 + 0.9.3-1 2013-11-08 14:04:33 +01:00
Petr Lautrbach
3ed6191f56 6.3p1-5 + 0.9.3-7 2013-11-01 17:07:27 +01:00
Petr Lautrbach
5795323a53 don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> (#1024965) 2013-11-01 17:06:02 +01:00
Petr Lautrbach
7feb965804 6.3p1-4 + 0.9.3-6 2013-10-25 15:46:49 +02:00
Petr Lautrbach
2add7a8ff5 rebuild with openssl-1.0.1e-29.fc20 to enable ECC support 2013-10-25 15:19:26 +02:00
Petr Lautrbach
f0aa6e5f51 rebuild with openssl-1.0.1e-29.fc20 to enable ECC support 2013-10-25 14:46:48 +02:00
Petr Lautrbach
a5e23f2861 6.3p1-3 + 0.9.3-6 2013-10-24 16:45:21 +02:00
Petr Lautrbach
ff7a26b109 6.3p1-2 + 0.9.3-6 2013-10-23 23:14:38 +02:00
Petr Lautrbach
1f36406833 Increase the size of the Diffie-Hellman groups requested for a each 
symmetric key size.  New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419.  Pointed out by Peter Backes, ok
djm@. (#1010607)
 2013-10-23 22:41:53 +02:00
Petr Lautrbach
d088f94bd9 use default_ccache_name from /etc/krb5.conf for a kerberos cache (#991186) 2013-10-23 22:08:19 +02:00
Petr Lautrbach
e40d5d19d9 added Obsoletes: *fips 2013-10-15 17:55:40 +02:00
Petr Lautrbach
a92e916970 6.3p1-1 + 0.9.3-6 2013-10-14 15:55:03 +02:00
Petr Lautrbach
84822b5dec rebase for openssh-6.3p1, remove unused patches (#1007769) 2013-10-14 15:54:41 +02:00
Petr Lautrbach
c33ef551ca 6.2p2-9 + 0.9.3-5 2013-10-08 17:28:16 +02:00
Petr Lautrbach
2ae5f9ff89 Revert "add -fips subpackages that contains the FIPS module files" 
This reverts commit 227f4f7628.
 2013-10-08 17:13:39 +02:00
Petr Lautrbach
d4d8299c30 Revert "add missing Requires: openssl-fips in -fips subpackages" 
This reverts commit a19397fdd2.

Conflicts:
	openssh.spec
 2013-10-08 17:06:14 +02:00