Commit Graph

504 Commits

Author SHA1 Message Date
Petr Lautrbach
d271e02296 prevent a server from skipping SSHFP lookup (#1081338)
CVE-2014-2653
2014-05-15 10:23:46 +02:00
Petr Lautrbach
9a031d2641 try CLOCK_BOOTTIME with fallback (#1091992) 2014-05-14 17:30:43 +02:00
Petr Lautrbach
f9f83a00b5 make /etc/ssh/moduli file public (#1043661) 2014-02-26 15:54:02 +01:00
Petr Lautrbach
96df3b5ecb use tty allocation for a remote scp 2014-01-23 18:30:39 +01:00
Petr Lautrbach
b898cbf5e1 Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set 2014-01-23 18:30:03 +01:00
Petr Lautrbach
084bc6fca5 FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A 2014-01-23 18:29:02 +01:00
Petr Lautrbach
222dd2e358 6.4p1-3 + 0.9.3-1 2013-12-11 14:32:11 +01:00
Petr Lautrbach
89d920b074 6.4p1-2 + 0.9.3-1 2013-11-26 15:28:39 +01:00
Petr Lautrbach
09e9ef3d7c 6.4p1-1 + 0.9.3-1 2013-11-08 14:04:33 +01:00
Petr Lautrbach
3ed6191f56 6.3p1-5 + 0.9.3-7 2013-11-01 17:07:27 +01:00
Petr Lautrbach
5795323a53 don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> (#1024965) 2013-11-01 17:06:02 +01:00
Petr Lautrbach
7feb965804 6.3p1-4 + 0.9.3-6 2013-10-25 15:46:49 +02:00
Petr Lautrbach
2add7a8ff5 rebuild with openssl-1.0.1e-29.fc20 to enable ECC support 2013-10-25 15:19:26 +02:00
Petr Lautrbach
f0aa6e5f51 rebuild with openssl-1.0.1e-29.fc20 to enable ECC support 2013-10-25 14:46:48 +02:00
Petr Lautrbach
a5e23f2861 6.3p1-3 + 0.9.3-6 2013-10-24 16:45:21 +02:00
Petr Lautrbach
ff7a26b109 6.3p1-2 + 0.9.3-6 2013-10-23 23:14:38 +02:00
Petr Lautrbach
1f36406833 Increase the size of the Diffie-Hellman groups requested for a each
symmetric key size.  New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419.  Pointed out by Peter Backes, ok
djm@. (#1010607)
2013-10-23 22:41:53 +02:00
Petr Lautrbach
d088f94bd9 use default_ccache_name from /etc/krb5.conf for a kerberos cache (#991186) 2013-10-23 22:08:19 +02:00
Petr Lautrbach
e40d5d19d9 added Obsoletes: *fips 2013-10-15 17:55:40 +02:00
Petr Lautrbach
a92e916970 6.3p1-1 + 0.9.3-6 2013-10-14 15:55:03 +02:00
Petr Lautrbach
84822b5dec rebase for openssh-6.3p1, remove unused patches (#1007769) 2013-10-14 15:54:41 +02:00
Petr Lautrbach
c33ef551ca 6.2p2-9 + 0.9.3-5 2013-10-08 17:28:16 +02:00
Petr Lautrbach
2ae5f9ff89 Revert "add -fips subpackages that contains the FIPS module files"
This reverts commit 227f4f7628.
2013-10-08 17:13:39 +02:00
Petr Lautrbach
d4d8299c30 Revert "add missing Requires: openssl-fips in -fips subpackages"
This reverts commit a19397fdd2.

Conflicts:
	openssh.spec
2013-10-08 17:06:14 +02:00
Petr Lautrbach
b61d9c10d3 Revert "use hmac_suffix for ssh{,d} hmac checksums"
This reverts commit c6724c72f4.
2013-10-08 17:04:53 +02:00
Petr Lautrbach
0cc0054215 Revert "use {?dist} tag in suffixes for hmac checksum files"
This reverts commit 15244ec178.
2013-10-08 17:04:40 +02:00
Petr Lautrbach
f344f8490c 6.2p2-8 + 0.9.3-5 2013-09-25 14:13:01 +02:00
Petr Lautrbach
15244ec178 use {?dist} tag in suffixes for hmac checksum files 2013-09-20 17:11:49 +02:00
Petr Lautrbach
eba55f9c1b 6.2p2-7 + 0.9.3-5 2013-09-11 16:54:14 +02:00
Petr Lautrbach
c6724c72f4 use hmac_suffix for ssh{,d} hmac checksums 2013-09-11 16:05:58 +02:00
Petr Lautrbach
a19397fdd2 add missing Requires: openssl-fips in -fips subpackages
6.2p2-6.1 + 0.9.3-5
2013-08-29 09:32:04 +02:00
Petr Lautrbach
f4e927b62d 6.2p2-6 + 0.9.3-5 2013-08-28 21:28:04 +02:00
Petr Lautrbach
227f4f7628 add -fips subpackages that contains the FIPS module files 2013-08-28 19:37:08 +02:00
Petr Lautrbach
631ffb2c5b 6.2p2-5 + 0.9.3-5 2013-08-01 09:50:41 +02:00
Petr Lautrbach
115aad3f92 6.2p2-4 + 0.9.3-5 2013-07-23 16:01:17 +02:00
Petr Lautrbach
17df27c668 don't show Success for EAI_SYSTEM (#985964) 2013-07-23 12:07:49 +02:00
Petr Lautrbach
2ee6810919 make sftp's libedit interface marginally multibyte aware (#841771) 2013-06-19 17:10:49 +02:00
Petr Lautrbach
66608a1ded 6.2p2-3 + 0.9.3-5 2013-06-17 17:30:04 +02:00
Petr Lautrbach
e99c4840f1 6.2p2-2 + 0.9.3-5 2013-05-21 18:38:15 +02:00
Petr Lautrbach
678b8081f1 add socket activated sshd units to the package (#963268) 2013-05-21 18:37:18 +02:00
Petr Lautrbach
21acbc4795 6.2p2-1 + 0.9.3-5 2013-05-20 09:31:57 +02:00
Petr Lautrbach
d48f1a7bde always use /sbin/nologin as privsep user's shell 2013-04-24 18:08:00 +02:00
Petr Lautrbach
a92d7445da 6.2p1-4 + 0.9.3-4 2013-04-17 17:12:32 +02:00
Petr Lautrbach
1d76d11f64 cleanup spec file and patches 2013-04-16 18:30:43 +02:00
Petr Lautrbach
c276d31b49 6.2p1-3 + 0.9.3-4 2013-04-16 18:15:20 +02:00
Petr Lautrbach
894ab5eaaf add latest config.{sub,guess} to support aarch64 (#926284) 2013-04-16 18:12:15 +02:00
Petr Lautrbach
1042786f58 6.2p1-2 + 0.9.3-4 2013-04-09 23:25:17 +02:00
Petr Lautrbach
fcef7f6231 keep track of which IndentityFile options were manually supplied and which were default options, and don't warn if the latter are missing. (mindrot#2084) 2013-04-09 23:22:42 +02:00
Petr Lautrbach
b6f89abe5c 6.2p1-1 + 0.9.3-4 2013-04-09 00:07:04 +02:00
Petr Lautrbach
d3d59da0b5 merge all -audit* patches together 2013-04-08 17:17:10 +02:00
Petr Lautrbach
8d97022c57 build regress/modpipe tests with $(CFLAGS) 2013-04-04 16:50:06 +02:00
Petr Lautrbach
8a29dedfa7 rebase to openssh-6.2p1 (#924727)
ACSS was removed from upstream sources
2013-04-04 16:49:30 +02:00
Petr Lautrbach
1b95bc38df 6.1p1-7 + 0.9.3-3 2013-03-06 10:41:50 +01:00
Petr Lautrbach
2a7883d153 6.1p1-6 + 0.9.3-3 2013-02-14 18:08:21 +01:00
Petr Lautrbach
d2b3b9a27e pam_ssh_agent_auth - change paths from %{_lib} to %{_libdir} 2013-02-12 09:42:54 +01:00
Petr Lautrbach
19725a9954 fix bogus day names in changelog dates 2013-02-08 15:44:40 +01:00
Petr Lautrbach
cab7f53408 6.1p1-5 + 0.9.3-3 2013-02-08 14:56:47 +01:00
Petr Lautrbach
5bc906c19a change default value of MaxStartups - CVE-2010-5107 - #908707 2013-02-08 14:32:20 +01:00
Petr Lautrbach
87391b7d01 add BuildRequires: perl-podlators 2013-02-07 14:21:38 +01:00
Petr Lautrbach
7642de98e4 6.1p1-4 + 0.9.3-3 2012-12-03 17:16:39 +01:00
Petr Lautrbach
790103e764 6.1p1-3 + 0.9.3-3 2012-12-03 10:29:07 +01:00
Petr Lautrbach
fe661c5cbb obsolete RequiredAuthentications[12] options 2012-11-30 21:40:22 +01:00
Petr Lautrbach
5039c7c85d reformat several patches after openssh-6.1p1-authenticationmethods.patch 2012-11-30 16:25:51 +01:00
Petr Lautrbach
bffd1c2234 replace RequiredAuthentications2 with AuthenticationMethods according to upstream
the upstream refused original patch with RequiredAuthentications2, but they came with their own implementation of required authentications,
see https://bugzilla.mindrot.org/show_bug.cgi?id=983. The new method is more robust and flexible
it will be included in next openssh-6.2 release
2012-11-30 16:23:29 +01:00
Petr Lautrbach
ab30b92bd6 fix the man moduli page (#841065) 2012-11-06 09:59:17 +01:00
bach
f7f8b483b0 adapt openssh-6.1p1-akc.patch to the upstream version - https://bugzilla.mindrot.org/show_bug.cgi?id=1663 2012-11-05 14:43:22 +01:00
Petr Lautrbach
52c8eca4d9 fix gssapi canohost patch (#863350) 2012-10-30 11:06:45 +01:00
Petr Lautrbach
af2ebf77dc 6.1p1-2 + 0.9.3-3 2012-10-26 17:15:55 +02:00
Petr Lautrbach
afd52c4857 drop openssh-5.9p1-sftp-chroot.patch (#830237) 2012-10-26 17:04:25 +02:00
Petr Lautrbach
470ebd7abc add SELinux comment to /etc/ssh/sshd_config about SELinux command to modify port (#861400) 2012-10-26 16:34:55 +02:00
Petr Lautrbach
13cf2478d6 smartcard support is replaced with PKCS#11 support already in 5.4p1 https://bugzilla.mindrot.org/show_bug.cgi?id=1371 2012-10-26 15:42:59 +02:00
Petr Lautrbach
1a5c95ee57 drop required chkconfig (#865498) 2012-10-12 13:03:26 +02:00
Petr Lautrbach
d0630aa358 6.1p1-1 + 0.9.3-3 2012-09-15 13:48:14 +02:00
Petr Lautrbach
fd408ed2a5 to run tests use --with check 2012-09-15 13:48:13 +02:00
Petr Lautrbach
e58e548a57 don't use /bin and /sbin paths (#856590) 2012-09-15 13:48:13 +02:00
Petr Lautrbach
581bf30d07 don't use chroot_user_t for chrooted users (#830237) 2012-09-15 13:47:45 +02:00
Petr Lautrbach
9fe1afc163 rebase to openssh-6.1p1 (#852651) 2012-09-15 13:29:49 +02:00
Petr Lautrbach
51ca3be245 use DIR: kerberos cache type (#848228) 2012-09-15 13:28:23 +02:00
Petr Lautrbach
94943d59db replace scriptlets with systemd macros (#850249) 2012-09-15 13:28:01 +02:00
Petr Lautrbach
65ba94ef1a rebase to openssh-6.0p1
6.0p1-1 + 0.9.3-2
2012-08-06 21:33:33 +02:00
Petr Lautrbach
90e11f338c 5.9p1-26 + 0.9.3-1 2012-08-06 19:42:13 +02:00
Petr Lautrbach
5382ccbe9b handle crypt() returning NULL (#815993) 2012-08-06 09:08:52 +02:00
Petr Lautrbach
b648890ead 5.9p1-25 + 0.9.3-1 2012-07-27 14:35:43 +02:00
Tomas Mraz
e9620308c8 allow sha256 and sha512 hmacs in the FIPS mode 2012-07-17 21:03:59 +02:00
Tomas Mraz
4f4687ce80 fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent
is not running, most probably not exploitable
update pam_ssh_agent_auth to 0.9.3 upstream version
2012-06-22 14:52:35 +02:00
Petr Lautrbach
2649d91e06 5.9p1-22 + 0.9.2-32 2012-04-06 21:01:27 +02:00
Petr Lautrbach
009f534b09 don't install sshd-keygen.service (#810419) 2012-04-06 21:01:06 +02:00
Petr Lautrbach
7294a991a2 5.9p1-21 + 0.9.2-32 2012-03-30 20:07:50 +02:00
Petr Lautrbach
22f0191d84 5.9p1-20 + 0.9.2-32 2012-03-23 09:16:52 +01:00
Petr Lautrbach
1027fdc205 don't enable sshd-keygen.service (#805338) 2012-03-23 09:16:10 +01:00
Petr Lautrbach
33e0acc5ef 5.9p1-19 + 0.9.2-32 2012-02-22 09:03:07 +01:00
Petr Lautrbach
feb99ea644 Look for x11 forward sockets with AI_ADDRCONFIG flag getaddrinfo (#735889) 2012-02-14 18:11:26 +01:00
Petr Lautrbach
d3ab95741d 5.9p1-18 + 0.9.2-32 2012-02-06 22:16:49 +01:00
Petr Lautrbach
d9e6186c71 replace TwoFactorAuth with RequiredAuthentications[12]
https://bugzilla.mindrot.org/show_bug.cgi?id=983
2012-02-06 22:16:38 +01:00
Petr Lautrbach
21699d5622 5.9p1-17 + 0.9.2-32 2012-01-31 14:09:17 +01:00
Petr Lautrbach
cd5891d0d5 run privsep slave process as the users SELinux context (#781634) 2012-01-31 14:09:00 +01:00
Tomas Mraz
017c65d99b add CAVS test driver for the aes-ctr ciphers 2012-01-13 18:28:47 +01:00
Tomas Mraz
6148abd585 enable aes-ctr ciphers use the EVP engines from OpenSSL such as the AES-NI 2012-01-11 19:11:33 +01:00
Petr Lautrbach
2e12878998 5.9p1-14 + 0.9.2-32 2011-12-06 17:42:00 +01:00
Petr Lautrbach
5bd5aa2976 warn about unsupported option UsePAM=no (#757545) 2011-12-06 17:41:06 +01:00