0b5300a59c
Add legacy sshd-keygen for anaconda ( #1331077 )
2016-04-29 13:41:38 +02:00
1380564732
openssh-7.2p2-5 + 0.10.2-3
2016-04-22 14:52:57 +02:00
b7de610db3
Fix typo about sshd-keygen in sysconfig ( #1325535 )
2016-04-22 14:50:30 +02:00
cf4e3a1844
Fix for CVE-2015-8325 ( #1328013 )
2016-04-18 12:39:11 +02:00
58d2868dfe
openssh-7.2p2-4 + 0.10.2-3
2016-04-15 17:56:43 +02:00
5489ace8dc
Add sshd-keygen.target to abstract key creation from sshd.service and sshd@.service ( #1325535 )
...
* PartOf is needed to trigger sshd-keygen checks for sshd.service restarts
* sshd-keygen.target makes a level of abstraction to eliminate dupplicate
dependencies on both sshd and sshd@ services
2016-04-15 17:05:32 +02:00
461b3af818
Remove unused sshd init script
2016-04-15 17:04:59 +02:00
32a74888d5
openssh-7.2p2-3 + 0.10.2-3
2016-04-13 13:44:58 +02:00
00c7b75439
Make sshd-keygen comply with packaging guidelines ( #1325535 )
2016-04-13 13:42:12 +02:00
3d2c14680b
Soft-deny socket() syscall in seccomp sandbox ( #1324493 )
...
* Used for ecdh-sha2-nistp* key exchange methods in FIPS mode
2016-04-11 16:14:25 +02:00
0509c6c977
Remove *sha1 Kex in FIPS mode ( #1324493 )
2016-04-11 13:16:52 +02:00
117a730ded
Remove *gcm ciphers in FIPS mode ( #1324493 )
2016-04-11 13:16:44 +02:00
f7e56a52db
openssh-7.2p2-2 + 0.10.2-3
2016-04-06 13:01:29 +02:00
fc0cf7f8d5
Fix GSSAPI Key Exchange for older clients ( #1323622 )
...
Failed with older clients, because server was doing signature over
different data than the verifying client. It was caused by bump of
minimal DH groups offered by server and a bug in code, which was
using max(client_min, server_min) instead of client_min as proposed
by RFC4462.
2016-04-06 12:53:37 +02:00
bda184b249
pam_ssh_agent_auth: prevent using MD5 in Fips mode
2016-03-16 09:40:35 +01:00
53c9992786
Drop init scripts dependency from sshd-keygen ( #1317722 )
2016-03-15 09:06:10 +01:00
9163ba11f1
openssh-7.2p2-1 + 0.10.2-3
2016-03-10 13:36:41 +01:00
28ce052525
Audit: Cleanup for upstream proposal
...
* whitespace cleanup
* use constants instead of magic numbers
* get rid of backup_state from old API
* proper conditionalization of audit code
* remove ancient fingerprint_prefix() function
2016-03-04 17:36:08 +01:00
0bdae3b8df
openssh-7.2p1-1 + 0.10.2-2
2016-03-03 17:59:53 +01:00
e762f7265e
Restore slogin symlinks
2016-03-03 17:48:20 +01:00
13bf5bef36
Forgotten rebased FIPS patch
2016-02-29 15:16:45 +01:00
13073f8d9c
openssh-7.2p1-1 ( #1312870 )
2016-02-29 15:01:33 +01:00
46445f1c7a
openssh-7.1p2-4 + 0.10.2-1
2016-02-25 10:38:09 +01:00
44fc97266b
Audit race condition resolved ( #1308295 )
2016-02-25 10:37:22 +01:00
7b15444065
Fix X11 forwarding CVE according to upstream
2016-02-24 09:51:43 +01:00
4fdc3c59c4
Fix problem when running without privsep ( #1303910 )
2016-02-24 09:51:43 +01:00
700da17374
Remove hard glob limit since the CVE introducing this one is unrelated.
2016-02-24 09:51:43 +01:00
b2b837ad97
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-04 11:34:23 +00:00
8ddd3edcd8
openssh-7.1p2-3 + 0.10.2-1
2016-01-30 01:18:26 +01:00
ca79709ade
Silently disable X11 forwarding
...
Based on feedback on previous update:
https://bodhi.fedoraproject.org/updates/FEDORA-2016-47ac27532d
2016-01-30 01:18:12 +01:00
c08255b7b1
Fix pam_ssh_agent_auth segfaults with non-accepted keys ( #1303036 )
2016-01-30 01:18:06 +01:00
d1b43a2865
Update sshd service file to forking (as #1291172 )
2016-01-26 13:54:53 +01:00
7adf5f4c63
Missing pam_ssh_agent_auth sources
2016-01-26 09:10:27 +01:00
6c2eb5e22d
openssh-7.1p2-2 + 0.10.2-1
2016-01-26 09:00:28 +01:00
38c7737421
Remove defattr from spec file
...
Mailing list thread:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/KEO7AX3JXR2TY6OVL4M7HDISZ6YIJNKU/
2016-01-26 09:00:28 +01:00
733cea720e
CVE-2016-1908: Prevent possible fallback from untrusted to trusted X11 forwarding
...
Upstream commits:
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f
2016-01-26 09:00:23 +01:00
87ab5fc4af
Reabse to latest release of pam_ssh_agent_auth with preserving current functionality
...
* Rebase to latest upstream version
* Clean up older patches for pam_ssh_agent_auth
* Remove prefixes from upstream release so we can build it against current
openssh library
* Remove copied files and headers so we make sure we build against current openssh
2016-01-25 13:32:42 +01:00
7bc64374b0
openssh-7.1p2-1 + 0.9.2-9
2016-01-14 16:11:06 +01:00
b2191db92e
openssh-7.1p1-7 + 0.9.2-8
2016-01-12 13:15:33 +01:00
af94f46861
Fix condition to run sshd-keygen
...
When the first boot fails for some reason and the host keys files
are created, but the content not synced into the disk, during the
second boot, the keygen is not run, but the sshd will not start.
Changing condition mitigates this case.
2016-01-12 13:14:58 +01:00
06b1d5330a
Make ssh-keysign world readable ( #1296724 )
2016-01-08 13:22:09 +01:00
f26cd8d6ee
Update ssh-agent permissions ( #1296724 )
...
* It is no longer required to have ssh-agent with suid bit, because
the ptrace attach is prevented using PR_SET_DUMPABLE 0 [1]
[1] https://anongit.mindrot.org/openssh.git/commit/?id=6c4914afccb0c188a2c412d12dfb1b73e362e07e
2016-01-08 11:27:02 +01:00
7c5d0a686c
Make sure the semantics of %global macro stays the same as before a0e252571b
2016-01-08 09:15:52 +01:00
da62b78673
Do not check for openssl based keys if built without openssl
2016-01-05 12:48:00 +01:00
62897e51d6
Do not set default values for GSSAPI when building without GSSAPI
2016-01-05 12:41:38 +01:00
e1b19de52a
Fix wrong handling of LEGACY environment variable
2016-01-05 12:39:40 +01:00
a0e252571b
Change %define to %global according to packaging guidelines
...
Based on discussion started on fedora-devel:
https://lists.fedoraproject.org/archives/list/devel%40lists.fedoraproject.org/thread/AS35NKZSAWRIKY77IUYOVNFAT6AJQVAU/
2016-01-04 10:41:27 +01:00
c45d147a86
openssh-7.1p1-6 + 0.9.2-8
2015-12-18 14:36:00 +01:00
f6bd29aaca
Preserve IUTF8 tty mode flag over ssh connections ( #1270248 )
2015-12-18 14:36:00 +01:00
c9e7e79685
Compatibility SSH_COPY_ID_LEGACY for ssh-copy-id
2015-12-18 14:36:00 +01:00
Jakub Jelen
Fedora Release Engineering