1ba984dcf2
revert the default of KerberosUseKuserok back to yes ( #1153076 )
2014-10-24 23:50:09 +02:00
0f0e055d6a
Ignore SIGXFSZ in postauth monitor
...
https://bugzilla.mindrot.org/show_bug.cgi?id=2263
2014-09-29 08:37:05 +02:00
4b24967a9c
fix parsing of empty arguments in sshd_conf
...
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
2014-09-25 11:45:47 +02:00
c8fc193f3d
sshd-keygen - don't generate DSA and ED25519 host keys in FIPS mode
2014-09-23 12:29:25 +02:00
afde9f8153
6.6.1p1-5 + 0.9.3-3
2014-09-08 10:35:57 +02:00
ce2d80b4e7
don't consider a partial success as a failure
2014-09-04 16:33:25 +02:00
163064841f
apply RFC3454 stringprep to banners when possible
...
https://bugzilla.mindrot.org/show_bug.cgi?id=2058
2014-09-04 16:12:11 +02:00
c16b7033ca
change the rsa key generation error message due to FIPS restrictions in openssl
2014-09-02 15:41:51 +02:00
0a3f4e122d
set a client's address right after a connection is set
...
http://bugzilla.mindrot.org/show_bug.cgi?id=2257
2014-09-02 10:49:31 +02:00
662c5a05b3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-17 14:08:07 +00:00
e336e33a32
fix license handling
2014-07-18 19:28:30 -04:00
8ff21c966a
6.6.1p1-3 + 0.9.3-2
2014-07-18 08:38:51 +02:00
817071dc4d
standardise on NI_MAXHOST for gethostname() string lengths ( #1051490 )
2014-07-17 14:28:16 +02:00
cef0d582b6
6.6.1p1-2 + 0.9.3-2
2014-07-14 12:35:16 +02:00
d8b90ac6f8
minor spec file cleanup
2014-07-09 21:40:06 +02:00
8028159313
fix and rebase fips patch to 6.6.1p1
2014-07-09 21:16:53 +02:00
9f526c6f31
cleanup and remove FIPS code from audit patch
2014-07-09 21:08:53 +02:00
5160c9c8f3
rebase audit patch for 6.6.1p1
2014-07-08 17:42:18 +02:00
26621fa3b8
Add pam_reauthorize.so to sshd.pam ( #1115977 )
2014-07-08 12:46:52 +02:00
86f29c353e
bring back openssh-5.5p1-x11.patch
2014-07-03 16:42:56 +02:00
5fcfcac428
drop openssh-5.8p2-remove-stale-control-socket.patch
2014-07-03 16:23:00 +02:00
8b5feef2c8
bring back the openssh-5.8p2-sigpipe.patch
2014-07-03 16:14:38 +02:00
d1b0938acc
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-07 12:01:42 -05:00
7463b66c25
add missing patches and remove unused patches
2014-06-04 10:26:58 +02:00
3e1dd6c5fd
add forgotten openssh-6.6p1-gsskex.patch
2014-06-04 10:17:31 +02:00
5cde9cd3f2
6.6.1p1-1 + 0.9.3-2
2014-06-03 17:52:36 +02:00
d1c2eb285e
slightly change systemd units logic - use sshd-keygen.service ( #1066615 )
2014-06-03 17:47:56 +02:00
fb6f390a78
drop openssh-server-sysvinit subpackage
2014-06-03 17:42:49 +02:00
4253bf87ac
add support for ED25519 keys to sshd-keygen and sshd.sysconfig
2014-06-03 17:41:32 +02:00
44fb3c6aeb
OpenSSH 6.5 and 6.6 sometimes encode a value used in the
...
curve25519 key exchange incorrectly, causing connection failures
about 0.2% of the time when this method is used against a peer that
implements the method properly.
Fix the problem and disable the curve25519 KEX when speaking to
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
to enable the compatability code.
openssh-6.6.1p1
2014-06-03 17:18:36 +02:00
94c6f8ddcc
rebase to openssh-6.6p1
2014-06-03 16:51:07 +02:00
d75575229f
6.4p1-4 + 0.9.3-1
2014-05-15 10:37:16 +02:00
8f8619e1e6
ignore environment variables with embedded '=' or '\0' characters ( #1077843 )
...
CVE-2014-2532
2014-05-15 10:24:04 +02:00
d271e02296
prevent a server from skipping SSHFP lookup ( #1081338 )
...
CVE-2014-2653
2014-05-15 10:23:46 +02:00
9a031d2641
try CLOCK_BOOTTIME with fallback ( #1091992 )
2014-05-14 17:30:43 +02:00
f3b39bb6cb
don't clean up gssapi credentials by default ( #1055016 )
2014-02-26 17:08:07 +01:00
f9f83a00b5
make /etc/ssh/moduli file public ( #1043661 )
2014-02-26 15:54:02 +01:00
c3c35d5f25
fix ssh-copy-id ( #1058792 )
2014-02-26 14:53:23 +01:00
e2813b36f4
log fipscheck verification message into syslog authpriv
2014-02-26 14:52:42 +01:00
9060bbe156
sshd-keygen.service - don't check dsa key, use ecdsa instead
2014-02-19 13:58:34 +01:00
96df3b5ecb
use tty allocation for a remote scp
2014-01-23 18:30:39 +01:00
b898cbf5e1
Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set
2014-01-23 18:30:03 +01:00
084bc6fca5
FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A
2014-01-23 18:29:02 +01:00
222dd2e358
6.4p1-3 + 0.9.3-1
2013-12-11 14:32:11 +01:00
2b2955a332
use only rsa and ecdsa host keys by default
2013-12-11 14:28:49 +01:00
545aa0d026
sshd-keygen - create an ecdsa host key with 640 permissions ( #1023945 )
2013-12-09 11:14:59 +01:00
89d920b074
6.4p1-2 + 0.9.3-1
2013-11-26 15:28:39 +01:00
82d2beb4d4
fix fatal() cleanup in the audit patch ( #1029074 )
2013-11-26 13:22:08 +01:00
36a09e37e8
fix parsing logic of ldap.conf file ( #1033662 )
2013-11-26 11:10:04 +01:00
8f439b3006
minor change in HOWTO.ssh-keycat - s/AuthorizedKeysCommandRunAs/AuthorizedKeysCommandUser/
2013-11-25 15:40:42 +01:00
Petr Lautrbach
Stanislav Zidek
Peter Robinson
Tom Callaway
Stef Walter
Dennis Gilmore