Commit Graph

473 Commits

Author SHA1 Message Date
Jakub Jelen
e3688ed6ab 6.4p1-8 + 0.9.3-1 2015-01-15 15:27:59 +01:00
Petr Lautrbach
e83e64b469 add new option GSSAPIEnablek5users and disable using ~/.k5users by default CVE-2014-9278 (#1170745) 2015-01-15 15:27:59 +01:00
Jakub Jelen
6d6c363361 Update vendor-patchlevel string 2015-01-15 15:27:59 +01:00
Jakub Jelen
6b64f7566c Fix config parser for ip:port values (#1130733) 2015-01-15 15:27:59 +01:00
Jakub Jelen
87ef7b8238 Fix confusing error message in scp (#1142223) 2015-01-15 15:27:59 +01:00
Jakub Jelen
91cb47ec28 backport fix for sftp prepending remote directory to relative symlinks (#825538) 2015-01-09 17:21:15 +01:00
Petr Lautrbach
2de83b1356 6.4p1-7 + 0.9.3-1 2014-12-04 14:30:46 +01:00
Petr Lautrbach
2f3cd96ab9 use different values for DH for Cisco servers (#1026430) 2014-12-04 14:30:23 +01:00
Petr Lautrbach
b64b2cc975 6.4p1-6 + 0.9.3-1 2014-11-11 16:06:16 +01:00
Petr Lautrbach
4a92081130 fix kuserok patch which checked for the existence of .k5login unconditionally and hence prevented other mechanisms to be used properly 2014-11-11 11:34:18 +01:00
Petr Lautrbach
3c7aefbbeb Ignore SIGXFSZ in postauth monitor
https://bugzilla.mindrot.org/show_bug.cgi?id=2263
2014-11-10 14:39:23 +01:00
Petr Lautrbach
f9f5754ffc fix parsing of empty arguments in sshd_conf
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
2014-11-10 10:58:25 +01:00
Petr Lautrbach
2ab5418106 don't consider a partial success as a failure 2014-11-10 10:53:49 +01:00
Petr Lautrbach
a1fe096ff3 apply RFC3454 stringprep to banners when possible
https://bugzilla.mindrot.org/show_bug.cgi?id=2058
2014-11-10 10:51:04 +01:00
Petr Lautrbach
9f170e3ec1 set a client's address right after a connection is set
http://bugzilla.mindrot.org/show_bug.cgi?id=2257
2014-11-10 10:30:45 +01:00
Petr Lautrbach
81226fcc51 6.4p1-5 + 0.9.3-1 2014-07-18 08:42:26 +02:00
Petr Lautrbach
66d55f7a69 standardise on NI_MAXHOST for gethostname() string lengths (#1051490) 2014-07-17 18:30:37 +02:00
Petr Lautrbach
d75575229f 6.4p1-4 + 0.9.3-1 2014-05-15 10:37:16 +02:00
Petr Lautrbach
8f8619e1e6 ignore environment variables with embedded '=' or '\0' characters (#1077843)
CVE-2014-2532
2014-05-15 10:24:04 +02:00
Petr Lautrbach
d271e02296 prevent a server from skipping SSHFP lookup (#1081338)
CVE-2014-2653
2014-05-15 10:23:46 +02:00
Petr Lautrbach
9a031d2641 try CLOCK_BOOTTIME with fallback (#1091992) 2014-05-14 17:30:43 +02:00
Petr Lautrbach
f9f83a00b5 make /etc/ssh/moduli file public (#1043661) 2014-02-26 15:54:02 +01:00
Petr Lautrbach
96df3b5ecb use tty allocation for a remote scp 2014-01-23 18:30:39 +01:00
Petr Lautrbach
b898cbf5e1 Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set 2014-01-23 18:30:03 +01:00
Petr Lautrbach
084bc6fca5 FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A 2014-01-23 18:29:02 +01:00
Petr Lautrbach
222dd2e358 6.4p1-3 + 0.9.3-1 2013-12-11 14:32:11 +01:00
Petr Lautrbach
89d920b074 6.4p1-2 + 0.9.3-1 2013-11-26 15:28:39 +01:00
Petr Lautrbach
09e9ef3d7c 6.4p1-1 + 0.9.3-1 2013-11-08 14:04:33 +01:00
Petr Lautrbach
3ed6191f56 6.3p1-5 + 0.9.3-7 2013-11-01 17:07:27 +01:00
Petr Lautrbach
5795323a53 don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> (#1024965) 2013-11-01 17:06:02 +01:00
Petr Lautrbach
7feb965804 6.3p1-4 + 0.9.3-6 2013-10-25 15:46:49 +02:00
Petr Lautrbach
2add7a8ff5 rebuild with openssl-1.0.1e-29.fc20 to enable ECC support 2013-10-25 15:19:26 +02:00
Petr Lautrbach
f0aa6e5f51 rebuild with openssl-1.0.1e-29.fc20 to enable ECC support 2013-10-25 14:46:48 +02:00
Petr Lautrbach
a5e23f2861 6.3p1-3 + 0.9.3-6 2013-10-24 16:45:21 +02:00
Petr Lautrbach
ff7a26b109 6.3p1-2 + 0.9.3-6 2013-10-23 23:14:38 +02:00
Petr Lautrbach
1f36406833 Increase the size of the Diffie-Hellman groups requested for a each
symmetric key size.  New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419.  Pointed out by Peter Backes, ok
djm@. (#1010607)
2013-10-23 22:41:53 +02:00
Petr Lautrbach
d088f94bd9 use default_ccache_name from /etc/krb5.conf for a kerberos cache (#991186) 2013-10-23 22:08:19 +02:00
Petr Lautrbach
e40d5d19d9 added Obsoletes: *fips 2013-10-15 17:55:40 +02:00
Petr Lautrbach
a92e916970 6.3p1-1 + 0.9.3-6 2013-10-14 15:55:03 +02:00
Petr Lautrbach
84822b5dec rebase for openssh-6.3p1, remove unused patches (#1007769) 2013-10-14 15:54:41 +02:00
Petr Lautrbach
c33ef551ca 6.2p2-9 + 0.9.3-5 2013-10-08 17:28:16 +02:00
Petr Lautrbach
2ae5f9ff89 Revert "add -fips subpackages that contains the FIPS module files"
This reverts commit 227f4f7628.
2013-10-08 17:13:39 +02:00
Petr Lautrbach
d4d8299c30 Revert "add missing Requires: openssl-fips in -fips subpackages"
This reverts commit a19397fdd2.

Conflicts:
	openssh.spec
2013-10-08 17:06:14 +02:00
Petr Lautrbach
b61d9c10d3 Revert "use hmac_suffix for ssh{,d} hmac checksums"
This reverts commit c6724c72f4.
2013-10-08 17:04:53 +02:00
Petr Lautrbach
0cc0054215 Revert "use {?dist} tag in suffixes for hmac checksum files"
This reverts commit 15244ec178.
2013-10-08 17:04:40 +02:00
Petr Lautrbach
f344f8490c 6.2p2-8 + 0.9.3-5 2013-09-25 14:13:01 +02:00
Petr Lautrbach
15244ec178 use {?dist} tag in suffixes for hmac checksum files 2013-09-20 17:11:49 +02:00
Petr Lautrbach
eba55f9c1b 6.2p2-7 + 0.9.3-5 2013-09-11 16:54:14 +02:00
Petr Lautrbach
c6724c72f4 use hmac_suffix for ssh{,d} hmac checksums 2013-09-11 16:05:58 +02:00
Petr Lautrbach
a19397fdd2 add missing Requires: openssl-fips in -fips subpackages
6.2p2-6.1 + 0.9.3-5
2013-08-29 09:32:04 +02:00