Commit Graph

695 Commits

Author SHA1 Message Date
Jakub Jelen
acf98854ca Resolve segfault with auditing commands (#1203900) 2015-03-24 10:39:01 +01:00
Jakub Jelen
114dfef6d3 Make pam_ssh_agent compile with current ssh 2015-03-24 10:39:00 +01:00
Jakub Jelen
132f8f8686 6.8p1-1 + 0.9.3-5 2015-03-23 16:05:49 +01:00
Jakub Jelen
7b82d087e1 6.7p1-11 + 0.9.3-4 2015-03-12 11:46:33 +01:00
Jakub Jelen
c31740f8ea Fix tmpfiles to be more consistent with other config files in package (#1196807) 2015-03-12 11:45:59 +01:00
Jakub Jelen
558fb7b2f4 Add sftp option to force mode of created files 2015-03-11 18:09:06 +01:00
Jakub Jelen
c8062c4be3 Fix auditing when using combination of ForceCommand and PTY 2015-03-11 18:08:59 +01:00
Jakub Jelen
3bc8b8b1ac Ability to specify an arbitrary LDAP filter in ldap.conf for ssh-ldap-helper 2015-03-10 09:10:39 +01:00
Jakub Jelen
68fa4fb961 architecture dependent comments for seccomp filter (#1195065) 2015-03-10 07:12:13 +01:00
Jakub Jelen
7aa6321a86 6.7p1-10 + 0.9.3-4 2015-03-02 08:23:32 +01:00
Jakub Jelen
766438b1d5 Add tmpfiles.d entries (#1196807) 2015-03-02 08:23:31 +01:00
Jakub Jelen
c8b4078a3f 6.7p1-9 + 0.9.3-4 2015-02-27 18:44:47 +01:00
Jakub Jelen
bc083eb557 Adjust seccomp fiter for primary architectures and solve aarch64 issue (#1197051) 2015-02-27 18:22:34 +01:00
Jakub Jelen
cbda6f57fb Solve issue with ssh-copy-id and keys without trailing newline (#1093168) 2015-02-25 10:46:29 +01:00
Jakub Jelen
5f3c83fd09 6.7p1-8 + 0.9.3-4 2015-02-24 10:10:07 +01:00
Marcin Juszkiewicz
6656486e18 Add AArch64 support for seccomp_filter sandbox (#1195065) 2015-02-24 09:17:43 +01:00
Jakub Jelen
e0f867b153 6.7p1-7 + 0.9.3-4 2015-02-23 12:43:25 +01:00
Jakub Jelen
e3a6256653 Fix build issue without getuid32 2015-02-23 12:41:59 +01:00
Jakub Jelen
c13a4b7170 6.7p1-6 + 0.9.3-4 2015-02-23 12:18:07 +01:00
Jakub Jelen
d5a8001387 Fix seccomp filter for ix68 (#1194401), fix previous commit 2015-02-23 12:17:30 +01:00
Peter Robinson
b9846a816d fix if statement 2015-02-22 17:36:25 +00:00
Peter Robinson
74e740c136 Only use seccomp for sandboxing on supported platforms 2015-02-22 17:28:16 +00:00
Jakub Jelen
c6945293fd 6.7p1-4 + 0.9.3-4 2015-02-20 15:06:26 +01:00
Jakub Jelen
77f453b74d cleanup working directory, spec file and unused patches after rebase 2015-02-20 15:06:17 +01:00
Jakub Jelen
08cb909f5d Move cavs tests into subpackage -cavs (#1194320) 2015-02-20 13:24:42 +01:00
Jakub Jelen
2f556360f6 6.7p1-3 + 0.9.3-4 2015-02-18 16:11:48 +01:00
Jakub Jelen
6df422d544 Fix ssh-copy-id on non-sh shells (#1045191) 2015-02-18 16:01:39 +01:00
Jakub Jelen
bb3e880c01 Add SSH KDF CAVS test driver for future FIPS validation (#1193045) 2015-02-18 15:48:10 +01:00
Jakub Jelen
14c675f3a5 Use global hardening specification instead of hardening made by openssh.
Openssh uses by default -fPIE flag, which didn't allow to build
pam_ssh_agent_auth.so with from libssh.a.
Validated using /CoreOS/openssh/Regression/bz642927-add-relro-flag
2015-02-18 10:34:40 +01:00
Jakub Jelen
0a4ac4f4d3 Enable seccomp sandboxing after resolving problems with audit patch (#1062953) 2015-02-11 14:08:42 +01:00
Jakub Jelen
b552eb6714 Make output of sshd -T more consistent, using upstream patch (#1187521) 2015-02-03 14:17:05 +01:00
Jakub Jelen
580f986839 Update coverity patch after rebase to 6.7 2015-02-03 14:09:51 +01:00
Jakub Jelen
6c6416dc9d 6.7p1-2 + 0.9.3-4 2015-01-27 14:10:18 +01:00
Jakub Jelen
021326a6ae Fix audit patch after rebase to 6.7 2015-01-27 12:07:13 +01:00
Petr Lautrbach
9b4e25cce0 temporarily disable audit patch causing segmentation faults 2015-01-20 17:08:25 +01:00
Petr Lautrbach
f29c8784c6 restore tcp wrappers support, based on Debian patch
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
2015-01-20 17:06:46 +01:00
Petr Lautrbach
1900351913 6.7p1-1 + 0.9.3-4 2015-01-20 13:21:45 +01:00
Petr Lautrbach
b457c98bec use upstream FigerPrintHash for fingerprint - 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 2015-01-19 15:26:56 +01:00
Petr Lautrbach
98584338a4 fix direction in CRYPTO_SESSION audit message 2015-01-16 17:40:20 +01:00
Jakub Jelen
3ffcb799b3 Fix changelog entry 2015-01-15 15:03:12 +01:00
Jakub Jelen
2109ab67c2 6.6.1p1-11 + 0.9.3-3 2015-01-14 17:15:02 +01:00
Petr Lautrbach
140e5ca05d add new option GSSAPIEnablek5users and disable using ~/.k5users by default
CVE-2014-9278 (#1170745)
2015-01-14 17:10:40 +01:00
Jakub Jelen
9080a85b54 Update vendor-patchlevel string 2015-01-14 16:55:27 +01:00
Jakub Jelen
f92cd01d62 Update ldap extension to resolve #981058 2015-01-14 16:52:03 +01:00
Jakub Jelen
e581af0a84 Add missing documentation link to systemd service files (RHBZ#1181593) 2015-01-14 16:51:44 +01:00
Jakub Jelen
b9d68e7db4 Fix config parser for ip:port values (#1130733) 2015-01-14 16:48:32 +01:00
Jakub Jelen
fd06d69c6a Fix confusing error message in scp (#1142223) 2015-01-14 16:46:23 +01:00
Petr Lautrbach
62986c5e87 6.6.1p1-10 + 0.9.3-3 2014-12-19 10:24:59 +01:00
Petr Lautrbach
7a7b8f0984 log via monitor in chroots without /dev/log 2014-12-19 10:14:36 +01:00
Petr Lautrbach
720cf82ef2 record pfs= field in CRYPTO_SESSION audit event 2014-12-15 18:59:39 +01:00