6df422d544
Fix ssh-copy-id on non-sh shells ( #1045191 )
2015-02-18 16:01:39 +01:00
bb3e880c01
Add SSH KDF CAVS test driver for future FIPS validation ( #1193045 )
2015-02-18 15:48:10 +01:00
14c675f3a5
Use global hardening specification instead of hardening made by openssh.
...
Openssh uses by default -fPIE flag, which didn't allow to build
pam_ssh_agent_auth.so with from libssh.a.
Validated using /CoreOS/openssh/Regression/bz642927-add-relro-flag
2015-02-18 10:34:40 +01:00
0a4ac4f4d3
Enable seccomp sandboxing after resolving problems with audit patch ( #1062953 )
2015-02-11 14:08:42 +01:00
b552eb6714
Make output of sshd -T more consistent, using upstream patch ( #1187521 )
2015-02-03 14:17:05 +01:00
580f986839
Update coverity patch after rebase to 6.7
2015-02-03 14:09:51 +01:00
6c6416dc9d
6.7p1-2 + 0.9.3-4
2015-01-27 14:10:18 +01:00
021326a6ae
Fix audit patch after rebase to 6.7
2015-01-27 12:07:13 +01:00
9b4e25cce0
temporarily disable audit patch causing segmentation faults
2015-01-20 17:08:25 +01:00
f29c8784c6
restore tcp wrappers support, based on Debian patch
...
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
2015-01-20 17:06:46 +01:00
1900351913
6.7p1-1 + 0.9.3-4
2015-01-20 13:21:45 +01:00
b457c98bec
use upstream FigerPrintHash for fingerprint - 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994
2015-01-19 15:26:56 +01:00
3ffcb799b3
Fix changelog entry
2015-01-15 15:03:12 +01:00
2109ab67c2
6.6.1p1-11 + 0.9.3-3
2015-01-14 17:15:02 +01:00
140e5ca05d
add new option GSSAPIEnablek5users and disable using ~/.k5users by default
...
CVE-2014-9278 (#1170745 )
2015-01-14 17:10:40 +01:00
9080a85b54
Update vendor-patchlevel string
2015-01-14 16:55:27 +01:00
b9d68e7db4
Fix config parser for ip:port values ( #1130733 )
2015-01-14 16:48:32 +01:00
fd06d69c6a
Fix confusing error message in scp ( #1142223 )
2015-01-14 16:46:23 +01:00
62986c5e87
6.6.1p1-10 + 0.9.3-3
2014-12-19 10:24:59 +01:00
7a7b8f0984
log via monitor in chroots without /dev/log
2014-12-19 10:14:36 +01:00
720cf82ef2
record pfs= field in CRYPTO_SESSION audit event
2014-12-15 18:59:39 +01:00
276c16ce71
6.6.1p1-9 + 0.9.3-3
2014-12-03 18:18:19 +01:00
56a647f5e3
the .local domain example should be in ssh_config, not in sshd_config
2014-12-03 18:15:25 +01:00
08fe9e8e47
use different values for DH for Cisco servers ( #1026430 )
2014-12-03 17:10:47 +01:00
823364a11e
6.6.1p1-8 + 0.9.3-3
2014-11-13 22:21:52 +01:00
44f0ac8d08
fix several coverity issues Resolves: rhbz#1139794
2014-11-13 22:16:51 +01:00
a1e1ac2bfc
6.6.1p1-7 + 0.9.3-3
2014-11-07 12:53:03 +01:00
3b7c8620a1
6.6.1p1-6 + 0.9.3-3
2014-11-04 19:09:42 +01:00
5296a797aa
privsep_preauth: use SELinux context from selinux-policy ( #1008580 )
2014-11-04 19:06:14 +01:00
0f0e055d6a
Ignore SIGXFSZ in postauth monitor
...
https://bugzilla.mindrot.org/show_bug.cgi?id=2263
2014-09-29 08:37:05 +02:00
4b24967a9c
fix parsing of empty arguments in sshd_conf
...
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
2014-09-25 11:45:47 +02:00
afde9f8153
6.6.1p1-5 + 0.9.3-3
2014-09-08 10:35:57 +02:00
ce2d80b4e7
don't consider a partial success as a failure
2014-09-04 16:33:25 +02:00
163064841f
apply RFC3454 stringprep to banners when possible
...
https://bugzilla.mindrot.org/show_bug.cgi?id=2058
2014-09-04 16:12:11 +02:00
0a3f4e122d
set a client's address right after a connection is set
...
http://bugzilla.mindrot.org/show_bug.cgi?id=2257
2014-09-02 10:49:31 +02:00
662c5a05b3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
2014-08-17 14:08:07 +00:00
e336e33a32
fix license handling
2014-07-18 19:28:30 -04:00
8ff21c966a
6.6.1p1-3 + 0.9.3-2
2014-07-18 08:38:51 +02:00
817071dc4d
standardise on NI_MAXHOST for gethostname() string lengths ( #1051490 )
2014-07-17 14:28:16 +02:00
cef0d582b6
6.6.1p1-2 + 0.9.3-2
2014-07-14 12:35:16 +02:00
d8b90ac6f8
minor spec file cleanup
2014-07-09 21:40:06 +02:00
8028159313
fix and rebase fips patch to 6.6.1p1
2014-07-09 21:16:53 +02:00
5160c9c8f3
rebase audit patch for 6.6.1p1
2014-07-08 17:42:18 +02:00
86f29c353e
bring back openssh-5.5p1-x11.patch
2014-07-03 16:42:56 +02:00
5fcfcac428
drop openssh-5.8p2-remove-stale-control-socket.patch
2014-07-03 16:23:00 +02:00
8b5feef2c8
bring back the openssh-5.8p2-sigpipe.patch
2014-07-03 16:14:38 +02:00
d1b0938acc
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-07 12:01:42 -05:00
5cde9cd3f2
6.6.1p1-1 + 0.9.3-2
2014-06-03 17:52:36 +02:00
fb6f390a78
drop openssh-server-sysvinit subpackage
2014-06-03 17:42:49 +02:00
44fb3c6aeb
OpenSSH 6.5 and 6.6 sometimes encode a value used in the
...
curve25519 key exchange incorrectly, causing connection failures
about 0.2% of the time when this method is used against a peer that
implements the method properly.
Fix the problem and disable the curve25519 KEX when speaking to
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
to enable the compatability code.
openssh-6.6.1p1
2014-06-03 17:18:36 +02:00
Jakub Jelen
Petr Lautrbach
Peter Robinson
Tom Callaway
Dennis Gilmore