c45d147a86
openssh-7.1p1-6 + 0.9.2-8
2015-12-18 14:36:00 +01:00
f6bd29aaca
Preserve IUTF8 tty mode flag over ssh connections ( #1270248 )
2015-12-18 14:36:00 +01:00
c9e7e79685
Compatibility SSH_COPY_ID_LEGACY for ssh-copy-id
2015-12-18 14:36:00 +01:00
86f52d4e69
Rebase downstream patches of ssh-copy-id into one from upstream
...
Source:
http://git.hands.com/ssh-copy-id
2015-12-16 15:40:10 +01:00
d9d9575f00
GSSAPI Key Exchange documentation improvements
...
from Debian patches:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765655
2015-12-10 15:37:52 +01:00
f33aef5318
Remove unused patches
2015-12-08 14:22:44 +01:00
5410d2d3a7
Do not require sysconfig file to start service ( #1279521 )
2015-11-09 17:10:15 +01:00
ef86a312db
openssh-7.1p1-5 + 0.9.2-8
2015-11-04 10:18:50 +01:00
b6d4dc0a6f
Do not set user context too many times for root logins ( #1269072 )
2015-11-04 10:17:32 +01:00
fa54d5472d
openssh-7.1p1-4 + 0.9.2-8
2015-10-22 14:55:07 +02:00
aa9a7754ed
Audit implicit mac, if mac is covered in cipher ( #1271694 )
...
For example chacha20-poly1305@openssh.com is AEAD (Authenticated Encryption with Associated Data) cipher and thus there is no separate MAC when it is used.
2015-10-22 14:53:36 +02:00
0ebe96b604
Handle root logins the same way as other users ( #1269072 )
...
root users are unconfined by definition, but they can be limited by SELinux so having privilege separation still makes sense. As a consequence we can remove hunk that handled this condition if we skipped forking.
2015-10-22 14:52:55 +02:00
22a08c3da4
Review SELinux user context handling after authentication ( #1269072 )
...
The previous required to have for all SELInux user contexts with setexec capability. Otherwise user would not be able to change password if it is expired. This patch sets correct context and cleans up the exec context.
When doing chroot, copy_selinux_context is called twice
2015-10-15 16:21:33 +02:00
8395bb78d0
Increase size limit of glob structures in sftp
2015-09-30 15:27:08 +02:00
a80c277795
openssh-7.1p1-3 + 0.9.2-8
2015-09-25 14:10:39 +02:00
a01bd486f0
Fix obsolete usage of SELinux constants ( #1261496 )
2015-09-25 14:10:25 +02:00
bf69b47630
Allow gss-keyex root login when without-password is set ( #2456 )
...
Reported upstream, but applicable also for our gss-keyex patch:
https://bugzilla.mindrot.org/show_bug.cgi?id=2456
2015-09-24 15:57:11 +02:00
6bf47e3d35
Having no keys is not fatal in gssapi key exchange ( #1261414 )
2015-09-24 15:57:11 +02:00
9a804fa266
Apply GSSAPI key exchange methods in client offered list ( #1261414 )
2015-09-24 15:57:11 +02:00
c6ba7b1e09
Return back forgotten patch which prevent connection using GSSAPI key exchange ( #1261414 )
2015-09-24 15:57:11 +02:00
812f08d95e
Provide full RELRO and PIE form askpass helper ( #1264036 )
2015-09-24 15:57:11 +02:00
3e5d955bcb
Fix FIPS mode for DH kex ( #1260253 )
2015-09-11 11:32:37 +02:00
98262158d8
openssh-7.1p1-2 + 0.9.2-8
2015-09-09 14:29:31 +02:00
c4c52b0667
Fix warnings produced by gcc
...
related to
* ssh-keysign and fingerprint algorithms
* ssh and GSSAPI algorithms validation
2015-09-09 10:59:19 +02:00
757fec581b
openssh-7.1p1-1 + 0.9.3-8
2015-08-22 22:22:48 +02:00
ccd186847a
Add corresponding options for ssh1 configure
2015-08-22 22:22:48 +02:00
c98f559725
HostKeyAlgorithms option on server is broken when using + sign
2015-08-22 22:22:48 +02:00
ebdae84225
openssh-7.0p1-2 + 0.9.3-7
2015-08-19 13:49:45 +02:00
18e54994fa
Fix typo in version string
2015-08-19 13:47:28 +02:00
4df30a2a72
Possibility to validate legacy systems by more fingerprints ( #1249626 )
2015-08-19 13:43:36 +02:00
bc4ef0f373
Add GSSAPIKexAlgorithms option for server and client application
2015-08-19 13:18:07 +02:00
459bd27529
Fix problem with DSA keys using pam_ssh_agent_auth ( #1251777 )
2015-08-17 16:27:38 +02:00
d0337fc530
Forgotten sources :(
2015-08-13 18:03:38 +02:00
3f55133c24
openssh-7.0p1-1 + 6.9.3-7
...
New upstream release (#1252639 )
- allow root login in default config
Security: Use-after-free bug related to PAM support (#1252853 )
Security: Privilege separation weakness related to PAM support (#1252854 )
Security: Incorrectly set TTYs to be world-writable (#1252862 )
2015-08-13 17:44:41 +02:00
2939c322fa
Create openssh-clients-ssh1 subpackage with tools for protocol SSHv1
2015-08-13 17:44:41 +02:00
405790ef61
Fix pam_ssh_agent_auth after rebase ( #1251777 )
2015-08-11 17:58:03 +02:00
1d50678457
Remove obsolete triggerruns for migration to systemd
...
- overlapping versions are not supported by current rpm
2015-07-28 13:08:55 +02:00
6286d6a8e6
6.9p1-4 + 0.9.3-6
2015-07-28 11:24:35 +02:00
67938e0c00
Handle terminal control characters in scp progressmeter ( #1247204 )
2015-07-28 11:23:51 +02:00
83bfb1fce5
6.9p1-3 + 0.9.3-6
2015-07-23 11:12:19 +02:00
c6d2eca7de
only query each keyboard-interactive device once ( #1245971 )
...
Upstream commit
https://anongit.mindrot.org/openssh.git/commit/?id=5b64f85bb811246c59ebab70aed331f26ba37b18
2015-07-23 11:06:12 +02:00
ca62b6133e
6.9p1-2 + 0.9.3-6
2015-07-15 09:44:37 +02:00
6e9574d7ec
Fix race condition with auditing messages answers ( #1242682 )
2015-07-15 08:35:18 +02:00
a4d9cd5694
Patch name, formating
2015-07-08 12:24:34 +02:00
58ba50440e
Allow building seccomp filters also for s390(x) architectures ( #1195065 )
2015-07-02 17:10:58 +02:00
274e22c863
Forgotten sources
2015-07-01 17:54:29 +02:00
187a349ee6
6.9p1-1 + 0.9.3-6
2015-07-01 15:51:20 +02:00
5de6c89ff2
Correctly revert "PermitRootLogin no" option from upstream sources
2015-07-01 15:51:20 +02:00
535d341e70
rebase to new upstream release 6.9
2015-07-01 15:51:01 +02:00
21bee694ac
Increase limitation number of files which can be listed using glob in sftp
2015-06-25 16:10:55 +02:00
Jakub Jelen