5160c9c8f3
rebase audit patch for 6.6.1p1
2014-07-08 17:42:18 +02:00
86f29c353e
bring back openssh-5.5p1-x11.patch
2014-07-03 16:42:56 +02:00
5fcfcac428
drop openssh-5.8p2-remove-stale-control-socket.patch
2014-07-03 16:23:00 +02:00
8b5feef2c8
bring back the openssh-5.8p2-sigpipe.patch
2014-07-03 16:14:38 +02:00
d1b0938acc
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-07 12:01:42 -05:00
5cde9cd3f2
6.6.1p1-1 + 0.9.3-2
2014-06-03 17:52:36 +02:00
fb6f390a78
drop openssh-server-sysvinit subpackage
2014-06-03 17:42:49 +02:00
44fb3c6aeb
OpenSSH 6.5 and 6.6 sometimes encode a value used in the
...
curve25519 key exchange incorrectly, causing connection failures
about 0.2% of the time when this method is used against a peer that
implements the method properly.
Fix the problem and disable the curve25519 KEX when speaking to
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
to enable the compatability code.
openssh-6.6.1p1
2014-06-03 17:18:36 +02:00
94c6f8ddcc
rebase to openssh-6.6p1
2014-06-03 16:51:07 +02:00
d75575229f
6.4p1-4 + 0.9.3-1
2014-05-15 10:37:16 +02:00
8f8619e1e6
ignore environment variables with embedded '=' or '\0' characters ( #1077843 )
...
CVE-2014-2532
2014-05-15 10:24:04 +02:00
d271e02296
prevent a server from skipping SSHFP lookup ( #1081338 )
...
CVE-2014-2653
2014-05-15 10:23:46 +02:00
9a031d2641
try CLOCK_BOOTTIME with fallback ( #1091992 )
2014-05-14 17:30:43 +02:00
f9f83a00b5
make /etc/ssh/moduli file public ( #1043661 )
2014-02-26 15:54:02 +01:00
96df3b5ecb
use tty allocation for a remote scp
2014-01-23 18:30:39 +01:00
b898cbf5e1
Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set
2014-01-23 18:30:03 +01:00
084bc6fca5
FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A
2014-01-23 18:29:02 +01:00
222dd2e358
6.4p1-3 + 0.9.3-1
2013-12-11 14:32:11 +01:00
89d920b074
6.4p1-2 + 0.9.3-1
2013-11-26 15:28:39 +01:00
09e9ef3d7c
6.4p1-1 + 0.9.3-1
2013-11-08 14:04:33 +01:00
3ed6191f56
6.3p1-5 + 0.9.3-7
2013-11-01 17:07:27 +01:00
5795323a53
don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> ( #1024965 )
2013-11-01 17:06:02 +01:00
7feb965804
6.3p1-4 + 0.9.3-6
2013-10-25 15:46:49 +02:00
2add7a8ff5
rebuild with openssl-1.0.1e-29.fc20 to enable ECC support
2013-10-25 15:19:26 +02:00
f0aa6e5f51
rebuild with openssl-1.0.1e-29.fc20 to enable ECC support
2013-10-25 14:46:48 +02:00
a5e23f2861
6.3p1-3 + 0.9.3-6
2013-10-24 16:45:21 +02:00
ff7a26b109
6.3p1-2 + 0.9.3-6
2013-10-23 23:14:38 +02:00
1f36406833
Increase the size of the Diffie-Hellman groups requested for a each
...
symmetric key size. New values from NIST Special Publication 800-57 with
the upper limit specified by RFC4419. Pointed out by Peter Backes, ok
djm@. (#1010607 )
2013-10-23 22:41:53 +02:00
d088f94bd9
use default_ccache_name from /etc/krb5.conf for a kerberos cache ( #991186 )
2013-10-23 22:08:19 +02:00
e40d5d19d9
added Obsoletes: *fips
2013-10-15 17:55:40 +02:00
a92e916970
6.3p1-1 + 0.9.3-6
2013-10-14 15:55:03 +02:00
84822b5dec
rebase for openssh-6.3p1, remove unused patches ( #1007769 )
2013-10-14 15:54:41 +02:00
c33ef551ca
6.2p2-9 + 0.9.3-5
2013-10-08 17:28:16 +02:00
2ae5f9ff89
Revert "add -fips subpackages that contains the FIPS module files"
...
This reverts commit 227f4f7628
2013-10-08 17:13:39 +02:00
d4d8299c30
Revert "add missing Requires: openssl-fips in -fips subpackages"
...
This reverts commit a19397fdd2
2013-10-08 17:06:14 +02:00
b61d9c10d3
Revert "use hmac_suffix for ssh{,d} hmac checksums"
...
This reverts commit c6724c72f4
2013-10-08 17:04:53 +02:00
0cc0054215
Revert "use {?dist} tag in suffixes for hmac checksum files"
...
This reverts commit 15244ec178
2013-10-08 17:04:40 +02:00
f344f8490c
6.2p2-8 + 0.9.3-5
2013-09-25 14:13:01 +02:00
15244ec178
use {?dist} tag in suffixes for hmac checksum files
2013-09-20 17:11:49 +02:00
eba55f9c1b
6.2p2-7 + 0.9.3-5
2013-09-11 16:54:14 +02:00
c6724c72f4
use hmac_suffix for ssh{,d} hmac checksums
2013-09-11 16:05:58 +02:00
a19397fdd2
add missing Requires: openssl-fips in -fips subpackages
...
6.2p2-6.1 + 0.9.3-5
2013-08-29 09:32:04 +02:00
f4e927b62d
6.2p2-6 + 0.9.3-5
2013-08-28 21:28:04 +02:00
227f4f7628
add -fips subpackages that contains the FIPS module files
2013-08-28 19:37:08 +02:00
631ffb2c5b
6.2p2-5 + 0.9.3-5
2013-08-01 09:50:41 +02:00
115aad3f92
6.2p2-4 + 0.9.3-5
2013-07-23 16:01:17 +02:00
17df27c668
don't show Success for EAI_SYSTEM ( #985964 )
2013-07-23 12:07:49 +02:00
2ee6810919
make sftp's libedit interface marginally multibyte aware ( #841771 )
2013-06-19 17:10:49 +02:00
66608a1ded
6.2p2-3 + 0.9.3-5
2013-06-17 17:30:04 +02:00
e99c4840f1
6.2p2-2 + 0.9.3-5
2013-05-21 18:38:15 +02:00
678b8081f1
add socket activated sshd units to the package ( #963268 )
2013-05-21 18:37:18 +02:00
21acbc4795
6.2p2-1 + 0.9.3-5
2013-05-20 09:31:57 +02:00
d48f1a7bde
always use /sbin/nologin as privsep user's shell
2013-04-24 18:08:00 +02:00
a92d7445da
6.2p1-4 + 0.9.3-4
2013-04-17 17:12:32 +02:00
1d76d11f64
cleanup spec file and patches
2013-04-16 18:30:43 +02:00
c276d31b49
6.2p1-3 + 0.9.3-4
2013-04-16 18:15:20 +02:00
894ab5eaaf
add latest config.{sub,guess} to support aarch64 ( #926284 )
2013-04-16 18:12:15 +02:00
1042786f58
6.2p1-2 + 0.9.3-4
2013-04-09 23:25:17 +02:00
fcef7f6231
keep track of which IndentityFile options were manually supplied and which were default options, and don't warn if the latter are missing. (mindrot#2084)
2013-04-09 23:22:42 +02:00
b6f89abe5c
6.2p1-1 + 0.9.3-4
2013-04-09 00:07:04 +02:00
d3d59da0b5
merge all -audit* patches together
2013-04-08 17:17:10 +02:00
8d97022c57
build regress/modpipe tests with $(CFLAGS)
2013-04-04 16:50:06 +02:00
8a29dedfa7
rebase to openssh-6.2p1 ( #924727 )
...
ACSS was removed from upstream sources
2013-04-04 16:49:30 +02:00
1b95bc38df
6.1p1-7 + 0.9.3-3
2013-03-06 10:41:50 +01:00
2a7883d153
6.1p1-6 + 0.9.3-3
2013-02-14 18:08:21 +01:00
d2b3b9a27e
pam_ssh_agent_auth - change paths from %{_lib} to %{_libdir}
2013-02-12 09:42:54 +01:00
19725a9954
fix bogus day names in changelog dates
2013-02-08 15:44:40 +01:00
cab7f53408
6.1p1-5 + 0.9.3-3
2013-02-08 14:56:47 +01:00
5bc906c19a
change default value of MaxStartups - CVE-2010-5107 - #908707
2013-02-08 14:32:20 +01:00
87391b7d01
add BuildRequires: perl-podlators
2013-02-07 14:21:38 +01:00
7642de98e4
6.1p1-4 + 0.9.3-3
2012-12-03 17:16:39 +01:00
790103e764
6.1p1-3 + 0.9.3-3
2012-12-03 10:29:07 +01:00
fe661c5cbb
obsolete RequiredAuthentications[12] options
2012-11-30 21:40:22 +01:00
5039c7c85d
reformat several patches after openssh-6.1p1-authenticationmethods.patch
2012-11-30 16:25:51 +01:00
bffd1c2234
replace RequiredAuthentications2 with AuthenticationMethods according to upstream
...
the upstream refused original patch with RequiredAuthentications2, but they came with their own implementation of required authentications,
see https://bugzilla.mindrot.org/show_bug.cgi?id=983 . The new method is more robust and flexible
it will be included in next openssh-6.2 release
2012-11-30 16:23:29 +01:00
ab30b92bd6
fix the man moduli page ( #841065 )
2012-11-06 09:59:17 +01:00
f7f8b483b0
adapt openssh-6.1p1-akc.patch to the upstream version - https://bugzilla.mindrot.org/show_bug.cgi?id=1663
2012-11-05 14:43:22 +01:00
52c8eca4d9
fix gssapi canohost patch ( #863350 )
2012-10-30 11:06:45 +01:00
af2ebf77dc
6.1p1-2 + 0.9.3-3
2012-10-26 17:15:55 +02:00
afd52c4857
drop openssh-5.9p1-sftp-chroot.patch ( #830237 )
2012-10-26 17:04:25 +02:00
470ebd7abc
add SELinux comment to /etc/ssh/sshd_config about SELinux command to modify port ( #861400 )
2012-10-26 16:34:55 +02:00
13cf2478d6
smartcard support is replaced with PKCS#11 support already in 5.4p1 https://bugzilla.mindrot.org/show_bug.cgi?id=1371
2012-10-26 15:42:59 +02:00
1a5c95ee57
drop required chkconfig ( #865498 )
2012-10-12 13:03:26 +02:00
d0630aa358
6.1p1-1 + 0.9.3-3
2012-09-15 13:48:14 +02:00
fd408ed2a5
to run tests use --with check
2012-09-15 13:48:13 +02:00
e58e548a57
don't use /bin and /sbin paths ( #856590 )
2012-09-15 13:48:13 +02:00
581bf30d07
don't use chroot_user_t for chrooted users ( #830237 )
2012-09-15 13:47:45 +02:00
9fe1afc163
rebase to openssh-6.1p1 ( #852651 )
2012-09-15 13:29:49 +02:00
51ca3be245
use DIR: kerberos cache type ( #848228 )
2012-09-15 13:28:23 +02:00
94943d59db
replace scriptlets with systemd macros ( #850249 )
2012-09-15 13:28:01 +02:00
65ba94ef1a
rebase to openssh-6.0p1
...
6.0p1-1 + 0.9.3-2
2012-08-06 21:33:33 +02:00
90e11f338c
5.9p1-26 + 0.9.3-1
2012-08-06 19:42:13 +02:00
5382ccbe9b
handle crypt() returning NULL ( #815993 )
2012-08-06 09:08:52 +02:00
b648890ead
5.9p1-25 + 0.9.3-1
2012-07-27 14:35:43 +02:00
e9620308c8
allow sha256 and sha512 hmacs in the FIPS mode
2012-07-17 21:03:59 +02:00
4f4687ce80
fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent
...
is not running, most probably not exploitable
update pam_ssh_agent_auth to 0.9.3 upstream version
2012-06-22 14:52:35 +02:00
2649d91e06
5.9p1-22 + 0.9.2-32
2012-04-06 21:01:27 +02:00
009f534b09
don't install sshd-keygen.service ( #810419 )
2012-04-06 21:01:06 +02:00
7294a991a2
5.9p1-21 + 0.9.2-32
2012-03-30 20:07:50 +02:00
22f0191d84
5.9p1-20 + 0.9.2-32
2012-03-23 09:16:52 +01:00
Petr Lautrbach
Dennis Gilmore
bach
Tomas Mraz