vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Source Code
GIT

Blame openssh.spec

c10s-sig-hyperscale c10s-sig-hyperscale-2 c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   1076e61bfd453543955ec6579eac1256eb59ec6e
  2.   openssh.spec
Blob History Raw
Tomáš Mráz c9833c 
# Do we want SELinux & Audit
Jan F 6bd5ca 
%if 0%{?!noselinux:1}
Jakub Jelen a0e252 
%global WITH_SELINUX 1
Jan F 6bd5ca 
%else
Jakub Jelen a0e252 
%global WITH_SELINUX 0
Jan F 6bd5ca 
%endif
Tomáš Mráz fc72c2
Jakub Jelen 14c675 
%global _hardened_build 1
Jakub Jelen 14c675
cvsdist f28bf6 
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
Jakub Jelen a0e252 
%global no_gnome_askpass 0
cvsdist f28bf6
cvsdist b46e39 
# Do we want to link against a static libcrypto? (1=yes 0=no)
Jakub Jelen a0e252 
%global static_libcrypto 0
cvsdist b46e39
Cedric Staniewski 95d45c 
# Use GTK3 instead of GTK2 in gnome-ssh-askpass
Cedric Staniewski 95d45c 
%global gtk3 1
cvsdist 3e66bd
cvsdist fe98d8 
# Build position-independent executables (requires toolchain support)?
Jakub Jelen a0e252 
%global pie 1
cvsdist fe98d8
cvsdist 3e66bd 
# Do we want kerberos5 support (1=yes 0=no)
Jakub Jelen a0e252 
%global kerberos5 1
cvsdist 8264e7
Tomáš Mráz c9833c 
# Do we want libedit support
Jakub Jelen a0e252 
%global libedit 1
Tomáš Mráz c9833c
Tomáš Mráz e47cb0 
# Whether to build pam_ssh_agent_auth
Jan F 6bd5ca 
%if 0%{?!nopam:1}
Jakub Jelen a0e252 
%global pam_ssh_agent 1
Jan F 6bd5ca 
%else
Jakub Jelen a0e252 
%global pam_ssh_agent 0
Jan F 6bd5ca 
%endif
Tomáš Mráz e47cb0
cvsdist 43f95f 
# Reserve options to override askpass settings with:
cvsdist 43f95f 
# rpm -ba|--rebuild --define 'skip_xxx 1'
Jan F. Chadima b8bdc7 
%{?skip_gnome_askpass:%global no_gnome_askpass 1}
cvsdist 43f95f
cvsdist ffdec5 
# Add option to build without GTK2 for older platforms with only GTK+.
Nalin Dahyabhai 389c43 
# Red Hat Linux <= 7.2 and Red Hat Advanced Server 2.1 are examples.
Cedric Staniewski 95d45c 
# rpm -ba|--rebuild --define 'no_gtk3 1'
Cedric Staniewski 95d45c 
%{?no_gtk3:%global gtk3 0}
cvsdist ffdec5
cvsdist b46e39 
# Options for static OpenSSL link:
cvsdist b46e39 
# rpm -ba|--rebuild --define "static_openssl 1"
Jan F. Chadima b8bdc7 
%{?static_openssl:%global static_libcrypto 1}
cvsdist b46e39
Jan F. Chadima 04cab1 
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
Dmitry Belyavskiy 03150f 
%global openssh_ver 9.0p1
Dusty Mabe 1076e6 
%global openssh_rel 12
Jakub Jelen 3783a5 
%global pam_ssh_agent_ver 0.10.4
Dmitry Belyavskiy 03150f 
%global pam_ssh_agent_rel 7
Tomáš Mráz e47cb0
Jakub Jelen 970a41 
Summary: An open source implementation of SSH protocol version 2
cvsdist f71077 
Name: openssh
Jakub Jelen aa8fb3 
Version: %{openssh_ver}
Fedora Release Engineering cc56e8 
Release: %{openssh_rel}%{?dist}.1
cvsdist f71077 
URL: http://www.openssh.com/portable.html
Jakub Jelen 3783a5 
#URL1: https://github.com/jbeverly/pam_ssh_agent_auth/
Petr Lautrbach 190035 
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
Jakub Jelen 3cd489 
Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
Tomáš Mráz ca47f6 
Source2: sshd.pam
Jakub Jelen 25c16c 
Source3: gpgkey-736060BA.gpg
Jakub Jelen 3783a5 
Source4: https://github.com/jbeverly/pam_ssh_agent_auth/archive/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.gz
Tomáš Mráz e47cb0 
Source5: pam_ssh_agent-rmheaders
Jan F 99f427 
Source6: ssh-keycat.pam
Jan F 11896a 
Source7: sshd.sysconfig
Jan F 5c8b5c 
Source9: sshd@.service
Jan F 5c8b5c 
Source10: sshd.socket
Jan F 53f618 
Source11: sshd.service
Jakub Jelen 00c7b7 
Source12: sshd-keygen@.service
Jan F 5c8b5c 
Source13: sshd-keygen
Jakub Jelen 5489ac 
Source15: sshd-keygen.target
Rex Dieter 5f230a 
Source16: ssh-agent.service
Anthony Rabbito 941789 
Source17: ssh-agent.socket
Anthony Rabbito 941789 
Source19: openssh-server-systemd-sysusers.conf
Dusty Mabe 08d842 
Source20: ssh-host-keys-migration.sh
Dusty Mabe 08d842 
Source21: ssh-host-keys-migration.service
Jan F. Chadima 6fa4d8
Jakub Jelen 1144ae 
#https://bugzilla.mindrot.org/show_bug.cgi?id=2581
Jakub Jelen 580f98 
Patch100: openssh-6.7p1-coverity.patch
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Petr Lautrbach 720cf8 
# https://bugzilla.redhat.com/show_bug.cgi?id=1171248
Petr Lautrbach 720cf8 
# record pfs= field in CRYPTO_SESSION audit event
Jakub Jelen 5b55d0 
Patch200: openssh-7.6p1-audit.patch
Jakub Jelen 44fc97 
# Audit race condition in forked child (#1310684)
Jakub Jelen 44fc97 
Patch201: openssh-7.1p2-audit-race-condition.patch
Norbert Pocs ebc2a7 
# https://bugzilla.redhat.com/show_bug.cgi?id=2049947
Norbert Pocs ebc2a7 
Patch202: openssh-9.0p1-audit-log.patch
Jan F. Chadima 69dd72
Jan F 003cb0 
# --- pam_ssh-agent ---
Tomas Mraz 4f4687 
# make it build reusing the openssh sources
Tomas Mraz 4f4687 
Patch300: pam_ssh_agent_auth-0.9.3-build.patch
Tomas Mraz 4f4687 
# check return value of seteuid()
Jakub Jelen 465b6e 
# https://sourceforge.net/p/pamsshagentauth/bugs/23/
Jakub Jelen 465b6e 
Patch301: pam_ssh_agent_auth-0.10.3-seteuid.patch
Tomas Mraz 4f4687 
# explicitly make pam callbacks visible
Tomas Mraz 4f4687 
Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
Jakub Jelen 637556 
# update to current version of agent structure
Jakub Jelen 637556 
Patch305: pam_ssh_agent_auth-0.9.3-agent_structure.patch
Jakub Jelen 87ab5f 
# remove prefixes to be able to build against current openssh library
Jakub Jelen 87ab5f 
Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
Jakub Jelen ea9421 
# Fix NULL dereference from getpwuid() return value
Jakub Jelen ea9421 
# https://sourceforge.net/p/pamsshagentauth/bugs/22/
Jakub Jelen ea9421 
Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
Dmitry Belyavskiy 9fd698 
# https://bugzilla.redhat.com/show_bug.cgi?id=2070113
Dmitry Belyavskiy 9fd698 
Patch308: pam_ssh_agent_auth-0.10.4-rsasha2.patch
Jakub Jelen 637556
Jan F 0f7ccb 
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
Jakub Jelen bbf61d 
Patch400: openssh-7.8p1-role-mls.patch
Petr Lautrbach cd5891 
#https://bugzilla.redhat.com/show_bug.cgi?id=781634
Petr Lautrbach 94c6f8 
Patch404: openssh-6.6p1-privsep-selinux.patch
Jan F 8fe150 
#?
Petr Lautrbach 94c6f8 
Patch502: openssh-6.6p1-keycat.patch
Jan F. Chadima 69dd72
Jakub Jelen 87ab5f 
#https://bugzilla.mindrot.org/show_bug.cgi?id=1644
Petr Lautrbach 94c6f8 
Patch601: openssh-6.6p1-allow-ip-opts.patch
Jakub Jelen 1144ae 
#(drop?) https://bugzilla.mindrot.org/show_bug.cgi?id=1925
Jan F. Chadima 69dd72 
Patch606: openssh-5.9p1-ipv6man.patch
Jan F 1ddd0e 
#?
Petr Lautrbach 8b5fee 
Patch607: openssh-5.8p2-sigpipe.patch
Jan F. Chadima 69dd72 
#https://bugzilla.mindrot.org/show_bug.cgi?id=1789
Jakub Jelen f28682 
Patch609: openssh-7.2p2-x11.patch
Jan F. Chadima 69dd72
Jan F 003cb0 
#?
Jakub Jelen 44e203 
Patch700: openssh-7.7p1-fips.patch
Jan F 003cb0 
#?
Jan F. Chadima 69dd72 
Patch702: openssh-5.1p1-askpass-progress.patch
Jakub Jelen 1144ae 
#https://bugzilla.redhat.com/show_bug.cgi?id=198332
Jan F. Chadima 69dd72 
Patch703: openssh-4.3p2-askpass-grab-info.patch
Jan F. Chadima 69dd72 
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
Jakub Jelen 6c68d6 
Patch707: openssh-7.7p1-redhat.patch
Petr Lautrbach 5bd5aa 
# warn users for unsupported UsePAM=no (#757545)
Jakub Jelen bbf61d 
Patch711: openssh-7.8p1-UsePAM-warning.patch
Tomas Mraz 6148ab 
# make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL
Petr Lautrbach 84822b 
Patch712: openssh-6.3p1-ctr-evp-fast.patch
Petr Lautrbach 5382cc
Jakub Jelen b6df6b 
# GSSAPI Key Exchange (RFC 4462 + RFC 8732)
Jakub Jelen def1de 
# from https://github.com/openssh-gsskex/openssh-gsskex/tree/fedora/master
Jakub Jelen def1de 
Patch800: openssh-8.0p1-gssapi-keyex.patch
Jan F 5b4ccb 
#http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
Petr Lautrbach 94c6f8 
Patch801: openssh-6.6p1-force_krb.patch
Petr Lautrbach 140e5c 
# add new option GSSAPIEnablek5users and disable using ~/.k5users by default (#1169843)
Petr Lautrbach 140e5c 
# CVE-2014-9278
Petr Lautrbach 140e5c 
Patch802: openssh-6.6p1-GSSAPIEnablek5users.patch
Jakub Jelen 117678 
# Improve ccache handling in openssh (#991186, #1199363, #1566494)
Jakub Jelen 117678 
# https://bugzilla.mindrot.org/show_bug.cgi?id=2775
Jakub Jelen 117678 
Patch804: openssh-7.7p1-gssapi-new-unique.patch
Jakub Jelen d78d34 
# Respect k5login_directory option in krk5.conf (#1328243)
Jakub Jelen d78d34 
Patch805: openssh-7.2p2-k5login_directory.patch
Jakub Jelen d9d957
Jakub Jelen def1de
Jan F. Chadima 69dd72 
#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
Petr Lautrbach 94c6f8 
Patch901: openssh-6.6p1-kuserok.patch
Petr Lautrbach 96df3b 
# Use tty allocation for a remote scp (#985650)
Petr Lautrbach 96df3b 
Patch906: openssh-6.4p1-fromto-remote.patch
Petr Lautrbach 5296a7 
# privsep_preauth: use SELinux context from selinux-policy (#1008580)
Petr Lautrbach 5296a7 
Patch916: openssh-6.6.1p1-selinux-contexts.patch
Jakub Jelen b92d3c 
# log via monitor in chroots without /dev/log (#2681)
Petr Lautrbach 7a7b8f 
Patch918: openssh-6.6.1p1-log-in-chroot.patch
Jakub Jelen fd06d6 
# scp file into non-existing directory (#1142223)
Jakub Jelen fd06d6 
Patch919: openssh-6.6.1p1-scp-non-existing-directory.patch
Jakub Jelen b552eb 
# apply upstream patch and make sshd -T more consistent (#1187521)
Jakub Jelen 0a076e 
Patch922: openssh-6.8p1-sshdT-output.patch
Jakub Jelen 558fb7 
# Add sftp option to force mode of created files (#1191055)
Jakub Jelen 558fb7 
Patch926: openssh-6.7p1-sftp-force-permission.patch
Jakub Jelen 986497 
# make s390 use /dev/ crypto devices -- ignore closefrom
Jakub Jelen 986497 
Patch939: openssh-7.2p2-s390-closefrom.patch
Jakub Jelen 162941 
# Move MAX_DISPLAYS to a configuration option (#1341302)
Jakub Jelen 162941 
Patch944: openssh-7.3p1-x11-max-displays.patch
Jakub Jelen 4e7cde 
# Help systemd to track the running service
Jakub Jelen 4e7cde 
Patch948: openssh-7.4p1-systemd.patch
Jakub Jelen 5b55d0 
# Pass inetd flags for SELinux down to openbsd compat level
Jakub Jelen 5b55d0 
Patch949: openssh-7.6p1-cleanup-selinux.patch
Jakub Jelen 5b55d0 
# Sandbox adjustments for s390 and audit
Jakub Jelen 5b55d0 
Patch950: openssh-7.5p1-sandbox.patch
Jakub Jelen 7e9748 
# PKCS#11 URIs (upstream #2817, 2nd iteration)
Jakub Jelen 51f5c1 
# https://github.com/Jakuje/openssh-portable/commits/jjelen-pkcs11
Jakub Jelen 51f5c1 
# git show > ~/devel/fedora/openssh/openssh-8.0p1-pkcs11-uri.patch
Jakub Jelen def1de 
Patch951: openssh-8.0p1-pkcs11-uri.patch
Jakub Jelen 940971 
# Unbreak scp between two IPv6 hosts (#1620333)
Jakub Jelen 940971 
Patch953: openssh-7.8p1-scp-ipv6.patch
Jakub Jelen 6caa97 
# Mention crypto-policies in manual pages (#1668325)
Jakub Jelen 6caa97 
Patch962: openssh-8.0p1-crypto-policies.patch
Jakub Jelen 751cd9 
# Use OpenSSL high-level API to produce and verify signatures (#1707485)
Jakub Jelen 751cd9 
Patch963: openssh-8.0p1-openssl-evp.patch
Jakub Jelen f726e5 
# Use OpenSSL KDF (#1631761)
Jakub Jelen f726e5 
Patch964: openssh-8.0p1-openssl-kdf.patch
Jakub Jelen 51f5c1 
# sk-dummy.so built with -fvisibility=hidden does not work
Jakub Jelen 51f5c1 
Patch965: openssh-8.2p1-visibility.patch
Jakub Jelen 02af5c 
# Do not break X11 without IPv6
Jakub Jelen 02af5c 
Patch966: openssh-8.2p1-x11-without-ipv6.patch
Dmitry Belyavskiy df2698 
# ssh-keygen printing fingerprint issue with Windows keys (#1901518)
Dmitry Belyavskiy df2698 
Patch974: openssh-8.0p1-keygen-strip-doseol.patch
Dmitry Belyavskiy df2698 
# sshd provides PAM an incorrect error code (#1879503)
Dmitry Belyavskiy df2698 
Patch975: openssh-8.0p1-preserve-pam-errors.patch
Dmitry Belyavskiy 03150f
Dmitry Belyavskiy 640f24 
# Implement kill switch for SCP protocol
Dmitry Belyavskiy 640f24 
Patch977: openssh-8.7p1-scp-kill-switch.patch
Dmitry Belyavskiy 03150f
Dmitry Belyavskiy 9fd698 
# Workaround for lack of sftp_realpath in older versions of RHEL
Dmitry Belyavskiy 9fd698 
# https://bugzilla.redhat.com/show_bug.cgi?id=2038854
Dmitry Belyavskiy 9fd698 
# https://github.com/openssh/openssh-portable/pull/299
Dmitry Belyavskiy 9fd698 
# downstream only
Dmitry Belyavskiy 9fd698 
Patch981: openssh-8.7p1-recursive-scp.patch
Dmitry Belyavskiy 9fd698 
# https://github.com/djmdjm/openssh-wip/pull/13
Dmitry Belyavskiy 9fd698 
Patch982: openssh-8.7p1-minrsabits.patch
Dmitry Belyavskiy 9fd698 
# downstream only
Dmitry Belyavskiy 9fd698 
Patch983: openssh-8.7p1-evpgenkey.patch
Dmitry Belyavskiy 9fd698 
# downstream only, IBMCA tentative fix
Dmitry Belyavskiy 9fd698 
# From https://bugzilla.redhat.com/show_bug.cgi?id=1976202#c14
Dmitry Belyavskiy 9fd698 
Patch984: openssh-8.7p1-ibmca.patch
Dmitry Belyavskiy 9fd698
Dmitry Belyavskiy 9fd698 
# Fix for scp clearing file when src and dest are the same (#2056884)
Dmitry Belyavskiy 9fd698 
# upstream commits:
Dmitry Belyavskiy 9fd698 
# 7b1cbcb7599d9f6a3bbad79d412604aa1203b5ee
Dmitry Belyavskiy 9fd698 
Patch1001: openssh-8.7p1-scp-clears-file.patch
Dmitry Belyavskiy 9fd698 
# Add missing options from ssh_config into ssh manpage
Dmitry Belyavskiy 9fd698 
# upstream bug:
Dmitry Belyavskiy 9fd698 
# https://bugzilla.mindrot.org/show_bug.cgi?id=3455
Dmitry Belyavskiy 9fd698 
Patch1002: openssh-8.7p1-ssh-manpage.patch
Dmitry Belyavskiy 9fd698 
# Always return allocated strings from the kex filtering so that we can free them
Dmitry Belyavskiy 9fd698 
# upstream commits:
Dmitry Belyavskiy 9fd698 
# 486c4dc3b83b4b67d663fb0fa62bc24138ec3946
Dmitry Belyavskiy 9fd698 
# 6c31ba10e97b6953c4f325f526f3e846dfea647a
Dmitry Belyavskiy 9fd698 
# 322964f8f2e9c321e77ebae1e4d2cd0ccc5c5a0b
Dmitry Belyavskiy 9fd698 
Patch1003: openssh-8.7p1-mem-leak.patch
Dmitry Belyavskiy 9fd698 
# Reenable MONITOR_REQ_GSSCHECKMIC after gssapi-with-mic failures
Dmitry Belyavskiy 9fd698 
# upstream MR:
Dmitry Belyavskiy 9fd698 
# https://github.com/openssh-gsskex/openssh-gsskex/pull/21
Dmitry Belyavskiy 9fd698 
Patch1004: openssh-8.7p1-gssapi-auth.patch
Dmitry Belyavskiy 03150f
Dmitry Belyavskiy 9fd698 
# Don't propose disallowed algorithms during hostkey negotiation
Dmitry Belyavskiy 9fd698 
# upstream MR:
Dmitry Belyavskiy 9fd698 
# https://github.com/openssh/openssh-portable/pull/323
Dmitry Belyavskiy 9fd698 
Patch1006: openssh-8.7p1-negotiate-supported-algs.patch
Dmitry Belyavskiy 9fd698
Dmitry Belyavskiy 9fd698 
# downstream only
Dmitry Belyavskiy 9fd698 
# we skip some ssh-rsa/ssh-dss tests to make native test suite pass
Dmitry Belyavskiy 03150f 
#Patch1100: openssh-8.8p1-skip-some-tests.patch
Jakub Jelen b552eb
cvsdist 7d7b03 
License: BSD
cvsdist 8264e7 
Requires: /sbin/nologin
cvsdist 8264e7
Bill Nottingham c92dff 
%if ! %{no_gnome_askpass}
Tomáš Mráz ef3242 
BuildRequires: libX11-devel
Cedric Staniewski 95d45c 
%if %{gtk3}
Cedric Staniewski 95d45c 
BuildRequires: gtk3-devel
Bill Nottingham c92dff 
%else
Cedric Staniewski 95d45c 
BuildRequires: gtk2-devel
cvsdist 092b0a 
%endif
Bill Nottingham c92dff 
%endif
Bill Nottingham c92dff
Petr Písař 64a361 
BuildRequires: autoconf, automake, perl-interpreter, perl-generators, zlib-devel
Jan F. Chadima f44bde 
BuildRequires: audit-libs-devel >= 2.0.5
Jan F. Chadima 9e777a 
BuildRequires: util-linux, groff
Tomáš Mráz ef3242 
BuildRequires: pam-devel
Tomáš Mráz d93958 
BuildRequires: openssl-devel >= 0.9.8j
Petr Lautrbach 87391b 
BuildRequires: perl-podlators
Jakub Jelen 6a6c2b 
BuildRequires: systemd-devel
Rex Dieter 5f230a 
BuildRequires: systemd-rpm-macros
Jakub Jelen bd3516 
BuildRequires: gcc make
Jakub Jelen 273086 
BuildRequires: p11-kit-devel
Jakub Jelen 82f942 
BuildRequires: libfido2-devel
Jakub Jelen 273086 
Recommends: p11-kit
Jakub Jelen d8a80c 
Obsoletes: openssh-ldap < 8.3p1-4
Jakub Jelen 1a45c5 
Obsoletes: openssh-cavs < 8.4p1-5
cvsdist 8264e7
cvsdist 3e66bd 
%if %{kerberos5}
Tomáš Mráz ef3242 
BuildRequires: krb5-devel
cvsdist 3e66bd 
%endif
cvsdist 3e66bd
Tomáš Mráz c9833c 
%if %{libedit}
Tomáš Mráz 0a9a40 
BuildRequires: libedit-devel ncurses-devel
Tomáš Mráz c9833c 
%endif
Tomáš Mráz c9833c
Tomáš Mráz fc72c2 
%if %{WITH_SELINUX}
Petr Lautrbach 5296a7 
Requires: libselinux >= 2.3-5
Petr Lautrbach 5296a7 
BuildRequires: libselinux-devel >= 2.3-5
Tomáš Mráz fc72c2 
Requires: audit-libs >= 1.0.8
Tomáš Mráz fc72c2 
BuildRequires: audit-libs >= 1.0.8
Tomáš Mráz fc72c2 
%endif
cvsdist 5ef607
Tomáš Mráz ef3242 
BuildRequires: xauth
Jakub Jelen 3cd489 
# for tarball signature verification
Jakub Jelen 3cd489 
BuildRequires: gnupg2
Tomáš Mráz ef3242
cvsdist f71077 
%package clients
Tomáš Mráz 9e5c6e 
Summary: An open source SSH client applications
Tomas Mraz 13fa78 
Requires: openssh = %{version}-%{release}
Alexander Sosedkin 42b22d 
Requires: crypto-policies >= 20220824-1
cvsdist f71077
cvsdist f71077 
%package server
Tomáš Mráz 9e5c6e 
Summary: An open source SSH server daemon
Tomáš Mráz ef3242 
Requires: openssh = %{version}-%{release}
Tomáš Mráz ef3242 
Requires(pre): /usr/sbin/useradd
Tomáš Mráz 1961bc 
Requires: pam >= 1.0.1-3
Alexander Sosedkin 42b22d 
Requires: crypto-policies >= 20220824-1
Jakub Jelen 0780f3 
%{?systemd_requires}
Jan F 5c8b5c
Jan F 99f427 
%package keycat
Jan F 99f427 
Summary: A mls keycat backend for openssh
Jan F 99f427 
Requires: openssh = %{version}-%{release}
Jan F 99f427
cvsdist f71077 
%package askpass
Tomáš Mráz ef3242 
Summary: A passphrase dialog for OpenSSH and X
cvsdist 328740 
Requires: openssh = %{version}-%{release}
cvsdist f71077
Tomáš Mráz e47cb0 
%package -n pam_ssh_agent_auth
Tomáš Mráz e47cb0 
Summary: PAM module for authentication with ssh-agent
Tomáš Mráz e47cb0 
Version: %{pam_ssh_agent_ver}
Fedora Release Engineering cc56e8 
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}.1
Tomáš Mráz 745155 
License: BSD
Tomáš Mráz e47cb0
cvsdist f71077 
%description
cvsdist 7d7b03 
SSH (Secure SHell) is a program for logging into and executing
cvsdist 7d7b03 
commands on a remote machine. SSH is intended to replace rlogin and
cvsdist 7d7b03 
rsh, and to provide secure encrypted communications between two
cvsdist 7d7b03 
untrusted hosts over an insecure network. X11 connections and
cvsdist f71077 
arbitrary TCP/IP ports can also be forwarded over the secure channel.
cvsdist f71077
cvsdist 7d7b03 
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
Tomáš Mráz 9e5c6e 
it up to date in terms of security and features.
cvsdist f71077
cvsdist f71077 
This package includes the core files necessary for both the OpenSSH
cvsdist 7d7b03 
client and server. To make this package useful, you should also
cvsdist f71077 
install openssh-clients, openssh-server, or both.
cvsdist f71077
cvsdist f71077 
%description clients
cvsdist 7d7b03 
OpenSSH is a free version of SSH (Secure SHell), a program for logging
cvsdist 7d7b03 
into and executing commands on a remote machine. This package includes
cvsdist 7d7b03 
the clients necessary to make encrypted connections to SSH servers.
cvsdist f71077
cvsdist f71077 
%description server
cvsdist 7d7b03 
OpenSSH is a free version of SSH (Secure SHell), a program for logging
cvsdist 7d7b03 
into and executing commands on a remote machine. This package contains
cvsdist 7d7b03 
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
Tomáš Mráz 9e5c6e 
securely connect to your SSH server.
cvsdist f71077
Jan F 99f427 
%description keycat
Jan F 99f427 
OpenSSH mls keycat is backend for using the authorized keys in the
Jan F 99f427 
openssh in the mls mode.
Jan F 99f427
cvsdist f71077 
%description askpass
cvsdist 7d7b03 
OpenSSH is a free version of SSH (Secure SHell), a program for logging
cvsdist 7d7b03 
into and executing commands on a remote machine. This package contains
cvsdist 7d7b03 
an X11 passphrase dialog for OpenSSH.
cvsdist f71077
Tomáš Mráz e47cb0 
%description -n pam_ssh_agent_auth
Tomáš Mráz e47cb0 
This package contains a PAM module which can be used to authenticate
Tomáš Mráz e47cb0 
users using ssh keys stored in a ssh-agent. Through the use of the
Tomáš Mráz e47cb0 
forwarding of ssh-agent connection it also allows to authenticate with
Tomáš Mráz e47cb0 
remote ssh-agent instance.
Tomáš Mráz e47cb0
Tomáš Mráz e47cb0 
The module is most useful for su and sudo service stacks.
Tomáš Mráz e47cb0
cvsdist 43f95f 
%prep
Jakub Jelen 3cd489 
gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
Petr Lautrbach 190035 
%setup -q -a 4
Jan F 5b4ccb
Tomáš Mráz e47cb0 
%if %{pam_ssh_agent}
Jakub Jelen 3783a5 
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
Jakub Jelen 87ab5f 
%patch300 -p2 -b .psaa-build
Jakub Jelen 465b6e 
%patch301 -p2 -b .psaa-seteuid
Jakub Jelen 87ab5f 
%patch302 -p2 -b .psaa-visibility
Jakub Jelen 87ab5f 
%patch306 -p2 -b .psaa-compat
Jakub Jelen 637556 
%patch305 -p2 -b .psaa-agent
Jakub Jelen ea9421 
%patch307 -p2 -b .psaa-deref
Dmitry Belyavskiy 9fd698 
%patch308 -p2 -b .rsasha2
Jakub Jelen 87ab5f 
# Remove duplicate headers and library files
Tomáš Mráz e47cb0 
rm -f $(cat %{SOURCE5})
Tomáš Mráz e47cb0 
popd
Tomáš Mráz e47cb0 
%endif
Jan F. Chadima 69dd72
Petr Lautrbach 65ba94 
%patch400 -p1 -b .role-mls
Petr Lautrbach cd5891 
%patch404 -p1 -b .privsep-selinux
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
%patch502 -p1 -b .keycat
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72 
%patch601 -p1 -b .ip-opts
Jan F. Chadima 69dd72 
%patch606 -p1 -b .ipv6man
Petr Lautrbach 8b5fee 
%patch607 -p1 -b .sigpipe
Petr Lautrbach 86f29c 
%patch609 -p1 -b .x11
Jan F. Chadima 69dd72 
%patch702 -p1 -b .progress
Jan F. Chadima 69dd72 
%patch703 -p1 -b .grab-info
Jan F. Chadima 69dd72 
%patch707 -p1 -b .redhat
Petr Lautrbach 5bd5aa 
%patch711 -p1 -b .log-usepam-no
Tomas Mraz 6148ab 
%patch712 -p1 -b .evp-ctr
Petr Lautrbach 94c6f8 
#
Jan F. Chadima 69dd72 
%patch800 -p1 -b .gsskex
Jan F. Chadima 69dd72 
%patch801 -p1 -b .force_krb
Jakub Jelen d78d34 
%patch804 -p1 -b .ccache_name
Jakub Jelen d78d34 
%patch805 -p1 -b .k5login
Petr Lautrbach 94c6f8 
#
Jan F. Chadima 69dd72 
%patch901 -p1 -b .kuserok
Petr Lautrbach 96df3b 
%patch906 -p1 -b .fromto-remote
Petr Lautrbach 5296a7 
%patch916 -p1 -b .contexts
Petr Lautrbach 7a7b8f 
%patch918 -p1 -b .log-in-chroot
Jakub Jelen fd06d6 
%patch919 -p1 -b .scp
Petr Lautrbach 140e5c 
%patch802 -p1 -b .GSSAPIEnablek5users
Jakub Jelen b552eb 
%patch922 -p1 -b .sshdt
Jakub Jelen 558fb7 
%patch926 -p1 -b .sftp-force-mode
Jakub Jelen 986497 
%patch939 -p1 -b .s390-dev
Jakub Jelen 162941 
%patch944 -p1 -b .x11max
Jakub Jelen 4e7cde 
%patch948 -p1 -b .systemd
Jakub Jelen 5b55d0 
%patch949 -p1 -b .refactor
Jakub Jelen 5b55d0 
%patch950 -p1 -b .sandbox
Jakub Jelen 7e9748 
%patch951 -p1 -b .pkcs11-uri
Jakub Jelen 940971 
%patch953 -p1 -b .scp-ipv6
Jakub Jelen 6caa97 
%patch962 -p1 -b .crypto-policies
Jakub Jelen 751cd9 
%patch963 -p1 -b .openssl-evp
Jakub Jelen f726e5 
%patch964 -p1 -b .openssl-kdf
Jakub Jelen 51f5c1 
%patch965 -p1 -b .visibility
Jakub Jelen 02af5c 
%patch966 -p1 -b .x11-ipv6
Dmitry Belyavskiy df2698 
%patch974 -p1 -b .keygen-strip-doseol
Dmitry Belyavskiy df2698 
%patch975 -p1 -b .preserve-pam-errors
Dmitry Belyavskiy 03150f
Dmitry Belyavskiy 640f24 
%patch977 -p1 -b .kill-scp
Dmitry Belyavskiy 03150f
Dmitry Belyavskiy 9fd698 
%patch981 -p1 -b .scp-sftpdirs
Dmitry Belyavskiy 9fd698 
%patch982 -p1 -b .minrsabits
Dmitry Belyavskiy 9fd698 
%patch983 -p1 -b .evpgenrsa
Dmitry Belyavskiy 9fd698 
%patch984 -p1 -b .ibmca
Nalin Dahyabhai 05c945
Jakub Jelen 12cf3e 
%patch200 -p1 -b .audit
Jakub Jelen 44fc97 
%patch201 -p1 -b .audit-race
Petr Lautrbach 802815 
%patch700 -p1 -b .fips
Petr Lautrbach 5160c9
Dmitry Belyavskiy 9fd698 
%patch1001 -p1 -b .scp-clears-file
Dmitry Belyavskiy 9fd698 
%patch1002 -p1 -b .ssh-manpage
Dmitry Belyavskiy 9fd698 
%patch1003 -p1 -b .mem-leak
Dmitry Belyavskiy 9fd698 
%patch1004 -p1 -b .gssapi-auth
Dmitry Belyavskiy 03150f
Dmitry Belyavskiy 9fd698 
%patch1006 -p1 -b .negotiate-supported-algs
Dmitry Belyavskiy 9fd698
Dmitry Belyavskiy 03150f 
#%patch1100 -p1 -b .skipsshrsadsstests
Dmitry Belyavskiy 9fd698
Jakub Jelen 580f98 
%patch100 -p1 -b .coverity
Petr Lautrbach 163064
Nalin Dahyabhai 8ccaa9 
autoreconf
Jakub Jelen 3783a5 
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
Jan F. Chadima 50a3dd 
autoreconf
Jan F. Chadima 50a3dd 
popd
cvsdist ffdec5
cvsdist 43f95f 
%build
Timm Bäder 2f2c30 
%set_build_flags
Tomas Mraz 4f4687 
# the -fvisibility=hidden is needed for clean build of the pam_ssh_agent_auth
Jakub Jelen 51f5c1 
# it is needed for lib(open)ssh build too since it is linked to the pam module too
Timm Bäder 2f2c30 
CFLAGS="$CFLAGS -fvisibility=hidden"; export CFLAGS
cvsdist fe98d8 
%if %{pie}
Dennis Gilmore 91bdf4 
%ifarch s390 s390x sparc sparcv9 sparc64
Tomáš Mráz e47cb0 
CFLAGS="$CFLAGS -fPIC"
cvsdist 8f8720 
%else
Tomáš Mráz e47cb0 
CFLAGS="$CFLAGS -fpic"
cvsdist 8f8720 
%endif
Tomáš Mráz e47cb0 
SAVE_LDFLAGS="$LDFLAGS"
Jan F 003cb0 
LDFLAGS="$LDFLAGS -pie -z relro -z now"
Jan F 003cb0
Jan F 003cb0 
export CFLAGS
Jan F 003cb0 
export LDFLAGS
Jan F 003cb0
cvsdist fe98d8 
%endif
cvsdist 092b0a 
%if %{kerberos5}
Jan F. Chadima 264029 
if test -r /etc/profile.d/krb5-devel.sh ; then
Jakub Jelen 77f453 
	source /etc/profile.d/krb5-devel.sh
Jan F. Chadima 264029 
fi
cvsdist 092b0a 
krb5_prefix=`krb5-config --prefix`
cvsdist 092b0a 
if test "$krb5_prefix" != "%{_prefix}" ; then
cvsdist 092b0a 
	CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS
cvsdist 092b0a 
	CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"
cvsdist 092b0a 
	LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS
cvsdist 092b0a 
else
cvsdist 092b0a 
	krb5_prefix=
cvsdist 092b0a 
	CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS
cvsdist 092b0a 
	CFLAGS="$CFLAGS -I%{_includedir}/gssapi"
cvsdist 092b0a 
fi
cvsdist 092b0a 
%endif
cvsdist b46e39
cvsdist 43f95f 
%configure \
cvsdist 43f95f 
	--sysconfdir=%{_sysconfdir}/ssh \
cvsdist 43f95f 
	--libexecdir=%{_libexecdir}/openssh \
cvsdist b46e39 
	--datadir=%{_datadir}/openssh \
Jakub Jelen 6c9d99 
	--with-default-path=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin \
Petr Lautrbach e58e54 
	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
Timothée Ravier a88606 
	--with-privsep-path=%{_datadir}/empty.sshd \
Nalin Dahyabhai 8ccaa9 
	--disable-strip \
Tomáš Mráz de2e7a 
	--without-zlib-version-check \
Tomáš Mráz ff6d59 
	--with-ssl-engine \
Jan F. Chadima 39b26b 
	--with-ipaddr-display \
Jakub Jelen 14c675 
	--with-pie=no \
Jakub Jelen 84d3ff 
	--without-hardening `# The hardening flags are configured by system` \
Jakub Jelen 4e7cde 
	--with-systemd \
Jakub Jelen 273086 
	--with-default-pkcs11-provider=yes \
Jakub Jelen 82f942 
	--with-security-key-builtin=yes \
cvsdist 3e66bd 
	--with-pam \
Tomáš Mráz fc72c2 
%if %{WITH_SELINUX}
Jan F. Chadima 28b0dc 
	--with-selinux --with-audit=linux \
Peter Robinson b9846a 
	--with-sandbox=seccomp_filter \
Tomáš Mráz fc72c2 
%endif
cvsdist 3e66bd 
%if %{kerberos5}
Tomáš Mráz c9833c 
	--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
cvsdist 43f95f 
%else
Tomáš Mráz c9833c 
	--without-kerberos5 \
Tomáš Mráz c9833c 
%endif
Tomáš Mráz c9833c 
%if %{libedit}
Petr Lautrbach b61d9c 
	--with-libedit
Tomáš Mráz c9833c 
%else
Petr Lautrbach b61d9c 
	--without-libedit
cvsdist b46e39 
%endif
cvsdist b46e39
cvsdist b46e39 
%if %{static_libcrypto}
cvsdist b46e39 
perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
cvsdist 43f95f 
%endif
cvsdist 43f95f
Jakub Jelen 68460c 
%make_build
cvsdist 43f95f
Cedric Staniewski 95d45c 
# Define a variable to toggle gtk2/gtk3 building.  This is necessary
Jakub Jelen 8ebb99 
# because RPM doesn't handle nested %%if statements.
Cedric Staniewski 95d45c 
%if %{gtk3}
Cedric Staniewski 95d45c 
	gtk3=yes
cvsdist 8264e7 
%else
Cedric Staniewski 95d45c 
	gtk3=no
cvsdist 8264e7 
%endif
cvsdist 8264e7
cvsdist 43f95f 
%if ! %{no_gnome_askpass}
cvsdist 43f95f 
pushd contrib
Cedric Staniewski 95d45c 
if [ $gtk3 = yes ] ; then
Cedric Staniewski 95d45c 
	CFLAGS="$CFLAGS %{?__global_ldflags}" \
Cedric Staniewski 95d45c 
	    make gnome-ssh-askpass3
Cedric Staniewski 95d45c 
	mv gnome-ssh-askpass3 gnome-ssh-askpass
Cedric Staniewski 95d45c 
else
Jakub Jelen 812f08 
	CFLAGS="$CFLAGS %{?__global_ldflags}" \
Jakub Jelen 812f08 
	    make gnome-ssh-askpass2
cvsdist 3e66bd 
	mv gnome-ssh-askpass2 gnome-ssh-askpass
cvsdist 8264e7 
fi
cvsdist 43f95f 
popd
cvsdist 43f95f 
%endif
cvsdist 43f95f
Tomáš Mráz e47cb0 
%if %{pam_ssh_agent}
Jakub Jelen 3783a5 
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
Tomáš Mráz e47cb0 
LDFLAGS="$SAVE_LDFLAGS"
Jakub Jelen eaa7af 
%configure --with-selinux \
Jakub Jelen eaa7af 
	--libexecdir=/%{_libdir}/security \
Jakub Jelen eaa7af 
	--with-mantype=man \
Jakub Jelen eaa7af 
	--without-openssl-header-check `# The check is broken`
Jakub Jelen 68460c 
%make_build
Tomáš Mráz e47cb0 
popd
Tomáš Mráz e47cb0 
%endif
Tomáš Mráz e47cb0
Petr Lautrbach fd408e 
%check
Petr Lautrbach fd408e 
#to run tests use "--with check"
Petr Lautrbach fd408e 
%if %{?_with_check:1}%{!?_with_check:0}
Petr Lautrbach fd408e 
make tests
Petr Lautrbach fd408e 
%endif
Petr Lautrbach fd408e
cvsdist 43f95f 
%install
cvsdist 43f95f 
rm -rf $RPM_BUILD_ROOT
cvsdist 43f95f 
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
Jakub Jelen 645408 
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ssh_config.d
Jakub Jelen 51f5c1 
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh/sshd_config.d
cvsdist 43f95f 
mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
Jakub Jelen 68460c 
%make_install
cvsdist 43f95f
cvsdist 43f95f 
install -d $RPM_BUILD_ROOT/etc/pam.d/
Jan F 11896a 
install -d $RPM_BUILD_ROOT/etc/sysconfig/
cvsdist 43f95f 
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
Tomáš Mráz ca47f6 
install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
Jan F 99f427 
install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat
Jan F 11896a 
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd
Jay W bffeef 
install -m644 ssh_config_redhat $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ssh_config.d/50-redhat.conf
Jay W bffeef 
install -m644 sshd_config_redhat $RPM_BUILD_ROOT%{_sysconfdir}/ssh/sshd_config.d/50-redhat.conf
Jan F 0ecc97 
install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
Petr Lautrbach 678b80 
install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/sshd@.service
Petr Lautrbach 678b80 
install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/sshd.socket
Jan F d470c4 
install -m644 %{SOURCE11} $RPM_BUILD_ROOT/%{_unitdir}/sshd.service
Jakub Jelen 00c7b7 
install -m644 %{SOURCE12} $RPM_BUILD_ROOT/%{_unitdir}/sshd-keygen@.service
Jakub Jelen 5489ac 
install -m644 %{SOURCE15} $RPM_BUILD_ROOT/%{_unitdir}/sshd-keygen.target
Rex Dieter 44aae3 
install -d -m755 $RPM_BUILD_ROOT/%{_userunitdir}
Rex Dieter 9979ff 
install -m644 %{SOURCE16} $RPM_BUILD_ROOT/%{_userunitdir}/ssh-agent.service
Anthony Rabbito 499c2e 
install -m644 %{SOURCE17} $RPM_BUILD_ROOT/%{_userunitdir}/ssh-agent.socket
Jakub Jelen 00c7b7 
install -m744 %{SOURCE13} $RPM_BUILD_ROOT/%{_libexecdir}/openssh/sshd-keygen
Tomáš Mráz f94d8f 
install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/
Tomáš Mráz f94d8f 
install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/
Timothée Ravier a88606 
install -d -m711 ${RPM_BUILD_ROOT}/%{_datadir}/empty.sshd
Anthony Rabbito 499c2e 
install -p -D -m 0644 %{SOURCE19} %{buildroot}%{_sysusersdir}/openssh-server.conf
Dusty Mabe 08d842 
# Migration service/script for Fedora 38 change to remove group ownership for standard host keys
Dusty Mabe 08d842 
# See https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit
Dusty Mabe 08d842 
install -m744 %{SOURCE20} $RPM_BUILD_ROOT/%{_libexecdir}/openssh/ssh-host-keys-migration.sh
Dusty Mabe 08d842 
install -m644 %{SOURCE21} $RPM_BUILD_ROOT/%{_unitdir}/ssh-host-keys-migration.service # enabled in 90-default.preset
Dusty Mabe 1076e6 
install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib
Dusty Mabe 1076e6 
touch $RPM_BUILD_ROOT/%{_localstatedir}/lib/.ssh-host-keys-migration
cvsdist 43f95f
cvsdist 43f95f 
%if ! %{no_gnome_askpass}
Jan F. Chadima 2b67a5 
install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
cvsdist 43f95f 
%endif
cvsdist 43f95f
cvsdist ffdec5 
%if ! %{no_gnome_askpass}
Tomáš Mráz 09d7e6 
ln -s gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
cvsdist b46e39 
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
cvsdist 8264e7 
install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
cvsdist 8264e7 
install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
cvsdist ffdec5 
%endif
cvsdist 43f95f
cvsdist 5ef607 
%if %{no_gnome_askpass}
cvsdist 5ef607 
rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.*
cvsdist 5ef607 
%endif
cvsdist 5ef607
cvsdist 43f95f 
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
cvsdist 43f95f
Tomáš Mráz e47cb0 
%if %{pam_ssh_agent}
Jakub Jelen 3783a5 
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
Jakub Jelen 68460c 
%make_install
Tomáš Mráz e47cb0 
popd
Tomáš Mráz e47cb0 
%endif
Luca BRUNO 14d7b8
cvsdist 8264e7 
%pre server
Anthony Rabbito 499c2e 
%sysusers_create_compat %{SOURCE19}
cvsdist 8264e7
cvsdist 43f95f 
%post server
Dusty Mabe 08d842 
if [ $1 -gt 1 ]; then
Dusty Mabe 08d842 
    # In the case of an upgrade (never true on OSTree systems) run the migration
Dusty Mabe 08d842 
    # script for Fedora 38 to remove group ownership for host keys.
Dusty Mabe 08d842 
    %{_libexecdir}/openssh/ssh-host-keys-migration.sh
Dusty Mabe 08d842 
    # Prevent the systemd unit that performs the same service (useful for
Dusty Mabe 08d842 
    # OSTree systems) from running.
Dusty Mabe 08d842 
    touch /var/lib/.ssh-host-keys-migration
Dusty Mabe 08d842 
fi
Petr Lautrbach 678b80 
%systemd_post sshd.service sshd.socket
Jakub Jelen dfeecf 
# Migration scriptlet for Fedora 31 and 32 installations to sshd_config
Jakub Jelen dfeecf 
# drop-in directory (in F32+).
Jakub Jelen dfeecf 
# Do this only if the file generated by anaconda exists, contains our config
Jakub Jelen dfeecf 
# directive and sshd_config contains include directive as shipped in our package
Jakub Jelen dfeecf 
%global sysconfig_anaconda /etc/sysconfig/sshd-permitrootlogin
Jakub Jelen dfeecf 
test -f %{sysconfig_anaconda} && \
Jakub Jelen dfeecf 
  test ! -f /etc/ssh/sshd_config.d/01-permitrootlogin.conf && \
Jakub Jelen dfeecf 
  grep -q '^PERMITROOTLOGIN="-oPermitRootLogin=yes"' %{sysconfig_anaconda} && \
Jakub Jelen dfeecf 
  grep -q '^Include /etc/ssh/sshd_config.d/\*.conf' /etc/ssh/sshd_config && \
Jakub Jelen dfeecf 
  echo "PermitRootLogin yes" >> /etc/ssh/sshd_config.d/25-permitrootlogin.conf && \
Jakub Jelen dfeecf 
  rm %{sysconfig_anaconda} || :
cvsdist 43f95f
cvsdist 43f95f 
%preun server
Petr Lautrbach 678b80 
%systemd_preun sshd.service sshd.socket
Petr Lautrbach 94943d
Petr Lautrbach 94943d 
%postun server
Petr Lautrbach 94943d 
%systemd_postun_with_restart sshd.service
Jan F 5c8b5c
Rex Dieter 5f230a 
%post clients
Rex Dieter 5f230a 
%systemd_user_post ssh-agent.service
Anthony Rabbito 941789 
%systemd_user_post ssh-agent.socket
Rex Dieter 5f230a
Rex Dieter 5f230a 
%preun clients
Rex Dieter 5f230a 
%systemd_user_preun ssh-agent.service
Anthony Rabbito 941789 
%systemd_user_preun ssh-agent.socket
Rex Dieter 5f230a
cvsdist 43f95f 
%files
Tom Callaway e336e3 
%license LICENCE
Jakub Jelen 58ee5c 
%doc CREDITS ChangeLog OVERVIEW PROTOCOL* README README.platform README.privsep README.tun README.dns TODO
cvsdist 43f95f 
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
Petr Lautrbach f9f83a 
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
cvsdist 43f95f 
%attr(0755,root,root) %{_bindir}/ssh-keygen
cvsdist 43f95f 
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
cvsdist 43f95f 
%attr(0755,root,root) %dir %{_libexecdir}/openssh
Dmitry Belyavskiy b61536 
%attr(4555,root,root) %{_libexecdir}/openssh/ssh-keysign
cvsdist 8264e7 
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
cvsdist 43f95f
cvsdist 43f95f 
%files clients
cvsdist 8264e7 
%attr(0755,root,root) %{_bindir}/ssh
cvsdist 43f95f 
%attr(0644,root,root) %{_mandir}/man1/ssh.1*
cvsdist 3e66bd 
%attr(0755,root,root) %{_bindir}/scp
cvsdist 3e66bd 
%attr(0644,root,root) %{_mandir}/man1/scp.1*
cvsdist 43f95f 
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
Jakub Jelen 90ffc3 
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d/
Jakub Jelen 8b7ddf 
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/50-redhat.conf
cvsdist 3e66bd 
%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
Jakub Jelen f26cd8 
%attr(0755,root,root) %{_bindir}/ssh-agent
cvsdist 43f95f 
%attr(0755,root,root) %{_bindir}/ssh-add
cvsdist 43f95f 
%attr(0755,root,root) %{_bindir}/ssh-keyscan
cvsdist 43f95f 
%attr(0755,root,root) %{_bindir}/sftp
Tomáš Mráz f94d8f 
%attr(0755,root,root) %{_bindir}/ssh-copy-id
Jan F. Chadima 974c89 
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
Jakub Jelen 51f5c1 
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
cvsdist 43f95f 
%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
cvsdist 43f95f 
%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
cvsdist 43f95f 
%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
cvsdist 43f95f 
%attr(0644,root,root) %{_mandir}/man1/sftp.1*
Tomáš Mráz f94d8f 
%attr(0644,root,root) %{_mandir}/man1/ssh-copy-id.1*
Jan F. Chadima 974c89 
%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
Jakub Jelen 51f5c1 
%attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8*
Rex Dieter 9979ff 
%attr(0644,root,root) %{_userunitdir}/ssh-agent.service
Anthony Rabbito 941789 
%attr(0644,root,root) %{_userunitdir}/ssh-agent.socket
cvsdist 43f95f
cvsdist 43f95f 
%files server
Timothée Ravier a88606 
%dir %attr(0711,root,root) %{_datadir}/empty.sshd
cvsdist 43f95f 
%attr(0755,root,root) %{_sbindir}/sshd
cvsdist 43f95f 
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
Jakub Jelen 00c7b7 
%attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen
cvsdist 8264e7 
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
Tomáš Mráz 93a474 
%attr(0644,root,root) %{_mandir}/man5/moduli.5*
cvsdist 43f95f 
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
cvsdist 43f95f 
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
cvsdist 43f95f 
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
Jakub Jelen 51f5c1 
%dir %attr(0700,root,root) %{_sysconfdir}/ssh/sshd_config.d/
Jakub Jelen 8b7ddf 
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/50-redhat.conf
Tomáš Mráz 5a8f6b 
%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
Jan F 11896a 
%attr(0640,root,root) %config(noreplace) /etc/sysconfig/sshd
Jan F 53f618 
%attr(0644,root,root) %{_unitdir}/sshd.service
Petr Lautrbach 678b80 
%attr(0644,root,root) %{_unitdir}/sshd@.service
Petr Lautrbach 678b80 
%attr(0644,root,root) %{_unitdir}/sshd.socket
Jakub Jelen 00c7b7 
%attr(0644,root,root) %{_unitdir}/sshd-keygen@.service
Jakub Jelen 5489ac 
%attr(0644,root,root) %{_unitdir}/sshd-keygen.target
Luca BRUNO 26c275 
%attr(0644,root,root) %{_sysusersdir}/openssh-server.conf
Dusty Mabe 08d842 
%attr(0644,root,root) %{_unitdir}/ssh-host-keys-migration.service
Dusty Mabe 08d842 
%attr(0744,root,root) %{_libexecdir}/openssh/ssh-host-keys-migration.sh
Dusty Mabe 1076e6 
%ghost %attr(0644,root,root) %{_localstatedir}/lib/.ssh-host-keys-migration
cvsdist 43f95f
Jan F 99f427 
%files keycat
Jan F 825921 
%doc HOWTO.ssh-keycat
Jan F 99f427 
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-keycat
Jan F 99f427 
%attr(0644,root,root) %config(noreplace) /etc/pam.d/ssh-keycat
Jan F 99f427
cvsdist 43f95f 
%if ! %{no_gnome_askpass}
Tomáš Mráz 09d7e6 
%files askpass
Tomáš Mráz b40baa 
%attr(0644,root,root) %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
cvsdist 43f95f 
%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
Tomáš Mráz 09d7e6 
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
cvsdist 43f95f 
%endif
cvsdist 43f95f
Tomáš Mráz e47cb0 
%if %{pam_ssh_agent}
Tomáš Mráz e47cb0 
%files -n pam_ssh_agent_auth
Jakub Jelen 3783a5 
%license pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}/OPENSSH_LICENSE
Petr Lautrbach d2b3b9 
%attr(0755,root,root) %{_libdir}/security/pam_ssh_agent_auth.so
Tomáš Mráz e47cb0 
%attr(0644,root,root) %{_mandir}/man8/pam_ssh_agent_auth.8*
Tomáš Mráz e47cb0 
%endif
Tomáš Mráz e47cb0
cvsdist f71077 
%changelog
Dusty Mabe 1076e6 
* Mon Mar 06 2023 Dusty Mabe <dusty@dustymabe.com> - 9.0p1-12
Dusty Mabe 1076e6 
- Mark /var/lib/.ssh-host-keys-migration as %ghost file
Dusty Mabe 1076e6
Dusty Mabe 08d842 
* Wed Mar 01 2023 Dusty Mabe <dusty@dustymabe.com> - 9.0p1-11
Dusty Mabe 08d842 
- Provide a systemd unit for restoring default host key permissions (rhbz#2172956)
Dusty Mabe 08d842 
- Co-Authored by Timothée Ravier <tim@siosm.fr>
Dusty Mabe 08d842
Dusty Mabe 937ee4 
* Mon Jan 23 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.0p1-10
Dmitry Belyavskiy b61536 
- Restore upstream behaviour and default host key permissions (rhbz#2141272)
Dmitry Belyavskiy b61536
Fedora Release Engineering cc56e8 
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 9.0p1-9.1
Fedora Release Engineering cc56e8 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Fedora Release Engineering cc56e8
Dmitry Belyavskiy c9904c 
* Mon Jan 09 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.0p1-9
Dmitry Belyavskiy c9904c 
- Fix build against updated OpenSSL (rhbz#2158966)
Dmitry Belyavskiy c9904c
Norbert Pocs ebc2a7 
* Mon Oct 24 2022 Norbert Pocs <npocs@redhat.com> - 9.0p1-8
Norbert Pocs ebc2a7 
- Add additional audit logging about ssh key used to login (rhbz#2049947)
Norbert Pocs ebc2a7
Dmitry Belyavskiy f79c12 
* Fri Oct 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.0p1-7
Dmitry Belyavskiy f79c12 
- Check IP opts length (rhbz#1960015)
Dmitry Belyavskiy f79c12
Dmitry Belyavskiy f79c12 
* Wed Oct 5 2022 Anthony Rabbito <hello@anthonyrabbito.com> - 9.0p1-6
Anthony Rabbito 941789 
- Add a socket unit to ssh-agent user unit (rhbz#2125576)
Anthony Rabbito 941789
Dmitry Belyavskiy aa843e 
* Thu Sep 29 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.0p1-5
Dmitry Belyavskiy aa843e 
- RSAMinSize => RequiredRSASize
Dmitry Belyavskiy aa843e
Luca BRUNO 26c275 
* Fri Sep 02 2022 Luca BRUNO <lucab@lucabruno.net> - 9.0p1-4
Luca BRUNO 26c275 
- Move users/groups creation logic to sysusers.d fragments
Luca BRUNO 26c275
Alexander Sosedkin 42b22d 
* Wed Aug 24 2022 Alexander Sosedkin <asosedkin@redhat.com> - 9.0p1-3
Alexander Sosedkin 42b22d 
- State in manpages that HostbasedAcceptedAlgorithms is set by crypto-policies
Alexander Sosedkin 42b22d
Dmitry Belyavskiy 483723 
* Wed Aug 17 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.0p1-2
Dmitry Belyavskiy 483723 
- Port patches from CentOS - RSAMinSize (rhbz#2117264)
Dmitry Belyavskiy 483723
Dmitry Belyavskiy 03150f 
* Thu Aug 11 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.0p1-1 + 0.10.4-7
Dmitry Belyavskiy 03150f 
- Rebase OpenSSH to 9.0p1 (rhbz#2057466)
Dmitry Belyavskiy 03150f
Dmitry Belyavskiy 9fd698 
* Wed Aug 10 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.8p1-4 + 0.10.4-6
Dmitry Belyavskiy 9fd698 
- Port patches from CentOS (rhbz#2117264)
Dmitry Belyavskiy 9fd698
Luca BRUNO 14d7b8 
* Mon Aug 01 2022 Luca BRUNO <lucab@lucabruno.net> - 8.8p1-3
Luca BRUNO 14d7b8 
- Use allocated static GID for 'ssh_keys' group (rhbz#2104595)
Luca BRUNO 14d7b8
Fedora Release Engineering 5b0725 
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 8.8p1-2.1
Fedora Release Engineering 5b0725 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Fedora Release Engineering 5b0725
Dmitry Belyavskiy ae8256 
* Fri Apr 29 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.8p1-2
Dmitry Belyavskiy ae8256 
- Disable locale forwarding in OpenSSH (#2002739)
Dmitry Belyavskiy ae8256
Fedora Release Engineering 6c5dd8 
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 8.8p1-1.1
Fedora Release Engineering 6c5dd8 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Fedora Release Engineering 6c5dd8
Dmitry Belyavskiy 7b76af 
* Mon Nov 29 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.8p1-1 + 0.10.4-5
Dmitry Belyavskiy 7b76af 
- New upstream release (#2007967)
Dmitry Belyavskiy 7b76af
Dmitry Belyavskiy c5e4c2 
* Wed Sep 29 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-3
Dmitry Belyavskiy c5e4c2 
- CVE-2021-41617 fix (#2008292)
Dmitry Belyavskiy c5e4c2
Dmitry Belyavskiy 640f24 
* Thu Sep 16 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-2
Dmitry Belyavskiy 640f24 
- Use SFTP protocol for scp by default (#2004956)
Dmitry Belyavskiy 640f24
Sahana Prasad 4d585e 
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 8.7p1-1.1
Sahana Prasad 4d585e 
- Rebuilt with OpenSSL 3.0.0
Sahana Prasad 4d585e
Dmitry Belyavskiy b8319d 
* Wed Sep 01 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-1 + 0.10.4-4
Dmitry Belyavskiy b8319d 
- New upstream release (#1995893)
Dmitry Belyavskiy b8319d
Fedora Release Engineering bdde89 
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 8.6p1-5.1
Fedora Release Engineering bdde89 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Fedora Release Engineering bdde89
Dmitry Belyavskiy d761d9 
* Mon Jun 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-5
Dmitry Belyavskiy d761d9 
- restore the blocking mode on standard output (#1942901) - upstream
Dmitry Belyavskiy d761d9
Timm Bäder 2f2c30 
* Tue May 25 2021 Timm Bäder <tbaeder@redhat.com> - 8.6p1-4
Timm Bäder 2f2c30 
- Use %%set_build_flags to set all builds flags
Timm Bäder 2f2c30
Dmitry Belyavskiy fddba5 
* Fri May 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-3
Dmitry Belyavskiy fddba5 
- Hostbased ssh authentication fails if session ID contains a '/' (#1963059)
Dmitry Belyavskiy fddba5
Dmitry Belyavskiy 4d4feb 
* Mon May 10 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-2
Dmitry Belyavskiy 4d4feb 
- restore the blocking mode on standard output (#1942901)
Dmitry Belyavskiy 4d4feb
Dmitry Belyavskiy ac2648 
* Mon Apr 19 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-1 + 0.10.4-3
Dmitry Belyavskiy f32b84 
- New upstream release (#1950819)
Dmitry Belyavskiy df2698 
- ssh-keygen printing fingerprint issue with Windows keys (#1901518)
Dmitry Belyavskiy df2698 
- sshd provides PAM an incorrect error code (#1879503)
Dmitry Belyavskiy f32b84
Rex Dieter 9979ff 
* Tue Mar 09 2021 Rex Dieter <rdieter@fedoraproject.org> - 8.5p1-2
Rex Dieter 9979ff 
- ssh-agent.serivce is user unit (#1761817#27)
Rex Dieter 9979ff
Jakub Jelen 25c16c 
* Wed Mar 03 2021 Jakub Jelen <jjelen@redhat.com> - 8.5p1-1 + 0.10.4-2
Jakub Jelen 25c16c 
- New upstream release (#1934336)
Jakub Jelen 25c16c
Zbigniew Jędrzejewski-Szmek 6e1851 
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 8.4p1-5.2
Zbigniew Jędrzejewski-Szmek 6e1851 
- Rebuilt for updated systemd-rpm-macros
Zbigniew Jędrzejewski-Szmek 6e1851 
  See https://pagure.io/fesco/issue/2583.
Zbigniew Jędrzejewski-Szmek 6e1851
Fedora Release Engineering 7347a7 
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 8.4p1-5.1
Fedora Release Engineering 7347a7 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Fedora Release Engineering 7347a7
Jakub Jelen 106b28 
* Fri Jan 22 2021 Jakub Jelen <jjelen@redhat.com> - 8.4p1-5 + 0.10.4-1
Jakub Jelen 106b28 
- Use /usr/share/empty.sshd instead of /var/empty/sshd
Jakub Jelen 106b28 
- Allow emptu labels in PKCS#11 tokens (#1919007)
Jakub Jelen 106b28 
- Drop openssh-cavs subpackage
Jakub Jelen 106b28
Jakub Jelen 258db0 
* Tue Dec 01 2020 Jakub Jelen <jjelen@redhat.com> - 8.4p1-4 + 0.10.4-1
Jakub Jelen 258db0 
- Remove "PasswordAuthentication yes" from vendor configuration as it is
Jakub Jelen 258db0 
  already default and it might be hard to override.
Jakub Jelen 258db0 
- Fix broken obsoletes for openssh-ldap (#1902084)
Jakub Jelen 258db0
Jakub Jelen 126d27 
* Thu Nov 19 2020 Jakub Jelen <jjelen@redhat.com> - 8.4p1-3 + 0.10.4-1
Jakub Jelen 126d27 
- Unbreak seccomp filter on arm (#1897712)
Jakub Jelen 126d27 
- Add a workaround for Debian's broken OpenSSH (#1881301)
Jakub Jelen 126d27
Jakub Jelen a048fc 
* Tue Oct 06 2020 Jakub Jelen <jjelen@redhat.com> - 8.4p1-2 + 0.10.4-1
Jakub Jelen a048fc 
- Unbreak ssh-copy-id after a release (#1884231)
Jakub Jelen a048fc 
- Remove misleading comment from sysconfig
Jakub Jelen a048fc
Jakub Jelen 7b064e 
* Tue Sep 29 2020 Jakub Jelen <jjelen@redhat.com> - 8.4p1-1 + 0.10.4-1
Jakub Jelen 7b064e 
- New upstream release of OpenSSH and pam_ssh_agent_auth (#1882995)
Jakub Jelen 7b064e
Jakub Jelen 10cdec 
* Fri Aug 21 2020 Jakub Jelen <jjelen@redhat.com> - 8.3p1-4 + 0.10.3-10
Jakub Jelen 10cdec 
- Remove openssh-ldap subpackage (#1871025)
Jakub Jelen 10cdec 
- pkcs11: Do not crash with invalid paths in ssh-agent (#1868996)
Jakub Jelen 10cdec 
- Clarify documentation about sftp-server -m (#1862504)
Jakub Jelen 10cdec
Fedora Release Engineering fccd87 
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 8.3p1-3.1
Fedora Release Engineering fccd87 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Fedora Release Engineering fccd87
Jakub Jelen 996e25 
* Wed Jun 10 2020 Jakub Jelen <jjelen@redhat.com> - 8.3p1-3 + 0.10.3-10
Jakub Jelen 996e25 
- Do not lose PIN when more slots match PKCS#11 URI (#1843372)
Jakub Jelen 996e25 
- Update to new crypto-policies version on server (using sshd_config include)
Jakub Jelen 996e25 
- Move redhat configuraion files to larger number to allow simpler override
Jakub Jelen 996e25 
- Move sshd_config include before any other definitions (#1824913)
Jakub Jelen 996e25
Jakub Jelen 3bd5ce 
* Mon Jun 01 2020 Jakub Jelen <jjelen@redhat.com> - 8.3p1-2 + 0.10.3-10
Jakub Jelen 3bd5ce 
- Fix crash on cleanup (#1842281)
Jakub Jelen 3bd5ce
Jakub Jelen 5cd955 
* Wed May 27 2020 Jakub Jelen <jjelen@redhat.com> - 8.3p1-1 + 0.10.3-10
Jakub Jelen 5cd955 
- New upstream release (#1840503)
Jakub Jelen 5cd955 
- Unbreak corner cases of sshd_config include
Jakub Jelen 5cd955 
- Fix order of gssapi key exchange algorithms
Jakub Jelen 5cd955
Jakub Jelen 4e3553 
* Wed Apr 08 2020 Jakub Jelen <jjelen@redhat.com> - 8.2p1-3 + 0.10.3-9
Jakub Jelen 4e3553 
- Simplify reference to crypto policies in configuration files
Jakub Jelen 4e3553 
- Unbreak gssapi authentication with GSSAPITrustDNS over jump hosts
Jakub Jelen 4e3553 
- Correctly print FIPS mode initialized in debug mode
Jakub Jelen 4e3553 
- Enable SHA2-based GSSAPI key exchange methods (#1666781)
Jakub Jelen 4e3553 
- Do not break X11 forwarding when IPv6 is disabled
Jakub Jelen 4e3553 
- Remove fipscheck dependency as OpenSSH is no longer FIPS module
Jakub Jelen 4e3553 
- Improve documentation about crypto policies defaults in manual pages
Jakub Jelen 4e3553
Jakub Jelen b24175 
* Thu Feb 20 2020 Jakub Jelen <jjelen@redhat.com> - 8.2p1-2 + 0.10.3-9
Jakub Jelen b24175 
- Build against libfido2 to unbreak internal u2f support
Jakub Jelen b24175
Jakub Jelen 51f5c1 
* Mon Feb 17 2020 Jakub Jelen <jjelen@redhat.com> - 8.2p1-1 + 0.10.3-9
Jakub Jelen 51f5c1 
- New upstrem reelase (#1803290)
Jakub Jelen 51f5c1 
- New /etc/ssh/sshd_config.d drop in directory
Jakub Jelen 51f5c1 
- Support for U2F security keys
Jakub Jelen 51f5c1 
- Correctly report invalid key permissions (#1801459)
Jakub Jelen 51f5c1 
- Do not write bogus information on stderr in FIPS mode (#1778224)
Jakub Jelen 51f5c1
Jakub Jelen a2cffc 
* Mon Feb 03 2020 Jakub Jelen <jjelen@redhat.com> - 8.1p1-4 + 0.10.3-8
Jakub Jelen a2cffc 
- Unbreak seccomp filter on ARM (#1796267)
Jakub Jelen a2cffc
Fedora Release Engineering 657d13 
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 8.1p1-3.1
Fedora Release Engineering 657d13 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Fedora Release Engineering 657d13
Jakub Jelen 62361a 
* Wed Nov 27 2019 Jakub Jelen <jjelen@redhat.com> - 8.1p1-3 + 0.10.3-8
Jakub Jelen 62361a 
- Unbreak seccomp filter also on ARM (#1777054)
Jakub Jelen 62361a
Jakub Jelen d26b44 
* Thu Nov 14 2019 Jakub Jelen <jjelen@redhat.com> - 8.1p1-2 + 0.10.3-8
Jakub Jelen d26b44 
- Unbreak seccomp filter with latest glibc (#1771946)
Jakub Jelen d26b44
Jakub Jelen 36fef5 
* Wed Oct 09 2019 Jakub Jelen <jjelen@redhat.com> - 8.1p1-1 + 0.10.3-8
Jakub Jelen 36fef5 
- New upstream release (#1759750)
Jakub Jelen 36fef5
Fedora Release Engineering 0ca161 
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 8.0p1-8.1
Fedora Release Engineering 0ca161 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Fedora Release Engineering 0ca161
Jakub Jelen 73b069 
* Tue Jul 23 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-8 + 0.10.3-7
Jakub Jelen 73b069 
- Use the upstream-accepted version of the PKCS#8 PEM support (#1722285)
Jakub Jelen 73b069
Jakub Jelen 30922f 
* Fri Jul 12 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-7 + 0.10.3-7
Jakub Jelen 30922f 
- Use the environment file under /etc/sysconfig for anaconda configuration (#1722928)
Jakub Jelen 30922f
Jakub Jelen e9bd9a 
* Wed Jul 03 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-6 + 0.10.3-7
Jakub Jelen e9bd9a 
- Provide the entry point for anaconda configuration in service file (#1722928)
Jakub Jelen e9bd9a
Jakub Jelen 36a447 
* Wed Jun 26 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-5 + 0.10.3-7
Jakub Jelen 36a447 
- Disable root password logins (#1722928)
Jakub Jelen 36a447 
- Fix typo in manual pages related to crypto-policies
Jakub Jelen 36a447 
- Fix the gating test to make sure it removes the test user
Jakub Jelen 36a447 
- Cleanu up spec file and get rid of some rpmlint warnings
Jakub Jelen 36a447
Jakub Jelen dad744 
* Mon Jun 17 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-4 + 0.10.3-7
Jakub Jelen dad744 
- Compatibility with ibmca engine for ECC
Jakub Jelen dad744 
- Generate more modern PEM files using new OpenSSL API
Jakub Jelen dad744 
- Provide correct signature types for RSA keys using SHA2 from agent
Jakub Jelen dad744
Jakub Jelen 7f1ad3 
* Mon May 27 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-3 + 0.10.3-7
Jakub Jelen 7f1ad3 
- Remove problematic patch updating cached pw structure
Jakub Jelen 7f1ad3 
- Do not require the labels on the public objects (#1710832)
Jakub Jelen 7f1ad3
Jakub Jelen 53c908 
* Tue May 14 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-2 + 0.10.3-7
Jakub Jelen 53c908 
- Use OpenSSL KDF
Jakub Jelen 53c908 
- Use high-level OpenSSL API for signatures handling
Jakub Jelen 53c908 
- Mention crypto-policies in manual pages instead of hardcoded defaults
Jakub Jelen 53c908 
- Verify in package testsuite that SCP vulnerabilities are fixed
Jakub Jelen 53c908 
- Do not fail in FIPS mode, when unsupported algorithm is listed in configuration
Jakub Jelen 53c908
Jakub Jelen def1de 
* Fri Apr 26 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-1 + 0.10.3-7
Jakub Jelen def1de 
- New upstream release (#1701072)
Jakub Jelen def1de 
- Removed support for VendroPatchLevel configuration option
Jakub Jelen def1de 
- Significant rework of GSSAPI Key Exchange
Jakub Jelen def1de 
- Significant rework of PKCS#11 URI support
Jakub Jelen def1de
Jakub Jelen 91aa3d 
* Mon Mar 11 2019 Jakub Jelen <jjelen@redhat.com> - 7.9p1-5 + 0.10.3.6
Jakub Jelen 91aa3d 
- Fix kerberos cleanup procedures with GSSAPI
Jakub Jelen 91aa3d 
- Update cached passwd structure after PAM authentication
Jakub Jelen 91aa3d 
- Do not fall back to sshd_net_t SELinux context
Jakub Jelen 91aa3d 
- Fix corner cases of PKCS#11 URI implementation
Jakub Jelen 91aa3d 
- Do not negotiate arbitrary primes with DH GEX in FIPS
Jakub Jelen 91aa3d
Jakub Jelen 7295e9 
* Wed Feb 06 2019 Jakub Jelen <jjelen@redhat.com> - 7.9p1-4 + 0.10.3.6
Jakub Jelen 7295e9 
- Log when a client requests an interactive session and only sftp is allowed
Jakub Jelen 7295e9 
- Fix minor issues in ssh-copy-id
Jakub Jelen 7295e9 
- Enclose redhat specific configuration with Match final block
Jakub Jelen 7295e9
Fedora Release Engineering 4e5f61 
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.9p1-3.2
Fedora Release Engineering 4e5f61 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Fedora Release Engineering 4e5f61
Björn Esser 018ac8 
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 7.9p1-3.1
Björn Esser 018ac8 
- Rebuilt for libcrypt.so.2 (#1666033)
Björn Esser 018ac8
Jakub Jelen 311908 
* Mon Jan 14 2019 Jakub Jelen <jjelen@redhat.com> - 7.9p1-3 + 0.10.3.6
Jakub Jelen 311908 
- Backport Match final to unbreak canonicalization with crypto-policies (#1630166)
Jakub Jelen 311908 
- gsskex: Dump correct option
Jakub Jelen 311908 
- Backport several fixes from 7_9 branch, mostly related to certificate authentication (#1665611)
Jakub Jelen 311908 
- Backport patch for CVE-2018-20685 (#1665786)
Jakub Jelen 311908 
- Correctly initialize ECDSA key structures from PKCS#11
Jakub Jelen 311908
Jakub Jelen a4c0a2 
* Wed Nov 14 2018 Jakub Jelen <jjelen@redhat.com> - 7.9p1-2 + 0.10.3-6
Jakub Jelen a4c0a2 
- Fix LDAP configure test (#1642414)
Jakub Jelen a4c0a2 
- Avoid segfault on kerberos authentication failure
Jakub Jelen a4c0a2 
- Reference correct file in configuration example (#1643274)
Jakub Jelen a4c0a2 
- Dump missing GSSAPI configuration options
Jakub Jelen a4c0a2 
- Allow to disable RSA signatures with SHA-1
Jakub Jelen a4c0a2
Jakub Jelen 9f2c8b 
* Fri Oct 19 2018 Jakub Jelen <jjelen@redhat.com> - 7.9p1-1 + 0.10.3-6
Jakub Jelen 9f2c8b 
- New upstream release OpenSSH 7.9p1 (#1632902, #1630166)
Jakub Jelen 9f2c8b 
- Honor GSSAPIServerIdentity option for GSSAPI key exchange
Jakub Jelen 9f2c8b 
- Do not break gsssapi-keyex authentication method when specified in
Jakub Jelen 9f2c8b 
  AuthenticationMethods
Jakub Jelen 9f2c8b 
- Follow the system-wide PATH settings (#1633756)
Jakub Jelen 9f2c8b 
- Address some coverity issues
Jakub Jelen 9f2c8b
Jakub Jelen 97ee52 
* Mon Sep 24 2018 Jakub Jelen <jjelen@redhat.com> - 7.8p1-3 + 0.10.3-5
Jakub Jelen 97ee52 
- Disable OpenSSH hardening flags and use the ones provided by system
Jakub Jelen 97ee52 
- Ignore unknown parts of PKCS#11 URI
Jakub Jelen 97ee52 
- Do not fail with GSSAPI enabled in match blocks (#1580017)
Jakub Jelen 97ee52 
- Fix the segfaulting cavs test (#1628962)
Jakub Jelen 97ee52
Jakub Jelen 8b9448 
* Fri Aug 31 2018 Jakub Jelen <jjelen@redhat.com> - 7.8p1-2 + 0.10.3-5
Jakub Jelen 8b9448 
- New upstream release fixing CVE 2018-15473
Jakub Jelen 8b9448 
- Remove unused patches
Jakub Jelen 8b9448 
- Remove reference to unused enviornment variable SSH_USE_STRONG_RNG
Jakub Jelen 8b9448 
- Address coverity issues
Jakub Jelen 8b9448 
- Unbreak scp between two IPv6 hosts
Jakub Jelen 8b9448 
- Unbreak GSSAPI key exchange (#1624344)
Jakub Jelen 8b9448 
- Unbreak rekeying with GSSAPI key exchange (#1624344)
Jakub Jelen 8b9448
Jakub Jelen 01ba76 
* Thu Aug 09 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-6 + 0.10.3-4
Jakub Jelen 01ba76 
- Fix listing of kex algoritms in FIPS mode
Jakub Jelen 01ba76 
- Allow aes-gcm cipher modes in FIPS mode
Jakub Jelen 01ba76 
- Coverity fixes
Jakub Jelen 01ba76
Fedora Release Engineering 600d40 
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.7p1-5.1
Fedora Release Engineering 600d40 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Fedora Release Engineering 600d40
Jakub Jelen e1d855 
* Tue Jul 03 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-5 + 0.10.3-4
Jakub Jelen e1d855 
- Disable manual printing of motd by default (#1591381)
Jakub Jelen e1d855
Jakub Jelen 62f173 
* Wed Jun 27 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-4 + 0.10.3-4
Jakub Jelen 62f173 
- Better handling of kerberos tickets storage (#1566494)
Jakub Jelen 62f173 
- Add pam_motd to pam stack (#1591381)
Jakub Jelen 62f173
Jakub Jelen 04ca5e 
* Mon Apr 16 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-3 + 0.10.3-4
Jakub Jelen 04ca5e 
- Fix tun devices and other issues fixed after release upstream (#1567775)
Jakub Jelen 04ca5e
Jakub Jelen 836590 
* Thu Apr 12 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-2 + 0.10.3-4
Jakub Jelen 836590 
- Do not break quotes parsing in configuration file (#1566295)
Jakub Jelen 836590
Jakub Jelen b0815c 
* Wed Apr 04 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-1 + 0.10.3-4
Jakub Jelen b0815c 
- New upstream release (#1563223)
Jakub Jelen b0815c 
- Add support for ECDSA keys in PKCS#11 (#1354510)
Jakub Jelen b0815c 
- Add support for PKCS#11 URIs
Jakub Jelen b0815c
Jakub Jelen cbb6ca 
* Tue Mar 06 2018 Jakub Jelen <jjelen@redhat.com> - 7.6p1-7 + 0.10.3-3
Jakub Jelen cbb6ca 
- Require crypto-policies version and new path
Jakub Jelen cbb6ca 
- Remove bogus NSS linking
Jakub Jelen cbb6ca
Fedora Release Engineering 13efdb 
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.6p1-6.1
Fedora Release Engineering 13efdb 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Fedora Release Engineering 13efdb
Jakub Jelen bb4b7b 
* Fri Jan 26 2018 Jakub Jelen <jjelen@redhat.com> - 7.6p1-6 + 0.10.3-3
Jakub Jelen bb4b7b 
- Rebuild for gcc bug on i386 (#1536555)
Jakub Jelen bb4b7b
f61eaa 
* Thu Jan 25 2018 Florian Weimer <fweimer@redhat.com> - 7.6p1-5.2
f61eaa 
- Rebuild to work around gcc bug leading to sshd miscompilation (#1538648)
f61eaa
Björn Esser 427beb 
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 7.6p1-5.1.1
Björn Esser 427beb 
- Rebuilt for switch to libxcrypt
Björn Esser 427beb
Jakub Jelen 4d9727 
* Wed Jan 17 2018 Jakub Jelen <jjelen@redhat.com> - 7.6p1-5 + 0.10.3-3
Jakub Jelen 4d9727 
- Drop support for TCP wrappers (#1530163)
Jakub Jelen 4d9727 
- Do not pass hostnames to audit -- UseDNS is usually disabled (#1534577)
Jakub Jelen 4d9727
Jakub Jelen 871dc3 
* Thu Dec 14 2017 Jakub Jelen <jjelen@redhat.com> - 7.6p1-4 + 0.10.3-3
Jakub Jelen 871dc3 
- Whitelist gettid() syscall in seccomp filter (#1524392)
Jakub Jelen 871dc3
Jakub Jelen 1f2a7f 
* Mon Dec 11 2017 Jakub Jelen <jjelen@redhat.com> - 7.6p1-3 + 0.10.3-3
Jakub Jelen 1f2a7f 
- Do not segfault during audit cleanup (#1524233)
Jakub Jelen 1f2a7f 
- Avoid gcc warnings about uninitialized variables
Jakub Jelen 1f2a7f
Jakub Jelen eef660 
* Wed Nov 22 2017 Jakub Jelen <jjelen@redhat.com> - 7.6p1-2 + 0.10.3-3
Jakub Jelen eef660 
- Do not build everything against libldap
Jakub Jelen eef660 
- Do not segfault for ECC keys in PKCS#11
Jakub Jelen eef660
Jakub Jelen 8fc2fe 
* Thu Oct 19 2017 Jakub Jelen <jjelen@redhat.com> - 7.6p1-1 + 0.10.3-3
Jakub Jelen 8fc2fe 
- New upstream release OpenSSH 7.6
Jakub Jelen 8fc2fe 
- Addressing review remarks for OpenSSL 1.1.0 patch
Jakub Jelen 8fc2fe 
- Fix PermitOpen bug in OpenSSH 7.6
Jakub Jelen 8fc2fe 
- Drop support for ExposeAuthenticationMethods option
Jakub Jelen 8fc2fe
Jakub Jelen 9e46aa 
* Mon Sep 11 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-6 + 0.10.3-2
Jakub Jelen 117678 
- Do not export KRB5CCNAME if the default path is used (#1199363)
Jakub Jelen 9e46aa 
- Add enablement for openssl-ibmca and openssl-ibmpkcs11 (#1477636)
Jakub Jelen 9e46aa 
- Add new GSSAPI kex algorithms with SHA-2, but leave them disabled for now
Jakub Jelen 9e46aa 
- Enforce pam_sepermit for all logins in SSH (#1492313)
Jakub Jelen 9e46aa 
- Remove pam_reauthorize, since it is not needed by cockpit anymore (#1492313)
Jakub Jelen 9e46aa
Jakub Jelen ef66c0 
* Mon Aug 14 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-5 + 0.10.3-2
Jakub Jelen ef66c0 
- Another less-intrusive approach to crypto policy (#1479271)
Jakub Jelen ef66c0
Jakub Jelen fffad0 
* Tue Aug 01 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-4 + 0.10.3-2
Jakub Jelen fffad0 
- Remove SSH-1 subpackage for Fedora 27 (#1474942)
Jakub Jelen 9e46aa 
- Follow system-wide crypto policy in server (#1479271)
Jakub Jelen fffad0
Fedora Release Engineering be108c 
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.5p1-3.1
Fedora Release Engineering be108c 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
Fedora Release Engineering be108c
Jakub Jelen 2ea24b 
* Fri Jun 30 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-2 + 0.10.3-2
Jakub Jelen 2ea24b 
- Sync downstream patches with RHEL (FIPS)
Jakub Jelen 2ea24b 
- Resolve potential issues with OpenSSL 1.1.0 patch
Jakub Jelen 2ea24b
Jakub Jelen 204765 
* Wed Mar 22 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-2 + 0.10.3-2
Jakub Jelen 204765 
- Fix various after-release typos including failed build in s390x (#1434341)
Jakub Jelen 204765 
- Revert chroot magic with SELinux
Jakub Jelen 204765
Jakub Jelen 17b491 
* Mon Mar 20 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-1 + 0.10.3-2
Jakub Jelen 17b491 
- New upstream release
Jakub Jelen 17b491
Jakub Jelen 7b666e 
* Fri Mar 03 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-4 + 0.10.3-1
Jakub Jelen 7b666e 
- Avoid sending the SD_NOTIFY messages from wrong processes (#1427526)
Jakub Jelen 7b666e 
- Address reports by coverity
Jakub Jelen 7b666e
Jakub Jelen ab7f94 
* Mon Feb 20 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-3 + 0.10.3-1
Jakub Jelen ab7f94 
- Properly report errors from included files (#1408558)
Jakub Jelen ab7f94 
- New pam_ssh_agent_auth 0.10.3 release
Jakub Jelen ab7f94 
- Switch to SD_NOTIFY to make systemd happy
Jakub Jelen ab7f94
Jakub Jelen 26cec0 
* Mon Feb 06 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-2 + 0.10.2-5
Jakub Jelen 26cec0 
- Fix ssh-agent cert signing error (#1416584)
Jakub Jelen 26cec0 
- Fix wrong path to crypto policies
Jakub Jelen 26cec0 
- Attempt to resolve issue with systemd
Jakub Jelen 26cec0
Jakub Jelen b19926 
* Tue Jan 03 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-1 + 0.10.2-5
Jakub Jelen b19926 
- New upstream release (#1406204)
Jakub Jelen b19926 
- Cache supported OIDs for GSSAPI key exchange (#1395288)
Jakub Jelen b19926 
- Fix typo causing heap corruption (use-after-free) (#1409433)
Jakub Jelen b19926 
- Prevent hangs with long MOTD
Jakub Jelen b19926
Jakub Jelen d8c2e8 
* Thu Dec 08 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-7 + 0.10.2-4
Jakub Jelen d8c2e8 
- Properly deserialize received RSA certificates in ssh-agent (#1402029)
Jakub Jelen d8c2e8 
- Move MAX_DISPLAYS to a configuration option
Jakub Jelen d8c2e8
Jakub Jelen 7bccf7 
* Wed Nov 16 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-6 + 0.10.2-4
Jakub Jelen 7bccf7 
- GSSAPI requires futex syscall in privsep child (#1395288)
Jakub Jelen 7bccf7
Jakub Jelen 2a8bce 
* Thu Oct 27 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-5 + 0.10.2-4
Jakub Jelen 2a8bce 
- Build against OpenSSL 1.1.0 with compat changes
Jakub Jelen ccf623 
- Recommend crypto-policies
Jakub Jelen ccf623 
- Fix chroot dropping capabilities (#1386755)
Jakub Jelen 2a8bce
Jakub Jelen d924bc 
* Thu Sep 29 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-4 + 0.10.2-4
Jakub Jelen d924bc 
- Fix NULL dereference (#1380297)
Jakub Jelen d924bc 
- Include client Crypto Policy (#1225752)
Jakub Jelen d924bc
Jakub Jelen 0a605f 
* Mon Aug 15 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-3 + 0.10.2-4
Jakub Jelen 0a605f 
- Proper content of included configuration file
Jakub Jelen 0a605f
Jakub Jelen 73953d 
* Tue Aug 09 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-2 + 0.10.2-4
Jakub Jelen 73953d 
- Fix permissions on the include directory (#1365270)
Jakub Jelen 73953d
Jakub Jelen 73953d 
* Tue Aug 02 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-1 + 0.10.2-4
Jakub Jelen a711d3 
- New upstream release (#1362156)
Jakub Jelen a711d3
Jakub Jelen 82bfd1 
* Tue Jul 26 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-11 + 0.10.2-3
Jakub Jelen 82bfd1 
- Remove slogin and sshd-keygen (#1359762)
Jakub Jelen 82bfd1 
- Prevent guest_t from running sudo (#1357860)
Jakub Jelen 82bfd1
Jakub Jelen 9dc741 
* Mon Jul 18 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-10 + 0.10.2-3
Jakub Jelen 9dc741 
- CVE-2016-6210: User enumeration via covert timing channel (#1357443)
Jakub Jelen 9dc741 
- Expose more information about authentication to PAM
Jakub Jelen 9dc741 
- Make closefrom() ignore softlinks to the /dev/ devices on s390
Jakub Jelen 9dc741
Jakub Jelen a49441 
* Fri Jul 01 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-9 + 0.10.2-3
Jakub Jelen a49441 
- Fix wrong detection of UseLogin in server configuration (#1350347)
Jakub Jelen a49441
Jakub Jelen 5a67d5 
* Fri Jun 24 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-8 + 0.10.2-3
Jakub Jelen 5a67d5 
- Enable seccomp filter for MIPS architectures
Jakub Jelen 5a67d5 
- UseLogin=yes is not supported in Fedora
Jakub Jelen 5a67d5 
- SFTP server forced permissions should restore umask
Jakub Jelen 5a67d5 
- pam_ssh_agent_auth: Fix conflict bewteen two getpwuid() calls (#1349551)
Jakub Jelen 5a67d5
Jakub Jelen ba8f38 
* Mon Jun 06 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-7
Jakub Jelen ba8f38 
- Fix regression in certificate-based authentication (#1333498)
Jakub Jelen ba8f38 
- Check for real location of .k5login file (#1328243)
Jakub Jelen ba8f38 
- Fix unchecked dereference in pam_ssh_agent_auth
Jakub Jelen ba8f38 
- Clean up old patches
Jakub Jelen ba8f38 
- Build with seccomp filter on ppc64(le) (#1195065)
Jakub Jelen ba8f38
Jakub Jelen 991b66 
* Fri Apr 29 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-6 + 0.10.2-3
Jakub Jelen 991b66 
- Add legacy sshd-keygen for anaconda (#1331077)
Jakub Jelen 991b66
Jakub Jelen 138056 
* Fri Apr 22 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-5 + 0.10.2-3
Jakub Jelen 138056 
- CVE-2015-8325: ignore PAM environment vars when UseLogin=yes (#1328013)
Jakub Jelen 138056 
- Fix typo in sysconfig/sshd (#1325535)
Jakub Jelen 138056
Jakub Jelen 58d286 
* Fri Apr 15 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-4 + 0.10.2-3
Jakub Jelen 58d286 
- Revise socket activation and services dependencies (#1325535)
Jakub Jelen 58d286 
- Drop unused init script
Jakub Jelen 58d286
Jakub Jelen 32a748 
* Wed Apr 13 2016 Jakub Jelen <jjelen@redhat.com> 7.2p2-3 + 0.10.2-3
Jakub Jelen 32a748 
- Make sshd-keygen comply with packaging guidelines (#1325535)
Jakub Jelen 32a748 
- Soft-deny socket() syscall in seccomp sandbox (#1324493)
Jakub Jelen 32a748 
- Remove *sha1 Kex in FIPS mode (#1324493)
Jakub Jelen 32a748 
- Remove *gcm ciphers in FIPS mode (#1324493)
Jakub Jelen 32a748
Jakub Jelen f7e56a 
* Wed Apr 06 2016 Jakub Jelen <jjelen@redhat.com> 7.2p2-2 + 0.10.2-3
Jakub Jelen f7e56a 
- Fix GSSAPI Key Exchange according to RFC (#1323622)
Jakub Jelen f7e56a 
- Remove init.d/functions dependency from sshd-keygen (#1317722)
Jakub Jelen f7e56a 
- Do not use MD5 in pam_ssh_agent_auth in FIPS mode
Jakub Jelen f7e56a
Jakub Jelen 9163ba 
* Thu Mar 10 2016 Jakub Jelen <jjelen@redhat.com> 7.2p2-1 + 0.10.2-3
Jakub Jelen 9163ba 
- New upstream (security) release (#1316529)
Jakub Jelen 9163ba 
- Clean up audit patch
Jakub Jelen 9163ba
Jakub Jelen 0bdae3 
* Thu Mar 03 2016 Jakub Jelen <jjelen@redhat.com> 7.2p1-2 + 0.10.2-2
Jakub Jelen 0bdae3 
- Restore slogin symlinks to preserve backward compatibility
Jakub Jelen 0bdae3
Jakub Jelen 13073f 
* Mon Feb 29 2016 Jakub Jelen <jjelen@redhat.com> 7.2p1-1 + 0.10.2-2
Jakub Jelen 13073f 
- New upstream release (#1312870)
Jakub Jelen 13073f
Jakub Jelen 46445f 
* Wed Feb 24 2016 Jakub Jelen <jjelen@redhat.com> 7.1p2-4.1 + 0.10.2-1
Jakub Jelen 46445f 
- Fix race condition in auditing events when using multiplexing (#1308295)
Jakub Jelen 46445f 
- Fix X11 forwarding CVE according to upstream
Jakub Jelen 46445f 
- Fix problem when running without privsep (#1303910)
Jakub Jelen 46445f 
- Remove hard glob limit in SFTP
Jakub Jelen 46445f
Fedora Release Engineering b2b837 
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 7.1p2-3.1
Fedora Release Engineering b2b837 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
Fedora Release Engineering b2b837
Jakub Jelen 8ddd3e 
* Sat Jan 30 2016 Jakub Jelen <jjelen@redhat.com> 7.1p2-3 + 0.10.2-1
Jakub Jelen 8ddd3e 
- Fix segfaults with pam_ssh_agent_auth (#1303036)
Jakub Jelen 8ddd3e 
- Silently disable X11 forwarding on problems
Jakub Jelen 8ddd3e 
- Systemd service should be forking to detect immediate failures
Jakub Jelen 8ddd3e
Jakub Jelen 6c2eb5 
* Mon Jan 25 2016 Jakub Jelen <jjelen@redhat.com> 7.1p2-2 + 0.10.2-1
Jakub Jelen 6c2eb5 
- Rebased to recent version of pam_ssh_agent_auth
Jakub Jelen 6c2eb5 
- Upstream fix for CVE-2016-1908
Jakub Jelen 6c2eb5 
- Remove useless defattr
Jakub Jelen 6c2eb5
Jakub Jelen 7bc643 
* Thu Jan 14 2016 Jakub Jelen <jjelen@redhat.com> 7.1p2-1 + 0.9.2-9
Jakub Jelen 7bc643 
- New security upstream release for CVE-2016-0777
Jakub Jelen 7bc643
Jakub Jelen b2191d 
* Tue Jan 12 2016 Jakub Jelen <jjelen@redhat.com> 7.1p1-7 + 0.9.2-8
Jakub Jelen b2191d 
- Change RPM define macros to global according to packaging guidelines
Jakub Jelen b2191d 
- Fix wrong handling of SSH_COPY_ID_LEGACY environment variable
Jakub Jelen b2191d 
- Update ssh-agent and ssh-keysign permissions (#1296724)
Jakub Jelen b2191d 
- Fix few problems with alternative builds without GSSAPI or openSSL
Jakub Jelen b2191d 
- Fix condition to run sshd-keygen
Jakub Jelen b2191d
Jakub Jelen c45d14 
* Fri Dec 18 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-6 + 0.9.2-8
Jakub Jelen c45d14 
- Preserve IUTF8 tty mode flag over ssh connections (#1270248)
Jakub Jelen c45d14 
- Do not require sysconfig file to start service (#1279521)
Jakub Jelen c45d14 
- Update ssh-copy-id to upstream version
Jakub Jelen c45d14 
- GSSAPI Key Exchange documentation improvements
Jakub Jelen c45d14 
- Remove unused patches
Jakub Jelen c45d14
Jakub Jelen ef86a3 
* Wed Nov 04 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-5 + 0.9.2-8
Jakub Jelen ef86a3 
- Do not set user context too many times for root logins (#1269072)
Jakub Jelen ef86a3
Jakub Jelen fa54d5 
* Thu Oct 22 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-4 + 0.9.2-8
Jakub Jelen fa54d5 
- Review SELinux user context handling after authentication (#1269072)
Jakub Jelen fa54d5 
- Handle root logins the same way as other users (#1269072)
Jakub Jelen fa54d5 
- Audit implicit mac, if mac is covered in cipher (#1271694)
Jakub Jelen fa54d5 
- Increase size limit for remote glob over sftp
Jakub Jelen fa54d5
Jakub Jelen a80c27 
* Fri Sep 25 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-3 + 0.9.2-8
Jakub Jelen a80c27 
- Fix FIPS mode for DH kex (#1260253)
Jakub Jelen a80c27 
- Provide full RELRO and PIE form askpass helper (#1264036)
Jakub Jelen a80c27 
- Fix gssapi key exchange on server and client (#1261414)
Jakub Jelen a80c27 
- Allow gss-keyex root login when without-password is set (upstream #2456)
Jakub Jelen a80c27 
- Fix obsolete usage of SELinux constants (#1261496)
Jakub Jelen a80c27
Jakub Jelen 982621 
* Wed Sep 09 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-2 + 0.9.2-8
Jakub Jelen 982621 
- Fix warnings reported by gcc related to keysign and keyAlgorithms
Jakub Jelen 982621
Jakub Jelen 757fec 
* Sat Aug 22 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-1 + 0.9.2-8
Jakub Jelen 757fec 
- New upstream release
Jakub Jelen 757fec
Jakub Jelen ebdae8 
* Wed Aug 19 2015 Jakub Jelen <jjelen@redhat.com> 7.0p1-2 + 0.9.3-7
Jakub Jelen ebdae8 
- Fix problem with DSA keys using pam_ssh_agent_auth (#1251777)
Jakub Jelen ebdae8 
- Add GSSAPIKexAlgorithms option for server and client application
Jakub Jelen ebdae8 
- Possibility to validate legacy systems by more fingerprints (#1249626)
Jakub Jelen ebdae8
Jakub Jelen 18e549 
* Wed Aug 12 2015 Jakub Jelen <jjelen@redhat.com> 7.0p1-1 + 0.9.3-7
Jakub Jelen 3f5513 
- New upstream release (#1252639)
Jakub Jelen 3f5513 
- Fix pam_ssh_agent_auth package (#1251777)
Jakub Jelen 3f5513 
- Security: Use-after-free bug related to PAM support (#1252853)
Jakub Jelen 3f5513 
- Security: Privilege separation weakness related to PAM support (#1252854)
Jakub Jelen 3f5513 
- Security: Incorrectly set TTYs to be world-writable (#1252862)
Jakub Jelen 3f5513
Jakub Jelen 6286d6 
* Tue Jul 28 2015 Jakub Jelen <jjelen@redhat.com> 6.9p1-4 + 0.9.3-6
Jakub Jelen 6286d6 
- Handle terminal control characters in scp progressmeter (#1247204)
Jakub Jelen 6286d6
Jakub Jelen 83bfb1 
* Thu Jul 23 2015 Jakub Jelen <jjelen@redhat.com> 6.9p1-3 + 0.9.3-6
Jakub Jelen 83bfb1 
- CVE-2015-5600: only query each keyboard-interactive device once (#1245971)
Jakub Jelen 83bfb1
Jakub Jelen ca62b6 
* Wed Jul 15 2015 Jakub Jelen <jjelen@redhat.com> 6.9p1-2 + 0.9.3-6
Jakub Jelen ca62b6 
- Enable SECCOMP filter for s390* architecture (#1195065)
Jakub Jelen ca62b6 
- Fix race condition when multiplexing connection (#1242682)
Jakub Jelen ca62b6
Jakub Jelen 187a34 
* Wed Jul 01 2015 Jakub Jelen <jjelen@redhat.com> 6.9p1-1 + 0.9.3-6
Jakub Jelen 187a34 
- New upstream release (#1238253)
Jakub Jelen 187a34 
- Increase limitation number of files which can be listed using glob in sftp
Jakub Jelen 187a34 
- Correctly revert "PermitRootLogin no" option from upstream sources (#89216)
Jakub Jelen 187a34
Jakub Jelen f3002b 
* Wed Jun 24 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-9 + 0.9.3-5
Jakub Jelen f3002b 
- Allow socketcall(SYS_SHUTDOWN) for net_child on ix86 architecture
Jakub Jelen f3002b
b59dd8 
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.8p1-8.1
b59dd8 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
b59dd8
Jakub Jelen 5aa47a 
* Mon Jun 08 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-8 + 0.9.3-5
Jakub Jelen 5aa47a 
- Return stat syscall to seccomp filter (#1228323)
Jakub Jelen 5aa47a
Jakub Jelen f049b3 
* Wed Jun 03 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-7 + 0.9.3-5
Jakub Jelen f049b3 
- Handle pam_ssh_agent_auth memory, buffers and variable sizes (#1225106)
Jakub Jelen f049b3
Jakub Jelen 8a10dc 
* Thu May 28 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-6 + 0.9.3-5
Jakub Jelen 8a10dc 
- Resolve problem with pam_ssh_agent_auth after rebase (#1225106)
Jakub Jelen 8a10dc 
- ssh-copy-id: tcsh doesnt work with multiline strings
Jakub Jelen 8a10dc 
- Fix upstream memory problems
Jakub Jelen 8a10dc 
- Add missing options in testmode output and manual pages
Jakub Jelen 8a10dc 
- Provide LDIF version of LPK schema
Jakub Jelen 8a10dc 
- Document required selinux boolean for working ssh-ldap-helper
Jakub Jelen 8a10dc
Jakub Jelen 775e1b 
* Mon Apr 20 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-5 + 0.9.3-5
Jakub Jelen 775e1b 
- Fix segfault on daemon exit caused by API change (#1213423)
Jakub Jelen 775e1b
Jakub Jelen c51631 
* Thu Apr 02 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-4 + 0.9.3-5
Jakub Jelen c51631 
- Fix audit_end_command to restore ControlPersist function (#1203900)
Jakub Jelen c51631
Jakub Jelen c028ac 
* Tue Mar 31 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-3 + 0.9.3-5
Jakub Jelen c028ac 
- Fixed issue with GSSAPI key exchange (#1207719)
Jakub Jelen c028ac 
- Add pam_namespace to sshd pam stack (based on #1125110)
Jakub Jelen c028ac 
- Remove krb5-config workaround for #1203900
Jakub Jelen c028ac 
- Fix handling SELinux context in MLS systems
Jakub Jelen c028ac 
- Regression: solve sshd segfaults if other instance already running
Jakub Jelen c028ac
Jakub Jelen e5b15a 
* Thu Mar 26 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-2 + 0.9.3-5
Jakub Jelen e5b15a 
- Update audit and gss patches after rebase
Jakub Jelen e5b15a 
- Fix reintroduced upstrem bug #1878
Jakub Jelen e5b15a
Jakub Jelen e3688f 
* Tue Mar 24 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-1 + 0.9.3-5
Jakub Jelen e3688f 
- new upstream release openssh-6.8p1 (#1203245)
Jakub Jelen e3688f 
- Resolve segfault with auditing commands (#1203900)
Jakub Jelen e3688f 
- Workaround krb5-config bug (#1204646)
Jakub Jelen 132f8f
Jakub Jelen 7b82d0 
* Thu Mar 12 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-11 + 0.9.3-4
Jakub Jelen 7b82d0 
- Ability to specify LDAP filter in ldap.conf for ssh-ldap-helper
Jakub Jelen 7b82d0 
- Fix auditing when using combination of ForceCommand and PTY
Jakub Jelen 7b82d0 
- Add sftp option to force mode of created files (from rhel)
Jakub Jelen 7b82d0 
- Fix tmpfiles.d entries to be more consistent (#1196807)
Jakub Jelen 7b82d0
Jakub Jelen 7aa632 
* Mon Mar 02 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-10 + 0.9.3-4
Jakub Jelen 7aa632 
- Add tmpfiles.d entries (#1196807)
Jakub Jelen 7aa632
Jakub Jelen c8b407 
* Fri Feb 27 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-9 + 0.9.3-4
Jakub Jelen c8b407 
- Adjust seccomp filter for primary architectures and solve aarch64 issue (#1197051)
Jakub Jelen c8b407 
- Solve issue with ssh-copy-id and keys without trailing newline (#1093168)
Jakub Jelen c8b407
Jakub Jelen 5f3c83 
* Tue Feb 24 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-8 + 0.9.3-4
Jakub Jelen 5f3c83 
- Add AArch64 support for seccomp_filter sandbox (#1195065)
Jakub Jelen 5f3c83
Jakub Jelen e0f867 
* Mon Feb 23 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-7 + 0.9.3-4
Jakub Jelen e0f867 
- Fix seccomp filter on architectures without getuid32
Jakub Jelen e0f867
Jakub Jelen c13a4b 
* Mon Feb 23 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-6 + 0.9.3-4
Jakub Jelen c13a4b 
- Update seccomp filter to work on i686 architectures (#1194401)
Jakub Jelen c13a4b 
- Fix previous failing build (#1195065)
Jakub Jelen c13a4b
Peter Robinson 74e740 
* Sun Feb 22 2015 Peter Robinson <pbrobinson@fedoraproject.org> 6.7p1-5 + 0.9.3-4
Peter Robinson 74e740 
- Only use seccomp for sandboxing on supported platforms
Peter Robinson 74e740
Jakub Jelen c69452 
* Fri Feb 20 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-4 + 0.9.3-4
Jakub Jelen c69452 
- Move cavs tests into subpackage -cavs (#1194320)
Jakub Jelen c69452
Jakub Jelen 2f5563 
* Wed Feb 18 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-3 + 0.9.3-4
Jakub Jelen 2f5563 
- update coverity patch
Jakub Jelen 2f5563 
- make output of sshd -T more consistent (#1187521)
Jakub Jelen 2f5563 
- enable seccomp for sandboxing instead of rlimit (#1062953)
Jakub Jelen 2f5563 
- update hardening to compile on gcc5
Jakub Jelen 2f5563 
- Add SSH KDF CAVS test driver (#1193045)
Jakub Jelen 2f5563 
- Fix ssh-copy-id on non-sh remote shells (#1045191)
Jakub Jelen 2f5563
Jakub Jelen 6c6416 
* Tue Jan 27 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-2 + 0.9.3-4
Jakub Jelen 6c6416 
- fixed audit patch after rebase
Jakub Jelen 6c6416
Petr Lautrbach 190035 
* Tue Jan 20 2015 Petr Lautrbach <plautrba@redhat.com> 6.7p1-1 + 0.9.3-4
Petr Lautrbach 190035 
- new upstream release openssh-6.7p1
Petr Lautrbach 190035
Jakub Jelen 3ffcb7 
* Thu Jan 15 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-11.1 + 0.9.3-3
Jakub Jelen 2109ab 
- error message if scp when directory doesn't exist (#1142223)
Jakub Jelen 2109ab 
- parsing configuration file values (#1130733)
Jakub Jelen 2109ab 
- documentation in service and socket files for systemd (#1181593)
Jakub Jelen 2109ab 
- updated ldap patch (#981058)
Jakub Jelen 2109ab 
- fixed vendor-patchlevel
Jakub Jelen 2109ab 
- add new option GSSAPIEnablek5users and disable using ~/.k5users by default CVE-2014-9278 (#1170745)
Jakub Jelen 2109ab
Petr Lautrbach 62986c 
* Fri Dec 19 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-10 + 0.9.3-3
Petr Lautrbach 62986c 
- log via monitor in chroots without /dev/log
Petr Lautrbach 62986c
Petr Lautrbach 276c16 
* Wed Dec 03 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-9 + 0.9.3-3
Petr Lautrbach 276c16 
- the .local domain example should be in ssh_config, not in sshd_config
Petr Lautrbach 276c16 
- use different values for DH for Cisco servers (#1026430)
Petr Lautrbach 276c16
Petr Lautrbach 823364 
* Thu Nov 13 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-8 + 0.9.3-3
Petr Lautrbach 823364 
- fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request (#1118005)
Petr Lautrbach 823364
Petr Lautrbach a1e1ac 
* Fri Nov 07 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-7 + 0.9.3-3
Petr Lautrbach a1e1ac 
- correct the calculation of bytes for authctxt->krb5_ccname <ams@corefiling.com> (#1161073)
Petr Lautrbach a1e1ac
Petr Lautrbach 3b7c86 
* Tue Nov 04 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-6 + 0.9.3-3
Petr Lautrbach 3b7c86 
- privsep_preauth: use SELinux context from selinux-policy (#1008580)
Petr Lautrbach 3b7c86 
- change audit trail for unknown users (mindrot#2245)
Petr Lautrbach 3b7c86 
- fix kuserok patch which checked for the existence of .k5login
Petr Lautrbach 3b7c86 
  unconditionally and hence prevented other mechanisms to be used properly
Petr Lautrbach 3b7c86 
- revert the default of KerberosUseKuserok back to yes (#1153076)
Petr Lautrbach 3b7c86 
- ignore SIGXFSZ in postauth monitor (mindrot#2263)
Petr Lautrbach 3b7c86 
- sshd-keygen - don't generate DSA and ED25519 host keys in FIPS mode
Petr Lautrbach 3b7c86
Petr Lautrbach afde9f 
* Mon Sep 08 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-5 + 0.9.3-3
Petr Lautrbach afde9f 
- set a client's address right after a connection is set (mindrot#2257)
Petr Lautrbach afde9f 
- apply RFC3454 stringprep to banners when possible (mindrot#2058)
Petr Lautrbach afde9f 
- don't consider a partial success as a failure (mindrot#2270)
Petr Lautrbach afde9f
Peter Robinson 662c5a 
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.6.1p1-4.1
Peter Robinson 662c5a 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
Peter Robinson 662c5a
Tom Callaway e336e3 
* Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> 6.6.1p1-4 + 0.9.3-3
Tom Callaway e336e3 
- fix license handling (both)
Tom Callaway e336e3
Petr Lautrbach 8ff21c 
* Fri Jul 18 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-3 + 0.9.3-2
Petr Lautrbach 8ff21c 
- standardise on NI_MAXHOST for gethostname() string lengths (#1051490)
Petr Lautrbach 8ff21c
Petr Lautrbach cef0d5 
* Mon Jul 14 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-2 + 0.9.3-2
Petr Lautrbach cef0d5 
- add pam_reauthorize.so to sshd.pam (#1115977)
Petr Lautrbach cef0d5 
- spec file and patches clenup
Petr Lautrbach cef0d5
d1b093 
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.6.1p1-1.1
d1b093 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
d1b093
Petr Lautrbach 5cde9c 
* Tue Jun 03 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-1 + 0.9.3-2
Petr Lautrbach 5cde9c 
- disable the curve25519 KEX when speaking to OpenSSH 6.5 or 6.6
Petr Lautrbach 5cde9c 
- add support for ED25519 keys to sshd-keygen and sshd.sysconfig
Petr Lautrbach 5cde9c 
- drop openssh-server-sysvinit subpackage
Petr Lautrbach 5cde9c 
- slightly change systemd units logic - use sshd-keygen.service (#1066615)
Petr Lautrbach 5cde9c
Petr Lautrbach 94c6f8 
* Tue Jun 03 2014 Petr Lautrbach <plautrba@redhat.com> 6.6p1-1 + 0.9.3-2
Petr Lautrbach 94c6f8 
- new upstream release openssh-6.6p1
Petr Lautrbach 94c6f8
Petr Lautrbach d75575 
* Thu May 15 2014 Petr Lautrbach <plautrba@redhat.com> 6.4p1-4 + 0.9.3-1
Petr Lautrbach d75575 
- use SSH_COPY_ID_LEGACY variable to run ssh-copy-id in the legacy mode
Petr Lautrbach d75575 
- make /etc/ssh/moduli file public (#1043661)
Petr Lautrbach d75575 
- test existence of /etc/ssh/ssh_host_ecdsa_key in sshd-keygen.service
Petr Lautrbach d75575 
- don't clean up gssapi credentials by default (#1055016)
Petr Lautrbach d75575 
- ssh-agent - try CLOCK_BOOTTIME with fallback (#1091992)
Petr Lautrbach d75575 
- prevent a server from skipping SSHFP lookup - CVE-2014-2653 (#1081338)
Petr Lautrbach d75575 
- ignore environment variables with embedded '=' or '\0' characters - CVE-2014-2532
Petr Lautrbach d75575 
  (#1077843)
Petr Lautrbach d75575
Petr Lautrbach 222dd2 
* Wed Dec 11 2013 Petr Lautrbach <plautrba@redhat.com> 6.4p1-3 + 0.9.3-1
Petr Lautrbach 222dd2 
- sshd-keygen - use correct permissions on ecdsa host key (#1023945)
Petr Lautrbach 222dd2 
- use only rsa and ecdsa host keys by default
Petr Lautrbach 222dd2
Petr Lautrbach 89d920 
* Tue Nov 26 2013 Petr Lautrbach <plautrba@redhat.com> 6.4p1-2 + 0.9.3-1
Petr Lautrbach 89d920 
- fix fatal() cleanup in the audit patch (#1029074)
Petr Lautrbach 89d920 
- fix parsing logic of ldap.conf file (#1033662)
Petr Lautrbach 89d920
Petr Lautrbach 09e9ef 
* Fri Nov 08 2013 Petr Lautrbach <plautrba@redhat.com> 6.4p1-1 + 0.9.3-1
Petr Lautrbach 09e9ef 
- new upstream release
Petr Lautrbach 09e9ef
Petr Lautrbach 3ed619 
* Fri Nov 01 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-5 + 0.9.3-7
Petr Lautrbach 3ed619 
- adjust gss kex mechanism to the upstream changes (#1024004)
Petr Lautrbach 3ed619 
- don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> (#1024965)
Petr Lautrbach 3ed619
Petr Lautrbach 7feb96 
* Fri Oct 25 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-4 + 0.9.3-6
Petr Lautrbach 7feb96 
- rebuild with the openssl with the ECC support
Petr Lautrbach 7feb96
Petr Lautrbach a5e23f 
* Thu Oct 24 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-3 + 0.9.3-6
Petr Lautrbach a5e23f 
- don't use SSH_FP_MD5 for fingerprints in FIPS mode
Petr Lautrbach a5e23f
Petr Lautrbach ff7a26 
* Wed Oct 23 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-2 + 0.9.3-6
Petr Lautrbach ff7a26 
- use default_ccache_name from /etc/krb5.conf for a kerberos cache (#991186)
Petr Lautrbach ff7a26 
- increase the size of the Diffie-Hellman groups (#1010607)
Petr Lautrbach ff7a26 
- sshd-keygen to generate ECDSA keys <i.grok@comcast.net> (#1019222)
Petr Lautrbach ff7a26
Petr Lautrbach e40d5d 
* Tue Oct 15 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-1.1 + 0.9.3-6
Petr Lautrbach a92e91 
- new upstream release (#1007769)
Petr Lautrbach a92e91
Petr Lautrbach c33ef5 
* Tue Oct 08 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-9 + 0.9.3-5
Petr Lautrbach c33ef5 
- use dracut-fips package to determine if a FIPS module is installed
Petr Lautrbach c33ef5 
- revert -fips subpackages and hmac files suffixes
Petr Lautrbach c33ef5
Petr Lautrbach f344f8 
* Wed Sep 25 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-8 + 0.9.3-5
Petr Lautrbach f344f8 
- sshd-keygen: generate only RSA keys by default (#1010092)
Petr Lautrbach f344f8 
- use dist tag in suffixes for hmac checksum files
Petr Lautrbach f344f8
Petr Lautrbach eba55f 
* Wed Sep 11 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-7 + 0.9.3-5
Petr Lautrbach eba55f 
- use hmac_suffix for ssh{,d} hmac checksums
Petr Lautrbach eba55f 
- bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A
Petr Lautrbach eba55f 
- automatically restart sshd.service on-failure after 42s interval
Petr Lautrbach eba55f
Petr Lautrbach a19397 
* Thu Aug 29 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-6.1 + 0.9.3-5
Petr Lautrbach f4e927 
- add -fips subpackages that contains the FIPS module files
Petr Lautrbach f4e927
Petr Lautrbach 631ffb 
* Wed Jul 31 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-5 + 0.9.3-5
Petr Lautrbach 631ffb 
- gssapi credentials need to be stored before a pam session opened (#987792)
Petr Lautrbach 631ffb
Petr Lautrbach 115aad 
* Tue Jul 23 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-4 + 0.9.3-5
Petr Lautrbach 115aad 
- don't show Success for EAI_SYSTEM (#985964)
Petr Lautrbach 115aad 
- make sftp's libedit interface marginally multibyte aware (#841771)
Petr Lautrbach 115aad
Petr Lautrbach 66608a 
* Mon Jun 17 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-3 + 0.9.3-5
Petr Lautrbach 66608a 
- move default gssapi cache to /run/user/<uid> (#848228)
Petr Lautrbach 66608a
Petr Lautrbach e99c48 
* Tue May 21 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-2 + 0.9.3-5
Petr Lautrbach e99c48 
- add socket activated sshd units to the package (#963268)
Petr Lautrbach e99c48 
- fix the example in the HOWTO.ldap-keys
Petr Lautrbach e99c48
Petr Lautrbach 21acbc 
* Mon May 20 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-1 + 0.9.3-5
Petr Lautrbach 21acbc 
- new upstream release (#963582)
Petr Lautrbach 21acbc
Petr Lautrbach a92d74 
* Wed Apr 17 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-4 + 0.9.3-4
Petr Lautrbach a92d74 
- don't use export in sysconfig file (#953111)
Petr Lautrbach a92d74
Petr Lautrbach c276d3 
* Tue Apr 16 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-3 + 0.9.3-4
Petr Lautrbach c276d3 
- sshd.service: use KillMode=process (#890376)
Petr Lautrbach c276d3 
- add latest config.{sub,guess} to support aarch64 (#926284)
Petr Lautrbach c276d3
Petr Lautrbach 104278 
* Tue Apr 09 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-2 + 0.9.3-4
Petr Lautrbach 104278 
- keep track of which IndentityFile options were manually supplied and
Petr Lautrbach 104278 
  which were default options, and don't warn if the latter are missing.
Petr Lautrbach 104278 
  (mindrot#2084)
Petr Lautrbach 104278
Petr Lautrbach b6f89a 
* Tue Apr 09 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-1 + 0.9.3-4
Petr Lautrbach b6f89a 
- new upstream release (#924727)
Petr Lautrbach b6f89a
Petr Lautrbach 1b95bc 
* Wed Mar 06 2013 Petr Lautrbach <plautrba@redhat.com> 6.1p1-7 + 0.9.3-3
Petr Lautrbach 1b95bc 
- use SELinux type sshd_net_t for [net] childs (#915085)
Petr Lautrbach 1b95bc
Petr Lautrbach 2a7883 
* Thu Feb 14 2013 Petr Lautrbach <plautrba@redhat.com> 6.1p1-6 + 0.9.3-3
Petr Lautrbach 2a7883 
- fix AuthorizedKeysCommand option
Petr Lautrbach 2a7883
Petr Lautrbach cab7f5 
* Fri Feb 08 2013 Petr Lautrbach <plautrba@redhat.com> 6.1p1-5 + 0.9.3-3
Petr Lautrbach cab7f5 
- change default value of MaxStartups - CVE-2010-5107 (#908707)
Petr Lautrbach cab7f5
Petr Lautrbach 7642de 
* Mon Dec 03 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-4 + 0.9.3-3
Petr Lautrbach 7642de 
- fix segfault in openssh-5.8p2-force_krb.patch (#882541)
Petr Lautrbach 7642de
Petr Lautrbach 790103 
* Mon Dec 03 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-3 + 0.9.3-3
Petr Lautrbach 790103 
- replace RequiredAuthentications2 with AuthenticationMethods based on upstream
Petr Lautrbach 790103 
- obsolete RequiredAuthentications[12] options
Petr Lautrbach 790103 
- fix openssh-6.1p1-privsep-selinux.patch
Petr Lautrbach 790103
Petr Lautrbach af2ebf 
* Fri Oct 26 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-2
Petr Lautrbach af2ebf 
- add SELinux comment to /etc/ssh/sshd_config about SELinux command to modify port (#861400)
Petr Lautrbach af2ebf 
- drop required chkconfig (#865498)
Petr Lautrbach af2ebf 
- drop openssh-5.9p1-sftp-chroot.patch (#830237)
Petr Lautrbach af2ebf
Petr Lautrbach d0630a 
* Sat Sep 15 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-1 + 0.9.3-3
Petr Lautrbach d0630a 
- new upstream release (#852651)
Petr Lautrbach d0630a 
- use DIR: kerberos type cache (#848228)
Petr Lautrbach d0630a 
- don't use chroot_user_t for chrooted users (#830237)
Petr Lautrbach d0630a 
- replace scriptlets with systemd macros (#850249)
Petr Lautrbach d0630a 
- don't use /bin and /sbin paths (#856590)
Petr Lautrbach d0630a
Petr Lautrbach 65ba94 
* Mon Aug 06 2012 Petr Lautrbach <plautrba@redhat.com> 6.0p1-1 + 0.9.3-2
Petr Lautrbach 65ba94 
- new upstream release
Petr Lautrbach 65ba94
Petr Lautrbach 90e11f 
* Mon Aug 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-26 + 0.9.3-1
Petr Lautrbach 90e11f 
- change SELinux context also for root user (#827109)
Petr Lautrbach 90e11f
Petr Lautrbach b64889 
* Fri Jul 27 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-25 + 0.9.3-1
Petr Lautrbach b64889 
- fix various issues in openssh-5.9p1-required-authentications.patch
Petr Lautrbach b64889
Tomas Mraz e96203 
* Tue Jul 17 2012 Tomas Mraz <tmraz@redhat.com> 5.9p1-24 + 0.9.3-1
Tomas Mraz e96203 
- allow sha256 and sha512 hmacs in the FIPS mode
Tomas Mraz e96203
Tomas Mraz 4f4687 
* Fri Jun 22 2012 Tomas Mraz <tmraz@redhat.com> 5.9p1-23 + 0.9.3-1
Tomas Mraz 4f4687 
- fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent
Tomas Mraz 4f4687 
  is not running, most probably not exploitable
Tomas Mraz 4f4687 
- update pam_ssh_agent_auth to 0.9.3 upstream version
Tomas Mraz 4f4687
Petr Lautrbach 2649d9 
* Fri Apr 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-22 + 0.9.2-32
Petr Lautrbach 2649d9 
- don't create RSA1 key in FIPS mode
Petr Lautrbach 2649d9 
- don't install sshd-keygen.service (#810419)
Petr Lautrbach 2649d9
Petr Lautrbach 7294a9 
* Fri Mar 30 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-21 + 0.9.2-32
Petr Lautrbach 7294a9 
- fix various issues in openssh-5.9p1-required-authentications.patch
Petr Lautrbach 7294a9
Petr Lautrbach 22f019 
* Wed Mar 21 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-20 + 0.9.2-32
Petr Lautrbach 22f019 
- Fix dependencies in systemd units, don't enable sshd-keygen.service (#805338)
Petr Lautrbach 22f019
Petr Lautrbach 33e0ac 
* Wed Feb 22 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-19 + 0.9.2-32
Petr Lautrbach 33e0ac 
- Look for x11 forward sockets with AI_ADDRCONFIG flag getaddrinfo (#735889)
Petr Lautrbach 33e0ac
Petr Lautrbach d3ab95 
* Mon Feb 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-18 + 0.9.2-32
Petr Lautrbach d3ab95 
- replace TwoFactorAuth with RequiredAuthentications[12]
Petr Lautrbach d3ab95 
  https://bugzilla.mindrot.org/show_bug.cgi?id=983
Petr Lautrbach d3ab95
Petr Lautrbach 21699d 
* Tue Jan 31 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-17 + 0.9.2-32
Petr Lautrbach 21699d 
- run privsep slave process as the users SELinux context (#781634)
Petr Lautrbach 21699d
Petr Lautrbach 19725a 
* Tue Dec 13 2011 Tomas Mraz <tmraz@redhat.com> 5.9p1-16 + 0.9.2-32
Tomas Mraz 017c65 
- add CAVS test driver for the aes-ctr ciphers
Tomas Mraz 017c65
Petr Lautrbach 19725a 
* Sun Dec 11 2011 Tomas Mraz <tmraz@redhat.com> 5.9p1-15 + 0.9.2-32
Tomas Mraz 6148ab 
- enable aes-ctr ciphers use the EVP engines from OpenSSL such as the AES-NI
Tomas Mraz 6148ab
Petr Lautrbach 2e1287 
* Tue Dec 06 2011 Petr Lautrbach <plautrba@redhat.com> 5.9p1-14 + 0.9.2-32
Petr Lautrbach 2e1287 
- warn about unsupported option UsePAM=no (#757545)
Petr Lautrbach 2e1287
Tomas Mraz 4fc167 
* Mon Nov 21 2011 Tomas Mraz <tmraz@redhat.com> - 5.9p1-13 + 0.9.2-32
Tomas Mraz 4fc167 
- add back the restorecon call to ssh-copy-id - it might be needed on older
Tomas Mraz 4fc167 
  distributions (#739989)
Tomas Mraz 4fc167
Tomas Mraz 17eb10 
* Fri Nov 18 2011 Tomas Mraz <tmraz@redhat.com> - 5.9p1-12 + 0.9.2-32
Tomas Mraz 17eb10 
- still support /etc/sysconfig/sshd loading in sshd service (#754732)
Tomas Mraz 81da99 
- fix incorrect key permissions generated by sshd-keygen script (#754779)
Tomas Mraz 17eb10
Tomas Mraz 0fcb25 
* Fri Oct 14 2011 Tomas Mraz <tmraz@redhat.com> - 5.9p1-11 + 0.9.2-32
Tomas Mraz 0fcb25 
- remove unnecessary requires on initscripts
Tomas Mraz 0fcb25 
- set VerifyHostKeyDNS to ask in the default configuration (#739856)
Tomas Mraz 0fcb25
Jan F. Chadima 28b0dc 
* Mon Sep 19 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-10 + 0.9.2-32
Jan F. Chadima 28b0dc 
- selinux sandbox rewrite
Jan F. Chadima 28b0dc 
- two factor authentication tweaking
Jan F. Chadima 28b0dc
Jan F. Chadima cff1d0 
* Wed Sep 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-9 + 0.9.2-32
Jan F. Chadima cff1d0 
- coverity upgrade
Jan F. Chadima cff1d0 
- wipe off nonfunctional nss
Jan F. Chadima cff1d0 
- selinux sandbox tweaking
Jan F. Chadima cff1d0
Jan F. Chadima c870e6 
* Tue Sep 13 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-8 + 0.9.2-32
Jan F. Chadima c870e6 
- coverity upgrade
Jan F. Chadima c870e6 
- experimental selinux sandbox
Jan F. Chadima c870e6
JFCH c2ea13 
* Tue Sep 13 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-7 + 0.9.2-32
JFCH c2ea13 
- fully reanable auditing
JFCH c2ea13
Jan F. Chadima 1df0cf 
* Mon Sep 12 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-6 + 0.9.2-32
Jan F. Chadima 1df0cf 
- repair signedness in akc patch
Jan F. Chadima 1df0cf
Jan F. Chadima 026db1 
* Mon Sep 12 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-5 + 0.9.2-32
Jan F. Chadima 39b26b 
- temporarily disable part of audit4 patch
Jan F. Chadima 39b26b
Jan F. Chadima ea97ff 
* Fri Sep  9 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-3 + 0.9.2-32
Jan F. Chadima ea97ff 
- Coverity second pass
Jan F. Chadima ea97ff 
- Reenable akc patch
Jan F. Chadima ea97ff
Jan F. Chadima 3b545b 
* Thu Sep  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-2 + 0.9.2-32
Jan F. Chadima 3b545b 
- Coverity first pass
Jan F. Chadima 3b545b
Jan F. Chadima 311e6b 
* Wed Sep  7 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-1 + 0.9.2-32
Jan F. Chadima 311e6b 
- Rebase to 5.9p1
Jan F. Chadima 311e6b 
- Add chroot sftp patch
Jan F. Chadima 311e6b 
- Add two factor auth patch
Jan F. Chadima 311e6b
Jan F. Chadima 19d4c7 
* Tue Aug 23 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-21 + 0.9.2-31
Jan F. Chadima 19d4c7 
- ignore SIGPIPE in ssh keyscan
Jan F. Chadima 19d4c7
Jan F. Chadima 2b67a5 
* Tue Aug  9 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-20 + 0.9.2-31
Jan F. Chadima 2b67a5 
- save ssh-askpass's debuginfo
Jan F. Chadima 2b67a5
Jan F. Chadima 56b50e 
* Mon Aug  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-19 + 0.9.2-31
Jan F. Chadima 56b50e 
- compile ssh-askpass with corect CFLAGS
Jan F. Chadima 56b50e
Jan F. Chadima 54f33f 
* Mon Aug  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-18 + 0.9.2-31
Jan F. Chadima 54f33f 
- improve selinux's change context log
Jan F. Chadima 54f33f
Jan F. Chadima ec3622 
* Mon Aug  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-17 + 0.9.2-31
Jan F. Chadima ec3622 
- repair broken man pages
Jan F. Chadima ec3622
Jan F. Chadima d704ea 
* Mon Jul 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-16 + 0.9.2-31
Jan F. Chadima ec3622 
- rebuild due to broken rpmbiild
Jan F. Chadima d704ea
Jan F. Chadima 294ca7 
* Thu Jul 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-15 + 0.9.2-31
Jan F. Chadima 294ca7 
- Do not change context when run under unconfined_t
Jan F. Chadima 294ca7
Jan F. Chadima d3d340 
* Thu Jul 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-14 + 0.9.2-31
Jan F. Chadima 0d4fd5 
- Add postlogin to pam. (#718807)
Jan F. Chadima 0d4fd5
Jan F. Chadima d56cc3 
* Tue Jun 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-12 + 0.9.2-31
Jan F 5c8b5c 
- Systemd compatibility according to Mathieu Bridon <bochecha@fedoraproject.org>
Jan F 5c8b5c 
- Split out the host keygen into their own command, to ease future migration
Jan F 5c8b5c 
  to systemd. Compatitbility with the init script was kept.
Jan F 5c8b5c 
- Migrate the package to full native systemd unit files, according to the Fedora
Jan F 5c8b5c 
  packaging guidelines.
Jan F 5c8b5c 
- Prepate the unit files for running an ondemand server. (do not add it actually)
Jan F 5c8b5c
Jan F 29b683 
* Tue Jun 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-10 + 0.9.2-31
Jan F 29b683 
- Mention IPv6 usage in man pages
Jan F 29b683
Jan F d3542d 
* Mon Jun 20 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-9 + 0.9.2-31
Jan F ef264f 
- Improve init script
Jan F ef264f
Jan F 6bd5ca 
* Thu Jun 16 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-7 + 0.9.2-31
Jan F 6bd5ca 
- Add possibility to compile openssh without downstream patches
Jan F 6bd5ca
Jan F. Chadima 6a2cfe 
* Thu Jun  9 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-6 + 0.9.2-31
Jan F. Chadima 6a2cfe 
- remove stale control sockets (#706396)
Jan F. Chadima 6a2cfe
Jan F bc60f3 
* Tue May 31 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-5 + 0.9.2-31
Jan F bc60f3 
- improove entropy manuals
Jan F bc60f3
Jan F 0e9135 
* Fri May 27 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-4 + 0.9.2-31
Jan F 0e9135 
- improove entropy handling
Jan F 0e9135 
- concat ldap patches
Jan F 0e9135
Jan F ba32c8 
* Tue May 24 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-3 + 0.9.2-31
Jan F ba32c8 
- improove ldap manuals
Jan F ba32c8
Jan F 5b4ccb 
* Mon May 23 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-2 + 0.9.2-31
Jan F 5b4ccb 
- add gssapi forced command
Jan F 5b4ccb
Jan F 87ae97 
* Tue May  3 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-1 + 0.9.2-31
Jan F c2c99d 
- update the openssh version
Jan F 87ae97
Jan F c0cd66 
* Thu Apr 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-34 + 0.9.2-30
Jan F c0cd66 
- temporarily disabling systemd units
Jan F c0cd66
Jan F 9c4d06 
* Wed Apr 27 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-33 + 0.9.2-30
Jan F 9c4d06 
- add flags AI_V4MAPPED and AI_ADDRCONFIG to getaddrinfo
Jan F 9c4d06
Jan F 6077c7 
* Tue Apr 26 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-32 + 0.9.2-30
Jan F 2cd304 
- update scriptlets
Jan F 2cd304
Jan F 56091f 
* Fri Apr 22 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-30 + 0.9.2-30
Jan F 53f618 
- add systemd units
Jan F 53f618
Jan F 53f618 
* Fri Apr 22 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-28 + 0.9.2-30
Jan F e93cf2 
- improving sshd -> passwd transation
Jan F 0e46f2 
- add template for .local domain to sshd_config
Jan F e93cf2
Jan F 1ddd0e 
* Thu Apr 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-27 + 0.9.2-30
Jan F 1ddd0e 
- the private keys may be 640 root:ssh_keys ssh_keysign is sgid
Jan F 1ddd0e
Jan F c7ffe0 
* Wed Apr 20 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-26 + 0.9.2-30
Jan F c7ffe0 
- improving sshd -> passwd transation
Jan F c7ffe0
Jan F 439c34 
* Tue Apr  5 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-25 + 0.9.2-30
Jan F 8bc65c 
- the intermediate context is set to sshd_sftpd_t
Jan F 8bc65c 
- do not crash in packet.c if no connection
Jan F 8bc65c
Jan F 8a77a1 
* Thu Mar 31 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-24 + 0.9.2-30
Jan F 8a77a1 
- resolve warnings in port_linux.c
Jan F 8a77a1
Jan F 11896a 
* Tue Mar 29 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-23 + 0.9.2-30
Jan F 11896a 
- add /etc/sysconfig/sshd
Jan F 11896a
Jan F 0553df 
* Mon Mar 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-22 + 0.9.2-30
Jan F 0553df 
- improve reseeding and seed source (documentation)
Jan F e6d33e
Jan F 39c7b0 
* Tue Mar 22 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-20 + 0.9.2-30
Jan F 3657ad 
- use /dev/random or /dev/urandom for seeding prng
Jan F 39c7b0 
- improve periodical reseeding of random generator
Jan F 3657ad
Jan F 8fe150 
* Thu Mar 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-18 + 0.9.2-30
Jan F 8fe150 
- add periodical reseeding of random generator
Jan F 8fe150 
- change selinux contex for internal sftp in do_usercontext
Jan F 8fe150 
- exit(0) after sigterm
Jan F 8fe150
Jan F 9404cd 
* Thu Mar 10 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-17 + 0.9.2-30
Jan F 9404cd 
- improove ssh-ldap (documentation)
Jan F 9404cd
Jan F d1fc5c 
* Tue Mar  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-16 + 0.9.2-30
Jan F d1fc5c 
- improve session keys audit
Jan F d1fc5c
Jan F 71d3d9 
* Mon Mar  7 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-15 + 0.9.2-30
Jan F 71d3d9 
- CVE-2010-4755
Jan F 71d3d9
Jan F 825921 
* Fri Mar  4 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-14 + 0.9.2-30
Jan F 9404cd 
- improove ssh-keycat (documentation)
Jan F 825921
Jan F edc172 
* Thu Mar  3 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-13 + 0.9.2-30
Jan F edc172 
- improve audit of logins and auths
Jan F edc172
Jan F 1499a2 
* Tue Mar  1 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-12 + 0.9.2-30
Jan F 1499a2 
- improove ssk-keycat
Jan F 1499a2
Jan F 99f427 
* Mon Feb 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-11 + 0.9.2-30
Jan F 99f427 
- add ssk-keycat
Jan F 99f427
Jan F b93498 
* Fri Feb 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-10 + 0.9.2-30
Jan F b93498 
- reenable auth-keys ldap backend
Jan F b93498
Jan F 48446f 
* Fri Feb 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-9 + 0.9.2-30
Jan F 48446f 
- another audit improovements
Jan F 48446f
Jan F f9ff10 
* Thu Feb 24 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-8 + 0.9.2-30
Jan F 9cefae 
- another audit improovements
Jan F 48446f 
- switchable fingerprint mode
Jan F 9cefae
Jan F 2c1a4a 
* Thu Feb 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-4 + 0.9.2-30
Jan F 48446f 
- improve audit of server key management
Jan F 2c1a4a
Jan F b9127e 
* Wed Feb 16 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-3 + 0.9.2-30
Jan F 483c73 
- improve audit of logins and auths
Jan F 483c73
Jan F 003cb0 
* Mon Feb 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-1 + 0.9.2-30
Jan F 003cb0 
- bump openssh version to 5.8p1
Jan F 003cb0
fa335e 
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.6p1-30.1
fa335e 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
fa335e
Jan F cfb0f3 
* Mon Feb  7 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-30 + 0.9.2-29
Jan F cfb0f3 
- clean the data structures in the non privileged process
Jan F 865391 
- clean the data structures when roaming
Jan F 865391
Petr Lautrbach 19725a 
* Wed Feb  2 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-28 + 0.9.2-29
Jan F 6f9316 
- clean the data structures in the privileged process
Jan F 6f9316
Jan F f00e4a 
* Tue Jan 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-25 + 0.9.2-29
Jan F f00e4a 
- clean the data structures before exit net process
Jan F f00e4a
Jan F af8738 
* Mon Jan 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-24 + 0.9.2-29
Jan F af8738 
- make audit compatible with the fips mode
Jan F af8738
Jan F 92eab1 
* Fri Jan 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-23 + 0.9.2-29
Jan F 92eab1 
- add audit of destruction the server keys
Jan F 92eab1
Jan F 5c20fa 
* Wed Jan 12 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-22 + 0.9.2-29
Jan F 5c20fa 
- add audit of destruction the session keys
Jan F 5c20fa
Jan F. Chadima a7cb7d 
* Fri Dec 10 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-21 + 0.9.2-29
Jan F. Chadima a7cb7d 
- reenable run sshd as non root user
Jan F. Chadima a7cb7d 
- renable rekeying
Jan F. Chadima a7cb7d
Jan F 436639 
* Wed Nov 24 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-20 + 0.9.2-29
Jan F 436639 
- reapair clientloop crash (#627332)
Jan F bb5eb0 
- properly restore euid in case connect to the ssh-agent socket fails
Jan F bb5eb0
Jan F. Chadima d2ed53 
* Mon Nov 22 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-19 + 0.9.2-28
Jan F. Chadima d2ed53 
- striped read permissions from suid and sgid binaries
Jan F. Chadima d2ed53
Jan F 7c53d7 
* Mon Nov 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-18 + 0.9.2-27
Jan F 7c53d7 
- used upstream version of the biguid patch
Jan F 7c53d7
Jan F 82036a 
* Mon Nov 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-17 + 0.9.2-27
Jan F 82036a 
- improoved kuserok patch
Jan F 82036a
Jan F 5daee1 
* Fri Nov  5 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-16 + 0.9.2-27
Jan F 5daee1 
- add auditing the host based key ussage
Jan F 5daee1 
- repait X11 abstract layer socket (#648896)
Jan F 5daee1
Jan F. Chadima f44bde 
* Wed Nov  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-15 + 0.9.2-27
Jan F. Chadima f44bde 
- add auditing the kex result
Jan F. Chadima f44bde
Petr Lautrbach 19725a 
* Tue Nov  2 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-14 + 0.9.2-27
Jan F 0f4c82 
- add auditing the key ussage
Jan F 0f4c82
Petr Lautrbach 19725a 
* Wed Oct 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-12 + 0.9.2-27
Jan F 2d0bc8 
- update gsskex patch (#645389)
Jan F 2d0bc8
Jan F ba25ec 
* Wed Oct 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-11 + 0.9.2-27
Jan F ba25ec 
- rebase linux audit according to upstream
Jan F ba25ec
Jan F. Chadima cf74d5 
* Fri Oct  1 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-10 + 0.9.2-27
Jan F. Chadima cf74d5 
- add missing headers to linux audit
Jan F. Chadima cf74d5
Jan F faae1e 
* Wed Sep 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-9 + 0.9.2-27
Jan F faae1e 
- audit module now uses openssh audit framevork
Jan F faae1e
Jan F 46c77f 
* Wed Sep 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-8 + 0.9.2-27
Jan F 46c77f 
- Add the GSSAPI kuserok switch to the kuserok patch
Jan F 46c77f
Jan F 4c4aa1 
* Wed Sep 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-7 + 0.9.2-27
Jan F 4c4aa1 
- Repaired the kuserok patch
Jan F 4c4aa1
Jan F ce0606 
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-6 + 0.9.2-27
Jan F ce0606 
- Repaired the problem with puting entries with very big uid into lastlog
Jan F ce0606
Jan F 84d568 
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-5 + 0.9.2-27
Jan F 84d568 
- Merging selabel patch with the upstream version. (#632914)
Jan F 84d568
Jan F 93909d 
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-4 + 0.9.2-27
Jan F 84d568 
- Tweaking selabel patch to work properly without selinux rules loaded. (#632914)
Jan F 93909d
Tomas Mraz 13fa78 
* Wed Sep  8 2010 Tomas Mraz <tmraz@redhat.com> - 5.6p1-3 + 0.9.2-27
Tomas Mraz 13fa78 
- Make fipscheck hmacs compliant with FHS - requires new fipscheck
Tomas Mraz 13fa78
Jan F f7e15d 
* Fri Sep  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-2 + 0.9.2-27
Jan F f7e15d 
- Added -z relro -z now to LDFLAGS
Jan F f7e15d
Jan F. Chadima c6801b 
* Fri Sep  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-1 + 0.9.2-27
Jan F. Chadima c6801b 
- Rebased to openssh5.6p1
Jan F. Chadima c6801b
Jan F. Chadima 7818e5 
* Wed Jul  7 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-18 + 0.9.2-26
Jan F. Chadima 7818e5 
- merged with newer bugzilla's version of authorized keys command patch
Jan F. Chadima 7818e5
Jan F. Chadima eb358a 
* Wed Jun 30 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-17 + 0.9.2-26
Jan F. Chadima eb358a 
- improved the x11 patch according to upstream (#598671)
Jan F. Chadima eb358a
Petr Lautrbach 19725a 
* Fri Jun 25 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-16 + 0.9.2-26
Jan F. Chadima a3dee6 
- improved the x11 patch (#598671)
Jan F. Chadima a3dee6
Jan F. Chadima 41a56c 
* Thu Jun 24 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-15 + 0.9.2-26
Jan F. Chadima 41a56c 
- changed _PATH_UNIX_X to unexistent file name (#598671)
Jan F. Chadima 41a56c
Jan F. Chadima 411b91 
* Wed Jun 23 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-14 + 0.9.2-26
Jan F. Chadima 411b91 
- sftp works in deviceless chroot again (broken from 5.5p1-3)
Jan F. Chadima 411b91
Jan F. Chadima 59d42d 
* Tue Jun  8 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-13 + 0.9.2-26
Jan F. Chadima 59d42d 
- add option to switch out krb5_kuserok
Jan F. Chadima 59d42d
Jan F. Chadima 2fd105 
* Fri May 21 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-12 + 0.9.2-26
Jan F. Chadima 2fd105 
- synchronize uid and gid for the user sshd
Jan F. Chadima 2fd105
Jan F. Chadima b1a625 
* Thu May 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-11 + 0.9.2-26
Jan F. Chadima b1a625 
- Typo in ssh-ldap.conf(5) and ssh-ladap-helper(8)
Jan F. Chadima b1a625
Jan F. Chadima 99d9a3 
* Fri May 14 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-10 + 0.9.2-26
Jan F. Chadima 99d9a3 
- Repair the reference in man ssh-ldap-helper(8)
Jan F. Chadima 99d9a3 
- Repair the PubkeyAgent section in sshd_config(5)
Jan F. Chadima 99d9a3 
- Provide example ldap.conf
Jan F. Chadima 99d9a3
Jan F. Chadima 222d52 
* Thu May 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-9 + 0.9.2-26
Jan F. Chadima 222d52 
- Make the Ldap configuration widely compatible
Jan F. Chadima 222d52 
- create the aditional docs for LDAP support.
Jan F. Chadima 222d52
Jan F. Chadima 4669c3 
* Thu May  6 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-8 + 0.9.2-26
Jan F. Chadima 4669c3 
- Make LDAP config elements TLS_CACERT and TLS_REQCERT compatiple with pam_ldap (#589360)
Jan F. Chadima 4669c3
Jan F. Chadima b6bdf1 
* Thu May  6 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-7 + 0.9.2-26
Jan F. Chadima b6bdf1 
- Make LDAP config element tls_checkpeer compatiple with nss_ldap (#589360)
Jan F. Chadima b6bdf1
Jan F. Chadima 6fa4d8 
* Tue May  4 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-6 + 0.9.2-26
Jan F. Chadima 6fa4d8 
- Comment spec.file
Jan F. Chadima 6fa4d8 
- Sync patches from upstream
Jan F. Chadima 6fa4d8
Jan F. Chadima 3fdf10 
* Mon May  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-5 + 0.9.2-26
Jan F. Chadima 3fdf10 
- Create separate ldap package
Jan F. Chadima 3fdf10 
- Tweak the ldap patch
Jan F. Chadima 3fdf10 
- Rename stderr patch properly
Jan F. Chadima 3fdf10
Petr Lautrbach 19725a 
* Thu Apr 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-4 + 0.9.2-26
Jan F. Chadima 7e7fb4 
- Added LDAP support
Jan F. Chadima 7e7fb4
Jan F. Chadima 2220e6 
* Mon Apr 26 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-3 + 0.9.2-26
Jan F. Chadima 2220e6 
- Ignore .bashrc output to stderr in the subsystems
Jan F. Chadima 2220e6
Jan F. Chadima 9e777a 
* Tue Apr 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-2 + 0.9.2-26
Jan F. Chadima 9e777a 
- Drop dependency on man
Jan F. Chadima 9e777a
Jan F. Chadima 82bc82 
* Fri Apr 16 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-1 + 0.9.2-26
Jan F. Chadima 82bc82 
- Update to 5.5p1
Jan F. Chadima 82bc82
Jan F. Chadima b82340 
* Fri Mar 12 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-3 + 0.9.2-25
Jan F. Chadima 50a3dd 
- repair configure script of pam_ssh_agent
Jan F. Chadima b82340 
- repair error mesage in ssh-keygen
Jan F. Chadima 50a3dd
Jan F. Chadima 264029 
* Fri Mar 12 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-2
Jan F. Chadima 264029 
- source krb5-devel profile script only if exists
Jan F. Chadima 264029
Jan F. Chadima d1a73d 
* Tue Mar  9 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-1
Jan F. Chadima d1a73d 
- Update to 5.4p1
Jan F. Chadima 04cab1 
- discontinued support for nss-keys
Jan F. Chadima 04cab1 
- discontinued support for scard
Jan F. Chadima d1a73d
Jan F. Chadima 974c89 
* Wed Mar  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-0.snap20100302.1
Jan F. Chadima 974c89 
- Prepare update to 5.4p1
Jan F. Chadima 974c89
Jan F. Chadima 806a11 
* Mon Feb 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-22
Jan F. Chadima 806a11 
- ImplicitDSOLinking (#564824)
Jan F. Chadima 806a11
Jan F. Chadima a2a0cf 
* Fri Jan 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-21
Jan F. Chadima a2a0cf 
- Allow to use hardware crypto if awailable (#559555)
Jan F. Chadima a2a0cf
Jan F. Chadima 606b55 
* Mon Jan 25 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-20
Jan F. Chadima 606b55 
- optimized FD_CLOEXEC on accept socket (#541809)
Jan F. Chadima 606b55
Tomáš Mráz 745155 
* Mon Jan 25 2010 Tomas Mraz <tmraz@redhat.com> - 5.3p1-19
Tomáš Mráz 745155 
- updated pam_ssh_agent_auth to new version from upstream (just
Tomáš Mráz 745155 
  a licence change)
Tomáš Mráz 745155
Jan F. Chadima e39eb5 
* Thu Jan 21 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-18
Jan F. Chadima e39eb5 
- optimized RAND_cleanup patch (#557166)
Jan F. Chadima e39eb5
Jan F. Chadima 28355b 
* Wed Jan 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-17
Jan F. Chadima 28355b 
- add RAND_cleanup at the exit of each program using RAND (#557166)
Jan F. Chadima 28355b
Jan F. Chadima 313100 
* Tue Jan 19 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-16
Jan F. Chadima 313100 
- set FD_CLOEXEC on accepted socket (#541809)
Jan F. Chadima 313100
Jan F. Chadima 37c0ae 
* Fri Jan  8 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-15
Jan F. Chadima b8bdc7 
- replaced define by global in macros
Jan F. Chadima b8bdc7
Jan F. Chadima 9051e5 
* Tue Jan  5 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-14
Jan F. Chadima 9051e5 
- Update the pka patch
Jan F. Chadima 9051e5
Jan F. Chadima ecd50f 
* Mon Dec 21 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-13
Jan F. Chadima ecd50f 
- Update the audit patch
Jan F. Chadima ecd50f
Jan F. Chadima c32d4a 
* Fri Dec  4 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-12
Jan F. Chadima c32d4a 
- Add possibility to autocreate only RSA key into initscript (#533339)
Jan F. Chadima c32d4a
Jan F. Chadima 6323f6 
* Fri Nov 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-11
Jan F. Chadima 6323f6 
- Prepare NSS key patch for future SEC_ERROR_LOCKED_PASSWORD (#537411)
Jan F. Chadima 6323f6
Jan F. Chadima 0a6423 
* Tue Nov 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-10
Jan F. Chadima 0a6423 
- Update NSS key patch (#537411, #356451)
Jan F. Chadima 0a6423
Jan F. Chadima 0a6423 
* Fri Nov 20 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-9
Jan F. Chadima 3d742c 
- Add gssapi key exchange patch (#455351)
Jan F. Chadima 3d742c
Jan F. Chadima 3d742c 
* Fri Nov 20 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-8
Jan F. Chadima 201f4a 
- Add public key agent patch (#455350)
Jan F. Chadima 201f4a
Jan F. Chadima d2767e 
* Mon Nov  2 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-7
Jan F. Chadima d2767e 
- Repair canohost patch to allow gssapi to work when host is acessed via pipe proxy (#531849)
Jan F. Chadima d2767e
Jan F. Chadima 5fb555 
* Thu Oct 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-6
Jan F. Chadima 5fb555 
- Modify the init script to prevent it to hang during generating the keys (#515145)
Jan F. Chadima 5fb555
Jan F. Chadima 838d93 
* Tue Oct 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-5
Jan F. Chadima 838d93 
- Add README.nss
Jan F. Chadima 838d93
Tomáš Mráz e47cb0 
* Mon Oct 19 2009 Tomas Mraz <tmraz@redhat.com> - 5.3p1-4
Tomáš Mráz e47cb0 
- Add pam_ssh_agent_auth module to a subpackage.
Tomáš Mráz e47cb0
Jan F. Chadima 2ed3f9 
* Fri Oct 16 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-3
Jan F. Chadima 2ed3f9 
- Reenable audit.
Jan F. Chadima 2ed3f9
Jan F. Chadima c54a8b 
* Fri Oct  2 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-2
Jan F. Chadima 35695c 
- Upgrade to new wersion 5.3p1
Jan F. Chadima 35695c
Jan F. Chadima 71e874 
* Tue Sep 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-29
Jan F. Chadima 71e874 
- Resolve locking in ssh-add (#491312)
Jan F. Chadima 71e874
Jan F. Chadima f013be 
* Thu Sep 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-28
Jan F. Chadima cee78e 
- Repair initscript to be acord to guidelines (#521860)
Jan F. Chadima cee78e 
- Add bugzilla# to application of edns and xmodifiers patch
Jan F. Chadima cee78e
Jan F. Chadima 4330e6 
* Wed Sep 16 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-26
Jan F. Chadima 4330e6 
- Changed pam stack to password-auth
Jan F. Chadima 4330e6
Jan F. Chadima 0447c9 
* Fri Sep 11 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-25
Jan F. Chadima 0447c9 
- Dropped homechroot patch
Jan F. Chadima 0447c9
Jan F. Chadima 257d66 
* Mon Sep  7 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-24
Jan F. Chadima 257d66 
- Add check for nosuid, nodev in homechroot
Jan F. Chadima 257d66
Jan F. Chadima 49d0cf 
* Tue Sep  1 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-23
Jan F. Chadima 49d0cf 
- add correct patch for ip-opts
Jan F. Chadima 49d0cf
Jan F. Chadima bd8eb9 
* Tue Sep  1 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-22
Jan F. Chadima bd8eb9 
- replace ip-opts patch by an upstream candidate version
Jan F. Chadima bd8eb9
Jan F. Chadima ce94da 
* Mon Aug 31 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-21
Jan F. Chadima 726565 
- rearange selinux patch to be acceptable for upstream
Jan F. Chadima 726565 
- replace seftp patch by an upstream version
Jan F. Chadima 726565
Jan F. Chadima 15914f 
* Fri Aug 28 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-20
Jan F. Chadima 15914f 
- merged xmodifiers to redhat patch
Jan F. Chadima 15914f 
- merged gssapi-role to selinux patch
Jan F. Chadima 15914f 
- merged cve-2007_3102 to audit patch
Jan F. Chadima 15914f 
- sesftp patch only with WITH_SELINUX flag
Jan F. Chadima 56bb42 
- rearange sesftp patch according to upstream request
Jan F. Chadima 15914f
Jan F. Chadima 214b7b 
* Wed Aug 26 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-19
Jan F. Chadima 214b7b 
- minor change in sesftp patch
Jan F. Chadima 214b7b
Tomáš Mráz 80bcb1 
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-18
Tomáš Mráz 80bcb1 
- rebuilt with new openssl
Tomáš Mráz 80bcb1
Jan F. Chadima 986cee 
* Thu Jul 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-17
Jan F. Chadima cee78e 
- Added dnssec support. (#205842)
Jan F. Chadima 986cee
Jesse Keating 42c539 
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.2p1-16
Jesse Keating 42c539 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
Jesse Keating 42c539
Jan F. Chadima aa8983 
* Fri Jul 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-15
Jan F. Chadima aa8983 
- only INTERNAL_SFTP can be home-chrooted
Jan F. Chadima aa8983 
- save _u and _r parts of context changing to sftpd_t
Jan F. Chadima aa8983
Jan F. Chadima 3d6b00 
* Fri Jul 17 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-14
Jan F. Chadima 3d6b00 
- changed internal-sftp context to sftpd_t
Jan F. Chadima 3d6b00
Jan F. Chadima 3d6b00 
* Fri Jul  3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-13
Jan F. Chadima 3d6b00 
- changed home length path patch to upstream version
Jan F. Chadima 3d6b00
Jan F. Chadima 3d6b00 
* Tue Jun 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-12
Jan F. Chadima ca05b3 
- create '~/.ssh/known_hosts' within proper context
Jan F. Chadima ca05b3
Jan F. Chadima f4b0b4 
* Mon Jun 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-11
Jan F. Chadima f4b0b4 
- length of home path in ssh now limited by PATH_MAX
Jan F. Chadima ca05b3 
- correct timezone with daylight processing
Jan F. Chadima f4b0b4
Jan F. Chadima eca05f 
* Sat Jun 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-10
Jan F. Chadima eca05f 
- final version chroot %%h (sftp only)
Jan F. Chadima eca05f
Jan F. Chadima c1398b 
* Tue Jun 23 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-9
Jan F. Chadima c1398b 
- repair broken ls in chroot %%h
Jan F. Chadima c1398b
Jan F. Chadima ecd846 
* Fri Jun 12 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-8
Jan F. Chadima cee78e 
- add XMODIFIERS to exported environment (#495690)
Jan F. Chadima e45f2c
Tomáš Mráz 76f329 
* Fri May 15 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-6
Tomáš Mráz 76f329 
- allow only protocol 2 in the FIPS mode
Tomáš Mráz 76f329
Tomáš Mráz 685b62 
* Thu Apr 30 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-5
Tomáš Mráz 685b62 
- do integrity verification only on binaries which are part
Tomáš Mráz 685b62 
  of the OpenSSH FIPS modules
Tomáš Mráz 685b62
Tomáš Mráz 0a4fa5 
* Mon Apr 20 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-4
Tomáš Mráz 0a4fa5 
- log if FIPS mode is initialized
Tomáš Mráz 0a4fa5 
- make aes-ctr cipher modes work in the FIPS mode
Tomáš Mráz 0a4fa5
Jan F. Chadima 061e21 
* Fri Apr  3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-3
Jan F. Chadima 061e21 
- fix logging after chroot
Jan F. Chadima 3a94ae 
- enable non root users to use chroot %%h in internal-sftp
Jan F. Chadima 061e21
Tomáš Mráz 0f07b4 
* Fri Mar 13 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-2
Tomáš Mráz 0f07b4 
- add AES-CTR ciphers to the FIPS mode proposal
Tomáš Mráz 0f07b4
Tomáš Mráz 0f07b4 
* Mon Mar  9 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-1
Jan F. Chadima a3ba41 
- upgrade to new upstream release
Jan F. Chadima a3ba41
Jesse Keating c5f25a 
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.1p1-8
Jesse Keating c5f25a 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
Jesse Keating c5f25a
Tomáš Mráz d93958 
* Thu Feb 12 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-7
Tomáš Mráz d93958 
- drop obsolete triggers
Tomáš Mráz d93958 
- add testing FIPS mode support
Tomáš Mráz d93958 
- LSBize the initscript (#247014)
Tomáš Mráz d93958
Tomáš Mráz ff6d59 
* Fri Jan 30 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-6
Tomáš Mráz ff6d59 
- enable use of ssl engines (#481100)
Tomáš Mráz ff6d59
Tomáš Mráz 6a5e29 
* Thu Jan 15 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-5
Tomáš Mráz 6a5e29 
- remove obsolete --with-rsh (#478298)
Tomáš Mráz 6a5e29 
- add pam_sepermit to allow blocking confined users in permissive mode
Tomáš Mráz 6a5e29 
  (#471746)
Tomáš Mráz 6a5e29 
- move system-auth after pam_selinux in the session stack
Tomáš Mráz 6a5e29
Tomáš Mráz 9e5c6e 
* Thu Dec 11 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-4
Tomáš Mráz 9e5c6e 
- set FD_CLOEXEC on channel sockets (#475866)
Tomáš Mráz 9e5c6e 
- adjust summary
Tomáš Mráz 9e5c6e 
- adjust nss-keys patch so it is applicable without selinux patches (#470859)
Tomáš Mráz 9e5c6e
Tomáš Mráz b9a07a 
* Fri Oct 17 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-3
Tomáš Mráz b9a07a 
- fix compatibility with some servers (#466818)
Tomáš Mráz b9a07a
Tomáš Mráz 578f0d 
* Thu Jul 31 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-2
Tomáš Mráz 578f0d 
- fixed zero length banner problem (#457326)
Tomáš Mráz 578f0d
Tomáš Mráz 93a474 
* Wed Jul 23 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-1
Tomáš Mráz 93a474 
- upgrade to new upstream release
Tomáš Mráz 93a474 
- fixed a problem with public key authentication and explicitely
Tomáš Mráz 93a474 
  specified SELinux role
Tomáš Mráz 93a474
Tomáš Mráz 077dad 
* Wed May 21 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-3
Tomáš Mráz 077dad 
- pass the connection socket to ssh-keysign (#447680)
Tomáš Mráz 077dad
Tomáš Mráz 1961bc 
* Mon May 19 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-2
Tomáš Mráz 1961bc 
- add LANGUAGE to accepted/sent environment variables (#443231)
Tomáš Mráz 1961bc 
- use pam_selinux to obtain the user context instead of doing it itself
Tomáš Mráz 1961bc 
- unbreak server keep alive settings (patch from upstream)
Tomáš Mráz 1961bc 
- small addition to scp manpage
Tomáš Mráz 1961bc
Tomáš Mráz ca47f6 
* Mon Apr  7 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-1
Tomáš Mráz ca47f6 
- upgrade to new upstream (#441066)
Tomáš Mráz ca47f6 
- prevent initscript from killing itself on halt with upstart (#438449)
Tomáš Mráz ca47f6 
- initscript status should show that the daemon is running
Tomáš Mráz ca47f6 
  only when the main daemon is still alive (#430882)
Tomáš Mráz ca47f6
Tomáš Mráz ca47f6 
* Thu Mar  6 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-10
Tomáš Mráz ca47f6 
- fix race on control master and cleanup stale control socket (#436311)
Tomáš Mráz ca47f6 
  patches by David Woodhouse
Tomáš Mráz ca47f6
Tomáš Mráz 2cb0e7 
* Fri Feb 29 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-9
Tomáš Mráz 2cb0e7 
- set FD_CLOEXEC on client socket
Tomáš Mráz 2cb0e7 
- apply real fix for window size problem (#286181) from upstream
Tomáš Mráz 2cb0e7 
- apply fix for the spurious failed bind from upstream
Tomáš Mráz 2cb0e7 
- apply open handle leak in sftp fix from upstream
Tomáš Mráz 2cb0e7
Dennis Gilmore 91bdf4 
* Tue Feb 12 2008 Dennis Gilmore <dennis@ausil.us> - 4.7p1-8
Dennis Gilmore 91bdf4 
- we build for sparcv9 now  and it needs -fPIE
Dennis Gilmore 91bdf4
Tomáš Mráz 993dd1 
* Thu Jan  3 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-7
Tomáš Mráz 993dd1 
- fix gssapi auth with explicit selinux role requested (#427303) - patch
Tomáš Mráz 993dd1 
  by Nalin Dahyabhai
Tomáš Mráz 993dd1
Tomáš Mráz 3457e3 
* Tue Dec  4 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-6
Tomáš Mráz 2cc09c 
- explicitly source krb5-devel profile script
Tomáš Mráz 3457e3
Tomáš Mráz 3457e3 
* Tue Dec 04 2007 Release Engineering <rel-eng at fedoraproject dot org> - 4.7p1-5
Tomáš Mráz 3457e3 
- Rebuild for openssl bump
Jesse Keating 9eac42
Tomáš Mráz b1ffa0 
* Tue Nov 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-4
Tomáš Mráz 8b8c4d 
- do not copy /etc/localtime into the chroot as it is not
Tomáš Mráz 8b8c4d 
  necessary anymore (#193184)
Tomáš Mráz 8b8c4d 
- call setkeycreatecon when selinux context is established
Tomáš Mráz 8b8c4d 
- test for NULL privk when freeing key (#391871) - patch by
Tomáš Mráz 8b8c4d 
  Pierre Ossman
Tomáš Mráz 8b8c4d
Tomáš Mráz 95be08 
* Mon Sep 17 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-2
Tomáš Mráz 95be08 
- revert default window size adjustments (#286181)
Tomáš Mráz 95be08
Tomáš Mráz c9833c 
* Thu Sep  6 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-1
Tomáš Mráz c9833c 
- upgrade to latest upstream
Tomáš Mráz c9833c 
- use libedit in sftp (#203009)
Tomáš Mráz c9833c 
- fixed audit log injection problem (CVE-2007-3102)
Tomáš Mráz c9833c
Tomáš Mráz f37073 
* Thu Aug  9 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-8
Tomáš Mráz f37073 
- fix sftp client problems on write error (#247802)
Tomáš Mráz f37073 
- allow disabling autocreation of server keys (#235466)
Tomáš Mráz f37073
Tomáš Mráz c3274c 
* Wed Jun 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-7
Tomáš Mráz c3274c 
- experimental NSS keys support
Tomáš Mráz c3274c 
- correctly setup context when empty level requested (#234951)
Tomáš Mráz c3274c
Tomáš Mráz 7210c0 
* Tue Mar 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-6
Tomáš Mráz 7210c0 
- mls level check must be done with default role same as requested
Tomáš Mráz 7210c0
Tomáš Mráz b40baa 
* Mon Mar 19 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-5
Tomáš Mráz b40baa 
- make profile.d/gnome-ssh-askpass.* regular files (#226218)
Tomáš Mráz b40baa
Petr Lautrbach 19725a 
* Tue Feb 27 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-4
Tomáš Mráz 546fdd 
- reject connection if requested mls range is not obtained (#229278)
Tomáš Mráz 546fdd
Petr Lautrbach 19725a 
* Thu Feb 22 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-3
Tomáš Mráz 9d725b 
- improve Buildroot
Tomáš Mráz 9d725b 
- remove duplicate /etc/ssh from files
Tomáš Mráz 9d725b
Tomáš Mráz c2b35d 
* Tue Jan 16 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-2
Tomáš Mráz c2b35d 
- support mls on labeled networks (#220487)
Tomáš Mráz c2b35d 
- support mls level selection on unlabeled networks
Tomáš Mráz c2b35d 
- allow / in usernames in scp (only beginning /, ./, and ../ is special)
Tomáš Mráz c2b35d
Tomáš Mráz ad07b9 
* Thu Dec 21 2006 Tomas Mraz <tmraz@redhat.com> - 4.5p1-1
Tomáš Mráz ad07b9 
- update to 4.5p1 (#212606)
Tomáš Mráz ad07b9
Tomáš Mráz 914284 
* Thu Nov 30 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-14
Tomáš Mráz 914284 
- fix gssapi with DNS loadbalanced clusters (#216857)
Tomáš Mráz 914284
Tomáš Mráz d63dc6 
* Tue Nov 28 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-13
Tomáš Mráz d63dc6 
- improved pam_session patch so it doesn't regress, the patch is necessary
Tomáš Mráz d63dc6 
  for the pam_session_close to be called correctly as uid 0
Tomáš Mráz d63dc6
Tomáš Mráz ad61b1 
* Fri Nov 10 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-12
Tomáš Mráz ad61b1 
- CVE-2006-5794 - properly detect failed key verify in monitor (#214641)
Tomáš Mráz ad61b1
Tomáš Mráz 19675a 
* Thu Nov  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-11
Tomáš Mráz 19675a 
- merge sshd initscript patches
Tomáš Mráz 19675a 
- kill all ssh sessions when stop is called in halt or reboot runlevel
Tomáš Mráz 19675a 
- remove -TERM option from killproc so we don't race on sshd restart
Tomáš Mráz 19675a
Tomáš Mráz 7114c4 
* Mon Oct  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-10
Tomáš Mráz 7114c4 
- improve gssapi-no-spnego patch (#208102)
Tomáš Mráz 7114c4 
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
Tomáš Mráz 7114c4 
- CVE-2006-5051 - don't call cleanups from signal handler (#208459)
Tomáš Mráz 7114c4
Tomáš Mráz ac4818 
* Wed Aug 23 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-9
Tomáš Mráz ac4818 
- don't report duplicate syslog messages, use correct local time (#189158)
Tomáš Mráz ac4818 
- don't allow spnego as gssapi mechanism (from upstream)
Tomáš Mráz ac4818 
- fixed memleaks found by Coverity (from upstream)
Tomáš Mráz ac4818 
- allow ip options except source routing (#202856) (patch by HP)
Tomáš Mráz ac4818
Tomáš Mráz c12d6b 
* Tue Aug  8 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-8
Tomáš Mráz c12d6b 
- drop the pam-session patch from the previous build (#201341)
Tomáš Mráz c12d6b 
- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)
Tomáš Mráz c12d6b
Tomáš Mráz 762e40 
* Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-7
Tomáš Mráz 762e40 
- dropped old ssh obsoletes
Tomáš Mráz 762e40 
- call the pam_session_open/close from the monitor when privsep is
Tomáš Mráz 762e40 
  enabled so it is always called as root (patch by Darren Tucker)
Tomáš Mráz 762e40
Tomáš Mráz ef3242 
* Mon Jul 17 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-6
Tomáš Mráz ef3242 
- improve selinux patch (by Jan Kiszka)
Tomáš Mráz ef3242 
- upstream patch for buffer append space error (#191940)
Tomáš Mráz ef3242 
- fixed typo in configure.ac (#198986)
Tomáš Mráz ef3242 
- added pam_keyinit to pam configuration (#198628)
Tomáš Mráz ef3242 
- improved error message when askpass dialog cannot grab
Tomáš Mráz ef3242 
  keyboard input (#198332)
Tomáš Mráz ef3242 
- buildrequires xauth instead of xorg-x11-xauth
Tomáš Mráz ef3242 
- fixed a few rpmlint warnings
Tomáš Mráz ef3242
Jesse Keating d446e9 
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 4.3p2-5.1
Jesse Keating d446e9 
- rebuild
Jesse Keating d446e9
Tomáš Mráz 7e1c55 
* Fri Apr 14 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-5
Tomáš Mráz 7e1c55 
- don't request pseudoterminal allocation if stdin is not tty (#188983)
Tomáš Mráz 7e1c55
Tomáš Mráz 5f29ac 
* Thu Mar  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-4
Tomáš Mráz 5f29ac 
- allow access if audit is not compiled in kernel (#183243)
Tomáš Mráz 5f29ac
Tomáš Mráz e01ed6 
* Fri Feb 24 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-3
Tomáš Mráz e01ed6 
- enable the subprocess in chroot to send messages to system log
Tomáš Mráz e01ed6 
- sshd should prevent login if audit call fails
Tomáš Mráz e01ed6
Tomáš Mráz b5e849 
* Tue Feb 21 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-2
Tomáš Mráz b5e849 
- print error from scp if not remote (patch by Bjorn Augustsson #178923)
Tomáš Mráz b5e849
Tomáš Mráz f16d34 
* Mon Feb 13 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-1
Tomáš Mráz f16d34 
- new version
Tomáš Mráz f16d34
Jesse Keating 3de0ff 
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 4.3p1-2.1
Jesse Keating 3de0ff 
- bump again for double-long bug on ppc(64)
Jesse Keating 3de0ff
Tomáš Mráz f223eb 
* Mon Feb  6 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p1-2
Tomáš Mráz f223eb 
- fixed another place where syslog was called in signal handler
Tomáš Mráz f223eb 
- pass locale environment variables to server, accept them there (#179851)
Tomáš Mráz f223eb
Tomáš Mráz fd638a 
* Wed Feb  1 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p1-1
Tomáš Mráz fd638a 
- new version, dropped obsolete patches
Tomáš Mráz fd638a
Tomáš Mráz bb93ea 
* Tue Dec 20 2005 Tomas Mraz <tmraz@redhat.com> - 4.2p1-10
Tomáš Mráz bb93ea 
- hopefully make the askpass dialog less confusing (#174765)
Tomáš Mráz bb93ea
Jesse Keating 6e3ae4 
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
Jesse Keating 6e3ae4 
- rebuilt
Jesse Keating 6e3ae4
Tomáš Mráz 09d7e6 
* Tue Nov 22 2005 Tomas Mraz <tmraz@redhat.com> - 4.2p1-9
Tomáš Mráz 09d7e6 
- drop x11-ssh-askpass from the package
Tomáš Mráz 09d7e6 
- drop old build_6x ifs from spec file
Tomáš Mráz 09d7e6 
- improve gnome-ssh-askpass so it doesn't reveal number of passphrase
Tomáš Mráz 09d7e6 
  characters to person looking at the display
Tomáš Mráz 09d7e6 
- less hackish fix for the __USE_GNU problem
Tomáš Mráz 09d7e6
Nalin Dahyabhai 05c945 
* Fri Nov 18 2005 Nalin Dahyabhai <nalin@redhat.com> - 4.2p1-8
Nalin Dahyabhai 05c945 
- work around missing gccmakedep by wrapping makedepend in a local script
Nalin Dahyabhai db2565 
- remove now-obsolete build dependency on "xauth"
Nalin Dahyabhai 05c945
Warren Togami d40b8c 
* Thu Nov 17 2005 Warren Togami <wtogami@redhat.com> - 4.2p1-7
Warren Togami 19e22a 
- xorg-x11-devel -> libXt-devel
Warren Togami 19e22a 
- rebuild for new xauth location so X forwarding works
Warren Togami 0e5862 
- buildreq audit-libs-devel
Warren Togami 0e5862 
- buildreq automake for aclocal
Warren Togami 0e5862 
- buildreq imake for xmkmf
Warren Togami 0e5862 
-  -D_GNU_SOURCE in flags in order to get it to build
Warren Togami 0e5862 
   Ugly hack to workaround openssh defining __USE_GNU which is
Warren Togami 0e5862 
   not allowed and causes problems according to Ulrich Drepper
Warren Togami 0e5862 
   fix this the correct way after FC5test1
Warren Togami d40b8c
Jeremy Katz 35e1e0 
* Wed Nov  9 2005 Jeremy Katz <katzj@redhat.com> - 4.2p1-6
Jeremy Katz 35e1e0 
- rebuild against new openssl
Jeremy Katz 35e1e0
Tomáš Mráz fc72c2 
* Fri Oct 28 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-5
Tomáš Mráz fc72c2 
- put back the possibility to skip SELinux patch
Tomáš Mráz fc72c2 
- add patch for user login auditing by Steve Grubb
Tomáš Mráz fc72c2
Daniel J Walsh 531256 
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 4.2p1-4
Daniel J Walsh 531256 
- Change selinux patch to use get_default_context_with_rolelevel in libselinux.
Daniel J Walsh 531256
Daniel J Walsh 0e07ed 
* Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-3
Daniel J Walsh 0e07ed 
- Update selinux patch to use getseuserbyname
Daniel J Walsh 0e07ed
Tomáš Mráz 5bab48 
* Fri Oct  7 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-2
Tomáš Mráz 5bab48 
- use include instead of pam_stack in pam config
Tomáš Mráz fd638a 
- use fork+exec instead of system in scp - CVE-2006-0225 (#168167)
Tomáš Mráz 5bab48 
- upstream patch for displaying authentication errors
Tomáš Mráz 5bab48
Tomáš Mráz de2e7a 
* Tue Sep 06 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-1
Tomáš Mráz de2e7a 
- upgrade to a new upstream version
Tomáš Mráz de2e7a
Tomáš Mráz f94d8f 
* Tue Aug 16 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-5
Tomáš Mráz f94d8f 
- use x11-ssh-askpass if openssh-askpass-gnome is not installed (#165207)
Tomáš Mráz f94d8f 
- install ssh-copy-id from contrib (#88707)
Tomáš Mráz f94d8f
Tomáš Mráz fa1481 
* Wed Jul 27 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-4
Tomáš Mráz fa1481 
- don't deadlock on exit with multiple X forwarded channels (#152432)
Tomáš Mráz fa1481 
- don't use X11 port which can't be bound on all IP families (#163732)
Tomáš Mráz fa1481
Tomáš Mráz 79c968 
* Wed Jun 29 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-3
Tomáš Mráz 79c968 
- fix small regression caused by the nologin patch (#161956)
Tomáš Mráz 79c968 
- fix race in getpeername error checking (mindrot #1054)
Tomáš Mráz 79c968
Tomáš Mráz 9ac1c8 
* Thu Jun  9 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-2
Tomáš Mráz 9ac1c8 
- use only pam_nologin for nologin testing
Tomáš Mráz 9ac1c8
Tomáš Mráz 9cf4ab 
* Mon Jun  6 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-1
Tomáš Mráz 9cf4ab 
- upgrade to a new upstream version
Tomáš Mráz 9cf4ab 
- call pam_loginuid as a pam session module
Tomáš Mráz 9cf4ab
Tomáš Mráz 9c5771 
* Mon May 16 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-3
Tomáš Mráz 9c5771 
- link libselinux only to sshd (#157678)
Tomáš Mráz 9c5771
Tomáš Mráz 1e27c0 
* Mon Apr  4 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-2
Tomáš Mráz 1e27c0 
- fixed Local/RemoteForward in ssh_config.5 manpage
Tomáš Mráz 1e27c0 
- fix fatal when Local/RemoteForward is used and scp run (#153258)
Tomáš Mráz 1e27c0 
- don't leak user validity when using krb5 authentication
Tomáš Mráz 1e27c0
Tomáš Mráz 5de53f 
* Thu Mar 24 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-1
Tomáš Mráz 5de53f 
- upgrade to 4.0p1
Tomáš Mráz 5de53f 
- remove obsolete groups patch
Tomáš Mráz 5de53f
Elliot Lee 683f4f 
* Wed Mar 16 2005 Elliot Lee <sopwith@redhat.com>
Elliot Lee 683f4f 
- rebuilt
Elliot Lee 683f4f
Nalin Dahyabhai 4f9d64 
* Mon Feb 28 2005 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-12
Nalin Dahyabhai 4f9d64 
- rebuild so that configure can detect that krb5_init_ets is gone now
Nalin Dahyabhai 4f9d64
Tomáš Mráz 8d62bf 
* Mon Feb 21 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-11
Tomáš Mráz d048f9 
- don't call syslog in signal handler
Tomáš Mráz 8d62bf 
- allow password authentication when copying from remote
Tomáš Mráz 8d62bf 
  to remote machine (#103364)
Tomáš Mráz d048f9
Tomáš Mráz 504978 
* Wed Feb  9 2005 Tomas Mraz <tmraz@redhat.com>
Tomáš Mráz 504978 
- add spaces to messages in initscript (#138508)
Tomáš Mráz 504978
Tomáš Mráz 4c55a5 
* Tue Feb  8 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-10
Tomáš Mráz 4c55a5 
- enable trusted forwarding by default if X11 forwarding is
Tomáš Mráz 4c55a5 
  required by user (#137685 and duplicates)
Tomáš Mráz 4c55a5 
- disable protocol 1 support by default in sshd server config (#88329)
Tomáš Mráz 4c55a5 
- keep the gnome-askpass dialog above others (#69131)
Tomáš Mráz 4c55a5
Tomáš Mráz 5a8f6b 
* Fri Feb  4 2005 Tomas Mraz <tmraz@redhat.com>
Tomáš Mráz 4c55a5 
- change permissions on pam.d/sshd to 0644 (#64697)
Tomáš Mráz 5a8f6b 
- patch initscript so it doesn't kill opened sessions if
Tomáš Mráz 4c55a5 
  the sshd daemon isn't running anymore (#67624)
Tomáš Mráz 5a8f6b
Bill Nottingham ede9e0 
* Mon Jan  3 2005 Bill Nottingham <notting@redhat.com> 3.9p1-9
Bill Nottingham ede9e0 
- don't use initlog
Bill Nottingham ede9e0
Thomas Woerner b56212 
* Mon Nov 29 2004 Thomas Woerner <twoerner@redhat.com> 3.9p1-8.1
Thomas Woerner b56212 
- fixed PIE build for all architectures
Thomas Woerner b56212
Nalin Dahyabhai 8ccaa9 
* Mon Oct  4 2004 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-8
Nalin Dahyabhai 8ccaa9 
- add a --enable-vendor-patchlevel option which allows a ShowPatchLevel option
Nalin Dahyabhai 8ccaa9 
  to enable display of a vendor patch level during version exchange (#120285)
Nalin Dahyabhai 8ccaa9 
- configure with --disable-strip to build useful debuginfo subpackages
Nalin Dahyabhai 8ccaa9
Bill Nottingham c92dff 
* Mon Sep 20 2004 Bill Nottingham <notting@redhat.com> 3.9p1-7
Bill Nottingham c92dff 
- when using gtk2 for askpass, don't buildprereq gnome-libs-devel
Bill Nottingham c92dff
Nalin Dahyabhai 567e63 
* Tue Sep 14 2004 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-6
Nalin Dahyabhai 567e63 
- build
Nalin Dahyabhai 567e63
Nalin Dahyabhai deb1e4 
* Mon Sep 13 2004 Nalin Dahyabhai <nalin@redhat.com>
Nalin Dahyabhai deb1e4 
- disable ACSS support
Nalin Dahyabhai deb1e4
Daniel J Walsh c82df7 
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-5
Daniel J Walsh c82df7 
- Change selinux patch to use get_default_context_with_role in libselinux.
Daniel J Walsh c82df7
Daniel J Walsh c82df7 
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-4
Daniel J Walsh c82df7 
- Fix patch
Daniel J Walsh c82df7 
	* Bad debug statement.
Daniel J Walsh c82df7 
	* Handle root/sysadm_r:kerberos
Daniel J Walsh c82df7
cvsdist 29a4bf 
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-3
cvsdist 29a4bf 
- Modify Colin Walter's patch to allow specifying rule during connection
cvsdist 29a4bf
cvsdist d7affc 
* Tue Aug 31 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-2
cvsdist d7affc 
- Fix TTY handling for SELinux
cvsdist d7affc
cvsdist 653818 
* Tue Aug 24 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-1
cvsdist 653818 
- Update to upstream
cvsdist 653818
cvsdist 5ef607 
* Sun Aug 1 2004 Alan Cox <alan@redhat.com> 3.8.1p1-5
cvsdist 5ef607 
- Apply buildreq fixup patch (#125296)
cvsdist 5ef607
cvsdist 9d5a53 
* Tue Jun 15 2004 Daniel Walsh <dwalsh@redhat.com> 3.8.1p1-4
cvsdist 9d5a53 
- Clean up patch for upstream submission.
cvsdist 9d5a53
cvsdist de28cc 
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
cvsdist de28cc 
- rebuilt
cvsdist de28cc
cvsdist e965c7 
* Wed Jun 9 2004 Daniel Walsh <dwalsh@redhat.com> 3.8.1p1-2
cvsdist e965c7 
- Remove use of pam_selinux and patch selinux in directly.
cvsdist e965c7
cvsdist ffdec5 
* Mon Jun  7 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-1
cvsdist ffdec5 
- request gssapi-with-mic by default but not delegation (flag day for anyone
cvsdist ffdec5 
  who used previous gssapi patches)
cvsdist ffdec5 
- no longer request x11 forwarding by default
cvsdist ffdec5
cvsdist 162c7f 
* Thu Jun 3 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-36
cvsdist 162c7f 
- Change pam file to use open and close with pam_selinux
cvsdist 162c7f
cvsdist ffdec5 
* Tue Jun  1 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-0
cvsdist ffdec5 
- update to 3.8.1p1
cvsdist ffdec5 
- add workaround from CVS to reintroduce passwordauth using pam
cvsdist ffdec5
cvsdist 73e10e 
* Tue Jun 1 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-35
cvsdist 73e10e 
- Remove CLOSEXEC on STDERR
cvsdist 73e10e
cvsdist 8f8720 
* Tue Mar 16 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-34
cvsdist 8f8720
cvsdist 8f8720 
* Wed Mar 03 2004 Phil Knirsch <pknirsch@redhat.com> 3.6.1p2-33.30.1
cvsdist 8f8720 
- Built RHLE3 U2 update package.
cvsdist 8f8720
cvsdist 8f8720 
* Wed Mar 3 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-33
cvsdist 8f8720 
- Close file descriptors on exec
cvsdist 8f8720
cvsdist 8f8720 
* Mon Mar  1 2004 Thomas Woerner <twoerner@redhat.com> 3.6.1p2-32
cvsdist 8f8720 
- fixed pie build
cvsdist 8f8720
cvsdist 8f8720 
* Thu Feb 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-31
cvsdist 8f8720 
- Add restorecon to startup scripts
cvsdist 8f8720
cvsdist 8f8720 
* Thu Feb 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-30
cvsdist 8f8720 
- Add multiple qualified to openssh
cvsdist 8f8720
cvsdist 8f8720 
* Mon Feb 23 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-29
cvsdist 8f8720 
- Eliminate selinux code and use pam_selinux
cvsdist 8f8720
cvsdist 8f8720 
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
cvsdist 8f8720 
- rebuilt
cvsdist 8f8720
cvsdist fe98d8 
* Mon Jan 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-27
cvsdist fe98d8 
- turn off pie on ppc
cvsdist fe98d8
cvsdist fe98d8 
* Mon Jan 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-26
cvsdist fe98d8 
- fix is_selinux_enabled
cvsdist fe98d8
cvsdist fe98d8 
* Wed Jan 14 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-25
cvsdist fe98d8 
- Rebuild to grab shared libselinux
cvsdist fe98d8
cvsdist fe98d8 
* Wed Dec 3 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-24
cvsdist fe98d8 
- turn on selinux
cvsdist fe98d8
cvsdist fe98d8 
* Tue Nov 18 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d8 
- un#ifdef out code for reporting password expiration in non-privsep
cvsdist fe98d8 
  mode (#83585)
cvsdist fe98d8
cvsdist fe98d8 
* Mon Nov 10 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d8 
- add machinery to build with/without -fpie/-pie, default to doing so
cvsdist fe98d8
cvsdist fe98d8 
* Thu Nov 06 2003 David Woodhouse <dwmw2@redhat.com> 3.6.1p2-23
cvsdist fe98d8 
- Don't whinge about getsockopt failing (#109161)
cvsdist fe98d8
cvsdist fe98d8 
* Fri Oct 24 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d8 
- add missing buildprereq on zlib-devel (#104558)
cvsdist fe98d8
cvsdist fe98d8 
* Mon Oct 13 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-22
cvsdist fe98d8 
- turn selinux off
cvsdist fe98d8
cvsdist fe98d8 
* Mon Oct 13 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-21.sel
cvsdist fe98d8 
- turn selinux on
cvsdist fe98d8
cvsdist fe98d8 
* Fri Sep 19 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-21
cvsdist fe98d8 
- turn selinux off
cvsdist fe98d8
cvsdist fe98d8 
* Fri Sep 19 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-20.sel
cvsdist fe98d8 
- turn selinux on
cvsdist fe98d8
cvsdist fe98d8 
* Fri Sep 19 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d8 
- additional fix for apparently-never-happens double-free in buffer_free()
cvsdist fe98d8 
- extend fix for #103998 to cover SSH1
cvsdist fe98d8
cvsdist fe98d8 
* Wed Sep 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-19
cvsdist 092b0a 
- rebuild
cvsdist 092b0a
cvsdist fe98d8 
* Wed Sep 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-18
cvsdist 903730 
- additional buffer manipulation cleanups from Solar Designer
cvsdist 903730
cvsdist 092b0a 
* Wed Sep 17 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-17
cvsdist 092b0a 
- turn selinux off
cvsdist 092b0a
cvsdist 092b0a 
* Wed Sep 17 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-16.sel
cvsdist 092b0a 
- turn selinux on
cvsdist 092b0a
cvsdist fe98d8 
* Tue Sep 16 2003 Bill Nottingham <notting@redhat.com> 3.6.1p2-15
cvsdist 092b0a 
- rebuild
cvsdist 092b0a
cvsdist fe98d8 
* Tue Sep 16 2003 Bill Nottingham <notting@redhat.com> 3.6.1p2-14
cvsdist 903730 
- additional buffer manipulation fixes (CAN-2003-0695)
cvsdist 44a5d2
cvsdist 092b0a 
* Tue Sep 16 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-13.sel
cvsdist 092b0a 
- turn selinux on
cvsdist 092b0a
cvsdist fe98d8 
* Tue Sep 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-12
cvsdist 092b0a 
- rebuild
cvsdist 092b0a
cvsdist fe98d8 
* Tue Sep 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-11
cvsdist 6eaa41 
- apply patch to store the correct buffer size in allocated buffers
cvsdist 6eaa41 
  (CAN-2003-0693)
cvsdist 6eaa41 
- skip the initial PAM authentication attempt with an empty password if
cvsdist 6eaa41 
  empty passwords are not permitted in our configuration (#103998)
cvsdist 6eaa41
cvsdist 092b0a 
* Fri Sep 5 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-10
cvsdist 092b0a 
- turn selinux off
cvsdist 092b0a
cvsdist 092b0a 
* Fri Sep 5 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-9.sel
cvsdist 092b0a 
- turn selinux on
cvsdist 092b0a
cvsdist 092b0a 
* Tue Aug 26 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-8
cvsdist 092b0a 
- Add BuildPreReq gtk2-devel if gtk2
cvsdist 092b0a
cvsdist 092b0a 
* Tue Aug 12 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-7
cvsdist 092b0a 
- rebuild
cvsdist 092b0a
cvsdist 092b0a 
* Tue Aug 12 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-6
cvsdist 092b0a 
- modify patch which clears the supplemental group list at startup to only
cvsdist 092b0a 
  complain if setgroups() fails if sshd has euid == 0
cvsdist 092b0a 
- handle krb5 installed in %%{_prefix} or elsewhere by using krb5-config
cvsdist 092b0a
Petr Lautrbach 19725a 
* Mon Jul 28 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-5
cvsdist 092b0a 
- Add SELinux patch
cvsdist 092b0a
cvsdist 092b0a 
* Tue Jul 22 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-4
cvsdist 092b0a 
- rebuild
cvsdist 092b0a
Petr Lautrbach 19725a 
* Wed Jul 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-3
cvsdist 092b0a 
- rebuild
cvsdist 092b0a
Petr Lautrbach 19725a 
* Wed Jul 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-2
cvsdist 092b0a 
- rebuild
cvsdist 092b0a
cvsdist 092b0a 
* Thu Jun  5 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-1
cvsdist 092b0a 
- update to 3.6.1p2
cvsdist 092b0a
cvsdist 092b0a 
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
Jan F. Chadima 313100 
6 rebuilt
cvsdist 092b0a
cvsdist 092b0a 
* Mon Mar 24 2003 Florian La Roche <Florian.LaRoche@redhat.de>
cvsdist 092b0a 
- add patch for getsockopt() call to work on bigendian 64bit archs
cvsdist 6c4a0b
cvsdist 3e66bd 
* Fri Feb 14 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-6
cvsdist 3e66bd 
- move scp to the -clients subpackage, because it directly depends on ssh
cvsdist 3e66bd 
  which is also in -clients (#84329)
cvsdist 3e66bd
cvsdist 3e66bd 
* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-5
cvsdist 3e66bd 
- rebuild
cvsdist 3e66bd
cvsdist 3e66bd 
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
cvsdist 3e66bd 
- rebuilt
cvsdist 818000
cvsdist 3e66bd 
* Tue Jan  7 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-3
cvsdist 818000 
- rebuild
cvsdist 818000
cvsdist 3e66bd 
* Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-2
cvsdist 3e66bd 
- patch PAM configuration to use relative path names for the modules, allowing
cvsdist 3e66bd 
  us to not worry about which arch the modules are built for on multilib systems
cvsdist 3e66bd
cvsdist 3e66bd 
* Tue Oct 15 2002 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-1
cvsdist 3e66bd 
- update to 3.5p1, merging in filelist/perm changes from the upstream spec
cvsdist 3e66bd
cvsdist 3e66bd 
* Fri Oct  4 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-3
cvsdist 3e66bd 
- merge
cvsdist 3e66bd
cvsdist 3e66bd 
* Thu Sep 12 2002  Than Ngo <than@redhat.com> 3.4p1-2.1
cvsdist 3e66bd 
- fix to build on multilib systems
cvsdist 3e66bd
cvsdist 3e66bd 
* Thu Aug 29 2002 Curtis Zinzilieta <curtisz@redhat.com> 3.4p1-2gss
cvsdist 3e66bd 
- added gssapi patches and uncommented patch here
cvsdist 818000
cvsdist e98831 
* Wed Aug 14 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-2
cvsdist e98831 
- pull patch from CVS to fix too-early free in ssh-keysign (#70009)
cvsdist e98831
cvsdist 8264e7 
* Thu Jun 27 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-1
cvsdist 8264e7 
- 3.4p1
cvsdist 8264e7 
- drop anon mmap patch
cvsdist 8264e7
cvsdist 8264e7 
* Tue Jun 25 2002 Nalin Dahyabhai <nalin@redhat.com> 3.3p1-2
cvsdist 8264e7 
- rework the close-on-exit docs
cvsdist 8264e7 
- include configuration file man pages
cvsdist 8264e7 
- make use of nologin as the privsep shell optional
cvsdist 8264e7
cvsdist 8264e7 
* Mon Jun 24 2002 Nalin Dahyabhai <nalin@redhat.com> 3.3p1-1
cvsdist 8264e7 
- update to 3.3p1
cvsdist 8264e7 
- merge in spec file changes from upstream (remove setuid from ssh, ssh-keysign)
cvsdist 8264e7 
- disable gtk2 askpass
cvsdist 8264e7 
- require pam-devel by filename rather than by package for erratum
cvsdist 8264e7 
- include patch from Solar Designer to work around anonymous mmap failures
cvsdist 7c1cbd
cvsdist 8264e7 
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
cvsdist 8264e7 
- automated rebuild
cvsdist 7c1cbd
cvsdist 8264e7 
* Fri Jun  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-3
cvsdist 8264e7 
- don't require autoconf any more
cvsdist 7c1cbd
cvsdist 8264e7 
* Fri May 31 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-2
cvsdist 8264e7 
- build gnome-ssh-askpass with gtk2
cvsdist 7c1cbd
cvsdist 8264e7 
* Tue May 28 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-1
cvsdist 8264e7 
- update to 3.2.3p1
cvsdist 8264e7 
- merge in spec file changes from upstream
cvsdist a423ec
cvsdist 8264e7 
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.2p1-1
cvsdist 8264e7 
- update to 3.2.2p1
cvsdist a423ec
cvsdist 8264e7 
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-4
cvsdist a423ec 
- drop buildreq on db1-devel
cvsdist a423ec 
- require pam-devel by package name
cvsdist a423ec 
- require autoconf instead of autoconf253 again
cvsdist a423ec
cvsdist 0c1105 
* Tue Apr  2 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-3
cvsdist 0c1105 
- pull patch from CVS to avoid printing error messages when some of the
cvsdist 0c1105 
  default keys aren't available when running ssh-add
cvsdist 0c1105 
- refresh to current revisions of Simon's patches
cvsdist 0c1105
cvsdist 0c1105 
* Thu Mar 21 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2gss
cvsdist 0c1105 
- reintroduce Simon's gssapi patches
cvsdist 0c1105 
- add buildprereq for autoconf253, which is needed to regenerate configure
cvsdist 0c1105 
  after applying the gssapi patches
cvsdist 0c1105 
- refresh to the latest version of Markus's patch to build properly with
cvsdist 0c1105 
  older versions of OpenSSL
cvsdist 8f631f
cvsdist b46e39 
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2
cvsdist b46e39 
- bump and grind (through the build system)
cvsdist b46e39
cvsdist b46e39 
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1
cvsdist b46e39 
- require sharutils for building (mindrot #137)
cvsdist b46e39 
- require db1-devel only when building for 6.x (#55105), which probably won't
cvsdist b46e39 
  work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
cvsdist b46e39 
- require pam-devel by file (not by package name) again
cvsdist b46e39 
- add Markus's patch to compile with OpenSSL 0.9.5a (from
cvsdist b46e39 
  http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
cvsdist b46e39 
  building for 6.x
cvsdist b46e39
cvsdist b46e39 
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0
cvsdist b46e39 
- update to 3.1p1
cvsdist b46e39
cvsdist b46e39 
* Tue Mar  5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305
cvsdist b46e39 
- update to SNAP-20020305
cvsdist b46e39 
- drop debug patch, fixed upstream
cvsdist b46e39
cvsdist b46e39 
* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220
cvsdist b46e39 
- update to SNAP-20020220 for testing purposes (you've been warned, if there's
cvsdist b46e39 
  anything to be warned about, gss patches won't apply, I don't mind)
cvsdist b46e39
cvsdist b46e39 
* Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3
cvsdist b46e39 
- add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
cvsdist b46e39 
  exchange, authentication, and named key support
cvsdist b46e39
cvsdist b46e39 
* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2
cvsdist b46e39 
- remove dependency on db1-devel, which has just been swallowed up whole
cvsdist b46e39 
  by gnome-libs-devel
cvsdist b46e39
Petr Lautrbach 19725a 
* Sat Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist b46e39 
- adjust build dependencies so that build6x actually works right (fix
cvsdist b46e39 
  from Hugo van der Kooij)
cvsdist b46e39
cvsdist b46e39 
* Tue Dec  4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1
cvsdist b46e39 
- update to 3.0.2p1
cvsdist b46e39
cvsdist b46e39 
* Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1
cvsdist b46e39 
- update to 3.0.1p1
cvsdist d92638
cvsdist b46e39 
* Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist b46e39 
- update to current CVS (not for use in distribution)
cvsdist 55bc91
cvsdist b46e39 
* Thu Nov  8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1
cvsdist b46e39 
- merge some of Damien Miller <djm@mindrot.org> changes from the upstream
cvsdist b46e39 
  3.0p1 spec file and init script
cvsdist 55bc91
cvsdist b46e39 
* Wed Nov  7 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist b46e39 
- update to 3.0p1
cvsdist b46e39 
- update to x11-ssh-askpass 1.2.4.1
cvsdist b46e39 
- change build dependency on a file from pam-devel to the pam-devel package
cvsdist b46e39 
- replace primes with moduli
cvsdist 55bc91
cvsdist 9383d5 
* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9
cvsdist 9383d5 
- incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
cvsdist 9383d5
cvsdist 9383d5 
* Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8
cvsdist 9383d5 
- Merge changes to rescue build from current sysadmin survival cd
cvsdist 9383d5
cvsdist fcc300 
* Thu Sep  6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7
cvsdist fcc300 
- fix scp's server's reporting of file sizes, and build with the proper
cvsdist fcc300 
  preprocessor define to get large-file capable open(), stat(), etc.
cvsdist fcc300 
  (sftp has been doing this correctly all along) (#51827)
cvsdist fcc300 
- configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
cvsdist fcc300 
- pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
cvsdist fcc300 
- mark profile.d scriptlets as config files (#42337)
cvsdist fcc300 
- refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
cvsdist fcc300 
- change a couple of log() statements to debug() statements (#50751)
cvsdist fcc300 
- pull cvs patch to add -t flag to sshd (#28611)
cvsdist fcc300 
- clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
cvsdist fcc300
cvsdist fcc300 
* Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6
cvsdist 35482e 
- add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
cvsdist 35482e
cvsdist 35482e 
* Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 35482e 
- pull cvs patch to fix remote port forwarding with protocol 2
cvsdist 35482e
cvsdist 628f20 
* Thu Aug  9 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 35482e 
- pull cvs patch to add session initialization to no-pty sessions
cvsdist b46e39 
- pull cvs patch to not cut off challengeresponse auth needlessly
cvsdist 628f20 
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
cvsdist 628f20 
  it by default on a system that doesn't have X installed (#49263)
cvsdist 628f20
cvsdist 628f20 
* Wed Aug  8 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 628f20 
- don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
cvsdist 628f20
cvsdist 7d7b03 
* Mon Aug  6 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03 
- pass OPTIONS correctly to initlog (#50151)
cvsdist 7d7b03
cvsdist 7d7b03 
* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03 
- switch to x11-ssh-askpass 1.2.2
cvsdist 7d7b03
cvsdist 7d7b03 
* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03 
- rebuild in new environment
cvsdist 7d7b03
cvsdist 7d7b03 
* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03 
- disable the gssapi patch
cvsdist 7d7b03
cvsdist 7d7b03 
* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03 
- update to 2.9p2
cvsdist 7d7b03 
- refresh to a new version of the gssapi patch
cvsdist 7d7b03
cvsdist 7d7b03 
* Thu Jun  7 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03 
- change Copyright: BSD to License: BSD
cvsdist 7d7b03 
- add Markus Friedl's unverified patch for the cookie file deletion problem
cvsdist 7d7b03 
  so that we can verify it
cvsdist 7d7b03 
- drop patch to check if xauth is present (was folded into cookie patch)
cvsdist 7d7b03 
- don't apply gssapi patches for the errata candidate
cvsdist 7d7b03 
- clear supplemental groups list at startup
cvsdist 7d7b03
cvsdist 7d7b03 
* Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03 
- fix an error parsing the new default sshd_config
cvsdist 7d7b03 
- add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
cvsdist 7d7b03 
  dealing with comments right
cvsdist 7d7b03
cvsdist 7d7b03 
* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03 
- add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
cvsdist 7d7b03 
  to be removed before the next beta cycle because it's a big departure
cvsdist 7d7b03 
  from the upstream version
cvsdist 7d7b03
cvsdist 7d7b03 
* Thu May  3 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03 
- finish marking strings in the init script for translation
cvsdist 7d7b03 
- modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
cvsdist 7d7b03 
  at startup (change merged from openssh.com init script, originally by
cvsdist 7d7b03 
  Pekka Savola)
cvsdist 7d7b03 
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
cvsdist 7d7b03 
  it by default on a system that doesn't have X installed
cvsdist 7d7b03
cvsdist 7d7b03 
* Wed May  2 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03 
- update to 2.9
cvsdist 7d7b03 
- drop various patches that came from or went upstream or to or from CVS
cvsdist 7d7b03
cvsdist 7d7b03 
* Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03 
- only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
cvsdist 7d7b03
cvsdist 4135ab 
* Sun Apr  8 2001 Preston Brown <pbrown@redhat.com>
cvsdist 4135ab 
- remove explicit openssl requirement, fixes builddistro issue
cvsdist 4135ab 
- make initscript stop() function wait until sshd really dead to avoid
cvsdist 4135ab 
  races in condrestart
cvsdist 43f95f
cvsdist 4135ab 
* Mon Apr  2 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 4135ab 
- mention that challengereponse supports PAM, so disabling password doesn't
cvsdist 4135ab 
  limit users to pubkey and rsa auth (#34378)
cvsdist b46e39 
- bypass the daemon() function in the init script and call initlog directly,
cvsdist b46e39 
  because daemon() won't start a daemon it detects is already running (like
cvsdist b46e39 
  open connections)
cvsdist 4135ab 
- require the version of openssl we had when we were built
cvsdist 43f95f
cvsdist 43f95f 
* Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- make do_pam_setcred() smart enough to know when to establish creds and
cvsdist 43f95f 
  when to reinitialize them
cvsdist 43f95f 
- add in a couple of other fixes from Damien for inclusion in the errata
cvsdist 43f95f
cvsdist 43f95f 
* Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- update to 2.5.2p2
cvsdist 43f95f 
- call setcred() again after initgroups, because the "creds" could actually
cvsdist 43f95f 
  be group memberships
cvsdist 43f95f
cvsdist 43f95f 
* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
cvsdist 43f95f 
- don't enable challenge-response by default until we find a way to not
cvsdist 43f95f 
  have too many userauth requests (we may make up to six pubkey and up to
cvsdist 43f95f 
  three password attempts as it is)
cvsdist 43f95f 
- remove build dependency on rsh to match openssh.com's packages more closely
cvsdist 43f95f
cvsdist 43f95f 
* Sat Mar  3 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- remove dependency on openssl -- would need to be too precise
cvsdist 43f95f
cvsdist 43f95f 
* Fri Mar  2 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- rebuild in new environment
cvsdist 43f95f
cvsdist 43f95f 
* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- Revert the patch to move pam_open_session.
cvsdist 43f95f 
- Init script and spec file changes from Pekka Savola. (#28750)
cvsdist 43f95f 
- Patch sftp to recognize '-o protocol' arguments. (#29540)
cvsdist 43f95f
cvsdist 43f95f 
* Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- Chuck the closing patch.
cvsdist 43f95f 
- Add a trigger to add host keys for protocol 2 to the config file, now that
cvsdist 43f95f 
  configuration file syntax requires us to specify it with HostKey if we
cvsdist 43f95f 
  specify any other HostKey values, which we do.
cvsdist 43f95f
cvsdist 43f95f 
* Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- Redo patch to move pam_open_session after the server setuid()s to the user.
cvsdist 43f95f 
- Rework the nopam patch to use be picked up by autoconf.
cvsdist 43f95f
cvsdist 43f95f 
* Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- Update for 2.5.1p1.
cvsdist 43f95f 
- Add init script mods from Pekka Savola.
cvsdist 43f95f 
- Tweak the init script to match the CVS contrib script more closely.
cvsdist 43f95f 
- Redo patch to ssh-add to try to adding both identity and id_dsa to also try
cvsdist 43f95f 
  adding id_rsa.
cvsdist 43f95f
cvsdist 43f95f 
* Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- Update for 2.5.0p1.
cvsdist 43f95f 
- Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
cvsdist 43f95f 
- Resync with parts of Damien Miller's openssh.spec from CVS, including
cvsdist 43f95f 
  update of x11 askpass to 1.2.0.
cvsdist 43f95f 
- Only require openssl (don't prereq) because we generate keys in the init
cvsdist 43f95f 
  script now.
cvsdist 43f95f
cvsdist 43f95f 
* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- Don't open a PAM session until we've forked and become the user (#25690).
cvsdist 43f95f 
- Apply Andrew Bartlett's patch for letting pam_authenticate() know which
cvsdist 43f95f 
  host the user is attempting a login from.
cvsdist 43f95f 
- Resync with parts of Damien Miller's openssh.spec from CVS.
cvsdist 43f95f 
- Don't expose KbdInt responses in debug messages (from CVS).
cvsdist 43f95f 
- Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
cvsdist 43f95f
cvsdist 4135ab 
* Wed Feb  7 2001 Trond Eivind Glomsrxd <teg@redhat.com>
cvsdist 43f95f 
- i18n-tweak to initscript.
cvsdist 43f95f
cvsdist 43f95f 
* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- More gettextizing.
cvsdist 43f95f 
- Close all files after going into daemon mode (needs more testing).
cvsdist 43f95f 
- Extract patch from CVS to handle auth banners (in the client).
cvsdist 43f95f 
- Extract patch from CVS to handle compat weirdness.
cvsdist 43f95f
cvsdist 43f95f 
* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- Finish with the gettextizing.
cvsdist 43f95f
cvsdist 43f95f 
* Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- Fix a bug in auth2-pam.c (#23877)
cvsdist 43f95f 
- Gettextize the init script.
cvsdist 43f95f
cvsdist 43f95f 
* Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- Incorporate a switch for using PAM configs for 6.x, just in case.
cvsdist 43f95f
cvsdist 43f95f 
* Tue Dec  5 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- Incorporate Bero's changes for a build specifically for rescue CDs.
cvsdist 43f95f
cvsdist 43f95f 
* Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
cvsdist 43f95f 
  succeeded, to allow public-key authentication after a failure with "none"
cvsdist 43f95f 
  authentication.  (#21268)
cvsdist 43f95f
cvsdist 43f95f 
* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- Update to x11-askpass 1.1.1. (#21301)
cvsdist 43f95f 
- Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
cvsdist 43f95f
cvsdist 43f95f 
* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- Merge multiple PAM text messages into subsequent prompts when possible when
cvsdist 43f95f 
  doing keyboard-interactive authentication.
cvsdist 43f95f
cvsdist 43f95f 
* Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f 
- Disable the built-in MD5 password support.  We're using PAM.
cvsdist 43f95f 
- Take a crack at doing keyboard-interactive authentication with PAM, and
cvsdist 43f95f 
  enable use of it in the default client configuration so that the client
cvsdist 43f95f 
  will try it when the server disallows password authentication.
cvsdist 43f95f 
- Build with debugging flags.  Build root policies strip all binaries anyway.
cvsdist 43f95f
cvsdist f28bf6 
* Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6 
- Use DESTDIR instead of %%makeinstall.
cvsdist f28bf6 
- Remove /usr/X11R6/bin from the path-fixing patch.
cvsdist f28bf6
cvsdist f28bf6 
* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6 
- Add the primes file from the latest snapshot to the main package (#20884).
cvsdist f28bf6 
- Add the dev package to the prereq list (#19984).
cvsdist f28bf6 
- Remove the default path and mimic login's behavior in the server itself.
cvsdist f28bf6
cvsdist f28bf6 
* Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6 
- Resync with conditional options in Damien Miller's .spec file for an errata.
cvsdist f28bf6 
- Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh.
cvsdist f28bf6
cvsdist f28bf6 
* Tue Nov  7 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6 
- Update to OpenSSH 2.3.0p1.
cvsdist f28bf6 
- Update to x11-askpass 1.1.0.
cvsdist f28bf6 
- Enable keyboard-interactive authentication.
cvsdist f28bf6
cvsdist f28bf6 
* Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6 
- Update to ssh-askpass-x11 1.0.3.
cvsdist f28bf6 
- Change authentication related messages to be private (#19966).
cvsdist f28bf6
cvsdist f28bf6 
* Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6 
- Patch ssh-keygen to be able to list signatures for DSA public key files
cvsdist f28bf6 
  it generates.
cvsdist f28bf6
cvsdist 328740 
* Thu Oct  5 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 328740 
- Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always
cvsdist 328740 
  build PAM authentication in.
cvsdist 328740 
- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
cvsdist 328740 
- Clean out no-longer-used patches.
cvsdist 328740 
- Patch ssh-add to try to add both identity and id_dsa, and to error only
cvsdist 328740 
  when neither exists.
cvsdist 328740
cvsdist 328740 
* Mon Oct  2 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 328740 
- Update x11-askpass to 1.0.2. (#17835)
cvsdist 328740 
- Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will
cvsdist 328740 
  always find them in the right place. (#17909)
cvsdist 328740 
- Set the default path to be the same as the one supplied by /bin/login, but
cvsdist 328740 
  add /usr/X11R6/bin. (#17909)
cvsdist 328740 
- Try to handle obsoletion of ssh-server more cleanly.  Package names
cvsdist 328740 
  are different, but init script name isn't. (#17865)
cvsdist 328740
cvsdist 328740 
* Wed Sep  6 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 328740 
- Update to 2.2.0p1. (#17835)
cvsdist 328740 
- Tweak the init script to allow proper restarting. (#18023)
cvsdist 328740
cvsdist 328740 
* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 328740 
- Update to 20000823 snapshot.
cvsdist 328740 
- Change subpackage requirements from %%{version} to %%{version}-%%{release}
cvsdist 328740 
- Back out the pipe patch.
cvsdist 328740
cvsdist f71077 
* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077 
- Update to 2.1.1p4, which includes fixes for config file parsing problems.
cvsdist f71077 
- Move the init script back.
cvsdist f71077 
- Add Damien's quick fix for wackiness.
cvsdist f71077
cvsdist f71077 
* Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077 
- Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
cvsdist f71077
cvsdist f71077 
* Thu Jul  6 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077 
- Move condrestart to server postun.
cvsdist f71077 
- Move key generation to init script.
cvsdist f71077 
- Actually use the right patch for moving the key generation to the init script.
cvsdist f71077 
- Clean up the init script a bit.
cvsdist f71077
cvsdist f71077 
* Wed Jul  5 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077 
- Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
cvsdist f71077
cvsdist f71077 
* Sun Jul  2 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077 
- Update to 2.1.1p2.
cvsdist f71077 
- Use of strtok() considered harmful.
cvsdist f71077
cvsdist f71077 
* Sat Jul  1 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077 
- Get the build root out of the man pages.
cvsdist f71077
cvsdist f71077 
* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077 
- Add and use condrestart support in the init script.
cvsdist f71077 
- Add newer initscripts as a prereq.
cvsdist f71077
cvsdist f71077 
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077 
- Build in new environment (release 2)
cvsdist f71077 
- Move -clients subpackage to Applications/Internet group
cvsdist f71077
cvsdist f71077 
* Fri Jun  9 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077 
- Update to 2.2.1p1
cvsdist f71077
cvsdist f71077 
* Sat Jun  3 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077 
- Patch to build with neither RSA nor RSAref.
cvsdist f71077 
- Miscellaneous FHS-compliance tweaks.
cvsdist f71077 
- Fix for possibly-compressed man pages.
cvsdist f71077
cvsdist f71077 
* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
cvsdist f71077 
- Updated for new location
cvsdist f71077 
- Updated for new gnome-ssh-askpass build
cvsdist f71077
cvsdist f71077 
* Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
cvsdist f71077 
- Added Jim Knoble's <jmknoble@pobox.com> askpass
cvsdist f71077
cvsdist f71077 
* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
cvsdist f71077 
- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
cvsdist f71077
cvsdist f71077 
* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
cvsdist f71077 
- Added 'Obsoletes' directives
cvsdist f71077
cvsdist f71077 
* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077 
- Use make install
cvsdist f71077 
- Subpackages
cvsdist f71077
cvsdist f71077 
* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077 
- Added links for slogin
cvsdist f71077 
- Fixed perms on manpages
cvsdist f71077
cvsdist f71077 
* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077 
- Renamed init script
cvsdist f71077
cvsdist f71077 
* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077 
- Back to old binary names
cvsdist f71077
cvsdist f71077 
* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077 
- Use autoconf
cvsdist f71077 
- New binary names
cvsdist f71077
cvsdist f71077 
* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077 
- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation