vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Tomáš Mráz c9833c
# Do we want SELinux & Audit
Jan F 6bd5ca
%if 0%{?!noselinux:1}
Jakub Jelen a0e252
%global WITH_SELINUX 1
Jan F 6bd5ca
%else
Jakub Jelen a0e252
%global WITH_SELINUX 0
Jan F 6bd5ca
%endif
Tomáš Mráz fc72c2
Jakub Jelen 14c675
%global _hardened_build 1
Jakub Jelen 14c675
cvsdist 8264e7
# OpenSSH privilege separation requires a user & group ID
Jakub Jelen a0e252
%global sshd_uid    74
Jakub Jelen a0e252
%global sshd_gid    74
cvsdist 8264e7
cvsdist f28bf6
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
Jakub Jelen a0e252
%global no_gnome_askpass 0
cvsdist f28bf6
cvsdist b46e39
# Do we want to link against a static libcrypto? (1=yes 0=no)
Jakub Jelen a0e252
%global static_libcrypto 0
cvsdist b46e39
cvsdist 3e66bd
# Use GTK2 instead of GNOME in gnome-ssh-askpass
Jakub Jelen a0e252
%global gtk2 1
cvsdist 3e66bd
cvsdist fe98d8
# Build position-independent executables (requires toolchain support)?
Jakub Jelen a0e252
%global pie 1
cvsdist fe98d8
cvsdist 3e66bd
# Do we want kerberos5 support (1=yes 0=no)
Jakub Jelen a0e252
%global kerberos5 1
cvsdist 8264e7
Tomáš Mráz c9833c
# Do we want libedit support
Jakub Jelen a0e252
%global libedit 1
Tomáš Mráz c9833c
Jan F. Chadima 7e7fb4
# Do we want LDAP support
Jakub Jelen a0e252
%global ldap 1
Jan F. Chadima 7e7fb4
Tomáš Mráz e47cb0
# Whether to build pam_ssh_agent_auth
Jan F 6bd5ca
%if 0%{?!nopam:1}
Jakub Jelen a0e252
%global pam_ssh_agent 1
Jan F 6bd5ca
%else
Jakub Jelen a0e252
%global pam_ssh_agent 0
Jan F 6bd5ca
%endif
Tomáš Mráz e47cb0
cvsdist 43f95f
# Reserve options to override askpass settings with:
cvsdist 43f95f
# rpm -ba|--rebuild --define 'skip_xxx 1'
Jan F. Chadima b8bdc7
%{?skip_gnome_askpass:%global no_gnome_askpass 1}
cvsdist 43f95f
cvsdist ffdec5
# Add option to build without GTK2 for older platforms with only GTK+.
Nalin Dahyabhai 389c43
# Red Hat Linux <= 7.2 and Red Hat Advanced Server 2.1 are examples.
cvsdist ffdec5
# rpm -ba|--rebuild --define 'no_gtk2 1'
Jan F. Chadima b8bdc7
%{?no_gtk2:%global gtk2 0}
cvsdist ffdec5
cvsdist b46e39
# Options for static OpenSSL link:
cvsdist b46e39
# rpm -ba|--rebuild --define "static_openssl 1"
Jan F. Chadima b8bdc7
%{?static_openssl:%global static_libcrypto 1}
cvsdist b46e39
cvsdist b46e39
# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
Jakub Jelen a0e252
%global rescue 0
Jan F. Chadima b8bdc7
%{?build_rescue:%global rescue 1}
Jan F. Chadima b8bdc7
%{?build_rescue:%global rescue_rel rescue}
cvsdist b46e39
cvsdist 3e66bd
# Turn off some stuff for resuce builds
cvsdist 3e66bd
%if %{rescue}
Jakub Jelen a0e252
%global kerberos5 0
Jakub Jelen a0e252
%global libedit 0
Jakub Jelen a0e252
%global pam_ssh_agent 0
cvsdist 3e66bd
%endif
cvsdist 3e66bd
Jan F. Chadima 04cab1
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
Jakub Jelen 17b491
%global openssh_ver 7.5p1
Jakub Jelen 2ea24b
%global openssh_rel 3
Jakub Jelen bdb932
%global pam_ssh_agent_ver 0.10.3
Jakub Jelen 17b491
%global pam_ssh_agent_rel 2
Tomáš Mráz e47cb0
Tomáš Mráz 9e5c6e
Summary: An open source implementation of SSH protocol versions 1 and 2
cvsdist f71077
Name: openssh
Jakub Jelen aa8fb3
Version: %{openssh_ver}
Fedora Release Engineering be108c
Release: %{openssh_rel}%{?dist}%{?rescue_rel}.1
cvsdist f71077
URL: http://www.openssh.com/portable.html
Tomáš Mráz 745155
#URL1: http://pamsshagentauth.sourceforge.net
Petr Lautrbach 190035
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
Tomáš Mráz c9833c
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
Tomáš Mráz ca47f6
Source2: sshd.pam
Tomáš Mráz e47cb0
Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
Tomáš Mráz e47cb0
Source5: pam_ssh_agent-rmheaders
Jan F 99f427
Source6: ssh-keycat.pam
Jan F 11896a
Source7: sshd.sysconfig
Jan F 5c8b5c
Source9: sshd@.service
Jan F 5c8b5c
Source10: sshd.socket
Jan F 53f618
Source11: sshd.service
Jakub Jelen 00c7b7
Source12: sshd-keygen@.service
Jan F 5c8b5c
Source13: sshd-keygen
Jakub Jelen c31740
Source14: sshd.tmpfiles
Jakub Jelen 5489ac
Source15: sshd-keygen.target
Jan F. Chadima 6fa4d8
Jan F. Chadima 69dd72
# Internal debug
Jan F. Chadima cff1d0
Patch0: openssh-5.9p1-wIm.patch
Jan F. Chadima 69dd72
Jakub Jelen 1144ae
#https://bugzilla.mindrot.org/show_bug.cgi?id=2581
Jakub Jelen 580f98
Patch100: openssh-6.7p1-coverity.patch
Jan F 9c4d06
#https://bugzilla.mindrot.org/show_bug.cgi?id=1894
Petr Lautrbach feb99e
#https://bugzilla.redhat.com/show_bug.cgi?id=735889
Jakub Jelen 1144ae
#Patch102: openssh-5.8p1-getaddrinfo.patch
Jan F 1ddd0e
#https://bugzilla.mindrot.org/show_bug.cgi?id=1889
Jan F. Chadima 3b545b
Patch103: openssh-5.8p1-packet.patch
Jakub Jelen aacf0d
# OpenSSL 1.1.0 compatibility
Jakub Jelen aacf0d
Patch104: openssh-7.3p1-openssl-1.1.0.patch
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Petr Lautrbach 720cf8
# https://bugzilla.redhat.com/show_bug.cgi?id=1171248
Petr Lautrbach 720cf8
# record pfs= field in CRYPTO_SESSION audit event
Jakub Jelen 13073f
Patch200: openssh-7.2p1-audit.patch
Jakub Jelen 44fc97
# Audit race condition in forked child (#1310684)
Jakub Jelen 44fc97
Patch201: openssh-7.1p2-audit-race-condition.patch
Jan F. Chadima 69dd72
Jan F 003cb0
# --- pam_ssh-agent ---
Tomas Mraz 4f4687
# make it build reusing the openssh sources
Tomas Mraz 4f4687
Patch300: pam_ssh_agent_auth-0.9.3-build.patch
Tomas Mraz 4f4687
# check return value of seteuid()
Jakub Jelen 465b6e
# https://sourceforge.net/p/pamsshagentauth/bugs/23/
Jakub Jelen 465b6e
Patch301: pam_ssh_agent_auth-0.10.3-seteuid.patch
Tomas Mraz 4f4687
# explicitly make pam callbacks visible
Tomas Mraz 4f4687
Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
Jakub Jelen 637556
# update to current version of agent structure
Jakub Jelen 637556
Patch305: pam_ssh_agent_auth-0.9.3-agent_structure.patch
Jakub Jelen 87ab5f
# remove prefixes to be able to build against current openssh library
Jakub Jelen 87ab5f
Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
Jakub Jelen ea9421
# Fix NULL dereference from getpwuid() return value
Jakub Jelen ea9421
# https://sourceforge.net/p/pamsshagentauth/bugs/22/
Jakub Jelen ea9421
Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
Jakub Jelen 637556
Jan F 0f7ccb
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
Petr Lautrbach 94c6f8
Patch400: openssh-6.6p1-role-mls.patch
Petr Lautrbach cd5891
#https://bugzilla.redhat.com/show_bug.cgi?id=781634
Petr Lautrbach 94c6f8
Patch404: openssh-6.6p1-privsep-selinux.patch
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72
#?-- unwanted child :(
Petr Lautrbach 190035
Patch501: openssh-6.7p1-ldap.patch
Jan F 8fe150
#?
Petr Lautrbach 94c6f8
Patch502: openssh-6.6p1-keycat.patch
Jan F. Chadima 69dd72
Jakub Jelen 87ab5f
#https://bugzilla.mindrot.org/show_bug.cgi?id=1644
Petr Lautrbach 94c6f8
Patch601: openssh-6.6p1-allow-ip-opts.patch
Jakub Jelen 1144ae
#https://bugzilla.mindrot.org/show_bug.cgi?id=1893 (WONTFIX)
Petr Lautrbach 94c6f8
Patch604: openssh-6.6p1-keyperm.patch
Jakub Jelen 1144ae
#(drop?) https://bugzilla.mindrot.org/show_bug.cgi?id=1925
Jan F. Chadima 69dd72
Patch606: openssh-5.9p1-ipv6man.patch
Jan F 1ddd0e
#?
Petr Lautrbach 8b5fee
Patch607: openssh-5.8p2-sigpipe.patch
Jan F. Chadima 69dd72
#https://bugzilla.mindrot.org/show_bug.cgi?id=1789
Jakub Jelen f28682
Patch609: openssh-7.2p2-x11.patch
Jan F. Chadima 69dd72
Jan F 003cb0
#?
Jakub Jelen 13073f
Patch700: openssh-7.2p1-fips.patch
Jan F 003cb0
#?
Jan F. Chadima 69dd72
Patch702: openssh-5.1p1-askpass-progress.patch
Jakub Jelen 1144ae
#https://bugzilla.redhat.com/show_bug.cgi?id=198332
Jan F. Chadima 69dd72
Patch703: openssh-4.3p2-askpass-grab-info.patch
Jan F. Chadima 69dd72
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
Petr Lautrbach 94c6f8
Patch707: openssh-6.6p1-redhat.patch
Jan F. Chadima 69dd72
#https://bugzilla.mindrot.org/show_bug.cgi?id=1890 (WONTFIX) need integration to prng helper which is discontinued :)
Petr Lautrbach 94c6f8
Patch708: openssh-6.6p1-entropy.patch
Jan F. Chadima 69dd72
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)
Petr Lautrbach 8a29de
Patch709: openssh-6.2p1-vendor.patch
Petr Lautrbach 5bd5aa
# warn users for unsupported UsePAM=no (#757545)
Jakub Jelen 186bf3
Patch711: openssh-7.2p2-UsePAM-UseLogin-warning.patch
Tomas Mraz 6148ab
# make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL
Petr Lautrbach 84822b
Patch712: openssh-6.3p1-ctr-evp-fast.patch
Tomas Mraz 017c65
# add cavs test binary for the aes-ctr
Petr Lautrbach 94c6f8
Patch713: openssh-6.6p1-ctr-cavstest.patch
Jakub Jelen bb3e88
# add SSH KDF CAVS test driver
Jakub Jelen bb3e88
Patch714: openssh-6.7p1-kdf-cavs.patch
Petr Lautrbach 5382cc
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72
#http://www.sxw.org.uk/computing/patches/openssh.html
Petr Lautrbach 51ca3b
#changed cache storage type - #848228
Jakub Jelen 13073f
Patch800: openssh-7.2p1-gsskex.patch
Jan F 5b4ccb
#http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
Petr Lautrbach 94c6f8
Patch801: openssh-6.6p1-force_krb.patch
Petr Lautrbach 140e5c
# add new option GSSAPIEnablek5users and disable using ~/.k5users by default (#1169843)
Petr Lautrbach 140e5c
# CVE-2014-9278
Petr Lautrbach 140e5c
Patch802: openssh-6.6p1-GSSAPIEnablek5users.patch
Jakub Jelen d9d957
# Documentation about GSSAPI
Jakub Jelen d9d957
# from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765655
Jakub Jelen d9d957
Patch803: openssh-7.1p1-gssapi-documentation.patch
Jakub Jelen d78d34
# use default_ccache_name from /etc/krb5.conf (#991186)
Jakub Jelen d78d34
Patch804: openssh-6.3p1-krb5-use-default_ccache_name.patch
Jakub Jelen d78d34
# Respect k5login_directory option in krk5.conf (#1328243)
Jakub Jelen d78d34
Patch805: openssh-7.2p2-k5login_directory.patch
Jakub Jelen d9d957
Petr Lautrbach 52c8ec
Patch900: openssh-6.1p1-gssapi-canohost.patch
Jan F. Chadima 69dd72
#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
Petr Lautrbach 94c6f8
Patch901: openssh-6.6p1-kuserok.patch
Petr Lautrbach 96df3b
# Use tty allocation for a remote scp (#985650)
Petr Lautrbach 96df3b
Patch906: openssh-6.4p1-fromto-remote.patch
Petr Lautrbach 5296a7
# privsep_preauth: use SELinux context from selinux-policy (#1008580)
Petr Lautrbach 5296a7
Patch916: openssh-6.6.1p1-selinux-contexts.patch
Petr Lautrbach 08fe9e
# use different values for DH for Cisco servers (#1026430)
Petr Lautrbach 08fe9e
Patch917: openssh-6.6.1p1-cisco-dh-keys.patch
Jakub Jelen b92d3c
# log via monitor in chroots without /dev/log (#2681)
Petr Lautrbach 7a7b8f
Patch918: openssh-6.6.1p1-log-in-chroot.patch
Jakub Jelen fd06d6
# scp file into non-existing directory (#1142223)
Jakub Jelen fd06d6
Patch919: openssh-6.6.1p1-scp-non-existing-directory.patch
Jakub Jelen b9d68e
# Config parser shouldn't accept ip/port syntax (#1130733)
Jakub Jelen b9d68e
Patch920: openssh-6.6.1p1-ip-port-config-parser.patch
Petr Lautrbach f29c87
# restore tcp wrappers support, based on Debian patch
Petr Lautrbach f29c87
# https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
Petr Lautrbach f29c87
Patch921: openssh-6.7p1-debian-restore-tcp-wrappers.patch
Jakub Jelen b552eb
# apply upstream patch and make sshd -T more consistent (#1187521)
Jakub Jelen 0a076e
Patch922: openssh-6.8p1-sshdT-output.patch
Jakub Jelen 558fb7
# Add sftp option to force mode of created files (#1191055)
Jakub Jelen 558fb7
Patch926: openssh-6.7p1-sftp-force-permission.patch
Jakub Jelen 8244d5
# Memory problems
Jakub Jelen 8244d5
# https://bugzilla.mindrot.org/show_bug.cgi?id=2401
Jakub Jelen 8244d5
Patch928: openssh-6.8p1-memory-problems.patch
Jakub Jelen 5de6c8
# Restore compatible default (#89216)
Jakub Jelen 5de6c8
Patch929: openssh-6.9p1-permit-root-login.patch
Jakub Jelen bc4ef0
# Add GSSAPIKexAlgorithms option for server and client application
Jakub Jelen bc4ef0
Patch932: openssh-7.0p1-gssKexAlgorithms.patch
Jakub Jelen 4df30a
# Possibility to validate legacy systems by more fingerprints (#1249626)(#2439)
Jakub Jelen 4df30a
Patch933: openssh-7.0p1-show-more-fingerprints.patch
Jakub Jelen 986497
# make s390 use /dev/ crypto devices -- ignore closefrom
Jakub Jelen 986497
Patch939: openssh-7.2p2-s390-closefrom.patch
Jakub Jelen 209c7a
# expose more information to PAM
Jakub Jelen 209c7a
# https://github.com/openssh/openssh-portable/pull/47
Jakub Jelen 209c7a
Patch940: openssh-7.2p2-expose-pam.patch
Jakub Jelen 162941
# Move MAX_DISPLAYS to a configuration option (#1341302)
Jakub Jelen 162941
Patch944: openssh-7.3p1-x11-max-displays.patch
Jakub Jelen 4e7cde
# Help systemd to track the running service
Jakub Jelen 4e7cde
Patch948: openssh-7.4p1-systemd.patch
Jakub Jelen fb74d1
# Fix typo in sandbox code; missing header for s390
Jakub Jelen fb74d1
Patch949: openssh-7.5p1-sandbox.patch
Jakub Jelen b552eb
Petr Lautrbach f29c87
cvsdist 7d7b03
License: BSD
cvsdist f71077
Group: Applications/Internet
Tomáš Mráz 9d725b
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
cvsdist 8264e7
Requires: /sbin/nologin
Petr Lautrbach e40d5d
Obsoletes: openssh-clients-fips, openssh-server-fips
Petr Lautrbach fb6f39
Obsoletes: openssh-server-sysvinit
cvsdist 8264e7
Bill Nottingham c92dff
%if ! %{no_gnome_askpass}
cvsdist 092b0a
%if %{gtk2}
Tomáš Mráz ef3242
BuildRequires: gtk2-devel
Tomáš Mráz ef3242
BuildRequires: libX11-devel
Bill Nottingham c92dff
%else
Tomáš Mráz ef3242
BuildRequires: gnome-libs-devel
cvsdist 092b0a
%endif
Bill Nottingham c92dff
%endif
Bill Nottingham c92dff
Jan F. Chadima 7e7fb4
%if %{ldap}
Jan F. Chadima 7e7fb4
BuildRequires: openldap-devel
Jan F. Chadima 7e7fb4
%endif
Petr Písař 64a361
BuildRequires: autoconf, automake, perl-interpreter, perl-generators, zlib-devel
Jan F. Chadima f44bde
BuildRequires: audit-libs-devel >= 2.0.5
Jan F. Chadima 9e777a
BuildRequires: util-linux, groff
Tomáš Mráz ef3242
BuildRequires: pam-devel
Tomáš Mráz fc2f31
BuildRequires: tcp_wrappers-devel
Petr Lautrbach b61d9c
BuildRequires: fipscheck-devel >= 1.3.0
Tomáš Mráz d93958
BuildRequires: openssl-devel >= 0.9.8j
Petr Lautrbach 87391b
BuildRequires: perl-podlators
Jakub Jelen 4e7cde
BuildRequires: systemd-devel
cvsdist 8264e7
cvsdist 3e66bd
%if %{kerberos5}
Tomáš Mráz ef3242
BuildRequires: krb5-devel
cvsdist 3e66bd
%endif
cvsdist 3e66bd
Tomáš Mráz c9833c
%if %{libedit}
Tomáš Mráz 0a9a40
BuildRequires: libedit-devel ncurses-devel
Tomáš Mráz c9833c
%endif
Tomáš Mráz c9833c
Tomáš Mráz fc72c2
%if %{WITH_SELINUX}
Petr Lautrbach 5296a7
Requires: libselinux >= 2.3-5
Petr Lautrbach 5296a7
BuildRequires: libselinux-devel >= 2.3-5
Tomáš Mráz fc72c2
Requires: audit-libs >= 1.0.8
Tomáš Mráz fc72c2
BuildRequires: audit-libs >= 1.0.8
Tomáš Mráz fc72c2
%endif
cvsdist 5ef607
Tomáš Mráz ef3242
BuildRequires: xauth
Tomáš Mráz ef3242
cvsdist f71077
%package clients
Tomáš Mráz 9e5c6e
Summary: An open source SSH client applications
cvsdist f71077
Group: Applications/Internet
Tomas Mraz 13fa78
Requires: openssh = %{version}-%{release}
Petr Lautrbach b61d9c
Requires: fipscheck-lib%{_isa} >= 1.3.0
Jakub Jelen c9d9fe
Recommends: crypto-policies
cvsdist f71077
Jakub Jelen 2939c3
%package clients-ssh1
Jakub Jelen 2939c3
Summary: An open source SSH client applications for legacy SSH1 protocol
Jakub Jelen 2939c3
Group: Applications/Internet
Jakub Jelen 2939c3
Requires: openssh = %{version}-%{release}
Jakub Jelen 2939c3
Requires: fipscheck-lib%{_isa} >= 1.3.0
Jakub Jelen 2939c3
cvsdist f71077
%package server
Tomáš Mráz 9e5c6e
Summary: An open source SSH server daemon
cvsdist f71077
Group: System Environment/Daemons
Tomáš Mráz ef3242
Requires: openssh = %{version}-%{release}
Tomáš Mráz ef3242
Requires(pre): /usr/sbin/useradd
Tomáš Mráz 1961bc
Requires: pam >= 1.0.1-3
Petr Lautrbach 2ae5f9
Requires: fipscheck-lib%{_isa} >= 1.3.0
Jan F 5c8b5c
Requires(post): systemd-units
Jan F 5c8b5c
Requires(preun): systemd-units
Jan F 5c8b5c
Requires(postun): systemd-units
Jan F 5c8b5c
Jan F. Chadima 3fdf10
%if %{ldap}
Jan F. Chadima 3fdf10
%package ldap
Jan F. Chadima 3fdf10
Summary: A LDAP support for open source SSH server daemon
Jan F. Chadima 3fdf10
Requires: openssh = %{version}-%{release}
Jan F. Chadima 3fdf10
Group: System Environment/Daemons
Jan F. Chadima 3fdf10
%endif
Jan F. Chadima 3fdf10
Jan F 99f427
%package keycat
Jan F 99f427
Summary: A mls keycat backend for openssh
Jan F 99f427
Requires: openssh = %{version}-%{release}
Jan F 99f427
Group: System Environment/Daemons
Jan F 99f427
cvsdist f71077
%package askpass
Tomáš Mráz ef3242
Summary: A passphrase dialog for OpenSSH and X
cvsdist f71077
Group: Applications/Internet
cvsdist 328740
Requires: openssh = %{version}-%{release}
Tomáš Mráz 762e40
Obsoletes: openssh-askpass-gnome
Tomáš Mráz 762e40
Provides: openssh-askpass-gnome
cvsdist f71077
Jakub Jelen 08cb90
%package cavs
Jakub Jelen 08cb90
Summary: CAVS tests for FIPS validation
Jakub Jelen 08cb90
Group: Applications/Internet
Jakub Jelen 08cb90
Requires: openssh = %{version}-%{release}
Jakub Jelen 08cb90
Tomáš Mráz e47cb0
%package -n pam_ssh_agent_auth
Tomáš Mráz e47cb0
Summary: PAM module for authentication with ssh-agent
Tomáš Mráz e47cb0
Group: System Environment/Base
Tomáš Mráz e47cb0
Version: %{pam_ssh_agent_ver}
Fedora Release Engineering be108c
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}.2
Tomáš Mráz 745155
License: BSD
Tomáš Mráz e47cb0
cvsdist f71077
%description
cvsdist 7d7b03
SSH (Secure SHell) is a program for logging into and executing
cvsdist 7d7b03
commands on a remote machine. SSH is intended to replace rlogin and
cvsdist 7d7b03
rsh, and to provide secure encrypted communications between two
cvsdist 7d7b03
untrusted hosts over an insecure network. X11 connections and
cvsdist f71077
arbitrary TCP/IP ports can also be forwarded over the secure channel.
cvsdist f71077
cvsdist 7d7b03
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
Tomáš Mráz 9e5c6e
it up to date in terms of security and features.
cvsdist f71077
cvsdist f71077
This package includes the core files necessary for both the OpenSSH
cvsdist 7d7b03
client and server. To make this package useful, you should also
cvsdist f71077
install openssh-clients, openssh-server, or both.
cvsdist f71077
cvsdist f71077
%description clients
cvsdist 7d7b03
OpenSSH is a free version of SSH (Secure SHell), a program for logging
cvsdist 7d7b03
into and executing commands on a remote machine. This package includes
cvsdist 7d7b03
the clients necessary to make encrypted connections to SSH servers.
cvsdist f71077
Jakub Jelen 2939c3
%description clients-ssh1
Jakub Jelen 2939c3
OpenSSH is a free version of SSH (Secure SHell), a program for logging
Jakub Jelen 2939c3
into and executing commands on a remote machine. This package includes
Jakub Jelen 2939c3
the clients necessary to make encrypted connections to SSH servers
Jakub Jelen 2939c3
which support only legacy SSH1 protocol.
Jakub Jelen 2939c3
cvsdist f71077
%description server
cvsdist 7d7b03
OpenSSH is a free version of SSH (Secure SHell), a program for logging
cvsdist 7d7b03
into and executing commands on a remote machine. This package contains
cvsdist 7d7b03
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
Tomáš Mráz 9e5c6e
securely connect to your SSH server.
cvsdist f71077
Jan F. Chadima 3fdf10
%if %{ldap}
Jan F. Chadima 3fdf10
%description ldap
Jan F. Chadima 3fdf10
OpenSSH LDAP backend is a way how to distribute the authorized tokens
Jan F. Chadima 3fdf10
among the servers in the network.
Jan F. Chadima 3fdf10
%endif
Jan F. Chadima 3fdf10
Jan F 99f427
%description keycat
Jan F 99f427
OpenSSH mls keycat is backend for using the authorized keys in the
Jan F 99f427
openssh in the mls mode.
Jan F 99f427
cvsdist f71077
%description askpass
cvsdist 7d7b03
OpenSSH is a free version of SSH (Secure SHell), a program for logging
cvsdist 7d7b03
into and executing commands on a remote machine. This package contains
cvsdist 7d7b03
an X11 passphrase dialog for OpenSSH.
cvsdist f71077
Jakub Jelen 08cb90
%description cavs
Jakub Jelen 08cb90
This package contains test binaries and scripts to make FIPS validation
Jakub Jelen 08cb90
easier. Now contains CTR and KDF CAVS test driver.
Jakub Jelen 08cb90
Tomáš Mráz e47cb0
%description -n pam_ssh_agent_auth
Tomáš Mráz e47cb0
This package contains a PAM module which can be used to authenticate
Tomáš Mráz e47cb0
users using ssh keys stored in a ssh-agent. Through the use of the
Tomáš Mráz e47cb0
forwarding of ssh-agent connection it also allows to authenticate with
Tomáš Mráz e47cb0
remote ssh-agent instance.
Tomáš Mráz e47cb0
Tomáš Mráz e47cb0
The module is most useful for su and sudo service stacks.
Tomáš Mráz e47cb0
cvsdist 43f95f
%prep
Petr Lautrbach 190035
%setup -q -a 4
Jan F 5c20fa
#Do not enable by default
Jan F. Chadima 28b0dc
%if 0
Jan F. Chadima 28b0dc
%patch0 -p1 -b .wIm
Jan F. Chadima 28b0dc
%endif
Jan F 5b4ccb
Petr Lautrbach 94c6f8
# investigate %patch102 -p1 -b .getaddrinfo
Jan F. Chadima 3b545b
%patch103 -p1 -b .packet
Jan F. Chadima 69dd72
Tomáš Mráz e47cb0
%if %{pam_ssh_agent}
Tomáš Mráz e47cb0
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
Jakub Jelen 87ab5f
%patch300 -p2 -b .psaa-build
Jakub Jelen 465b6e
%patch301 -p2 -b .psaa-seteuid
Jakub Jelen 87ab5f
%patch302 -p2 -b .psaa-visibility
Jakub Jelen 87ab5f
%patch306 -p2 -b .psaa-compat
Jakub Jelen 637556
%patch305 -p2 -b .psaa-agent
Jakub Jelen ea9421
%patch307 -p2 -b .psaa-deref
Jakub Jelen 87ab5f
# Remove duplicate headers and library files
Tomáš Mráz e47cb0
rm -f $(cat %{SOURCE5})
Tomáš Mráz e47cb0
popd
Tomáš Mráz e47cb0
%endif
Jan F. Chadima 69dd72
Petr Lautrbach 65ba94
%patch400 -p1 -b .role-mls
Petr Lautrbach cd5891
%patch404 -p1 -b .privsep-selinux
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72
%if %{ldap}
Jan F. Chadima 69dd72
%patch501 -p1 -b .ldap
Jan F. Chadima 69dd72
%endif
Jan F. Chadima 69dd72
%patch502 -p1 -b .keycat
Jan F. Chadima 69dd72
Jan F. Chadima 69dd72
%patch601 -p1 -b .ip-opts
Jan F. Chadima 69dd72
%patch604 -p1 -b .keyperm
Jan F. Chadima 69dd72
%patch606 -p1 -b .ipv6man
Petr Lautrbach 8b5fee
%patch607 -p1 -b .sigpipe
Petr Lautrbach 86f29c
%patch609 -p1 -b .x11
Jan F. Chadima 69dd72
%patch702 -p1 -b .progress
Jan F. Chadima 69dd72
%patch703 -p1 -b .grab-info
Jan F. Chadima 69dd72
%patch707 -p1 -b .redhat
Jan F. Chadima 69dd72
%patch708 -p1 -b .entropy
Jan F. Chadima 69dd72
%patch709 -p1 -b .vendor
Petr Lautrbach 5bd5aa
%patch711 -p1 -b .log-usepam-no
Tomas Mraz 6148ab
%patch712 -p1 -b .evp-ctr
Tomas Mraz 017c65
%patch713 -p1 -b .ctr-cavs
Jakub Jelen bb3e88
%patch714 -p1 -b .kdf-cavs
Petr Lautrbach 94c6f8
# 
Jan F. Chadima 69dd72
%patch800 -p1 -b .gsskex
Jan F. Chadima 69dd72
%patch801 -p1 -b .force_krb
Jakub Jelen d9d957
%patch803 -p1 -b .gss-docs
Jakub Jelen d78d34
%patch804 -p1 -b .ccache_name
Jakub Jelen d78d34
%patch805 -p1 -b .k5login
Petr Lautrbach 94c6f8
# 
Jan F. Chadima 69dd72
%patch900 -p1 -b .canohost
Jan F. Chadima 69dd72
%patch901 -p1 -b .kuserok
Petr Lautrbach 96df3b
%patch906 -p1 -b .fromto-remote
Petr Lautrbach 5296a7
%patch916 -p1 -b .contexts
Jakub Jelen 535d34
#%patch917 -p1 -b .cisco-dh # investigate
Petr Lautrbach 7a7b8f
%patch918 -p1 -b .log-in-chroot
Jakub Jelen fd06d6
%patch919 -p1 -b .scp
Jakub Jelen b9d68e
%patch920 -p1 -b .config
Petr Lautrbach 140e5c
%patch802 -p1 -b .GSSAPIEnablek5users
Petr Lautrbach f29c87
%patch921 -p1 -b .tcp_wrappers
Jakub Jelen b552eb
%patch922 -p1 -b .sshdt
Jakub Jelen 558fb7
%patch926 -p1 -b .sftp-force-mode
Jakub Jelen 8244d5
%patch928 -p1 -b .memory
Jakub Jelen 5de6c8
%patch929 -p1 -b .root-login
Jakub Jelen bc4ef0
%patch932 -p1 -b .gsskexalg
Jakub Jelen 4df30a
%patch933 -p1 -b .fingerprint
Jakub Jelen 986497
%patch939 -p1 -b .s390-dev
Jakub Jelen 209c7a
%patch940 -p1 -b .expose-pam
Jakub Jelen 162941
%patch944 -p1 -b .x11max
Jakub Jelen 4e7cde
%patch948 -p1 -b .systemd
Jakub Jelen 09320c
%patch949 -p1 -b .sandbox
Nalin Dahyabhai 05c945
Jakub Jelen 12cf3e
%patch200 -p1 -b .audit
Jakub Jelen 44fc97
%patch201 -p1 -b .audit-race
Petr Lautrbach 802815
%patch700 -p1 -b .fips
Petr Lautrbach 5160c9
Jakub Jelen 580f98
%patch100 -p1 -b .coverity
Jakub Jelen aacf0d
%patch104 -p1 -b .openssl
Petr Lautrbach 163064
Jan F. Chadima 28b0dc
%if 0
Jan F. Chadima 28b0dc
# Nothing here yet
Jan F. Chadima 28b0dc
%endif
Jan F. Chadima 28b0dc
Nalin Dahyabhai 8ccaa9
autoreconf
Jan F. Chadima 50a3dd
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
Jan F. Chadima 50a3dd
autoreconf
Jan F. Chadima 50a3dd
popd
cvsdist ffdec5
cvsdist 43f95f
%build
Tomas Mraz 4f4687
# the -fvisibility=hidden is needed for clean build of the pam_ssh_agent_auth
Tomas Mraz 4f4687
# and it makes the ssh build more clean and even optimized better
Tomas Mraz 4f4687
CFLAGS="$RPM_OPT_FLAGS -fvisibility=hidden"; export CFLAGS
cvsdist fe98d8
%if %{rescue}
cvsdist fe98d8
CFLAGS="$CFLAGS -Os"
cvsdist fe98d8
%endif
cvsdist fe98d8
%if %{pie}
Dennis Gilmore 91bdf4
%ifarch s390 s390x sparc sparcv9 sparc64
Tomáš Mráz e47cb0
CFLAGS="$CFLAGS -fPIC"
cvsdist 8f8720
%else
Tomáš Mráz e47cb0
CFLAGS="$CFLAGS -fpic"
cvsdist 8f8720
%endif
Tomáš Mráz e47cb0
SAVE_LDFLAGS="$LDFLAGS"
Jan F 003cb0
LDFLAGS="$LDFLAGS -pie -z relro -z now"
Jan F 003cb0
Jan F 003cb0
export CFLAGS
Jan F 003cb0
export LDFLAGS
Jan F 003cb0
cvsdist fe98d8
%endif
cvsdist 092b0a
%if %{kerberos5}
Jan F. Chadima 264029
if test -r /etc/profile.d/krb5-devel.sh ; then
Jakub Jelen 77f453
	source /etc/profile.d/krb5-devel.sh
Jan F. Chadima 264029
fi
cvsdist 092b0a
krb5_prefix=`krb5-config --prefix`
cvsdist 092b0a
if test "$krb5_prefix" != "%{_prefix}" ; then
cvsdist 092b0a
	CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS
cvsdist 092b0a
	CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"
cvsdist 092b0a
	LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS
cvsdist 092b0a
else
cvsdist 092b0a
	krb5_prefix=
cvsdist 092b0a
	CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS
cvsdist 092b0a
	CFLAGS="$CFLAGS -I%{_includedir}/gssapi"
cvsdist 092b0a
fi
cvsdist 092b0a
%endif
cvsdist b46e39
Jakub Jelen 2939c3
# do ssh1 clients
Jakub Jelen 2939c3
%configure  \
Jakub Jelen 2939c3
	--sysconfdir=%{_sysconfdir}/ssh \
Jakub Jelen 2939c3
	--libexecdir=%{_libexecdir}/openssh \
Jakub Jelen 2939c3
	--datadir=%{_datadir}/openssh \
Jakub Jelen 2939c3
	--with-default-path=/usr/local/bin:/usr/bin \
Jakub Jelen 2939c3
	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
Jakub Jelen 2939c3
	--disable-strip \
Jakub Jelen 2939c3
	--without-zlib-version-check \
Jakub Jelen 2939c3
	--with-ssl-engine \
Jakub Jelen 2939c3
	--with-ipaddr-display \
Jakub Jelen 2939c3
	--with-pie=no \
Jakub Jelen 2939c3
	--with-selinux --with-audit=linux \
Jakub Jelen 2939c3
	--with-pam \
Jakub Jelen 2939c3
	--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
Jakub Jelen ccd186
	--with-ldap \
Jakub Jelen 2939c3
	--with-ssh1
Jakub Jelen 2939c3
sed -i.back -e 's|^SSH_PROGRAM=.*|SSH_PROGRAM=/usr/bin/ssh1|' Makefile
Jakub Jelen 2939c3
make scp ssh ssh-keygen
Jakub Jelen 2939c3
cp ssh{,1}
Jakub Jelen 2939c3
cp scp{,1}
Jakub Jelen 2939c3
cp ssh-keygen{,1}
Jakub Jelen 2939c3
cp Makefile{.back,}
Jakub Jelen 2939c3
make clean
Jakub Jelen 2939c3
cvsdist 43f95f
%configure \
cvsdist 43f95f
	--sysconfdir=%{_sysconfdir}/ssh \
cvsdist 43f95f
	--libexecdir=%{_libexecdir}/openssh \
cvsdist b46e39
	--datadir=%{_datadir}/openssh \
cvsdist 43f95f
	--with-tcp-wrappers \
Petr Lautrbach e58e54
	--with-default-path=/usr/local/bin:/usr/bin \
Petr Lautrbach e58e54
	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
cvsdist 8264e7
	--with-privsep-path=%{_var}/empty/sshd \
Jakub Jelen 9080a8
	--enable-vendor-patchlevel="FC-%{openssh_ver}-%{openssh_rel}" \
Nalin Dahyabhai 8ccaa9
	--disable-strip \
Tomáš Mráz de2e7a
	--without-zlib-version-check \
Tomáš Mráz ff6d59
	--with-ssl-engine \
Jan F. Chadima 39b26b
	--with-ipaddr-display \
Jakub Jelen 14c675
	--with-pie=no \
Jakub Jelen 4e7cde
	--with-systemd \
Jan F. Chadima 7e7fb4
%if %{ldap}
Jan F. Chadima 7e7fb4
	--with-ldap \
Jan F. Chadima 7e7fb4
%endif
cvsdist 43f95f
%if %{rescue}
cvsdist ffdec5
	--without-pam \
cvsdist 3e66bd
%else
cvsdist 3e66bd
	--with-pam \
cvsdist 3e66bd
%endif
Tomáš Mráz fc72c2
%if %{WITH_SELINUX}
Jan F. Chadima 28b0dc
	--with-selinux --with-audit=linux \
Peter Robinson b9846a
	--with-sandbox=seccomp_filter \
Tomáš Mráz fc72c2
%endif
cvsdist 3e66bd
%if %{kerberos5}
Tomáš Mráz c9833c
	--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
cvsdist 43f95f
%else
Tomáš Mráz c9833c
	--without-kerberos5 \
Tomáš Mráz c9833c
%endif
Tomáš Mráz c9833c
%if %{libedit}
Petr Lautrbach b61d9c
	--with-libedit
Tomáš Mráz c9833c
%else
Petr Lautrbach b61d9c
	--without-libedit
cvsdist b46e39
%endif
cvsdist b46e39
cvsdist b46e39
%if %{static_libcrypto}
cvsdist b46e39
perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
cvsdist 43f95f
%endif
cvsdist 43f95f
cvsdist 43f95f
make
cvsdist 43f95f
cvsdist 8264e7
# Define a variable to toggle gnome1/gtk2 building.  This is necessary
cvsdist 8264e7
# because RPM doesn't handle nested %if statements.
cvsdist 8264e7
%if %{gtk2}
cvsdist 3e66bd
	gtk2=yes
cvsdist 8264e7
%else
cvsdist 3e66bd
	gtk2=no
cvsdist 8264e7
%endif
cvsdist 8264e7
cvsdist 43f95f
%if ! %{no_gnome_askpass}
cvsdist 43f95f
pushd contrib
cvsdist 8264e7
if [ $gtk2 = yes ] ; then
Jakub Jelen 812f08
	CFLAGS="$CFLAGS %{?__global_ldflags}" \
Jakub Jelen 812f08
	    make gnome-ssh-askpass2
cvsdist 3e66bd
	mv gnome-ssh-askpass2 gnome-ssh-askpass
cvsdist 8264e7
else
Jakub Jelen 812f08
	CFLAGS="$CFLAGS %{?__global_ldflags}"
Jakub Jelen 812f08
	    make gnome-ssh-askpass1
cvsdist 3e66bd
	mv gnome-ssh-askpass1 gnome-ssh-askpass
cvsdist 8264e7
fi
cvsdist 43f95f
popd
cvsdist 43f95f
%endif
cvsdist 43f95f
Tomáš Mráz e47cb0
%if %{pam_ssh_agent}
Tomáš Mráz e47cb0
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
Tomáš Mráz e47cb0
LDFLAGS="$SAVE_LDFLAGS"
Petr Lautrbach d2b3b9
%configure --with-selinux --libexecdir=/%{_libdir}/security --with-mantype=man
Tomáš Mráz e47cb0
make
Tomáš Mráz e47cb0
popd
Tomáš Mráz e47cb0
%endif
Tomáš Mráz e47cb0
Tomáš Mráz d93958
# Add generation of HMAC checksums of the final stripped binaries
Jakub Jelen a0e252
%global __spec_install_post \
Jakub Jelen a0e252
    %%{?__debug_package:%%{__debug_install_post}} \
Jakub Jelen 7c5d0a
    %%{__arch_install_post} \
Jakub Jelen 7c5d0a
    %%{__os_install_post} \
Tomas Mraz 13fa78
    fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_bindir}/ssh $RPM_BUILD_ROOT%{_sbindir}/sshd \
Tomáš Mráz d93958
%{nil}
Tomáš Mráz d93958
Petr Lautrbach fd408e
%check
Petr Lautrbach fd408e
#to run tests use "--with check"
Petr Lautrbach fd408e
%if %{?_with_check:1}%{!?_with_check:0}
Petr Lautrbach fd408e
make tests
Petr Lautrbach fd408e
%endif
Petr Lautrbach fd408e
cvsdist 43f95f
%install
cvsdist 43f95f
rm -rf $RPM_BUILD_ROOT
cvsdist 43f95f
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
Jakub Jelen 645408
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ssh_config.d
cvsdist 43f95f
mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
Tomáš Mráz 320a1c
mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
cvsdist 43f95f
make install DESTDIR=$RPM_BUILD_ROOT
Jan F. Chadima 99d9a3
rm -f $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ldap.conf
cvsdist 43f95f
cvsdist 43f95f
install -d $RPM_BUILD_ROOT/etc/pam.d/
Jan F 11896a
install -d $RPM_BUILD_ROOT/etc/sysconfig/
cvsdist 43f95f
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
Tomas Mraz 13fa78
install -d $RPM_BUILD_ROOT%{_libdir}/fipscheck
Tomáš Mráz ca47f6
install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
Jan F 99f427
install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat
Jan F 11896a
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd
Jakub Jelen 38d533
install -m644 ssh_config_redhat $RPM_BUILD_ROOT/etc/ssh/ssh_config.d/05-redhat.conf
Jan F 0ecc97
install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
Petr Lautrbach 678b80
install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/sshd@.service
Petr Lautrbach 678b80
install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/sshd.socket
Jan F d470c4
install -m644 %{SOURCE11} $RPM_BUILD_ROOT/%{_unitdir}/sshd.service
Jakub Jelen 00c7b7
install -m644 %{SOURCE12} $RPM_BUILD_ROOT/%{_unitdir}/sshd-keygen@.service
Jakub Jelen 5489ac
install -m644 %{SOURCE15} $RPM_BUILD_ROOT/%{_unitdir}/sshd-keygen.target
Jakub Jelen 00c7b7
install -m744 %{SOURCE13} $RPM_BUILD_ROOT/%{_libexecdir}/openssh/sshd-keygen
Tomáš Mráz f94d8f
install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/
Tomáš Mráz f94d8f
install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/
Jakub Jelen 766438
install -m644 -D %{SOURCE14} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
cvsdist 43f95f
Jakub Jelen 2939c3
# clients-ssh1
Jakub Jelen 2939c3
install -m755 ssh1 $RPM_BUILD_ROOT/%{_bindir}/ssh1
Jakub Jelen 2939c3
install -m755 scp1 $RPM_BUILD_ROOT/%{_bindir}/scp1
Jakub Jelen 2939c3
install -m755 ssh-keygen1 $RPM_BUILD_ROOT/%{_bindir}/ssh-keygen1
Jakub Jelen 2939c3
cvsdist 43f95f
%if ! %{no_gnome_askpass}
Jan F. Chadima 2b67a5
install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
cvsdist 43f95f
%endif
cvsdist 43f95f
cvsdist ffdec5
%if ! %{no_gnome_askpass}
Tomáš Mráz 09d7e6
ln -s gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
cvsdist b46e39
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
cvsdist 8264e7
install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
cvsdist 8264e7
install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
cvsdist ffdec5
%endif
cvsdist 43f95f
cvsdist 5ef607
%if %{no_gnome_askpass}
cvsdist 5ef607
rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.*
cvsdist 5ef607
%endif
cvsdist 5ef607
cvsdist 43f95f
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
cvsdist 43f95f
Tomáš Mráz e47cb0
%if %{pam_ssh_agent}
Tomáš Mráz e47cb0
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
Tomáš Mráz e47cb0
make install DESTDIR=$RPM_BUILD_ROOT
Tomáš Mráz e47cb0
popd
Tomáš Mráz e47cb0
%endif
cvsdist 43f95f
%clean
cvsdist 43f95f
rm -rf $RPM_BUILD_ROOT
cvsdist 43f95f
Jan F 1ddd0e
%pre
Jan F 1ddd0e
getent group ssh_keys >/dev/null || groupadd -r ssh_keys || :
Jan F 1ddd0e
cvsdist 8264e7
%pre server
Jan F. Chadima 2fd105
getent group sshd >/dev/null || groupadd -g %{sshd_uid} -r sshd || :
Jan F. Chadima 2fd105
getent passwd sshd >/dev/null || \
Petr Lautrbach d48f1a
  useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd \
Jan F. Chadima 2fd105
  -s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || :
cvsdist 8264e7
cvsdist 43f95f
%post server
Petr Lautrbach 678b80
%systemd_post sshd.service sshd.socket
cvsdist 43f95f
cvsdist 43f95f
%preun server
Petr Lautrbach 678b80
%systemd_preun sshd.service sshd.socket
Petr Lautrbach 94943d
Petr Lautrbach 94943d
%postun server
Petr Lautrbach 94943d
%systemd_postun_with_restart sshd.service
Jan F 5c8b5c
cvsdist 43f95f
%files
Tom Callaway e336e3
%license LICENCE
Tom Callaway e336e3
%doc CREDITS ChangeLog INSTALL OVERVIEW PROTOCOL* README README.platform README.privsep README.tun README.dns TODO
cvsdist 43f95f
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
Petr Lautrbach f9f83a
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
cvsdist 43f95f
%if ! %{rescue}
cvsdist 43f95f
%attr(0755,root,root) %{_bindir}/ssh-keygen
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
cvsdist 43f95f
%attr(0755,root,root) %dir %{_libexecdir}/openssh
Jakub Jelen 06b1d5
%attr(2555,root,ssh_keys) %{_libexecdir}/openssh/ssh-keysign
cvsdist 8264e7
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
cvsdist 43f95f
%endif
cvsdist 43f95f
cvsdist 43f95f
%files clients
cvsdist 8264e7
%attr(0755,root,root) %{_bindir}/ssh
Petr Lautrbach 2ae5f9
%attr(0644,root,root) %{_libdir}/fipscheck/ssh.hmac
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man1/ssh.1*
cvsdist 3e66bd
%attr(0755,root,root) %{_bindir}/scp
cvsdist 3e66bd
%attr(0644,root,root) %{_mandir}/man1/scp.1*
cvsdist 43f95f
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
Jakub Jelen 90ffc3
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d/
Jakub Jelen 645408
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/05-redhat.conf
cvsdist 3e66bd
%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
cvsdist 43f95f
%if ! %{rescue}
Jakub Jelen f26cd8
%attr(0755,root,root) %{_bindir}/ssh-agent
cvsdist 43f95f
%attr(0755,root,root) %{_bindir}/ssh-add
cvsdist 43f95f
%attr(0755,root,root) %{_bindir}/ssh-keyscan
cvsdist 43f95f
%attr(0755,root,root) %{_bindir}/sftp
Tomáš Mráz f94d8f
%attr(0755,root,root) %{_bindir}/ssh-copy-id
Jan F. Chadima 974c89
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man1/sftp.1*
Tomáš Mráz f94d8f
%attr(0644,root,root) %{_mandir}/man1/ssh-copy-id.1*
Jan F. Chadima 974c89
%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
cvsdist 43f95f
%endif
cvsdist 43f95f
Jakub Jelen 2939c3
%files clients-ssh1
Jakub Jelen 2939c3
%attr(0755,root,root) %{_bindir}/ssh1
Jakub Jelen 2939c3
%attr(0755,root,root) %{_bindir}/scp1
Jakub Jelen 2939c3
%attr(0755,root,root) %{_bindir}/ssh-keygen1
Jakub Jelen 2939c3
cvsdist 43f95f
%if ! %{rescue}
cvsdist 43f95f
%files server
Tomáš Mráz ef3242
%dir %attr(0711,root,root) %{_var}/empty/sshd
cvsdist 43f95f
%attr(0755,root,root) %{_sbindir}/sshd
Petr Lautrbach 2ae5f9
%attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac
cvsdist 43f95f
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
Jakub Jelen 00c7b7
%attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen
cvsdist 8264e7
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
Tomáš Mráz 93a474
%attr(0644,root,root) %{_mandir}/man5/moduli.5*
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
cvsdist 43f95f
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
cvsdist 43f95f
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
Tomáš Mráz 5a8f6b
%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
Jan F 11896a
%attr(0640,root,root) %config(noreplace) /etc/sysconfig/sshd
Jan F 53f618
%attr(0644,root,root) %{_unitdir}/sshd.service
Petr Lautrbach 678b80
%attr(0644,root,root) %{_unitdir}/sshd@.service
Petr Lautrbach 678b80
%attr(0644,root,root) %{_unitdir}/sshd.socket
Jakub Jelen 00c7b7
%attr(0644,root,root) %{_unitdir}/sshd-keygen@.service
Jakub Jelen 5489ac
%attr(0644,root,root) %{_unitdir}/sshd-keygen.target
Jakub Jelen 766438
%attr(0644,root,root) %{_tmpfilesdir}/openssh.conf
Jan F c0cd66
%endif
cvsdist 43f95f
Jan F. Chadima 3fdf10
%if %{ldap}
Jan F. Chadima 3fdf10
%files ldap
Jan F 9404cd
%doc HOWTO.ldap-keys openssh-lpk-openldap.schema openssh-lpk-sun.schema ldap.conf
Jakub Jelen 09ca6e
%doc openssh-lpk-openldap.ldif openssh-lpk-sun.ldif
Jan F. Chadima 3fdf10
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-ldap-helper
Jan F b93498
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-ldap-wrapper
Jan F. Chadima 3fdf10
%attr(0644,root,root) %{_mandir}/man8/ssh-ldap-helper.8*
Jan F. Chadima 222d52
%attr(0644,root,root) %{_mandir}/man5/ssh-ldap.conf.5*
Jan F. Chadima 3fdf10
%endif
Jan F. Chadima 3fdf10
Jan F 99f427
%files keycat
Jan F 825921
%doc HOWTO.ssh-keycat
Jan F 99f427
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-keycat
Jan F 99f427
%attr(0644,root,root) %config(noreplace) /etc/pam.d/ssh-keycat
Jan F 99f427
cvsdist 43f95f
%if ! %{no_gnome_askpass}
Tomáš Mráz 09d7e6
%files askpass
Tomáš Mráz b40baa
%attr(0644,root,root) %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
cvsdist 43f95f
%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
Tomáš Mráz 09d7e6
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
cvsdist 43f95f
%endif
cvsdist 43f95f
Jakub Jelen 08cb90
%files cavs
Jakub Jelen 08cb90
%attr(0755,root,root) %{_libexecdir}/openssh/ctr-cavstest
Jakub Jelen 08cb90
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-cavs
Jakub Jelen 08cb90
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-cavs_driver.pl
Jakub Jelen 08cb90
Tomáš Mráz e47cb0
%if %{pam_ssh_agent}
Tomáš Mráz e47cb0
%files -n pam_ssh_agent_auth
Tom Callaway e336e3
%license pam_ssh_agent_auth-%{pam_ssh_agent_ver}/OPENSSH_LICENSE
Petr Lautrbach d2b3b9
%attr(0755,root,root) %{_libdir}/security/pam_ssh_agent_auth.so
Tomáš Mráz e47cb0
%attr(0644,root,root) %{_mandir}/man8/pam_ssh_agent_auth.8*
Tomáš Mráz e47cb0
%endif
Tomáš Mráz e47cb0
cvsdist f71077
%changelog
Fedora Release Engineering be108c
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.5p1-3.1
Fedora Release Engineering be108c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
Fedora Release Engineering be108c
Jakub Jelen 2ea24b
* Fri Jun 30 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-2 + 0.10.3-2
Jakub Jelen 2ea24b
- Sync downstream patches with RHEL (FIPS)
Jakub Jelen 2ea24b
- Resolve potential issues with OpenSSL 1.1.0 patch
Jakub Jelen 2ea24b
Jakub Jelen 204765
* Wed Mar 22 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-2 + 0.10.3-2
Jakub Jelen 204765
- Fix various after-release typos including failed build in s390x (#1434341)
Jakub Jelen 204765
- Revert chroot magic with SELinux
Jakub Jelen 204765
Jakub Jelen 17b491
* Mon Mar 20 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-1 + 0.10.3-2
Jakub Jelen 17b491
- New upstream release
Jakub Jelen 17b491
Jakub Jelen 7b666e
* Fri Mar 03 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-4 + 0.10.3-1
Jakub Jelen 7b666e
- Avoid sending the SD_NOTIFY messages from wrong processes (#1427526)
Jakub Jelen 7b666e
- Address reports by coverity
Jakub Jelen 7b666e
Jakub Jelen ab7f94
* Mon Feb 20 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-3 + 0.10.3-1
Jakub Jelen ab7f94
- Properly report errors from included files (#1408558)
Jakub Jelen ab7f94
- New pam_ssh_agent_auth 0.10.3 release
Jakub Jelen ab7f94
- Switch to SD_NOTIFY to make systemd happy
Jakub Jelen ab7f94
Jakub Jelen 26cec0
* Mon Feb 06 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-2 + 0.10.2-5
Jakub Jelen 26cec0
- Fix ssh-agent cert signing error (#1416584)
Jakub Jelen 26cec0
- Fix wrong path to crypto policies
Jakub Jelen 26cec0
- Attempt to resolve issue with systemd
Jakub Jelen 26cec0
Jakub Jelen b19926
* Tue Jan 03 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-1 + 0.10.2-5
Jakub Jelen b19926
- New upstream release (#1406204)
Jakub Jelen b19926
- Cache supported OIDs for GSSAPI key exchange (#1395288)
Jakub Jelen b19926
- Fix typo causing heap corruption (use-after-free) (#1409433)
Jakub Jelen b19926
- Prevent hangs with long MOTD
Jakub Jelen b19926
Jakub Jelen d8c2e8
* Thu Dec 08 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-7 + 0.10.2-4
Jakub Jelen d8c2e8
- Properly deserialize received RSA certificates in ssh-agent (#1402029)
Jakub Jelen d8c2e8
- Move MAX_DISPLAYS to a configuration option
Jakub Jelen d8c2e8
Jakub Jelen 7bccf7
* Wed Nov 16 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-6 + 0.10.2-4
Jakub Jelen 7bccf7
- GSSAPI requires futex syscall in privsep child (#1395288)
Jakub Jelen 7bccf7
Jakub Jelen 2a8bce
* Thu Oct 27 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-5 + 0.10.2-4
Jakub Jelen 2a8bce
- Build against OpenSSL 1.1.0 with compat changes
Jakub Jelen ccf623
- Recommend crypto-policies
Jakub Jelen ccf623
- Fix chroot dropping capabilities (#1386755)
Jakub Jelen 2a8bce
Jakub Jelen d924bc
* Thu Sep 29 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-4 + 0.10.2-4
Jakub Jelen d924bc
- Fix NULL dereference (#1380297)
Jakub Jelen d924bc
- Include client Crypto Policy (#1225752)
Jakub Jelen d924bc
Jakub Jelen 0a605f
* Mon Aug 15 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-3 + 0.10.2-4
Jakub Jelen 0a605f
- Proper content of included configuration file
Jakub Jelen 0a605f
Jakub Jelen 73953d
* Tue Aug 09 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-2 + 0.10.2-4
Jakub Jelen 73953d
- Fix permissions on the include directory (#1365270)
Jakub Jelen 73953d
Jakub Jelen 73953d
* Tue Aug 02 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-1 + 0.10.2-4
Jakub Jelen a711d3
- New upstream release (#1362156)
Jakub Jelen a711d3
Jakub Jelen 82bfd1
* Tue Jul 26 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-11 + 0.10.2-3
Jakub Jelen 82bfd1
- Remove slogin and sshd-keygen (#1359762)
Jakub Jelen 82bfd1
- Prevent guest_t from running sudo (#1357860)
Jakub Jelen 82bfd1
Jakub Jelen 9dc741
* Mon Jul 18 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-10 + 0.10.2-3
Jakub Jelen 9dc741
- CVE-2016-6210: User enumeration via covert timing channel (#1357443)
Jakub Jelen 9dc741
- Expose more information about authentication to PAM
Jakub Jelen 9dc741
- Make closefrom() ignore softlinks to the /dev/ devices on s390
Jakub Jelen 9dc741
Jakub Jelen a49441
* Fri Jul 01 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-9 + 0.10.2-3
Jakub Jelen a49441
- Fix wrong detection of UseLogin in server configuration (#1350347)
Jakub Jelen a49441
Jakub Jelen 5a67d5
* Fri Jun 24 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-8 + 0.10.2-3
Jakub Jelen 5a67d5
- Enable seccomp filter for MIPS architectures
Jakub Jelen 5a67d5
- UseLogin=yes is not supported in Fedora
Jakub Jelen 5a67d5
- SFTP server forced permissions should restore umask
Jakub Jelen 5a67d5
- pam_ssh_agent_auth: Fix conflict bewteen two getpwuid() calls (#1349551)
Jakub Jelen 5a67d5
Jakub Jelen ba8f38
* Mon Jun 06 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-7
Jakub Jelen ba8f38
- Fix regression in certificate-based authentication (#1333498)
Jakub Jelen ba8f38
- Check for real location of .k5login file (#1328243)
Jakub Jelen ba8f38
- Fix unchecked dereference in pam_ssh_agent_auth
Jakub Jelen ba8f38
- Clean up old patches
Jakub Jelen ba8f38
- Build with seccomp filter on ppc64(le) (#1195065)
Jakub Jelen ba8f38
Jakub Jelen 991b66
* Fri Apr 29 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-6 + 0.10.2-3
Jakub Jelen 991b66
- Add legacy sshd-keygen for anaconda (#1331077)
Jakub Jelen 991b66
Jakub Jelen 138056
* Fri Apr 22 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-5 + 0.10.2-3
Jakub Jelen 138056
- CVE-2015-8325: ignore PAM environment vars when UseLogin=yes (#1328013)
Jakub Jelen 138056
- Fix typo in sysconfig/sshd (#1325535)
Jakub Jelen 138056
Jakub Jelen 58d286
* Fri Apr 15 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-4 + 0.10.2-3
Jakub Jelen 58d286
- Revise socket activation and services dependencies (#1325535)
Jakub Jelen 58d286
- Drop unused init script
Jakub Jelen 58d286
Jakub Jelen 32a748
* Wed Apr 13 2016 Jakub Jelen <jjelen@redhat.com> 7.2p2-3 + 0.10.2-3
Jakub Jelen 32a748
- Make sshd-keygen comply with packaging guidelines (#1325535)
Jakub Jelen 32a748
- Soft-deny socket() syscall in seccomp sandbox (#1324493)
Jakub Jelen 32a748
- Remove *sha1 Kex in FIPS mode (#1324493)
Jakub Jelen 32a748
- Remove *gcm ciphers in FIPS mode (#1324493)
Jakub Jelen 32a748
Jakub Jelen f7e56a
* Wed Apr 06 2016 Jakub Jelen <jjelen@redhat.com> 7.2p2-2 + 0.10.2-3
Jakub Jelen f7e56a
- Fix GSSAPI Key Exchange according to RFC (#1323622)
Jakub Jelen f7e56a
- Remove init.d/functions dependency from sshd-keygen (#1317722)
Jakub Jelen f7e56a
- Do not use MD5 in pam_ssh_agent_auth in FIPS mode
Jakub Jelen f7e56a
Jakub Jelen 9163ba
* Thu Mar 10 2016 Jakub Jelen <jjelen@redhat.com> 7.2p2-1 + 0.10.2-3
Jakub Jelen 9163ba
- New upstream (security) release (#1316529)
Jakub Jelen 9163ba
- Clean up audit patch
Jakub Jelen 9163ba
Jakub Jelen 0bdae3
* Thu Mar 03 2016 Jakub Jelen <jjelen@redhat.com> 7.2p1-2 + 0.10.2-2
Jakub Jelen 0bdae3
- Restore slogin symlinks to preserve backward compatibility
Jakub Jelen 0bdae3
Jakub Jelen 13073f
* Mon Feb 29 2016 Jakub Jelen <jjelen@redhat.com> 7.2p1-1 + 0.10.2-2
Jakub Jelen 13073f
- New upstream release (#1312870)
Jakub Jelen 13073f
Jakub Jelen 46445f
* Wed Feb 24 2016 Jakub Jelen <jjelen@redhat.com> 7.1p2-4.1 + 0.10.2-1
Jakub Jelen 46445f
- Fix race condition in auditing events when using multiplexing (#1308295)
Jakub Jelen 46445f
- Fix X11 forwarding CVE according to upstream
Jakub Jelen 46445f
- Fix problem when running without privsep (#1303910)
Jakub Jelen 46445f
- Remove hard glob limit in SFTP
Jakub Jelen 46445f
Fedora Release Engineering b2b837
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 7.1p2-3.1
Fedora Release Engineering b2b837
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
Fedora Release Engineering b2b837
Jakub Jelen 8ddd3e
* Sat Jan 30 2016 Jakub Jelen <jjelen@redhat.com> 7.1p2-3 + 0.10.2-1
Jakub Jelen 8ddd3e
- Fix segfaults with pam_ssh_agent_auth (#1303036)
Jakub Jelen 8ddd3e
- Silently disable X11 forwarding on problems
Jakub Jelen 8ddd3e
- Systemd service should be forking to detect immediate failures
Jakub Jelen 8ddd3e
Jakub Jelen 6c2eb5
* Mon Jan 25 2016 Jakub Jelen <jjelen@redhat.com> 7.1p2-2 + 0.10.2-1
Jakub Jelen 6c2eb5
- Rebased to recent version of pam_ssh_agent_auth
Jakub Jelen 6c2eb5
- Upstream fix for CVE-2016-1908
Jakub Jelen 6c2eb5
- Remove useless defattr
Jakub Jelen 6c2eb5
Jakub Jelen 7bc643
* Thu Jan 14 2016 Jakub Jelen <jjelen@redhat.com> 7.1p2-1 + 0.9.2-9
Jakub Jelen 7bc643
- New security upstream release for CVE-2016-0777
Jakub Jelen 7bc643
Jakub Jelen b2191d
* Tue Jan 12 2016 Jakub Jelen <jjelen@redhat.com> 7.1p1-7 + 0.9.2-8
Jakub Jelen b2191d
- Change RPM define macros to global according to packaging guidelines
Jakub Jelen b2191d
- Fix wrong handling of SSH_COPY_ID_LEGACY environment variable
Jakub Jelen b2191d
- Update ssh-agent and ssh-keysign permissions (#1296724)
Jakub Jelen b2191d
- Fix few problems with alternative builds without GSSAPI or openSSL
Jakub Jelen b2191d
- Fix condition to run sshd-keygen
Jakub Jelen b2191d
Jakub Jelen c45d14
* Fri Dec 18 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-6 + 0.9.2-8
Jakub Jelen c45d14
- Preserve IUTF8 tty mode flag over ssh connections (#1270248)
Jakub Jelen c45d14
- Do not require sysconfig file to start service (#1279521)
Jakub Jelen c45d14
- Update ssh-copy-id to upstream version
Jakub Jelen c45d14
- GSSAPI Key Exchange documentation improvements
Jakub Jelen c45d14
- Remove unused patches
Jakub Jelen c45d14
Jakub Jelen ef86a3
* Wed Nov 04 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-5 + 0.9.2-8
Jakub Jelen ef86a3
- Do not set user context too many times for root logins (#1269072)
Jakub Jelen ef86a3
Jakub Jelen fa54d5
* Thu Oct 22 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-4 + 0.9.2-8
Jakub Jelen fa54d5
- Review SELinux user context handling after authentication (#1269072)
Jakub Jelen fa54d5
- Handle root logins the same way as other users (#1269072)
Jakub Jelen fa54d5
- Audit implicit mac, if mac is covered in cipher (#1271694)
Jakub Jelen fa54d5
- Increase size limit for remote glob over sftp
Jakub Jelen fa54d5
Jakub Jelen a80c27
* Fri Sep 25 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-3 + 0.9.2-8
Jakub Jelen a80c27
- Fix FIPS mode for DH kex (#1260253)
Jakub Jelen a80c27
- Provide full RELRO and PIE form askpass helper (#1264036)
Jakub Jelen a80c27
- Fix gssapi key exchange on server and client (#1261414)
Jakub Jelen a80c27
- Allow gss-keyex root login when without-password is set (upstream #2456)
Jakub Jelen a80c27
- Fix obsolete usage of SELinux constants (#1261496)
Jakub Jelen a80c27
Jakub Jelen 982621
* Wed Sep 09 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-2 + 0.9.2-8
Jakub Jelen 982621
- Fix warnings reported by gcc related to keysign and keyAlgorithms
Jakub Jelen 982621
Jakub Jelen 757fec
* Sat Aug 22 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-1 + 0.9.2-8
Jakub Jelen 757fec
- New upstream release
Jakub Jelen 757fec
Jakub Jelen ebdae8
* Wed Aug 19 2015 Jakub Jelen <jjelen@redhat.com> 7.0p1-2 + 0.9.3-7
Jakub Jelen ebdae8
- Fix problem with DSA keys using pam_ssh_agent_auth (#1251777)
Jakub Jelen ebdae8
- Add GSSAPIKexAlgorithms option for server and client application
Jakub Jelen ebdae8
- Possibility to validate legacy systems by more fingerprints (#1249626)
Jakub Jelen ebdae8
Jakub Jelen 18e549
* Wed Aug 12 2015 Jakub Jelen <jjelen@redhat.com> 7.0p1-1 + 0.9.3-7
Jakub Jelen 3f5513
- New upstream release (#1252639)
Jakub Jelen 3f5513
- Fix pam_ssh_agent_auth package (#1251777)
Jakub Jelen 3f5513
- Security: Use-after-free bug related to PAM support (#1252853)
Jakub Jelen 3f5513
- Security: Privilege separation weakness related to PAM support (#1252854)
Jakub Jelen 3f5513
- Security: Incorrectly set TTYs to be world-writable (#1252862)
Jakub Jelen 3f5513
Jakub Jelen 6286d6
* Tue Jul 28 2015 Jakub Jelen <jjelen@redhat.com> 6.9p1-4 + 0.9.3-6
Jakub Jelen 6286d6
- Handle terminal control characters in scp progressmeter (#1247204)
Jakub Jelen 6286d6
Jakub Jelen 83bfb1
* Thu Jul 23 2015 Jakub Jelen <jjelen@redhat.com> 6.9p1-3 + 0.9.3-6
Jakub Jelen 83bfb1
- CVE-2015-5600: only query each keyboard-interactive device once (#1245971)
Jakub Jelen 83bfb1
Jakub Jelen ca62b6
* Wed Jul 15 2015 Jakub Jelen <jjelen@redhat.com> 6.9p1-2 + 0.9.3-6
Jakub Jelen ca62b6
- Enable SECCOMP filter for s390* architecture (#1195065)
Jakub Jelen ca62b6
- Fix race condition when multiplexing connection (#1242682)
Jakub Jelen ca62b6
Jakub Jelen 187a34
* Wed Jul 01 2015 Jakub Jelen <jjelen@redhat.com> 6.9p1-1 + 0.9.3-6
Jakub Jelen 187a34
- New upstream release (#1238253)
Jakub Jelen 187a34
- Increase limitation number of files which can be listed using glob in sftp
Jakub Jelen 187a34
- Correctly revert "PermitRootLogin no" option from upstream sources (#89216)
Jakub Jelen 187a34
Jakub Jelen f3002b
* Wed Jun 24 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-9 + 0.9.3-5
Jakub Jelen f3002b
- Allow socketcall(SYS_SHUTDOWN) for net_child on ix86 architecture
Jakub Jelen f3002b
b59dd8
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.8p1-8.1
b59dd8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
b59dd8
Jakub Jelen 5aa47a
* Mon Jun 08 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-8 + 0.9.3-5
Jakub Jelen 5aa47a
- Return stat syscall to seccomp filter (#1228323)
Jakub Jelen 5aa47a
Jakub Jelen f049b3
* Wed Jun 03 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-7 + 0.9.3-5
Jakub Jelen f049b3
- Handle pam_ssh_agent_auth memory, buffers and variable sizes (#1225106)
Jakub Jelen f049b3
Jakub Jelen 8a10dc
* Thu May 28 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-6 + 0.9.3-5
Jakub Jelen 8a10dc
- Resolve problem with pam_ssh_agent_auth after rebase (#1225106)
Jakub Jelen 8a10dc
- ssh-copy-id: tcsh doesnt work with multiline strings
Jakub Jelen 8a10dc
- Fix upstream memory problems
Jakub Jelen 8a10dc
- Add missing options in testmode output and manual pages
Jakub Jelen 8a10dc
- Provide LDIF version of LPK schema
Jakub Jelen 8a10dc
- Document required selinux boolean for working ssh-ldap-helper
Jakub Jelen 8a10dc
Jakub Jelen 775e1b
* Mon Apr 20 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-5 + 0.9.3-5
Jakub Jelen 775e1b
- Fix segfault on daemon exit caused by API change (#1213423)
Jakub Jelen 775e1b
Jakub Jelen c51631
* Thu Apr 02 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-4 + 0.9.3-5
Jakub Jelen c51631
- Fix audit_end_command to restore ControlPersist function (#1203900)
Jakub Jelen c51631
Jakub Jelen c028ac
* Tue Mar 31 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-3 + 0.9.3-5
Jakub Jelen c028ac
- Fixed issue with GSSAPI key exchange (#1207719)
Jakub Jelen c028ac
- Add pam_namespace to sshd pam stack (based on #1125110)
Jakub Jelen c028ac
- Remove krb5-config workaround for #1203900
Jakub Jelen c028ac
- Fix handling SELinux context in MLS systems
Jakub Jelen c028ac
- Regression: solve sshd segfaults if other instance already running
Jakub Jelen c028ac
Jakub Jelen e5b15a
* Thu Mar 26 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-2 + 0.9.3-5
Jakub Jelen e5b15a
- Update audit and gss patches after rebase
Jakub Jelen e5b15a
- Fix reintroduced upstrem bug #1878
Jakub Jelen e5b15a
Jakub Jelen e3688f
* Tue Mar 24 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-1 + 0.9.3-5
Jakub Jelen e3688f
- new upstream release openssh-6.8p1 (#1203245)
Jakub Jelen e3688f
- Resolve segfault with auditing commands (#1203900)
Jakub Jelen e3688f
- Workaround krb5-config bug (#1204646)
Jakub Jelen 132f8f
Jakub Jelen 7b82d0
* Thu Mar 12 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-11 + 0.9.3-4
Jakub Jelen 7b82d0
- Ability to specify LDAP filter in ldap.conf for ssh-ldap-helper
Jakub Jelen 7b82d0
- Fix auditing when using combination of ForceCommand and PTY
Jakub Jelen 7b82d0
- Add sftp option to force mode of created files (from rhel)
Jakub Jelen 7b82d0
- Fix tmpfiles.d entries to be more consistent (#1196807)
Jakub Jelen 7b82d0
Jakub Jelen 7aa632
* Mon Mar 02 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-10 + 0.9.3-4
Jakub Jelen 7aa632
- Add tmpfiles.d entries (#1196807)
Jakub Jelen 7aa632
Jakub Jelen c8b407
* Fri Feb 27 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-9 + 0.9.3-4
Jakub Jelen c8b407
- Adjust seccomp filter for primary architectures and solve aarch64 issue (#1197051)
Jakub Jelen c8b407
- Solve issue with ssh-copy-id and keys without trailing newline (#1093168)
Jakub Jelen c8b407
Jakub Jelen 5f3c83
* Tue Feb 24 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-8 + 0.9.3-4
Jakub Jelen 5f3c83
- Add AArch64 support for seccomp_filter sandbox (#1195065)
Jakub Jelen 5f3c83
Jakub Jelen e0f867
* Mon Feb 23 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-7 + 0.9.3-4
Jakub Jelen e0f867
- Fix seccomp filter on architectures without getuid32
Jakub Jelen e0f867
Jakub Jelen c13a4b
* Mon Feb 23 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-6 + 0.9.3-4
Jakub Jelen c13a4b
- Update seccomp filter to work on i686 architectures (#1194401)
Jakub Jelen c13a4b
- Fix previous failing build (#1195065)
Jakub Jelen c13a4b
Peter Robinson 74e740
* Sun Feb 22 2015 Peter Robinson <pbrobinson@fedoraproject.org> 6.7p1-5 + 0.9.3-4
Peter Robinson 74e740
- Only use seccomp for sandboxing on supported platforms
Peter Robinson 74e740
Jakub Jelen c69452
* Fri Feb 20 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-4 + 0.9.3-4
Jakub Jelen c69452
- Move cavs tests into subpackage -cavs (#1194320)
Jakub Jelen c69452
Jakub Jelen 2f5563
* Wed Feb 18 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-3 + 0.9.3-4
Jakub Jelen 2f5563
- update coverity patch
Jakub Jelen 2f5563
- make output of sshd -T more consistent (#1187521)
Jakub Jelen 2f5563
- enable seccomp for sandboxing instead of rlimit (#1062953)
Jakub Jelen 2f5563
- update hardening to compile on gcc5
Jakub Jelen 2f5563
- Add SSH KDF CAVS test driver (#1193045)
Jakub Jelen 2f5563
- Fix ssh-copy-id on non-sh remote shells (#1045191)
Jakub Jelen 2f5563
Jakub Jelen 6c6416
* Tue Jan 27 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-2 + 0.9.3-4
Jakub Jelen 6c6416
- fixed audit patch after rebase
Jakub Jelen 6c6416
Petr Lautrbach 190035
* Tue Jan 20 2015 Petr Lautrbach <plautrba@redhat.com> 6.7p1-1 + 0.9.3-4
Petr Lautrbach 190035
- new upstream release openssh-6.7p1
Petr Lautrbach 190035
Jakub Jelen 3ffcb7
* Thu Jan 15 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-11.1 + 0.9.3-3
Jakub Jelen 2109ab
- error message if scp when directory doesn't exist (#1142223)
Jakub Jelen 2109ab
- parsing configuration file values (#1130733)
Jakub Jelen 2109ab
- documentation in service and socket files for systemd (#1181593)
Jakub Jelen 2109ab
- updated ldap patch (#981058)
Jakub Jelen 2109ab
- fixed vendor-patchlevel
Jakub Jelen 2109ab
- add new option GSSAPIEnablek5users and disable using ~/.k5users by default CVE-2014-9278 (#1170745)
Jakub Jelen 2109ab
Petr Lautrbach 62986c
* Fri Dec 19 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-10 + 0.9.3-3
Petr Lautrbach 62986c
- log via monitor in chroots without /dev/log
Petr Lautrbach 62986c
Petr Lautrbach 276c16
* Wed Dec 03 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-9 + 0.9.3-3
Petr Lautrbach 276c16
- the .local domain example should be in ssh_config, not in sshd_config
Petr Lautrbach 276c16
- use different values for DH for Cisco servers (#1026430)
Petr Lautrbach 276c16
Petr Lautrbach 823364
* Thu Nov 13 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-8 + 0.9.3-3
Petr Lautrbach 823364
- fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request (#1118005)
Petr Lautrbach 823364
Petr Lautrbach a1e1ac
* Fri Nov 07 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-7 + 0.9.3-3
Petr Lautrbach a1e1ac
- correct the calculation of bytes for authctxt->krb5_ccname <ams@corefiling.com> (#1161073)
Petr Lautrbach a1e1ac
Petr Lautrbach 3b7c86
* Tue Nov 04 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-6 + 0.9.3-3
Petr Lautrbach 3b7c86
- privsep_preauth: use SELinux context from selinux-policy (#1008580)
Petr Lautrbach 3b7c86
- change audit trail for unknown users (mindrot#2245)
Petr Lautrbach 3b7c86
- fix kuserok patch which checked for the existence of .k5login
Petr Lautrbach 3b7c86
  unconditionally and hence prevented other mechanisms to be used properly
Petr Lautrbach 3b7c86
- revert the default of KerberosUseKuserok back to yes (#1153076)
Petr Lautrbach 3b7c86
- ignore SIGXFSZ in postauth monitor (mindrot#2263)
Petr Lautrbach 3b7c86
- sshd-keygen - don't generate DSA and ED25519 host keys in FIPS mode
Petr Lautrbach 3b7c86
Petr Lautrbach afde9f
* Mon Sep 08 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-5 + 0.9.3-3
Petr Lautrbach afde9f
- set a client's address right after a connection is set (mindrot#2257)
Petr Lautrbach afde9f
- apply RFC3454 stringprep to banners when possible (mindrot#2058)
Petr Lautrbach afde9f
- don't consider a partial success as a failure (mindrot#2270)
Petr Lautrbach afde9f
Peter Robinson 662c5a
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.6.1p1-4.1
Peter Robinson 662c5a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
Peter Robinson 662c5a
Tom Callaway e336e3
* Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> 6.6.1p1-4 + 0.9.3-3
Tom Callaway e336e3
- fix license handling (both)
Tom Callaway e336e3
Petr Lautrbach 8ff21c
* Fri Jul 18 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-3 + 0.9.3-2
Petr Lautrbach 8ff21c
- standardise on NI_MAXHOST for gethostname() string lengths (#1051490)
Petr Lautrbach 8ff21c
Petr Lautrbach cef0d5
* Mon Jul 14 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-2 + 0.9.3-2
Petr Lautrbach cef0d5
- add pam_reauthorize.so to sshd.pam (#1115977)
Petr Lautrbach cef0d5
- spec file and patches clenup
Petr Lautrbach cef0d5
d1b093
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.6.1p1-1.1
d1b093
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
d1b093
Petr Lautrbach 5cde9c
* Tue Jun 03 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-1 + 0.9.3-2
Petr Lautrbach 5cde9c
- disable the curve25519 KEX when speaking to OpenSSH 6.5 or 6.6
Petr Lautrbach 5cde9c
- add support for ED25519 keys to sshd-keygen and sshd.sysconfig
Petr Lautrbach 5cde9c
- drop openssh-server-sysvinit subpackage
Petr Lautrbach 5cde9c
- slightly change systemd units logic - use sshd-keygen.service (#1066615)
Petr Lautrbach 5cde9c
Petr Lautrbach 94c6f8
* Tue Jun 03 2014 Petr Lautrbach <plautrba@redhat.com> 6.6p1-1 + 0.9.3-2
Petr Lautrbach 94c6f8
- new upstream release openssh-6.6p1
Petr Lautrbach 94c6f8
Petr Lautrbach d75575
* Thu May 15 2014 Petr Lautrbach <plautrba@redhat.com> 6.4p1-4 + 0.9.3-1
Petr Lautrbach d75575
- use SSH_COPY_ID_LEGACY variable to run ssh-copy-id in the legacy mode
Petr Lautrbach d75575
- make /etc/ssh/moduli file public (#1043661)
Petr Lautrbach d75575
- test existence of /etc/ssh/ssh_host_ecdsa_key in sshd-keygen.service
Petr Lautrbach d75575
- don't clean up gssapi credentials by default (#1055016)
Petr Lautrbach d75575
- ssh-agent - try CLOCK_BOOTTIME with fallback (#1091992)
Petr Lautrbach d75575
- prevent a server from skipping SSHFP lookup - CVE-2014-2653 (#1081338)
Petr Lautrbach d75575
- ignore environment variables with embedded '=' or '\0' characters - CVE-2014-2532
Petr Lautrbach d75575
  (#1077843)
Petr Lautrbach d75575
Petr Lautrbach 222dd2
* Wed Dec 11 2013 Petr Lautrbach <plautrba@redhat.com> 6.4p1-3 + 0.9.3-1
Petr Lautrbach 222dd2
- sshd-keygen - use correct permissions on ecdsa host key (#1023945)
Petr Lautrbach 222dd2
- use only rsa and ecdsa host keys by default
Petr Lautrbach 222dd2
Petr Lautrbach 89d920
* Tue Nov 26 2013 Petr Lautrbach <plautrba@redhat.com> 6.4p1-2 + 0.9.3-1
Petr Lautrbach 89d920
- fix fatal() cleanup in the audit patch (#1029074)
Petr Lautrbach 89d920
- fix parsing logic of ldap.conf file (#1033662)
Petr Lautrbach 89d920
Petr Lautrbach 09e9ef
* Fri Nov 08 2013 Petr Lautrbach <plautrba@redhat.com> 6.4p1-1 + 0.9.3-1
Petr Lautrbach 09e9ef
- new upstream release
Petr Lautrbach 09e9ef
Petr Lautrbach 3ed619
* Fri Nov 01 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-5 + 0.9.3-7
Petr Lautrbach 3ed619
- adjust gss kex mechanism to the upstream changes (#1024004)
Petr Lautrbach 3ed619
- don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> (#1024965)
Petr Lautrbach 3ed619
Petr Lautrbach 7feb96
* Fri Oct 25 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-4 + 0.9.3-6
Petr Lautrbach 7feb96
- rebuild with the openssl with the ECC support
Petr Lautrbach 7feb96
Petr Lautrbach a5e23f
* Thu Oct 24 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-3 + 0.9.3-6
Petr Lautrbach a5e23f
- don't use SSH_FP_MD5 for fingerprints in FIPS mode
Petr Lautrbach a5e23f
Petr Lautrbach ff7a26
* Wed Oct 23 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-2 + 0.9.3-6
Petr Lautrbach ff7a26
- use default_ccache_name from /etc/krb5.conf for a kerberos cache (#991186)
Petr Lautrbach ff7a26
- increase the size of the Diffie-Hellman groups (#1010607)
Petr Lautrbach ff7a26
- sshd-keygen to generate ECDSA keys <i.grok@comcast.net> (#1019222)
Petr Lautrbach ff7a26
Petr Lautrbach e40d5d
* Tue Oct 15 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-1.1 + 0.9.3-6
Petr Lautrbach a92e91
- new upstream release (#1007769)
Petr Lautrbach a92e91
Petr Lautrbach c33ef5
* Tue Oct 08 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-9 + 0.9.3-5
Petr Lautrbach c33ef5
- use dracut-fips package to determine if a FIPS module is installed
Petr Lautrbach c33ef5
- revert -fips subpackages and hmac files suffixes
Petr Lautrbach c33ef5
Petr Lautrbach f344f8
* Wed Sep 25 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-8 + 0.9.3-5
Petr Lautrbach f344f8
- sshd-keygen: generate only RSA keys by default (#1010092)
Petr Lautrbach f344f8
- use dist tag in suffixes for hmac checksum files
Petr Lautrbach f344f8
Petr Lautrbach eba55f
* Wed Sep 11 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-7 + 0.9.3-5
Petr Lautrbach eba55f
- use hmac_suffix for ssh{,d} hmac checksums
Petr Lautrbach eba55f
- bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A
Petr Lautrbach eba55f
- automatically restart sshd.service on-failure after 42s interval
Petr Lautrbach eba55f
Petr Lautrbach a19397
* Thu Aug 29 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-6.1 + 0.9.3-5
Petr Lautrbach f4e927
- add -fips subpackages that contains the FIPS module files
Petr Lautrbach f4e927
Petr Lautrbach 631ffb
* Wed Jul 31 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-5 + 0.9.3-5
Petr Lautrbach 631ffb
- gssapi credentials need to be stored before a pam session opened (#987792)
Petr Lautrbach 631ffb
Petr Lautrbach 115aad
* Tue Jul 23 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-4 + 0.9.3-5
Petr Lautrbach 115aad
- don't show Success for EAI_SYSTEM (#985964)
Petr Lautrbach 115aad
- make sftp's libedit interface marginally multibyte aware (#841771)
Petr Lautrbach 115aad
Petr Lautrbach 66608a
* Mon Jun 17 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-3 + 0.9.3-5
Petr Lautrbach 66608a
- move default gssapi cache to /run/user/<uid> (#848228)
Petr Lautrbach 66608a
Petr Lautrbach e99c48
* Tue May 21 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-2 + 0.9.3-5
Petr Lautrbach e99c48
- add socket activated sshd units to the package (#963268)
Petr Lautrbach e99c48
- fix the example in the HOWTO.ldap-keys
Petr Lautrbach e99c48
Petr Lautrbach 21acbc
* Mon May 20 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-1 + 0.9.3-5
Petr Lautrbach 21acbc
- new upstream release (#963582)
Petr Lautrbach 21acbc
Petr Lautrbach a92d74
* Wed Apr 17 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-4 + 0.9.3-4
Petr Lautrbach a92d74
- don't use export in sysconfig file (#953111)
Petr Lautrbach a92d74
Petr Lautrbach c276d3
* Tue Apr 16 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-3 + 0.9.3-4
Petr Lautrbach c276d3
- sshd.service: use KillMode=process (#890376)
Petr Lautrbach c276d3
- add latest config.{sub,guess} to support aarch64 (#926284)
Petr Lautrbach c276d3
Petr Lautrbach 104278
* Tue Apr 09 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-2 + 0.9.3-4
Petr Lautrbach 104278
- keep track of which IndentityFile options were manually supplied and
Petr Lautrbach 104278
  which were default options, and don't warn if the latter are missing.
Petr Lautrbach 104278
  (mindrot#2084)
Petr Lautrbach 104278
Petr Lautrbach b6f89a
* Tue Apr 09 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-1 + 0.9.3-4
Petr Lautrbach b6f89a
- new upstream release (#924727)
Petr Lautrbach b6f89a
Petr Lautrbach 1b95bc
* Wed Mar 06 2013 Petr Lautrbach <plautrba@redhat.com> 6.1p1-7 + 0.9.3-3
Petr Lautrbach 1b95bc
- use SELinux type sshd_net_t for [net] childs (#915085)
Petr Lautrbach 1b95bc
Petr Lautrbach 2a7883
* Thu Feb 14 2013 Petr Lautrbach <plautrba@redhat.com> 6.1p1-6 + 0.9.3-3
Petr Lautrbach 2a7883
- fix AuthorizedKeysCommand option
Petr Lautrbach 2a7883
Petr Lautrbach cab7f5
* Fri Feb 08 2013 Petr Lautrbach <plautrba@redhat.com> 6.1p1-5 + 0.9.3-3
Petr Lautrbach cab7f5
- change default value of MaxStartups - CVE-2010-5107 (#908707)
Petr Lautrbach cab7f5
Petr Lautrbach 7642de
* Mon Dec 03 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-4 + 0.9.3-3
Petr Lautrbach 7642de
- fix segfault in openssh-5.8p2-force_krb.patch (#882541)
Petr Lautrbach 7642de
Petr Lautrbach 790103
* Mon Dec 03 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-3 + 0.9.3-3
Petr Lautrbach 790103
- replace RequiredAuthentications2 with AuthenticationMethods based on upstream
Petr Lautrbach 790103
- obsolete RequiredAuthentications[12] options
Petr Lautrbach 790103
- fix openssh-6.1p1-privsep-selinux.patch
Petr Lautrbach 790103
Petr Lautrbach af2ebf
* Fri Oct 26 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-2
Petr Lautrbach af2ebf
- add SELinux comment to /etc/ssh/sshd_config about SELinux command to modify port (#861400)
Petr Lautrbach af2ebf
- drop required chkconfig (#865498)
Petr Lautrbach af2ebf
- drop openssh-5.9p1-sftp-chroot.patch (#830237)
Petr Lautrbach af2ebf
Petr Lautrbach d0630a
* Sat Sep 15 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-1 + 0.9.3-3
Petr Lautrbach d0630a
- new upstream release (#852651)
Petr Lautrbach d0630a
- use DIR: kerberos type cache (#848228)
Petr Lautrbach d0630a
- don't use chroot_user_t for chrooted users (#830237)
Petr Lautrbach d0630a
- replace scriptlets with systemd macros (#850249)
Petr Lautrbach d0630a
- don't use /bin and /sbin paths (#856590)
Petr Lautrbach d0630a
Petr Lautrbach 65ba94
* Mon Aug 06 2012 Petr Lautrbach <plautrba@redhat.com> 6.0p1-1 + 0.9.3-2
Petr Lautrbach 65ba94
- new upstream release
Petr Lautrbach 65ba94
Petr Lautrbach 90e11f
* Mon Aug 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-26 + 0.9.3-1
Petr Lautrbach 90e11f
- change SELinux context also for root user (#827109)
Petr Lautrbach 90e11f
Petr Lautrbach b64889
* Fri Jul 27 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-25 + 0.9.3-1
Petr Lautrbach b64889
- fix various issues in openssh-5.9p1-required-authentications.patch
Petr Lautrbach b64889
Tomas Mraz e96203
* Tue Jul 17 2012 Tomas Mraz <tmraz@redhat.com> 5.9p1-24 + 0.9.3-1
Tomas Mraz e96203
- allow sha256 and sha512 hmacs in the FIPS mode
Tomas Mraz e96203
Tomas Mraz 4f4687
* Fri Jun 22 2012 Tomas Mraz <tmraz@redhat.com> 5.9p1-23 + 0.9.3-1
Tomas Mraz 4f4687
- fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent
Tomas Mraz 4f4687
  is not running, most probably not exploitable
Tomas Mraz 4f4687
- update pam_ssh_agent_auth to 0.9.3 upstream version
Tomas Mraz 4f4687
Petr Lautrbach 2649d9
* Fri Apr 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-22 + 0.9.2-32
Petr Lautrbach 2649d9
- don't create RSA1 key in FIPS mode
Petr Lautrbach 2649d9
- don't install sshd-keygen.service (#810419)
Petr Lautrbach 2649d9
Petr Lautrbach 7294a9
* Fri Mar 30 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-21 + 0.9.2-32
Petr Lautrbach 7294a9
- fix various issues in openssh-5.9p1-required-authentications.patch
Petr Lautrbach 7294a9
Petr Lautrbach 22f019
* Wed Mar 21 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-20 + 0.9.2-32
Petr Lautrbach 22f019
- Fix dependencies in systemd units, don't enable sshd-keygen.service (#805338)
Petr Lautrbach 22f019
Petr Lautrbach 33e0ac
* Wed Feb 22 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-19 + 0.9.2-32
Petr Lautrbach 33e0ac
- Look for x11 forward sockets with AI_ADDRCONFIG flag getaddrinfo (#735889)
Petr Lautrbach 33e0ac
Petr Lautrbach d3ab95
* Mon Feb 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-18 + 0.9.2-32
Petr Lautrbach d3ab95
- replace TwoFactorAuth with RequiredAuthentications[12]
Petr Lautrbach d3ab95
  https://bugzilla.mindrot.org/show_bug.cgi?id=983
Petr Lautrbach d3ab95
Petr Lautrbach 21699d
* Tue Jan 31 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-17 + 0.9.2-32
Petr Lautrbach 21699d
- run privsep slave process as the users SELinux context (#781634)
Petr Lautrbach 21699d
Petr Lautrbach 19725a
* Tue Dec 13 2011 Tomas Mraz <tmraz@redhat.com> 5.9p1-16 + 0.9.2-32
Tomas Mraz 017c65
- add CAVS test driver for the aes-ctr ciphers
Tomas Mraz 017c65
Petr Lautrbach 19725a
* Sun Dec 11 2011 Tomas Mraz <tmraz@redhat.com> 5.9p1-15 + 0.9.2-32
Tomas Mraz 6148ab
- enable aes-ctr ciphers use the EVP engines from OpenSSL such as the AES-NI
Tomas Mraz 6148ab
Petr Lautrbach 2e1287
* Tue Dec 06 2011 Petr Lautrbach <plautrba@redhat.com> 5.9p1-14 + 0.9.2-32
Petr Lautrbach 2e1287
- warn about unsupported option UsePAM=no (#757545)
Petr Lautrbach 2e1287
Tomas Mraz 4fc167
* Mon Nov 21 2011 Tomas Mraz <tmraz@redhat.com> - 5.9p1-13 + 0.9.2-32
Tomas Mraz 4fc167
- add back the restorecon call to ssh-copy-id - it might be needed on older
Tomas Mraz 4fc167
  distributions (#739989)
Tomas Mraz 4fc167
Tomas Mraz 17eb10
* Fri Nov 18 2011 Tomas Mraz <tmraz@redhat.com> - 5.9p1-12 + 0.9.2-32
Tomas Mraz 17eb10
- still support /etc/sysconfig/sshd loading in sshd service (#754732)
Tomas Mraz 81da99
- fix incorrect key permissions generated by sshd-keygen script (#754779)
Tomas Mraz 17eb10
Tomas Mraz 0fcb25
* Fri Oct 14 2011 Tomas Mraz <tmraz@redhat.com> - 5.9p1-11 + 0.9.2-32
Tomas Mraz 0fcb25
- remove unnecessary requires on initscripts
Tomas Mraz 0fcb25
- set VerifyHostKeyDNS to ask in the default configuration (#739856)
Tomas Mraz 0fcb25
Jan F. Chadima 28b0dc
* Mon Sep 19 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-10 + 0.9.2-32
Jan F. Chadima 28b0dc
- selinux sandbox rewrite
Jan F. Chadima 28b0dc
- two factor authentication tweaking
Jan F. Chadima 28b0dc
Jan F. Chadima cff1d0
* Wed Sep 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-9 + 0.9.2-32
Jan F. Chadima cff1d0
- coverity upgrade
Jan F. Chadima cff1d0
- wipe off nonfunctional nss
Jan F. Chadima cff1d0
- selinux sandbox tweaking
Jan F. Chadima cff1d0
Jan F. Chadima c870e6
* Tue Sep 13 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-8 + 0.9.2-32
Jan F. Chadima c870e6
- coverity upgrade
Jan F. Chadima c870e6
- experimental selinux sandbox
Jan F. Chadima c870e6
JFCH c2ea13
* Tue Sep 13 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-7 + 0.9.2-32
JFCH c2ea13
- fully reanable auditing
JFCH c2ea13
Jan F. Chadima 1df0cf
* Mon Sep 12 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-6 + 0.9.2-32
Jan F. Chadima 1df0cf
- repair signedness in akc patch
Jan F. Chadima 1df0cf
Jan F. Chadima 026db1
* Mon Sep 12 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-5 + 0.9.2-32
Jan F. Chadima 39b26b
- temporarily disable part of audit4 patch
Jan F. Chadima 39b26b
Jan F. Chadima ea97ff
* Fri Sep  9 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-3 + 0.9.2-32
Jan F. Chadima ea97ff
- Coverity second pass
Jan F. Chadima ea97ff
- Reenable akc patch
Jan F. Chadima ea97ff
Jan F. Chadima 3b545b
* Thu Sep  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-2 + 0.9.2-32
Jan F. Chadima 3b545b
- Coverity first pass
Jan F. Chadima 3b545b
Jan F. Chadima 311e6b
* Wed Sep  7 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-1 + 0.9.2-32
Jan F. Chadima 311e6b
- Rebase to 5.9p1
Jan F. Chadima 311e6b
- Add chroot sftp patch
Jan F. Chadima 311e6b
- Add two factor auth patch
Jan F. Chadima 311e6b
Jan F. Chadima 19d4c7
* Tue Aug 23 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-21 + 0.9.2-31
Jan F. Chadima 19d4c7
- ignore SIGPIPE in ssh keyscan
Jan F. Chadima 19d4c7
Jan F. Chadima 2b67a5
* Tue Aug  9 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-20 + 0.9.2-31
Jan F. Chadima 2b67a5
- save ssh-askpass's debuginfo
Jan F. Chadima 2b67a5
Jan F. Chadima 56b50e
* Mon Aug  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-19 + 0.9.2-31
Jan F. Chadima 56b50e
- compile ssh-askpass with corect CFLAGS
Jan F. Chadima 56b50e
Jan F. Chadima 54f33f
* Mon Aug  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-18 + 0.9.2-31
Jan F. Chadima 54f33f
- improve selinux's change context log 
Jan F. Chadima 54f33f
Jan F. Chadima ec3622
* Mon Aug  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-17 + 0.9.2-31
Jan F. Chadima ec3622
- repair broken man pages
Jan F. Chadima ec3622
Jan F. Chadima d704ea
* Mon Jul 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-16 + 0.9.2-31
Jan F. Chadima ec3622
- rebuild due to broken rpmbiild
Jan F. Chadima d704ea
Jan F. Chadima 294ca7
* Thu Jul 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-15 + 0.9.2-31
Jan F. Chadima 294ca7
- Do not change context when run under unconfined_t
Jan F. Chadima 294ca7
Jan F. Chadima d3d340
* Thu Jul 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-14 + 0.9.2-31
Jan F. Chadima 0d4fd5
- Add postlogin to pam. (#718807)
Jan F. Chadima 0d4fd5
Jan F. Chadima d56cc3
* Tue Jun 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-12 + 0.9.2-31
Jan F 5c8b5c
- Systemd compatibility according to Mathieu Bridon <bochecha@fedoraproject.org>
Jan F 5c8b5c
- Split out the host keygen into their own command, to ease future migration
Jan F 5c8b5c
  to systemd. Compatitbility with the init script was kept.
Jan F 5c8b5c
- Migrate the package to full native systemd unit files, according to the Fedora
Jan F 5c8b5c
  packaging guidelines.
Jan F 5c8b5c
- Prepate the unit files for running an ondemand server. (do not add it actually)
Jan F 5c8b5c
Jan F 29b683
* Tue Jun 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-10 + 0.9.2-31
Jan F 29b683
- Mention IPv6 usage in man pages
Jan F 29b683
Jan F d3542d
* Mon Jun 20 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-9 + 0.9.2-31
Jan F ef264f
- Improve init script
Jan F ef264f
Jan F 6bd5ca
* Thu Jun 16 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-7 + 0.9.2-31
Jan F 6bd5ca
- Add possibility to compile openssh without downstream patches
Jan F 6bd5ca
Jan F. Chadima 6a2cfe
* Thu Jun  9 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-6 + 0.9.2-31
Jan F. Chadima 6a2cfe
- remove stale control sockets (#706396)
Jan F. Chadima 6a2cfe
Jan F bc60f3
* Tue May 31 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-5 + 0.9.2-31
Jan F bc60f3
- improove entropy manuals
Jan F bc60f3
Jan F 0e9135
* Fri May 27 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-4 + 0.9.2-31
Jan F 0e9135
- improove entropy handling
Jan F 0e9135
- concat ldap patches
Jan F 0e9135
Jan F ba32c8
* Tue May 24 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-3 + 0.9.2-31
Jan F ba32c8
- improove ldap manuals
Jan F ba32c8
Jan F 5b4ccb
* Mon May 23 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-2 + 0.9.2-31
Jan F 5b4ccb
- add gssapi forced command
Jan F 5b4ccb
Jan F 87ae97
* Tue May  3 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-1 + 0.9.2-31
Jan F c2c99d
- update the openssh version
Jan F 87ae97
Jan F c0cd66
* Thu Apr 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-34 + 0.9.2-30
Jan F c0cd66
- temporarily disabling systemd units
Jan F c0cd66
Jan F 9c4d06
* Wed Apr 27 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-33 + 0.9.2-30
Jan F 9c4d06
- add flags AI_V4MAPPED and AI_ADDRCONFIG to getaddrinfo
Jan F 9c4d06
Jan F 6077c7
* Tue Apr 26 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-32 + 0.9.2-30
Jan F 2cd304
- update scriptlets
Jan F 2cd304
Jan F 56091f
* Fri Apr 22 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-30 + 0.9.2-30
Jan F 53f618
- add systemd units
Jan F 53f618
Jan F 53f618
* Fri Apr 22 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-28 + 0.9.2-30
Jan F e93cf2
- improving sshd -> passwd transation
Jan F 0e46f2
- add template for .local domain to sshd_config
Jan F e93cf2
Jan F 1ddd0e
* Thu Apr 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-27 + 0.9.2-30
Jan F 1ddd0e
- the private keys may be 640 root:ssh_keys ssh_keysign is sgid
Jan F 1ddd0e
Jan F c7ffe0
* Wed Apr 20 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-26 + 0.9.2-30
Jan F c7ffe0
- improving sshd -> passwd transation
Jan F c7ffe0
Jan F 439c34
* Tue Apr  5 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-25 + 0.9.2-30
Jan F 8bc65c
- the intermediate context is set to sshd_sftpd_t
Jan F 8bc65c
- do not crash in packet.c if no connection
Jan F 8bc65c
Jan F 8a77a1
* Thu Mar 31 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-24 + 0.9.2-30
Jan F 8a77a1
- resolve warnings in port_linux.c
Jan F 8a77a1
Jan F 11896a
* Tue Mar 29 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-23 + 0.9.2-30
Jan F 11896a
- add /etc/sysconfig/sshd
Jan F 11896a
Jan F 0553df
* Mon Mar 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-22 + 0.9.2-30
Jan F 0553df
- improve reseeding and seed source (documentation)
Jan F e6d33e
Jan F 39c7b0
* Tue Mar 22 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-20 + 0.9.2-30
Jan F 3657ad
- use /dev/random or /dev/urandom for seeding prng
Jan F 39c7b0
- improve periodical reseeding of random generator
Jan F 3657ad
Jan F 8fe150
* Thu Mar 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-18 + 0.9.2-30
Jan F 8fe150
- add periodical reseeding of random generator 
Jan F 8fe150
- change selinux contex for internal sftp in do_usercontext
Jan F 8fe150
- exit(0) after sigterm
Jan F 8fe150
Jan F 9404cd
* Thu Mar 10 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-17 + 0.9.2-30
Jan F 9404cd
- improove ssh-ldap (documentation)
Jan F 9404cd
Jan F d1fc5c
* Tue Mar  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-16 + 0.9.2-30
Jan F d1fc5c
- improve session keys audit
Jan F d1fc5c
Jan F 71d3d9
* Mon Mar  7 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-15 + 0.9.2-30
Jan F 71d3d9
- CVE-2010-4755
Jan F 71d3d9
Jan F 825921
* Fri Mar  4 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-14 + 0.9.2-30
Jan F 9404cd
- improove ssh-keycat (documentation)
Jan F 825921
Jan F edc172
* Thu Mar  3 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-13 + 0.9.2-30
Jan F edc172
- improve audit of logins and auths
Jan F edc172
Jan F 1499a2
* Tue Mar  1 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-12 + 0.9.2-30
Jan F 1499a2
- improove ssk-keycat
Jan F 1499a2
Jan F 99f427
* Mon Feb 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-11 + 0.9.2-30
Jan F 99f427
- add ssk-keycat
Jan F 99f427
Jan F b93498
* Fri Feb 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-10 + 0.9.2-30
Jan F b93498
- reenable auth-keys ldap backend
Jan F b93498
Jan F 48446f
* Fri Feb 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-9 + 0.9.2-30
Jan F 48446f
- another audit improovements
Jan F 48446f
Jan F f9ff10
* Thu Feb 24 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-8 + 0.9.2-30
Jan F 9cefae
- another audit improovements
Jan F 48446f
- switchable fingerprint mode
Jan F 9cefae
Jan F 2c1a4a
* Thu Feb 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-4 + 0.9.2-30
Jan F 48446f
- improve audit of server key management
Jan F 2c1a4a
Jan F b9127e
* Wed Feb 16 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-3 + 0.9.2-30
Jan F 483c73
- improve audit of logins and auths
Jan F 483c73
Jan F 003cb0
* Mon Feb 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-1 + 0.9.2-30
Jan F 003cb0
- bump openssh version to 5.8p1
Jan F 003cb0
fa335e
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.6p1-30.1
fa335e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
fa335e
Jan F cfb0f3
* Mon Feb  7 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-30 + 0.9.2-29
Jan F cfb0f3
- clean the data structures in the non privileged process
Jan F 865391
- clean the data structures when roaming
Jan F 865391
Petr Lautrbach 19725a
* Wed Feb  2 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-28 + 0.9.2-29
Jan F 6f9316
- clean the data structures in the privileged process
Jan F 6f9316
Jan F f00e4a
* Tue Jan 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-25 + 0.9.2-29
Jan F f00e4a
- clean the data structures before exit net process
Jan F f00e4a
Jan F af8738
* Mon Jan 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-24 + 0.9.2-29
Jan F af8738
- make audit compatible with the fips mode
Jan F af8738
Jan F 92eab1
* Fri Jan 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-23 + 0.9.2-29
Jan F 92eab1
- add audit of destruction the server keys
Jan F 92eab1
Jan F 5c20fa
* Wed Jan 12 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-22 + 0.9.2-29
Jan F 5c20fa
- add audit of destruction the session keys
Jan F 5c20fa
Jan F. Chadima a7cb7d
* Fri Dec 10 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-21 + 0.9.2-29
Jan F. Chadima a7cb7d
- reenable run sshd as non root user
Jan F. Chadima a7cb7d
- renable rekeying
Jan F. Chadima a7cb7d
Jan F 436639
* Wed Nov 24 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-20 + 0.9.2-29
Jan F 436639
- reapair clientloop crash (#627332)
Jan F bb5eb0
- properly restore euid in case connect to the ssh-agent socket fails
Jan F bb5eb0
Jan F. Chadima d2ed53
* Mon Nov 22 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-19 + 0.9.2-28
Jan F. Chadima d2ed53
- striped read permissions from suid and sgid binaries
Jan F. Chadima d2ed53
Jan F 7c53d7
* Mon Nov 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-18 + 0.9.2-27
Jan F 7c53d7
- used upstream version of the biguid patch
Jan F 7c53d7
Jan F 82036a
* Mon Nov 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-17 + 0.9.2-27
Jan F 82036a
- improoved kuserok patch
Jan F 82036a
Jan F 5daee1
* Fri Nov  5 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-16 + 0.9.2-27
Jan F 5daee1
- add auditing the host based key ussage
Jan F 5daee1
- repait X11 abstract layer socket (#648896)
Jan F 5daee1
Jan F. Chadima f44bde
* Wed Nov  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-15 + 0.9.2-27
Jan F. Chadima f44bde
- add auditing the kex result
Jan F. Chadima f44bde
Petr Lautrbach 19725a
* Tue Nov  2 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-14 + 0.9.2-27
Jan F 0f4c82
- add auditing the key ussage
Jan F 0f4c82
Petr Lautrbach 19725a
* Wed Oct 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-12 + 0.9.2-27
Jan F 2d0bc8
- update gsskex patch (#645389)
Jan F 2d0bc8
Jan F ba25ec
* Wed Oct 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-11 + 0.9.2-27
Jan F ba25ec
- rebase linux audit according to upstream
Jan F ba25ec
Jan F. Chadima cf74d5
* Fri Oct  1 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-10 + 0.9.2-27
Jan F. Chadima cf74d5
- add missing headers to linux audit
Jan F. Chadima cf74d5
Jan F faae1e
* Wed Sep 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-9 + 0.9.2-27
Jan F faae1e
- audit module now uses openssh audit framevork
Jan F faae1e
Jan F 46c77f
* Wed Sep 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-8 + 0.9.2-27
Jan F 46c77f
- Add the GSSAPI kuserok switch to the kuserok patch
Jan F 46c77f
Jan F 4c4aa1
* Wed Sep 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-7 + 0.9.2-27
Jan F 4c4aa1
- Repaired the kuserok patch
Jan F 4c4aa1
Jan F ce0606
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-6 + 0.9.2-27
Jan F ce0606
- Repaired the problem with puting entries with very big uid into lastlog
Jan F ce0606
Jan F 84d568
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-5 + 0.9.2-27
Jan F 84d568
- Merging selabel patch with the upstream version. (#632914)
Jan F 84d568
Jan F 93909d
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-4 + 0.9.2-27
Jan F 84d568
- Tweaking selabel patch to work properly without selinux rules loaded. (#632914)
Jan F 93909d
Tomas Mraz 13fa78
* Wed Sep  8 2010 Tomas Mraz <tmraz@redhat.com> - 5.6p1-3 + 0.9.2-27
Tomas Mraz 13fa78
- Make fipscheck hmacs compliant with FHS - requires new fipscheck
Tomas Mraz 13fa78
Jan F f7e15d
* Fri Sep  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-2 + 0.9.2-27
Jan F f7e15d
- Added -z relro -z now to LDFLAGS
Jan F f7e15d
Jan F. Chadima c6801b
* Fri Sep  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-1 + 0.9.2-27
Jan F. Chadima c6801b
- Rebased to openssh5.6p1
Jan F. Chadima c6801b
Jan F. Chadima 7818e5
* Wed Jul  7 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-18 + 0.9.2-26
Jan F. Chadima 7818e5
- merged with newer bugzilla's version of authorized keys command patch
Jan F. Chadima 7818e5
Jan F. Chadima eb358a
* Wed Jun 30 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-17 + 0.9.2-26
Jan F. Chadima eb358a
- improved the x11 patch according to upstream (#598671)
Jan F. Chadima eb358a
Petr Lautrbach 19725a
* Fri Jun 25 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-16 + 0.9.2-26
Jan F. Chadima a3dee6
- improved the x11 patch (#598671)
Jan F. Chadima a3dee6
Jan F. Chadima 41a56c
* Thu Jun 24 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-15 + 0.9.2-26
Jan F. Chadima 41a56c
- changed _PATH_UNIX_X to unexistent file name (#598671)
Jan F. Chadima 41a56c
Jan F. Chadima 411b91
* Wed Jun 23 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-14 + 0.9.2-26
Jan F. Chadima 411b91
- sftp works in deviceless chroot again (broken from 5.5p1-3)
Jan F. Chadima 411b91
Jan F. Chadima 59d42d
* Tue Jun  8 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-13 + 0.9.2-26
Jan F. Chadima 59d42d
- add option to switch out krb5_kuserok
Jan F. Chadima 59d42d
Jan F. Chadima 2fd105
* Fri May 21 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-12 + 0.9.2-26
Jan F. Chadima 2fd105
- synchronize uid and gid for the user sshd
Jan F. Chadima 2fd105
Jan F. Chadima b1a625
* Thu May 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-11 + 0.9.2-26
Jan F. Chadima b1a625
- Typo in ssh-ldap.conf(5) and ssh-ladap-helper(8)
Jan F. Chadima b1a625
Jan F. Chadima 99d9a3
* Fri May 14 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-10 + 0.9.2-26
Jan F. Chadima 99d9a3
- Repair the reference in man ssh-ldap-helper(8)
Jan F. Chadima 99d9a3
- Repair the PubkeyAgent section in sshd_config(5)
Jan F. Chadima 99d9a3
- Provide example ldap.conf
Jan F. Chadima 99d9a3
Jan F. Chadima 222d52
* Thu May 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-9 + 0.9.2-26
Jan F. Chadima 222d52
- Make the Ldap configuration widely compatible
Jan F. Chadima 222d52
- create the aditional docs for LDAP support.
Jan F. Chadima 222d52
Jan F. Chadima 4669c3
* Thu May  6 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-8 + 0.9.2-26
Jan F. Chadima 4669c3
- Make LDAP config elements TLS_CACERT and TLS_REQCERT compatiple with pam_ldap (#589360)
Jan F. Chadima 4669c3
Jan F. Chadima b6bdf1
* Thu May  6 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-7 + 0.9.2-26
Jan F. Chadima b6bdf1
- Make LDAP config element tls_checkpeer compatiple with nss_ldap (#589360)
Jan F. Chadima b6bdf1
Jan F. Chadima 6fa4d8
* Tue May  4 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-6 + 0.9.2-26
Jan F. Chadima 6fa4d8
- Comment spec.file
Jan F. Chadima 6fa4d8
- Sync patches from upstream
Jan F. Chadima 6fa4d8
Jan F. Chadima 3fdf10
* Mon May  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-5 + 0.9.2-26
Jan F. Chadima 3fdf10
- Create separate ldap package
Jan F. Chadima 3fdf10
- Tweak the ldap patch
Jan F. Chadima 3fdf10
- Rename stderr patch properly
Jan F. Chadima 3fdf10
Petr Lautrbach 19725a
* Thu Apr 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-4 + 0.9.2-26
Jan F. Chadima 7e7fb4
- Added LDAP support
Jan F. Chadima 7e7fb4
Jan F. Chadima 2220e6
* Mon Apr 26 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-3 + 0.9.2-26
Jan F. Chadima 2220e6
- Ignore .bashrc output to stderr in the subsystems
Jan F. Chadima 2220e6
Jan F. Chadima 9e777a
* Tue Apr 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-2 + 0.9.2-26
Jan F. Chadima 9e777a
- Drop dependency on man
Jan F. Chadima 9e777a
Jan F. Chadima 82bc82
* Fri Apr 16 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-1 + 0.9.2-26
Jan F. Chadima 82bc82
- Update to 5.5p1
Jan F. Chadima 82bc82
Jan F. Chadima b82340
* Fri Mar 12 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-3 + 0.9.2-25
Jan F. Chadima 50a3dd
- repair configure script of pam_ssh_agent
Jan F. Chadima b82340
- repair error mesage in ssh-keygen
Jan F. Chadima 50a3dd
Jan F. Chadima 264029
* Fri Mar 12 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-2
Jan F. Chadima 264029
- source krb5-devel profile script only if exists
Jan F. Chadima 264029
Jan F. Chadima d1a73d
* Tue Mar  9 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-1
Jan F. Chadima d1a73d
- Update to 5.4p1
Jan F. Chadima 04cab1
- discontinued support for nss-keys
Jan F. Chadima 04cab1
- discontinued support for scard
Jan F. Chadima d1a73d
Jan F. Chadima 974c89
* Wed Mar  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-0.snap20100302.1
Jan F. Chadima 974c89
- Prepare update to 5.4p1
Jan F. Chadima 974c89
Jan F. Chadima 806a11
* Mon Feb 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-22
Jan F. Chadima 806a11
- ImplicitDSOLinking (#564824)
Jan F. Chadima 806a11
Jan F. Chadima a2a0cf
* Fri Jan 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-21
Jan F. Chadima a2a0cf
- Allow to use hardware crypto if awailable (#559555)
Jan F. Chadima a2a0cf
Jan F. Chadima 606b55
* Mon Jan 25 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-20
Jan F. Chadima 606b55
- optimized FD_CLOEXEC on accept socket (#541809)
Jan F. Chadima 606b55
Tomáš Mráz 745155
* Mon Jan 25 2010 Tomas Mraz <tmraz@redhat.com> - 5.3p1-19
Tomáš Mráz 745155
- updated pam_ssh_agent_auth to new version from upstream (just
Tomáš Mráz 745155
  a licence change)
Tomáš Mráz 745155
Jan F. Chadima e39eb5
* Thu Jan 21 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-18
Jan F. Chadima e39eb5
- optimized RAND_cleanup patch (#557166)
Jan F. Chadima e39eb5
Jan F. Chadima 28355b
* Wed Jan 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-17
Jan F. Chadima 28355b
- add RAND_cleanup at the exit of each program using RAND (#557166)
Jan F. Chadima 28355b
Jan F. Chadima 313100
* Tue Jan 19 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-16
Jan F. Chadima 313100
- set FD_CLOEXEC on accepted socket (#541809)
Jan F. Chadima 313100
Jan F. Chadima 37c0ae
* Fri Jan  8 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-15
Jan F. Chadima b8bdc7
- replaced define by global in macros
Jan F. Chadima b8bdc7
Jan F. Chadima 9051e5
* Tue Jan  5 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-14
Jan F. Chadima 9051e5
- Update the pka patch
Jan F. Chadima 9051e5
Jan F. Chadima ecd50f
* Mon Dec 21 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-13
Jan F. Chadima ecd50f
- Update the audit patch
Jan F. Chadima ecd50f
Jan F. Chadima c32d4a
* Fri Dec  4 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-12
Jan F. Chadima c32d4a
- Add possibility to autocreate only RSA key into initscript (#533339)
Jan F. Chadima c32d4a
Jan F. Chadima 6323f6
* Fri Nov 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-11
Jan F. Chadima 6323f6
- Prepare NSS key patch for future SEC_ERROR_LOCKED_PASSWORD (#537411)
Jan F. Chadima 6323f6
Jan F. Chadima 0a6423
* Tue Nov 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-10
Jan F. Chadima 0a6423
- Update NSS key patch (#537411, #356451)
Jan F. Chadima 0a6423
Jan F. Chadima 0a6423
* Fri Nov 20 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-9
Jan F. Chadima 3d742c
- Add gssapi key exchange patch (#455351)
Jan F. Chadima 3d742c
Jan F. Chadima 3d742c
* Fri Nov 20 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-8
Jan F. Chadima 201f4a
- Add public key agent patch (#455350)
Jan F. Chadima 201f4a
Jan F. Chadima d2767e
* Mon Nov  2 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-7
Jan F. Chadima d2767e
- Repair canohost patch to allow gssapi to work when host is acessed via pipe proxy (#531849)
Jan F. Chadima d2767e
Jan F. Chadima 5fb555
* Thu Oct 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-6
Jan F. Chadima 5fb555
- Modify the init script to prevent it to hang during generating the keys (#515145)
Jan F. Chadima 5fb555
Jan F. Chadima 838d93
* Tue Oct 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-5
Jan F. Chadima 838d93
- Add README.nss
Jan F. Chadima 838d93
Tomáš Mráz e47cb0
* Mon Oct 19 2009 Tomas Mraz <tmraz@redhat.com> - 5.3p1-4
Tomáš Mráz e47cb0
- Add pam_ssh_agent_auth module to a subpackage.
Tomáš Mráz e47cb0
Jan F. Chadima 2ed3f9
* Fri Oct 16 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-3
Jan F. Chadima 2ed3f9
- Reenable audit.
Jan F. Chadima 2ed3f9
Jan F. Chadima c54a8b
* Fri Oct  2 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-2
Jan F. Chadima 35695c
- Upgrade to new wersion 5.3p1
Jan F. Chadima 35695c
Jan F. Chadima 71e874
* Tue Sep 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-29
Jan F. Chadima 71e874
- Resolve locking in ssh-add (#491312)
Jan F. Chadima 71e874
Jan F. Chadima f013be
* Thu Sep 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-28
Jan F. Chadima cee78e
- Repair initscript to be acord to guidelines (#521860)
Jan F. Chadima cee78e
- Add bugzilla# to application of edns and xmodifiers patch
Jan F. Chadima cee78e
Jan F. Chadima 4330e6
* Wed Sep 16 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-26
Jan F. Chadima 4330e6
- Changed pam stack to password-auth
Jan F. Chadima 4330e6
Jan F. Chadima 0447c9
* Fri Sep 11 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-25
Jan F. Chadima 0447c9
- Dropped homechroot patch
Jan F. Chadima 0447c9
Jan F. Chadima 257d66
* Mon Sep  7 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-24
Jan F. Chadima 257d66
- Add check for nosuid, nodev in homechroot
Jan F. Chadima 257d66
Jan F. Chadima 49d0cf
* Tue Sep  1 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-23
Jan F. Chadima 49d0cf
- add correct patch for ip-opts
Jan F. Chadima 49d0cf
Jan F. Chadima bd8eb9
* Tue Sep  1 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-22
Jan F. Chadima bd8eb9
- replace ip-opts patch by an upstream candidate version
Jan F. Chadima bd8eb9
Jan F. Chadima ce94da
* Mon Aug 31 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-21
Jan F. Chadima 726565
- rearange selinux patch to be acceptable for upstream
Jan F. Chadima 726565
- replace seftp patch by an upstream version
Jan F. Chadima 726565
Jan F. Chadima 15914f
* Fri Aug 28 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-20
Jan F. Chadima 15914f
- merged xmodifiers to redhat patch
Jan F. Chadima 15914f
- merged gssapi-role to selinux patch
Jan F. Chadima 15914f
- merged cve-2007_3102 to audit patch
Jan F. Chadima 15914f
- sesftp patch only with WITH_SELINUX flag
Jan F. Chadima 56bb42
- rearange sesftp patch according to upstream request
Jan F. Chadima 15914f
Jan F. Chadima 214b7b
* Wed Aug 26 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-19
Jan F. Chadima 214b7b
- minor change in sesftp patch
Jan F. Chadima 214b7b
Tomáš Mráz 80bcb1
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-18
Tomáš Mráz 80bcb1
- rebuilt with new openssl
Tomáš Mráz 80bcb1
Jan F. Chadima 986cee
* Thu Jul 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-17
Jan F. Chadima cee78e
- Added dnssec support. (#205842)
Jan F. Chadima 986cee
Jesse Keating 42c539
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.2p1-16
Jesse Keating 42c539
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
Jesse Keating 42c539
Jan F. Chadima aa8983
* Fri Jul 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-15
Jan F. Chadima aa8983
- only INTERNAL_SFTP can be home-chrooted
Jan F. Chadima aa8983
- save _u and _r parts of context changing to sftpd_t
Jan F. Chadima aa8983
Jan F. Chadima 3d6b00
* Fri Jul 17 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-14
Jan F. Chadima 3d6b00
- changed internal-sftp context to sftpd_t
Jan F. Chadima 3d6b00
Jan F. Chadima 3d6b00
* Fri Jul  3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-13
Jan F. Chadima 3d6b00
- changed home length path patch to upstream version
Jan F. Chadima 3d6b00
Jan F. Chadima 3d6b00
* Tue Jun 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-12
Jan F. Chadima ca05b3
- create '~/.ssh/known_hosts' within proper context
Jan F. Chadima ca05b3
Jan F. Chadima f4b0b4
* Mon Jun 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-11
Jan F. Chadima f4b0b4
- length of home path in ssh now limited by PATH_MAX
Jan F. Chadima ca05b3
- correct timezone with daylight processing
Jan F. Chadima f4b0b4
Jan F. Chadima eca05f
* Sat Jun 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-10
Jan F. Chadima eca05f
- final version chroot %%h (sftp only)
Jan F. Chadima eca05f
Jan F. Chadima c1398b
* Tue Jun 23 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-9
Jan F. Chadima c1398b
- repair broken ls in chroot %%h
Jan F. Chadima c1398b
Jan F. Chadima ecd846
* Fri Jun 12 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-8
Jan F. Chadima cee78e
- add XMODIFIERS to exported environment (#495690)
Jan F. Chadima e45f2c
Tomáš Mráz 76f329
* Fri May 15 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-6
Tomáš Mráz 76f329
- allow only protocol 2 in the FIPS mode
Tomáš Mráz 76f329
Tomáš Mráz 685b62
* Thu Apr 30 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-5
Tomáš Mráz 685b62
- do integrity verification only on binaries which are part
Tomáš Mráz 685b62
  of the OpenSSH FIPS modules
Tomáš Mráz 685b62
Tomáš Mráz 0a4fa5
* Mon Apr 20 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-4
Tomáš Mráz 0a4fa5
- log if FIPS mode is initialized
Tomáš Mráz 0a4fa5
- make aes-ctr cipher modes work in the FIPS mode
Tomáš Mráz 0a4fa5
Jan F. Chadima 061e21
* Fri Apr  3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-3
Jan F. Chadima 061e21
- fix logging after chroot
Jan F. Chadima 3a94ae
- enable non root users to use chroot %%h in internal-sftp
Jan F. Chadima 061e21
Tomáš Mráz 0f07b4
* Fri Mar 13 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-2
Tomáš Mráz 0f07b4
- add AES-CTR ciphers to the FIPS mode proposal
Tomáš Mráz 0f07b4
Tomáš Mráz 0f07b4
* Mon Mar  9 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-1
Jan F. Chadima a3ba41
- upgrade to new upstream release
Jan F. Chadima a3ba41
Jesse Keating c5f25a
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.1p1-8
Jesse Keating c5f25a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
Jesse Keating c5f25a
Tomáš Mráz d93958
* Thu Feb 12 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-7
Tomáš Mráz d93958
- drop obsolete triggers
Tomáš Mráz d93958
- add testing FIPS mode support
Tomáš Mráz d93958
- LSBize the initscript (#247014)
Tomáš Mráz d93958
Tomáš Mráz ff6d59
* Fri Jan 30 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-6
Tomáš Mráz ff6d59
- enable use of ssl engines (#481100)
Tomáš Mráz ff6d59
Tomáš Mráz 6a5e29
* Thu Jan 15 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-5
Tomáš Mráz 6a5e29
- remove obsolete --with-rsh (#478298)
Tomáš Mráz 6a5e29
- add pam_sepermit to allow blocking confined users in permissive mode
Tomáš Mráz 6a5e29
  (#471746)
Tomáš Mráz 6a5e29
- move system-auth after pam_selinux in the session stack
Tomáš Mráz 6a5e29
Tomáš Mráz 9e5c6e
* Thu Dec 11 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-4
Tomáš Mráz 9e5c6e
- set FD_CLOEXEC on channel sockets (#475866)
Tomáš Mráz 9e5c6e
- adjust summary
Tomáš Mráz 9e5c6e
- adjust nss-keys patch so it is applicable without selinux patches (#470859)
Tomáš Mráz 9e5c6e
Tomáš Mráz b9a07a
* Fri Oct 17 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-3
Tomáš Mráz b9a07a
- fix compatibility with some servers (#466818)
Tomáš Mráz b9a07a
Tomáš Mráz 578f0d
* Thu Jul 31 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-2
Tomáš Mráz 578f0d
- fixed zero length banner problem (#457326)
Tomáš Mráz 578f0d
Tomáš Mráz 93a474
* Wed Jul 23 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-1
Tomáš Mráz 93a474
- upgrade to new upstream release
Tomáš Mráz 93a474
- fixed a problem with public key authentication and explicitely
Tomáš Mráz 93a474
  specified SELinux role
Tomáš Mráz 93a474
Tomáš Mráz 077dad
* Wed May 21 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-3
Tomáš Mráz 077dad
- pass the connection socket to ssh-keysign (#447680)
Tomáš Mráz 077dad
Tomáš Mráz 1961bc
* Mon May 19 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-2
Tomáš Mráz 1961bc
- add LANGUAGE to accepted/sent environment variables (#443231)
Tomáš Mráz 1961bc
- use pam_selinux to obtain the user context instead of doing it itself
Tomáš Mráz 1961bc
- unbreak server keep alive settings (patch from upstream)
Tomáš Mráz 1961bc
- small addition to scp manpage
Tomáš Mráz 1961bc
Tomáš Mráz ca47f6
* Mon Apr  7 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-1
Tomáš Mráz ca47f6
- upgrade to new upstream (#441066)
Tomáš Mráz ca47f6
- prevent initscript from killing itself on halt with upstart (#438449)
Tomáš Mráz ca47f6
- initscript status should show that the daemon is running
Tomáš Mráz ca47f6
  only when the main daemon is still alive (#430882)
Tomáš Mráz ca47f6
Tomáš Mráz ca47f6
* Thu Mar  6 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-10
Tomáš Mráz ca47f6
- fix race on control master and cleanup stale control socket (#436311)
Tomáš Mráz ca47f6
  patches by David Woodhouse
Tomáš Mráz ca47f6
Tomáš Mráz 2cb0e7
* Fri Feb 29 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-9
Tomáš Mráz 2cb0e7
- set FD_CLOEXEC on client socket
Tomáš Mráz 2cb0e7
- apply real fix for window size problem (#286181) from upstream
Tomáš Mráz 2cb0e7
- apply fix for the spurious failed bind from upstream
Tomáš Mráz 2cb0e7
- apply open handle leak in sftp fix from upstream
Tomáš Mráz 2cb0e7
Dennis Gilmore 91bdf4
* Tue Feb 12 2008 Dennis Gilmore <dennis@ausil.us> - 4.7p1-8
Dennis Gilmore 91bdf4
- we build for sparcv9 now  and it needs -fPIE
Dennis Gilmore 91bdf4
Tomáš Mráz 993dd1
* Thu Jan  3 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-7
Tomáš Mráz 993dd1
- fix gssapi auth with explicit selinux role requested (#427303) - patch
Tomáš Mráz 993dd1
  by Nalin Dahyabhai
Tomáš Mráz 993dd1
Tomáš Mráz 3457e3
* Tue Dec  4 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-6
Tomáš Mráz 2cc09c
- explicitly source krb5-devel profile script
Tomáš Mráz 3457e3
Tomáš Mráz 3457e3
* Tue Dec 04 2007 Release Engineering <rel-eng at fedoraproject dot org> - 4.7p1-5
Tomáš Mráz 3457e3
- Rebuild for openssl bump
Jesse Keating 9eac42
Tomáš Mráz b1ffa0
* Tue Nov 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-4
Tomáš Mráz 8b8c4d
- do not copy /etc/localtime into the chroot as it is not
Tomáš Mráz 8b8c4d
  necessary anymore (#193184)
Tomáš Mráz 8b8c4d
- call setkeycreatecon when selinux context is established
Tomáš Mráz 8b8c4d
- test for NULL privk when freeing key (#391871) - patch by
Tomáš Mráz 8b8c4d
  Pierre Ossman
Tomáš Mráz 8b8c4d
Tomáš Mráz 95be08
* Mon Sep 17 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-2
Tomáš Mráz 95be08
- revert default window size adjustments (#286181)
Tomáš Mráz 95be08
Tomáš Mráz c9833c
* Thu Sep  6 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-1
Tomáš Mráz c9833c
- upgrade to latest upstream
Tomáš Mráz c9833c
- use libedit in sftp (#203009)
Tomáš Mráz c9833c
- fixed audit log injection problem (CVE-2007-3102)
Tomáš Mráz c9833c
Tomáš Mráz f37073
* Thu Aug  9 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-8
Tomáš Mráz f37073
- fix sftp client problems on write error (#247802)
Tomáš Mráz f37073
- allow disabling autocreation of server keys (#235466)
Tomáš Mráz f37073
Tomáš Mráz c3274c
* Wed Jun 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-7
Tomáš Mráz c3274c
- experimental NSS keys support
Tomáš Mráz c3274c
- correctly setup context when empty level requested (#234951)
Tomáš Mráz c3274c
Tomáš Mráz 7210c0
* Tue Mar 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-6
Tomáš Mráz 7210c0
- mls level check must be done with default role same as requested
Tomáš Mráz 7210c0
Tomáš Mráz b40baa
* Mon Mar 19 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-5
Tomáš Mráz b40baa
- make profile.d/gnome-ssh-askpass.* regular files (#226218)
Tomáš Mráz b40baa
Petr Lautrbach 19725a
* Tue Feb 27 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-4
Tomáš Mráz 546fdd
- reject connection if requested mls range is not obtained (#229278)
Tomáš Mráz 546fdd
Petr Lautrbach 19725a
* Thu Feb 22 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-3
Tomáš Mráz 9d725b
- improve Buildroot
Tomáš Mráz 9d725b
- remove duplicate /etc/ssh from files
Tomáš Mráz 9d725b
Tomáš Mráz c2b35d
* Tue Jan 16 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-2
Tomáš Mráz c2b35d
- support mls on labeled networks (#220487)
Tomáš Mráz c2b35d
- support mls level selection on unlabeled networks
Tomáš Mráz c2b35d
- allow / in usernames in scp (only beginning /, ./, and ../ is special) 
Tomáš Mráz c2b35d
Tomáš Mráz ad07b9
* Thu Dec 21 2006 Tomas Mraz <tmraz@redhat.com> - 4.5p1-1
Tomáš Mráz ad07b9
- update to 4.5p1 (#212606)
Tomáš Mráz ad07b9
Tomáš Mráz 914284
* Thu Nov 30 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-14
Tomáš Mráz 914284
- fix gssapi with DNS loadbalanced clusters (#216857)
Tomáš Mráz 914284
Tomáš Mráz d63dc6
* Tue Nov 28 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-13
Tomáš Mráz d63dc6
- improved pam_session patch so it doesn't regress, the patch is necessary
Tomáš Mráz d63dc6
  for the pam_session_close to be called correctly as uid 0
Tomáš Mráz d63dc6
Tomáš Mráz ad61b1
* Fri Nov 10 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-12
Tomáš Mráz ad61b1
- CVE-2006-5794 - properly detect failed key verify in monitor (#214641)
Tomáš Mráz ad61b1
Tomáš Mráz 19675a
* Thu Nov  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-11
Tomáš Mráz 19675a
- merge sshd initscript patches
Tomáš Mráz 19675a
- kill all ssh sessions when stop is called in halt or reboot runlevel
Tomáš Mráz 19675a
- remove -TERM option from killproc so we don't race on sshd restart
Tomáš Mráz 19675a
Tomáš Mráz 7114c4
* Mon Oct  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-10
Tomáš Mráz 7114c4
- improve gssapi-no-spnego patch (#208102)
Tomáš Mráz 7114c4
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
Tomáš Mráz 7114c4
- CVE-2006-5051 - don't call cleanups from signal handler (#208459)
Tomáš Mráz 7114c4
Tomáš Mráz ac4818
* Wed Aug 23 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-9
Tomáš Mráz ac4818
- don't report duplicate syslog messages, use correct local time (#189158)
Tomáš Mráz ac4818
- don't allow spnego as gssapi mechanism (from upstream)
Tomáš Mráz ac4818
- fixed memleaks found by Coverity (from upstream)
Tomáš Mráz ac4818
- allow ip options except source routing (#202856) (patch by HP)
Tomáš Mráz ac4818
Tomáš Mráz c12d6b
* Tue Aug  8 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-8
Tomáš Mráz c12d6b
- drop the pam-session patch from the previous build (#201341)
Tomáš Mráz c12d6b
- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)
Tomáš Mráz c12d6b
Tomáš Mráz 762e40
* Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-7
Tomáš Mráz 762e40
- dropped old ssh obsoletes
Tomáš Mráz 762e40
- call the pam_session_open/close from the monitor when privsep is
Tomáš Mráz 762e40
  enabled so it is always called as root (patch by Darren Tucker)
Tomáš Mráz 762e40
Tomáš Mráz ef3242
* Mon Jul 17 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-6
Tomáš Mráz ef3242
- improve selinux patch (by Jan Kiszka)
Tomáš Mráz ef3242
- upstream patch for buffer append space error (#191940)
Tomáš Mráz ef3242
- fixed typo in configure.ac (#198986)
Tomáš Mráz ef3242
- added pam_keyinit to pam configuration (#198628)
Tomáš Mráz ef3242
- improved error message when askpass dialog cannot grab
Tomáš Mráz ef3242
  keyboard input (#198332)
Tomáš Mráz ef3242
- buildrequires xauth instead of xorg-x11-xauth
Tomáš Mráz ef3242
- fixed a few rpmlint warnings
Tomáš Mráz ef3242
Jesse Keating d446e9
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 4.3p2-5.1
Jesse Keating d446e9
- rebuild
Jesse Keating d446e9
Tomáš Mráz 7e1c55
* Fri Apr 14 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-5
Tomáš Mráz 7e1c55
- don't request pseudoterminal allocation if stdin is not tty (#188983)
Tomáš Mráz 7e1c55
Tomáš Mráz 5f29ac
* Thu Mar  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-4
Tomáš Mráz 5f29ac
- allow access if audit is not compiled in kernel (#183243)
Tomáš Mráz 5f29ac
Tomáš Mráz e01ed6
* Fri Feb 24 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-3
Tomáš Mráz e01ed6
- enable the subprocess in chroot to send messages to system log
Tomáš Mráz e01ed6
- sshd should prevent login if audit call fails
Tomáš Mráz e01ed6
Tomáš Mráz b5e849
* Tue Feb 21 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-2
Tomáš Mráz b5e849
- print error from scp if not remote (patch by Bjorn Augustsson #178923)
Tomáš Mráz b5e849
Tomáš Mráz f16d34
* Mon Feb 13 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-1
Tomáš Mráz f16d34
- new version
Tomáš Mráz f16d34
Jesse Keating 3de0ff
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 4.3p1-2.1
Jesse Keating 3de0ff
- bump again for double-long bug on ppc(64)
Jesse Keating 3de0ff
Tomáš Mráz f223eb
* Mon Feb  6 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p1-2
Tomáš Mráz f223eb
- fixed another place where syslog was called in signal handler
Tomáš Mráz f223eb
- pass locale environment variables to server, accept them there (#179851)
Tomáš Mráz f223eb
Tomáš Mráz fd638a
* Wed Feb  1 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p1-1
Tomáš Mráz fd638a
- new version, dropped obsolete patches
Tomáš Mráz fd638a
Tomáš Mráz bb93ea
* Tue Dec 20 2005 Tomas Mraz <tmraz@redhat.com> - 4.2p1-10
Tomáš Mráz bb93ea
- hopefully make the askpass dialog less confusing (#174765)
Tomáš Mráz bb93ea
Jesse Keating 6e3ae4
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
Jesse Keating 6e3ae4
- rebuilt
Jesse Keating 6e3ae4
Tomáš Mráz 09d7e6
* Tue Nov 22 2005 Tomas Mraz <tmraz@redhat.com> - 4.2p1-9
Tomáš Mráz 09d7e6
- drop x11-ssh-askpass from the package
Tomáš Mráz 09d7e6
- drop old build_6x ifs from spec file
Tomáš Mráz 09d7e6
- improve gnome-ssh-askpass so it doesn't reveal number of passphrase 
Tomáš Mráz 09d7e6
  characters to person looking at the display
Tomáš Mráz 09d7e6
- less hackish fix for the __USE_GNU problem
Tomáš Mráz 09d7e6
Nalin Dahyabhai 05c945
* Fri Nov 18 2005 Nalin Dahyabhai <nalin@redhat.com> - 4.2p1-8
Nalin Dahyabhai 05c945
- work around missing gccmakedep by wrapping makedepend in a local script
Nalin Dahyabhai db2565
- remove now-obsolete build dependency on "xauth"
Nalin Dahyabhai 05c945
Warren Togami d40b8c
* Thu Nov 17 2005 Warren Togami <wtogami@redhat.com> - 4.2p1-7
Warren Togami 19e22a
- xorg-x11-devel -> libXt-devel
Warren Togami 19e22a
- rebuild for new xauth location so X forwarding works
Warren Togami 0e5862
- buildreq audit-libs-devel
Warren Togami 0e5862
- buildreq automake for aclocal
Warren Togami 0e5862
- buildreq imake for xmkmf
Warren Togami 0e5862
-  -D_GNU_SOURCE in flags in order to get it to build
Warren Togami 0e5862
   Ugly hack to workaround openssh defining __USE_GNU which is
Warren Togami 0e5862
   not allowed and causes problems according to Ulrich Drepper
Warren Togami 0e5862
   fix this the correct way after FC5test1
Warren Togami d40b8c
Jeremy Katz 35e1e0
* Wed Nov  9 2005 Jeremy Katz <katzj@redhat.com> - 4.2p1-6
Jeremy Katz 35e1e0
- rebuild against new openssl
Jeremy Katz 35e1e0
Tomáš Mráz fc72c2
* Fri Oct 28 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-5
Tomáš Mráz fc72c2
- put back the possibility to skip SELinux patch
Tomáš Mráz fc72c2
- add patch for user login auditing by Steve Grubb
Tomáš Mráz fc72c2
Daniel J Walsh 531256
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 4.2p1-4
Daniel J Walsh 531256
- Change selinux patch to use get_default_context_with_rolelevel in libselinux.
Daniel J Walsh 531256
Daniel J Walsh 0e07ed
* Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-3
Daniel J Walsh 0e07ed
- Update selinux patch to use getseuserbyname
Daniel J Walsh 0e07ed
Tomáš Mráz 5bab48
* Fri Oct  7 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-2
Tomáš Mráz 5bab48
- use include instead of pam_stack in pam config
Tomáš Mráz fd638a
- use fork+exec instead of system in scp - CVE-2006-0225 (#168167)
Tomáš Mráz 5bab48
- upstream patch for displaying authentication errors
Tomáš Mráz 5bab48
Tomáš Mráz de2e7a
* Tue Sep 06 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-1
Tomáš Mráz de2e7a
- upgrade to a new upstream version
Tomáš Mráz de2e7a
Tomáš Mráz f94d8f
* Tue Aug 16 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-5
Tomáš Mráz f94d8f
- use x11-ssh-askpass if openssh-askpass-gnome is not installed (#165207)
Tomáš Mráz f94d8f
- install ssh-copy-id from contrib (#88707)
Tomáš Mráz f94d8f
Tomáš Mráz fa1481
* Wed Jul 27 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-4
Tomáš Mráz fa1481
- don't deadlock on exit with multiple X forwarded channels (#152432)
Tomáš Mráz fa1481
- don't use X11 port which can't be bound on all IP families (#163732)
Tomáš Mráz fa1481
Tomáš Mráz 79c968
* Wed Jun 29 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-3
Tomáš Mráz 79c968
- fix small regression caused by the nologin patch (#161956)
Tomáš Mráz 79c968
- fix race in getpeername error checking (mindrot #1054)
Tomáš Mráz 79c968
Tomáš Mráz 9ac1c8
* Thu Jun  9 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-2
Tomáš Mráz 9ac1c8
- use only pam_nologin for nologin testing
Tomáš Mráz 9ac1c8
Tomáš Mráz 9cf4ab
* Mon Jun  6 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-1
Tomáš Mráz 9cf4ab
- upgrade to a new upstream version
Tomáš Mráz 9cf4ab
- call pam_loginuid as a pam session module
Tomáš Mráz 9cf4ab
Tomáš Mráz 9c5771
* Mon May 16 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-3
Tomáš Mráz 9c5771
- link libselinux only to sshd (#157678)
Tomáš Mráz 9c5771
Tomáš Mráz 1e27c0
* Mon Apr  4 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-2
Tomáš Mráz 1e27c0
- fixed Local/RemoteForward in ssh_config.5 manpage
Tomáš Mráz 1e27c0
- fix fatal when Local/RemoteForward is used and scp run (#153258)
Tomáš Mráz 1e27c0
- don't leak user validity when using krb5 authentication
Tomáš Mráz 1e27c0
Tomáš Mráz 5de53f
* Thu Mar 24 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-1
Tomáš Mráz 5de53f
- upgrade to 4.0p1
Tomáš Mráz 5de53f
- remove obsolete groups patch
Tomáš Mráz 5de53f
Elliot Lee 683f4f
* Wed Mar 16 2005 Elliot Lee <sopwith@redhat.com>
Elliot Lee 683f4f
- rebuilt
Elliot Lee 683f4f
Nalin Dahyabhai 4f9d64
* Mon Feb 28 2005 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-12
Nalin Dahyabhai 4f9d64
- rebuild so that configure can detect that krb5_init_ets is gone now
Nalin Dahyabhai 4f9d64
Tomáš Mráz 8d62bf
* Mon Feb 21 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-11
Tomáš Mráz d048f9
- don't call syslog in signal handler
Tomáš Mráz 8d62bf
- allow password authentication when copying from remote
Tomáš Mráz 8d62bf
  to remote machine (#103364)
Tomáš Mráz d048f9
Tomáš Mráz 504978
* Wed Feb  9 2005 Tomas Mraz <tmraz@redhat.com>
Tomáš Mráz 504978
- add spaces to messages in initscript (#138508)
Tomáš Mráz 504978
Tomáš Mráz 4c55a5
* Tue Feb  8 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-10
Tomáš Mráz 4c55a5
- enable trusted forwarding by default if X11 forwarding is 
Tomáš Mráz 4c55a5
  required by user (#137685 and duplicates)
Tomáš Mráz 4c55a5
- disable protocol 1 support by default in sshd server config (#88329)
Tomáš Mráz 4c55a5
- keep the gnome-askpass dialog above others (#69131)
Tomáš Mráz 4c55a5
Tomáš Mráz 5a8f6b
* Fri Feb  4 2005 Tomas Mraz <tmraz@redhat.com>
Tomáš Mráz 4c55a5
- change permissions on pam.d/sshd to 0644 (#64697)
Tomáš Mráz 5a8f6b
- patch initscript so it doesn't kill opened sessions if
Tomáš Mráz 4c55a5
  the sshd daemon isn't running anymore (#67624)
Tomáš Mráz 5a8f6b
Bill Nottingham ede9e0
* Mon Jan  3 2005 Bill Nottingham <notting@redhat.com> 3.9p1-9
Bill Nottingham ede9e0
- don't use initlog
Bill Nottingham ede9e0
Thomas Woerner b56212
* Mon Nov 29 2004 Thomas Woerner <twoerner@redhat.com> 3.9p1-8.1
Thomas Woerner b56212
- fixed PIE build for all architectures
Thomas Woerner b56212
Nalin Dahyabhai 8ccaa9
* Mon Oct  4 2004 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-8
Nalin Dahyabhai 8ccaa9
- add a --enable-vendor-patchlevel option which allows a ShowPatchLevel option
Nalin Dahyabhai 8ccaa9
  to enable display of a vendor patch level during version exchange (#120285)
Nalin Dahyabhai 8ccaa9
- configure with --disable-strip to build useful debuginfo subpackages
Nalin Dahyabhai 8ccaa9
Bill Nottingham c92dff
* Mon Sep 20 2004 Bill Nottingham <notting@redhat.com> 3.9p1-7
Bill Nottingham c92dff
- when using gtk2 for askpass, don't buildprereq gnome-libs-devel
Bill Nottingham c92dff
Nalin Dahyabhai 567e63
* Tue Sep 14 2004 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-6
Nalin Dahyabhai 567e63
- build
Nalin Dahyabhai 567e63
Nalin Dahyabhai deb1e4
* Mon Sep 13 2004 Nalin Dahyabhai <nalin@redhat.com>
Nalin Dahyabhai deb1e4
- disable ACSS support
Nalin Dahyabhai deb1e4
Daniel J Walsh c82df7
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-5
Daniel J Walsh c82df7
- Change selinux patch to use get_default_context_with_role in libselinux.
Daniel J Walsh c82df7
Daniel J Walsh c82df7
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-4
Daniel J Walsh c82df7
- Fix patch
Daniel J Walsh c82df7
	* Bad debug statement.
Daniel J Walsh c82df7
	* Handle root/sysadm_r:kerberos
Daniel J Walsh c82df7
cvsdist 29a4bf
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-3
cvsdist 29a4bf
- Modify Colin Walter's patch to allow specifying rule during connection
cvsdist 29a4bf
cvsdist d7affc
* Tue Aug 31 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-2
cvsdist d7affc
- Fix TTY handling for SELinux
cvsdist d7affc
cvsdist 653818
* Tue Aug 24 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-1
cvsdist 653818
- Update to upstream
cvsdist 653818
cvsdist 5ef607
* Sun Aug 1 2004 Alan Cox <alan@redhat.com> 3.8.1p1-5
cvsdist 5ef607
- Apply buildreq fixup patch (#125296)
cvsdist 5ef607
cvsdist 9d5a53
* Tue Jun 15 2004 Daniel Walsh <dwalsh@redhat.com> 3.8.1p1-4
cvsdist 9d5a53
- Clean up patch for upstream submission.
cvsdist 9d5a53
cvsdist de28cc
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
cvsdist de28cc
- rebuilt
cvsdist de28cc
cvsdist e965c7
* Wed Jun 9 2004 Daniel Walsh <dwalsh@redhat.com> 3.8.1p1-2
cvsdist e965c7
- Remove use of pam_selinux and patch selinux in directly.  
cvsdist e965c7
cvsdist ffdec5
* Mon Jun  7 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-1
cvsdist ffdec5
- request gssapi-with-mic by default but not delegation (flag day for anyone
cvsdist ffdec5
  who used previous gssapi patches)
cvsdist ffdec5
- no longer request x11 forwarding by default
cvsdist ffdec5
cvsdist 162c7f
* Thu Jun 3 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-36
cvsdist 162c7f
- Change pam file to use open and close with pam_selinux
cvsdist 162c7f
cvsdist ffdec5
* Tue Jun  1 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-0
cvsdist ffdec5
- update to 3.8.1p1
cvsdist ffdec5
- add workaround from CVS to reintroduce passwordauth using pam
cvsdist ffdec5
cvsdist 73e10e
* Tue Jun 1 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-35
cvsdist 73e10e
- Remove CLOSEXEC on STDERR
cvsdist 73e10e
cvsdist 8f8720
* Tue Mar 16 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-34
cvsdist 8f8720
cvsdist 8f8720
* Wed Mar 03 2004 Phil Knirsch <pknirsch@redhat.com> 3.6.1p2-33.30.1
cvsdist 8f8720
- Built RHLE3 U2 update package.
cvsdist 8f8720
cvsdist 8f8720
* Wed Mar 3 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-33
cvsdist 8f8720
- Close file descriptors on exec 
cvsdist 8f8720
cvsdist 8f8720
* Mon Mar  1 2004 Thomas Woerner <twoerner@redhat.com> 3.6.1p2-32
cvsdist 8f8720
- fixed pie build
cvsdist 8f8720
cvsdist 8f8720
* Thu Feb 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-31
cvsdist 8f8720
- Add restorecon to startup scripts
cvsdist 8f8720
cvsdist 8f8720
* Thu Feb 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-30
cvsdist 8f8720
- Add multiple qualified to openssh
cvsdist 8f8720
cvsdist 8f8720
* Mon Feb 23 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-29
cvsdist 8f8720
- Eliminate selinux code and use pam_selinux
cvsdist 8f8720
cvsdist 8f8720
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
cvsdist 8f8720
- rebuilt
cvsdist 8f8720
cvsdist fe98d8
* Mon Jan 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-27
cvsdist fe98d8
- turn off pie on ppc
cvsdist fe98d8
cvsdist fe98d8
* Mon Jan 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-26
cvsdist fe98d8
- fix is_selinux_enabled
cvsdist fe98d8
cvsdist fe98d8
* Wed Jan 14 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-25
cvsdist fe98d8
- Rebuild to grab shared libselinux
cvsdist fe98d8
cvsdist fe98d8
* Wed Dec 3 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-24
cvsdist fe98d8
- turn on selinux
cvsdist fe98d8
cvsdist fe98d8
* Tue Nov 18 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d8
- un#ifdef out code for reporting password expiration in non-privsep
cvsdist fe98d8
  mode (#83585)
cvsdist fe98d8
cvsdist fe98d8
* Mon Nov 10 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d8
- add machinery to build with/without -fpie/-pie, default to doing so
cvsdist fe98d8
cvsdist fe98d8
* Thu Nov 06 2003 David Woodhouse <dwmw2@redhat.com> 3.6.1p2-23
cvsdist fe98d8
- Don't whinge about getsockopt failing (#109161)
cvsdist fe98d8
cvsdist fe98d8
* Fri Oct 24 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d8
- add missing buildprereq on zlib-devel (#104558)
cvsdist fe98d8
cvsdist fe98d8
* Mon Oct 13 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-22
cvsdist fe98d8
- turn selinux off
cvsdist fe98d8
cvsdist fe98d8
* Mon Oct 13 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-21.sel
cvsdist fe98d8
- turn selinux on
cvsdist fe98d8
cvsdist fe98d8
* Fri Sep 19 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-21
cvsdist fe98d8
- turn selinux off
cvsdist fe98d8
cvsdist fe98d8
* Fri Sep 19 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-20.sel
cvsdist fe98d8
- turn selinux on
cvsdist fe98d8
cvsdist fe98d8
* Fri Sep 19 2003 Nalin Dahyabhai <nalin@redhat.com>
cvsdist fe98d8
- additional fix for apparently-never-happens double-free in buffer_free()
cvsdist fe98d8
- extend fix for #103998 to cover SSH1
cvsdist fe98d8
cvsdist fe98d8
* Wed Sep 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-19
cvsdist 092b0a
- rebuild
cvsdist 092b0a
cvsdist fe98d8
* Wed Sep 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-18
cvsdist 903730
- additional buffer manipulation cleanups from Solar Designer
cvsdist 903730
cvsdist 092b0a
* Wed Sep 17 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-17
cvsdist 092b0a
- turn selinux off
cvsdist 092b0a
cvsdist 092b0a
* Wed Sep 17 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-16.sel
cvsdist 092b0a
- turn selinux on
cvsdist 092b0a
cvsdist fe98d8
* Tue Sep 16 2003 Bill Nottingham <notting@redhat.com> 3.6.1p2-15
cvsdist 092b0a
- rebuild
cvsdist 092b0a
cvsdist fe98d8
* Tue Sep 16 2003 Bill Nottingham <notting@redhat.com> 3.6.1p2-14
cvsdist 903730
- additional buffer manipulation fixes (CAN-2003-0695)
cvsdist 44a5d2
cvsdist 092b0a
* Tue Sep 16 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-13.sel
cvsdist 092b0a
- turn selinux on
cvsdist 092b0a
cvsdist fe98d8
* Tue Sep 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-12
cvsdist 092b0a
- rebuild
cvsdist 092b0a
cvsdist fe98d8
* Tue Sep 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-11
cvsdist 6eaa41
- apply patch to store the correct buffer size in allocated buffers
cvsdist 6eaa41
  (CAN-2003-0693)
cvsdist 6eaa41
- skip the initial PAM authentication attempt with an empty password if
cvsdist 6eaa41
  empty passwords are not permitted in our configuration (#103998)
cvsdist 6eaa41
cvsdist 092b0a
* Fri Sep 5 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-10
cvsdist 092b0a
- turn selinux off
cvsdist 092b0a
cvsdist 092b0a
* Fri Sep 5 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-9.sel
cvsdist 092b0a
- turn selinux on
cvsdist 092b0a
cvsdist 092b0a
* Tue Aug 26 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-8
cvsdist 092b0a
- Add BuildPreReq gtk2-devel if gtk2
cvsdist 092b0a
cvsdist 092b0a
* Tue Aug 12 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-7
cvsdist 092b0a
- rebuild
cvsdist 092b0a
cvsdist 092b0a
* Tue Aug 12 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-6
cvsdist 092b0a
- modify patch which clears the supplemental group list at startup to only
cvsdist 092b0a
  complain if setgroups() fails if sshd has euid == 0
cvsdist 092b0a
- handle krb5 installed in %%{_prefix} or elsewhere by using krb5-config
cvsdist 092b0a
Petr Lautrbach 19725a
* Mon Jul 28 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-5
cvsdist 092b0a
- Add SELinux patch
cvsdist 092b0a
cvsdist 092b0a
* Tue Jul 22 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-4
cvsdist 092b0a
- rebuild
cvsdist 092b0a
Petr Lautrbach 19725a
* Wed Jul 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-3
cvsdist 092b0a
- rebuild
cvsdist 092b0a
Petr Lautrbach 19725a
* Wed Jul 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-2
cvsdist 092b0a
- rebuild
cvsdist 092b0a
cvsdist 092b0a
* Thu Jun  5 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-1
cvsdist 092b0a
- update to 3.6.1p2
cvsdist 092b0a
cvsdist 092b0a
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
Jan F. Chadima 313100
6 rebuilt
cvsdist 092b0a
cvsdist 092b0a
* Mon Mar 24 2003 Florian La Roche <Florian.LaRoche@redhat.de>
cvsdist 092b0a
- add patch for getsockopt() call to work on bigendian 64bit archs
cvsdist 6c4a0b
cvsdist 3e66bd
* Fri Feb 14 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-6
cvsdist 3e66bd
- move scp to the -clients subpackage, because it directly depends on ssh
cvsdist 3e66bd
  which is also in -clients (#84329)
cvsdist 3e66bd
cvsdist 3e66bd
* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-5
cvsdist 3e66bd
- rebuild
cvsdist 3e66bd
cvsdist 3e66bd
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
cvsdist 3e66bd
- rebuilt
cvsdist 818000
cvsdist 3e66bd
* Tue Jan  7 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-3
cvsdist 818000
- rebuild
cvsdist 818000
cvsdist 3e66bd
* Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-2
cvsdist 3e66bd
- patch PAM configuration to use relative path names for the modules, allowing
cvsdist 3e66bd
  us to not worry about which arch the modules are built for on multilib systems
cvsdist 3e66bd
cvsdist 3e66bd
* Tue Oct 15 2002 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-1
cvsdist 3e66bd
- update to 3.5p1, merging in filelist/perm changes from the upstream spec
cvsdist 3e66bd
cvsdist 3e66bd
* Fri Oct  4 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-3
cvsdist 3e66bd
- merge
cvsdist 3e66bd
cvsdist 3e66bd
* Thu Sep 12 2002  Than Ngo <than@redhat.com> 3.4p1-2.1
cvsdist 3e66bd
- fix to build on multilib systems
cvsdist 3e66bd
cvsdist 3e66bd
* Thu Aug 29 2002 Curtis Zinzilieta <curtisz@redhat.com> 3.4p1-2gss
cvsdist 3e66bd
- added gssapi patches and uncommented patch here
cvsdist 818000
cvsdist e98831
* Wed Aug 14 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-2
cvsdist e98831
- pull patch from CVS to fix too-early free in ssh-keysign (#70009)
cvsdist e98831
cvsdist 8264e7
* Thu Jun 27 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-1
cvsdist 8264e7
- 3.4p1
cvsdist 8264e7
- drop anon mmap patch
cvsdist 8264e7
cvsdist 8264e7
* Tue Jun 25 2002 Nalin Dahyabhai <nalin@redhat.com> 3.3p1-2
cvsdist 8264e7
- rework the close-on-exit docs
cvsdist 8264e7
- include configuration file man pages
cvsdist 8264e7
- make use of nologin as the privsep shell optional
cvsdist 8264e7
cvsdist 8264e7
* Mon Jun 24 2002 Nalin Dahyabhai <nalin@redhat.com> 3.3p1-1
cvsdist 8264e7
- update to 3.3p1
cvsdist 8264e7
- merge in spec file changes from upstream (remove setuid from ssh, ssh-keysign)
cvsdist 8264e7
- disable gtk2 askpass
cvsdist 8264e7
- require pam-devel by filename rather than by package for erratum
cvsdist 8264e7
- include patch from Solar Designer to work around anonymous mmap failures
cvsdist 7c1cbd
cvsdist 8264e7
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
cvsdist 8264e7
- automated rebuild
cvsdist 7c1cbd
cvsdist 8264e7
* Fri Jun  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-3
cvsdist 8264e7
- don't require autoconf any more
cvsdist 7c1cbd
cvsdist 8264e7
* Fri May 31 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-2
cvsdist 8264e7
- build gnome-ssh-askpass with gtk2
cvsdist 7c1cbd
cvsdist 8264e7
* Tue May 28 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-1
cvsdist 8264e7
- update to 3.2.3p1
cvsdist 8264e7
- merge in spec file changes from upstream
cvsdist a423ec
cvsdist 8264e7
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.2p1-1
cvsdist 8264e7
- update to 3.2.2p1
cvsdist a423ec
cvsdist 8264e7
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-4
cvsdist a423ec
- drop buildreq on db1-devel
cvsdist a423ec
- require pam-devel by package name
cvsdist a423ec
- require autoconf instead of autoconf253 again
cvsdist a423ec
cvsdist 0c1105
* Tue Apr  2 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-3
cvsdist 0c1105
- pull patch from CVS to avoid printing error messages when some of the
cvsdist 0c1105
  default keys aren't available when running ssh-add
cvsdist 0c1105
- refresh to current revisions of Simon's patches
cvsdist 0c1105
 
cvsdist 0c1105
* Thu Mar 21 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2gss
cvsdist 0c1105
- reintroduce Simon's gssapi patches
cvsdist 0c1105
- add buildprereq for autoconf253, which is needed to regenerate configure
cvsdist 0c1105
  after applying the gssapi patches
cvsdist 0c1105
- refresh to the latest version of Markus's patch to build properly with
cvsdist 0c1105
  older versions of OpenSSL
cvsdist 8f631f
cvsdist b46e39
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2
cvsdist b46e39
- bump and grind (through the build system)
cvsdist b46e39
cvsdist b46e39
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1
cvsdist b46e39
- require sharutils for building (mindrot #137)
cvsdist b46e39
- require db1-devel only when building for 6.x (#55105), which probably won't
cvsdist b46e39
  work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
cvsdist b46e39
- require pam-devel by file (not by package name) again
cvsdist b46e39
- add Markus's patch to compile with OpenSSL 0.9.5a (from
cvsdist b46e39
  http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
cvsdist b46e39
  building for 6.x
cvsdist b46e39
cvsdist b46e39
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0
cvsdist b46e39
- update to 3.1p1
cvsdist b46e39
cvsdist b46e39
* Tue Mar  5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305
cvsdist b46e39
- update to SNAP-20020305
cvsdist b46e39
- drop debug patch, fixed upstream
cvsdist b46e39
cvsdist b46e39
* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220
cvsdist b46e39
- update to SNAP-20020220 for testing purposes (you've been warned, if there's
cvsdist b46e39
  anything to be warned about, gss patches won't apply, I don't mind)
cvsdist b46e39
cvsdist b46e39
* Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3
cvsdist b46e39
- add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
cvsdist b46e39
  exchange, authentication, and named key support
cvsdist b46e39
cvsdist b46e39
* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2
cvsdist b46e39
- remove dependency on db1-devel, which has just been swallowed up whole
cvsdist b46e39
  by gnome-libs-devel
cvsdist b46e39
Petr Lautrbach 19725a
* Sat Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist b46e39
- adjust build dependencies so that build6x actually works right (fix
cvsdist b46e39
  from Hugo van der Kooij)
cvsdist b46e39
cvsdist b46e39
* Tue Dec  4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1
cvsdist b46e39
- update to 3.0.2p1
cvsdist b46e39
cvsdist b46e39
* Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1
cvsdist b46e39
- update to 3.0.1p1
cvsdist d92638
cvsdist b46e39
* Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist b46e39
- update to current CVS (not for use in distribution)
cvsdist 55bc91
cvsdist b46e39
* Thu Nov  8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1
cvsdist b46e39
- merge some of Damien Miller <djm@mindrot.org> changes from the upstream
cvsdist b46e39
  3.0p1 spec file and init script
cvsdist 55bc91
cvsdist b46e39
* Wed Nov  7 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist b46e39
- update to 3.0p1
cvsdist b46e39
- update to x11-ssh-askpass 1.2.4.1
cvsdist b46e39
- change build dependency on a file from pam-devel to the pam-devel package
cvsdist b46e39
- replace primes with moduli
cvsdist 55bc91
cvsdist 9383d5
* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9
cvsdist 9383d5
- incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
cvsdist 9383d5
cvsdist 9383d5
* Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8
cvsdist 9383d5
- Merge changes to rescue build from current sysadmin survival cd
cvsdist 9383d5
cvsdist fcc300
* Thu Sep  6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7
cvsdist fcc300
- fix scp's server's reporting of file sizes, and build with the proper
cvsdist fcc300
  preprocessor define to get large-file capable open(), stat(), etc.
cvsdist fcc300
  (sftp has been doing this correctly all along) (#51827)
cvsdist fcc300
- configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
cvsdist fcc300
- pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
cvsdist fcc300
- mark profile.d scriptlets as config files (#42337)
cvsdist fcc300
- refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
cvsdist fcc300
- change a couple of log() statements to debug() statements (#50751)
cvsdist fcc300
- pull cvs patch to add -t flag to sshd (#28611)
cvsdist fcc300
- clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
cvsdist fcc300
cvsdist fcc300
* Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6
cvsdist 35482e
- add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
cvsdist 35482e
cvsdist 35482e
* Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 35482e
- pull cvs patch to fix remote port forwarding with protocol 2
cvsdist 35482e
cvsdist 628f20
* Thu Aug  9 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 35482e
- pull cvs patch to add session initialization to no-pty sessions
cvsdist b46e39
- pull cvs patch to not cut off challengeresponse auth needlessly
cvsdist 628f20
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
cvsdist 628f20
  it by default on a system that doesn't have X installed (#49263)
cvsdist 628f20
cvsdist 628f20
* Wed Aug  8 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 628f20
- don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
cvsdist 628f20
cvsdist 7d7b03
* Mon Aug  6 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- pass OPTIONS correctly to initlog (#50151)
cvsdist 7d7b03
cvsdist 7d7b03
* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- switch to x11-ssh-askpass 1.2.2
cvsdist 7d7b03
cvsdist 7d7b03
* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- rebuild in new environment
cvsdist 7d7b03
cvsdist 7d7b03
* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- disable the gssapi patch
cvsdist 7d7b03
cvsdist 7d7b03
* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- update to 2.9p2
cvsdist 7d7b03
- refresh to a new version of the gssapi patch
cvsdist 7d7b03
cvsdist 7d7b03
* Thu Jun  7 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- change Copyright: BSD to License: BSD
cvsdist 7d7b03
- add Markus Friedl's unverified patch for the cookie file deletion problem
cvsdist 7d7b03
  so that we can verify it
cvsdist 7d7b03
- drop patch to check if xauth is present (was folded into cookie patch)
cvsdist 7d7b03
- don't apply gssapi patches for the errata candidate
cvsdist 7d7b03
- clear supplemental groups list at startup
cvsdist 7d7b03
cvsdist 7d7b03
* Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- fix an error parsing the new default sshd_config
cvsdist 7d7b03
- add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
cvsdist 7d7b03
  dealing with comments right
cvsdist 7d7b03
cvsdist 7d7b03
* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
cvsdist 7d7b03
  to be removed before the next beta cycle because it's a big departure
cvsdist 7d7b03
  from the upstream version
cvsdist 7d7b03
cvsdist 7d7b03
* Thu May  3 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- finish marking strings in the init script for translation
cvsdist 7d7b03
- modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
cvsdist 7d7b03
  at startup (change merged from openssh.com init script, originally by
cvsdist 7d7b03
  Pekka Savola)
cvsdist 7d7b03
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
cvsdist 7d7b03
  it by default on a system that doesn't have X installed
cvsdist 7d7b03
cvsdist 7d7b03
* Wed May  2 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- update to 2.9
cvsdist 7d7b03
- drop various patches that came from or went upstream or to or from CVS
cvsdist 7d7b03
cvsdist 7d7b03
* Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 7d7b03
- only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
cvsdist 7d7b03
cvsdist 4135ab
* Sun Apr  8 2001 Preston Brown <pbrown@redhat.com>
cvsdist 4135ab
- remove explicit openssl requirement, fixes builddistro issue
cvsdist 4135ab
- make initscript stop() function wait until sshd really dead to avoid 
cvsdist 4135ab
  races in condrestart
cvsdist 43f95f
cvsdist 4135ab
* Mon Apr  2 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 4135ab
- mention that challengereponse supports PAM, so disabling password doesn't
cvsdist 4135ab
  limit users to pubkey and rsa auth (#34378)
cvsdist b46e39
- bypass the daemon() function in the init script and call initlog directly,
cvsdist b46e39
  because daemon() won't start a daemon it detects is already running (like
cvsdist b46e39
  open connections)
cvsdist 4135ab
- require the version of openssl we had when we were built
cvsdist 43f95f
cvsdist 43f95f
* Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- make do_pam_setcred() smart enough to know when to establish creds and
cvsdist 43f95f
  when to reinitialize them
cvsdist 43f95f
- add in a couple of other fixes from Damien for inclusion in the errata
cvsdist 43f95f
cvsdist 43f95f
* Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- update to 2.5.2p2
cvsdist 43f95f
- call setcred() again after initgroups, because the "creds" could actually
cvsdist 43f95f
  be group memberships
cvsdist 43f95f
cvsdist 43f95f
* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
cvsdist 43f95f
- don't enable challenge-response by default until we find a way to not
cvsdist 43f95f
  have too many userauth requests (we may make up to six pubkey and up to
cvsdist 43f95f
  three password attempts as it is)
cvsdist 43f95f
- remove build dependency on rsh to match openssh.com's packages more closely
cvsdist 43f95f
cvsdist 43f95f
* Sat Mar  3 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- remove dependency on openssl -- would need to be too precise
cvsdist 43f95f
cvsdist 43f95f
* Fri Mar  2 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- rebuild in new environment
cvsdist 43f95f
cvsdist 43f95f
* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Revert the patch to move pam_open_session.
cvsdist 43f95f
- Init script and spec file changes from Pekka Savola. (#28750)
cvsdist 43f95f
- Patch sftp to recognize '-o protocol' arguments. (#29540)
cvsdist 43f95f
cvsdist 43f95f
* Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Chuck the closing patch.
cvsdist 43f95f
- Add a trigger to add host keys for protocol 2 to the config file, now that
cvsdist 43f95f
  configuration file syntax requires us to specify it with HostKey if we
cvsdist 43f95f
  specify any other HostKey values, which we do.
cvsdist 43f95f
cvsdist 43f95f
* Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Redo patch to move pam_open_session after the server setuid()s to the user.
cvsdist 43f95f
- Rework the nopam patch to use be picked up by autoconf.
cvsdist 43f95f
cvsdist 43f95f
* Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Update for 2.5.1p1.
cvsdist 43f95f
- Add init script mods from Pekka Savola.
cvsdist 43f95f
- Tweak the init script to match the CVS contrib script more closely.
cvsdist 43f95f
- Redo patch to ssh-add to try to adding both identity and id_dsa to also try
cvsdist 43f95f
  adding id_rsa.
cvsdist 43f95f
cvsdist 43f95f
* Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Update for 2.5.0p1.
cvsdist 43f95f
- Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
cvsdist 43f95f
- Resync with parts of Damien Miller's openssh.spec from CVS, including
cvsdist 43f95f
  update of x11 askpass to 1.2.0.
cvsdist 43f95f
- Only require openssl (don't prereq) because we generate keys in the init
cvsdist 43f95f
  script now.
cvsdist 43f95f
cvsdist 43f95f
* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Don't open a PAM session until we've forked and become the user (#25690).
cvsdist 43f95f
- Apply Andrew Bartlett's patch for letting pam_authenticate() know which
cvsdist 43f95f
  host the user is attempting a login from.
cvsdist 43f95f
- Resync with parts of Damien Miller's openssh.spec from CVS.
cvsdist 43f95f
- Don't expose KbdInt responses in debug messages (from CVS).
cvsdist 43f95f
- Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
cvsdist 43f95f
cvsdist 4135ab
* Wed Feb  7 2001 Trond Eivind Glomsrxd <teg@redhat.com>
cvsdist 43f95f
- i18n-tweak to initscript.
cvsdist 43f95f
cvsdist 43f95f
* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- More gettextizing.
cvsdist 43f95f
- Close all files after going into daemon mode (needs more testing).
cvsdist 43f95f
- Extract patch from CVS to handle auth banners (in the client).
cvsdist 43f95f
- Extract patch from CVS to handle compat weirdness.
cvsdist 43f95f
cvsdist 43f95f
* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Finish with the gettextizing.
cvsdist 43f95f
cvsdist 43f95f
* Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Fix a bug in auth2-pam.c (#23877)
cvsdist 43f95f
- Gettextize the init script.
cvsdist 43f95f
cvsdist 43f95f
* Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Incorporate a switch for using PAM configs for 6.x, just in case.
cvsdist 43f95f
cvsdist 43f95f
* Tue Dec  5 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Incorporate Bero's changes for a build specifically for rescue CDs.
cvsdist 43f95f
cvsdist 43f95f
* Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
cvsdist 43f95f
  succeeded, to allow public-key authentication after a failure with "none"
cvsdist 43f95f
  authentication.  (#21268)
cvsdist 43f95f
cvsdist 43f95f
* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Update to x11-askpass 1.1.1. (#21301)
cvsdist 43f95f
- Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
cvsdist 43f95f
cvsdist 43f95f
* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Merge multiple PAM text messages into subsequent prompts when possible when
cvsdist 43f95f
  doing keyboard-interactive authentication.
cvsdist 43f95f
cvsdist 43f95f
* Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 43f95f
- Disable the built-in MD5 password support.  We're using PAM.
cvsdist 43f95f
- Take a crack at doing keyboard-interactive authentication with PAM, and
cvsdist 43f95f
  enable use of it in the default client configuration so that the client
cvsdist 43f95f
  will try it when the server disallows password authentication.
cvsdist 43f95f
- Build with debugging flags.  Build root policies strip all binaries anyway.
cvsdist 43f95f
cvsdist f28bf6
* Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6
- Use DESTDIR instead of %%makeinstall.
cvsdist f28bf6
- Remove /usr/X11R6/bin from the path-fixing patch.
cvsdist f28bf6
cvsdist f28bf6
* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6
- Add the primes file from the latest snapshot to the main package (#20884).
cvsdist f28bf6
- Add the dev package to the prereq list (#19984).
cvsdist f28bf6
- Remove the default path and mimic login's behavior in the server itself.
cvsdist f28bf6
cvsdist f28bf6
* Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6
- Resync with conditional options in Damien Miller's .spec file for an errata.
cvsdist f28bf6
- Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh.
cvsdist f28bf6
cvsdist f28bf6
* Tue Nov  7 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6
- Update to OpenSSH 2.3.0p1.
cvsdist f28bf6
- Update to x11-askpass 1.1.0.
cvsdist f28bf6
- Enable keyboard-interactive authentication.
cvsdist f28bf6
cvsdist f28bf6
* Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6
- Update to ssh-askpass-x11 1.0.3.
cvsdist f28bf6
- Change authentication related messages to be private (#19966).
cvsdist f28bf6
cvsdist f28bf6
* Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f28bf6
- Patch ssh-keygen to be able to list signatures for DSA public key files
cvsdist f28bf6
  it generates.
cvsdist f28bf6
cvsdist 328740
* Thu Oct  5 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 328740
- Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always
cvsdist 328740
  build PAM authentication in.
cvsdist 328740
- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
cvsdist 328740
- Clean out no-longer-used patches.
cvsdist 328740
- Patch ssh-add to try to add both identity and id_dsa, and to error only
cvsdist 328740
  when neither exists.
cvsdist 328740
cvsdist 328740
* Mon Oct  2 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 328740
- Update x11-askpass to 1.0.2. (#17835)
cvsdist 328740
- Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will
cvsdist 328740
  always find them in the right place. (#17909)
cvsdist 328740
- Set the default path to be the same as the one supplied by /bin/login, but
cvsdist 328740
  add /usr/X11R6/bin. (#17909)
cvsdist 328740
- Try to handle obsoletion of ssh-server more cleanly.  Package names
cvsdist 328740
  are different, but init script name isn't. (#17865)
cvsdist 328740
cvsdist 328740
* Wed Sep  6 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 328740
- Update to 2.2.0p1. (#17835)
cvsdist 328740
- Tweak the init script to allow proper restarting. (#18023)
cvsdist 328740
cvsdist 328740
* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist 328740
- Update to 20000823 snapshot.
cvsdist 328740
- Change subpackage requirements from %%{version} to %%{version}-%%{release}
cvsdist 328740
- Back out the pipe patch.
cvsdist 328740
cvsdist f71077
* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Update to 2.1.1p4, which includes fixes for config file parsing problems.
cvsdist f71077
- Move the init script back.
cvsdist f71077
- Add Damien's quick fix for wackiness.
cvsdist f71077
cvsdist f71077
* Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
cvsdist f71077
cvsdist f71077
* Thu Jul  6 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Move condrestart to server postun.
cvsdist f71077
- Move key generation to init script.
cvsdist f71077
- Actually use the right patch for moving the key generation to the init script.
cvsdist f71077
- Clean up the init script a bit.
cvsdist f71077
cvsdist f71077
* Wed Jul  5 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
cvsdist f71077
cvsdist f71077
* Sun Jul  2 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Update to 2.1.1p2.
cvsdist f71077
- Use of strtok() considered harmful.
cvsdist f71077
cvsdist f71077
* Sat Jul  1 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Get the build root out of the man pages.
cvsdist f71077
cvsdist f71077
* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Add and use condrestart support in the init script.
cvsdist f71077
- Add newer initscripts as a prereq.
cvsdist f71077
cvsdist f71077
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Build in new environment (release 2)
cvsdist f71077
- Move -clients subpackage to Applications/Internet group
cvsdist f71077
cvsdist f71077
* Fri Jun  9 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Update to 2.2.1p1
cvsdist f71077
cvsdist f71077
* Sat Jun  3 2000 Nalin Dahyabhai <nalin@redhat.com>
cvsdist f71077
- Patch to build with neither RSA nor RSAref.
cvsdist f71077
- Miscellaneous FHS-compliance tweaks.
cvsdist f71077
- Fix for possibly-compressed man pages.
cvsdist f71077
cvsdist f71077
* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
cvsdist f71077
- Updated for new location
cvsdist f71077
- Updated for new gnome-ssh-askpass build
cvsdist f71077
cvsdist f71077
* Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
cvsdist f71077
- Added Jim Knoble's <jmknoble@pobox.com> askpass
cvsdist f71077
cvsdist f71077
* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
cvsdist f71077
- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
cvsdist f71077
cvsdist f71077
* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
cvsdist f71077
- Added 'Obsoletes' directives
cvsdist f71077
cvsdist f71077
* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077
- Use make install
cvsdist f71077
- Subpackages
cvsdist f71077
cvsdist f71077
* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077
- Added links for slogin
cvsdist f71077
- Fixed perms on manpages
cvsdist f71077
cvsdist f71077
* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077
- Renamed init script
cvsdist f71077
cvsdist f71077
* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077
- Back to old binary names
cvsdist f71077
cvsdist f71077
* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077
- Use autoconf
cvsdist f71077
- New binary names
cvsdist f71077
cvsdist f71077
* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
cvsdist f71077
- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.