Petr Šabata 81d24c
# Do we want SELinux & Audit
Petr Šabata 81d24c
%if 0%{?!noselinux:1}
Petr Šabata 81d24c
%global WITH_SELINUX 1
Petr Šabata 81d24c
%else
Petr Šabata 81d24c
%global WITH_SELINUX 0
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
%global _hardened_build 1
Petr Šabata 81d24c
Petr Šabata 81d24c
# OpenSSH privilege separation requires a user & group ID
Petr Šabata 81d24c
%global sshd_uid    74
Petr Šabata 81d24c
%global sshd_gid    74
Petr Šabata 81d24c
Petr Šabata 81d24c
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
Petr Šabata 81d24c
%global no_gnome_askpass 0
Petr Šabata 81d24c
Petr Šabata 81d24c
# Do we want to link against a static libcrypto? (1=yes 0=no)
Petr Šabata 81d24c
%global static_libcrypto 0
Petr Šabata 81d24c
Petr Šabata 81d24c
# Use GTK2 instead of GNOME in gnome-ssh-askpass
Petr Šabata 81d24c
%global gtk2 1
Petr Šabata 81d24c
Petr Šabata 81d24c
# Build position-independent executables (requires toolchain support)?
Petr Šabata 81d24c
%global pie 1
Petr Šabata 81d24c
Petr Šabata 81d24c
# Do we want kerberos5 support (1=yes 0=no)
Petr Šabata 81d24c
%global kerberos5 1
Petr Šabata 81d24c
Petr Šabata 81d24c
# Do we want libedit support
Petr Šabata 81d24c
%global libedit 1
Petr Šabata 81d24c
Petr Šabata 81d24c
# Whether to build pam_ssh_agent_auth
Petr Šabata 81d24c
%if 0%{?!nopam:1}
Petr Šabata 81d24c
%global pam_ssh_agent 1
Petr Šabata 81d24c
%else
Petr Šabata 81d24c
%global pam_ssh_agent 0
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
# Reserve options to override askpass settings with:
Petr Šabata 81d24c
# rpm -ba|--rebuild --define 'skip_xxx 1'
Petr Šabata 81d24c
%{?skip_gnome_askpass:%global no_gnome_askpass 1}
Petr Šabata 81d24c
Petr Šabata 81d24c
# Add option to build without GTK2 for older platforms with only GTK+.
Petr Šabata 81d24c
# Red Hat Linux <= 7.2 and Red Hat Advanced Server 2.1 are examples.
Petr Šabata 81d24c
# rpm -ba|--rebuild --define 'no_gtk2 1'
Petr Šabata 81d24c
%{?no_gtk2:%global gtk2 0}
Petr Šabata 81d24c
Petr Šabata 81d24c
# Options for static OpenSSL link:
Petr Šabata 81d24c
# rpm -ba|--rebuild --define "static_openssl 1"
Petr Šabata 81d24c
%{?static_openssl:%global static_libcrypto 1}
Petr Šabata 81d24c
Petr Šabata 81d24c
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
Dmitry Belyavskiy 62d88b
%global openssh_ver 8.7p1
Dmitry Belyavskiy ebbbfc
%global openssh_rel 28
Petr Šabata 81d24c
%global pam_ssh_agent_ver 0.10.4
Dmitry Belyavskiy 9591af
%global pam_ssh_agent_rel 5
Petr Šabata 81d24c
Petr Šabata 81d24c
Summary: An open source implementation of SSH protocol version 2
Petr Šabata 81d24c
Name: openssh
Petr Šabata 81d24c
Version: %{openssh_ver}
Dmitry Belyavskiy 62d88b
Release: %{openssh_rel}%{?dist}
Petr Šabata 81d24c
URL: http://www.openssh.com/portable.html
Petr Šabata 81d24c
#URL1: https://github.com/jbeverly/pam_ssh_agent_auth/
Petr Šabata 81d24c
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
Petr Šabata 81d24c
Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
Petr Šabata 81d24c
Source2: sshd.pam
DistroBaker d029bb
Source3: gpgkey-736060BA.gpg
Petr Šabata 81d24c
Source4: https://github.com/jbeverly/pam_ssh_agent_auth/archive/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.gz
Petr Šabata 81d24c
Source5: pam_ssh_agent-rmheaders
Petr Šabata 81d24c
Source6: ssh-keycat.pam
Petr Šabata 81d24c
Source7: sshd.sysconfig
Petr Šabata 81d24c
Source9: sshd@.service
Petr Šabata 81d24c
Source10: sshd.socket
Petr Šabata 81d24c
Source11: sshd.service
Petr Šabata 81d24c
Source12: sshd-keygen@.service
Petr Šabata 81d24c
Source13: sshd-keygen
Petr Šabata 81d24c
Source15: sshd-keygen.target
DistroBaker d029bb
Source16: ssh-agent.service
Petr Šabata 81d24c
Petr Šabata 81d24c
#https://bugzilla.mindrot.org/show_bug.cgi?id=2581
Petr Šabata 81d24c
Patch100: openssh-6.7p1-coverity.patch
Petr Šabata 81d24c
Petr Šabata 81d24c
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Petr Šabata 81d24c
# https://bugzilla.redhat.com/show_bug.cgi?id=1171248
Petr Šabata 81d24c
# record pfs= field in CRYPTO_SESSION audit event
Petr Šabata 81d24c
Patch200: openssh-7.6p1-audit.patch
Petr Šabata 81d24c
# Audit race condition in forked child (#1310684)
Petr Šabata 81d24c
Patch201: openssh-7.1p2-audit-race-condition.patch
Petr Šabata 81d24c
Petr Šabata 81d24c
# --- pam_ssh-agent ---
Petr Šabata 81d24c
# make it build reusing the openssh sources
Petr Šabata 81d24c
Patch300: pam_ssh_agent_auth-0.9.3-build.patch
Petr Šabata 81d24c
# check return value of seteuid()
Petr Šabata 81d24c
# https://sourceforge.net/p/pamsshagentauth/bugs/23/
Petr Šabata 81d24c
Patch301: pam_ssh_agent_auth-0.10.3-seteuid.patch
Petr Šabata 81d24c
# explicitly make pam callbacks visible
Petr Šabata 81d24c
Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
Petr Šabata 81d24c
# update to current version of agent structure
Petr Šabata 81d24c
Patch305: pam_ssh_agent_auth-0.9.3-agent_structure.patch
Petr Šabata 81d24c
# remove prefixes to be able to build against current openssh library
Petr Šabata 81d24c
Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
Petr Šabata 81d24c
# Fix NULL dereference from getpwuid() return value
Petr Šabata 81d24c
# https://sourceforge.net/p/pamsshagentauth/bugs/22/
Petr Šabata 81d24c
Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
Dmitry Belyavskiy 9591af
# https://bugzilla.redhat.com/show_bug.cgi?id=2070113
Dmitry Belyavskiy 9591af
Patch308: pam_ssh_agent_auth-0.10.4-rsasha2.patch
Petr Šabata 81d24c
Petr Šabata 81d24c
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
Petr Šabata 81d24c
Patch400: openssh-7.8p1-role-mls.patch
Petr Šabata 81d24c
#https://bugzilla.redhat.com/show_bug.cgi?id=781634
Petr Šabata 81d24c
Patch404: openssh-6.6p1-privsep-selinux.patch
Petr Šabata 81d24c
#?
Petr Šabata 81d24c
Patch502: openssh-6.6p1-keycat.patch
Petr Šabata 81d24c
Petr Šabata 81d24c
#https://bugzilla.mindrot.org/show_bug.cgi?id=1644
Petr Šabata 81d24c
Patch601: openssh-6.6p1-allow-ip-opts.patch
Petr Šabata 81d24c
#https://bugzilla.mindrot.org/show_bug.cgi?id=1893 (WONTFIX)
Petr Šabata 81d24c
Patch604: openssh-6.6p1-keyperm.patch
Petr Šabata 81d24c
#(drop?) https://bugzilla.mindrot.org/show_bug.cgi?id=1925
Petr Šabata 81d24c
Patch606: openssh-5.9p1-ipv6man.patch
Petr Šabata 81d24c
#?
Petr Šabata 81d24c
Patch607: openssh-5.8p2-sigpipe.patch
Petr Šabata 81d24c
#https://bugzilla.mindrot.org/show_bug.cgi?id=1789
Petr Šabata 81d24c
Patch609: openssh-7.2p2-x11.patch
Petr Šabata 81d24c
Petr Šabata 81d24c
#?
Petr Šabata 81d24c
Patch700: openssh-7.7p1-fips.patch
Petr Šabata 81d24c
#?
Petr Šabata 81d24c
Patch702: openssh-5.1p1-askpass-progress.patch
Petr Šabata 81d24c
#https://bugzilla.redhat.com/show_bug.cgi?id=198332
Petr Šabata 81d24c
Patch703: openssh-4.3p2-askpass-grab-info.patch
Petr Šabata 81d24c
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
Petr Šabata 81d24c
Patch707: openssh-7.7p1-redhat.patch
Petr Šabata 81d24c
# warn users for unsupported UsePAM=no (#757545)
Petr Šabata 81d24c
Patch711: openssh-7.8p1-UsePAM-warning.patch
Petr Šabata 81d24c
# make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL
Petr Šabata 81d24c
Patch712: openssh-6.3p1-ctr-evp-fast.patch
Petr Šabata 81d24c
DistroBaker f2cb8f
# GSSAPI Key Exchange (RFC 4462 + RFC 8732)
Petr Šabata 81d24c
# from https://github.com/openssh-gsskex/openssh-gsskex/tree/fedora/master
Petr Šabata 81d24c
Patch800: openssh-8.0p1-gssapi-keyex.patch
Petr Šabata 81d24c
#http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
Petr Šabata 81d24c
Patch801: openssh-6.6p1-force_krb.patch
Petr Šabata 81d24c
# add new option GSSAPIEnablek5users and disable using ~/.k5users by default (#1169843)
Petr Šabata 81d24c
# CVE-2014-9278
Petr Šabata 81d24c
Patch802: openssh-6.6p1-GSSAPIEnablek5users.patch
Petr Šabata 81d24c
# Improve ccache handling in openssh (#991186, #1199363, #1566494)
Petr Šabata 81d24c
# https://bugzilla.mindrot.org/show_bug.cgi?id=2775
Petr Šabata 81d24c
Patch804: openssh-7.7p1-gssapi-new-unique.patch
Petr Šabata 81d24c
# Respect k5login_directory option in krk5.conf (#1328243)
Petr Šabata 81d24c
Patch805: openssh-7.2p2-k5login_directory.patch
Petr Šabata 81d24c
Petr Šabata 81d24c
Petr Šabata 81d24c
#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
Petr Šabata 81d24c
Patch901: openssh-6.6p1-kuserok.patch
Petr Šabata 81d24c
# Use tty allocation for a remote scp (#985650)
Petr Šabata 81d24c
Patch906: openssh-6.4p1-fromto-remote.patch
Petr Šabata 81d24c
# privsep_preauth: use SELinux context from selinux-policy (#1008580)
Petr Šabata 81d24c
Patch916: openssh-6.6.1p1-selinux-contexts.patch
Petr Šabata 81d24c
# log via monitor in chroots without /dev/log (#2681)
Petr Šabata 81d24c
Patch918: openssh-6.6.1p1-log-in-chroot.patch
Petr Šabata 81d24c
# scp file into non-existing directory (#1142223)
Petr Šabata 81d24c
Patch919: openssh-6.6.1p1-scp-non-existing-directory.patch
Petr Šabata 81d24c
# apply upstream patch and make sshd -T more consistent (#1187521)
Petr Šabata 81d24c
Patch922: openssh-6.8p1-sshdT-output.patch
Petr Šabata 81d24c
# Add sftp option to force mode of created files (#1191055)
Petr Šabata 81d24c
Patch926: openssh-6.7p1-sftp-force-permission.patch
Petr Šabata 81d24c
# make s390 use /dev/ crypto devices -- ignore closefrom
Petr Šabata 81d24c
Patch939: openssh-7.2p2-s390-closefrom.patch
Petr Šabata 81d24c
# Move MAX_DISPLAYS to a configuration option (#1341302)
Petr Šabata 81d24c
Patch944: openssh-7.3p1-x11-max-displays.patch
Petr Šabata 81d24c
# Help systemd to track the running service
Petr Šabata 81d24c
Patch948: openssh-7.4p1-systemd.patch
Petr Šabata 81d24c
# Pass inetd flags for SELinux down to openbsd compat level
Petr Šabata 81d24c
Patch949: openssh-7.6p1-cleanup-selinux.patch
Petr Šabata 81d24c
# Sandbox adjustments for s390 and audit
Petr Šabata 81d24c
Patch950: openssh-7.5p1-sandbox.patch
Petr Šabata 81d24c
# PKCS#11 URIs (upstream #2817, 2nd iteration)
Petr Šabata 81d24c
# https://github.com/Jakuje/openssh-portable/commits/jjelen-pkcs11
Petr Šabata 81d24c
# git show > ~/devel/fedora/openssh/openssh-8.0p1-pkcs11-uri.patch
Petr Šabata 81d24c
Patch951: openssh-8.0p1-pkcs11-uri.patch
Petr Šabata 81d24c
# Unbreak scp between two IPv6 hosts (#1620333)
Petr Šabata 81d24c
Patch953: openssh-7.8p1-scp-ipv6.patch
Petr Šabata 81d24c
# Mention crypto-policies in manual pages (#1668325)
Petr Šabata 81d24c
Patch962: openssh-8.0p1-crypto-policies.patch
Petr Šabata 81d24c
# Use OpenSSL high-level API to produce and verify signatures (#1707485)
Petr Šabata 81d24c
Patch963: openssh-8.0p1-openssl-evp.patch
Petr Šabata 81d24c
# Use OpenSSL KDF (#1631761)
Petr Šabata 81d24c
Patch964: openssh-8.0p1-openssl-kdf.patch
Petr Šabata 81d24c
# sk-dummy.so built with -fvisibility=hidden does not work
Petr Šabata 81d24c
Patch965: openssh-8.2p1-visibility.patch
Petr Šabata 81d24c
# Do not break X11 without IPv6
Petr Šabata 81d24c
Patch966: openssh-8.2p1-x11-without-ipv6.patch
Dmitry Belyavskiy 9dff9c
# ssh-keygen printing fingerprint issue with Windows keys (#1901518)
Dmitry Belyavskiy 9dff9c
Patch974: openssh-8.0p1-keygen-strip-doseol.patch
Dmitry Belyavskiy 9dff9c
# sshd provides PAM an incorrect error code (#1879503)
Dmitry Belyavskiy 9dff9c
Patch975: openssh-8.0p1-preserve-pam-errors.patch
Dmitry Belyavskiy f32839
# Use SFTP protocol by default for scp command
Dmitry Belyavskiy f32839
Patch976: openssh-8.7p1-sftp-default-protocol.patch
Dmitry Belyavskiy f32839
# Implement kill switch for SCP protocol
Dmitry Belyavskiy f32839
Patch977: openssh-8.7p1-scp-kill-switch.patch
Dmitry Belyavskiy aa1b33
# CVE-2021-41617
Dmitry Belyavskiy aa1b33
Patch978: openssh-8.7p1-upstream-cve-2021-41617.patch
Dmitry Belyavskiy bf1985
# fix for `ssh-keygen -Y find-principals -f /dev/null -s /dev/null` (#2024902)
Dmitry Belyavskiy bf1985
Patch979: openssh-8.7p1-find-principals-fix.patch
Dmitry Belyavskiy 149505
# Create non-existent directories when scp works in sftp mode and some more minor fixes
Dmitry Belyavskiy 149505
# upstream commits:
Dmitry Belyavskiy 149505
# ba61123eef9c6356d438c90c1199a57a0d7bcb0a
Dmitry Belyavskiy 149505
# 63670d4e9030bcee490d5a9cce561373ac5b3b23
Dmitry Belyavskiy 149505
# ac7c9ec894ed0825d04ef69c55babb49bab1d32e
Dmitry Belyavskiy 0b7faa
Patch980: openssh-8.7p1-sftpscp-dir-create.patch
Dmitry Belyavskiy 149505
# Workaround for lack of sftp_realpath in older versions of RHEL
Dmitry Belyavskiy 149505
# https://bugzilla.redhat.com/show_bug.cgi?id=2038854
Dmitry Belyavskiy 149505
# https://github.com/openssh/openssh-portable/pull/299
Dmitry Belyavskiy 149505
# downstream only
Dmitry Belyavskiy 149505
Patch981: openssh-8.7p1-recursive-scp.patch
Dmitry Belyavskiy 4b21ae
# https://github.com/djmdjm/openssh-wip/pull/13
Dmitry Belyavskiy 4b21ae
Patch982: openssh-8.7p1-minrsabits.patch
Dmitry Belyavskiy d0bf0e
# downstream only
Dmitry Belyavskiy d0bf0e
Patch983: openssh-8.7p1-evpgenkey.patch
Dmitry Belyavskiy b53c53
# downstream only, IBMCA tentative fix
Dmitry Belyavskiy b53c53
# From https://bugzilla.redhat.com/show_bug.cgi?id=1976202#c14
Dmitry Belyavskiy b53c53
Patch984: openssh-8.7p1-ibmca.patch
Dmitry Belyavskiy 6f7478
# Upstream ff89b1bed80721295555bd083b173247a9c0484e, 5062ad48814b06162511c4f5924a33d97b6b2566
Dmitry Belyavskiy 6f7478
Patch986: openssh-9.1p1-sshbanner.patch
Dmitry Belyavskiy 4b21ae
Zoltan Fridrich abf032
# Minimize the use of SHA1 as a proof of possession for RSA key (#2031868)
Zoltan Fridrich abf032
# upstream commits:
Zoltan Fridrich abf032
# 291721bc7c840d113a49518f3fca70e86248b8e8
Zoltan Fridrich abf032
# 0fa33683223c76289470a954404047bc762be84c
Dmitry Belyavskiy a0db6b
# Avoid dubious diagnostics on update known hosts (#2115246)
Dmitry Belyavskiy a0db6b
# 8832402bd500d1661ccc80a476fd563335ef6cdc
Dmitry Belyavskiy 829ee6
Patch1000: openssh-8.7p1-minimize-sha1-use.patch
Zoltan Fridrich c958ea
# Fix for scp clearing file when src and dest are the same (#2056884)
Zoltan Fridrich c958ea
# upstream commits:
Zoltan Fridrich c958ea
# 7b1cbcb7599d9f6a3bbad79d412604aa1203b5ee
Zoltan Fridrich c958ea
Patch1001: openssh-8.7p1-scp-clears-file.patch
Zoltan Fridrich afede7
# Add missing options from ssh_config into ssh manpage
Zoltan Fridrich afede7
# upstream bug:
Zoltan Fridrich afede7
# https://bugzilla.mindrot.org/show_bug.cgi?id=3455
Zoltan Fridrich afede7
Patch1002: openssh-8.7p1-ssh-manpage.patch
Zoltan Fridrich 585620
# Always return allocated strings from the kex filtering so that we can free them
Zoltan Fridrich 585620
# upstream commits:
Zoltan Fridrich 585620
# 486c4dc3b83b4b67d663fb0fa62bc24138ec3946
Zoltan Fridrich 585620
# 6c31ba10e97b6953c4f325f526f3e846dfea647a
Zoltan Fridrich 585620
# 322964f8f2e9c321e77ebae1e4d2cd0ccc5c5a0b
Zoltan Fridrich 585620
Patch1003: openssh-8.7p1-mem-leak.patch
Zoltan Fridrich 9bf7b4
# Reenable MONITOR_REQ_GSSCHECKMIC after gssapi-with-mic failures
Zoltan Fridrich 9bf7b4
# upstream MR:
Zoltan Fridrich 9bf7b4
# https://github.com/openssh-gsskex/openssh-gsskex/pull/21
Zoltan Fridrich 9bf7b4
Patch1004: openssh-8.7p1-gssapi-auth.patch
Zoltan Fridrich fd0d5a
# Fix host-based authentication with rsa keys
Zoltan Fridrich fd0d5a
# upstream commits:
Zoltan Fridrich fd0d5a
# 7aa7b096cf2bafe2777085abdeed5ce00581f641
Zoltan Fridrich fd0d5a
# d9dbb5d9a0326e252d3c7bc13beb9c2434f59409
Zoltan Fridrich fd0d5a
# fdb1d58d0d3888b042e5a500f6ce524486aaf782
Zoltan Fridrich fd0d5a
Patch1005: openssh-8.7p1-host-based-auth.patch
Zoltan Fridrich e8622f
# Don't propose disallowed algorithms during hostkey negotiation
Zoltan Fridrich e8622f
# upstream MR:
Zoltan Fridrich e8622f
# https://github.com/openssh/openssh-portable/pull/323
Zoltan Fridrich e8622f
Patch1006: openssh-8.7p1-negotiate-supported-algs.patch
Dmitry Belyavskiy ebbbfc
# 
Dmitry Belyavskiy ebbbfc
Patch1007: openssh-8.7p1-nohostsha1proof.patch
Dmitry Belyavskiy 829ee6
Petr Šabata 81d24c
License: BSD
Petr Šabata 81d24c
Requires: /sbin/nologin
Petr Šabata 81d24c
Petr Šabata 81d24c
%if ! %{no_gnome_askpass}
Petr Šabata 81d24c
%if %{gtk2}
Petr Šabata 81d24c
BuildRequires: gtk2-devel
Petr Šabata 81d24c
BuildRequires: libX11-devel
Petr Šabata 81d24c
%else
Petr Šabata 81d24c
BuildRequires: gnome-libs-devel
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
BuildRequires: autoconf, automake, perl-interpreter, perl-generators, zlib-devel
Petr Šabata 81d24c
BuildRequires: audit-libs-devel >= 2.0.5
Petr Šabata 81d24c
BuildRequires: util-linux, groff
Petr Šabata 81d24c
BuildRequires: pam-devel
Petr Šabata 81d24c
BuildRequires: openssl-devel >= 0.9.8j
Petr Šabata 81d24c
BuildRequires: perl-podlators
Petr Šabata 81d24c
BuildRequires: systemd-devel
DistroBaker d029bb
BuildRequires: systemd-rpm-macros
Petr Šabata 81d24c
BuildRequires: gcc make
Petr Šabata 81d24c
BuildRequires: p11-kit-devel
Petr Šabata 81d24c
BuildRequires: libfido2-devel
DistroBaker f2cb8f
Obsoletes: openssh-ldap < 8.3p1-4
DistroBaker fba82b
Obsoletes: openssh-cavs < 8.4p1-5
Petr Šabata 81d24c
Petr Šabata 81d24c
%if %{kerberos5}
Petr Šabata 81d24c
BuildRequires: krb5-devel
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
%if %{libedit}
Petr Šabata 81d24c
BuildRequires: libedit-devel ncurses-devel
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
%if %{WITH_SELINUX}
Petr Šabata 81d24c
Requires: libselinux >= 2.3-5
Petr Šabata 81d24c
BuildRequires: libselinux-devel >= 2.3-5
Petr Šabata 81d24c
Requires: audit-libs >= 1.0.8
Petr Šabata 81d24c
BuildRequires: audit-libs >= 1.0.8
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
BuildRequires: xauth
Petr Šabata 81d24c
# for tarball signature verification
Petr Šabata 81d24c
BuildRequires: gnupg2
Petr Šabata 81d24c
Petr Šabata 81d24c
%package clients
Petr Šabata 81d24c
Summary: An open source SSH client applications
Petr Šabata 81d24c
Requires: openssh = %{version}-%{release}
Petr Šabata 81d24c
Requires: crypto-policies >= 20200610-1
Petr Šabata 81d24c
Petr Šabata 81d24c
%package server
Petr Šabata 81d24c
Summary: An open source SSH server daemon
Petr Šabata 81d24c
Requires: openssh = %{version}-%{release}
Petr Šabata 81d24c
Requires(pre): /usr/sbin/useradd
Petr Šabata 81d24c
Requires: pam >= 1.0.1-3
Petr Šabata 81d24c
Requires: crypto-policies >= 20200610-1
Petr Šabata 81d24c
%{?systemd_requires}
Petr Šabata 81d24c
Petr Šabata 81d24c
%package keycat
Petr Šabata 81d24c
Summary: A mls keycat backend for openssh
Petr Šabata 81d24c
Requires: openssh = %{version}-%{release}
Petr Šabata 81d24c
Petr Šabata 81d24c
%package askpass
Petr Šabata 81d24c
Summary: A passphrase dialog for OpenSSH and X
Petr Šabata 81d24c
Requires: openssh = %{version}-%{release}
Petr Šabata 81d24c
Zoltan Fridrich 5cfb97
%package sk-dummy
Zoltan Fridrich 5cfb97
Summary: OpenSSH SK driver for test purposes
Zoltan Fridrich 5cfb97
Requires: openssh = %{version}-%{release}
Zoltan Fridrich 5cfb97
Petr Šabata 81d24c
%package -n pam_ssh_agent_auth
Petr Šabata 81d24c
Summary: PAM module for authentication with ssh-agent
Petr Šabata 81d24c
Version: %{pam_ssh_agent_ver}
Dmitry Belyavskiy 62d88b
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}
Petr Šabata 81d24c
License: BSD
Petr Šabata 81d24c
Petr Šabata 81d24c
%description
Petr Šabata 81d24c
SSH (Secure SHell) is a program for logging into and executing
Petr Šabata 81d24c
commands on a remote machine. SSH is intended to replace rlogin and
Petr Šabata 81d24c
rsh, and to provide secure encrypted communications between two
Petr Šabata 81d24c
untrusted hosts over an insecure network. X11 connections and
Petr Šabata 81d24c
arbitrary TCP/IP ports can also be forwarded over the secure channel.
Petr Šabata 81d24c
Petr Šabata 81d24c
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
Petr Šabata 81d24c
it up to date in terms of security and features.
Petr Šabata 81d24c
Petr Šabata 81d24c
This package includes the core files necessary for both the OpenSSH
Petr Šabata 81d24c
client and server. To make this package useful, you should also
Petr Šabata 81d24c
install openssh-clients, openssh-server, or both.
Petr Šabata 81d24c
Petr Šabata 81d24c
%description clients
Petr Šabata 81d24c
OpenSSH is a free version of SSH (Secure SHell), a program for logging
Petr Šabata 81d24c
into and executing commands on a remote machine. This package includes
Petr Šabata 81d24c
the clients necessary to make encrypted connections to SSH servers.
Petr Šabata 81d24c
Petr Šabata 81d24c
%description server
Petr Šabata 81d24c
OpenSSH is a free version of SSH (Secure SHell), a program for logging
Petr Šabata 81d24c
into and executing commands on a remote machine. This package contains
Petr Šabata 81d24c
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
Petr Šabata 81d24c
securely connect to your SSH server.
Petr Šabata 81d24c
Petr Šabata 81d24c
%description keycat
Petr Šabata 81d24c
OpenSSH mls keycat is backend for using the authorized keys in the
Petr Šabata 81d24c
openssh in the mls mode.
Petr Šabata 81d24c
Petr Šabata 81d24c
%description askpass
Petr Šabata 81d24c
OpenSSH is a free version of SSH (Secure SHell), a program for logging
Petr Šabata 81d24c
into and executing commands on a remote machine. This package contains
Petr Šabata 81d24c
an X11 passphrase dialog for OpenSSH.
Petr Šabata 81d24c
Zoltan Fridrich 5cfb97
%description sk-dummy
Zoltan Fridrich 5cfb97
This package contains a test SK driver used for OpenSSH test purposes
Zoltan Fridrich 5cfb97
Petr Šabata 81d24c
%description -n pam_ssh_agent_auth
Petr Šabata 81d24c
This package contains a PAM module which can be used to authenticate
Petr Šabata 81d24c
users using ssh keys stored in a ssh-agent. Through the use of the
Petr Šabata 81d24c
forwarding of ssh-agent connection it also allows to authenticate with
Petr Šabata 81d24c
remote ssh-agent instance.
Petr Šabata 81d24c
Petr Šabata 81d24c
The module is most useful for su and sudo service stacks.
Petr Šabata 81d24c
Petr Šabata 81d24c
%prep
Petr Šabata 81d24c
gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
Petr Šabata 81d24c
%setup -q -a 4
Petr Šabata 81d24c
Petr Šabata 81d24c
%if %{pam_ssh_agent}
Petr Šabata 81d24c
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
Petr Šabata 81d24c
%patch300 -p2 -b .psaa-build
Petr Šabata 81d24c
%patch301 -p2 -b .psaa-seteuid
Petr Šabata 81d24c
%patch302 -p2 -b .psaa-visibility
Petr Šabata 81d24c
%patch306 -p2 -b .psaa-compat
Petr Šabata 81d24c
%patch305 -p2 -b .psaa-agent
Petr Šabata 81d24c
%patch307 -p2 -b .psaa-deref
Dmitry Belyavskiy 9591af
%patch308 -p2 -b .rsasha2
Petr Šabata 81d24c
# Remove duplicate headers and library files
Petr Šabata 81d24c
rm -f $(cat %{SOURCE5})
Petr Šabata 81d24c
popd
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
%patch400 -p1 -b .role-mls
Petr Šabata 81d24c
%patch404 -p1 -b .privsep-selinux
Petr Šabata 81d24c
Petr Šabata 81d24c
%patch502 -p1 -b .keycat
Petr Šabata 81d24c
Petr Šabata 81d24c
%patch601 -p1 -b .ip-opts
Petr Šabata 81d24c
%patch604 -p1 -b .keyperm
Petr Šabata 81d24c
%patch606 -p1 -b .ipv6man
Petr Šabata 81d24c
%patch607 -p1 -b .sigpipe
Petr Šabata 81d24c
%patch609 -p1 -b .x11
Petr Šabata 81d24c
%patch702 -p1 -b .progress
Petr Šabata 81d24c
%patch703 -p1 -b .grab-info
Petr Šabata 81d24c
%patch707 -p1 -b .redhat
Petr Šabata 81d24c
%patch711 -p1 -b .log-usepam-no
Petr Šabata 81d24c
%patch712 -p1 -b .evp-ctr
Petr Šabata 81d24c
# 
Petr Šabata 81d24c
%patch800 -p1 -b .gsskex
Petr Šabata 81d24c
%patch801 -p1 -b .force_krb
Petr Šabata 81d24c
%patch804 -p1 -b .ccache_name
Petr Šabata 81d24c
%patch805 -p1 -b .k5login
Petr Šabata 81d24c
# 
Petr Šabata 81d24c
%patch901 -p1 -b .kuserok
Petr Šabata 81d24c
%patch906 -p1 -b .fromto-remote
Petr Šabata 81d24c
%patch916 -p1 -b .contexts
Petr Šabata 81d24c
%patch918 -p1 -b .log-in-chroot
Petr Šabata 81d24c
%patch919 -p1 -b .scp
Petr Šabata 81d24c
%patch802 -p1 -b .GSSAPIEnablek5users
Petr Šabata 81d24c
%patch922 -p1 -b .sshdt
Petr Šabata 81d24c
%patch926 -p1 -b .sftp-force-mode
Petr Šabata 81d24c
%patch939 -p1 -b .s390-dev
Petr Šabata 81d24c
%patch944 -p1 -b .x11max
Petr Šabata 81d24c
%patch948 -p1 -b .systemd
Petr Šabata 81d24c
%patch949 -p1 -b .refactor
Petr Šabata 81d24c
%patch950 -p1 -b .sandbox
Petr Šabata 81d24c
%patch951 -p1 -b .pkcs11-uri
Petr Šabata 81d24c
%patch953 -p1 -b .scp-ipv6
Petr Šabata 81d24c
%patch962 -p1 -b .crypto-policies
Petr Šabata 81d24c
%patch963 -p1 -b .openssl-evp
Petr Šabata 81d24c
%patch964 -p1 -b .openssl-kdf
Petr Šabata 81d24c
%patch965 -p1 -b .visibility
Petr Šabata 81d24c
%patch966 -p1 -b .x11-ipv6
Dmitry Belyavskiy 9dff9c
%patch974 -p1 -b .keygen-strip-doseol
Dmitry Belyavskiy 9dff9c
%patch975 -p1 -b .preserve-pam-errors
Dmitry Belyavskiy f32839
%patch976 -p1 -b .sftp-by-default
Dmitry Belyavskiy f32839
%patch977 -p1 -b .kill-scp
Dmitry Belyavskiy aa1b33
%patch978 -p1 -b .cve-2021-41617
Dmitry Belyavskiy bf1985
%patch979 -p1 -b .find-principals
Dmitry Belyavskiy 0b7faa
%patch980 -p1 -b .sftpdirs
Dmitry Belyavskiy 149505
%patch981 -p1 -b .scp-sftpdirs
Dmitry Belyavskiy 4b21ae
%patch982 -p1 -b .minrsabits
Dmitry Belyavskiy d0bf0e
%patch983 -p1 -b .evpgenrsa
Dmitry Belyavskiy b53c53
%patch984 -p1 -b .ibmca
Dmitry Belyavskiy 6f7478
%patch986 -p1 -b .91cleanup
Petr Šabata 81d24c
Petr Šabata 81d24c
%patch200 -p1 -b .audit
Petr Šabata 81d24c
%patch201 -p1 -b .audit-race
Petr Šabata 81d24c
%patch700 -p1 -b .fips
Petr Šabata 81d24c
Zoltan Fridrich abf032
%patch1000 -p1 -b .minimize-sha1-use
Zoltan Fridrich c958ea
%patch1001 -p1 -b .scp-clears-file
Zoltan Fridrich afede7
%patch1002 -p1 -b .ssh-manpage
Zoltan Fridrich 585620
%patch1003 -p1 -b .mem-leak
Zoltan Fridrich 9bf7b4
%patch1004 -p1 -b .gssapi-auth
Zoltan Fridrich fd0d5a
%patch1005 -p1 -b .host-based-auth
Zoltan Fridrich e8622f
%patch1006 -p1 -b .negotiate-supported-algs
Dmitry Belyavskiy 829ee6
Petr Šabata 81d24c
%patch100 -p1 -b .coverity
Petr Šabata 81d24c
Dmitry Belyavskiy ebbbfc
%patch1007 -p1 -b .sshrsacheck
Dmitry Belyavskiy ebbbfc
Petr Šabata 81d24c
autoreconf
Petr Šabata 81d24c
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
Petr Šabata 81d24c
autoreconf
Petr Šabata 81d24c
popd
Petr Šabata 81d24c
Petr Šabata 81d24c
%build
Petr Šabata 81d24c
# the -fvisibility=hidden is needed for clean build of the pam_ssh_agent_auth
Petr Šabata 81d24c
# it is needed for lib(open)ssh build too since it is linked to the pam module too
Petr Šabata 81d24c
CFLAGS="$RPM_OPT_FLAGS -fvisibility=hidden"; export CFLAGS
Petr Šabata 81d24c
%if %{pie}
Petr Šabata 81d24c
%ifarch s390 s390x sparc sparcv9 sparc64
Petr Šabata 81d24c
CFLAGS="$CFLAGS -fPIC"
Petr Šabata 81d24c
%else
Petr Šabata 81d24c
CFLAGS="$CFLAGS -fpic"
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
SAVE_LDFLAGS="$LDFLAGS"
Petr Šabata 81d24c
LDFLAGS="$LDFLAGS -pie -z relro -z now"
Petr Šabata 81d24c
Petr Šabata 81d24c
export CFLAGS
Petr Šabata 81d24c
export LDFLAGS
Petr Šabata 81d24c
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
%if %{kerberos5}
Petr Šabata 81d24c
if test -r /etc/profile.d/krb5-devel.sh ; then
Petr Šabata 81d24c
	source /etc/profile.d/krb5-devel.sh
Petr Šabata 81d24c
fi
Petr Šabata 81d24c
krb5_prefix=`krb5-config --prefix`
Petr Šabata 81d24c
if test "$krb5_prefix" != "%{_prefix}" ; then
Petr Šabata 81d24c
	CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS
Petr Šabata 81d24c
	CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"
Petr Šabata 81d24c
	LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS
Petr Šabata 81d24c
else
Petr Šabata 81d24c
	krb5_prefix=
Petr Šabata 81d24c
	CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS
Petr Šabata 81d24c
	CFLAGS="$CFLAGS -I%{_includedir}/gssapi"
Petr Šabata 81d24c
fi
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
%configure \
Petr Šabata 81d24c
	--sysconfdir=%{_sysconfdir}/ssh \
Petr Šabata 81d24c
	--libexecdir=%{_libexecdir}/openssh \
Petr Šabata 81d24c
	--datadir=%{_datadir}/openssh \
Petr Šabata 81d24c
	--with-default-path=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin \
Petr Šabata 81d24c
	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
DistroBaker fba82b
	--with-privsep-path=%{_datadir}/empty.sshd \
Petr Šabata 81d24c
	--disable-strip \
Petr Šabata 81d24c
	--without-zlib-version-check \
Petr Šabata 81d24c
	--with-ssl-engine \
Petr Šabata 81d24c
	--with-ipaddr-display \
Petr Šabata 81d24c
	--with-pie=no \
Petr Šabata 81d24c
	--without-hardening `# The hardening flags are configured by system` \
Petr Šabata 81d24c
	--with-systemd \
Petr Šabata 81d24c
	--with-default-pkcs11-provider=yes \
Petr Šabata 81d24c
	--with-security-key-builtin=yes \
Petr Šabata 81d24c
	--with-pam \
Petr Šabata 81d24c
%if %{WITH_SELINUX}
Petr Šabata 81d24c
	--with-selinux --with-audit=linux \
Petr Šabata 81d24c
	--with-sandbox=seccomp_filter \
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
%if %{kerberos5}
Petr Šabata 81d24c
	--with-kerberos5${krb5_prefix:+=${krb5_prefix}} \
Petr Šabata 81d24c
%else
Petr Šabata 81d24c
	--without-kerberos5 \
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
%if %{libedit}
Petr Šabata 81d24c
	--with-libedit
Petr Šabata 81d24c
%else
Petr Šabata 81d24c
	--without-libedit
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
%if %{static_libcrypto}
Petr Šabata 81d24c
perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
%make_build
Zoltan Fridrich 5cfb97
make regress/misc/sk-dummy/sk-dummy.so
Petr Šabata 81d24c
Petr Šabata 81d24c
# Define a variable to toggle gnome1/gtk2 building.  This is necessary
Petr Šabata 81d24c
# because RPM doesn't handle nested %%if statements.
Petr Šabata 81d24c
%if %{gtk2}
Petr Šabata 81d24c
	gtk2=yes
Petr Šabata 81d24c
%else
Petr Šabata 81d24c
	gtk2=no
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
%if ! %{no_gnome_askpass}
Petr Šabata 81d24c
pushd contrib
Petr Šabata 81d24c
if [ $gtk2 = yes ] ; then
Petr Šabata 81d24c
	CFLAGS="$CFLAGS %{?__global_ldflags}" \
Petr Šabata 81d24c
	    make gnome-ssh-askpass2
Petr Šabata 81d24c
	mv gnome-ssh-askpass2 gnome-ssh-askpass
Petr Šabata 81d24c
else
Petr Šabata 81d24c
	CFLAGS="$CFLAGS %{?__global_ldflags}"
Petr Šabata 81d24c
	    make gnome-ssh-askpass1
Petr Šabata 81d24c
	mv gnome-ssh-askpass1 gnome-ssh-askpass
Petr Šabata 81d24c
fi
Petr Šabata 81d24c
popd
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
%if %{pam_ssh_agent}
Petr Šabata 81d24c
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
Petr Šabata 81d24c
LDFLAGS="$SAVE_LDFLAGS"
Petr Šabata 81d24c
%configure --with-selinux \
Petr Šabata 81d24c
	--libexecdir=/%{_libdir}/security \
Petr Šabata 81d24c
	--with-mantype=man \
Petr Šabata 81d24c
	--without-openssl-header-check `# The check is broken`
Petr Šabata 81d24c
%make_build
Petr Šabata 81d24c
popd
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
%check
Petr Šabata 81d24c
#to run tests use "--with check"
Petr Šabata 81d24c
%if %{?_with_check:1}%{!?_with_check:0}
Petr Šabata 81d24c
make tests
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
%install
Petr Šabata 81d24c
rm -rf $RPM_BUILD_ROOT
Petr Šabata 81d24c
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
Petr Šabata 81d24c
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ssh_config.d
Petr Šabata 81d24c
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh/sshd_config.d
Petr Šabata 81d24c
mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
Petr Šabata 81d24c
%make_install
Petr Šabata 81d24c
Petr Šabata 81d24c
install -d $RPM_BUILD_ROOT/etc/pam.d/
Petr Šabata 81d24c
install -d $RPM_BUILD_ROOT/etc/sysconfig/
Petr Šabata 81d24c
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
Petr Šabata 81d24c
install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
Petr Šabata 81d24c
install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat
Petr Šabata 81d24c
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd
Petr Šabata 81d24c
install -m644 ssh_config_redhat $RPM_BUILD_ROOT/etc/ssh/ssh_config.d/50-redhat.conf
Petr Šabata 81d24c
install -m644 sshd_config_redhat $RPM_BUILD_ROOT/etc/ssh/sshd_config.d/50-redhat.conf
Petr Šabata 81d24c
install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
Petr Šabata 81d24c
install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/sshd@.service
Petr Šabata 81d24c
install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/sshd.socket
Petr Šabata 81d24c
install -m644 %{SOURCE11} $RPM_BUILD_ROOT/%{_unitdir}/sshd.service
Petr Šabata 81d24c
install -m644 %{SOURCE12} $RPM_BUILD_ROOT/%{_unitdir}/sshd-keygen@.service
Petr Šabata 81d24c
install -m644 %{SOURCE15} $RPM_BUILD_ROOT/%{_unitdir}/sshd-keygen.target
DistroBaker d029bb
install -d -m755 $RPM_BUILD_ROOT/%{_userunitdir}
DistroBaker d029bb
install -m644 %{SOURCE16} $RPM_BUILD_ROOT/%{_userunitdir}/ssh-agent.service
Petr Šabata 81d24c
install -m744 %{SOURCE13} $RPM_BUILD_ROOT/%{_libexecdir}/openssh/sshd-keygen
Petr Šabata 81d24c
install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/
Petr Šabata 81d24c
install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/
DistroBaker fba82b
install -d -m711 ${RPM_BUILD_ROOT}/%{_datadir}/empty.sshd
Petr Šabata 81d24c
Petr Šabata 81d24c
%if ! %{no_gnome_askpass}
Petr Šabata 81d24c
install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
%if ! %{no_gnome_askpass}
Petr Šabata 81d24c
ln -s gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
Petr Šabata 81d24c
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
Petr Šabata 81d24c
install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
Petr Šabata 81d24c
install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
%if %{no_gnome_askpass}
Petr Šabata 81d24c
rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.*
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
Petr Šabata 81d24c
Petr Šabata 81d24c
%if %{pam_ssh_agent}
Petr Šabata 81d24c
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
Petr Šabata 81d24c
%make_install
Petr Šabata 81d24c
popd
Petr Šabata 81d24c
%endif
Zoltan Fridrich 5cfb97
Zoltan Fridrich 5cfb97
install -m 755 -d $RPM_BUILD_ROOT%{_libdir}/sshtest/
Zoltan Fridrich 5cfb97
install -m 755 regress/misc/sk-dummy/sk-dummy.so $RPM_BUILD_ROOT%{_libdir}/sshtest
Zoltan Fridrich 5cfb97
Petr Šabata 81d24c
%pre
Petr Šabata 81d24c
getent group ssh_keys >/dev/null || groupadd -r ssh_keys || :
Petr Šabata 81d24c
Petr Šabata 81d24c
%pre server
Petr Šabata 81d24c
getent group sshd >/dev/null || groupadd -g %{sshd_uid} -r sshd || :
Petr Šabata 81d24c
getent passwd sshd >/dev/null || \
Petr Šabata 81d24c
  useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd \
DistroBaker fba82b
  -s /sbin/nologin -r -d /usr/share/empty.sshd sshd 2> /dev/null || :
Petr Šabata 81d24c
Petr Šabata 81d24c
%post server
Petr Šabata 81d24c
%systemd_post sshd.service sshd.socket
Petr Šabata 81d24c
# Migration scriptlet for Fedora 31 and 32 installations to sshd_config
Petr Šabata 81d24c
# drop-in directory (in F32+).
Petr Šabata 81d24c
# Do this only if the file generated by anaconda exists, contains our config
Petr Šabata 81d24c
# directive and sshd_config contains include directive as shipped in our package
Petr Šabata 81d24c
%global sysconfig_anaconda /etc/sysconfig/sshd-permitrootlogin
Petr Šabata 81d24c
test -f %{sysconfig_anaconda} && \
Petr Šabata 81d24c
  test ! -f /etc/ssh/sshd_config.d/01-permitrootlogin.conf && \
Petr Šabata 81d24c
  grep -q '^PERMITROOTLOGIN="-oPermitRootLogin=yes"' %{sysconfig_anaconda} && \
Petr Šabata 81d24c
  grep -q '^Include /etc/ssh/sshd_config.d/\*.conf' /etc/ssh/sshd_config && \
Petr Šabata 81d24c
  echo "PermitRootLogin yes" >> /etc/ssh/sshd_config.d/25-permitrootlogin.conf && \
Petr Šabata 81d24c
  rm %{sysconfig_anaconda} || :
Petr Šabata 81d24c
Petr Šabata 81d24c
%preun server
Petr Šabata 81d24c
%systemd_preun sshd.service sshd.socket
Petr Šabata 81d24c
Petr Šabata 81d24c
%postun server
Petr Šabata 81d24c
%systemd_postun_with_restart sshd.service
Petr Šabata 81d24c
DistroBaker d029bb
%post clients
DistroBaker d029bb
%systemd_user_post ssh-agent.service
DistroBaker d029bb
DistroBaker d029bb
%preun clients
DistroBaker d029bb
%systemd_user_preun ssh-agent.service
DistroBaker d029bb
Petr Šabata 81d24c
%files
Petr Šabata 81d24c
%license LICENCE
Petr Šabata 81d24c
%doc CREDITS ChangeLog OVERVIEW PROTOCOL* README README.platform README.privsep README.tun README.dns TODO
Petr Šabata 81d24c
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
Petr Šabata 81d24c
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
Petr Šabata 81d24c
%attr(0755,root,root) %{_bindir}/ssh-keygen
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
Petr Šabata 81d24c
%attr(0755,root,root) %dir %{_libexecdir}/openssh
Petr Šabata 81d24c
%attr(2555,root,ssh_keys) %{_libexecdir}/openssh/ssh-keysign
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
Petr Šabata 81d24c
Petr Šabata 81d24c
%files clients
Petr Šabata 81d24c
%attr(0755,root,root) %{_bindir}/ssh
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man1/ssh.1*
Petr Šabata 81d24c
%attr(0755,root,root) %{_bindir}/scp
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man1/scp.1*
Petr Šabata 81d24c
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
Petr Šabata 81d24c
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d/
Petr Šabata 81d24c
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/50-redhat.conf
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
Petr Šabata 81d24c
%attr(0755,root,root) %{_bindir}/ssh-agent
Petr Šabata 81d24c
%attr(0755,root,root) %{_bindir}/ssh-add
Petr Šabata 81d24c
%attr(0755,root,root) %{_bindir}/ssh-keyscan
Petr Šabata 81d24c
%attr(0755,root,root) %{_bindir}/sftp
Petr Šabata 81d24c
%attr(0755,root,root) %{_bindir}/ssh-copy-id
Petr Šabata 81d24c
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
Petr Šabata 81d24c
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man1/sftp.1*
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man1/ssh-copy-id.1*
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8*
DistroBaker d029bb
%attr(0644,root,root) %{_userunitdir}/ssh-agent.service
Petr Šabata 81d24c
Petr Šabata 81d24c
%files server
DistroBaker fba82b
%dir %attr(0711,root,root) %{_datadir}/empty.sshd
Petr Šabata 81d24c
%attr(0755,root,root) %{_sbindir}/sshd
Petr Šabata 81d24c
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
Petr Šabata 81d24c
%attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man5/moduli.5*
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man8/sshd.8*
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
Petr Šabata 81d24c
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
Petr Šabata 81d24c
%dir %attr(0700,root,root) %{_sysconfdir}/ssh/sshd_config.d/
Petr Šabata 81d24c
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/50-redhat.conf
Petr Šabata 81d24c
%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
Petr Šabata 81d24c
%attr(0640,root,root) %config(noreplace) /etc/sysconfig/sshd
Petr Šabata 81d24c
%attr(0644,root,root) %{_unitdir}/sshd.service
Petr Šabata 81d24c
%attr(0644,root,root) %{_unitdir}/sshd@.service
Petr Šabata 81d24c
%attr(0644,root,root) %{_unitdir}/sshd.socket
Petr Šabata 81d24c
%attr(0644,root,root) %{_unitdir}/sshd-keygen@.service
Petr Šabata 81d24c
%attr(0644,root,root) %{_unitdir}/sshd-keygen.target
Petr Šabata 81d24c
Petr Šabata 81d24c
%files keycat
Petr Šabata 81d24c
%doc HOWTO.ssh-keycat
Petr Šabata 81d24c
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-keycat
Petr Šabata 81d24c
%attr(0644,root,root) %config(noreplace) /etc/pam.d/ssh-keycat
Petr Šabata 81d24c
Petr Šabata 81d24c
%if ! %{no_gnome_askpass}
Petr Šabata 81d24c
%files askpass
Petr Šabata 81d24c
%attr(0644,root,root) %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
Petr Šabata 81d24c
%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
Petr Šabata 81d24c
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Zoltan Fridrich 5cfb97
%files sk-dummy
Zoltan Fridrich 5cfb97
%attr(0755,root,root) %{_libdir}/sshtest/sk-dummy.so
Zoltan Fridrich 5cfb97
Petr Šabata 81d24c
%if %{pam_ssh_agent}
Petr Šabata 81d24c
%files -n pam_ssh_agent_auth
Petr Šabata 81d24c
%license pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}/OPENSSH_LICENSE
Petr Šabata 81d24c
%attr(0755,root,root) %{_libdir}/security/pam_ssh_agent_auth.so
Petr Šabata 81d24c
%attr(0644,root,root) %{_mandir}/man8/pam_ssh_agent_auth.8*
Petr Šabata 81d24c
%endif
Petr Šabata 81d24c
Petr Šabata 81d24c
%changelog
Dmitry Belyavskiy ebbbfc
* Thu Jan 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-28
Dmitry Belyavskiy ebbbfc
- Do not try to use SHA1 for host key ownership proof when we don't support it server-side
Dmitry Belyavskiy ebbbfc
  Resolves: rhbz#2088750
Dmitry Belyavskiy ebbbfc
Zoltan Fridrich 5cfb97
* Thu Jan 12 2023 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-27
Zoltan Fridrich 5cfb97
- Add sk-dummy subpackage for test purposes
Zoltan Fridrich 5cfb97
  Resolves: rhbz#2092780
Zoltan Fridrich 5cfb97
Dmitry Belyavskiy 6f7478
* Fri Jan 06 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-26
Dmitry Belyavskiy 6f7478
- Fix one-byte overflow in SSH banner processing
Dmitry Belyavskiy 6f7478
  Resolves: rhbz#2138345
Dmitry Belyavskiy 6f7478
- Fix double free() in error path
Dmitry Belyavskiy 6f7478
  Resolves: rhbz#2138347
Dmitry Belyavskiy 6f7478
Dmitry Belyavskiy b0f320
* Fri Dec 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-25
Dmitry Belyavskiy b0f320
- Build fix after OpenSSL rebase
Dmitry Belyavskiy b0f320
  Resolves: rhbz#2153626
Dmitry Belyavskiy b0f320
Dmitry Belyavskiy ad9644
* Fri Sep 23 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-24
Dmitry Belyavskiy ad9644
- Set minimal value of RSA key length via configuration option - support both names
Dmitry Belyavskiy ad9644
  Resolves: rhbz#2128352
Dmitry Belyavskiy ad9644
Dmitry Belyavskiy d4ff0b
* Thu Sep 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-23
Dmitry Belyavskiy d4ff0b
- Set minimal value of RSA key length via configuration option
Dmitry Belyavskiy d4ff0b
  Resolves: rhbz#2128352
Dmitry Belyavskiy d4ff0b
Dmitry Belyavskiy a0db6b
* Tue Aug 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-22
Dmitry Belyavskiy a0db6b
- Avoid spirous message on connecting to the machine with ssh-rsa keys
Dmitry Belyavskiy a0db6b
  Related: rhbz#2115246
Dmitry Belyavskiy d92560
- Set minimal value of RSA key length via configuration option
Dmitry Belyavskiy d92560
  Related: rhbz#2066882
Dmitry Belyavskiy a0db6b
Dmitry Belyavskiy b53c53
* Thu Aug 04 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-21
Dmitry Belyavskiy b53c53
- IBMCA workaround
Dmitry Belyavskiy b53c53
  Related: rhbz#1976202
Dmitry Belyavskiy b53c53
Zoltan Fridrich 1d30b8
* Tue Jul 26 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-20 + 0.10.4-5
Zoltan Fridrich 1d30b8
- Fix openssh-8.7p1-scp-clears-file.patch
Zoltan Fridrich 1d30b8
  Related: rhbz#2056884
Zoltan Fridrich 1d30b8
Dmitry Belyavskiy 9591af
* Fri Jul 15 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-19 + 0.10.4-5
Dmitry Belyavskiy 9591af
- FIX pam_ssh_agent_auth auth for RSA keys
Dmitry Belyavskiy 9591af
  Related: rhbz#2070113
Dmitry Belyavskiy 9591af
Zoltan Fridrich 9697ee
* Thu Jul 14 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-18
Zoltan Fridrich 9697ee
- Fix new coverity issues
Zoltan Fridrich 9697ee
  Related: rhbz#2068423
Zoltan Fridrich 9697ee
Dmitry Belyavskiy d23afa
* Thu Jul 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-17
Dmitry Belyavskiy d23afa
- Disable ed25519 and ed25519-sk keys in FIPS mode
Dmitry Belyavskiy d23afa
  Related: rhbz#2087915
Dmitry Belyavskiy d23afa
Zoltan Fridrich e8622f
* Thu Jul 14 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-16
Zoltan Fridrich e8622f
- Don't propose disallowed algorithms during hostkey negotiation
Zoltan Fridrich e8622f
  Resolves: rhbz#2068423
Zoltan Fridrich e8622f
Dmitry Belyavskiy b17ff3
* Thu Jul 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-15
Dmitry Belyavskiy b17ff3
- Disable ed25519 and ed25519-sk keys in FIPS mode
Dmitry Belyavskiy b17ff3
  Related: rhbz#2087915
Dmitry Belyavskiy b17ff3
Dmitry Belyavskiy 0d823b
* Wed Jul 13 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-14
Dmitry Belyavskiy 0d823b
- Disable ed25519 and ed25519-sk keys in FIPS mode
Dmitry Belyavskiy 0d823b
  Related: rhbz#2087915
Dmitry Belyavskiy 0d823b
Zoltan Fridrich 821045
* Tue Jul 12 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-13
Zoltan Fridrich 821045
- Add reference for policy customization in ssh/sshd_config manpages
Zoltan Fridrich 821045
  Resolves: rhbz#1984575
Zoltan Fridrich 821045
Dmitry Belyavskiy 32a826
* Mon Jul 11 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-12
Dmitry Belyavskiy 32a826
- Disable sntrup761x25519-sha512 in FIPS mode
Dmitry Belyavskiy 32a826
  Related: rhbz#2070628
Dmitry Belyavskiy 399096
- Disable ed25519 and ed25519-sk keys in FIPS mode
Dmitry Belyavskiy 399096
  Related: rhbz#2087915
Dmitry Belyavskiy 32a826
Zoltan Fridrich c958ea
* Mon Jul 11 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-11
Zoltan Fridrich c958ea
- Fix scp clearing file when src and dest are the same
Zoltan Fridrich c958ea
  Resolves: rhbz#2056884
Zoltan Fridrich afede7
- Add missing options from ssh_config into ssh manpage
Zoltan Fridrich afede7
  Resolves: rhbz#2033372
Zoltan Fridrich 585620
- Fix several memory leaks
Zoltan Fridrich 585620
  Related: rhbz#2068423
Zoltan Fridrich 9bf7b4
- Fix gssapi authentication failures
Zoltan Fridrich 9bf7b4
  Resolves: rhbz#2091023
Zoltan Fridrich fd0d5a
- Fix host-based authentication with rsa keys
Zoltan Fridrich fd0d5a
  Resolves: rhbz#2088916
Zoltan Fridrich c958ea
Dmitry Belyavskiy 4b21ae
* Wed Jun 29 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-10
Dmitry Belyavskiy 4b21ae
- Set minimal value of RSA key length via configuration option
Dmitry Belyavskiy 4b21ae
  Related: rhbz#2066882
Dmitry Belyavskiy d0bf0e
- Use EVP functions for RSA key generation
Dmitry Belyavskiy d0bf0e
  Related: rhbz#2087121
Dmitry Belyavskiy 4b21ae
Zoltan Fridrich abf032
* Wed Jun 29 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-9
Zoltan Fridrich abf032
- Update minimize-sha1-use.patch to use upstream code
Zoltan Fridrich abf032
  Related: rhbz#2031868
Zoltan Fridrich 1325e1
- Change product name from Fedora to RHEL in openssh-7.8p1-UsePAM-warning.patch
Zoltan Fridrich 1325e1
  Resolves: rhbz#2064338
Zoltan Fridrich e11cd7
- Change log level of FIPS specific log message to verbose
Zoltan Fridrich e11cd7
  Resolves: rhbz#2102201
Zoltan Fridrich abf032
Dmitry Belyavskiy cf05a2
* Mon Feb 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-8
Dmitry Belyavskiy cf05a2
- Workaround for RHEL 8 incompatibility in scp utility in SFTP mode
Dmitry Belyavskiy cf05a2
  Related: rhbz#2038854
Dmitry Belyavskiy cf05a2
Dmitry Belyavskiy 149505
* Mon Feb 07 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-7
Dmitry Belyavskiy 0b7faa
- Switch to SFTP protocol in scp utility by default - upstream fixes
Dmitry Belyavskiy 0b7faa
  Related: rhbz#2001002
Dmitry Belyavskiy 149505
- Workaround for RHEL 8 incompatibility in scp utility in SFTP mode
Dmitry Belyavskiy 149505
  Related: rhbz#2038854
Dmitry Belyavskiy 0b7faa
Dmitry Belyavskiy 829ee6
* Tue Dec 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-6
Dmitry Belyavskiy 829ee6
- Fix SSH connection to localhost not possible in FIPS
Dmitry Belyavskiy 829ee6
  Related: rhbz#2031868
Dmitry Belyavskiy 829ee6
Dmitry Belyavskiy bf1985
* Mon Nov 29 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-5
Dmitry Belyavskiy bf1985
- Fix `ssh-keygen -Y find-principals -f /dev/null -s /dev/null` segfault
Dmitry Belyavskiy bf1985
  Related: rhbz#2024902
Dmitry Belyavskiy bf1985
Dmitry Belyavskiy 581a7d
* Mon Oct 25 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-4
Dmitry Belyavskiy 581a7d
- Fix memory leaks introduced in OpenSSH 8.7
Dmitry Belyavskiy 581a7d
  Related: rhbz#2001002
Dmitry Belyavskiy 581a7d
Dmitry Belyavskiy 6e19d4
* Tue Oct 19 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-3
Dmitry Belyavskiy 6e19d4
- Disable locale forwarding in default configurations
Dmitry Belyavskiy 6e19d4
  Related: rhbz#2002734
Dmitry Belyavskiy 6e19d4
Dmitry Belyavskiy aa1b33
* Fri Oct 01 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-2
Dmitry Belyavskiy aa1b33
- Upstream fix for CVE-2021-41617
Dmitry Belyavskiy aa1b33
  Related: rhbz#2008886
Dmitry Belyavskiy aa1b33
Dmitry Belyavskiy 62d88b
* Fri Sep 24 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-1 + 0.10.4-4
Dmitry Belyavskiy f32839
- New upstream release
Dmitry Belyavskiy f32839
- Switch to SFTP protocol in scp utility by default
Dmitry Belyavskiy f32839
- Enable SCP protocol kill switch
Dmitry Belyavskiy f32839
  Related: rhbz#2001002
Dmitry Belyavskiy 62d88b
Mohan Boddu 64353f
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 8.6p1-7.1
Mohan Boddu 64353f
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Mohan Boddu 64353f
  Related: rhbz#1991688
Mohan Boddu 64353f
92c05e
* Wed Jul 28 2021 Florian Weimer <fweimer@redhat.com> - 8.6p1-7
92c05e
- Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
92c05e
Dmitry Belyavskiy b82d68
* Mon Jun 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-6
Dmitry Belyavskiy b82d68
- rebuilt
Dmitry Belyavskiy b82d68
Mohan Boddu ff6bdd
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 8.6p1-5.1
Mohan Boddu ff6bdd
- Rebuilt for RHEL 9 BETA for openssl 3.0
Mohan Boddu ff6bdd
  Related: rhbz#1971065
Mohan Boddu ff6bdd
Dmitry Belyavskiy 0695fd
* Thu Jun 03 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-5
Dmitry Belyavskiy 0695fd
- Remove recommendation of p11-kit (#1947904)
Dmitry Belyavskiy 0695fd
Dmitry Belyavskiy d1f2ed
* Tue Jun 01 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-4
Dmitry Belyavskiy d1f2ed
- rebuilt
Dmitry Belyavskiy d1f2ed
Dmitry Belyavskiy d0754b
* Fri May 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-3
Dmitry Belyavskiy d0754b
- Hostbased ssh authentication fails if session ID contains a '/' (#1963058)
Dmitry Belyavskiy d0754b
Dmitry Belyavskiy c3e6e4
* Mon May 10 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-2
Dmitry Belyavskiy c3e6e4
- rebuilt
Dmitry Belyavskiy c3e6e4
Dmitry Belyavskiy 9dff9c
* Thu May 06 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-1 + 0.10.4-3
Dmitry Belyavskiy 9dff9c
- New upstream release (#1952957)
Dmitry Belyavskiy d075fa
- GSS KEX broken beginning with (GSI-)OpenSSH 8.0p1 (#1957306)
Dmitry Belyavskiy 9dff9c
Mohan Boddu dd942e
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 8.5p1-3.1
Mohan Boddu dd942e
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Mohan Boddu dd942e
Dmitry Belyavskiy 925484
* Tue Apr 13 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.5p1-3
Dmitry Belyavskiy 925484
- Coverity fixes for 8.5p1 (#1938831)
Dmitry Belyavskiy 925484
DistroBaker d029bb
* Tue Mar 09 2021 Rex Dieter <rdieter@fedoraproject.org> - 8.5p1-2
DistroBaker d029bb
- ssh-agent.serivce is user unit (#1761817#27)
DistroBaker d029bb
DistroBaker d029bb
* Wed Mar 03 2021 Jakub Jelen <jjelen@redhat.com> - 8.5p1-1 + 0.10.4-2
DistroBaker d029bb
- New upstream release (#1934336)
DistroBaker d029bb
DistroBaker d029bb
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 8.4p1-5.2
DistroBaker d029bb
- Rebuilt for updated systemd-rpm-macros
DistroBaker d029bb
  See https://pagure.io/fesco/issue/2583.
DistroBaker d029bb
DistroBaker fa840d
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 8.4p1-5.1
DistroBaker fa840d
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
DistroBaker fa840d
DistroBaker fba82b
* Fri Jan 22 2021 Jakub Jelen <jjelen@redhat.com> - 8.4p1-5 + 0.10.4-1
DistroBaker fba82b
- Use /usr/share/empty.sshd instead of /var/empty/sshd
DistroBaker fba82b
- Allow emptu labels in PKCS#11 tokens (#1919007)
DistroBaker fba82b
- Drop openssh-cavs subpackage
DistroBaker fba82b
DistroBaker f2cb8f
* Tue Dec 01 2020 Jakub Jelen <jjelen@redhat.com> - 8.4p1-4 + 0.10.4-1
DistroBaker f2cb8f
- Remove "PasswordAuthentication yes" from vendor configuration as it is
DistroBaker f2cb8f
  already default and it might be hard to override.
DistroBaker f2cb8f
- Fix broken obsoletes for openssh-ldap (#1902084)
DistroBaker f2cb8f
DistroBaker c8a439
* Thu Nov 19 2020 Jakub Jelen <jjelen@redhat.com> - 8.4p1-3 + 0.10.4-1
DistroBaker c8a439
- Unbreak seccomp filter on arm (#1897712)
DistroBaker c8a439
- Add a workaround for Debian's broken OpenSSH (#1881301)
DistroBaker c8a439
Petr Šabata 81d24c
* Tue Oct 06 2020 Jakub Jelen <jjelen@redhat.com> - 8.4p1-2 + 0.10.4-1
Petr Šabata 81d24c
- Unbreak ssh-copy-id after a release (#1884231)
Petr Šabata 81d24c
- Remove misleading comment from sysconfig
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Sep 29 2020 Jakub Jelen <jjelen@redhat.com> - 8.4p1-1 + 0.10.4-1
Petr Šabata 81d24c
- New upstream release of OpenSSH and pam_ssh_agent_auth (#1882995)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Aug 21 2020 Jakub Jelen <jjelen@redhat.com> - 8.3p1-4 + 0.10.3-10
Petr Šabata 81d24c
- Remove openssh-ldap subpackage (#1871025)
Petr Šabata 81d24c
- pkcs11: Do not crash with invalid paths in ssh-agent (#1868996)
Petr Šabata 81d24c
- Clarify documentation about sftp-server -m (#1862504)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 8.3p1-3.1
Petr Šabata 81d24c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jun 10 2020 Jakub Jelen <jjelen@redhat.com> - 8.3p1-3 + 0.10.3-10
Petr Šabata 81d24c
- Do not lose PIN when more slots match PKCS#11 URI (#1843372)
Petr Šabata 81d24c
- Update to new crypto-policies version on server (using sshd_config include)
Petr Šabata 81d24c
- Move redhat configuraion files to larger number to allow simpler override
Petr Šabata 81d24c
- Move sshd_config include before any other definitions (#1824913)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jun 01 2020 Jakub Jelen <jjelen@redhat.com> - 8.3p1-2 + 0.10.3-10
Petr Šabata 81d24c
- Fix crash on cleanup (#1842281)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed May 27 2020 Jakub Jelen <jjelen@redhat.com> - 8.3p1-1 + 0.10.3-10
Petr Šabata 81d24c
- New upstream release (#1840503)
Petr Šabata 81d24c
- Unbreak corner cases of sshd_config include
Petr Šabata 81d24c
- Fix order of gssapi key exchange algorithms
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Apr 08 2020 Jakub Jelen <jjelen@redhat.com> - 8.2p1-3 + 0.10.3-9
Petr Šabata 81d24c
- Simplify reference to crypto policies in configuration files
Petr Šabata 81d24c
- Unbreak gssapi authentication with GSSAPITrustDNS over jump hosts
Petr Šabata 81d24c
- Correctly print FIPS mode initialized in debug mode
Petr Šabata 81d24c
- Enable SHA2-based GSSAPI key exchange methods (#1666781)
Petr Šabata 81d24c
- Do not break X11 forwarding when IPv6 is disabled
Petr Šabata 81d24c
- Remove fipscheck dependency as OpenSSH is no longer FIPS module
Petr Šabata 81d24c
- Improve documentation about crypto policies defaults in manual pages
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Feb 20 2020 Jakub Jelen <jjelen@redhat.com> - 8.2p1-2 + 0.10.3-9
Petr Šabata 81d24c
- Build against libfido2 to unbreak internal u2f support
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 17 2020 Jakub Jelen <jjelen@redhat.com> - 8.2p1-1 + 0.10.3-9
Petr Šabata 81d24c
- New upstrem reelase (#1803290)
Petr Šabata 81d24c
- New /etc/ssh/sshd_config.d drop in directory
Petr Šabata 81d24c
- Support for U2F security keys
Petr Šabata 81d24c
- Correctly report invalid key permissions (#1801459)
Petr Šabata 81d24c
- Do not write bogus information on stderr in FIPS mode (#1778224)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 03 2020 Jakub Jelen <jjelen@redhat.com> - 8.1p1-4 + 0.10.3-8
Petr Šabata 81d24c
- Unbreak seccomp filter on ARM (#1796267)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 8.1p1-3.1
Petr Šabata 81d24c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Nov 27 2019 Jakub Jelen <jjelen@redhat.com> - 8.1p1-3 + 0.10.3-8
Petr Šabata 81d24c
- Unbreak seccomp filter also on ARM (#1777054)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Nov 14 2019 Jakub Jelen <jjelen@redhat.com> - 8.1p1-2 + 0.10.3-8
Petr Šabata 81d24c
- Unbreak seccomp filter with latest glibc (#1771946)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Oct 09 2019 Jakub Jelen <jjelen@redhat.com> - 8.1p1-1 + 0.10.3-8
Petr Šabata 81d24c
- New upstream release (#1759750)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 8.0p1-8.1
Petr Šabata 81d24c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jul 23 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-8 + 0.10.3-7
Petr Šabata 81d24c
- Use the upstream-accepted version of the PKCS#8 PEM support (#1722285)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jul 12 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-7 + 0.10.3-7
Petr Šabata 81d24c
- Use the environment file under /etc/sysconfig for anaconda configuration (#1722928)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jul 03 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-6 + 0.10.3-7
Petr Šabata 81d24c
- Provide the entry point for anaconda configuration in service file (#1722928)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jun 26 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-5 + 0.10.3-7
Petr Šabata 81d24c
- Disable root password logins (#1722928)
Petr Šabata 81d24c
- Fix typo in manual pages related to crypto-policies
Petr Šabata 81d24c
- Fix the gating test to make sure it removes the test user
Petr Šabata 81d24c
- Cleanu up spec file and get rid of some rpmlint warnings
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jun 17 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-4 + 0.10.3-7
Petr Šabata 81d24c
- Compatibility with ibmca engine for ECC
Petr Šabata 81d24c
- Generate more modern PEM files using new OpenSSL API
Petr Šabata 81d24c
- Provide correct signature types for RSA keys using SHA2 from agent
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon May 27 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-3 + 0.10.3-7
Petr Šabata 81d24c
- Remove problematic patch updating cached pw structure
Petr Šabata 81d24c
- Do not require the labels on the public objects (#1710832)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue May 14 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-2 + 0.10.3-7
Petr Šabata 81d24c
- Use OpenSSL KDF
Petr Šabata 81d24c
- Use high-level OpenSSL API for signatures handling
Petr Šabata 81d24c
- Mention crypto-policies in manual pages instead of hardcoded defaults
Petr Šabata 81d24c
- Verify in package testsuite that SCP vulnerabilities are fixed
Petr Šabata 81d24c
- Do not fail in FIPS mode, when unsupported algorithm is listed in configuration
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Apr 26 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-1 + 0.10.3-7
Petr Šabata 81d24c
- New upstream release (#1701072)
Petr Šabata 81d24c
- Removed support for VendroPatchLevel configuration option
Petr Šabata 81d24c
- Significant rework of GSSAPI Key Exchange
Petr Šabata 81d24c
- Significant rework of PKCS#11 URI support
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Mar 11 2019 Jakub Jelen <jjelen@redhat.com> - 7.9p1-5 + 0.10.3.6
Petr Šabata 81d24c
- Fix kerberos cleanup procedures with GSSAPI
Petr Šabata 81d24c
- Update cached passwd structure after PAM authentication
Petr Šabata 81d24c
- Do not fall back to sshd_net_t SELinux context
Petr Šabata 81d24c
- Fix corner cases of PKCS#11 URI implementation
Petr Šabata 81d24c
- Do not negotiate arbitrary primes with DH GEX in FIPS 
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Feb 06 2019 Jakub Jelen <jjelen@redhat.com> - 7.9p1-4 + 0.10.3.6
Petr Šabata 81d24c
- Log when a client requests an interactive session and only sftp is allowed
Petr Šabata 81d24c
- Fix minor issues in ssh-copy-id
Petr Šabata 81d24c
- Enclose redhat specific configuration with Match final block
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.9p1-3.2
Petr Šabata 81d24c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 7.9p1-3.1
Petr Šabata 81d24c
- Rebuilt for libcrypt.so.2 (#1666033)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jan 14 2019 Jakub Jelen <jjelen@redhat.com> - 7.9p1-3 + 0.10.3.6
Petr Šabata 81d24c
- Backport Match final to unbreak canonicalization with crypto-policies (#1630166)
Petr Šabata 81d24c
- gsskex: Dump correct option
Petr Šabata 81d24c
- Backport several fixes from 7_9 branch, mostly related to certificate authentication (#1665611)
Petr Šabata 81d24c
- Backport patch for CVE-2018-20685 (#1665786)
Petr Šabata 81d24c
- Correctly initialize ECDSA key structures from PKCS#11
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Nov 14 2018 Jakub Jelen <jjelen@redhat.com> - 7.9p1-2 + 0.10.3-6
Petr Šabata 81d24c
- Fix LDAP configure test (#1642414)
Petr Šabata 81d24c
- Avoid segfault on kerberos authentication failure
Petr Šabata 81d24c
- Reference correct file in configuration example (#1643274)
Petr Šabata 81d24c
- Dump missing GSSAPI configuration options
Petr Šabata 81d24c
- Allow to disable RSA signatures with SHA-1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Oct 19 2018 Jakub Jelen <jjelen@redhat.com> - 7.9p1-1 + 0.10.3-6
Petr Šabata 81d24c
- New upstream release OpenSSH 7.9p1 (#1632902, #1630166)
Petr Šabata 81d24c
- Honor GSSAPIServerIdentity option for GSSAPI key exchange
Petr Šabata 81d24c
- Do not break gsssapi-keyex authentication method when specified in
Petr Šabata 81d24c
  AuthenticationMethods
Petr Šabata 81d24c
- Follow the system-wide PATH settings (#1633756)
Petr Šabata 81d24c
- Address some coverity issues
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Sep 24 2018 Jakub Jelen <jjelen@redhat.com> - 7.8p1-3 + 0.10.3-5
Petr Šabata 81d24c
- Disable OpenSSH hardening flags and use the ones provided by system
Petr Šabata 81d24c
- Ignore unknown parts of PKCS#11 URI
Petr Šabata 81d24c
- Do not fail with GSSAPI enabled in match blocks (#1580017)
Petr Šabata 81d24c
- Fix the segfaulting cavs test (#1628962)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Aug 31 2018 Jakub Jelen <jjelen@redhat.com> - 7.8p1-2 + 0.10.3-5
Petr Šabata 81d24c
- New upstream release fixing CVE 2018-15473
Petr Šabata 81d24c
- Remove unused patches
Petr Šabata 81d24c
- Remove reference to unused enviornment variable SSH_USE_STRONG_RNG
Petr Šabata 81d24c
- Address coverity issues
Petr Šabata 81d24c
- Unbreak scp between two IPv6 hosts
Petr Šabata 81d24c
- Unbreak GSSAPI key exchange (#1624344)
Petr Šabata 81d24c
- Unbreak rekeying with GSSAPI key exchange (#1624344)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Aug 09 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-6 + 0.10.3-4
Petr Šabata 81d24c
- Fix listing of kex algoritms in FIPS mode
Petr Šabata 81d24c
- Allow aes-gcm cipher modes in FIPS mode
Petr Šabata 81d24c
- Coverity fixes
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.7p1-5.1
Petr Šabata 81d24c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jul 03 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-5 + 0.10.3-4
Petr Šabata 81d24c
- Disable manual printing of motd by default (#1591381)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jun 27 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-4 + 0.10.3-4
Petr Šabata 81d24c
- Better handling of kerberos tickets storage (#1566494)
Petr Šabata 81d24c
- Add pam_motd to pam stack (#1591381)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Apr 16 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-3 + 0.10.3-4
Petr Šabata 81d24c
- Fix tun devices and other issues fixed after release upstream (#1567775)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Apr 12 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-2 + 0.10.3-4
Petr Šabata 81d24c
- Do not break quotes parsing in configuration file (#1566295)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Apr 04 2018 Jakub Jelen <jjelen@redhat.com> - 7.7p1-1 + 0.10.3-4
Petr Šabata 81d24c
- New upstream release (#1563223)
Petr Šabata 81d24c
- Add support for ECDSA keys in PKCS#11 (#1354510)
Petr Šabata 81d24c
- Add support for PKCS#11 URIs
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Mar 06 2018 Jakub Jelen <jjelen@redhat.com> - 7.6p1-7 + 0.10.3-3
Petr Šabata 81d24c
- Require crypto-policies version and new path
Petr Šabata 81d24c
- Remove bogus NSS linking
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.6p1-6.1
Petr Šabata 81d24c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jan 26 2018 Jakub Jelen <jjelen@redhat.com> - 7.6p1-6 + 0.10.3-3
Petr Šabata 81d24c
- Rebuild for gcc bug on i386 (#1536555)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jan 25 2018 Florian Weimer <fweimer@redhat.com> - 7.6p1-5.2
Petr Šabata 81d24c
- Rebuild to work around gcc bug leading to sshd miscompilation (#1538648)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 7.6p1-5.1.1
Petr Šabata 81d24c
- Rebuilt for switch to libxcrypt
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jan 17 2018 Jakub Jelen <jjelen@redhat.com> - 7.6p1-5 + 0.10.3-3
Petr Šabata 81d24c
- Drop support for TCP wrappers (#1530163)
Petr Šabata 81d24c
- Do not pass hostnames to audit -- UseDNS is usually disabled (#1534577)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Dec 14 2017 Jakub Jelen <jjelen@redhat.com> - 7.6p1-4 + 0.10.3-3
Petr Šabata 81d24c
- Whitelist gettid() syscall in seccomp filter (#1524392)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Dec 11 2017 Jakub Jelen <jjelen@redhat.com> - 7.6p1-3 + 0.10.3-3
Petr Šabata 81d24c
- Do not segfault during audit cleanup (#1524233)
Petr Šabata 81d24c
- Avoid gcc warnings about uninitialized variables
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Nov 22 2017 Jakub Jelen <jjelen@redhat.com> - 7.6p1-2 + 0.10.3-3
Petr Šabata 81d24c
- Do not build everything against libldap
Petr Šabata 81d24c
- Do not segfault for ECC keys in PKCS#11
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Oct 19 2017 Jakub Jelen <jjelen@redhat.com> - 7.6p1-1 + 0.10.3-3
Petr Šabata 81d24c
- New upstream release OpenSSH 7.6
Petr Šabata 81d24c
- Addressing review remarks for OpenSSL 1.1.0 patch
Petr Šabata 81d24c
- Fix PermitOpen bug in OpenSSH 7.6
Petr Šabata 81d24c
- Drop support for ExposeAuthenticationMethods option
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Sep 11 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-6 + 0.10.3-2
Petr Šabata 81d24c
- Do not export KRB5CCNAME if the default path is used (#1199363)
Petr Šabata 81d24c
- Add enablement for openssl-ibmca and openssl-ibmpkcs11 (#1477636)
Petr Šabata 81d24c
- Add new GSSAPI kex algorithms with SHA-2, but leave them disabled for now
Petr Šabata 81d24c
- Enforce pam_sepermit for all logins in SSH (#1492313)
Petr Šabata 81d24c
- Remove pam_reauthorize, since it is not needed by cockpit anymore (#1492313)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Aug 14 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-5 + 0.10.3-2
Petr Šabata 81d24c
- Another less-intrusive approach to crypto policy (#1479271)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Aug 01 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-4 + 0.10.3-2
Petr Šabata 81d24c
- Remove SSH-1 subpackage for Fedora 27 (#1474942)
Petr Šabata 81d24c
- Follow system-wide crypto policy in server (#1479271)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.5p1-3.1
Petr Šabata 81d24c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jun 30 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-2 + 0.10.3-2
Petr Šabata 81d24c
- Sync downstream patches with RHEL (FIPS)
Petr Šabata 81d24c
- Resolve potential issues with OpenSSL 1.1.0 patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Mar 22 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-2 + 0.10.3-2
Petr Šabata 81d24c
- Fix various after-release typos including failed build in s390x (#1434341)
Petr Šabata 81d24c
- Revert chroot magic with SELinux
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Mar 20 2017 Jakub Jelen <jjelen@redhat.com> - 7.5p1-1 + 0.10.3-2
Petr Šabata 81d24c
- New upstream release
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Mar 03 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-4 + 0.10.3-1
Petr Šabata 81d24c
- Avoid sending the SD_NOTIFY messages from wrong processes (#1427526)
Petr Šabata 81d24c
- Address reports by coverity
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 20 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-3 + 0.10.3-1
Petr Šabata 81d24c
- Properly report errors from included files (#1408558)
Petr Šabata 81d24c
- New pam_ssh_agent_auth 0.10.3 release
Petr Šabata 81d24c
- Switch to SD_NOTIFY to make systemd happy
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 06 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-2 + 0.10.2-5
Petr Šabata 81d24c
- Fix ssh-agent cert signing error (#1416584)
Petr Šabata 81d24c
- Fix wrong path to crypto policies
Petr Šabata 81d24c
- Attempt to resolve issue with systemd
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jan 03 2017 Jakub Jelen <jjelen@redhat.com> - 7.4p1-1 + 0.10.2-5
Petr Šabata 81d24c
- New upstream release (#1406204)
Petr Šabata 81d24c
- Cache supported OIDs for GSSAPI key exchange (#1395288)
Petr Šabata 81d24c
- Fix typo causing heap corruption (use-after-free) (#1409433)
Petr Šabata 81d24c
- Prevent hangs with long MOTD
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Dec 08 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-7 + 0.10.2-4
Petr Šabata 81d24c
- Properly deserialize received RSA certificates in ssh-agent (#1402029)
Petr Šabata 81d24c
- Move MAX_DISPLAYS to a configuration option
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Nov 16 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-6 + 0.10.2-4
Petr Šabata 81d24c
- GSSAPI requires futex syscall in privsep child (#1395288)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Oct 27 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-5 + 0.10.2-4
Petr Šabata 81d24c
- Build against OpenSSL 1.1.0 with compat changes
Petr Šabata 81d24c
- Recommend crypto-policies
Petr Šabata 81d24c
- Fix chroot dropping capabilities (#1386755)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Sep 29 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-4 + 0.10.2-4
Petr Šabata 81d24c
- Fix NULL dereference (#1380297)
Petr Šabata 81d24c
- Include client Crypto Policy (#1225752)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Aug 15 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-3 + 0.10.2-4
Petr Šabata 81d24c
- Proper content of included configuration file
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Aug 09 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-2 + 0.10.2-4
Petr Šabata 81d24c
- Fix permissions on the include directory (#1365270)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Aug 02 2016 Jakub Jelen <jjelen@redhat.com> - 7.3p1-1 + 0.10.2-4
Petr Šabata 81d24c
- New upstream release (#1362156)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jul 26 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-11 + 0.10.2-3
Petr Šabata 81d24c
- Remove slogin and sshd-keygen (#1359762)
Petr Šabata 81d24c
- Prevent guest_t from running sudo (#1357860)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jul 18 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-10 + 0.10.2-3
Petr Šabata 81d24c
- CVE-2016-6210: User enumeration via covert timing channel (#1357443)
Petr Šabata 81d24c
- Expose more information about authentication to PAM
Petr Šabata 81d24c
- Make closefrom() ignore softlinks to the /dev/ devices on s390
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jul 01 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-9 + 0.10.2-3
Petr Šabata 81d24c
- Fix wrong detection of UseLogin in server configuration (#1350347)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jun 24 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-8 + 0.10.2-3
Petr Šabata 81d24c
- Enable seccomp filter for MIPS architectures
Petr Šabata 81d24c
- UseLogin=yes is not supported in Fedora
Petr Šabata 81d24c
- SFTP server forced permissions should restore umask
Petr Šabata 81d24c
- pam_ssh_agent_auth: Fix conflict bewteen two getpwuid() calls (#1349551)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jun 06 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-7
Petr Šabata 81d24c
- Fix regression in certificate-based authentication (#1333498)
Petr Šabata 81d24c
- Check for real location of .k5login file (#1328243)
Petr Šabata 81d24c
- Fix unchecked dereference in pam_ssh_agent_auth
Petr Šabata 81d24c
- Clean up old patches
Petr Šabata 81d24c
- Build with seccomp filter on ppc64(le) (#1195065)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Apr 29 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-6 + 0.10.2-3
Petr Šabata 81d24c
- Add legacy sshd-keygen for anaconda (#1331077)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Apr 22 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-5 + 0.10.2-3
Petr Šabata 81d24c
- CVE-2015-8325: ignore PAM environment vars when UseLogin=yes (#1328013)
Petr Šabata 81d24c
- Fix typo in sysconfig/sshd (#1325535)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Apr 15 2016 Jakub Jelen <jjelen@redhat.com> - 7.2p2-4 + 0.10.2-3
Petr Šabata 81d24c
- Revise socket activation and services dependencies (#1325535)
Petr Šabata 81d24c
- Drop unused init script
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Apr 13 2016 Jakub Jelen <jjelen@redhat.com> 7.2p2-3 + 0.10.2-3
Petr Šabata 81d24c
- Make sshd-keygen comply with packaging guidelines (#1325535)
Petr Šabata 81d24c
- Soft-deny socket() syscall in seccomp sandbox (#1324493)
Petr Šabata 81d24c
- Remove *sha1 Kex in FIPS mode (#1324493)
Petr Šabata 81d24c
- Remove *gcm ciphers in FIPS mode (#1324493)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Apr 06 2016 Jakub Jelen <jjelen@redhat.com> 7.2p2-2 + 0.10.2-3
Petr Šabata 81d24c
- Fix GSSAPI Key Exchange according to RFC (#1323622)
Petr Šabata 81d24c
- Remove init.d/functions dependency from sshd-keygen (#1317722)
Petr Šabata 81d24c
- Do not use MD5 in pam_ssh_agent_auth in FIPS mode
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar 10 2016 Jakub Jelen <jjelen@redhat.com> 7.2p2-1 + 0.10.2-3
Petr Šabata 81d24c
- New upstream (security) release (#1316529)
Petr Šabata 81d24c
- Clean up audit patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar 03 2016 Jakub Jelen <jjelen@redhat.com> 7.2p1-2 + 0.10.2-2
Petr Šabata 81d24c
- Restore slogin symlinks to preserve backward compatibility
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 29 2016 Jakub Jelen <jjelen@redhat.com> 7.2p1-1 + 0.10.2-2
Petr Šabata 81d24c
- New upstream release (#1312870)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Feb 24 2016 Jakub Jelen <jjelen@redhat.com> 7.1p2-4.1 + 0.10.2-1
Petr Šabata 81d24c
- Fix race condition in auditing events when using multiplexing (#1308295)
Petr Šabata 81d24c
- Fix X11 forwarding CVE according to upstream
Petr Šabata 81d24c
- Fix problem when running without privsep (#1303910)
Petr Šabata 81d24c
- Remove hard glob limit in SFTP
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 7.1p2-3.1
Petr Šabata 81d24c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sat Jan 30 2016 Jakub Jelen <jjelen@redhat.com> 7.1p2-3 + 0.10.2-1
Petr Šabata 81d24c
- Fix segfaults with pam_ssh_agent_auth (#1303036)
Petr Šabata 81d24c
- Silently disable X11 forwarding on problems
Petr Šabata 81d24c
- Systemd service should be forking to detect immediate failures
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jan 25 2016 Jakub Jelen <jjelen@redhat.com> 7.1p2-2 + 0.10.2-1
Petr Šabata 81d24c
- Rebased to recent version of pam_ssh_agent_auth
Petr Šabata 81d24c
- Upstream fix for CVE-2016-1908
Petr Šabata 81d24c
- Remove useless defattr
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jan 14 2016 Jakub Jelen <jjelen@redhat.com> 7.1p2-1 + 0.9.2-9
Petr Šabata 81d24c
- New security upstream release for CVE-2016-0777
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jan 12 2016 Jakub Jelen <jjelen@redhat.com> 7.1p1-7 + 0.9.2-8
Petr Šabata 81d24c
- Change RPM define macros to global according to packaging guidelines
Petr Šabata 81d24c
- Fix wrong handling of SSH_COPY_ID_LEGACY environment variable
Petr Šabata 81d24c
- Update ssh-agent and ssh-keysign permissions (#1296724)
Petr Šabata 81d24c
- Fix few problems with alternative builds without GSSAPI or openSSL
Petr Šabata 81d24c
- Fix condition to run sshd-keygen
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Dec 18 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-6 + 0.9.2-8
Petr Šabata 81d24c
- Preserve IUTF8 tty mode flag over ssh connections (#1270248)
Petr Šabata 81d24c
- Do not require sysconfig file to start service (#1279521)
Petr Šabata 81d24c
- Update ssh-copy-id to upstream version
Petr Šabata 81d24c
- GSSAPI Key Exchange documentation improvements
Petr Šabata 81d24c
- Remove unused patches
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Nov 04 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-5 + 0.9.2-8
Petr Šabata 81d24c
- Do not set user context too many times for root logins (#1269072)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Oct 22 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-4 + 0.9.2-8
Petr Šabata 81d24c
- Review SELinux user context handling after authentication (#1269072)
Petr Šabata 81d24c
- Handle root logins the same way as other users (#1269072)
Petr Šabata 81d24c
- Audit implicit mac, if mac is covered in cipher (#1271694)
Petr Šabata 81d24c
- Increase size limit for remote glob over sftp
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Sep 25 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-3 + 0.9.2-8
Petr Šabata 81d24c
- Fix FIPS mode for DH kex (#1260253)
Petr Šabata 81d24c
- Provide full RELRO and PIE form askpass helper (#1264036)
Petr Šabata 81d24c
- Fix gssapi key exchange on server and client (#1261414)
Petr Šabata 81d24c
- Allow gss-keyex root login when without-password is set (upstream #2456)
Petr Šabata 81d24c
- Fix obsolete usage of SELinux constants (#1261496)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep 09 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-2 + 0.9.2-8
Petr Šabata 81d24c
- Fix warnings reported by gcc related to keysign and keyAlgorithms
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sat Aug 22 2015 Jakub Jelen <jjelen@redhat.com> 7.1p1-1 + 0.9.2-8
Petr Šabata 81d24c
- New upstream release
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Aug 19 2015 Jakub Jelen <jjelen@redhat.com> 7.0p1-2 + 0.9.3-7
Petr Šabata 81d24c
- Fix problem with DSA keys using pam_ssh_agent_auth (#1251777)
Petr Šabata 81d24c
- Add GSSAPIKexAlgorithms option for server and client application
Petr Šabata 81d24c
- Possibility to validate legacy systems by more fingerprints (#1249626)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Aug 12 2015 Jakub Jelen <jjelen@redhat.com> 7.0p1-1 + 0.9.3-7
Petr Šabata 81d24c
- New upstream release (#1252639)
Petr Šabata 81d24c
- Fix pam_ssh_agent_auth package (#1251777)
Petr Šabata 81d24c
- Security: Use-after-free bug related to PAM support (#1252853)
Petr Šabata 81d24c
- Security: Privilege separation weakness related to PAM support (#1252854)
Petr Šabata 81d24c
- Security: Incorrectly set TTYs to be world-writable (#1252862)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jul 28 2015 Jakub Jelen <jjelen@redhat.com> 6.9p1-4 + 0.9.3-6
Petr Šabata 81d24c
- Handle terminal control characters in scp progressmeter (#1247204)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jul 23 2015 Jakub Jelen <jjelen@redhat.com> 6.9p1-3 + 0.9.3-6
Petr Šabata 81d24c
- CVE-2015-5600: only query each keyboard-interactive device once (#1245971)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jul 15 2015 Jakub Jelen <jjelen@redhat.com> 6.9p1-2 + 0.9.3-6
Petr Šabata 81d24c
- Enable SECCOMP filter for s390* architecture (#1195065)
Petr Šabata 81d24c
- Fix race condition when multiplexing connection (#1242682)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jul 01 2015 Jakub Jelen <jjelen@redhat.com> 6.9p1-1 + 0.9.3-6
Petr Šabata 81d24c
- New upstream release (#1238253)
Petr Šabata 81d24c
- Increase limitation number of files which can be listed using glob in sftp
Petr Šabata 81d24c
- Correctly revert "PermitRootLogin no" option from upstream sources (#89216)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jun 24 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-9 + 0.9.3-5
Petr Šabata 81d24c
- Allow socketcall(SYS_SHUTDOWN) for net_child on ix86 architecture
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.8p1-8.1
Petr Šabata 81d24c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jun 08 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-8 + 0.9.3-5
Petr Šabata 81d24c
- Return stat syscall to seccomp filter (#1228323)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jun 03 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-7 + 0.9.3-5
Petr Šabata 81d24c
- Handle pam_ssh_agent_auth memory, buffers and variable sizes (#1225106)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu May 28 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-6 + 0.9.3-5
Petr Šabata 81d24c
- Resolve problem with pam_ssh_agent_auth after rebase (#1225106)
Petr Šabata 81d24c
- ssh-copy-id: tcsh doesnt work with multiline strings
Petr Šabata 81d24c
- Fix upstream memory problems
Petr Šabata 81d24c
- Add missing options in testmode output and manual pages
Petr Šabata 81d24c
- Provide LDIF version of LPK schema
Petr Šabata 81d24c
- Document required selinux boolean for working ssh-ldap-helper
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Apr 20 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-5 + 0.9.3-5
Petr Šabata 81d24c
- Fix segfault on daemon exit caused by API change (#1213423)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Apr 02 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-4 + 0.9.3-5
Petr Šabata 81d24c
- Fix audit_end_command to restore ControlPersist function (#1203900)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Mar 31 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-3 + 0.9.3-5
Petr Šabata 81d24c
- Fixed issue with GSSAPI key exchange (#1207719)
Petr Šabata 81d24c
- Add pam_namespace to sshd pam stack (based on #1125110)
Petr Šabata 81d24c
- Remove krb5-config workaround for #1203900
Petr Šabata 81d24c
- Fix handling SELinux context in MLS systems
Petr Šabata 81d24c
- Regression: solve sshd segfaults if other instance already running
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar 26 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-2 + 0.9.3-5
Petr Šabata 81d24c
- Update audit and gss patches after rebase
Petr Šabata 81d24c
- Fix reintroduced upstrem bug #1878
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Mar 24 2015 Jakub Jelen <jjelen@redhat.com> 6.8p1-1 + 0.9.3-5
Petr Šabata 81d24c
- new upstream release openssh-6.8p1 (#1203245)
Petr Šabata 81d24c
- Resolve segfault with auditing commands (#1203900)
Petr Šabata 81d24c
- Workaround krb5-config bug (#1204646)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar 12 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-11 + 0.9.3-4
Petr Šabata 81d24c
- Ability to specify LDAP filter in ldap.conf for ssh-ldap-helper
Petr Šabata 81d24c
- Fix auditing when using combination of ForceCommand and PTY
Petr Šabata 81d24c
- Add sftp option to force mode of created files (from rhel)
Petr Šabata 81d24c
- Fix tmpfiles.d entries to be more consistent (#1196807)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Mar 02 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-10 + 0.9.3-4
Petr Šabata 81d24c
- Add tmpfiles.d entries (#1196807)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Feb 27 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-9 + 0.9.3-4
Petr Šabata 81d24c
- Adjust seccomp filter for primary architectures and solve aarch64 issue (#1197051)
Petr Šabata 81d24c
- Solve issue with ssh-copy-id and keys without trailing newline (#1093168)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Feb 24 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-8 + 0.9.3-4
Petr Šabata 81d24c
- Add AArch64 support for seccomp_filter sandbox (#1195065)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 23 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-7 + 0.9.3-4
Petr Šabata 81d24c
- Fix seccomp filter on architectures without getuid32
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 23 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-6 + 0.9.3-4
Petr Šabata 81d24c
- Update seccomp filter to work on i686 architectures (#1194401)
Petr Šabata 81d24c
- Fix previous failing build (#1195065)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sun Feb 22 2015 Peter Robinson <pbrobinson@fedoraproject.org> 6.7p1-5 + 0.9.3-4
Petr Šabata 81d24c
- Only use seccomp for sandboxing on supported platforms
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Feb 20 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-4 + 0.9.3-4
Petr Šabata 81d24c
- Move cavs tests into subpackage -cavs (#1194320)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Feb 18 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-3 + 0.9.3-4
Petr Šabata 81d24c
- update coverity patch
Petr Šabata 81d24c
- make output of sshd -T more consistent (#1187521)
Petr Šabata 81d24c
- enable seccomp for sandboxing instead of rlimit (#1062953)
Petr Šabata 81d24c
- update hardening to compile on gcc5
Petr Šabata 81d24c
- Add SSH KDF CAVS test driver (#1193045)
Petr Šabata 81d24c
- Fix ssh-copy-id on non-sh remote shells (#1045191)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jan 27 2015 Jakub Jelen <jjelen@redhat.com> 6.7p1-2 + 0.9.3-4
Petr Šabata 81d24c
- fixed audit patch after rebase
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jan 20 2015 Petr Lautrbach <plautrba@redhat.com> 6.7p1-1 + 0.9.3-4
Petr Šabata 81d24c
- new upstream release openssh-6.7p1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jan 15 2015 Jakub Jelen <jjelen@redhat.com> 6.6.1p1-11.1 + 0.9.3-3
Petr Šabata 81d24c
- error message if scp when directory doesn't exist (#1142223)
Petr Šabata 81d24c
- parsing configuration file values (#1130733)
Petr Šabata 81d24c
- documentation in service and socket files for systemd (#1181593)
Petr Šabata 81d24c
- updated ldap patch (#981058)
Petr Šabata 81d24c
- fixed vendor-patchlevel
Petr Šabata 81d24c
- add new option GSSAPIEnablek5users and disable using ~/.k5users by default CVE-2014-9278 (#1170745)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Dec 19 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-10 + 0.9.3-3
Petr Šabata 81d24c
- log via monitor in chroots without /dev/log
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Dec 03 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-9 + 0.9.3-3
Petr Šabata 81d24c
- the .local domain example should be in ssh_config, not in sshd_config
Petr Šabata 81d24c
- use different values for DH for Cisco servers (#1026430)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Nov 13 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-8 + 0.9.3-3
Petr Šabata 81d24c
- fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request (#1118005)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Nov 07 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-7 + 0.9.3-3
Petr Šabata 81d24c
- correct the calculation of bytes for authctxt->krb5_ccname <ams@corefiling.com> (#1161073)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Nov 04 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-6 + 0.9.3-3
Petr Šabata 81d24c
- privsep_preauth: use SELinux context from selinux-policy (#1008580)
Petr Šabata 81d24c
- change audit trail for unknown users (mindrot#2245)
Petr Šabata 81d24c
- fix kuserok patch which checked for the existence of .k5login
Petr Šabata 81d24c
  unconditionally and hence prevented other mechanisms to be used properly
Petr Šabata 81d24c
- revert the default of KerberosUseKuserok back to yes (#1153076)
Petr Šabata 81d24c
- ignore SIGXFSZ in postauth monitor (mindrot#2263)
Petr Šabata 81d24c
- sshd-keygen - don't generate DSA and ED25519 host keys in FIPS mode
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Sep 08 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-5 + 0.9.3-3
Petr Šabata 81d24c
- set a client's address right after a connection is set (mindrot#2257)
Petr Šabata 81d24c
- apply RFC3454 stringprep to banners when possible (mindrot#2058)
Petr Šabata 81d24c
- don't consider a partial success as a failure (mindrot#2270)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.6.1p1-4.1
Petr Šabata 81d24c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> 6.6.1p1-4 + 0.9.3-3
Petr Šabata 81d24c
- fix license handling (both)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jul 18 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-3 + 0.9.3-2
Petr Šabata 81d24c
- standardise on NI_MAXHOST for gethostname() string lengths (#1051490)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jul 14 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-2 + 0.9.3-2
Petr Šabata 81d24c
- add pam_reauthorize.so to sshd.pam (#1115977)
Petr Šabata 81d24c
- spec file and patches clenup
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.6.1p1-1.1
Petr Šabata 81d24c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jun 03 2014 Petr Lautrbach <plautrba@redhat.com> 6.6.1p1-1 + 0.9.3-2
Petr Šabata 81d24c
- disable the curve25519 KEX when speaking to OpenSSH 6.5 or 6.6
Petr Šabata 81d24c
- add support for ED25519 keys to sshd-keygen and sshd.sysconfig
Petr Šabata 81d24c
- drop openssh-server-sysvinit subpackage
Petr Šabata 81d24c
- slightly change systemd units logic - use sshd-keygen.service (#1066615)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jun 03 2014 Petr Lautrbach <plautrba@redhat.com> 6.6p1-1 + 0.9.3-2
Petr Šabata 81d24c
- new upstream release openssh-6.6p1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu May 15 2014 Petr Lautrbach <plautrba@redhat.com> 6.4p1-4 + 0.9.3-1
Petr Šabata 81d24c
- use SSH_COPY_ID_LEGACY variable to run ssh-copy-id in the legacy mode
Petr Šabata 81d24c
- make /etc/ssh/moduli file public (#1043661)
Petr Šabata 81d24c
- test existence of /etc/ssh/ssh_host_ecdsa_key in sshd-keygen.service
Petr Šabata 81d24c
- don't clean up gssapi credentials by default (#1055016)
Petr Šabata 81d24c
- ssh-agent - try CLOCK_BOOTTIME with fallback (#1091992)
Petr Šabata 81d24c
- prevent a server from skipping SSHFP lookup - CVE-2014-2653 (#1081338)
Petr Šabata 81d24c
- ignore environment variables with embedded '=' or '\0' characters - CVE-2014-2532
Petr Šabata 81d24c
  (#1077843)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Dec 11 2013 Petr Lautrbach <plautrba@redhat.com> 6.4p1-3 + 0.9.3-1
Petr Šabata 81d24c
- sshd-keygen - use correct permissions on ecdsa host key (#1023945)
Petr Šabata 81d24c
- use only rsa and ecdsa host keys by default
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Nov 26 2013 Petr Lautrbach <plautrba@redhat.com> 6.4p1-2 + 0.9.3-1
Petr Šabata 81d24c
- fix fatal() cleanup in the audit patch (#1029074)
Petr Šabata 81d24c
- fix parsing logic of ldap.conf file (#1033662)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Nov 08 2013 Petr Lautrbach <plautrba@redhat.com> 6.4p1-1 + 0.9.3-1
Petr Šabata 81d24c
- new upstream release
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Nov 01 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-5 + 0.9.3-7
Petr Šabata 81d24c
- adjust gss kex mechanism to the upstream changes (#1024004)
Petr Šabata 81d24c
- don't use xfree in pam_ssh_agent_auth sources <geertj@gmail.com> (#1024965)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Oct 25 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-4 + 0.9.3-6
Petr Šabata 81d24c
- rebuild with the openssl with the ECC support
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Oct 24 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-3 + 0.9.3-6
Petr Šabata 81d24c
- don't use SSH_FP_MD5 for fingerprints in FIPS mode
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Oct 23 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-2 + 0.9.3-6
Petr Šabata 81d24c
- use default_ccache_name from /etc/krb5.conf for a kerberos cache (#991186)
Petr Šabata 81d24c
- increase the size of the Diffie-Hellman groups (#1010607)
Petr Šabata 81d24c
- sshd-keygen to generate ECDSA keys <i.grok@comcast.net> (#1019222)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Oct 15 2013 Petr Lautrbach <plautrba@redhat.com> 6.3p1-1.1 + 0.9.3-6
Petr Šabata 81d24c
- new upstream release (#1007769)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Oct 08 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-9 + 0.9.3-5
Petr Šabata 81d24c
- use dracut-fips package to determine if a FIPS module is installed
Petr Šabata 81d24c
- revert -fips subpackages and hmac files suffixes
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep 25 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-8 + 0.9.3-5
Petr Šabata 81d24c
- sshd-keygen: generate only RSA keys by default (#1010092)
Petr Šabata 81d24c
- use dist tag in suffixes for hmac checksum files
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep 11 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-7 + 0.9.3-5
Petr Šabata 81d24c
- use hmac_suffix for ssh{,d} hmac checksums
Petr Šabata 81d24c
- bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A
Petr Šabata 81d24c
- automatically restart sshd.service on-failure after 42s interval
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Aug 29 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-6.1 + 0.9.3-5
Petr Šabata 81d24c
- add -fips subpackages that contains the FIPS module files
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jul 31 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-5 + 0.9.3-5
Petr Šabata 81d24c
- gssapi credentials need to be stored before a pam session opened (#987792)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jul 23 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-4 + 0.9.3-5
Petr Šabata 81d24c
- don't show Success for EAI_SYSTEM (#985964)
Petr Šabata 81d24c
- make sftp's libedit interface marginally multibyte aware (#841771)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jun 17 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-3 + 0.9.3-5
Petr Šabata 81d24c
- move default gssapi cache to /run/user/<uid> (#848228)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue May 21 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-2 + 0.9.3-5
Petr Šabata 81d24c
- add socket activated sshd units to the package (#963268)
Petr Šabata 81d24c
- fix the example in the HOWTO.ldap-keys
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon May 20 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p2-1 + 0.9.3-5
Petr Šabata 81d24c
- new upstream release (#963582)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Apr 17 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-4 + 0.9.3-4
Petr Šabata 81d24c
- don't use export in sysconfig file (#953111)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Apr 16 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-3 + 0.9.3-4
Petr Šabata 81d24c
- sshd.service: use KillMode=process (#890376)
Petr Šabata 81d24c
- add latest config.{sub,guess} to support aarch64 (#926284)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Apr 09 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-2 + 0.9.3-4
Petr Šabata 81d24c
- keep track of which IndentityFile options were manually supplied and
Petr Šabata 81d24c
  which were default options, and don't warn if the latter are missing.
Petr Šabata 81d24c
  (mindrot#2084)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Apr 09 2013 Petr Lautrbach <plautrba@redhat.com> 6.2p1-1 + 0.9.3-4
Petr Šabata 81d24c
- new upstream release (#924727)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Mar 06 2013 Petr Lautrbach <plautrba@redhat.com> 6.1p1-7 + 0.9.3-3
Petr Šabata 81d24c
- use SELinux type sshd_net_t for [net] childs (#915085)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Feb 14 2013 Petr Lautrbach <plautrba@redhat.com> 6.1p1-6 + 0.9.3-3
Petr Šabata 81d24c
- fix AuthorizedKeysCommand option
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Feb 08 2013 Petr Lautrbach <plautrba@redhat.com> 6.1p1-5 + 0.9.3-3
Petr Šabata 81d24c
- change default value of MaxStartups - CVE-2010-5107 (#908707)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Dec 03 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-4 + 0.9.3-3
Petr Šabata 81d24c
- fix segfault in openssh-5.8p2-force_krb.patch (#882541)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Dec 03 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-3 + 0.9.3-3
Petr Šabata 81d24c
- replace RequiredAuthentications2 with AuthenticationMethods based on upstream
Petr Šabata 81d24c
- obsolete RequiredAuthentications[12] options
Petr Šabata 81d24c
- fix openssh-6.1p1-privsep-selinux.patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Oct 26 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-2
Petr Šabata 81d24c
- add SELinux comment to /etc/ssh/sshd_config about SELinux command to modify port (#861400)
Petr Šabata 81d24c
- drop required chkconfig (#865498)
Petr Šabata 81d24c
- drop openssh-5.9p1-sftp-chroot.patch (#830237)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sat Sep 15 2012 Petr Lautrbach <plautrba@redhat.com> 6.1p1-1 + 0.9.3-3
Petr Šabata 81d24c
- new upstream release (#852651)
Petr Šabata 81d24c
- use DIR: kerberos type cache (#848228)
Petr Šabata 81d24c
- don't use chroot_user_t for chrooted users (#830237)
Petr Šabata 81d24c
- replace scriptlets with systemd macros (#850249)
Petr Šabata 81d24c
- don't use /bin and /sbin paths (#856590)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Aug 06 2012 Petr Lautrbach <plautrba@redhat.com> 6.0p1-1 + 0.9.3-2
Petr Šabata 81d24c
- new upstream release
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Aug 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-26 + 0.9.3-1
Petr Šabata 81d24c
- change SELinux context also for root user (#827109)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jul 27 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-25 + 0.9.3-1
Petr Šabata 81d24c
- fix various issues in openssh-5.9p1-required-authentications.patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jul 17 2012 Tomas Mraz <tmraz@redhat.com> 5.9p1-24 + 0.9.3-1
Petr Šabata 81d24c
- allow sha256 and sha512 hmacs in the FIPS mode
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jun 22 2012 Tomas Mraz <tmraz@redhat.com> 5.9p1-23 + 0.9.3-1
Petr Šabata 81d24c
- fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent
Petr Šabata 81d24c
  is not running, most probably not exploitable
Petr Šabata 81d24c
- update pam_ssh_agent_auth to 0.9.3 upstream version
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Apr 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-22 + 0.9.2-32
Petr Šabata 81d24c
- don't create RSA1 key in FIPS mode
Petr Šabata 81d24c
- don't install sshd-keygen.service (#810419)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Mar 30 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-21 + 0.9.2-32
Petr Šabata 81d24c
- fix various issues in openssh-5.9p1-required-authentications.patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Mar 21 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-20 + 0.9.2-32
Petr Šabata 81d24c
- Fix dependencies in systemd units, don't enable sshd-keygen.service (#805338)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Feb 22 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-19 + 0.9.2-32
Petr Šabata 81d24c
- Look for x11 forward sockets with AI_ADDRCONFIG flag getaddrinfo (#735889)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-18 + 0.9.2-32
Petr Šabata 81d24c
- replace TwoFactorAuth with RequiredAuthentications[12]
Petr Šabata 81d24c
  https://bugzilla.mindrot.org/show_bug.cgi?id=983
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jan 31 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-17 + 0.9.2-32
Petr Šabata 81d24c
- run privsep slave process as the users SELinux context (#781634)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Dec 13 2011 Tomas Mraz <tmraz@redhat.com> 5.9p1-16 + 0.9.2-32
Petr Šabata 81d24c
- add CAVS test driver for the aes-ctr ciphers
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sun Dec 11 2011 Tomas Mraz <tmraz@redhat.com> 5.9p1-15 + 0.9.2-32
Petr Šabata 81d24c
- enable aes-ctr ciphers use the EVP engines from OpenSSL such as the AES-NI
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Dec 06 2011 Petr Lautrbach <plautrba@redhat.com> 5.9p1-14 + 0.9.2-32
Petr Šabata 81d24c
- warn about unsupported option UsePAM=no (#757545)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Nov 21 2011 Tomas Mraz <tmraz@redhat.com> - 5.9p1-13 + 0.9.2-32
Petr Šabata 81d24c
- add back the restorecon call to ssh-copy-id - it might be needed on older
Petr Šabata 81d24c
  distributions (#739989)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Nov 18 2011 Tomas Mraz <tmraz@redhat.com> - 5.9p1-12 + 0.9.2-32
Petr Šabata 81d24c
- still support /etc/sysconfig/sshd loading in sshd service (#754732)
Petr Šabata 81d24c
- fix incorrect key permissions generated by sshd-keygen script (#754779)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Oct 14 2011 Tomas Mraz <tmraz@redhat.com> - 5.9p1-11 + 0.9.2-32
Petr Šabata 81d24c
- remove unnecessary requires on initscripts
Petr Šabata 81d24c
- set VerifyHostKeyDNS to ask in the default configuration (#739856)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Sep 19 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-10 + 0.9.2-32
Petr Šabata 81d24c
- selinux sandbox rewrite
Petr Šabata 81d24c
- two factor authentication tweaking
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-9 + 0.9.2-32
Petr Šabata 81d24c
- coverity upgrade
Petr Šabata 81d24c
- wipe off nonfunctional nss
Petr Šabata 81d24c
- selinux sandbox tweaking
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Sep 13 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-8 + 0.9.2-32
Petr Šabata 81d24c
- coverity upgrade
Petr Šabata 81d24c
- experimental selinux sandbox
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Sep 13 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-7 + 0.9.2-32
Petr Šabata 81d24c
- fully reanable auditing
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Sep 12 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-6 + 0.9.2-32
Petr Šabata 81d24c
- repair signedness in akc patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Sep 12 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-5 + 0.9.2-32
Petr Šabata 81d24c
- temporarily disable part of audit4 patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Sep  9 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-3 + 0.9.2-32
Petr Šabata 81d24c
- Coverity second pass
Petr Šabata 81d24c
- Reenable akc patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Sep  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-2 + 0.9.2-32
Petr Šabata 81d24c
- Coverity first pass
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep  7 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-1 + 0.9.2-32
Petr Šabata 81d24c
- Rebase to 5.9p1
Petr Šabata 81d24c
- Add chroot sftp patch
Petr Šabata 81d24c
- Add two factor auth patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Aug 23 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-21 + 0.9.2-31
Petr Šabata 81d24c
- ignore SIGPIPE in ssh keyscan
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Aug  9 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-20 + 0.9.2-31
Petr Šabata 81d24c
- save ssh-askpass's debuginfo
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Aug  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-19 + 0.9.2-31
Petr Šabata 81d24c
- compile ssh-askpass with corect CFLAGS
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Aug  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-18 + 0.9.2-31
Petr Šabata 81d24c
- improve selinux's change context log 
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Aug  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-17 + 0.9.2-31
Petr Šabata 81d24c
- repair broken man pages
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jul 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-16 + 0.9.2-31
Petr Šabata 81d24c
- rebuild due to broken rpmbiild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jul 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-15 + 0.9.2-31
Petr Šabata 81d24c
- Do not change context when run under unconfined_t
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jul 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-14 + 0.9.2-31
Petr Šabata 81d24c
- Add postlogin to pam. (#718807)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jun 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-12 + 0.9.2-31
Petr Šabata 81d24c
- Systemd compatibility according to Mathieu Bridon <bochecha@fedoraproject.org>
Petr Šabata 81d24c
- Split out the host keygen into their own command, to ease future migration
Petr Šabata 81d24c
  to systemd. Compatitbility with the init script was kept.
Petr Šabata 81d24c
- Migrate the package to full native systemd unit files, according to the Fedora
Petr Šabata 81d24c
  packaging guidelines.
Petr Šabata 81d24c
- Prepate the unit files for running an ondemand server. (do not add it actually)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jun 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-10 + 0.9.2-31
Petr Šabata 81d24c
- Mention IPv6 usage in man pages
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jun 20 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-9 + 0.9.2-31
Petr Šabata 81d24c
- Improve init script
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jun 16 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-7 + 0.9.2-31
Petr Šabata 81d24c
- Add possibility to compile openssh without downstream patches
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jun  9 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-6 + 0.9.2-31
Petr Šabata 81d24c
- remove stale control sockets (#706396)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue May 31 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-5 + 0.9.2-31
Petr Šabata 81d24c
- improove entropy manuals
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri May 27 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-4 + 0.9.2-31
Petr Šabata 81d24c
- improove entropy handling
Petr Šabata 81d24c
- concat ldap patches
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue May 24 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-3 + 0.9.2-31
Petr Šabata 81d24c
- improove ldap manuals
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon May 23 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-2 + 0.9.2-31
Petr Šabata 81d24c
- add gssapi forced command
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue May  3 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-1 + 0.9.2-31
Petr Šabata 81d24c
- update the openssh version
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Apr 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-34 + 0.9.2-30
Petr Šabata 81d24c
- temporarily disabling systemd units
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Apr 27 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-33 + 0.9.2-30
Petr Šabata 81d24c
- add flags AI_V4MAPPED and AI_ADDRCONFIG to getaddrinfo
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Apr 26 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-32 + 0.9.2-30
Petr Šabata 81d24c
- update scriptlets
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Apr 22 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-30 + 0.9.2-30
Petr Šabata 81d24c
- add systemd units
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Apr 22 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-28 + 0.9.2-30
Petr Šabata 81d24c
- improving sshd -> passwd transation
Petr Šabata 81d24c
- add template for .local domain to sshd_config
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Apr 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-27 + 0.9.2-30
Petr Šabata 81d24c
- the private keys may be 640 root:ssh_keys ssh_keysign is sgid
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Apr 20 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-26 + 0.9.2-30
Petr Šabata 81d24c
- improving sshd -> passwd transation
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Apr  5 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-25 + 0.9.2-30
Petr Šabata 81d24c
- the intermediate context is set to sshd_sftpd_t
Petr Šabata 81d24c
- do not crash in packet.c if no connection
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar 31 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-24 + 0.9.2-30
Petr Šabata 81d24c
- resolve warnings in port_linux.c
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Mar 29 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-23 + 0.9.2-30
Petr Šabata 81d24c
- add /etc/sysconfig/sshd
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Mar 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-22 + 0.9.2-30
Petr Šabata 81d24c
- improve reseeding and seed source (documentation)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Mar 22 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-20 + 0.9.2-30
Petr Šabata 81d24c
- use /dev/random or /dev/urandom for seeding prng
Petr Šabata 81d24c
- improve periodical reseeding of random generator
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-18 + 0.9.2-30
Petr Šabata 81d24c
- add periodical reseeding of random generator 
Petr Šabata 81d24c
- change selinux contex for internal sftp in do_usercontext
Petr Šabata 81d24c
- exit(0) after sigterm
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar 10 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-17 + 0.9.2-30
Petr Šabata 81d24c
- improove ssh-ldap (documentation)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Mar  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-16 + 0.9.2-30
Petr Šabata 81d24c
- improve session keys audit
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Mar  7 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-15 + 0.9.2-30
Petr Šabata 81d24c
- CVE-2010-4755
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Mar  4 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-14 + 0.9.2-30
Petr Šabata 81d24c
- improove ssh-keycat (documentation)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar  3 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-13 + 0.9.2-30
Petr Šabata 81d24c
- improve audit of logins and auths
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Mar  1 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-12 + 0.9.2-30
Petr Šabata 81d24c
- improove ssk-keycat
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-11 + 0.9.2-30
Petr Šabata 81d24c
- add ssk-keycat
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Feb 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-10 + 0.9.2-30
Petr Šabata 81d24c
- reenable auth-keys ldap backend
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Feb 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-9 + 0.9.2-30
Petr Šabata 81d24c
- another audit improovements
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Feb 24 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-8 + 0.9.2-30
Petr Šabata 81d24c
- another audit improovements
Petr Šabata 81d24c
- switchable fingerprint mode
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Feb 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-4 + 0.9.2-30
Petr Šabata 81d24c
- improve audit of server key management
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Feb 16 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-3 + 0.9.2-30
Petr Šabata 81d24c
- improve audit of logins and auths
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-1 + 0.9.2-30
Petr Šabata 81d24c
- bump openssh version to 5.8p1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.6p1-30.1
Petr Šabata 81d24c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb  7 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-30 + 0.9.2-29
Petr Šabata 81d24c
- clean the data structures in the non privileged process
Petr Šabata 81d24c
- clean the data structures when roaming
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Feb  2 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-28 + 0.9.2-29
Petr Šabata 81d24c
- clean the data structures in the privileged process
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jan 25 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-25 + 0.9.2-29
Petr Šabata 81d24c
- clean the data structures before exit net process
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jan 17 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-24 + 0.9.2-29
Petr Šabata 81d24c
- make audit compatible with the fips mode
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jan 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-23 + 0.9.2-29
Petr Šabata 81d24c
- add audit of destruction the server keys
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jan 12 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-22 + 0.9.2-29
Petr Šabata 81d24c
- add audit of destruction the session keys
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Dec 10 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-21 + 0.9.2-29
Petr Šabata 81d24c
- reenable run sshd as non root user
Petr Šabata 81d24c
- renable rekeying
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Nov 24 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-20 + 0.9.2-29
Petr Šabata 81d24c
- reapair clientloop crash (#627332)
Petr Šabata 81d24c
- properly restore euid in case connect to the ssh-agent socket fails
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Nov 22 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-19 + 0.9.2-28
Petr Šabata 81d24c
- striped read permissions from suid and sgid binaries
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Nov 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-18 + 0.9.2-27
Petr Šabata 81d24c
- used upstream version of the biguid patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Nov 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-17 + 0.9.2-27
Petr Šabata 81d24c
- improoved kuserok patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Nov  5 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-16 + 0.9.2-27
Petr Šabata 81d24c
- add auditing the host based key ussage
Petr Šabata 81d24c
- repait X11 abstract layer socket (#648896)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Nov  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-15 + 0.9.2-27
Petr Šabata 81d24c
- add auditing the kex result
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Nov  2 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-14 + 0.9.2-27
Petr Šabata 81d24c
- add auditing the key ussage
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Oct 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-12 + 0.9.2-27
Petr Šabata 81d24c
- update gsskex patch (#645389)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Oct 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-11 + 0.9.2-27
Petr Šabata 81d24c
- rebase linux audit according to upstream
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Oct  1 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-10 + 0.9.2-27
Petr Šabata 81d24c
- add missing headers to linux audit
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-9 + 0.9.2-27
Petr Šabata 81d24c
- audit module now uses openssh audit framevork
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-8 + 0.9.2-27
Petr Šabata 81d24c
- Add the GSSAPI kuserok switch to the kuserok patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-7 + 0.9.2-27
Petr Šabata 81d24c
- Repaired the kuserok patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-6 + 0.9.2-27
Petr Šabata 81d24c
- Repaired the problem with puting entries with very big uid into lastlog
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-5 + 0.9.2-27
Petr Šabata 81d24c
- Merging selabel patch with the upstream version. (#632914)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-4 + 0.9.2-27
Petr Šabata 81d24c
- Tweaking selabel patch to work properly without selinux rules loaded. (#632914)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep  8 2010 Tomas Mraz <tmraz@redhat.com> - 5.6p1-3 + 0.9.2-27
Petr Šabata 81d24c
- Make fipscheck hmacs compliant with FHS - requires new fipscheck
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Sep  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-2 + 0.9.2-27
Petr Šabata 81d24c
- Added -z relro -z now to LDFLAGS
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Sep  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-1 + 0.9.2-27
Petr Šabata 81d24c
- Rebased to openssh5.6p1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jul  7 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-18 + 0.9.2-26
Petr Šabata 81d24c
- merged with newer bugzilla's version of authorized keys command patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jun 30 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-17 + 0.9.2-26
Petr Šabata 81d24c
- improved the x11 patch according to upstream (#598671)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jun 25 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-16 + 0.9.2-26
Petr Šabata 81d24c
- improved the x11 patch (#598671)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jun 24 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-15 + 0.9.2-26
Petr Šabata 81d24c
- changed _PATH_UNIX_X to unexistent file name (#598671)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jun 23 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-14 + 0.9.2-26
Petr Šabata 81d24c
- sftp works in deviceless chroot again (broken from 5.5p1-3)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jun  8 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-13 + 0.9.2-26
Petr Šabata 81d24c
- add option to switch out krb5_kuserok
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri May 21 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-12 + 0.9.2-26
Petr Šabata 81d24c
- synchronize uid and gid for the user sshd
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu May 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-11 + 0.9.2-26
Petr Šabata 81d24c
- Typo in ssh-ldap.conf(5) and ssh-ladap-helper(8)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri May 14 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-10 + 0.9.2-26
Petr Šabata 81d24c
- Repair the reference in man ssh-ldap-helper(8)
Petr Šabata 81d24c
- Repair the PubkeyAgent section in sshd_config(5)
Petr Šabata 81d24c
- Provide example ldap.conf
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu May 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-9 + 0.9.2-26
Petr Šabata 81d24c
- Make the Ldap configuration widely compatible
Petr Šabata 81d24c
- create the aditional docs for LDAP support.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu May  6 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-8 + 0.9.2-26
Petr Šabata 81d24c
- Make LDAP config elements TLS_CACERT and TLS_REQCERT compatiple with pam_ldap (#589360)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu May  6 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-7 + 0.9.2-26
Petr Šabata 81d24c
- Make LDAP config element tls_checkpeer compatiple with nss_ldap (#589360)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue May  4 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-6 + 0.9.2-26
Petr Šabata 81d24c
- Comment spec.file
Petr Šabata 81d24c
- Sync patches from upstream
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon May  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-5 + 0.9.2-26
Petr Šabata 81d24c
- Create separate ldap package
Petr Šabata 81d24c
- Tweak the ldap patch
Petr Šabata 81d24c
- Rename stderr patch properly
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Apr 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-4 + 0.9.2-26
Petr Šabata 81d24c
- Added LDAP support
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Apr 26 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-3 + 0.9.2-26
Petr Šabata 81d24c
- Ignore .bashrc output to stderr in the subsystems
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Apr 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-2 + 0.9.2-26
Petr Šabata 81d24c
- Drop dependency on man
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Apr 16 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-1 + 0.9.2-26
Petr Šabata 81d24c
- Update to 5.5p1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Mar 12 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-3 + 0.9.2-25
Petr Šabata 81d24c
- repair configure script of pam_ssh_agent
Petr Šabata 81d24c
- repair error mesage in ssh-keygen
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Mar 12 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-2
Petr Šabata 81d24c
- source krb5-devel profile script only if exists
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Mar  9 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-1
Petr Šabata 81d24c
- Update to 5.4p1
Petr Šabata 81d24c
- discontinued support for nss-keys
Petr Šabata 81d24c
- discontinued support for scard
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Mar  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.4p1-0.snap20100302.1
Petr Šabata 81d24c
- Prepare update to 5.4p1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-22
Petr Šabata 81d24c
- ImplicitDSOLinking (#564824)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jan 29 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-21
Petr Šabata 81d24c
- Allow to use hardware crypto if awailable (#559555)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jan 25 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-20
Petr Šabata 81d24c
- optimized FD_CLOEXEC on accept socket (#541809)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jan 25 2010 Tomas Mraz <tmraz@redhat.com> - 5.3p1-19
Petr Šabata 81d24c
- updated pam_ssh_agent_auth to new version from upstream (just
Petr Šabata 81d24c
  a licence change)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jan 21 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-18
Petr Šabata 81d24c
- optimized RAND_cleanup patch (#557166)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jan 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-17
Petr Šabata 81d24c
- add RAND_cleanup at the exit of each program using RAND (#557166)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jan 19 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-16
Petr Šabata 81d24c
- set FD_CLOEXEC on accepted socket (#541809)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jan  8 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-15
Petr Šabata 81d24c
- replaced define by global in macros
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jan  5 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-14
Petr Šabata 81d24c
- Update the pka patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Dec 21 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-13
Petr Šabata 81d24c
- Update the audit patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Dec  4 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-12
Petr Šabata 81d24c
- Add possibility to autocreate only RSA key into initscript (#533339)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Nov 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-11
Petr Šabata 81d24c
- Prepare NSS key patch for future SEC_ERROR_LOCKED_PASSWORD (#537411)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Nov 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-10
Petr Šabata 81d24c
- Update NSS key patch (#537411, #356451)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Nov 20 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-9
Petr Šabata 81d24c
- Add gssapi key exchange patch (#455351)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Nov 20 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-8
Petr Šabata 81d24c
- Add public key agent patch (#455350)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Nov  2 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-7
Petr Šabata 81d24c
- Repair canohost patch to allow gssapi to work when host is acessed via pipe proxy (#531849)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Oct 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-6
Petr Šabata 81d24c
- Modify the init script to prevent it to hang during generating the keys (#515145)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Oct 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-5
Petr Šabata 81d24c
- Add README.nss
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Oct 19 2009 Tomas Mraz <tmraz@redhat.com> - 5.3p1-4
Petr Šabata 81d24c
- Add pam_ssh_agent_auth module to a subpackage.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Oct 16 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-3
Petr Šabata 81d24c
- Reenable audit.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Oct  2 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-2
Petr Šabata 81d24c
- Upgrade to new wersion 5.3p1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Sep 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-29
Petr Šabata 81d24c
- Resolve locking in ssh-add (#491312)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Sep 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-28
Petr Šabata 81d24c
- Repair initscript to be acord to guidelines (#521860)
Petr Šabata 81d24c
- Add bugzilla# to application of edns and xmodifiers patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep 16 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-26
Petr Šabata 81d24c
- Changed pam stack to password-auth
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Sep 11 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-25
Petr Šabata 81d24c
- Dropped homechroot patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Sep  7 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-24
Petr Šabata 81d24c
- Add check for nosuid, nodev in homechroot
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Sep  1 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-23
Petr Šabata 81d24c
- add correct patch for ip-opts
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Sep  1 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-22
Petr Šabata 81d24c
- replace ip-opts patch by an upstream candidate version
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Aug 31 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-21
Petr Šabata 81d24c
- rearange selinux patch to be acceptable for upstream
Petr Šabata 81d24c
- replace seftp patch by an upstream version
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Aug 28 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-20
Petr Šabata 81d24c
- merged xmodifiers to redhat patch
Petr Šabata 81d24c
- merged gssapi-role to selinux patch
Petr Šabata 81d24c
- merged cve-2007_3102 to audit patch
Petr Šabata 81d24c
- sesftp patch only with WITH_SELINUX flag
Petr Šabata 81d24c
- rearange sesftp patch according to upstream request
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Aug 26 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-19
Petr Šabata 81d24c
- minor change in sesftp patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-18
Petr Šabata 81d24c
- rebuilt with new openssl
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jul 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-17
Petr Šabata 81d24c
- Added dnssec support. (#205842)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.2p1-16
Petr Šabata 81d24c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jul 24 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-15
Petr Šabata 81d24c
- only INTERNAL_SFTP can be home-chrooted
Petr Šabata 81d24c
- save _u and _r parts of context changing to sftpd_t
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jul 17 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-14
Petr Šabata 81d24c
- changed internal-sftp context to sftpd_t
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jul  3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-13
Petr Šabata 81d24c
- changed home length path patch to upstream version
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jun 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-12
Petr Šabata 81d24c
- create '~/.ssh/known_hosts' within proper context
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jun 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-11
Petr Šabata 81d24c
- length of home path in ssh now limited by PATH_MAX
Petr Šabata 81d24c
- correct timezone with daylight processing
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sat Jun 27 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-10
Petr Šabata 81d24c
- final version chroot %%h (sftp only)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jun 23 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-9
Petr Šabata 81d24c
- repair broken ls in chroot %%h
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jun 12 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-8
Petr Šabata 81d24c
- add XMODIFIERS to exported environment (#495690)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri May 15 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-6
Petr Šabata 81d24c
- allow only protocol 2 in the FIPS mode
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Apr 30 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-5
Petr Šabata 81d24c
- do integrity verification only on binaries which are part
Petr Šabata 81d24c
  of the OpenSSH FIPS modules
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Apr 20 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-4
Petr Šabata 81d24c
- log if FIPS mode is initialized
Petr Šabata 81d24c
- make aes-ctr cipher modes work in the FIPS mode
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Apr  3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-3
Petr Šabata 81d24c
- fix logging after chroot
Petr Šabata 81d24c
- enable non root users to use chroot %%h in internal-sftp
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Mar 13 2009 Tomas Mraz <tmraz@redhat.com> - 5.2p1-2
Petr Šabata 81d24c
- add AES-CTR ciphers to the FIPS mode proposal
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Mar  9 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-1
Petr Šabata 81d24c
- upgrade to new upstream release
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.1p1-8
Petr Šabata 81d24c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Feb 12 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-7
Petr Šabata 81d24c
- drop obsolete triggers
Petr Šabata 81d24c
- add testing FIPS mode support
Petr Šabata 81d24c
- LSBize the initscript (#247014)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jan 30 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-6
Petr Šabata 81d24c
- enable use of ssl engines (#481100)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jan 15 2009 Tomas Mraz <tmraz@redhat.com> - 5.1p1-5
Petr Šabata 81d24c
- remove obsolete --with-rsh (#478298)
Petr Šabata 81d24c
- add pam_sepermit to allow blocking confined users in permissive mode
Petr Šabata 81d24c
  (#471746)
Petr Šabata 81d24c
- move system-auth after pam_selinux in the session stack
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Dec 11 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-4
Petr Šabata 81d24c
- set FD_CLOEXEC on channel sockets (#475866)
Petr Šabata 81d24c
- adjust summary
Petr Šabata 81d24c
- adjust nss-keys patch so it is applicable without selinux patches (#470859)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Oct 17 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-3
Petr Šabata 81d24c
- fix compatibility with some servers (#466818)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jul 31 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-2
Petr Šabata 81d24c
- fixed zero length banner problem (#457326)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jul 23 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-1
Petr Šabata 81d24c
- upgrade to new upstream release
Petr Šabata 81d24c
- fixed a problem with public key authentication and explicitely
Petr Šabata 81d24c
  specified SELinux role
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed May 21 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-3
Petr Šabata 81d24c
- pass the connection socket to ssh-keysign (#447680)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon May 19 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-2
Petr Šabata 81d24c
- add LANGUAGE to accepted/sent environment variables (#443231)
Petr Šabata 81d24c
- use pam_selinux to obtain the user context instead of doing it itself
Petr Šabata 81d24c
- unbreak server keep alive settings (patch from upstream)
Petr Šabata 81d24c
- small addition to scp manpage
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Apr  7 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-1
Petr Šabata 81d24c
- upgrade to new upstream (#441066)
Petr Šabata 81d24c
- prevent initscript from killing itself on halt with upstart (#438449)
Petr Šabata 81d24c
- initscript status should show that the daemon is running
Petr Šabata 81d24c
  only when the main daemon is still alive (#430882)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar  6 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-10
Petr Šabata 81d24c
- fix race on control master and cleanup stale control socket (#436311)
Petr Šabata 81d24c
  patches by David Woodhouse
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Feb 29 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-9
Petr Šabata 81d24c
- set FD_CLOEXEC on client socket
Petr Šabata 81d24c
- apply real fix for window size problem (#286181) from upstream
Petr Šabata 81d24c
- apply fix for the spurious failed bind from upstream
Petr Šabata 81d24c
- apply open handle leak in sftp fix from upstream
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Feb 12 2008 Dennis Gilmore <dennis@ausil.us> - 4.7p1-8
Petr Šabata 81d24c
- we build for sparcv9 now  and it needs -fPIE
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jan  3 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-7
Petr Šabata 81d24c
- fix gssapi auth with explicit selinux role requested (#427303) - patch
Petr Šabata 81d24c
  by Nalin Dahyabhai
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Dec  4 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-6
Petr Šabata 81d24c
- explicitly source krb5-devel profile script
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Dec 04 2007 Release Engineering <rel-eng at fedoraproject dot org> - 4.7p1-5
Petr Šabata 81d24c
- Rebuild for openssl bump
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Nov 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-4
Petr Šabata 81d24c
- do not copy /etc/localtime into the chroot as it is not
Petr Šabata 81d24c
  necessary anymore (#193184)
Petr Šabata 81d24c
- call setkeycreatecon when selinux context is established
Petr Šabata 81d24c
- test for NULL privk when freeing key (#391871) - patch by
Petr Šabata 81d24c
  Pierre Ossman
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Sep 17 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-2
Petr Šabata 81d24c
- revert default window size adjustments (#286181)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Sep  6 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-1
Petr Šabata 81d24c
- upgrade to latest upstream
Petr Šabata 81d24c
- use libedit in sftp (#203009)
Petr Šabata 81d24c
- fixed audit log injection problem (CVE-2007-3102)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Aug  9 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-8
Petr Šabata 81d24c
- fix sftp client problems on write error (#247802)
Petr Šabata 81d24c
- allow disabling autocreation of server keys (#235466)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jun 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-7
Petr Šabata 81d24c
- experimental NSS keys support
Petr Šabata 81d24c
- correctly setup context when empty level requested (#234951)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Mar 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-6
Petr Šabata 81d24c
- mls level check must be done with default role same as requested
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Mar 19 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-5
Petr Šabata 81d24c
- make profile.d/gnome-ssh-askpass.* regular files (#226218)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Feb 27 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-4
Petr Šabata 81d24c
- reject connection if requested mls range is not obtained (#229278)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Feb 22 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-3
Petr Šabata 81d24c
- improve Buildroot
Petr Šabata 81d24c
- remove duplicate /etc/ssh from files
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jan 16 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-2
Petr Šabata 81d24c
- support mls on labeled networks (#220487)
Petr Šabata 81d24c
- support mls level selection on unlabeled networks
Petr Šabata 81d24c
- allow / in usernames in scp (only beginning /, ./, and ../ is special) 
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Dec 21 2006 Tomas Mraz <tmraz@redhat.com> - 4.5p1-1
Petr Šabata 81d24c
- update to 4.5p1 (#212606)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Nov 30 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-14
Petr Šabata 81d24c
- fix gssapi with DNS loadbalanced clusters (#216857)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Nov 28 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-13
Petr Šabata 81d24c
- improved pam_session patch so it doesn't regress, the patch is necessary
Petr Šabata 81d24c
  for the pam_session_close to be called correctly as uid 0
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Nov 10 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-12
Petr Šabata 81d24c
- CVE-2006-5794 - properly detect failed key verify in monitor (#214641)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Nov  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-11
Petr Šabata 81d24c
- merge sshd initscript patches
Petr Šabata 81d24c
- kill all ssh sessions when stop is called in halt or reboot runlevel
Petr Šabata 81d24c
- remove -TERM option from killproc so we don't race on sshd restart
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Oct  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-10
Petr Šabata 81d24c
- improve gssapi-no-spnego patch (#208102)
Petr Šabata 81d24c
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
Petr Šabata 81d24c
- CVE-2006-5051 - don't call cleanups from signal handler (#208459)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Aug 23 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-9
Petr Šabata 81d24c
- don't report duplicate syslog messages, use correct local time (#189158)
Petr Šabata 81d24c
- don't allow spnego as gssapi mechanism (from upstream)
Petr Šabata 81d24c
- fixed memleaks found by Coverity (from upstream)
Petr Šabata 81d24c
- allow ip options except source routing (#202856) (patch by HP)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Aug  8 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-8
Petr Šabata 81d24c
- drop the pam-session patch from the previous build (#201341)
Petr Šabata 81d24c
- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-7
Petr Šabata 81d24c
- dropped old ssh obsoletes
Petr Šabata 81d24c
- call the pam_session_open/close from the monitor when privsep is
Petr Šabata 81d24c
  enabled so it is always called as root (patch by Darren Tucker)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jul 17 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-6
Petr Šabata 81d24c
- improve selinux patch (by Jan Kiszka)
Petr Šabata 81d24c
- upstream patch for buffer append space error (#191940)
Petr Šabata 81d24c
- fixed typo in configure.ac (#198986)
Petr Šabata 81d24c
- added pam_keyinit to pam configuration (#198628)
Petr Šabata 81d24c
- improved error message when askpass dialog cannot grab
Petr Šabata 81d24c
  keyboard input (#198332)
Petr Šabata 81d24c
- buildrequires xauth instead of xorg-x11-xauth
Petr Šabata 81d24c
- fixed a few rpmlint warnings
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 4.3p2-5.1
Petr Šabata 81d24c
- rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Apr 14 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-5
Petr Šabata 81d24c
- don't request pseudoterminal allocation if stdin is not tty (#188983)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar  2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-4
Petr Šabata 81d24c
- allow access if audit is not compiled in kernel (#183243)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Feb 24 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-3
Petr Šabata 81d24c
- enable the subprocess in chroot to send messages to system log
Petr Šabata 81d24c
- sshd should prevent login if audit call fails
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Feb 21 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-2
Petr Šabata 81d24c
- print error from scp if not remote (patch by Bjorn Augustsson #178923)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 13 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-1
Petr Šabata 81d24c
- new version
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 4.3p1-2.1
Petr Šabata 81d24c
- bump again for double-long bug on ppc(64)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb  6 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p1-2
Petr Šabata 81d24c
- fixed another place where syslog was called in signal handler
Petr Šabata 81d24c
- pass locale environment variables to server, accept them there (#179851)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Feb  1 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p1-1
Petr Šabata 81d24c
- new version, dropped obsolete patches
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Dec 20 2005 Tomas Mraz <tmraz@redhat.com> - 4.2p1-10
Petr Šabata 81d24c
- hopefully make the askpass dialog less confusing (#174765)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
Petr Šabata 81d24c
- rebuilt
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Nov 22 2005 Tomas Mraz <tmraz@redhat.com> - 4.2p1-9
Petr Šabata 81d24c
- drop x11-ssh-askpass from the package
Petr Šabata 81d24c
- drop old build_6x ifs from spec file
Petr Šabata 81d24c
- improve gnome-ssh-askpass so it doesn't reveal number of passphrase 
Petr Šabata 81d24c
  characters to person looking at the display
Petr Šabata 81d24c
- less hackish fix for the __USE_GNU problem
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Nov 18 2005 Nalin Dahyabhai <nalin@redhat.com> - 4.2p1-8
Petr Šabata 81d24c
- work around missing gccmakedep by wrapping makedepend in a local script
Petr Šabata 81d24c
- remove now-obsolete build dependency on "xauth"
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Nov 17 2005 Warren Togami <wtogami@redhat.com> - 4.2p1-7
Petr Šabata 81d24c
- xorg-x11-devel -> libXt-devel
Petr Šabata 81d24c
- rebuild for new xauth location so X forwarding works
Petr Šabata 81d24c
- buildreq audit-libs-devel
Petr Šabata 81d24c
- buildreq automake for aclocal
Petr Šabata 81d24c
- buildreq imake for xmkmf
Petr Šabata 81d24c
-  -D_GNU_SOURCE in flags in order to get it to build
Petr Šabata 81d24c
   Ugly hack to workaround openssh defining __USE_GNU which is
Petr Šabata 81d24c
   not allowed and causes problems according to Ulrich Drepper
Petr Šabata 81d24c
   fix this the correct way after FC5test1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Nov  9 2005 Jeremy Katz <katzj@redhat.com> - 4.2p1-6
Petr Šabata 81d24c
- rebuild against new openssl
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Oct 28 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-5
Petr Šabata 81d24c
- put back the possibility to skip SELinux patch
Petr Šabata 81d24c
- add patch for user login auditing by Steve Grubb
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Oct 18 2005 Dan Walsh <dwalsh@redhat.com> 4.2p1-4
Petr Šabata 81d24c
- Change selinux patch to use get_default_context_with_rolelevel in libselinux.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Oct 13 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-3
Petr Šabata 81d24c
- Update selinux patch to use getseuserbyname
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Oct  7 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-2
Petr Šabata 81d24c
- use include instead of pam_stack in pam config
Petr Šabata 81d24c
- use fork+exec instead of system in scp - CVE-2006-0225 (#168167)
Petr Šabata 81d24c
- upstream patch for displaying authentication errors
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Sep 06 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-1
Petr Šabata 81d24c
- upgrade to a new upstream version
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Aug 16 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-5
Petr Šabata 81d24c
- use x11-ssh-askpass if openssh-askpass-gnome is not installed (#165207)
Petr Šabata 81d24c
- install ssh-copy-id from contrib (#88707)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jul 27 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-4
Petr Šabata 81d24c
- don't deadlock on exit with multiple X forwarded channels (#152432)
Petr Šabata 81d24c
- don't use X11 port which can't be bound on all IP families (#163732)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jun 29 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-3
Petr Šabata 81d24c
- fix small regression caused by the nologin patch (#161956)
Petr Šabata 81d24c
- fix race in getpeername error checking (mindrot #1054)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jun  9 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-2
Petr Šabata 81d24c
- use only pam_nologin for nologin testing
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jun  6 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-1
Petr Šabata 81d24c
- upgrade to a new upstream version
Petr Šabata 81d24c
- call pam_loginuid as a pam session module
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon May 16 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-3
Petr Šabata 81d24c
- link libselinux only to sshd (#157678)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Apr  4 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-2
Petr Šabata 81d24c
- fixed Local/RemoteForward in ssh_config.5 manpage
Petr Šabata 81d24c
- fix fatal when Local/RemoteForward is used and scp run (#153258)
Petr Šabata 81d24c
- don't leak user validity when using krb5 authentication
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar 24 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-1
Petr Šabata 81d24c
- upgrade to 4.0p1
Petr Šabata 81d24c
- remove obsolete groups patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Mar 16 2005 Elliot Lee <sopwith@redhat.com>
Petr Šabata 81d24c
- rebuilt
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 28 2005 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-12
Petr Šabata 81d24c
- rebuild so that configure can detect that krb5_init_ets is gone now
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 21 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-11
Petr Šabata 81d24c
- don't call syslog in signal handler
Petr Šabata 81d24c
- allow password authentication when copying from remote
Petr Šabata 81d24c
  to remote machine (#103364)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Feb  9 2005 Tomas Mraz <tmraz@redhat.com>
Petr Šabata 81d24c
- add spaces to messages in initscript (#138508)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Feb  8 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-10
Petr Šabata 81d24c
- enable trusted forwarding by default if X11 forwarding is 
Petr Šabata 81d24c
  required by user (#137685 and duplicates)
Petr Šabata 81d24c
- disable protocol 1 support by default in sshd server config (#88329)
Petr Šabata 81d24c
- keep the gnome-askpass dialog above others (#69131)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Feb  4 2005 Tomas Mraz <tmraz@redhat.com>
Petr Šabata 81d24c
- change permissions on pam.d/sshd to 0644 (#64697)
Petr Šabata 81d24c
- patch initscript so it doesn't kill opened sessions if
Petr Šabata 81d24c
  the sshd daemon isn't running anymore (#67624)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jan  3 2005 Bill Nottingham <notting@redhat.com> 3.9p1-9
Petr Šabata 81d24c
- don't use initlog
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Nov 29 2004 Thomas Woerner <twoerner@redhat.com> 3.9p1-8.1
Petr Šabata 81d24c
- fixed PIE build for all architectures
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Oct  4 2004 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-8
Petr Šabata 81d24c
- add a --enable-vendor-patchlevel option which allows a ShowPatchLevel option
Petr Šabata 81d24c
  to enable display of a vendor patch level during version exchange (#120285)
Petr Šabata 81d24c
- configure with --disable-strip to build useful debuginfo subpackages
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Sep 20 2004 Bill Nottingham <notting@redhat.com> 3.9p1-7
Petr Šabata 81d24c
- when using gtk2 for askpass, don't buildprereq gnome-libs-devel
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Sep 14 2004 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-6
Petr Šabata 81d24c
- build
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Sep 13 2004 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- disable ACSS support
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-5
Petr Šabata 81d24c
- Change selinux patch to use get_default_context_with_role in libselinux.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-4
Petr Šabata 81d24c
- Fix patch
Petr Šabata 81d24c
	* Bad debug statement.
Petr Šabata 81d24c
	* Handle root/sysadm_r:kerberos
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-3
Petr Šabata 81d24c
- Modify Colin Walter's patch to allow specifying rule during connection
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Aug 31 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-2
Petr Šabata 81d24c
- Fix TTY handling for SELinux
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Aug 24 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-1
Petr Šabata 81d24c
- Update to upstream
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sun Aug 1 2004 Alan Cox <alan@redhat.com> 3.8.1p1-5
Petr Šabata 81d24c
- Apply buildreq fixup patch (#125296)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jun 15 2004 Daniel Walsh <dwalsh@redhat.com> 3.8.1p1-4
Petr Šabata 81d24c
- Clean up patch for upstream submission.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
Petr Šabata 81d24c
- rebuilt
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jun 9 2004 Daniel Walsh <dwalsh@redhat.com> 3.8.1p1-2
Petr Šabata 81d24c
- Remove use of pam_selinux and patch selinux in directly.  
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jun  7 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-1
Petr Šabata 81d24c
- request gssapi-with-mic by default but not delegation (flag day for anyone
Petr Šabata 81d24c
  who used previous gssapi patches)
Petr Šabata 81d24c
- no longer request x11 forwarding by default
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jun 3 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-36
Petr Šabata 81d24c
- Change pam file to use open and close with pam_selinux
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jun  1 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-0
Petr Šabata 81d24c
- update to 3.8.1p1
Petr Šabata 81d24c
- add workaround from CVS to reintroduce passwordauth using pam
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jun 1 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-35
Petr Šabata 81d24c
- Remove CLOSEXEC on STDERR
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Mar 16 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-34
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Mar 03 2004 Phil Knirsch <pknirsch@redhat.com> 3.6.1p2-33.30.1
Petr Šabata 81d24c
- Built RHLE3 U2 update package.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Mar 3 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-33
Petr Šabata 81d24c
- Close file descriptors on exec 
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Mar  1 2004 Thomas Woerner <twoerner@redhat.com> 3.6.1p2-32
Petr Šabata 81d24c
- fixed pie build
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Feb 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-31
Petr Šabata 81d24c
- Add restorecon to startup scripts
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Feb 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-30
Petr Šabata 81d24c
- Add multiple qualified to openssh
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 23 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-29
Petr Šabata 81d24c
- Eliminate selinux code and use pam_selinux
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
Petr Šabata 81d24c
- rebuilt
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jan 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-27
Petr Šabata 81d24c
- turn off pie on ppc
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jan 26 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-26
Petr Šabata 81d24c
- fix is_selinux_enabled
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jan 14 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-25
Petr Šabata 81d24c
- Rebuild to grab shared libselinux
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Dec 3 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-24
Petr Šabata 81d24c
- turn on selinux
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Nov 18 2003 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- un#ifdef out code for reporting password expiration in non-privsep
Petr Šabata 81d24c
  mode (#83585)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Nov 10 2003 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- add machinery to build with/without -fpie/-pie, default to doing so
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Nov 06 2003 David Woodhouse <dwmw2@redhat.com> 3.6.1p2-23
Petr Šabata 81d24c
- Don't whinge about getsockopt failing (#109161)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Oct 24 2003 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- add missing buildprereq on zlib-devel (#104558)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Oct 13 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-22
Petr Šabata 81d24c
- turn selinux off
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Oct 13 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-21.sel
Petr Šabata 81d24c
- turn selinux on
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Sep 19 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-21
Petr Šabata 81d24c
- turn selinux off
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Sep 19 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-20.sel
Petr Šabata 81d24c
- turn selinux on
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Sep 19 2003 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- additional fix for apparently-never-happens double-free in buffer_free()
Petr Šabata 81d24c
- extend fix for #103998 to cover SSH1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-19
Petr Šabata 81d24c
- rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-18
Petr Šabata 81d24c
- additional buffer manipulation cleanups from Solar Designer
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep 17 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-17
Petr Šabata 81d24c
- turn selinux off
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep 17 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-16.sel
Petr Šabata 81d24c
- turn selinux on
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Sep 16 2003 Bill Nottingham <notting@redhat.com> 3.6.1p2-15
Petr Šabata 81d24c
- rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Sep 16 2003 Bill Nottingham <notting@redhat.com> 3.6.1p2-14
Petr Šabata 81d24c
- additional buffer manipulation fixes (CAN-2003-0695)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Sep 16 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-13.sel
Petr Šabata 81d24c
- turn selinux on
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Sep 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-12
Petr Šabata 81d24c
- rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Sep 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-11
Petr Šabata 81d24c
- apply patch to store the correct buffer size in allocated buffers
Petr Šabata 81d24c
  (CAN-2003-0693)
Petr Šabata 81d24c
- skip the initial PAM authentication attempt with an empty password if
Petr Šabata 81d24c
  empty passwords are not permitted in our configuration (#103998)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Sep 5 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-10
Petr Šabata 81d24c
- turn selinux off
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Sep 5 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-9.sel
Petr Šabata 81d24c
- turn selinux on
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Aug 26 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-8
Petr Šabata 81d24c
- Add BuildPreReq gtk2-devel if gtk2
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Aug 12 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-7
Petr Šabata 81d24c
- rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Aug 12 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-6
Petr Šabata 81d24c
- modify patch which clears the supplemental group list at startup to only
Petr Šabata 81d24c
  complain if setgroups() fails if sshd has euid == 0
Petr Šabata 81d24c
- handle krb5 installed in %%{_prefix} or elsewhere by using krb5-config
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jul 28 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-5
Petr Šabata 81d24c
- Add SELinux patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jul 22 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-4
Petr Šabata 81d24c
- rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jul 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-3
Petr Šabata 81d24c
- rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jul 16 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-2
Petr Šabata 81d24c
- rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jun  5 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-1
Petr Šabata 81d24c
- update to 3.6.1p2
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
Petr Šabata 81d24c
6 rebuilt
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Mar 24 2003 Florian La Roche <Florian.LaRoche@redhat.de>
Petr Šabata 81d24c
- add patch for getsockopt() call to work on bigendian 64bit archs
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Feb 14 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-6
Petr Šabata 81d24c
- move scp to the -clients subpackage, because it directly depends on ssh
Petr Šabata 81d24c
  which is also in -clients (#84329)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-5
Petr Šabata 81d24c
- rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
Petr Šabata 81d24c
- rebuilt
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jan  7 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-3
Petr Šabata 81d24c
- rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Nov 12 2002 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-2
Petr Šabata 81d24c
- patch PAM configuration to use relative path names for the modules, allowing
Petr Šabata 81d24c
  us to not worry about which arch the modules are built for on multilib systems
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Oct 15 2002 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-1
Petr Šabata 81d24c
- update to 3.5p1, merging in filelist/perm changes from the upstream spec
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Oct  4 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-3
Petr Šabata 81d24c
- merge
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Sep 12 2002  Than Ngo <than@redhat.com> 3.4p1-2.1
Petr Šabata 81d24c
- fix to build on multilib systems
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Aug 29 2002 Curtis Zinzilieta <curtisz@redhat.com> 3.4p1-2gss
Petr Šabata 81d24c
- added gssapi patches and uncommented patch here
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Aug 14 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-2
Petr Šabata 81d24c
- pull patch from CVS to fix too-early free in ssh-keysign (#70009)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jun 27 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-1
Petr Šabata 81d24c
- 3.4p1
Petr Šabata 81d24c
- drop anon mmap patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jun 25 2002 Nalin Dahyabhai <nalin@redhat.com> 3.3p1-2
Petr Šabata 81d24c
- rework the close-on-exit docs
Petr Šabata 81d24c
- include configuration file man pages
Petr Šabata 81d24c
- make use of nologin as the privsep shell optional
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jun 24 2002 Nalin Dahyabhai <nalin@redhat.com> 3.3p1-1
Petr Šabata 81d24c
- update to 3.3p1
Petr Šabata 81d24c
- merge in spec file changes from upstream (remove setuid from ssh, ssh-keysign)
Petr Šabata 81d24c
- disable gtk2 askpass
Petr Šabata 81d24c
- require pam-devel by filename rather than by package for erratum
Petr Šabata 81d24c
- include patch from Solar Designer to work around anonymous mmap failures
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
Petr Šabata 81d24c
- automated rebuild
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jun  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-3
Petr Šabata 81d24c
- don't require autoconf any more
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri May 31 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-2
Petr Šabata 81d24c
- build gnome-ssh-askpass with gtk2
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue May 28 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-1
Petr Šabata 81d24c
- update to 3.2.3p1
Petr Šabata 81d24c
- merge in spec file changes from upstream
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.2p1-1
Petr Šabata 81d24c
- update to 3.2.2p1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-4
Petr Šabata 81d24c
- drop buildreq on db1-devel
Petr Šabata 81d24c
- require pam-devel by package name
Petr Šabata 81d24c
- require autoconf instead of autoconf253 again
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Apr  2 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-3
Petr Šabata 81d24c
- pull patch from CVS to avoid printing error messages when some of the
Petr Šabata 81d24c
  default keys aren't available when running ssh-add
Petr Šabata 81d24c
- refresh to current revisions of Simon's patches
Petr Šabata 81d24c
 
Petr Šabata 81d24c
* Thu Mar 21 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2gss
Petr Šabata 81d24c
- reintroduce Simon's gssapi patches
Petr Šabata 81d24c
- add buildprereq for autoconf253, which is needed to regenerate configure
Petr Šabata 81d24c
  after applying the gssapi patches
Petr Šabata 81d24c
- refresh to the latest version of Markus's patch to build properly with
Petr Šabata 81d24c
  older versions of OpenSSL
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2
Petr Šabata 81d24c
- bump and grind (through the build system)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1
Petr Šabata 81d24c
- require sharutils for building (mindrot #137)
Petr Šabata 81d24c
- require db1-devel only when building for 6.x (#55105), which probably won't
Petr Šabata 81d24c
  work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
Petr Šabata 81d24c
- require pam-devel by file (not by package name) again
Petr Šabata 81d24c
- add Markus's patch to compile with OpenSSL 0.9.5a (from
Petr Šabata 81d24c
  http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
Petr Šabata 81d24c
  building for 6.x
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar  7 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0
Petr Šabata 81d24c
- update to 3.1p1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Mar  5 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305
Petr Šabata 81d24c
- update to SNAP-20020305
Petr Šabata 81d24c
- drop debug patch, fixed upstream
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220
Petr Šabata 81d24c
- update to SNAP-20020220 for testing purposes (you've been warned, if there's
Petr Šabata 81d24c
  anything to be warned about, gss patches won't apply, I don't mind)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Feb 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3
Petr Šabata 81d24c
- add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
Petr Šabata 81d24c
  exchange, authentication, and named key support
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jan 23 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2
Petr Šabata 81d24c
- remove dependency on db1-devel, which has just been swallowed up whole
Petr Šabata 81d24c
  by gnome-libs-devel
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sat Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- adjust build dependencies so that build6x actually works right (fix
Petr Šabata 81d24c
  from Hugo van der Kooij)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Dec  4 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1
Petr Šabata 81d24c
- update to 3.0.2p1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Nov 16 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1
Petr Šabata 81d24c
- update to 3.0.1p1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Nov 13 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- update to current CVS (not for use in distribution)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Nov  8 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1
Petr Šabata 81d24c
- merge some of Damien Miller <djm@mindrot.org> changes from the upstream
Petr Šabata 81d24c
  3.0p1 spec file and init script
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Nov  7 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- update to 3.0p1
Petr Šabata 81d24c
- update to x11-ssh-askpass 1.2.4.1
Petr Šabata 81d24c
- change build dependency on a file from pam-devel to the pam-devel package
Petr Šabata 81d24c
- replace primes with moduli
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9
Petr Šabata 81d24c
- incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Sep 13 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8
Petr Šabata 81d24c
- Merge changes to rescue build from current sysadmin survival cd
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Sep  6 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7
Petr Šabata 81d24c
- fix scp's server's reporting of file sizes, and build with the proper
Petr Šabata 81d24c
  preprocessor define to get large-file capable open(), stat(), etc.
Petr Šabata 81d24c
  (sftp has been doing this correctly all along) (#51827)
Petr Šabata 81d24c
- configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
Petr Šabata 81d24c
- pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
Petr Šabata 81d24c
- mark profile.d scriptlets as config files (#42337)
Petr Šabata 81d24c
- refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
Petr Šabata 81d24c
- change a couple of log() statements to debug() statements (#50751)
Petr Šabata 81d24c
- pull cvs patch to add -t flag to sshd (#28611)
Petr Šabata 81d24c
- clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Aug 20 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6
Petr Šabata 81d24c
- add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Aug 16 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- pull cvs patch to fix remote port forwarding with protocol 2
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Aug  9 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- pull cvs patch to add session initialization to no-pty sessions
Petr Šabata 81d24c
- pull cvs patch to not cut off challengeresponse auth needlessly
Petr Šabata 81d24c
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
Petr Šabata 81d24c
  it by default on a system that doesn't have X installed (#49263)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Aug  8 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Aug  6 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- pass OPTIONS correctly to initlog (#50151)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- switch to x11-ssh-askpass 1.2.2
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- rebuild in new environment
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- disable the gssapi patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jun 18 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- update to 2.9p2
Petr Šabata 81d24c
- refresh to a new version of the gssapi patch
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jun  7 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- change Copyright: BSD to License: BSD
Petr Šabata 81d24c
- add Markus Friedl's unverified patch for the cookie file deletion problem
Petr Šabata 81d24c
  so that we can verify it
Petr Šabata 81d24c
- drop patch to check if xauth is present (was folded into cookie patch)
Petr Šabata 81d24c
- don't apply gssapi patches for the errata candidate
Petr Šabata 81d24c
- clear supplemental groups list at startup
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- fix an error parsing the new default sshd_config
Petr Šabata 81d24c
- add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
Petr Šabata 81d24c
  dealing with comments right
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu May 24 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
Petr Šabata 81d24c
  to be removed before the next beta cycle because it's a big departure
Petr Šabata 81d24c
  from the upstream version
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu May  3 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- finish marking strings in the init script for translation
Petr Šabata 81d24c
- modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
Petr Šabata 81d24c
  at startup (change merged from openssh.com init script, originally by
Petr Šabata 81d24c
  Pekka Savola)
Petr Šabata 81d24c
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
Petr Šabata 81d24c
  it by default on a system that doesn't have X installed
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed May  2 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- update to 2.9
Petr Šabata 81d24c
- drop various patches that came from or went upstream or to or from CVS
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Apr 18 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sun Apr  8 2001 Preston Brown <pbrown@redhat.com>
Petr Šabata 81d24c
- remove explicit openssl requirement, fixes builddistro issue
Petr Šabata 81d24c
- make initscript stop() function wait until sshd really dead to avoid 
Petr Šabata 81d24c
  races in condrestart
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Apr  2 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- mention that challengereponse supports PAM, so disabling password doesn't
Petr Šabata 81d24c
  limit users to pubkey and rsa auth (#34378)
Petr Šabata 81d24c
- bypass the daemon() function in the init script and call initlog directly,
Petr Šabata 81d24c
  because daemon() won't start a daemon it detects is already running (like
Petr Šabata 81d24c
  open connections)
Petr Šabata 81d24c
- require the version of openssl we had when we were built
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- make do_pam_setcred() smart enough to know when to establish creds and
Petr Šabata 81d24c
  when to reinitialize them
Petr Šabata 81d24c
- add in a couple of other fixes from Damien for inclusion in the errata
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Mar 22 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- update to 2.5.2p2
Petr Šabata 81d24c
- call setcred() again after initgroups, because the "creds" could actually
Petr Šabata 81d24c
  be group memberships
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Mar 20 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
Petr Šabata 81d24c
- don't enable challenge-response by default until we find a way to not
Petr Šabata 81d24c
  have too many userauth requests (we may make up to six pubkey and up to
Petr Šabata 81d24c
  three password attempts as it is)
Petr Šabata 81d24c
- remove build dependency on rsh to match openssh.com's packages more closely
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sat Mar  3 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- remove dependency on openssl -- would need to be too precise
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Mar  2 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- rebuild in new environment
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 26 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Revert the patch to move pam_open_session.
Petr Šabata 81d24c
- Init script and spec file changes from Pekka Savola. (#28750)
Petr Šabata 81d24c
- Patch sftp to recognize '-o protocol' arguments. (#29540)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Feb 22 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Chuck the closing patch.
Petr Šabata 81d24c
- Add a trigger to add host keys for protocol 2 to the config file, now that
Petr Šabata 81d24c
  configuration file syntax requires us to specify it with HostKey if we
Petr Šabata 81d24c
  specify any other HostKey values, which we do.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Redo patch to move pam_open_session after the server setuid()s to the user.
Petr Šabata 81d24c
- Rework the nopam patch to use be picked up by autoconf.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Feb 19 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Update for 2.5.1p1.
Petr Šabata 81d24c
- Add init script mods from Pekka Savola.
Petr Šabata 81d24c
- Tweak the init script to match the CVS contrib script more closely.
Petr Šabata 81d24c
- Redo patch to ssh-add to try to adding both identity and id_dsa to also try
Petr Šabata 81d24c
  adding id_rsa.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Feb 16 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Update for 2.5.0p1.
Petr Šabata 81d24c
- Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
Petr Šabata 81d24c
- Resync with parts of Damien Miller's openssh.spec from CVS, including
Petr Šabata 81d24c
  update of x11 askpass to 1.2.0.
Petr Šabata 81d24c
- Only require openssl (don't prereq) because we generate keys in the init
Petr Šabata 81d24c
  script now.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Feb 13 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Don't open a PAM session until we've forked and become the user (#25690).
Petr Šabata 81d24c
- Apply Andrew Bartlett's patch for letting pam_authenticate() know which
Petr Šabata 81d24c
  host the user is attempting a login from.
Petr Šabata 81d24c
- Resync with parts of Damien Miller's openssh.spec from CVS.
Petr Šabata 81d24c
- Don't expose KbdInt responses in debug messages (from CVS).
Petr Šabata 81d24c
- Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Feb  7 2001 Trond Eivind Glomsrxd <teg@redhat.com>
Petr Šabata 81d24c
- i18n-tweak to initscript.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- More gettextizing.
Petr Šabata 81d24c
- Close all files after going into daemon mode (needs more testing).
Petr Šabata 81d24c
- Extract patch from CVS to handle auth banners (in the client).
Petr Šabata 81d24c
- Extract patch from CVS to handle compat weirdness.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Finish with the gettextizing.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jan 18 2001 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Fix a bug in auth2-pam.c (#23877)
Petr Šabata 81d24c
- Gettextize the init script.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Incorporate a switch for using PAM configs for 6.x, just in case.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Dec  5 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Incorporate Bero's changes for a build specifically for rescue CDs.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
Petr Šabata 81d24c
  succeeded, to allow public-key authentication after a failure with "none"
Petr Šabata 81d24c
  authentication.  (#21268)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Update to x11-askpass 1.1.1. (#21301)
Petr Šabata 81d24c
- Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Merge multiple PAM text messages into subsequent prompts when possible when
Petr Šabata 81d24c
  doing keyboard-interactive authentication.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sun Nov 26 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Disable the built-in MD5 password support.  We're using PAM.
Petr Šabata 81d24c
- Take a crack at doing keyboard-interactive authentication with PAM, and
Petr Šabata 81d24c
  enable use of it in the default client configuration so that the client
Petr Šabata 81d24c
  will try it when the server disallows password authentication.
Petr Šabata 81d24c
- Build with debugging flags.  Build root policies strip all binaries anyway.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Use DESTDIR instead of %%makeinstall.
Petr Šabata 81d24c
- Remove /usr/X11R6/bin from the path-fixing patch.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Nov 20 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Add the primes file from the latest snapshot to the main package (#20884).
Petr Šabata 81d24c
- Add the dev package to the prereq list (#19984).
Petr Šabata 81d24c
- Remove the default path and mimic login's behavior in the server itself.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Nov 17 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Resync with conditional options in Damien Miller's .spec file for an errata.
Petr Šabata 81d24c
- Change libexecdir from %%{_libexecdir}/ssh to %%{_libexecdir}/openssh.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Nov  7 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Update to OpenSSH 2.3.0p1.
Petr Šabata 81d24c
- Update to x11-askpass 1.1.0.
Petr Šabata 81d24c
- Enable keyboard-interactive authentication.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Update to ssh-askpass-x11 1.0.3.
Petr Šabata 81d24c
- Change authentication related messages to be private (#19966).
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Oct 10 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Patch ssh-keygen to be able to list signatures for DSA public key files
Petr Šabata 81d24c
  it generates.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Oct  5 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always
Petr Šabata 81d24c
  build PAM authentication in.
Petr Šabata 81d24c
- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
Petr Šabata 81d24c
- Clean out no-longer-used patches.
Petr Šabata 81d24c
- Patch ssh-add to try to add both identity and id_dsa, and to error only
Petr Šabata 81d24c
  when neither exists.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Oct  2 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Update x11-askpass to 1.0.2. (#17835)
Petr Šabata 81d24c
- Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will
Petr Šabata 81d24c
  always find them in the right place. (#17909)
Petr Šabata 81d24c
- Set the default path to be the same as the one supplied by /bin/login, but
Petr Šabata 81d24c
  add /usr/X11R6/bin. (#17909)
Petr Šabata 81d24c
- Try to handle obsoletion of ssh-server more cleanly.  Package names
Petr Šabata 81d24c
  are different, but init script name isn't. (#17865)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Sep  6 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Update to 2.2.0p1. (#17835)
Petr Šabata 81d24c
- Tweak the init script to allow proper restarting. (#18023)
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Aug 23 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Update to 20000823 snapshot.
Petr Šabata 81d24c
- Change subpackage requirements from %%{version} to %%{version}-%%{release}
Petr Šabata 81d24c
- Back out the pipe patch.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Jul 17 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Update to 2.1.1p4, which includes fixes for config file parsing problems.
Petr Šabata 81d24c
- Move the init script back.
Petr Šabata 81d24c
- Add Damien's quick fix for wackiness.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jul 12 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jul  6 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Move condrestart to server postun.
Petr Šabata 81d24c
- Move key generation to init script.
Petr Šabata 81d24c
- Actually use the right patch for moving the key generation to the init script.
Petr Šabata 81d24c
- Clean up the init script a bit.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Jul  5 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sun Jul  2 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Update to 2.1.1p2.
Petr Šabata 81d24c
- Use of strtok() considered harmful.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sat Jul  1 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Get the build root out of the man pages.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Add and use condrestart support in the init script.
Petr Šabata 81d24c
- Add newer initscripts as a prereq.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Jun 27 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Build in new environment (release 2)
Petr Šabata 81d24c
- Move -clients subpackage to Applications/Internet group
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Jun  9 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Update to 2.2.1p1
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sat Jun  3 2000 Nalin Dahyabhai <nalin@redhat.com>
Petr Šabata 81d24c
- Patch to build with neither RSA nor RSAref.
Petr Šabata 81d24c
- Miscellaneous FHS-compliance tweaks.
Petr Šabata 81d24c
- Fix for possibly-compressed man pages.
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
Petr Šabata 81d24c
- Updated for new location
Petr Šabata 81d24c
- Updated for new gnome-ssh-askpass build
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
Petr Šabata 81d24c
- Added Jim Knoble's <jmknoble@pobox.com> askpass
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
Petr Šabata 81d24c
- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
Petr Šabata 81d24c
- Added 'Obsoletes' directives
Petr Šabata 81d24c
Petr Šabata 81d24c
* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
Petr Šabata 81d24c
- Use make install
Petr Šabata 81d24c
- Subpackages
Petr Šabata 81d24c
Petr Šabata 81d24c
* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
Petr Šabata 81d24c
- Added links for slogin
Petr Šabata 81d24c
- Fixed perms on manpages
Petr Šabata 81d24c
Petr Šabata 81d24c
* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
Petr Šabata 81d24c
- Renamed init script
Petr Šabata 81d24c
Petr Šabata 81d24c
* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
Petr Šabata 81d24c
- Back to old binary names
Petr Šabata 81d24c
Petr Šabata 81d24c
* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
Petr Šabata 81d24c
- Use autoconf
Petr Šabata 81d24c
- New binary names
Petr Šabata 81d24c
Petr Šabata 81d24c
* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
Petr Šabata 81d24c
- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.