]>
git.pld-linux.org Git - packages/openssh.git/log
Arkadiusz Miśkiewicz [Sun, 16 Mar 2014 21:23:30 +0000 (22:23 +0100)]
-up to 6.6p1
Jacek Konieczny [Thu, 6 Mar 2014 12:10:49 +0000 (13:10 +0100)]
fix the --without ldap bcond
Arkadiusz Miśkiewicz [Sun, 2 Mar 2014 07:35:45 +0000 (08:35 +0100)]
- rel 2; generate
ed25519 server key
Arkadiusz Miśkiewicz [Fri, 28 Feb 2014 21:39:31 +0000 (22:39 +0100)]
Update to 6.5p1. krb patch dropped since its dead code when used with
heimdal. Drop blacklist patch (it's ancient version) and we don't
really care that much about blacklisting debian bad keys.
Jan Rękorajski [Wed, 5 Feb 2014 20:23:08 +0000 (21:23 +0100)]
- updated kuserok patch
Arkadiusz Miśkiewicz [Mon, 3 Feb 2014 20:44:12 +0000 (21:44 +0100)]
- up to 6.5p1 but blacklist/krb patches need decision
Elan Ruusamäe [Mon, 27 Jan 2014 18:40:38 +0000 (20:40 +0200)]
use pidfile in status
Jan Rękorajski [Sun, 19 Jan 2014 19:54:23 +0000 (20:54 +0100)]
- release 3 (by relup.sh)
Elan Ruusamäe [Wed, 20 Nov 2013 13:40:49 +0000 (15:40 +0200)]
-server-ldap requires openldap-nss-config for /etc/ldap.conf
Arkadiusz Miśkiewicz [Sat, 9 Nov 2013 16:13:03 +0000 (17:13 +0100)]
- up 6.4p1; fixes SECURITY issue http://www.openssh.com/txt/gcmrekey.adv (affects installations with restricted users/commands)
Elan Ruusamäe [Sat, 2 Nov 2013 16:53:58 +0000 (18:53 +0200)]
rel 2
Elan Ruusamäe [Sat, 2 Nov 2013 16:53:42 +0000 (18:53 +0200)]
ignore SIGPIPE from ldap-helper. ssh server does not read whole input if matching key is found
Elan Ruusamäe [Sat, 2 Nov 2013 15:29:15 +0000 (17:29 +0200)]
remove server depending on -ldap. long overdue
Elan Ruusamäe [Sat, 2 Nov 2013 15:14:51 +0000 (17:14 +0200)]
pass/sendenv: send XMODIFIERS
Elan Ruusamäe [Sat, 2 Nov 2013 15:09:00 +0000 (17:09 +0200)]
updated rebased ldap patch from fedora (adds AccountClass ldap.conf param)
Elan Ruusamäe [Sat, 2 Nov 2013 15:04:18 +0000 (17:04 +0200)]
rename ldap patch unversioned
Elan Ruusamäe [Sat, 2 Nov 2013 14:57:11 +0000 (16:57 +0200)]
sshd_config: add sample for CheckHostIP no in Host *.local
Arkadiusz Miśkiewicz [Tue, 22 Oct 2013 17:19:10 +0000 (19:19 +0200)]
- up to 6.3p1; heimdal patch dropped (krb users please verify this)
Kacper Kornet [Mon, 21 Oct 2013 07:28:24 +0000 (08:28 +0100)]
pass only some GIT_ variables
Passing GIT_* variables can break some packages like gitolite (see
gitolite-env.patch) and gitolite3. Therefore pass only the ones which
are used by some developers and should be safe.
Elan Ruusamäe [Wed, 3 Jul 2013 12:01:23 +0000 (15:01 +0300)]
noarch openldap schema package
Elan Ruusamäe [Fri, 31 May 2013 18:43:18 +0000 (21:43 +0300)]
move sshd startup to 22
Elan Ruusamäe [Thu, 30 May 2013 09:02:13 +0000 (12:02 +0300)]
same problem with server too:
$ ssh builderth32
ssh_exchange_identification: Connection closed by remote host
May 30 12:01:42 builderth32 sshd[3001]: fatal: OpenSSL version mismatch. Built against
1000007f , you have
1000105f
Elan Ruusamäe [Thu, 30 May 2013 08:29:15 +0000 (11:29 +0300)]
lock down to openssl version used at compile time to avoid fatal error
$ ssh localhost
OpenSSL version mismatch. Built against
1000008f , you have
1000105f
$ rpm -q --blink openssl openssh-clients
openssl-1.0.1e-1.x86_64.rpm
<= openssl-1.0.0j-1.x86_64.rpm
openssh-clients-5.9p1-9.x86_64.rpm
<= openssh-clients-5.9p1-8.x86_64.rpm
similar to neon fix:
http://git.pld-linux.org/?p=packages/neon.git;a=commitdiff;h=
00c6dbc2309d9d93db6a6f469fc8516981bdb405
openssh-6.2p2/entropy.c reads:
void
seed_rng(void)
{
#ifndef OPENSSL_PRNG_ONLY
unsigned char buf[RANDOM_SEED_SIZE];
#endif
/*
* OpenSSL version numbers: MNNFFPPS: major minor fix patch status
* We match major, minor, fix and status (not patch) for <1.0.0.
* After that, we acceptable compatible fix versions (so we
* allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
* within a patch series.
*/
u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
(SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
fatal("OpenSSL version mismatch. Built against %lx, you "
"have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
Kacper Kornet [Mon, 20 May 2013 21:04:30 +0000 (22:04 +0100)]
- up to 6.2p2
Andrzej Zawadzki [Tue, 14 May 2013 14:23:39 +0000 (16:23 +0200)]
- add support for recording user's login uid to the process attribute
Arkadiusz Miśkiewicz [Sat, 23 Mar 2013 08:24:32 +0000 (09:24 +0100)]
- up to 6.2p1
Elan Ruusamäe [Sat, 16 Feb 2013 19:07:28 +0000 (21:07 +0200)]
suggest xauth in server package as well
Marcin Banasiak [Thu, 14 Feb 2013 11:26:13 +0000 (12:26 +0100)]
Apply -disable_ldap.patch only when building without ldap
Jacek Konieczny [Mon, 29 Oct 2012 14:44:29 +0000 (15:44 +0100)]
one more 'ldap' bcond fix
Jacek Konieczny [Mon, 29 Oct 2012 14:04:50 +0000 (15:04 +0100)]
without_ldap bcond fixed
--with-ldap=no is not enough any more :-(
Jan Rękorajski [Sun, 21 Oct 2012 22:14:54 +0000 (00:14 +0200)]
- remove passwd.conf manipulation from post, passwd does not have
support for changing pam service suffix for a long time now
- rel 2
Jakub Bogusz [Sat, 22 Sep 2012 18:02:32 +0000 (20:02 +0200)]
- require non-buggy zlib
Arkadiusz Miśkiewicz [Sun, 2 Sep 2012 21:19:40 +0000 (23:19 +0200)]
- up to 6.1p1
Elan Ruusamäe [Sun, 2 Sep 2012 07:33:53 +0000 (10:33 +0300)]
omg, somebody put spaces/tabs before Lpk directives; workaround
Elan Ruusamäe [Sun, 10 Jun 2012 21:08:41 +0000 (21:08 +0000)]
- tests need sshd user, require server package for that
Changed files:
openssh.spec -> 1.386
Elan Ruusamäe [Sun, 10 Jun 2012 20:47:34 +0000 (20:47 +0000)]
- package systemd socket activation files (do not enable)
Changed files:
openssh.spec -> 1.385
Jan Rękorajski [Fri, 27 Apr 2012 16:24:02 +0000 (16:24 +0000)]
- move systemd banner to trigger
Changed files:
openssh.spec -> 1.384
Arkadiusz Miśkiewicz [Tue, 24 Apr 2012 05:32:51 +0000 (05:32 +0000)]
- up to 6.0p1
Changed files:
openssh.spec -> 1.383
Jan Rękorajski [Tue, 17 Apr 2012 17:46:36 +0000 (17:46 +0000)]
- rel 9
- better systemd deps
Changed files:
openssh.spec -> 1.382
Arkadiusz Miśkiewicz [Mon, 20 Feb 2012 21:54:07 +0000 (21:54 +0000)]
- run test suite
Changed files:
openssh.spec -> 1.381
Jan Rękorajski [Sun, 12 Feb 2012 12:47:18 +0000 (12:47 +0000)]
- rel 8
- added systemd native service, with a BIG FAT WARNING
- R pam with pam_systemd enabled
- don't do install time parsing in prep
Changed files:
openssh.spec -> 1.380
Jan Rękorajski [Sun, 12 Feb 2012 11:40:28 +0000 (11:40 +0000)]
- kill only the main process on service stop/restart, not entire cgroup
Changed files:
sshd.service -> 1.3
Jan Rękorajski [Sun, 12 Feb 2012 10:47:25 +0000 (10:47 +0000)]
- sshd-keygen in libexecdir
Changed files:
sshd.service -> 1.2
Jan Rękorajski [Sun, 12 Feb 2012 10:43:44 +0000 (10:43 +0000)]
- systemd service files for on-demand sshd server
Changed files:
sshd.socket -> 1.1
sshd@.service -> 1.1
Jan Rękorajski [Sun, 12 Feb 2012 10:43:20 +0000 (10:43 +0000)]
- systemd service files
Changed files:
sshd-keygen -> 1.1
sshd.service -> 1.1
Arkadiusz Miśkiewicz [Sat, 12 Nov 2011 10:43:14 +0000 (10:43 +0000)]
- rel 7; when ipv6 sockets are allowed to be created (AF_INET6 is supported) sshd tries to bind to ::1, too which may be unavailable (for example in vserver guests or when net.ipv6.conf.all.disable_ipv6=1) - skip af family then
Changed files:
openssh-bind.patch -> 1.1
openssh.spec -> 1.379
Elan Ruusamäe [Sat, 8 Oct 2011 14:34:38 +0000 (14:34 +0000)]
- init keys in pre-start
Changed files:
opensshd.upstart -> 1.8
Elan Ruusamäe [Sat, 8 Oct 2011 14:34:22 +0000 (14:34 +0000)]
- useful bits from ubuntu
Changed files:
opensshd.upstart -> 1.7
Jakub Bogusz [Fri, 30 Sep 2011 17:24:10 +0000 (17:24 +0000)]
- pl for -server-ldap
- audit enabled by default
- release 6
Changed files:
openssh.spec -> 1.378
Arkadiusz Miśkiewicz [Thu, 29 Sep 2011 17:33:17 +0000 (17:33 +0000)]
- rel 5; epoch in dep
Changed files:
openssh.spec -> 1.377
Elan Ruusamäe [Thu, 29 Sep 2011 09:37:38 +0000 (09:37 +0000)]
- move ldap files to -server-ldap, currently required by server package for migration
Changed files:
openssh.spec -> 1.376
Elan Ruusamäe [Wed, 28 Sep 2011 22:19:59 +0000 (22:19 +0000)]
- release 3
Changed files:
openssh.spec -> 1.375
Elan Ruusamäe [Wed, 28 Sep 2011 22:15:31 +0000 (22:15 +0000)]
- fix ssh-ldap-helper path
- always apply ldap patches, other patches depend on them, yet without ldap bcond does not exactly work
Changed files:
openssh.spec -> 1.374
Elan Ruusamäe [Wed, 28 Sep 2011 22:07:13 +0000 (22:07 +0000)]
- from https://bugzilla.mindrot.org/show_bug.cgi?id=1663#c21
Changed files:
authorized-keys-command.patch -> 1.1
Elan Ruusamäe [Wed, 28 Sep 2011 22:04:27 +0000 (22:04 +0000)]
- use /etc/ldap.conf, not another copy of ldap.conf
Changed files:
ldap.conf.patch -> 1.1
openssh.spec -> 1.373
Elan Ruusamäe [Wed, 28 Sep 2011 21:45:52 +0000 (21:45 +0000)]
- fixing lpk trigger caps
Changed files:
openssh.spec -> 1.372
Elan Ruusamäe [Wed, 28 Sep 2011 21:42:53 +0000 (21:42 +0000)]
- fix epoch in trigger
Changed files:
openssh.spec -> 1.371
Elan Ruusamäe [Wed, 28 Sep 2011 21:40:32 +0000 (21:40 +0000)]
- add authorized-keys-command.patch, needed for ldap support to work at all
Changed files:
openssh-5.8p1-authorized-keys-command.patch -> 1.1
openssh-blacklist.diff -> 1.11
openssh.spec -> 1.370
Elan Ruusamäe [Wed, 28 Sep 2011 21:26:40 +0000 (21:26 +0000)]
- LPK -> LDAP patch trigger, nfy
Changed files:
openssh.spec -> 1.369
Arkadiusz Miśkiewicz [Fri, 16 Sep 2011 17:24:39 +0000 (17:24 +0000)]
- release 2
Changed files:
openssh.spec -> 1.368
Jakub Bogusz [Fri, 16 Sep 2011 16:36:44 +0000 (16:36 +0000)]
- restored selinux support
- added audit support (bcond, default off for now, to be enabled)
Changed files:
openssh.spec -> 1.367
Arkadiusz Miśkiewicz [Sun, 11 Sep 2011 06:47:53 +0000 (06:47 +0000)]
- rel 1; replace lpk patch with maintained fedora ldap patch
Changed files:
openssh-5.9p1-ldap-fixes.patch -> 1.1
openssh-5.9p1-ldap.patch -> 1.1
openssh-blacklist.diff -> 1.10
openssh-lpk.patch -> 1.8
openssh.spec -> 1.366
Arkadiusz Miśkiewicz [Tue, 6 Sep 2011 17:58:54 +0000 (17:58 +0000)]
- up to 5.9p1 (lpk patch needs update; builds --without ldap only for now)
Changed files:
openssh-blacklist.diff -> 1.9
openssh-heimdal.patch -> 1.17
openssh-include.patch -> 1.2
openssh-kuserok.patch -> 1.3
openssh-lpk.patch -> 1.7
openssh-no_libnsl.patch -> 1.6
openssh-pam_misc.patch -> 1.4
openssh.spec -> 1.365
Jan Rękorajski [Tue, 2 Aug 2011 23:17:07 +0000 (23:17 +0000)]
- release 3
Changed files:
openssh.spec -> 1.364
Jacek Konieczny [Wed, 15 Jun 2011 12:11:53 +0000 (12:11 +0000)]
- SERVICE=syslog replaced with SERVICE_syslog=y in upstart job
- %upstart_post and %upstart_postun macro definitions removed (they are defined
in rpm-build-macros)
- Release: 2
Changed files:
openssh.spec -> 1.363
opensshd.upstart -> 1.6
Elan Ruusamäe [Tue, 3 May 2011 10:53:50 +0000 (10:53 +0000)]
- 5.8p2
Changed files:
openssh.spec -> 1.362
Elan Ruusamäe [Wed, 27 Apr 2011 20:49:22 +0000 (20:49 +0000)]
- disable ecdsa on ac (openssl lacks OPENSSL_HAS_ECC)
Changed files:
openssh.spec -> 1.361
opensshd.init -> 1.48
Elan Ruusamäe [Thu, 21 Apr 2011 06:20:30 +0000 (06:20 +0000)]
- typos
Changed files:
openssh.spec -> 1.360
Elan Ruusamäe [Wed, 20 Apr 2011 14:58:35 +0000 (14:58 +0000)]
- remove pam_keyinit on ac
Changed files:
openssh.spec -> 1.359
Jan Rękorajski [Tue, 19 Apr 2011 22:45:20 +0000 (22:45 +0000)]
- final, working solution to hardcoded kerberos credential cache,
now sshd honours default_cc_type and default_cc_name settings in krb5.conf
Changed files:
openssh-heimdal.patch -> 1.16
openssh.spec -> 1.358
Jan Rękorajski [Tue, 19 Apr 2011 20:37:18 +0000 (20:37 +0000)]
- off-by-one (: + \0)
Changed files:
openssh-heimdal.patch -> 1.15
Jan Rękorajski [Tue, 19 Apr 2011 20:23:48 +0000 (20:23 +0000)]
- typo
Changed files:
openssh-heimdal.patch -> 1.14
Jan Rękorajski [Tue, 19 Apr 2011 20:23:07 +0000 (20:23 +0000)]
- wrong ifdef
Changed files:
openssh-heimdal.patch -> 1.13
Jan Rękorajski [Tue, 19 Apr 2011 20:20:52 +0000 (20:20 +0000)]
- typo
Changed files:
openssh-heimdal.patch -> 1.12
Jan Rękorajski [Tue, 19 Apr 2011 20:19:14 +0000 (20:19 +0000)]
- don't hardcode credential cache type and name for heimdal (breaks KCM)
Changed files:
openssh-heimdal.patch -> 1.11
openssh.spec -> 1.357
Jan Rękorajski [Tue, 19 Apr 2011 12:12:55 +0000 (12:12 +0000)]
- rel 4
Changed files:
openssh.spec -> 1.356
Jan Rękorajski [Tue, 19 Apr 2011 12:10:06 +0000 (12:10 +0000)]
- resolve conflict with other patches
Changed files:
openssh-kuserok.patch -> 1.2
Jan Rękorajski [Tue, 19 Apr 2011 12:08:10 +0000 (12:08 +0000)]
- add option to disable looking for/at .k5login file
Changed files:
openssh-kuserok.patch -> 1.1
openssh.spec -> 1.355
Elan Ruusamäe [Sun, 20 Feb 2011 18:42:48 +0000 (18:42 +0000)]
- release 3
Changed files:
openssh.spec -> 1.354
Elan Ruusamäe [Sun, 20 Feb 2011 10:31:28 +0000 (10:31 +0000)]
- add oom -16
Changed files:
opensshd.upstart -> 1.5
Elan Ruusamäe [Sun, 20 Feb 2011 10:29:52 +0000 (10:29 +0000)]
- generate key in checkconfig, so upstart would get new ssh_host_ecdsa_key key on restart
Changed files:
opensshd.init -> 1.47
Elan Ruusamäe [Sat, 19 Feb 2011 16:06:03 +0000 (16:06 +0000)]
- add try-restart
Changed files:
opensshd.init -> 1.46
Arkadiusz Miśkiewicz [Sat, 5 Feb 2011 17:51:48 +0000 (17:51 +0000)]
- up to 5.8p1
Changed files:
openssh.spec -> 1.353
Elan Ruusamäe [Sat, 5 Feb 2011 09:53:16 +0000 (09:53 +0000)]
- gen keys also on reload (i.e upgrade to 5.7 should create ssh_host_ecdsa_key)
Changed files:
openssh.spec -> 1.352
opensshd.init -> 1.45
Elan Ruusamäe [Sat, 5 Feb 2011 09:51:59 +0000 (09:51 +0000)]
- upstart_controlled as early as possible (which is just after functions library loading)
Changed files:
opensshd.init -> 1.44
Elan Ruusamäe [Sat, 5 Feb 2011 09:51:11 +0000 (09:51 +0000)]
- formatting and cosmetics, unify actions order
Changed files:
opensshd.init -> 1.43
Elan Ruusamäe [Sat, 29 Jan 2011 15:11:52 +0000 (15:11 +0000)]
- use url to portable
Changed files:
openssh.spec -> 1.351
Elan Ruusamäe [Sat, 29 Jan 2011 15:02:58 +0000 (15:02 +0000)]
- revert; ssh-copy-id -i idfile hostname still works (mislooked something i suppose)
Changed files:
openssh.spec -> 1.350
ssh-copy-id-arg-fix.patch -> 1.2
Elan Ruusamäe [Sat, 29 Jan 2011 11:35:02 +0000 (11:35 +0000)]
- fix ssh-copy-id -i arg support
Changed files:
openssh.spec -> 1.349
ssh-copy-id-arg-fix.patch -> 1.1
Arkadiusz Miśkiewicz [Tue, 25 Jan 2011 18:21:33 +0000 (18:21 +0000)]
rel 3; Drop obsolete /proc/pid/oom_adj. New /proc/pid/oom_score_adj uses totally different values, so adjust val for it.
Changed files:
openssh.spec -> 1.348
opensshd.init -> 1.42
Arkadiusz Miśkiewicz [Mon, 24 Jan 2011 18:16:42 +0000 (18:16 +0000)]
- rel 2; generate /etc/ssh/ssh_host_ecdsa_key
Changed files:
openssh.spec -> 1.347
opensshd.init -> 1.41
Caleb Maclennan [Mon, 24 Jan 2011 15:44:15 +0000 (15:44 +0000)]
- Up to 5.7p1
- Removed selinux patch, applied upstream
- Updated heimdal and ldap patches
Changed files:
openssh-heimdal.patch -> 1.10
openssh-lpk.patch -> 1.6
openssh-selinux.patch -> 1.8
openssh.spec -> 1.346
Jan Rękorajski [Wed, 20 Oct 2010 10:57:08 +0000 (10:57 +0000)]
- rel 4
- sshd must be started after nfsfs (/usr over nfs)
Changed files:
openssh.spec -> 1.345
opensshd.init -> 1.40
Jan Rękorajski [Mon, 4 Oct 2010 17:49:51 +0000 (17:49 +0000)]
- rel 3
Changed files:
openssh.spec -> 1.344
Jakub Bogusz [Sun, 3 Oct 2010 08:57:24 +0000 (08:57 +0000)]
- dropped obsolete configure options
Changed files:
openssh.spec -> 1.343
Arkadiusz Miśkiewicz [Wed, 8 Sep 2010 18:41:35 +0000 (18:41 +0000)]
- newer kernels use /proc/pid/oom_score_adj instead of /proc/pid/oom_adj
Changed files:
opensshd.init -> 1.39
Elan Ruusamäe [Tue, 24 Aug 2010 11:15:35 +0000 (11:15 +0000)]
- release 2
Changed files:
openssh.spec -> 1.342
Elan Ruusamäe [Tue, 24 Aug 2010 11:15:01 +0000 (11:15 +0000)]
- up to 5.6p1
Changed files:
openssh-blacklist.diff -> 1.8
openssh-lpk.patch -> 1.5
openssh-sigpipe.patch -> 1.13
openssh.spec -> 1.341
Jan Rękorajski [Mon, 16 Aug 2010 18:55:30 +0000 (18:55 +0000)]
- rel 6
- don't sync! just think how long it takes on a fileserver with 3TB storage,
~3k users and 80GB of RAM when you try to sync (yes, it takes FOREVER)
Changed files:
openssh.spec -> 1.340
opensshd.init -> 1.38
Arkadiusz Miśkiewicz [Wed, 11 Aug 2010 07:55:42 +0000 (07:55 +0000)]
- rel 5; start sshd early; just after network and die just before network
Changed files:
openssh.spec -> 1.339
opensshd.init -> 1.37
This page took 0.099206 seconds and 4 git commands to generate.