]>
git.pld-linux.org Git - packages/openssh.git/log
Arkadiusz Miśkiewicz [Mon, 3 Feb 2020 22:08:10 +0000 (23:08 +0100)]
- rel 4; more syscalls
Arkadiusz Miśkiewicz [Mon, 3 Feb 2020 22:00:58 +0000 (23:00 +0100)]
- rel 3; allow glibc 2.31 to work with filter
Jan Palus [Thu, 17 Oct 2019 19:53:23 +0000 (21:53 +0200)]
disable conch interoperability tests
python-TwistedConch version in PLD appears to be too ancient
Jan Palus [Thu, 17 Oct 2019 15:13:57 +0000 (17:13 +0200)]
patches tend to work better if they are applied
Jan Palus [Thu, 17 Oct 2019 15:02:21 +0000 (17:02 +0200)]
try disabling tests that require pty
Jan Palus [Thu, 17 Oct 2019 10:58:06 +0000 (12:58 +0200)]
fix sshd-keygen location in on demand service; rel 2
Arkadiusz Miśkiewicz [Wed, 9 Oct 2019 17:38:35 +0000 (19:38 +0200)]
- up to 8.1p1
Jakub Bogusz [Sun, 29 Sep 2019 17:58:37 +0000 (19:58 +0200)]
- release 3 (rebuild with openssl 1.1.1d)
Jan Rękorajski [Sat, 1 Jun 2019 20:54:12 +0000 (22:54 +0200)]
- release 2 (by relup.sh)
Adam Gołębiowski [Thu, 18 Apr 2019 08:38:35 +0000 (10:38 +0200)]
- updated to 8.0p1 (CVE-2019-6111)
Arkadiusz Miśkiewicz [Wed, 27 Feb 2019 09:53:32 +0000 (10:53 +0100)]
- moduli is public information (https://bugzilla.redhat.com/show_bug.cgi?id=
1043661 )
Adam Gołębiowski [Wed, 27 Feb 2019 08:20:03 +0000 (09:20 +0100)]
- release 3, rebuild against openssl-1.1.1b
Jan Rękorajski [Tue, 20 Nov 2018 23:48:51 +0000 (00:48 +0100)]
- release 2 (by relup.sh)
Adam Gołębiowski [Sat, 20 Oct 2018 07:46:54 +0000 (09:46 +0200)]
- BR: openssl-devel >= 1.1.0g
Adam Gołębiowski [Fri, 19 Oct 2018 18:36:43 +0000 (20:36 +0200)]
- pass TEST_SSH_TRACE for verbose output from tests
Adam Gołębiowski [Fri, 19 Oct 2018 17:28:38 +0000 (19:28 +0200)]
- try random port for tests
Adam Gołębiowski [Fri, 19 Oct 2018 16:46:47 +0000 (18:46 +0200)]
- no longer needed
Adam Gołębiowski [Fri, 19 Oct 2018 16:36:29 +0000 (18:36 +0200)]
- updated to 7.9p1
Arkadiusz Miśkiewicz [Fri, 14 Sep 2018 10:08:08 +0000 (12:08 +0200)]
- rel 4; build with openssl 1.1.1
Arkadiusz Miśkiewicz [Fri, 14 Sep 2018 06:56:24 +0000 (08:56 +0200)]
- release 3 (by relup.sh)
Arkadiusz Miśkiewicz [Sat, 25 Aug 2018 12:32:37 +0000 (14:32 +0200)]
- rel 2; use seccomp_filter sandbox by default; requires kernel >= 3.5 which is old enough
Arkadiusz Miśkiewicz [Fri, 24 Aug 2018 20:36:52 +0000 (22:36 +0200)]
- up to 7.8p1
Arkadiusz Miśkiewicz [Tue, 3 Apr 2018 08:25:27 +0000 (10:25 +0200)]
- up to 7.7p1
Elan Ruusamäe [Mon, 2 Apr 2018 16:29:41 +0000 (19:29 +0300)]
- openssl-1.0.2o rebuild
- release 4 (by relup.sh)
Arkadiusz Miśkiewicz [Sat, 9 Dec 2017 15:28:39 +0000 (16:28 +0100)]
- release 3 (by relup.sh)
Arkadiusz Miśkiewicz [Mon, 6 Nov 2017 09:50:16 +0000 (10:50 +0100)]
- release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Fri, 6 Oct 2017 06:54:50 +0000 (08:54 +0200)]
- up to 7.6p1
Jan Rękorajski [Sun, 11 Jun 2017 12:47:26 +0000 (14:47 +0200)]
- release 2 (by relup.sh)
Jakub Bogusz [Mon, 17 Apr 2017 09:34:03 +0000 (11:34 +0200)]
- dropped outdated TODO file
Jakub Bogusz [Mon, 17 Apr 2017 09:25:21 +0000 (11:25 +0200)]
- added ldns patch (fixes ldns detection) and bcond
Arkadiusz Miśkiewicz [Tue, 21 Mar 2017 06:47:15 +0000 (07:47 +0100)]
- up to 7.5p1
Arkadiusz Miśkiewicz [Thu, 26 Jan 2017 17:16:08 +0000 (18:16 +0100)]
- openssl rebuild
- release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Mon, 19 Dec 2016 14:58:02 +0000 (15:58 +0100)]
- up to 7.4p1
Arkadiusz Miśkiewicz [Mon, 26 Sep 2016 15:21:28 +0000 (17:21 +0200)]
- openssl
- release 3 (by relup.sh)
Arkadiusz Miśkiewicz [Thu, 22 Sep 2016 20:47:43 +0000 (22:47 +0200)]
- openssl rebuild
- release 2 (by relup.sh)
Tomasz Pala [Tue, 23 Aug 2016 05:59:32 +0000 (07:59 +0200)]
do not lower ssh client security by default
ForwardX11Trusted might be enabled on command line by using -Y instead
of -X, so there's no real need for doing it system-wide(!) default.
Moreover, the rationale behind trusting remote party might be obsolete:
http://dailypackage.fedorabook.com/index.php?/archives/48-Wednesday-Why-Trusted-and-Untrusted-X11-Forwarding-with-SSH.html
Either way, trusting some potentially malicious (especially without
StrictHostKeyChecking) )remote side MUST be conscious decision.
Tomasz Pala [Tue, 23 Aug 2016 05:55:23 +0000 (07:55 +0200)]
do not repeat default config values for ssh client
Tomasz Pala [Mon, 22 Aug 2016 11:56:38 +0000 (13:56 +0200)]
do not enable upstream-disabled DSA keys
reenabling them (temporarily) should be consciuos admin decision to follow
transition period until they are ultimately removed from openssh. Note
the double-hash comment to indicate, that this is only a hint, not default
Tomasz Pala [Mon, 22 Aug 2016 11:54:10 +0000 (13:54 +0200)]
do not uncomment default values, as this suggests altering these params
Arkadiusz Miśkiewicz [Mon, 1 Aug 2016 14:54:54 +0000 (16:54 +0200)]
- up to 7.3p1
Elan Ruusamäe [Fri, 29 Jul 2016 16:56:21 +0000 (19:56 +0300)]
sshd-keygen: do not exit as failure if restorecon is missing
Arkadiusz Miśkiewicz [Mon, 30 May 2016 21:12:50 +0000 (23:12 +0200)]
- up to 7.2p2; fixes X11 security issue http://www.openssh.com/txt/x11fwd.adv
Arkadiusz Miśkiewicz [Tue, 3 May 2016 20:53:00 +0000 (22:53 +0200)]
- openssl rebuild
- release 3 (by relup.sh)
Arkadiusz Miśkiewicz [Sat, 5 Mar 2016 18:23:22 +0000 (19:23 +0100)]
- rel 2; x32 build fix
Jakub Bogusz [Sat, 5 Mar 2016 10:37:29 +0000 (11:37 +0100)]
- updated to 7.2p1; slogin is gone
- updated ldap,chroot patches
- removed obsolete no_libnsl patch
- fixed memory leaks in chroot patch
Elan Ruusamäe [Wed, 2 Mar 2016 12:45:57 +0000 (14:45 +0200)]
- openssl 1.0.2g rebuild
- release 3 (by relup.sh)
Arkadiusz Miśkiewicz [Thu, 28 Jan 2016 18:47:57 +0000 (19:47 +0100)]
- release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Thu, 14 Jan 2016 15:26:36 +0000 (16:26 +0100)]
- up to 7.1p2; fixes CVE-2016-0777 (client side problem)
Elan Ruusamäe [Thu, 3 Dec 2015 19:09:56 +0000 (21:09 +0200)]
- openssl 1.0.2d rebuild
- release 9 (by relup.sh)
Elan Ruusamäe [Tue, 1 Dec 2015 10:52:42 +0000 (12:52 +0200)]
fix broken patch from
00b8e87
see http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2015-December/024591.html
Arkadiusz Miśkiewicz [Tue, 17 Nov 2015 17:30:35 +0000 (18:30 +0100)]
- rel 6; fix start check
Arkadiusz Miśkiewicz [Tue, 17 Nov 2015 17:18:21 +0000 (18:18 +0100)]
- reorder so oldest/worst ones are last
Arkadiusz Miśkiewicz [Tue, 17 Nov 2015 17:06:00 +0000 (18:06 +0100)]
- rel 6; disable rsa1 host key generation (it's used with ssh1 which is disabled in openssh >= 7.0p1 by default)
Paweł Gołaszewski [Thu, 12 Nov 2015 11:06:33 +0000 (12:06 +0100)]
- HostkeyAlgorithms - to allow connection with older systems
Elan Ruusamäe [Tue, 6 Oct 2015 08:33:05 +0000 (11:33 +0300)]
enable in server, disable in client
http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2015-October/024509.html
Elan Ruusamäe [Tue, 6 Oct 2015 07:04:54 +0000 (10:04 +0300)]
allow dsa keys also client side, enable by default
Elan Ruusamäe [Sat, 3 Oct 2015 23:19:01 +0000 (02:19 +0300)]
add sample how to enable dsa keys
Jakub Bogusz [Sun, 6 Sep 2015 13:20:04 +0000 (15:20 +0200)]
- updated to 7.1p1
Elan Ruusamäe [Wed, 12 Aug 2015 14:35:46 +0000 (17:35 +0300)]
no macro for trigger epoch
Arkadiusz Miśkiewicz [Wed, 12 Aug 2015 12:24:49 +0000 (14:24 +0200)]
- rel 2; DSA keys warning
Arkadiusz Miśkiewicz [Tue, 11 Aug 2015 17:38:54 +0000 (19:38 +0200)]
- up to 7.0p1
Arkadiusz Miśkiewicz [Thu, 9 Jul 2015 19:01:18 +0000 (21:01 +0200)]
- release 2 (by relup.sh)
Jakub Bogusz [Fri, 3 Jul 2015 17:30:16 +0000 (19:30 +0200)]
- added tests-reuseport (fixes regression tests failure due to missing SO_REUSEPORT feature in pre-3.9 Linux)
Arkadiusz Miśkiewicz [Wed, 1 Jul 2015 16:52:31 +0000 (18:52 +0200)]
- up to 6.9p1
Arkadiusz Miśkiewicz [Sat, 13 Jun 2015 07:40:00 +0000 (09:40 +0200)]
- release 12 (by relup.sh)
Elan Ruusamäe [Tue, 5 May 2015 12:26:05 +0000 (15:26 +0300)]
do not force 3.5 kernel on non-x32
Elan Ruusamäe [Thu, 30 Apr 2015 09:46:05 +0000 (12:46 +0300)]
3.5 kernel is needed in server, not client
Elan Ruusamäe [Mon, 27 Apr 2015 11:01:42 +0000 (14:01 +0300)]
really modify files (witekfl)
Elan Ruusamäe [Mon, 27 Apr 2015 07:37:20 +0000 (10:37 +0300)]
fix sshd-keygen in sshd initscript
Jan Rękorajski [Fri, 24 Apr 2015 21:16:16 +0000 (23:16 +0200)]
- rel 7
Jan Rękorajski [Fri, 24 Apr 2015 20:55:51 +0000 (22:55 +0200)]
- safecatch on x32
Jan Rękorajski [Fri, 24 Apr 2015 20:26:30 +0000 (22:26 +0200)]
- do not parallelize tests
Jan Rękorajski [Fri, 24 Apr 2015 19:42:09 +0000 (21:42 +0200)]
- don't pass sandbox to configure on ac
Jan Rękorajski [Fri, 24 Apr 2015 19:39:31 +0000 (21:39 +0200)]
- sandbox macro is always defined
Jan Rękorajski [Fri, 24 Apr 2015 19:26:37 +0000 (21:26 +0200)]
- fix sandbox macro
- rel 6
Elan Ruusamäe [Fri, 24 Apr 2015 08:36:56 +0000 (11:36 +0300)]
restore lost BR 3.5 kernel from
cebd27d
Elan Ruusamäe [Fri, 24 Apr 2015 08:12:37 +0000 (11:12 +0300)]
prevent upstream provided aclocal.m4 being overwritten
Elan Ruusamäe [Fri, 24 Apr 2015 07:53:48 +0000 (10:53 +0300)]
add libseccomp bcond, building with it requires 3.5 kernel
with 3.4.92 kernel you get such error:
sshd[4604]: fatal: ssh_sandbox_child:libseccomp unable to load filter -22 [preauth]
Jacek Konieczny [Thu, 23 Apr 2015 07:56:01 +0000 (09:56 +0200)]
drop all Upstart hacks
Release: 4
Elan Ruusamäe [Tue, 7 Apr 2015 10:23:36 +0000 (13:23 +0300)]
more accudate status check
Elan Ruusamäe [Tue, 7 Apr 2015 10:20:38 +0000 (13:20 +0300)]
sshd initscript: do not rely only on lock file
OpenSSH service is already running.
daemon sshd dead but subsys (sshd) locked
basically main pid is down, but lockfile exists.
making exception to sshd (being important service) to not to rely only
on lockfile.
Elan Ruusamäe [Wed, 25 Mar 2015 12:53:47 +0000 (14:53 +0200)]
fix
Elan Ruusamäe [Wed, 25 Mar 2015 12:34:19 +0000 (14:34 +0200)]
hack: require openssh-server only if sshd user does not exist
refs
163b394
Elan Ruusamäe [Wed, 25 Mar 2015 12:31:23 +0000 (14:31 +0200)]
ensure --with-privsep-user param
Elan Ruusamäe [Sun, 1 Mar 2015 13:36:23 +0000 (15:36 +0200)]
add missing backslash
Elan Ruusamäe [Sun, 1 Mar 2015 13:07:57 +0000 (15:07 +0200)]
post fix files on condition
Elan Ruusamäe [Sun, 1 Mar 2015 13:05:12 +0000 (15:05 +0200)]
simplify ssh key gen, reuse code
Arkadiusz Miśkiewicz [Tue, 24 Mar 2015 16:03:20 +0000 (17:03 +0100)]
- openssl rebuild
- release 3 (by relup.sh)
Jakub Bogusz [Thu, 19 Mar 2015 19:53:02 +0000 (20:53 +0100)]
- tests require kernel with NO_NEW_PRIVS prctl support (the same for default configuration)
Jan Rękorajski [Thu, 19 Mar 2015 00:58:19 +0000 (01:58 +0100)]
- removed accidental CFLAGS change
Jan Rękorajski [Thu, 19 Mar 2015 00:55:50 +0000 (01:55 +0100)]
- default seccomp sandbox is broken, use patch by Steven Noonan adding libseccomp-sandbox to unbreak it
- rel2
Arkadiusz Miśkiewicz [Wed, 18 Mar 2015 18:35:42 +0000 (19:35 +0100)]
- up to 6.8p1
Jan Rękorajski [Fri, 27 Feb 2015 20:49:30 +0000 (21:49 +0100)]
- rebuild with openssl 1.0.2
- release 6 (by relup.sh)
Jan Rękorajski [Tue, 24 Feb 2015 21:18:20 +0000 (22:18 +0100)]
- x32 rebuild
- release 5 (by relup.sh)
Łukasz Kieś [Fri, 9 Jan 2015 21:44:11 +0000 (22:44 +0100)]
- rebuild with openssl-1.0.1k
- release 4 (by relup.sh)
Arkadiusz Miśkiewicz [Sun, 2 Nov 2014 20:28:47 +0000 (21:28 +0100)]
- rel 3; use postlogin pam config
Arkadiusz Miśkiewicz [Wed, 15 Oct 2014 20:57:35 +0000 (22:57 +0200)]
- release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Tue, 7 Oct 2014 14:15:07 +0000 (16:15 +0200)]
- up to 6.7p1
Elan Ruusamäe [Thu, 7 Aug 2014 09:20:53 +0000 (12:20 +0300)]
- release 4 (by relup.sh)
Arkadiusz Miśkiewicz [Thu, 5 Jun 2014 16:34:07 +0000 (18:34 +0200)]
- release 3 (by relup.sh)
This page took 0.492096 seconds and 4 git commands to generate.