]>
git.pld-linux.org Git - packages/openssh.git/log
Arkadiusz Miśkiewicz [Thu, 9 Dec 2021 19:14:18 +0000 (20:14 +0100)]
Keep AllowTcpForwarding default with upstream. It's better default for most of services and services like in advisory can enable it on their own.
Arkadiusz Miśkiewicz [Tue, 16 Nov 2021 19:44:34 +0000 (20:44 +0100)]
Rel 2; upstream 'Don't trust closefrom() on Linux.'. Should fix problems with closefrom in chroot.
Arkadiusz Miśkiewicz [Thu, 30 Sep 2021 12:26:36 +0000 (14:26 +0200)]
Up to 8.8p1
Jan Rękorajski [Fri, 24 Sep 2021 21:36:58 +0000 (23:36 +0200)]
rebuild with openssl 3.0.0
Release 3 (by relup.sh)
Jan Palus [Wed, 25 Aug 2021 10:41:50 +0000 (12:41 +0200)]
openssl rebuild
Release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Fri, 20 Aug 2021 20:07:33 +0000 (22:07 +0200)]
Up to 8.7p1
Arkadiusz Miśkiewicz [Wed, 21 Apr 2021 06:06:48 +0000 (08:06 +0200)]
- up to 8.6p1
Jan Palus [Thu, 25 Mar 2021 17:38:53 +0000 (18:38 +0100)]
- release 2 (by relup.sh)
Jan Rękorajski [Sun, 7 Mar 2021 10:09:44 +0000 (11:09 +0100)]
- unconditional noarch subpackages
Arkadiusz Miśkiewicz [Wed, 3 Mar 2021 21:13:59 +0000 (22:13 +0100)]
- up to 8.5p1
Arkadiusz Miśkiewicz [Mon, 1 Mar 2021 23:09:19 +0000 (00:09 +0100)]
- rel 5; fix x32 (seccomp was killing it)
Arkadiusz Miśkiewicz [Mon, 1 Mar 2021 12:22:11 +0000 (13:22 +0100)]
- rediff patches
Jan Rękorajski [Mon, 1 Mar 2021 09:00:03 +0000 (10:00 +0100)]
- don't generate DSA server host keys, this weak algo was run-time disabled in openssh 7.0 (6 years ago)
http://www.openssh.com/txt/release-7.0
Jan Palus [Wed, 17 Feb 2021 16:01:41 +0000 (17:01 +0100)]
- release 4 (by relup.sh)
Jan Palus [Wed, 17 Feb 2021 14:51:47 +0000 (15:51 +0100)]
updated source to https
Jan Palus [Wed, 17 Feb 2021 14:50:47 +0000 (15:50 +0100)]
config.sub is fresh enough already
Jan Palus [Wed, 3 Feb 2021 22:40:23 +0000 (23:40 +0100)]
remove openssh-5.8p1-authorized-keys-command.patch
never used in spec, another copy later added as
authorized-keys-command.patch
Jan Palus [Wed, 3 Feb 2021 22:33:12 +0000 (23:33 +0100)]
updated noarch rule
Jan Palus [Wed, 3 Feb 2021 22:31:05 +0000 (23:31 +0100)]
upstream patch to allow pselect6_time64 in seccomp filter
appears to be required by arm with glibc 2.33
Jan Palus [Wed, 9 Dec 2020 16:52:40 +0000 (17:52 +0100)]
- openssl rebuild
- release 3 (by relup.sh)
Arkadiusz Miśkiewicz [Tue, 27 Oct 2020 20:12:23 +0000 (21:12 +0100)]
- don't bump release
Arkadiusz Miśkiewicz [Tue, 27 Oct 2020 20:09:29 +0000 (21:09 +0100)]
- use rlimit sandbox if building without libseccomp
Jakub Bogusz [Tue, 13 Oct 2020 19:12:18 +0000 (21:12 +0200)]
- release 2 (openssl 1.1.1h)
Jakub Bogusz [Tue, 29 Sep 2020 18:49:44 +0000 (20:49 +0200)]
- versioned runtime dependency on libfido2
Arkadiusz Miśkiewicz [Mon, 28 Sep 2020 19:26:40 +0000 (21:26 +0200)]
- up to 8.4p1
Arkadiusz Miśkiewicz [Wed, 27 May 2020 17:55:20 +0000 (19:55 +0200)]
- up to 8.3p1
Bartek Szady [Wed, 13 May 2020 06:31:11 +0000 (08:31 +0200)]
The FIDO helper has been moved to subpackage to keep it's dependencies out of client subpackage
Jan Palus [Mon, 27 Apr 2020 22:22:31 +0000 (00:22 +0200)]
fix build without ldap
Jan Rękorajski [Tue, 21 Apr 2020 21:30:17 +0000 (23:30 +0200)]
- release 4 (by relup.sh)
Jan Palus [Sun, 5 Apr 2020 15:28:50 +0000 (17:28 +0200)]
- openssl rebuild
- release 3 (by relup.sh)
Jan Rękorajski [Sun, 29 Mar 2020 20:03:42 +0000 (22:03 +0200)]
- release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Sat, 15 Feb 2020 12:06:22 +0000 (13:06 +0100)]
- up to 8.2p1; new - FIDO/U2F support
Arkadiusz Miśkiewicz [Mon, 3 Feb 2020 22:08:10 +0000 (23:08 +0100)]
- rel 4; more syscalls
Arkadiusz Miśkiewicz [Mon, 3 Feb 2020 22:00:58 +0000 (23:00 +0100)]
- rel 3; allow glibc 2.31 to work with filter
Jan Palus [Thu, 17 Oct 2019 19:53:23 +0000 (21:53 +0200)]
disable conch interoperability tests
python-TwistedConch version in PLD appears to be too ancient
Jan Palus [Thu, 17 Oct 2019 15:13:57 +0000 (17:13 +0200)]
patches tend to work better if they are applied
Jan Palus [Thu, 17 Oct 2019 15:02:21 +0000 (17:02 +0200)]
try disabling tests that require pty
Jan Palus [Thu, 17 Oct 2019 10:58:06 +0000 (12:58 +0200)]
fix sshd-keygen location in on demand service; rel 2
Arkadiusz Miśkiewicz [Wed, 9 Oct 2019 17:38:35 +0000 (19:38 +0200)]
- up to 8.1p1
Jakub Bogusz [Sun, 29 Sep 2019 17:58:37 +0000 (19:58 +0200)]
- release 3 (rebuild with openssl 1.1.1d)
Jan Rękorajski [Sat, 1 Jun 2019 20:54:12 +0000 (22:54 +0200)]
- release 2 (by relup.sh)
Adam Gołębiowski [Thu, 18 Apr 2019 08:38:35 +0000 (10:38 +0200)]
- updated to 8.0p1 (CVE-2019-6111)
Arkadiusz Miśkiewicz [Wed, 27 Feb 2019 09:53:32 +0000 (10:53 +0100)]
- moduli is public information (https://bugzilla.redhat.com/show_bug.cgi?id=
1043661 )
Adam Gołębiowski [Wed, 27 Feb 2019 08:20:03 +0000 (09:20 +0100)]
- release 3, rebuild against openssl-1.1.1b
Jan Rękorajski [Tue, 20 Nov 2018 23:48:51 +0000 (00:48 +0100)]
- release 2 (by relup.sh)
Adam Gołębiowski [Sat, 20 Oct 2018 07:46:54 +0000 (09:46 +0200)]
- BR: openssl-devel >= 1.1.0g
Adam Gołębiowski [Fri, 19 Oct 2018 18:36:43 +0000 (20:36 +0200)]
- pass TEST_SSH_TRACE for verbose output from tests
Adam Gołębiowski [Fri, 19 Oct 2018 17:28:38 +0000 (19:28 +0200)]
- try random port for tests
Adam Gołębiowski [Fri, 19 Oct 2018 16:46:47 +0000 (18:46 +0200)]
- no longer needed
Adam Gołębiowski [Fri, 19 Oct 2018 16:36:29 +0000 (18:36 +0200)]
- updated to 7.9p1
Arkadiusz Miśkiewicz [Fri, 14 Sep 2018 10:08:08 +0000 (12:08 +0200)]
- rel 4; build with openssl 1.1.1
Arkadiusz Miśkiewicz [Fri, 14 Sep 2018 06:56:24 +0000 (08:56 +0200)]
- release 3 (by relup.sh)
Arkadiusz Miśkiewicz [Sat, 25 Aug 2018 12:32:37 +0000 (14:32 +0200)]
- rel 2; use seccomp_filter sandbox by default; requires kernel >= 3.5 which is old enough
Arkadiusz Miśkiewicz [Fri, 24 Aug 2018 20:36:52 +0000 (22:36 +0200)]
- up to 7.8p1
Arkadiusz Miśkiewicz [Tue, 3 Apr 2018 08:25:27 +0000 (10:25 +0200)]
- up to 7.7p1
Elan Ruusamäe [Mon, 2 Apr 2018 16:29:41 +0000 (19:29 +0300)]
- openssl-1.0.2o rebuild
- release 4 (by relup.sh)
Arkadiusz Miśkiewicz [Sat, 9 Dec 2017 15:28:39 +0000 (16:28 +0100)]
- release 3 (by relup.sh)
Arkadiusz Miśkiewicz [Mon, 6 Nov 2017 09:50:16 +0000 (10:50 +0100)]
- release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Fri, 6 Oct 2017 06:54:50 +0000 (08:54 +0200)]
- up to 7.6p1
Jan Rękorajski [Sun, 11 Jun 2017 12:47:26 +0000 (14:47 +0200)]
- release 2 (by relup.sh)
Jakub Bogusz [Mon, 17 Apr 2017 09:34:03 +0000 (11:34 +0200)]
- dropped outdated TODO file
Jakub Bogusz [Mon, 17 Apr 2017 09:25:21 +0000 (11:25 +0200)]
- added ldns patch (fixes ldns detection) and bcond
Arkadiusz Miśkiewicz [Tue, 21 Mar 2017 06:47:15 +0000 (07:47 +0100)]
- up to 7.5p1
Arkadiusz Miśkiewicz [Thu, 26 Jan 2017 17:16:08 +0000 (18:16 +0100)]
- openssl rebuild
- release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Mon, 19 Dec 2016 14:58:02 +0000 (15:58 +0100)]
- up to 7.4p1
Arkadiusz Miśkiewicz [Mon, 26 Sep 2016 15:21:28 +0000 (17:21 +0200)]
- openssl
- release 3 (by relup.sh)
Arkadiusz Miśkiewicz [Thu, 22 Sep 2016 20:47:43 +0000 (22:47 +0200)]
- openssl rebuild
- release 2 (by relup.sh)
Tomasz Pala [Tue, 23 Aug 2016 05:59:32 +0000 (07:59 +0200)]
do not lower ssh client security by default
ForwardX11Trusted might be enabled on command line by using -Y instead
of -X, so there's no real need for doing it system-wide(!) default.
Moreover, the rationale behind trusting remote party might be obsolete:
http://dailypackage.fedorabook.com/index.php?/archives/48-Wednesday-Why-Trusted-and-Untrusted-X11-Forwarding-with-SSH.html
Either way, trusting some potentially malicious (especially without
StrictHostKeyChecking) )remote side MUST be conscious decision.
Tomasz Pala [Tue, 23 Aug 2016 05:55:23 +0000 (07:55 +0200)]
do not repeat default config values for ssh client
Tomasz Pala [Mon, 22 Aug 2016 11:56:38 +0000 (13:56 +0200)]
do not enable upstream-disabled DSA keys
reenabling them (temporarily) should be consciuos admin decision to follow
transition period until they are ultimately removed from openssh. Note
the double-hash comment to indicate, that this is only a hint, not default
Tomasz Pala [Mon, 22 Aug 2016 11:54:10 +0000 (13:54 +0200)]
do not uncomment default values, as this suggests altering these params
Arkadiusz Miśkiewicz [Mon, 1 Aug 2016 14:54:54 +0000 (16:54 +0200)]
- up to 7.3p1
Elan Ruusamäe [Fri, 29 Jul 2016 16:56:21 +0000 (19:56 +0300)]
sshd-keygen: do not exit as failure if restorecon is missing
Arkadiusz Miśkiewicz [Mon, 30 May 2016 21:12:50 +0000 (23:12 +0200)]
- up to 7.2p2; fixes X11 security issue http://www.openssh.com/txt/x11fwd.adv
Arkadiusz Miśkiewicz [Tue, 3 May 2016 20:53:00 +0000 (22:53 +0200)]
- openssl rebuild
- release 3 (by relup.sh)
Arkadiusz Miśkiewicz [Sat, 5 Mar 2016 18:23:22 +0000 (19:23 +0100)]
- rel 2; x32 build fix
Jakub Bogusz [Sat, 5 Mar 2016 10:37:29 +0000 (11:37 +0100)]
- updated to 7.2p1; slogin is gone
- updated ldap,chroot patches
- removed obsolete no_libnsl patch
- fixed memory leaks in chroot patch
Elan Ruusamäe [Wed, 2 Mar 2016 12:45:57 +0000 (14:45 +0200)]
- openssl 1.0.2g rebuild
- release 3 (by relup.sh)
Arkadiusz Miśkiewicz [Thu, 28 Jan 2016 18:47:57 +0000 (19:47 +0100)]
- release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Thu, 14 Jan 2016 15:26:36 +0000 (16:26 +0100)]
- up to 7.1p2; fixes CVE-2016-0777 (client side problem)
Elan Ruusamäe [Thu, 3 Dec 2015 19:09:56 +0000 (21:09 +0200)]
- openssl 1.0.2d rebuild
- release 9 (by relup.sh)
Elan Ruusamäe [Tue, 1 Dec 2015 10:52:42 +0000 (12:52 +0200)]
fix broken patch from
00b8e87
see http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2015-December/024591.html
Arkadiusz Miśkiewicz [Tue, 17 Nov 2015 17:30:35 +0000 (18:30 +0100)]
- rel 6; fix start check
Arkadiusz Miśkiewicz [Tue, 17 Nov 2015 17:18:21 +0000 (18:18 +0100)]
- reorder so oldest/worst ones are last
Arkadiusz Miśkiewicz [Tue, 17 Nov 2015 17:06:00 +0000 (18:06 +0100)]
- rel 6; disable rsa1 host key generation (it's used with ssh1 which is disabled in openssh >= 7.0p1 by default)
Paweł Gołaszewski [Thu, 12 Nov 2015 11:06:33 +0000 (12:06 +0100)]
- HostkeyAlgorithms - to allow connection with older systems
Elan Ruusamäe [Tue, 6 Oct 2015 08:33:05 +0000 (11:33 +0300)]
enable in server, disable in client
http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2015-October/024509.html
Elan Ruusamäe [Tue, 6 Oct 2015 07:04:54 +0000 (10:04 +0300)]
allow dsa keys also client side, enable by default
Elan Ruusamäe [Sat, 3 Oct 2015 23:19:01 +0000 (02:19 +0300)]
add sample how to enable dsa keys
Jakub Bogusz [Sun, 6 Sep 2015 13:20:04 +0000 (15:20 +0200)]
- updated to 7.1p1
Elan Ruusamäe [Wed, 12 Aug 2015 14:35:46 +0000 (17:35 +0300)]
no macro for trigger epoch
Arkadiusz Miśkiewicz [Wed, 12 Aug 2015 12:24:49 +0000 (14:24 +0200)]
- rel 2; DSA keys warning
Arkadiusz Miśkiewicz [Tue, 11 Aug 2015 17:38:54 +0000 (19:38 +0200)]
- up to 7.0p1
Arkadiusz Miśkiewicz [Thu, 9 Jul 2015 19:01:18 +0000 (21:01 +0200)]
- release 2 (by relup.sh)
Jakub Bogusz [Fri, 3 Jul 2015 17:30:16 +0000 (19:30 +0200)]
- added tests-reuseport (fixes regression tests failure due to missing SO_REUSEPORT feature in pre-3.9 Linux)
Arkadiusz Miśkiewicz [Wed, 1 Jul 2015 16:52:31 +0000 (18:52 +0200)]
- up to 6.9p1
Arkadiusz Miśkiewicz [Sat, 13 Jun 2015 07:40:00 +0000 (09:40 +0200)]
- release 12 (by relup.sh)
Elan Ruusamäe [Tue, 5 May 2015 12:26:05 +0000 (15:26 +0300)]
do not force 3.5 kernel on non-x32
Elan Ruusamäe [Thu, 30 Apr 2015 09:46:05 +0000 (12:46 +0300)]
3.5 kernel is needed in server, not client
Elan Ruusamäe [Mon, 27 Apr 2015 11:01:42 +0000 (14:01 +0300)]
really modify files (witekfl)
This page took 0.082573 seconds and 4 git commands to generate.