]>
git.pld-linux.org Git - packages/openssh.git/log
Elan Ruusamäe [Tue, 1 Dec 2015 10:52:42 +0000 (12:52 +0200)]
fix broken patch from
00b8e87
see http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2015-December/024591.html
Arkadiusz Miśkiewicz [Tue, 17 Nov 2015 17:30:35 +0000 (18:30 +0100)]
- rel 6; fix start check
Arkadiusz Miśkiewicz [Tue, 17 Nov 2015 17:18:21 +0000 (18:18 +0100)]
- reorder so oldest/worst ones are last
Arkadiusz Miśkiewicz [Tue, 17 Nov 2015 17:06:00 +0000 (18:06 +0100)]
- rel 6; disable rsa1 host key generation (it's used with ssh1 which is disabled in openssh >= 7.0p1 by default)
Paweł Gołaszewski [Thu, 12 Nov 2015 11:06:33 +0000 (12:06 +0100)]
- HostkeyAlgorithms - to allow connection with older systems
Elan Ruusamäe [Tue, 6 Oct 2015 08:33:05 +0000 (11:33 +0300)]
enable in server, disable in client
http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2015-October/024509.html
Elan Ruusamäe [Tue, 6 Oct 2015 07:04:54 +0000 (10:04 +0300)]
allow dsa keys also client side, enable by default
Elan Ruusamäe [Sat, 3 Oct 2015 23:19:01 +0000 (02:19 +0300)]
add sample how to enable dsa keys
Jakub Bogusz [Sun, 6 Sep 2015 13:20:04 +0000 (15:20 +0200)]
- updated to 7.1p1
Elan Ruusamäe [Wed, 12 Aug 2015 14:35:46 +0000 (17:35 +0300)]
no macro for trigger epoch
Arkadiusz Miśkiewicz [Wed, 12 Aug 2015 12:24:49 +0000 (14:24 +0200)]
- rel 2; DSA keys warning
Arkadiusz Miśkiewicz [Tue, 11 Aug 2015 17:38:54 +0000 (19:38 +0200)]
- up to 7.0p1
Arkadiusz Miśkiewicz [Thu, 9 Jul 2015 19:01:18 +0000 (21:01 +0200)]
- release 2 (by relup.sh)
Jakub Bogusz [Fri, 3 Jul 2015 17:30:16 +0000 (19:30 +0200)]
- added tests-reuseport (fixes regression tests failure due to missing SO_REUSEPORT feature in pre-3.9 Linux)
Arkadiusz Miśkiewicz [Wed, 1 Jul 2015 16:52:31 +0000 (18:52 +0200)]
- up to 6.9p1
Arkadiusz Miśkiewicz [Sat, 13 Jun 2015 07:40:00 +0000 (09:40 +0200)]
- release 12 (by relup.sh)
Elan Ruusamäe [Tue, 5 May 2015 12:26:05 +0000 (15:26 +0300)]
do not force 3.5 kernel on non-x32
Elan Ruusamäe [Thu, 30 Apr 2015 09:46:05 +0000 (12:46 +0300)]
3.5 kernel is needed in server, not client
Elan Ruusamäe [Mon, 27 Apr 2015 11:01:42 +0000 (14:01 +0300)]
really modify files (witekfl)
Elan Ruusamäe [Mon, 27 Apr 2015 07:37:20 +0000 (10:37 +0300)]
fix sshd-keygen in sshd initscript
Jan Rękorajski [Fri, 24 Apr 2015 21:16:16 +0000 (23:16 +0200)]
- rel 7
Jan Rękorajski [Fri, 24 Apr 2015 20:55:51 +0000 (22:55 +0200)]
- safecatch on x32
Jan Rękorajski [Fri, 24 Apr 2015 20:26:30 +0000 (22:26 +0200)]
- do not parallelize tests
Jan Rękorajski [Fri, 24 Apr 2015 19:42:09 +0000 (21:42 +0200)]
- don't pass sandbox to configure on ac
Jan Rękorajski [Fri, 24 Apr 2015 19:39:31 +0000 (21:39 +0200)]
- sandbox macro is always defined
Jan Rękorajski [Fri, 24 Apr 2015 19:26:37 +0000 (21:26 +0200)]
- fix sandbox macro
- rel 6
Elan Ruusamäe [Fri, 24 Apr 2015 08:36:56 +0000 (11:36 +0300)]
restore lost BR 3.5 kernel from
cebd27d
Elan Ruusamäe [Fri, 24 Apr 2015 08:12:37 +0000 (11:12 +0300)]
prevent upstream provided aclocal.m4 being overwritten
Elan Ruusamäe [Fri, 24 Apr 2015 07:53:48 +0000 (10:53 +0300)]
add libseccomp bcond, building with it requires 3.5 kernel
with 3.4.92 kernel you get such error:
sshd[4604]: fatal: ssh_sandbox_child:libseccomp unable to load filter -22 [preauth]
Jacek Konieczny [Thu, 23 Apr 2015 07:56:01 +0000 (09:56 +0200)]
drop all Upstart hacks
Release: 4
Elan Ruusamäe [Tue, 7 Apr 2015 10:23:36 +0000 (13:23 +0300)]
more accudate status check
Elan Ruusamäe [Tue, 7 Apr 2015 10:20:38 +0000 (13:20 +0300)]
sshd initscript: do not rely only on lock file
OpenSSH service is already running.
daemon sshd dead but subsys (sshd) locked
basically main pid is down, but lockfile exists.
making exception to sshd (being important service) to not to rely only
on lockfile.
Elan Ruusamäe [Wed, 25 Mar 2015 12:53:47 +0000 (14:53 +0200)]
fix
Elan Ruusamäe [Wed, 25 Mar 2015 12:34:19 +0000 (14:34 +0200)]
hack: require openssh-server only if sshd user does not exist
refs
163b394
Elan Ruusamäe [Wed, 25 Mar 2015 12:31:23 +0000 (14:31 +0200)]
ensure --with-privsep-user param
Elan Ruusamäe [Sun, 1 Mar 2015 13:36:23 +0000 (15:36 +0200)]
add missing backslash
Elan Ruusamäe [Sun, 1 Mar 2015 13:07:57 +0000 (15:07 +0200)]
post fix files on condition
Elan Ruusamäe [Sun, 1 Mar 2015 13:05:12 +0000 (15:05 +0200)]
simplify ssh key gen, reuse code
Arkadiusz Miśkiewicz [Tue, 24 Mar 2015 16:03:20 +0000 (17:03 +0100)]
- openssl rebuild
- release 3 (by relup.sh)
Jakub Bogusz [Thu, 19 Mar 2015 19:53:02 +0000 (20:53 +0100)]
- tests require kernel with NO_NEW_PRIVS prctl support (the same for default configuration)
Jan Rękorajski [Thu, 19 Mar 2015 00:58:19 +0000 (01:58 +0100)]
- removed accidental CFLAGS change
Jan Rękorajski [Thu, 19 Mar 2015 00:55:50 +0000 (01:55 +0100)]
- default seccomp sandbox is broken, use patch by Steven Noonan adding libseccomp-sandbox to unbreak it
- rel2
Arkadiusz Miśkiewicz [Wed, 18 Mar 2015 18:35:42 +0000 (19:35 +0100)]
- up to 6.8p1
Jan Rękorajski [Fri, 27 Feb 2015 20:49:30 +0000 (21:49 +0100)]
- rebuild with openssl 1.0.2
- release 6 (by relup.sh)
Jan Rękorajski [Tue, 24 Feb 2015 21:18:20 +0000 (22:18 +0100)]
- x32 rebuild
- release 5 (by relup.sh)
Łukasz Kieś [Fri, 9 Jan 2015 21:44:11 +0000 (22:44 +0100)]
- rebuild with openssl-1.0.1k
- release 4 (by relup.sh)
Arkadiusz Miśkiewicz [Sun, 2 Nov 2014 20:28:47 +0000 (21:28 +0100)]
- rel 3; use postlogin pam config
Arkadiusz Miśkiewicz [Wed, 15 Oct 2014 20:57:35 +0000 (22:57 +0200)]
- release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Tue, 7 Oct 2014 14:15:07 +0000 (16:15 +0200)]
- up to 6.7p1
Elan Ruusamäe [Thu, 7 Aug 2014 09:20:53 +0000 (12:20 +0300)]
- release 4 (by relup.sh)
Arkadiusz Miśkiewicz [Thu, 5 Jun 2014 16:34:07 +0000 (18:34 +0200)]
- release 3 (by relup.sh)
Elan Ruusamäe [Tue, 13 May 2014 17:50:36 +0000 (20:50 +0300)]
use -std=gnu99
Elan Ruusamäe [Tue, 13 May 2014 14:39:52 +0000 (17:39 +0300)]
add limits.h hack for ac in openbsd-compat
Elan Ruusamäe [Tue, 13 May 2014 14:39:45 +0000 (17:39 +0300)]
update x11.pc hack for ac
Elan Ruusamäe [Tue, 13 May 2014 14:30:17 +0000 (17:30 +0300)]
sane patch order
Elan Ruusamäe [Tue, 13 May 2014 14:28:12 +0000 (17:28 +0300)]
include limits.h
Elan Ruusamäe [Tue, 13 May 2014 14:13:11 +0000 (17:13 +0300)]
autodetect sandbox on ac. currently detects as rlimit
Arkadiusz Miśkiewicz [Mon, 7 Apr 2014 20:44:56 +0000 (22:44 +0200)]
- release 2 (by relup.sh)
Arkadiusz Miśkiewicz [Sun, 16 Mar 2014 21:23:30 +0000 (22:23 +0100)]
-up to 6.6p1
Jacek Konieczny [Thu, 6 Mar 2014 12:10:49 +0000 (13:10 +0100)]
fix the --without ldap bcond
Arkadiusz Miśkiewicz [Sun, 2 Mar 2014 07:35:45 +0000 (08:35 +0100)]
- rel 2; generate
ed25519 server key
Arkadiusz Miśkiewicz [Fri, 28 Feb 2014 21:39:31 +0000 (22:39 +0100)]
Update to 6.5p1. krb patch dropped since its dead code when used with
heimdal. Drop blacklist patch (it's ancient version) and we don't
really care that much about blacklisting debian bad keys.
Jan Rękorajski [Wed, 5 Feb 2014 20:23:08 +0000 (21:23 +0100)]
- updated kuserok patch
Arkadiusz Miśkiewicz [Mon, 3 Feb 2014 20:44:12 +0000 (21:44 +0100)]
- up to 6.5p1 but blacklist/krb patches need decision
Elan Ruusamäe [Mon, 27 Jan 2014 18:40:38 +0000 (20:40 +0200)]
use pidfile in status
Jan Rękorajski [Sun, 19 Jan 2014 19:54:23 +0000 (20:54 +0100)]
- release 3 (by relup.sh)
Elan Ruusamäe [Wed, 20 Nov 2013 13:40:49 +0000 (15:40 +0200)]
-server-ldap requires openldap-nss-config for /etc/ldap.conf
Arkadiusz Miśkiewicz [Sat, 9 Nov 2013 16:13:03 +0000 (17:13 +0100)]
- up 6.4p1; fixes SECURITY issue http://www.openssh.com/txt/gcmrekey.adv (affects installations with restricted users/commands)
Elan Ruusamäe [Sat, 2 Nov 2013 16:53:58 +0000 (18:53 +0200)]
rel 2
Elan Ruusamäe [Sat, 2 Nov 2013 16:53:42 +0000 (18:53 +0200)]
ignore SIGPIPE from ldap-helper. ssh server does not read whole input if matching key is found
Elan Ruusamäe [Sat, 2 Nov 2013 15:29:15 +0000 (17:29 +0200)]
remove server depending on -ldap. long overdue
Elan Ruusamäe [Sat, 2 Nov 2013 15:14:51 +0000 (17:14 +0200)]
pass/sendenv: send XMODIFIERS
Elan Ruusamäe [Sat, 2 Nov 2013 15:09:00 +0000 (17:09 +0200)]
updated rebased ldap patch from fedora (adds AccountClass ldap.conf param)
Elan Ruusamäe [Sat, 2 Nov 2013 15:04:18 +0000 (17:04 +0200)]
rename ldap patch unversioned
Elan Ruusamäe [Sat, 2 Nov 2013 14:57:11 +0000 (16:57 +0200)]
sshd_config: add sample for CheckHostIP no in Host *.local
Arkadiusz Miśkiewicz [Tue, 22 Oct 2013 17:19:10 +0000 (19:19 +0200)]
- up to 6.3p1; heimdal patch dropped (krb users please verify this)
Kacper Kornet [Mon, 21 Oct 2013 07:28:24 +0000 (08:28 +0100)]
pass only some GIT_ variables
Passing GIT_* variables can break some packages like gitolite (see
gitolite-env.patch) and gitolite3. Therefore pass only the ones which
are used by some developers and should be safe.
Elan Ruusamäe [Wed, 3 Jul 2013 12:01:23 +0000 (15:01 +0300)]
noarch openldap schema package
Elan Ruusamäe [Fri, 31 May 2013 18:43:18 +0000 (21:43 +0300)]
move sshd startup to 22
Elan Ruusamäe [Thu, 30 May 2013 09:02:13 +0000 (12:02 +0300)]
same problem with server too:
$ ssh builderth32
ssh_exchange_identification: Connection closed by remote host
May 30 12:01:42 builderth32 sshd[3001]: fatal: OpenSSL version mismatch. Built against
1000007f , you have
1000105f
Elan Ruusamäe [Thu, 30 May 2013 08:29:15 +0000 (11:29 +0300)]
lock down to openssl version used at compile time to avoid fatal error
$ ssh localhost
OpenSSL version mismatch. Built against
1000008f , you have
1000105f
$ rpm -q --blink openssl openssh-clients
openssl-1.0.1e-1.x86_64.rpm
<= openssl-1.0.0j-1.x86_64.rpm
openssh-clients-5.9p1-9.x86_64.rpm
<= openssh-clients-5.9p1-8.x86_64.rpm
similar to neon fix:
http://git.pld-linux.org/?p=packages/neon.git;a=commitdiff;h=
00c6dbc2309d9d93db6a6f469fc8516981bdb405
openssh-6.2p2/entropy.c reads:
void
seed_rng(void)
{
#ifndef OPENSSL_PRNG_ONLY
unsigned char buf[RANDOM_SEED_SIZE];
#endif
/*
* OpenSSL version numbers: MNNFFPPS: major minor fix patch status
* We match major, minor, fix and status (not patch) for <1.0.0.
* After that, we acceptable compatible fix versions (so we
* allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
* within a patch series.
*/
u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
(SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
fatal("OpenSSL version mismatch. Built against %lx, you "
"have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
Kacper Kornet [Mon, 20 May 2013 21:04:30 +0000 (22:04 +0100)]
- up to 6.2p2
Andrzej Zawadzki [Tue, 14 May 2013 14:23:39 +0000 (16:23 +0200)]
- add support for recording user's login uid to the process attribute
Arkadiusz Miśkiewicz [Sat, 23 Mar 2013 08:24:32 +0000 (09:24 +0100)]
- up to 6.2p1
Elan Ruusamäe [Sat, 16 Feb 2013 19:07:28 +0000 (21:07 +0200)]
suggest xauth in server package as well
Marcin Banasiak [Thu, 14 Feb 2013 11:26:13 +0000 (12:26 +0100)]
Apply -disable_ldap.patch only when building without ldap
Jacek Konieczny [Mon, 29 Oct 2012 14:44:29 +0000 (15:44 +0100)]
one more 'ldap' bcond fix
Jacek Konieczny [Mon, 29 Oct 2012 14:04:50 +0000 (15:04 +0100)]
without_ldap bcond fixed
--with-ldap=no is not enough any more :-(
Jan Rękorajski [Sun, 21 Oct 2012 22:14:54 +0000 (00:14 +0200)]
- remove passwd.conf manipulation from post, passwd does not have
support for changing pam service suffix for a long time now
- rel 2
Jakub Bogusz [Sat, 22 Sep 2012 18:02:32 +0000 (20:02 +0200)]
- require non-buggy zlib
Arkadiusz Miśkiewicz [Sun, 2 Sep 2012 21:19:40 +0000 (23:19 +0200)]
- up to 6.1p1
Elan Ruusamäe [Sun, 2 Sep 2012 07:33:53 +0000 (10:33 +0300)]
omg, somebody put spaces/tabs before Lpk directives; workaround
Elan Ruusamäe [Sun, 10 Jun 2012 21:08:41 +0000 (21:08 +0000)]
- tests need sshd user, require server package for that
Changed files:
openssh.spec -> 1.386
Elan Ruusamäe [Sun, 10 Jun 2012 20:47:34 +0000 (20:47 +0000)]
- package systemd socket activation files (do not enable)
Changed files:
openssh.spec -> 1.385
Jan Rękorajski [Fri, 27 Apr 2012 16:24:02 +0000 (16:24 +0000)]
- move systemd banner to trigger
Changed files:
openssh.spec -> 1.384
Arkadiusz Miśkiewicz [Tue, 24 Apr 2012 05:32:51 +0000 (05:32 +0000)]
- up to 6.0p1
Changed files:
openssh.spec -> 1.383
Jan Rękorajski [Tue, 17 Apr 2012 17:46:36 +0000 (17:46 +0000)]
- rel 9
- better systemd deps
Changed files:
openssh.spec -> 1.382
Arkadiusz Miśkiewicz [Mon, 20 Feb 2012 21:54:07 +0000 (21:54 +0000)]
- run test suite
Changed files:
openssh.spec -> 1.381
Jan Rękorajski [Sun, 12 Feb 2012 12:47:18 +0000 (12:47 +0000)]
- rel 8
- added systemd native service, with a BIG FAT WARNING
- R pam with pam_systemd enabled
- don't do install time parsing in prep
Changed files:
openssh.spec -> 1.380
Jan Rękorajski [Sun, 12 Feb 2012 11:40:28 +0000 (11:40 +0000)]
- kill only the main process on service stop/restart, not entire cgroup
Changed files:
sshd.service -> 1.3
This page took 0.095709 seconds and 4 git commands to generate.