-
Tue Feb 23 2016 John Haxby <john.haxby@oracle.com> - 4.3p2-82.0.1
- change default value of MaxStartups - CVE-2010-5107 (John Haxby) [orabug 22766491]
-
Wed Jan 04 2012 Petr Lautrbach <plautrba@redhat.com> 4.3p2-82
- improve RNG seeding from /dev/random (#681291,#708056)
-
Fri Dec 02 2011 Petr Lautrbach <plautrba@redhat.com> 4.3p2-81
- make ssh(1)'s ConnectTimeout option apply to both the TCP connection and
SSH banner exchange (#750725)
-
Sat Nov 26 2011 Petr Lautrbach <plautrba@redhat.com> 4.3p2-80
- use IPV6_V6ONLY for sshd inet6 listening socket (#640857)
-
Sat Oct 22 2011 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-79
- add LANGUAGE to the sent/accepted evvironment (#710229)
- ssh-copy-id copies now id_rsa.pub by default (#731930)
- repairs man pages (#731925)
-
Thu Oct 06 2011 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-78
- set cloexec on accept socket (#642935)
- add umask to sftp (#720598)
- enable lastolg for big uids (#706315)
-
Fri Aug 26 2011 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-77
- enable selinux domain transition to passwd_t (#689406)
-
Sat Aug 13 2011 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-76
- enable pubkey auth in the fips mode (#674747)
-
Tue Mar 29 2011 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-75
- improve resseding the prng from /dev/urandom or /dev/random respectively (#681291)
-
Thu Mar 24 2011 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-73
- periodically ressed the prng from /dev/urandom or /dev/random respectively (#681291)
-
Thu Dec 16 2010 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-72
- change cipher preferences (#661716)
-
Fri Dec 10 2010 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-71
- change cipher preferences (#661716)
- enable to run sshd as non root user (#661669)
-
Wed Dec 08 2010 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-70
- reenable rekeying (#659242)
-
Wed Nov 03 2010 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-69
- add nss keys to key audit patch (#632402)
-
Wed Nov 03 2010 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-68
- key audit patch (#632402)
-
Wed Sep 15 2010 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-47
- supply forced command documentation (#532559)
-
Tue Aug 17 2010 Tomas Mraz <tmraz@redhat.com> - 4.3p2-46
- compile in the OpenSSL engine support
-
Wed Jun 30 2010 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-45
- record lastlog with big uid (#616396)
-
Wed Jun 30 2010 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-44
- add OpenSSL engine support (#594815)
-
Wed Jun 30 2010 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-43
- backport forced command directive (#532559)
-
Tue Jun 29 2010 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-42
- stderr does not more disturb sftp (#576765)
-
Sat Jan 23 2010 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-41
- add RAND_cleanup at the exit of each program using RAND (#557166)
-
Wed Dec 02 2009 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-40
- revert adjustable buffer length patch (#508914)
-
Thu Nov 12 2009 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-39
- set adjustable buffer length (#508914)
-
Fri Nov 06 2009 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-38
- set better buffer length in latency patch (#508914)
- close error file descriptor before running external subsystem (#530358)
- prevent initscript from hanging when generates the keys (#531738)
-
Wed Sep 16 2009 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-37
- minimize chroot patch to be compatible with upstream (#522141)
-
Wed Aug 19 2009 Tomas Mraz <tmraz@redhat.com> - 4.3p2-36.1
- revert latency patch to solve scp stall regression (#508914)
-
Wed Jun 24 2009 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-36
- tiny change in chroot sftp capability into openssh-server solve ls speed problem (#440240)
-
Wed May 27 2009 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-35
- workaround to plaintext recovery attack against CBC ciphers CVE-2008-5161 (#502230)
-
Sat May 16 2009 Tomas Mraz <tmraz@redhat.com> - 4.3p2-34
- disable protocol 1 in the FIPS mode
-
Fri May 01 2009 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-33
- fix scp hangup on exit (#454812)
- call integrity checks only on binaries which are part of the OpenSSH FIPS
modules
-
Tue Apr 21 2009 Tomas Mraz <tmraz@redhat.com> - 4.3p2-32
- log if FIPS mode is initialized (#492363)
- check the integrity of the binaries in the FIPS mode (#467268)
-
Thu Apr 09 2009 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-31
- fix ssh hangup on exit (#454812)
-
Sat Mar 28 2009 Jan F. Chadima <jchadima@redhat.com> - 4.3p2-30
- add chroot sftp capability into openssh-server (#440240)
-
Fri Oct 03 2008 Tomas Mraz <tmraz@redhat.com> - 4.3p2-29
- allow options for the sshd subsystem for the sftp logging support (#452619)
-
Fri Sep 12 2008 Tomas Mraz <tmraz@redhat.com> - 4.3p2-28
- use OpenSSL RNG directly (needed for FIPS-140-2 compliance)
- when in FIPS mode do not try to use algorithms which are not allowed (#447936)
- improve transfer speed on high latency connections (#227722)
- more correct 'service sshd status' reporting (#430877)
- add logging support to the sftp server (#452619)
- small scp manual page improvement (#433381)
-
Sat Aug 16 2008 Dennis Gregorovic <dgregor@redhat.com> - 4.3p2-26.el5_2.1
- CVE-2007-4752 - Prevent ssh(1) from using a trusted X11 cookie if creation of an
untrusted cookie fails (#280361)
-
Wed Jan 16 2008 Tomas Mraz <tmraz@redhat.com> - 4.3p2-26
- drain acks on sftp write failures (#251565)
-
Sat Jul 14 2007 Tomas Mraz <tmraz@redhat.com> - 4.3p2-24
- fixed audit log injection problem (CVE-2007-3102) (#248059)
-
Fri Jun 22 2007 Tomas Mraz <tmraz@redhat.com> - 4.3p2-23
- document where the nss certificate and token dbs are looked for
-
Thu Jun 21 2007 Tomas Mraz <tmraz@redhat.com> - 4.3p2-22
- experimental support for PKCS#11 tokens through libnss3 (#183423)
-
Wed Apr 04 2007 Tomas Mraz <tmraz@redhat.com> - 4.3p2-21
- fix an information leak in Kerberos password authentication (CVE-2006-5052)
(#234638)
- correctly setup context when empty level requested (#234951)
-
Tue Mar 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.3p2-20
- and always request default level as returned by getseuserbyname (#231695)
-
Tue Mar 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.3p2-19
- check requested level context against a context with the same role (#231695)
-
Wed Feb 28 2007 Tomas Mraz <tmraz@redhat.com> - 4.3p2-18
- reject connection if requested mls range is not obtained (#229278)
-
Sat Feb 10 2007 Tomas Mraz <tmraz@redhat.com> - 4.3p2-17
- allow selecting non-default roles and audit role changes (#227733)
-
Fri Jan 12 2007 Tomas Mraz <tmraz@redhat.com> - 4.3p2-16
- support also level selection on unlabeled networks (#220487)
-
Sat Dec 23 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-15
- make sshd work with mls networking (patch by Klaus Weidner) (#220487)
-
Fri Dec 01 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-14
- fix gssapi with DNS loadbalanced clusters (#216857)
-
Wed Nov 29 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-13
- improved pam_session patch so it doesn't regress, the patch is necessary
for the pam_session_close to be called correctly as uid 0 (#167488)
-
Sat Nov 11 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-10.1
- CVE-2006-5794 - properly detect failed key verify in monitor (#214642)
- kill all ssh sessions when stop is called in halt or reboot runlevel (#213008)
- remove -TERM option from killproc so we don't race on sshd restart (#213490)
-
Tue Oct 03 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-10
- improve gssapi-no-spnego patch (#208102)
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
- CVE-2006-5051 - don't call cleanups from signal handler (#208459)
-
Thu Aug 24 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-9
- don't report duplicate syslog messages, use correct local time (#189158)
- don't allow spnego as gssapi mechanism (from upstream)
- fixed memleaks found by Coverity (from upstream)
- allow ip options except source routing (#202856) (patch by HP)
-
Wed Aug 09 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-8
- drop the pam-session patch from the previous build (#201341)
- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)
-
Fri Jul 21 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-7
- dropped old ssh obsoletes
- call the pam_session_open/close from the monitor when privsep is
enabled so it is always called as root (patch by Darren Tucker)
-
Tue Jul 18 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-6
- improve selinux patch (by Jan Kiszka)
- upstream patch for buffer append space error (#191940)
- fixed typo in configure.ac (#198986)
- added pam_keyinit to pam configuration (#198628)
- improved error message when askpass dialog cannot grab
keyboard input (#198332)
- buildrequires xauth instead of xorg-x11-xauth
- fixed a few rpmlint warnings
-
Thu Jul 13 2006 Jesse Keating <jkeating@redhat.com> - 4.3p2-5.1
- rebuild
-
Sat Apr 15 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-5
- don't request pseudoterminal allocation if stdin is not tty (#188983)
-
Fri Mar 03 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-4
- allow access if audit is not compiled in kernel (#183243)
-
Sat Feb 25 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-3
- enable the subprocess in chroot to send messages to system log
- sshd should prevent login if audit call fails
-
Wed Feb 22 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-2
- print error from scp if not remote (patch by Bjorn Augustsson #178923)
-
Tue Feb 14 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-1
- new version
-
Sat Feb 11 2006 Jesse Keating <jkeating@redhat.com> - 4.3p1-2.1
- bump again for double-long bug on ppc(64)
-
Tue Feb 07 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p1-2
- fixed another place where syslog was called in signal handler
- pass locale environment variables to server, accept them there (#179851)
-
Thu Feb 02 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p1-1
- new version, dropped obsolete patches
-
Wed Dec 21 2005 Tomas Mraz <tmraz@redhat.com> - 4.2p1-10
- hopefully make the askpass dialog less confusing (#174765)
-
Sat Dec 10 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
-
Wed Nov 23 2005 Tomas Mraz <tmraz@redhat.com> - 4.2p1-9
- drop x11-ssh-askpass from the package
- drop old build_6x ifs from spec file
- improve gnome-ssh-askpass so it doesn't reveal number of passphrase
characters to person looking at the display
- less hackish fix for the __USE_GNU problem
-
Sat Nov 19 2005 Nalin Dahyabhai <nalin@redhat.com> - 4.2p1-8
- work around missing gccmakedep by wrapping makedepend in a local script
- remove now-obsolete build dependency on "xauth"
-
Fri Nov 18 2005 Warren Togami <wtogami@redhat.com> - 4.2p1-7
- xorg-x11-devel -> libXt-devel
- rebuild for new xauth location so X forwarding works
- buildreq audit-libs-devel
- buildreq automake for aclocal
- buildreq imake for xmkmf
- -D_GNU_SOURCE in flags in order to get it to build
Ugly hack to workaround openssh defining __USE_GNU which is
not allowed and causes problems according to Ulrich Drepper
fix this the correct way after FC5test1
-
Thu Nov 10 2005 Jeremy Katz <katzj@redhat.com> - 4.2p1-6
- rebuild against new openssl
-
Sat Oct 29 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-5
- put back the possibility to skip SELinux patch
- add patch for user login auditing by Steve Grubb
-
Wed Oct 19 2005 Dan Walsh <dwalsh@redhat.com> 4.2p1-4
- Change selinux patch to use get_default_context_with_rolelevel in libselinux.
-
Fri Oct 14 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-3
- Update selinux patch to use getseuserbyname
-
Sat Oct 08 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-2
- use include instead of pam_stack in pam config
- use fork+exec instead of system in scp - CVE-2006-0225 (#168167)
- upstream patch for displaying authentication errors
-
Wed Sep 07 2005 Tomas Mraz <tmraz@redhat.com> 4.2p1-1
- upgrade to a new upstream version
-
Wed Aug 17 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-5
- use x11-ssh-askpass if openssh-askpass-gnome is not installed (#165207)
- install ssh-copy-id from contrib (#88707)
-
Thu Jul 28 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-4
- don't deadlock on exit with multiple X forwarded channels (#152432)
- don't use X11 port which can't be bound on all IP families (#163732)
-
Thu Jun 30 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-3
- fix small regression caused by the nologin patch (#161956)
- fix race in getpeername error checking (mindrot #1054)
-
Fri Jun 10 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-2
- use only pam_nologin for nologin testing
-
Tue Jun 07 2005 Tomas Mraz <tmraz@redhat.com> 4.1p1-1
- upgrade to a new upstream version
- call pam_loginuid as a pam session module
-
Tue May 17 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-3
- link libselinux only to sshd (#157678)
-
Tue Apr 05 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-2
- fixed Local/RemoteForward in ssh_config.5 manpage
- fix fatal when Local/RemoteForward is used and scp run (#153258)
- don't leak user validity when using krb5 authentication
-
Fri Mar 25 2005 Tomas Mraz <tmraz@redhat.com> 4.0p1-1
- upgrade to 4.0p1
- remove obsolete groups patch
-
Thu Mar 17 2005 Elliot Lee <sopwith@redhat.com>
- rebuilt
-
Tue Mar 01 2005 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-12
- rebuild so that configure can detect that krb5_init_ets is gone now
-
Tue Feb 22 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-11
- don't call syslog in signal handler
- allow password authentication when copying from remote
to remote machine (#103364)
-
Thu Feb 10 2005 Tomas Mraz <tmraz@redhat.com>
- add spaces to messages in initscript (#138508)
-
Wed Feb 09 2005 Tomas Mraz <tmraz@redhat.com> 3.9p1-10
- enable trusted forwarding by default if X11 forwarding is
required by user (#137685 and duplicates)
- disable protocol 1 support by default in sshd server config (#88329)
- keep the gnome-askpass dialog above others (#69131)
-
Sat Feb 05 2005 Tomas Mraz <tmraz@redhat.com>
- change permissions on pam.d/sshd to 0644 (#64697)
- patch initscript so it doesn't kill opened sessions if
the sshd daemon isn't running anymore (#67624)
-
Tue Jan 04 2005 Bill Nottingham <notting@redhat.com> 3.9p1-9
- don't use initlog
-
Tue Nov 30 2004 Thomas Woerner <twoerner@redhat.com> 3.9p1-8.1
- fixed PIE build for all architectures
-
Tue Oct 05 2004 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-8
- add a --enable-vendor-patchlevel option which allows a ShowPatchLevel option
to enable display of a vendor patch level during version exchange (#120285)
- configure with --disable-strip to build useful debuginfo subpackages
-
Tue Sep 21 2004 Bill Nottingham <notting@redhat.com> 3.9p1-7
- when using gtk2 for askpass, don't buildprereq gnome-libs-devel
-
Wed Sep 15 2004 Nalin Dahyabhai <nalin@redhat.com> 3.9p1-6
- build
-
Tue Sep 14 2004 Nalin Dahyabhai <nalin@redhat.com>
- disable ACSS support
-
Fri Sep 03 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-5
- Change selinux patch to use get_default_context_with_role in libselinux.
-
Fri Sep 03 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-4
- Fix patch
* Bad debug statement.
* Handle root/sysadm_r:kerberos
-
Fri Sep 03 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-3
- Modify Colin Walter's patch to allow specifying rule during connection
-
Wed Sep 01 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-2
- Fix TTY handling for SELinux
-
Wed Aug 25 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-1
- Update to upstream
-
Mon Aug 02 2004 Alan Cox <alan@redhat.com> 3.8.1p1-5
- Apply buildreq fixup patch (#125296)
-
Wed Jun 16 2004 Daniel Walsh <dwalsh@redhat.com> 3.8.1p1-4
- Clean up patch for upstream submission.
-
Wed Jun 16 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
-
Thu Jun 10 2004 Daniel Walsh <dwalsh@redhat.com> 3.8.1p1-2
- Remove use of pam_selinux and patch selinux in directly.
-
Tue Jun 08 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-1
- request gssapi-with-mic by default but not delegation (flag day for anyone
who used previous gssapi patches)
- no longer request x11 forwarding by default
-
Fri Jun 04 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-36
- Change pam file to use open and close with pam_selinux
-
Wed Jun 02 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-0
- update to 3.8.1p1
- add workaround from CVS to reintroduce passwordauth using pam
-
Wed Jun 02 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-35
- Remove CLOSEXEC on STDERR
-
Wed Mar 17 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-34
* Wed Mar 03 2004 Phil Knirsch <pknirsch@redhat.com> 3.6.1p2-33.30.1
- Built RHLE3 U2 update package.
-
Thu Mar 04 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-33
- Close file descriptors on exec
-
Tue Mar 02 2004 Thomas Woerner <twoerner@redhat.com> 3.6.1p2-32
- fixed pie build
-
Fri Feb 27 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-31
- Add restorecon to startup scripts
-
Fri Feb 27 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-30
- Add multiple qualified to openssh
-
Tue Feb 24 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-29
- Eliminate selinux code and use pam_selinux
-
Sat Feb 14 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
-
Tue Jan 27 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-27
- turn off pie on ppc
-
Tue Jan 27 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-26
- fix is_selinux_enabled
-
Thu Jan 15 2004 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-25
- Rebuild to grab shared libselinux
-
Thu Dec 04 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-24
- turn on selinux
-
Wed Nov 19 2003 Nalin Dahyabhai <nalin@redhat.com>
- un#ifdef out code for reporting password expiration in non-privsep
mode (#83585)
-
Tue Nov 11 2003 Nalin Dahyabhai <nalin@redhat.com>
- add machinery to build with/without -fpie/-pie, default to doing so
-
Fri Nov 07 2003 David Woodhouse <dwmw2@redhat.com> 3.6.1p2-23
- Don't whinge about getsockopt failing (#109161)
-
Sat Oct 25 2003 Nalin Dahyabhai <nalin@redhat.com>
- add missing buildprereq on zlib-devel (#104558)
-
Tue Oct 14 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-22
- turn selinux off
-
Tue Oct 14 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-21.sel
- turn selinux on
-
Sat Sep 20 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-21
- turn selinux off
-
Sat Sep 20 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-20.sel
- turn selinux on
-
Sat Sep 20 2003 Nalin Dahyabhai <nalin@redhat.com>
- additional fix for apparently-never-happens double-free in buffer_free()
- extend fix for #103998 to cover SSH1
-
Thu Sep 18 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-19
- rebuild
-
Thu Sep 18 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-18
- additional buffer manipulation cleanups from Solar Designer
-
Thu Sep 18 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-17
- turn selinux off
-
Thu Sep 18 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-16.sel
- turn selinux on
-
Wed Sep 17 2003 Bill Nottingham <notting@redhat.com> 3.6.1p2-15
- rebuild
-
Wed Sep 17 2003 Bill Nottingham <notting@redhat.com> 3.6.1p2-14
- additional buffer manipulation fixes (CAN-2003-0695)
-
Wed Sep 17 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-13.sel
- turn selinux on
-
Wed Sep 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-12
- rebuild
-
Wed Sep 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-11
- apply patch to store the correct buffer size in allocated buffers
(CAN-2003-0693)
- skip the initial PAM authentication attempt with an empty password if
empty passwords are not permitted in our configuration (#103998)
-
Sat Sep 06 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-10
- turn selinux off
-
Sat Sep 06 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-9.sel
- turn selinux on
-
Wed Aug 27 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-8
- Add BuildPreReq gtk2-devel if gtk2
-
Wed Aug 13 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-7
- rebuild
-
Wed Aug 13 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-6
- modify patch which clears the supplemental group list at startup to only
complain if setgroups() fails if sshd has euid == 0
- handle krb5 installed in %{_prefix} or elsewhere by using krb5-config
-
Tue Jul 29 2003 Daniel Walsh <dwalsh@redhat.com> 3.6.1p2-5
- Add SELinux patch
-
Wed Jul 23 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-4
- rebuild
-
Tue Jun 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-3
- rebuild
-
Tue Jun 17 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-2
- rebuild
-
Fri Jun 06 2003 Nalin Dahyabhai <nalin@redhat.com> 3.6.1p2-1
- update to 3.6.1p2
-
Thu Jun 05 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
-
Tue Mar 25 2003 Florian La Roche <Florian.LaRoche@redhat.de>
- add patch for getsockopt() call to work on bigendian 64bit archs
-
Sat Feb 15 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-6
- move scp to the -clients subpackage, because it directly depends on ssh
which is also in -clients (#84329)
-
Tue Feb 11 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-5
- rebuild
-
Thu Jan 23 2003 Tim Powers <timp@redhat.com>
- rebuilt
-
Wed Jan 08 2003 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-3
- rebuild
-
Wed Nov 13 2002 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-2
- patch PAM configuration to use relative path names for the modules, allowing
us to not worry about which arch the modules are built for on multilib systems
-
Wed Oct 16 2002 Nalin Dahyabhai <nalin@redhat.com> 3.5p1-1
- update to 3.5p1, merging in filelist/perm changes from the upstream spec
-
Sat Oct 05 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-3
- merge
-
Fri Sep 13 2002 Than Ngo <than@redhat.com> 3.4p1-2.1
- fix to build on multilib systems
-
Fri Aug 30 2002 Curtis Zinzilieta <curtisz@redhat.com> 3.4p1-2gss
- added gssapi patches and uncommented patch here
-
Thu Aug 15 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-2
- pull patch from CVS to fix too-early free in ssh-keysign (#70009)
-
Fri Jun 28 2002 Nalin Dahyabhai <nalin@redhat.com> 3.4p1-1
- 3.4p1
- drop anon mmap patch
-
Wed Jun 26 2002 Nalin Dahyabhai <nalin@redhat.com> 3.3p1-2
- rework the close-on-exit docs
- include configuration file man pages
- make use of nologin as the privsep shell optional
-
Tue Jun 25 2002 Nalin Dahyabhai <nalin@redhat.com> 3.3p1-1
- update to 3.3p1
- merge in spec file changes from upstream (remove setuid from ssh, ssh-keysign)
- disable gtk2 askpass
- require pam-devel by filename rather than by package for erratum
- include patch from Solar Designer to work around anonymous mmap failures
-
Sat Jun 22 2002 Tim Powers <timp@redhat.com>
- automated rebuild
-
Sat Jun 08 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-3
- don't require autoconf any more
-
Sat Jun 01 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-2
- build gnome-ssh-askpass with gtk2
-
Wed May 29 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.3p1-1
- update to 3.2.3p1
- merge in spec file changes from upstream
-
Sat May 18 2002 Nalin Dahyabhai <nalin@redhat.com> 3.2.2p1-1
- update to 3.2.2p1
-
Sat May 18 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-4
- drop buildreq on db1-devel
- require pam-devel by package name
- require autoconf instead of autoconf253 again
-
Wed Apr 03 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-3
- pull patch from CVS to avoid printing error messages when some of the
default keys aren't available when running ssh-add
- refresh to current revisions of Simon's patches
-
Fri Mar 22 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2gss
- reintroduce Simon's gssapi patches
- add buildprereq for autoconf253, which is needed to regenerate configure
after applying the gssapi patches
- refresh to the latest version of Markus's patch to build properly with
older versions of OpenSSL
-
Fri Mar 08 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-2
- bump and grind (through the build system)
-
Fri Mar 08 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-1
- require sharutils for building (mindrot #137)
- require db1-devel only when building for 6.x (#55105), which probably won't
work anyway (3.1 requires OpenSSL 0.9.6 to build), but what the heck
- require pam-devel by file (not by package name) again
- add Markus's patch to compile with OpenSSL 0.9.5a (from
http://bugzilla.mindrot.org/show_bug.cgi?id=141) and apply it if we're
building for 6.x
-
Fri Mar 08 2002 Nalin Dahyabhai <nalin@redhat.com> 3.1p1-0
- update to 3.1p1
-
Wed Mar 06 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020305
- update to SNAP-20020305
- drop debug patch, fixed upstream
-
Thu Feb 21 2002 Nalin Dahyabhai <nalin@redhat.com> SNAP-20020220
- update to SNAP-20020220 for testing purposes (you've been warned, if there's
anything to be warned about, gss patches won't apply, I don't mind)
-
Thu Feb 14 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-3
- add patches from Simon Wilkinson and Nicolas Williams for GSSAPI key
exchange, authentication, and named key support
-
Thu Jan 24 2002 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-2
- remove dependency on db1-devel, which has just been swallowed up whole
by gnome-libs-devel
-
Sun Dec 30 2001 Nalin Dahyabhai <nalin@redhat.com>
- adjust build dependencies so that build6x actually works right (fix
from Hugo van der Kooij)
-
Wed Dec 05 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.2p1-1
- update to 3.0.2p1
-
Sat Nov 17 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0.1p1-1
- update to 3.0.1p1
-
Wed Nov 14 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to current CVS (not for use in distribution)
-
Fri Nov 09 2001 Nalin Dahyabhai <nalin@redhat.com> 3.0p1-1
- merge some of Damien Miller <djm@mindrot.org> changes from the upstream
3.0p1 spec file and init script
-
Thu Nov 08 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 3.0p1
- update to x11-ssh-askpass 1.2.4.1
- change build dependency on a file from pam-devel to the pam-devel package
- replace primes with moduli
-
Fri Sep 28 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-9
- incorporate fix from Markus Friedl's advisory for IP-based authorization bugs
-
Fri Sep 14 2001 Bernhard Rosenkraenzer <bero@redhat.com> 2.9p2-8
- Merge changes to rescue build from current sysadmin survival cd
-
Fri Sep 07 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-7
- fix scp's server's reporting of file sizes, and build with the proper
preprocessor define to get large-file capable open(), stat(), etc.
(sftp has been doing this correctly all along) (#51827)
- configure without --with-ipv4-default on RHL 7.x and newer (#45987,#52247)
- pull cvs patch to fix support for /etc/nologin for non-PAM logins (#47298)
- mark profile.d scriptlets as config files (#42337)
- refer to Jason Stone's mail for zsh workaround for exit-hanging quasi-bug
- change a couple of log() statements to debug() statements (#50751)
- pull cvs patch to add -t flag to sshd (#28611)
- clear fd_sets correctly (one bit per FD, not one byte per FD) (#43221)
-
Tue Aug 21 2001 Nalin Dahyabhai <nalin@redhat.com> 2.9p2-6
- add db1-devel as a BuildPrerequisite (noted by Hans Ecke)
-
Fri Aug 17 2001 Nalin Dahyabhai <nalin@redhat.com>
- pull cvs patch to fix remote port forwarding with protocol 2
-
Fri Aug 10 2001 Nalin Dahyabhai <nalin@redhat.com>
- pull cvs patch to add session initialization to no-pty sessions
- pull cvs patch to not cut off challengeresponse auth needlessly
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
it by default on a system that doesn't have X installed (#49263)
-
Thu Aug 09 2001 Nalin Dahyabhai <nalin@redhat.com>
- don't apply patches to code we don't intend to build (spotted by Matt Galgoci)
-
Tue Aug 07 2001 Nalin Dahyabhai <nalin@redhat.com>
- pass OPTIONS correctly to initlog (#50151)
-
Thu Jul 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- switch to x11-ssh-askpass 1.2.2
-
Thu Jul 12 2001 Nalin Dahyabhai <nalin@redhat.com>
- rebuild in new environment
-
Tue Jun 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- disable the gssapi patch
-
Tue Jun 19 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 2.9p2
- refresh to a new version of the gssapi patch
-
Fri Jun 08 2001 Nalin Dahyabhai <nalin@redhat.com>
- change Copyright: BSD to License: BSD
- add Markus Friedl's unverified patch for the cookie file deletion problem
so that we can verify it
- drop patch to check if xauth is present (was folded into cookie patch)
- don't apply gssapi patches for the errata candidate
- clear supplemental groups list at startup
-
Sat May 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- fix an error parsing the new default sshd_config
- add a fix from Markus Friedl (via openssh-unix-dev) for ssh-keygen not
dealing with comments right
-
Fri May 25 2001 Nalin Dahyabhai <nalin@redhat.com>
- add in Simon Wilkinson's GSSAPI patch to give it some testing in-house,
to be removed before the next beta cycle because it's a big departure
from the upstream version
-
Fri May 04 2001 Nalin Dahyabhai <nalin@redhat.com>
- finish marking strings in the init script for translation
- modify init script to source /etc/sysconfig/sshd and pass $OPTIONS to sshd
at startup (change merged from openssh.com init script, originally by
Pekka Savola)
- refuse to do X11 forwarding if xauth isn't there, handy if you enable
it by default on a system that doesn't have X installed
-
Thu May 03 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 2.9
- drop various patches that came from or went upstream or to or from CVS
-
Thu Apr 19 2001 Nalin Dahyabhai <nalin@redhat.com>
- only require initscripts 5.00 on 6.2 (reported by Peter Bieringer)
-
Mon Apr 09 2001 Preston Brown <pbrown@redhat.com>
- remove explicit openssl requirement, fixes builddistro issue
- make initscript stop() function wait until sshd really dead to avoid
races in condrestart
-
Tue Apr 03 2001 Nalin Dahyabhai <nalin@redhat.com>
- mention that challengereponse supports PAM, so disabling password doesn't
limit users to pubkey and rsa auth (#34378)
- bypass the daemon() function in the init script and call initlog directly,
because daemon() won't start a daemon it detects is already running (like
open connections)
- require the version of openssl we had when we were built
-
Sat Mar 24 2001 Nalin Dahyabhai <nalin@redhat.com>
- make do_pam_setcred() smart enough to know when to establish creds and
when to reinitialize them
- add in a couple of other fixes from Damien for inclusion in the errata
-
Fri Mar 23 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 2.5.2p2
- call setcred() again after initgroups, because the "creds" could actually
be group memberships
-
Wed Mar 21 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 2.5.2p1 (includes endianness fixes in the rijndael implementation)
- don't enable challenge-response by default until we find a way to not
have too many userauth requests (we may make up to six pubkey and up to
three password attempts as it is)
- remove build dependency on rsh to match openssh.com's packages more closely
-
Sun Mar 04 2001 Nalin Dahyabhai <nalin@redhat.com>
- remove dependency on openssl -- would need to be too precise
-
Sat Mar 03 2001 Nalin Dahyabhai <nalin@redhat.com>
- rebuild in new environment
-
Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com>
- Revert the patch to move pam_open_session.
- Init script and spec file changes from Pekka Savola. (#28750)
- Patch sftp to recognize '-o protocol' arguments. (#29540)
-
Fri Feb 23 2001 Nalin Dahyabhai <nalin@redhat.com>
- Chuck the closing patch.
- Add a trigger to add host keys for protocol 2 to the config file, now that
configuration file syntax requires us to specify it with HostKey if we
specify any other HostKey values, which we do.
-
Wed Feb 21 2001 Nalin Dahyabhai <nalin@redhat.com>
- Redo patch to move pam_open_session after the server setuid()s to the user.
- Rework the nopam patch to use be picked up by autoconf.
-
Tue Feb 20 2001 Nalin Dahyabhai <nalin@redhat.com>
- Update for 2.5.1p1.
- Add init script mods from Pekka Savola.
- Tweak the init script to match the CVS contrib script more closely.
- Redo patch to ssh-add to try to adding both identity and id_dsa to also try
adding id_rsa.
-
Sat Feb 17 2001 Nalin Dahyabhai <nalin@redhat.com>
- Update for 2.5.0p1.
- Use $RPM_OPT_FLAGS instead of -O when building gnome-ssh-askpass
- Resync with parts of Damien Miller's openssh.spec from CVS, including
update of x11 askpass to 1.2.0.
- Only require openssl (don't prereq) because we generate keys in the init
script now.
-
Wed Feb 14 2001 Nalin Dahyabhai <nalin@redhat.com>
- Don't open a PAM session until we've forked and become the user (#25690).
- Apply Andrew Bartlett's patch for letting pam_authenticate() know which
host the user is attempting a login from.
- Resync with parts of Damien Miller's openssh.spec from CVS.
- Don't expose KbdInt responses in debug messages (from CVS).
- Detect and handle errors in rsa_{public,private}_decrypt (from CVS).
-
Thu Feb 08 2001 Trond Eivind Glomsrxd <teg@redhat.com>
- i18n-tweak to initscript.
-
Wed Jan 24 2001 Nalin Dahyabhai <nalin@redhat.com>
- More gettextizing.
- Close all files after going into daemon mode (needs more testing).
- Extract patch from CVS to handle auth banners (in the client).
- Extract patch from CVS to handle compat weirdness.
-
Sat Jan 20 2001 Nalin Dahyabhai <nalin@redhat.com>
- Finish with the gettextizing.
-
Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
- Fix a bug in auth2-pam.c (#23877)
- Gettextize the init script.
-
Thu Dec 21 2000 Nalin Dahyabhai <nalin@redhat.com>
- Incorporate a switch for using PAM configs for 6.x, just in case.
-
Wed Dec 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- Incorporate Bero's changes for a build specifically for rescue CDs.
-
Thu Nov 30 2000 Nalin Dahyabhai <nalin@redhat.com>
- Don't treat pam_setcred() failure as fatal unless pam_authenticate() has
succeeded, to allow public-key authentication after a failure with "none"
authentication. (#21268)
-
Wed Nov 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- Update to x11-askpass 1.1.1. (#21301)
- Don't second-guess fixpaths, which causes paths to get fixed twice. (#21290)
-
Tue Nov 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- Merge multiple PAM text messages into subsequent prompts when possible when
doing keyboard-interactive authentication.
-
Mon Nov 27 2000 Nalin Dahyabhai <nalin@redhat.com>
- Disable the built-in MD5 password support. We're using PAM.
- Take a crack at doing keyboard-interactive authentication with PAM, and
enable use of it in the default client configuration so that the client
will try it when the server disallows password authentication.
- Build with debugging flags. Build root policies strip all binaries anyway.
-
Wed Nov 22 2000 Nalin Dahyabhai <nalin@redhat.com>
- Use DESTDIR instead of %makeinstall.
- Remove /usr/X11R6/bin from the path-fixing patch.
-
Tue Nov 21 2000 Nalin Dahyabhai <nalin@redhat.com>
- Add the primes file from the latest snapshot to the main package (#20884).
- Add the dev package to the prereq list (#19984).
- Remove the default path and mimic login's behavior in the server itself.
-
Sat Nov 18 2000 Nalin Dahyabhai <nalin@redhat.com>
- Resync with conditional options in Damien Miller's .spec file for an errata.
- Change libexecdir from %{_libexecdir}/ssh to %{_libexecdir}/openssh.
-
Wed Nov 08 2000 Nalin Dahyabhai <nalin@redhat.com>
- Update to OpenSSH 2.3.0p1.
- Update to x11-askpass 1.1.0.
- Enable keyboard-interactive authentication.
-
Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- Update to ssh-askpass-x11 1.0.3.
- Change authentication related messages to be private (#19966).
-
Wed Oct 11 2000 Nalin Dahyabhai <nalin@redhat.com>
- Patch ssh-keygen to be able to list signatures for DSA public key files
it generates.
-
Fri Oct 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- Add BuildPreReq on /usr/include/security/pam_appl.h to be sure we always
build PAM authentication in.
- Try setting SSH_ASKPASS if gnome-ssh-askpass is installed.
- Clean out no-longer-used patches.
- Patch ssh-add to try to add both identity and id_dsa, and to error only
when neither exists.
-
Tue Oct 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- Update x11-askpass to 1.0.2. (#17835)
- Add BuildPreReqs for /bin/login and /usr/bin/rsh so that configure will
always find them in the right place. (#17909)
- Set the default path to be the same as the one supplied by /bin/login, but
add /usr/X11R6/bin. (#17909)
- Try to handle obsoletion of ssh-server more cleanly. Package names
are different, but init script name isn't. (#17865)
-
Thu Sep 07 2000 Nalin Dahyabhai <nalin@redhat.com>
- Update to 2.2.0p1. (#17835)
- Tweak the init script to allow proper restarting. (#18023)
-
Thu Aug 24 2000 Nalin Dahyabhai <nalin@redhat.com>
- Update to 20000823 snapshot.
- Change subpackage requirements from %{version} to %{version}-%{release}
- Back out the pipe patch.
-
Tue Jul 18 2000 Nalin Dahyabhai <nalin@redhat.com>
- Update to 2.1.1p4, which includes fixes for config file parsing problems.
- Move the init script back.
- Add Damien's quick fix for wackiness.
-
Thu Jul 13 2000 Nalin Dahyabhai <nalin@redhat.com>
- Update to 2.1.1p3, which includes fixes for X11 forwarding and strtok().
-
Fri Jul 07 2000 Nalin Dahyabhai <nalin@redhat.com>
- Move condrestart to server postun.
- Move key generation to init script.
- Actually use the right patch for moving the key generation to the init script.
- Clean up the init script a bit.
-
Thu Jul 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- Fix X11 forwarding, from mail post by Chan Shih-Ping Richard.
-
Mon Jul 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- Update to 2.1.1p2.
- Use of strtok() considered harmful.
-
Sun Jul 02 2000 Nalin Dahyabhai <nalin@redhat.com>
- Get the build root out of the man pages.
-
Fri Jun 30 2000 Nalin Dahyabhai <nalin@redhat.com>
- Add and use condrestart support in the init script.
- Add newer initscripts as a prereq.
-
Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- Build in new environment (release 2)
- Move -clients subpackage to Applications/Internet group
-
Sat Jun 10 2000 Nalin Dahyabhai <nalin@redhat.com>
- Update to 2.2.1p1
-
Sun Jun 04 2000 Nalin Dahyabhai <nalin@redhat.com>
- Patch to build with neither RSA nor RSAref.
- Miscellaneous FHS-compliance tweaks.
- Fix for possibly-compressed man pages.
-
Thu Mar 16 2000 Damien Miller <djm@ibs.com.au>
- Updated for new location
- Updated for new gnome-ssh-askpass build
-
Mon Dec 27 1999 Damien Miller <djm@mindrot.org>
- Added Jim Knoble's <jmknoble@pobox.com> askpass
-
Tue Nov 16 1999 Damien Miller <djm@mindrot.org>
- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
-
Sun Nov 14 1999 Damien Miller <djm@mindrot.org>
- Added 'Obsoletes' directives
-
Wed Nov 10 1999 Damien Miller <djm@ibs.com.au>
- Use make install
- Subpackages
-
Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
- Added links for slogin
- Fixed perms on manpages
-
Sun Oct 31 1999 Damien Miller <djm@ibs.com.au>
- Renamed init script
-
Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
- Back to old binary names
-
Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
- Use autoconf
- New binary names
-
Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.