Changelog for
openssh-server-7.9p1-5.fc30.x86_64.rpm :
* Mon Mar 11 2019 Jakub Jelen
- 7.9p1-5 + 0.10.3.6- Fix kerberos cleanup procedures with GSSAPI- Update cached passwd structure after PAM authentication- Do not fall back to sshd_net_t SELinux context- Fix corner cases of PKCS#11 URI implementation- Do not negotiate arbitrary primes with DH GEX in FIPS
* Wed Feb 06 2019 Jakub Jelen - 7.9p1-4 + 0.10.3.6- Log when a client requests an interactive session and only sftp is allowed- Fix minor issues in ssh-copy-id- Enclose redhat specific configuration with Match final block
* Fri Feb 01 2019 Fedora Release Engineering - 7.9p1-3.2- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Björn Esser - 7.9p1-3.1- Rebuilt for libcrypt.so.2 (#1666033)
* Mon Jan 14 2019 Jakub Jelen - 7.9p1-3 + 0.10.3.6- Backport Match final to unbreak canonicalization with crypto-policies (#1630166)- gsskex: Dump correct option- Backport several fixes from 7_9 branch, mostly related to certificate authentication (#1665611)- Backport patch for CVE-2018-20685 (#1665786)- Correctly initialize ECDSA key structures from PKCS#11
* Wed Nov 14 2018 Jakub Jelen - 7.9p1-2 + 0.10.3-6- Fix LDAP configure test (#1642414)- Avoid segfault on kerberos authentication failure- Reference correct file in configuration example (#1643274)- Dump missing GSSAPI configuration options- Allow to disable RSA signatures with SHA-1
* Fri Oct 19 2018 Jakub Jelen - 7.9p1-1 + 0.10.3-6- New upstream release OpenSSH 7.9p1 (#1632902, #1630166)- Honor GSSAPIServerIdentity option for GSSAPI key exchange- Do not break gsssapi-keyex authentication method when specified in AuthenticationMethods- Follow the system-wide PATH settings (#1633756)- Address some coverity issues
* Mon Sep 24 2018 Jakub Jelen - 7.8p1-3 + 0.10.3-5- Disable OpenSSH hardening flags and use the ones provided by system- Ignore unknown parts of PKCS#11 URI- Do not fail with GSSAPI enabled in match blocks (#1580017)- Fix the segfaulting cavs test (#1628962)
* Fri Aug 31 2018 Jakub Jelen - 7.8p1-2 + 0.10.3-5- New upstream release fixing CVE 2018-15473- Remove unused patches- Remove reference to unused enviornment variable SSH_USE_STRONG_RNG- Address coverity issues- Unbreak scp between two IPv6 hosts- Unbreak GSSAPI key exchange (#1624344)- Unbreak rekeying with GSSAPI key exchange (#1624344)
* Thu Aug 09 2018 Jakub Jelen - 7.7p1-6 + 0.10.3-4- Fix listing of kex algoritms in FIPS mode- Allow aes-gcm cipher modes in FIPS mode- Coverity fixes
* Fri Jul 13 2018 Fedora Release Engineering - 7.7p1-5.1- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 03 2018 Jakub Jelen - 7.7p1-5 + 0.10.3-4- Disable manual printing of motd by default (#1591381)
* Wed Jun 27 2018 Jakub Jelen - 7.7p1-4 + 0.10.3-4- Better handling of kerberos tickets storage (#1566494)- Add pam_motd to pam stack (#1591381)
* Mon Apr 16 2018 Jakub Jelen - 7.7p1-3 + 0.10.3-4- Fix tun devices and other issues fixed after release upstream (#1567775)
* Thu Apr 12 2018 Jakub Jelen - 7.7p1-2 + 0.10.3-4- Do not break quotes parsing in configuration file (#1566295)
* Wed Apr 04 2018 Jakub Jelen - 7.7p1-1 + 0.10.3-4- New upstream release (#1563223)- Add support for ECDSA keys in PKCS#11 (#1354510)- Add support for PKCS#11 URIs
* Tue Mar 06 2018 Jakub Jelen - 7.6p1-7 + 0.10.3-3- Require crypto-policies version and new path- Remove bogus NSS linking
* Thu Feb 08 2018 Fedora Release Engineering - 7.6p1-6.1- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Jan 26 2018 Jakub Jelen - 7.6p1-6 + 0.10.3-3- Rebuild for gcc bug on i386 (#1536555)
* Thu Jan 25 2018 Florian Weimer - 7.6p1-5.2- Rebuild to work around gcc bug leading to sshd miscompilation (#1538648)
* Sat Jan 20 2018 Björn Esser - 7.6p1-5.1.1- Rebuilt for switch to libxcrypt
* Wed Jan 17 2018 Jakub Jelen - 7.6p1-5 + 0.10.3-3- Drop support for TCP wrappers (#1530163)- Do not pass hostnames to audit -- UseDNS is usually disabled (#1534577)
* Thu Dec 14 2017 Jakub Jelen - 7.6p1-4 + 0.10.3-3- Whitelist gettid() syscall in seccomp filter (#1524392)
* Mon Dec 11 2017 Jakub Jelen - 7.6p1-3 + 0.10.3-3- Do not segfault during audit cleanup (#1524233)- Avoid gcc warnings about uninitialized variables
* Wed Nov 22 2017 Jakub Jelen - 7.6p1-2 + 0.10.3-3- Do not build everything against libldap- Do not segfault for ECC keys in PKCS#11
* Thu Oct 19 2017 Jakub Jelen - 7.6p1-1 + 0.10.3-3- New upstream release OpenSSH 7.6- Addressing review remarks for OpenSSL 1.1.0 patch- Fix PermitOpen bug in OpenSSH 7.6- Drop support for ExposeAuthenticationMethods option
* Mon Sep 11 2017 Jakub Jelen - 7.5p1-6 + 0.10.3-2- Do not export KRB5CCNAME if the default path is used (#1199363)- Add enablement for openssl-ibmca and openssl-ibmpkcs11 (#1477636)- Add new GSSAPI kex algorithms with SHA-2, but leave them disabled for now- Enforce pam_sepermit for all logins in SSH (#1492313)- Remove pam_reauthorize, since it is not needed by cockpit anymore (#1492313)
* Mon Aug 14 2017 Jakub Jelen - 7.5p1-5 + 0.10.3-2- Another less-intrusive approach to crypto policy (#1479271)
* Tue Aug 01 2017 Jakub Jelen - 7.5p1-4 + 0.10.3-2- Remove SSH-1 subpackage for Fedora 27 (#1474942)- Follow system-wide crypto policy in server (#1479271)
* Thu Jul 27 2017 Fedora Release Engineering - 7.5p1-3.1- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Jun 30 2017 Jakub Jelen - 7.5p1-2 + 0.10.3-2- Sync downstream patches with RHEL (FIPS)- Resolve potential issues with OpenSSL 1.1.0 patch
* Wed Mar 22 2017 Jakub Jelen - 7.5p1-2 + 0.10.3-2- Fix various after-release typos including failed build in s390x (#1434341)- Revert chroot magic with SELinux