Changelog for
openssh-server-6.8p1-5.fc22.x86_64.rpm :
* Mon Apr 20 2015 Jakub Jelen
6.8p1-5 + 0.9.3-5- Fix segfault on daemon exit caused by API change (#1213423)
* Thu Apr 02 2015 Jakub Jelen 6.8p1-4 + 0.9.3-5- Fix audit_end_command to restore ControlPersist function (#1203900)
* Tue Mar 31 2015 Jakub Jelen 6.8p1-3 + 0.9.3-5- Fixed issue with GSSAPI key exchange (#1207719)- Add pam_namespace to sshd pam stack (based on #1125110)- Remove krb5-config workaround for #1203900- Fix handling SELinux context in MLS systems- Regression: solve sshd segfaults if other instance already running
* Thu Mar 26 2015 Jakub Jelen 6.8p1-2 + 0.9.3-5- Update audit and gss patches after rebase- Fix reintroduced upstrem bug #1878
* Tue Mar 24 2015 Jakub Jelen 6.8p1-1 + 0.9.3-5- new upstream release openssh-6.8p1 (#1203245)- Resolve segfault with auditing commands (#1203900)- Workaround krb5-config bug (#1204646)
* Thu Mar 12 2015 Jakub Jelen 6.7p1-11 + 0.9.3-4- Ability to specify LDAP filter in ldap.conf for ssh-ldap-helper- Fix auditing when using combination of ForceCommand and PTY- Add sftp option to force mode of created files (from rhel)- Fix tmpfiles.d entries to be more consistent (#1196807)
* Mon Mar 02 2015 Jakub Jelen 6.7p1-10 + 0.9.3-4- Add tmpfiles.d entries (#1196807)
* Fri Feb 27 2015 Jakub Jelen 6.7p1-9 + 0.9.3-4- Adjust seccomp filter for primary architectures and solve aarch64 issue (#1197051)- Solve issue with ssh-copy-id and keys without trailing newline (#1093168)
* Tue Feb 24 2015 Jakub Jelen 6.7p1-8 + 0.9.3-4- Add AArch64 support for seccomp_filter sandbox (#1195065)
* Mon Feb 23 2015 Jakub Jelen 6.7p1-7 + 0.9.3-4- Fix seccomp filter on architectures without getuid32
* Mon Feb 23 2015 Jakub Jelen 6.7p1-6 + 0.9.3-4- Update seccomp filter to work on i686 architectures (#1194401)- Fix previous failing build (#1195065)
* Sun Feb 22 2015 Peter Robinson 6.7p1-5 + 0.9.3-4- Only use seccomp for sandboxing on supported platforms
* Fri Feb 20 2015 Jakub Jelen 6.7p1-4 + 0.9.3-4- Move cavs tests into subpackage -cavs (#1194320)
* Wed Feb 18 2015 Jakub Jelen 6.7p1-3 + 0.9.3-4- update coverity patch- make output of sshd -T more consistent (#1187521)- enable seccomp for sandboxing instead of rlimit (#1062953)- update hardening to compile on gcc5- Add SSH KDF CAVS test driver (#1193045)- Fix ssh-copy-id on non-sh remote shells (#1045191)
* Tue Jan 27 2015 Jakub Jelen 6.7p1-2 + 0.9.3-4- fixed audit patch after rebase
* Tue Jan 20 2015 Petr Lautrbach 6.7p1-1 + 0.9.3-4- new upstream release openssh-6.7p1
* Thu Jan 15 2015 Jakub Jelen 6.6.1p1-11.1 + 0.9.3-3- error message if scp when directory doesn\'t exist (#1142223)- parsing configuration file values (#1130733)- documentation in service and socket files for systemd (#1181593)- updated ldap patch (#981058)- fixed vendor-patchlevel- add new option GSSAPIEnablek5users and disable using ~/.k5users by default CVE-2014-9278 (#1170745)
* Fri Dec 19 2014 Petr Lautrbach 6.6.1p1-10 + 0.9.3-3- log via monitor in chroots without /dev/log
* Wed Dec 03 2014 Petr Lautrbach 6.6.1p1-9 + 0.9.3-3- the .local domain example should be in ssh_config, not in sshd_config- use different values for DH for Cisco servers (#1026430)
* Thu Nov 13 2014 Petr Lautrbach 6.6.1p1-8 + 0.9.3-3- fix gsskex patch to correctly handle MONITOR_REQ_GSSSIGN request (#1118005)
* Fri Nov 07 2014 Petr Lautrbach 6.6.1p1-7 + 0.9.3-3- correct the calculation of bytes for authctxt->krb5_ccname (#1161073)
* Tue Nov 04 2014 Petr Lautrbach 6.6.1p1-6 + 0.9.3-3- privsep_preauth: use SELinux context from selinux-policy (#1008580)- change audit trail for unknown users (mindrot#2245)- fix kuserok patch which checked for the existence of .k5login unconditionally and hence prevented other mechanisms to be used properly- revert the default of KerberosUseKuserok back to yes (#1153076)- ignore SIGXFSZ in postauth monitor (mindrot#2263)- sshd-keygen - don\'t generate DSA and ED25519 host keys in FIPS mode
* Mon Sep 08 2014 Petr Lautrbach 6.6.1p1-5 + 0.9.3-3- set a client\'s address right after a connection is set (mindrot#2257)- apply RFC3454 stringprep to banners when possible (mindrot#2058)- don\'t consider a partial success as a failure (mindrot#2270)
* Sun Aug 17 2014 Fedora Release Engineering - 6.6.1p1-4.1- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jul 18 2014 Tom Callaway 6.6.1p1-4 + 0.9.3-3- fix license handling (both)
* Fri Jul 18 2014 Petr Lautrbach 6.6.1p1-3 + 0.9.3-2- standardise on NI_MAXHOST for gethostname() string lengths (#1051490)
* Mon Jul 14 2014 Petr Lautrbach 6.6.1p1-2 + 0.9.3-2- add pam_reauthorize.so to sshd.pam (#1115977)- spec file and patches clenup
* Sat Jun 07 2014 Fedora Release Engineering - 6.6.1p1-1.1- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Jun 03 2014 Petr Lautrbach 6.6.1p1-1 + 0.9.3-2- disable the curve25519 KEX when speaking to OpenSSH 6.5 or 6.6- add support for ED25519 keys to sshd-keygen and sshd.sysconfig- drop openssh-server-sysvinit subpackage- slightly change systemd units logic - use sshd-keygen.service (#1066615)
* Tue Jun 03 2014 Petr Lautrbach 6.6p1-1 + 0.9.3-2- new upstream release openssh-6.6p1
* Thu May 15 2014 Petr Lautrbach 6.4p1-4 + 0.9.3-1- use SSH_COPY_ID_LEGACY variable to run ssh-copy-id in the legacy mode- make /etc/ssh/moduli file public (#1043661)- test existence of /etc/ssh/ssh_host_ecdsa_key in sshd-keygen.service- don\'t clean up gssapi credentials by default (#1055016)- ssh-agent - try CLOCK_BOOTTIME with fallback (#1091992)- prevent a server from skipping SSHFP lookup - CVE-2014-2653 (#1081338)- ignore environment variables with embedded \'=\' or \'\\0\' characters - CVE-2014-2532 (#1077843)
* Wed Dec 11 2013 Petr Lautrbach 6.4p1-3 + 0.9.3-1- sshd-keygen - use correct permissions on ecdsa host key (#1023945)- use only rsa and ecdsa host keys by default
* Tue Nov 26 2013 Petr Lautrbach 6.4p1-2 + 0.9.3-1- fix fatal() cleanup in the audit patch (#1029074)- fix parsing logic of ldap.conf file (#1033662)
* Fri Nov 08 2013 Petr Lautrbach 6.4p1-1 + 0.9.3-1- new upstream release
* Fri Nov 01 2013 Petr Lautrbach 6.3p1-5 + 0.9.3-7- adjust gss kex mechanism to the upstream changes (#1024004)- don\'t use xfree in pam_ssh_agent_auth sources (#1024965)
* Fri Oct 25 2013 Petr Lautrbach 6.3p1-4 + 0.9.3-6- rebuild with the openssl with the ECC support
* Thu Oct 24 2013 Petr Lautrbach 6.3p1-3 + 0.9.3-6- don\'t use SSH_FP_MD5 for fingerprints in FIPS mode
* Wed Oct 23 2013 Petr Lautrbach 6.3p1-2 + 0.9.3-6- use default_ccache_name from /etc/krb5.conf for a kerberos cache (#991186)- increase the size of the Diffie-Hellman groups (#1010607)- sshd-keygen to generate ECDSA keys (#1019222)
* Tue Oct 15 2013 Petr Lautrbach 6.3p1-1.1 + 0.9.3-6- new upstream release (#1007769)
* Tue Oct 08 2013 Petr Lautrbach 6.2p2-9 + 0.9.3-5- use dracut-fips package to determine if a FIPS module is installed- revert -fips subpackages and hmac files suffixes
* Wed Sep 25 2013 Petr Lautrbach 6.2p2-8 + 0.9.3-5- sshd-keygen: generate only RSA keys by default (#1010092)- use dist tag in suffixes for hmac checksum files
* Wed Sep 11 2013 Petr Lautrbach 6.2p2-7 + 0.9.3-5- use hmac_suffix for ssh{,d} hmac checksums- bump the minimum value of SSH_USE_STRONG_RNG to 14 according to SP800-131A- automatically restart sshd.service on-failure after 42s interval
* Thu Aug 29 2013 Petr Lautrbach 6.2p2-6.1 + 0.9.3-5- add -fips subpackages that contains the FIPS module files
* Wed Jul 31 2013 Petr Lautrbach 6.2p2-5 + 0.9.3-5- gssapi credentials need to be stored before a pam session opened (#987792)
* Tue Jul 23 2013 Petr Lautrbach 6.2p2-4 + 0.9.3-5- don\'t show Success for EAI_SYSTEM (#985964)- make sftp\'s libedit interface marginally multibyte aware (#841771)
* Mon Jun 17 2013 Petr Lautrbach 6.2p2-3 + 0.9.3-5- move default gssapi cache to /run/user/ (#848228)
* Tue May 21 2013 Petr Lautrbach 6.2p2-2 + 0.9.3-5- add socket activated sshd units to the package (#963268)- fix the example in the HOWTO.ldap-keys
* Mon May 20 2013 Petr Lautrbach 6.2p2-1 + 0.9.3-5- new upstream release (#963582)
* Wed Apr 17 2013 Petr Lautrbach 6.2p1-4 + 0.9.3-4- don\'t use export in sysconfig file (#953111)
* Tue Apr 16 2013 Petr Lautrbach 6.2p1-3 + 0.9.3-4- sshd.service: use KillMode=process (#890376)- add latest config.{sub,guess} to support aarch64 (#926284)
* Tue Apr 09 2013 Petr Lautrbach 6.2p1-2 + 0.9.3-4- keep track of which IndentityFile options were manually supplied and which were default options, and don\'t warn if the latter are missing. (mindrot#2084)
* Tue Apr 09 2013 Petr Lautrbach 6.2p1-1 + 0.9.3-4- new upstream release (#924727)
* Wed Mar 06 2013 Petr Lautrbach 6.1p1-7 + 0.9.3-3- use SELinux type sshd_net_t for [net] childs (#915085)
* Thu Feb 14 2013 Petr Lautrbach 6.1p1-6 + 0.9.3-3- fix AuthorizedKeysCommand option
* Fri Feb 08 2013 Petr Lautrbach 6.1p1-5 + 0.9.3-3- change default value of MaxStartups - CVE-2010-5107 (#908707)
* Mon Dec 03 2012 Petr Lautrbach 6.1p1-4 + 0.9.3-3- fix segfault in openssh-5.8p2-force_krb.patch (#882541)
* Mon Dec 03 2012 Petr Lautrbach 6.1p1-3 + 0.9.3-3- replace RequiredAuthentications2 with AuthenticationMethods based on upstream- obsolete RequiredAuthentications[12] options- fix openssh-6.1p1-privsep-selinux.patch
* Fri Oct 26 2012 Petr Lautrbach 6.1p1-2- add SELinux comment to /etc/ssh/sshd_config about SELinux command to modify port (#861400)- drop required chkconfig (#865498)- drop openssh-5.9p1-sftp-chroot.patch (#830237)
* Sat Sep 15 2012 Petr Lautrbach 6.1p1-1 + 0.9.3-3- new upstream release (#852651)- use DIR: kerberos type cache (#848228)- don\'t use chroot_user_t for chrooted users (#830237)- replace scriptlets with systemd macros (#850249)- don\'t use /bin and /sbin paths (#856590)
* Mon Aug 06 2012 Petr Lautrbach 6.0p1-1 + 0.9.3-2- new upstream release
* Mon Aug 06 2012 Petr Lautrbach 5.9p1-26 + 0.9.3-1- change SELinux context also for root user (#827109)
* Fri Jul 27 2012 Petr Lautrbach 5.9p1-25 + 0.9.3-1- fix various issues in openssh-5.9p1-required-authentications.patch
* Tue Jul 17 2012 Tomas Mraz 5.9p1-24 + 0.9.3-1- allow sha256 and sha512 hmacs in the FIPS mode
* Fri Jun 22 2012 Tomas Mraz 5.9p1-23 + 0.9.3-1- fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent is not running, most probably not exploitable- update pam_ssh_agent_auth to 0.9.3 upstream version
* Fri Apr 06 2012 Petr Lautrbach 5.9p1-22 + 0.9.2-32- don\'t create RSA1 key in FIPS mode- don\'t install sshd-keygen.service (#810419)
* Fri Mar 30 2012 Petr Lautrbach 5.9p1-21 + 0.9.2-32- fix various issues in openssh-5.9p1-required-authentications.patch
* Wed Mar 21 2012 Petr Lautrbach 5.9p1-20 + 0.9.2-32- Fix dependencies in systemd units, don\'t enable sshd-keygen.service (#805338)
* Wed Feb 22 2012 Petr Lautrbach 5.9p1-19 + 0.9.2-32- Look for x11 forward sockets with AI_ADDRCONFIG flag getaddrinfo (#735889)
* Mon Feb 06 2012 Petr Lautrbach 5.9p1-18 + 0.9.2-32- replace TwoFactorAuth with RequiredAuthentications[12] https://bugzilla.mindrot.org/show_bug.cgi?id=983
* Tue Jan 31 2012 Petr Lautrbach 5.9p1-17 + 0.9.2-32- run privsep slave process as the users SELinux context (#781634)
* Tue Dec 13 2011 Tomas Mraz 5.9p1-16 + 0.9.2-32- add CAVS test driver for the aes-ctr ciphers
* Sun Dec 11 2011 Tomas Mraz 5.9p1-15 + 0.9.2-32- enable aes-ctr ciphers use the EVP engines from OpenSSL such as the AES-NI
* Tue Dec 06 2011 Petr Lautrbach 5.9p1-14 + 0.9.2-32- warn about unsupported option UsePAM=no (#757545)
* Mon Nov 21 2011 Tomas Mraz - 5.9p1-13 + 0.9.2-32- add back the restorecon call to ssh-copy-id - it might be needed on older distributions (#739989)
* Fri Nov 18 2011 Tomas Mraz - 5.9p1-12 + 0.9.2-32- still support /etc/sysconfig/sshd loading in sshd service (#754732)- fix incorrect key permissions generated by sshd-keygen script (#754779)
* Fri Oct 14 2011 Tomas Mraz - 5.9p1-11 + 0.9.2-32- remove unnecessary requires on initscripts- set VerifyHostKeyDNS to ask in the default configuration (#739856)
* Mon Sep 19 2011 Jan F. Chadima - 5.9p1-10 + 0.9.2-32- selinux sandbox rewrite- two factor authentication tweaking
* Wed Sep 14 2011 Jan F. Chadima - 5.9p1-9 + 0.9.2-32- coverity upgrade- wipe off nonfunctional nss- selinux sandbox tweaking
* Tue Sep 13 2011 Jan F. Chadima - 5.9p1-8 + 0.9.2-32- coverity upgrade- experimental selinux sandbox
* Tue Sep 13 2011 Jan F. Chadima - 5.9p1-7 + 0.9.2-32- fully reanable auditing
* Mon Sep 12 2011 Jan F. Chadima - 5.9p1-6 + 0.9.2-32- repair signedness in akc patch
* Mon Sep 12 2011 Jan F. Chadima - 5.9p1-5 + 0.9.2-32- temporarily disable part of audit4 patch
* Fri Sep 09 2011 Jan F. Chadima - 5.9p1-3 + 0.9.2-32- Coverity second pass- Reenable akc patch
* Thu Sep 08 2011 Jan F. Chadima - 5.9p1-2 + 0.9.2-32- Coverity first pass
* Wed Sep 07 2011 Jan F. Chadima - 5.9p1-1 + 0.9.2-32- Rebase to 5.9p1- Add chroot sftp patch- Add two factor auth patch
* Tue Aug 23 2011 Jan F. Chadima - 5.8p2-21 + 0.9.2-31- ignore SIGPIPE in ssh keyscan
* Tue Aug 09 2011 Jan F. Chadima - 5.8p2-20 + 0.9.2-31- save ssh-askpass\'s debuginfo
* Mon Aug 08 2011 Jan F. Chadima - 5.8p2-19 + 0.9.2-31- compile ssh-askpass with corect CFLAGS
* Mon Aug 08 2011 Jan F. Chadima - 5.8p2-18 + 0.9.2-31- improve selinux\'s change context log
* Mon Aug 08 2011 Jan F. Chadima - 5.8p2-17 + 0.9.2-31- repair broken man pages
* Mon Jul 25 2011 Jan F. Chadima - 5.8p2-16 + 0.9.2-31- rebuild due to broken rpmbiild
* Thu Jul 21 2011 Jan F. Chadima - 5.8p2-15 + 0.9.2-31- Do not change context when run under unconfined_t
* Thu Jul 14 2011 Jan F. Chadima - 5.8p2-14 + 0.9.2-31- Add postlogin to pam. (#718807)
* Tue Jun 28 2011 Jan F. Chadima - 5.8p2-12 + 0.9.2-31- Systemd compatibility according to Mathieu Bridon - Split out the host keygen into their own command, to ease future migration to systemd. Compatitbility with the init script was kept.- Migrate the package to full native systemd unit files, according to the Fedora packaging guidelines.- Prepate the unit files for running an ondemand server. (do not add it actually)
* Tue Jun 21 2011 Jan F. Chadima - 5.8p2-10 + 0.9.2-31- Mention IPv6 usage in man pages
* Mon Jun 20 2011 Jan F. Chadima - 5.8p2-9 + 0.9.2-31- Improve init script
* Thu Jun 16 2011 Jan F. Chadima - 5.8p2-7 + 0.9.2-31- Add possibility to compile openssh without downstream patches
* Thu Jun 09 2011 Jan F. Chadima - 5.8p2-6 + 0.9.2-31- remove stale control sockets (#706396)
* Tue May 31 2011 Jan F. Chadima - 5.8p2-5 + 0.9.2-31- improove entropy manuals
* Fri May 27 2011 Jan F. Chadima - 5.8p2-4 + 0.9.2-31- improove entropy handling- concat ldap patches
* Tue May 24 2011 Jan F. Chadima - 5.8p2-3 + 0.9.2-31- improove ldap manuals
* Mon May 23 2011 Jan F. Chadima - 5.8p2-2 + 0.9.2-31- add gssapi forced command
* Tue May 03 2011 Jan F. Chadima - 5.8p2-1 + 0.9.2-31- update the openssh version
* Thu Apr 28 2011 Jan F. Chadima - 5.8p1-34 + 0.9.2-30- temporarily disabling systemd units
* Wed Apr 27 2011 Jan F. Chadima - 5.8p1-33 + 0.9.2-30- add flags AI_V4MAPPED and AI_ADDRCONFIG to getaddrinfo
* Tue Apr 26 2011 Jan F. Chadima - 5.8p1-32 + 0.9.2-30- update scriptlets
* Fri Apr 22 2011 Jan F. Chadima - 5.8p1-30 + 0.9.2-30- add systemd units
* Fri Apr 22 2011 Jan F. Chadima - 5.8p1-28 + 0.9.2-30- improving sshd -> passwd transation- add template for .local domain to sshd_config
* Thu Apr 21 2011 Jan F. Chadima - 5.8p1-27 + 0.9.2-30- the private keys may be 640 root:ssh_keys ssh_keysign is sgid
* Wed Apr 20 2011 Jan F. Chadima - 5.8p1-26 + 0.9.2-30- improving sshd -> passwd transation
* Tue Apr 05 2011 Jan F. Chadima - 5.8p1-25 + 0.9.2-30- the intermediate context is set to sshd_sftpd_t- do not crash in packet.c if no connection
* Thu Mar 31 2011 Jan F. Chadima - 5.8p1-24 + 0.9.2-30- resolve warnings in port_linux.c
* Tue Mar 29 2011 Jan F. Chadima - 5.8p1-23 + 0.9.2-30- add /etc/sysconfig/sshd
* Mon Mar 28 2011 Jan F. Chadima - 5.8p1-22 + 0.9.2-30- improve reseeding and seed source (documentation)
* Tue Mar 22 2011 Jan F. Chadima - 5.8p1-20 + 0.9.2-30- use /dev/random or /dev/urandom for seeding prng- improve periodical reseeding of random generator
* Thu Mar 17 2011 Jan F. Chadima - 5.8p1-18 + 0.9.2-30- add periodical reseeding of random generator - change selinux contex for internal sftp in do_usercontext- exit(0) after sigterm
* Thu Mar 10 2011 Jan F. Chadima - 5.8p1-17 + 0.9.2-30- improove ssh-ldap (documentation)
* Tue Mar 08 2011 Jan F. Chadima - 5.8p1-16 + 0.9.2-30- improve session keys audit
* Mon Mar 07 2011 Jan F. Chadima - 5.8p1-15 + 0.9.2-30- CVE-2010-4755
* Fri Mar 04 2011 Jan F. Chadima - 5.8p1-14 + 0.9.2-30- improove ssh-keycat (documentation)
* Thu Mar 03 2011 Jan F. Chadima - 5.8p1-13 + 0.9.2-30- improve audit of logins and auths
* Tue Mar 01 2011 Jan F. Chadima - 5.8p1-12 + 0.9.2-30- improove ssk-keycat
* Mon Feb 28 2011 Jan F. Chadima - 5.8p1-11 + 0.9.2-30- add ssk-keycat
* Fri Feb 25 2011 Jan F. Chadima - 5.8p1-10 + 0.9.2-30- reenable auth-keys ldap backend
* Fri Feb 25 2011 Jan F. Chadima - 5.8p1-9 + 0.9.2-30- another audit improovements
* Thu Feb 24 2011 Jan F. Chadima - 5.8p1-8 + 0.9.2-30- another audit improovements- switchable fingerprint mode
* Thu Feb 17 2011 Jan F. Chadima - 5.8p1-4 + 0.9.2-30- improve audit of server key management
* Wed Feb 16 2011 Jan F. Chadima - 5.8p1-3 + 0.9.2-30- improve audit of logins and auths
* Mon Feb 14 2011 Jan F. Chadima - 5.8p1-1 + 0.9.2-30- bump openssh version to 5.8p1
* Tue Feb 08 2011 Fedora Release Engineering - 5.6p1-30.1- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Feb 07 2011 Jan F. Chadima - 5.6p1-30 + 0.9.2-29- clean the data structures in the non privileged process- clean the data structures when roaming
* Wed Feb 02 2011 Jan F. Chadima - 5.6p1-28 + 0.9.2-29- clean the data structures in the privileged process
* Tue Jan 25 2011 Jan F. Chadima - 5.6p1-25 + 0.9.2-29- clean the data structures before exit net process
* Mon Jan 17 2011 Jan F. Chadima - 5.6p1-24 + 0.9.2-29- make audit compatible with the fips mode
* Fri Jan 14 2011 Jan F. Chadima - 5.6p1-23 + 0.9.2-29- add audit of destruction the server keys
* Wed Jan 12 2011 Jan F. Chadima - 5.6p1-22 + 0.9.2-29- add audit of destruction the session keys
* Fri Dec 10 2010 Jan F. Chadima - 5.6p1-21 + 0.9.2-29- reenable run sshd as non root user- renable rekeying
* Wed Nov 24 2010 Jan F. Chadima - 5.6p1-20 + 0.9.2-29- reapair clientloop crash (#627332)- properly restore euid in case connect to the ssh-agent socket fails
* Mon Nov 22 2010 Jan F. Chadima - 5.6p1-19 + 0.9.2-28- striped read permissions from suid and sgid binaries
* Mon Nov 15 2010 Jan F. Chadima - 5.6p1-18 + 0.9.2-27- used upstream version of the biguid patch
* Mon Nov 15 2010 Jan F. Chadima - 5.6p1-17 + 0.9.2-27- improoved kuserok patch
* Fri Nov 05 2010 Jan F. Chadima - 5.6p1-16 + 0.9.2-27- add auditing the host based key ussage- repait X11 abstract layer socket (#648896)
* Wed Nov 03 2010 Jan F. Chadima - 5.6p1-15 + 0.9.2-27- add auditing the kex result
* Tue Nov 02 2010 Jan F. Chadima - 5.6p1-14 + 0.9.2-27- add auditing the key ussage
* Wed Oct 20 2010 Jan F. Chadima - 5.6p1-12 + 0.9.2-27- update gsskex patch (#645389)
* Wed Oct 20 2010 Jan F. Chadima - 5.6p1-11 + 0.9.2-27- rebase linux audit according to upstream
* Fri Oct 01 2010 Jan F. Chadima - 5.6p1-10 + 0.9.2-27- add missing headers to linux audit
* Wed Sep 29 2010 Jan F. Chadima - 5.6p1-9 + 0.9.2-27- audit module now uses openssh audit framevork
* Wed Sep 15 2010 Jan F. Chadima - 5.6p1-8 + 0.9.2-27- Add the GSSAPI kuserok switch to the kuserok patch
* Wed Sep 15 2010 Jan F. Chadima - 5.6p1-7 + 0.9.2-27- Repaired the kuserok patch
* Mon Sep 13 2010 Jan F. Chadima - 5.6p1-6 + 0.9.2-27- Repaired the problem with puting entries with very big uid into lastlog
* Mon Sep 13 2010 Jan F. Chadima - 5.6p1-5 + 0.9.2-27- Merging selabel patch with the upstream version. (#632914)
* Mon Sep 13 2010 Jan F. Chadima - 5.6p1-4 + 0.9.2-27- Tweaking selabel patch to work properly without selinux rules loaded. (#632914)
* Wed Sep 08 2010 Tomas Mraz - 5.6p1-3 + 0.9.2-27- Make fipscheck hmacs compliant with FHS - requires new fipscheck
* Fri Sep 03 2010 Jan F. Chadima - 5.6p1-2 + 0.9.2-27- Added -z relro -z now to LDFLAGS
* Fri Sep 03 2010 Jan F. Chadima - 5.6p1-1 + 0.9.2-27- Rebased to openssh5.6p1
* Wed Jul 07 2010 Jan F. Chadima - 5.5p1-18 + 0.9.2-26- merged with newer bugzilla\'s version of authorized keys command patch
* Wed Jun 30 2010 Jan F. Chadima - 5.5p1-17 + 0.9.2-26- improved the x11 patch according to upstream (#598671)
* Fri Jun 25 2010 Jan F. Chadima - 5.5p1-16 + 0.9.2-26- improved the x11 patch (#598671)
* Thu Jun 24 2010 Jan F. Chadima - 5.5p1-15 + 0.9.2-26- changed _PATH_UNIX_X to unexistent file name (#598671)
* Wed Jun 23 2010 Jan F. Chadima - 5.5p1-14 + 0.9.2-26- sftp works in deviceless chroot again (broken from 5.5p1-3)
* Tue Jun 08 2010 Jan F. Chadima - 5.5p1-13 + 0.9.2-26- add option to switch out krb5_kuserok
* Fri May 21 2010 Jan F. Chadima - 5.5p1-12 + 0.9.2-26- synchronize uid and gid for the user sshd
* Thu May 20 2010 Jan F. Chadima - 5.5p1-11 + 0.9.2-26- Typo in ssh-ldap.conf(5) and ssh-ladap-helper(8)
* Fri May 14 2010 Jan F. Chadima - 5.5p1-10 + 0.9.2-26- Repair the reference in man ssh-ldap-helper(8)- Repair the PubkeyAgent section in sshd_config(5)- Provide example ldap.conf
* Thu May 13 2010 Jan F. Chadima - 5.5p1-9 + 0.9.2-26- Make the Ldap configuration widely compatible- create the aditional docs for LDAP support.
* Thu May 06 2010 Jan F. Chadima - 5.5p1-8 + 0.9.2-26- Make LDAP config elements TLS_CACERT and TLS_REQCERT compatiple with pam_ldap (#589360)
* Thu May 06 2010 Jan F. Chadima - 5.5p1-7 + 0.9.2-26- Make LDAP config element tls_checkpeer compatiple with nss_ldap (#589360)
* Tue May 04 2010 Jan F. Chadima - 5.5p1-6 + 0.9.2-26- Comment spec.file- Sync patches from upstream
* Mon May 03 2010 Jan F. Chadima - 5.5p1-5 + 0.9.2-26- Create separate ldap package- Tweak the ldap patch- Rename stderr patch properly
* Thu Apr 29 2010 Jan F. Chadima - 5.5p1-4 + 0.9.2-26- Added LDAP support
* Mon Apr 26 2010 Jan F. Chadima - 5.5p1-3 + 0.9.2-26- Ignore .bashrc output to stderr in the subsystems
* Tue Apr 20 2010 Jan F. Chadima - 5.5p1-2 + 0.9.2-26- Drop dependency on man
* Fri Apr 16 2010 Jan F. Chadima - 5.5p1-1 + 0.9.2-26- Update to 5.5p1
* Fri Mar 12 2010 Jan F. Chadima - 5.4p1-3 + 0.9.2-25- repair configure script of pam_ssh_agent- repair error mesage in ssh-keygen
* Fri Mar 12 2010 Jan F. Chadima - 5.4p1-2- source krb5-devel profile script only if exists
* Tue Mar 09 2010 Jan F. Chadima - 5.4p1-1- Update to 5.4p1- discontinued support for nss-keys- discontinued support for scard
* Wed Mar 03 2010 Jan F. Chadima - 5.4p1-0.snap20100302.1- Prepare update to 5.4p1
* Mon Feb 15 2010 Jan F. Chadima - 5.3p1-22- ImplicitDSOLinking (#564824)
* Fri Jan 29 2010 Jan F. Chadima - 5.3p1-21- Allow to use hardware crypto if awailable (#559555)
* Mon Jan 25 2010 Jan F. Chadima - 5.3p1-20- optimized FD_CLOEXEC on accept socket (#541809)
* Mon Jan 25 2010 Tomas Mraz - 5.3p1-19- updated pam_ssh_agent_auth to new version from upstream (just a licence change)
* Thu Jan 21 2010 Jan F. Chadima - 5.3p1-18- optimized RAND_cleanup patch (#557166)
* Wed Jan 20 2010 Jan F. Chadima - 5.3p1-17- add RAND_cleanup at the exit of each program using RAND (#557166)
* Tue Jan 19 2010 Jan F. Chadima - 5.3p1-16- set FD_CLOEXEC on accepted socket (#541809)
* Fri Jan 08 2010 Jan F. Chadima - 5.3p1-15- replaced define by global in macros
* Tue Jan 05 2010 Jan F. Chadima - 5.3p1-14- Update the pka patch
* Mon Dec 21 2009 Jan F. Chadima - 5.3p1-13- Update the audit patch
* Fri Dec 04 2009 Jan F. Chadima - 5.3p1-12- Add possibility to autocreate only RSA key into initscript (#533339)
* Fri Nov 27 2009 Jan F. Chadima - 5.3p1-11- Prepare NSS key patch for future SEC_ERROR_LOCKED_PASSWORD (#537411)
* Tue Nov 24 2009 Jan F. Chadima - 5.3p1-10- Update NSS key patch (#537411, #356451)
* Fri Nov 20 2009 Jan F. Chadima - 5.3p1-9- Add gssapi key exchange patch (#455351)
* Fri Nov 20 2009 Jan F. Chadima - 5.3p1-8- Add public key agent patch (#455350)
* Mon Nov 02 2009 Jan F. Chadima - 5.3p1-7- Repair canohost patch to allow gssapi to work when host is acessed via pipe proxy (#531849)
* Thu Oct 29 2009 Jan F. Chadima - 5.3p1-6- Modify the init script to prevent it to hang during generating the keys (#515145)
* Tue Oct 27 2009 Jan F. Chadima - 5.3p1-5- Add README.nss
* Mon Oct 19 2009 Tomas Mraz - 5.3p1-4- Add pam_ssh_agent_auth module to a subpackage.
* Fri Oct 16 2009 Jan F. Chadima - 5.3p1-3- Reenable audit.
* Fri Oct 02 2009 Jan F. Chadima - 5.3p1-2- Upgrade to new wersion 5.3p1
* Tue Sep 29 2009 Jan F. Chadima - 5.2p1-29- Resolve locking in ssh-add (#491312)
* Thu Sep 24 2009 Jan F. Chadima - 5.2p1-28- Repair initscript to be acord to guidelines (#521860)- Add bugzilla# to application of edns and xmodifiers patch
* Wed Sep 16 2009 Jan F. Chadima - 5.2p1-26- Changed pam stack to password-auth
* Fri Sep 11 2009 Jan F. Chadima - 5.2p1-25- Dropped homechroot patch
* Mon Sep 07 2009 Jan F. Chadima - 5.2p1-24- Add check for nosuid, nodev in homechroot
* Tue Sep 01 2009 Jan F. Chadima - 5.2p1-23- add correct patch for ip-opts
* Tue Sep 01 2009 Jan F. Chadima - 5.2p1-22- replace ip-opts patch by an upstream candidate version
* Mon Aug 31 2009 Jan F. Chadima - 5.2p1-21- rearange selinux patch to be acceptable for upstream- replace seftp patch by an upstream version
* Fri Aug 28 2009 Jan F. Chadima - 5.2p1-20- merged xmodifiers to redhat patch- merged gssapi-role to selinux patch- merged cve-2007_3102 to audit patch- sesftp patch only with WITH_SELINUX flag- rearange sesftp patch according to upstream request
* Wed Aug 26 2009 Jan F. Chadima - 5.2p1-19- minor change in sesftp patch
* Fri Aug 21 2009 Tomas Mraz - 5.2p1-18- rebuilt with new openssl
* Thu Jul 30 2009 Jan F. Chadima - 5.2p1-17- Added dnssec support. (#205842)
* Sat Jul 25 2009 Fedora Release Engineering - 5.2p1-16- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Fri Jul 24 2009 Jan F. Chadima - 5.2p1-15- only INTERNAL_SFTP can be home-chrooted- save _u and _r parts of context changing to sftpd_t
* Fri Jul 17 2009 Jan F. Chadima - 5.2p1-14- changed internal-sftp context to sftpd_t
* Fri Jul 03 2009 Jan F. Chadima - 5.2p1-13- changed home length path patch to upstream version
* Tue Jun 30 2009 Jan F. Chadima - 5.2p1-12- create \'~/.ssh/known_hosts\' within proper context
* Mon Jun 29 2009 Jan F. Chadima - 5.2p1-11- length of home path in ssh now limited by PATH_MAX- correct timezone with daylight processing
* Sat Jun 27 2009 Jan F. Chadima - 5.2p1-10- final version chroot %h (sftp only)
* Tue Jun 23 2009 Jan F. Chadima - 5.2p1-9- repair broken ls in chroot %h
* Fri Jun 12 2009 Jan F. Chadima - 5.2p1-8- add XMODIFIERS to exported environment (#495690)
* Fri May 15 2009 Tomas Mraz - 5.2p1-6- allow only protocol 2 in the FIPS mode
* Thu Apr 30 2009 Tomas Mraz - 5.2p1-5- do integrity verification only on binaries which are part of the OpenSSH FIPS modules
* Mon Apr 20 2009 Tomas Mraz - 5.2p1-4- log if FIPS mode is initialized- make aes-ctr cipher modes work in the FIPS mode
* Fri Apr 03 2009 Jan F. Chadima - 5.2p1-3- fix logging after chroot- enable non root users to use chroot %h in internal-sftp
* Fri Mar 13 2009 Tomas Mraz - 5.2p1-2- add AES-CTR ciphers to the FIPS mode proposal
* Mon Mar 09 2009 Jan F. Chadima - 5.2p1-1- upgrade to new upstream release
* Thu Feb 26 2009 Fedora Release Engineering - 5.1p1-8- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Thu Feb 12 2009 Tomas Mraz - 5.1p1-7- drop obsolete triggers- add testing FIPS mode support- LSBize the initscript (#247014)
* Fri Jan 30 2009 Tomas Mraz - 5.1p1-6- enable use of ssl engines (#481100)
* Thu Jan 15 2009 Tomas Mraz - 5.1p1-5- remove obsolete --with-rsh (#478298)- add pam_sepermit to allow blocking confined users in permissive mode (#471746)- move system-auth after pam_selinux in the session stack
* Thu Dec 11 2008 Tomas Mraz - 5.1p1-4- set FD_CLOEXEC on channel sockets (#475866)- adjust summary- adjust nss-keys patch so it is applicable without selinux patches (#470859)
* Fri Oct 17 2008 Tomas Mraz - 5.1p1-3- fix compatibility with some servers (#466818)
* Thu Jul 31 2008 Tomas Mraz - 5.1p1-2- fixed zero length banner problem (#457326)
* Wed Jul 23 2008 Tomas Mraz - 5.1p1-1- upgrade to new upstream release- fixed a problem with public key authentication and explicitely specified SELinux role
* Wed May 21 2008 Tomas Mraz - 5.0p1-3- pass the connection socket to ssh-keysign (#447680)
* Mon May 19 2008 Tomas Mraz - 5.0p1-2- add LANGUAGE to accepted/sent environment variables (#443231)- use pam_selinux to obtain the user context instead of doing it itself- unbreak server keep alive settings (patch from upstream)- small addition to scp manpage
* Mon Apr 07 2008 Tomas Mraz - 5.0p1-1- upgrade to new upstream (#441066)- prevent initscript from killing itself on halt with upstart (#438449)- initscript status should show that the daemon is running only when the main daemon is still alive (#430882)
* Thu Mar 06 2008 Tomas Mraz - 4.7p1-10- fix race on control master and cleanup stale control socket (#436311) patches by David Woodhouse
* Fri Feb 29 2008 Tomas Mraz - 4.7p1-9- set FD_CLOEXEC on client socket- apply real fix for window size problem (#286181) from upstream- apply fix for the spurious failed bind from upstream- apply open handle leak in sftp fix from upstream
* Tue Feb 12 2008 Dennis Gilmore - 4.7p1-8- we build for sparcv9 now and it needs -fPIE