Jan F
|
1ddd0ee5d7
|
the private keys may be 640 root:ssh_keys ssh_keysign is sgid
|
2011-04-21 17:22:18 +02:00 |
|
Jan F
|
c7ffe02211
|
improving sshd -> passwd transation
|
2011-04-20 21:59:24 +02:00 |
|
Jan F
|
e306854c4d
|
the intermediate context is set to sshd_sftpd_t
do not crash in packet.c if no connection
|
2011-04-15 12:23:36 +02:00 |
|
Jan F
|
439c349423
|
the intermediate context is set to sshd_sftpd_t
do not crash in packet.c if no connection
|
2011-04-05 20:54:56 +02:00 |
|
Jan F
|
8bc65c49b7
|
the intermediate context is set to sshd_sftpd_t
do not crash in packet.c if no connection
|
2011-04-05 20:54:12 +02:00 |
|
Jan F
|
1f6bdc75f1
|
resolve warnings in port_linux.c
|
2011-04-01 09:04:38 +02:00 |
|
Jan F
|
3f220f2863
|
resolve warnings in port_linux.c
|
2011-03-31 21:48:35 +02:00 |
|
Jan F
|
8a77a1dfd5
|
resolve warnings in port_linux.c
|
2011-03-31 13:43:13 +02:00 |
|
Jan F
|
11896aa047
|
add /etc/sysconfig/sshd
|
2011-03-29 23:25:53 +02:00 |
|
Jan F
|
0553df85b0
|
improve reseeding and seed source (documentation)
|
2011-03-28 16:40:17 +02:00 |
|
Jan F
|
91d3b39c03
|
improve reseeding and seed source (cocumentation)
|
2011-03-28 16:19:03 +02:00 |
|
Jan F
|
e6d33e3bc4
|
improve reseeding and seed source (cocumentation)
|
2011-03-27 21:50:47 +02:00 |
|
Jan F
|
39c7b05d62
|
use /dev/random or /dev/urandom for seeding prng
improve periodical reseeding of random generator
|
2011-03-22 22:05:18 +01:00 |
|
Jan F
|
3657adf0ba
|
use /dev/random or /dev/urandom for seeding prng
|
2011-03-22 19:04:37 +01:00 |
|
Jan F
|
0f7ccbf444
|
add periodical reseeding of random generator
change selinux contex for internal sftp in do_usercontext
exit(0) after sigterm
|
2011-03-17 11:31:16 +01:00 |
|
Jan F
|
8fe15092c3
|
add periodical reseeding of random generator
change selinux contex for internal sftp in do_usercontext
exit(0) after sigterm
|
2011-03-17 08:18:17 +01:00 |
|
Jan F
|
f33c99e38b
|
improove ssh-ldap (documentation)
|
2011-03-10 21:59:08 +01:00 |
|
Jan F
|
9992a8e919
|
improove ssh-ldap (documentation)
|
2011-03-10 21:48:09 +01:00 |
|
Jan F
|
9404cdd3e3
|
improove ssh-ldap (documentation)
|
2011-03-10 18:26:11 +01:00 |
|
Jan F
|
a864d61df9
|
improve session keys audit
|
2011-03-10 15:52:21 +01:00 |
|
Jan F
|
ffd063fe18
|
improve session keys audit
|
2011-03-09 09:07:16 +01:00 |
|
Jan F
|
d1fc5c2d41
|
improve session keys audit
|
2011-03-09 08:48:51 +01:00 |
|
Jan F
|
71d3d9c683
|
CVE-2010-4755
|
2011-03-07 20:31:52 +01:00 |
|
Jan F
|
825921b7f3
|
improove ssk-keycat (documentation)
|
2011-03-04 15:22:12 +01:00 |
|
Jan F
|
edc1723011
|
improve audit of logins and auths
|
2011-03-03 10:54:47 +01:00 |
|
Jan F
|
5c54191b0a
|
improove ssk-keycat
|
2011-03-02 07:03:38 +01:00 |
|
Jan F
|
5928f9047b
|
improove ssk-keycat
|
2011-03-01 17:10:09 +01:00 |
|
Jan F
|
1499a28f37
|
improove ssk-keycat
|
2011-03-01 07:44:22 +01:00 |
|
Jan F
|
99f427602c
|
add ssk-keycat
|
2011-02-28 16:42:58 +01:00 |
|
Jan F
|
b934981de5
|
reenable auth-keys ldap backend
|
2011-02-25 12:07:01 +01:00 |
|
Jan F
|
48446f1f1b
|
another audit improovements
|
2011-02-25 09:30:56 +01:00 |
|
Jan F
|
aefa65dfca
|
another audit improovements
|
2011-02-24 14:25:14 +01:00 |
|
Jan F
|
f9ff105e58
|
another audit improovements
|
2011-02-24 14:17:34 +01:00 |
|
Jan F
|
1732b09b93
|
another audit improovements
|
2011-02-23 10:23:28 +01:00 |
|
Jan F
|
842f4397cd
|
another audit improovements
|
2011-02-22 15:07:26 +01:00 |
|
Jan F
|
9cefae06b0
|
another audit improovements
|
2011-02-21 19:33:56 +01:00 |
|
Jan F
|
2c1a4adbdd
|
improve audit of server ket management
|
2011-02-17 17:54:23 +01:00 |
|
Jan F
|
b9127ef973
|
improve audit of logins and auths
|
2011-02-16 23:36:59 +01:00 |
|
Jan F
|
483c73337b
|
improve audit of logins and auths
|
2011-02-16 17:30:51 +01:00 |
|
Jan F
|
003cb0b27f
|
- bump openssh version to 5.8p1
|
2011-02-14 15:32:49 +01:00 |
|
Dennis Gilmore
|
fa335ee67e
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
2011-02-08 21:31:13 -06:00 |
|
Jan F
|
cfb0f30feb
|
- clean the data structures in the non privileged process
- clean the data structures when roaming
|
2011-02-07 20:47:23 +01:00 |
|
Jan F
|
865391f74f
|
- clean the data structures when roaming
|
2011-02-07 09:21:27 +01:00 |
|
Jan F
|
ee23b09ac6
|
- clean the data structures in the privileged process
|
2011-02-02 10:18:01 +01:00 |
|
Jan F
|
f32d86bd8a
|
- clean the data structures in the privileged process
|
2011-02-02 09:28:26 +01:00 |
|
Jan F
|
6f931660c8
|
- clean the data structures in the privileged process
|
2011-01-31 17:04:10 +01:00 |
|
Jan F
|
f00e4a3ddc
|
- clean the data structures before exit net process
|
2011-01-25 14:06:13 +01:00 |
|
Jan F
|
af8738486c
|
- make audit compatible with the fips mode
|
2011-01-16 23:50:01 +01:00 |
|
Jan F
|
377ba3cfce
|
- add audit of destruction the server keys
|
2011-01-14 10:20:53 +01:00 |
|
Jan F
|
9828ffb5fc
|
- add audit of destruction the server keys
|
2011-01-14 10:18:17 +01:00 |
|
Jan F
|
92eab14042
|
- add audit of destruction the server keys
|
2011-01-14 09:45:08 +01:00 |
|
Jan F
|
5c20fa8d2d
|
- add audit of destruction the session keys
|
2011-01-12 11:09:58 +01:00 |
|
Jan F. Chadima
|
a7cb7d2954
|
- reenable run sshd as non root user
- renable rekeying
|
2010-10-28 13:04:45 +02:00 |
|
Jan F
|
436639ac40
|
- reapair clientloop crash (#627332)
- properly restore euid in case connect to the ssh-agent socket fails
|
2010-11-24 08:24:42 +01:00 |
|
Jan F
|
bb5eb00d2d
|
- properly restore euid in case connect to the ssh-agent socket fails
|
2010-11-24 07:49:04 +01:00 |
|
Jan F. Chadima
|
d2ed53bfc6
|
- striped read permissions from suid and sgid binaries
- properly restore euid in case connect to the ssh-agent socket fails
|
2010-10-10 05:43:12 +02:00 |
|
Jan F
|
7c53d7e5af
|
- used upstream version of the biguid patch
|
2010-11-15 14:01:18 +01:00 |
|
Jan F
|
82036abfa2
|
- improoved kuserok patch
|
2010-11-15 10:35:33 +01:00 |
|
Jan F
|
5daee12df3
|
- add auditing the host based key ussage
- repait X11 abstract layer socket (#648896)
|
2010-11-05 17:31:30 +01:00 |
|
Jan F. Chadima
|
f44bdee1ed
|
- add auditing the kex result
|
2010-09-21 05:36:25 +02:00 |
|
Jan F
|
f8f722ebad
|
- add auditing the key ussage
|
2010-11-02 21:10:16 +01:00 |
|
Jan F
|
0f4c82ee87
|
- add auditing the key ussage
|
2010-11-02 13:10:33 +01:00 |
|
Jan F
|
2d0bc8b9f6
|
- update gsskex patch (#645389)
|
2010-10-22 15:45:07 +02:00 |
|
Jan F
|
ba25ecfbc7
|
- rebase linux audit according to upstream
|
2010-10-20 11:52:05 +02:00 |
|
Jan F. Chadima
|
cf74d509bc
|
- add missing headers to linux audit
|
2010-08-31 21:47:07 +02:00 |
|
Jan F
|
faae1e801d
|
- audit module now uses openssh audit framevork
|
2010-09-29 09:17:40 +02:00 |
|
Jan F
|
cae7368913
|
- Add the GSSAPI kuserok switch to the kuserok patch
|
2010-09-15 19:21:47 +02:00 |
|
Jan F
|
46c77f5af2
|
- Add the GSSAPI kuserok switch to the kuserok patch
|
2010-09-15 15:55:55 +02:00 |
|
Jan F
|
4c4aa13bbb
|
- Repaired the kuserok patch
|
2010-09-15 10:07:41 +02:00 |
|
Jan F
|
abe4bc8a6b
|
- Repaired the problem with puting entries with very big uid into lastlog
|
2010-09-13 14:22:31 +02:00 |
|
Jan F
|
10c6ac8404
|
- Repaired the problem with puting entries with very big uid into lastlog
|
2010-09-13 13:08:30 +02:00 |
|
Jan F
|
ce0606e548
|
- Repaired the problem with puting entries with very big uid into lastlog
|
2010-09-13 13:02:01 +02:00 |
|
Jan F
|
2bdd0209d2
|
- Merging selabel patch with the upstream version. (#632914)
|
2010-09-13 11:40:52 +02:00 |
|
Jan F
|
84d568abcc
|
- Merging selabel patch with the upstream version. (#632914)
|
2010-09-13 11:38:26 +02:00 |
|
Jan F
|
93909d91af
|
- Tweaking selabel batch to work properly without selinux rules loaded. (#632914)
|
2010-09-13 10:26:50 +02:00 |
|
Tomas Mraz
|
13fa787ecc
|
- Make fipscheck hmacs compliant with FHS - requires new fipscheck
|
2010-09-08 09:00:22 +02:00 |
|
Jan F
|
f7e15d5204
|
- Added -z relro -z now to LDFLAGS
|
2010-09-08 08:41:29 +02:00 |
|
Jan F. Chadima
|
c6801b909e
|
- Rebased to openssh5.6p1
- Added -z relro -z now to LDFLAGS
|
2010-08-12 07:41:58 +02:00 |
|
Jan F. Chadima
|
1b8a267cb9
|
Upgrade to openssh-5.6p1
|
2010-08-03 02:41:49 +02:00 |
|
Jan F. Chadima
|
98ba34ae05
|
upgrade to openssh-5.6p1
|
2010-08-03 01:10:26 +02:00 |
|
Jan F. Chadima
|
7818e56d62
|
- merged with newer bugzilla's version of authorized keys command patch
|
2010-07-07 13:48:36 +00:00 |
|
Jan F. Chadima
|
eb358aa2e5
|
- improved the x11 patch according to upstream (#598671)
|
2010-06-30 14:50:51 +00:00 |
|
Jan F. Chadima
|
a3dee6b29d
|
- improved the x11 patch (#598671)
|
2010-06-25 12:08:42 +00:00 |
|
Jan F. Chadima
|
41a56c5d4d
|
- changed _PATH_UNIX_X to unexistent file name (#598671)
|
2010-06-24 07:02:37 +00:00 |
|
Jan F. Chadima
|
411b917379
|
- sftp works in deviceless chroot again (broken from 5.5p1-3)
|
2010-06-23 13:53:38 +00:00 |
|
Jan F. Chadima
|
59d42d3dc6
|
- add option to switch out krb5_kuserok
|
2010-06-08 10:06:35 +00:00 |
|
Jan F. Chadima
|
2fd105489c
|
- synchronize uid and gid for the user sshd
|
2010-05-21 13:23:44 +00:00 |
|
Jan F. Chadima
|
b1a625a446
|
- Typo in ssh-ldap.conf(5) and ssh-ladap-helper(8)
|
2010-05-20 07:02:32 +00:00 |
|
Jan F. Chadima
|
99d9a391f4
|
- Repair the reference in man ssh-ldap-helper(8)
- Repair the PubkeyAgent section in sshd_config(5)
- Provide example ldap.conf
|
2010-05-14 08:19:04 +00:00 |
|
Jan F. Chadima
|
86b2d1c41c
|
- Make the Ldap configuration widely compatible
- create the aditional docs for LDAP support.
|
2010-05-13 14:25:38 +00:00 |
|
Jan F. Chadima
|
222d52deed
|
- Make the Ldap configuration widely compatible
- create the aditional docs for LDAP support.
|
2010-05-13 13:53:16 +00:00 |
|
Jan F. Chadima
|
4669c37784
|
- Make LDAP config elements TLS_CACERT and TLS_REQCERT compatiple with
pam_ldap (#589360)
|
2010-05-06 14:01:16 +00:00 |
|
Jan F. Chadima
|
b6bdf18518
|
- Make LDAP config element tls_checkpeer compatiple with nss_ldap (#589360)
|
2010-05-06 09:39:44 +00:00 |
|
Jan F. Chadima
|
bd929b4662
|
- Comment spec.file
- Sync patches from upstream
|
2010-05-04 07:50:13 +00:00 |
|
Jan F. Chadima
|
6fa4d807de
|
- Comment spec.file
- Sync patches from upstream
|
2010-05-04 07:27:28 +00:00 |
|
Jan F. Chadima
|
3fdf10cdb4
|
- Create separate ldap package
- Tweak the ldap patch
- Rename stderr patch properly
|
2010-05-03 13:32:38 +00:00 |
|
Jan F. Chadima
|
7e7fb423e6
|
- Added LDAP support
|
2010-04-28 11:07:03 +00:00 |
|
Jan F. Chadima
|
2220e6858f
|
- Ignore .bashrc output to stderr in the subsystems
|
2010-04-26 09:50:26 +00:00 |
|
Jan F. Chadima
|
9e777a245e
|
- Drop dependency on man
|
2010-04-20 07:25:26 +00:00 |
|
Jan F. Chadima
|
82bc825ff1
|
- Update to 5.5p1
|
2010-04-16 08:09:50 +00:00 |
|
Jan F. Chadima
|
e18b1170a3
|
- repair configure script of pam_ssh_agent
- repair error mesage in ssh-keygen
|
2010-03-20 04:06:11 +00:00 |
|
Jan F. Chadima
|
b823409b8f
|
- repair configure script of pam_ssh_agent
- repair error mesage in ssh-keygen
|
2010-03-19 20:21:36 +00:00 |
|
Jan F. Chadima
|
50a3ddbbcb
|
- repair configure script of pam_ssh_agent
|
2010-03-19 20:11:25 +00:00 |
|
Jan F. Chadima
|
2640293ec8
|
source krb5-devel profile script only if exists
|
2010-03-12 10:47:29 +00:00 |
|
Jan F. Chadima
|
04cab1dcbc
|
Update to 5.4p1
|
2010-03-09 09:58:14 +00:00 |
|
Jan F. Chadima
|
42225a2417
|
Update to 5.4p1
|
2010-03-09 07:00:50 +00:00 |
|
Jan F. Chadima
|
d1a73d1a80
|
Update to 5.4p1
|
2010-03-09 06:54:34 +00:00 |
|
Jan F. Chadima
|
974c89c195
|
Prepare update to 5.4p1
|
2010-03-03 09:36:51 +00:00 |
|
Jan F. Chadima
|
806a11fa62
|
ImplicitDSOLinking
|
2010-02-15 12:20:04 +00:00 |
|
Jan F. Chadima
|
a2a0cf4842
|
Allow to use hardware crypto if awailable
|
2010-01-29 10:20:07 +00:00 |
|
Jan F. Chadima
|
606b55d024
|
optimized FD_CLOEXEC on accept socket
|
2010-01-25 18:59:02 +00:00 |
|
Tomáš Mráz
|
7451555c05
|
- updated pam_ssh_agent_auth to new version from upstream (just a licence
change)
|
2010-01-25 14:36:10 +00:00 |
|
Jan F. Chadima
|
e39eb5b75f
|
optimized RAND_cleanup patch
|
2010-01-21 09:00:42 +00:00 |
|
Jan F. Chadima
|
28355b8c50
|
add RAND_cleanup at the exit of each program using RAND
|
2010-01-20 18:43:25 +00:00 |
|
Jan F. Chadima
|
3131004032
|
set FD_CLOEXEC on accepted socket
|
2010-01-19 09:07:39 +00:00 |
|
Jan F. Chadima
|
37c0ae034e
|
s/define/global/ in macros
|
2010-01-11 08:32:06 +00:00 |
|
Jan F. Chadima
|
b8bdc7cf55
|
s/define/global/ in macros
|
2010-01-08 11:30:34 +00:00 |
|
Jan F. Chadima
|
9051e5753d
|
Update the pka patch
|
2010-01-05 09:27:12 +00:00 |
|
Jan F. Chadima
|
ecd50fd460
|
Update the audit patch
|
2009-12-21 10:54:59 +00:00 |
|
Jan F. Chadima
|
c32d4acc8b
|
Add possibility to autocreate only RSA key into initscript
|
2009-12-04 13:31:18 +00:00 |
|
Jan F. Chadima
|
6323f67e20
|
Prepare NSS key patch for future SEC_ERROR_LOCKED_PASSWORD
|
2009-11-27 13:22:15 +00:00 |
|
Jan F. Chadima
|
0a64234930
|
Update NSS key patch
|
2009-11-24 13:53:46 +00:00 |
|
Jan F. Chadima
|
3d742c1851
|
Add gssapi key exchange patch
|
2009-11-20 15:06:47 +00:00 |
|
Jan F. Chadima
|
201f4ac5e9
|
Add public key agent patch
|
2009-11-20 10:51:18 +00:00 |
|
Jan F. Chadima
|
d2767e5768
|
Repair canohost patch to allow gssapi to work when host is acessed via pipe
proxy
|
2009-11-02 11:29:48 +00:00 |
|
Jan F. Chadima
|
5fb555b7fa
|
Modify the init script to prevent it to hang during generating the keys
|
2009-10-29 09:30:48 +00:00 |
|
Jan F. Chadima
|
838d936248
|
Add README.nss
|
2009-10-27 13:48:48 +00:00 |
|
Tomáš Mráz
|
e47cb00157
|
- Add pam_ssh_agent_auth module to a subpackage.
|
2009-10-19 07:32:33 +00:00 |
|
Jan F. Chadima
|
2ed3f9b53a
|
Renable audit.
|
2009-10-17 07:46:49 +00:00 |
|
Jan F. Chadima
|
c54a8b0af7
|
Upgrade to new wersion 5.3p1
|
2009-10-02 13:50:30 +00:00 |
|
Jan F. Chadima
|
35695c001b
|
Upgrade to new wersion 5.3p1
|
2009-10-02 13:17:07 +00:00 |
|
Jan F. Chadima
|
71e8744e6a
|
Resolve locking in ssh-add
|
2009-09-30 06:43:43 +00:00 |
|
Jan F. Chadima
|
f013bee3ec
|
Repair initscript to be acord to guidelines
|
2009-09-24 16:05:27 +00:00 |
|
Jan F. Chadima
|
cee78eb11c
|
Repair initscript to be acord to guidelines
|
2009-09-24 12:34:16 +00:00 |
|
Jan F. Chadima
|
4330e6af2b
|
Changed pam stack to password-auth
|
2009-09-16 08:12:30 +00:00 |
|
Jan F. Chadima
|
3d51c727c3
|
Dropped homechroot path
|
2009-09-11 08:10:13 +00:00 |
|
Jan F. Chadima
|
0447c9e3b7
|
Dropped homechrot patch
|
2009-09-11 08:04:22 +00:00 |
|
Jan F. Chadima
|
257d66a4fb
|
Add check for nosuid, nodev in homechroot
|
2009-09-07 10:20:22 +00:00 |
|
Jan F. Chadima
|
49d0cf7e60
|
add correct patch for ip-opts
|
2009-09-01 18:51:41 +00:00 |
|
Jan F. Chadima
|
bd8eb961cd
|
replace ip-opts patch by an upstream candidate version
|
2009-09-01 14:02:15 +00:00 |
|
Jan F. Chadima
|
ce94daebbc
|
Upstream convergence
|
2009-08-31 12:40:05 +00:00 |
|
Jan F. Chadima
|
726565c3b0
|
Upstream convergence
|
2009-08-31 12:38:20 +00:00 |
|
Jan F. Chadima
|
56bb42082f
|
rearange sesftp patch acording to upstream request
|
2009-08-28 22:43:53 +00:00 |
|
Jan F. Chadima
|
15914f24ed
|
rearange patches
|
2009-08-28 21:46:27 +00:00 |
|
Jan F. Chadima
|
214b7b9738
|
minor change in sesftp patch
|
2009-08-26 11:01:42 +00:00 |
|
Tomáš Mráz
|
80bcb17706
|
- rebuilt with new openssl
|
2009-08-21 15:08:09 +00:00 |
|
Jan F. Chadima
|
986cee7298
|
Added dnssec support.
|
2009-07-30 08:29:01 +00:00 |
|
Jesse Keating
|
42c539189a
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
2009-07-25 20:53:38 +00:00 |
|
Jan F. Chadima
|
aa89838a87
|
only INTERNAL_SFTP can be home-chrooted save _u and _r parts of context
changing to sftpd_t
|
2009-07-24 06:15:35 +00:00 |
|
Jan F. Chadima
|
3d6b00af7e
|
changed internal-sftp context to sftpd_t
|
2009-07-17 07:06:59 +00:00 |
|