Commit Graph

673 Commits

Author SHA1 Message Date
Jan F. Chadima
49d0cf7e60 add correct patch for ip-opts 2009-09-01 18:51:41 +00:00
Jan F. Chadima
bd8eb961cd replace ip-opts patch by an upstream candidate version 2009-09-01 14:02:15 +00:00
Jan F. Chadima
ce94daebbc Upstream convergence 2009-08-31 12:40:05 +00:00
Jan F. Chadima
726565c3b0 Upstream convergence 2009-08-31 12:38:20 +00:00
Jan F. Chadima
56bb42082f rearange sesftp patch acording to upstream request 2009-08-28 22:43:53 +00:00
Jan F. Chadima
15914f24ed rearange patches 2009-08-28 21:46:27 +00:00
Jan F. Chadima
214b7b9738 minor change in sesftp patch 2009-08-26 11:01:42 +00:00
Jan F. Chadima
170a775711 Minor repair of sesftp patch 2009-08-26 10:44:57 +00:00
Tomáš Mráz
80bcb17706 - rebuilt with new openssl 2009-08-21 15:08:09 +00:00
Jan F. Chadima
986cee7298 Added dnssec support. 2009-07-30 08:29:01 +00:00
Jesse Keating
42c539189a - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-25 20:53:38 +00:00
Jan F. Chadima
aa89838a87 only INTERNAL_SFTP can be home-chrooted save _u and _r parts of context
changing to sftpd_t
2009-07-24 06:15:35 +00:00
Jan F. Chadima
a827feebfb changed internal-sftp context to sftpd_t 2009-07-22 14:22:03 +00:00
Jan F. Chadima
f35d4ae72e changed internal-sftp context to sftpd_t 2009-07-21 08:59:16 +00:00
Jan F. Chadima
3d6b00af7e changed internal-sftp context to sftpd_t 2009-07-17 07:06:59 +00:00
Jan F. Chadima
ca05b36451 create '~/.ssh/known_hosts' within proper context 2009-06-30 10:26:13 +00:00
Jan F. Chadima
f4b0b4b772 length of home path in ssh now limited by PATH_MAX 2009-06-29 20:51:17 +00:00
Jan F. Chadima
eca05fc45d final version chroot %%h (sftp only) 2009-06-27 06:24:04 +00:00
Jan F. Chadima
c1398b876e repair broken ls in chroot %%h 2009-06-23 17:59:23 +00:00
Jan F. Chadima
ecd8460a44 add XMODIFIERS to exported environment 2009-06-12 12:57:27 +00:00
Jan F. Chadima
5341122cd7 add XMODIFIERS to exported environment 2009-06-12 12:29:54 +00:00
Jan F. Chadima
e45f2ca7df add XMODIFIERS to exported environment 2009-06-12 12:12:51 +00:00
Tomáš Mráz
76f329ece1 - allow only protocol 2 in the FIPS mode 2009-05-15 14:44:21 +00:00
Tomáš Mráz
685b6239bb - do integrity verification only on binaries which are part of the OpenSSH
FIPS modules
2009-04-30 12:03:29 +00:00
Tomáš Mráz
0a4fa5d1ed - log if FIPS mode is initialized
- make aes-ctr cipher modes work in the FIPS mode
2009-04-20 12:18:49 +00:00
Jan F. Chadima
3a94ae1476 *** empty log message *** 2009-04-03 13:03:29 +00:00
Jan F. Chadima
061e214116 - fix logging after chroot
- enable non root users to use chroot %h in internal-sftp
2009-04-03 12:37:30 +00:00
Tomáš Mráz
0f07b4ad95 - add AES-CTR ciphers to the FIPS mode proposal 2009-03-13 10:32:52 +00:00
Jan F. Chadima
adad2a814e Upgrade to version 5.2p1 2009-03-10 13:39:03 +00:00
Jan F. Chadima
48bd443ba4 Upgrade to version 5.2p1 2009-03-10 12:21:29 +00:00
Jan F. Chadima
194f64351a Upgrade na version 5.2p1 2009-03-10 12:17:53 +00:00
Jan F. Chadima
ed9a890257 bounce openssh to version 5.2p1 2009-03-10 12:07:37 +00:00
Jan F. Chadima
a3ba41c854 Bounce openssh to version 5.2p1 2009-03-10 11:54:44 +00:00
Jesse Keating
c5f25a5f48 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 2009-02-26 08:48:36 +00:00
Tomáš Mráz
d93958db19 - drop obsolete triggers
- add testing FIPS mode support
- LSBize the initscript (#247014)
2009-02-12 18:19:52 +00:00
Tomáš Mráz
ff6d597308 - enable use of ssl engines (#481100) 2009-01-30 15:44:41 +00:00
Tomáš Mráz
6a5e296ba7 - remove obsolete --with-rsh (#478298)
- add pam_sepermit to allow blocking confined users in permissive mode
    (#471746)
- move system-auth after pam_selinux in the session stack
2009-01-15 10:52:07 +00:00
Tomáš Mráz
9e5c6ecd02 - set FD_CLOEXEC on channel sockets (#475866)
- adjust summary
- adjust nss-keys patch so it is applicable without selinux patches
    (#470859)
2008-12-11 21:48:41 +00:00
Tomáš Mráz
b9a07ad737 - fix compatibility with some servers (#466818) 2008-10-17 08:34:36 +00:00
Tomáš Mráz
578f0d08a9 - fixed zero length banner problem (#457326) 2008-07-31 09:22:18 +00:00
Tomáš Mráz
ec5276165c - rediff for no fuzz 2008-07-23 17:33:16 +00:00
Tomáš Mráz
09510adc7c - rediff for zero fuzz tolerance 2008-07-23 16:30:14 +00:00
Tomáš Mráz
93a4744539 - upgrade to new upstream release
- fixed a problem with public key authentication and explicitely specified
    SELinux role
2008-07-23 14:50:23 +00:00
Tomáš Mráz
077dad7320 - pass the connection socket to ssh-keysign (#447680) 2008-05-21 08:16:23 +00:00
Tomáš Mráz
1961bc12e6 - add LANGUAGE to accepted/sent environment variables (#443231)
- use pam_selinux to obtain the user context instead of doing it itself
- unbreak server keep alive settings (patch from upstream)
- small addition to scp manpage
2008-05-19 16:53:29 +00:00
Tomáš Mráz
ca47f63941 - upgrade to new upstream (#441066)
- prevent initscript from killing itself on halt with upstart (#438449)
- initscript status should show that the daemon is running only when the
    main daemon is still alive (#430882)
2008-04-07 20:14:31 +00:00
Tomáš Mráz
2cb0e73a4e - set FD_CLOEXEC on client socket
- apply real fix for window size problem (#286181) from upstream
- apply fix for the spurious failed bind from upstream
- apply open handle leak in sftp fix from upstream
2008-02-29 16:34:03 +00:00
Dennis Gilmore
91bdf496cd we build sparc32 sparcv9 by default now it needed adding to the -fPIE list 2008-02-13 03:52:43 +00:00
Tomáš Mráz
993dd1a3db - fix gssapi auth with explicit selinux role requested (#427303) - patch by
Nalin Dahyabhai
2008-01-03 17:45:59 +00:00
Tomáš Mráz
3457e3e00f - explicitly source krb5-devel profile script 2007-12-04 19:03:49 +00:00