Commit Graph

306 Commits

Author SHA1 Message Date
Jan F
6f931660c8 - clean the data structures in the privileged process 2011-01-31 17:04:10 +01:00
Jan F
f00e4a3ddc - clean the data structures before exit net process 2011-01-25 14:06:13 +01:00
Jan F
af8738486c - make audit compatible with the fips mode 2011-01-16 23:50:01 +01:00
Jan F
377ba3cfce - add audit of destruction the server keys 2011-01-14 10:20:53 +01:00
Jan F
9828ffb5fc - add audit of destruction the server keys 2011-01-14 10:18:17 +01:00
Jan F
92eab14042 - add audit of destruction the server keys 2011-01-14 09:45:08 +01:00
Jan F
5c20fa8d2d - add audit of destruction the session keys 2011-01-12 11:09:58 +01:00
Jan F. Chadima
a7cb7d2954 - reenable run sshd as non root user
- renable rekeying
2010-10-28 13:04:45 +02:00
Jan F
436639ac40 - reapair clientloop crash (#627332)
- properly restore euid in case connect to the ssh-agent socket fails
2010-11-24 08:24:42 +01:00
Jan F
bb5eb00d2d - properly restore euid in case connect to the ssh-agent socket fails 2010-11-24 07:49:04 +01:00
Jan F. Chadima
d2ed53bfc6 - striped read permissions from suid and sgid binaries
- properly restore euid in case connect to the ssh-agent socket fails
2010-10-10 05:43:12 +02:00
Jan F
7c53d7e5af - used upstream version of the biguid patch 2010-11-15 14:01:18 +01:00
Jan F
82036abfa2 - improoved kuserok patch 2010-11-15 10:35:33 +01:00
Jan F
5daee12df3 - add auditing the host based key ussage
- repait X11 abstract layer socket (#648896)
2010-11-05 17:31:30 +01:00
Jan F. Chadima
f44bdee1ed - add auditing the kex result 2010-09-21 05:36:25 +02:00
Jan F
f8f722ebad - add auditing the key ussage 2010-11-02 21:10:16 +01:00
Jan F
0f4c82ee87 - add auditing the key ussage 2010-11-02 13:10:33 +01:00
Jan F
2d0bc8b9f6 - update gsskex patch (#645389) 2010-10-22 15:45:07 +02:00
Jan F
ba25ecfbc7 - rebase linux audit according to upstream 2010-10-20 11:52:05 +02:00
Jan F. Chadima
cf74d509bc - add missing headers to linux audit 2010-08-31 21:47:07 +02:00
Jan F
faae1e801d - audit module now uses openssh audit framevork 2010-09-29 09:17:40 +02:00
Jan F
cae7368913 - Add the GSSAPI kuserok switch to the kuserok patch 2010-09-15 19:21:47 +02:00
Jan F
46c77f5af2 - Add the GSSAPI kuserok switch to the kuserok patch 2010-09-15 15:55:55 +02:00
Jan F
4c4aa13bbb - Repaired the kuserok patch 2010-09-15 10:07:41 +02:00
Jan F
abe4bc8a6b - Repaired the problem with puting entries with very big uid into lastlog 2010-09-13 14:22:31 +02:00
Jan F
10c6ac8404 - Repaired the problem with puting entries with very big uid into lastlog 2010-09-13 13:08:30 +02:00
Jan F
ce0606e548 - Repaired the problem with puting entries with very big uid into lastlog 2010-09-13 13:02:01 +02:00
Jan F
2bdd0209d2 - Merging selabel patch with the upstream version. (#632914) 2010-09-13 11:40:52 +02:00
Jan F
84d568abcc - Merging selabel patch with the upstream version. (#632914) 2010-09-13 11:38:26 +02:00
Jan F
93909d91af - Tweaking selabel batch to work properly without selinux rules loaded. (#632914) 2010-09-13 10:26:50 +02:00
Tomas Mraz
13fa787ecc - Make fipscheck hmacs compliant with FHS - requires new fipscheck 2010-09-08 09:00:22 +02:00
Jan F
f7e15d5204 - Added -z relro -z now to LDFLAGS 2010-09-08 08:41:29 +02:00
Jan F. Chadima
c6801b909e - Rebased to openssh5.6p1
- Added -z relro -z now to LDFLAGS
2010-08-12 07:41:58 +02:00
Jan F. Chadima
1b8a267cb9 Upgrade to openssh-5.6p1 2010-08-03 02:41:49 +02:00
Jan F. Chadima
98ba34ae05 upgrade to openssh-5.6p1 2010-08-03 01:10:26 +02:00
Jan F. Chadima
7818e56d62 - merged with newer bugzilla's version of authorized keys command patch 2010-07-07 13:48:36 +00:00
Jan F. Chadima
eb358aa2e5 - improved the x11 patch according to upstream (#598671) 2010-06-30 14:50:51 +00:00
Jan F. Chadima
a3dee6b29d - improved the x11 patch (#598671) 2010-06-25 12:08:42 +00:00
Jan F. Chadima
41a56c5d4d - changed _PATH_UNIX_X to unexistent file name (#598671) 2010-06-24 07:02:37 +00:00
Jan F. Chadima
411b917379 - sftp works in deviceless chroot again (broken from 5.5p1-3) 2010-06-23 13:53:38 +00:00
Jan F. Chadima
59d42d3dc6 - add option to switch out krb5_kuserok 2010-06-08 10:06:35 +00:00
Jan F. Chadima
2fd105489c - synchronize uid and gid for the user sshd 2010-05-21 13:23:44 +00:00
Jan F. Chadima
b1a625a446 - Typo in ssh-ldap.conf(5) and ssh-ladap-helper(8) 2010-05-20 07:02:32 +00:00
Jan F. Chadima
99d9a391f4 - Repair the reference in man ssh-ldap-helper(8)
- Repair the PubkeyAgent section in sshd_config(5)
- Provide example ldap.conf
2010-05-14 08:19:04 +00:00
Jan F. Chadima
86b2d1c41c - Make the Ldap configuration widely compatible
- create the aditional docs for LDAP support.
2010-05-13 14:25:38 +00:00
Jan F. Chadima
222d52deed - Make the Ldap configuration widely compatible
- create the aditional docs for LDAP support.
2010-05-13 13:53:16 +00:00
Jan F. Chadima
4669c37784 - Make LDAP config elements TLS_CACERT and TLS_REQCERT compatiple with
pam_ldap (#589360)
2010-05-06 14:01:16 +00:00
Jan F. Chadima
b6bdf18518 - Make LDAP config element tls_checkpeer compatiple with nss_ldap (#589360) 2010-05-06 09:39:44 +00:00
Jan F. Chadima
bd929b4662 - Comment spec.file
- Sync patches from upstream
2010-05-04 07:50:13 +00:00
Jan F. Chadima
6fa4d807de - Comment spec.file
- Sync patches from upstream
2010-05-04 07:27:28 +00:00
Jan F. Chadima
3fdf10cdb4 - Create separate ldap package
- Tweak the ldap patch
- Rename stderr patch properly
2010-05-03 13:32:38 +00:00
Jan F. Chadima
7e7fb423e6 - Added LDAP support 2010-04-28 11:07:03 +00:00
Jan F. Chadima
2220e6858f - Ignore .bashrc output to stderr in the subsystems 2010-04-26 09:50:26 +00:00
Jan F. Chadima
9e777a245e - Drop dependency on man 2010-04-20 07:25:26 +00:00
Jan F. Chadima
82bc825ff1 - Update to 5.5p1 2010-04-16 08:09:50 +00:00
Jan F. Chadima
e18b1170a3 - repair configure script of pam_ssh_agent
- repair error mesage in ssh-keygen
2010-03-20 04:06:11 +00:00
Jan F. Chadima
b823409b8f - repair configure script of pam_ssh_agent
- repair error mesage in ssh-keygen
2010-03-19 20:21:36 +00:00
Jan F. Chadima
50a3ddbbcb - repair configure script of pam_ssh_agent 2010-03-19 20:11:25 +00:00
Jan F. Chadima
2640293ec8 source krb5-devel profile script only if exists 2010-03-12 10:47:29 +00:00
Jan F. Chadima
04cab1dcbc Update to 5.4p1 2010-03-09 09:58:14 +00:00
Jan F. Chadima
42225a2417 Update to 5.4p1 2010-03-09 07:00:50 +00:00
Jan F. Chadima
d1a73d1a80 Update to 5.4p1 2010-03-09 06:54:34 +00:00
Jan F. Chadima
974c89c195 Prepare update to 5.4p1 2010-03-03 09:36:51 +00:00
Jan F. Chadima
806a11fa62 ImplicitDSOLinking 2010-02-15 12:20:04 +00:00
Jan F. Chadima
a2a0cf4842 Allow to use hardware crypto if awailable 2010-01-29 10:20:07 +00:00
Jan F. Chadima
606b55d024 optimized FD_CLOEXEC on accept socket 2010-01-25 18:59:02 +00:00
Tomáš Mráz
7451555c05 - updated pam_ssh_agent_auth to new version from upstream (just a licence
change)
2010-01-25 14:36:10 +00:00
Jan F. Chadima
e39eb5b75f optimized RAND_cleanup patch 2010-01-21 09:00:42 +00:00
Jan F. Chadima
28355b8c50 add RAND_cleanup at the exit of each program using RAND 2010-01-20 18:43:25 +00:00
Jan F. Chadima
3131004032 set FD_CLOEXEC on accepted socket 2010-01-19 09:07:39 +00:00
Jan F. Chadima
37c0ae034e s/define/global/ in macros 2010-01-11 08:32:06 +00:00
Jan F. Chadima
b8bdc7cf55 s/define/global/ in macros 2010-01-08 11:30:34 +00:00
Jan F. Chadima
9051e5753d Update the pka patch 2010-01-05 09:27:12 +00:00
Jan F. Chadima
ecd50fd460 Update the audit patch 2009-12-21 10:54:59 +00:00
Jan F. Chadima
c32d4acc8b Add possibility to autocreate only RSA key into initscript 2009-12-04 13:31:18 +00:00
Jan F. Chadima
6323f67e20 Prepare NSS key patch for future SEC_ERROR_LOCKED_PASSWORD 2009-11-27 13:22:15 +00:00
Jan F. Chadima
0a64234930 Update NSS key patch 2009-11-24 13:53:46 +00:00
Jan F. Chadima
3d742c1851 Add gssapi key exchange patch 2009-11-20 15:06:47 +00:00
Jan F. Chadima
201f4ac5e9 Add public key agent patch 2009-11-20 10:51:18 +00:00
Jan F. Chadima
d2767e5768 Repair canohost patch to allow gssapi to work when host is acessed via pipe
proxy
2009-11-02 11:29:48 +00:00
Jan F. Chadima
5fb555b7fa Modify the init script to prevent it to hang during generating the keys 2009-10-29 09:30:48 +00:00
Jan F. Chadima
838d936248 Add README.nss 2009-10-27 13:48:48 +00:00
Tomáš Mráz
e47cb00157 - Add pam_ssh_agent_auth module to a subpackage. 2009-10-19 07:32:33 +00:00
Jan F. Chadima
2ed3f9b53a Renable audit. 2009-10-17 07:46:49 +00:00
Jan F. Chadima
c54a8b0af7 Upgrade to new wersion 5.3p1 2009-10-02 13:50:30 +00:00
Jan F. Chadima
35695c001b Upgrade to new wersion 5.3p1 2009-10-02 13:17:07 +00:00
Jan F. Chadima
71e8744e6a Resolve locking in ssh-add 2009-09-30 06:43:43 +00:00
Jan F. Chadima
f013bee3ec Repair initscript to be acord to guidelines 2009-09-24 16:05:27 +00:00
Jan F. Chadima
cee78eb11c Repair initscript to be acord to guidelines 2009-09-24 12:34:16 +00:00
Jan F. Chadima
4330e6af2b Changed pam stack to password-auth 2009-09-16 08:12:30 +00:00
Jan F. Chadima
3d51c727c3 Dropped homechroot path 2009-09-11 08:10:13 +00:00
Jan F. Chadima
0447c9e3b7 Dropped homechrot patch 2009-09-11 08:04:22 +00:00
Jan F. Chadima
257d66a4fb Add check for nosuid, nodev in homechroot 2009-09-07 10:20:22 +00:00
Jan F. Chadima
49d0cf7e60 add correct patch for ip-opts 2009-09-01 18:51:41 +00:00
Jan F. Chadima
bd8eb961cd replace ip-opts patch by an upstream candidate version 2009-09-01 14:02:15 +00:00
Jan F. Chadima
ce94daebbc Upstream convergence 2009-08-31 12:40:05 +00:00
Jan F. Chadima
726565c3b0 Upstream convergence 2009-08-31 12:38:20 +00:00
Jan F. Chadima
56bb42082f rearange sesftp patch acording to upstream request 2009-08-28 22:43:53 +00:00
Jan F. Chadima
15914f24ed rearange patches 2009-08-28 21:46:27 +00:00
Jan F. Chadima
214b7b9738 minor change in sesftp patch 2009-08-26 11:01:42 +00:00