Jan F
|
6f931660c8
|
- clean the data structures in the privileged process
|
2011-01-31 17:04:10 +01:00 |
|
Jan F
|
f00e4a3ddc
|
- clean the data structures before exit net process
|
2011-01-25 14:06:13 +01:00 |
|
Jan F
|
af8738486c
|
- make audit compatible with the fips mode
|
2011-01-16 23:50:01 +01:00 |
|
Jan F
|
377ba3cfce
|
- add audit of destruction the server keys
|
2011-01-14 10:20:53 +01:00 |
|
Jan F
|
9828ffb5fc
|
- add audit of destruction the server keys
|
2011-01-14 10:18:17 +01:00 |
|
Jan F
|
92eab14042
|
- add audit of destruction the server keys
|
2011-01-14 09:45:08 +01:00 |
|
Jan F
|
5c20fa8d2d
|
- add audit of destruction the session keys
|
2011-01-12 11:09:58 +01:00 |
|
Jan F. Chadima
|
a7cb7d2954
|
- reenable run sshd as non root user
- renable rekeying
|
2010-10-28 13:04:45 +02:00 |
|
Jan F
|
436639ac40
|
- reapair clientloop crash (#627332)
- properly restore euid in case connect to the ssh-agent socket fails
|
2010-11-24 08:24:42 +01:00 |
|
Jan F
|
bb5eb00d2d
|
- properly restore euid in case connect to the ssh-agent socket fails
|
2010-11-24 07:49:04 +01:00 |
|
Jan F. Chadima
|
d2ed53bfc6
|
- striped read permissions from suid and sgid binaries
- properly restore euid in case connect to the ssh-agent socket fails
|
2010-10-10 05:43:12 +02:00 |
|
Jan F
|
7c53d7e5af
|
- used upstream version of the biguid patch
|
2010-11-15 14:01:18 +01:00 |
|
Jan F
|
82036abfa2
|
- improoved kuserok patch
|
2010-11-15 10:35:33 +01:00 |
|
Jan F
|
5daee12df3
|
- add auditing the host based key ussage
- repait X11 abstract layer socket (#648896)
|
2010-11-05 17:31:30 +01:00 |
|
Jan F. Chadima
|
f44bdee1ed
|
- add auditing the kex result
|
2010-09-21 05:36:25 +02:00 |
|
Jan F
|
f8f722ebad
|
- add auditing the key ussage
|
2010-11-02 21:10:16 +01:00 |
|
Jan F
|
0f4c82ee87
|
- add auditing the key ussage
|
2010-11-02 13:10:33 +01:00 |
|
Jan F
|
2d0bc8b9f6
|
- update gsskex patch (#645389)
|
2010-10-22 15:45:07 +02:00 |
|
Jan F
|
ba25ecfbc7
|
- rebase linux audit according to upstream
|
2010-10-20 11:52:05 +02:00 |
|
Jan F. Chadima
|
cf74d509bc
|
- add missing headers to linux audit
|
2010-08-31 21:47:07 +02:00 |
|
Jan F
|
faae1e801d
|
- audit module now uses openssh audit framevork
|
2010-09-29 09:17:40 +02:00 |
|
Jan F
|
cae7368913
|
- Add the GSSAPI kuserok switch to the kuserok patch
|
2010-09-15 19:21:47 +02:00 |
|
Jan F
|
46c77f5af2
|
- Add the GSSAPI kuserok switch to the kuserok patch
|
2010-09-15 15:55:55 +02:00 |
|
Jan F
|
4c4aa13bbb
|
- Repaired the kuserok patch
|
2010-09-15 10:07:41 +02:00 |
|
Jan F
|
abe4bc8a6b
|
- Repaired the problem with puting entries with very big uid into lastlog
|
2010-09-13 14:22:31 +02:00 |
|
Jan F
|
10c6ac8404
|
- Repaired the problem with puting entries with very big uid into lastlog
|
2010-09-13 13:08:30 +02:00 |
|
Jan F
|
ce0606e548
|
- Repaired the problem with puting entries with very big uid into lastlog
|
2010-09-13 13:02:01 +02:00 |
|
Jan F
|
2bdd0209d2
|
- Merging selabel patch with the upstream version. (#632914)
|
2010-09-13 11:40:52 +02:00 |
|
Jan F
|
84d568abcc
|
- Merging selabel patch with the upstream version. (#632914)
|
2010-09-13 11:38:26 +02:00 |
|
Jan F
|
93909d91af
|
- Tweaking selabel batch to work properly without selinux rules loaded. (#632914)
|
2010-09-13 10:26:50 +02:00 |
|
Tomas Mraz
|
13fa787ecc
|
- Make fipscheck hmacs compliant with FHS - requires new fipscheck
|
2010-09-08 09:00:22 +02:00 |
|
Jan F
|
f7e15d5204
|
- Added -z relro -z now to LDFLAGS
|
2010-09-08 08:41:29 +02:00 |
|
Jan F. Chadima
|
c6801b909e
|
- Rebased to openssh5.6p1
- Added -z relro -z now to LDFLAGS
|
2010-08-12 07:41:58 +02:00 |
|
Jan F. Chadima
|
1b8a267cb9
|
Upgrade to openssh-5.6p1
|
2010-08-03 02:41:49 +02:00 |
|
Jan F. Chadima
|
98ba34ae05
|
upgrade to openssh-5.6p1
|
2010-08-03 01:10:26 +02:00 |
|
Jan F. Chadima
|
7818e56d62
|
- merged with newer bugzilla's version of authorized keys command patch
|
2010-07-07 13:48:36 +00:00 |
|
Jan F. Chadima
|
eb358aa2e5
|
- improved the x11 patch according to upstream (#598671)
|
2010-06-30 14:50:51 +00:00 |
|
Jan F. Chadima
|
a3dee6b29d
|
- improved the x11 patch (#598671)
|
2010-06-25 12:08:42 +00:00 |
|
Jan F. Chadima
|
41a56c5d4d
|
- changed _PATH_UNIX_X to unexistent file name (#598671)
|
2010-06-24 07:02:37 +00:00 |
|
Jan F. Chadima
|
411b917379
|
- sftp works in deviceless chroot again (broken from 5.5p1-3)
|
2010-06-23 13:53:38 +00:00 |
|
Jan F. Chadima
|
59d42d3dc6
|
- add option to switch out krb5_kuserok
|
2010-06-08 10:06:35 +00:00 |
|
Jan F. Chadima
|
2fd105489c
|
- synchronize uid and gid for the user sshd
|
2010-05-21 13:23:44 +00:00 |
|
Jan F. Chadima
|
b1a625a446
|
- Typo in ssh-ldap.conf(5) and ssh-ladap-helper(8)
|
2010-05-20 07:02:32 +00:00 |
|
Jan F. Chadima
|
99d9a391f4
|
- Repair the reference in man ssh-ldap-helper(8)
- Repair the PubkeyAgent section in sshd_config(5)
- Provide example ldap.conf
|
2010-05-14 08:19:04 +00:00 |
|
Jan F. Chadima
|
86b2d1c41c
|
- Make the Ldap configuration widely compatible
- create the aditional docs for LDAP support.
|
2010-05-13 14:25:38 +00:00 |
|
Jan F. Chadima
|
222d52deed
|
- Make the Ldap configuration widely compatible
- create the aditional docs for LDAP support.
|
2010-05-13 13:53:16 +00:00 |
|
Jan F. Chadima
|
4669c37784
|
- Make LDAP config elements TLS_CACERT and TLS_REQCERT compatiple with
pam_ldap (#589360)
|
2010-05-06 14:01:16 +00:00 |
|
Jan F. Chadima
|
b6bdf18518
|
- Make LDAP config element tls_checkpeer compatiple with nss_ldap (#589360)
|
2010-05-06 09:39:44 +00:00 |
|
Jan F. Chadima
|
bd929b4662
|
- Comment spec.file
- Sync patches from upstream
|
2010-05-04 07:50:13 +00:00 |
|
Jan F. Chadima
|
6fa4d807de
|
- Comment spec.file
- Sync patches from upstream
|
2010-05-04 07:27:28 +00:00 |
|
Jan F. Chadima
|
3fdf10cdb4
|
- Create separate ldap package
- Tweak the ldap patch
- Rename stderr patch properly
|
2010-05-03 13:32:38 +00:00 |
|
Jan F. Chadima
|
7e7fb423e6
|
- Added LDAP support
|
2010-04-28 11:07:03 +00:00 |
|
Jan F. Chadima
|
2220e6858f
|
- Ignore .bashrc output to stderr in the subsystems
|
2010-04-26 09:50:26 +00:00 |
|
Jan F. Chadima
|
9e777a245e
|
- Drop dependency on man
|
2010-04-20 07:25:26 +00:00 |
|
Jan F. Chadima
|
82bc825ff1
|
- Update to 5.5p1
|
2010-04-16 08:09:50 +00:00 |
|
Jan F. Chadima
|
e18b1170a3
|
- repair configure script of pam_ssh_agent
- repair error mesage in ssh-keygen
|
2010-03-20 04:06:11 +00:00 |
|
Jan F. Chadima
|
b823409b8f
|
- repair configure script of pam_ssh_agent
- repair error mesage in ssh-keygen
|
2010-03-19 20:21:36 +00:00 |
|
Jan F. Chadima
|
50a3ddbbcb
|
- repair configure script of pam_ssh_agent
|
2010-03-19 20:11:25 +00:00 |
|
Jan F. Chadima
|
2640293ec8
|
source krb5-devel profile script only if exists
|
2010-03-12 10:47:29 +00:00 |
|
Jan F. Chadima
|
04cab1dcbc
|
Update to 5.4p1
|
2010-03-09 09:58:14 +00:00 |
|
Jan F. Chadima
|
42225a2417
|
Update to 5.4p1
|
2010-03-09 07:00:50 +00:00 |
|
Jan F. Chadima
|
d1a73d1a80
|
Update to 5.4p1
|
2010-03-09 06:54:34 +00:00 |
|
Jan F. Chadima
|
974c89c195
|
Prepare update to 5.4p1
|
2010-03-03 09:36:51 +00:00 |
|
Jan F. Chadima
|
806a11fa62
|
ImplicitDSOLinking
|
2010-02-15 12:20:04 +00:00 |
|
Jan F. Chadima
|
a2a0cf4842
|
Allow to use hardware crypto if awailable
|
2010-01-29 10:20:07 +00:00 |
|
Jan F. Chadima
|
606b55d024
|
optimized FD_CLOEXEC on accept socket
|
2010-01-25 18:59:02 +00:00 |
|
Tomáš Mráz
|
7451555c05
|
- updated pam_ssh_agent_auth to new version from upstream (just a licence
change)
|
2010-01-25 14:36:10 +00:00 |
|
Jan F. Chadima
|
e39eb5b75f
|
optimized RAND_cleanup patch
|
2010-01-21 09:00:42 +00:00 |
|
Jan F. Chadima
|
28355b8c50
|
add RAND_cleanup at the exit of each program using RAND
|
2010-01-20 18:43:25 +00:00 |
|
Jan F. Chadima
|
3131004032
|
set FD_CLOEXEC on accepted socket
|
2010-01-19 09:07:39 +00:00 |
|
Jan F. Chadima
|
37c0ae034e
|
s/define/global/ in macros
|
2010-01-11 08:32:06 +00:00 |
|
Jan F. Chadima
|
b8bdc7cf55
|
s/define/global/ in macros
|
2010-01-08 11:30:34 +00:00 |
|
Jan F. Chadima
|
9051e5753d
|
Update the pka patch
|
2010-01-05 09:27:12 +00:00 |
|
Jan F. Chadima
|
ecd50fd460
|
Update the audit patch
|
2009-12-21 10:54:59 +00:00 |
|
Jan F. Chadima
|
c32d4acc8b
|
Add possibility to autocreate only RSA key into initscript
|
2009-12-04 13:31:18 +00:00 |
|
Jan F. Chadima
|
6323f67e20
|
Prepare NSS key patch for future SEC_ERROR_LOCKED_PASSWORD
|
2009-11-27 13:22:15 +00:00 |
|
Jan F. Chadima
|
0a64234930
|
Update NSS key patch
|
2009-11-24 13:53:46 +00:00 |
|
Jan F. Chadima
|
3d742c1851
|
Add gssapi key exchange patch
|
2009-11-20 15:06:47 +00:00 |
|
Jan F. Chadima
|
201f4ac5e9
|
Add public key agent patch
|
2009-11-20 10:51:18 +00:00 |
|
Jan F. Chadima
|
d2767e5768
|
Repair canohost patch to allow gssapi to work when host is acessed via pipe
proxy
|
2009-11-02 11:29:48 +00:00 |
|
Jan F. Chadima
|
5fb555b7fa
|
Modify the init script to prevent it to hang during generating the keys
|
2009-10-29 09:30:48 +00:00 |
|
Jan F. Chadima
|
838d936248
|
Add README.nss
|
2009-10-27 13:48:48 +00:00 |
|
Tomáš Mráz
|
e47cb00157
|
- Add pam_ssh_agent_auth module to a subpackage.
|
2009-10-19 07:32:33 +00:00 |
|
Jan F. Chadima
|
2ed3f9b53a
|
Renable audit.
|
2009-10-17 07:46:49 +00:00 |
|
Jan F. Chadima
|
c54a8b0af7
|
Upgrade to new wersion 5.3p1
|
2009-10-02 13:50:30 +00:00 |
|
Jan F. Chadima
|
35695c001b
|
Upgrade to new wersion 5.3p1
|
2009-10-02 13:17:07 +00:00 |
|
Jan F. Chadima
|
71e8744e6a
|
Resolve locking in ssh-add
|
2009-09-30 06:43:43 +00:00 |
|
Jan F. Chadima
|
f013bee3ec
|
Repair initscript to be acord to guidelines
|
2009-09-24 16:05:27 +00:00 |
|
Jan F. Chadima
|
cee78eb11c
|
Repair initscript to be acord to guidelines
|
2009-09-24 12:34:16 +00:00 |
|
Jan F. Chadima
|
4330e6af2b
|
Changed pam stack to password-auth
|
2009-09-16 08:12:30 +00:00 |
|
Jan F. Chadima
|
3d51c727c3
|
Dropped homechroot path
|
2009-09-11 08:10:13 +00:00 |
|
Jan F. Chadima
|
0447c9e3b7
|
Dropped homechrot patch
|
2009-09-11 08:04:22 +00:00 |
|
Jan F. Chadima
|
257d66a4fb
|
Add check for nosuid, nodev in homechroot
|
2009-09-07 10:20:22 +00:00 |
|
Jan F. Chadima
|
49d0cf7e60
|
add correct patch for ip-opts
|
2009-09-01 18:51:41 +00:00 |
|
Jan F. Chadima
|
bd8eb961cd
|
replace ip-opts patch by an upstream candidate version
|
2009-09-01 14:02:15 +00:00 |
|
Jan F. Chadima
|
ce94daebbc
|
Upstream convergence
|
2009-08-31 12:40:05 +00:00 |
|
Jan F. Chadima
|
726565c3b0
|
Upstream convergence
|
2009-08-31 12:38:20 +00:00 |
|
Jan F. Chadima
|
56bb42082f
|
rearange sesftp patch acording to upstream request
|
2009-08-28 22:43:53 +00:00 |
|
Jan F. Chadima
|
15914f24ed
|
rearange patches
|
2009-08-28 21:46:27 +00:00 |
|
Jan F. Chadima
|
214b7b9738
|
minor change in sesftp patch
|
2009-08-26 11:01:42 +00:00 |
|