Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							d93958db19 
							
						 
					 
					
						
						
							
							- drop obsolete triggers  
						
						... 
						
						
						
						- add testing FIPS mode support
- LSBize the initscript (#247014 ) 
						
					 
					
						2009-02-12 18:19:52 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							ff6d597308 
							
						 
					 
					
						
						
							
							- enable use of ssl engines ( #481100 )  
						
						
						
					 
					
						2009-01-30 15:44:41 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							6a5e296ba7 
							
						 
					 
					
						
						
							
							- remove obsolete --with-rsh ( #478298 )  
						
						... 
						
						
						
						- add pam_sepermit to allow blocking confined users in permissive mode
    (#471746 )
- move system-auth after pam_selinux in the session stack 
						
					 
					
						2009-01-15 10:52:07 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							9e5c6ecd02 
							
						 
					 
					
						
						
							
							- set FD_CLOEXEC on channel sockets ( #475866 )  
						
						... 
						
						
						
						- adjust summary
- adjust nss-keys patch so it is applicable without selinux patches
    (#470859 ) 
						
					 
					
						2008-12-11 21:48:41 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							b9a07ad737 
							
						 
					 
					
						
						
							
							- fix compatibility with some servers ( #466818 )  
						
						
						
					 
					
						2008-10-17 08:34:36 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							578f0d08a9 
							
						 
					 
					
						
						
							
							- fixed zero length banner problem ( #457326 )  
						
						
						
					 
					
						2008-07-31 09:22:18 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							ec5276165c 
							
						 
					 
					
						
						
							
							- rediff for no fuzz  
						
						
						
					 
					
						2008-07-23 17:33:16 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							09510adc7c 
							
						 
					 
					
						
						
							
							- rediff for zero fuzz tolerance  
						
						
						
					 
					
						2008-07-23 16:30:14 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							93a4744539 
							
						 
					 
					
						
						
							
							- upgrade to new upstream release  
						
						... 
						
						
						
						- fixed a problem with public key authentication and explicitely specified
    SELinux role 
						
					 
					
						2008-07-23 14:50:23 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							077dad7320 
							
						 
					 
					
						
						
							
							- pass the connection socket to ssh-keysign ( #447680 )  
						
						
						
					 
					
						2008-05-21 08:16:23 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							1961bc12e6 
							
						 
					 
					
						
						
							
							- add LANGUAGE to accepted/sent environment variables ( #443231 )  
						
						... 
						
						
						
						- use pam_selinux to obtain the user context instead of doing it itself
- unbreak server keep alive settings (patch from upstream)
- small addition to scp manpage 
						
					 
					
						2008-05-19 16:53:29 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							ca47f63941 
							
						 
					 
					
						
						
							
							- upgrade to new upstream ( #441066 )  
						
						... 
						
						
						
						- prevent initscript from killing itself on halt with upstart (#438449 )
- initscript status should show that the daemon is running only when the
    main daemon is still alive (#430882 ) 
						
					 
					
						2008-04-07 20:14:31 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							2cb0e73a4e 
							
						 
					 
					
						
						
							
							- set FD_CLOEXEC on client socket  
						
						... 
						
						
						
						- apply real fix for window size problem (#286181 ) from upstream
- apply fix for the spurious failed bind from upstream
- apply open handle leak in sftp fix from upstream 
						
					 
					
						2008-02-29 16:34:03 +00:00 
						 
				 
			
				
					
						
							
							
								Dennis Gilmore 
							
						 
					 
					
						
						
						
						
							
						
						
							91bdf496cd 
							
						 
					 
					
						
						
							
							we build sparc32 sparcv9 by default now it needed adding to the -fPIE list  
						
						
						
					 
					
						2008-02-13 03:52:43 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							993dd1a3db 
							
						 
					 
					
						
						
							
							- fix gssapi auth with explicit selinux role requested ( #427303 ) - patch by  
						
						... 
						
						
						
						Nalin Dahyabhai 
						
					 
					
						2008-01-03 17:45:59 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							3457e3e00f 
							
						 
					 
					
						
						
							
							- explicitly source krb5-devel profile script  
						
						
						
					 
					
						2007-12-04 19:03:49 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							2cc09c66ed 
							
						 
					 
					
						
						
							
							- explicitly source krb5-devel profile script  
						
						... 
						
						
						
						- rebuild for openssl bump 
						
					 
					
						2007-12-04 18:58:25 +00:00 
						 
				 
			
				
					
						
							
							
								Jesse Keating 
							
						 
					 
					
						
						
						
						
							
						
						
							9eac427785 
							
						 
					 
					
						
						
							
							- Rebuild for openssl bump  
						
						
						
					 
					
						2007-12-04 18:47:33 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							320a1c8f0e 
							
						 
					 
					
						
						
							
							- localtime in chroot no longer needed  
						
						
						
					 
					
						2007-11-20 18:38:37 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							0a9a4072ef 
							
						 
					 
					
						
						
							
							- must require ncurses-devel for libedit  
						
						
						
					 
					
						2007-11-20 18:26:30 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							b1ffa00b4c 
							
						 
					 
					
						
						
							
							- version bump  
						
						
						
					 
					
						2007-11-20 15:04:37 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							8b8c4dc83c 
							
						 
					 
					
						
						
							
							- do not copy /etc/localtime into the chroot as it is not necessary anymore  
						
						... 
						
						
						
						(#193184 )
- call setkeycreatecon when selinux context is established
- test for NULL privk when freeing key (#391871 ) - patch by Pierre Ossman 
						
					 
					
						2007-11-20 14:53:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bill Nottingham 
							
						 
					 
					
						
						
						
						
							
						
						
							5d613bead0 
							
						 
					 
					
						
						
							
							makefile update to properly grab makefile.common  
						
						
						
					 
					
						2007-10-15 19:12:18 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							95be083504 
							
						 
					 
					
						
						
							
							- revert default window size adjustments ( #286181 )  
						
						
						
					 
					
						2007-09-17 21:33:02 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							c9833c96a4 
							
						 
					 
					
						
						
							
							- upgrade to latest upstream  
						
						... 
						
						
						
						- use libedit in sftp (#203009 )
- fixed audit log injection problem (CVE-2007-3102) 
						
					 
					
						2007-09-06 19:49:16 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							f370730d3b 
							
						 
					 
					
						
						
							
							- fix sftp client problems on write error ( #247802 )  
						
						... 
						
						
						
						- allow disabling autocreation of server keys (#235466 ) 
						
					 
					
						2007-08-09 18:33:41 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							fc2f31df03 
							
						 
					 
					
						
						
							
							- oops committed testing only change  
						
						
						
					 
					
						2007-06-20 19:33:53 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							0092bbd526 
							
						 
					 
					
						
						
							
							- add buildrequires nss-devel to build with the nss-keys patch  
						
						
						
					 
					
						2007-06-20 19:11:49 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							c3274ccb32 
							
						 
					 
					
						
						
							
							- experimental NSS keys support  
						
						... 
						
						
						
						- correctly setup context when empty level requested (#234951 ) 
						
					 
					
						2007-06-20 17:47:18 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							7210c0162a 
							
						 
					 
					
						
						
							
							- mls level check must be done with default role same as requested  
						
						
						
					 
					
						2007-03-20 09:13:40 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							b40baab181 
							
						 
					 
					
						
						
							
							- make profile.d/gnome-ssh-askpass.* regular files ( #226218 )  
						
						
						
					 
					
						2007-03-19 11:57:36 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							546fdd9f47 
							
						 
					 
					
						
						
							
							- reject connection if requested mls range is not obtained ( #229278 )  
						
						
						
					 
					
						2007-03-01 08:28:22 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							9d725bd1ab 
							
						 
					 
					
						
						
							
							- improve Buildroot  
						
						... 
						
						
						
						- remove duplicate /etc/ssh from files 
						
					 
					
						2007-02-22 13:00:51 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							73a8557dfd 
							
						 
					 
					
						
						
							
							- fix some forward porting typos  
						
						
						
					 
					
						2007-01-16 21:20:04 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							c2b35d09c0 
							
						 
					 
					
						
						
							
							- support mls on labeled networks ( #220487 )  
						
						... 
						
						
						
						- support mls level selection on unlabeled networks
- allow / in usernames in scp (only beginning /, ./, and ../ is special) 
						
					 
					
						2007-01-16 20:58:00 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							45f17da853 
							
						 
					 
					
						
						
							
							- buildrequire tcp_wrappers-devel  
						
						
						
					 
					
						2006-12-21 13:59:55 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							ad07b998ed 
							
						 
					 
					
						
						
							
							- update to 4.5p1 ( #212606 )  
						
						
						
					 
					
						2006-12-21 13:42:47 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							914284ff3f 
							
						 
					 
					
						
						
							
							- fix gssapi with DNS loadbalanced clusters ( #216857 )  
						
						
						
					 
					
						2006-11-30 10:50:12 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							d63dc67db7 
							
						 
					 
					
						
						
							
							- improved pam_session patch so it doesn't regress, the patch is necessary  
						
						... 
						
						
						
						for the pam_session_close to be called correctly as uid 0 
						
					 
					
						2006-11-28 21:14:50 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							ad61b116d1 
							
						 
					 
					
						
						
							
							- CVE-2006-5794 - properly detect failed key verify in monitor ( #214641 )  
						
						
						
					 
					
						2006-11-10 10:00:04 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							19675afc7c 
							
						 
					 
					
						
						
							
							- merge sshd initscript patches  
						
						... 
						
						
						
						- kill all ssh sessions when stop is called in halt or reboot runlevel
- remove -TERM option from killproc so we don't race on sshd restart 
						
					 
					
						2006-11-02 13:33:37 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							7114c4238b 
							
						 
					 
					
						
						
							
							- improve gssapi-no-spnego patch ( #208102 )  
						
						... 
						
						
						
						- CVE-2006-4924 - prevent DoS on deattack detector (#207957 )
- CVE-2006-5051 - don't call cleanups from signal handler (#208459 ) 
						
					 
					
						2006-10-02 17:35:50 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							ac4818c499 
							
						 
					 
					
						
						
							
							- don't report duplicate syslog messages, use correct local time ( #189158 )  
						
						... 
						
						
						
						- don't allow spnego as gssapi mechanism (from upstream)
- fixed memleaks found by Coverity (from upstream)
- allow ip options except source routing (#202856 ) (patch by HP) 
						
					 
					
						2006-08-23 21:06:38 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							c12d6ba86c 
							
						 
					 
					
						
						
							
							- drop the pam-session patch from the previous build ( #201341 )  
						
						... 
						
						
						
						- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594 ) 
						
					 
					
						2006-08-08 11:58:33 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							762e407bd5 
							
						 
					 
					
						
						
							
							- dropped old ssh obsoletes  
						
						... 
						
						
						
						- call the pam_session_open/close from the monitor when privsep is enabled
    so it is always called as root (patch by Darren Tucker) 
						
					 
					
						2006-07-20 11:06:42 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							ef32423955 
							
						 
					 
					
						
						
							
							- improve selinux patch (by Jan Kiszka)  
						
						... 
						
						
						
						- upstream patch for buffer append space error (#191940 )
- fixed typo in configure.ac (#198986 )
- added pam_keyinit to pam configuration (#198628 )
- improved error message when askpass dialog cannot grab keyboard input
    (#198332 )
- buildrequires xauth instead of xorg-x11-xauth
- fixed a few rpmlint warnings 
						
					 
					
						2006-07-17 14:09:15 +00:00 
						 
				 
			
				
					
						
							
							
								Jesse Keating 
							
						 
					 
					
						
						
						
						
							
						
						
							d446e97b50 
							
						 
					 
					
						
						
							
							bumped for rebuild  
						
						
						
					 
					
						2006-07-12 07:35:41 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							7e1c558992 
							
						 
					 
					
						
						
							
							- don't request pseudoterminal allocation if stdin is not tty ( #188983 )  
						
						
						
					 
					
						2006-04-14 08:26:10 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							5f29aca399 
							
						 
					 
					
						
						
							
							- allow access if audit is not compiled in kernel ( #183243 )  
						
						
						
					 
					
						2006-03-02 21:37:28 +00:00 
						 
				 
			
				
					
						
							
							
								Tomáš Mráz 
							
						 
					 
					
						
						
						
						
							
						
						
							e01ed66930 
							
						 
					 
					
						
						
							
							- enable the subprocess in chroot to send messages to system log  
						
						... 
						
						
						
						- sshd should prevent login if audit call fails 
						
					 
					
						2006-02-24 14:07:41 +00:00