Jan F
5daee12df3
- add auditing the host based key ussage
...
- repait X11 abstract layer socket (#648896 )
2010-11-05 17:31:30 +01:00
Jan F. Chadima
f44bdee1ed
- add auditing the kex result
2010-09-21 05:36:25 +02:00
Jan F
f8f722ebad
- add auditing the key ussage
2010-11-02 21:10:16 +01:00
Jan F
0f4c82ee87
- add auditing the key ussage
2010-11-02 13:10:33 +01:00
Jan F
2d0bc8b9f6
- update gsskex patch ( #645389 )
2010-10-22 15:45:07 +02:00
Jan F
ba25ecfbc7
- rebase linux audit according to upstream
2010-10-20 11:52:05 +02:00
Jan F. Chadima
cf74d509bc
- add missing headers to linux audit
2010-08-31 21:47:07 +02:00
Jan F
faae1e801d
- audit module now uses openssh audit framevork
2010-09-29 09:17:40 +02:00
Jan F
cae7368913
- Add the GSSAPI kuserok switch to the kuserok patch
2010-09-15 19:21:47 +02:00
Jan F
46c77f5af2
- Add the GSSAPI kuserok switch to the kuserok patch
2010-09-15 15:55:55 +02:00
Jan F
4c4aa13bbb
- Repaired the kuserok patch
2010-09-15 10:07:41 +02:00
Jan F
abe4bc8a6b
- Repaired the problem with puting entries with very big uid into lastlog
2010-09-13 14:22:31 +02:00
Jan F
10c6ac8404
- Repaired the problem with puting entries with very big uid into lastlog
2010-09-13 13:08:30 +02:00
Jan F
ce0606e548
- Repaired the problem with puting entries with very big uid into lastlog
2010-09-13 13:02:01 +02:00
Jan F
2bdd0209d2
- Merging selabel patch with the upstream version. ( #632914 )
2010-09-13 11:40:52 +02:00
Jan F
84d568abcc
- Merging selabel patch with the upstream version. ( #632914 )
2010-09-13 11:38:26 +02:00
Jan F
93909d91af
- Tweaking selabel batch to work properly without selinux rules loaded. ( #632914 )
2010-09-13 10:26:50 +02:00
Tomas Mraz
13fa787ecc
- Make fipscheck hmacs compliant with FHS - requires new fipscheck
2010-09-08 09:00:22 +02:00
Jan F
f7e15d5204
- Added -z relro -z now to LDFLAGS
2010-09-08 08:41:29 +02:00
Jan F. Chadima
c6801b909e
- Rebased to openssh5.6p1
...
- Added -z relro -z now to LDFLAGS
2010-08-12 07:41:58 +02:00
Jan F. Chadima
1b8a267cb9
Upgrade to openssh-5.6p1
2010-08-03 02:41:49 +02:00
Jan F. Chadima
98ba34ae05
upgrade to openssh-5.6p1
2010-08-03 01:10:26 +02:00
Jan F. Chadima
7818e56d62
- merged with newer bugzilla's version of authorized keys command patch
2010-07-07 13:48:36 +00:00
Jan F. Chadima
eb358aa2e5
- improved the x11 patch according to upstream ( #598671 )
2010-06-30 14:50:51 +00:00
Jan F. Chadima
a3dee6b29d
- improved the x11 patch ( #598671 )
2010-06-25 12:08:42 +00:00
Jan F. Chadima
41a56c5d4d
- changed _PATH_UNIX_X to unexistent file name ( #598671 )
2010-06-24 07:02:37 +00:00
Jan F. Chadima
411b917379
- sftp works in deviceless chroot again (broken from 5.5p1-3)
2010-06-23 13:53:38 +00:00
Jan F. Chadima
59d42d3dc6
- add option to switch out krb5_kuserok
2010-06-08 10:06:35 +00:00
Jan F. Chadima
2fd105489c
- synchronize uid and gid for the user sshd
2010-05-21 13:23:44 +00:00
Jan F. Chadima
b1a625a446
- Typo in ssh-ldap.conf(5) and ssh-ladap-helper(8)
2010-05-20 07:02:32 +00:00
Jan F. Chadima
99d9a391f4
- Repair the reference in man ssh-ldap-helper(8)
...
- Repair the PubkeyAgent section in sshd_config(5)
- Provide example ldap.conf
2010-05-14 08:19:04 +00:00
Jan F. Chadima
86b2d1c41c
- Make the Ldap configuration widely compatible
...
- create the aditional docs for LDAP support.
2010-05-13 14:25:38 +00:00
Jan F. Chadima
222d52deed
- Make the Ldap configuration widely compatible
...
- create the aditional docs for LDAP support.
2010-05-13 13:53:16 +00:00
Jan F. Chadima
4669c37784
- Make LDAP config elements TLS_CACERT and TLS_REQCERT compatiple with
...
pam_ldap (#589360 )
2010-05-06 14:01:16 +00:00
Jan F. Chadima
b6bdf18518
- Make LDAP config element tls_checkpeer compatiple with nss_ldap ( #589360 )
2010-05-06 09:39:44 +00:00
Jan F. Chadima
bd929b4662
- Comment spec.file
...
- Sync patches from upstream
2010-05-04 07:50:13 +00:00
Jan F. Chadima
6fa4d807de
- Comment spec.file
...
- Sync patches from upstream
2010-05-04 07:27:28 +00:00
Jan F. Chadima
3fdf10cdb4
- Create separate ldap package
...
- Tweak the ldap patch
- Rename stderr patch properly
2010-05-03 13:32:38 +00:00
Jan F. Chadima
7e7fb423e6
- Added LDAP support
2010-04-28 11:07:03 +00:00
Jan F. Chadima
2220e6858f
- Ignore .bashrc output to stderr in the subsystems
2010-04-26 09:50:26 +00:00
Jan F. Chadima
9e777a245e
- Drop dependency on man
2010-04-20 07:25:26 +00:00
Jan F. Chadima
82bc825ff1
- Update to 5.5p1
2010-04-16 08:09:50 +00:00
Jan F. Chadima
e18b1170a3
- repair configure script of pam_ssh_agent
...
- repair error mesage in ssh-keygen
2010-03-20 04:06:11 +00:00
Jan F. Chadima
b823409b8f
- repair configure script of pam_ssh_agent
...
- repair error mesage in ssh-keygen
2010-03-19 20:21:36 +00:00
Jan F. Chadima
50a3ddbbcb
- repair configure script of pam_ssh_agent
2010-03-19 20:11:25 +00:00
Jan F. Chadima
2640293ec8
source krb5-devel profile script only if exists
2010-03-12 10:47:29 +00:00
Jan F. Chadima
04cab1dcbc
Update to 5.4p1
2010-03-09 09:58:14 +00:00
Jan F. Chadima
42225a2417
Update to 5.4p1
2010-03-09 07:00:50 +00:00
Jan F. Chadima
d1a73d1a80
Update to 5.4p1
2010-03-09 06:54:34 +00:00
Jan F. Chadima
974c89c195
Prepare update to 5.4p1
2010-03-03 09:36:51 +00:00
Jan F. Chadima
806a11fa62
ImplicitDSOLinking
2010-02-15 12:20:04 +00:00
Jan F. Chadima
a2a0cf4842
Allow to use hardware crypto if awailable
2010-01-29 10:20:07 +00:00
Jan F. Chadima
606b55d024
optimized FD_CLOEXEC on accept socket
2010-01-25 18:59:02 +00:00
Tomáš Mráz
7451555c05
- updated pam_ssh_agent_auth to new version from upstream (just a licence
...
change)
2010-01-25 14:36:10 +00:00
Jan F. Chadima
e39eb5b75f
optimized RAND_cleanup patch
2010-01-21 09:00:42 +00:00
Jan F. Chadima
28355b8c50
add RAND_cleanup at the exit of each program using RAND
2010-01-20 18:43:25 +00:00
Jan F. Chadima
3131004032
set FD_CLOEXEC on accepted socket
2010-01-19 09:07:39 +00:00
Jan F. Chadima
37c0ae034e
s/define/global/ in macros
2010-01-11 08:32:06 +00:00
Jan F. Chadima
b8bdc7cf55
s/define/global/ in macros
2010-01-08 11:30:34 +00:00
Jan F. Chadima
9051e5753d
Update the pka patch
2010-01-05 09:27:12 +00:00
Jan F. Chadima
ecd50fd460
Update the audit patch
2009-12-21 10:54:59 +00:00
Jan F. Chadima
c32d4acc8b
Add possibility to autocreate only RSA key into initscript
2009-12-04 13:31:18 +00:00
Jan F. Chadima
6323f67e20
Prepare NSS key patch for future SEC_ERROR_LOCKED_PASSWORD
2009-11-27 13:22:15 +00:00
Jan F. Chadima
0a64234930
Update NSS key patch
2009-11-24 13:53:46 +00:00
Jan F. Chadima
3d742c1851
Add gssapi key exchange patch
2009-11-20 15:06:47 +00:00
Jan F. Chadima
201f4ac5e9
Add public key agent patch
2009-11-20 10:51:18 +00:00
Jan F. Chadima
d2767e5768
Repair canohost patch to allow gssapi to work when host is acessed via pipe
...
proxy
2009-11-02 11:29:48 +00:00
Jan F. Chadima
5fb555b7fa
Modify the init script to prevent it to hang during generating the keys
2009-10-29 09:30:48 +00:00
Jan F. Chadima
838d936248
Add README.nss
2009-10-27 13:48:48 +00:00
Tomáš Mráz
e47cb00157
- Add pam_ssh_agent_auth module to a subpackage.
2009-10-19 07:32:33 +00:00
Jan F. Chadima
2ed3f9b53a
Renable audit.
2009-10-17 07:46:49 +00:00
Jan F. Chadima
c54a8b0af7
Upgrade to new wersion 5.3p1
2009-10-02 13:50:30 +00:00
Jan F. Chadima
35695c001b
Upgrade to new wersion 5.3p1
2009-10-02 13:17:07 +00:00
Jan F. Chadima
71e8744e6a
Resolve locking in ssh-add
2009-09-30 06:43:43 +00:00
Jan F. Chadima
f013bee3ec
Repair initscript to be acord to guidelines
2009-09-24 16:05:27 +00:00
Jan F. Chadima
cee78eb11c
Repair initscript to be acord to guidelines
2009-09-24 12:34:16 +00:00
Jan F. Chadima
4330e6af2b
Changed pam stack to password-auth
2009-09-16 08:12:30 +00:00
Jan F. Chadima
3d51c727c3
Dropped homechroot path
2009-09-11 08:10:13 +00:00
Jan F. Chadima
0447c9e3b7
Dropped homechrot patch
2009-09-11 08:04:22 +00:00
Jan F. Chadima
257d66a4fb
Add check for nosuid, nodev in homechroot
2009-09-07 10:20:22 +00:00
Jan F. Chadima
49d0cf7e60
add correct patch for ip-opts
2009-09-01 18:51:41 +00:00
Jan F. Chadima
bd8eb961cd
replace ip-opts patch by an upstream candidate version
2009-09-01 14:02:15 +00:00
Jan F. Chadima
ce94daebbc
Upstream convergence
2009-08-31 12:40:05 +00:00
Jan F. Chadima
726565c3b0
Upstream convergence
2009-08-31 12:38:20 +00:00
Jan F. Chadima
56bb42082f
rearange sesftp patch acording to upstream request
2009-08-28 22:43:53 +00:00
Jan F. Chadima
15914f24ed
rearange patches
2009-08-28 21:46:27 +00:00
Jan F. Chadima
214b7b9738
minor change in sesftp patch
2009-08-26 11:01:42 +00:00
Tomáš Mráz
80bcb17706
- rebuilt with new openssl
2009-08-21 15:08:09 +00:00
Jan F. Chadima
986cee7298
Added dnssec support.
2009-07-30 08:29:01 +00:00
Jesse Keating
42c539189a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
2009-07-25 20:53:38 +00:00
Jan F. Chadima
aa89838a87
only INTERNAL_SFTP can be home-chrooted save _u and _r parts of context
...
changing to sftpd_t
2009-07-24 06:15:35 +00:00
Jan F. Chadima
3d6b00af7e
changed internal-sftp context to sftpd_t
2009-07-17 07:06:59 +00:00
Jan F. Chadima
ca05b36451
create '~/.ssh/known_hosts' within proper context
2009-06-30 10:26:13 +00:00
Jan F. Chadima
f4b0b4b772
length of home path in ssh now limited by PATH_MAX
2009-06-29 20:51:17 +00:00
Jan F. Chadima
eca05fc45d
final version chroot %%h (sftp only)
2009-06-27 06:24:04 +00:00
Jan F. Chadima
c1398b876e
repair broken ls in chroot %%h
2009-06-23 17:59:23 +00:00
Jan F. Chadima
ecd8460a44
add XMODIFIERS to exported environment
2009-06-12 12:57:27 +00:00
Jan F. Chadima
5341122cd7
add XMODIFIERS to exported environment
2009-06-12 12:29:54 +00:00
Jan F. Chadima
e45f2ca7df
add XMODIFIERS to exported environment
2009-06-12 12:12:51 +00:00
Tomáš Mráz
76f329ece1
- allow only protocol 2 in the FIPS mode
2009-05-15 14:44:21 +00:00
Tomáš Mráz
685b6239bb
- do integrity verification only on binaries which are part of the OpenSSH
...
FIPS modules
2009-04-30 12:03:29 +00:00
Tomáš Mráz
0a4fa5d1ed
- log if FIPS mode is initialized
...
- make aes-ctr cipher modes work in the FIPS mode
2009-04-20 12:18:49 +00:00
Jan F. Chadima
3a94ae1476
*** empty log message ***
2009-04-03 13:03:29 +00:00
Jan F. Chadima
061e214116
- fix logging after chroot
...
- enable non root users to use chroot %h in internal-sftp
2009-04-03 12:37:30 +00:00
Tomáš Mráz
0f07b4ad95
- add AES-CTR ciphers to the FIPS mode proposal
2009-03-13 10:32:52 +00:00
Jan F. Chadima
a3ba41c854
Bounce openssh to version 5.2p1
2009-03-10 11:54:44 +00:00
Jesse Keating
c5f25a5f48
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
2009-02-26 08:48:36 +00:00
Tomáš Mráz
d93958db19
- drop obsolete triggers
...
- add testing FIPS mode support
- LSBize the initscript (#247014 )
2009-02-12 18:19:52 +00:00
Tomáš Mráz
ff6d597308
- enable use of ssl engines ( #481100 )
2009-01-30 15:44:41 +00:00
Tomáš Mráz
6a5e296ba7
- remove obsolete --with-rsh ( #478298 )
...
- add pam_sepermit to allow blocking confined users in permissive mode
(#471746 )
- move system-auth after pam_selinux in the session stack
2009-01-15 10:52:07 +00:00
Tomáš Mráz
9e5c6ecd02
- set FD_CLOEXEC on channel sockets ( #475866 )
...
- adjust summary
- adjust nss-keys patch so it is applicable without selinux patches
(#470859 )
2008-12-11 21:48:41 +00:00
Tomáš Mráz
b9a07ad737
- fix compatibility with some servers ( #466818 )
2008-10-17 08:34:36 +00:00
Tomáš Mráz
578f0d08a9
- fixed zero length banner problem ( #457326 )
2008-07-31 09:22:18 +00:00
Tomáš Mráz
ec5276165c
- rediff for no fuzz
2008-07-23 17:33:16 +00:00
Tomáš Mráz
09510adc7c
- rediff for zero fuzz tolerance
2008-07-23 16:30:14 +00:00
Tomáš Mráz
93a4744539
- upgrade to new upstream release
...
- fixed a problem with public key authentication and explicitely specified
SELinux role
2008-07-23 14:50:23 +00:00
Tomáš Mráz
077dad7320
- pass the connection socket to ssh-keysign ( #447680 )
2008-05-21 08:16:23 +00:00
Tomáš Mráz
1961bc12e6
- add LANGUAGE to accepted/sent environment variables ( #443231 )
...
- use pam_selinux to obtain the user context instead of doing it itself
- unbreak server keep alive settings (patch from upstream)
- small addition to scp manpage
2008-05-19 16:53:29 +00:00
Tomáš Mráz
ca47f63941
- upgrade to new upstream ( #441066 )
...
- prevent initscript from killing itself on halt with upstart (#438449 )
- initscript status should show that the daemon is running only when the
main daemon is still alive (#430882 )
2008-04-07 20:14:31 +00:00
Tomáš Mráz
2cb0e73a4e
- set FD_CLOEXEC on client socket
...
- apply real fix for window size problem (#286181 ) from upstream
- apply fix for the spurious failed bind from upstream
- apply open handle leak in sftp fix from upstream
2008-02-29 16:34:03 +00:00
Dennis Gilmore
91bdf496cd
we build sparc32 sparcv9 by default now it needed adding to the -fPIE list
2008-02-13 03:52:43 +00:00
Tomáš Mráz
993dd1a3db
- fix gssapi auth with explicit selinux role requested ( #427303 ) - patch by
...
Nalin Dahyabhai
2008-01-03 17:45:59 +00:00
Tomáš Mráz
3457e3e00f
- explicitly source krb5-devel profile script
2007-12-04 19:03:49 +00:00
Tomáš Mráz
2cc09c66ed
- explicitly source krb5-devel profile script
...
- rebuild for openssl bump
2007-12-04 18:58:25 +00:00
Jesse Keating
9eac427785
- Rebuild for openssl bump
2007-12-04 18:47:33 +00:00
Tomáš Mráz
320a1c8f0e
- localtime in chroot no longer needed
2007-11-20 18:38:37 +00:00
Tomáš Mráz
0a9a4072ef
- must require ncurses-devel for libedit
2007-11-20 18:26:30 +00:00
Tomáš Mráz
b1ffa00b4c
- version bump
2007-11-20 15:04:37 +00:00
Tomáš Mráz
8b8c4dc83c
- do not copy /etc/localtime into the chroot as it is not necessary anymore
...
(#193184 )
- call setkeycreatecon when selinux context is established
- test for NULL privk when freeing key (#391871 ) - patch by Pierre Ossman
2007-11-20 14:53:45 +00:00
Tomáš Mráz
95be083504
- revert default window size adjustments ( #286181 )
2007-09-17 21:33:02 +00:00
Tomáš Mráz
c9833c96a4
- upgrade to latest upstream
...
- use libedit in sftp (#203009 )
- fixed audit log injection problem (CVE-2007-3102)
2007-09-06 19:49:16 +00:00
Tomáš Mráz
f370730d3b
- fix sftp client problems on write error ( #247802 )
...
- allow disabling autocreation of server keys (#235466 )
2007-08-09 18:33:41 +00:00
Tomáš Mráz
fc2f31df03
- oops committed testing only change
2007-06-20 19:33:53 +00:00
Tomáš Mráz
0092bbd526
- add buildrequires nss-devel to build with the nss-keys patch
2007-06-20 19:11:49 +00:00
Tomáš Mráz
c3274ccb32
- experimental NSS keys support
...
- correctly setup context when empty level requested (#234951 )
2007-06-20 17:47:18 +00:00
Tomáš Mráz
7210c0162a
- mls level check must be done with default role same as requested
2007-03-20 09:13:40 +00:00
Tomáš Mráz
b40baab181
- make profile.d/gnome-ssh-askpass.* regular files ( #226218 )
2007-03-19 11:57:36 +00:00
Tomáš Mráz
546fdd9f47
- reject connection if requested mls range is not obtained ( #229278 )
2007-03-01 08:28:22 +00:00
Tomáš Mráz
9d725bd1ab
- improve Buildroot
...
- remove duplicate /etc/ssh from files
2007-02-22 13:00:51 +00:00
Tomáš Mráz
c2b35d09c0
- support mls on labeled networks ( #220487 )
...
- support mls level selection on unlabeled networks
- allow / in usernames in scp (only beginning /, ./, and ../ is special)
2007-01-16 20:58:00 +00:00
Tomáš Mráz
45f17da853
- buildrequire tcp_wrappers-devel
2006-12-21 13:59:55 +00:00
Tomáš Mráz
ad07b998ed
- update to 4.5p1 ( #212606 )
2006-12-21 13:42:47 +00:00
Tomáš Mráz
914284ff3f
- fix gssapi with DNS loadbalanced clusters ( #216857 )
2006-11-30 10:50:12 +00:00
Tomáš Mráz
d63dc67db7
- improved pam_session patch so it doesn't regress, the patch is necessary
...
for the pam_session_close to be called correctly as uid 0
2006-11-28 21:14:50 +00:00
Tomáš Mráz
ad61b116d1
- CVE-2006-5794 - properly detect failed key verify in monitor ( #214641 )
2006-11-10 10:00:04 +00:00
Tomáš Mráz
19675afc7c
- merge sshd initscript patches
...
- kill all ssh sessions when stop is called in halt or reboot runlevel
- remove -TERM option from killproc so we don't race on sshd restart
2006-11-02 13:33:37 +00:00
Tomáš Mráz
7114c4238b
- improve gssapi-no-spnego patch ( #208102 )
...
- CVE-2006-4924 - prevent DoS on deattack detector (#207957 )
- CVE-2006-5051 - don't call cleanups from signal handler (#208459 )
2006-10-02 17:35:50 +00:00
Tomáš Mráz
ac4818c499
- don't report duplicate syslog messages, use correct local time ( #189158 )
...
- don't allow spnego as gssapi mechanism (from upstream)
- fixed memleaks found by Coverity (from upstream)
- allow ip options except source routing (#202856 ) (patch by HP)
2006-08-23 21:06:38 +00:00
Tomáš Mráz
c12d6ba86c
- drop the pam-session patch from the previous build ( #201341 )
...
- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594 )
2006-08-08 11:58:33 +00:00
Tomáš Mráz
762e407bd5
- dropped old ssh obsoletes
...
- call the pam_session_open/close from the monitor when privsep is enabled
so it is always called as root (patch by Darren Tucker)
2006-07-20 11:06:42 +00:00